Warning: Permanently added '10.128.0.65' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   62.005387][ T6835] IPVS: ftp: loaded support on port[0] = 21
[   62.137723][ T6835] ==================================================================
[   62.146069][ T6835] BUG: KASAN: use-after-free in sock_def_write_space+0x609/0x630
[   62.153767][ T6835] Read of size 8 at addr ffff88808f7015c0 by task syz-executor821/6835
[   62.161993][ T6835] CPU: 0 PID: 6835 Comm: syz-executor821 Not tainted 5.8.0-rc6-next-20200724-syzkaller #0
[   62.171854][ T6835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   62.181889][ T6835] Call Trace:
[   62.185163][ T6835]  dump_stack+0x18f/0x20d
[   62.189476][ T6835]  ? sock_def_write_space+0x609/0x630
[   62.194843][ T6835]  ? sock_def_write_space+0x609/0x630
[   62.200196][ T6835]  print_address_description.constprop.0.cold+0xae/0x497
[   62.207222][ T6835]  ? lockdep_hardirqs_off+0x6a/0xb0
[   62.212398][ T6835]  ? vprintk_func+0x97/0x1a6
[   62.216969][ T6835]  ? sock_def_write_space+0x609/0x630
[   62.222334][ T6835]  ? sock_def_write_space+0x609/0x630
[   62.227684][ T6835]  kasan_report.cold+0x1f/0x37
[   62.232427][ T6835]  ? sock_def_write_space+0x609/0x630
[   62.237778][ T6835]  sock_def_write_space+0x609/0x630
[   62.242954][ T6835]  ? kfree_skb+0x7d/0x100
[   62.247283][ T6835]  sock_wfree+0x1cc/0x240
[   62.251604][ T6835]  ? __sk_receive_skb+0x830/0x830
[   62.256725][ T6835]  skb_release_head_state+0x9f/0x250
[   62.262010][ T6835]  kfree_skb.part.0+0x89/0x350
[   62.266758][ T6835]  kfree_skb+0x7d/0x100
[   62.270893][ T6835]  skb_queue_purge+0x14/0x30
[   62.275459][ T6835]  qrtr_tun_release+0x40/0x60
[   62.280119][ T6835]  __fput+0x27e/0x8e0
[   62.284078][ T6835]  ? qrtr_tun_poll+0xf0/0xf0
[   62.288660][ T6835]  task_work_run+0xdd/0x190
[   62.293146][ T6835]  __prepare_exit_to_usermode+0x199/0x1c0
[   62.298878][ T6835]  do_syscall_64+0x6c/0xe0
[   62.303274][ T6835]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.309143][ T6835] RIP: 0033:0x401040
[   62.313009][ T6835] Code: Bad RIP value.
[   62.317051][ T6835] RSP: 002b:00007fffd75040a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   62.325439][ T6835] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000401040
[   62.333492][ T6835] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000006
[   62.341538][ T6835] RBP: 00007fffd75040b0 R08: 0000000120080522 R09: 0000000120080522
[   62.349504][ T6835] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004a5ff0
[   62.357467][ T6835] R13: 0000000000402150 R14: 0000000000000000 R15: 0000000000000000
[   62.365444][ T6835] Allocated by task 6835:
[   62.369873][ T6835]  kasan_save_stack+0x1b/0x40
[   62.374525][ T6835]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   62.380132][ T6835]  kmem_cache_alloc+0x138/0x3a0
[   62.384960][ T6835]  sock_alloc_inode+0x18/0x1c0
[   62.389832][ T6835]  alloc_inode+0x61/0x230
[   62.394137][ T6835]  new_inode_pseudo+0x14/0xe0
[   62.398793][ T6835]  sock_alloc+0x3c/0x260
[   62.403012][ T6835]  __sock_create+0xb9/0x740
[   62.407504][ T6835]  __sys_socket+0xef/0x200
[   62.412071][ T6835]  __x64_sys_socket+0x6f/0xb0
[   62.416726][ T6835]  do_syscall_64+0x60/0xe0
[   62.421122][ T6835]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.427005][ T6835] Freed by task 0:
[   62.430775][ T6835]  kasan_save_stack+0x1b/0x40
[   62.435429][ T6835]  kasan_set_track+0x1c/0x30
[   62.440003][ T6835]  kasan_set_free_info+0x1b/0x30
[   62.444918][ T6835]  __kasan_slab_free+0xd8/0x120
[   62.449851][ T6835]  kmem_cache_free.part.0+0x67/0x1f0
[   62.455159][ T6835]  i_callback+0x3f/0x70
[   62.459292][ T6835]  rcu_core+0x5dc/0x11d0
[   62.463512][ T6835]  __do_softirq+0x2df/0xa22
[   62.467997][ T6835] Last call_rcu():
[   62.471708][ T6835]  kasan_save_stack+0x1b/0x40
[   62.476364][ T6835]  kasan_record_aux_stack+0x82/0xb0
[   62.481562][ T6835]  call_rcu+0x14f/0x7e0
[   62.485695][ T6835]  destroy_inode+0x129/0x1b0
[   62.490268][ T6835]  iput.part.0+0x424/0x850
[   62.494728][ T6835]  iput+0x58/0x70
[   62.498346][ T6835]  dentry_unlink_inode+0x2b1/0x3d0
[   62.503434][ T6835]  __dentry_kill+0x3c0/0x640
[   62.508059][ T6835]  dput+0x725/0xbc0
[   62.511842][ T6835]  __fput+0x3a2/0x8e0
[   62.515896][ T6835]  task_work_run+0xdd/0x190
[   62.520395][ T6835]  __prepare_exit_to_usermode+0x199/0x1c0
[   62.526104][ T6835]  do_syscall_64+0x6c/0xe0
[   62.530507][ T6835]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.536384][ T6835] Second to last call_rcu():
[   62.540957][ T6835]  kasan_save_stack+0x1b/0x40
[   62.545748][ T6835]  kasan_record_aux_stack+0x82/0xb0
[   62.550925][ T6835]  call_rcu+0x14f/0x7e0
[   62.555059][ T6835]  destroy_inode+0x129/0x1b0
[   62.559627][ T6835]  iput.part.0+0x424/0x850
[   62.564018][ T6835]  iput+0x58/0x70
[   62.567650][ T6835]  dentry_unlink_inode+0x2b1/0x3d0
[   62.572752][ T6835]  __dentry_kill+0x3c0/0x640
[   62.577377][ T6835]  dput+0x725/0xbc0
[   62.581164][ T6835]  __fput+0x3a2/0x8e0
[   62.585129][ T6835]  task_work_run+0xdd/0x190
[   62.589616][ T6835]  do_exit+0xb7d/0x29f0
[   62.593752][ T6835]  do_group_exit+0x125/0x310
[   62.598342][ T6835]  __x64_sys_exit_group+0x3a/0x50
[   62.603344][ T6835]  do_syscall_64+0x60/0xe0
[   62.607742][ T6835]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.613631][ T6835] The buggy address belongs to the object at ffff88808f701540
[   62.613631][ T6835]  which belongs to the cache sock_inode_cache of size 1216
[   62.628181][ T6835] The buggy address is located 128 bytes inside of
[   62.628181][ T6835]  1216-byte region [ffff88808f701540, ffff88808f701a00)
[   62.641511][ T6835] The buggy address belongs to the page:
[   62.647125][ T6835] page:00000000198aed7b refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88808f701ffd pfn:0x8f701
[   62.658571][ T6835] flags: 0xfffe0000000200(slab)
[   62.663402][ T6835] raw: 00fffe0000000200 ffffea00023d50c8 ffffea00023dcb48 ffff88821b772800
[   62.671965][ T6835] raw: ffff88808f701ffd ffff88808f701000 0000000100000003 0000000000000000
[   62.680630][ T6835] page dumped because: kasan: bad access detected
[   62.687021][ T6835] Memory state around the buggy address:
[   62.692641][ T6835]  ffff88808f701480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   62.700678][ T6835]  ffff88808f701500: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   62.708717][ T6835] >ffff88808f701580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.716758][ T6835]                                            ^
[   62.722893][ T6835]  ffff88808f701600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.730931][ T6835]  ffff88808f701680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.738989][ T6835] ==================================================================
[   62.747022][ T6835] Disabling lock debugging due to kernel taint
[   62.753593][ T6835] Kernel panic - not syncing: panic_on_warn set ...
[   62.760193][ T6835] CPU: 0 PID: 6835 Comm: syz-executor821 Tainted: G    B             5.8.0-rc6-next-20200724-syzkaller #0
[   62.771549][ T6835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   62.781596][ T6835] Call Trace:
[   62.784888][ T6835]  dump_stack+0x18f/0x20d
[   62.789213][ T6835]  ? sock_def_write_space+0x600/0x630
[   62.794563][ T6835]  panic+0x2e3/0x75c
[   62.798454][ T6835]  ? __warn_printk+0xf3/0xf3
[   62.803019][ T6835]  ? preempt_schedule_common+0x59/0xc0
[   62.808468][ T6835]  ? sock_def_write_space+0x609/0x630
[   62.813829][ T6835]  ? preempt_schedule_thunk+0x16/0x18
[   62.819186][ T6835]  ? trace_hardirqs_on+0x55/0x220
[   62.824277][ T6835]  ? sock_def_write_space+0x609/0x630
[   62.829730][ T6835]  ? sock_def_write_space+0x609/0x630
[   62.835078][ T6835]  end_report+0x4d/0x53
[   62.839210][ T6835]  kasan_report.cold+0xd/0x37
[   62.843864][ T6835]  ? sock_def_write_space+0x609/0x630
[   62.849212][ T6835]  sock_def_write_space+0x609/0x630
[   62.854384][ T6835]  ? kfree_skb+0x7d/0x100
[   62.858701][ T6835]  sock_wfree+0x1cc/0x240
[   62.863012][ T6835]  ? __sk_receive_skb+0x830/0x830
[   62.868033][ T6835]  skb_release_head_state+0x9f/0x250
[   62.873292][ T6835]  kfree_skb.part.0+0x89/0x350
[   62.878030][ T6835]  kfree_skb+0x7d/0x100
[   62.882167][ T6835]  skb_queue_purge+0x14/0x30
[   62.886732][ T6835]  qrtr_tun_release+0x40/0x60
[   62.891383][ T6835]  __fput+0x27e/0x8e0
[   62.895457][ T6835]  ? qrtr_tun_poll+0xf0/0xf0
[   62.900023][ T6835]  task_work_run+0xdd/0x190
[   62.904521][ T6835]  __prepare_exit_to_usermode+0x199/0x1c0
[   62.910216][ T6835]  do_syscall_64+0x6c/0xe0
[   62.914624][ T6835]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   62.920492][ T6835] RIP: 0033:0x401040
[   62.924356][ T6835] Code: Bad RIP value.
[   62.928421][ T6835] RSP: 002b:00007fffd75040a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   62.936823][ T6835] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000401040
[   62.944797][ T6835] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000006
[   62.953354][ T6835] RBP: 00007fffd75040b0 R08: 0000000120080522 R09: 0000000120080522
[   62.961317][ T6835] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004a5ff0
[   62.969263][ T6835] R13: 0000000000402150 R14: 0000000000000000 R15: 0000000000000000
[   62.978770][ T6835] Kernel Offset: disabled
[   62.983349][ T6835] Rebooting in 86400 seconds..