[ 423.130012][ T21] ? lock_release+0x710/0x710 [ 423.135124][ T21] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 423.141717][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 423.149043][ T21] ? _raw_spin_lock_irq+0x41/0x50 [ 423.156683][ T21] worker_thread+0x598/0xf80 [ 423.161917][ T21] ? process_one_work+0x1230/0x1230 [ 423.168013][ T21] kthread+0x373/0x450 [ 423.173084][ T21] ? _raw_spin_unlock_irq+0x1f/0x40 [ 423.182108][ T21] ? __kthread_bind_mask+0x90/0x90 [ 423.190943][ T21] ret_from_fork+0x1f/0x30 [ 423.196979][ T21] [ 423.199938][ T21] Allocated by task 16036: [ 423.204919][ T21] kasan_save_stack+0x1b/0x40 [ 423.211883][ T21] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 423.219814][ T21] alloc_netdev_mqs+0x59/0xd90 [ 423.226620][ T21] rtnl_create_link+0x1dc/0xb80 [ 423.233400][ T21] __rtnl_newlink+0xc25/0x1360 [ 423.239836][ T21] rtnl_newlink+0x5a/0x90 [ 423.244956][ T21] rtnetlink_rcv_msg+0x33e/0x870 [ 423.251679][ T21] netlink_rcv_skb+0x11f/0x380 [ 423.257814][ T21] netlink_unicast+0x42e/0x700 [ 423.263776][ T21] netlink_sendmsg+0x75f/0xc10 [ 423.269324][ T21] sock_sendmsg+0xab/0xf0 [ 423.274143][ T21] ____sys_sendmsg+0x5cb/0x7b0 [ 423.279692][ T21] ___sys_sendmsg+0xd3/0x150 [ 423.286001][ T21] __sys_sendmsg+0xb2/0x140 [ 423.291766][ T21] do_syscall_64+0x2d/0x70 [ 423.297692][ T21] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 423.304986][ T21] [ 423.308096][ T21] Freed by task 16036: [ 423.313136][ T21] kasan_save_stack+0x1b/0x40 [ 423.319175][ T21] kasan_set_track+0x1c/0x30 [ 423.325133][ T21] kasan_set_free_info+0x1b/0x30 [ 423.331735][ T21] __kasan_slab_free+0x102/0x140 [ 423.339060][ T21] slab_free_freelist_hook+0x5d/0x150 [ 423.346836][ T21] kfree+0xdb/0x400 [ 423.352835][ T21] device_release+0x65/0x1c0 [ 423.359335][ T21] kobject_put+0x139/0x410 [ 423.364802][ T21] __rtnl_newlink+0xff2/0x1360 [ 423.370991][ T21] rtnl_newlink+0x5a/0x90 [ 423.376634][ T21] rtnetlink_rcv_msg+0x33e/0x870 [ 423.382377][ T21] netlink_rcv_skb+0x11f/0x380 [ 423.388229][ T21] netlink_unicast+0x42e/0x700 [ 423.394617][ T21] netlink_sendmsg+0x75f/0xc10 [ 423.401277][ T21] sock_sendmsg+0xab/0xf0 [ 423.406784][ T21] ____sys_sendmsg+0x5cb/0x7b0 [ 423.414038][ T21] ___sys_sendmsg+0xd3/0x150 [ 423.420925][ T21] __sys_sendmsg+0xb2/0x140 [ 423.428627][ T21] do_syscall_64+0x2d/0x70 [ 423.435255][ T21] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 423.441627][ T21] [ 423.444287][ T21] The buggy address belongs to the object at ffff88809b9c0000 [ 423.444287][ T21] which belongs to the cache kmalloc-4k of size 4096 [ 423.461432][ T21] The buggy address is located 1384 bytes inside of [ 423.461432][ T21] 4096-byte region [ffff88809b9c0000, ffff88809b9c1000) [ 423.478016][ T21] The buggy address belongs to the page: [ 423.485039][ T21] page:00000000d865dbd8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9b9c0 [ 423.498350][ T21] head:00000000d865dbd8 order:3 compound_mapcount:0 compound_pincount:0 [ 423.512717][ T21] flags: 0xfff00000010200(slab|head) [ 423.519362][ T21] raw: 00fff00000010200 0000000000000000 0000000100000001 ffff8880b5842140 [ 423.530566][ T21] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 423.540822][ T21] page dumped because: kasan: bad access detected [ 423.548921][ T21] [ 423.551328][ T21] Memory state around the buggy address: [ 423.557735][ T21] ffff88809b9c0400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 423.568000][ T21] ffff88809b9c0480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 423.577358][ T21] >ffff88809b9c0500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 423.586710][ T21] ^ [ 423.596277][ T21] ffff88809b9c0580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 423.605196][ T21] ffff88809b9c0600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 423.614462][ T21] ================================================================== [ 423.625667][ T21] Disabling lock debugging due to kernel taint [ 423.661261][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 423.669677][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Tainted: G B 5.9.0-syzkaller #0 [ 423.679833][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 423.691823][ T21] Workqueue: gid-cache-wq netdevice_event_work_handler [ 423.700286][ T21] Call Trace: [ 423.704988][ T21] dump_stack+0x9a/0xcc [ 423.709619][ T21] panic+0x2bb/0x554 [ 423.714107][ T21] ? __warn_printk+0xee/0xee [ 423.719507][ T21] ? preempt_schedule_common+0x59/0xc0 [ 423.726772][ T21] ? netdevice_event_work_handler+0x139/0x1b0 [ 423.733791][ T21] ? preempt_schedule_thunk+0x16/0x18 [ 423.739882][ T21] ? netdevice_event_work_handler+0x139/0x1b0 [ 423.746750][ T21] ? netdevice_event_work_handler+0x139/0x1b0 [ 423.754010][ T21] end_report+0x58/0x5e [ 423.758648][ T21] kasan_report.cold+0xd/0x37 [ 423.764112][ T21] ? netdevice_event_work_handler+0x139/0x1b0 [ 423.771505][ T21] netdevice_event_work_handler+0x139/0x1b0 [ 423.778545][ T21] process_one_work+0x75b/0x1230 [ 423.785937][ T21] ? lock_release+0x710/0x710 [ 423.791063][ T21] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 423.797000][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 423.803311][ T21] ? _raw_spin_lock_irq+0x41/0x50 [ 423.809653][ T21] worker_thread+0x598/0xf80 [ 423.815471][ T21] ? process_one_work+0x1230/0x1230 [ 423.822030][ T21] kthread+0x373/0x450 [ 423.826768][ T21] ? _raw_spin_unlock_irq+0x1f/0x40 [ 423.832539][ T21] ? __kthread_bind_mask+0x90/0x90 [ 423.840099][ T21] ret_from_fork+0x1f/0x30 [ 423.848128][ T21] Kernel Offset: disabled [ 423.854074][ T21] Rebooting in 86400 seconds..