[ 54.244942][ T6730] do_mkdirat+0x21e/0x280 [ 54.249566][ T6730] ? __ia32_sys_mknod+0xb0/0xb0 [ 54.254958][ T6730] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 54.261577][ T6730] ? do_syscall_64+0x21/0x7d0 [ 54.266349][ T6730] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 54.273045][ T6730] do_syscall_64+0xf6/0x7d0 [ 54.277901][ T6730] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 54.283908][ T6730] RIP: 0033:0x7f2b93cc6687 [ 54.288350][ T6730] Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48 [ 54.308237][ T6730] RSP: 002b:00007ffd5dda5b58 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 54.317021][ T6730] RAX: ffffffffffffffda RBX: 000055da16c54985 RCX: 00007f2b93cc6687 [ 54.325232][ T6730] RDX: 00007ffd5dda5a20 RSI: 00000000000001ed RDI: 000055da16c54985 [ 54.333609][ T6730] RBP: 00007f2b93cc6680 R08: 0000000000000100 R09: 0000000000000000 [ 54.341677][ T6730] R10: 000055da16c54980 R11: 0000000000000246 R12: 00000000000001ed [ 54.350050][ T6730] R13: 00007ffd5dda5ce0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 58.182172][ T26] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:2/26 [ 58.191245][ T26] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 58.197260][ T26] CPU: 0 PID: 26 Comm: kworker/u4:2 Not tainted 5.7.0-syzkaller #0 [ 58.205280][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.215542][ T26] Workqueue: writeback wb_workfn (flush-8:0) [ 58.221608][ T26] Call Trace: [ 58.224913][ T26] dump_stack+0x188/0x20d [ 58.229250][ T26] debug_smp_processor_id.cold+0x88/0x9b [ 58.234875][ T26] ext4_mb_new_blocks+0xa77/0x3b30 [ 58.239964][ T26] ? __kmalloc+0x62f/0x7a0 [ 58.244368][ T26] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.249819][ T26] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.257011][ T26] ext4_ext_map_blocks+0x2044/0x3410 [ 58.262292][ T26] ? ext4_ext_release+0x10/0x10 [ 58.267154][ T26] ? __down_timeout+0x2d0/0x2d0 [ 58.271990][ T26] ? ext4_es_lookup_extent+0x41d/0xd30 [ 58.277587][ T26] ? debug_smp_processor_id+0x2f/0x185 [ 58.283197][ T26] ext4_map_blocks+0x4cb/0x1640 [ 58.288078][ T26] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.294999][ T26] ? debug_smp_processor_id+0x2f/0x185 [ 58.300463][ T26] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.306011][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.311968][ T26] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 58.317511][ T26] ext4_writepages+0x1ab7/0x3400 [ 58.322460][ T26] ? __ext4_mark_inode_dirty+0x950/0x950 [ 58.328095][ T26] ? __lock_acquire+0x2224/0x48a0 [ 58.333219][ T26] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.339177][ T26] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.345149][ T26] ? __ext4_mark_inode_dirty+0x950/0x950 [ 58.350761][ T26] ? do_writepages+0xfa/0x2a0 [ 58.355435][ T26] do_writepages+0xfa/0x2a0 [ 58.359919][ T26] ? page_writeback_cpu_online+0x10/0x10 [ 58.365532][ T26] ? debug_smp_processor_id+0x2f/0x185 [ 58.370986][ T26] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.376539][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.382496][ T26] ? lock_downgrade+0x840/0x840 [ 58.387344][ T26] __writeback_single_inode+0x12a/0x1410 [ 58.392957][ T26] ? _raw_spin_unlock+0x24/0x40 [ 58.397808][ T26] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 58.403789][ T26] writeback_sb_inodes+0x515/0xdd0 [ 58.408904][ T26] ? __writeback_single_inode+0x1410/0x1410 [ 58.414878][ T26] __writeback_inodes_wb+0xc3/0x250 [ 58.420070][ T26] wb_writeback+0x910/0xd90 [ 58.424563][ T26] ? print_usage_bug+0x240/0x240 [ 58.429488][ T26] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 58.435794][ T26] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 58.441757][ T26] ? cpumask_next+0x3c/0x40 [ 58.446236][ T26] ? get_nr_dirty_inodes+0xd6/0x130 [ 58.451436][ T26] wb_workfn+0xadf/0x10d0 [ 58.455758][ T26] ? inode_wait_for_writeback+0x30/0x30 [ 58.461321][ T26] ? debug_smp_processor_id+0x2f/0x185 [ 58.466805][ T26] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.472336][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.478331][ T26] process_one_work+0x965/0x16a0 [ 58.483272][ T26] ? lock_release+0x800/0x800 [ 58.487930][ T26] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.493300][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 58.498233][ T26] worker_thread+0x96/0xe10 [ 58.502736][ T26] ? process_one_work+0x16a0/0x16a0 [ 58.507941][ T26] kthread+0x388/0x470 [ 58.512007][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.517961][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.523693][ T26] ret_from_fork+0x24/0x30 Warning: Permanently added '10.128.0.137' (ECDSA) to the list of known hosts. 2020/06/10 16:06:28 fuzzer started 2020/06/10 16:06:28 connecting to host at 10.128.0.26:42687 2020/06/10 16:06:28 checking machine... 2020/06/10 16:06:28 checking revisions... 2020/06/10 16:06:28 testing simple program... [ 60.151201][ T6803] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6803 [ 60.160402][ T6803] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 60.166385][ T6803] CPU: 0 PID: 6803 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 60.174297][ T6803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.184336][ T6803] Call Trace: [ 60.187630][ T6803] dump_stack+0x188/0x20d [ 60.191947][ T6803] debug_smp_processor_id.cold+0x88/0x9b [ 60.197583][ T6803] ext4_mb_new_blocks+0xa77/0x3b30 [ 60.202696][ T6803] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.208147][ T6803] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.213872][ T6803] ext4_ext_map_blocks+0x2044/0x3410 [ 60.219217][ T6803] ? ext4_ext_release+0x10/0x10 [ 60.224079][ T6803] ? __down_timeout+0x2d0/0x2d0 [ 60.228969][ T6803] ? ext4_es_lookup_extent+0x41d/0xd30 [ 60.234432][ T6803] ext4_map_blocks+0x4cb/0x1640 [ 60.239287][ T6803] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.244487][ T6803] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.250012][ T6803] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.256937][ T6803] ? prandom_u32_state+0xe/0x170 [ 60.261871][ T6803] ? __brelse+0x84/0xa0 [ 60.266008][ T6803] ? __ext4_new_inode+0x144/0x57c0 [ 60.271116][ T6803] ext4_getblk+0xad/0x520 [ 60.275428][ T6803] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.281226][ T6803] ? ext4_free_inode+0x17e0/0x17e0 [ 60.286340][ T6803] ext4_bread+0x7c/0x380 [ 60.290638][ T6803] ? ext4_getblk+0x520/0x520 [ 60.295248][ T6803] ? dqget+0xff0/0xff0 [ 60.299322][ T6803] ext4_append+0x153/0x360 [ 60.303826][ T6803] ext4_mkdir+0x5e0/0xdf0 [ 60.308141][ T6803] ? ext4_rmdir+0xde0/0xde0 [ 60.312628][ T6803] ? security_inode_permission+0xc4/0xf0 [ 60.318447][ T6803] vfs_mkdir+0x419/0x690 [ 60.322735][ T6803] do_mkdirat+0x21e/0x280 [ 60.327051][ T6803] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.331886][ T6803] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.337850][ T6803] ? do_syscall_64+0x21/0x7d0 [ 60.342519][ T6803] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.348481][ T6803] do_syscall_64+0xf6/0x7d0 [ 60.352992][ T6803] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.358862][ T6803] RIP: 0033:0x4b02a0 [ 60.362736][ T6803] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 60.382521][ T6803] RSP: 002b:000000c0000e74b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 60.391029][ T6803] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 60.398990][ T6803] RDX: 00000000000001c0 RSI: 000000c0002b66e0 RDI: ffffffffffffff9c [ 60.406941][ T6803] RBP: 000000c0000e7510 R08: 0000000000000000 R09: 0000000000000000 [ 60.414927][ T6803] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 60.422902][ T6803] R13: 0000000000000038 R14: 0000000000000037 R15: 0000000000000100 [ 60.446760][ T6816] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6816 [ 60.456983][ T6816] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 60.463033][ T6816] CPU: 1 PID: 6816 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.471426][ T6816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.481495][ T6816] Call Trace: [ 60.484798][ T6816] dump_stack+0x188/0x20d [ 60.489111][ T6816] debug_smp_processor_id.cold+0x88/0x9b [ 60.494775][ T6816] ext4_mb_new_blocks+0xa77/0x3b30 [ 60.499910][ T6816] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.505353][ T6816] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.511057][ T6816] ext4_ext_map_blocks+0x2044/0x3410 [ 60.516784][ T6816] ? ext4_ext_release+0x10/0x10 [ 60.521632][ T6816] ? __down_timeout+0x2d0/0x2d0 [ 60.526487][ T6816] ? ext4_es_lookup_extent+0x41d/0xd30 [ 60.531949][ T6816] ext4_map_blocks+0x4cb/0x1640 [ 60.536795][ T6816] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.541973][ T6816] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.547523][ T6816] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.553518][ T6816] ? prandom_u32_state+0xe/0x170 [ 60.558454][ T6816] ? __brelse+0x84/0xa0 [ 60.562589][ T6816] ? __ext4_new_inode+0x144/0x57c0 [ 60.567679][ T6816] ext4_getblk+0xad/0x520 [ 60.572013][ T6816] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.577867][ T6816] ? ext4_free_inode+0x17e0/0x17e0 [ 60.582965][ T6816] ext4_bread+0x7c/0x380 [ 60.587199][ T6816] ? ext4_getblk+0x520/0x520 [ 60.591773][ T6816] ? dqget+0xff0/0xff0 [ 60.595911][ T6816] ext4_append+0x153/0x360 [ 60.600329][ T6816] ext4_mkdir+0x5e0/0xdf0 [ 60.604657][ T6816] ? ext4_rmdir+0xde0/0xde0 [ 60.609142][ T6816] ? security_inode_permission+0xc4/0xf0 [ 60.614767][ T6816] vfs_mkdir+0x419/0x690 [ 60.619003][ T6816] do_mkdirat+0x21e/0x280 [ 60.623342][ T6816] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.628232][ T6816] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.634207][ T6816] ? do_syscall_64+0x21/0x7d0 [ 60.638861][ T6816] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.644845][ T6816] do_syscall_64+0xf6/0x7d0 [ 60.649346][ T6816] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.655215][ T6816] RIP: 0033:0x45bee7 [ 60.659087][ T6816] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.683471][ T6816] RSP: 002b:00007fff9c1be0d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 60.691859][ T6816] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 60.699825][ T6816] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007fff9c1be2b0 [ 60.707784][ T6816] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002840 [ 60.715765][ T6816] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 60.723738][ T6816] R13: 00007fff9c1be2b0 R14: 8421084210842109 R15: 00007fff9c1be2bc [ 60.806852][ T6817] IPVS: ftp: loaded support on port[0] = 21 [ 60.843131][ T6817] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6817 [ 60.852741][ T6817] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 60.858620][ T6817] CPU: 0 PID: 6817 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.866859][ T6817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.876907][ T6817] Call Trace: [ 60.880302][ T6817] dump_stack+0x188/0x20d [ 60.884652][ T6817] debug_smp_processor_id.cold+0x88/0x9b [ 60.890277][ T6817] ext4_mb_new_blocks+0xa77/0x3b30 [ 60.895397][ T6817] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.900839][ T6817] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.906569][ T6817] ext4_ext_map_blocks+0x2044/0x3410 [ 60.911969][ T6817] ? ext4_ext_release+0x10/0x10 [ 60.916836][ T6817] ? __down_timeout+0x2d0/0x2d0 [ 60.921676][ T6817] ? ext4_es_lookup_extent+0x41d/0xd30 [ 60.927750][ T6817] ext4_map_blocks+0x4cb/0x1640 [ 60.932610][ T6817] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.937789][ T6817] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.943329][ T6817] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.949302][ T6817] ? prandom_u32_state+0xe/0x170 [ 60.954221][ T6817] ? __brelse+0x84/0xa0 [ 60.958359][ T6817] ? __ext4_new_inode+0x144/0x57c0 [ 60.963452][ T6817] ext4_getblk+0xad/0x520 [ 60.967764][ T6817] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.973574][ T6817] ? ext4_free_inode+0x17e0/0x17e0 [ 60.978670][ T6817] ext4_bread+0x7c/0x380 [ 60.982915][ T6817] ? ext4_getblk+0x520/0x520 [ 60.987514][ T6817] ? dqget+0xff0/0xff0 [ 60.991572][ T6817] ext4_append+0x153/0x360 [ 60.995990][ T6817] ext4_mkdir+0x5e0/0xdf0 [ 61.000308][ T6817] ? ext4_rmdir+0xde0/0xde0 [ 61.004897][ T6817] ? security_inode_permission+0xc4/0xf0 [ 61.010534][ T6817] vfs_mkdir+0x419/0x690 [ 61.014774][ T6817] do_mkdirat+0x21e/0x280 [ 61.019102][ T6817] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.023933][ T6817] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.031892][ T6817] ? do_syscall_64+0x21/0x7d0 [ 61.036808][ T6817] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.042775][ T6817] do_syscall_64+0xf6/0x7d0 [ 61.047261][ T6817] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 61.053145][ T6817] RIP: 0033:0x45bee7 [ 61.057025][ T6817] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.076891][ T6817] RSP: 002b:00007fff9c1bdfc8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 61.085363][ T6817] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 61.093330][ T6817] RDX: 00007fff9c1be013 RSI: 00000000000001ff RDI: 00007fff9c1be010 [ 61.101382][ T6817] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 61.109339][ T6817] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 61.117311][ T6817] R13: 00007fff9c1be000 R14: 0000000000000000 R15: 00007fff9c1be010 [ 61.186024][ T6817] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6817 [ 61.195526][ T6817] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 61.201723][ T6817] CPU: 0 PID: 6817 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 61.209963][ T6817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.220023][ T6817] Call Trace: [ 61.223323][ T6817] dump_stack+0x188/0x20d [ 61.227649][ T6817] debug_smp_processor_id.cold+0x88/0x9b [ 61.233378][ T6817] ext4_mb_new_blocks+0xa77/0x3b30 [ 61.238522][ T6817] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.244001][ T6817] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.249721][ T6817] ext4_ext_map_blocks+0x2044/0x3410 [ 61.255014][ T6817] ? ext4_ext_release+0x10/0x10 [ 61.259854][ T6817] ? __down_timeout+0x2d0/0x2d0 [ 61.264700][ T6817] ? ext4_es_lookup_extent+0x41d/0xd30 [ 61.270162][ T6817] ext4_map_blocks+0x4cb/0x1640 [ 61.275187][ T6817] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.280395][ T6817] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.285941][ T6817] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.291934][ T6817] ? prandom_u32_state+0xe/0x170 [ 61.296854][ T6817] ? __brelse+0x84/0xa0 [ 61.300992][ T6817] ? __ext4_new_inode+0x144/0x57c0 [ 61.306102][ T6817] ext4_getblk+0xad/0x520 [ 61.310433][ T6817] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.316145][ T6817] ? ext4_free_inode+0x17e0/0x17e0 [ 61.321252][ T6817] ext4_bread+0x7c/0x380 [ 61.325491][ T6817] ? ext4_getblk+0x520/0x520 [ 61.330080][ T6817] ? dqget+0xff0/0xff0 [ 61.334136][ T6817] ext4_append+0x153/0x360 [ 61.338535][ T6817] ext4_mkdir+0x5e0/0xdf0 [ 61.342848][ T6817] ? ext4_rmdir+0xde0/0xde0 [ 61.347334][ T6817] ? security_inode_permission+0xc4/0xf0 [ 61.352959][ T6817] vfs_mkdir+0x419/0x690 [ 61.357239][ T6817] do_mkdirat+0x21e/0x280 [ 61.361598][ T6817] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.366458][ T6817] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.372426][ T6817] ? do_syscall_64+0x21/0x7d0 [ 61.377158][ T6817] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.383187][ T6817] do_syscall_64+0xf6/0x7d0 [ 61.387999][ T6817] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 61.393901][ T6817] RIP: 0033:0x45bee7 [ 61.397798][ T6817] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.417400][ T6817] RSP: 002b:00007fff9c1bdfc8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 61.425793][ T6817] RAX: ffffffffffffffda RBX: 000000000000eef7 RCX: 000000000045bee7 2020/06/10 16:06:30 building call list... [ 61.433772][ T6817] RDX: 00007fff9c1be013 RSI: 00000000000001ff RDI: 00007fff9c1be010 [ 61.441814][ T6817] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 61.449768][ T6817] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 61.457720][ T6817] R13: 00007fff9c1be000 R14: 000000000000eee7 R15: 00007fff9c1be010 [ 61.730504][ T26] tipc: TX() has been purged, node left! [ 62.222652][ T26] ================================================================== [ 62.230889][ T26] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x7a7/0x880 [ 62.238777][ T26] Write of size 1 at addr ffff888091f851e4 by task kworker/u4:2/26 [ 62.246649][ T26] [ 62.248974][ T26] CPU: 1 PID: 26 Comm: kworker/u4:2 Not tainted 5.7.0-syzkaller #0 [ 62.256850][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.266918][ T26] Workqueue: netns cleanup_net [ 62.271682][ T26] Call Trace: [ 62.274976][ T26] dump_stack+0x188/0x20d [ 62.279306][ T26] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.284850][ T26] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.290394][ T26] ? afs_put_call+0xa70/0xa70 [ 62.295069][ T26] print_address_description.constprop.0.cold+0xd3/0x413 [ 62.302123][ T26] ? vprintk_func+0x97/0x1a6 [ 62.306713][ T26] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.312601][ T26] kasan_report.cold+0x1f/0x37 [ 62.317391][ T26] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.322942][ T26] afs_wake_up_async_call+0x7a7/0x880 [ 62.328309][ T26] ? do_raw_spin_lock+0x129/0x2e0 [ 62.333348][ T26] ? afs_close_socket+0x320/0x320 [ 62.338385][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 62.343331][ T26] ? rcu_read_lock_held+0x9c/0xb0 [ 62.348362][ T26] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.354426][ T26] ? afs_close_socket+0x320/0x320 [ 62.359541][ T26] ? afs_put_call+0xa70/0xa70 [ 62.364235][ T26] rxrpc_notify_socket+0x1e5/0x5e0 [ 62.369460][ T26] ? afs_put_call+0xa70/0xa70 [ 62.374133][ T26] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 62.380547][ T26] rxrpc_call_completed+0xca/0xf0 [ 62.385582][ T26] rxrpc_discard_prealloc+0x786/0xac0 [ 62.390953][ T26] ? lock_sock_nested+0x94/0x110 [ 62.395893][ T26] rxrpc_listen+0x147/0x360 [ 62.400401][ T26] afs_close_socket+0x95/0x320 [ 62.405162][ T26] ? afs_purge_servers+0x16d/0x300 [ 62.410290][ T26] ? afs_rx_discard_new_call+0x50/0x50 [ 62.415799][ T26] ? debug_smp_processor_id+0x2f/0x185 [ 62.421275][ T26] ? init_wait_var_entry+0x200/0x200 [ 62.426585][ T26] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.432316][ T26] afs_net_exit+0x1bc/0x310 [ 62.436822][ T26] ? afs_net_init+0xe30/0xe30 [ 62.441494][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 62.446604][ T26] cleanup_net+0x511/0xa50 [ 62.451022][ T26] ? unregister_pernet_device+0x70/0x70 [ 62.456567][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.462550][ T26] process_one_work+0x965/0x16a0 [ 62.467500][ T26] ? lock_release+0x800/0x800 [ 62.472190][ T26] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.477562][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 62.482597][ T26] worker_thread+0x96/0xe10 [ 62.487127][ T26] ? process_one_work+0x16a0/0x16a0 [ 62.492325][ T26] kthread+0x388/0x470 [ 62.496390][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.502104][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.507825][ T26] ret_from_fork+0x24/0x30 [ 62.512340][ T26] [ 62.514661][ T26] Allocated by task 6817: [ 62.519016][ T26] save_stack+0x1b/0x40 [ 62.523168][ T26] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 62.528794][ T26] kmem_cache_alloc_trace+0x153/0x7d0 [ 62.534160][ T26] afs_alloc_call+0x55/0x640 [ 62.538745][ T26] afs_charge_preallocation+0xe9/0x2d0 [ 62.544252][ T26] afs_open_socket+0x292/0x360 [ 62.549016][ T26] afs_net_init+0xa6c/0xe30 [ 62.553516][ T26] ops_init+0xaf/0x420 [ 62.557583][ T26] setup_net+0x2de/0x860 [ 62.561884][ T26] copy_net_ns+0x293/0x590 [ 62.566412][ T26] create_new_namespaces+0x3fb/0xb30 [ 62.571785][ T26] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 62.577454][ T26] ksys_unshare+0x43d/0x8e0 [ 62.581961][ T26] __x64_sys_unshare+0x2d/0x40 [ 62.586721][ T26] do_syscall_64+0xf6/0x7d0 [ 62.591313][ T26] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.597191][ T26] [ 62.599510][ T26] Freed by task 26: [ 62.603313][ T26] save_stack+0x1b/0x40 [ 62.607464][ T26] __kasan_slab_free+0xf7/0x140 [ 62.612305][ T26] kfree+0x109/0x2b0 [ 62.616201][ T26] afs_put_call+0x59b/0xa70 [ 62.620723][ T26] rxrpc_discard_prealloc+0x769/0xac0 [ 62.626088][ T26] rxrpc_listen+0x147/0x360 [ 62.630613][ T26] afs_close_socket+0x95/0x320 [ 62.635370][ T26] afs_net_exit+0x1bc/0x310 [ 62.639867][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 62.644976][ T26] cleanup_net+0x511/0xa50 [ 62.649388][ T26] process_one_work+0x965/0x16a0 [ 62.654582][ T26] worker_thread+0x96/0xe10 [ 62.659260][ T26] kthread+0x388/0x470 [ 62.663320][ T26] ret_from_fork+0x24/0x30 [ 62.667719][ T26] [ 62.670046][ T26] The buggy address belongs to the object at ffff888091f85000 [ 62.670046][ T26] which belongs to the cache kmalloc-1k of size 1024 [ 62.684193][ T26] The buggy address is located 484 bytes inside of [ 62.684193][ T26] 1024-byte region [ffff888091f85000, ffff888091f85400) [ 62.697537][ T26] The buggy address belongs to the page: [ 62.703165][ T26] page:ffffea000247e140 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 62.712262][ T26] flags: 0xfffe0000000200(slab) [ 62.717112][ T26] raw: 00fffe0000000200 ffffea000299b388 ffffea00024d92c8 ffff8880aa000c40 [ 62.725691][ T26] raw: 0000000000000000 ffff888091f85000 0000000100000002 0000000000000000 [ 62.734280][ T26] page dumped because: kasan: bad access detected [ 62.740686][ T26] [ 62.743010][ T26] Memory state around the buggy address: [ 62.748818][ T26] ffff888091f85080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.756882][ T26] ffff888091f85100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.765041][ T26] >ffff888091f85180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.773104][ T26] ^ [ 62.780296][ T26] ffff888091f85200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.788352][ T26] ffff888091f85280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.796427][ T26] ================================================================== [ 62.804477][ T26] Disabling lock debugging due to kernel taint [ 62.810706][ T26] Kernel panic - not syncing: panic_on_warn set ... [ 62.817300][ T26] CPU: 1 PID: 26 Comm: kworker/u4:2 Tainted: G B 5.7.0-syzkaller #0 [ 62.826578][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.836694][ T26] Workqueue: netns cleanup_net [ 62.841483][ T26] Call Trace: [ 62.844778][ T26] dump_stack+0x188/0x20d [ 62.849125][ T26] ? afs_wake_up_async_call+0x6b0/0x880 [ 62.854684][ T26] ? afs_put_call+0xa70/0xa70 [ 62.859383][ T26] panic+0x2e3/0x75c [ 62.863365][ T26] ? add_taint.cold+0x16/0x16 [ 62.868041][ T26] ? retint_kernel+0x2b/0x2b [ 62.872904][ T26] ? trace_hardirqs_on+0x55/0x230 [ 62.877939][ T26] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.883506][ T26] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.889052][ T26] ? afs_put_call+0xa70/0xa70 [ 62.893735][ T26] end_report+0x4d/0x53 [ 62.897894][ T26] kasan_report.cold+0xd/0x37 [ 62.902582][ T26] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.908138][ T26] afs_wake_up_async_call+0x7a7/0x880 [ 62.913518][ T26] ? do_raw_spin_lock+0x129/0x2e0 [ 62.918555][ T26] ? afs_close_socket+0x320/0x320 executing program [ 62.923579][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 62.928493][ T26] ? rcu_read_lock_held+0x9c/0xb0 [ 62.933516][ T26] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.939139][ T26] ? afs_close_socket+0x320/0x320 [ 62.944140][ T26] ? afs_put_call+0xa70/0xa70 [ 62.948791][ T26] rxrpc_notify_socket+0x1e5/0x5e0 [ 62.953880][ T26] ? afs_put_call+0xa70/0xa70 [ 62.958539][ T26] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 62.964983][ T26] rxrpc_call_completed+0xca/0xf0 [ 62.970009][ T26] rxrpc_discard_prealloc+0x786/0xac0 [ 62.975364][ T26] ? lock_sock_nested+0x94/0x110 [ 62.980288][ T26] rxrpc_listen+0x147/0x360 [ 62.984792][ T26] afs_close_socket+0x95/0x320 [ 62.989552][ T26] ? afs_purge_servers+0x16d/0x300 [ 62.994647][ T26] ? afs_rx_discard_new_call+0x50/0x50 [ 63.000085][ T26] ? debug_smp_processor_id+0x2f/0x185 [ 63.005539][ T26] ? init_wait_var_entry+0x200/0x200 [ 63.010820][ T26] ? rcu_read_lock_held_common+0xa0/0xa0 [ 63.016551][ T26] afs_net_exit+0x1bc/0x310 [ 63.021042][ T26] ? afs_net_init+0xe30/0xe30 [ 63.025697][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 63.031065][ T26] cleanup_net+0x511/0xa50 [ 63.035541][ T26] ? unregister_pernet_device+0x70/0x70 [ 63.041067][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.047027][ T26] process_one_work+0x965/0x16a0 [ 63.051957][ T26] ? lock_release+0x800/0x800 [ 63.056654][ T26] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.062015][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 63.066940][ T26] worker_thread+0x96/0xe10 [ 63.071443][ T26] ? process_one_work+0x16a0/0x16a0 [ 63.076632][ T26] kthread+0x388/0x470 [ 63.080695][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.086472][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.092167][ T26] ret_from_fork+0x24/0x30 [ 63.097923][ T26] Kernel Offset: disabled [ 63.102348][ T26] Rebooting in 86400 seconds..