[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ 60.931522][ T6736] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6736 [ 60.941278][ T6736] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.948148][ T6736] CPU: 0 PID: 6736 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 60.959552][ T6736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.970131][ T6736] Call Trace: [ 60.973794][ T6736] dump_stack+0x18f/0x20d [ 60.978313][ T6736] check_preemption_disabled+0x20d/0x220 [ 60.984039][ T6736] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.989357][ T6736] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.998106][ T6736] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.004217][ T6736] ext4_ext_map_blocks+0x201b/0x33e0 [ 61.009699][ T6736] ? ext4_ext_release+0x10/0x10 [ 61.017429][ T6736] ? down_write_killable+0x170/0x170 [ 61.023068][ T6736] ? ext4_es_lookup_extent+0x41d/0xd10 [ 61.028991][ T6736] ext4_map_blocks+0x4cb/0x1640 [ 61.033850][ T6736] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.039068][ T6736] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.044690][ T6736] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.050669][ T6736] ? prandom_u32_state+0xe/0x170 [ 61.055872][ T6736] ? __brelse+0x84/0xa0 [ 61.060013][ T6736] ? __ext4_new_inode+0x144/0x55e0 [ 61.065407][ T6736] ext4_getblk+0xad/0x520 [ 61.069746][ T6736] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.075766][ T6736] ? ext4_free_inode+0x1700/0x1700 [ 61.080977][ T6736] ext4_bread+0x7c/0x380 [ 61.085586][ T6736] ? ext4_getblk+0x520/0x520 [ 61.090562][ T6736] ? dquot_get_next_dqblk+0x180/0x180 [ 61.096814][ T6736] ext4_append+0x153/0x360 [ 61.101434][ T6736] ext4_mkdir+0x5e0/0xdf0 [ 61.105759][ T6736] ? ext4_rmdir+0xde0/0xde0 [ 61.110366][ T6736] ? security_inode_permission+0xc4/0xf0 [ 61.116066][ T6736] vfs_mkdir+0x419/0x690 [ 61.120338][ T6736] do_mkdirat+0x21e/0x280 [ 61.124953][ T6736] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.129914][ T6736] ? do_syscall_64+0x1c/0xe0 [ 61.134693][ T6736] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.140661][ T6736] do_syscall_64+0x60/0xe0 [ 61.145085][ T6736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.153685][ T6736] RIP: 0033:0x7f300c55b687 [ 61.158890][ T6736] Code: Bad RIP value. [ 61.163038][ T6736] RSP: 002b:00007ffc670b37e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 61.172184][ T6736] RAX: ffffffffffffffda RBX: 00005646ecb0a985 RCX: 00007f300c55b687 [ 61.180675][ T6736] RDX: 00007ffc670b36b0 RSI: 00000000000001ed RDI: 00005646ecb0a985 [ 61.188949][ T6736] RBP: 00007f300c55b680 R08: 0000000000000100 R09: 0000000000000000 [ 61.197719][ T6736] R10: 00005646ecb0a980 R11: 0000000000000246 R12: 00000000000001ed [ 61.206216][ T6736] R13: 00007ffc670b3970 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.59' (ECDSA) to the list of known hosts. 2020/06/15 20:43:45 fuzzer started 2020/06/15 20:43:45 connecting to host at 10.128.0.26:37259 2020/06/15 20:43:45 checking machine... 2020/06/15 20:43:45 checking revisions... 2020/06/15 20:43:45 testing simple program... syzkaller login: [ 66.055089][ T6808] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6808 [ 66.064424][ T6808] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.070481][ T6808] CPU: 1 PID: 6808 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 66.078702][ T6808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.088737][ T6808] Call Trace: [ 66.092023][ T6808] dump_stack+0x18f/0x20d [ 66.096352][ T6808] check_preemption_disabled+0x20d/0x220 [ 66.101966][ T6808] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.107082][ T6808] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.112572][ T6808] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.118286][ T6808] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.123582][ T6808] ? ext4_ext_release+0x10/0x10 [ 66.128421][ T6808] ? down_write_killable+0x170/0x170 [ 66.133685][ T6808] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.139136][ T6808] ext4_map_blocks+0x4cb/0x1640 [ 66.143964][ T6808] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.149137][ T6808] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.154660][ T6808] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.160616][ T6808] ? prandom_u32_state+0xe/0x170 [ 66.165531][ T6808] ? __brelse+0x84/0xa0 [ 66.169674][ T6808] ? __ext4_new_inode+0x144/0x55e0 [ 66.174776][ T6808] ext4_getblk+0xad/0x520 [ 66.179135][ T6808] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.184855][ T6808] ? ext4_free_inode+0x1700/0x1700 [ 66.190205][ T6808] ext4_bread+0x7c/0x380 [ 66.195266][ T6808] ? ext4_getblk+0x520/0x520 [ 66.200647][ T6808] ? dquot_get_next_dqblk+0x180/0x180 [ 66.206755][ T6808] ext4_append+0x153/0x360 [ 66.211367][ T6808] ext4_mkdir+0x5e0/0xdf0 [ 66.215926][ T6808] ? ext4_rmdir+0xde0/0xde0 [ 66.220902][ T6808] ? security_inode_permission+0xc4/0xf0 [ 66.227081][ T6808] vfs_mkdir+0x419/0x690 [ 66.231570][ T6808] do_mkdirat+0x21e/0x280 [ 66.236118][ T6808] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.241071][ T6808] ? do_syscall_64+0x1c/0xe0 [ 66.245699][ T6808] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.252732][ T6808] do_syscall_64+0x60/0xe0 [ 66.257976][ T6808] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.265096][ T6808] RIP: 0033:0x4b02a0 [ 66.269264][ T6808] Code: Bad RIP value. [ 66.273401][ T6808] RSP: 002b:000000c0000df4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 66.282249][ T6808] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 66.290558][ T6808] RDX: 00000000000001c0 RSI: 000000c0002c82a0 RDI: ffffffffffffff9c [ 66.298609][ T6808] RBP: 000000c0000df510 R08: 0000000000000000 R09: 0000000000000000 [ 66.306824][ T6808] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 66.316021][ T6808] R13: 0000000000000016 R14: 0000000000000015 R15: 0000000000000100 [ 66.347108][ T6824] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6824 [ 66.357334][ T6824] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.363780][ T6824] CPU: 1 PID: 6824 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.372482][ T6824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.385283][ T6824] Call Trace: [ 66.388783][ T6824] dump_stack+0x18f/0x20d [ 66.393206][ T6824] check_preemption_disabled+0x20d/0x220 [ 66.399350][ T6824] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.404540][ T6824] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.410205][ T6824] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.416389][ T6824] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.422183][ T6824] ? ext4_ext_release+0x10/0x10 [ 66.428515][ T6824] ? down_write_killable+0x170/0x170 [ 66.433792][ T6824] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.439238][ T6824] ext4_map_blocks+0x4cb/0x1640 [ 66.444092][ T6824] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.450700][ T6824] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.456488][ T6824] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.464680][ T6824] ? prandom_u32_state+0xe/0x170 [ 66.469740][ T6824] ? __brelse+0x84/0xa0 [ 66.473938][ T6824] ? __ext4_new_inode+0x144/0x55e0 [ 66.481680][ T6824] ext4_getblk+0xad/0x520 [ 66.486021][ T6824] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.492045][ T6824] ? ext4_free_inode+0x1700/0x1700 [ 66.498770][ T6824] ext4_bread+0x7c/0x380 [ 66.503802][ T6824] ? ext4_getblk+0x520/0x520 [ 66.509111][ T6824] ? dquot_get_next_dqblk+0x180/0x180 [ 66.515059][ T6824] ext4_append+0x153/0x360 [ 66.519676][ T6824] ext4_mkdir+0x5e0/0xdf0 [ 66.524203][ T6824] ? ext4_rmdir+0xde0/0xde0 [ 66.528890][ T6824] ? security_inode_permission+0xc4/0xf0 [ 66.534624][ T6824] vfs_mkdir+0x419/0x690 [ 66.538887][ T6824] do_mkdirat+0x21e/0x280 [ 66.543225][ T6824] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.548082][ T6824] ? do_syscall_64+0x1c/0xe0 [ 66.552678][ T6824] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.558658][ T6824] do_syscall_64+0x60/0xe0 [ 66.563056][ T6824] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.569036][ T6824] RIP: 0033:0x45bed7 [ 66.572948][ T6824] Code: Bad RIP value. [ 66.577040][ T6824] RSP: 002b:00007fff1d2d2f38 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 66.585439][ T6824] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 66.593414][ T6824] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007fff1d2d3110 [ 66.601378][ T6824] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002d00 [ 66.609339][ T6824] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 66.617298][ T6824] R13: 00007fff1d2d3110 R14: 8421084210842109 R15: 00007fff1d2d311c [ 66.701550][ T6826] IPVS: ftp: loaded support on port[0] = 21 [ 66.740498][ T6826] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6826 [ 66.750110][ T6826] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.756094][ T6826] CPU: 0 PID: 6826 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.764681][ T6826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.774713][ T6826] Call Trace: [ 66.777987][ T6826] dump_stack+0x18f/0x20d [ 66.782301][ T6826] check_preemption_disabled+0x20d/0x220 [ 66.787910][ T6826] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.793006][ T6826] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.798452][ T6826] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.804165][ T6826] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.809452][ T6826] ? ext4_ext_release+0x10/0x10 [ 66.814303][ T6826] ? down_write_killable+0x170/0x170 [ 66.819583][ T6826] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.825049][ T6826] ext4_map_blocks+0x4cb/0x1640 [ 66.829919][ T6826] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.835116][ T6826] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.840642][ T6826] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.846610][ T6826] ? prandom_u32_state+0xe/0x170 [ 66.851528][ T6826] ? __brelse+0x84/0xa0 [ 66.855662][ T6826] ? __ext4_new_inode+0x144/0x55e0 [ 66.860750][ T6826] ext4_getblk+0xad/0x520 [ 66.865058][ T6826] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.870769][ T6826] ? ext4_free_inode+0x1700/0x1700 [ 66.875861][ T6826] ext4_bread+0x7c/0x380 [ 66.880091][ T6826] ? ext4_getblk+0x520/0x520 [ 66.884666][ T6826] ? dquot_get_next_dqblk+0x180/0x180 [ 66.890035][ T6826] ext4_append+0x153/0x360 [ 66.894443][ T6826] ext4_mkdir+0x5e0/0xdf0 [ 66.898770][ T6826] ? ext4_rmdir+0xde0/0xde0 [ 66.903268][ T6826] ? security_inode_permission+0xc4/0xf0 [ 66.908901][ T6826] vfs_mkdir+0x419/0x690 [ 66.913125][ T6826] do_mkdirat+0x21e/0x280 [ 66.917445][ T6826] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.922276][ T6826] ? do_syscall_64+0x1c/0xe0 [ 66.927327][ T6826] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.933314][ T6826] do_syscall_64+0x60/0xe0 [ 66.937710][ T6826] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.943585][ T6826] RIP: 0033:0x45bed7 [ 66.947463][ T6826] Code: Bad RIP value. [ 66.951507][ T6826] RSP: 002b:00007fff1d2d2e28 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 66.960073][ T6826] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 66.968052][ T6826] RDX: 00007fff1d2d2e73 RSI: 00000000000001ff RDI: 00007fff1d2d2e70 [ 66.976005][ T6826] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 66.984061][ T6826] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 66.992022][ T6826] R13: 00007fff1d2d2e60 R14: 0000000000000000 R15: 00007fff1d2d2e70 [ 67.047500][ T6826] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6826 [ 67.056993][ T6826] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.062986][ T6826] CPU: 0 PID: 6826 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 67.072010][ T6826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.082190][ T6826] Call Trace: [ 67.085488][ T6826] dump_stack+0x18f/0x20d [ 67.089836][ T6826] check_preemption_disabled+0x20d/0x220 [ 67.095565][ T6826] ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.100700][ T6826] ? ext4_ext_search_right+0x2ca/0xb20 [ 67.106176][ T6826] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 67.111937][ T6826] ext4_ext_map_blocks+0x201b/0x33e0 [ 67.117244][ T6826] ? ext4_ext_release+0x10/0x10 [ 67.122131][ T6826] ? down_write_killable+0x170/0x170 [ 67.127515][ T6826] ? ext4_es_lookup_extent+0x41d/0xd10 [ 67.132987][ T6826] ext4_map_blocks+0x4cb/0x1640 [ 67.137878][ T6826] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 67.143639][ T6826] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 67.149188][ T6826] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.155158][ T6826] ? prandom_u32_state+0xe/0x170 [ 67.160423][ T6826] ? __brelse+0x84/0xa0 [ 67.164568][ T6826] ? __ext4_new_inode+0x144/0x55e0 [ 67.169747][ T6826] ext4_getblk+0xad/0x520 [ 67.174087][ T6826] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 67.179822][ T6826] ? ext4_free_inode+0x1700/0x1700 [ 67.184935][ T6826] ext4_bread+0x7c/0x380 [ 67.189161][ T6826] ? ext4_getblk+0x520/0x520 [ 67.193731][ T6826] ? dquot_get_next_dqblk+0x180/0x180 [ 67.199193][ T6826] ext4_append+0x153/0x360 [ 67.203603][ T6826] ext4_mkdir+0x5e0/0xdf0 [ 67.207924][ T6826] ? ext4_rmdir+0xde0/0xde0 [ 67.212404][ T6826] ? security_inode_permission+0xc4/0xf0 [ 67.218032][ T6826] vfs_mkdir+0x419/0x690 [ 67.222379][ T6826] do_mkdirat+0x21e/0x280 [ 67.227070][ T6826] ? __ia32_sys_mknod+0xb0/0xb0 [ 67.231934][ T6826] ? do_syscall_64+0x1c/0xe0 [ 67.236521][ T6826] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.242486][ T6826] do_syscall_64+0x60/0xe0 [ 67.246885][ T6826] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.252945][ T6826] RIP: 0033:0x45bed7 [ 67.256813][ T6826] Code: Bad RIP value. [ 67.260850][ T6826] RSP: 002b:00007fff1d2d2e28 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 67.269338][ T6826] RAX: ffffffffffffffda RBX: 00000000000105cc RCX: 000000000045bed7 [ 67.277399][ T6826] RDX: 00007fff1d2d2e73 RSI: 00000000000001ff RDI: 00007fff1d2d2e70 [ 67.285449][ T6826] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/15 20:43:47 building call list... [ 67.293422][ T6826] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 67.301435][ T6826] R13: 00007fff1d2d2e60 R14: 00000000000105c7 R15: 00007fff1d2d2e70 [ 67.501240][ T21] tipc: TX() has been purged, node left! [ 68.003518][ T21] ================================================================== [ 68.011768][ T21] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 68.019654][ T21] Write of size 1 at addr ffff88809fb849e4 by task kworker/u4:1/21 [ 68.027545][ T21] [ 68.029881][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 68.038195][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.048252][ T21] Workqueue: netns cleanup_net [ 68.053005][ T21] Call Trace: [ 68.056294][ T21] dump_stack+0x18f/0x20d [ 68.060625][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.066164][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.071717][ T21] ? afs_put_call+0xa40/0xa40 [ 68.076393][ T21] print_address_description.constprop.0.cold+0xd3/0x413 [ 68.083440][ T21] ? vprintk_func+0x97/0x1a6 [ 68.088033][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.093576][ T21] kasan_report.cold+0x1f/0x37 [ 68.098343][ T21] ? rcu_read_lock_held_common+0x51/0xa0 [ 68.103970][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.109517][ T21] afs_wake_up_async_call+0x6aa/0x770 [ 68.114882][ T21] ? afs_close_socket+0x320/0x320 [ 68.119912][ T21] ? afs_put_call+0xa40/0xa40 [ 68.124588][ T21] rxrpc_notify_socket+0x1db/0x5d0 [ 68.131265][ T21] ? afs_put_call+0xa40/0xa40 [ 68.135940][ T21] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 68.142527][ T21] rxrpc_call_completed+0xca/0xf0 [ 68.147560][ T21] rxrpc_discard_prealloc+0x781/0xab0 [ 68.152932][ T21] ? lock_sock_nested+0x94/0x110 [ 68.157873][ T21] rxrpc_listen+0x147/0x360 [ 68.162378][ T21] afs_close_socket+0x95/0x320 [ 68.167136][ T21] ? afs_purge_servers+0x16d/0x300 [ 68.172265][ T21] ? afs_rx_discard_new_call+0x50/0x50 [ 68.177817][ T21] ? init_wait_var_entry+0x200/0x200 [ 68.183135][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 68.188857][ T21] ? check_preemption_disabled+0x38/0x220 [ 68.194581][ T21] afs_net_exit+0x1bc/0x310 [ 68.199193][ T21] ? afs_net_init+0xe30/0xe30 [ 68.203872][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 68.209079][ T21] cleanup_net+0x511/0xa50 [ 68.213678][ T21] ? unregister_pernet_device+0x70/0x70 [ 68.219229][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.225222][ T21] process_one_work+0x965/0x1690 [ 68.230866][ T21] ? lock_release+0x800/0x800 [ 68.235641][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 68.241136][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 68.246265][ T21] worker_thread+0x96/0xe10 [ 68.250781][ T21] ? process_one_work+0x1690/0x1690 [ 68.255978][ T21] kthread+0x3b5/0x4a0 [ 68.260152][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.265990][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.271801][ T21] ret_from_fork+0x1f/0x30 [ 68.276231][ T21] [ 68.278823][ T21] Allocated by task 6826: [ 68.283148][ T21] save_stack+0x1b/0x40 [ 68.287389][ T21] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 68.293114][ T21] kmem_cache_alloc_trace+0x153/0x7d0 [ 68.298919][ T21] afs_alloc_call+0x55/0x630 [ 68.303550][ T21] afs_charge_preallocation+0xe9/0x2d0 [ 68.310873][ T21] afs_open_socket+0x292/0x360 [ 68.315983][ T21] afs_net_init+0xa6c/0xe30 [ 68.320670][ T21] ops_init+0xaf/0x420 [ 68.324738][ T21] setup_net+0x2de/0x860 [ 68.333815][ T21] copy_net_ns+0x293/0x590 [ 68.338412][ T21] create_new_namespaces+0x3fb/0xb30 [ 68.343870][ T21] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 68.349905][ T21] ksys_unshare+0x43d/0x8e0 [ 68.355638][ T21] __x64_sys_unshare+0x2d/0x40 [ 68.361101][ T21] do_syscall_64+0x60/0xe0 [ 68.367177][ T21] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.374203][ T21] [ 68.376531][ T21] Freed by task 21: [ 68.383220][ T21] save_stack+0x1b/0x40 [ 68.387670][ T21] __kasan_slab_free+0xf7/0x140 [ 68.393080][ T21] kfree+0x109/0x2b0 [ 68.396986][ T21] afs_put_call+0x585/0xa40 [ 68.401510][ T21] rxrpc_discard_prealloc+0x764/0xab0 [ 68.407001][ T21] rxrpc_listen+0x147/0x360 [ 68.411704][ T21] afs_close_socket+0x95/0x320 [ 68.416501][ T21] afs_net_exit+0x1bc/0x310 [ 68.421003][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 68.426108][ T21] cleanup_net+0x511/0xa50 [ 68.430517][ T21] process_one_work+0x965/0x1690 [ 68.435451][ T21] worker_thread+0x96/0xe10 [ 68.440153][ T21] kthread+0x3b5/0x4a0 [ 68.445272][ T21] ret_from_fork+0x1f/0x30 [ 68.449671][ T21] [ 68.452004][ T21] The buggy address belongs to the object at ffff88809fb84800 [ 68.452004][ T21] which belongs to the cache kmalloc-1k of size 1024 [ 68.466753][ T21] The buggy address is located 484 bytes inside of [ 68.466753][ T21] 1024-byte region [ffff88809fb84800, ffff88809fb84c00) [ 68.480096][ T21] The buggy address belongs to the page: [ 68.485721][ T21] page:ffffea00027ee100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 68.494831][ T21] flags: 0xfffe0000000200(slab) [ 68.499683][ T21] raw: 00fffe0000000200 ffffea0002764288 ffffea000281f8c8 ffff8880aa000c40 [ 68.508314][ T21] raw: 0000000000000000 ffff88809fb84000 0000000100000002 0000000000000000 [ 68.516884][ T21] page dumped because: kasan: bad access detected [ 68.523289][ T21] [ 68.525606][ T21] Memory state around the buggy address: [ 68.531238][ T21] ffff88809fb84880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.539435][ T21] ffff88809fb84900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.547497][ T21] >ffff88809fb84980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.555818][ T21] ^ [ 68.563011][ T21] ffff88809fb84a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.571068][ T21] ffff88809fb84a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.579133][ T21] ================================================================== [ 68.587183][ T21] Disabling lock debugging due to kernel taint [ 68.593398][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 68.599985][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 68.609712][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.619977][ T21] Workqueue: netns cleanup_net [ 68.624735][ T21] Call Trace: [ 68.628027][ T21] dump_stack+0x18f/0x20d [ 68.632359][ T21] ? afs_wake_up_async_call+0x670/0x770 [ 68.637906][ T21] ? afs_put_call+0xa40/0xa40 [ 68.642588][ T21] panic+0x2e3/0x75c [ 68.646478][ T21] ? __warn_printk+0xf3/0xf3 [ 68.651066][ T21] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 68.657218][ T21] ? trace_hardirqs_on+0x55/0x220 [ 68.662237][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.667771][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.673302][ T21] ? afs_put_call+0xa40/0xa40 [ 68.677970][ T21] end_report+0x4d/0x53 [ 68.682126][ T21] kasan_report.cold+0xd/0x37 [ 68.686797][ T21] ? rcu_read_lock_held_common+0x51/0xa0 [ 68.692422][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.697961][ T21] afs_wake_up_async_call+0x6aa/0x770 [ 68.703320][ T21] ? afs_close_socket+0x320/0x320 [ 68.708336][ T21] ? afs_put_call+0xa40/0xa40 [ 68.713003][ T21] rxrpc_notify_socket+0x1db/0x5d0 [ 68.718123][ T21] ? afs_put_call+0xa40/0xa40 [ 68.722793][ T21] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 68.729210][ T21] rxrpc_call_completed+0xca/0xf0 [ 68.734228][ T21] rxrpc_discard_prealloc+0x781/0xab0 [ 68.739764][ T21] ? lock_sock_nested+0x94/0x110 [ 68.744694][ T21] rxrpc_listen+0x147/0x360 [ 68.749190][ T21] afs_close_socket+0x95/0x320 [ 68.753942][ T21] ? afs_purge_servers+0x16d/0x300 [ 68.759043][ T21] ? afs_rx_discard_new_call+0x50/0x50 [ 68.764494][ T21] ? init_wait_var_entry+0x200/0x200 [ 68.769772][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 68.775393][ T21] ? check_preemption_disabled+0x38/0x220 [ 68.781100][ T21] afs_net_exit+0x1bc/0x310 [ 68.785631][ T21] ? afs_net_init+0xe30/0xe30 [ 68.790295][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 68.795397][ T21] cleanup_net+0x511/0xa50 [ 68.799802][ T21] ? unregister_pernet_device+0x70/0x70 [ 68.805426][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.811399][ T21] process_one_work+0x965/0x1690 [ 68.816351][ T21] ? lock_release+0x800/0x800 [ 68.821020][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 68.826382][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 68.831312][ T21] worker_thread+0x96/0xe10 [ 68.835811][ T21] ? process_one_work+0x1690/0x1690 [ 68.840998][ T21] kthread+0x3b5/0x4a0 [ 68.845082][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.850791][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.856501][ T21] ret_from_fork+0x1f/0x30 [ 68.862343][ T21] Kernel Offset: disabled [ 68.866664][ T21] Rebooting in 86400 seconds..