[ 58.555773][ T68] process_one_work+0x965/0x1690 [ 58.560728][ T68] ? lock_release+0x800/0x800 [ 58.565413][ T68] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.570801][ T68] ? rwlock_bug.part.0+0x90/0x90 [ 58.575884][ T68] worker_thread+0x96/0xe10 [ 58.580411][ T68] ? process_one_work+0x1690/0x1690 [ 58.585622][ T68] kthread+0x3b5/0x4a0 [ 58.589701][ T68] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.595422][ T68] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.601180][ T68] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.0.229' (ECDSA) to the list of known hosts. 2020/06/16 03:46:03 fuzzer started 2020/06/16 03:46:03 connecting to host at 10.128.0.26:43871 2020/06/16 03:46:03 checking machine... 2020/06/16 03:46:03 checking revisions... 2020/06/16 03:46:03 testing simple program... [ 65.497917][ T6972] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6972 [ 65.507296][ T6972] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.513177][ T6972] CPU: 1 PID: 6972 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 65.521390][ T6972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.531526][ T6972] Call Trace: [ 65.534808][ T6972] dump_stack+0x18f/0x20d [ 65.539557][ T6972] check_preemption_disabled+0x20d/0x220 [ 65.545190][ T6972] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.550293][ T6972] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.555736][ T6972] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.561435][ T6972] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.566711][ T6972] ? ext4_ext_release+0x10/0x10 [ 65.571569][ T6972] ? down_write_killable+0x170/0x170 [ 65.576841][ T6972] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.582293][ T6972] ext4_map_blocks+0x4cb/0x1640 [ 65.587135][ T6972] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.592310][ T6972] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.597834][ T6972] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.603798][ T6972] ? prandom_u32_state+0xe/0x170 [ 65.608830][ T6972] ? __brelse+0x84/0xa0 [ 65.612988][ T6972] ? __ext4_new_inode+0x144/0x55e0 [ 65.618116][ T6972] ext4_getblk+0xad/0x520 [ 65.622437][ T6972] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.628277][ T6972] ? ext4_free_inode+0x1700/0x1700 [ 65.633371][ T6972] ext4_bread+0x7c/0x380 [ 65.637591][ T6972] ? ext4_getblk+0x520/0x520 [ 65.642160][ T6972] ? dquot_get_next_dqblk+0x180/0x180 [ 65.647630][ T6972] ext4_append+0x153/0x360 [ 65.652047][ T6972] ext4_mkdir+0x5e0/0xdf0 [ 65.656367][ T6972] ? ext4_rmdir+0xde0/0xde0 [ 65.660855][ T6972] ? security_inode_permission+0xc4/0xf0 [ 65.666571][ T6972] vfs_mkdir+0x419/0x690 [ 65.670811][ T6972] do_mkdirat+0x21e/0x280 [ 65.675128][ T6972] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.679974][ T6972] ? do_syscall_64+0x1c/0xe0 [ 65.684548][ T6972] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.690524][ T6972] do_syscall_64+0x60/0xe0 [ 65.695042][ T6972] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.700922][ T6972] RIP: 0033:0x4b02a0 [ 65.704865][ T6972] Code: Bad RIP value. [ 65.708922][ T6972] RSP: 002b:000000c0000e54b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 65.717318][ T6972] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 65.726317][ T6972] RDX: 00000000000001c0 RSI: 000000c000027160 RDI: ffffffffffffff9c [ 65.734265][ T6972] RBP: 000000c0000e5510 R08: 0000000000000000 R09: 0000000000000000 [ 65.742220][ T6972] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 65.750166][ T6972] R13: 000000000000008c R14: 000000000000008b R15: 0000000000000100 [ 65.778360][ T6990] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6990 [ 65.787868][ T6990] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.793764][ T6990] CPU: 1 PID: 6990 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.802330][ T6990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.812394][ T6990] Call Trace: [ 65.815705][ T6990] dump_stack+0x18f/0x20d [ 65.820547][ T6990] check_preemption_disabled+0x20d/0x220 [ 65.826181][ T6990] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.831325][ T6990] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.836796][ T6990] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.842516][ T6990] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.847879][ T6990] ? ext4_ext_release+0x10/0x10 [ 65.852899][ T6990] ? down_write_killable+0x170/0x170 [ 65.858184][ T6990] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.863633][ T6990] ext4_map_blocks+0x4cb/0x1640 [ 65.868485][ T6990] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.873756][ T6990] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.879416][ T6990] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.885541][ T6990] ? prandom_u32_state+0xe/0x170 [ 65.890613][ T6990] ? __brelse+0x84/0xa0 [ 65.894771][ T6990] ? __ext4_new_inode+0x144/0x55e0 [ 65.899886][ T6990] ext4_getblk+0xad/0x520 [ 65.904216][ T6990] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.909935][ T6990] ? ext4_free_inode+0x1700/0x1700 [ 65.915301][ T6990] ext4_bread+0x7c/0x380 [ 65.919532][ T6990] ? ext4_getblk+0x520/0x520 [ 65.924213][ T6990] ? dquot_get_next_dqblk+0x180/0x180 [ 65.929591][ T6990] ext4_append+0x153/0x360 [ 65.934010][ T6990] ext4_mkdir+0x5e0/0xdf0 [ 65.938492][ T6990] ? ext4_rmdir+0xde0/0xde0 [ 65.943002][ T6990] ? security_inode_permission+0xc4/0xf0 [ 65.948635][ T6990] vfs_mkdir+0x419/0x690 [ 65.952984][ T6990] do_mkdirat+0x21e/0x280 [ 65.957336][ T6990] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.962788][ T6990] ? do_syscall_64+0x1c/0xe0 [ 65.967366][ T6990] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.973335][ T6990] do_syscall_64+0x60/0xe0 [ 65.977761][ T6990] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.983776][ T6990] RIP: 0033:0x45bed7 [ 65.987645][ T6990] Code: Bad RIP value. [ 65.991705][ T6990] RSP: 002b:00007ffd6a9e1e48 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 66.000126][ T6990] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 66.008088][ T6990] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffd6a9e2020 [ 66.017043][ T6990] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003cc0 [ 66.025097][ T6990] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 66.033177][ T6990] R13: 00007ffd6a9e2020 R14: 8421084210842109 R15: 00007ffd6a9e202c [ 66.121017][ T6991] IPVS: ftp: loaded support on port[0] = 21 [ 66.158069][ T6991] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6991 [ 66.167668][ T6991] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.173683][ T6991] CPU: 0 PID: 6991 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.182263][ T6991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.192310][ T6991] Call Trace: [ 66.195592][ T6991] dump_stack+0x18f/0x20d [ 66.199906][ T6991] check_preemption_disabled+0x20d/0x220 [ 66.205542][ T6991] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.210642][ T6991] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.216092][ T6991] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.221791][ T6991] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.227059][ T6991] ? ext4_ext_release+0x10/0x10 [ 66.231897][ T6991] ? down_write_killable+0x170/0x170 [ 66.237159][ T6991] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.242596][ T6991] ext4_map_blocks+0x4cb/0x1640 [ 66.247430][ T6991] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.252606][ T6991] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.258130][ T6991] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.264086][ T6991] ? prandom_u32_state+0xe/0x170 [ 66.268999][ T6991] ? __brelse+0x84/0xa0 [ 66.273167][ T6991] ? __ext4_new_inode+0x144/0x55e0 [ 66.278268][ T6991] ext4_getblk+0xad/0x520 [ 66.282586][ T6991] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.288379][ T6991] ? ext4_free_inode+0x1700/0x1700 [ 66.293489][ T6991] ext4_bread+0x7c/0x380 [ 66.297721][ T6991] ? ext4_getblk+0x520/0x520 [ 66.302292][ T6991] ? dquot_get_next_dqblk+0x180/0x180 [ 66.307746][ T6991] ext4_append+0x153/0x360 [ 66.312145][ T6991] ext4_mkdir+0x5e0/0xdf0 [ 66.316457][ T6991] ? ext4_rmdir+0xde0/0xde0 [ 66.320961][ T6991] ? security_inode_permission+0xc4/0xf0 [ 66.326575][ T6991] vfs_mkdir+0x419/0x690 [ 66.330796][ T6991] do_mkdirat+0x21e/0x280 [ 66.335106][ T6991] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.339934][ T6991] ? do_syscall_64+0x1c/0xe0 [ 66.344540][ T6991] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.350505][ T6991] do_syscall_64+0x60/0xe0 [ 66.354905][ T6991] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.360771][ T6991] RIP: 0033:0x45bed7 [ 66.364644][ T6991] Code: Bad RIP value. [ 66.368695][ T6991] RSP: 002b:00007ffd6a9e1d38 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 66.377091][ T6991] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 66.385149][ T6991] RDX: 00007ffd6a9e1d83 RSI: 00000000000001ff RDI: 00007ffd6a9e1d80 [ 66.393103][ T6991] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 66.401058][ T6991] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185c0 [ 66.409017][ T6991] R13: 00007ffd6a9e1d70 R14: 0000000000000000 R15: 00007ffd6a9e1d80 [ 66.465019][ T6991] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6991 [ 66.474489][ T6991] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.480391][ T6991] CPU: 1 PID: 6991 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.488974][ T6991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.500335][ T6991] Call Trace: [ 66.503637][ T6991] dump_stack+0x18f/0x20d [ 66.507990][ T6991] check_preemption_disabled+0x20d/0x220 [ 66.513634][ T6991] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.518772][ T6991] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.524240][ T6991] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.529977][ T6991] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.535283][ T6991] ? ext4_ext_release+0x10/0x10 [ 66.540166][ T6991] ? down_write_killable+0x170/0x170 [ 66.545460][ T6991] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.550936][ T6991] ext4_map_blocks+0x4cb/0x1640 [ 66.555791][ T6991] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.561068][ T6991] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.566617][ T6991] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.572752][ T6991] ? prandom_u32_state+0xe/0x170 [ 66.577687][ T6991] ? __brelse+0x84/0xa0 [ 66.581842][ T6991] ? __ext4_new_inode+0x144/0x55e0 [ 66.586947][ T6991] ext4_getblk+0xad/0x520 [ 66.591259][ T6991] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.596962][ T6991] ? ext4_free_inode+0x1700/0x1700 [ 66.602053][ T6991] ext4_bread+0x7c/0x380 [ 66.606273][ T6991] ? ext4_getblk+0x520/0x520 [ 66.610840][ T6991] ? dquot_get_next_dqblk+0x180/0x180 [ 66.616193][ T6991] ext4_append+0x153/0x360 [ 66.620604][ T6991] ext4_mkdir+0x5e0/0xdf0 [ 66.624923][ T6991] ? ext4_rmdir+0xde0/0xde0 [ 66.629409][ T6991] ? security_inode_permission+0xc4/0xf0 [ 66.635024][ T6991] vfs_mkdir+0x419/0x690 [ 66.639248][ T6991] do_mkdirat+0x21e/0x280 [ 66.643572][ T6991] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.648412][ T6991] ? do_syscall_64+0x1c/0xe0 [ 66.652980][ T6991] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.658938][ T6991] do_syscall_64+0x60/0xe0 [ 66.663334][ T6991] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.669202][ T6991] RIP: 0033:0x45bed7 [ 66.673067][ T6991] Code: Bad RIP value. [ 66.677119][ T6991] RSP: 002b:00007ffd6a9e1d38 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 66.685526][ T6991] RAX: ffffffffffffffda RBX: 000000000001039f RCX: 000000000045bed7 [ 66.693498][ T6991] RDX: 00007ffd6a9e1d83 RSI: 00000000000001ff RDI: 00007ffd6a9e1d80 [ 66.701456][ T6991] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/16 03:46:04 building call list... [ 66.709403][ T6991] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 66.717360][ T6991] R13: 00007ffd6a9e1d70 R14: 0000000000010391 R15: 00007ffd6a9e1d80 [ 66.983825][ T68] tipc: TX() has been purged, node left! [ 67.486129][ T68] ================================================================== [ 67.494389][ T68] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 67.502273][ T68] Write of size 1 at addr ffff8880a628b1e4 by task kworker/u4:3/68 [ 67.510143][ T68] [ 67.512471][ T68] CPU: 1 PID: 68 Comm: kworker/u4:3 Not tainted 5.8.0-rc1-syzkaller #0 [ 67.520696][ T68] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.531184][ T68] Workqueue: netns cleanup_net [ 67.535938][ T68] Call Trace: [ 67.539229][ T68] dump_stack+0x18f/0x20d [ 67.543560][ T68] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.549105][ T68] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.554643][ T68] ? afs_put_call+0xa40/0xa40 [ 67.559320][ T68] print_address_description.constprop.0.cold+0xd3/0x413 [ 67.566357][ T68] ? vprintk_func+0x97/0x1a6 [ 67.570947][ T68] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.576489][ T68] kasan_report.cold+0x1f/0x37 [ 67.581261][ T68] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.586885][ T68] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.592452][ T68] afs_wake_up_async_call+0x6aa/0x770 [ 67.597818][ T68] ? afs_close_socket+0x320/0x320 [ 67.602841][ T68] ? afs_put_call+0xa40/0xa40 [ 67.607523][ T68] rxrpc_notify_socket+0x1db/0x5d0 [ 67.617350][ T68] ? afs_put_call+0xa40/0xa40 [ 67.622027][ T68] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.628441][ T68] rxrpc_call_completed+0xca/0xf0 [ 67.633471][ T68] rxrpc_discard_prealloc+0x781/0xab0 [ 67.639102][ T68] ? lock_sock_nested+0x94/0x110 [ 67.644043][ T68] rxrpc_listen+0x147/0x360 [ 67.648565][ T68] afs_close_socket+0x95/0x320 [ 67.653325][ T68] ? afs_purge_servers+0x16d/0x300 [ 67.658699][ T68] ? afs_rx_discard_new_call+0x50/0x50 [ 67.664164][ T68] ? init_wait_var_entry+0x200/0x200 [ 67.669451][ T68] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.675084][ T68] ? check_preemption_disabled+0x38/0x220 [ 67.680842][ T68] afs_net_exit+0x1bc/0x310 [ 67.685344][ T68] ? afs_net_init+0xe30/0xe30 [ 67.690063][ T68] ops_exit_list.isra.0+0xa8/0x150 [ 67.695184][ T68] cleanup_net+0x511/0xa50 [ 67.699611][ T68] ? unregister_pernet_device+0x70/0x70 [ 67.705158][ T68] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.711168][ T68] process_one_work+0x965/0x1690 [ 67.716115][ T68] ? lock_release+0x800/0x800 [ 67.720791][ T68] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.726177][ T68] ? rwlock_bug.part.0+0x90/0x90 [ 67.731131][ T68] worker_thread+0x96/0xe10 [ 67.735652][ T68] ? process_one_work+0x1690/0x1690 [ 67.740847][ T68] kthread+0x3b5/0x4a0 [ 67.745606][ T68] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.751325][ T68] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.757070][ T68] ret_from_fork+0x1f/0x30 [ 67.761493][ T68] [ 67.763829][ T68] Allocated by task 6991: [ 67.768242][ T68] save_stack+0x1b/0x40 [ 67.772399][ T68] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 67.778037][ T68] kmem_cache_alloc_trace+0x153/0x7d0 [ 67.783411][ T68] afs_alloc_call+0x55/0x630 [ 67.788032][ T68] afs_charge_preallocation+0xe9/0x2d0 [ 67.793525][ T68] afs_open_socket+0x292/0x360 [ 67.798310][ T68] afs_net_init+0xa6c/0xe30 [ 67.802842][ T68] ops_init+0xaf/0x420 [ 67.806928][ T68] setup_net+0x2de/0x860 [ 67.811274][ T68] copy_net_ns+0x293/0x590 [ 67.815690][ T68] create_new_namespaces+0x3fb/0xb30 [ 67.820974][ T68] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 67.826600][ T68] ksys_unshare+0x43d/0x8e0 [ 67.831114][ T68] __x64_sys_unshare+0x2d/0x40 [ 67.835879][ T68] do_syscall_64+0x60/0xe0 [ 67.840292][ T68] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.846172][ T68] [ 67.849099][ T68] Freed by task 68: [ 67.853487][ T68] save_stack+0x1b/0x40 [ 67.857730][ T68] __kasan_slab_free+0xf7/0x140 [ 67.862582][ T68] kfree+0x109/0x2b0 [ 67.866493][ T68] afs_put_call+0x585/0xa40 [ 67.870994][ T68] rxrpc_discard_prealloc+0x764/0xab0 [ 67.876373][ T68] rxrpc_listen+0x147/0x360 [ 67.880891][ T68] afs_close_socket+0x95/0x320 [ 67.885657][ T68] afs_net_exit+0x1bc/0x310 [ 67.890161][ T68] ops_exit_list.isra.0+0xa8/0x150 [ 67.895276][ T68] cleanup_net+0x511/0xa50 [ 67.899693][ T68] process_one_work+0x965/0x1690 [ 67.904628][ T68] worker_thread+0x96/0xe10 [ 67.909125][ T68] kthread+0x3b5/0x4a0 [ 67.913192][ T68] ret_from_fork+0x1f/0x30 [ 67.917595][ T68] [ 67.919921][ T68] The buggy address belongs to the object at ffff8880a628b000 [ 67.919921][ T68] which belongs to the cache kmalloc-1k of size 1024 [ 67.933968][ T68] The buggy address is located 484 bytes inside of [ 67.933968][ T68] 1024-byte region [ffff8880a628b000, ffff8880a628b400) [ 67.947342][ T68] The buggy address belongs to the page: [ 67.952987][ T68] page:ffffea000298a2c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 67.962097][ T68] flags: 0xfffe0000000200(slab) [ 67.966953][ T68] raw: 00fffe0000000200 ffffea0002982d48 ffffea000298f048 ffff8880aa000c40 [ 67.975545][ T68] raw: 0000000000000000 ffff8880a628b000 0000000100000002 0000000000000000 [ 67.984122][ T68] page dumped because: kasan: bad access detected [ 67.990528][ T68] [ 67.992847][ T68] Memory state around the buggy address: [ 67.998837][ T68] ffff8880a628b080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.006900][ T68] ffff8880a628b100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.014966][ T68] >ffff8880a628b180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.023731][ T68] ^ [ 68.031104][ T68] ffff8880a628b200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.039186][ T68] ffff8880a628b280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.047328][ T68] ================================================================== [ 68.055384][ T68] Disabling lock debugging due to kernel taint [ 68.063183][ T68] Kernel panic - not syncing: panic_on_warn set ... [ 68.069768][ T68] CPU: 1 PID: 68 Comm: kworker/u4:3 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 68.079384][ T68] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.089610][ T68] Workqueue: netns cleanup_net [ 68.094364][ T68] Call Trace: [ 68.097749][ T68] dump_stack+0x18f/0x20d [ 68.102086][ T68] ? afs_wake_up_async_call+0x670/0x770 [ 68.107625][ T68] ? afs_put_call+0xa40/0xa40 [ 68.112291][ T68] panic+0x2e3/0x75c [ 68.116181][ T68] ? __warn_printk+0xf3/0xf3 [ 68.120766][ T68] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 68.126915][ T68] ? trace_hardirqs_on+0x55/0x220 [ 68.131930][ T68] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.137462][ T68] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.142994][ T68] ? afs_put_call+0xa40/0xa40 [ 68.147665][ T68] end_report+0x4d/0x53 [ 68.151819][ T68] kasan_report.cold+0xd/0x37 [ 68.156495][ T68] ? rcu_read_lock_held_common+0x51/0xa0 [ 68.162641][ T68] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.168184][ T68] afs_wake_up_async_call+0x6aa/0x770 [ 68.173568][ T68] ? afs_close_socket+0x320/0x320 [ 68.178670][ T68] ? afs_put_call+0xa40/0xa40 [ 68.183338][ T68] rxrpc_notify_socket+0x1db/0x5d0 [ 68.188444][ T68] ? afs_put_call+0xa40/0xa40 [ 68.193115][ T68] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 68.199543][ T68] rxrpc_call_completed+0xca/0xf0 [ 68.204586][ T68] rxrpc_discard_prealloc+0x781/0xab0 [ 68.209949][ T68] ? lock_sock_nested+0x94/0x110 [ 68.214881][ T68] rxrpc_listen+0x147/0x360 [ 68.219380][ T68] afs_close_socket+0x95/0x320 [ 68.224142][ T68] ? afs_purge_servers+0x16d/0x300 [ 68.229248][ T68] ? afs_rx_discard_new_call+0x50/0x50 [ 68.234701][ T68] ? init_wait_var_entry+0x200/0x200 [ 68.239980][ T68] ? rcu_read_lock_held_common+0xa0/0xa0 [ 68.245603][ T68] ? check_preemption_disabled+0x38/0x220 [ 68.251315][ T68] afs_net_exit+0x1bc/0x310 [ 68.255808][ T68] ? afs_net_init+0xe30/0xe30 [ 68.260485][ T68] ops_exit_list.isra.0+0xa8/0x150 [ 68.265683][ T68] cleanup_net+0x511/0xa50 [ 68.270128][ T68] ? unregister_pernet_device+0x70/0x70 [ 68.275688][ T68] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.282010][ T68] process_one_work+0x965/0x1690 executing program [ 68.287031][ T68] ? lock_release+0x800/0x800 [ 68.291699][ T68] ? pwq_dec_nr_in_flight+0x310/0x310 [ 68.297061][ T68] ? rwlock_bug.part.0+0x90/0x90 [ 68.302019][ T68] worker_thread+0x96/0xe10 [ 68.306525][ T68] ? process_one_work+0x1690/0x1690 [ 68.311724][ T68] kthread+0x3b5/0x4a0 [ 68.315785][ T68] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.321581][ T68] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.327294][ T68] ret_from_fork+0x1f/0x30 [ 68.332327][ T68] Kernel Offset: disabled [ 68.336656][ T68] Rebooting in 86400 seconds..