[ 59.706992][ T6793] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6793 [ 59.716768][ T6793] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.722725][ T6793] CPU: 0 PID: 6793 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 59.731305][ T6793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.741341][ T6793] Call Trace: [ 59.744623][ T6793] dump_stack+0x18f/0x20d [ 59.748939][ T6793] check_preemption_disabled+0x20d/0x220 [ 59.754573][ T6793] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.759693][ T6793] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.765133][ T6793] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.770860][ T6793] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.776132][ T6793] ? ext4_ext_release+0x10/0x10 [ 59.780988][ T6793] ? down_write_killable+0x170/0x170 [ 59.786263][ T6793] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.791857][ T6793] ext4_map_blocks+0x4cb/0x1640 [ 59.796702][ T6793] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.801883][ T6793] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.807427][ T6793] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.813412][ T6793] ? prandom_u32_state+0xe/0x170 [ 59.818366][ T6793] ? __brelse+0x84/0xa0 [ 59.822520][ T6793] ? __ext4_new_inode+0x144/0x55e0 [ 59.827637][ T6793] ext4_getblk+0xad/0x520 [ 59.831952][ T6793] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.837668][ T6793] ? ext4_free_inode+0x1700/0x1700 [ 59.842762][ T6793] ext4_bread+0x7c/0x380 [ 59.846997][ T6793] ? ext4_getblk+0x520/0x520 [ 59.851579][ T6793] ? dquot_get_next_dqblk+0x180/0x180 [ 59.856949][ T6793] ext4_append+0x153/0x360 [ 59.861362][ T6793] ext4_mkdir+0x5e0/0xdf0 [ 59.865673][ T6793] ? ext4_rmdir+0xde0/0xde0 [ 59.870158][ T6793] ? security_inode_permission+0xc4/0xf0 [ 59.875787][ T6793] vfs_mkdir+0x419/0x690 [ 59.880011][ T6793] do_mkdirat+0x21e/0x280 [ 59.884321][ T6793] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.889150][ T6793] ? do_syscall_64+0x1c/0xe0 [ 59.893720][ T6793] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.899697][ T6793] do_syscall_64+0x60/0xe0 [ 59.904096][ T6793] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.909976][ T6793] RIP: 0033:0x7f4392ba6687 [ 59.914374][ T6793] Code: Bad RIP value. [ 59.918415][ T6793] RSP: 002b:00007fff751d8a78 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.926815][ T6793] RAX: ffffffffffffffda RBX: 00005583267b9985 RCX: 00007f4392ba6687 [ 59.934766][ T6793] RDX: 00007fff751d8940 RSI: 00000000000001ed RDI: 00005583267b9985 [ 59.942715][ T6793] RBP: 00007f4392ba6680 R08: 0000000000000100 R09: 0000000000000000 [ 59.950672][ T6793] R10: 00005583267b9980 R11: 0000000000000246 R12: 00000000000001ed [ 59.958620][ T6793] R13: 00007fff751d8c00 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 63.100001][ T102] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:3/102 [ 63.109326][ T102] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.115213][ T102] CPU: 0 PID: 102 Comm: kworker/u4:3 Not tainted 5.8.0-rc1-syzkaller #0 [ 63.123531][ T102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.133581][ T102] Workqueue: writeback wb_workfn (flush-8:0) [ 63.139558][ T102] Call Trace: [ 63.142832][ T102] dump_stack+0x18f/0x20d [ 63.147146][ T102] check_preemption_disabled+0x20d/0x220 [ 63.152778][ T102] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.157879][ T102] ? ext4_find_extent+0x81a/0xad0 [ 63.162887][ T102] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.168341][ T102] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.174067][ T102] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.179355][ T102] ? ext4_ext_release+0x10/0x10 [ 63.184202][ T102] ? down_write_killable+0x170/0x170 [ 63.189606][ T102] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.195060][ T102] ext4_map_blocks+0x4cb/0x1640 [ 63.199915][ T102] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 63.205155][ T102] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.210810][ T102] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.216772][ T102] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 63.222211][ T102] ext4_writepages+0x1a7b/0x33c0 [ 63.227165][ T102] ? __ext4_mark_inode_dirty+0x940/0x940 [ 63.232783][ T102] ? __lock_acquire+0x2224/0x48b0 [ 63.237807][ T102] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 63.243771][ T102] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 63.249734][ T102] ? __ext4_mark_inode_dirty+0x940/0x940 [ 63.255357][ T102] ? do_writepages+0xfa/0x2a0 [ 63.260024][ T102] do_writepages+0xfa/0x2a0 [ 63.264510][ T102] ? page_writeback_cpu_online+0x10/0x10 [ 63.270143][ T102] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.275682][ T102] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.281639][ T102] ? lock_downgrade+0x840/0x840 [ 63.286469][ T102] __writeback_single_inode+0x12a/0x13d0 [ 63.292079][ T102] ? _raw_spin_unlock+0x24/0x40 [ 63.296926][ T102] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 63.302884][ T102] writeback_sb_inodes+0x515/0xdc0 [ 63.307979][ T102] ? __writeback_single_inode+0x13d0/0x13d0 [ 63.313870][ T102] __writeback_inodes_wb+0xc3/0x250 [ 63.319051][ T102] wb_writeback+0x8db/0xd50 [ 63.323537][ T102] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 63.329849][ T102] ? cpumask_next+0x3c/0x40 [ 63.334338][ T102] ? get_nr_dirty_inodes+0xd6/0x130 [ 63.339530][ T102] wb_workfn+0x9bc/0x1090 [ 63.343857][ T102] ? inode_wait_for_writeback+0x30/0x30 [ 63.349401][ T102] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.354938][ T102] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.360916][ T102] process_one_work+0x965/0x1690 [ 63.365840][ T102] ? lock_release+0x800/0x800 [ 63.370591][ T102] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.375974][ T102] ? rwlock_bug.part.0+0x90/0x90 [ 63.380899][ T102] worker_thread+0x96/0xe10 [ 63.385410][ T102] ? process_one_work+0x1690/0x1690 [ 63.390702][ T102] kthread+0x3b5/0x4a0 [ 63.394764][ T102] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.400458][ T102] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.406262][ T102] ret_from_fork+0x1f/0x30 [ 63.414487][ T102] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:3/102 [ 63.423973][ T102] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.429968][ T102] CPU: 1 PID: 102 Comm: kworker/u4:3 Not tainted 5.8.0-rc1-syzkaller #0 [ 63.438334][ T102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.448387][ T102] Workqueue: writeback wb_workfn (flush-8:0) [ 63.454344][ T102] Call Trace: [ 63.457633][ T102] dump_stack+0x18f/0x20d [ 63.461950][ T102] check_preemption_disabled+0x20d/0x220 [ 63.467566][ T102] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.472659][ T102] ? ext4_find_extent+0x81a/0xad0 [ 63.477686][ T102] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.483185][ T102] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.488975][ T102] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.494426][ T102] ? ext4_ext_release+0x10/0x10 [ 63.499274][ T102] ? down_write_killable+0x170/0x170 [ 63.504543][ T102] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.509986][ T102] ext4_map_blocks+0x4cb/0x1640 [ 63.514824][ T102] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 63.520013][ T102] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.525558][ T102] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.531521][ T102] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 63.536980][ T102] ext4_writepages+0x1a7b/0x33c0 [ 63.541982][ T102] ? __ext4_mark_inode_dirty+0x940/0x940 [ 63.547621][ T102] ? __lock_acquire+0x2224/0x48b0 [ 63.552657][ T102] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 63.558622][ T102] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 63.564603][ T102] ? __ext4_mark_inode_dirty+0x940/0x940 [ 63.570226][ T102] ? do_writepages+0xfa/0x2a0 [ 63.574899][ T102] do_writepages+0xfa/0x2a0 [ 63.579400][ T102] ? page_writeback_cpu_online+0x10/0x10 [ 63.585014][ T102] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.590539][ T102] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.596512][ T102] ? lock_downgrade+0x840/0x840 [ 63.601361][ T102] __writeback_single_inode+0x12a/0x13d0 [ 63.606994][ T102] ? _raw_spin_unlock+0x24/0x40 [ 63.611926][ T102] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 63.617887][ T102] writeback_sb_inodes+0x515/0xdc0 [ 63.623001][ T102] ? __writeback_single_inode+0x13d0/0x13d0 [ 63.628932][ T102] __writeback_inodes_wb+0xc3/0x250 [ 63.634152][ T102] wb_writeback+0x8db/0xd50 [ 63.638829][ T102] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 63.646403][ T102] ? cpumask_next+0x3c/0x40 [ 63.650909][ T102] ? get_nr_dirty_inodes+0xd6/0x130 [ 63.656204][ T102] wb_workfn+0x9bc/0x1090 [ 63.660548][ T102] ? inode_wait_for_writeback+0x30/0x30 [ 63.666082][ T102] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.671914][ T102] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.677991][ T102] process_one_work+0x965/0x1690 [ 63.682933][ T102] ? lock_release+0x800/0x800 [ 63.687588][ T102] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.692942][ T102] ? rwlock_bug.part.0+0x90/0x90 [ 63.697864][ T102] worker_thread+0x96/0xe10 [ 63.702361][ T102] ? process_one_work+0x1690/0x1690 [ 63.707556][ T102] kthread+0x3b5/0x4a0 [ 63.711617][ T102] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.717327][ T102] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.723042][ T102] ret_from_fork+0x1f/0x30 [ 63.730260][ T102] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:3/102 [ 63.739519][ T102] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.745419][ T102] CPU: 1 PID: 102 Comm: kworker/u4:3 Not tainted 5.8.0-rc1-syzkaller #0 [ 63.753731][ T102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.763770][ T102] Workqueue: writeback wb_workfn (flush-8:0) [ 63.769737][ T102] Call Trace: [ 63.773022][ T102] dump_stack+0x18f/0x20d [ 63.777359][ T102] check_preemption_disabled+0x20d/0x220 [ 63.782967][ T102] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.788054][ T102] ? ext4_find_extent+0x81a/0xad0 [ 63.793093][ T102] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.798527][ T102] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.804230][ T102] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.809498][ T102] ? ext4_ext_release+0x10/0x10 [ 63.814351][ T102] ? down_write_killable+0x170/0x170 [ 63.819617][ T102] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.825069][ T102] ext4_map_blocks+0x4cb/0x1640 [ 63.829921][ T102] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 63.835101][ T102] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.840621][ T102] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.846577][ T102] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 63.852032][ T102] ext4_writepages+0x1a7b/0x33c0 [ 63.856959][ T102] ? __ext4_mark_inode_dirty+0x940/0x940 [ 63.862567][ T102] ? __lock_acquire+0x2224/0x48b0 [ 63.867582][ T102] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 63.873554][ T102] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 63.879529][ T102] ? __ext4_mark_inode_dirty+0x940/0x940 [ 63.885139][ T102] ? do_writepages+0xfa/0x2a0 [ 63.889791][ T102] do_writepages+0xfa/0x2a0 [ 63.894275][ T102] ? page_writeback_cpu_online+0x10/0x10 [ 63.899914][ T102] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.905448][ T102] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.911474][ T102] ? lock_downgrade+0x840/0x840 [ 63.916317][ T102] __writeback_single_inode+0x12a/0x13d0 [ 63.922096][ T102] ? _raw_spin_unlock+0x24/0x40 [ 63.926926][ T102] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 63.932888][ T102] writeback_sb_inodes+0x515/0xdc0 [ 63.937991][ T102] ? __writeback_single_inode+0x13d0/0x13d0 [ 63.944006][ T102] __writeback_inodes_wb+0xc3/0x250 [ 63.949276][ T102] wb_writeback+0x8db/0xd50 [ 63.953771][ T102] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 63.960079][ T102] ? cpumask_next+0x3c/0x40 [ 63.964563][ T102] ? get_nr_dirty_inodes+0xd6/0x130 [ 63.969742][ T102] wb_workfn+0x9bc/0x1090 [ 63.974055][ T102] ? inode_wait_for_writeback+0x30/0x30 [ 63.979583][ T102] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.985103][ T102] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.991066][ T102] process_one_work+0x965/0x1690 [ 63.995997][ T102] ? lock_release+0x800/0x800 [ 64.000650][ T102] ? pwq_dec_nr_in_flight+0x310/0x310 [ 64.006010][ T102] ? rwlock_bug.part.0+0x90/0x90 [ 64.010928][ T102] worker_thread+0x96/0xe10 [ 64.015412][ T102] ? process_one_work+0x1690/0x1690 [ 64.020588][ T102] kthread+0x3b5/0x4a0 [ 64.024635][ T102] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.030431][ T102] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.036127][ T102] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.10.24' (ECDSA) to the list of known hosts. 2020/06/16 17:44:50 fuzzer started 2020/06/16 17:44:50 connecting to host at 10.128.0.26:43731 2020/06/16 17:44:50 checking machine... 2020/06/16 17:44:50 checking revisions... 2020/06/16 17:44:50 testing simple program... [ 64.893395][ T6800] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6800 [ 64.902490][ T6800] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.908366][ T6800] CPU: 0 PID: 6800 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 64.916634][ T6800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.926664][ T6800] Call Trace: [ 64.929963][ T6800] dump_stack+0x18f/0x20d [ 64.934275][ T6800] check_preemption_disabled+0x20d/0x220 [ 64.939892][ T6800] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.945078][ T6800] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.950523][ T6800] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.956222][ T6800] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.961504][ T6800] ? ext4_ext_release+0x10/0x10 [ 64.966341][ T6800] ? down_write_killable+0x170/0x170 [ 64.971603][ T6800] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.977045][ T6800] ext4_map_blocks+0x4cb/0x1640 [ 64.981881][ T6800] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.987945][ T6800] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.993466][ T6800] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.999436][ T6800] ? prandom_u32_state+0xe/0x170 [ 65.004466][ T6800] ? __brelse+0x84/0xa0 [ 65.008624][ T6800] ? __ext4_new_inode+0x144/0x55e0 [ 65.013743][ T6800] ext4_getblk+0xad/0x520 [ 65.018080][ T6800] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.023805][ T6800] ? ext4_free_inode+0x1700/0x1700 [ 65.028923][ T6800] ext4_bread+0x7c/0x380 [ 65.033167][ T6800] ? ext4_getblk+0x520/0x520 [ 65.037759][ T6800] ? dquot_get_next_dqblk+0x180/0x180 [ 65.043136][ T6800] ext4_append+0x153/0x360 [ 65.047684][ T6800] ext4_mkdir+0x5e0/0xdf0 [ 65.051999][ T6800] ? ext4_rmdir+0xde0/0xde0 [ 65.056481][ T6800] ? security_inode_permission+0xc4/0xf0 [ 65.062094][ T6800] vfs_mkdir+0x419/0x690 [ 65.066317][ T6800] do_mkdirat+0x21e/0x280 [ 65.070634][ T6800] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.075467][ T6800] ? do_syscall_64+0x1c/0xe0 [ 65.080044][ T6800] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.086022][ T6800] do_syscall_64+0x60/0xe0 [ 65.090426][ T6800] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.096292][ T6800] RIP: 0033:0x4b02a0 [ 65.100207][ T6800] Code: Bad RIP value. [ 65.104244][ T6800] RSP: 002b:000000c0000c54b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 65.112627][ T6800] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 65.120572][ T6800] RDX: 00000000000001c0 RSI: 000000c0000caa80 RDI: ffffffffffffff9c [ 65.128517][ T6800] RBP: 000000c0000c5510 R08: 0000000000000000 R09: 0000000000000000 [ 65.136479][ T6800] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 65.144434][ T6800] R13: 0000000000000055 R14: 0000000000000054 R15: 0000000000000100 [ 65.166747][ T6819] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6819 [ 65.176235][ T6819] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.182253][ T6819] CPU: 0 PID: 6819 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.190832][ T6819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.200968][ T6819] Call Trace: [ 65.204264][ T6819] dump_stack+0x18f/0x20d [ 65.208604][ T6819] check_preemption_disabled+0x20d/0x220 [ 65.214242][ T6819] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.219373][ T6819] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.224825][ T6819] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.230527][ T6819] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.235817][ T6819] ? ext4_ext_release+0x10/0x10 [ 65.240669][ T6819] ? down_write_killable+0x170/0x170 [ 65.245983][ T6819] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.251433][ T6819] ext4_map_blocks+0x4cb/0x1640 [ 65.256275][ T6819] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.261501][ T6819] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.267037][ T6819] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.273006][ T6819] ? prandom_u32_state+0xe/0x170 [ 65.278110][ T6819] ? __brelse+0x84/0xa0 [ 65.282278][ T6819] ? __ext4_new_inode+0x144/0x55e0 [ 65.287373][ T6819] ext4_getblk+0xad/0x520 [ 65.291782][ T6819] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.297485][ T6819] ? ext4_free_inode+0x1700/0x1700 [ 65.302584][ T6819] ext4_bread+0x7c/0x380 [ 65.306824][ T6819] ? ext4_getblk+0x520/0x520 [ 65.311399][ T6819] ? dquot_get_next_dqblk+0x180/0x180 [ 65.316759][ T6819] ext4_append+0x153/0x360 [ 65.321174][ T6819] ext4_mkdir+0x5e0/0xdf0 [ 65.325615][ T6819] ? ext4_rmdir+0xde0/0xde0 [ 65.330111][ T6819] ? security_inode_permission+0xc4/0xf0 [ 65.335766][ T6819] vfs_mkdir+0x419/0x690 [ 65.340083][ T6819] do_mkdirat+0x21e/0x280 [ 65.344409][ T6819] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.349271][ T6819] ? do_syscall_64+0x1c/0xe0 [ 65.353867][ T6819] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.359831][ T6819] do_syscall_64+0x60/0xe0 [ 65.364243][ T6819] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.370114][ T6819] RIP: 0033:0x45bed7 [ 65.373984][ T6819] Code: Bad RIP value. [ 65.378038][ T6819] RSP: 002b:00007ffe75f34598 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 65.386430][ T6819] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 65.394381][ T6819] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007ffe75f34770 [ 65.402330][ T6819] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002c80 [ 65.410289][ T6819] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 65.418246][ T6819] R13: 00007ffe75f34770 R14: 8421084210842109 R15: 00007ffe75f3477c [ 65.506736][ T6820] IPVS: ftp: loaded support on port[0] = 21 [ 65.543605][ T6820] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6820 [ 65.553055][ T6820] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.559033][ T6820] CPU: 1 PID: 6820 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.567612][ T6820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.577647][ T6820] Call Trace: [ 65.580931][ T6820] dump_stack+0x18f/0x20d [ 65.585241][ T6820] check_preemption_disabled+0x20d/0x220 [ 65.590851][ T6820] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.595967][ T6820] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.601402][ T6820] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.607101][ T6820] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.612369][ T6820] ? ext4_ext_release+0x10/0x10 [ 65.617214][ T6820] ? down_write_killable+0x170/0x170 [ 65.622473][ T6820] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.627936][ T6820] ext4_map_blocks+0x4cb/0x1640 [ 65.632766][ T6820] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.637949][ T6820] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.643615][ T6820] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.649580][ T6820] ? prandom_u32_state+0xe/0x170 [ 65.654538][ T6820] ? __brelse+0x84/0xa0 [ 65.658689][ T6820] ? __ext4_new_inode+0x144/0x55e0 [ 65.663788][ T6820] ext4_getblk+0xad/0x520 [ 65.668114][ T6820] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.673829][ T6820] ? ext4_free_inode+0x1700/0x1700 [ 65.678925][ T6820] ext4_bread+0x7c/0x380 [ 65.683146][ T6820] ? ext4_getblk+0x520/0x520 [ 65.687711][ T6820] ? dquot_get_next_dqblk+0x180/0x180 [ 65.693064][ T6820] ext4_append+0x153/0x360 [ 65.697461][ T6820] ext4_mkdir+0x5e0/0xdf0 [ 65.701770][ T6820] ? ext4_rmdir+0xde0/0xde0 [ 65.706265][ T6820] ? security_inode_permission+0xc4/0xf0 [ 65.711897][ T6820] vfs_mkdir+0x419/0x690 [ 65.716117][ T6820] do_mkdirat+0x21e/0x280 [ 65.720429][ T6820] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.725256][ T6820] ? do_syscall_64+0x1c/0xe0 [ 65.729837][ T6820] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.735792][ T6820] do_syscall_64+0x60/0xe0 [ 65.740199][ T6820] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.746079][ T6820] RIP: 0033:0x45bed7 [ 65.749947][ T6820] Code: Bad RIP value. [ 65.753987][ T6820] RSP: 002b:00007ffe75f34488 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 65.762370][ T6820] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 65.770329][ T6820] RDX: 00007ffe75f344d3 RSI: 00000000000001ff RDI: 00007ffe75f344d0 [ 65.778276][ T6820] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 65.786224][ T6820] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 65.794171][ T6820] R13: 00007ffe75f344c0 R14: 0000000000000000 R15: 00007ffe75f344d0 [ 65.853287][ T6820] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6820 [ 65.862950][ T6820] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.868924][ T6820] CPU: 0 PID: 6820 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.877503][ T6820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.887560][ T6820] Call Trace: [ 65.890854][ T6820] dump_stack+0x18f/0x20d [ 65.895195][ T6820] check_preemption_disabled+0x20d/0x220 [ 65.900832][ T6820] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.905964][ T6820] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.911425][ T6820] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.917159][ T6820] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.922448][ T6820] ? ext4_ext_release+0x10/0x10 [ 65.927298][ T6820] ? down_write_killable+0x170/0x170 [ 65.932569][ T6820] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.938011][ T6820] ext4_map_blocks+0x4cb/0x1640 [ 65.942847][ T6820] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.948026][ T6820] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.953554][ T6820] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.959512][ T6820] ? prandom_u32_state+0xe/0x170 [ 65.964426][ T6820] ? __brelse+0x84/0xa0 [ 65.968573][ T6820] ? __ext4_new_inode+0x144/0x55e0 [ 65.973690][ T6820] ext4_getblk+0xad/0x520 [ 65.978023][ T6820] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.983753][ T6820] ? ext4_free_inode+0x1700/0x1700 [ 65.988871][ T6820] ext4_bread+0x7c/0x380 [ 65.993101][ T6820] ? ext4_getblk+0x520/0x520 [ 65.997680][ T6820] ? dquot_get_next_dqblk+0x180/0x180 [ 66.003051][ T6820] ext4_append+0x153/0x360 [ 66.007446][ T6820] ext4_mkdir+0x5e0/0xdf0 [ 66.011781][ T6820] ? ext4_rmdir+0xde0/0xde0 [ 66.016286][ T6820] ? security_inode_permission+0xc4/0xf0 [ 66.021899][ T6820] vfs_mkdir+0x419/0x690 [ 66.026119][ T6820] do_mkdirat+0x21e/0x280 [ 66.030427][ T6820] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.035254][ T6820] ? do_syscall_64+0x1c/0xe0 [ 66.039820][ T6820] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.045779][ T6820] do_syscall_64+0x60/0xe0 [ 66.050213][ T6820] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.056131][ T6820] RIP: 0033:0x45bed7 [ 66.059996][ T6820] Code: Bad RIP value. [ 66.064105][ T6820] RSP: 002b:00007ffe75f34488 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 66.072599][ T6820] RAX: ffffffffffffffda RBX: 0000000000010134 RCX: 000000000045bed7 [ 66.080569][ T6820] RDX: 00007ffe75f344d3 RSI: 00000000000001ff RDI: 00007ffe75f344d0 [ 66.088519][ T6820] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 66.096481][ T6820] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 2020/06/16 17:44:52 building call list... [ 66.104437][ T6820] R13: 00007ffe75f344c0 R14: 000000000001011f R15: 00007ffe75f344d0 [ 66.348467][ T21] tipc: TX() has been purged, node left! [ 66.840812][ T21] ================================================================== [ 66.849085][ T21] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 66.856978][ T21] Write of size 1 at addr ffff8880956ea9e4 by task kworker/u4:1/21 [ 66.864854][ T21] [ 66.867185][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.875430][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.885487][ T21] Workqueue: netns cleanup_net [ 66.890302][ T21] Call Trace: [ 66.893602][ T21] dump_stack+0x18f/0x20d [ 66.898025][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.903568][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.909112][ T21] ? afs_put_call+0xa40/0xa40 [ 66.913789][ T21] print_address_description.constprop.0.cold+0xd3/0x413 [ 66.920814][ T21] ? vprintk_func+0x97/0x1a6 [ 66.925404][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.930947][ T21] kasan_report.cold+0x1f/0x37 [ 66.935712][ T21] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.941340][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.946884][ T21] afs_wake_up_async_call+0x6aa/0x770 [ 66.952250][ T21] ? afs_close_socket+0x320/0x320 [ 66.957270][ T21] ? afs_put_call+0xa40/0xa40 [ 66.961944][ T21] rxrpc_notify_socket+0x1db/0x5d0 [ 66.967055][ T21] ? afs_put_call+0xa40/0xa40 [ 66.971730][ T21] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.978143][ T21] rxrpc_call_completed+0xca/0xf0 [ 66.983189][ T21] rxrpc_discard_prealloc+0x781/0xab0 [ 66.988561][ T21] ? lock_sock_nested+0x94/0x110 [ 66.993514][ T21] rxrpc_listen+0x147/0x360 [ 66.998017][ T21] afs_close_socket+0x95/0x320 [ 67.002776][ T21] ? afs_purge_servers+0x16d/0x300 [ 67.007891][ T21] ? afs_rx_discard_new_call+0x50/0x50 [ 67.013352][ T21] ? init_wait_var_entry+0x200/0x200 [ 67.018637][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.024265][ T21] ? check_preemption_disabled+0x38/0x220 [ 67.029985][ T21] afs_net_exit+0x1bc/0x310 [ 67.034485][ T21] ? afs_net_init+0xe30/0xe30 [ 67.039156][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 67.044266][ T21] cleanup_net+0x511/0xa50 [ 67.048682][ T21] ? unregister_pernet_device+0x70/0x70 [ 67.054230][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.060234][ T21] process_one_work+0x965/0x1690 [ 67.065265][ T21] ? lock_release+0x800/0x800 [ 67.069940][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.075314][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 67.080266][ T21] worker_thread+0x96/0xe10 [ 67.084779][ T21] ? process_one_work+0x1690/0x1690 [ 67.089983][ T21] kthread+0x3b5/0x4a0 [ 67.094047][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.099759][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.105479][ T21] ret_from_fork+0x1f/0x30 [ 67.109900][ T21] [ 67.112221][ T21] Allocated by task 6820: [ 67.116547][ T21] save_stack+0x1b/0x40 [ 67.120700][ T21] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 67.126331][ T21] kmem_cache_alloc_trace+0x153/0x7d0 [ 67.131696][ T21] afs_alloc_call+0x55/0x630 [ 67.136280][ T21] afs_charge_preallocation+0xe9/0x2d0 [ 67.141730][ T21] afs_open_socket+0x292/0x360 [ 67.146485][ T21] afs_net_init+0xa6c/0xe30 [ 67.150982][ T21] ops_init+0xaf/0x420 [ 67.155046][ T21] setup_net+0x2de/0x860 [ 67.159282][ T21] copy_net_ns+0x293/0x590 [ 67.163714][ T21] create_new_namespaces+0x3fb/0xb30 [ 67.168995][ T21] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 67.174624][ T21] ksys_unshare+0x43d/0x8e0 [ 67.179122][ T21] __x64_sys_unshare+0x2d/0x40 [ 67.183878][ T21] do_syscall_64+0x60/0xe0 [ 67.188293][ T21] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.194174][ T21] [ 67.196503][ T21] Freed by task 21: [ 67.200321][ T21] save_stack+0x1b/0x40 [ 67.204511][ T21] __kasan_slab_free+0xf7/0x140 [ 67.209377][ T21] kfree+0x109/0x2b0 [ 67.213281][ T21] afs_put_call+0x585/0xa40 [ 67.217786][ T21] rxrpc_discard_prealloc+0x764/0xab0 [ 67.223151][ T21] rxrpc_listen+0x147/0x360 [ 67.227646][ T21] afs_close_socket+0x95/0x320 [ 67.232404][ T21] afs_net_exit+0x1bc/0x310 [ 67.236918][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 67.242024][ T21] cleanup_net+0x511/0xa50 [ 67.246439][ T21] process_one_work+0x965/0x1690 [ 67.251372][ T21] worker_thread+0x96/0xe10 [ 67.255869][ T21] kthread+0x3b5/0x4a0 [ 67.259941][ T21] ret_from_fork+0x1f/0x30 [ 67.264347][ T21] [ 67.266681][ T21] The buggy address belongs to the object at ffff8880956ea800 [ 67.266681][ T21] which belongs to the cache kmalloc-1k of size 1024 [ 67.280751][ T21] The buggy address is located 484 bytes inside of [ 67.280751][ T21] 1024-byte region [ffff8880956ea800, ffff8880956eac00) [ 67.294101][ T21] The buggy address belongs to the page: [ 67.299749][ T21] page:ffffea000255ba80 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880956ea000 [ 67.310151][ T21] flags: 0xfffe0000000200(slab) [ 67.315045][ T21] raw: 00fffe0000000200 ffffea00029d5e48 ffffea0002984188 ffff8880aa000c40 [ 67.323628][ T21] raw: ffff8880956ea000 ffff8880956ea000 0000000100000001 0000000000000000 [ 67.332201][ T21] page dumped because: kasan: bad access detected [ 67.338599][ T21] [ 67.340916][ T21] Memory state around the buggy address: [ 67.346540][ T21] ffff8880956ea880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.354597][ T21] ffff8880956ea900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.362747][ T21] >ffff8880956ea980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.370799][ T21] ^ [ 67.377988][ T21] ffff8880956eaa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.386194][ T21] ffff8880956eaa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.394250][ T21] ================================================================== [ 67.402302][ T21] Disabling lock debugging due to kernel taint [ 67.409542][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 67.416130][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 67.425874][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.435928][ T21] Workqueue: netns cleanup_net [ 67.440687][ T21] Call Trace: [ 67.443970][ T21] dump_stack+0x18f/0x20d [ 67.448298][ T21] ? afs_wake_up_async_call+0x690/0x770 [ 67.453835][ T21] ? afs_put_call+0xa40/0xa40 [ 67.458520][ T21] panic+0x2e3/0x75c [ 67.462410][ T21] ? __warn_printk+0xf3/0xf3 [ 67.467022][ T21] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 67.473170][ T21] ? trace_hardirqs_on+0x55/0x220 [ 67.478193][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.483740][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.489296][ T21] ? afs_put_call+0xa40/0xa40 [ 67.493965][ T21] end_report+0x4d/0x53 [ 67.498115][ T21] kasan_report.cold+0xd/0x37 [ 67.502787][ T21] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.508422][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.513959][ T21] afs_wake_up_async_call+0x6aa/0x770 [ 67.519318][ T21] ? afs_close_socket+0x320/0x320 [ 67.524341][ T21] ? afs_put_call+0xa40/0xa40 [ 67.529006][ T21] rxrpc_notify_socket+0x1db/0x5d0 [ 67.534109][ T21] ? afs_put_call+0xa40/0xa40 [ 67.538779][ T21] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.545199][ T21] rxrpc_call_completed+0xca/0xf0 [ 67.550233][ T21] rxrpc_discard_prealloc+0x781/0xab0 [ 67.555599][ T21] ? lock_sock_nested+0x94/0x110 [ 67.560542][ T21] rxrpc_listen+0x147/0x360 [ 67.565038][ T21] afs_close_socket+0x95/0x320 [ 67.569790][ T21] ? afs_purge_servers+0x16d/0x300 [ 67.574890][ T21] ? afs_rx_discard_new_call+0x50/0x50 [ 67.580342][ T21] ? init_wait_var_entry+0x200/0x200 [ 67.585619][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.591249][ T21] ? check_preemption_disabled+0x38/0x220 [ 67.596956][ T21] afs_net_exit+0x1bc/0x310 [ 67.601447][ T21] ? afs_net_init+0xe30/0xe30 [ 67.606121][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 67.611221][ T21] cleanup_net+0x511/0xa50 [ 67.615630][ T21] ? unregister_pernet_device+0x70/0x70 [ 67.621175][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.627145][ T21] process_one_work+0x965/0x1690 [ 67.632167][ T21] ? lock_release+0x800/0x800 [ 67.636834][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.642196][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 67.647129][ T21] worker_thread+0x96/0xe10 [ 67.651628][ T21] ? process_one_work+0x1690/0x1690 [ 67.656813][ T21] kthread+0x3b5/0x4a0 [ 67.660868][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.666577][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.672288][ T21] ret_from_fork+0x1f/0x30 [ 67.678114][ T21] Kernel Offset: disabled [ 67.682447][ T21] Rebooting in 86400 seconds..