Starting Load/Save RF Kill Switch Status... [ 53.879270][ T6735] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6735 [ 53.888838][ T6735] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 53.895168][ T6735] CPU: 1 PID: 6735 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 53.903402][ T6735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.913448][ T6735] Call Trace: [ 53.916731][ T6735] dump_stack+0x18f/0x20d [ 53.921045][ T6735] check_preemption_disabled+0x20d/0x220 [ 53.926658][ T6735] ext4_mb_new_blocks+0xa4d/0x3b70 [ 53.932136][ T6735] ? ext4_ext_search_right+0x2ca/0xb20 [ 53.937585][ T6735] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 53.943299][ T6735] ext4_ext_map_blocks+0x201b/0x33e0 [ 53.948587][ T6735] ? ext4_ext_release+0x10/0x10 [ 53.953430][ T6735] ? down_write_killable+0x170/0x170 [ 53.958726][ T6735] ? ext4_es_lookup_extent+0x41d/0xd10 [ 53.964546][ T6735] ext4_map_blocks+0x4cb/0x1640 [ 53.964565][ T6735] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 53.964577][ T6735] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 53.964589][ T6735] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 53.964600][ T6735] ? prandom_u32_state+0xe/0x170 [ 53.964614][ T6735] ? __brelse+0x84/0xa0 [ 53.964627][ T6735] ? __ext4_new_inode+0x144/0x55e0 [ 53.964647][ T6735] ext4_getblk+0xad/0x520 [ 53.964664][ T6735] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 53.964744][ T6735] ? ext4_free_inode+0x1700/0x1700 [ 53.964763][ T6735] ext4_bread+0x7c/0x380 [ 53.964777][ T6735] ? ext4_getblk+0x520/0x520 [ 53.964826][ T6735] ? dquot_get_next_dqblk+0x180/0x180 [ 53.964851][ T6735] ext4_append+0x153/0x360 [ 53.964872][ T6735] ext4_mkdir+0x5e0/0xdf0 [ 53.964896][ T6735] ? ext4_rmdir+0xde0/0xde0 [ 53.964915][ T6735] ? security_inode_permission+0xc4/0xf0 [ 53.964937][ T6735] vfs_mkdir+0x419/0x690 [ 53.964955][ T6735] do_mkdirat+0x21e/0x280 [ 53.964973][ T6735] ? __ia32_sys_mknod+0xb0/0xb0 [ 53.964990][ T6735] ? do_syscall_64+0x1c/0xe0 [ 53.965005][ T6735] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 53.965023][ T6735] do_syscall_64+0x60/0xe0 [ 53.965040][ T6735] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 53.965052][ T6735] RIP: 0033:0x7f9babd42687 [ 53.965058][ T6735] Code: Bad RIP value. [ 53.965065][ T6735] RSP: 002b:00007ffcca048b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 53.965079][ T6735] RAX: ffffffffffffffda RBX: 000055c801661985 RCX: 00007f9babd42687 [ 53.965088][ T6735] RDX: 00007ffcca048a00 RSI: 00000000000001ed RDI: 000055c801661985 [ 53.965095][ T6735] RBP: 00007f9babd42680 R08: 0000000000000100 R09: 0000000000000000 [ 53.965103][ T6735] R10: 000055c801661980 R11: 0000000000000246 R12: 00000000000001ed [ 53.965111][ T6735] R13: 00007ffcca048cc0 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 58.180042][ T150] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:4/150 [ 58.189307][ T150] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.195351][ T150] CPU: 0 PID: 150 Comm: kworker/u4:4 Not tainted 5.7.0-syzkaller #0 [ 58.203335][ T150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.213489][ T150] Workqueue: writeback wb_workfn (flush-8:0) [ 58.219473][ T150] Call Trace: [ 58.222753][ T150] dump_stack+0x18f/0x20d [ 58.227500][ T150] check_preemption_disabled+0x20d/0x220 [ 58.233130][ T150] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.238248][ T150] ? ext4_find_extent+0x81a/0xad0 [ 58.243263][ T150] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.248709][ T150] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.254420][ T150] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.259698][ T150] ? ext4_ext_release+0x10/0x10 [ 58.264535][ T150] ? down_write_killable+0x170/0x170 [ 58.269794][ T150] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.275230][ T150] ext4_map_blocks+0x4cb/0x1640 [ 58.280061][ T150] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.285325][ T150] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.290850][ T150] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.296803][ T150] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 58.302253][ T150] ext4_writepages+0x1a7b/0x33c0 [ 58.307543][ T150] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.313179][ T150] ? __lock_acquire+0x2224/0x48b0 [ 58.318200][ T150] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.324171][ T150] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.330317][ T150] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.335923][ T150] ? do_writepages+0xfa/0x2a0 [ 58.340584][ T150] do_writepages+0xfa/0x2a0 [ 58.345067][ T150] ? page_writeback_cpu_online+0x10/0x10 [ 58.350681][ T150] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.356204][ T150] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.362172][ T150] ? lock_downgrade+0x840/0x840 [ 58.367089][ T150] __writeback_single_inode+0x12a/0x13d0 [ 58.372707][ T150] ? _raw_spin_unlock+0x24/0x40 [ 58.377543][ T150] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 58.383502][ T150] writeback_sb_inodes+0x515/0xdc0 [ 58.388607][ T150] ? __writeback_single_inode+0x13d0/0x13d0 [ 58.394487][ T150] __writeback_inodes_wb+0xc3/0x250 [ 58.399672][ T150] wb_writeback+0x8db/0xd50 [ 58.404164][ T150] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 58.410469][ T150] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 58.416360][ T150] ? cpumask_next+0x3c/0x40 [ 58.420933][ T150] ? get_nr_dirty_inodes+0xd6/0x130 [ 58.426115][ T150] wb_workfn+0xab3/0x1090 [ 58.430439][ T150] ? inode_wait_for_writeback+0x30/0x30 [ 58.435981][ T150] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.441504][ T150] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.447465][ T150] process_one_work+0x965/0x1690 [ 58.452391][ T150] ? lock_release+0x800/0x800 [ 58.457043][ T150] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.462402][ T150] ? rwlock_bug.part.0+0x90/0x90 [ 58.467320][ T150] worker_thread+0x96/0xe10 [ 58.471807][ T150] ? process_one_work+0x1690/0x1690 [ 58.476980][ T150] kthread+0x3b5/0x4a0 [ 58.481025][ T150] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.486717][ T150] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.492412][ T150] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.15.209' (ECDSA) to the list of known hosts. 2020/06/15 09:01:44 fuzzer started 2020/06/15 09:01:45 connecting to host at 10.128.0.26:42285 2020/06/15 09:01:45 checking machine... 2020/06/15 09:01:45 checking revisions... 2020/06/15 09:01:45 testing simple program... [ 59.442253][ T6809] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6809 [ 59.451363][ T6809] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.457244][ T6809] CPU: 0 PID: 6809 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 59.465135][ T6809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.475320][ T6809] Call Trace: [ 59.478604][ T6809] dump_stack+0x18f/0x20d [ 59.482979][ T6809] check_preemption_disabled+0x20d/0x220 [ 59.488604][ T6809] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.493708][ T6809] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.499151][ T6809] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.504851][ T6809] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.510183][ T6809] ? ext4_ext_release+0x10/0x10 [ 59.515035][ T6809] ? down_write_killable+0x170/0x170 [ 59.520296][ T6809] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.525754][ T6809] ext4_map_blocks+0x4cb/0x1640 [ 59.530587][ T6809] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.535764][ T6809] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.541289][ T6809] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.547424][ T6809] ? prandom_u32_state+0xe/0x170 [ 59.552348][ T6809] ? __brelse+0x84/0xa0 [ 59.556493][ T6809] ? __ext4_new_inode+0x144/0x55e0 [ 59.561855][ T6809] ext4_getblk+0xad/0x520 [ 59.566172][ T6809] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.571872][ T6809] ? ext4_free_inode+0x1700/0x1700 [ 59.576960][ T6809] ext4_bread+0x7c/0x380 [ 59.581219][ T6809] ? ext4_getblk+0x520/0x520 [ 59.585784][ T6809] ? dquot_get_next_dqblk+0x180/0x180 [ 59.591136][ T6809] ext4_append+0x153/0x360 [ 59.595545][ T6809] ext4_mkdir+0x5e0/0xdf0 [ 59.599854][ T6809] ? ext4_rmdir+0xde0/0xde0 [ 59.604333][ T6809] ? security_inode_permission+0xc4/0xf0 [ 59.609954][ T6809] vfs_mkdir+0x419/0x690 [ 59.614181][ T6809] do_mkdirat+0x21e/0x280 [ 59.618487][ T6809] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.623322][ T6809] ? do_syscall_64+0x1c/0xe0 [ 59.627888][ T6809] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.633849][ T6809] do_syscall_64+0x60/0xe0 [ 59.638263][ T6809] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.644142][ T6809] RIP: 0033:0x4b02a0 [ 59.648005][ T6809] Code: Bad RIP value. [ 59.652046][ T6809] RSP: 002b:000000c0000db4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 59.660430][ T6809] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 59.668387][ T6809] RDX: 00000000000001c0 RSI: 000000c0000268e0 RDI: ffffffffffffff9c [ 59.676342][ T6809] RBP: 000000c0000db510 R08: 0000000000000000 R09: 0000000000000000 [ 59.684289][ T6809] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 59.692247][ T6809] R13: 0000000000000048 R14: 0000000000000047 R15: 0000000000000100 [ 59.710341][ T6823] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6823 [ 59.719771][ T6823] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.725644][ T6823] CPU: 0 PID: 6823 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 59.733853][ T6823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.743894][ T6823] Call Trace: [ 59.747163][ T6823] dump_stack+0x18f/0x20d [ 59.751474][ T6823] check_preemption_disabled+0x20d/0x220 [ 59.757082][ T6823] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.762178][ T6823] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.767613][ T6823] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.773315][ T6823] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.778607][ T6823] ? ext4_ext_release+0x10/0x10 [ 59.783462][ T6823] ? down_write_killable+0x170/0x170 [ 59.788738][ T6823] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.794209][ T6823] ext4_map_blocks+0x4cb/0x1640 [ 59.799062][ T6823] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.804254][ T6823] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.809793][ T6823] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.815796][ T6823] ? prandom_u32_state+0xe/0x170 [ 59.820782][ T6823] ? __brelse+0x84/0xa0 [ 59.825031][ T6823] ? __ext4_new_inode+0x144/0x55e0 [ 59.830125][ T6823] ext4_getblk+0xad/0x520 [ 59.834453][ T6823] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.840155][ T6823] ? ext4_free_inode+0x1700/0x1700 [ 59.845251][ T6823] ext4_bread+0x7c/0x380 [ 59.849474][ T6823] ? ext4_getblk+0x520/0x520 [ 59.854047][ T6823] ? dquot_get_next_dqblk+0x180/0x180 [ 59.859400][ T6823] ext4_append+0x153/0x360 [ 59.863886][ T6823] ext4_mkdir+0x5e0/0xdf0 [ 59.868208][ T6823] ? ext4_rmdir+0xde0/0xde0 [ 59.872692][ T6823] ? security_inode_permission+0xc4/0xf0 [ 59.878304][ T6823] vfs_mkdir+0x419/0x690 [ 59.882545][ T6823] do_mkdirat+0x21e/0x280 [ 59.886852][ T6823] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.891682][ T6823] ? do_syscall_64+0x1c/0xe0 [ 59.896258][ T6823] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.902216][ T6823] do_syscall_64+0x60/0xe0 [ 59.906788][ T6823] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.912690][ T6823] RIP: 0033:0x45bed7 [ 59.916589][ T6823] Code: Bad RIP value. [ 59.920629][ T6823] RSP: 002b:00007ffee69e0b98 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.929034][ T6823] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 59.937243][ T6823] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffee69e0d70 [ 59.945201][ T6823] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003380 [ 59.953165][ T6823] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 59.961129][ T6823] R13: 00007ffee69e0d70 R14: 8421084210842109 R15: 00007ffee69e0d7c [ 60.048459][ T6824] IPVS: ftp: loaded support on port[0] = 21 [ 60.087730][ T6824] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6824 [ 60.097333][ T6824] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.103499][ T6824] CPU: 1 PID: 6824 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.111732][ T6824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.121902][ T6824] Call Trace: [ 60.125221][ T6824] dump_stack+0x18f/0x20d [ 60.129548][ T6824] check_preemption_disabled+0x20d/0x220 [ 60.135181][ T6824] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.140296][ T6824] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.146494][ T6824] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.152415][ T6824] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.157693][ T6824] ? ext4_ext_release+0x10/0x10 [ 60.162547][ T6824] ? down_write_killable+0x170/0x170 [ 60.167899][ T6824] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.173340][ T6824] ext4_map_blocks+0x4cb/0x1640 [ 60.178268][ T6824] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.183445][ T6824] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.189015][ T6824] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.194987][ T6824] ? prandom_u32_state+0xe/0x170 [ 60.200696][ T6824] ? __brelse+0x84/0xa0 [ 60.204853][ T6824] ? __ext4_new_inode+0x144/0x55e0 [ 60.210390][ T6824] ext4_getblk+0xad/0x520 [ 60.214751][ T6824] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.220457][ T6824] ? ext4_free_inode+0x1700/0x1700 [ 60.225723][ T6824] ext4_bread+0x7c/0x380 [ 60.229960][ T6824] ? ext4_getblk+0x520/0x520 [ 60.234636][ T6824] ? dquot_get_next_dqblk+0x180/0x180 [ 60.240005][ T6824] ext4_append+0x153/0x360 [ 60.244412][ T6824] ext4_mkdir+0x5e0/0xdf0 [ 60.248818][ T6824] ? ext4_rmdir+0xde0/0xde0 [ 60.253309][ T6824] ? security_inode_permission+0xc4/0xf0 [ 60.258919][ T6824] vfs_mkdir+0x419/0x690 [ 60.263140][ T6824] do_mkdirat+0x21e/0x280 [ 60.267470][ T6824] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.272301][ T6824] ? do_syscall_64+0x1c/0xe0 [ 60.276867][ T6824] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.282842][ T6824] do_syscall_64+0x60/0xe0 [ 60.287250][ T6824] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.293201][ T6824] RIP: 0033:0x45bed7 [ 60.297066][ T6824] Code: Bad RIP value. [ 60.301134][ T6824] RSP: 002b:00007ffee69e0a88 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 60.309531][ T6824] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 60.317491][ T6824] RDX: 00007ffee69e0ad3 RSI: 00000000000001ff RDI: 00007ffee69e0ad0 [ 60.325452][ T6824] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 60.333425][ T6824] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 60.341379][ T6824] R13: 00007ffee69e0ac0 R14: 0000000000000000 R15: 00007ffee69e0ad0 [ 60.391666][ T6824] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6824 [ 60.401276][ T6824] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.407179][ T6824] CPU: 0 PID: 6824 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.415414][ T6824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.425468][ T6824] Call Trace: [ 60.428760][ T6824] dump_stack+0x18f/0x20d [ 60.433107][ T6824] check_preemption_disabled+0x20d/0x220 [ 60.438747][ T6824] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.443875][ T6824] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.449340][ T6824] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.455219][ T6824] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.460489][ T6824] ? ext4_ext_release+0x10/0x10 [ 60.465338][ T6824] ? down_write_killable+0x170/0x170 [ 60.470603][ T6824] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.476042][ T6824] ext4_map_blocks+0x4cb/0x1640 [ 60.480980][ T6824] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.486175][ T6824] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.491837][ T6824] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.497806][ T6824] ? prandom_u32_state+0xe/0x170 [ 60.502739][ T6824] ? __brelse+0x84/0xa0 [ 60.506877][ T6824] ? __ext4_new_inode+0x144/0x55e0 [ 60.511976][ T6824] ext4_getblk+0xad/0x520 [ 60.516285][ T6824] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.521985][ T6824] ? ext4_free_inode+0x1700/0x1700 [ 60.527092][ T6824] ext4_bread+0x7c/0x380 [ 60.531322][ T6824] ? ext4_getblk+0x520/0x520 [ 60.535894][ T6824] ? dquot_get_next_dqblk+0x180/0x180 [ 60.541248][ T6824] ext4_append+0x153/0x360 [ 60.545649][ T6824] ext4_mkdir+0x5e0/0xdf0 [ 60.549964][ T6824] ? ext4_rmdir+0xde0/0xde0 [ 60.554465][ T6824] ? security_inode_permission+0xc4/0xf0 [ 60.560082][ T6824] vfs_mkdir+0x419/0x690 [ 60.564304][ T6824] do_mkdirat+0x21e/0x280 [ 60.568618][ T6824] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.573459][ T6824] ? do_syscall_64+0x1c/0xe0 [ 60.578034][ T6824] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.584229][ T6824] do_syscall_64+0x60/0xe0 [ 60.588634][ T6824] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.594512][ T6824] RIP: 0033:0x45bed7 [ 60.598380][ T6824] Code: Bad RIP value. [ 60.602423][ T6824] RSP: 002b:00007ffee69e0a88 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 60.610835][ T6824] RAX: ffffffffffffffda RBX: 000000000000ebde RCX: 000000000045bed7 [ 60.618782][ T6824] RDX: 00007ffee69e0ad3 RSI: 00000000000001ff RDI: 00007ffee69e0ad0 [ 60.626732][ T6824] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 60.634696][ T6824] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 2020/06/15 09:01:46 building call list... [ 60.642645][ T6824] R13: 00007ffee69e0ac0 R14: 000000000000ebcd R15: 00007ffee69e0ad0 [ 60.919203][ T21] tipc: TX() has been purged, node left! [ 61.461383][ T21] ================================================================== [ 61.469606][ T21] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 61.477490][ T21] Write of size 1 at addr ffff88809efa59e4 by task kworker/u4:1/21 [ 61.485364][ T21] [ 61.487691][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.7.0-syzkaller #0 [ 61.495566][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.505620][ T21] Workqueue: netns cleanup_net [ 61.510373][ T21] Call Trace: [ 61.513670][ T21] dump_stack+0x18f/0x20d [ 61.517999][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.523546][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.529082][ T21] ? afs_put_call+0xa40/0xa40 [ 61.533753][ T21] print_address_description.constprop.0.cold+0xd3/0x413 [ 61.540776][ T21] ? vprintk_func+0x97/0x1a6 [ 61.545364][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.550913][ T21] kasan_report.cold+0x1f/0x37 [ 61.553614][ T1155] BUG: using smp_processor_id() in preemptible [00000000] code: khugepaged/1155 [ 61.555675][ T21] ? rcu_read_lock_held+0x81/0xb0 [ 61.555697][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.564847][ T1155] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.569895][ T21] afs_wake_up_async_call+0x6aa/0x770 [ 61.569908][ T21] ? afs_close_socket+0x320/0x320 [ 61.569921][ T21] ? afs_put_call+0xa40/0xa40 [ 61.569935][ T21] rxrpc_notify_socket+0x1db/0x5d0 [ 61.569953][ T21] ? afs_put_call+0xa40/0xa40 [ 61.569968][ T21] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 61.569984][ T21] rxrpc_call_completed+0xca/0xf0 [ 61.570005][ T21] rxrpc_discard_prealloc+0x781/0xab0 [ 61.623389][ T21] ? lock_sock_nested+0x94/0x110 [ 61.628312][ T21] rxrpc_listen+0x147/0x360 [ 61.632799][ T21] afs_close_socket+0x95/0x320 [ 61.637544][ T21] ? afs_purge_servers+0x16d/0x300 [ 61.642639][ T21] ? afs_rx_discard_new_call+0x50/0x50 [ 61.648080][ T21] ? init_wait_var_entry+0x200/0x200 [ 61.653348][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.658964][ T21] ? check_preemption_disabled+0x38/0x220 [ 61.664668][ T21] afs_net_exit+0x1bc/0x310 [ 61.669156][ T21] ? afs_net_init+0xe30/0xe30 [ 61.673836][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 61.678935][ T21] cleanup_net+0x511/0xa50 [ 61.683336][ T21] ? unregister_pernet_device+0x70/0x70 [ 61.688879][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.694853][ T21] process_one_work+0x965/0x1690 [ 61.699781][ T21] ? lock_release+0x800/0x800 [ 61.704444][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 61.709801][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 61.714728][ T21] worker_thread+0x96/0xe10 [ 61.719670][ T21] ? process_one_work+0x1690/0x1690 [ 61.724865][ T21] kthread+0x3b5/0x4a0 [ 61.729870][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.735585][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.741305][ T21] ret_from_fork+0x1f/0x30 [ 61.745717][ T21] [ 61.745727][ T1155] CPU: 0 PID: 1155 Comm: khugepaged Not tainted 5.7.0-syzkaller #0 [ 61.745738][ T1155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.748050][ T21] Allocated by task 6824: [ 61.755917][ T1155] Call Trace: [ 61.765956][ T21] save_stack+0x1b/0x40 [ 61.770252][ T1155] dump_stack+0x18f/0x20d [ 61.773528][ T21] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 61.777657][ T1155] check_preemption_disabled+0x20d/0x220 [ 61.781954][ T21] kmem_cache_alloc_trace+0x153/0x7d0 [ 61.787559][ T1155] ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.793185][ T21] afs_alloc_call+0x55/0x630 [ 61.798531][ T1155] ? ext4_find_extent+0x81a/0xad0 [ 61.803610][ T21] afs_charge_preallocation+0xe9/0x2d0 [ 61.808176][ T1155] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.813167][ T21] afs_open_socket+0x292/0x360 [ 61.818607][ T1155] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.824035][ T21] afs_net_init+0xa6c/0xe30 [ 61.828777][ T1155] ext4_ext_map_blocks+0x201b/0x33e0 [ 61.834471][ T21] ops_init+0xaf/0x420 [ 61.839388][ T1155] ? ext4_ext_release+0x10/0x10 [ 61.844638][ T21] setup_net+0x2de/0x860 [ 61.848692][ T1155] ? down_write_killable+0x170/0x170 [ 61.853517][ T21] copy_net_ns+0x293/0x590 [ 61.857905][ T1155] ? ext4_es_lookup_extent+0x41d/0xd10 [ 61.863153][ T21] create_new_namespaces+0x3fb/0xb30 [ 61.863170][ T21] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 61.867560][ T1155] ext4_map_blocks+0x4cb/0x1640 [ 61.872995][ T21] ksys_unshare+0x43d/0x8e0 [ 61.878254][ T1155] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.883846][ T21] __x64_sys_unshare+0x2d/0x40 [ 61.883861][ T21] do_syscall_64+0x60/0xe0 [ 61.888698][ T1155] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.893165][ T21] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.893173][ T21] [ 61.898350][ T1155] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.903105][ T21] Freed by task 21: [ 61.907505][ T1155] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 61.913041][ T21] save_stack+0x1b/0x40 [ 61.918935][ T1155] ext4_writepages+0x1a7b/0x33c0 [ 61.921237][ T21] __kasan_slab_free+0xf7/0x140 [ 61.927188][ T1155] ? lock_release+0x7c0/0x800 [ 61.930964][ T21] kfree+0x109/0x2b0 [ 61.936404][ T1155] ? __ext4_mark_inode_dirty+0x940/0x940 [ 61.940519][ T21] afs_put_call+0x585/0xa40 [ 61.945453][ T1155] ? __ext4_mark_inode_dirty+0x940/0x940 [ 61.950270][ T21] rxrpc_discard_prealloc+0x764/0xab0 [ 61.954922][ T1155] ? do_writepages+0xfa/0x2a0 [ 61.958791][ T21] rxrpc_listen+0x147/0x360 [ 61.964405][ T1155] do_writepages+0xfa/0x2a0 [ 61.968881][ T21] afs_close_socket+0x95/0x320 [ 61.974486][ T1155] ? page_writeback_cpu_online+0x10/0x10 [ 61.979830][ T21] afs_net_exit+0x1bc/0x310 [ 61.984505][ T1155] ? do_raw_spin_lock+0x120/0x2d0 [ 61.988990][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 61.993481][ T1155] ? do_raw_spin_unlock+0x171/0x260 [ 61.998220][ T21] cleanup_net+0x511/0xa50 [ 62.003842][ T1155] ? _raw_spin_unlock+0x24/0x40 [ 62.008331][ T21] process_one_work+0x965/0x1690 [ 62.013336][ T1155] __filemap_fdatawrite_range+0x2aa/0x390 [ 62.019207][ T21] worker_thread+0x96/0xe10 [ 62.024400][ T1155] ? collapse_file+0x35a2/0x4330 [ 62.029050][ T21] kthread+0x3b5/0x4a0 [ 62.033873][ T1155] ? delete_from_page_cache_batch+0xeb0/0xeb0 [ 62.038789][ T21] ret_from_fork+0x1f/0x30 [ 62.044489][ T1155] ? _raw_spin_unlock_irq+0x1f/0x80 [ 62.048951][ T21] [ 62.053869][ T1155] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.057909][ T21] The buggy address belongs to the object at ffff88809efa5800 [ 62.057909][ T21] which belongs to the cache kmalloc-1k of size 1024 [ 62.066386][ T1155] collapse_file+0x35ac/0x4330 [ 62.070776][ T21] The buggy address is located 484 bytes inside of [ 62.070776][ T21] 1024-byte region [ffff88809efa5800, ffff88809efa5c00) [ 62.075960][ T1155] ? collapse_huge_page+0x4350/0x4350 [ 62.078241][ T21] The buggy address belongs to the page: [ 62.084209][ T1155] ? khugepaged+0x2506/0x3fc0 [ 62.098242][ T21] page:ffffea00027be940 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 62.102991][ T1155] ? xas_find+0x31a/0x880 [ 62.116315][ T21] flags: 0xfffe0000000200(slab) [ 62.121662][ T1155] ? check_preemption_disabled+0x38/0x220 [ 62.127263][ T21] raw: 00fffe0000000200 ffffea000251cc48 ffffea00024e6908 ffff8880aa000c40 [ 62.131915][ T1155] khugepaged+0x3041/0x3fc0 [ 62.140985][ T21] raw: 0000000000000000 ffff88809efa5000 0000000100000002 0000000000000000 [ 62.145308][ T1155] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 62.150124][ T21] page dumped because: kasan: bad access detected [ 62.155821][ T1155] ? lock_downgrade+0x840/0x840 [ 62.164370][ T21] [ 62.164379][ T21] Memory state around the buggy address: [ 62.168872][ T1155] ? finish_wait+0x260/0x260 [ 62.177435][ T21] ffff88809efa5880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.183072][ T1155] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 62.189451][ T21] ffff88809efa5900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.194294][ T1155] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.196591][ T21] >ffff88809efa5980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.202202][ T1155] ? __kthread_parkme+0x13f/0x1e0 [ 62.206748][ T21] ^ [ 62.206760][ T21] ffff88809efa5a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.214822][ T1155] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 62.220590][ T21] ffff88809efa5a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.228626][ T1155] kthread+0x3b5/0x4a0 [ 62.234577][ T21] ================================================================== [ 62.242619][ T1155] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.247616][ T21] Disabling lock debugging due to kernel taint [ 62.254796][ T1155] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.262910][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 62.268477][ T1155] ret_from_fork+0x1f/0x30 [ 62.319834][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Tainted: G B 5.7.0-syzkaller #0 [ 62.329118][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.339169][ T21] Workqueue: netns cleanup_net [ 62.343925][ T21] Call Trace: [ 62.347212][ T21] dump_stack+0x18f/0x20d [ 62.351544][ T21] ? afs_wake_up_async_call+0x5f0/0x770 [ 62.357168][ T21] ? afs_put_call+0xa40/0xa40 [ 62.361846][ T21] panic+0x2e3/0x75c [ 62.365763][ T21] ? __warn_printk+0xf3/0xf3 [ 62.370359][ T21] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 62.376514][ T21] ? trace_hardirqs_on+0x55/0x220 [ 62.381536][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.387075][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.392617][ T21] ? afs_put_call+0xa40/0xa40 [ 62.397293][ T21] end_report+0x4d/0x53 [ 62.401458][ T21] kasan_report.cold+0xd/0x37 [ 62.406142][ T21] ? rcu_read_lock_held+0x81/0xb0 [ 62.411171][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.416710][ T21] afs_wake_up_async_call+0x6aa/0x770 [ 62.422077][ T21] ? afs_close_socket+0x320/0x320 [ 62.427104][ T21] ? afs_put_call+0xa40/0xa40 [ 62.431779][ T21] rxrpc_notify_socket+0x1db/0x5d0 [ 62.436884][ T21] ? afs_put_call+0xa40/0xa40 [ 62.441551][ T21] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 62.447953][ T21] rxrpc_call_completed+0xca/0xf0 [ 62.452980][ T21] rxrpc_discard_prealloc+0x781/0xab0 [ 62.458352][ T21] ? lock_sock_nested+0x94/0x110 executing program [ 62.463280][ T21] rxrpc_listen+0x147/0x360 [ 62.467890][ T21] afs_close_socket+0x95/0x320 [ 62.472641][ T21] ? afs_purge_servers+0x16d/0x300 [ 62.477749][ T21] ? afs_rx_discard_new_call+0x50/0x50 [ 62.483208][ T21] ? init_wait_var_entry+0x200/0x200 [ 62.488489][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.494111][ T21] ? check_preemption_disabled+0x38/0x220 [ 62.499822][ T21] afs_net_exit+0x1bc/0x310 [ 62.504320][ T21] ? afs_net_init+0xe30/0xe30 [ 62.508984][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 62.514091][ T21] cleanup_net+0x511/0xa50 [ 62.518502][ T21] ? unregister_pernet_device+0x70/0x70 [ 62.524033][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.530002][ T21] process_one_work+0x965/0x1690 [ 62.534916][ T21] ? lock_release+0x800/0x800 [ 62.539576][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.544938][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 62.549867][ T21] worker_thread+0x96/0xe10 [ 62.554364][ T21] ? process_one_work+0x1690/0x1690 [ 62.559551][ T21] kthread+0x3b5/0x4a0 [ 62.563608][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.569315][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.575035][ T21] ret_from_fork+0x1f/0x30 [ 62.580628][ T21] Kernel Offset: disabled [ 62.584943][ T21] Rebooting in 86400 seconds..