Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 65.383725][ T367] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:8/367 [ 65.392945][ T367] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.398842][ T367] CPU: 0 PID: 367 Comm: kworker/u4:8 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.407168][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.417234][ T367] Workqueue: writeback wb_workfn (flush-8:0) [ 65.423191][ T367] Call Trace: [ 65.426462][ T367] dump_stack+0x18f/0x20d [ 65.430777][ T367] check_preemption_disabled+0x20d/0x220 [ 65.436396][ T367] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.441487][ T367] ? ext4_find_extent+0x81a/0xad0 [ 65.446495][ T367] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.451946][ T367] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.457656][ T367] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.462926][ T367] ? ext4_ext_release+0x10/0x10 [ 65.467919][ T367] ? down_write_killable+0x170/0x170 [ 65.473188][ T367] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.478648][ T367] ext4_map_blocks+0x4cb/0x1640 [ 65.483508][ T367] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.488727][ T367] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.494302][ T367] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.500296][ T367] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 65.505766][ T367] ext4_writepages+0x1a7b/0x33c0 [ 65.510751][ T367] ? __ext4_mark_inode_dirty+0x940/0x940 [ 65.516399][ T367] ? __lock_acquire+0x2224/0x48b0 [ 65.521458][ T367] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 65.527465][ T367] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 65.533492][ T367] ? __ext4_mark_inode_dirty+0x940/0x940 [ 65.539145][ T367] ? do_writepages+0xfa/0x2a0 [ 65.543864][ T367] do_writepages+0xfa/0x2a0 [ 65.548476][ T367] ? page_writeback_cpu_online+0x10/0x10 [ 65.554141][ T367] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.559702][ T367] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.565692][ T367] ? lock_downgrade+0x840/0x840 [ 65.570605][ T367] __writeback_single_inode+0x12a/0x13d0 [ 65.576247][ T367] ? _raw_spin_unlock+0x24/0x40 [ 65.581083][ T367] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 65.587048][ T367] writeback_sb_inodes+0x515/0xdc0 [ 65.592165][ T367] ? __writeback_single_inode+0x13d0/0x13d0 [ 65.598059][ T367] __writeback_inodes_wb+0xc3/0x250 [ 65.603262][ T367] wb_writeback+0x8db/0xd50 [ 65.607757][ T367] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 65.614175][ T367] ? cpumask_next+0x3c/0x40 [ 65.618680][ T367] ? get_nr_dirty_inodes+0xd6/0x130 [ 65.623866][ T367] wb_workfn+0x9bc/0x1090 [ 65.628184][ T367] ? inode_wait_for_writeback+0x30/0x30 [ 65.633723][ T367] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.639273][ T367] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.645243][ T367] process_one_work+0x965/0x1690 [ 65.650185][ T367] ? lock_release+0x800/0x800 [ 65.654846][ T367] ? pwq_dec_nr_in_flight+0x310/0x310 [ 65.660203][ T367] ? rwlock_bug.part.0+0x90/0x90 [ 65.665132][ T367] worker_thread+0x96/0xe10 [ 65.669644][ T367] ? process_one_work+0x1690/0x1690 [ 65.674826][ T367] kthread+0x3b5/0x4a0 [ 65.678878][ T367] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 65.684592][ T367] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 65.690312][ T367] ret_from_fork+0x1f/0x30 [ 65.698955][ T367] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:8/367 [ 65.708288][ T367] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.714275][ T367] CPU: 0 PID: 367 Comm: kworker/u4:8 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.722597][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.732660][ T367] Workqueue: writeback wb_workfn (flush-8:0) [ 65.738621][ T367] Call Trace: [ 65.741897][ T367] dump_stack+0x18f/0x20d [ 65.746216][ T367] check_preemption_disabled+0x20d/0x220 [ 65.752011][ T367] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.757121][ T367] ? ext4_find_extent+0x81a/0xad0 [ 65.762149][ T367] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.767614][ T367] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.773343][ T367] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.778624][ T367] ? ext4_ext_release+0x10/0x10 [ 65.783504][ T367] ? down_write_killable+0x170/0x170 [ 65.788861][ T367] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.794308][ T367] ext4_map_blocks+0x4cb/0x1640 [ 65.799151][ T367] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.804352][ T367] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.809892][ T367] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.815873][ T367] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 65.821345][ T367] ext4_writepages+0x1a7b/0x33c0 [ 65.826304][ T367] ? __ext4_mark_inode_dirty+0x940/0x940 [ 65.831944][ T367] ? __lock_acquire+0x2224/0x48b0 [ 65.836966][ T367] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 65.843003][ T367] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 65.848989][ T367] ? __ext4_mark_inode_dirty+0x940/0x940 [ 65.854629][ T367] ? do_writepages+0xfa/0x2a0 [ 65.859290][ T367] do_writepages+0xfa/0x2a0 [ 65.863873][ T367] ? page_writeback_cpu_online+0x10/0x10 [ 65.869497][ T367] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.875048][ T367] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.881028][ T367] ? lock_downgrade+0x840/0x840 [ 65.885912][ T367] __writeback_single_inode+0x12a/0x13d0 [ 65.891536][ T367] ? _raw_spin_unlock+0x24/0x40 [ 65.896377][ T367] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 65.902401][ T367] writeback_sb_inodes+0x515/0xdc0 [ 65.907522][ T367] ? __writeback_single_inode+0x13d0/0x13d0 [ 65.913421][ T367] __writeback_inodes_wb+0xc3/0x250 [ 65.918614][ T367] wb_writeback+0x8db/0xd50 [ 65.923126][ T367] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 65.929446][ T367] ? cpumask_next+0x3c/0x40 [ 65.933936][ T367] ? get_nr_dirty_inodes+0xd6/0x130 [ 65.939125][ T367] wb_workfn+0x9bc/0x1090 [ 65.943622][ T367] ? inode_wait_for_writeback+0x30/0x30 [ 65.949666][ T367] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.955196][ T367] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.961180][ T367] process_one_work+0x965/0x1690 [ 65.966114][ T367] ? lock_release+0x800/0x800 [ 65.970793][ T367] ? pwq_dec_nr_in_flight+0x310/0x310 [ 65.976154][ T367] ? rwlock_bug.part.0+0x90/0x90 [ 65.981085][ T367] worker_thread+0x96/0xe10 [ 65.985614][ T367] ? process_one_work+0x1690/0x1690 [ 65.990865][ T367] kthread+0x3b5/0x4a0 [ 65.995010][ T367] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.000726][ T367] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.006608][ T367] ret_from_fork+0x1f/0x30 [ 66.015101][ T367] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:8/367 [ 66.024454][ T367] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.030371][ T367] CPU: 0 PID: 367 Comm: kworker/u4:8 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.038697][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.049675][ T367] Workqueue: writeback wb_workfn (flush-8:0) [ 66.056526][ T367] Call Trace: [ 66.059827][ T367] dump_stack+0x18f/0x20d [ 66.064323][ T367] check_preemption_disabled+0x20d/0x220 [ 66.069942][ T367] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.075049][ T367] ? ext4_find_extent+0x81a/0xad0 [ 66.080246][ T367] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.085776][ T367] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.091504][ T367] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.096783][ T367] ? ext4_ext_release+0x10/0x10 [ 66.101635][ T367] ? down_write_killable+0x170/0x170 [ 66.106992][ T367] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.112466][ T367] ext4_map_blocks+0x4cb/0x1640 [ 66.117309][ T367] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.122501][ T367] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.128036][ T367] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.134093][ T367] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 66.139540][ T367] ext4_writepages+0x1a7b/0x33c0 [ 66.145784][ T367] ? __ext4_mark_inode_dirty+0x940/0x940 [ 66.151402][ T367] ? __lock_acquire+0x2224/0x48b0 [ 66.156438][ T367] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 66.162405][ T367] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 66.168374][ T367] ? __ext4_mark_inode_dirty+0x940/0x940 [ 66.174013][ T367] ? do_writepages+0xfa/0x2a0 [ 66.178864][ T367] do_writepages+0xfa/0x2a0 [ 66.183384][ T367] ? page_writeback_cpu_online+0x10/0x10 [ 66.189009][ T367] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.194540][ T367] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.200506][ T367] ? lock_downgrade+0x840/0x840 [ 66.205370][ T367] __writeback_single_inode+0x12a/0x13d0 [ 66.211004][ T367] ? _raw_spin_unlock+0x24/0x40 [ 66.215859][ T367] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 66.221841][ T367] writeback_sb_inodes+0x515/0xdc0 [ 66.226949][ T367] ? __writeback_single_inode+0x13d0/0x13d0 [ 66.232931][ T367] __writeback_inodes_wb+0xc3/0x250 [ 66.238121][ T367] wb_writeback+0x8db/0xd50 [ 66.242620][ T367] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 66.248945][ T367] ? cpumask_next+0x3c/0x40 [ 66.253451][ T367] ? get_nr_dirty_inodes+0xd6/0x130 [ 66.258639][ T367] wb_workfn+0x9bc/0x1090 [ 66.262961][ T367] ? inode_wait_for_writeback+0x30/0x30 [ 66.268517][ T367] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.274048][ T367] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.280025][ T367] process_one_work+0x965/0x1690 Warning: Permanently added '10.128.1.47' (ECDSA) to the list of known hosts. [ 66.284954][ T367] ? lock_release+0x800/0x800 [ 66.289617][ T367] ? pwq_dec_nr_in_flight+0x310/0x310 [ 66.294976][ T367] ? rwlock_bug.part.0+0x90/0x90 [ 66.299911][ T367] worker_thread+0x96/0xe10 [ 66.304495][ T367] ? process_one_work+0x1690/0x1690 [ 66.309780][ T367] kthread+0x3b5/0x4a0 [ 66.313833][ T367] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.319549][ T367] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.325258][ T367] ret_from_fork+0x1f/0x30 2020/06/16 03:39:58 fuzzer started 2020/06/16 03:39:59 connecting to host at 10.128.0.26:36349 2020/06/16 03:39:59 checking machine... 2020/06/16 03:39:59 checking revisions... 2020/06/16 03:39:59 testing simple program... [ 67.019611][ T6794] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6794 [ 67.028878][ T6794] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.035093][ T6794] CPU: 1 PID: 6794 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 67.043349][ T6794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.053541][ T6794] Call Trace: [ 67.056823][ T6794] dump_stack+0x18f/0x20d [ 67.061201][ T6794] check_preemption_disabled+0x20d/0x220 [ 67.067192][ T6794] ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.072399][ T6794] ? ext4_ext_search_right+0x2ca/0xb20 [ 67.077849][ T6794] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 67.083572][ T6794] ext4_ext_map_blocks+0x201b/0x33e0 [ 67.088844][ T6794] ? ext4_ext_release+0x10/0x10 [ 67.093705][ T6794] ? down_write_killable+0x170/0x170 [ 67.098968][ T6794] ? ext4_es_lookup_extent+0x41d/0xd10 [ 67.104433][ T6794] ext4_map_blocks+0x4cb/0x1640 [ 67.109310][ T6794] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 67.114519][ T6794] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 67.120166][ T6794] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.126218][ T6794] ? prandom_u32_state+0xe/0x170 [ 67.131262][ T6794] ? __brelse+0x84/0xa0 [ 67.135440][ T6794] ? __ext4_new_inode+0x144/0x55e0 [ 67.140565][ T6794] ext4_getblk+0xad/0x520 [ 67.144904][ T6794] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 67.150625][ T6794] ? ext4_free_inode+0x1700/0x1700 [ 67.155748][ T6794] ext4_bread+0x7c/0x380 [ 67.160674][ T6794] ? ext4_getblk+0x520/0x520 [ 67.165252][ T6794] ? dquot_get_next_dqblk+0x180/0x180 [ 67.170613][ T6794] ext4_append+0x153/0x360 [ 67.175023][ T6794] ext4_mkdir+0x5e0/0xdf0 [ 67.179359][ T6794] ? ext4_rmdir+0xde0/0xde0 [ 67.183953][ T6794] ? security_inode_permission+0xc4/0xf0 [ 67.189583][ T6794] vfs_mkdir+0x419/0x690 [ 67.193810][ T6794] do_mkdirat+0x21e/0x280 [ 67.198120][ T6794] ? __ia32_sys_mknod+0xb0/0xb0 [ 67.202970][ T6794] ? do_syscall_64+0x1c/0xe0 [ 67.207541][ T6794] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.213504][ T6794] do_syscall_64+0x60/0xe0 [ 67.217901][ T6794] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.223772][ T6794] RIP: 0033:0x4b02a0 [ 67.227640][ T6794] Code: Bad RIP value. [ 67.231694][ T6794] RSP: 002b:000000c0001034b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 67.240105][ T6794] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 67.248071][ T6794] RDX: 00000000000001c0 RSI: 000000c00009ef00 RDI: ffffffffffffff9c [ 67.256023][ T6794] RBP: 000000c000103510 R08: 0000000000000000 R09: 0000000000000000 [ 67.264170][ T6794] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 67.272302][ T6794] R13: 0000000000000079 R14: 0000000000000078 R15: 0000000000000100 [ 67.295926][ T6811] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6811 [ 67.306107][ T6811] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.311996][ T6811] CPU: 0 PID: 6811 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 67.320660][ T6811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.330796][ T6811] Call Trace: [ 67.334434][ T6811] dump_stack+0x18f/0x20d [ 67.339209][ T6811] check_preemption_disabled+0x20d/0x220 [ 67.344822][ T6811] ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.350219][ T6811] ? ext4_ext_search_right+0x2ca/0xb20 [ 67.355882][ T6811] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 67.361612][ T6811] ext4_ext_map_blocks+0x201b/0x33e0 [ 67.366905][ T6811] ? ext4_ext_release+0x10/0x10 [ 67.371889][ T6811] ? down_write_killable+0x170/0x170 [ 67.381516][ T6811] ? ext4_es_lookup_extent+0x41d/0xd10 [ 67.386992][ T6811] ext4_map_blocks+0x4cb/0x1640 [ 67.391830][ T6811] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 67.397010][ T6811] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 67.403011][ T6811] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.408977][ T6811] ? prandom_u32_state+0xe/0x170 [ 67.413915][ T6811] ? __brelse+0x84/0xa0 [ 67.418067][ T6811] ? __ext4_new_inode+0x144/0x55e0 [ 67.423178][ T6811] ext4_getblk+0xad/0x520 [ 67.427580][ T6811] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 67.433281][ T6811] ? ext4_free_inode+0x1700/0x1700 [ 67.438379][ T6811] ext4_bread+0x7c/0x380 [ 67.442601][ T6811] ? ext4_getblk+0x520/0x520 [ 67.447702][ T6811] ? dquot_get_next_dqblk+0x180/0x180 [ 67.453065][ T6811] ext4_append+0x153/0x360 [ 67.457464][ T6811] ext4_mkdir+0x5e0/0xdf0 [ 67.461790][ T6811] ? ext4_rmdir+0xde0/0xde0 [ 67.466285][ T6811] ? security_inode_permission+0xc4/0xf0 [ 67.471898][ T6811] vfs_mkdir+0x419/0x690 [ 67.476208][ T6811] do_mkdirat+0x21e/0x280 [ 67.480524][ T6811] ? __ia32_sys_mknod+0xb0/0xb0 [ 67.485358][ T6811] ? do_syscall_64+0x1c/0xe0 [ 67.489925][ T6811] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.495886][ T6811] do_syscall_64+0x60/0xe0 [ 67.500325][ T6811] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.506211][ T6811] RIP: 0033:0x45bed7 [ 67.510084][ T6811] Code: Bad RIP value. [ 67.514124][ T6811] RSP: 002b:00007ffc27a10278 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 67.522520][ T6811] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 67.530468][ T6811] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffc27a10450 [ 67.538415][ T6811] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003540 [ 67.546495][ T6811] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 67.554446][ T6811] R13: 00007ffc27a10450 R14: 8421084210842109 R15: 00007ffc27a1045c [ 67.643462][ T6812] IPVS: ftp: loaded support on port[0] = 21 [ 67.680602][ T6812] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6812 [ 67.690182][ T6812] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.696307][ T6812] CPU: 1 PID: 6812 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 67.704906][ T6812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.714942][ T6812] Call Trace: [ 67.718228][ T6812] dump_stack+0x18f/0x20d [ 67.722554][ T6812] check_preemption_disabled+0x20d/0x220 [ 67.728178][ T6812] ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.733284][ T6812] ? ext4_ext_search_right+0x2ca/0xb20 [ 67.738909][ T6812] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 67.744627][ T6812] ext4_ext_map_blocks+0x201b/0x33e0 [ 67.749903][ T6812] ? ext4_ext_release+0x10/0x10 [ 67.754757][ T6812] ? down_write_killable+0x170/0x170 [ 67.760062][ T6812] ? ext4_es_lookup_extent+0x41d/0xd10 [ 67.765521][ T6812] ext4_map_blocks+0x4cb/0x1640 [ 67.770366][ T6812] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 67.775558][ T6812] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 67.781110][ T6812] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.787094][ T6812] ? prandom_u32_state+0xe/0x170 [ 67.792043][ T6812] ? __brelse+0x84/0xa0 [ 67.796189][ T6812] ? __ext4_new_inode+0x144/0x55e0 [ 67.801300][ T6812] ext4_getblk+0xad/0x520 [ 67.805624][ T6812] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 67.811333][ T6812] ? ext4_free_inode+0x1700/0x1700 [ 67.816500][ T6812] ext4_bread+0x7c/0x380 [ 67.820729][ T6812] ? ext4_getblk+0x520/0x520 [ 67.825350][ T6812] ? dquot_get_next_dqblk+0x180/0x180 [ 67.830730][ T6812] ext4_append+0x153/0x360 [ 67.835133][ T6812] ext4_mkdir+0x5e0/0xdf0 [ 67.839447][ T6812] ? ext4_rmdir+0xde0/0xde0 [ 67.843933][ T6812] ? security_inode_permission+0xc4/0xf0 [ 67.849559][ T6812] vfs_mkdir+0x419/0x690 [ 67.853803][ T6812] do_mkdirat+0x21e/0x280 [ 67.858113][ T6812] ? __ia32_sys_mknod+0xb0/0xb0 [ 67.862943][ T6812] ? do_syscall_64+0x1c/0xe0 [ 67.867522][ T6812] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.873495][ T6812] do_syscall_64+0x60/0xe0 [ 67.877893][ T6812] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.884291][ T6812] RIP: 0033:0x45bed7 [ 67.888157][ T6812] Code: Bad RIP value. [ 67.892208][ T6812] RSP: 002b:00007ffc27a10168 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 67.900606][ T6812] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 67.908565][ T6812] RDX: 00007ffc27a101b3 RSI: 00000000000001ff RDI: 00007ffc27a101b0 [ 67.917048][ T6812] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 67.925019][ T6812] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185c0 [ 67.932983][ T6812] R13: 00007ffc27a101a0 R14: 0000000000000000 R15: 00007ffc27a101b0 [ 67.986831][ T6812] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6812 [ 67.996477][ T6812] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 68.002465][ T6812] CPU: 0 PID: 6812 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 68.011051][ T6812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.021111][ T6812] Call Trace: [ 68.024413][ T6812] dump_stack+0x18f/0x20d [ 68.028791][ T6812] check_preemption_disabled+0x20d/0x220 [ 68.034436][ T6812] ext4_mb_new_blocks+0xa4d/0x3b70 [ 68.039573][ T6812] ? ext4_ext_search_right+0x2ca/0xb20 [ 68.045072][ T6812] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 68.051432][ T6812] ext4_ext_map_blocks+0x201b/0x33e0 [ 68.056734][ T6812] ? ext4_ext_release+0x10/0x10 [ 68.061602][ T6812] ? down_write_killable+0x170/0x170 [ 68.066897][ T6812] ? ext4_es_lookup_extent+0x41d/0xd10 [ 68.072348][ T6812] ext4_map_blocks+0x4cb/0x1640 [ 68.077253][ T6812] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 68.082476][ T6812] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 68.088007][ T6812] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.093982][ T6812] ? prandom_u32_state+0xe/0x170 [ 68.098901][ T6812] ? __brelse+0x84/0xa0 [ 68.103056][ T6812] ? __ext4_new_inode+0x144/0x55e0 [ 68.108150][ T6812] ext4_getblk+0xad/0x520 [ 68.112468][ T6812] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 68.118167][ T6812] ? ext4_free_inode+0x1700/0x1700 [ 68.123270][ T6812] ext4_bread+0x7c/0x380 [ 68.127507][ T6812] ? ext4_getblk+0x520/0x520 [ 68.132081][ T6812] ? dquot_get_next_dqblk+0x180/0x180 [ 68.137452][ T6812] ext4_append+0x153/0x360 [ 68.141862][ T6812] ext4_mkdir+0x5e0/0xdf0 [ 68.146191][ T6812] ? ext4_rmdir+0xde0/0xde0 [ 68.150699][ T6812] ? security_inode_permission+0xc4/0xf0 [ 68.156342][ T6812] vfs_mkdir+0x419/0x690 [ 68.160598][ T6812] do_mkdirat+0x21e/0x280 [ 68.166038][ T6812] ? __ia32_sys_mknod+0xb0/0xb0 [ 68.170867][ T6812] ? do_syscall_64+0x1c/0xe0 [ 68.175448][ T6812] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 68.181498][ T6812] do_syscall_64+0x60/0xe0 [ 68.185924][ T6812] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.191805][ T6812] RIP: 0033:0x45bed7 [ 68.195677][ T6812] Code: Bad RIP value. [ 68.199800][ T6812] RSP: 002b:00007ffc27a10168 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 68.208192][ T6812] RAX: ffffffffffffffda RBX: 000000000001098b RCX: 000000000045bed7 [ 68.216716][ T6812] RDX: 00007ffc27a101b3 RSI: 00000000000001ff RDI: 00007ffc27a101b0 [ 68.224676][ T6812] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/16 03:40:00 building call list... [ 68.232632][ T6812] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 68.240664][ T6812] R13: 00007ffc27a101a0 R14: 000000000001097e R15: 00007ffc27a101b0 [ 68.552323][ T367] tipc: TX() has been purged, node left! [ 69.055138][ T367] ================================================================== [ 69.063392][ T367] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 69.071278][ T367] Write of size 1 at addr ffff88808252e9e4 by task kworker/u4:8/367 [ 69.079244][ T367] [ 69.081590][ T367] CPU: 1 PID: 367 Comm: kworker/u4:8 Not tainted 5.8.0-rc1-syzkaller #0 [ 69.090021][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.100595][ T367] Workqueue: netns cleanup_net [ 69.105366][ T367] Call Trace: [ 69.108659][ T367] dump_stack+0x18f/0x20d [ 69.112996][ T367] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.118570][ T367] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.124374][ T367] ? afs_put_call+0xa40/0xa40 [ 69.129051][ T367] print_address_description.constprop.0.cold+0xd3/0x413 [ 69.136081][ T367] ? vprintk_func+0x97/0x1a6 [ 69.140677][ T367] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.146220][ T367] kasan_report.cold+0x1f/0x37 [ 69.150994][ T367] ? rcu_read_lock_held_common+0x51/0xa0 [ 69.156624][ T367] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.163042][ T367] afs_wake_up_async_call+0x6aa/0x770 [ 69.168410][ T367] ? afs_close_socket+0x320/0x320 [ 69.173437][ T367] ? afs_put_call+0xa40/0xa40 [ 69.178112][ T367] rxrpc_notify_socket+0x1db/0x5d0 [ 69.183235][ T367] ? afs_put_call+0xa40/0xa40 [ 69.187910][ T367] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 69.194326][ T367] rxrpc_call_completed+0xca/0xf0 [ 69.199410][ T367] rxrpc_discard_prealloc+0x781/0xab0 [ 69.204808][ T367] ? lock_sock_nested+0x94/0x110 [ 69.209750][ T367] rxrpc_listen+0x147/0x360 [ 69.214279][ T367] afs_close_socket+0x95/0x320 [ 69.219038][ T367] ? afs_purge_servers+0x16d/0x300 [ 69.224172][ T367] ? afs_rx_discard_new_call+0x50/0x50 [ 69.229654][ T367] ? init_wait_var_entry+0x200/0x200 [ 69.235058][ T367] ? rcu_read_lock_held_common+0xa0/0xa0 [ 69.240783][ T367] ? check_preemption_disabled+0x38/0x220 [ 69.246505][ T367] afs_net_exit+0x1bc/0x310 [ 69.251007][ T367] ? afs_net_init+0xe30/0xe30 [ 69.255719][ T367] ops_exit_list.isra.0+0xa8/0x150 [ 69.260920][ T367] cleanup_net+0x511/0xa50 [ 69.265343][ T367] ? unregister_pernet_device+0x70/0x70 [ 69.270893][ T367] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 69.276884][ T367] process_one_work+0x965/0x1690 [ 69.281830][ T367] ? lock_release+0x800/0x800 [ 69.286507][ T367] ? pwq_dec_nr_in_flight+0x310/0x310 [ 69.292074][ T367] ? rwlock_bug.part.0+0x90/0x90 [ 69.297064][ T367] worker_thread+0x96/0xe10 [ 69.301582][ T367] ? process_one_work+0x1690/0x1690 [ 69.306783][ T367] kthread+0x3b5/0x4a0 [ 69.310871][ T367] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.316763][ T367] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.322486][ T367] ret_from_fork+0x1f/0x30 [ 69.326914][ T367] [ 69.329246][ T367] Allocated by task 6812: [ 69.333662][ T367] save_stack+0x1b/0x40 [ 69.337904][ T367] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 69.343539][ T367] kmem_cache_alloc_trace+0x153/0x7d0 [ 69.349020][ T367] afs_alloc_call+0x55/0x630 [ 69.353815][ T367] afs_charge_preallocation+0xe9/0x2d0 [ 69.359370][ T367] afs_open_socket+0x292/0x360 [ 69.364225][ T367] afs_net_init+0xa6c/0xe30 [ 69.368724][ T367] ops_init+0xaf/0x420 [ 69.372789][ T367] setup_net+0x2de/0x860 [ 69.377030][ T367] copy_net_ns+0x293/0x590 [ 69.381444][ T367] create_new_namespaces+0x3fb/0xb30 [ 69.386748][ T367] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 69.392398][ T367] ksys_unshare+0x43d/0x8e0 [ 69.397003][ T367] __x64_sys_unshare+0x2d/0x40 [ 69.401760][ T367] do_syscall_64+0x60/0xe0 [ 69.406181][ T367] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.412084][ T367] [ 69.414405][ T367] Freed by task 367: [ 69.418304][ T367] save_stack+0x1b/0x40 [ 69.422634][ T367] __kasan_slab_free+0xf7/0x140 [ 69.427492][ T367] kfree+0x109/0x2b0 [ 69.431384][ T367] afs_put_call+0x585/0xa40 [ 69.435920][ T367] rxrpc_discard_prealloc+0x764/0xab0 [ 69.441376][ T367] rxrpc_listen+0x147/0x360 [ 69.445877][ T367] afs_close_socket+0x95/0x320 [ 69.450638][ T367] afs_net_exit+0x1bc/0x310 [ 69.455139][ T367] ops_exit_list.isra.0+0xa8/0x150 [ 69.460246][ T367] cleanup_net+0x511/0xa50 [ 69.464688][ T367] process_one_work+0x965/0x1690 [ 69.469622][ T367] worker_thread+0x96/0xe10 [ 69.474121][ T367] kthread+0x3b5/0x4a0 [ 69.478191][ T367] ret_from_fork+0x1f/0x30 [ 69.482602][ T367] [ 69.484930][ T367] The buggy address belongs to the object at ffff88808252e800 [ 69.484930][ T367] which belongs to the cache kmalloc-1k of size 1024 [ 69.498981][ T367] The buggy address is located 484 bytes inside of [ 69.498981][ T367] 1024-byte region [ffff88808252e800, ffff88808252ec00) [ 69.512434][ T367] The buggy address belongs to the page: [ 69.518068][ T367] page:ffffea0002094b80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 69.527169][ T367] flags: 0xfffe0000000200(slab) [ 69.532027][ T367] raw: 00fffe0000000200 ffffea0002094b08 ffffea0002094c08 ffff8880aa000c40 [ 69.540618][ T367] raw: 0000000000000000 ffff88808252e000 0000000100000002 0000000000000000 [ 69.549364][ T367] page dumped because: kasan: bad access detected [ 69.555787][ T367] [ 69.558105][ T367] Memory state around the buggy address: [ 69.563732][ T367] ffff88808252e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.571793][ T367] ffff88808252e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.579852][ T367] >ffff88808252e980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.587910][ T367] ^ [ 69.595124][ T367] ffff88808252ea00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.603184][ T367] ffff88808252ea80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.611258][ T367] ================================================================== [ 69.619309][ T367] Disabling lock debugging due to kernel taint [ 69.625501][ T367] Kernel panic - not syncing: panic_on_warn set ... [ 69.632084][ T367] CPU: 1 PID: 367 Comm: kworker/u4:8 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 69.641804][ T367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.651856][ T367] Workqueue: netns cleanup_net [ 69.656609][ T367] Call Trace: [ 69.659896][ T367] dump_stack+0x18f/0x20d [ 69.664224][ T367] ? afs_wake_up_async_call+0x670/0x770 [ 69.669759][ T367] ? afs_put_call+0xa40/0xa40 [ 69.674444][ T367] panic+0x2e3/0x75c [ 69.678503][ T367] ? __warn_printk+0xf3/0xf3 [ 69.683120][ T367] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 69.689358][ T367] ? trace_hardirqs_on+0x55/0x220 [ 69.694380][ T367] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.699918][ T367] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.705452][ T367] ? afs_put_call+0xa40/0xa40 [ 69.710133][ T367] end_report+0x4d/0x53 [ 69.714291][ T367] kasan_report.cold+0xd/0x37 [ 69.719577][ T367] ? rcu_read_lock_held_common+0x51/0xa0 [ 69.725209][ T367] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.730752][ T367] afs_wake_up_async_call+0x6aa/0x770 [ 69.736131][ T367] ? afs_close_socket+0x320/0x320 [ 69.741239][ T367] ? afs_put_call+0xa40/0xa40 [ 69.746036][ T367] rxrpc_notify_socket+0x1db/0x5d0 [ 69.751153][ T367] ? afs_put_call+0xa40/0xa40 [ 69.755844][ T367] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 69.762255][ T367] rxrpc_call_completed+0xca/0xf0 [ 69.767281][ T367] rxrpc_discard_prealloc+0x781/0xab0 [ 69.772655][ T367] ? lock_sock_nested+0x94/0x110 [ 69.777598][ T367] rxrpc_listen+0x147/0x360 [ 69.782135][ T367] afs_close_socket+0x95/0x320 [ 69.786902][ T367] ? afs_purge_servers+0x16d/0x300 [ 69.792007][ T367] ? afs_rx_discard_new_call+0x50/0x50 [ 69.797464][ T367] ? init_wait_var_entry+0x200/0x200 [ 69.802746][ T367] ? rcu_read_lock_held_common+0xa0/0xa0 [ 69.808376][ T367] ? check_preemption_disabled+0x38/0x220 [ 69.814524][ T367] afs_net_exit+0x1bc/0x310 [ 69.819105][ T367] ? afs_net_init+0xe30/0xe30 [ 69.823772][ T367] ops_exit_list.isra.0+0xa8/0x150 [ 69.828902][ T367] cleanup_net+0x511/0xa50 [ 69.833319][ T367] ? unregister_pernet_device+0x70/0x70 [ 69.839032][ T367] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 69.845010][ T367] process_one_work+0x965/0x1690 [ 69.850203][ T367] ? lock_release+0x800/0x800 [ 69.854873][ T367] ? pwq_dec_nr_in_flight+0x310/0x310 [ 69.860758][ T367] ? rwlock_bug.part.0+0x90/0x90 [ 69.865702][ T367] worker_thread+0x96/0xe10 [ 69.870209][ T367] ? process_one_work+0x1690/0x1690 [ 69.875402][ T367] kthread+0x3b5/0x4a0 [ 69.879671][ T367] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.885472][ T367] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.891202][ T367] ret_from_fork+0x1f/0x30 [ 69.897280][ T367] Kernel Offset: disabled [ 69.901728][ T367] Rebooting in 86400 seconds..