[ 58.068634][ T7] ? lock_release+0x800/0x800 [ 58.073425][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.078956][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 58.084037][ T7] worker_thread+0x96/0xe10 [ 58.088753][ T7] ? process_one_work+0x1690/0x1690 [ 58.094755][ T7] kthread+0x3b5/0x4a0 [ 58.098953][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.105921][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.111701][ T7] ret_from_fork+0x1f/0x30 [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ 60.287711][ T6736] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6736 [ 60.297726][ T6736] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.304094][ T6736] CPU: 0 PID: 6736 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 60.314274][ T6736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.324490][ T6736] Call Trace: [ 60.327790][ T6736] dump_stack+0x18f/0x20d [ 60.333153][ T6736] check_preemption_disabled+0x20d/0x220 [ 60.338902][ T6736] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.344051][ T6736] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.349583][ T6736] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.355397][ T6736] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.360693][ T6736] ? ext4_ext_release+0x10/0x10 [ 60.365542][ T6736] ? down_write_killable+0x170/0x170 [ 60.370835][ T6736] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.376433][ T6736] ext4_map_blocks+0x4cb/0x1640 [ 60.381413][ T6736] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.386629][ T6736] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.392535][ T6736] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.403266][ T6736] ? prandom_u32_state+0xe/0x170 [ 60.408625][ T6736] ? __brelse+0x84/0xa0 [ 60.412963][ T6736] ? __ext4_new_inode+0x144/0x55e0 [ 60.420109][ T6736] ext4_getblk+0xad/0x520 [ 60.424761][ T6736] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.431910][ T6736] ? ext4_free_inode+0x1700/0x1700 [ 60.437019][ T6736] ext4_bread+0x7c/0x380 [ 60.441297][ T6736] ? ext4_getblk+0x520/0x520 [ 60.445905][ T6736] ? dquot_get_next_dqblk+0x180/0x180 [ 60.451286][ T6736] ext4_append+0x153/0x360 [ 60.455708][ T6736] ext4_mkdir+0x5e0/0xdf0 [ 60.460111][ T6736] ? ext4_rmdir+0xde0/0xde0 [ 60.464624][ T6736] ? security_inode_permission+0xc4/0xf0 [ 60.470254][ T6736] vfs_mkdir+0x419/0x690 [ 60.474483][ T6736] do_mkdirat+0x21e/0x280 [ 60.478884][ T6736] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.483716][ T6736] ? do_syscall_64+0x1c/0xe0 [ 60.488301][ T6736] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.496122][ T6736] do_syscall_64+0x60/0xe0 [ 60.500568][ T6736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.506916][ T6736] RIP: 0033:0x7fac8d21a687 [ 60.511311][ T6736] Code: Bad RIP value. [ 60.515389][ T6736] RSP: 002b:00007ffddafd2c98 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 60.523818][ T6736] RAX: ffffffffffffffda RBX: 0000557374d73985 RCX: 00007fac8d21a687 [ 60.531883][ T6736] RDX: 00007ffddafd2b60 RSI: 00000000000001ed RDI: 0000557374d73985 [ 60.540446][ T6736] RBP: 00007fac8d21a680 R08: 0000000000000100 R09: 0000000000000000 [ 60.548643][ T6736] R10: 0000557374d73980 R11: 0000000000000246 R12: 00000000000001ed [ 60.557004][ T6736] R13: 00007ffddafd2e20 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.15.196' (ECDSA) to the list of known hosts. 2020/06/17 19:45:05 fuzzer started 2020/06/17 19:45:05 connecting to host at 10.128.0.26:38641 2020/06/17 19:45:05 checking machine... 2020/06/17 19:45:05 checking revisions... 2020/06/17 19:45:05 testing simple program... syzkaller login: [ 65.425247][ T6812] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6812 [ 65.434623][ T6812] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.440778][ T6812] CPU: 1 PID: 6812 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 65.449042][ T6812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.459181][ T6812] Call Trace: [ 65.462573][ T6812] dump_stack+0x18f/0x20d [ 65.466891][ T6812] check_preemption_disabled+0x20d/0x220 [ 65.472525][ T6812] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.477725][ T6812] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.483191][ T6812] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.489047][ T6812] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.494324][ T6812] ? ext4_ext_release+0x10/0x10 [ 65.499171][ T6812] ? down_write_killable+0x170/0x170 [ 65.504437][ T6812] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.509881][ T6812] ext4_map_blocks+0x4cb/0x1640 [ 65.514729][ T6812] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.519908][ T6812] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.525433][ T6812] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.531400][ T6812] ? prandom_u32_state+0xe/0x170 [ 65.536325][ T6812] ? __brelse+0x84/0xa0 [ 65.540458][ T6812] ? __ext4_new_inode+0x144/0x55e0 [ 65.545646][ T6812] ext4_getblk+0xad/0x520 [ 65.549964][ T6812] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.555668][ T6812] ? ext4_free_inode+0x1700/0x1700 [ 65.560756][ T6812] ext4_bread+0x7c/0x380 [ 65.565010][ T6812] ? ext4_getblk+0x520/0x520 [ 65.569578][ T6812] ? dquot_get_next_dqblk+0x180/0x180 [ 65.574950][ T6812] ext4_append+0x153/0x360 [ 65.579354][ T6812] ext4_mkdir+0x5e0/0xdf0 [ 65.583694][ T6812] ? ext4_rmdir+0xde0/0xde0 [ 65.588182][ T6812] ? security_inode_permission+0xc4/0xf0 [ 65.593802][ T6812] vfs_mkdir+0x419/0x690 [ 65.598043][ T6812] do_mkdirat+0x21e/0x280 [ 65.602372][ T6812] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.607202][ T6812] ? do_syscall_64+0x1c/0xe0 [ 65.611796][ T6812] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.617905][ T6812] do_syscall_64+0x60/0xe0 [ 65.622311][ T6812] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.628197][ T6812] RIP: 0033:0x4b02a0 [ 65.632062][ T6812] Code: Bad RIP value. [ 65.636109][ T6812] RSP: 002b:000000c0000cf4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 65.644583][ T6812] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 65.652544][ T6812] RDX: 00000000000001c0 RSI: 000000c000026f40 RDI: ffffffffffffff9c [ 65.660528][ T6812] RBP: 000000c0000cf510 R08: 0000000000000000 R09: 0000000000000000 [ 65.668504][ T6812] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 65.676481][ T6812] R13: 000000000000007b R14: 000000000000007a R15: 0000000000000100 [ 65.705038][ T6824] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6824 [ 65.714668][ T6824] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.720665][ T6824] CPU: 0 PID: 6824 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.729250][ T6824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.739314][ T6824] Call Trace: [ 65.742625][ T6824] dump_stack+0x18f/0x20d [ 65.746975][ T6824] check_preemption_disabled+0x20d/0x220 [ 65.752612][ T6824] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.757762][ T6824] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.763550][ T6824] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.769433][ T6824] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.774847][ T6824] ? ext4_ext_release+0x10/0x10 [ 65.779693][ T6824] ? down_write_killable+0x170/0x170 [ 65.784978][ T6824] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.790426][ T6824] ext4_map_blocks+0x4cb/0x1640 [ 65.795265][ T6824] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.800480][ T6824] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.806107][ T6824] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.812070][ T6824] ? prandom_u32_state+0xe/0x170 [ 65.817631][ T6824] ? __brelse+0x84/0xa0 [ 65.821767][ T6824] ? __ext4_new_inode+0x144/0x55e0 [ 65.827034][ T6824] ext4_getblk+0xad/0x520 [ 65.831347][ T6824] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.837050][ T6824] ? ext4_free_inode+0x1700/0x1700 [ 65.842141][ T6824] ext4_bread+0x7c/0x380 [ 65.846368][ T6824] ? ext4_getblk+0x520/0x520 [ 65.851034][ T6824] ? dquot_get_next_dqblk+0x180/0x180 [ 65.856405][ T6824] ext4_append+0x153/0x360 [ 65.860816][ T6824] ext4_mkdir+0x5e0/0xdf0 [ 65.865307][ T6824] ? ext4_rmdir+0xde0/0xde0 [ 65.870046][ T6824] ? security_inode_permission+0xc4/0xf0 [ 65.875694][ T6824] vfs_mkdir+0x419/0x690 [ 65.879927][ T6824] do_mkdirat+0x21e/0x280 [ 65.884269][ T6824] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.889139][ T6824] ? do_syscall_64+0x1c/0xe0 [ 65.893730][ T6824] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.899716][ T6824] do_syscall_64+0x60/0xe0 [ 65.904121][ T6824] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.910043][ T6824] RIP: 0033:0x45bed7 [ 65.913940][ T6824] Code: Bad RIP value. [ 65.917992][ T6824] RSP: 002b:00007fff7dee3ff8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 65.926385][ T6824] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 65.934358][ T6824] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007fff7dee41d0 [ 65.942318][ T6824] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003d00 [ 65.950287][ T6824] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 65.958490][ T6824] R13: 00007fff7dee41d0 R14: 8421084210842109 R15: 00007fff7dee41dc [ 66.045494][ T6825] IPVS: ftp: loaded support on port[0] = 21 [ 66.083114][ T6825] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6825 [ 66.092636][ T6825] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.103217][ T6825] CPU: 0 PID: 6825 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.111793][ T6825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.121830][ T6825] Call Trace: [ 66.125104][ T6825] dump_stack+0x18f/0x20d [ 66.129414][ T6825] check_preemption_disabled+0x20d/0x220 [ 66.135046][ T6825] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.140153][ T6825] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.145593][ T6825] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.151296][ T6825] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.156564][ T6825] ? ext4_ext_release+0x10/0x10 [ 66.161404][ T6825] ? down_write_killable+0x170/0x170 [ 66.166664][ T6825] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.172107][ T6825] ext4_map_blocks+0x4cb/0x1640 [ 66.176967][ T6825] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.182143][ T6825] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.187752][ T6825] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.193708][ T6825] ? prandom_u32_state+0xe/0x170 [ 66.198632][ T6825] ? __brelse+0x84/0xa0 [ 66.202785][ T6825] ? __ext4_new_inode+0x144/0x55e0 [ 66.207895][ T6825] ext4_getblk+0xad/0x520 [ 66.212208][ T6825] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.218002][ T6825] ? ext4_free_inode+0x1700/0x1700 [ 66.223094][ T6825] ext4_bread+0x7c/0x380 [ 66.227336][ T6825] ? ext4_getblk+0x520/0x520 [ 66.232001][ T6825] ? dquot_get_next_dqblk+0x180/0x180 [ 66.237372][ T6825] ext4_append+0x153/0x360 [ 66.241770][ T6825] ext4_mkdir+0x5e0/0xdf0 [ 66.246089][ T6825] ? ext4_rmdir+0xde0/0xde0 [ 66.250574][ T6825] ? security_inode_permission+0xc4/0xf0 [ 66.256208][ T6825] vfs_mkdir+0x419/0x690 [ 66.260429][ T6825] do_mkdirat+0x21e/0x280 [ 66.264736][ T6825] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.269588][ T6825] ? do_syscall_64+0x1c/0xe0 [ 66.274274][ T6825] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.280233][ T6825] do_syscall_64+0x60/0xe0 [ 66.284629][ T6825] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.290646][ T6825] RIP: 0033:0x45bed7 [ 66.294536][ T6825] Code: Bad RIP value. [ 66.298582][ T6825] RSP: 002b:00007fff7dee3ee8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 66.306977][ T6825] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 66.314970][ T6825] RDX: 00007fff7dee3f33 RSI: 00000000000001ff RDI: 00007fff7dee3f30 [ 66.322947][ T6825] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 66.330900][ T6825] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 66.338861][ T6825] R13: 00007fff7dee3f20 R14: 0000000000000000 R15: 00007fff7dee3f30 [ 66.394272][ T6825] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6825 [ 66.403749][ T6825] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.409649][ T6825] CPU: 1 PID: 6825 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.418482][ T6825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.428628][ T6825] Call Trace: [ 66.431927][ T6825] dump_stack+0x18f/0x20d [ 66.436286][ T6825] check_preemption_disabled+0x20d/0x220 [ 66.441953][ T6825] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.447092][ T6825] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.452567][ T6825] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.458404][ T6825] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.463689][ T6825] ? ext4_ext_release+0x10/0x10 [ 66.468543][ T6825] ? down_write_killable+0x170/0x170 [ 66.473809][ T6825] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.479338][ T6825] ext4_map_blocks+0x4cb/0x1640 [ 66.484193][ T6825] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.489394][ T6825] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.494935][ T6825] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.500923][ T6825] ? prandom_u32_state+0xe/0x170 [ 66.505842][ T6825] ? __brelse+0x84/0xa0 [ 66.510096][ T6825] ? __ext4_new_inode+0x144/0x55e0 [ 66.515208][ T6825] ext4_getblk+0xad/0x520 [ 66.519534][ T6825] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.525259][ T6825] ? ext4_free_inode+0x1700/0x1700 [ 66.530365][ T6825] ext4_bread+0x7c/0x380 [ 66.534614][ T6825] ? ext4_getblk+0x520/0x520 [ 66.539182][ T6825] ? dquot_get_next_dqblk+0x180/0x180 [ 66.544534][ T6825] ext4_append+0x153/0x360 [ 66.548929][ T6825] ext4_mkdir+0x5e0/0xdf0 [ 66.553244][ T6825] ? ext4_rmdir+0xde0/0xde0 [ 66.557729][ T6825] ? security_inode_permission+0xc4/0xf0 [ 66.563354][ T6825] vfs_mkdir+0x419/0x690 [ 66.567576][ T6825] do_mkdirat+0x21e/0x280 [ 66.571887][ T6825] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.576713][ T6825] ? do_syscall_64+0x1c/0xe0 [ 66.581314][ T6825] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.587271][ T6825] do_syscall_64+0x60/0xe0 [ 66.591789][ T6825] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.597697][ T6825] RIP: 0033:0x45bed7 [ 66.601657][ T6825] Code: Bad RIP value. [ 66.605706][ T6825] RSP: 002b:00007fff7dee3ee8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 66.614199][ T6825] RAX: ffffffffffffffda RBX: 0000000000010353 RCX: 000000000045bed7 [ 66.622361][ T6825] RDX: 00007fff7dee3f33 RSI: 00000000000001ff RDI: 00007fff7dee3f30 [ 66.630321][ T6825] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/17 19:45:06 building call list... [ 66.638273][ T6825] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 66.646223][ T6825] R13: 00007fff7dee3f20 R14: 000000000001034e R15: 00007fff7dee3f30 [ 66.910936][ T7] tipc: TX() has been purged, node left! [ 67.423403][ T7] ================================================================== [ 67.431685][ T7] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 67.439569][ T7] Write of size 1 at addr ffff88809269b1e4 by task kworker/u4:0/7 [ 67.447359][ T7] [ 67.449691][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.8.0-rc1-syzkaller #0 [ 67.457830][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.467884][ T7] Workqueue: netns cleanup_net [ 67.472662][ T7] Call Trace: [ 67.475955][ T7] dump_stack+0x18f/0x20d [ 67.480285][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.485825][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.491367][ T7] ? afs_put_call+0xa40/0xa40 [ 67.496049][ T7] print_address_description.constprop.0.cold+0xd3/0x413 [ 67.503078][ T7] ? vprintk_func+0x97/0x1a6 [ 67.507670][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.513215][ T7] kasan_report.cold+0x1f/0x37 [ 67.518067][ T7] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.523701][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.529265][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 67.534637][ T7] ? afs_close_socket+0x320/0x320 [ 67.539660][ T7] ? afs_put_call+0xa40/0xa40 [ 67.544335][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 67.549451][ T7] ? afs_put_call+0xa40/0xa40 [ 67.554127][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.560560][ T7] rxrpc_call_completed+0xca/0xf0 [ 67.565611][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 67.571073][ T7] ? lock_sock_nested+0x94/0x110 [ 67.576018][ T7] rxrpc_listen+0x147/0x360 [ 67.580520][ T7] afs_close_socket+0x95/0x320 [ 67.585279][ T7] ? afs_purge_servers+0x16d/0x300 [ 67.590393][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 67.595869][ T7] ? init_wait_var_entry+0x200/0x200 [ 67.601158][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.606798][ T7] ? check_preemption_disabled+0x38/0x220 [ 67.612522][ T7] afs_net_exit+0x1bc/0x310 [ 67.617130][ T7] ? afs_net_init+0xe30/0xe30 [ 67.621805][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 67.626918][ T7] cleanup_net+0x511/0xa50 [ 67.631335][ T7] ? unregister_pernet_device+0x70/0x70 [ 67.636881][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.642957][ T7] process_one_work+0x965/0x1690 [ 67.647922][ T7] ? lock_release+0x800/0x800 [ 67.652684][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.658057][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 67.663005][ T7] worker_thread+0x96/0xe10 [ 67.667521][ T7] ? process_one_work+0x1690/0x1690 [ 67.672736][ T7] kthread+0x3b5/0x4a0 [ 67.676809][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.682529][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.688251][ T7] ret_from_fork+0x1f/0x30 [ 67.692674][ T7] [ 67.694998][ T7] Allocated by task 6825: [ 67.699325][ T7] save_stack+0x1b/0x40 [ 67.703503][ T7] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 67.709150][ T7] kmem_cache_alloc_trace+0x153/0x7d0 [ 67.714516][ T7] afs_alloc_call+0x55/0x630 [ 67.719373][ T7] afs_charge_preallocation+0xe9/0x2d0 [ 67.724834][ T7] afs_open_socket+0x292/0x360 [ 67.729595][ T7] afs_net_init+0xa6c/0xe30 [ 67.734094][ T7] ops_init+0xaf/0x420 [ 67.738163][ T7] setup_net+0x2de/0x860 [ 67.742411][ T7] copy_net_ns+0x293/0x590 [ 67.746825][ T7] create_new_namespaces+0x3fb/0xb30 [ 67.752113][ T7] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 67.757745][ T7] ksys_unshare+0x43d/0x8e0 [ 67.762359][ T7] __x64_sys_unshare+0x2d/0x40 [ 67.767281][ T7] do_syscall_64+0x60/0xe0 [ 67.771770][ T7] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.777823][ T7] [ 67.780173][ T7] Freed by task 7: [ 67.784119][ T7] save_stack+0x1b/0x40 [ 67.788278][ T7] __kasan_slab_free+0xf7/0x140 [ 67.793303][ T7] kfree+0x109/0x2b0 [ 67.799249][ T7] afs_put_call+0x585/0xa40 [ 67.803890][ T7] rxrpc_discard_prealloc+0x764/0xab0 [ 67.809282][ T7] rxrpc_listen+0x147/0x360 [ 67.813832][ T7] afs_close_socket+0x95/0x320 [ 67.818609][ T7] afs_net_exit+0x1bc/0x310 [ 67.823113][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 67.828226][ T7] cleanup_net+0x511/0xa50 [ 67.832657][ T7] process_one_work+0x965/0x1690 [ 67.837595][ T7] worker_thread+0x96/0xe10 [ 67.842100][ T7] kthread+0x3b5/0x4a0 [ 67.846172][ T7] ret_from_fork+0x1f/0x30 [ 67.850608][ T7] [ 67.852938][ T7] The buggy address belongs to the object at ffff88809269b000 [ 67.852938][ T7] which belongs to the cache kmalloc-1k of size 1024 [ 67.867098][ T7] The buggy address is located 484 bytes inside of [ 67.867098][ T7] 1024-byte region [ffff88809269b000, ffff88809269b400) [ 67.880479][ T7] The buggy address belongs to the page: [ 67.886117][ T7] page:ffffea000249a6c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 67.895221][ T7] flags: 0xfffe0000000200(slab) [ 67.900078][ T7] raw: 00fffe0000000200 ffffea0002a46dc8 ffffea0002805f08 ffff8880aa000c40 [ 67.908665][ T7] raw: 0000000000000000 ffff88809269b000 0000000100000002 0000000000000000 [ 67.917256][ T7] page dumped because: kasan: bad access detected [ 67.923666][ T7] [ 67.925986][ T7] Memory state around the buggy address: [ 67.931787][ T7] ffff88809269b080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.940238][ T7] ffff88809269b100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.949609][ T7] >ffff88809269b180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.957674][ T7] ^ [ 67.964868][ T7] ffff88809269b200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.972925][ T7] ffff88809269b280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.980979][ T7] ================================================================== [ 67.989032][ T7] Disabling lock debugging due to kernel taint [ 67.995237][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 68.001826][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 68.011380][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.021431][ T7] Workqueue: netns cleanup_net [ 68.026191][ T7] Call Trace: [ 68.029479][ T7] dump_stack+0x18f/0x20d [ 68.033982][ T7] ? afs_wake_up_async_call+0x680/0x770 [ 68.039513][ T7] ? afs_put_call+0xa40/0xa40 [ 68.044204][ T7] panic+0x2e3/0x75c [ 68.048107][ T7] ? __warn_printk+0xf3/0xf3 [ 68.055904][ T7] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 68.062069][ T7] ? trace_hardirqs_on+0x55/0x220 [ 68.067097][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.072630][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.078167][ T7] ? afs_put_call+0xa40/0xa40 [ 68.082834][ T7] end_report+0x4d/0x53 [ 68.087091][ T7] kasan_report.cold+0xd/0x37 [ 68.091796][ T7] ? rcu_read_lock_held_common+0x51/0xa0 [ 68.097930][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.103473][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 68.108837][ T7] ? afs_close_socket+0x320/0x320 [ 68.113855][ T7] ? afs_put_call+0xa40/0xa40 [ 68.118632][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 68.123853][ T7] ? afs_put_call+0xa40/0xa40 [ 68.128531][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 68.135110][ T7] rxrpc_call_completed+0xca/0xf0 [ 68.140159][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 68.145525][ T7] ? lock_sock_nested+0x94/0x110 [ 68.150465][ T7] rxrpc_listen+0x147/0x360 [ 68.154982][ T7] afs_close_socket+0x95/0x320 [ 68.159739][ T7] ? afs_purge_servers+0x16d/0x300 [ 68.164869][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 68.170332][ T7] ? init_wait_var_entry+0x200/0x200 [ 68.178236][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 68.183964][ T7] ? check_preemption_disabled+0x38/0x220 [ 68.189678][ T7] afs_net_exit+0x1bc/0x310 [ 68.194277][ T7] ? afs_net_init+0xe30/0xe30 [ 68.199235][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 68.204355][ T7] cleanup_net+0x511/0xa50 [ 68.208802][ T7] ? unregister_pernet_device+0x70/0x70 [ 68.214345][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.220525][ T7] process_one_work+0x965/0x1690 executing program [ 68.225487][ T7] ? lock_release+0x800/0x800 [ 68.230178][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 68.235560][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 68.240585][ T7] worker_thread+0x96/0xe10 [ 68.245214][ T7] ? process_one_work+0x1690/0x1690 [ 68.250518][ T7] kthread+0x3b5/0x4a0 [ 68.254590][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.260475][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.266553][ T7] ret_from_fork+0x1f/0x30 [ 68.271801][ T7] Kernel Offset: disabled [ 68.276485][ T7] Rebooting in 86400 seconds..