[ 59.656023][ T6736] ? __brelse+0x84/0xa0 [ 59.656040][ T6736] ? __ext4_new_inode+0x144/0x55e0 [ 59.656062][ T6736] ext4_getblk+0xad/0x520 [ 59.656089][ T6736] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.656113][ T6736] ? ext4_free_inode+0x1700/0x1700 [ 59.656134][ T6736] ext4_bread+0x7c/0x380 [ 59.656151][ T6736] ? ext4_getblk+0x520/0x520 [ 59.656168][ T6736] ? dquot_get_next_dqblk+0x180/0x180 [ 59.656194][ T6736] ext4_append+0x153/0x360 [ 59.656216][ T6736] ext4_mkdir+0x5e0/0xdf0 [ 59.656242][ T6736] ? ext4_rmdir+0xde0/0xde0 [ 59.656264][ T6736] ? security_inode_permission+0xc4/0xf0 [ 59.656290][ T6736] vfs_mkdir+0x419/0x690 [ 59.656311][ T6736] do_mkdirat+0x21e/0x280 [ 59.656332][ T6736] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.656356][ T6736] ? do_syscall_64+0x1c/0xe0 [ 59.656375][ T6736] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.656403][ T6736] do_syscall_64+0x60/0xe0 [ 59.656424][ T6736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.656437][ T6736] RIP: 0033:0x7fc4257be687 [ 59.656443][ T6736] Code: Bad RIP value. [ 59.656452][ T6736] RSP: 002b:00007fffa5adf208 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.656468][ T6736] RAX: ffffffffffffffda RBX: 000055dddc67f985 RCX: 00007fc4257be687 [ 59.656478][ T6736] RDX: 00007fffa5adf0d0 RSI: 00000000000001ed RDI: 000055dddc67f985 [ 59.656487][ T6736] RBP: 00007fc4257be680 R08: 0000000000000100 R09: 0000000000000000 [ 59.656497][ T6736] R10: 000055dddc67f980 R11: 0000000000000246 R12: 00000000000001ed [ 59.656506][ T6736] R13: 00007fffa5adf390 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.28' (ECDSA) to the list of known hosts. 2020/06/16 07:02:17 fuzzer started 2020/06/16 07:02:17 connecting to host at 10.128.0.26:36677 2020/06/16 07:02:17 checking machine... 2020/06/16 07:02:17 checking revisions... 2020/06/16 07:02:17 testing simple program... syzkaller login: [ 65.653611][ T6809] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6809 [ 65.662921][ T6809] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.669281][ T6809] CPU: 1 PID: 6809 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 65.678108][ T6809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.688229][ T6809] Call Trace: [ 65.691524][ T6809] dump_stack+0x18f/0x20d [ 65.695880][ T6809] check_preemption_disabled+0x20d/0x220 [ 65.701516][ T6809] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.706701][ T6809] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.712154][ T6809] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.718221][ T6809] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.723527][ T6809] ? ext4_ext_release+0x10/0x10 [ 65.728622][ T6809] ? down_write_killable+0x170/0x170 [ 65.733941][ T6809] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.739590][ T6809] ext4_map_blocks+0x4cb/0x1640 [ 65.744604][ T6809] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.749898][ T6809] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.755441][ T6809] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.761408][ T6809] ? prandom_u32_state+0xe/0x170 [ 65.766343][ T6809] ? __brelse+0x84/0xa0 [ 65.770497][ T6809] ? __ext4_new_inode+0x144/0x55e0 [ 65.775605][ T6809] ext4_getblk+0xad/0x520 [ 65.780032][ T6809] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.785763][ T6809] ? ext4_free_inode+0x1700/0x1700 [ 65.790962][ T6809] ext4_bread+0x7c/0x380 [ 65.795187][ T6809] ? ext4_getblk+0x520/0x520 [ 65.799764][ T6809] ? dquot_get_next_dqblk+0x180/0x180 [ 65.805136][ T6809] ext4_append+0x153/0x360 [ 65.809653][ T6809] ext4_mkdir+0x5e0/0xdf0 [ 65.813994][ T6809] ? ext4_rmdir+0xde0/0xde0 [ 65.818486][ T6809] ? security_inode_permission+0xc4/0xf0 [ 65.824197][ T6809] vfs_mkdir+0x419/0x690 [ 65.828442][ T6809] do_mkdirat+0x21e/0x280 [ 65.832756][ T6809] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.837604][ T6809] ? do_syscall_64+0x1c/0xe0 [ 65.842183][ T6809] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.848362][ T6809] do_syscall_64+0x60/0xe0 [ 65.852786][ T6809] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.858681][ T6809] RIP: 0033:0x4b02a0 [ 65.862649][ T6809] Code: Bad RIP value. [ 65.866710][ T6809] RSP: 002b:000000c0003a74b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 65.875107][ T6809] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 65.883073][ T6809] RDX: 00000000000001c0 RSI: 000000c00033c720 RDI: ffffffffffffff9c [ 65.891023][ T6809] RBP: 000000c0003a7510 R08: 0000000000000000 R09: 0000000000000000 [ 65.899050][ T6809] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 65.907036][ T6809] R13: 000000000000003a R14: 0000000000000039 R15: 0000000000000100 [ 65.933543][ T6812] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6812 [ 65.943396][ T6812] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.949728][ T6812] CPU: 0 PID: 6812 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.958494][ T6812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.968545][ T6812] Call Trace: [ 65.971835][ T6812] dump_stack+0x18f/0x20d [ 65.976172][ T6812] check_preemption_disabled+0x20d/0x220 [ 65.981849][ T6812] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.987183][ T6812] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.992891][ T6812] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.998600][ T6812] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.004846][ T6812] ? ext4_ext_release+0x10/0x10 [ 66.009778][ T6812] ? down_write_killable+0x170/0x170 [ 66.015218][ T6812] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.021187][ T6812] ext4_map_blocks+0x4cb/0x1640 [ 66.027240][ T6812] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.032459][ T6812] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.038352][ T6812] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.044338][ T6812] ? prandom_u32_state+0xe/0x170 [ 66.049714][ T6812] ? __brelse+0x84/0xa0 [ 66.054651][ T6812] ? __ext4_new_inode+0x144/0x55e0 [ 66.059761][ T6812] ext4_getblk+0xad/0x520 [ 66.064179][ T6812] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.071224][ T6812] ? ext4_free_inode+0x1700/0x1700 [ 66.076940][ T6812] ext4_bread+0x7c/0x380 [ 66.081389][ T6812] ? ext4_getblk+0x520/0x520 [ 66.085971][ T6812] ? dquot_get_next_dqblk+0x180/0x180 [ 66.091337][ T6812] ext4_append+0x153/0x360 [ 66.095920][ T6812] ext4_mkdir+0x5e0/0xdf0 [ 66.100340][ T6812] ? ext4_rmdir+0xde0/0xde0 [ 66.104846][ T6812] ? security_inode_permission+0xc4/0xf0 [ 66.110472][ T6812] vfs_mkdir+0x419/0x690 [ 66.114708][ T6812] do_mkdirat+0x21e/0x280 [ 66.119034][ T6812] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.124859][ T6812] ? do_syscall_64+0x1c/0xe0 [ 66.129440][ T6812] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.135896][ T6812] do_syscall_64+0x60/0xe0 [ 66.140308][ T6812] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.146182][ T6812] RIP: 0033:0x45bed7 [ 66.150050][ T6812] Code: Bad RIP value. [ 66.154096][ T6812] RSP: 002b:00007ffd892403d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 66.162494][ T6812] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 66.170724][ T6812] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffd892405b0 [ 66.178771][ T6812] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003940 [ 66.186929][ T6812] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 66.194906][ T6812] R13: 00007ffd892405b0 R14: 8421084210842109 R15: 00007ffd892405bc [ 66.281668][ T6813] IPVS: ftp: loaded support on port[0] = 21 [ 66.320695][ T6813] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6813 [ 66.330189][ T6813] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.336143][ T6813] CPU: 1 PID: 6813 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.344742][ T6813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.354799][ T6813] Call Trace: [ 66.358078][ T6813] dump_stack+0x18f/0x20d [ 66.362502][ T6813] check_preemption_disabled+0x20d/0x220 [ 66.368121][ T6813] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.373236][ T6813] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.378682][ T6813] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.384410][ T6813] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.389699][ T6813] ? ext4_ext_release+0x10/0x10 [ 66.394666][ T6813] ? down_write_killable+0x170/0x170 [ 66.400052][ T6813] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.405519][ T6813] ext4_map_blocks+0x4cb/0x1640 [ 66.410375][ T6813] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.415566][ T6813] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.421260][ T6813] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.428188][ T6813] ? prandom_u32_state+0xe/0x170 [ 66.433238][ T6813] ? __brelse+0x84/0xa0 [ 66.437379][ T6813] ? __ext4_new_inode+0x144/0x55e0 [ 66.442491][ T6813] ext4_getblk+0xad/0x520 [ 66.446809][ T6813] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.452523][ T6813] ? ext4_free_inode+0x1700/0x1700 [ 66.458250][ T6813] ext4_bread+0x7c/0x380 [ 66.462474][ T6813] ? ext4_getblk+0x520/0x520 [ 66.467140][ T6813] ? dquot_get_next_dqblk+0x180/0x180 [ 66.472495][ T6813] ext4_append+0x153/0x360 [ 66.476894][ T6813] ext4_mkdir+0x5e0/0xdf0 [ 66.481226][ T6813] ? ext4_rmdir+0xde0/0xde0 [ 66.485727][ T6813] ? security_inode_permission+0xc4/0xf0 [ 66.491354][ T6813] vfs_mkdir+0x419/0x690 [ 66.495786][ T6813] do_mkdirat+0x21e/0x280 [ 66.500451][ T6813] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.505292][ T6813] ? do_syscall_64+0x1c/0xe0 [ 66.510659][ T6813] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.516757][ T6813] do_syscall_64+0x60/0xe0 [ 66.521170][ T6813] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.527459][ T6813] RIP: 0033:0x45bed7 [ 66.531342][ T6813] Code: Bad RIP value. [ 66.535385][ T6813] RSP: 002b:00007ffd892402c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 66.543792][ T6813] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 66.551754][ T6813] RDX: 00007ffd89240313 RSI: 00000000000001ff RDI: 00007ffd89240310 [ 66.559827][ T6813] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 66.567804][ T6813] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185c0 [ 66.575777][ T6813] R13: 00007ffd89240300 R14: 0000000000000000 R15: 00007ffd89240310 [ 66.628817][ T6813] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6813 [ 66.638469][ T6813] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.644381][ T6813] CPU: 1 PID: 6813 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.652968][ T6813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.666470][ T6813] Call Trace: [ 66.669771][ T6813] dump_stack+0x18f/0x20d [ 66.674123][ T6813] check_preemption_disabled+0x20d/0x220 [ 66.679776][ T6813] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.684997][ T6813] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.690463][ T6813] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.696202][ T6813] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.701513][ T6813] ? ext4_ext_release+0x10/0x10 [ 66.706393][ T6813] ? down_write_killable+0x170/0x170 [ 66.711774][ T6813] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.718126][ T6813] ext4_map_blocks+0x4cb/0x1640 [ 66.723120][ T6813] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.728318][ T6813] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.733848][ T6813] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.739814][ T6813] ? prandom_u32_state+0xe/0x170 [ 66.744948][ T6813] ? __brelse+0x84/0xa0 [ 66.749113][ T6813] ? __ext4_new_inode+0x144/0x55e0 [ 66.754321][ T6813] ext4_getblk+0xad/0x520 [ 66.758642][ T6813] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.764549][ T6813] ? ext4_free_inode+0x1700/0x1700 [ 66.769664][ T6813] ext4_bread+0x7c/0x380 [ 66.773886][ T6813] ? ext4_getblk+0x520/0x520 [ 66.778468][ T6813] ? dquot_get_next_dqblk+0x180/0x180 [ 66.783847][ T6813] ext4_append+0x153/0x360 [ 66.788260][ T6813] ext4_mkdir+0x5e0/0xdf0 [ 66.792573][ T6813] ? ext4_rmdir+0xde0/0xde0 [ 66.797056][ T6813] ? security_inode_permission+0xc4/0xf0 [ 66.802671][ T6813] vfs_mkdir+0x419/0x690 [ 66.806919][ T6813] do_mkdirat+0x21e/0x280 [ 66.811239][ T6813] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.816068][ T6813] ? do_syscall_64+0x1c/0xe0 [ 66.820637][ T6813] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 2020/06/16 07:02:18 building call list... [ 66.826594][ T6813] do_syscall_64+0x60/0xe0 [ 66.831008][ T6813] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.836971][ T6813] RIP: 0033:0x45bed7 [ 66.841011][ T6813] Code: Bad RIP value. [ 66.845051][ T6813] RSP: 002b:00007ffd892402c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 66.853435][ T6813] RAX: ffffffffffffffda RBX: 0000000000010437 RCX: 000000000045bed7 [ 66.861394][ T6813] RDX: 00007ffd89240313 RSI: 00000000000001ff RDI: 00007ffd89240310 [ 66.869435][ T6813] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 66.877386][ T6813] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 66.885358][ T6813] R13: 00007ffd89240300 R14: 0000000000010431 R15: 00007ffd89240310 [ 67.127519][ T172] tipc: TX() has been purged, node left! [ 67.639863][ T172] ================================================================== [ 67.649795][ T172] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 67.657696][ T172] Write of size 1 at addr ffff8880902801e4 by task kworker/u4:4/172 [ 67.665661][ T172] [ 67.667996][ T172] CPU: 0 PID: 172 Comm: kworker/u4:4 Not tainted 5.8.0-rc1-syzkaller #0 [ 67.676571][ T172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.686625][ T172] Workqueue: netns cleanup_net [ 67.691380][ T172] Call Trace: [ 67.694677][ T172] dump_stack+0x18f/0x20d [ 67.699010][ T172] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.704552][ T172] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.710093][ T172] ? afs_put_call+0xa40/0xa40 [ 67.714791][ T172] print_address_description.constprop.0.cold+0xd3/0x413 [ 67.721819][ T172] ? vprintk_func+0x97/0x1a6 [ 67.726416][ T172] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.732055][ T172] kasan_report.cold+0x1f/0x37 [ 67.736824][ T172] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.742453][ T172] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.748782][ T172] afs_wake_up_async_call+0x6aa/0x770 [ 67.754244][ T172] ? afs_close_socket+0x320/0x320 [ 67.759266][ T172] ? afs_put_call+0xa40/0xa40 [ 67.763942][ T172] rxrpc_notify_socket+0x1db/0x5d0 [ 67.769057][ T172] ? afs_put_call+0xa40/0xa40 [ 67.773756][ T172] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.780169][ T172] rxrpc_call_completed+0xca/0xf0 [ 67.785195][ T172] rxrpc_discard_prealloc+0x781/0xab0 [ 67.790571][ T172] ? lock_sock_nested+0x94/0x110 [ 67.795513][ T172] rxrpc_listen+0x147/0x360 [ 67.800111][ T172] afs_close_socket+0x95/0x320 [ 67.804891][ T172] ? afs_purge_servers+0x16d/0x300 [ 67.810174][ T172] ? afs_rx_discard_new_call+0x50/0x50 [ 67.815635][ T172] ? init_wait_var_entry+0x200/0x200 [ 67.820922][ T172] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.826553][ T172] ? check_preemption_disabled+0x38/0x220 [ 67.832275][ T172] afs_net_exit+0x1bc/0x310 [ 67.836796][ T172] ? afs_net_init+0xe30/0xe30 [ 67.841477][ T172] ops_exit_list.isra.0+0xa8/0x150 [ 67.846594][ T172] cleanup_net+0x511/0xa50 [ 67.851014][ T172] ? unregister_pernet_device+0x70/0x70 [ 67.856561][ T172] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.862548][ T172] process_one_work+0x965/0x1690 [ 67.867602][ T172] ? lock_release+0x800/0x800 [ 67.872364][ T172] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.877749][ T172] ? rwlock_bug.part.0+0x90/0x90 [ 67.882700][ T172] worker_thread+0x96/0xe10 [ 67.887220][ T172] ? process_one_work+0x1690/0x1690 [ 67.892425][ T172] kthread+0x3b5/0x4a0 [ 67.898812][ T172] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.904669][ T172] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.910401][ T172] ret_from_fork+0x1f/0x30 [ 67.914825][ T172] [ 67.917148][ T172] Allocated by task 6813: [ 67.921491][ T172] save_stack+0x1b/0x40 [ 67.925642][ T172] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 67.931278][ T172] kmem_cache_alloc_trace+0x153/0x7d0 [ 67.936647][ T172] afs_alloc_call+0x55/0x630 [ 67.941234][ T172] afs_charge_preallocation+0xe9/0x2d0 [ 67.946773][ T172] afs_open_socket+0x292/0x360 [ 67.951529][ T172] afs_net_init+0xa6c/0xe30 [ 67.956109][ T172] ops_init+0xaf/0x420 [ 67.960169][ T172] setup_net+0x2de/0x860 [ 67.964402][ T172] copy_net_ns+0x293/0x590 [ 67.968816][ T172] create_new_namespaces+0x3fb/0xb30 [ 67.974114][ T172] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 67.979793][ T172] ksys_unshare+0x43d/0x8e0 [ 67.984315][ T172] __x64_sys_unshare+0x2d/0x40 [ 67.989099][ T172] do_syscall_64+0x60/0xe0 [ 67.993522][ T172] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.999414][ T172] [ 68.001736][ T172] Freed by task 172: [ 68.005627][ T172] save_stack+0x1b/0x40 [ 68.009782][ T172] __kasan_slab_free+0xf7/0x140 [ 68.014648][ T172] kfree+0x109/0x2b0 [ 68.018537][ T172] afs_put_call+0x585/0xa40 [ 68.023036][ T172] rxrpc_discard_prealloc+0x764/0xab0 [ 68.028403][ T172] rxrpc_listen+0x147/0x360 [ 68.032899][ T172] afs_close_socket+0x95/0x320 [ 68.037655][ T172] afs_net_exit+0x1bc/0x310 [ 68.042155][ T172] ops_exit_list.isra.0+0xa8/0x150 [ 68.047261][ T172] cleanup_net+0x511/0xa50 [ 68.051700][ T172] process_one_work+0x965/0x1690 [ 68.056636][ T172] worker_thread+0x96/0xe10 [ 68.061131][ T172] kthread+0x3b5/0x4a0 [ 68.065212][ T172] ret_from_fork+0x1f/0x30 [ 68.069616][ T172] [ 68.071968][ T172] The buggy address belongs to the object at ffff888090280000 [ 68.071968][ T172] which belongs to the cache kmalloc-1k of size 1024 [ 68.086898][ T172] The buggy address is located 484 bytes inside of [ 68.086898][ T172] 1024-byte region [ffff888090280000, ffff888090280400) [ 68.100246][ T172] The buggy address belongs to the page: [ 68.105885][ T172] page:ffffea000240a000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 68.114984][ T172] flags: 0xfffe0000000200(slab) [ 68.119836][ T172] raw: 00fffe0000000200 ffffea00025f9e08 ffffea00025d7048 ffff8880aa000c40 [ 68.128423][ T172] raw: 0000000000000000 ffff888090280000 0000000100000002 0000000000000000 [ 68.137143][ T172] page dumped because: kasan: bad access detected [ 68.143591][ T172] [ 68.145913][ T172] Memory state around the buggy address: [ 68.151541][ T172] ffff888090280080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.159598][ T172] ffff888090280100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.167747][ T172] >ffff888090280180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.175797][ T172] ^ [ 68.182990][ T172] ffff888090280200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.191223][ T172] ffff888090280280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.199464][ T172] ================================================================== [ 68.207639][ T172] Disabling lock debugging due to kernel taint [ 68.213847][ T172] Kernel panic - not syncing: panic_on_warn set ... [ 68.220439][ T172] CPU: 0 PID: 172 Comm: kworker/u4:4 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 68.230249][ T172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.240323][ T172] Workqueue: netns cleanup_net [ 68.245943][ T172] Call Trace: [ 68.249245][ T172] dump_stack+0x18f/0x20d [ 68.253575][ T172] ? afs_wake_up_async_call+0x670/0x770 [ 68.259114][ T172] ? afs_put_call+0xa40/0xa40 [ 68.263789][ T172] panic+0x2e3/0x75c [ 68.267777][ T172] ? __warn_printk+0xf3/0xf3 [ 68.272364][ T172] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 68.278614][ T172] ? trace_hardirqs_on+0x55/0x220 [ 68.283638][ T172] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.289185][ T172] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.294818][ T172] ? afs_put_call+0xa40/0xa40 [ 68.299495][ T172] end_report+0x4d/0x53 [ 68.303672][ T172] kasan_report.cold+0xd/0x37 [ 68.308344][ T172] ? rcu_read_lock_held_common+0x51/0xa0 [ 68.313966][ T172] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.319503][ T172] afs_wake_up_async_call+0x6aa/0x770 [ 68.324965][ T172] ? afs_close_socket+0x320/0x320 [ 68.329980][ T172] ? afs_put_call+0xa40/0xa40 [ 68.334672][ T172] rxrpc_notify_socket+0x1db/0x5d0 [ 68.339787][ T172] ? afs_put_call+0xa40/0xa40 [ 68.344463][ T172] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 68.350887][ T172] rxrpc_call_completed+0xca/0xf0 [ 68.355910][ T172] rxrpc_discard_prealloc+0x781/0xab0 [ 68.361280][ T172] ? lock_sock_nested+0x94/0x110 [ 68.366215][ T172] rxrpc_listen+0x147/0x360 [ 68.371514][ T172] afs_close_socket+0x95/0x320 [ 68.376286][ T172] ? afs_purge_servers+0x16d/0x300 [ 68.381398][ T172] ? afs_rx_discard_new_call+0x50/0x50 [ 68.386857][ T172] ? init_wait_var_entry+0x200/0x200 [ 68.392153][ T172] ? rcu_read_lock_held_common+0xa0/0xa0 [ 68.397780][ T172] ? check_preemption_disabled+0x38/0x220 [ 68.404969][ T172] afs_net_exit+0x1bc/0x310 [ 68.409488][ T172] ? afs_net_init+0xe30/0xe30 [ 68.418083][ T172] ops_exit_list.isra.0+0xa8/0x150 [ 68.423185][ T172] cleanup_net+0x511/0xa50 [ 68.427611][ T172] ? unregister_pernet_device+0x70/0x70 [ 68.433246][ T172] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.439221][ T172] process_one_work+0x965/0x1690 [ 68.444156][ T172] ? lock_release+0x800/0x800 [ 68.448826][ T172] ? pwq_dec_nr_in_flight+0x310/0x310 [ 68.454187][ T172] ? rwlock_bug.part.0+0x90/0x90 [ 68.459138][ T172] worker_thread+0x96/0xe10 [ 68.463900][ T172] ? process_one_work+0x1690/0x1690 [ 68.469088][ T172] kthread+0x3b5/0x4a0 [ 68.473242][ T172] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.478950][ T172] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.484662][ T172] ret_from_fork+0x1f/0x30 [ 68.490648][ T172] Kernel Offset: disabled [ 68.494976][ T172] Rebooting in 86400 seconds..