Starting Load/Save RF Kill Switch Status... [ 52.879168][ T6736] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6736 [ 52.888709][ T6736] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 52.894582][ T6736] CPU: 0 PID: 6736 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 52.902792][ T6736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.912823][ T6736] Call Trace: [ 52.916166][ T6736] dump_stack+0x18f/0x20d [ 52.920495][ T6736] check_preemption_disabled+0x20d/0x220 [ 52.926130][ T6736] ext4_mb_new_blocks+0xa4d/0x3b70 [ 52.931251][ T6736] ? ext4_ext_search_right+0x2ca/0xb20 [ 52.936703][ T6736] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 52.942409][ T6736] ext4_ext_map_blocks+0x201b/0x33e0 [ 52.947681][ T6736] ? ext4_ext_release+0x10/0x10 [ 52.952522][ T6736] ? down_write_killable+0x170/0x170 [ 52.957785][ T6736] ? ext4_es_lookup_extent+0x41d/0xd10 [ 52.963256][ T6736] ext4_map_blocks+0x4cb/0x1640 [ 52.968090][ T6736] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 52.973266][ T6736] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 52.978795][ T6736] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 52.984765][ T6736] ? prandom_u32_state+0xe/0x170 [ 52.989713][ T6736] ? __brelse+0x84/0xa0 [ 52.993866][ T6736] ? __ext4_new_inode+0x144/0x55e0 [ 52.998975][ T6736] ext4_getblk+0xad/0x520 [ 53.003288][ T6736] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 53.009036][ T6736] ? ext4_free_inode+0x1700/0x1700 [ 53.009057][ T6736] ext4_bread+0x7c/0x380 [ 53.009073][ T6736] ? ext4_getblk+0x520/0x520 [ 53.009089][ T6736] ? dquot_get_next_dqblk+0x180/0x180 [ 53.009114][ T6736] ext4_append+0x153/0x360 [ 53.009134][ T6736] ext4_mkdir+0x5e0/0xdf0 [ 53.009158][ T6736] ? ext4_rmdir+0xde0/0xde0 [ 53.009178][ T6736] ? security_inode_permission+0xc4/0xf0 [ 53.009202][ T6736] vfs_mkdir+0x419/0x690 [ 53.009230][ T6736] do_mkdirat+0x21e/0x280 [ 53.009248][ T6736] ? __ia32_sys_mknod+0xb0/0xb0 [ 53.009266][ T6736] ? do_syscall_64+0x1c/0xe0 [ 53.009283][ T6736] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 53.009302][ T6736] do_syscall_64+0x60/0xe0 [ 53.009320][ T6736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 53.009333][ T6736] RIP: 0033:0x7f860d8de687 [ 53.009338][ T6736] Code: Bad RIP value. [ 53.009346][ T6736] RSP: 002b:00007ffe47061108 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 53.009360][ T6736] RAX: ffffffffffffffda RBX: 00005620c7207985 RCX: 00007f860d8de687 [ 53.009369][ T6736] RDX: 00007ffe47060fd0 RSI: 00000000000001ed RDI: 00005620c7207985 [ 53.009377][ T6736] RBP: 00007f860d8de680 R08: 0000000000000100 R09: 0000000000000000 [ 53.009385][ T6736] R10: 00005620c7207980 R11: 0000000000000246 R12: 00000000000001ed [ 53.009393][ T6736] R13: 00007ffe47061290 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 56.304667][ T26] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:2/26 [ 56.313711][ T26] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.319975][ T26] CPU: 0 PID: 26 Comm: kworker/u4:2 Not tainted 5.7.0-syzkaller #0 [ 56.327865][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.337915][ T26] Workqueue: writeback wb_workfn (flush-8:0) [ 56.343890][ T26] Call Trace: [ 56.347162][ T26] dump_stack+0x18f/0x20d [ 56.351471][ T26] check_preemption_disabled+0x20d/0x220 [ 56.357097][ T26] ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.362192][ T26] ? ext4_find_extent+0x81a/0xad0 [ 56.367199][ T26] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.372725][ T26] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 56.378430][ T26] ext4_ext_map_blocks+0x201b/0x33e0 [ 56.383709][ T26] ? ext4_ext_release+0x10/0x10 [ 56.388556][ T26] ? down_write_killable+0x170/0x170 [ 56.393825][ T26] ? ext4_es_lookup_extent+0x41d/0xd10 [ 56.399278][ T26] ext4_map_blocks+0x4cb/0x1640 [ 56.404125][ T26] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 56.409304][ T26] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.414824][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.420780][ T26] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 56.426218][ T26] ext4_writepages+0x1a7b/0x33c0 [ 56.431144][ T26] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.436764][ T26] ? __lock_acquire+0x2224/0x48b0 [ 56.441772][ T26] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.447730][ T26] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.453688][ T26] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.459298][ T26] ? do_writepages+0xfa/0x2a0 [ 56.463949][ T26] do_writepages+0xfa/0x2a0 [ 56.468436][ T26] ? page_writeback_cpu_online+0x10/0x10 [ 56.474060][ T26] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.479702][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.485674][ T26] ? lock_downgrade+0x840/0x840 [ 56.490515][ T26] __writeback_single_inode+0x12a/0x13d0 [ 56.496145][ T26] ? _raw_spin_unlock+0x24/0x40 [ 56.500986][ T26] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 56.506947][ T26] writeback_sb_inodes+0x515/0xdc0 [ 56.512051][ T26] ? __writeback_single_inode+0x13d0/0x13d0 [ 56.517950][ T26] __writeback_inodes_wb+0xc3/0x250 [ 56.523144][ T26] wb_writeback+0x8db/0xd50 [ 56.527657][ T26] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 56.533976][ T26] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 56.539861][ T26] ? cpumask_next+0x3c/0x40 [ 56.544343][ T26] ? get_nr_dirty_inodes+0xd6/0x130 [ 56.549542][ T26] wb_workfn+0xab3/0x1090 [ 56.553852][ T26] ? inode_wait_for_writeback+0x30/0x30 [ 56.559379][ T26] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.564914][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.570885][ T26] process_one_work+0x965/0x1690 [ 56.575817][ T26] ? lock_release+0x800/0x800 [ 56.580470][ T26] ? pwq_dec_nr_in_flight+0x310/0x310 [ 56.585835][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 56.590762][ T26] worker_thread+0x96/0xe10 [ 56.595248][ T26] ? process_one_work+0x1690/0x1690 [ 56.600424][ T26] kthread+0x3b5/0x4a0 [ 56.604482][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.610174][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.615883][ T26] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.0.120' (ECDSA) to the list of known hosts. 2020/06/14 11:10:19 fuzzer started 2020/06/14 11:10:20 connecting to host at 10.128.0.26:34809 2020/06/14 11:10:20 checking machine... 2020/06/14 11:10:20 checking revisions... 2020/06/14 11:10:20 testing simple program... [ 58.442064][ T6813] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6813 [ 58.451313][ T6813] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.457303][ T6813] CPU: 1 PID: 6813 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 58.465195][ T6813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.475349][ T6813] Call Trace: [ 58.478635][ T6813] dump_stack+0x18f/0x20d [ 58.482945][ T6813] check_preemption_disabled+0x20d/0x220 [ 58.488576][ T6813] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.493683][ T6813] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.499130][ T6813] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.504839][ T6813] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.510104][ T6813] ? ext4_ext_release+0x10/0x10 [ 58.514943][ T6813] ? down_write_killable+0x170/0x170 [ 58.520205][ T6813] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.525658][ T6813] ext4_map_blocks+0x4cb/0x1640 [ 58.530489][ T6813] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.535673][ T6813] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.541194][ T6813] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.547255][ T6813] ? prandom_u32_state+0xe/0x170 [ 58.552169][ T6813] ? __brelse+0x84/0xa0 [ 58.556334][ T6813] ? __ext4_new_inode+0x144/0x55e0 [ 58.561426][ T6813] ext4_getblk+0xad/0x520 [ 58.565742][ T6813] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.571455][ T6813] ? ext4_free_inode+0x1700/0x1700 [ 58.576563][ T6813] ext4_bread+0x7c/0x380 [ 58.580806][ T6813] ? ext4_getblk+0x520/0x520 [ 58.585377][ T6813] ? dquot_get_next_dqblk+0x180/0x180 [ 58.590743][ T6813] ext4_append+0x153/0x360 [ 58.595150][ T6813] ext4_mkdir+0x5e0/0xdf0 [ 58.599492][ T6813] ? ext4_rmdir+0xde0/0xde0 [ 58.603976][ T6813] ? security_inode_permission+0xc4/0xf0 [ 58.609601][ T6813] vfs_mkdir+0x419/0x690 [ 58.613839][ T6813] do_mkdirat+0x21e/0x280 [ 58.618147][ T6813] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.622980][ T6813] ? do_syscall_64+0x1c/0xe0 [ 58.627563][ T6813] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.633519][ T6813] do_syscall_64+0x60/0xe0 [ 58.637926][ T6813] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.643798][ T6813] RIP: 0033:0x4b02a0 [ 58.647663][ T6813] Code: Bad RIP value. [ 58.651701][ T6813] RSP: 002b:000000c0001ef4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 58.660090][ T6813] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 58.668047][ T6813] RDX: 00000000000001c0 RSI: 000000c0000263a0 RDI: ffffffffffffff9c [ 58.675994][ T6813] RBP: 000000c0001ef510 R08: 0000000000000000 R09: 0000000000000000 [ 58.683952][ T6813] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 58.691918][ T6813] R13: 000000000000001e R14: 000000000000001d R15: 0000000000000100 [ 58.709576][ T6826] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6826 [ 58.719049][ T6826] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.725037][ T6826] CPU: 1 PID: 6826 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 58.733366][ T6826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.743403][ T6826] Call Trace: [ 58.746692][ T6826] dump_stack+0x18f/0x20d [ 58.751016][ T6826] check_preemption_disabled+0x20d/0x220 [ 58.756634][ T6826] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.761911][ T6826] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.767378][ T6826] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.773087][ T6826] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.778371][ T6826] ? ext4_ext_release+0x10/0x10 [ 58.783227][ T6826] ? down_write_killable+0x170/0x170 [ 58.788489][ T6826] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.793927][ T6826] ext4_map_blocks+0x4cb/0x1640 [ 58.798767][ T6826] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.803952][ T6826] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.809474][ T6826] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.815429][ T6826] ? prandom_u32_state+0xe/0x170 [ 58.820353][ T6826] ? __brelse+0x84/0xa0 [ 58.824496][ T6826] ? __ext4_new_inode+0x144/0x55e0 [ 58.829603][ T6826] ext4_getblk+0xad/0x520 [ 58.833914][ T6826] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.839621][ T6826] ? ext4_free_inode+0x1700/0x1700 [ 58.844710][ T6826] ext4_bread+0x7c/0x380 [ 58.848929][ T6826] ? ext4_getblk+0x520/0x520 [ 58.853541][ T6826] ? dquot_get_next_dqblk+0x180/0x180 [ 58.858921][ T6826] ext4_append+0x153/0x360 [ 58.863361][ T6826] ext4_mkdir+0x5e0/0xdf0 [ 58.867676][ T6826] ? ext4_rmdir+0xde0/0xde0 [ 58.872168][ T6826] ? security_inode_permission+0xc4/0xf0 [ 58.877788][ T6826] vfs_mkdir+0x419/0x690 [ 58.882007][ T6826] do_mkdirat+0x21e/0x280 [ 58.886317][ T6826] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.891150][ T6826] ? do_fast_syscall_32+0x40/0x120 [ 58.896241][ T6826] do_syscall_32_irqs_on+0x3f/0x60 [ 58.901355][ T6826] do_fast_syscall_32+0x7f/0x120 [ 58.906277][ T6826] entry_SYSENTER_compat+0x6d/0x7c [ 58.911400][ T6826] RIP: 0023:0xf7f58569 [ 58.915625][ T6826] Code: Bad RIP value. [ 58.919674][ T6826] RSP: 002b:00000000ffef817c EFLAGS: 00000292 ORIG_RAX: 0000000000000027 [ 58.928212][ T6826] RAX: ffffffffffffffda RBX: 00000000ffef8339 RCX: 00000000000001c0 [ 58.936185][ T6826] RDX: 0000000000000001 RSI: 000000008319c7ce RDI: 000000000000002b [ 58.944149][ T6826] RBP: 00000000ffef8345 R08: 0000000000000000 R09: 0000000000000000 [ 58.952109][ T6826] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 58.960063][ T6826] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 59.045861][ T6827] IPVS: ftp: loaded support on port[0] = 21 [ 59.084567][ T6827] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6827 [ 59.093996][ T6827] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.099884][ T6827] CPU: 0 PID: 6827 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 59.108204][ T6827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.118370][ T6827] Call Trace: [ 59.121653][ T6827] dump_stack+0x18f/0x20d [ 59.125983][ T6827] check_preemption_disabled+0x20d/0x220 [ 59.131626][ T6827] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.136763][ T6827] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.142201][ T6827] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.147907][ T6827] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.153218][ T6827] ? ext4_ext_release+0x10/0x10 [ 59.158063][ T6827] ? down_write_killable+0x170/0x170 [ 59.163365][ T6827] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.168824][ T6827] ext4_map_blocks+0x4cb/0x1640 [ 59.173666][ T6827] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.178843][ T6827] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.184368][ T6827] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.190332][ T6827] ? prandom_u32_state+0xe/0x170 [ 59.195250][ T6827] ? __brelse+0x84/0xa0 [ 59.199380][ T6827] ? __ext4_new_inode+0x144/0x55e0 [ 59.204470][ T6827] ext4_getblk+0xad/0x520 [ 59.208789][ T6827] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.214488][ T6827] ? ext4_free_inode+0x1700/0x1700 [ 59.219575][ T6827] ext4_bread+0x7c/0x380 [ 59.223794][ T6827] ? ext4_getblk+0x520/0x520 [ 59.228372][ T6827] ? dquot_get_next_dqblk+0x180/0x180 [ 59.233726][ T6827] ext4_append+0x153/0x360 [ 59.238140][ T6827] ext4_mkdir+0x5e0/0xdf0 [ 59.242500][ T6827] ? ext4_rmdir+0xde0/0xde0 [ 59.246992][ T6827] ? security_inode_permission+0xc4/0xf0 [ 59.252608][ T6827] vfs_mkdir+0x419/0x690 [ 59.258224][ T6827] do_mkdirat+0x21e/0x280 [ 59.262536][ T6827] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.267369][ T6827] ? do_fast_syscall_32+0x40/0x120 [ 59.272469][ T6827] do_syscall_32_irqs_on+0x3f/0x60 [ 59.277570][ T6827] do_fast_syscall_32+0x7f/0x120 [ 59.282485][ T6827] entry_SYSENTER_compat+0x6d/0x7c [ 59.287572][ T6827] RIP: 0023:0xf7f58569 [ 59.291631][ T6827] Code: Bad RIP value. [ 59.295760][ T6827] RSP: 002b:00000000086aff7c EFLAGS: 00000246 ORIG_RAX: 0000000000000027 [ 59.304160][ T6827] RAX: ffffffffffffffda RBX: 00000000080d83e9 RCX: 00000000000001ff [ 59.312117][ T6827] RDX: 0000000008055990 RSI: 0000000000000000 RDI: 0000000030000000 [ 59.320067][ T6827] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 59.328029][ T6827] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 59.336049][ T6827] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 2020/06/14 11:10:21 building call list... [ 59.673839][ T6771] tipc: TX() has been purged, node left! [ 60.195771][ T6771] ================================================================== [ 60.203984][ T6771] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 60.211866][ T6771] Write of size 1 at addr ffff8880a00f69e4 by task kworker/u4:7/6771 [ 60.219920][ T6771] [ 60.222245][ T6771] CPU: 0 PID: 6771 Comm: kworker/u4:7 Not tainted 5.7.0-syzkaller #0 [ 60.230295][ T6771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.240610][ T6771] Workqueue: netns cleanup_net [ 60.245363][ T6771] Call Trace: [ 60.248662][ T6771] dump_stack+0x18f/0x20d [ 60.252987][ T6771] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.258534][ T6771] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.264166][ T6771] ? afs_put_call+0xa40/0xa40 [ 60.268837][ T6771] print_address_description.constprop.0.cold+0xd3/0x413 [ 60.275886][ T6771] ? vprintk_func+0x97/0x1a6 [ 60.280480][ T6771] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.286021][ T6771] kasan_report.cold+0x1f/0x37 [ 60.290795][ T6771] ? rcu_read_lock_held+0x81/0xb0 [ 60.295817][ T6771] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.301363][ T6771] afs_wake_up_async_call+0x6aa/0x770 [ 60.306730][ T6771] ? afs_close_socket+0x320/0x320 [ 60.311753][ T6771] ? afs_put_call+0xa40/0xa40 [ 60.317138][ T6771] rxrpc_notify_socket+0x1db/0x5d0 [ 60.322273][ T6771] ? afs_put_call+0xa40/0xa40 [ 60.326945][ T6771] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 60.333357][ T6771] rxrpc_call_completed+0xca/0xf0 [ 60.338391][ T6771] rxrpc_discard_prealloc+0x781/0xab0 [ 60.343773][ T6771] ? lock_sock_nested+0x94/0x110 [ 60.348889][ T6771] rxrpc_listen+0x147/0x360 [ 60.355477][ T6771] afs_close_socket+0x95/0x320 [ 60.360236][ T6771] ? afs_purge_servers+0x16d/0x300 [ 60.365349][ T6771] ? afs_rx_discard_new_call+0x50/0x50 [ 60.371416][ T6771] ? init_wait_var_entry+0x200/0x200 [ 60.376702][ T6771] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.382334][ T6771] ? check_preemption_disabled+0x38/0x220 [ 60.388065][ T6771] afs_net_exit+0x1bc/0x310 [ 60.392566][ T6771] ? afs_net_init+0xe30/0xe30 [ 60.397239][ T6771] ops_exit_list.isra.0+0xa8/0x150 [ 60.402373][ T6771] cleanup_net+0x511/0xa50 [ 60.406796][ T6771] ? unregister_pernet_device+0x70/0x70 [ 60.412363][ T6771] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.418358][ T6771] process_one_work+0x965/0x1690 [ 60.423323][ T6771] ? lock_release+0x800/0x800 [ 60.428018][ T6771] ? pwq_dec_nr_in_flight+0x310/0x310 [ 60.433399][ T6771] ? rwlock_bug.part.0+0x90/0x90 [ 60.438361][ T6771] worker_thread+0x96/0xe10 [ 60.442988][ T6771] ? process_one_work+0x1690/0x1690 [ 60.448191][ T6771] kthread+0x3b5/0x4a0 [ 60.452255][ T6771] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.457992][ T6771] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.463712][ T6771] ret_from_fork+0x1f/0x30 [ 60.468133][ T6771] [ 60.470465][ T6771] Allocated by task 6827: [ 60.474788][ T6771] save_stack+0x1b/0x40 [ 60.478939][ T6771] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 60.484564][ T6771] kmem_cache_alloc_trace+0x153/0x7d0 [ 60.489947][ T6771] afs_alloc_call+0x55/0x630 [ 60.494533][ T6771] afs_charge_preallocation+0xe9/0x2d0 [ 60.499988][ T6771] afs_open_socket+0x292/0x360 [ 60.504848][ T6771] afs_net_init+0xa6c/0xe30 [ 60.509341][ T6771] ops_init+0xaf/0x420 [ 60.513401][ T6771] setup_net+0x2de/0x860 [ 60.517633][ T6771] copy_net_ns+0x293/0x590 [ 60.522056][ T6771] create_new_namespaces+0x3fb/0xb30 [ 60.527331][ T6771] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 60.532954][ T6771] ksys_unshare+0x43d/0x8e0 [ 60.537450][ T6771] __ia32_sys_unshare+0x2c/0x40 [ 60.542302][ T6771] do_syscall_32_irqs_on+0x3f/0x60 [ 60.547602][ T6771] do_fast_syscall_32+0x7f/0x120 [ 60.552537][ T6771] entry_SYSENTER_compat+0x6d/0x7c [ 60.557631][ T6771] [ 60.559949][ T6771] Freed by task 6771: [ 60.563927][ T6771] save_stack+0x1b/0x40 [ 60.568077][ T6771] __kasan_slab_free+0xf7/0x140 [ 60.572918][ T6771] kfree+0x109/0x2b0 [ 60.576804][ T6771] afs_put_call+0x585/0xa40 [ 60.581303][ T6771] rxrpc_discard_prealloc+0x764/0xab0 [ 60.586668][ T6771] rxrpc_listen+0x147/0x360 [ 60.591171][ T6771] afs_close_socket+0x95/0x320 [ 60.596014][ T6771] afs_net_exit+0x1bc/0x310 [ 60.600513][ T6771] ops_exit_list.isra.0+0xa8/0x150 [ 60.605701][ T6771] cleanup_net+0x511/0xa50 [ 60.610108][ T6771] process_one_work+0x965/0x1690 [ 60.615039][ T6771] worker_thread+0x96/0xe10 [ 60.619535][ T6771] kthread+0x3b5/0x4a0 [ 60.623596][ T6771] ret_from_fork+0x1f/0x30 [ 60.627993][ T6771] [ 60.630316][ T6771] The buggy address belongs to the object at ffff8880a00f6800 [ 60.630316][ T6771] which belongs to the cache kmalloc-1k of size 1024 [ 60.644361][ T6771] The buggy address is located 484 bytes inside of [ 60.644361][ T6771] 1024-byte region [ffff8880a00f6800, ffff8880a00f6c00) [ 60.657710][ T6771] The buggy address belongs to the page: [ 60.663356][ T6771] page:ffffea0002803d80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 60.672472][ T6771] flags: 0xfffe0000000200(slab) [ 60.678307][ T6771] raw: 00fffe0000000200 ffffea0002832008 ffffea00028354c8 ffff8880aa000c40 [ 60.686909][ T6771] raw: 0000000000000000 ffff8880a00f6000 0000000100000002 0000000000000000 [ 60.695483][ T6771] page dumped because: kasan: bad access detected [ 60.701880][ T6771] [ 60.704369][ T6771] Memory state around the buggy address: [ 60.710002][ T6771] ffff8880a00f6880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.718057][ T6771] ffff8880a00f6900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.726113][ T6771] >ffff8880a00f6980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.734162][ T6771] ^ [ 60.741355][ T6771] ffff8880a00f6a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.749408][ T6771] ffff8880a00f6a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.757542][ T6771] ================================================================== [ 60.765591][ T6771] Disabling lock debugging due to kernel taint [ 60.772420][ T6771] Kernel panic - not syncing: panic_on_warn set ... [ 60.779013][ T6771] CPU: 0 PID: 6771 Comm: kworker/u4:7 Tainted: G B 5.7.0-syzkaller #0 [ 60.788567][ T6771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.798717][ T6771] Workqueue: netns cleanup_net [ 60.803593][ T6771] Call Trace: [ 60.806887][ T6771] dump_stack+0x18f/0x20d [ 60.811222][ T6771] ? afs_wake_up_async_call+0x5f0/0x770 [ 60.818077][ T6771] ? afs_put_call+0xa40/0xa40 [ 60.822775][ T6771] panic+0x2e3/0x75c [ 60.826766][ T6771] ? __warn_printk+0xf3/0xf3 [ 60.831708][ T6771] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 60.837970][ T6771] ? trace_hardirqs_on+0x55/0x220 [ 60.843004][ T6771] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.848631][ T6771] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.854162][ T6771] ? afs_put_call+0xa40/0xa40 [ 60.859261][ T6771] end_report+0x4d/0x53 [ 60.863404][ T6771] kasan_report.cold+0xd/0x37 [ 60.868084][ T6771] ? rcu_read_lock_held+0x81/0xb0 [ 60.873132][ T6771] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.878680][ T6771] afs_wake_up_async_call+0x6aa/0x770 [ 60.884575][ T6771] ? afs_close_socket+0x320/0x320 [ 60.889703][ T6771] ? afs_put_call+0xa40/0xa40 [ 60.894430][ T6771] rxrpc_notify_socket+0x1db/0x5d0 [ 60.899541][ T6771] ? afs_put_call+0xa40/0xa40 [ 60.904222][ T6771] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 60.910665][ T6771] rxrpc_call_completed+0xca/0xf0 [ 60.915705][ T6771] rxrpc_discard_prealloc+0x781/0xab0 [ 60.921072][ T6771] ? lock_sock_nested+0x94/0x110 [ 60.926134][ T6771] rxrpc_listen+0x147/0x360 [ 60.930644][ T6771] afs_close_socket+0x95/0x320 [ 60.935861][ T6771] ? afs_purge_servers+0x16d/0x300 [ 60.941662][ T6771] ? afs_rx_discard_new_call+0x50/0x50 [ 60.947146][ T6771] ? init_wait_var_entry+0x200/0x200 [ 60.952536][ T6771] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.958168][ T6771] ? check_preemption_disabled+0x38/0x220 [ 60.963883][ T6771] afs_net_exit+0x1bc/0x310 [ 60.968541][ T6771] ? afs_net_init+0xe30/0xe30 [ 60.973367][ T6771] ops_exit_list.isra.0+0xa8/0x150 [ 60.978746][ T6771] cleanup_net+0x511/0xa50 [ 60.983167][ T6771] ? unregister_pernet_device+0x70/0x70 [ 60.989922][ T6771] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.996023][ T6771] process_one_work+0x965/0x1690 [ 61.002220][ T6771] ? lock_release+0x800/0x800 [ 61.006890][ T6771] ? pwq_dec_nr_in_flight+0x310/0x310 [ 61.014002][ T6771] ? rwlock_bug.part.0+0x90/0x90 [ 61.018938][ T6771] worker_thread+0x96/0xe10 [ 61.023462][ T6771] ? process_one_work+0x1690/0x1690 [ 61.029103][ T6771] kthread+0x3b5/0x4a0 [ 61.033249][ T6771] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.039174][ T6771] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.044956][ T6771] ret_from_fork+0x1f/0x30 [ 61.050097][ T6771] Kernel Offset: disabled [ 61.054868][ T6771] Rebooting in 86400 seconds..