[ 50.530866][ T76] ? lock_release+0x800/0x800 [ 50.535544][ T76] ? pwq_dec_nr_in_flight+0x310/0x310 [ 50.540921][ T76] ? rwlock_bug.part.0+0x90/0x90 [ 50.545876][ T76] worker_thread+0x96/0xe10 [ 50.550405][ T76] ? process_one_work+0x1690/0x1690 [ 50.555876][ T76] kthread+0x3b5/0x4a0 [ 50.559946][ T76] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 50.565663][ T76] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 50.571389][ T76] ret_from_fork+0x1f/0x30 [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ 53.370461][ T6736] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6736 [ 53.380084][ T6736] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 53.387956][ T6736] CPU: 0 PID: 6736 Comm: systemd-rfkill Not tainted 5.7.0-next-20200612-syzkaller #0 [ 53.397406][ T6736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.407443][ T6736] Call Trace: [ 53.410732][ T6736] dump_stack+0x18f/0x20d [ 53.415046][ T6736] check_preemption_disabled+0x20d/0x220 [ 53.420666][ T6736] ext4_mb_new_blocks+0xa4d/0x3b70 [ 53.427327][ T6736] ? ext4_ext_search_right+0x2ca/0xb20 [ 53.432853][ T6736] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 53.438573][ T6736] ext4_ext_map_blocks+0x201b/0x33e0 [ 53.443841][ T6736] ? ext4_ext_release+0x10/0x10 [ 53.449139][ T6736] ? down_write_killable+0x170/0x170 [ 53.454663][ T6736] ? ext4_es_lookup_extent+0x41d/0xd10 [ 53.460111][ T6736] ext4_map_blocks+0x4cb/0x1640 [ 53.464957][ T6736] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 53.470134][ T6736] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 53.475669][ T6736] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 53.481625][ T6736] ? prandom_u32_state+0xe/0x170 [ 53.486541][ T6736] ? __brelse+0x84/0xa0 [ 53.490696][ T6736] ? __ext4_new_inode+0x144/0x55e0 [ 53.495803][ T6736] ext4_getblk+0xad/0x520 [ 53.500118][ T6736] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 53.505834][ T6736] ? ext4_free_inode+0x1700/0x1700 [ 53.510937][ T6736] ext4_bread+0x7c/0x380 [ 53.515162][ T6736] ? ext4_getblk+0x520/0x520 [ 53.519743][ T6736] ? dquot_get_next_dqblk+0x180/0x180 [ 53.525095][ T6736] ext4_append+0x153/0x360 [ 53.529490][ T6736] ext4_mkdir+0x5e0/0xdf0 [ 53.533815][ T6736] ? ext4_rmdir+0xde0/0xde0 [ 53.538304][ T6736] ? security_inode_permission+0xc4/0xf0 [ 53.543922][ T6736] vfs_mkdir+0x419/0x690 [ 53.548148][ T6736] do_mkdirat+0x21e/0x280 [ 53.552605][ T6736] ? __ia32_sys_mknod+0xb0/0xb0 [ 53.557441][ T6736] ? do_syscall_64+0x1c/0xe0 [ 53.562013][ T6736] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 53.567980][ T6736] do_syscall_64+0x60/0xe0 [ 53.572385][ T6736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 53.578265][ T6736] RIP: 0033:0x7f8edd81b687 [ 53.582658][ T6736] Code: Bad RIP value. [ 53.586721][ T6736] RSP: 002b:00007ffcc6938a38 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 53.595118][ T6736] RAX: ffffffffffffffda RBX: 00005581818f8985 RCX: 00007f8edd81b687 [ 53.603066][ T6736] RDX: 00007ffcc6938900 RSI: 00000000000001ed RDI: 00005581818f8985 [ 53.611015][ T6736] RBP: 00007f8edd81b680 R08: 0000000000000100 R09: 0000000000000000 [ 53.618961][ T6736] R10: 00005581818f8980 R11: 0000000000000246 R12: 00000000000001ed [ 53.626917][ T6736] R13: 00007ffcc6938bc0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 55.852290][ T221] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:4/221 [ 55.861552][ T221] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 55.867581][ T221] CPU: 0 PID: 221 Comm: kworker/u4:4 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 55.876766][ T221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.886812][ T221] Workqueue: writeback wb_workfn (flush-8:0) [ 55.892769][ T221] Call Trace: [ 55.896052][ T221] dump_stack+0x18f/0x20d [ 55.900369][ T221] check_preemption_disabled+0x20d/0x220 [ 55.905981][ T221] ext4_mb_new_blocks+0xa4d/0x3b70 [ 55.911067][ T221] ? ext4_find_extent+0x81a/0xad0 [ 55.916086][ T221] ? ext4_ext_search_right+0x2ca/0xb20 [ 55.921521][ T221] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 55.927221][ T221] ext4_ext_map_blocks+0x201b/0x33e0 [ 55.932486][ T221] ? ext4_ext_release+0x10/0x10 [ 55.937355][ T221] ? down_write_killable+0x170/0x170 [ 55.943582][ T221] ? ext4_es_lookup_extent+0x41d/0xd10 [ 55.949030][ T221] ext4_map_blocks+0x4cb/0x1640 [ 55.953861][ T221] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 55.959050][ T221] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 55.964573][ T221] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 55.970527][ T221] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 55.975992][ T221] ext4_writepages+0x1a83/0x33c0 [ 55.980936][ T221] ? __ext4_mark_inode_dirty+0x940/0x940 [ 55.986547][ T221] ? __lock_acquire+0x2224/0x48b0 [ 55.991555][ T221] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 55.997510][ T221] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.003478][ T221] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.009447][ T221] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.015061][ T221] ? do_writepages+0xf3/0x2a0 [ 56.019710][ T221] do_writepages+0xf3/0x2a0 [ 56.024193][ T221] ? page_writeback_cpu_online+0x10/0x10 [ 56.029815][ T221] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.035338][ T221] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.041290][ T221] ? lock_downgrade+0x840/0x840 [ 56.046124][ T221] __writeback_single_inode+0x12a/0x13d0 [ 56.051744][ T221] ? _raw_spin_unlock+0x24/0x40 [ 56.056582][ T221] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 56.062539][ T221] writeback_sb_inodes+0x515/0xdc0 [ 56.067642][ T221] ? __writeback_single_inode+0x13d0/0x13d0 [ 56.073630][ T221] __writeback_inodes_wb+0xc3/0x250 [ 56.078808][ T221] wb_writeback+0x8c8/0xd40 [ 56.083316][ T221] ? writeback_inodes_wb.constprop.0+0x190/0x190 [ 56.089624][ T221] ? cpumask_next+0x3c/0x40 [ 56.094102][ T221] ? get_nr_dirty_inodes+0xd6/0x130 [ 56.099289][ T221] wb_workfn+0xab3/0x1090 [ 56.103653][ T221] ? inode_wait_for_writeback+0x30/0x30 [ 56.109179][ T221] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.114700][ T221] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.120660][ T221] process_one_work+0x965/0x1690 [ 56.125577][ T221] ? lock_release+0x800/0x800 [ 56.130239][ T221] ? pwq_dec_nr_in_flight+0x310/0x310 [ 56.135586][ T221] ? rwlock_bug.part.0+0x90/0x90 [ 56.140516][ T221] worker_thread+0x96/0xe10 [ 56.145144][ T221] ? process_one_work+0x1690/0x1690 [ 56.150332][ T221] kthread+0x3b5/0x4a0 [ 56.154388][ T221] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.160087][ T221] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.165789][ T221] ret_from_fork+0x1f/0x30 [ 56.172065][ T221] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:4/221 [ 56.181383][ T221] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.187404][ T221] CPU: 0 PID: 221 Comm: kworker/u4:4 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 56.196584][ T221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.206627][ T221] Workqueue: writeback wb_workfn (flush-8:0) [ 56.212595][ T221] Call Trace: [ 56.215881][ T221] dump_stack+0x18f/0x20d [ 56.220224][ T221] check_preemption_disabled+0x20d/0x220 [ 56.225851][ T221] ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.231044][ T221] ? ext4_find_extent+0x81a/0xad0 [ 56.236053][ T221] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.241491][ T221] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 56.247194][ T221] ext4_ext_map_blocks+0x201b/0x33e0 [ 56.252477][ T221] ? ext4_ext_release+0x10/0x10 [ 56.257316][ T221] ? down_write_killable+0x170/0x170 [ 56.262576][ T221] ? ext4_es_lookup_extent+0x41d/0xd10 [ 56.268016][ T221] ext4_map_blocks+0x4cb/0x1640 [ 56.273045][ T221] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 56.278228][ T221] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.283766][ T221] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.289767][ T221] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 56.295213][ T221] ext4_writepages+0x1a83/0x33c0 [ 56.300144][ T221] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.305770][ T221] ? __lock_acquire+0x2224/0x48b0 [ 56.310784][ T221] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.316841][ T221] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.322800][ T221] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.328421][ T221] ? do_writepages+0xf3/0x2a0 [ 56.333073][ T221] do_writepages+0xf3/0x2a0 [ 56.337568][ T221] ? page_writeback_cpu_online+0x10/0x10 [ 56.343208][ T221] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.348742][ T221] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.354816][ T221] ? lock_downgrade+0x840/0x840 [ 56.359669][ T221] __writeback_single_inode+0x12a/0x13d0 [ 56.365292][ T221] ? _raw_spin_unlock+0x24/0x40 [ 56.370134][ T221] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 56.376093][ T221] writeback_sb_inodes+0x515/0xdc0 [ 56.381189][ T221] ? __writeback_single_inode+0x13d0/0x13d0 [ 56.387070][ T221] __writeback_inodes_wb+0xc3/0x250 [ 56.392449][ T221] wb_writeback+0x8c8/0xd40 [ 56.396948][ T221] ? writeback_inodes_wb.constprop.0+0x190/0x190 [ 56.403269][ T221] ? cpumask_next+0x3c/0x40 [ 56.407767][ T221] ? get_nr_dirty_inodes+0xd6/0x130 [ 56.412956][ T221] wb_workfn+0xab3/0x1090 [ 56.417272][ T221] ? inode_wait_for_writeback+0x30/0x30 [ 56.422797][ T221] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.428335][ T221] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.434303][ T221] process_one_work+0x965/0x1690 [ 56.439230][ T221] ? lock_release+0x800/0x800 [ 56.443883][ T221] ? pwq_dec_nr_in_flight+0x310/0x310 [ 56.449262][ T221] ? rwlock_bug.part.0+0x90/0x90 [ 56.454190][ T221] worker_thread+0x96/0xe10 [ 56.458676][ T221] ? process_one_work+0x1690/0x1690 [ 56.463851][ T221] kthread+0x3b5/0x4a0 [ 56.468027][ T221] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.473739][ T221] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.481232][ T221] ret_from_fork+0x1f/0x30 [ 56.486743][ T221] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:4/221 [ 56.495973][ T221] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.501960][ T221] CPU: 0 PID: 221 Comm: kworker/u4:4 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 56.511135][ T221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.521188][ T221] Workqueue: writeback wb_workfn (flush-8:0) [ 56.527157][ T221] Call Trace: [ 56.530475][ T221] dump_stack+0x18f/0x20d [ 56.534805][ T221] check_preemption_disabled+0x20d/0x220 [ 56.540432][ T221] ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.545519][ T221] ? ext4_find_extent+0x81a/0xad0 [ 56.550523][ T221] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.555956][ T221] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 56.561654][ T221] ext4_ext_map_blocks+0x201b/0x33e0 [ 56.566919][ T221] ? ext4_ext_release+0x10/0x10 [ 56.571782][ T221] ? down_write_killable+0x170/0x170 [ 56.577049][ T221] ? ext4_es_lookup_extent+0x41d/0xd10 [ 56.582488][ T221] ext4_map_blocks+0x4cb/0x1640 [ 56.587317][ T221] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 56.592495][ T221] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.598026][ T221] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.603981][ T221] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 56.609426][ T221] ext4_writepages+0x1a83/0x33c0 [ 56.614361][ T221] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.619980][ T221] ? __lock_acquire+0x2224/0x48b0 [ 56.624989][ T221] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.631035][ T221] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.636991][ T221] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.642608][ T221] ? do_writepages+0xf3/0x2a0 [ 56.647269][ T221] do_writepages+0xf3/0x2a0 [ 56.651760][ T221] ? page_writeback_cpu_online+0x10/0x10 [ 56.657423][ T221] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.662960][ T221] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.668934][ T221] ? lock_downgrade+0x840/0x840 [ 56.673781][ T221] __writeback_single_inode+0x12a/0x13d0 [ 56.679399][ T221] ? _raw_spin_unlock+0x24/0x40 [ 56.684228][ T221] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 56.690185][ T221] writeback_sb_inodes+0x515/0xdc0 [ 56.695282][ T221] ? __writeback_single_inode+0x13d0/0x13d0 [ 56.701185][ T221] __writeback_inodes_wb+0xc3/0x250 [ 56.706362][ T221] wb_writeback+0x8c8/0xd40 [ 56.710846][ T221] ? writeback_inodes_wb.constprop.0+0x190/0x190 [ 56.717178][ T221] ? cpumask_next+0x3c/0x40 [ 56.721667][ T221] ? get_nr_dirty_inodes+0xd6/0x130 [ 56.726853][ T221] wb_workfn+0xab3/0x1090 [ 56.731191][ T221] ? inode_wait_for_writeback+0x30/0x30 [ 56.736715][ T221] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.742255][ T221] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.748215][ T221] process_one_work+0x965/0x1690 [ 56.753131][ T221] ? lock_release+0x800/0x800 [ 56.757795][ T221] ? pwq_dec_nr_in_flight+0x310/0x310 [ 56.763172][ T221] ? rwlock_bug.part.0+0x90/0x90 [ 56.768101][ T221] worker_thread+0x96/0xe10 [ 56.772585][ T221] ? process_one_work+0x1690/0x1690 [ 56.777771][ T221] kthread+0x3b5/0x4a0 [ 56.781812][ T221] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.787505][ T221] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.793199][ T221] ret_from_fork+0x1f/0x30 [ 56.799124][ T221] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:4/221 [ 56.808348][ T221] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.814346][ T221] CPU: 0 PID: 221 Comm: kworker/u4:4 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 56.823534][ T221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.833575][ T221] Workqueue: writeback wb_workfn (flush-8:0) [ 56.839536][ T221] Call Trace: [ 56.842804][ T221] dump_stack+0x18f/0x20d [ 56.847126][ T221] check_preemption_disabled+0x20d/0x220 [ 56.852745][ T221] ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.857830][ T221] ? ext4_find_extent+0x81a/0xad0 [ 56.862834][ T221] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.868271][ T221] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 56.873979][ T221] ext4_ext_map_blocks+0x201b/0x33e0 [ 56.879273][ T221] ? ext4_ext_release+0x10/0x10 [ 56.884118][ T221] ? down_write_killable+0x170/0x170 [ 56.889392][ T221] ? ext4_es_lookup_extent+0x41d/0xd10 [ 56.894830][ T221] ext4_map_blocks+0x4cb/0x1640 [ 56.899672][ T221] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 56.904868][ T221] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.910387][ T221] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.916343][ T221] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 56.921790][ T221] ext4_writepages+0x1a83/0x33c0 [ 56.926721][ T221] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.932330][ T221] ? __lock_acquire+0x2224/0x48b0 [ 56.937337][ T221] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.943313][ T221] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.949271][ T221] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.954881][ T221] ? do_writepages+0xf3/0x2a0 [ 56.959532][ T221] do_writepages+0xf3/0x2a0 [ 56.964014][ T221] ? page_writeback_cpu_online+0x10/0x10 [ 56.969628][ T221] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.975149][ T221] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.981102][ T221] ? lock_downgrade+0x840/0x840 [ 56.985946][ T221] __writeback_single_inode+0x12a/0x13d0 [ 56.991565][ T221] ? _raw_spin_unlock+0x24/0x40 [ 56.996390][ T221] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 57.002345][ T221] writeback_sb_inodes+0x515/0xdc0 [ 57.007441][ T221] ? __writeback_single_inode+0x13d0/0x13d0 [ 57.013337][ T221] __writeback_inodes_wb+0xc3/0x250 [ 57.018515][ T221] wb_writeback+0x8c8/0xd40 [ 57.022998][ T221] ? writeback_inodes_wb.constprop.0+0x190/0x190 [ 57.029311][ T221] ? cpumask_next+0x3c/0x40 [ 57.033791][ T221] ? get_nr_dirty_inodes+0xd6/0x130 [ 57.038971][ T221] wb_workfn+0xab3/0x1090 [ 57.043280][ T221] ? inode_wait_for_writeback+0x30/0x30 [ 57.048806][ T221] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.054346][ T221] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.060304][ T221] process_one_work+0x965/0x1690 [ 57.065222][ T221] ? lock_release+0x800/0x800 [ 57.069887][ T221] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.075248][ T221] ? rwlock_bug.part.0+0x90/0x90 [ 57.080177][ T221] worker_thread+0x96/0xe10 [ 57.084683][ T221] ? process_one_work+0x1690/0x1690 [ 57.089865][ T221] kthread+0x3b5/0x4a0 [ 57.093913][ T221] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.099614][ T221] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.105318][ T221] ret_from_fork+0x1f/0x30 [ 57.110528][ T221] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:4/221 [ 57.119745][ T221] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.125764][ T221] CPU: 0 PID: 221 Comm: kworker/u4:4 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 57.134943][ T221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.145167][ T221] Workqueue: writeback wb_workfn (flush-8:0) [ 57.151159][ T221] Call Trace: [ 57.154437][ T221] dump_stack+0x18f/0x20d [ 57.158762][ T221] check_preemption_disabled+0x20d/0x220 [ 57.164373][ T221] ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.169470][ T221] ? ext4_find_extent+0x81a/0xad0 [ 57.174474][ T221] ? ext4_ext_search_right+0x2ca/0xb20 [ 57.180026][ T221] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 57.187574][ T221] ext4_ext_map_blocks+0x201b/0x33e0 [ 57.192861][ T221] ? ext4_ext_release+0x10/0x10 [ 57.197715][ T221] ? down_write_killable+0x170/0x170 [ 57.202983][ T221] ? ext4_es_lookup_extent+0x41d/0xd10 [ 57.208438][ T221] ext4_map_blocks+0x4cb/0x1640 [ 57.213277][ T221] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 57.218565][ T221] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.224103][ T221] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.230056][ T221] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 57.235493][ T221] ext4_writepages+0x1a83/0x33c0 [ 57.240417][ T221] ? __ext4_mark_inode_dirty+0x940/0x940 [ 57.246044][ T221] ? __lock_acquire+0x2224/0x48b0 [ 57.251056][ T221] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.257027][ T221] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.262986][ T221] ? __ext4_mark_inode_dirty+0x940/0x940 [ 57.268609][ T221] ? do_writepages+0xf3/0x2a0 [ 57.273261][ T221] do_writepages+0xf3/0x2a0 [ 57.277744][ T221] ? page_writeback_cpu_online+0x10/0x10 [ 57.283358][ T221] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.288890][ T221] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.294848][ T221] ? lock_downgrade+0x840/0x840 [ 57.299678][ T221] __writeback_single_inode+0x12a/0x13d0 [ 57.305287][ T221] ? _raw_spin_unlock+0x24/0x40 [ 57.310129][ T221] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 57.316085][ T221] writeback_sb_inodes+0x515/0xdc0 [ 57.321207][ T221] ? __writeback_single_inode+0x13d0/0x13d0 [ 57.327099][ T221] __writeback_inodes_wb+0xc3/0x250 [ 57.332291][ T221] wb_writeback+0x8c8/0xd40 [ 57.336793][ T221] ? writeback_inodes_wb.constprop.0+0x190/0x190 [ 57.343137][ T221] ? cpumask_next+0x3c/0x40 [ 57.347630][ T221] ? get_nr_dirty_inodes+0xd6/0x130 [ 57.352821][ T221] wb_workfn+0xab3/0x1090 [ 57.357142][ T221] ? inode_wait_for_writeback+0x30/0x30 [ 57.362671][ T221] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.368191][ T221] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.374150][ T221] process_one_work+0x965/0x1690 [ 57.379167][ T221] ? lock_release+0x800/0x800 [ 57.383839][ T221] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.389279][ T221] ? rwlock_bug.part.0+0x90/0x90 [ 57.394202][ T221] worker_thread+0x96/0xe10 [ 57.398732][ T221] ? process_one_work+0x1690/0x1690 [ 57.403908][ T221] kthread+0x3b5/0x4a0 [ 57.407999][ T221] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.413692][ T221] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.419391][ T221] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.1.16' (ECDSA) to the list of known hosts. 2020/06/12 04:01:17 fuzzer started 2020/06/12 04:01:17 connecting to host at 10.128.0.26:36353 2020/06/12 04:01:17 checking machine... 2020/06/12 04:01:17 checking revisions... 2020/06/12 04:01:17 testing simple program... [ 58.944053][ T6804] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6804 [ 58.953223][ T6804] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.959113][ T6804] CPU: 1 PID: 6804 Comm: syz-fuzzer Not tainted 5.7.0-next-20200612-syzkaller #0 [ 58.968202][ T6804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.978244][ T6804] Call Trace: [ 58.981544][ T6804] dump_stack+0x18f/0x20d [ 58.985867][ T6804] check_preemption_disabled+0x20d/0x220 [ 58.991485][ T6804] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.996581][ T6804] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.002014][ T6804] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.007723][ T6804] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.012988][ T6804] ? ext4_ext_release+0x10/0x10 [ 59.017826][ T6804] ? down_write_killable+0x170/0x170 [ 59.023094][ T6804] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.028534][ T6804] ext4_map_blocks+0x4cb/0x1640 [ 59.033378][ T6804] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.038566][ T6804] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.044085][ T6804] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.050084][ T6804] ? prandom_u32_state+0xe/0x170 [ 59.055001][ T6804] ? __brelse+0x84/0xa0 [ 59.059132][ T6804] ? __ext4_new_inode+0x144/0x55e0 [ 59.064239][ T6804] ext4_getblk+0xad/0x520 [ 59.068546][ T6804] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.074245][ T6804] ? ext4_free_inode+0x1700/0x1700 [ 59.079346][ T6804] ext4_bread+0x7c/0x380 [ 59.083566][ T6804] ? ext4_getblk+0x520/0x520 [ 59.088134][ T6804] ? dquot_get_next_dqblk+0x180/0x180 [ 59.093504][ T6804] ext4_append+0x153/0x360 [ 59.097900][ T6804] ext4_mkdir+0x5e0/0xdf0 [ 59.102221][ T6804] ? ext4_rmdir+0xde0/0xde0 [ 59.106712][ T6804] ? security_inode_permission+0xc4/0xf0 [ 59.112326][ T6804] vfs_mkdir+0x419/0x690 [ 59.116548][ T6804] do_mkdirat+0x21e/0x280 [ 59.120853][ T6804] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.125685][ T6804] ? do_syscall_64+0x1c/0xe0 [ 59.130264][ T6804] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.136220][ T6804] do_syscall_64+0x60/0xe0 [ 59.140612][ T6804] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.146490][ T6804] RIP: 0033:0x4b02a0 [ 59.150359][ T6804] Code: Bad RIP value. [ 59.154527][ T6804] RSP: 002b:000000c0000d74b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 59.162929][ T6804] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 59.170892][ T6804] RDX: 00000000000001c0 RSI: 000000c000308940 RDI: ffffffffffffff9c [ 59.178843][ T6804] RBP: 000000c0000d7510 R08: 0000000000000000 R09: 0000000000000000 [ 59.186807][ T6804] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 59.194791][ T6804] R13: 000000000000004b R14: 000000000000004a R15: 0000000000000100 [ 59.226836][ T6818] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6818 [ 59.236290][ T6818] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.242287][ T6818] CPU: 0 PID: 6818 Comm: syz-executor.0 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 59.251759][ T6818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.261797][ T6818] Call Trace: [ 59.265076][ T6818] dump_stack+0x18f/0x20d [ 59.269426][ T6818] check_preemption_disabled+0x20d/0x220 [ 59.275042][ T6818] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.280202][ T6818] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.285685][ T6818] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.291513][ T6818] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.296788][ T6818] ? ext4_ext_release+0x10/0x10 [ 59.301634][ T6818] ? down_write_killable+0x170/0x170 [ 59.306907][ T6818] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.312351][ T6818] ext4_map_blocks+0x4cb/0x1640 [ 59.317194][ T6818] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.322372][ T6818] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.327898][ T6818] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.333862][ T6818] ? prandom_u32_state+0xe/0x170 [ 59.338777][ T6818] ? __brelse+0x84/0xa0 [ 59.342952][ T6818] ? __ext4_new_inode+0x144/0x55e0 [ 59.348050][ T6818] ext4_getblk+0xad/0x520 [ 59.352408][ T6818] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.358142][ T6818] ? ext4_free_inode+0x1700/0x1700 [ 59.363272][ T6818] ext4_bread+0x7c/0x380 [ 59.367495][ T6818] ? ext4_getblk+0x520/0x520 [ 59.372077][ T6818] ? dquot_get_next_dqblk+0x180/0x180 [ 59.377446][ T6818] ext4_append+0x153/0x360 [ 59.381859][ T6818] ext4_mkdir+0x5e0/0xdf0 [ 59.386202][ T6818] ? ext4_rmdir+0xde0/0xde0 [ 59.390847][ T6818] ? security_inode_permission+0xc4/0xf0 [ 59.396640][ T6818] vfs_mkdir+0x419/0x690 [ 59.400869][ T6818] do_mkdirat+0x21e/0x280 [ 59.405184][ T6818] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.410032][ T6818] ? do_syscall_64+0x1c/0xe0 [ 59.414615][ T6818] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.420737][ T6818] do_syscall_64+0x60/0xe0 [ 59.425137][ T6818] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.431022][ T6818] RIP: 0033:0x45bee7 [ 59.434890][ T6818] Code: Bad RIP value. [ 59.438933][ T6818] RSP: 002b:00007ffd9ca88508 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.447320][ T6818] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 59.455288][ T6818] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007ffd9ca886e0 [ 59.463237][ T6818] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002c00 [ 59.471363][ T6818] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 59.479315][ T6818] R13: 00007ffd9ca886e0 R14: 8421084210842109 R15: 00007ffd9ca886ec [ 59.560480][ T6819] IPVS: ftp: loaded support on port[0] = 21 [ 59.595302][ T6819] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6819 [ 59.605044][ T6819] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.611038][ T6819] CPU: 1 PID: 6819 Comm: syz-executor.0 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 59.620555][ T6819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.630589][ T6819] Call Trace: [ 59.633875][ T6819] dump_stack+0x18f/0x20d [ 59.638200][ T6819] check_preemption_disabled+0x20d/0x220 [ 59.643811][ T6819] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.648906][ T6819] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.654340][ T6819] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.660036][ T6819] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.665309][ T6819] ? ext4_ext_release+0x10/0x10 [ 59.670160][ T6819] ? down_write_killable+0x170/0x170 [ 59.675429][ T6819] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.680876][ T6819] ext4_map_blocks+0x4cb/0x1640 [ 59.685715][ T6819] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.690893][ T6819] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.696428][ T6819] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.702383][ T6819] ? prandom_u32_state+0xe/0x170 [ 59.707298][ T6819] ? __brelse+0x84/0xa0 [ 59.711439][ T6819] ? __ext4_new_inode+0x144/0x55e0 [ 59.716538][ T6819] ext4_getblk+0xad/0x520 [ 59.720844][ T6819] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.726541][ T6819] ? ext4_free_inode+0x1700/0x1700 [ 59.731628][ T6819] ext4_bread+0x7c/0x380 [ 59.735843][ T6819] ? ext4_getblk+0x520/0x520 [ 59.740423][ T6819] ? dquot_get_next_dqblk+0x180/0x180 [ 59.745826][ T6819] ext4_append+0x153/0x360 [ 59.750228][ T6819] ext4_mkdir+0x5e0/0xdf0 [ 59.754583][ T6819] ? ext4_rmdir+0xde0/0xde0 [ 59.759073][ T6819] ? security_inode_permission+0xc4/0xf0 [ 59.764704][ T6819] vfs_mkdir+0x419/0x690 [ 59.768932][ T6819] do_mkdirat+0x21e/0x280 [ 59.773241][ T6819] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.778067][ T6819] ? do_syscall_64+0x1c/0xe0 [ 59.782646][ T6819] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.788603][ T6819] do_syscall_64+0x60/0xe0 [ 59.793009][ T6819] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.798892][ T6819] RIP: 0033:0x45bee7 [ 59.802768][ T6819] Code: Bad RIP value. [ 59.806808][ T6819] RSP: 002b:00007ffd9ca883f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 59.815193][ T6819] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 59.823137][ T6819] RDX: 00007ffd9ca88443 RSI: 00000000000001ff RDI: 00007ffd9ca88440 [ 59.832043][ T6819] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 59.839998][ T6819] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 59.847954][ T6819] R13: 00007ffd9ca88430 R14: 0000000000000000 R15: 00007ffd9ca88440 [ 59.896547][ T6819] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6819 [ 59.906145][ T6819] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.912283][ T6819] CPU: 1 PID: 6819 Comm: syz-executor.0 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 59.921734][ T6819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.931877][ T6819] Call Trace: [ 59.935173][ T6819] dump_stack+0x18f/0x20d [ 59.939518][ T6819] check_preemption_disabled+0x20d/0x220 [ 59.945156][ T6819] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.950285][ T6819] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.955749][ T6819] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.961488][ T6819] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.966807][ T6819] ? ext4_ext_release+0x10/0x10 [ 59.971708][ T6819] ? down_write_killable+0x170/0x170 [ 59.977055][ T6819] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.982518][ T6819] ext4_map_blocks+0x4cb/0x1640 [ 59.987368][ T6819] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.992544][ T6819] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.998073][ T6819] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.004039][ T6819] ? prandom_u32_state+0xe/0x170 [ 60.008955][ T6819] ? __brelse+0x84/0xa0 [ 60.013087][ T6819] ? __ext4_new_inode+0x144/0x55e0 [ 60.018176][ T6819] ext4_getblk+0xad/0x520 [ 60.022496][ T6819] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.028193][ T6819] ? ext4_free_inode+0x1700/0x1700 [ 60.033282][ T6819] ext4_bread+0x7c/0x380 [ 60.037504][ T6819] ? ext4_getblk+0x520/0x520 [ 60.042082][ T6819] ? dquot_get_next_dqblk+0x180/0x180 [ 60.047437][ T6819] ext4_append+0x153/0x360 [ 60.051832][ T6819] ext4_mkdir+0x5e0/0xdf0 [ 60.056139][ T6819] ? ext4_rmdir+0xde0/0xde0 [ 60.060620][ T6819] ? security_inode_permission+0xc4/0xf0 [ 60.066245][ T6819] vfs_mkdir+0x419/0x690 [ 60.071872][ T6819] do_mkdirat+0x21e/0x280 [ 60.076182][ T6819] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.081023][ T6819] ? do_syscall_64+0x1c/0xe0 [ 60.085603][ T6819] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.091569][ T6819] do_syscall_64+0x60/0xe0 [ 60.095969][ T6819] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.101848][ T6819] RIP: 0033:0x45bee7 [ 60.105726][ T6819] Code: Bad RIP value. [ 60.109767][ T6819] RSP: 002b:00007ffd9ca883f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 60.118598][ T6819] RAX: ffffffffffffffda RBX: 000000000000e9f6 RCX: 000000000045bee7 [ 60.126567][ T6819] RDX: 00007ffd9ca88443 RSI: 00000000000001ff RDI: 00007ffd9ca88440 [ 60.134532][ T6819] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/12 04:01:19 building call list... [ 60.142495][ T6819] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 60.150440][ T6819] R13: 00007ffd9ca88430 R14: 000000000000e9f2 R15: 00007ffd9ca88440 [ 60.343691][ T1154] BUG: using smp_processor_id() in preemptible [00000000] code: khugepaged/1154 [ 60.353027][ T1154] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.359161][ T1154] CPU: 0 PID: 1154 Comm: khugepaged Not tainted 5.7.0-next-20200612-syzkaller #0 [ 60.368267][ T1154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.378332][ T1154] Call Trace: [ 60.381615][ T1154] dump_stack+0x18f/0x20d [ 60.385957][ T1154] check_preemption_disabled+0x20d/0x220 [ 60.391597][ T1154] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.396700][ T1154] ? ext4_find_extent+0x81a/0xad0 [ 60.401714][ T1154] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.407165][ T1154] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.412885][ T1154] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.418182][ T1154] ? ext4_ext_release+0x10/0x10 [ 60.423033][ T1154] ? down_write_killable+0x170/0x170 [ 60.428298][ T1154] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.433760][ T1154] ext4_map_blocks+0x4cb/0x1640 [ 60.438616][ T1154] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.443928][ T1154] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.449471][ T1154] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.455573][ T1154] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 60.461039][ T1154] ext4_writepages+0x1a83/0x33c0 [ 60.466096][ T1154] ? __ext4_mark_inode_dirty+0x940/0x940 [ 60.471747][ T1154] ? __lock_acquire+0x2224/0x48b0 [ 60.476794][ T1154] ? __ext4_mark_inode_dirty+0x940/0x940 [ 60.482419][ T1154] ? do_writepages+0xf3/0x2a0 [ 60.487203][ T1154] do_writepages+0xf3/0x2a0 [ 60.491716][ T1154] ? page_writeback_cpu_online+0x10/0x10 [ 60.497446][ T1154] ? do_raw_spin_lock+0x120/0x2d0 [ 60.502475][ T1154] ? do_raw_spin_unlock+0x171/0x260 [ 60.507677][ T1154] ? _raw_spin_unlock+0x24/0x40 [ 60.512640][ T1154] __filemap_fdatawrite_range+0x2aa/0x390 [ 60.518367][ T1154] ? collapse_file+0x35a2/0x4330 [ 60.523322][ T1154] ? delete_from_page_cache_batch+0xeb0/0xeb0 [ 60.529398][ T1154] ? _raw_spin_unlock_irq+0x1f/0x80 [ 60.534593][ T1154] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.540578][ T1154] collapse_file+0x35ac/0x4330 [ 60.545366][ T1154] ? collapse_huge_page+0x4350/0x4350 [ 60.550748][ T1154] ? khugepaged+0x2506/0x3fc0 [ 60.555431][ T1154] ? xas_find+0x31a/0x880 [ 60.559754][ T1154] ? check_preemption_disabled+0x38/0x220 [ 60.565475][ T1154] khugepaged+0x3041/0x3fc0 [ 60.570000][ T1154] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 60.575642][ T1154] ? lock_downgrade+0x840/0x840 [ 60.580481][ T1154] ? finish_wait+0x260/0x260 [ 60.585071][ T1154] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 60.590876][ T1154] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.596860][ T1154] ? __kthread_parkme+0x13f/0x1e0 [ 60.601881][ T1154] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 60.607521][ T1154] kthread+0x3b5/0x4a0 [ 60.611725][ T1154] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.617447][ T1154] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.623168][ T1154] ret_from_fork+0x1f/0x30 [ 60.649467][ T221] tipc: TX() has been purged, node left! [ 61.169436][ T221] ================================================================== [ 61.177693][ T221] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 61.185577][ T221] Write of size 1 at addr ffff8880a854b9e4 by task kworker/u4:4/221 [ 61.193536][ T221] [ 61.195866][ T221] CPU: 1 PID: 221 Comm: kworker/u4:4 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 61.205053][ T221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.215107][ T221] Workqueue: netns cleanup_net [ 61.219868][ T221] Call Trace: [ 61.223176][ T221] dump_stack+0x18f/0x20d [ 61.227508][ T221] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.233048][ T221] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.238587][ T221] ? afs_put_call+0xa40/0xa40 [ 61.243263][ T221] print_address_description.constprop.0.cold+0xd3/0x413 [ 61.250291][ T221] ? vprintk_func+0x97/0x1a6 [ 61.254882][ T221] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.260429][ T221] kasan_report.cold+0x1f/0x37 [ 61.265207][ T221] ? rcu_read_lock_held_common+0x41/0xa0 [ 61.270830][ T221] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.276371][ T221] afs_wake_up_async_call+0x6aa/0x770 [ 61.281735][ T221] ? afs_close_socket+0x320/0x320 [ 61.286765][ T221] ? afs_put_call+0xa40/0xa40 [ 61.291435][ T221] rxrpc_notify_socket+0x1db/0x5d0 [ 61.296543][ T221] ? afs_put_call+0xa40/0xa40 [ 61.301214][ T221] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 61.307629][ T221] rxrpc_call_completed+0xca/0xf0 [ 61.312653][ T221] rxrpc_discard_prealloc+0x781/0xab0 [ 61.318021][ T221] ? lock_sock_nested+0x94/0x110 [ 61.322957][ T221] rxrpc_listen+0x147/0x360 [ 61.327462][ T221] afs_close_socket+0x95/0x320 [ 61.332220][ T221] ? afs_purge_servers+0x16d/0x300 [ 61.337328][ T221] ? afs_rx_discard_new_call+0x50/0x50 [ 61.342824][ T221] ? init_wait_var_entry+0x200/0x200 [ 61.348119][ T221] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.353768][ T221] ? check_preemption_disabled+0x38/0x220 [ 61.359486][ T221] afs_net_exit+0x1bc/0x310 [ 61.363987][ T221] ? afs_net_init+0xe30/0xe30 [ 61.368669][ T221] ops_exit_list.isra.0+0xa8/0x150 [ 61.373780][ T221] cleanup_net+0x511/0xa50 [ 61.378195][ T221] ? unregister_pernet_device+0x70/0x70 [ 61.383754][ T221] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.389742][ T221] process_one_work+0x965/0x1690 [ 61.394690][ T221] ? lock_release+0x800/0x800 [ 61.399369][ T221] ? pwq_dec_nr_in_flight+0x310/0x310 [ 61.404742][ T221] ? rwlock_bug.part.0+0x90/0x90 [ 61.409688][ T221] worker_thread+0x96/0xe10 [ 61.414203][ T221] ? process_one_work+0x1690/0x1690 [ 61.419423][ T221] kthread+0x3b5/0x4a0 [ 61.423486][ T221] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.429200][ T221] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.435026][ T221] ret_from_fork+0x1f/0x30 [ 61.439524][ T221] [ 61.441859][ T221] Allocated by task 6819: [ 61.446205][ T221] save_stack+0x1b/0x40 [ 61.450374][ T221] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 61.455999][ T221] kmem_cache_alloc_trace+0x153/0x7d0 [ 61.461361][ T221] afs_alloc_call+0x55/0x630 [ 61.466030][ T221] afs_charge_preallocation+0xe9/0x2d0 [ 61.471481][ T221] afs_open_socket+0x292/0x360 [ 61.476237][ T221] afs_net_init+0xa6c/0xe30 [ 61.480728][ T221] ops_init+0xaf/0x420 [ 61.484787][ T221] setup_net+0x2de/0x860 [ 61.489023][ T221] copy_net_ns+0x293/0x590 [ 61.493520][ T221] create_new_namespaces+0x3fb/0xb30 [ 61.498797][ T221] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 61.504425][ T221] ksys_unshare+0x43d/0x8e0 [ 61.509008][ T221] __x64_sys_unshare+0x2d/0x40 [ 61.513764][ T221] do_syscall_64+0x60/0xe0 [ 61.518184][ T221] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.524077][ T221] [ 61.526412][ T221] Freed by task 221: [ 61.530302][ T221] save_stack+0x1b/0x40 [ 61.534449][ T221] __kasan_slab_free+0xf7/0x140 [ 61.539295][ T221] kfree+0x109/0x2b0 [ 61.543184][ T221] afs_put_call+0x585/0xa40 [ 61.547682][ T221] rxrpc_discard_prealloc+0x764/0xab0 [ 61.553044][ T221] rxrpc_listen+0x147/0x360 [ 61.557539][ T221] afs_close_socket+0x95/0x320 [ 61.562292][ T221] afs_net_exit+0x1bc/0x310 [ 61.566792][ T221] ops_exit_list.isra.0+0xa8/0x150 [ 61.571892][ T221] cleanup_net+0x511/0xa50 [ 61.576301][ T221] process_one_work+0x965/0x1690 [ 61.581235][ T221] worker_thread+0x96/0xe10 [ 61.585735][ T221] kthread+0x3b5/0x4a0 [ 61.589803][ T221] ret_from_fork+0x1f/0x30 [ 61.594211][ T221] [ 61.596892][ T221] The buggy address belongs to the object at ffff8880a854b800 [ 61.596892][ T221] which belongs to the cache kmalloc-1k of size 1024 [ 61.610969][ T221] The buggy address is located 484 bytes inside of [ 61.610969][ T221] 1024-byte region [ffff8880a854b800, ffff8880a854bc00) [ 61.624337][ T221] The buggy address belongs to the page: [ 61.629970][ T221] page:ffffea0002a152c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 61.639065][ T221] flags: 0xfffe0000000200(slab) [ 61.643919][ T221] raw: 00fffe0000000200 ffffea0002a4ffc8 ffffea0002a1ce48 ffff8880aa000c40 [ 61.652584][ T221] raw: 0000000000000000 ffff8880a854b000 0000000100000002 0000000000000000 [ 61.661173][ T221] page dumped because: kasan: bad access detected [ 61.667587][ T221] [ 61.669903][ T221] Memory state around the buggy address: [ 61.675528][ T221] ffff8880a854b880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.683580][ T221] ffff8880a854b900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.691634][ T221] >ffff8880a854b980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.699683][ T221] ^ [ 61.706872][ T221] ffff8880a854ba00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.714923][ T221] ffff8880a854ba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.722978][ T221] ================================================================== [ 61.731029][ T221] Disabling lock debugging due to kernel taint [ 61.737227][ T221] Kernel panic - not syncing: panic_on_warn set ... [ 61.743813][ T221] CPU: 1 PID: 221 Comm: kworker/u4:4 Tainted: G B 5.7.0-next-20200612-syzkaller #0 [ 61.754382][ T221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.764448][ T221] Workqueue: netns cleanup_net [ 61.769210][ T221] Call Trace: executing program [ 61.772498][ T221] dump_stack+0x18f/0x20d [ 61.776828][ T221] ? afs_wake_up_async_call+0x630/0x770 [ 61.782370][ T221] ? afs_put_call+0xa40/0xa40 [ 61.787049][ T221] panic+0x2e3/0x75c [ 61.790945][ T221] ? __warn_printk+0xf3/0xf3 [ 61.795541][ T221] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 61.801700][ T221] ? trace_hardirqs_on+0x55/0x220 [ 61.806722][ T221] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.812260][ T221] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.817816][ T221] ? afs_put_call+0xa40/0xa40 [ 61.822510][ T221] end_report+0x4d/0x53 [ 61.826669][ T221] kasan_report.cold+0xd/0x37 [ 61.831353][ T221] ? rcu_read_lock_held_common+0x41/0xa0 [ 61.836973][ T221] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.842508][ T221] afs_wake_up_async_call+0x6aa/0x770 [ 61.847908][ T221] ? afs_close_socket+0x320/0x320 [ 61.852924][ T221] ? afs_put_call+0xa40/0xa40 [ 61.857589][ T221] rxrpc_notify_socket+0x1db/0x5d0 [ 61.862689][ T221] ? afs_put_call+0xa40/0xa40 [ 61.867372][ T221] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 61.873778][ T221] rxrpc_call_completed+0xca/0xf0 [ 61.878790][ T221] rxrpc_discard_prealloc+0x781/0xab0 [ 61.884151][ T221] ? lock_sock_nested+0x94/0x110 [ 61.889078][ T221] rxrpc_listen+0x147/0x360 [ 61.893570][ T221] afs_close_socket+0x95/0x320 [ 61.898345][ T221] ? afs_purge_servers+0x16d/0x300 [ 61.903446][ T221] ? afs_rx_discard_new_call+0x50/0x50 [ 61.908895][ T221] ? init_wait_var_entry+0x200/0x200 [ 61.914175][ T221] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.919818][ T221] ? check_preemption_disabled+0x38/0x220 [ 61.925530][ T221] afs_net_exit+0x1bc/0x310 [ 61.930023][ T221] ? afs_net_init+0xe30/0xe30 [ 61.934695][ T221] ops_exit_list.isra.0+0xa8/0x150 [ 61.939800][ T221] cleanup_net+0x511/0xa50 [ 61.944209][ T221] ? unregister_pernet_device+0x70/0x70 [ 61.949750][ T221] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.955723][ T221] process_one_work+0x965/0x1690 [ 61.960660][ T221] ? lock_release+0x800/0x800 [ 61.965343][ T221] ? pwq_dec_nr_in_flight+0x310/0x310 [ 61.970713][ T221] ? rwlock_bug.part.0+0x90/0x90 [ 61.975653][ T221] worker_thread+0x96/0xe10 [ 61.980678][ T221] ? process_one_work+0x1690/0x1690 [ 61.985871][ T221] kthread+0x3b5/0x4a0 [ 61.989934][ T221] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.995646][ T221] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.001469][ T221] ret_from_fork+0x1f/0x30 [ 62.007126][ T221] Kernel Offset: disabled [ 62.011436][ T221] Rebooting in 86400 seconds..