[ 60.503242][ T40] ? process_one_work+0x1690/0x1690 [ 60.508461][ T40] kthread+0x3b5/0x4a0 [ 60.512552][ T40] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.518289][ T40] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.524037][ T40] ret_from_fork+0x1f/0x30 [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ 61.212105][ T6756] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6756 [ 61.221681][ T6756] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.227802][ T6756] CPU: 0 PID: 6756 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 61.236394][ T6756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.246456][ T6756] Call Trace: [ 61.249752][ T6756] dump_stack+0x18f/0x20d [ 61.254070][ T6756] check_preemption_disabled+0x20d/0x220 [ 61.259701][ T6756] ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.264818][ T6756] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.270262][ T6756] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.276010][ T6756] ext4_ext_map_blocks+0x201b/0x33e0 [ 61.281309][ T6756] ? ext4_ext_release+0x10/0x10 [ 61.286156][ T6756] ? down_write_killable+0x170/0x170 [ 61.291436][ T6756] ? ext4_es_lookup_extent+0x41d/0xd10 [ 61.297848][ T6756] ext4_map_blocks+0x4cb/0x1640 [ 61.302733][ T6756] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.307959][ T6756] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.313489][ T6756] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.319494][ T6756] ? prandom_u32_state+0xe/0x170 [ 61.324444][ T6756] ? __brelse+0x84/0xa0 [ 61.328595][ T6756] ? __ext4_new_inode+0x144/0x55e0 [ 61.333857][ T6756] ext4_getblk+0xad/0x520 [ 61.340158][ T6756] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.345878][ T6756] ? ext4_free_inode+0x1700/0x1700 [ 61.351002][ T6756] ext4_bread+0x7c/0x380 [ 61.355239][ T6756] ? ext4_getblk+0x520/0x520 [ 61.359826][ T6756] ? dquot_get_next_dqblk+0x180/0x180 [ 61.365248][ T6756] ext4_append+0x153/0x360 [ 61.369678][ T6756] ext4_mkdir+0x5e0/0xdf0 [ 61.374005][ T6756] ? ext4_rmdir+0xde0/0xde0 [ 61.378502][ T6756] ? security_inode_permission+0xc4/0xf0 [ 61.384126][ T6756] vfs_mkdir+0x419/0x690 [ 61.388375][ T6756] do_mkdirat+0x21e/0x280 [ 61.392704][ T6756] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.397562][ T6756] ? do_syscall_64+0x1c/0xe0 [ 61.402240][ T6756] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.408208][ T6756] do_syscall_64+0x60/0xe0 [ 61.412615][ T6756] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.422026][ T6756] RIP: 0033:0x7f129a695687 [ 61.426426][ T6756] Code: Bad RIP value. [ 61.430593][ T6756] RSP: 002b:00007fff75011a18 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 61.439015][ T6756] RAX: ffffffffffffffda RBX: 00005623ec657985 RCX: 00007f129a695687 [ 61.447456][ T6756] RDX: 00007fff750118e0 RSI: 00000000000001ed RDI: 00005623ec657985 [ 61.455413][ T6756] RBP: 00007f129a695680 R08: 0000000000000100 R09: 0000000000000000 [ 61.463372][ T6756] R10: 00005623ec657980 R11: 0000000000000246 R12: 00000000000001ed [ 61.471329][ T6756] R13: 00007fff75011ba0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.11' (ECDSA) to the list of known hosts. 2020/06/16 07:02:16 fuzzer started 2020/06/16 07:02:17 connecting to host at 10.128.0.26:41259 2020/06/16 07:02:17 checking machine... 2020/06/16 07:02:17 checking revisions... 2020/06/16 07:02:17 testing simple program... syzkaller login: [ 66.396292][ T6815] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6815 [ 66.405521][ T6815] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.411400][ T6815] CPU: 0 PID: 6815 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 66.419628][ T6815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.429667][ T6815] Call Trace: [ 66.433021][ T6815] dump_stack+0x18f/0x20d [ 66.437375][ T6815] check_preemption_disabled+0x20d/0x220 [ 66.443018][ T6815] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.448154][ T6815] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.453595][ T6815] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.459298][ T6815] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.464569][ T6815] ? ext4_ext_release+0x10/0x10 [ 66.469440][ T6815] ? down_write_killable+0x170/0x170 [ 66.474711][ T6815] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.480167][ T6815] ext4_map_blocks+0x4cb/0x1640 [ 66.485004][ T6815] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.490196][ T6815] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.495733][ T6815] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.501695][ T6815] ? prandom_u32_state+0xe/0x170 [ 66.506634][ T6815] ? __brelse+0x84/0xa0 [ 66.510792][ T6815] ? __ext4_new_inode+0x144/0x55e0 [ 66.515942][ T6815] ext4_getblk+0xad/0x520 [ 66.520251][ T6815] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.525978][ T6815] ? ext4_free_inode+0x1700/0x1700 [ 66.531367][ T6815] ext4_bread+0x7c/0x380 [ 66.535608][ T6815] ? ext4_getblk+0x520/0x520 [ 66.540197][ T6815] ? dquot_get_next_dqblk+0x180/0x180 [ 66.545566][ T6815] ext4_append+0x153/0x360 [ 66.550054][ T6815] ext4_mkdir+0x5e0/0xdf0 [ 66.554378][ T6815] ? ext4_rmdir+0xde0/0xde0 [ 66.558884][ T6815] ? security_inode_permission+0xc4/0xf0 [ 66.564534][ T6815] vfs_mkdir+0x419/0x690 [ 66.568770][ T6815] do_mkdirat+0x21e/0x280 [ 66.573100][ T6815] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.577945][ T6815] ? do_syscall_64+0x1c/0xe0 [ 66.582531][ T6815] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.588516][ T6815] do_syscall_64+0x60/0xe0 [ 66.592932][ T6815] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.598803][ T6815] RIP: 0033:0x4b02a0 [ 66.602682][ T6815] Code: Bad RIP value. [ 66.606748][ T6815] RSP: 002b:000000c0000c74b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 66.615147][ T6815] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 66.623106][ T6815] RDX: 00000000000001c0 RSI: 000000c000026680 RDI: ffffffffffffff9c [ 66.631079][ T6815] RBP: 000000c0000c7510 R08: 0000000000000000 R09: 0000000000000000 [ 66.639041][ T6815] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 66.647369][ T6815] R13: 0000000000000035 R14: 0000000000000034 R15: 0000000000000100 [ 66.699966][ T6830] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6830 [ 66.709562][ T6830] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.715573][ T6830] CPU: 1 PID: 6830 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.724304][ T6830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.734365][ T6830] Call Trace: [ 66.737741][ T6830] dump_stack+0x18f/0x20d [ 66.742120][ T6830] check_preemption_disabled+0x20d/0x220 [ 66.747788][ T6830] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.752891][ T6830] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.758356][ T6830] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.764100][ T6830] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.769413][ T6830] ? ext4_ext_release+0x10/0x10 [ 66.774299][ T6830] ? down_write_killable+0x170/0x170 [ 66.779710][ T6830] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.785166][ T6830] ext4_map_blocks+0x4cb/0x1640 [ 66.790008][ T6830] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.795361][ T6830] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.801498][ T6830] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.807470][ T6830] ? prandom_u32_state+0xe/0x170 [ 66.812518][ T6830] ? __brelse+0x84/0xa0 [ 66.816676][ T6830] ? __ext4_new_inode+0x144/0x55e0 [ 66.821782][ T6830] ext4_getblk+0xad/0x520 [ 66.826105][ T6830] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.831808][ T6830] ? ext4_free_inode+0x1700/0x1700 [ 66.836990][ T6830] ext4_bread+0x7c/0x380 [ 66.841230][ T6830] ? ext4_getblk+0x520/0x520 [ 66.845813][ T6830] ? dquot_get_next_dqblk+0x180/0x180 [ 66.851168][ T6830] ext4_append+0x153/0x360 [ 66.855567][ T6830] ext4_mkdir+0x5e0/0xdf0 [ 66.859880][ T6830] ? ext4_rmdir+0xde0/0xde0 [ 66.864371][ T6830] ? security_inode_permission+0xc4/0xf0 [ 66.870002][ T6830] vfs_mkdir+0x419/0x690 [ 66.874226][ T6830] do_mkdirat+0x21e/0x280 [ 66.878534][ T6830] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.883374][ T6830] ? do_syscall_64+0x1c/0xe0 [ 66.887972][ T6830] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.893945][ T6830] do_syscall_64+0x60/0xe0 [ 66.898360][ T6830] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.904231][ T6830] RIP: 0033:0x45bed7 [ 66.908097][ T6830] Code: Bad RIP value. [ 66.912138][ T6830] RSP: 002b:00007ffc2f563358 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 66.920523][ T6830] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 66.928475][ T6830] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffc2f563530 [ 66.936427][ T6830] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 00000000000035c0 [ 66.944462][ T6830] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 66.952430][ T6830] R13: 00007ffc2f563530 R14: 8421084210842109 R15: 00007ffc2f56353c [ 67.052220][ T6831] IPVS: ftp: loaded support on port[0] = 21 [ 67.093908][ T6831] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6831 [ 67.103856][ T6831] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.109849][ T6831] CPU: 0 PID: 6831 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 67.118612][ T6831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.128658][ T6831] Call Trace: [ 67.132080][ T6831] dump_stack+0x18f/0x20d [ 67.136431][ T6831] check_preemption_disabled+0x20d/0x220 [ 67.142059][ T6831] ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.147616][ T6831] ? ext4_ext_search_right+0x2ca/0xb20 [ 67.153060][ T6831] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 67.158771][ T6831] ext4_ext_map_blocks+0x201b/0x33e0 [ 67.164054][ T6831] ? ext4_ext_release+0x10/0x10 [ 67.168899][ T6831] ? down_write_killable+0x170/0x170 [ 67.174175][ T6831] ? ext4_es_lookup_extent+0x41d/0xd10 [ 67.179615][ T6831] ext4_map_blocks+0x4cb/0x1640 [ 67.184462][ T6831] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 67.189640][ T6831] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 67.195165][ T6831] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.201121][ T6831] ? prandom_u32_state+0xe/0x170 [ 67.206051][ T6831] ? __brelse+0x84/0xa0 [ 67.210206][ T6831] ? __ext4_new_inode+0x144/0x55e0 [ 67.215301][ T6831] ext4_getblk+0xad/0x520 [ 67.219624][ T6831] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 67.225334][ T6831] ? ext4_free_inode+0x1700/0x1700 [ 67.230439][ T6831] ext4_bread+0x7c/0x380 [ 67.234713][ T6831] ? ext4_getblk+0x520/0x520 [ 67.239283][ T6831] ? dquot_get_next_dqblk+0x180/0x180 [ 67.244637][ T6831] ext4_append+0x153/0x360 [ 67.249038][ T6831] ext4_mkdir+0x5e0/0xdf0 [ 67.253367][ T6831] ? ext4_rmdir+0xde0/0xde0 [ 67.257852][ T6831] ? security_inode_permission+0xc4/0xf0 [ 67.263476][ T6831] vfs_mkdir+0x419/0x690 [ 67.267714][ T6831] do_mkdirat+0x21e/0x280 [ 67.272025][ T6831] ? __ia32_sys_mknod+0xb0/0xb0 [ 67.276947][ T6831] ? do_syscall_64+0x1c/0xe0 [ 67.281527][ T6831] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.287500][ T6831] do_syscall_64+0x60/0xe0 [ 67.292064][ T6831] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.298017][ T6831] RIP: 0033:0x45bed7 [ 67.301899][ T6831] Code: Bad RIP value. [ 67.306106][ T6831] RSP: 002b:00007ffc2f563248 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 67.315216][ T6831] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 67.323277][ T6831] RDX: 00007ffc2f563293 RSI: 00000000000001ff RDI: 00007ffc2f563290 [ 67.331265][ T6831] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 67.339324][ T6831] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 67.347276][ T6831] R13: 00007ffc2f563280 R14: 0000000000000000 R15: 00007ffc2f563290 [ 67.404415][ T6831] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6831 [ 67.413954][ T6831] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.419998][ T6831] CPU: 0 PID: 6831 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 67.428581][ T6831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.438644][ T6831] Call Trace: [ 67.441952][ T6831] dump_stack+0x18f/0x20d [ 67.446302][ T6831] check_preemption_disabled+0x20d/0x220 [ 67.451953][ T6831] ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.457097][ T6831] ? ext4_ext_search_right+0x2ca/0xb20 [ 67.462567][ T6831] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 67.468307][ T6831] ext4_ext_map_blocks+0x201b/0x33e0 [ 67.473614][ T6831] ? ext4_ext_release+0x10/0x10 [ 67.478501][ T6831] ? down_write_killable+0x170/0x170 [ 67.483800][ T6831] ? ext4_es_lookup_extent+0x41d/0xd10 [ 67.489799][ T6831] ext4_map_blocks+0x4cb/0x1640 [ 67.494668][ T6831] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 67.499862][ T6831] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 67.505387][ T6831] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.511604][ T6831] ? prandom_u32_state+0xe/0x170 [ 67.516526][ T6831] ? __brelse+0x84/0xa0 [ 67.520661][ T6831] ? __ext4_new_inode+0x144/0x55e0 [ 67.525750][ T6831] ext4_getblk+0xad/0x520 [ 67.530060][ T6831] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 67.535772][ T6831] ? ext4_free_inode+0x1700/0x1700 [ 67.540866][ T6831] ext4_bread+0x7c/0x380 [ 67.545099][ T6831] ? ext4_getblk+0x520/0x520 [ 67.549685][ T6831] ? dquot_get_next_dqblk+0x180/0x180 [ 67.555068][ T6831] ext4_append+0x153/0x360 [ 67.559492][ T6831] ext4_mkdir+0x5e0/0xdf0 [ 67.563828][ T6831] ? ext4_rmdir+0xde0/0xde0 [ 67.568325][ T6831] ? security_inode_permission+0xc4/0xf0 [ 67.573955][ T6831] vfs_mkdir+0x419/0x690 [ 67.578303][ T6831] do_mkdirat+0x21e/0x280 [ 67.582617][ T6831] ? __ia32_sys_mknod+0xb0/0xb0 [ 67.587460][ T6831] ? do_syscall_64+0x1c/0xe0 [ 67.592036][ T6831] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.598013][ T6831] do_syscall_64+0x60/0xe0 2020/06/16 07:02:18 building call list... [ 67.602422][ T6831] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.608755][ T6831] RIP: 0033:0x45bed7 [ 67.612635][ T6831] Code: Bad RIP value. [ 67.616676][ T6831] RSP: 002b:00007ffc2f563248 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 67.625079][ T6831] RAX: ffffffffffffffda RBX: 0000000000010748 RCX: 000000000045bed7 [ 67.633028][ T6831] RDX: 00007ffc2f563293 RSI: 00000000000001ff RDI: 00007ffc2f563290 [ 67.641076][ T6831] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 67.649034][ T6831] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 67.656984][ T6831] R13: 00007ffc2f563280 R14: 0000000000010731 R15: 00007ffc2f563290 [ 67.884145][ T40] tipc: TX() has been purged, node left! [ 68.396876][ T40] ================================================================== [ 68.405150][ T40] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 68.413045][ T40] Write of size 1 at addr ffff88809e8bb9e4 by task kworker/u4:3/40 [ 68.420922][ T40] [ 68.423257][ T40] CPU: 0 PID: 40 Comm: kworker/u4:3 Not tainted 5.8.0-rc1-syzkaller #0 [ 68.431580][ T40] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.441641][ T40] Workqueue: netns cleanup_net [ 68.446397][ T40] Call Trace: [ 68.449694][ T40] dump_stack+0x18f/0x20d [ 68.454028][ T40] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.459581][ T40] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.465128][ T40] ? afs_put_call+0xa40/0xa40 [ 68.469807][ T40] print_address_description.constprop.0.cold+0xd3/0x413 [ 68.476838][ T40] ? vprintk_func+0x97/0x1a6 [ 68.481432][ T40] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.486983][ T40] kasan_report.cold+0x1f/0x37 [ 68.491756][ T40] ? rcu_read_lock_held_common+0x51/0xa0 [ 68.497387][ T40] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.502936][ T40] afs_wake_up_async_call+0x6aa/0x770 [ 68.508305][ T40] ? afs_close_socket+0x320/0x320 [ 68.514733][ T40] ? afs_put_call+0xa40/0xa40 [ 68.519408][ T40] rxrpc_notify_socket+0x1db/0x5d0 [ 68.524533][ T40] ? afs_put_call+0xa40/0xa40 [ 68.529211][ T40] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 68.535625][ T40] rxrpc_call_completed+0xca/0xf0 [ 68.540654][ T40] rxrpc_discard_prealloc+0x781/0xab0 [ 68.546029][ T40] ? lock_sock_nested+0x94/0x110 [ 68.550971][ T40] rxrpc_listen+0x147/0x360 [ 68.555480][ T40] afs_close_socket+0x95/0x320 [ 68.560243][ T40] ? afs_purge_servers+0x16d/0x300 [ 68.565353][ T40] ? afs_rx_discard_new_call+0x50/0x50 [ 68.570817][ T40] ? init_wait_var_entry+0x200/0x200 [ 68.576109][ T40] ? rcu_read_lock_held_common+0xa0/0xa0 [ 68.581743][ T40] ? check_preemption_disabled+0x38/0x220 [ 68.587464][ T40] afs_net_exit+0x1bc/0x310 [ 68.591965][ T40] ? afs_net_init+0xe30/0xe30 [ 68.596641][ T40] ops_exit_list.isra.0+0xa8/0x150 [ 68.601767][ T40] cleanup_net+0x511/0xa50 [ 68.606192][ T40] ? unregister_pernet_device+0x70/0x70 [ 68.611740][ T40] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.617742][ T40] process_one_work+0x965/0x1690 [ 68.622694][ T40] ? lock_release+0x800/0x800 [ 68.627380][ T40] ? pwq_dec_nr_in_flight+0x310/0x310 [ 68.632846][ T40] ? rwlock_bug.part.0+0x90/0x90 [ 68.637797][ T40] worker_thread+0x96/0xe10 [ 68.642316][ T40] ? process_one_work+0x1690/0x1690 [ 68.647519][ T40] kthread+0x3b5/0x4a0 [ 68.651586][ T40] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.657335][ T40] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.663076][ T40] ret_from_fork+0x1f/0x30 [ 68.667502][ T40] [ 68.669829][ T40] Allocated by task 6831: [ 68.674164][ T40] save_stack+0x1b/0x40 [ 68.678316][ T40] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 68.683943][ T40] kmem_cache_alloc_trace+0x153/0x7d0 [ 68.689311][ T40] afs_alloc_call+0x55/0x630 [ 68.693901][ T40] afs_charge_preallocation+0xe9/0x2d0 [ 68.699378][ T40] afs_open_socket+0x292/0x360 [ 68.705353][ T40] afs_net_init+0xa6c/0xe30 [ 68.709854][ T40] ops_init+0xaf/0x420 [ 68.713931][ T40] setup_net+0x2de/0x860 [ 68.718172][ T40] copy_net_ns+0x293/0x590 [ 68.722846][ T40] create_new_namespaces+0x3fb/0xb30 [ 68.728768][ T40] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 68.734412][ T40] ksys_unshare+0x43d/0x8e0 [ 68.738910][ T40] __x64_sys_unshare+0x2d/0x40 [ 68.743692][ T40] do_syscall_64+0x60/0xe0 [ 68.748109][ T40] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.754276][ T40] [ 68.756599][ T40] Freed by task 40: [ 68.760506][ T40] save_stack+0x1b/0x40 [ 68.764660][ T40] __kasan_slab_free+0xf7/0x140 [ 68.769508][ T40] kfree+0x109/0x2b0 [ 68.773402][ T40] afs_put_call+0x585/0xa40 [ 68.777913][ T40] rxrpc_discard_prealloc+0x764/0xab0 [ 68.783302][ T40] rxrpc_listen+0x147/0x360 [ 68.787842][ T40] afs_close_socket+0x95/0x320 [ 68.792633][ T40] afs_net_exit+0x1bc/0x310 [ 68.797174][ T40] ops_exit_list.isra.0+0xa8/0x150 [ 68.802384][ T40] cleanup_net+0x511/0xa50 [ 68.806821][ T40] process_one_work+0x965/0x1690 [ 68.811761][ T40] worker_thread+0x96/0xe10 [ 68.816265][ T40] kthread+0x3b5/0x4a0 [ 68.820420][ T40] ret_from_fork+0x1f/0x30 [ 68.825690][ T40] [ 68.828014][ T40] The buggy address belongs to the object at ffff88809e8bb800 [ 68.828014][ T40] which belongs to the cache kmalloc-1k of size 1024 [ 68.842062][ T40] The buggy address is located 484 bytes inside of [ 68.842062][ T40] 1024-byte region [ffff88809e8bb800, ffff88809e8bbc00) [ 68.855416][ T40] The buggy address belongs to the page: [ 68.861068][ T40] page:ffffea00027a2ec0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 68.870189][ T40] flags: 0xfffe0000000200(slab) [ 68.875106][ T40] raw: 00fffe0000000200 ffffea000258f8c8 ffffea00025f0f48 ffff8880aa000c40 [ 68.884117][ T40] raw: 0000000000000000 ffff88809e8bb000 0000000100000002 0000000000000000 [ 68.892693][ T40] page dumped because: kasan: bad access detected [ 68.899092][ T40] [ 68.901417][ T40] Memory state around the buggy address: [ 68.907139][ T40] ffff88809e8bb880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.915196][ T40] ffff88809e8bb900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.923271][ T40] >ffff88809e8bb980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.931594][ T40] ^ [ 68.938787][ T40] ffff88809e8bba00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.946959][ T40] ffff88809e8bba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.955013][ T40] ================================================================== [ 68.963065][ T40] Disabling lock debugging due to kernel taint [ 68.969288][ T40] Kernel panic - not syncing: panic_on_warn set ... [ 68.975914][ T40] CPU: 0 PID: 40 Comm: kworker/u4:3 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 68.985541][ T40] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.995611][ T40] Workqueue: netns cleanup_net [ 69.000376][ T40] Call Trace: [ 69.003772][ T40] dump_stack+0x18f/0x20d [ 69.008131][ T40] ? afs_wake_up_async_call+0x670/0x770 [ 69.013693][ T40] ? afs_put_call+0xa40/0xa40 [ 69.018387][ T40] panic+0x2e3/0x75c [ 69.022300][ T40] ? __warn_printk+0xf3/0xf3 [ 69.027183][ T40] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 69.033947][ T40] ? trace_hardirqs_on+0x55/0x220 [ 69.039220][ T40] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.044980][ T40] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.050677][ T40] ? afs_put_call+0xa40/0xa40 [ 69.055610][ T40] end_report+0x4d/0x53 [ 69.059767][ T40] kasan_report.cold+0xd/0x37 [ 69.064441][ T40] ? rcu_read_lock_held_common+0x51/0xa0 [ 69.070191][ T40] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.075745][ T40] afs_wake_up_async_call+0x6aa/0x770 [ 69.081128][ T40] ? afs_close_socket+0x320/0x320 [ 69.086166][ T40] ? afs_put_call+0xa40/0xa40 [ 69.090853][ T40] rxrpc_notify_socket+0x1db/0x5d0 [ 69.095993][ T40] ? afs_put_call+0xa40/0xa40 [ 69.100793][ T40] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 69.107228][ T40] rxrpc_call_completed+0xca/0xf0 [ 69.112259][ T40] rxrpc_discard_prealloc+0x781/0xab0 [ 69.117798][ T40] ? lock_sock_nested+0x94/0x110 [ 69.122760][ T40] rxrpc_listen+0x147/0x360 [ 69.127275][ T40] afs_close_socket+0x95/0x320 [ 69.132050][ T40] ? afs_purge_servers+0x16d/0x300 [ 69.137161][ T40] ? afs_rx_discard_new_call+0x50/0x50 [ 69.142614][ T40] ? init_wait_var_entry+0x200/0x200 [ 69.148366][ T40] ? rcu_read_lock_held_common+0xa0/0xa0 [ 69.154024][ T40] ? check_preemption_disabled+0x38/0x220 [ 69.159771][ T40] afs_net_exit+0x1bc/0x310 [ 69.164277][ T40] ? afs_net_init+0xe30/0xe30 [ 69.168942][ T40] ops_exit_list.isra.0+0xa8/0x150 [ 69.174288][ T40] cleanup_net+0x511/0xa50 [ 69.178706][ T40] ? unregister_pernet_device+0x70/0x70 [ 69.184432][ T40] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 69.190414][ T40] process_one_work+0x965/0x1690 [ 69.195371][ T40] ? lock_release+0x800/0x800 [ 69.200170][ T40] ? pwq_dec_nr_in_flight+0x310/0x310 [ 69.205530][ T40] ? rwlock_bug.part.0+0x90/0x90 [ 69.210806][ T40] worker_thread+0x96/0xe10 [ 69.215303][ T40] ? process_one_work+0x1690/0x1690 [ 69.220503][ T40] kthread+0x3b5/0x4a0 [ 69.224566][ T40] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.230285][ T40] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.236015][ T40] ret_from_fork+0x1f/0x30 [ 69.242052][ T40] Kernel Offset: disabled [ 69.246386][ T40] Rebooting in 86400 seconds..