56.424728][ T6829] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6829 [ 56.434284][ T6829] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.441497][ T6829] CPU: 0 PID: 6829 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 56.449742][ T6829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.459779][ T6829] Call Trace: [ 56.463055][ T6829] dump_stack+0x18f/0x20d [ 56.467819][ T6829] check_preemption_disabled+0x20d/0x220 [ 56.473435][ T6829] ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.478532][ T6829] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.484010][ T6829] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 56.484038][ T6829] ext4_ext_map_blocks+0x201b/0x33e0 [ 56.484066][ T6829] ? ext4_ext_release+0x10/0x10 [ 56.484102][ T6829] ? down_write_killable+0x170/0x170 [ 56.484117][ T6829] ? ext4_es_lookup_extent+0x41d/0xd10 [ 56.484140][ T6829] ext4_map_blocks+0x4cb/0x1640 [ 56.484165][ T6829] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 56.484181][ T6829] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.484203][ T6829] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.484218][ T6829] ? prandom_u32_state+0xe/0x170 [ 56.484236][ T6829] ? __brelse+0x84/0xa0 [ 56.484251][ T6829] ? __ext4_new_inode+0x144/0x55e0 [ 56.484272][ T6829] ext4_getblk+0xad/0x520 [ 56.484290][ T6829] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 56.484313][ T6829] ? ext4_free_inode+0x1700/0x1700 [ 56.484332][ T6829] ext4_bread+0x7c/0x380 [ 56.484348][ T6829] ? ext4_getblk+0x520/0x520 [ 56.484364][ T6829] ? dquot_get_next_dqblk+0x180/0x180 [ 56.484388][ T6829] ext4_append+0x153/0x360 [ 56.484408][ T6829] ext4_mkdir+0x5e0/0xdf0 [ 56.484433][ T6829] ? ext4_rmdir+0xde0/0xde0 [ 56.484452][ T6829] ? security_inode_permission+0xc4/0xf0 [ 56.484477][ T6829] vfs_mkdir+0x419/0x690 [ 56.484497][ T6829] do_mkdirat+0x21e/0x280 [ 56.484515][ T6829] ? __ia32_sys_mknod+0xb0/0xb0 [ 56.484532][ T6829] ? do_syscall_64+0x1c/0xe0 [ 56.484549][ T6829] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 56.484567][ T6829] do_syscall_64+0x60/0xe0 [ 56.484584][ T6829] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.484597][ T6829] RIP: 0033:0x7fe3defc1687 [ 56.484602][ T6829] Code: Bad RIP value. [ 56.484610][ T6829] RSP: 002b:00007ffdeb192ca8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 56.484624][ T6829] RAX: ffffffffffffffda RBX: 0000555872849985 RCX: 00007fe3defc1687 [ 56.484633][ T6829] RDX: 00007ffdeb192b70 RSI: 00000000000001ed RDI: 0000555872849985 [ 56.484641][ T6829] RBP: 00007fe3defc1680 R08: 0000000000000100 R09: 0000000000000000 [ 56.484650][ T6829] R10: 0000555872849980 R11: 0000000000000246 R12: 00000000000001ed [ 56.484659][ T6829] R13: 00007ffdeb192e30 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.41' (ECDSA) to the list of known hosts. 2020/06/14 09:46:50 fuzzer started 2020/06/14 09:46:50 connecting to host at 10.128.0.26:38217 2020/06/14 09:46:50 checking machine... 2020/06/14 09:46:50 checking revisions... 2020/06/14 09:46:50 testing simple program... syzkaller login: [ 62.227106][ T6904] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6904 [ 62.236834][ T6904] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.242917][ T6904] CPU: 1 PID: 6904 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 62.250808][ T6904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.260860][ T6904] Call Trace: [ 62.264235][ T6904] dump_stack+0x18f/0x20d [ 62.268561][ T6904] check_preemption_disabled+0x20d/0x220 [ 62.274175][ T6904] ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.279456][ T6904] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.284906][ T6904] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 62.290616][ T6904] ext4_ext_map_blocks+0x201b/0x33e0 [ 62.295903][ T6904] ? ext4_ext_release+0x10/0x10 [ 62.300747][ T6904] ? down_write_killable+0x170/0x170 [ 62.306033][ T6904] ? ext4_es_lookup_extent+0x41d/0xd10 [ 62.311497][ T6904] ext4_map_blocks+0x4cb/0x1640 [ 62.316345][ T6904] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.321522][ T6904] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.327056][ T6904] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.333134][ T6904] ? prandom_u32_state+0xe/0x170 [ 62.338071][ T6904] ? __brelse+0x84/0xa0 [ 62.342226][ T6904] ? __ext4_new_inode+0x144/0x55e0 [ 62.347343][ T6904] ext4_getblk+0xad/0x520 [ 62.351682][ T6904] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 62.357547][ T6904] ? ext4_free_inode+0x1700/0x1700 [ 62.362662][ T6904] ext4_bread+0x7c/0x380 [ 62.366914][ T6904] ? ext4_getblk+0x520/0x520 [ 62.371502][ T6904] ? dquot_get_next_dqblk+0x180/0x180 [ 62.376866][ T6904] ext4_append+0x153/0x360 [ 62.381282][ T6904] ext4_mkdir+0x5e0/0xdf0 [ 62.385594][ T6904] ? ext4_rmdir+0xde0/0xde0 [ 62.390078][ T6904] ? security_inode_permission+0xc4/0xf0 [ 62.395690][ T6904] vfs_mkdir+0x419/0x690 [ 62.399913][ T6904] do_mkdirat+0x21e/0x280 [ 62.404221][ T6904] ? __ia32_sys_mknod+0xb0/0xb0 [ 62.409051][ T6904] ? do_syscall_64+0x1c/0xe0 [ 62.413617][ T6904] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.419697][ T6904] do_syscall_64+0x60/0xe0 [ 62.424103][ T6904] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.430094][ T6904] RIP: 0033:0x4b02a0 [ 62.433960][ T6904] Code: Bad RIP value. [ 62.437999][ T6904] RSP: 002b:000000c00004f4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 62.446382][ T6904] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 62.454414][ T6904] RDX: 00000000000001c0 RSI: 000000c000026480 RDI: ffffffffffffff9c [ 62.462363][ T6904] RBP: 000000c00004f510 R08: 0000000000000000 R09: 0000000000000000 [ 62.470312][ T6904] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 62.478276][ T6904] R13: 0000000000000025 R14: 0000000000000024 R15: 0000000000000100 [ 62.502723][ T6907] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6907 [ 62.512312][ T6907] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.518315][ T6907] CPU: 0 PID: 6907 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 62.526720][ T6907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.536765][ T6907] Call Trace: [ 62.540069][ T6907] dump_stack+0x18f/0x20d [ 62.544382][ T6907] check_preemption_disabled+0x20d/0x220 [ 62.550011][ T6907] ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.555106][ T6907] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.560805][ T6907] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 62.566517][ T6907] ext4_ext_map_blocks+0x201b/0x33e0 [ 62.571865][ T6907] ? ext4_ext_release+0x10/0x10 [ 62.576736][ T6907] ? down_write_killable+0x170/0x170 [ 62.582080][ T6907] ? ext4_es_lookup_extent+0x41d/0xd10 [ 62.587563][ T6907] ext4_map_blocks+0x4cb/0x1640 [ 62.592529][ T6907] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.597720][ T6907] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.603518][ T6907] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.609479][ T6907] ? prandom_u32_state+0xe/0x170 [ 62.614586][ T6907] ? __brelse+0x84/0xa0 [ 62.618721][ T6907] ? __ext4_new_inode+0x144/0x55e0 [ 62.623811][ T6907] ext4_getblk+0xad/0x520 [ 62.628134][ T6907] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 62.633838][ T6907] ? ext4_free_inode+0x1700/0x1700 [ 62.638957][ T6907] ext4_bread+0x7c/0x380 [ 62.643178][ T6907] ? ext4_getblk+0x520/0x520 [ 62.647817][ T6907] ? dquot_get_next_dqblk+0x180/0x180 [ 62.653170][ T6907] ext4_append+0x153/0x360 [ 62.657583][ T6907] ext4_mkdir+0x5e0/0xdf0 [ 62.661904][ T6907] ? ext4_rmdir+0xde0/0xde0 [ 62.666489][ T6907] ? security_inode_permission+0xc4/0xf0 [ 62.672107][ T6907] vfs_mkdir+0x419/0x690 [ 62.676340][ T6907] do_mkdirat+0x21e/0x280 [ 62.680653][ T6907] ? __ia32_sys_mknod+0xb0/0xb0 [ 62.685483][ T6907] ? do_syscall_64+0x1c/0xe0 [ 62.690055][ T6907] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.696113][ T6907] do_syscall_64+0x60/0xe0 [ 62.700534][ T6907] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.706404][ T6907] RIP: 0033:0x45bee7 [ 62.710278][ T6907] Code: Bad RIP value. [ 62.714331][ T6907] RSP: 002b:00007ffff6cb5b98 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 62.722729][ T6907] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 62.730679][ T6907] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffff6cb5d70 [ 62.739952][ T6907] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003600 [ 62.747921][ T6907] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 62.755934][ T6907] R13: 00007ffff6cb5d70 R14: 8421084210842109 R15: 00007ffff6cb5d7c [ 62.842419][ T6908] IPVS: ftp: loaded support on port[0] = 21 [ 62.882355][ T6908] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6908 [ 62.892067][ T6908] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.898509][ T6908] CPU: 1 PID: 6908 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 62.906757][ T6908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.916792][ T6908] Call Trace: [ 62.920157][ T6908] dump_stack+0x18f/0x20d [ 62.924472][ T6908] check_preemption_disabled+0x20d/0x220 [ 62.930083][ T6908] ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.935180][ T6908] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.940631][ T6908] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 62.946333][ T6908] ext4_ext_map_blocks+0x201b/0x33e0 [ 62.951604][ T6908] ? ext4_ext_release+0x10/0x10 [ 62.956533][ T6908] ? down_write_killable+0x170/0x170 [ 62.961827][ T6908] ? ext4_es_lookup_extent+0x41d/0xd10 [ 62.967279][ T6908] ext4_map_blocks+0x4cb/0x1640 [ 62.972240][ T6908] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.977438][ T6908] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.982987][ T6908] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.989050][ T6908] ? prandom_u32_state+0xe/0x170 [ 62.994171][ T6908] ? __brelse+0x84/0xa0 [ 62.998329][ T6908] ? __ext4_new_inode+0x144/0x55e0 [ 63.003419][ T6908] ext4_getblk+0xad/0x520 [ 63.007735][ T6908] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 63.013452][ T6908] ? ext4_free_inode+0x1700/0x1700 [ 63.018593][ T6908] ext4_bread+0x7c/0x380 [ 63.022828][ T6908] ? ext4_getblk+0x520/0x520 [ 63.028177][ T6908] ? dquot_get_next_dqblk+0x180/0x180 [ 63.033542][ T6908] ext4_append+0x153/0x360 [ 63.037949][ T6908] ext4_mkdir+0x5e0/0xdf0 [ 63.042280][ T6908] ? ext4_rmdir+0xde0/0xde0 [ 63.047469][ T6908] ? security_inode_permission+0xc4/0xf0 [ 63.053084][ T6908] vfs_mkdir+0x419/0x690 [ 63.057307][ T6908] do_mkdirat+0x21e/0x280 [ 63.061651][ T6908] ? __ia32_sys_mknod+0xb0/0xb0 [ 63.066501][ T6908] ? do_syscall_64+0x1c/0xe0 [ 63.071441][ T6908] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.077425][ T6908] do_syscall_64+0x60/0xe0 [ 63.081839][ T6908] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.087809][ T6908] RIP: 0033:0x45bee7 [ 63.091675][ T6908] Code: Bad RIP value. [ 63.095717][ T6908] RSP: 002b:00007ffff6cb5a88 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 63.104103][ T6908] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 63.112235][ T6908] RDX: 00007ffff6cb5ad3 RSI: 00000000000001ff RDI: 00007ffff6cb5ad0 [ 63.120225][ T6908] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 63.128197][ T6908] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185d0 [ 63.136254][ T6908] R13: 00007ffff6cb5ac0 R14: 0000000000000000 R15: 00007ffff6cb5ad0 [ 63.189816][ T6908] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6908 [ 63.199460][ T6908] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.205374][ T6908] CPU: 1 PID: 6908 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 63.213614][ T6908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.223702][ T6908] Call Trace: [ 63.227000][ T6908] dump_stack+0x18f/0x20d [ 63.231336][ T6908] check_preemption_disabled+0x20d/0x220 [ 63.237045][ T6908] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.242172][ T6908] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.247639][ T6908] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.253548][ T6908] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.258945][ T6908] ? ext4_ext_release+0x10/0x10 [ 63.263820][ T6908] ? down_write_killable+0x170/0x170 [ 63.269110][ T6908] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.274621][ T6908] ext4_map_blocks+0x4cb/0x1640 [ 63.279478][ T6908] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 63.284757][ T6908] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.290281][ T6908] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.296251][ T6908] ? prandom_u32_state+0xe/0x170 [ 63.301168][ T6908] ? __brelse+0x84/0xa0 [ 63.305331][ T6908] ? __ext4_new_inode+0x144/0x55e0 [ 63.310434][ T6908] ext4_getblk+0xad/0x520 [ 63.314761][ T6908] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 63.320812][ T6908] ? ext4_free_inode+0x1700/0x1700 [ 63.325901][ T6908] ext4_bread+0x7c/0x380 [ 63.330138][ T6908] ? ext4_getblk+0x520/0x520 [ 63.334729][ T6908] ? dquot_get_next_dqblk+0x180/0x180 [ 63.340098][ T6908] ext4_append+0x153/0x360 [ 63.344695][ T6908] ext4_mkdir+0x5e0/0xdf0 [ 63.349008][ T6908] ? ext4_rmdir+0xde0/0xde0 [ 63.353507][ T6908] ? security_inode_permission+0xc4/0xf0 [ 63.359121][ T6908] vfs_mkdir+0x419/0x690 [ 63.363357][ T6908] do_mkdirat+0x21e/0x280 [ 63.367693][ T6908] ? __ia32_sys_mknod+0xb0/0xb0 [ 63.372537][ T6908] ? do_syscall_64+0x1c/0xe0 [ 63.377115][ T6908] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.383093][ T6908] do_syscall_64+0x60/0xe0 [ 63.387497][ T6908] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.393373][ T6908] RIP: 0033:0x45bee7 [ 63.397253][ T6908] Code: Bad RIP value. [ 63.401309][ T6908] RSP: 002b:00007ffff6cb5a88 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 63.413791][ T6908] RAX: ffffffffffffffda RBX: 000000000000f6c3 RCX: 000000000045bee7 [ 63.421829][ T6908] RDX: 00007ffff6cb5ad3 RSI: 00000000000001ff RDI: 00007ffff6cb5ad0 [ 63.429886][ T6908] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/14 09:46:51 building call list... [ 63.437921][ T6908] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 63.447187][ T6908] R13: 00007ffff6cb5ac0 R14: 000000000000f6b0 R15: 00007ffff6cb5ad0 [ 63.717576][ T21] tipc: TX() has been purged, node left! [ 64.209839][ T21] ================================================================== [ 64.218342][ T21] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 64.226314][ T21] Write of size 1 at addr ffff888099ee21e4 by task kworker/u4:1/21 [ 64.234189][ T21] [ 64.236702][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.7.0-syzkaller #0 [ 64.245187][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.255242][ T21] Workqueue: netns cleanup_net [ 64.259996][ T21] Call Trace: [ 64.263284][ T21] dump_stack+0x18f/0x20d [ 64.267610][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 64.273157][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 64.278696][ T21] ? afs_put_call+0xa40/0xa40 [ 64.283378][ T21] print_address_description.constprop.0.cold+0xd3/0x413 [ 64.290488][ T21] ? vprintk_func+0x97/0x1a6 [ 64.295077][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 64.300629][ T21] kasan_report.cold+0x1f/0x37 [ 64.305410][ T21] ? rcu_read_lock_held+0x81/0xb0 [ 64.310513][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 64.316062][ T21] afs_wake_up_async_call+0x6aa/0x770 [ 64.321427][ T21] ? afs_close_socket+0x320/0x320 [ 64.326447][ T21] ? afs_put_call+0xa40/0xa40 [ 64.331117][ T21] rxrpc_notify_socket+0x1db/0x5d0 [ 64.336229][ T21] ? afs_put_call+0xa40/0xa40 [ 64.340901][ T21] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 64.347312][ T21] rxrpc_call_completed+0xca/0xf0 [ 64.352341][ T21] rxrpc_discard_prealloc+0x781/0xab0 [ 64.357711][ T21] ? lock_sock_nested+0x94/0x110 [ 64.362648][ T21] rxrpc_listen+0x147/0x360 [ 64.367157][ T21] afs_close_socket+0x95/0x320 [ 64.371912][ T21] ? afs_purge_servers+0x16d/0x300 [ 64.377020][ T21] ? afs_rx_discard_new_call+0x50/0x50 [ 64.382493][ T21] ? init_wait_var_entry+0x200/0x200 [ 64.387792][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 64.393458][ T21] ? check_preemption_disabled+0x38/0x220 [ 64.399206][ T21] afs_net_exit+0x1bc/0x310 [ 64.403833][ T21] ? afs_net_init+0xe30/0xe30 [ 64.408532][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 64.413645][ T21] cleanup_net+0x511/0xa50 [ 64.418243][ T21] ? unregister_pernet_device+0x70/0x70 [ 64.423790][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.429777][ T21] process_one_work+0x965/0x1690 [ 64.434736][ T21] ? lock_release+0x800/0x800 [ 64.439433][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 64.444821][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 64.449782][ T21] worker_thread+0x96/0xe10 [ 64.454302][ T21] ? process_one_work+0x1690/0x1690 [ 64.459506][ T21] kthread+0x3b5/0x4a0 [ 64.463571][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.469282][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.475012][ T21] ret_from_fork+0x1f/0x30 [ 64.479441][ T21] [ 64.481756][ T21] Allocated by task 6908: [ 64.486162][ T21] save_stack+0x1b/0x40 [ 64.490411][ T21] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 64.496035][ T21] kmem_cache_alloc_trace+0x153/0x7d0 [ 64.501411][ T21] afs_alloc_call+0x55/0x630 [ 64.505989][ T21] afs_charge_preallocation+0xe9/0x2d0 [ 64.511456][ T21] afs_open_socket+0x292/0x360 [ 64.516231][ T21] afs_net_init+0xa6c/0xe30 [ 64.520735][ T21] ops_init+0xaf/0x420 [ 64.524803][ T21] setup_net+0x2de/0x860 [ 64.529049][ T21] copy_net_ns+0x293/0x590 [ 64.533461][ T21] create_new_namespaces+0x3fb/0xb30 [ 64.538752][ T21] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 64.545079][ T21] ksys_unshare+0x43d/0x8e0 [ 64.549675][ T21] __x64_sys_unshare+0x2d/0x40 [ 64.554439][ T21] do_syscall_64+0x60/0xe0 [ 64.559116][ T21] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.565000][ T21] [ 64.567348][ T21] Freed by task 21: [ 64.571177][ T21] save_stack+0x1b/0x40 [ 64.575328][ T21] __kasan_slab_free+0xf7/0x140 [ 64.580173][ T21] kfree+0x109/0x2b0 [ 64.584064][ T21] afs_put_call+0x585/0xa40 [ 64.588599][ T21] rxrpc_discard_prealloc+0x764/0xab0 [ 64.594069][ T21] rxrpc_listen+0x147/0x360 [ 64.598566][ T21] afs_close_socket+0x95/0x320 [ 64.603344][ T21] afs_net_exit+0x1bc/0x310 [ 64.607846][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 64.612951][ T21] cleanup_net+0x511/0xa50 [ 64.617372][ T21] process_one_work+0x965/0x1690 [ 64.622919][ T21] worker_thread+0x96/0xe10 [ 64.627416][ T21] kthread+0x3b5/0x4a0 [ 64.631481][ T21] ret_from_fork+0x1f/0x30 [ 64.635883][ T21] [ 64.638208][ T21] The buggy address belongs to the object at ffff888099ee2000 [ 64.638208][ T21] which belongs to the cache kmalloc-1k of size 1024 [ 64.652887][ T21] The buggy address is located 484 bytes inside of [ 64.652887][ T21] 1024-byte region [ffff888099ee2000, ffff888099ee2400) [ 64.666247][ T21] The buggy address belongs to the page: [ 64.671899][ T21] page:ffffea000267b880 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 64.680999][ T21] flags: 0xfffe0000000200(slab) [ 64.685868][ T21] raw: 00fffe0000000200 ffffea00025ff248 ffffea000236dc88 ffff8880aa000c40 [ 64.694797][ T21] raw: 0000000000000000 ffff888099ee2000 0000000100000002 0000000000000000 [ 64.703384][ T21] page dumped because: kasan: bad access detected [ 64.709794][ T21] [ 64.712132][ T21] Memory state around the buggy address: [ 64.717757][ T21] ffff888099ee2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.726014][ T21] ffff888099ee2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.734075][ T21] >ffff888099ee2180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.742131][ T21] ^ [ 64.749344][ T21] ffff888099ee2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.757505][ T21] ffff888099ee2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.765555][ T21] ================================================================== [ 64.773606][ T21] Disabling lock debugging due to kernel taint [ 64.779796][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 64.786422][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Tainted: G B 5.7.0-syzkaller #0 [ 64.795729][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.805791][ T21] Workqueue: netns cleanup_net [ 64.810549][ T21] Call Trace: [ 64.813876][ T21] dump_stack+0x18f/0x20d [ 64.818299][ T21] ? afs_wake_up_async_call+0x5f0/0x770 [ 64.823935][ T21] ? afs_put_call+0xa40/0xa40 [ 64.828606][ T21] panic+0x2e3/0x75c [ 64.832503][ T21] ? __warn_printk+0xf3/0xf3 [ 64.837093][ T21] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 64.843241][ T21] ? trace_hardirqs_on+0x55/0x220 [ 64.848273][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 64.853982][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 64.859514][ T21] ? afs_put_call+0xa40/0xa40 [ 64.864182][ T21] end_report+0x4d/0x53 [ 64.868333][ T21] kasan_report.cold+0xd/0x37 [ 64.873001][ T21] ? rcu_read_lock_held+0x81/0xb0 [ 64.878013][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 64.883657][ T21] afs_wake_up_async_call+0x6aa/0x770 [ 64.889024][ T21] ? afs_close_socket+0x320/0x320 [ 64.894052][ T21] ? afs_put_call+0xa40/0xa40 [ 64.898722][ T21] rxrpc_notify_socket+0x1db/0x5d0 [ 64.903828][ T21] ? afs_put_call+0xa40/0xa40 [ 64.908495][ T21] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 64.914934][ T21] rxrpc_call_completed+0xca/0xf0 [ 64.919956][ T21] rxrpc_discard_prealloc+0x781/0xab0 [ 64.925323][ T21] ? lock_sock_nested+0x94/0x110 [ 64.930257][ T21] rxrpc_listen+0x147/0x360 [ 64.934757][ T21] afs_close_socket+0x95/0x320 [ 64.939525][ T21] ? afs_purge_servers+0x16d/0x300 [ 64.944629][ T21] ? afs_rx_discard_new_call+0x50/0x50 [ 64.950089][ T21] ? init_wait_var_entry+0x200/0x200 [ 64.955367][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 64.961080][ T21] ? check_preemption_disabled+0x38/0x220 [ 64.966794][ T21] afs_net_exit+0x1bc/0x310 [ 64.971293][ T21] ? afs_net_init+0xe30/0xe30 [ 64.975973][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 64.981087][ T21] cleanup_net+0x511/0xa50 [ 64.985500][ T21] ? unregister_pernet_device+0x70/0x70 [ 64.991049][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.997030][ T21] process_one_work+0x965/0x1690 [ 65.002054][ T21] ? lock_release+0x800/0x800 [ 65.006813][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 executing program [ 65.012186][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 65.017118][ T21] worker_thread+0x96/0xe10 [ 65.021628][ T21] ? process_one_work+0x1690/0x1690 [ 65.026992][ T21] kthread+0x3b5/0x4a0 [ 65.031058][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 65.036767][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 65.042506][ T21] ret_from_fork+0x1f/0x30 [ 65.048329][ T21] Kernel Offset: disabled [ 65.052746][ T21] Rebooting in 86400 seconds..