[ 49.664597][ T6774] do_syscall_64+0x60/0xe0 [ 49.669013][ T6774] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 49.674899][ T6774] RIP: 0033:0x7f5ebc8da687 [ 49.679310][ T6774] Code: Bad RIP value. [ 49.683471][ T6774] RSP: 002b:00007ffea5067b58 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 49.691879][ T6774] RAX: ffffffffffffffda RBX: 0000561d82acd985 RCX: 00007f5ebc8da687 [ 49.699852][ T6774] RDX: 00007ffea5067a20 RSI: 00000000000001ed RDI: 0000561d82acd985 [ 49.707826][ T6774] RBP: 00007f5ebc8da680 R08: 0000000000000100 R09: 0000000000000000 [ 49.715795][ T6774] R10: 0000561d82acd980 R11: 0000000000000246 R12: 00000000000001ed [ 49.723769][ T6774] R13: 00007ffea5067ce0 R14: 0000000000000000 R15: 0000000000000000 [ 56.212329][ T547] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:4/547 [ 56.221497][ T547] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.227380][ T547] CPU: 0 PID: 547 Comm: kworker/u4:4 Not tainted 5.7.0-next-20200610-syzkaller #0 [ 56.236578][ T547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.246626][ T547] Workqueue: writeback wb_workfn (flush-8:0) [ 56.252580][ T547] Call Trace: [ 56.255848][ T547] dump_stack+0x18f/0x20d [ 56.260158][ T547] check_preemption_disabled+0x20d/0x220 [ 56.265778][ T547] ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.270885][ T547] ? ext4_find_extent+0x81a/0xad0 [ 56.275889][ T547] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.281323][ T547] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 56.287020][ T547] ext4_ext_map_blocks+0x201b/0x33e0 [ 56.292282][ T547] ? ext4_ext_release+0x10/0x10 [ 56.297117][ T547] ? down_write_killable+0x170/0x170 [ 56.302377][ T547] ? ext4_es_lookup_extent+0x41d/0xd10 [ 56.307823][ T547] ext4_map_blocks+0x4cb/0x1640 [ 56.312668][ T547] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 56.317846][ T547] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.323387][ T547] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.329342][ T547] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 56.334774][ T547] ext4_writepages+0x1a83/0x33c0 [ 56.339697][ T547] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.345310][ T547] ? __lock_acquire+0x2224/0x48b0 [ 56.350320][ T547] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.356279][ T547] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.362255][ T547] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.367862][ T547] ? do_writepages+0xf3/0x2a0 [ 56.372518][ T547] do_writepages+0xf3/0x2a0 [ 56.377001][ T547] ? page_writeback_cpu_online+0x10/0x10 [ 56.382616][ T547] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.388149][ T547] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.394120][ T547] ? lock_downgrade+0x840/0x840 [ 56.398950][ T547] __writeback_single_inode+0x12a/0x13d0 [ 56.404573][ T547] ? _raw_spin_unlock+0x24/0x40 [ 56.409416][ T547] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 56.415373][ T547] writeback_sb_inodes+0x515/0xdc0 [ 56.420481][ T547] ? __writeback_single_inode+0x13d0/0x13d0 [ 56.426454][ T547] __writeback_inodes_wb+0xc3/0x250 [ 56.431648][ T547] wb_writeback+0x8c8/0xd40 [ 56.436133][ T547] ? writeback_inodes_wb.constprop.0+0x190/0x190 [ 56.442444][ T547] ? cpumask_next+0x3c/0x40 [ 56.446939][ T547] ? get_nr_dirty_inodes+0xd6/0x130 [ 56.452117][ T547] wb_workfn+0xab3/0x1090 [ 56.456428][ T547] ? inode_wait_for_writeback+0x30/0x30 [ 56.461956][ T547] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.467493][ T547] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.473469][ T547] process_one_work+0x965/0x1690 [ 56.478388][ T547] ? lock_release+0x800/0x800 [ 56.483056][ T547] ? pwq_dec_nr_in_flight+0x310/0x310 [ 56.488405][ T547] ? rwlock_bug.part.0+0x90/0x90 [ 56.493325][ T547] worker_thread+0x96/0xe10 [ 56.497809][ T547] ? process_one_work+0x1690/0x1690 [ 56.503001][ T547] kthread+0x3b5/0x4a0 [ 56.507044][ T547] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.512750][ T547] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.518445][ T547] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.0.6' (ECDSA) to the list of known hosts. 2020/06/10 17:37:43 fuzzer started 2020/06/10 17:37:43 connecting to host at 10.128.0.26:45655 2020/06/10 17:37:43 checking machine... 2020/06/10 17:37:43 checking revisions... 2020/06/10 17:37:43 testing simple program... [ 58.116632][ T6795] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6795 [ 58.125773][ T6795] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.131788][ T6795] CPU: 0 PID: 6795 Comm: syz-fuzzer Not tainted 5.7.0-next-20200610-syzkaller #0 [ 58.140913][ T6795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.150972][ T6795] Call Trace: [ 58.154314][ T6795] dump_stack+0x18f/0x20d [ 58.158651][ T6795] check_preemption_disabled+0x20d/0x220 [ 58.164264][ T6795] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.169373][ T6795] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.175681][ T6795] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.181381][ T6795] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.186661][ T6795] ? ext4_ext_release+0x10/0x10 [ 58.191506][ T6795] ? down_write_killable+0x170/0x170 [ 58.196765][ T6795] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.202204][ T6795] ext4_map_blocks+0x4cb/0x1640 [ 58.207039][ T6795] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.212234][ T6795] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.217757][ T6795] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.223712][ T6795] ? prandom_u32_state+0xe/0x170 [ 58.228629][ T6795] ? __brelse+0x84/0xa0 [ 58.232762][ T6795] ? __ext4_new_inode+0x144/0x55e0 [ 58.237869][ T6795] ext4_getblk+0xad/0x520 [ 58.242176][ T6795] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.247875][ T6795] ? ext4_free_inode+0x1700/0x1700 [ 58.252979][ T6795] ext4_bread+0x7c/0x380 [ 58.257205][ T6795] ? ext4_getblk+0x520/0x520 [ 58.261771][ T6795] ? dquot_get_next_dqblk+0x180/0x180 [ 58.267122][ T6795] ext4_append+0x153/0x360 [ 58.271519][ T6795] ext4_mkdir+0x5e0/0xdf0 [ 58.275845][ T6795] ? ext4_rmdir+0xde0/0xde0 [ 58.280342][ T6795] ? security_inode_permission+0xc4/0xf0 [ 58.285968][ T6795] vfs_mkdir+0x419/0x690 [ 58.290203][ T6795] do_mkdirat+0x21e/0x280 [ 58.294511][ T6795] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.299339][ T6795] ? do_syscall_64+0x1c/0xe0 [ 58.303923][ T6795] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.309883][ T6795] do_syscall_64+0x60/0xe0 [ 58.314293][ T6795] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.320172][ T6795] RIP: 0033:0x4b02a0 [ 58.324037][ T6795] Code: Bad RIP value. [ 58.328093][ T6795] RSP: 002b:000000c0000e74b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 58.336479][ T6795] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 58.344430][ T6795] RDX: 00000000000001c0 RSI: 000000c000026c40 RDI: ffffffffffffff9c [ 58.352378][ T6795] RBP: 000000c0000e7510 R08: 0000000000000000 R09: 0000000000000000 [ 58.360412][ T6795] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 58.368357][ T6795] R13: 0000000000000063 R14: 0000000000000062 R15: 0000000000000100 [ 58.386993][ T6807] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6807 [ 58.396463][ T6807] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.402407][ T6807] CPU: 0 PID: 6807 Comm: syz-executor.0 Not tainted 5.7.0-next-20200610-syzkaller #0 [ 58.411856][ T6807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.421900][ T6807] Call Trace: [ 58.425211][ T6807] dump_stack+0x18f/0x20d [ 58.429529][ T6807] check_preemption_disabled+0x20d/0x220 [ 58.435182][ T6807] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.440286][ T6807] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.445721][ T6807] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.451453][ T6807] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.456732][ T6807] ? ext4_ext_release+0x10/0x10 [ 58.461622][ T6807] ? down_write_killable+0x170/0x170 [ 58.466906][ T6807] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.472355][ T6807] ext4_map_blocks+0x4cb/0x1640 [ 58.477208][ T6807] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.482402][ T6807] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.487936][ T6807] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.493895][ T6807] ? prandom_u32_state+0xe/0x170 [ 58.498810][ T6807] ? __brelse+0x84/0xa0 [ 58.502962][ T6807] ? __ext4_new_inode+0x144/0x55e0 [ 58.508067][ T6807] ext4_getblk+0xad/0x520 [ 58.512394][ T6807] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.518093][ T6807] ? ext4_free_inode+0x1700/0x1700 [ 58.523197][ T6807] ext4_bread+0x7c/0x380 [ 58.527419][ T6807] ? ext4_getblk+0x520/0x520 [ 58.531987][ T6807] ? dquot_get_next_dqblk+0x180/0x180 [ 58.537340][ T6807] ext4_append+0x153/0x360 [ 58.541737][ T6807] ext4_mkdir+0x5e0/0xdf0 [ 58.546064][ T6807] ? ext4_rmdir+0xde0/0xde0 [ 58.550560][ T6807] ? security_inode_permission+0xc4/0xf0 [ 58.556188][ T6807] vfs_mkdir+0x419/0x690 [ 58.560422][ T6807] do_mkdirat+0x21e/0x280 [ 58.564802][ T6807] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.569663][ T6807] ? do_syscall_64+0x1c/0xe0 [ 58.574264][ T6807] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.580231][ T6807] do_syscall_64+0x60/0xe0 [ 58.584625][ T6807] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.590529][ T6807] RIP: 0033:0x45bee7 [ 58.594394][ T6807] Code: Bad RIP value. [ 58.598433][ T6807] RSP: 002b:00007ffd033fbcd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 58.606817][ T6807] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 58.614765][ T6807] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffd033fbeb0 [ 58.622740][ T6807] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003500 [ 58.630712][ T6807] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 58.638678][ T6807] R13: 00007ffd033fbeb0 R14: 8421084210842109 R15: 00007ffd033fbebc [ 58.719999][ T6808] IPVS: ftp: loaded support on port[0] = 21 [ 58.756829][ T6808] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6808 [ 58.766251][ T6808] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.772234][ T6808] CPU: 1 PID: 6808 Comm: syz-executor.0 Not tainted 5.7.0-next-20200610-syzkaller #0 [ 58.781682][ T6808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.791720][ T6808] Call Trace: [ 58.795110][ T6808] dump_stack+0x18f/0x20d [ 58.799420][ T6808] check_preemption_disabled+0x20d/0x220 [ 58.805033][ T6808] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.810173][ T6808] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.815610][ T6808] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.821316][ T6808] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.826581][ T6808] ? ext4_ext_release+0x10/0x10 [ 58.831468][ T6808] ? down_write_killable+0x170/0x170 [ 58.836728][ T6808] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.842198][ T6808] ext4_map_blocks+0x4cb/0x1640 [ 58.847145][ T6808] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.852348][ T6808] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.857873][ T6808] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.863829][ T6808] ? prandom_u32_state+0xe/0x170 [ 58.868757][ T6808] ? __brelse+0x84/0xa0 [ 58.872891][ T6808] ? __ext4_new_inode+0x144/0x55e0 [ 58.877998][ T6808] ext4_getblk+0xad/0x520 [ 58.882321][ T6808] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.888018][ T6808] ? ext4_free_inode+0x1700/0x1700 [ 58.893106][ T6808] ext4_bread+0x7c/0x380 [ 58.897320][ T6808] ? ext4_getblk+0x520/0x520 [ 58.901905][ T6808] ? dquot_get_next_dqblk+0x180/0x180 [ 58.907258][ T6808] ext4_append+0x153/0x360 [ 58.911671][ T6808] ext4_mkdir+0x5e0/0xdf0 [ 58.915980][ T6808] ? ext4_rmdir+0xde0/0xde0 [ 58.920465][ T6808] ? security_inode_permission+0xc4/0xf0 [ 58.926076][ T6808] vfs_mkdir+0x419/0x690 [ 58.930311][ T6808] do_mkdirat+0x21e/0x280 [ 58.934624][ T6808] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.939450][ T6808] ? do_syscall_64+0x1c/0xe0 [ 58.944019][ T6808] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.950039][ T6808] do_syscall_64+0x60/0xe0 [ 58.954469][ T6808] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.960337][ T6808] RIP: 0033:0x45bee7 [ 58.964207][ T6808] Code: Bad RIP value. [ 58.968249][ T6808] RSP: 002b:00007ffd033fbbc8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 58.976655][ T6808] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 58.984624][ T6808] RDX: 00007ffd033fbc13 RSI: 00000000000001ff RDI: 00007ffd033fbc10 [ 58.992587][ T6808] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 59.000541][ T6808] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 59.008516][ T6808] R13: 00007ffd033fbc00 R14: 0000000000000000 R15: 00007ffd033fbc10 [ 59.058550][ T6808] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6808 [ 59.068147][ T6808] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.074392][ T6808] CPU: 0 PID: 6808 Comm: syz-executor.0 Not tainted 5.7.0-next-20200610-syzkaller #0 [ 59.083842][ T6808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.093895][ T6808] Call Trace: [ 59.097191][ T6808] dump_stack+0x18f/0x20d [ 59.101537][ T6808] check_preemption_disabled+0x20d/0x220 [ 59.107180][ T6808] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.112315][ T6808] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.117786][ T6808] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.123498][ T6808] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.128766][ T6808] ? ext4_ext_release+0x10/0x10 [ 59.133671][ T6808] ? down_write_killable+0x170/0x170 [ 59.138979][ T6808] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.144420][ T6808] ext4_map_blocks+0x4cb/0x1640 [ 59.149253][ T6808] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.154441][ T6808] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.159985][ T6808] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.166051][ T6808] ? prandom_u32_state+0xe/0x170 [ 59.170985][ T6808] ? __brelse+0x84/0xa0 [ 59.175157][ T6808] ? __ext4_new_inode+0x144/0x55e0 [ 59.180265][ T6808] ext4_getblk+0xad/0x520 [ 59.184576][ T6808] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.190285][ T6808] ? ext4_free_inode+0x1700/0x1700 [ 59.195401][ T6808] ext4_bread+0x7c/0x380 [ 59.199639][ T6808] ? ext4_getblk+0x520/0x520 [ 59.204208][ T6808] ? dquot_get_next_dqblk+0x180/0x180 [ 59.209559][ T6808] ext4_append+0x153/0x360 [ 59.213956][ T6808] ext4_mkdir+0x5e0/0xdf0 [ 59.218266][ T6808] ? ext4_rmdir+0xde0/0xde0 [ 59.222765][ T6808] ? security_inode_permission+0xc4/0xf0 [ 59.228392][ T6808] vfs_mkdir+0x419/0x690 [ 59.232639][ T6808] do_mkdirat+0x21e/0x280 [ 59.236946][ T6808] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.241810][ T6808] ? do_syscall_64+0x1c/0xe0 [ 59.246378][ T6808] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.252351][ T6808] do_syscall_64+0x60/0xe0 [ 59.256744][ T6808] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.262632][ T6808] RIP: 0033:0x45bee7 [ 59.266495][ T6808] Code: Bad RIP value. [ 59.270542][ T6808] RSP: 002b:00007ffd033fbbc8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 59.278932][ T6808] RAX: ffffffffffffffda RBX: 000000000000e6aa RCX: 000000000045bee7 [ 59.286879][ T6808] RDX: 00007ffd033fbc13 RSI: 00000000000001ff RDI: 00007ffd033fbc10 [ 59.294840][ T6808] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/10 17:37:44 building call list... [ 59.302800][ T6808] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 59.310747][ T6808] R13: 00007ffd033fbc00 R14: 000000000000e6a5 R15: 00007ffd033fbc10 [ 59.530885][ T2552] tipc: TX() has been purged, node left! [ 60.052687][ T2552] ================================================================== [ 60.060899][ T2552] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 60.068784][ T2552] Write of size 1 at addr ffff8880a723a1e4 by task kworker/u4:5/2552 [ 60.076830][ T2552] [ 60.079162][ T2552] CPU: 0 PID: 2552 Comm: kworker/u4:5 Not tainted 5.7.0-next-20200610-syzkaller #0 [ 60.088427][ T2552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.098499][ T2552] Workqueue: netns cleanup_net [ 60.103261][ T2552] Call Trace: [ 60.106574][ T2552] dump_stack+0x18f/0x20d [ 60.110904][ T2552] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.116444][ T2552] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.122002][ T2552] ? afs_put_call+0xa40/0xa40 [ 60.126683][ T2552] print_address_description.constprop.0.cold+0xd3/0x413 [ 60.133730][ T2552] ? vprintk_func+0x97/0x1a6 [ 60.138343][ T2552] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.143885][ T2552] kasan_report.cold+0x1f/0x37 [ 60.148649][ T2552] ? rcu_read_lock_held_common+0x71/0xa0 [ 60.154275][ T2552] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.159820][ T2552] afs_wake_up_async_call+0x6aa/0x770 [ 60.165188][ T2552] ? afs_close_socket+0x320/0x320 [ 60.170209][ T2552] ? afs_put_call+0xa40/0xa40 [ 60.174882][ T2552] rxrpc_notify_socket+0x1db/0x5d0 [ 60.179994][ T2552] ? afs_put_call+0xa40/0xa40 [ 60.184668][ T2552] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 60.191183][ T2552] rxrpc_call_completed+0xca/0xf0 [ 60.196209][ T2552] rxrpc_discard_prealloc+0x781/0xab0 [ 60.201592][ T2552] ? lock_sock_nested+0x94/0x110 [ 60.206529][ T2552] rxrpc_listen+0x147/0x360 [ 60.211038][ T2552] afs_close_socket+0x95/0x320 [ 60.215796][ T2552] ? afs_purge_servers+0x16d/0x300 [ 60.220908][ T2552] ? afs_rx_discard_new_call+0x50/0x50 [ 60.226368][ T2552] ? init_wait_var_entry+0x200/0x200 [ 60.231653][ T2552] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.237286][ T2552] ? check_preemption_disabled+0x38/0x220 [ 60.243005][ T2552] afs_net_exit+0x1bc/0x310 [ 60.247502][ T2552] ? afs_net_init+0xe30/0xe30 [ 60.252199][ T2552] ops_exit_list.isra.0+0xa8/0x150 [ 60.257312][ T2552] cleanup_net+0x511/0xa50 [ 60.261839][ T2552] ? unregister_pernet_device+0x70/0x70 [ 60.267407][ T2552] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.273412][ T2552] process_one_work+0x965/0x1690 [ 60.278410][ T2552] ? lock_release+0x800/0x800 [ 60.283120][ T2552] ? pwq_dec_nr_in_flight+0x310/0x310 [ 60.288513][ T2552] ? rwlock_bug.part.0+0x90/0x90 [ 60.293474][ T2552] worker_thread+0x96/0xe10 [ 60.297989][ T2552] ? process_one_work+0x1690/0x1690 [ 60.303185][ T2552] kthread+0x3b5/0x4a0 [ 60.307280][ T2552] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.313009][ T2552] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.318747][ T2552] ret_from_fork+0x1f/0x30 [ 60.323180][ T2552] [ 60.325505][ T2552] Allocated by task 6808: [ 60.329838][ T2552] save_stack+0x1b/0x40 [ 60.334167][ T2552] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 60.339797][ T2552] kmem_cache_alloc_trace+0x153/0x7d0 [ 60.345171][ T2552] afs_alloc_call+0x55/0x630 [ 60.349766][ T2552] afs_charge_preallocation+0xe9/0x2d0 [ 60.355226][ T2552] afs_open_socket+0x292/0x360 [ 60.359986][ T2552] afs_net_init+0xa6c/0xe30 [ 60.364501][ T2552] ops_init+0xaf/0x420 [ 60.368577][ T2552] setup_net+0x2de/0x860 [ 60.372817][ T2552] copy_net_ns+0x293/0x590 [ 60.377233][ T2552] create_new_namespaces+0x3fb/0xb30 [ 60.382540][ T2552] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 60.388171][ T2552] ksys_unshare+0x43d/0x8e0 [ 60.392674][ T2552] __x64_sys_unshare+0x2d/0x40 [ 60.397435][ T2552] do_syscall_64+0x60/0xe0 [ 60.401846][ T2552] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.407737][ T2552] [ 60.410060][ T2552] Freed by task 2552: [ 60.414048][ T2552] save_stack+0x1b/0x40 [ 60.418201][ T2552] __kasan_slab_free+0xf7/0x140 [ 60.423068][ T2552] kfree+0x109/0x2b0 [ 60.426961][ T2552] afs_put_call+0x585/0xa40 [ 60.431474][ T2552] rxrpc_discard_prealloc+0x764/0xab0 [ 60.436845][ T2552] rxrpc_listen+0x147/0x360 [ 60.441343][ T2552] afs_close_socket+0x95/0x320 [ 60.446100][ T2552] afs_net_exit+0x1bc/0x310 [ 60.450601][ T2552] ops_exit_list.isra.0+0xa8/0x150 [ 60.455707][ T2552] cleanup_net+0x511/0xa50 [ 60.460145][ T2552] process_one_work+0x965/0x1690 [ 60.465097][ T2552] worker_thread+0x96/0xe10 [ 60.469611][ T2552] kthread+0x3b5/0x4a0 [ 60.473679][ T2552] ret_from_fork+0x1f/0x30 [ 60.478100][ T2552] [ 60.480423][ T2552] The buggy address belongs to the object at ffff8880a723a000 [ 60.480423][ T2552] which belongs to the cache kmalloc-1k of size 1024 [ 60.494494][ T2552] The buggy address is located 484 bytes inside of [ 60.494494][ T2552] 1024-byte region [ffff8880a723a000, ffff8880a723a400) [ 60.507838][ T2552] The buggy address belongs to the page: [ 60.513479][ T2552] page:ffffea00029c8e80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 60.523205][ T2552] flags: 0xfffe0000000200(slab) [ 60.528056][ T2552] raw: 00fffe0000000200 ffffea00027f6948 ffffea000280f448 ffff8880aa000c40 [ 60.536661][ T2552] raw: 0000000000000000 ffff8880a723a000 0000000100000002 0000000000000000 [ 60.545339][ T2552] page dumped because: kasan: bad access detected [ 60.551740][ T2552] [ 60.554061][ T2552] Memory state around the buggy address: [ 60.559686][ T2552] ffff8880a723a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.567742][ T2552] ffff8880a723a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.575799][ T2552] >ffff8880a723a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.583850][ T2552] ^ [ 60.591039][ T2552] ffff8880a723a200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.599096][ T2552] ffff8880a723a280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.607232][ T2552] ================================================================== [ 60.615282][ T2552] Disabling lock debugging due to kernel taint [ 60.621502][ T2552] Kernel panic - not syncing: panic_on_warn set ... [ 60.628085][ T2552] CPU: 0 PID: 2552 Comm: kworker/u4:5 Tainted: G B 5.7.0-next-20200610-syzkaller #0 [ 60.638757][ T2552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.648806][ T2552] Workqueue: netns cleanup_net [ 60.653555][ T2552] Call Trace: [ 60.656839][ T2552] dump_stack+0x18f/0x20d [ 60.661162][ T2552] ? afs_wake_up_async_call+0x5c0/0x770 [ 60.666698][ T2552] ? afs_put_call+0xa40/0xa40 [ 60.671368][ T2552] panic+0x2e3/0x75c [ 60.675256][ T2552] ? __warn_printk+0xf3/0xf3 [ 60.679833][ T2552] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 60.685982][ T2552] ? trace_hardirqs_on+0x55/0x220 [ 60.690999][ T2552] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.696554][ T2552] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.702105][ T2552] ? afs_put_call+0xa40/0xa40 [ 60.706773][ T2552] end_report+0x4d/0x53 [ 60.710922][ T2552] kasan_report.cold+0xd/0x37 [ 60.715592][ T2552] ? rcu_read_lock_held_common+0x71/0xa0 [ 60.721213][ T2552] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.726775][ T2552] afs_wake_up_async_call+0x6aa/0x770 [ 60.732141][ T2552] ? afs_close_socket+0x320/0x320 [ 60.737178][ T2552] ? afs_put_call+0xa40/0xa40 [ 60.741855][ T2552] rxrpc_notify_socket+0x1db/0x5d0 [ 60.746962][ T2552] ? afs_put_call+0xa40/0xa40 [ 60.751638][ T2552] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 60.758044][ T2552] rxrpc_call_completed+0xca/0xf0 [ 60.763058][ T2552] rxrpc_discard_prealloc+0x781/0xab0 [ 60.768422][ T2552] ? lock_sock_nested+0x94/0x110 [ 60.773349][ T2552] rxrpc_listen+0x147/0x360 [ 60.777845][ T2552] afs_close_socket+0x95/0x320 [ 60.782600][ T2552] ? afs_purge_servers+0x16d/0x300 [ 60.787714][ T2552] ? afs_rx_discard_new_call+0x50/0x50 [ 60.793194][ T2552] ? init_wait_var_entry+0x200/0x200 [ 60.798477][ T2552] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.804122][ T2552] ? check_preemption_disabled+0x38/0x220 [ 60.809843][ T2552] afs_net_exit+0x1bc/0x310 [ 60.814345][ T2552] ? afs_net_init+0xe30/0xe30 [ 60.819018][ T2552] ops_exit_list.isra.0+0xa8/0x150 [ 60.824223][ T2552] cleanup_net+0x511/0xa50 [ 60.828645][ T2552] ? unregister_pernet_device+0x70/0x70 [ 60.834190][ T2552] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.840168][ T2552] process_one_work+0x965/0x1690 [ 60.845108][ T2552] ? lock_release+0x800/0x800 [ 60.849786][ T2552] ? pwq_dec_nr_in_flight+0x310/0x310 [ 60.855164][ T2552] ? rwlock_bug.part.0+0x90/0x90 [ 60.860107][ T2552] worker_thread+0x96/0xe10 [ 60.864620][ T2552] ? process_one_work+0x1690/0x1690 [ 60.869822][ T2552] kthread+0x3b5/0x4a0 [ 60.873892][ T2552] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.879645][ T2552] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.885417][ T2552] ret_from_fork+0x1f/0x30 [ 60.890984][ T2552] Kernel Offset: disabled [ 60.895310][ T2552] Rebooting in 86400 seconds..