[ 59.670373][ T6907] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6907 [ 59.680211][ T6907] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.686559][ T6907] CPU: 1 PID: 6907 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 59.695173][ T6907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.705761][ T6907] Call Trace: [ 59.709078][ T6907] dump_stack+0x18f/0x20d [ 59.714743][ T6907] check_preemption_disabled+0x20d/0x220 [ 59.720359][ T6907] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.725462][ T6907] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.730898][ T6907] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.736629][ T6907] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.742333][ T6907] ? ext4_ext_release+0x10/0x10 [ 59.747868][ T6907] ? down_write_killable+0x170/0x170 [ 59.753165][ T6907] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.759005][ T6907] ext4_map_blocks+0x4cb/0x1640 [ 59.763851][ T6907] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.769035][ T6907] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.774584][ T6907] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.781118][ T6907] ? prandom_u32_state+0xe/0x170 [ 59.786156][ T6907] ? __brelse+0x84/0xa0 [ 59.790319][ T6907] ? __ext4_new_inode+0x144/0x55e0 [ 59.795458][ T6907] ext4_getblk+0xad/0x520 [ 59.799922][ T6907] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.805665][ T6907] ? ext4_free_inode+0x1700/0x1700 [ 59.810759][ T6907] ext4_bread+0x7c/0x380 [ 59.814993][ T6907] ? ext4_getblk+0x520/0x520 [ 59.819580][ T6907] ? dquot_get_next_dqblk+0x180/0x180 [ 59.824960][ T6907] ext4_append+0x153/0x360 [ 59.829373][ T6907] ext4_mkdir+0x5e0/0xdf0 [ 59.834235][ T6907] ? ext4_rmdir+0xde0/0xde0 [ 59.838731][ T6907] ? security_inode_permission+0xc4/0xf0 [ 59.844533][ T6907] vfs_mkdir+0x419/0x690 [ 59.848805][ T6907] do_mkdirat+0x21e/0x280 [ 59.853124][ T6907] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.858046][ T6907] ? do_syscall_64+0x1c/0xe0 [ 59.862620][ T6907] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.868612][ T6907] do_syscall_64+0x60/0xe0 [ 59.873303][ T6907] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.879186][ T6907] RIP: 0033:0x7fe192922687 [ 59.883592][ T6907] Code: Bad RIP value. [ 59.887676][ T6907] RSP: 002b:00007fff5468d998 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.896209][ T6907] RAX: ffffffffffffffda RBX: 000055b25c16c985 RCX: 00007fe192922687 [ 59.904381][ T6907] RDX: 00007fff5468d860 RSI: 00000000000001ed RDI: 000055b25c16c985 [ 59.912360][ T6907] RBP: 00007fe192922680 R08: 0000000000000100 R09: 0000000000000000 [ 59.920311][ T6907] R10: 000055b25c16c980 R11: 0000000000000246 R12: 00000000000001ed [ 59.928261][ T6907] R13: 00007fff5468db20 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts. 2020/06/16 04:34:31 fuzzer started 2020/06/16 04:34:31 connecting to host at 10.128.0.26:40327 2020/06/16 04:34:31 checking machine... 2020/06/16 04:34:31 checking revisions... 2020/06/16 04:34:32 testing simple program... syzkaller login: [ 64.815651][ T6915] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6915 [ 64.825326][ T6915] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.831342][ T6915] CPU: 1 PID: 6915 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 64.839716][ T6915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.849870][ T6915] Call Trace: [ 64.853392][ T6915] dump_stack+0x18f/0x20d [ 64.857879][ T6915] check_preemption_disabled+0x20d/0x220 [ 64.863546][ T6915] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.868808][ T6915] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.874382][ T6915] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.880142][ T6915] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.885425][ T6915] ? ext4_ext_release+0x10/0x10 [ 64.890287][ T6915] ? down_write_killable+0x170/0x170 [ 64.895556][ T6915] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.901088][ T6915] ext4_map_blocks+0x4cb/0x1640 [ 64.906185][ T6915] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.911498][ T6915] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.917231][ T6915] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.923200][ T6915] ? prandom_u32_state+0xe/0x170 [ 64.928130][ T6915] ? __brelse+0x84/0xa0 [ 64.932308][ T6915] ? __ext4_new_inode+0x144/0x55e0 [ 64.937511][ T6915] ext4_getblk+0xad/0x520 [ 64.941885][ T6915] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.947647][ T6915] ? ext4_free_inode+0x1700/0x1700 [ 64.952768][ T6915] ext4_bread+0x7c/0x380 [ 64.957032][ T6915] ? ext4_getblk+0x520/0x520 [ 64.961653][ T6915] ? dquot_get_next_dqblk+0x180/0x180 [ 64.967033][ T6915] ext4_append+0x153/0x360 [ 64.971441][ T6915] ext4_mkdir+0x5e0/0xdf0 [ 64.975806][ T6915] ? ext4_rmdir+0xde0/0xde0 [ 64.980445][ T6915] ? security_inode_permission+0xc4/0xf0 [ 64.986079][ T6915] vfs_mkdir+0x419/0x690 [ 64.990460][ T6915] do_mkdirat+0x21e/0x280 [ 64.994789][ T6915] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.999627][ T6915] ? do_syscall_64+0x1c/0xe0 [ 65.004203][ T6915] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.010429][ T6915] do_syscall_64+0x60/0xe0 [ 65.014930][ T6915] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.020835][ T6915] RIP: 0033:0x4b02a0 [ 65.024722][ T6915] Code: Bad RIP value. [ 65.028771][ T6915] RSP: 002b:000000c0003bf4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 65.037160][ T6915] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 65.045201][ T6915] RDX: 00000000000001c0 RSI: 000000c00009c820 RDI: ffffffffffffff9c [ 65.054131][ T6915] RBP: 000000c0003bf510 R08: 0000000000000000 R09: 0000000000000000 [ 65.062103][ T6915] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 65.070053][ T6915] R13: 0000000000000042 R14: 0000000000000041 R15: 0000000000000100 [ 65.091426][ T6934] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6934 [ 65.100889][ T6934] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.106833][ T6934] CPU: 1 PID: 6934 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.115516][ T6934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.125756][ T6934] Call Trace: [ 65.129058][ T6934] dump_stack+0x18f/0x20d [ 65.133399][ T6934] check_preemption_disabled+0x20d/0x220 [ 65.139040][ T6934] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.144184][ T6934] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.149653][ T6934] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.155406][ T6934] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.160718][ T6934] ? ext4_ext_release+0x10/0x10 [ 65.165608][ T6934] ? down_write_killable+0x170/0x170 [ 65.173864][ T6934] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.179462][ T6934] ext4_map_blocks+0x4cb/0x1640 [ 65.184327][ T6934] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.189512][ T6934] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.195063][ T6934] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.201035][ T6934] ? prandom_u32_state+0xe/0x170 [ 65.205986][ T6934] ? __brelse+0x84/0xa0 [ 65.210469][ T6934] ? __ext4_new_inode+0x144/0x55e0 [ 65.215734][ T6934] ext4_getblk+0xad/0x520 [ 65.220215][ T6934] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.225944][ T6934] ? ext4_free_inode+0x1700/0x1700 [ 65.231266][ T6934] ext4_bread+0x7c/0x380 [ 65.235495][ T6934] ? ext4_getblk+0x520/0x520 [ 65.240067][ T6934] ? dquot_get_next_dqblk+0x180/0x180 [ 65.245429][ T6934] ext4_append+0x153/0x360 [ 65.249984][ T6934] ext4_mkdir+0x5e0/0xdf0 [ 65.254311][ T6934] ? ext4_rmdir+0xde0/0xde0 [ 65.260317][ T6934] ? security_inode_permission+0xc4/0xf0 [ 65.266074][ T6934] vfs_mkdir+0x419/0x690 [ 65.270309][ T6934] do_mkdirat+0x21e/0x280 [ 65.274631][ T6934] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.279663][ T6934] ? do_syscall_64+0x1c/0xe0 [ 65.284333][ T6934] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.290651][ T6934] do_syscall_64+0x60/0xe0 [ 65.295050][ T6934] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.300917][ T6934] RIP: 0033:0x45bed7 [ 65.304810][ T6934] Code: Bad RIP value. [ 65.308864][ T6934] RSP: 002b:00007fffb0d2c068 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 65.317252][ T6934] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 65.325375][ T6934] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007fffb0d2c240 [ 65.333342][ T6934] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003300 [ 65.341319][ T6934] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 65.349285][ T6934] R13: 00007fffb0d2c240 R14: 8421084210842109 R15: 00007fffb0d2c24c [ 65.441190][ T6935] IPVS: ftp: loaded support on port[0] = 21 [ 65.481322][ T6935] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6935 [ 65.491056][ T6935] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.496964][ T6935] CPU: 0 PID: 6935 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.505710][ T6935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.515840][ T6935] Call Trace: [ 65.519114][ T6935] dump_stack+0x18f/0x20d [ 65.523435][ T6935] check_preemption_disabled+0x20d/0x220 [ 65.529398][ T6935] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.534499][ T6935] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.540037][ T6935] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.545846][ T6935] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.551422][ T6935] ? ext4_ext_release+0x10/0x10 [ 65.556362][ T6935] ? down_write_killable+0x170/0x170 [ 65.561685][ T6935] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.567483][ T6935] ext4_map_blocks+0x4cb/0x1640 [ 65.572328][ T6935] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.577525][ T6935] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.583290][ T6935] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.589260][ T6935] ? prandom_u32_state+0xe/0x170 [ 65.594223][ T6935] ? __brelse+0x84/0xa0 [ 65.598468][ T6935] ? __ext4_new_inode+0x144/0x55e0 [ 65.603592][ T6935] ext4_getblk+0xad/0x520 [ 65.608051][ T6935] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.613918][ T6935] ? ext4_free_inode+0x1700/0x1700 [ 65.619013][ T6935] ext4_bread+0x7c/0x380 [ 65.623369][ T6935] ? ext4_getblk+0x520/0x520 [ 65.627945][ T6935] ? dquot_get_next_dqblk+0x180/0x180 [ 65.633325][ T6935] ext4_append+0x153/0x360 [ 65.637727][ T6935] ext4_mkdir+0x5e0/0xdf0 [ 65.642132][ T6935] ? ext4_rmdir+0xde0/0xde0 [ 65.646626][ T6935] ? security_inode_permission+0xc4/0xf0 [ 65.652394][ T6935] vfs_mkdir+0x419/0x690 [ 65.656708][ T6935] do_mkdirat+0x21e/0x280 [ 65.661027][ T6935] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.665860][ T6935] ? do_syscall_64+0x1c/0xe0 [ 65.670660][ T6935] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.676651][ T6935] do_syscall_64+0x60/0xe0 [ 65.682970][ T6935] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.688862][ T6935] RIP: 0033:0x45bed7 [ 65.692736][ T6935] Code: Bad RIP value. [ 65.696782][ T6935] RSP: 002b:00007fffb0d2bf58 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 65.705593][ T6935] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 65.713559][ T6935] RDX: 00007fffb0d2bfa3 RSI: 00000000000001ff RDI: 00007fffb0d2bfa0 [ 65.721890][ T6935] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 65.729854][ T6935] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185c0 [ 65.738051][ T6935] R13: 00007fffb0d2bf90 R14: 0000000000000000 R15: 00007fffb0d2bfa0 [ 65.792902][ T6935] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6935 [ 65.802384][ T6935] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.808488][ T6935] CPU: 1 PID: 6935 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.817160][ T6935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.827220][ T6935] Call Trace: [ 65.830523][ T6935] dump_stack+0x18f/0x20d [ 65.834876][ T6935] check_preemption_disabled+0x20d/0x220 [ 65.840525][ T6935] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.845682][ T6935] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.851151][ T6935] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.856917][ T6935] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.862244][ T6935] ? ext4_ext_release+0x10/0x10 [ 65.867386][ T6935] ? down_write_killable+0x170/0x170 [ 65.872727][ T6935] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.878295][ T6935] ext4_map_blocks+0x4cb/0x1640 [ 65.883161][ T6935] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.888347][ T6935] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.894028][ T6935] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.900168][ T6935] ? prandom_u32_state+0xe/0x170 [ 65.905095][ T6935] ? __brelse+0x84/0xa0 [ 65.909254][ T6935] ? __ext4_new_inode+0x144/0x55e0 [ 65.914381][ T6935] ext4_getblk+0xad/0x520 [ 65.918711][ T6935] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.924755][ T6935] ? ext4_free_inode+0x1700/0x1700 [ 65.929864][ T6935] ext4_bread+0x7c/0x380 [ 65.934180][ T6935] ? ext4_getblk+0x520/0x520 [ 65.938760][ T6935] ? dquot_get_next_dqblk+0x180/0x180 [ 65.944121][ T6935] ext4_append+0x153/0x360 [ 65.948540][ T6935] ext4_mkdir+0x5e0/0xdf0 [ 65.952873][ T6935] ? ext4_rmdir+0xde0/0xde0 [ 65.957535][ T6935] ? security_inode_permission+0xc4/0xf0 [ 65.963166][ T6935] vfs_mkdir+0x419/0x690 [ 65.967399][ T6935] do_mkdirat+0x21e/0x280 [ 65.971717][ T6935] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.976550][ T6935] ? do_syscall_64+0x1c/0xe0 [ 65.981121][ T6935] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.987107][ T6935] do_syscall_64+0x60/0xe0 [ 65.991642][ T6935] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.997532][ T6935] RIP: 0033:0x45bed7 [ 66.001592][ T6935] Code: Bad RIP value. [ 66.005743][ T6935] RSP: 002b:00007fffb0d2bf58 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 66.015282][ T6935] RAX: ffffffffffffffda RBX: 00000000000100f4 RCX: 000000000045bed7 [ 66.023327][ T6935] RDX: 00007fffb0d2bfa3 RSI: 00000000000001ff RDI: 00007fffb0d2bfa0 [ 66.031278][ T6935] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/16 04:34:33 building call list... [ 66.039254][ T6935] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 66.047205][ T6935] R13: 00007fffb0d2bf90 R14: 00000000000100f0 R15: 00007fffb0d2bfa0 [ 66.280464][ T196] tipc: TX() has been purged, node left! [ 66.812701][ T196] ================================================================== [ 66.820960][ T196] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 66.828850][ T196] Write of size 1 at addr ffff8880a1def9e4 by task kworker/u4:5/196 [ 66.836821][ T196] [ 66.839160][ T196] CPU: 0 PID: 196 Comm: kworker/u4:5 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.847490][ T196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.857566][ T196] Workqueue: netns cleanup_net [ 66.862325][ T196] Call Trace: [ 66.865619][ T196] dump_stack+0x18f/0x20d [ 66.869955][ T196] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.875512][ T196] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.881053][ T196] ? afs_put_call+0xa40/0xa40 [ 66.885742][ T196] print_address_description.constprop.0.cold+0xd3/0x413 [ 66.892771][ T196] ? vprintk_func+0x97/0x1a6 [ 66.897365][ T196] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.902909][ T196] kasan_report.cold+0x1f/0x37 [ 66.907675][ T196] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.913314][ T196] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.918866][ T196] afs_wake_up_async_call+0x6aa/0x770 [ 66.924235][ T196] ? afs_close_socket+0x320/0x320 [ 66.929260][ T196] ? afs_put_call+0xa40/0xa40 [ 66.933957][ T196] rxrpc_notify_socket+0x1db/0x5d0 [ 66.939233][ T196] ? afs_put_call+0xa40/0xa40 [ 66.943930][ T196] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.950367][ T196] rxrpc_call_completed+0xca/0xf0 [ 66.955417][ T196] rxrpc_discard_prealloc+0x781/0xab0 [ 66.960803][ T196] ? lock_sock_nested+0x94/0x110 [ 66.965754][ T196] rxrpc_listen+0x147/0x360 [ 66.970266][ T196] afs_close_socket+0x95/0x320 [ 66.975027][ T196] ? afs_purge_servers+0x16d/0x300 [ 66.980153][ T196] ? afs_rx_discard_new_call+0x50/0x50 [ 66.985641][ T196] ? init_wait_var_entry+0x200/0x200 [ 66.990936][ T196] ? rcu_read_lock_held_common+0xa0/0xa0 [ 66.996571][ T196] ? check_preemption_disabled+0x38/0x220 [ 67.002732][ T196] afs_net_exit+0x1bc/0x310 [ 67.007241][ T196] ? afs_net_init+0xe30/0xe30 [ 67.011919][ T196] ops_exit_list.isra.0+0xa8/0x150 [ 67.017451][ T196] cleanup_net+0x511/0xa50 [ 67.022262][ T196] ? unregister_pernet_device+0x70/0x70 [ 67.028423][ T196] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.034521][ T196] process_one_work+0x965/0x1690 [ 67.039911][ T196] ? lock_release+0x800/0x800 [ 67.044590][ T196] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.050055][ T196] ? rwlock_bug.part.0+0x90/0x90 [ 67.055003][ T196] worker_thread+0x96/0xe10 [ 67.060220][ T196] ? process_one_work+0x1690/0x1690 [ 67.065421][ T196] kthread+0x3b5/0x4a0 [ 67.069505][ T196] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.075223][ T196] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.080946][ T196] ret_from_fork+0x1f/0x30 [ 67.085372][ T196] [ 67.087744][ T196] Allocated by task 6935: [ 67.092074][ T196] save_stack+0x1b/0x40 [ 67.096228][ T196] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 67.102116][ T196] kmem_cache_alloc_trace+0x153/0x7d0 [ 67.107841][ T196] afs_alloc_call+0x55/0x630 [ 67.112448][ T196] afs_charge_preallocation+0xe9/0x2d0 [ 67.117902][ T196] afs_open_socket+0x292/0x360 [ 67.122702][ T196] afs_net_init+0xa6c/0xe30 [ 67.127203][ T196] ops_init+0xaf/0x420 [ 67.131276][ T196] setup_net+0x2de/0x860 [ 67.135515][ T196] copy_net_ns+0x293/0x590 [ 67.139931][ T196] create_new_namespaces+0x3fb/0xb30 [ 67.145219][ T196] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 67.150846][ T196] ksys_unshare+0x43d/0x8e0 [ 67.155373][ T196] __x64_sys_unshare+0x2d/0x40 [ 67.160136][ T196] do_syscall_64+0x60/0xe0 [ 67.164663][ T196] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.170557][ T196] [ 67.172883][ T196] Freed by task 196: [ 67.176777][ T196] save_stack+0x1b/0x40 [ 67.180933][ T196] __kasan_slab_free+0xf7/0x140 [ 67.185778][ T196] kfree+0x109/0x2b0 [ 67.189666][ T196] afs_put_call+0x585/0xa40 [ 67.194179][ T196] rxrpc_discard_prealloc+0x764/0xab0 [ 67.199547][ T196] rxrpc_listen+0x147/0x360 [ 67.204510][ T196] afs_close_socket+0x95/0x320 [ 67.209277][ T196] afs_net_exit+0x1bc/0x310 [ 67.213776][ T196] ops_exit_list.isra.0+0xa8/0x150 [ 67.218967][ T196] cleanup_net+0x511/0xa50 [ 67.223383][ T196] process_one_work+0x965/0x1690 [ 67.228336][ T196] worker_thread+0x96/0xe10 [ 67.232835][ T196] kthread+0x3b5/0x4a0 [ 67.236924][ T196] ret_from_fork+0x1f/0x30 [ 67.241412][ T196] [ 67.243748][ T196] The buggy address belongs to the object at ffff8880a1def800 [ 67.243748][ T196] which belongs to the cache kmalloc-1k of size 1024 [ 67.257803][ T196] The buggy address is located 484 bytes inside of [ 67.257803][ T196] 1024-byte region [ffff8880a1def800, ffff8880a1defc00) [ 67.271496][ T196] The buggy address belongs to the page: [ 67.277162][ T196] page:ffffea0002877bc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 67.286264][ T196] flags: 0xfffe0000000200(slab) [ 67.291120][ T196] raw: 00fffe0000000200 ffffea00029c8c08 ffffea000299bf88 ffff8880aa000c40 [ 67.299716][ T196] raw: 0000000000000000 ffff8880a1def000 0000000100000002 0000000000000000 [ 67.308465][ T196] page dumped because: kasan: bad access detected [ 67.314867][ T196] [ 67.317190][ T196] Memory state around the buggy address: [ 67.322821][ T196] ffff8880a1def880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.330914][ T196] ffff8880a1def900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.339057][ T196] >ffff8880a1def980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.348694][ T196] ^ [ 67.357198][ T196] ffff8880a1defa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.365526][ T196] ffff8880a1defa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.373579][ T196] ================================================================== [ 67.381640][ T196] Disabling lock debugging due to kernel taint [ 67.387856][ T196] Kernel panic - not syncing: panic_on_warn set ... [ 67.394457][ T196] CPU: 0 PID: 196 Comm: kworker/u4:5 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 67.404447][ T196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.414715][ T196] Workqueue: netns cleanup_net [ 67.419479][ T196] Call Trace: [ 67.422884][ T196] dump_stack+0x18f/0x20d [ 67.427238][ T196] ? afs_wake_up_async_call+0x670/0x770 [ 67.432810][ T196] ? afs_put_call+0xa40/0xa40 [ 67.437684][ T196] panic+0x2e3/0x75c [ 67.441595][ T196] ? __warn_printk+0xf3/0xf3 [ 67.446196][ T196] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 67.452350][ T196] ? trace_hardirqs_on+0x55/0x220 [ 67.458755][ T196] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.464393][ T196] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.471030][ T196] ? afs_put_call+0xa40/0xa40 [ 67.477451][ T196] end_report+0x4d/0x53 [ 67.481806][ T196] kasan_report.cold+0xd/0x37 [ 67.486601][ T196] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.492709][ T196] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.498273][ T196] afs_wake_up_async_call+0x6aa/0x770 [ 67.503846][ T196] ? afs_close_socket+0x320/0x320 [ 67.508990][ T196] ? afs_put_call+0xa40/0xa40 [ 67.513704][ T196] rxrpc_notify_socket+0x1db/0x5d0 [ 67.518820][ T196] ? afs_put_call+0xa40/0xa40 [ 67.523502][ T196] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.529913][ T196] rxrpc_call_completed+0xca/0xf0 [ 67.534943][ T196] rxrpc_discard_prealloc+0x781/0xab0 [ 67.540480][ T196] ? lock_sock_nested+0x94/0x110 [ 67.545432][ T196] rxrpc_listen+0x147/0x360 [ 67.549935][ T196] afs_close_socket+0x95/0x320 [ 67.554918][ T196] ? afs_purge_servers+0x16d/0x300 [ 67.560046][ T196] ? afs_rx_discard_new_call+0x50/0x50 [ 67.565585][ T196] ? init_wait_var_entry+0x200/0x200 [ 67.570871][ T196] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.576513][ T196] ? check_preemption_disabled+0x38/0x220 [ 67.582250][ T196] afs_net_exit+0x1bc/0x310 [ 67.586749][ T196] ? afs_net_init+0xe30/0xe30 [ 67.591514][ T196] ops_exit_list.isra.0+0xa8/0x150 [ 67.596635][ T196] cleanup_net+0x511/0xa50 [ 67.601058][ T196] ? unregister_pernet_device+0x70/0x70 [ 67.606594][ T196] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.612580][ T196] process_one_work+0x965/0x1690 [ 67.617520][ T196] ? lock_release+0x800/0x800 [ 67.622199][ T196] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.627856][ T196] ? rwlock_bug.part.0+0x90/0x90 [ 67.632806][ T196] worker_thread+0x96/0xe10 [ 67.637451][ T196] ? process_one_work+0x1690/0x1690 [ 67.642657][ T196] kthread+0x3b5/0x4a0 [ 67.646844][ T196] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.652752][ T196] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.659562][ T196] ret_from_fork+0x1f/0x30 [ 67.665940][ T196] Kernel Offset: disabled [ 67.670367][ T196] Rebooting in 86400 seconds..