Starting Load/Save RF Kill Switch Status... [ 61.985941][ T6911] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6911 [ 61.995640][ T6911] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.002025][ T6911] CPU: 0 PID: 6911 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 62.002045][ T6911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.002050][ T6911] Call Trace: [ 62.002072][ T6911] dump_stack+0x18f/0x20d [ 62.002097][ T6911] check_preemption_disabled+0x20d/0x220 [ 62.002116][ T6911] ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.002148][ T6911] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.002165][ T6911] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 62.002192][ T6911] ext4_ext_map_blocks+0x201b/0x33e0 [ 62.002221][ T6911] ? ext4_ext_release+0x10/0x10 [ 62.002257][ T6911] ? down_write_killable+0x170/0x170 [ 62.002273][ T6911] ? ext4_es_lookup_extent+0x41d/0xd10 [ 62.002298][ T6911] ext4_map_blocks+0x4cb/0x1640 [ 62.002323][ T6911] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.002340][ T6911] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.002358][ T6911] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.002373][ T6911] ? prandom_u32_state+0xe/0x170 [ 62.002392][ T6911] ? __brelse+0x84/0xa0 [ 62.002409][ T6911] ? __ext4_new_inode+0x144/0x55e0 [ 62.002430][ T6911] ext4_getblk+0xad/0x520 [ 62.002450][ T6911] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 62.002473][ T6911] ? ext4_free_inode+0x1700/0x1700 [ 62.002494][ T6911] ext4_bread+0x7c/0x380 [ 62.002511][ T6911] ? ext4_getblk+0x520/0x520 [ 62.002528][ T6911] ? dquot_get_next_dqblk+0x180/0x180 [ 62.002553][ T6911] ext4_append+0x153/0x360 [ 62.002575][ T6911] ext4_mkdir+0x5e0/0xdf0 [ 62.002601][ T6911] ? ext4_rmdir+0xde0/0xde0 [ 62.002622][ T6911] ? security_inode_permission+0xc4/0xf0 [ 62.002648][ T6911] vfs_mkdir+0x419/0x690 [ 62.002669][ T6911] do_mkdirat+0x21e/0x280 [ 62.002689][ T6911] ? __ia32_sys_mknod+0xb0/0xb0 [ 62.002706][ T6911] ? do_syscall_64+0x1c/0xe0 [ 62.002722][ T6911] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.002742][ T6911] do_syscall_64+0x60/0xe0 [ 62.002761][ T6911] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.002774][ T6911] RIP: 0033:0x7fa4f49ac687 [ 62.002780][ T6911] Code: Bad RIP value. [ 62.002789][ T6911] RSP: 002b:00007fffcf216238 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 62.002804][ T6911] RAX: ffffffffffffffda RBX: 000055ab9d178985 RCX: 00007fa4f49ac687 [ 62.002814][ T6911] RDX: 00007fffcf216100 RSI: 00000000000001ed RDI: 000055ab9d178985 [ 62.002823][ T6911] RBP: 00007fa4f49ac680 R08: 0000000000000100 R09: 0000000000000000 [ 62.002833][ T6911] R10: 000055ab9d178980 R11: 0000000000000246 R12: 00000000000001ed [ 62.002842][ T6911] R13: 00007fffcf2163c0 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.182' (ECDSA) to the list of known hosts. 2020/06/15 20:43:59 fuzzer started 2020/06/15 20:44:00 connecting to host at 10.128.0.26:37849 2020/06/15 20:44:00 checking machine... 2020/06/15 20:44:00 checking revisions... 2020/06/15 20:44:00 testing simple program... syzkaller login: [ 67.366645][ T6979] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6979 [ 67.375920][ T6979] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.381961][ T6979] CPU: 1 PID: 6979 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 67.390195][ T6979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.400496][ T6979] Call Trace: [ 67.403787][ T6979] dump_stack+0x18f/0x20d [ 67.408121][ T6979] check_preemption_disabled+0x20d/0x220 [ 67.413745][ T6979] ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.418880][ T6979] ? ext4_ext_search_right+0x2ca/0xb20 [ 67.424336][ T6979] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 67.430042][ T6979] ext4_ext_map_blocks+0x201b/0x33e0 [ 67.435329][ T6979] ? ext4_ext_release+0x10/0x10 [ 67.440172][ T6979] ? down_write_killable+0x170/0x170 [ 67.445567][ T6979] ? ext4_es_lookup_extent+0x41d/0xd10 [ 67.451043][ T6979] ext4_map_blocks+0x4cb/0x1640 [ 67.455969][ T6979] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 67.461167][ T6979] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 67.466712][ T6979] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.472673][ T6979] ? prandom_u32_state+0xe/0x170 [ 67.477618][ T6979] ? __brelse+0x84/0xa0 [ 67.481832][ T6979] ? __ext4_new_inode+0x144/0x55e0 [ 67.487085][ T6979] ext4_getblk+0xad/0x520 [ 67.491441][ T6979] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 67.497166][ T6979] ? ext4_free_inode+0x1700/0x1700 [ 67.502268][ T6979] ext4_bread+0x7c/0x380 [ 67.506496][ T6979] ? ext4_getblk+0x520/0x520 [ 67.511067][ T6979] ? dquot_get_next_dqblk+0x180/0x180 [ 67.516625][ T6979] ext4_append+0x153/0x360 [ 67.521114][ T6979] ext4_mkdir+0x5e0/0xdf0 [ 67.525444][ T6979] ? ext4_rmdir+0xde0/0xde0 [ 67.529947][ T6979] ? security_inode_permission+0xc4/0xf0 [ 67.535563][ T6979] vfs_mkdir+0x419/0x690 [ 67.539807][ T6979] do_mkdirat+0x21e/0x280 [ 67.544133][ T6979] ? __ia32_sys_mknod+0xb0/0xb0 [ 67.549069][ T6979] ? do_syscall_64+0x1c/0xe0 [ 67.553698][ T6979] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.559800][ T6979] do_syscall_64+0x60/0xe0 [ 67.564206][ T6979] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.570100][ T6979] RIP: 0033:0x4b02a0 [ 67.573974][ T6979] Code: Bad RIP value. [ 67.578023][ T6979] RSP: 002b:000000c0000df4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 67.586432][ T6979] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 67.594405][ T6979] RDX: 00000000000001c0 RSI: 000000c0000ce800 RDI: ffffffffffffff9c [ 67.602377][ T6979] RBP: 000000c0000df510 R08: 0000000000000000 R09: 0000000000000000 [ 67.610455][ T6979] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 67.618428][ T6979] R13: 0000000000000041 R14: 0000000000000040 R15: 0000000000000100 [ 67.636257][ T6993] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6993 [ 67.645754][ T6993] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.651813][ T6993] CPU: 1 PID: 6993 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 67.660507][ T6993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.670565][ T6993] Call Trace: [ 67.673856][ T6993] dump_stack+0x18f/0x20d [ 67.678180][ T6993] check_preemption_disabled+0x20d/0x220 [ 67.683824][ T6993] ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.689060][ T6993] ? ext4_ext_search_right+0x2ca/0xb20 [ 67.694530][ T6993] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 67.701064][ T6993] ext4_ext_map_blocks+0x201b/0x33e0 [ 67.706524][ T6993] ? ext4_ext_release+0x10/0x10 [ 67.711463][ T6993] ? down_write_killable+0x170/0x170 [ 67.716789][ T6993] ? ext4_map_blocks+0xac2/0x1640 [ 67.721814][ T6993] ext4_map_blocks+0x4cb/0x1640 [ 67.726652][ T6993] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 67.731851][ T6993] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 67.737392][ T6993] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.743353][ T6993] ? prandom_u32_state+0xe/0x170 [ 67.748285][ T6993] ? __brelse+0x84/0xa0 [ 67.752519][ T6993] ? __ext4_new_inode+0x144/0x55e0 [ 67.757640][ T6993] ext4_getblk+0xad/0x520 [ 67.761963][ T6993] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 67.767680][ T6993] ? ext4_free_inode+0x1700/0x1700 [ 67.772776][ T6993] ext4_bread+0x7c/0x380 [ 67.777004][ T6993] ? ext4_getblk+0x520/0x520 [ 67.781596][ T6993] ? dquot_get_next_dqblk+0x180/0x180 [ 67.786953][ T6993] ext4_append+0x153/0x360 [ 67.791351][ T6993] ext4_mkdir+0x5e0/0xdf0 [ 67.795665][ T6993] ? ext4_rmdir+0xde0/0xde0 [ 67.800168][ T6993] ? security_inode_permission+0xc4/0xf0 [ 67.805791][ T6993] vfs_mkdir+0x419/0x690 [ 67.810025][ T6993] do_mkdirat+0x21e/0x280 [ 67.814344][ T6993] ? __ia32_sys_mknod+0xb0/0xb0 [ 67.819184][ T6993] ? do_syscall_64+0x1c/0xe0 [ 67.823760][ T6993] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.829728][ T6993] do_syscall_64+0x60/0xe0 [ 67.834133][ T6993] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.840007][ T6993] RIP: 0033:0x45bed7 [ 67.843914][ T6993] Code: Bad RIP value. [ 67.848047][ T6993] RSP: 002b:00007ffdc4e176f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 67.856442][ T6993] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 67.864400][ T6993] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffdc4e178d0 [ 67.872377][ T6993] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003d40 [ 67.880333][ T6993] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 67.888309][ T6993] R13: 00007ffdc4e178d0 R14: 8421084210842109 R15: 00007ffdc4e178dc [ 67.974659][ T6994] IPVS: ftp: loaded support on port[0] = 21 [ 68.010074][ T6994] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6994 [ 68.019970][ T6994] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 68.025886][ T6994] CPU: 0 PID: 6994 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 68.034468][ T6994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.044501][ T6994] Call Trace: [ 68.047826][ T6994] dump_stack+0x18f/0x20d [ 68.052143][ T6994] check_preemption_disabled+0x20d/0x220 [ 68.057773][ T6994] ext4_mb_new_blocks+0xa4d/0x3b70 [ 68.062876][ T6994] ? ext4_ext_search_right+0x2ca/0xb20 [ 68.068313][ T6994] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 68.074019][ T6994] ext4_ext_map_blocks+0x201b/0x33e0 [ 68.079392][ T6994] ? ext4_ext_release+0x10/0x10 [ 68.084230][ T6994] ? down_write_killable+0x170/0x170 [ 68.089523][ T6994] ? ext4_es_lookup_extent+0x41d/0xd10 [ 68.094978][ T6994] ext4_map_blocks+0x4cb/0x1640 [ 68.099813][ T6994] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 68.105075][ T6994] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 68.110600][ T6994] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.116558][ T6994] ? prandom_u32_state+0xe/0x170 [ 68.121474][ T6994] ? __brelse+0x84/0xa0 [ 68.125627][ T6994] ? __ext4_new_inode+0x144/0x55e0 [ 68.130719][ T6994] ext4_getblk+0xad/0x520 [ 68.135031][ T6994] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 68.140745][ T6994] ? ext4_free_inode+0x1700/0x1700 [ 68.145858][ T6994] ext4_bread+0x7c/0x380 [ 68.150085][ T6994] ? ext4_getblk+0x520/0x520 [ 68.154676][ T6994] ? dquot_get_next_dqblk+0x180/0x180 [ 68.160038][ T6994] ext4_append+0x153/0x360 [ 68.164504][ T6994] ext4_mkdir+0x5e0/0xdf0 [ 68.169014][ T6994] ? ext4_rmdir+0xde0/0xde0 [ 68.173651][ T6994] ? security_inode_permission+0xc4/0xf0 [ 68.179273][ T6994] vfs_mkdir+0x419/0x690 [ 68.183515][ T6994] do_mkdirat+0x21e/0x280 [ 68.187832][ T6994] ? __ia32_sys_mknod+0xb0/0xb0 [ 68.192668][ T6994] ? do_syscall_64+0x1c/0xe0 [ 68.197238][ T6994] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 68.203266][ T6994] do_syscall_64+0x60/0xe0 [ 68.207663][ T6994] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.213898][ T6994] RIP: 0033:0x45bed7 [ 68.217766][ T6994] Code: Bad RIP value. [ 68.221824][ T6994] RSP: 002b:00007ffdc4e175e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 68.230227][ T6994] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 68.238176][ T6994] RDX: 00007ffdc4e17633 RSI: 00000000000001ff RDI: 00007ffdc4e17630 [ 68.246124][ T6994] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 68.254088][ T6994] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 68.262044][ T6994] R13: 00007ffdc4e17620 R14: 0000000000000000 R15: 00007ffdc4e17630 [ 68.315797][ T6994] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6994 [ 68.325334][ T6994] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 68.331328][ T6994] CPU: 0 PID: 6994 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 68.339923][ T6994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.349986][ T6994] Call Trace: [ 68.353390][ T6994] dump_stack+0x18f/0x20d [ 68.357747][ T6994] check_preemption_disabled+0x20d/0x220 [ 68.363490][ T6994] ext4_mb_new_blocks+0xa4d/0x3b70 [ 68.368633][ T6994] ? ext4_ext_search_right+0x2ca/0xb20 [ 68.374105][ T6994] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 68.379843][ T6994] ext4_ext_map_blocks+0x201b/0x33e0 [ 68.385243][ T6994] ? ext4_ext_release+0x10/0x10 [ 68.390127][ T6994] ? down_write_killable+0x170/0x170 [ 68.395430][ T6994] ? ext4_es_lookup_extent+0x41d/0xd10 [ 68.400912][ T6994] ext4_map_blocks+0x4cb/0x1640 [ 68.405920][ T6994] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 68.411111][ T6994] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 68.416851][ T6994] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.422835][ T6994] ? prandom_u32_state+0xe/0x170 [ 68.427777][ T6994] ? __brelse+0x84/0xa0 [ 68.431918][ T6994] ? __ext4_new_inode+0x144/0x55e0 [ 68.437036][ T6994] ext4_getblk+0xad/0x520 [ 68.441483][ T6994] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 68.447200][ T6994] ? ext4_free_inode+0x1700/0x1700 [ 68.452303][ T6994] ext4_bread+0x7c/0x380 [ 68.456570][ T6994] ? ext4_getblk+0x520/0x520 [ 68.461145][ T6994] ? dquot_get_next_dqblk+0x180/0x180 [ 68.466505][ T6994] ext4_append+0x153/0x360 [ 68.471096][ T6994] ext4_mkdir+0x5e0/0xdf0 [ 68.475412][ T6994] ? ext4_rmdir+0xde0/0xde0 [ 68.479908][ T6994] ? security_inode_permission+0xc4/0xf0 [ 68.485613][ T6994] vfs_mkdir+0x419/0x690 [ 68.489865][ T6994] do_mkdirat+0x21e/0x280 [ 68.494199][ T6994] ? __ia32_sys_mknod+0xb0/0xb0 [ 68.499053][ T6994] ? do_syscall_64+0x1c/0xe0 [ 68.503646][ T6994] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 68.509608][ T6994] do_syscall_64+0x60/0xe0 [ 68.514030][ T6994] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.519916][ T6994] RIP: 0033:0x45bed7 [ 68.523783][ T6994] Code: Bad RIP value. [ 68.527841][ T6994] RSP: 002b:00007ffdc4e175e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 68.536247][ T6994] RAX: ffffffffffffffda RBX: 0000000000010ad5 RCX: 000000000045bed7 [ 68.544212][ T6994] RDX: 00007ffdc4e17633 RSI: 00000000000001ff RDI: 00007ffdc4e17630 [ 68.552247][ T6994] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 68.560211][ T6994] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 68.568336][ T6994] R13: 00007ffdc4e17620 R14: 0000000000010acf R15: 00007ffdc4e17630 2020/06/15 20:44:01 building call list... [ 68.789260][ T7] tipc: TX() has been purged, node left! [ 69.271503][ T7] ================================================================== [ 69.279748][ T7] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 69.287633][ T7] Write of size 1 at addr ffff8880a25079e4 by task kworker/u4:0/7 [ 69.295423][ T7] [ 69.297758][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.8.0-rc1-syzkaller #0 [ 69.305900][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.316076][ T7] Workqueue: netns cleanup_net [ 69.320831][ T7] Call Trace: [ 69.324122][ T7] dump_stack+0x18f/0x20d [ 69.328455][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.333998][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.339704][ T7] ? afs_put_call+0xa40/0xa40 [ 69.344392][ T7] print_address_description.constprop.0.cold+0xd3/0x413 [ 69.351426][ T7] ? vprintk_func+0x97/0x1a6 [ 69.356117][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.361753][ T7] kasan_report.cold+0x1f/0x37 [ 69.368347][ T7] ? rcu_read_lock_held_common+0x51/0xa0 [ 69.373996][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.379543][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 69.384930][ T7] ? afs_close_socket+0x320/0x320 [ 69.389979][ T7] ? afs_put_call+0xa40/0xa40 [ 69.394654][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 69.399774][ T7] ? afs_put_call+0xa40/0xa40 [ 69.404599][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 69.411028][ T7] rxrpc_call_completed+0xca/0xf0 [ 69.416058][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 69.421439][ T7] ? lock_sock_nested+0x94/0x110 [ 69.426404][ T7] rxrpc_listen+0x147/0x360 [ 69.431086][ T7] afs_close_socket+0x95/0x320 [ 69.435851][ T7] ? afs_purge_servers+0x16d/0x300 [ 69.440962][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 69.446422][ T7] ? init_wait_var_entry+0x200/0x200 [ 69.451716][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 69.457347][ T7] ? check_preemption_disabled+0x38/0x220 [ 69.463070][ T7] afs_net_exit+0x1bc/0x310 [ 69.467858][ T7] ? afs_net_init+0xe30/0xe30 [ 69.472536][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 69.477909][ T7] cleanup_net+0x511/0xa50 [ 69.482329][ T7] ? unregister_pernet_device+0x70/0x70 [ 69.487879][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 69.493865][ T7] process_one_work+0x965/0x1690 [ 69.498899][ T7] ? lock_release+0x800/0x800 [ 69.503574][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 69.508947][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 69.513905][ T7] worker_thread+0x96/0xe10 [ 69.518418][ T7] ? process_one_work+0x1690/0x1690 [ 69.523713][ T7] kthread+0x3b5/0x4a0 [ 69.527780][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.533601][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.539343][ T7] ret_from_fork+0x1f/0x30 [ 69.543767][ T7] [ 69.546089][ T7] Allocated by task 6994: [ 69.550415][ T7] save_stack+0x1b/0x40 [ 69.554571][ T7] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 69.560197][ T7] kmem_cache_alloc_trace+0x153/0x7d0 [ 69.565660][ T7] afs_alloc_call+0x55/0x630 [ 69.570258][ T7] afs_charge_preallocation+0xe9/0x2d0 [ 69.575711][ T7] afs_open_socket+0x292/0x360 [ 69.580483][ T7] afs_net_init+0xa6c/0xe30 [ 69.584982][ T7] ops_init+0xaf/0x420 [ 69.589131][ T7] setup_net+0x2de/0x860 [ 69.593366][ T7] copy_net_ns+0x293/0x590 [ 69.597778][ T7] create_new_namespaces+0x3fb/0xb30 [ 69.603061][ T7] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 69.608863][ T7] ksys_unshare+0x43d/0x8e0 [ 69.613380][ T7] __x64_sys_unshare+0x2d/0x40 [ 69.618143][ T7] do_syscall_64+0x60/0xe0 [ 69.622561][ T7] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.628437][ T7] [ 69.630759][ T7] Freed by task 7: [ 69.634478][ T7] save_stack+0x1b/0x40 [ 69.638628][ T7] __kasan_slab_free+0xf7/0x140 [ 69.643474][ T7] kfree+0x109/0x2b0 [ 69.647362][ T7] afs_put_call+0x585/0xa40 [ 69.651872][ T7] rxrpc_discard_prealloc+0x764/0xab0 [ 69.657238][ T7] rxrpc_listen+0x147/0x360 [ 69.661841][ T7] afs_close_socket+0x95/0x320 [ 69.666685][ T7] afs_net_exit+0x1bc/0x310 [ 69.671208][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 69.676328][ T7] cleanup_net+0x511/0xa50 [ 69.680764][ T7] process_one_work+0x965/0x1690 [ 69.685718][ T7] worker_thread+0x96/0xe10 [ 69.690270][ T7] kthread+0x3b5/0x4a0 [ 69.694352][ T7] ret_from_fork+0x1f/0x30 [ 69.698753][ T7] [ 69.701106][ T7] The buggy address belongs to the object at ffff8880a2507800 [ 69.701106][ T7] which belongs to the cache kmalloc-1k of size 1024 [ 69.715153][ T7] The buggy address is located 484 bytes inside of [ 69.715153][ T7] 1024-byte region [ffff8880a2507800, ffff8880a2507c00) [ 69.728621][ T7] The buggy address belongs to the page: [ 69.734273][ T7] page:ffffea00028941c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 69.743374][ T7] flags: 0xfffe0000000200(slab) [ 69.748235][ T7] raw: 00fffe0000000200 ffffea000284f6c8 ffffea00029c9948 ffff8880aa000c40 [ 69.756906][ T7] raw: 0000000000000000 ffff8880a2507000 0000000100000002 0000000000000000 [ 69.765477][ T7] page dumped because: kasan: bad access detected [ 69.771889][ T7] [ 69.774212][ T7] Memory state around the buggy address: [ 69.779840][ T7] ffff8880a2507880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.788025][ T7] ffff8880a2507900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.796092][ T7] >ffff8880a2507980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.804150][ T7] ^ [ 69.811346][ T7] ffff8880a2507a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.819414][ T7] ffff8880a2507a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.827468][ T7] ================================================================== [ 69.836563][ T7] Disabling lock debugging due to kernel taint [ 69.842758][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 69.849456][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 69.859008][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.872189][ T7] Workqueue: netns cleanup_net [ 69.876936][ T7] Call Trace: [ 69.880222][ T7] dump_stack+0x18f/0x20d [ 69.884546][ T7] ? afs_wake_up_async_call+0x670/0x770 [ 69.890083][ T7] ? afs_put_call+0xa40/0xa40 [ 69.894773][ T7] panic+0x2e3/0x75c [ 69.898675][ T7] ? __warn_printk+0xf3/0xf3 [ 69.903259][ T7] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 69.909417][ T7] ? trace_hardirqs_on+0x55/0x220 [ 69.914515][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.920079][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.925613][ T7] ? afs_put_call+0xa40/0xa40 [ 69.930283][ T7] end_report+0x4d/0x53 [ 69.934616][ T7] kasan_report.cold+0xd/0x37 [ 69.939295][ T7] ? rcu_read_lock_held_common+0x51/0xa0 [ 69.944919][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.950565][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 69.955956][ T7] ? afs_close_socket+0x320/0x320 [ 69.960971][ T7] ? afs_put_call+0xa40/0xa40 [ 69.965639][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 69.970756][ T7] ? afs_put_call+0xa40/0xa40 [ 69.975511][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 69.981919][ T7] rxrpc_call_completed+0xca/0xf0 [ 69.986944][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 69.992331][ T7] ? lock_sock_nested+0x94/0x110 [ 69.998236][ T7] rxrpc_listen+0x147/0x360 [ 70.002731][ T7] afs_close_socket+0x95/0x320 [ 70.007507][ T7] ? afs_purge_servers+0x16d/0x300 [ 70.012609][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 70.018061][ T7] ? init_wait_var_entry+0x200/0x200 [ 70.023360][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 70.028991][ T7] ? check_preemption_disabled+0x38/0x220 [ 70.034701][ T7] afs_net_exit+0x1bc/0x310 [ 70.039196][ T7] ? afs_net_init+0xe30/0xe30 [ 70.043870][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 70.048996][ T7] cleanup_net+0x511/0xa50 [ 70.053412][ T7] ? unregister_pernet_device+0x70/0x70 [ 70.058971][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 70.064944][ T7] process_one_work+0x965/0x1690 [ 70.069877][ T7] ? lock_release+0x800/0x800 [ 70.074637][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 70.080004][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 70.084935][ T7] worker_thread+0x96/0xe10 [ 70.089436][ T7] ? process_one_work+0x1690/0x1690 [ 70.094643][ T7] kthread+0x3b5/0x4a0 [ 70.098705][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 70.104415][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 70.110136][ T7] ret_from_fork+0x1f/0x30 [ 70.116189][ T7] Kernel Offset: disabled [ 70.120558][ T7] Rebooting in 86400 seconds..