[ 55.844831][ T6889] do_syscall_64+0x60/0xe0 [ 55.849260][ T6889] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.855161][ T6889] RIP: 0033:0x7fc14df85687 [ 55.859573][ T6889] Code: Bad RIP value. [ 55.863653][ T6889] RSP: 002b:00007ffc5c238f48 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 55.872162][ T6889] RAX: ffffffffffffffda RBX: 0000562354522985 RCX: 00007fc14df85687 [ 55.880666][ T6889] RDX: 00007ffc5c238e10 RSI: 00000000000001ed RDI: 0000562354522985 [ 55.888678][ T6889] RBP: 00007fc14df85680 R08: 0000000000000100 R09: 0000000000000000 [ 55.896695][ T6889] R10: 0000562354522980 R11: 0000000000000246 R12: 00000000000001ed [ 55.904938][ T6889] R13: 00007ffc5c2390d0 R14: 0000000000000000 R15: 0000000000000000 Warning: Permanently added '10.128.1.18' (ECDSA) to the list of known hosts. 2020/06/16 07:02:16 fuzzer started 2020/06/16 07:02:17 connecting to host at 10.128.0.26:43313 2020/06/16 07:02:17 checking machine... 2020/06/16 07:02:17 checking revisions... 2020/06/16 07:02:17 testing simple program... [ 65.210397][ T6919] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6919 [ 65.219517][ T6919] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.225800][ T6919] CPU: 1 PID: 6919 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 65.234037][ T6919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.244630][ T6919] Call Trace: [ 65.247915][ T6919] dump_stack+0x18f/0x20d [ 65.252242][ T6919] check_preemption_disabled+0x20d/0x220 [ 65.257941][ T6919] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.263087][ T6919] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.268534][ T6919] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.274237][ T6919] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.279516][ T6919] ? ext4_ext_release+0x10/0x10 [ 65.286092][ T6919] ? down_write_killable+0x170/0x170 [ 65.291373][ T6919] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.296835][ T6919] ext4_map_blocks+0x4cb/0x1640 [ 65.301692][ T6919] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.306885][ T6919] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.312422][ T6919] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.318766][ T6919] ? prandom_u32_state+0xe/0x170 [ 65.323987][ T6919] ? __brelse+0x84/0xa0 [ 65.328129][ T6919] ? __ext4_new_inode+0x144/0x55e0 [ 65.333241][ T6919] ext4_getblk+0xad/0x520 [ 65.337578][ T6919] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.343387][ T6919] ? ext4_free_inode+0x1700/0x1700 [ 65.348494][ T6919] ext4_bread+0x7c/0x380 [ 65.352733][ T6919] ? ext4_getblk+0x520/0x520 [ 65.357323][ T6919] ? dquot_get_next_dqblk+0x180/0x180 [ 65.362737][ T6919] ext4_append+0x153/0x360 [ 65.367274][ T6919] ext4_mkdir+0x5e0/0xdf0 [ 65.371625][ T6919] ? ext4_rmdir+0xde0/0xde0 [ 65.376118][ T6919] ? security_inode_permission+0xc4/0xf0 [ 65.381862][ T6919] vfs_mkdir+0x419/0x690 [ 65.386111][ T6919] do_mkdirat+0x21e/0x280 [ 65.390433][ T6919] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.395399][ T6919] ? do_syscall_64+0x1c/0xe0 [ 65.399993][ T6919] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.405963][ T6919] do_syscall_64+0x60/0xe0 [ 65.410382][ T6919] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.416443][ T6919] RIP: 0033:0x4b02a0 [ 65.420312][ T6919] Code: Bad RIP value. [ 65.424374][ T6919] RSP: 002b:000000c0003c34b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 65.432866][ T6919] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 65.440855][ T6919] RDX: 00000000000001c0 RSI: 000000c0000e30a0 RDI: ffffffffffffff9c [ 65.448821][ T6919] RBP: 000000c0003c3510 R08: 0000000000000000 R09: 0000000000000000 [ 65.456799][ T6919] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 65.464775][ T6919] R13: 0000000000000086 R14: 0000000000000085 R15: 0000000000000100 [ 65.496360][ T6928] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6928 [ 65.505979][ T6928] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.512029][ T6928] CPU: 0 PID: 6928 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.520622][ T6928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.530663][ T6928] Call Trace: [ 65.534007][ T6928] dump_stack+0x18f/0x20d [ 65.538350][ T6928] check_preemption_disabled+0x20d/0x220 [ 65.544028][ T6928] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.549141][ T6928] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.554589][ T6928] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.560324][ T6928] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.565622][ T6928] ? ext4_ext_release+0x10/0x10 [ 65.570495][ T6928] ? down_write_killable+0x170/0x170 [ 65.575825][ T6928] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.581374][ T6928] ext4_map_blocks+0x4cb/0x1640 [ 65.586231][ T6928] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.591410][ T6928] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.597197][ T6928] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.603178][ T6928] ? prandom_u32_state+0xe/0x170 [ 65.608098][ T6928] ? __brelse+0x84/0xa0 [ 65.612235][ T6928] ? __ext4_new_inode+0x144/0x55e0 [ 65.617345][ T6928] ext4_getblk+0xad/0x520 [ 65.621807][ T6928] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.627527][ T6928] ? ext4_free_inode+0x1700/0x1700 [ 65.632898][ T6928] ext4_bread+0x7c/0x380 [ 65.637150][ T6928] ? ext4_getblk+0x520/0x520 [ 65.641734][ T6928] ? dquot_get_next_dqblk+0x180/0x180 [ 65.647131][ T6928] ext4_append+0x153/0x360 [ 65.651541][ T6928] ext4_mkdir+0x5e0/0xdf0 [ 65.655887][ T6928] ? ext4_rmdir+0xde0/0xde0 [ 65.660737][ T6928] ? security_inode_permission+0xc4/0xf0 [ 65.666390][ T6928] vfs_mkdir+0x419/0x690 [ 65.671138][ T6928] do_mkdirat+0x21e/0x280 [ 65.675498][ T6928] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.680628][ T6928] ? do_syscall_64+0x1c/0xe0 [ 65.685217][ T6928] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.691195][ T6928] do_syscall_64+0x60/0xe0 [ 65.695781][ T6928] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.701666][ T6928] RIP: 0033:0x45bed7 [ 65.705628][ T6928] Code: Bad RIP value. [ 65.709678][ T6928] RSP: 002b:00007ffc7ac93758 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 65.718074][ T6928] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 65.726049][ T6928] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffc7ac93930 [ 65.734112][ T6928] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 00000000000034c0 [ 65.742074][ T6928] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 65.750046][ T6928] R13: 00007ffc7ac93930 R14: 8421084210842109 R15: 00007ffc7ac9393c [ 65.838617][ T6929] IPVS: ftp: loaded support on port[0] = 21 [ 65.875354][ T6929] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6929 [ 65.885121][ T6929] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.891172][ T6929] CPU: 1 PID: 6929 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.899755][ T6929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.909815][ T6929] Call Trace: [ 65.913109][ T6929] dump_stack+0x18f/0x20d [ 65.917442][ T6929] check_preemption_disabled+0x20d/0x220 [ 65.923072][ T6929] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.928284][ T6929] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.933782][ T6929] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.939837][ T6929] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.945164][ T6929] ? ext4_ext_release+0x10/0x10 [ 65.950030][ T6929] ? down_write_killable+0x170/0x170 [ 65.955303][ T6929] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.960762][ T6929] ext4_map_blocks+0x4cb/0x1640 [ 65.965617][ T6929] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.970827][ T6929] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.976353][ T6929] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.982310][ T6929] ? prandom_u32_state+0xe/0x170 [ 65.987229][ T6929] ? __brelse+0x84/0xa0 [ 65.991364][ T6929] ? __ext4_new_inode+0x144/0x55e0 [ 65.996475][ T6929] ext4_getblk+0xad/0x520 [ 66.000787][ T6929] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.006509][ T6929] ? ext4_free_inode+0x1700/0x1700 [ 66.011602][ T6929] ext4_bread+0x7c/0x380 [ 66.015828][ T6929] ? ext4_getblk+0x520/0x520 [ 66.020443][ T6929] ? dquot_get_next_dqblk+0x180/0x180 [ 66.025829][ T6929] ext4_append+0x153/0x360 [ 66.030255][ T6929] ext4_mkdir+0x5e0/0xdf0 [ 66.034579][ T6929] ? ext4_rmdir+0xde0/0xde0 [ 66.039206][ T6929] ? security_inode_permission+0xc4/0xf0 [ 66.044955][ T6929] vfs_mkdir+0x419/0x690 [ 66.049192][ T6929] do_mkdirat+0x21e/0x280 [ 66.053524][ T6929] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.058384][ T6929] ? do_syscall_64+0x1c/0xe0 [ 66.062979][ T6929] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.068945][ T6929] do_syscall_64+0x60/0xe0 [ 66.073368][ T6929] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.079271][ T6929] RIP: 0033:0x45bed7 [ 66.083137][ T6929] Code: Bad RIP value. [ 66.087188][ T6929] RSP: 002b:00007ffc7ac93648 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 66.095759][ T6929] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 66.103731][ T6929] RDX: 00007ffc7ac93693 RSI: 00000000000001ff RDI: 00007ffc7ac93690 [ 66.111701][ T6929] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 66.119673][ T6929] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 66.127638][ T6929] R13: 00007ffc7ac93680 R14: 0000000000000000 R15: 00007ffc7ac93690 [ 66.183393][ T6929] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6929 [ 66.192879][ T6929] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.198783][ T6929] CPU: 0 PID: 6929 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.207372][ T6929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.217435][ T6929] Call Trace: [ 66.220740][ T6929] dump_stack+0x18f/0x20d [ 66.225095][ T6929] check_preemption_disabled+0x20d/0x220 [ 66.230740][ T6929] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.235882][ T6929] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.241358][ T6929] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.247099][ T6929] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.252511][ T6929] ? ext4_ext_release+0x10/0x10 [ 66.257374][ T6929] ? down_write_killable+0x170/0x170 [ 66.262652][ T6929] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.268222][ T6929] ext4_map_blocks+0x4cb/0x1640 [ 66.273071][ T6929] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.278251][ T6929] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.283801][ T6929] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.289763][ T6929] ? prandom_u32_state+0xe/0x170 [ 66.294687][ T6929] ? __brelse+0x84/0xa0 [ 66.299044][ T6929] ? __ext4_new_inode+0x144/0x55e0 [ 66.304150][ T6929] ext4_getblk+0xad/0x520 [ 66.308471][ T6929] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.314195][ T6929] ? ext4_free_inode+0x1700/0x1700 [ 66.319306][ T6929] ext4_bread+0x7c/0x380 [ 66.323544][ T6929] ? ext4_getblk+0x520/0x520 [ 66.328127][ T6929] ? dquot_get_next_dqblk+0x180/0x180 [ 66.333485][ T6929] ext4_append+0x153/0x360 [ 66.337892][ T6929] ext4_mkdir+0x5e0/0xdf0 [ 66.342230][ T6929] ? ext4_rmdir+0xde0/0xde0 [ 66.346736][ T6929] ? security_inode_permission+0xc4/0xf0 [ 66.352370][ T6929] vfs_mkdir+0x419/0x690 [ 66.356621][ T6929] do_mkdirat+0x21e/0x280 [ 66.360949][ T6929] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.365821][ T6929] ? do_syscall_64+0x1c/0xe0 [ 66.370395][ T6929] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.376382][ T6929] do_syscall_64+0x60/0xe0 [ 66.380805][ T6929] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.386692][ T6929] RIP: 0033:0x45bed7 [ 66.390640][ T6929] Code: Bad RIP value. [ 66.394811][ T6929] RSP: 002b:00007ffc7ac93648 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 66.403212][ T6929] RAX: ffffffffffffffda RBX: 0000000000010278 RCX: 000000000045bed7 [ 66.411299][ T6929] RDX: 00007ffc7ac93693 RSI: 00000000000001ff RDI: 00007ffc7ac93690 [ 66.419346][ T6929] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/16 07:02:18 building call list... [ 66.427302][ T6929] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 66.435269][ T6929] R13: 00007ffc7ac93680 R14: 0000000000010263 R15: 00007ffc7ac93690 [ 66.630793][ T113] tipc: TX() has been purged, node left! [ 67.173027][ T113] ================================================================== [ 67.181290][ T113] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 67.189183][ T113] Write of size 1 at addr ffff8880a878a9e4 by task kworker/u4:3/113 [ 67.197149][ T113] [ 67.199500][ T113] CPU: 0 PID: 113 Comm: kworker/u4:3 Not tainted 5.8.0-rc1-syzkaller #0 [ 67.207833][ T113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.217897][ T113] Workqueue: netns cleanup_net [ 67.222653][ T113] Call Trace: [ 67.225944][ T113] dump_stack+0x18f/0x20d [ 67.230296][ T113] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.235857][ T113] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.241420][ T113] ? afs_put_call+0xa40/0xa40 [ 67.246185][ T113] print_address_description.constprop.0.cold+0xd3/0x413 [ 67.253255][ T113] ? vprintk_func+0x97/0x1a6 [ 67.257847][ T113] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.263392][ T113] kasan_report.cold+0x1f/0x37 [ 67.268175][ T113] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.273806][ T113] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.279441][ T113] afs_wake_up_async_call+0x6aa/0x770 [ 67.284811][ T113] ? afs_close_socket+0x320/0x320 [ 67.289834][ T113] ? afs_put_call+0xa40/0xa40 [ 67.294508][ T113] rxrpc_notify_socket+0x1db/0x5d0 [ 67.299627][ T113] ? afs_put_call+0xa40/0xa40 [ 67.304323][ T113] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.310740][ T113] rxrpc_call_completed+0xca/0xf0 [ 67.315769][ T113] rxrpc_discard_prealloc+0x781/0xab0 [ 67.321146][ T113] ? lock_sock_nested+0x94/0x110 [ 67.326098][ T113] rxrpc_listen+0x147/0x360 [ 67.330602][ T113] afs_close_socket+0x95/0x320 [ 67.335365][ T113] ? afs_purge_servers+0x16d/0x300 [ 67.340481][ T113] ? afs_rx_discard_new_call+0x50/0x50 [ 67.345944][ T113] ? init_wait_var_entry+0x200/0x200 [ 67.351234][ T113] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.356887][ T113] ? check_preemption_disabled+0x38/0x220 [ 67.362609][ T113] afs_net_exit+0x1bc/0x310 [ 67.367114][ T113] ? afs_net_init+0xe30/0xe30 [ 67.371789][ T113] ops_exit_list.isra.0+0xa8/0x150 [ 67.376908][ T113] cleanup_net+0x511/0xa50 [ 67.381327][ T113] ? unregister_pernet_device+0x70/0x70 [ 67.386879][ T113] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.392971][ T113] process_one_work+0x965/0x1690 [ 67.397920][ T113] ? lock_release+0x800/0x800 [ 67.402595][ T113] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.407969][ T113] ? rwlock_bug.part.0+0x90/0x90 [ 67.412918][ T113] worker_thread+0x96/0xe10 [ 67.417437][ T113] ? process_one_work+0x1690/0x1690 [ 67.422654][ T113] kthread+0x3b5/0x4a0 [ 67.426731][ T113] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.433406][ T113] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.439128][ T113] ret_from_fork+0x1f/0x30 [ 67.445206][ T113] [ 67.447548][ T113] Allocated by task 6929: [ 67.451876][ T113] save_stack+0x1b/0x40 [ 67.456127][ T113] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 67.461762][ T113] kmem_cache_alloc_trace+0x153/0x7d0 [ 67.467131][ T113] afs_alloc_call+0x55/0x630 [ 67.471722][ T113] afs_charge_preallocation+0xe9/0x2d0 [ 67.477190][ T113] afs_open_socket+0x292/0x360 [ 67.481948][ T113] afs_net_init+0xa6c/0xe30 [ 67.486443][ T113] ops_init+0xaf/0x420 [ 67.490526][ T113] setup_net+0x2de/0x860 [ 67.494763][ T113] copy_net_ns+0x293/0x590 [ 67.499206][ T113] create_new_namespaces+0x3fb/0xb30 [ 67.504488][ T113] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 67.510122][ T113] ksys_unshare+0x43d/0x8e0 [ 67.514628][ T113] __x64_sys_unshare+0x2d/0x40 [ 67.519387][ T113] do_syscall_64+0x60/0xe0 [ 67.523803][ T113] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.530028][ T113] [ 67.532350][ T113] Freed by task 113: [ 67.536254][ T113] save_stack+0x1b/0x40 [ 67.540407][ T113] __kasan_slab_free+0xf7/0x140 [ 67.545870][ T113] kfree+0x109/0x2b0 [ 67.549796][ T113] afs_put_call+0x585/0xa40 [ 67.554311][ T113] rxrpc_discard_prealloc+0x764/0xab0 [ 67.559697][ T113] rxrpc_listen+0x147/0x360 [ 67.564286][ T113] afs_close_socket+0x95/0x320 [ 67.569063][ T113] afs_net_exit+0x1bc/0x310 [ 67.573598][ T113] ops_exit_list.isra.0+0xa8/0x150 [ 67.578702][ T113] cleanup_net+0x511/0xa50 [ 67.583116][ T113] process_one_work+0x965/0x1690 [ 67.588048][ T113] worker_thread+0x96/0xe10 [ 67.592552][ T113] kthread+0x3b5/0x4a0 [ 67.596619][ T113] ret_from_fork+0x1f/0x30 [ 67.601107][ T113] [ 67.603434][ T113] The buggy address belongs to the object at ffff8880a878a800 [ 67.603434][ T113] which belongs to the cache kmalloc-1k of size 1024 [ 67.617480][ T113] The buggy address is located 484 bytes inside of [ 67.617480][ T113] 1024-byte region [ffff8880a878a800, ffff8880a878ac00) [ 67.631881][ T113] The buggy address belongs to the page: [ 67.637528][ T113] page:ffffea0002a1e280 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 67.646642][ T113] flags: 0xfffe0000000200(slab) [ 67.651491][ T113] raw: 00fffe0000000200 ffffea00024fad08 ffffea00029b2a88 ffff8880aa000c40 [ 67.660069][ T113] raw: 0000000000000000 ffff8880a878a000 0000000100000002 0000000000000000 [ 67.668717][ T113] page dumped because: kasan: bad access detected [ 67.675120][ T113] [ 67.677450][ T113] Memory state around the buggy address: [ 67.683109][ T113] ffff8880a878a880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.691196][ T113] ffff8880a878a900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.699255][ T113] >ffff8880a878a980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.707307][ T113] ^ [ 67.714501][ T113] ffff8880a878aa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.722576][ T113] ffff8880a878aa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.730638][ T113] ================================================================== [ 67.738692][ T113] Disabling lock debugging due to kernel taint [ 67.744880][ T113] Kernel panic - not syncing: panic_on_warn set ... [ 67.751479][ T113] CPU: 0 PID: 113 Comm: kworker/u4:3 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 67.761178][ T113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.771239][ T113] Workqueue: netns cleanup_net [ 67.776076][ T113] Call Trace: [ 67.779383][ T113] dump_stack+0x18f/0x20d [ 67.783706][ T113] ? afs_wake_up_async_call+0x670/0x770 [ 67.789238][ T113] ? afs_put_call+0xa40/0xa40 [ 67.793920][ T113] panic+0x2e3/0x75c [ 67.797808][ T113] ? __warn_printk+0xf3/0xf3 [ 67.802404][ T113] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 67.808755][ T113] ? trace_hardirqs_on+0x55/0x220 [ 67.813792][ T113] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.819330][ T113] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.824863][ T113] ? afs_put_call+0xa40/0xa40 [ 67.829553][ T113] end_report+0x4d/0x53 [ 67.833704][ T113] kasan_report.cold+0xd/0x37 [ 67.838378][ T113] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.844010][ T113] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.849574][ T113] afs_wake_up_async_call+0x6aa/0x770 [ 67.854940][ T113] ? afs_close_socket+0x320/0x320 [ 67.859976][ T113] ? afs_put_call+0xa40/0xa40 [ 67.864654][ T113] rxrpc_notify_socket+0x1db/0x5d0 [ 67.869756][ T113] ? afs_put_call+0xa40/0xa40 [ 67.874426][ T113] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.880836][ T113] rxrpc_call_completed+0xca/0xf0 [ 67.885860][ T113] rxrpc_discard_prealloc+0x781/0xab0 [ 67.891326][ T113] ? lock_sock_nested+0x94/0x110 [ 67.896356][ T113] rxrpc_listen+0x147/0x360 [ 67.900855][ T113] afs_close_socket+0x95/0x320 [ 67.905609][ T113] ? afs_purge_servers+0x16d/0x300 [ 67.910716][ T113] ? afs_rx_discard_new_call+0x50/0x50 [ 67.916185][ T113] ? init_wait_var_entry+0x200/0x200 [ 67.921461][ T113] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.927083][ T113] ? check_preemption_disabled+0x38/0x220 [ 67.932791][ T113] afs_net_exit+0x1bc/0x310 [ 67.937283][ T113] ? afs_net_init+0xe30/0xe30 [ 67.941961][ T113] ops_exit_list.isra.0+0xa8/0x150 [ 67.947075][ T113] cleanup_net+0x511/0xa50 [ 67.951489][ T113] ? unregister_pernet_device+0x70/0x70 [ 67.957137][ T113] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.963141][ T113] process_one_work+0x965/0x1690 [ 67.968105][ T113] ? lock_release+0x800/0x800 [ 67.972791][ T113] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.978158][ T113] ? rwlock_bug.part.0+0x90/0x90 [ 67.983092][ T113] worker_thread+0x96/0xe10 [ 67.987784][ T113] ? process_one_work+0x1690/0x1690 [ 67.992987][ T113] kthread+0x3b5/0x4a0 [ 67.997049][ T113] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.002768][ T113] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.008499][ T113] ret_from_fork+0x1f/0x30 [ 68.014421][ T113] Kernel Offset: disabled [ 68.018798][ T113] Rebooting in 86400 seconds..