[ 59.620013][ T6968] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6968 [ 59.629525][ T6968] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.635724][ T6968] CPU: 0 PID: 6968 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 59.643998][ T6968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.654077][ T6968] Call Trace: [ 59.657451][ T6968] dump_stack+0x18f/0x20d [ 59.661813][ T6968] check_preemption_disabled+0x20d/0x220 [ 59.667604][ T6968] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.672701][ T6968] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.678139][ T6968] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.683842][ T6968] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.689120][ T6968] ? ext4_ext_release+0x10/0x10 [ 59.693960][ T6968] ? down_write_killable+0x170/0x170 [ 59.699218][ T6968] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.705786][ T6968] ext4_map_blocks+0x4cb/0x1640 [ 59.710619][ T6968] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.716157][ T6968] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.721693][ T6968] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.727663][ T6968] ? prandom_u32_state+0xe/0x170 [ 59.732627][ T6968] ? __brelse+0x84/0xa0 [ 59.736762][ T6968] ? __ext4_new_inode+0x144/0x55e0 [ 59.741865][ T6968] ext4_getblk+0xad/0x520 [ 59.746190][ T6968] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.751887][ T6968] ? ext4_free_inode+0x1700/0x1700 [ 59.756975][ T6968] ext4_bread+0x7c/0x380 [ 59.761204][ T6968] ? ext4_getblk+0x520/0x520 [ 59.766060][ T6968] ? dquot_get_next_dqblk+0x180/0x180 [ 59.771412][ T6968] ext4_append+0x153/0x360 [ 59.775814][ T6968] ext4_mkdir+0x5e0/0xdf0 [ 59.780123][ T6968] ? ext4_rmdir+0xde0/0xde0 [ 59.784608][ T6968] ? security_inode_permission+0xc4/0xf0 [ 59.790219][ T6968] vfs_mkdir+0x419/0x690 [ 59.794440][ T6968] do_mkdirat+0x21e/0x280 [ 59.798759][ T6968] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.803586][ T6968] ? do_syscall_64+0x1c/0xe0 [ 59.808152][ T6968] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.814109][ T6968] do_syscall_64+0x60/0xe0 [ 59.818503][ T6968] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.824372][ T6968] RIP: 0033:0x7fd3a1a5c687 [ 59.828756][ T6968] Code: Bad RIP value. [ 59.832810][ T6968] RSP: 002b:00007ffddcad4338 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.841191][ T6968] RAX: ffffffffffffffda RBX: 000055d290b24985 RCX: 00007fd3a1a5c687 [ 59.849137][ T6968] RDX: 00007ffddcad4200 RSI: 00000000000001ed RDI: 000055d290b24985 [ 59.857086][ T6968] RBP: 00007fd3a1a5c680 R08: 0000000000000100 R09: 0000000000000000 [ 59.865038][ T6968] R10: 000055d290b24980 R11: 0000000000000246 R12: 00000000000001ed [ 59.873334][ T6968] R13: 00007ffddcad44c0 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.134' (ECDSA) to the list of known hosts. 2020/06/14 20:36:22 fuzzer started 2020/06/14 20:36:22 connecting to host at 10.128.0.26:45973 2020/06/14 20:36:22 checking machine... 2020/06/14 20:36:22 checking revisions... 2020/06/14 20:36:22 testing simple program... syzkaller login: [ 64.560440][ T6975] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6975 [ 64.569505][ T6975] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.575479][ T6975] CPU: 0 PID: 6975 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 64.583363][ T6975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.593402][ T6975] Call Trace: [ 64.596678][ T6975] dump_stack+0x18f/0x20d [ 64.600989][ T6975] check_preemption_disabled+0x20d/0x220 [ 64.606640][ T6975] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.611739][ T6975] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.617180][ T6975] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.622948][ T6975] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.628234][ T6975] ? ext4_ext_release+0x10/0x10 [ 64.633099][ T6975] ? down_write_killable+0x170/0x170 [ 64.638469][ T6975] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.643916][ T6975] ext4_map_blocks+0x4cb/0x1640 [ 64.648750][ T6975] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.653929][ T6975] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.659451][ T6975] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.665410][ T6975] ? prandom_u32_state+0xe/0x170 [ 64.670770][ T6975] ? __brelse+0x84/0xa0 [ 64.674912][ T6975] ? __ext4_new_inode+0x144/0x55e0 [ 64.680011][ T6975] ext4_getblk+0xad/0x520 [ 64.684428][ T6975] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.690228][ T6975] ? ext4_free_inode+0x1700/0x1700 [ 64.695327][ T6975] ext4_bread+0x7c/0x380 [ 64.699548][ T6975] ? ext4_getblk+0x520/0x520 [ 64.704117][ T6975] ? dquot_get_next_dqblk+0x180/0x180 [ 64.709558][ T6975] ext4_append+0x153/0x360 [ 64.713958][ T6975] ext4_mkdir+0x5e0/0xdf0 [ 64.718276][ T6975] ? ext4_rmdir+0xde0/0xde0 [ 64.722779][ T6975] ? security_inode_permission+0xc4/0xf0 [ 64.728393][ T6975] vfs_mkdir+0x419/0x690 [ 64.732649][ T6975] do_mkdirat+0x21e/0x280 [ 64.736956][ T6975] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.741790][ T6975] ? do_syscall_64+0x1c/0xe0 [ 64.746358][ T6975] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.752319][ T6975] do_syscall_64+0x60/0xe0 [ 64.756714][ T6975] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.762585][ T6975] RIP: 0033:0x4b02a0 [ 64.766452][ T6975] Code: Bad RIP value. [ 64.770505][ T6975] RSP: 002b:000000c0003b74b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 64.778902][ T6975] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 64.786866][ T6975] RDX: 00000000000001c0 RSI: 000000c000026d20 RDI: ffffffffffffff9c [ 64.794817][ T6975] RBP: 000000c0003b7510 R08: 0000000000000000 R09: 0000000000000000 [ 64.803502][ T6975] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 64.811468][ T6975] R13: 000000000000006a R14: 0000000000000069 R15: 0000000000000100 [ 64.835357][ T6993] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6993 [ 64.844880][ T6993] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.850879][ T6993] CPU: 1 PID: 6993 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 64.859106][ T6993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.869159][ T6993] Call Trace: [ 64.872455][ T6993] dump_stack+0x18f/0x20d [ 64.876789][ T6993] check_preemption_disabled+0x20d/0x220 [ 64.882419][ T6993] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.887516][ T6993] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.892951][ T6993] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.898660][ T6993] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.903928][ T6993] ? ext4_ext_release+0x10/0x10 [ 64.908770][ T6993] ? down_write_killable+0x170/0x170 [ 64.914048][ T6993] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.919518][ T6993] ext4_map_blocks+0x4cb/0x1640 [ 64.924389][ T6993] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.929598][ T6993] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.935152][ T6993] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.941134][ T6993] ? prandom_u32_state+0xe/0x170 [ 64.946077][ T6993] ? __brelse+0x84/0xa0 [ 64.950235][ T6993] ? __ext4_new_inode+0x144/0x55e0 [ 64.955352][ T6993] ext4_getblk+0xad/0x520 [ 64.959727][ T6993] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.965461][ T6993] ? ext4_free_inode+0x1700/0x1700 [ 64.970584][ T6993] ext4_bread+0x7c/0x380 [ 64.974838][ T6993] ? ext4_getblk+0x520/0x520 [ 64.979459][ T6993] ? dquot_get_next_dqblk+0x180/0x180 [ 64.984843][ T6993] ext4_append+0x153/0x360 [ 64.989270][ T6993] ext4_mkdir+0x5e0/0xdf0 [ 64.993614][ T6993] ? ext4_rmdir+0xde0/0xde0 [ 64.998127][ T6993] ? security_inode_permission+0xc4/0xf0 [ 65.003756][ T6993] vfs_mkdir+0x419/0x690 [ 65.007993][ T6993] do_mkdirat+0x21e/0x280 [ 65.012303][ T6993] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.017140][ T6993] ? do_syscall_64+0x1c/0xe0 [ 65.021708][ T6993] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.027666][ T6993] do_syscall_64+0x60/0xe0 [ 65.032072][ T6993] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.039106][ T6993] RIP: 0033:0x45bee7 [ 65.042977][ T6993] Code: Bad RIP value. [ 65.047018][ T6993] RSP: 002b:00007fffab6bbc08 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 65.055404][ T6993] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 65.063368][ T6993] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007fffab6bbde0 [ 65.071333][ T6993] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003800 [ 65.079294][ T6993] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 65.087264][ T6993] R13: 00007fffab6bbde0 R14: 8421084210842109 R15: 00007fffab6bbdec [ 65.174535][ T6995] IPVS: ftp: loaded support on port[0] = 21 [ 65.216938][ T6995] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6995 [ 65.226444][ T6995] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.232553][ T6995] CPU: 0 PID: 6995 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 65.240818][ T6995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.250872][ T6995] Call Trace: [ 65.254162][ T6995] dump_stack+0x18f/0x20d [ 65.258483][ T6995] check_preemption_disabled+0x20d/0x220 [ 65.264098][ T6995] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.269192][ T6995] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.274643][ T6995] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.280352][ T6995] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.285638][ T6995] ? ext4_ext_release+0x10/0x10 [ 65.290488][ T6995] ? down_write_killable+0x170/0x170 [ 65.295749][ T6995] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.301189][ T6995] ext4_map_blocks+0x4cb/0x1640 [ 65.306029][ T6995] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.311204][ T6995] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.316726][ T6995] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.322682][ T6995] ? prandom_u32_state+0xe/0x170 [ 65.327597][ T6995] ? __brelse+0x84/0xa0 [ 65.331730][ T6995] ? __ext4_new_inode+0x144/0x55e0 [ 65.336891][ T6995] ext4_getblk+0xad/0x520 [ 65.341218][ T6995] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.346981][ T6995] ? ext4_free_inode+0x1700/0x1700 [ 65.352075][ T6995] ext4_bread+0x7c/0x380 [ 65.356312][ T6995] ? ext4_getblk+0x520/0x520 [ 65.360894][ T6995] ? dquot_get_next_dqblk+0x180/0x180 [ 65.366248][ T6995] ext4_append+0x153/0x360 [ 65.370645][ T6995] ext4_mkdir+0x5e0/0xdf0 [ 65.374956][ T6995] ? ext4_rmdir+0xde0/0xde0 [ 65.379438][ T6995] ? security_inode_permission+0xc4/0xf0 [ 65.385053][ T6995] vfs_mkdir+0x419/0x690 [ 65.389277][ T6995] do_mkdirat+0x21e/0x280 [ 65.393601][ T6995] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.398430][ T6995] ? do_syscall_64+0x1c/0xe0 [ 65.403000][ T6995] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.408969][ T6995] do_syscall_64+0x60/0xe0 [ 65.413364][ T6995] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.419246][ T6995] RIP: 0033:0x45bee7 [ 65.423128][ T6995] Code: Bad RIP value. [ 65.427168][ T6995] RSP: 002b:00007fffab6bbaf8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 65.435554][ T6995] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 65.443499][ T6995] RDX: 00007fffab6bbb43 RSI: 00000000000001ff RDI: 00007fffab6bbb40 [ 65.451458][ T6995] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 65.459432][ T6995] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 65.467391][ T6995] R13: 00007fffab6bbb30 R14: 0000000000000000 R15: 00007fffab6bbb40 [ 65.531345][ T6995] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6995 [ 65.540825][ T6995] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.546751][ T6995] CPU: 0 PID: 6995 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 65.558716][ T6995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.568768][ T6995] Call Trace: [ 65.572068][ T6995] dump_stack+0x18f/0x20d [ 65.576413][ T6995] check_preemption_disabled+0x20d/0x220 [ 65.583008][ T6995] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.588141][ T6995] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.593607][ T6995] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.599338][ T6995] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.604639][ T6995] ? ext4_ext_release+0x10/0x10 [ 65.609516][ T6995] ? down_write_killable+0x170/0x170 [ 65.614798][ T6995] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.620275][ T6995] ext4_map_blocks+0x4cb/0x1640 [ 65.625149][ T6995] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.630415][ T6995] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.635959][ T6995] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.641969][ T6995] ? prandom_u32_state+0xe/0x170 [ 65.646891][ T6995] ? __brelse+0x84/0xa0 [ 65.651055][ T6995] ? __ext4_new_inode+0x144/0x55e0 [ 65.656168][ T6995] ext4_getblk+0xad/0x520 [ 65.660479][ T6995] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.666180][ T6995] ? ext4_free_inode+0x1700/0x1700 [ 65.671271][ T6995] ext4_bread+0x7c/0x380 [ 65.675499][ T6995] ? ext4_getblk+0x520/0x520 [ 65.680089][ T6995] ? dquot_get_next_dqblk+0x180/0x180 [ 65.685442][ T6995] ext4_append+0x153/0x360 [ 65.689940][ T6995] ext4_mkdir+0x5e0/0xdf0 [ 65.694267][ T6995] ? ext4_rmdir+0xde0/0xde0 [ 65.698763][ T6995] ? security_inode_permission+0xc4/0xf0 [ 65.704381][ T6995] vfs_mkdir+0x419/0x690 [ 65.708616][ T6995] do_mkdirat+0x21e/0x280 [ 65.712923][ T6995] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.717751][ T6995] ? do_syscall_64+0x1c/0xe0 [ 65.722321][ T6995] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.728292][ T6995] do_syscall_64+0x60/0xe0 [ 65.732686][ T6995] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.738561][ T6995] RIP: 0033:0x45bee7 [ 65.742428][ T6995] Code: Bad RIP value. [ 65.746469][ T6995] RSP: 002b:00007fffab6bbaf8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 65.754868][ T6995] RAX: ffffffffffffffda RBX: 000000000000fff2 RCX: 000000000045bee7 [ 65.762818][ T6995] RDX: 00007fffab6bbb43 RSI: 00000000000001ff RDI: 00007fffab6bbb40 [ 65.770766][ T6995] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/14 20:36:23 building call list... [ 65.778727][ T6995] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 65.786690][ T6995] R13: 00007fffab6bbb30 R14: 000000000000ffe3 R15: 00007fffab6bbb40 [ 66.009877][ T26] tipc: TX() has been purged, node left! [ 66.512172][ T26] ================================================================== [ 66.520414][ T26] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 66.528301][ T26] Write of size 1 at addr ffff88809eb6f9e4 by task kworker/u4:2/26 [ 66.536177][ T26] [ 66.538507][ T26] CPU: 0 PID: 26 Comm: kworker/u4:2 Not tainted 5.7.0-syzkaller #0 [ 66.546387][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.556527][ T26] Workqueue: netns cleanup_net [ 66.561288][ T26] Call Trace: [ 66.564579][ T26] dump_stack+0x18f/0x20d [ 66.568907][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.574446][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.579986][ T26] ? afs_put_call+0xa40/0xa40 [ 66.584664][ T26] print_address_description.constprop.0.cold+0xd3/0x413 [ 66.591709][ T26] ? vprintk_func+0x97/0x1a6 [ 66.596304][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.602027][ T26] kasan_report.cold+0x1f/0x37 [ 66.606793][ T26] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.612440][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.617986][ T26] afs_wake_up_async_call+0x6aa/0x770 [ 66.623352][ T26] ? afs_close_socket+0x320/0x320 [ 66.628374][ T26] ? afs_put_call+0xa40/0xa40 [ 66.633061][ T26] rxrpc_notify_socket+0x1db/0x5d0 [ 66.638176][ T26] ? afs_put_call+0xa40/0xa40 [ 66.642861][ T26] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.649290][ T26] rxrpc_call_completed+0xca/0xf0 [ 66.654335][ T26] rxrpc_discard_prealloc+0x781/0xab0 [ 66.659707][ T26] ? lock_sock_nested+0x94/0x110 [ 66.664650][ T26] rxrpc_listen+0x147/0x360 [ 66.669165][ T26] afs_close_socket+0x95/0x320 [ 66.673934][ T26] ? afs_purge_servers+0x16d/0x300 [ 66.679046][ T26] ? afs_rx_discard_new_call+0x50/0x50 [ 66.684507][ T26] ? init_wait_var_entry+0x200/0x200 [ 66.689796][ T26] ? rcu_read_lock_held_common+0xa0/0xa0 [ 66.695428][ T26] ? check_preemption_disabled+0x38/0x220 [ 66.701147][ T26] afs_net_exit+0x1bc/0x310 [ 66.705660][ T26] ? afs_net_init+0xe30/0xe30 [ 66.710774][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 66.715887][ T26] cleanup_net+0x511/0xa50 [ 66.720349][ T26] ? unregister_pernet_device+0x70/0x70 [ 66.725895][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.734000][ T26] process_one_work+0x965/0x1690 [ 66.738946][ T26] ? lock_release+0x800/0x800 [ 66.743627][ T26] ? pwq_dec_nr_in_flight+0x310/0x310 [ 66.749001][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 66.753957][ T26] worker_thread+0x96/0xe10 [ 66.758471][ T26] ? process_one_work+0x1690/0x1690 [ 66.763672][ T26] kthread+0x3b5/0x4a0 [ 66.767742][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.773470][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.779538][ T26] ret_from_fork+0x1f/0x30 [ 66.783966][ T26] [ 66.786290][ T26] Allocated by task 6995: [ 66.790635][ T26] save_stack+0x1b/0x40 [ 66.794786][ T26] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 66.800413][ T26] kmem_cache_alloc_trace+0x153/0x7d0 [ 66.805782][ T26] afs_alloc_call+0x55/0x630 [ 66.810368][ T26] afs_charge_preallocation+0xe9/0x2d0 [ 66.816695][ T26] afs_open_socket+0x292/0x360 [ 66.822416][ T26] afs_net_init+0xa6c/0xe30 [ 66.826915][ T26] ops_init+0xaf/0x420 [ 66.830976][ T26] setup_net+0x2de/0x860 [ 66.835216][ T26] copy_net_ns+0x293/0x590 [ 66.839629][ T26] create_new_namespaces+0x3fb/0xb30 [ 66.844909][ T26] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 66.850537][ T26] ksys_unshare+0x43d/0x8e0 [ 66.855036][ T26] __x64_sys_unshare+0x2d/0x40 [ 66.859818][ T26] do_syscall_64+0x60/0xe0 [ 66.864234][ T26] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.870110][ T26] [ 66.872448][ T26] Freed by task 26: [ 66.876253][ T26] save_stack+0x1b/0x40 [ 66.880410][ T26] __kasan_slab_free+0xf7/0x140 [ 66.885277][ T26] kfree+0x109/0x2b0 [ 66.889182][ T26] afs_put_call+0x585/0xa40 [ 66.893696][ T26] rxrpc_discard_prealloc+0x764/0xab0 [ 66.899081][ T26] rxrpc_listen+0x147/0x360 [ 66.903588][ T26] afs_close_socket+0x95/0x320 [ 66.908345][ T26] afs_net_exit+0x1bc/0x310 [ 66.912878][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 66.917994][ T26] cleanup_net+0x511/0xa50 [ 66.922410][ T26] process_one_work+0x965/0x1690 [ 66.927343][ T26] worker_thread+0x96/0xe10 [ 66.931845][ T26] kthread+0x3b5/0x4a0 [ 66.935910][ T26] ret_from_fork+0x1f/0x30 [ 66.940402][ T26] [ 66.942734][ T26] The buggy address belongs to the object at ffff88809eb6f800 [ 66.942734][ T26] which belongs to the cache kmalloc-1k of size 1024 [ 66.956775][ T26] The buggy address is located 484 bytes inside of [ 66.956775][ T26] 1024-byte region [ffff88809eb6f800, ffff88809eb6fc00) [ 66.970209][ T26] The buggy address belongs to the page: [ 66.975837][ T26] page:ffffea00027adbc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 66.984935][ T26] flags: 0xfffe0000000200(slab) [ 66.989794][ T26] raw: 00fffe0000000200 ffffea000281d588 ffffea0002718008 ffff8880aa000c40 [ 66.998373][ T26] raw: 0000000000000000 ffff88809eb6f000 0000000100000002 0000000000000000 [ 67.006936][ T26] page dumped because: kasan: bad access detected [ 67.013327][ T26] [ 67.015642][ T26] Memory state around the buggy address: [ 67.025001][ T26] ffff88809eb6f880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.033087][ T26] ffff88809eb6f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.041139][ T26] >ffff88809eb6f980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.049196][ T26] ^ [ 67.056384][ T26] ffff88809eb6fa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.065417][ T26] ffff88809eb6fa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.073737][ T26] ================================================================== [ 67.082747][ T26] Disabling lock debugging due to kernel taint [ 67.088946][ T26] Kernel panic - not syncing: panic_on_warn set ... [ 67.095531][ T26] CPU: 0 PID: 26 Comm: kworker/u4:2 Tainted: G B 5.7.0-syzkaller #0 [ 67.104801][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.114966][ T26] Workqueue: netns cleanup_net [ 67.119741][ T26] Call Trace: [ 67.123023][ T26] dump_stack+0x18f/0x20d [ 67.127348][ T26] ? afs_wake_up_async_call+0x670/0x770 [ 67.132885][ T26] ? afs_put_call+0xa40/0xa40 [ 67.137560][ T26] panic+0x2e3/0x75c [ 67.141454][ T26] ? __warn_printk+0xf3/0xf3 [ 67.146035][ T26] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 67.152185][ T26] ? trace_hardirqs_on+0x55/0x220 [ 67.157201][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.162736][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.168270][ T26] ? afs_put_call+0xa40/0xa40 [ 67.172939][ T26] end_report+0x4d/0x53 [ 67.177100][ T26] kasan_report.cold+0xd/0x37 [ 67.181769][ T26] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.187392][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.192929][ T26] afs_wake_up_async_call+0x6aa/0x770 [ 67.198291][ T26] ? afs_close_socket+0x320/0x320 [ 67.203305][ T26] ? afs_put_call+0xa40/0xa40 [ 67.207983][ T26] rxrpc_notify_socket+0x1db/0x5d0 [ 67.213094][ T26] ? afs_put_call+0xa40/0xa40 [ 67.217777][ T26] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.224206][ T26] rxrpc_call_completed+0xca/0xf0 [ 67.229226][ T26] rxrpc_discard_prealloc+0x781/0xab0 [ 67.234595][ T26] ? lock_sock_nested+0x94/0x110 [ 67.239555][ T26] rxrpc_listen+0x147/0x360 [ 67.244053][ T26] afs_close_socket+0x95/0x320 [ 67.248810][ T26] ? afs_purge_servers+0x16d/0x300 [ 67.253912][ T26] ? afs_rx_discard_new_call+0x50/0x50 [ 67.259364][ T26] ? init_wait_var_entry+0x200/0x200 [ 67.264645][ T26] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.270269][ T26] ? check_preemption_disabled+0x38/0x220 [ 67.275978][ T26] afs_net_exit+0x1bc/0x310 [ 67.280496][ T26] ? afs_net_init+0xe30/0xe30 [ 67.285165][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 67.290285][ T26] cleanup_net+0x511/0xa50 [ 67.294868][ T26] ? unregister_pernet_device+0x70/0x70 [ 67.300418][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.306398][ T26] process_one_work+0x965/0x1690 [ 67.311348][ T26] ? lock_release+0x800/0x800 executing program [ 67.316107][ T26] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.321474][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 67.326407][ T26] worker_thread+0x96/0xe10 [ 67.330906][ T26] ? process_one_work+0x1690/0x1690 [ 67.336096][ T26] kthread+0x3b5/0x4a0 [ 67.340159][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.345868][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.351577][ T26] ret_from_fork+0x1f/0x30 [ 67.357230][ T26] Kernel Offset: disabled [ 67.361545][ T26] Rebooting in 86400 seconds..