[ 58.807169][ T7] ext4_map_blocks+0x4cb/0x1640 [ 58.812041][ T7] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.817265][ T7] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.822826][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.828820][ T7] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 58.834309][ T7] ext4_writepages+0x1a7b/0x33c0 [ 58.839314][ T7] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.845313][ T7] ? __lock_acquire+0x2224/0x48b0 [ 58.850493][ T7] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.856493][ T7] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.862492][ T7] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.868139][ T7] ? do_writepages+0xfa/0x2a0 [ 58.872833][ T7] do_writepages+0xfa/0x2a0 [ 58.877360][ T7] ? page_writeback_cpu_online+0x10/0x10 [ 58.883020][ T7] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.888586][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.894584][ T7] ? lock_downgrade+0x840/0x840 [ 58.899455][ T7] __writeback_single_inode+0x12a/0x13d0 [ 58.905104][ T7] ? _raw_spin_unlock+0x24/0x40 [ 58.909968][ T7] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 58.915965][ T7] writeback_sb_inodes+0x515/0xdc0 [ 58.921458][ T7] ? __writeback_single_inode+0x13d0/0x13d0 [ 58.927396][ T7] __writeback_inodes_wb+0xc3/0x250 [ 58.933060][ T7] wb_writeback+0x8db/0xd50 [ 58.937603][ T7] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 58.944011][ T7] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 58.950013][ T7] ? cpumask_next+0x3c/0x40 [ 58.954537][ T7] ? get_nr_dirty_inodes+0xd6/0x130 [ 58.959837][ T7] wb_workfn+0xab3/0x1090 [ 58.964186][ T7] ? inode_wait_for_writeback+0x30/0x30 [ 58.969748][ T7] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.975396][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.981942][ T7] process_one_work+0x965/0x1690 [ 58.986906][ T7] ? lock_release+0x800/0x800 [ 58.991602][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.997291][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 59.002261][ T7] worker_thread+0x96/0xe10 [ 59.006881][ T7] ? process_one_work+0x1690/0x1690 [ 59.012112][ T7] kthread+0x3b5/0x4a0 [ 59.016281][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 59.022038][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 59.027777][ T7] ret_from_fork+0x1f/0x30 Starting Load/Save RF Kill Switch Status... [ 59.606349][ T6734] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6734 [ 59.616543][ T6734] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.622554][ T6734] CPU: 1 PID: 6734 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 59.631678][ T6734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.641730][ T6734] Call Trace: [ 59.645096][ T6734] dump_stack+0x18f/0x20d [ 59.649536][ T6734] check_preemption_disabled+0x20d/0x220 [ 59.655291][ T6734] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.660511][ T6734] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.665969][ T6734] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.671683][ T6734] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.676984][ T6734] ? ext4_ext_release+0x10/0x10 [ 59.681843][ T6734] ? down_write_killable+0x170/0x170 [ 59.687123][ T6734] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.692570][ T6734] ext4_map_blocks+0x4cb/0x1640 [ 59.698014][ T6734] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.703233][ T6734] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.708792][ T6734] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.714771][ T6734] ? prandom_u32_state+0xe/0x170 [ 59.719721][ T6734] ? __brelse+0x84/0xa0 [ 59.724156][ T6734] ? __ext4_new_inode+0x144/0x55e0 [ 59.729281][ T6734] ext4_getblk+0xad/0x520 [ 59.733617][ T6734] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.739533][ T6734] ? ext4_free_inode+0x1700/0x1700 [ 59.744730][ T6734] ext4_bread+0x7c/0x380 [ 59.748990][ T6734] ? ext4_getblk+0x520/0x520 [ 59.753580][ T6734] ? dquot_get_next_dqblk+0x180/0x180 [ 59.759134][ T6734] ext4_append+0x153/0x360 [ 59.763567][ T6734] ext4_mkdir+0x5e0/0xdf0 [ 59.767905][ T6734] ? ext4_rmdir+0xde0/0xde0 [ 59.772439][ T6734] ? security_inode_permission+0xc4/0xf0 [ 59.778065][ T6734] vfs_mkdir+0x419/0x690 [ 59.782299][ T6734] do_mkdirat+0x21e/0x280 [ 59.786612][ T6734] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.791453][ T6734] ? do_syscall_64+0x1c/0xe0 [ 59.796027][ T6734] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.802012][ T6734] do_syscall_64+0x60/0xe0 [ 59.806412][ T6734] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.812303][ T6734] RIP: 0033:0x7f852c49e687 [ 59.816720][ T6734] Code: Bad RIP value. [ 59.820762][ T6734] RSP: 002b:00007fffdeb49448 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.829213][ T6734] RAX: ffffffffffffffda RBX: 000055b64a051985 RCX: 00007f852c49e687 [ 59.837320][ T6734] RDX: 00007fffdeb49310 RSI: 00000000000001ed RDI: 000055b64a051985 [ 59.845304][ T6734] RBP: 00007f852c49e680 R08: 0000000000000100 R09: 0000000000000000 [ 59.853401][ T6734] R10: 000055b64a051980 R11: 0000000000000246 R12: 00000000000001ed [ 59.861624][ T6734] R13: 00007fffdeb495d0 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.58' (ECDSA) to the list of known hosts. 2020/06/16 15:17:19 fuzzer started 2020/06/16 15:17:20 connecting to host at 10.128.0.26:44737 2020/06/16 15:17:20 checking machine... 2020/06/16 15:17:20 checking revisions... 2020/06/16 15:17:20 testing simple program... syzkaller login: [ 64.682864][ T6800] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6800 [ 64.692176][ T6800] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.698465][ T6800] CPU: 0 PID: 6800 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 64.707092][ T6800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.717407][ T6800] Call Trace: [ 64.720825][ T6800] dump_stack+0x18f/0x20d [ 64.725285][ T6800] check_preemption_disabled+0x20d/0x220 [ 64.731043][ T6800] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.736176][ T6800] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.741649][ T6800] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.747501][ T6800] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.753018][ T6800] ? ext4_ext_release+0x10/0x10 [ 64.757892][ T6800] ? down_write_killable+0x170/0x170 [ 64.764018][ T6800] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.769485][ T6800] ext4_map_blocks+0x4cb/0x1640 [ 64.774344][ T6800] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.779584][ T6800] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.785111][ T6800] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.791121][ T6800] ? prandom_u32_state+0xe/0x170 [ 64.796056][ T6800] ? __brelse+0x84/0xa0 [ 64.800228][ T6800] ? __ext4_new_inode+0x144/0x55e0 [ 64.805324][ T6800] ext4_getblk+0xad/0x520 [ 64.809648][ T6800] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.815359][ T6800] ? ext4_free_inode+0x1700/0x1700 [ 64.820473][ T6800] ext4_bread+0x7c/0x380 [ 64.824701][ T6800] ? ext4_getblk+0x520/0x520 [ 64.829466][ T6800] ? dquot_get_next_dqblk+0x180/0x180 [ 64.834819][ T6800] ext4_append+0x153/0x360 [ 64.839231][ T6800] ext4_mkdir+0x5e0/0xdf0 [ 64.843635][ T6800] ? ext4_rmdir+0xde0/0xde0 [ 64.848221][ T6800] ? security_inode_permission+0xc4/0xf0 [ 64.853852][ T6800] vfs_mkdir+0x419/0x690 [ 64.858163][ T6800] do_mkdirat+0x21e/0x280 [ 64.862483][ T6800] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.867325][ T6800] ? do_syscall_64+0x1c/0xe0 [ 64.871902][ T6800] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.877882][ T6800] do_syscall_64+0x60/0xe0 [ 64.882299][ T6800] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.888199][ T6800] RIP: 0033:0x4b02a0 [ 64.892066][ T6800] Code: Bad RIP value. [ 64.896106][ T6800] RSP: 002b:000000c00004f4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 64.904682][ T6800] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 64.912684][ T6800] RDX: 00000000000001c0 RSI: 000000c0000f2e40 RDI: ffffffffffffff9c [ 64.920742][ T6800] RBP: 000000c00004f510 R08: 0000000000000000 R09: 0000000000000000 [ 64.928716][ T6800] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 64.936677][ T6800] R13: 0000000000000073 R14: 0000000000000072 R15: 0000000000000100 [ 64.952141][ T6812] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6812 [ 64.961777][ T6812] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.967917][ T6812] CPU: 0 PID: 6812 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.976502][ T6812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.986674][ T6812] Call Trace: [ 64.990011][ T6812] dump_stack+0x18f/0x20d [ 64.994533][ T6812] check_preemption_disabled+0x20d/0x220 [ 65.000171][ T6812] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.005288][ T6812] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.011031][ T6812] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.016915][ T6812] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.022277][ T6812] ? ext4_ext_release+0x10/0x10 [ 65.027232][ T6812] ? down_write_killable+0x170/0x170 [ 65.032536][ T6812] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.037985][ T6812] ext4_map_blocks+0x4cb/0x1640 [ 65.042951][ T6812] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.048612][ T6812] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.054155][ T6812] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.060141][ T6812] ? prandom_u32_state+0xe/0x170 [ 65.065257][ T6812] ? __brelse+0x84/0xa0 [ 65.069608][ T6812] ? __ext4_new_inode+0x144/0x55e0 [ 65.074840][ T6812] ext4_getblk+0xad/0x520 [ 65.079163][ T6812] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.085269][ T6812] ? ext4_free_inode+0x1700/0x1700 [ 65.090520][ T6812] ext4_bread+0x7c/0x380 [ 65.094769][ T6812] ? ext4_getblk+0x520/0x520 [ 65.099362][ T6812] ? dquot_get_next_dqblk+0x180/0x180 [ 65.104737][ T6812] ext4_append+0x153/0x360 [ 65.109143][ T6812] ext4_mkdir+0x5e0/0xdf0 [ 65.113508][ T6812] ? ext4_rmdir+0xde0/0xde0 [ 65.118297][ T6812] ? security_inode_permission+0xc4/0xf0 [ 65.124024][ T6812] vfs_mkdir+0x419/0x690 [ 65.128279][ T6812] do_mkdirat+0x21e/0x280 [ 65.132606][ T6812] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.137599][ T6812] ? do_syscall_64+0x1c/0xe0 [ 65.142203][ T6812] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.148188][ T6812] do_syscall_64+0x60/0xe0 [ 65.152597][ T6812] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.158520][ T6812] RIP: 0033:0x45bed7 [ 65.162412][ T6812] Code: Bad RIP value. [ 65.166596][ T6812] RSP: 002b:00007ffe5c471948 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 65.175105][ T6812] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 65.183355][ T6812] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffe5c471b20 [ 65.191842][ T6812] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003300 [ 65.199836][ T6812] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 65.207837][ T6812] R13: 00007ffe5c471b20 R14: 8421084210842109 R15: 00007ffe5c471b2c [ 65.333794][ T6814] IPVS: ftp: loaded support on port[0] = 21 [ 65.373420][ T6814] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6814 [ 65.383156][ T6814] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.389228][ T6814] CPU: 0 PID: 6814 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.397811][ T6814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.407848][ T6814] Call Trace: [ 65.411320][ T6814] dump_stack+0x18f/0x20d [ 65.415787][ T6814] check_preemption_disabled+0x20d/0x220 [ 65.421457][ T6814] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.427197][ T6814] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.434408][ T6814] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.440303][ T6814] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.445600][ T6814] ? ext4_ext_release+0x10/0x10 [ 65.450463][ T6814] ? down_write_killable+0x170/0x170 [ 65.455736][ T6814] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.461222][ T6814] ext4_map_blocks+0x4cb/0x1640 [ 65.466111][ T6814] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.471625][ T6814] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.477164][ T6814] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.483137][ T6814] ? prandom_u32_state+0xe/0x170 [ 65.488063][ T6814] ? __brelse+0x84/0xa0 [ 65.492299][ T6814] ? __ext4_new_inode+0x144/0x55e0 [ 65.497400][ T6814] ext4_getblk+0xad/0x520 [ 65.502076][ T6814] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.507972][ T6814] ? ext4_free_inode+0x1700/0x1700 [ 65.513064][ T6814] ext4_bread+0x7c/0x380 [ 65.517294][ T6814] ? ext4_getblk+0x520/0x520 [ 65.521897][ T6814] ? dquot_get_next_dqblk+0x180/0x180 [ 65.527291][ T6814] ext4_append+0x153/0x360 [ 65.531736][ T6814] ext4_mkdir+0x5e0/0xdf0 [ 65.536057][ T6814] ? ext4_rmdir+0xde0/0xde0 [ 65.540551][ T6814] ? security_inode_permission+0xc4/0xf0 [ 65.546625][ T6814] vfs_mkdir+0x419/0x690 [ 65.550876][ T6814] do_mkdirat+0x21e/0x280 [ 65.555191][ T6814] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.560062][ T6814] ? do_syscall_64+0x1c/0xe0 [ 65.564789][ T6814] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.570875][ T6814] do_syscall_64+0x60/0xe0 [ 65.575301][ T6814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.581603][ T6814] RIP: 0033:0x45bed7 [ 65.585489][ T6814] Code: Bad RIP value. [ 65.589549][ T6814] RSP: 002b:00007ffe5c471838 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 65.598026][ T6814] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 65.606010][ T6814] RDX: 00007ffe5c471883 RSI: 00000000000001ff RDI: 00007ffe5c471880 [ 65.614076][ T6814] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 65.622065][ T6814] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185c0 [ 65.630028][ T6814] R13: 00007ffe5c471870 R14: 0000000000000000 R15: 00007ffe5c471880 [ 65.684150][ T6814] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6814 [ 65.694161][ T6814] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.700175][ T6814] CPU: 1 PID: 6814 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.708794][ T6814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.718855][ T6814] Call Trace: [ 65.722159][ T6814] dump_stack+0x18f/0x20d [ 65.726514][ T6814] check_preemption_disabled+0x20d/0x220 [ 65.732171][ T6814] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.737345][ T6814] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.742831][ T6814] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.748701][ T6814] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.754578][ T6814] ? ext4_ext_release+0x10/0x10 [ 65.759441][ T6814] ? down_write_killable+0x170/0x170 [ 65.764713][ T6814] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.770177][ T6814] ext4_map_blocks+0x4cb/0x1640 [ 65.775176][ T6814] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.780403][ T6814] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.786007][ T6814] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.791986][ T6814] ? prandom_u32_state+0xe/0x170 [ 65.796910][ T6814] ? __brelse+0x84/0xa0 [ 65.801063][ T6814] ? __ext4_new_inode+0x144/0x55e0 [ 65.806246][ T6814] ext4_getblk+0xad/0x520 [ 65.810721][ T6814] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.816449][ T6814] ? ext4_free_inode+0x1700/0x1700 [ 65.822100][ T6814] ext4_bread+0x7c/0x380 [ 65.826427][ T6814] ? ext4_getblk+0x520/0x520 [ 65.831028][ T6814] ? dquot_get_next_dqblk+0x180/0x180 [ 65.836404][ T6814] ext4_append+0x153/0x360 [ 65.840839][ T6814] ext4_mkdir+0x5e0/0xdf0 [ 65.845310][ T6814] ? ext4_rmdir+0xde0/0xde0 [ 65.849818][ T6814] ? security_inode_permission+0xc4/0xf0 [ 65.855572][ T6814] vfs_mkdir+0x419/0x690 [ 65.859913][ T6814] do_mkdirat+0x21e/0x280 [ 65.865197][ T6814] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.870054][ T6814] ? do_syscall_64+0x1c/0xe0 [ 65.874626][ T6814] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.880606][ T6814] do_syscall_64+0x60/0xe0 [ 65.885146][ T6814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.891061][ T6814] RIP: 0033:0x45bed7 [ 65.894965][ T6814] Code: Bad RIP value. [ 65.899018][ T6814] RSP: 002b:00007ffe5c471838 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 65.907604][ T6814] RAX: ffffffffffffffda RBX: 0000000000010091 RCX: 000000000045bed7 [ 65.915557][ T6814] RDX: 00007ffe5c471883 RSI: 00000000000001ff RDI: 00007ffe5c471880 [ 65.923549][ T6814] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/16 15:17:21 building call list... [ 65.931523][ T6814] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 65.939488][ T6814] R13: 00007ffe5c471870 R14: 000000000001007e R15: 00007ffe5c471880 [ 66.208270][ T26] tipc: TX() has been purged, node left! [ 66.740662][ T26] ================================================================== [ 66.750589][ T26] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 66.758522][ T26] Write of size 1 at addr ffff888099ff11e4 by task kworker/u4:2/26 [ 66.766404][ T26] [ 66.768738][ T26] CPU: 1 PID: 26 Comm: kworker/u4:2 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.777059][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.787117][ T26] Workqueue: netns cleanup_net [ 66.791871][ T26] Call Trace: [ 66.796322][ T26] dump_stack+0x18f/0x20d [ 66.800658][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.806202][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.811742][ T26] ? afs_put_call+0xa40/0xa40 [ 66.816431][ T26] print_address_description.constprop.0.cold+0xd3/0x413 [ 66.823481][ T26] ? vprintk_func+0x97/0x1a6 [ 66.828073][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.833639][ T26] kasan_report.cold+0x1f/0x37 [ 66.838409][ T26] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.844145][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.849692][ T26] afs_wake_up_async_call+0x6aa/0x770 [ 66.855063][ T26] ? afs_close_socket+0x320/0x320 [ 66.860095][ T26] ? afs_put_call+0xa40/0xa40 [ 66.864928][ T26] rxrpc_notify_socket+0x1db/0x5d0 [ 66.870059][ T26] ? afs_put_call+0xa40/0xa40 [ 66.874739][ T26] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.881160][ T26] rxrpc_call_completed+0xca/0xf0 [ 66.886192][ T26] rxrpc_discard_prealloc+0x781/0xab0 [ 66.891594][ T26] ? lock_sock_nested+0x94/0x110 [ 66.896537][ T26] rxrpc_listen+0x147/0x360 [ 66.901044][ T26] afs_close_socket+0x95/0x320 [ 66.905801][ T26] ? afs_purge_servers+0x16d/0x300 [ 66.910913][ T26] ? afs_rx_discard_new_call+0x50/0x50 [ 66.916375][ T26] ? init_wait_var_entry+0x200/0x200 [ 66.921663][ T26] ? rcu_read_lock_held_common+0xa0/0xa0 [ 66.927313][ T26] ? check_preemption_disabled+0x38/0x220 [ 66.933041][ T26] afs_net_exit+0x1bc/0x310 [ 66.937550][ T26] ? afs_net_init+0xe30/0xe30 [ 66.942337][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 66.947448][ T26] cleanup_net+0x511/0xa50 [ 66.951883][ T26] ? unregister_pernet_device+0x70/0x70 [ 66.958216][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.964229][ T26] process_one_work+0x965/0x1690 [ 66.969264][ T26] ? lock_release+0x800/0x800 [ 66.973941][ T26] ? pwq_dec_nr_in_flight+0x310/0x310 [ 66.979318][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 66.984285][ T26] worker_thread+0x96/0xe10 [ 66.988803][ T26] ? process_one_work+0x1690/0x1690 [ 66.994013][ T26] kthread+0x3b5/0x4a0 [ 66.998611][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.004328][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.010051][ T26] ret_from_fork+0x1f/0x30 [ 67.014478][ T26] [ 67.016801][ T26] Allocated by task 6814: [ 67.021128][ T26] save_stack+0x1b/0x40 [ 67.025290][ T26] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 67.030938][ T26] kmem_cache_alloc_trace+0x153/0x7d0 [ 67.036302][ T26] afs_alloc_call+0x55/0x630 [ 67.040914][ T26] afs_charge_preallocation+0xe9/0x2d0 [ 67.046365][ T26] afs_open_socket+0x292/0x360 [ 67.051123][ T26] afs_net_init+0xa6c/0xe30 [ 67.055624][ T26] ops_init+0xaf/0x420 [ 67.059690][ T26] setup_net+0x2de/0x860 [ 67.063927][ T26] copy_net_ns+0x293/0x590 [ 67.068339][ T26] create_new_namespaces+0x3fb/0xb30 [ 67.073622][ T26] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 67.079252][ T26] ksys_unshare+0x43d/0x8e0 [ 67.083751][ T26] __x64_sys_unshare+0x2d/0x40 [ 67.088510][ T26] do_syscall_64+0x60/0xe0 [ 67.093024][ T26] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.098902][ T26] [ 67.101226][ T26] Freed by task 26: [ 67.105044][ T26] save_stack+0x1b/0x40 [ 67.109204][ T26] __kasan_slab_free+0xf7/0x140 [ 67.114049][ T26] kfree+0x109/0x2b0 [ 67.117940][ T26] afs_put_call+0x585/0xa40 [ 67.122447][ T26] rxrpc_discard_prealloc+0x764/0xab0 [ 67.127831][ T26] rxrpc_listen+0x147/0x360 [ 67.132337][ T26] afs_close_socket+0x95/0x320 [ 67.137122][ T26] afs_net_exit+0x1bc/0x310 [ 67.141647][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 67.146754][ T26] cleanup_net+0x511/0xa50 [ 67.151179][ T26] process_one_work+0x965/0x1690 [ 67.156557][ T26] worker_thread+0x96/0xe10 [ 67.161066][ T26] kthread+0x3b5/0x4a0 [ 67.165143][ T26] ret_from_fork+0x1f/0x30 [ 67.169558][ T26] [ 67.171888][ T26] The buggy address belongs to the object at ffff888099ff1000 [ 67.171888][ T26] which belongs to the cache kmalloc-1k of size 1024 [ 67.185948][ T26] The buggy address is located 484 bytes inside of [ 67.185948][ T26] 1024-byte region [ffff888099ff1000, ffff888099ff1400) [ 67.199297][ T26] The buggy address belongs to the page: [ 67.204955][ T26] page:ffffea000267fc40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 67.214060][ T26] flags: 0xfffe0000000200(slab) [ 67.218914][ T26] raw: 00fffe0000000200 ffffea000267fb88 ffffea0002666788 ffff8880aa000c40 [ 67.227503][ T26] raw: 0000000000000000 ffff888099ff1000 0000000100000002 0000000000000000 [ 67.236422][ T26] page dumped because: kasan: bad access detected [ 67.242822][ T26] [ 67.245141][ T26] Memory state around the buggy address: [ 67.250768][ T26] ffff888099ff1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.258827][ T26] ffff888099ff1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.266896][ T26] >ffff888099ff1180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.274959][ T26] ^ [ 67.282150][ T26] ffff888099ff1200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.290207][ T26] ffff888099ff1280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.298301][ T26] ================================================================== [ 67.306351][ T26] Disabling lock debugging due to kernel taint [ 67.312553][ T26] Kernel panic - not syncing: panic_on_warn set ... [ 67.319145][ T26] CPU: 1 PID: 26 Comm: kworker/u4:2 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 67.328762][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.338849][ T26] Workqueue: netns cleanup_net [ 67.343612][ T26] Call Trace: [ 67.346910][ T26] dump_stack+0x18f/0x20d [ 67.351252][ T26] ? afs_wake_up_async_call+0x690/0x770 [ 67.356802][ T26] ? afs_put_call+0xa40/0xa40 [ 67.361490][ T26] panic+0x2e3/0x75c [ 67.365394][ T26] ? __warn_printk+0xf3/0xf3 [ 67.370009][ T26] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 67.376187][ T26] ? trace_hardirqs_on+0x55/0x220 [ 67.381232][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.386772][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.392309][ T26] ? afs_put_call+0xa40/0xa40 [ 67.397071][ T26] end_report+0x4d/0x53 [ 67.401275][ T26] kasan_report.cold+0xd/0x37 [ 67.405961][ T26] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.411591][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.417134][ T26] afs_wake_up_async_call+0x6aa/0x770 [ 67.422523][ T26] ? afs_close_socket+0x320/0x320 [ 67.427548][ T26] ? afs_put_call+0xa40/0xa40 [ 67.432238][ T26] rxrpc_notify_socket+0x1db/0x5d0 [ 67.437543][ T26] ? afs_put_call+0xa40/0xa40 executing program [ 67.442219][ T26] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.450190][ T26] rxrpc_call_completed+0xca/0xf0 [ 67.455239][ T26] rxrpc_discard_prealloc+0x781/0xab0 [ 67.460613][ T26] ? lock_sock_nested+0x94/0x110 [ 67.465551][ T26] rxrpc_listen+0x147/0x360 [ 67.470050][ T26] afs_close_socket+0x95/0x320 [ 67.475130][ T26] ? afs_purge_servers+0x16d/0x300 [ 67.480233][ T26] ? afs_rx_discard_new_call+0x50/0x50 [ 67.486042][ T26] ? init_wait_var_entry+0x200/0x200 [ 67.491326][ T26] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.497131][ T26] ? check_preemption_disabled+0x38/0x220 [ 67.502846][ T26] afs_net_exit+0x1bc/0x310 [ 67.507471][ T26] ? afs_net_init+0xe30/0xe30 [ 67.513111][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 67.518215][ T26] cleanup_net+0x511/0xa50 [ 67.522630][ T26] ? unregister_pernet_device+0x70/0x70 [ 67.528172][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.534342][ T26] process_one_work+0x965/0x1690 [ 67.539372][ T26] ? lock_release+0x800/0x800 [ 67.544045][ T26] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.550194][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 67.555128][ T26] worker_thread+0x96/0xe10 [ 67.559811][ T26] ? process_one_work+0x1690/0x1690 [ 67.565001][ T26] kthread+0x3b5/0x4a0 [ 67.569347][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.575163][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.581271][ T26] ret_from_fork+0x1f/0x30 [ 67.587361][ T26] Kernel Offset: disabled [ 67.591845][ T26] Rebooting in 86400 seconds..