[ 59.480756][ T6739] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.485858][ T6739] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.491306][ T6739] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.497022][ T6739] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.503083][ T6739] ? ext4_ext_release+0x10/0x10 [ 59.507926][ T6739] ? down_write_killable+0x170/0x170 [ 59.513316][ T6739] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.518760][ T6739] ext4_map_blocks+0x4cb/0x1640 [ 59.523607][ T6739] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.528802][ T6739] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.534340][ T6739] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.540657][ T6739] ? prandom_u32_state+0xe/0x170 [ 59.546017][ T6739] ? __brelse+0x84/0xa0 [ 59.550151][ T6739] ? __ext4_new_inode+0x144/0x55e0 [ 59.555242][ T6739] ext4_getblk+0xad/0x520 [ 59.559553][ T6739] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.565425][ T6739] ? ext4_free_inode+0x1700/0x1700 [ 59.570536][ T6739] ext4_bread+0x7c/0x380 [ 59.574766][ T6739] ? ext4_getblk+0x520/0x520 [ 59.579345][ T6739] ? dquot_get_next_dqblk+0x180/0x180 [ 59.584784][ T6739] ext4_append+0x153/0x360 [ 59.589179][ T6739] ext4_mkdir+0x5e0/0xdf0 [ 59.593507][ T6739] ? ext4_rmdir+0xde0/0xde0 [ 59.598003][ T6739] ? security_inode_permission+0xc4/0xf0 [ 59.603650][ T6739] vfs_mkdir+0x419/0x690 [ 59.607883][ T6739] do_mkdirat+0x21e/0x280 [ 59.612209][ T6739] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.617036][ T6739] ? do_syscall_64+0x1c/0xe0 [ 59.621608][ T6739] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.627577][ T6739] do_syscall_64+0x60/0xe0 [ 59.631977][ T6739] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.637845][ T6739] RIP: 0033:0x7fd807df8687 [ 59.642229][ T6739] Code: Bad RIP value. [ 59.646278][ T6739] RSP: 002b:00007fff72f995a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.654676][ T6739] RAX: ffffffffffffffda RBX: 0000555f366a2985 RCX: 00007fd807df8687 [ 59.663147][ T6739] RDX: 00007fff72f99470 RSI: 00000000000001ed RDI: 0000555f366a2985 [ 59.671118][ T6739] RBP: 00007fd807df8680 R08: 0000000000000100 R09: 0000000000000000 [ 59.679068][ T6739] R10: 0000555f366a2980 R11: 0000000000000246 R12: 00000000000001ed [ 59.687046][ T6739] R13: 00007fff72f99730 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts. 2020/06/16 13:32:48 fuzzer started 2020/06/16 13:32:48 connecting to host at 10.128.0.26:46173 2020/06/16 13:32:48 checking machine... 2020/06/16 13:32:48 checking revisions... 2020/06/16 13:32:49 testing simple program... syzkaller login: [ 65.340708][ T6814] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6814 [ 65.349847][ T6814] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.355737][ T6814] CPU: 1 PID: 6814 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 65.363948][ T6814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.374007][ T6814] Call Trace: [ 65.377291][ T6814] dump_stack+0x18f/0x20d [ 65.381604][ T6814] check_preemption_disabled+0x20d/0x220 [ 65.387225][ T6814] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.392329][ T6814] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.397775][ T6814] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.403488][ T6814] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.408772][ T6814] ? ext4_ext_release+0x10/0x10 [ 65.413618][ T6814] ? down_write_killable+0x170/0x170 [ 65.418889][ T6814] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.424343][ T6814] ext4_map_blocks+0x4cb/0x1640 [ 65.429189][ T6814] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.434372][ T6814] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.439894][ T6814] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.445848][ T6814] ? prandom_u32_state+0xe/0x170 [ 65.450769][ T6814] ? __brelse+0x84/0xa0 [ 65.454903][ T6814] ? __ext4_new_inode+0x144/0x55e0 [ 65.460005][ T6814] ext4_getblk+0xad/0x520 [ 65.464313][ T6814] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.470011][ T6814] ? ext4_free_inode+0x1700/0x1700 [ 65.475103][ T6814] ext4_bread+0x7c/0x380 [ 65.479324][ T6814] ? ext4_getblk+0x520/0x520 [ 65.483911][ T6814] ? dquot_get_next_dqblk+0x180/0x180 [ 65.489281][ T6814] ext4_append+0x153/0x360 [ 65.493677][ T6814] ext4_mkdir+0x5e0/0xdf0 [ 65.497987][ T6814] ? ext4_rmdir+0xde0/0xde0 [ 65.502733][ T6814] ? security_inode_permission+0xc4/0xf0 [ 65.508344][ T6814] vfs_mkdir+0x419/0x690 [ 65.512566][ T6814] do_mkdirat+0x21e/0x280 [ 65.516889][ T6814] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.521734][ T6814] ? do_syscall_64+0x1c/0xe0 [ 65.526301][ T6814] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.532260][ T6814] do_syscall_64+0x60/0xe0 [ 65.536660][ T6814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.542536][ T6814] RIP: 0033:0x4b02a0 [ 65.546422][ T6814] Code: Bad RIP value. [ 65.550464][ T6814] RSP: 002b:000000c0000d94b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 65.558937][ T6814] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 65.567073][ T6814] RDX: 00000000000001c0 RSI: 000000c000026b20 RDI: ffffffffffffff9c [ 65.575169][ T6814] RBP: 000000c0000d9510 R08: 0000000000000000 R09: 0000000000000000 [ 65.583127][ T6814] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 65.591096][ T6814] R13: 000000000000005a R14: 0000000000000059 R15: 0000000000000100 [ 65.622622][ T6827] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6827 [ 65.632166][ T6827] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.638077][ T6827] CPU: 0 PID: 6827 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.646652][ T6827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.656706][ T6827] Call Trace: [ 65.660001][ T6827] dump_stack+0x18f/0x20d [ 65.664338][ T6827] check_preemption_disabled+0x20d/0x220 [ 65.669971][ T6827] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.675141][ T6827] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.680610][ T6827] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.686380][ T6827] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.691669][ T6827] ? ext4_ext_release+0x10/0x10 [ 65.696559][ T6827] ? down_write_killable+0x170/0x170 [ 65.701826][ T6827] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.707268][ T6827] ext4_map_blocks+0x4cb/0x1640 [ 65.712104][ T6827] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.717280][ T6827] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.722823][ T6827] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.728797][ T6827] ? prandom_u32_state+0xe/0x170 [ 65.733729][ T6827] ? __brelse+0x84/0xa0 [ 65.737880][ T6827] ? __ext4_new_inode+0x144/0x55e0 [ 65.742979][ T6827] ext4_getblk+0xad/0x520 [ 65.747316][ T6827] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.753071][ T6827] ? ext4_free_inode+0x1700/0x1700 [ 65.758195][ T6827] ext4_bread+0x7c/0x380 [ 65.762457][ T6827] ? ext4_getblk+0x520/0x520 [ 65.767127][ T6827] ? dquot_get_next_dqblk+0x180/0x180 [ 65.772496][ T6827] ext4_append+0x153/0x360 [ 65.776930][ T6827] ext4_mkdir+0x5e0/0xdf0 [ 65.781340][ T6827] ? ext4_rmdir+0xde0/0xde0 [ 65.785830][ T6827] ? security_inode_permission+0xc4/0xf0 [ 65.791455][ T6827] vfs_mkdir+0x419/0x690 [ 65.796139][ T6827] do_mkdirat+0x21e/0x280 [ 65.800471][ T6827] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.805341][ T6827] ? do_syscall_64+0x1c/0xe0 [ 65.809927][ T6827] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.816066][ T6827] do_syscall_64+0x60/0xe0 [ 65.820472][ T6827] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.826357][ T6827] RIP: 0033:0x45bed7 [ 65.830337][ T6827] Code: Bad RIP value. [ 65.834518][ T6827] RSP: 002b:00007fff91591728 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 65.842936][ T6827] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 65.850901][ T6827] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007fff91591900 [ 65.859043][ T6827] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003400 [ 65.866994][ T6827] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 65.874956][ T6827] R13: 00007fff91591900 R14: 8421084210842109 R15: 00007fff9159190c [ 65.966802][ T6828] IPVS: ftp: loaded support on port[0] = 21 [ 66.003606][ T6828] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6828 [ 66.013420][ T6828] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.020987][ T6828] CPU: 0 PID: 6828 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.029715][ T6828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.040194][ T6828] Call Trace: [ 66.043497][ T6828] dump_stack+0x18f/0x20d [ 66.047831][ T6828] check_preemption_disabled+0x20d/0x220 [ 66.053452][ T6828] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.058905][ T6828] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.064356][ T6828] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.070090][ T6828] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.075543][ T6828] ? ext4_ext_release+0x10/0x10 [ 66.080537][ T6828] ? down_write_killable+0x170/0x170 [ 66.087671][ T6828] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.093147][ T6828] ext4_map_blocks+0x4cb/0x1640 [ 66.098106][ T6828] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.103308][ T6828] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.109280][ T6828] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.115287][ T6828] ? prandom_u32_state+0xe/0x170 [ 66.120293][ T6828] ? __brelse+0x84/0xa0 [ 66.124478][ T6828] ? __ext4_new_inode+0x144/0x55e0 [ 66.129597][ T6828] ext4_getblk+0xad/0x520 [ 66.134049][ T6828] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.139948][ T6828] ? ext4_free_inode+0x1700/0x1700 [ 66.145047][ T6828] ext4_bread+0x7c/0x380 [ 66.152680][ T6828] ? ext4_getblk+0x520/0x520 [ 66.158258][ T6828] ? dquot_get_next_dqblk+0x180/0x180 [ 66.163812][ T6828] ext4_append+0x153/0x360 [ 66.168268][ T6828] ext4_mkdir+0x5e0/0xdf0 [ 66.172792][ T6828] ? ext4_rmdir+0xde0/0xde0 [ 66.177313][ T6828] ? security_inode_permission+0xc4/0xf0 [ 66.183489][ T6828] vfs_mkdir+0x419/0x690 [ 66.187755][ T6828] do_mkdirat+0x21e/0x280 [ 66.192069][ T6828] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.196900][ T6828] ? do_syscall_64+0x1c/0xe0 [ 66.201557][ T6828] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.207516][ T6828] do_syscall_64+0x60/0xe0 [ 66.212007][ T6828] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.217899][ T6828] RIP: 0033:0x45bed7 [ 66.221781][ T6828] Code: Bad RIP value. [ 66.225928][ T6828] RSP: 002b:00007fff91591618 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 66.234582][ T6828] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 66.242549][ T6828] RDX: 00007fff91591663 RSI: 00000000000001ff RDI: 00007fff91591660 [ 66.250508][ T6828] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 66.258512][ T6828] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 66.266648][ T6828] R13: 00007fff91591650 R14: 0000000000000000 R15: 00007fff91591660 [ 66.324300][ T6828] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6828 [ 66.334201][ T6828] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.340279][ T6828] CPU: 1 PID: 6828 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.348864][ T6828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.359037][ T6828] Call Trace: [ 66.362335][ T6828] dump_stack+0x18f/0x20d [ 66.366679][ T6828] check_preemption_disabled+0x20d/0x220 [ 66.372320][ T6828] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.377454][ T6828] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.382922][ T6828] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.388679][ T6828] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.393991][ T6828] ? ext4_ext_release+0x10/0x10 [ 66.399391][ T6828] ? down_write_killable+0x170/0x170 [ 66.404682][ T6828] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.410318][ T6828] ext4_map_blocks+0x4cb/0x1640 [ 66.415162][ T6828] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.420360][ T6828] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.426052][ T6828] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.432024][ T6828] ? prandom_u32_state+0xe/0x170 [ 66.436953][ T6828] ? __brelse+0x84/0xa0 [ 66.441101][ T6828] ? __ext4_new_inode+0x144/0x55e0 [ 66.446208][ T6828] ext4_getblk+0xad/0x520 [ 66.450544][ T6828] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.456264][ T6828] ? ext4_free_inode+0x1700/0x1700 [ 66.461395][ T6828] ext4_bread+0x7c/0x380 [ 66.465699][ T6828] ? ext4_getblk+0x520/0x520 [ 66.470289][ T6828] ? dquot_get_next_dqblk+0x180/0x180 [ 66.475652][ T6828] ext4_append+0x153/0x360 [ 66.480146][ T6828] ext4_mkdir+0x5e0/0xdf0 [ 66.484482][ T6828] ? ext4_rmdir+0xde0/0xde0 [ 66.489028][ T6828] ? security_inode_permission+0xc4/0xf0 [ 66.494772][ T6828] vfs_mkdir+0x419/0x690 [ 66.499006][ T6828] do_mkdirat+0x21e/0x280 [ 66.503331][ T6828] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.508174][ T6828] ? do_syscall_64+0x1c/0xe0 [ 66.512742][ T6828] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.518718][ T6828] do_syscall_64+0x60/0xe0 [ 66.523125][ T6828] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.528996][ T6828] RIP: 0033:0x45bed7 [ 66.532860][ T6828] Code: Bad RIP value. [ 66.536912][ T6828] RSP: 002b:00007fff91591618 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 66.545308][ T6828] RAX: ffffffffffffffda RBX: 0000000000010302 RCX: 000000000045bed7 [ 66.553268][ T6828] RDX: 00007fff91591663 RSI: 00000000000001ff RDI: 00007fff91591660 [ 66.561398][ T6828] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 66.569345][ T6828] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 66.577290][ T6828] R13: 00007fff91591650 R14: 00000000000102fe R15: 00007fff91591660 2020/06/16 13:32:50 building call list... [ 66.768545][ T73] tipc: TX() has been purged, node left! [ 67.291225][ T73] ================================================================== [ 67.299473][ T73] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 67.307369][ T73] Write of size 1 at addr ffff8880a66061e4 by task kworker/u4:3/73 [ 67.315267][ T73] [ 67.317606][ T73] CPU: 1 PID: 73 Comm: kworker/u4:3 Not tainted 5.8.0-rc1-syzkaller #0 [ 67.325839][ T73] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.335897][ T73] Workqueue: netns cleanup_net [ 67.340652][ T73] Call Trace: [ 67.343958][ T73] dump_stack+0x18f/0x20d [ 67.348288][ T73] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.353828][ T73] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.359469][ T73] ? afs_put_call+0xa40/0xa40 [ 67.364172][ T73] print_address_description.constprop.0.cold+0xd3/0x413 [ 67.371202][ T73] ? vprintk_func+0x97/0x1a6 [ 67.375798][ T73] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.381339][ T73] kasan_report.cold+0x1f/0x37 [ 67.386106][ T73] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.391734][ T73] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.397280][ T73] afs_wake_up_async_call+0x6aa/0x770 [ 67.403255][ T73] ? afs_close_socket+0x320/0x320 [ 67.408278][ T73] ? afs_put_call+0xa40/0xa40 [ 67.413041][ T73] rxrpc_notify_socket+0x1db/0x5d0 [ 67.418156][ T73] ? afs_put_call+0xa40/0xa40 [ 67.422845][ T73] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.429264][ T73] rxrpc_call_completed+0xca/0xf0 [ 67.434295][ T73] rxrpc_discard_prealloc+0x781/0xab0 [ 67.439671][ T73] ? lock_sock_nested+0x94/0x110 [ 67.444611][ T73] rxrpc_listen+0x147/0x360 [ 67.449117][ T73] afs_close_socket+0x95/0x320 [ 67.453876][ T73] ? afs_purge_servers+0x16d/0x300 [ 67.458986][ T73] ? afs_rx_discard_new_call+0x50/0x50 [ 67.464451][ T73] ? init_wait_var_entry+0x200/0x200 [ 67.469736][ T73] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.475393][ T73] ? check_preemption_disabled+0x38/0x220 [ 67.481201][ T73] afs_net_exit+0x1bc/0x310 [ 67.486133][ T73] ? afs_net_init+0xe30/0xe30 [ 67.490806][ T73] ops_exit_list.isra.0+0xa8/0x150 [ 67.495918][ T73] cleanup_net+0x511/0xa50 [ 67.500337][ T73] ? unregister_pernet_device+0x70/0x70 [ 67.505883][ T73] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.511871][ T73] process_one_work+0x965/0x1690 [ 67.516816][ T73] ? lock_release+0x800/0x800 [ 67.521490][ T73] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.526900][ T73] ? rwlock_bug.part.0+0x90/0x90 [ 67.531855][ T73] worker_thread+0x96/0xe10 [ 67.536371][ T73] ? process_one_work+0x1690/0x1690 [ 67.542175][ T73] kthread+0x3b5/0x4a0 [ 67.546255][ T73] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.551975][ T73] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.557696][ T73] ret_from_fork+0x1f/0x30 [ 67.562120][ T73] [ 67.564441][ T73] Allocated by task 6828: [ 67.568766][ T73] save_stack+0x1b/0x40 [ 67.572917][ T73] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 67.578546][ T73] kmem_cache_alloc_trace+0x153/0x7d0 [ 67.583910][ T73] afs_alloc_call+0x55/0x630 [ 67.588495][ T73] afs_charge_preallocation+0xe9/0x2d0 [ 67.594223][ T73] afs_open_socket+0x292/0x360 [ 67.598984][ T73] afs_net_init+0xa6c/0xe30 [ 67.603481][ T73] ops_init+0xaf/0x420 [ 67.607633][ T73] setup_net+0x2de/0x860 [ 67.611870][ T73] copy_net_ns+0x293/0x590 [ 67.616302][ T73] create_new_namespaces+0x3fb/0xb30 [ 67.621585][ T73] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 67.627282][ T73] ksys_unshare+0x43d/0x8e0 [ 67.631783][ T73] __x64_sys_unshare+0x2d/0x40 [ 67.636548][ T73] do_syscall_64+0x60/0xe0 [ 67.641050][ T73] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.646946][ T73] [ 67.649271][ T73] Freed by task 73: [ 67.653186][ T73] save_stack+0x1b/0x40 [ 67.657337][ T73] __kasan_slab_free+0xf7/0x140 [ 67.662182][ T73] kfree+0x109/0x2b0 [ 67.666074][ T73] afs_put_call+0x585/0xa40 [ 67.670923][ T73] rxrpc_discard_prealloc+0x764/0xab0 [ 67.676292][ T73] rxrpc_listen+0x147/0x360 [ 67.680797][ T73] afs_close_socket+0x95/0x320 [ 67.685577][ T73] afs_net_exit+0x1bc/0x310 [ 67.690111][ T73] ops_exit_list.isra.0+0xa8/0x150 [ 67.695226][ T73] cleanup_net+0x511/0xa50 [ 67.699698][ T73] process_one_work+0x965/0x1690 [ 67.704652][ T73] worker_thread+0x96/0xe10 [ 67.709184][ T73] kthread+0x3b5/0x4a0 [ 67.713253][ T73] ret_from_fork+0x1f/0x30 [ 67.717650][ T73] [ 67.720039][ T73] The buggy address belongs to the object at ffff8880a6606000 [ 67.720039][ T73] which belongs to the cache kmalloc-1k of size 1024 [ 67.734179][ T73] The buggy address is located 484 bytes inside of [ 67.734179][ T73] 1024-byte region [ffff8880a6606000, ffff8880a6606400) [ 67.747693][ T73] The buggy address belongs to the page: [ 67.753333][ T73] page:ffffea0002998180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 67.762443][ T73] flags: 0xfffe0000000200(slab) [ 67.767336][ T73] raw: 00fffe0000000200 ffffea00027b2848 ffffea00029f9408 ffff8880aa000c40 [ 67.775930][ T73] raw: 0000000000000000 ffff8880a6606000 0000000100000002 0000000000000000 [ 67.784597][ T73] page dumped because: kasan: bad access detected [ 67.791017][ T73] [ 67.793337][ T73] Memory state around the buggy address: [ 67.798965][ T73] ffff8880a6606080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.807025][ T73] ffff8880a6606100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.815090][ T73] >ffff8880a6606180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.823148][ T73] ^ [ 67.830700][ T73] ffff8880a6606200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.838764][ T73] ffff8880a6606280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.846904][ T73] ================================================================== [ 67.854969][ T73] Disabling lock debugging due to kernel taint [ 67.861177][ T73] Kernel panic - not syncing: panic_on_warn set ... [ 67.867762][ T73] CPU: 1 PID: 73 Comm: kworker/u4:3 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 67.877374][ T73] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.887427][ T73] Workqueue: netns cleanup_net [ 67.892443][ T73] Call Trace: [ 67.895732][ T73] dump_stack+0x18f/0x20d [ 67.900068][ T73] ? afs_wake_up_async_call+0x670/0x770 [ 67.905616][ T73] ? afs_put_call+0xa40/0xa40 [ 67.910294][ T73] panic+0x2e3/0x75c [ 67.914184][ T73] ? __warn_printk+0xf3/0xf3 [ 67.918879][ T73] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 67.925033][ T73] ? trace_hardirqs_on+0x55/0x220 [ 67.930052][ T73] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.935602][ T73] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.941225][ T73] ? afs_put_call+0xa40/0xa40 [ 67.945897][ T73] end_report+0x4d/0x53 [ 67.950049][ T73] kasan_report.cold+0xd/0x37 [ 67.954722][ T73] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.960350][ T73] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.965889][ T73] afs_wake_up_async_call+0x6aa/0x770 [ 67.971342][ T73] ? afs_close_socket+0x320/0x320 [ 67.976449][ T73] ? afs_put_call+0xa40/0xa40 [ 67.981116][ T73] rxrpc_notify_socket+0x1db/0x5d0 [ 67.986228][ T73] ? afs_put_call+0xa40/0xa40 [ 67.990899][ T73] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.997310][ T73] rxrpc_call_completed+0xca/0xf0 [ 68.002337][ T73] rxrpc_discard_prealloc+0x781/0xab0 [ 68.007705][ T73] ? lock_sock_nested+0x94/0x110 [ 68.012643][ T73] rxrpc_listen+0x147/0x360 [ 68.017143][ T73] afs_close_socket+0x95/0x320 [ 68.021919][ T73] ? afs_purge_servers+0x16d/0x300 [ 68.027025][ T73] ? afs_rx_discard_new_call+0x50/0x50 [ 68.032484][ T73] ? init_wait_var_entry+0x200/0x200 [ 68.037774][ T73] ? rcu_read_lock_held_common+0xa0/0xa0 [ 68.043411][ T73] ? check_preemption_disabled+0x38/0x220 [ 68.049123][ T73] afs_net_exit+0x1bc/0x310 [ 68.053618][ T73] ? afs_net_init+0xe30/0xe30 [ 68.058317][ T73] ops_exit_list.isra.0+0xa8/0x150 [ 68.063422][ T73] cleanup_net+0x511/0xa50 [ 68.067830][ T73] ? unregister_pernet_device+0x70/0x70 [ 68.073374][ T73] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.079351][ T73] process_one_work+0x965/0x1690 [ 68.084289][ T73] ? lock_release+0x800/0x800 [ 68.088959][ T73] ? pwq_dec_nr_in_flight+0x310/0x310 [ 68.095382][ T73] ? rwlock_bug.part.0+0x90/0x90 [ 68.100502][ T73] worker_thread+0x96/0xe10 [ 68.105011][ T73] ? process_one_work+0x1690/0x1690 [ 68.110247][ T73] kthread+0x3b5/0x4a0 [ 68.114318][ T73] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.120123][ T73] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.125842][ T73] ret_from_fork+0x1f/0x30 [ 68.131640][ T73] Kernel Offset: disabled [ 68.135970][ T73] Rebooting in 86400 seconds..