[ 57.535288][ T7] process_one_work+0x965/0x1690 [ 57.540237][ T7] ? lock_release+0x800/0x800 [ 57.544909][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.550292][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 57.555231][ T7] worker_thread+0x96/0xe10 [ 57.559806][ T7] ? process_one_work+0x1690/0x1690 [ 57.565002][ T7] kthread+0x3b5/0x4a0 [ 57.569085][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.574796][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.580517][ T7] ret_from_fork+0x1f/0x30 [ 59.600323][ T6794] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6794 [ 59.610189][ T6794] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.616631][ T6794] CPU: 0 PID: 6794 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 59.625223][ T6794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.635473][ T6794] Call Trace: [ 59.638763][ T6794] dump_stack+0x18f/0x20d [ 59.643083][ T6794] check_preemption_disabled+0x20d/0x220 [ 59.648941][ T6794] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.654438][ T6794] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.659927][ T6794] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.665663][ T6794] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.671110][ T6794] ? ext4_ext_release+0x10/0x10 [ 59.676438][ T6794] ? down_write_killable+0x170/0x170 [ 59.681798][ T6794] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.687267][ T6794] ext4_map_blocks+0x4cb/0x1640 [ 59.692117][ T6794] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.697431][ T6794] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.703003][ T6794] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.708982][ T6794] ? prandom_u32_state+0xe/0x170 [ 59.714005][ T6794] ? __brelse+0x84/0xa0 [ 59.718352][ T6794] ? __ext4_new_inode+0x144/0x55e0 [ 59.723617][ T6794] ext4_getblk+0xad/0x520 [ 59.728241][ T6794] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.733959][ T6794] ? ext4_free_inode+0x1700/0x1700 [ 59.739378][ T6794] ext4_bread+0x7c/0x380 [ 59.743623][ T6794] ? ext4_getblk+0x520/0x520 [ 59.748340][ T6794] ? dquot_get_next_dqblk+0x180/0x180 [ 59.753766][ T6794] ext4_append+0x153/0x360 [ 59.758184][ T6794] ext4_mkdir+0x5e0/0xdf0 [ 59.762545][ T6794] ? ext4_rmdir+0xde0/0xde0 [ 59.767053][ T6794] ? security_inode_permission+0xc4/0xf0 [ 59.772822][ T6794] vfs_mkdir+0x419/0x690 [ 59.777189][ T6794] do_mkdirat+0x21e/0x280 [ 59.781563][ T6794] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.786637][ T6794] ? do_syscall_64+0x1c/0xe0 [ 59.791326][ T6794] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.797423][ T6794] do_syscall_64+0x60/0xe0 [ 59.801961][ T6794] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.808015][ T6794] RIP: 0033:0x7fecfaa2a687 [ 59.812555][ T6794] Code: Bad RIP value. [ 59.816801][ T6794] RSP: 002b:00007ffcd70e8c38 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.825209][ T6794] RAX: ffffffffffffffda RBX: 000055b2bc6a6985 RCX: 00007fecfaa2a687 [ 59.833177][ T6794] RDX: 00007ffcd70e8b00 RSI: 00000000000001ed RDI: 000055b2bc6a6985 [ 59.841324][ T6794] RBP: 00007fecfaa2a680 R08: 0000000000000100 R09: 0000000000000000 [ 59.849296][ T6794] R10: 000055b2bc6a6980 R11: 0000000000000246 R12: 00000000000001ed [ 59.857267][ T6794] R13: 00007ffcd70e8dc0 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.35' (ECDSA) to the list of known hosts. 2020/06/16 02:15:00 fuzzer started 2020/06/16 02:15:00 connecting to host at 10.128.0.26:43221 2020/06/16 02:15:00 checking machine... 2020/06/16 02:15:00 checking revisions... 2020/06/16 02:15:00 testing simple program... syzkaller login: [ 64.077220][ T6815] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6815 [ 64.086340][ T6815] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.092235][ T6815] CPU: 1 PID: 6815 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 64.100861][ T6815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.110903][ T6815] Call Trace: [ 64.114184][ T6815] dump_stack+0x18f/0x20d [ 64.118498][ T6815] check_preemption_disabled+0x20d/0x220 [ 64.124128][ T6815] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.129248][ T6815] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.134697][ T6815] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.140416][ T6815] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.145684][ T6815] ? ext4_ext_release+0x10/0x10 [ 64.150560][ T6815] ? down_write_killable+0x170/0x170 [ 64.155866][ T6815] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.161327][ T6815] ext4_map_blocks+0x4cb/0x1640 [ 64.167658][ T6815] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.172937][ T6815] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.178474][ T6815] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.184437][ T6815] ? prandom_u32_state+0xe/0x170 [ 64.189358][ T6815] ? __brelse+0x84/0xa0 [ 64.193491][ T6815] ? __ext4_new_inode+0x144/0x55e0 [ 64.198582][ T6815] ext4_getblk+0xad/0x520 [ 64.202895][ T6815] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.208613][ T6815] ? ext4_free_inode+0x1700/0x1700 [ 64.213702][ T6815] ext4_bread+0x7c/0x380 [ 64.217933][ T6815] ? ext4_getblk+0x520/0x520 [ 64.222501][ T6815] ? dquot_get_next_dqblk+0x180/0x180 [ 64.227868][ T6815] ext4_append+0x153/0x360 [ 64.232274][ T6815] ext4_mkdir+0x5e0/0xdf0 [ 64.236673][ T6815] ? ext4_rmdir+0xde0/0xde0 [ 64.241253][ T6815] ? security_inode_permission+0xc4/0xf0 [ 64.246906][ T6815] vfs_mkdir+0x419/0x690 [ 64.251218][ T6815] do_mkdirat+0x21e/0x280 [ 64.255562][ T6815] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.260414][ T6815] ? do_syscall_64+0x1c/0xe0 [ 64.264989][ T6815] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.270953][ T6815] do_syscall_64+0x60/0xe0 [ 64.275368][ T6815] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.281236][ T6815] RIP: 0033:0x4b02a0 [ 64.285102][ T6815] Code: Bad RIP value. [ 64.289173][ T6815] RSP: 002b:000000c0000d14b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 64.297663][ T6815] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 64.305612][ T6815] RDX: 00000000000001c0 RSI: 000000c0000dab40 RDI: ffffffffffffff9c [ 64.313561][ T6815] RBP: 000000c0000d1510 R08: 0000000000000000 R09: 0000000000000000 [ 64.321518][ T6815] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 64.329464][ T6815] R13: 000000000000005b R14: 000000000000005a R15: 0000000000000100 [ 64.360400][ T6819] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6819 [ 64.369877][ T6819] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.375854][ T6819] CPU: 0 PID: 6819 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.384441][ T6819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.394610][ T6819] Call Trace: [ 64.397909][ T6819] dump_stack+0x18f/0x20d [ 64.402339][ T6819] check_preemption_disabled+0x20d/0x220 [ 64.407969][ T6819] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.413078][ T6819] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.418537][ T6819] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.424272][ T6819] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.429553][ T6819] ? ext4_ext_release+0x10/0x10 [ 64.434410][ T6819] ? down_write_killable+0x170/0x170 [ 64.439770][ T6819] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.445226][ T6819] ext4_map_blocks+0x4cb/0x1640 [ 64.450083][ T6819] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.455282][ T6819] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.460823][ T6819] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.466796][ T6819] ? prandom_u32_state+0xe/0x170 [ 64.471723][ T6819] ? __brelse+0x84/0xa0 [ 64.475858][ T6819] ? __ext4_new_inode+0x144/0x55e0 [ 64.480947][ T6819] ext4_getblk+0xad/0x520 [ 64.485258][ T6819] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.490960][ T6819] ? ext4_free_inode+0x1700/0x1700 [ 64.496053][ T6819] ext4_bread+0x7c/0x380 [ 64.500291][ T6819] ? ext4_getblk+0x520/0x520 [ 64.504860][ T6819] ? dquot_get_next_dqblk+0x180/0x180 [ 64.510221][ T6819] ext4_append+0x153/0x360 [ 64.514626][ T6819] ext4_mkdir+0x5e0/0xdf0 [ 64.518959][ T6819] ? ext4_rmdir+0xde0/0xde0 [ 64.523479][ T6819] ? security_inode_permission+0xc4/0xf0 [ 64.529116][ T6819] vfs_mkdir+0x419/0x690 [ 64.533349][ T6819] do_mkdirat+0x21e/0x280 [ 64.537663][ T6819] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.542510][ T6819] ? do_syscall_64+0x1c/0xe0 [ 64.547109][ T6819] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.553076][ T6819] do_syscall_64+0x60/0xe0 [ 64.557495][ T6819] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.563376][ T6819] RIP: 0033:0x45bed7 [ 64.567275][ T6819] Code: Bad RIP value. [ 64.571321][ T6819] RSP: 002b:00007ffc734f3568 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 64.579714][ T6819] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 64.587670][ T6819] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffc734f3740 [ 64.595636][ T6819] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003a40 [ 64.603594][ T6819] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 64.611555][ T6819] R13: 00007ffc734f3740 R14: 8421084210842109 R15: 00007ffc734f374c [ 64.700556][ T6820] IPVS: ftp: loaded support on port[0] = 21 [ 64.738443][ T6820] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6820 [ 64.747905][ T6820] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.753885][ T6820] CPU: 1 PID: 6820 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.762471][ T6820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.772507][ T6820] Call Trace: [ 64.775790][ T6820] dump_stack+0x18f/0x20d [ 64.780102][ T6820] check_preemption_disabled+0x20d/0x220 [ 64.785712][ T6820] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.790808][ T6820] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.796243][ T6820] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.802006][ T6820] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.807296][ T6820] ? ext4_ext_release+0x10/0x10 [ 64.812155][ T6820] ? down_write_killable+0x170/0x170 [ 64.817433][ T6820] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.822877][ T6820] ext4_map_blocks+0x4cb/0x1640 [ 64.827712][ T6820] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.832907][ T6820] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.838441][ T6820] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.844413][ T6820] ? prandom_u32_state+0xe/0x170 [ 64.849330][ T6820] ? __brelse+0x84/0xa0 [ 64.853464][ T6820] ? __ext4_new_inode+0x144/0x55e0 [ 64.858570][ T6820] ext4_getblk+0xad/0x520 [ 64.862898][ T6820] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.868615][ T6820] ? ext4_free_inode+0x1700/0x1700 [ 64.875120][ T6820] ext4_bread+0x7c/0x380 [ 64.879527][ T6820] ? ext4_getblk+0x520/0x520 [ 64.884111][ T6820] ? dquot_get_next_dqblk+0x180/0x180 [ 64.889465][ T6820] ext4_append+0x153/0x360 [ 64.893871][ T6820] ext4_mkdir+0x5e0/0xdf0 [ 64.898193][ T6820] ? ext4_rmdir+0xde0/0xde0 [ 64.902698][ T6820] ? security_inode_permission+0xc4/0xf0 [ 64.908360][ T6820] vfs_mkdir+0x419/0x690 [ 64.912612][ T6820] do_mkdirat+0x21e/0x280 [ 64.916949][ T6820] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.921803][ T6820] ? do_syscall_64+0x1c/0xe0 [ 64.926396][ T6820] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.932386][ T6820] do_syscall_64+0x60/0xe0 [ 64.936811][ T6820] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.942702][ T6820] RIP: 0033:0x45bed7 [ 64.946595][ T6820] Code: Bad RIP value. [ 64.950663][ T6820] RSP: 002b:00007ffc734f3458 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 64.959081][ T6820] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 64.967057][ T6820] RDX: 00007ffc734f34a3 RSI: 00000000000001ff RDI: 00007ffc734f34a0 [ 64.975029][ T6820] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 64.983007][ T6820] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185c0 [ 64.991010][ T6820] R13: 00007ffc734f3490 R14: 0000000000000000 R15: 00007ffc734f34a0 [ 65.047241][ T6820] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6820 [ 65.058610][ T6820] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.064631][ T6820] CPU: 1 PID: 6820 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.073212][ T6820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.083267][ T6820] Call Trace: [ 65.086570][ T6820] dump_stack+0x18f/0x20d [ 65.090916][ T6820] check_preemption_disabled+0x20d/0x220 [ 65.096557][ T6820] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.101700][ T6820] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.107174][ T6820] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.112921][ T6820] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.118230][ T6820] ? ext4_ext_release+0x10/0x10 [ 65.123133][ T6820] ? down_write_killable+0x170/0x170 [ 65.128429][ T6820] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.133897][ T6820] ext4_map_blocks+0x4cb/0x1640 [ 65.138743][ T6820] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.143946][ T6820] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.149473][ T6820] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.155453][ T6820] ? prandom_u32_state+0xe/0x170 [ 65.160379][ T6820] ? __brelse+0x84/0xa0 [ 65.164514][ T6820] ? __ext4_new_inode+0x144/0x55e0 [ 65.169606][ T6820] ext4_getblk+0xad/0x520 [ 65.173919][ T6820] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.179643][ T6820] ? ext4_free_inode+0x1700/0x1700 [ 65.185442][ T6820] ext4_bread+0x7c/0x380 [ 65.189679][ T6820] ? ext4_getblk+0x520/0x520 [ 65.194263][ T6820] ? dquot_get_next_dqblk+0x180/0x180 [ 65.200097][ T6820] ext4_append+0x153/0x360 [ 65.204504][ T6820] ext4_mkdir+0x5e0/0xdf0 [ 65.208825][ T6820] ? ext4_rmdir+0xde0/0xde0 [ 65.213329][ T6820] ? security_inode_permission+0xc4/0xf0 [ 65.218944][ T6820] vfs_mkdir+0x419/0x690 [ 65.223169][ T6820] do_mkdirat+0x21e/0x280 [ 65.227540][ T6820] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.232410][ T6820] ? do_syscall_64+0x1c/0xe0 [ 65.237086][ T6820] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.243054][ T6820] do_syscall_64+0x60/0xe0 [ 65.247662][ T6820] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.253534][ T6820] RIP: 0033:0x45bed7 [ 65.257421][ T6820] Code: Bad RIP value. [ 65.261474][ T6820] RSP: 002b:00007ffc734f3458 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 65.269872][ T6820] RAX: ffffffffffffffda RBX: 000000000000fe0f RCX: 000000000045bed7 [ 65.277847][ T6820] RDX: 00007ffc734f34a3 RSI: 00000000000001ff RDI: 00007ffc734f34a0 [ 65.285808][ T6820] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 65.293763][ T6820] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 65.301730][ T6820] R13: 00007ffc734f3490 R14: 000000000000fe06 R15: 00007ffc734f34a0 2020/06/16 02:15:01 building call list... [ 65.552558][ T7] tipc: TX() has been purged, node left! [ 66.064897][ T7] ================================================================== [ 66.073127][ T7] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 66.081031][ T7] Write of size 1 at addr ffff88809f6c01e4 by task kworker/u4:0/7 [ 66.088821][ T7] [ 66.091152][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.099291][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.109345][ T7] Workqueue: netns cleanup_net [ 66.114101][ T7] Call Trace: [ 66.117395][ T7] dump_stack+0x18f/0x20d [ 66.121727][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.127266][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.132805][ T7] ? afs_put_call+0xa40/0xa40 [ 66.137480][ T7] print_address_description.constprop.0.cold+0xd3/0x413 [ 66.144506][ T7] ? vprintk_func+0x97/0x1a6 [ 66.149100][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.154658][ T7] kasan_report.cold+0x1f/0x37 [ 66.159424][ T7] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.165060][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.170603][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 66.175987][ T7] ? afs_close_socket+0x320/0x320 [ 66.181015][ T7] ? afs_put_call+0xa40/0xa40 [ 66.185688][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 66.190975][ T7] ? afs_put_call+0xa40/0xa40 [ 66.195666][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.202078][ T7] rxrpc_call_completed+0xca/0xf0 [ 66.207104][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 66.212477][ T7] ? lock_sock_nested+0x94/0x110 [ 66.217420][ T7] rxrpc_listen+0x147/0x360 [ 66.221921][ T7] afs_close_socket+0x95/0x320 [ 66.226682][ T7] ? afs_purge_servers+0x16d/0x300 [ 66.231792][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 66.237252][ T7] ? init_wait_var_entry+0x200/0x200 [ 66.242552][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 66.248190][ T7] ? check_preemption_disabled+0x38/0x220 [ 66.253911][ T7] afs_net_exit+0x1bc/0x310 [ 66.258426][ T7] ? afs_net_init+0xe30/0xe30 [ 66.263099][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 66.268210][ T7] cleanup_net+0x511/0xa50 [ 66.272629][ T7] ? unregister_pernet_device+0x70/0x70 [ 66.278176][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.284164][ T7] process_one_work+0x965/0x1690 [ 66.289202][ T7] ? lock_release+0x800/0x800 [ 66.293875][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 66.299252][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 66.304210][ T7] worker_thread+0x96/0xe10 [ 66.308728][ T7] ? process_one_work+0x1690/0x1690 [ 66.313927][ T7] kthread+0x3b5/0x4a0 [ 66.317994][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.323721][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.329441][ T7] ret_from_fork+0x1f/0x30 [ 66.333864][ T7] [ 66.336271][ T7] Allocated by task 6820: [ 66.340597][ T7] save_stack+0x1b/0x40 [ 66.344752][ T7] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 66.350386][ T7] kmem_cache_alloc_trace+0x153/0x7d0 [ 66.355765][ T7] afs_alloc_call+0x55/0x630 [ 66.360361][ T7] afs_charge_preallocation+0xe9/0x2d0 [ 66.368161][ T7] afs_open_socket+0x292/0x360 [ 66.372919][ T7] afs_net_init+0xa6c/0xe30 [ 66.377416][ T7] ops_init+0xaf/0x420 [ 66.381488][ T7] setup_net+0x2de/0x860 [ 66.385732][ T7] copy_net_ns+0x293/0x590 [ 66.390239][ T7] create_new_namespaces+0x3fb/0xb30 [ 66.395525][ T7] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 66.401168][ T7] ksys_unshare+0x43d/0x8e0 [ 66.405716][ T7] __x64_sys_unshare+0x2d/0x40 [ 66.410502][ T7] do_syscall_64+0x60/0xe0 [ 66.414936][ T7] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.420816][ T7] [ 66.423135][ T7] Freed by task 7: [ 66.426854][ T7] save_stack+0x1b/0x40 [ 66.431007][ T7] __kasan_slab_free+0xf7/0x140 [ 66.435854][ T7] kfree+0x109/0x2b0 [ 66.439746][ T7] afs_put_call+0x585/0xa40 [ 66.444245][ T7] rxrpc_discard_prealloc+0x764/0xab0 [ 66.449613][ T7] rxrpc_listen+0x147/0x360 [ 66.454110][ T7] afs_close_socket+0x95/0x320 [ 66.458878][ T7] afs_net_exit+0x1bc/0x310 [ 66.463385][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 66.468496][ T7] cleanup_net+0x511/0xa50 [ 66.473094][ T7] process_one_work+0x965/0x1690 [ 66.478059][ T7] worker_thread+0x96/0xe10 [ 66.482567][ T7] kthread+0x3b5/0x4a0 [ 66.486646][ T7] ret_from_fork+0x1f/0x30 [ 66.491057][ T7] [ 66.493502][ T7] The buggy address belongs to the object at ffff88809f6c0000 [ 66.493502][ T7] which belongs to the cache kmalloc-1k of size 1024 [ 66.507576][ T7] The buggy address is located 484 bytes inside of [ 66.507576][ T7] 1024-byte region [ffff88809f6c0000, ffff88809f6c0400) [ 66.520924][ T7] The buggy address belongs to the page: [ 66.526573][ T7] page:ffffea00027db000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 66.535681][ T7] flags: 0xfffe0000000200(slab) [ 66.540529][ T7] raw: 00fffe0000000200 ffffea00024dd588 ffffea000278e548 ffff8880aa000c40 [ 66.549104][ T7] raw: 0000000000000000 ffff88809f6c0000 0000000100000002 0000000000000000 [ 66.557780][ T7] page dumped because: kasan: bad access detected [ 66.564185][ T7] [ 66.566501][ T7] Memory state around the buggy address: [ 66.572125][ T7] ffff88809f6c0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.580177][ T7] ffff88809f6c0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.588252][ T7] >ffff88809f6c0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.596317][ T7] ^ [ 66.603846][ T7] ffff88809f6c0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.611917][ T7] ffff88809f6c0280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.620103][ T7] ================================================================== [ 66.628162][ T7] Disabling lock debugging due to kernel taint [ 66.634387][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 66.640977][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 66.650499][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.660566][ T7] Workqueue: netns cleanup_net [ 66.665342][ T7] Call Trace: [ 66.668643][ T7] dump_stack+0x18f/0x20d [ 66.673026][ T7] ? afs_wake_up_async_call+0x670/0x770 [ 66.678593][ T7] ? afs_put_call+0xa40/0xa40 [ 66.683269][ T7] panic+0x2e3/0x75c [ 66.687155][ T7] ? __warn_printk+0xf3/0xf3 [ 66.691736][ T7] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 66.697903][ T7] ? trace_hardirqs_on+0x55/0x220 [ 66.703033][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.708585][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.714119][ T7] ? afs_put_call+0xa40/0xa40 [ 66.718792][ T7] end_report+0x4d/0x53 [ 66.725464][ T7] kasan_report.cold+0xd/0x37 [ 66.730137][ T7] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.735782][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.741311][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 66.746688][ T7] ? afs_close_socket+0x320/0x320 [ 66.751764][ T7] ? afs_put_call+0xa40/0xa40 [ 66.756451][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 66.761561][ T7] ? afs_put_call+0xa40/0xa40 [ 66.766232][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.772654][ T7] rxrpc_call_completed+0xca/0xf0 [ 66.777677][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 66.783049][ T7] ? lock_sock_nested+0x94/0x110 [ 66.787989][ T7] rxrpc_listen+0x147/0x360 [ 66.793178][ T7] afs_close_socket+0x95/0x320 [ 66.797929][ T7] ? afs_purge_servers+0x16d/0x300 [ 66.803024][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 66.808469][ T7] ? init_wait_var_entry+0x200/0x200 [ 66.813749][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 66.819391][ T7] ? check_preemption_disabled+0x38/0x220 [ 66.825104][ T7] afs_net_exit+0x1bc/0x310 [ 66.829591][ T7] ? afs_net_init+0xe30/0xe30 [ 66.834270][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 66.839453][ T7] cleanup_net+0x511/0xa50 [ 66.843862][ T7] ? unregister_pernet_device+0x70/0x70 [ 66.849402][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.855373][ T7] process_one_work+0x965/0x1690 [ 66.860325][ T7] ? lock_release+0x800/0x800 [ 66.864985][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 66.870337][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 66.875277][ T7] worker_thread+0x96/0xe10 [ 66.879788][ T7] ? process_one_work+0x1690/0x1690 [ 66.884996][ T7] kthread+0x3b5/0x4a0 [ 66.889053][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.894754][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.900488][ T7] ret_from_fork+0x1f/0x30 [ 66.906263][ T7] Kernel Offset: disabled [ 66.910585][ T7] Rebooting in 86400 seconds..