[ 61.032798][ T6770] ? prandom_u32_state+0xe/0x170 [ 61.037811][ T6770] ? __brelse+0x84/0xa0 [ 61.041967][ T6770] ? __ext4_new_inode+0x144/0x55e0 [ 61.047067][ T6770] ext4_getblk+0xad/0x520 [ 61.051404][ T6770] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.057138][ T6770] ? ext4_free_inode+0x1700/0x1700 [ 61.062248][ T6770] ext4_bread+0x7c/0x380 [ 61.066491][ T6770] ? ext4_getblk+0x520/0x520 [ 61.071606][ T6770] ? dquot_get_next_dqblk+0x180/0x180 [ 61.076968][ T6770] ext4_append+0x153/0x360 [ 61.081367][ T6770] ext4_mkdir+0x5e0/0xdf0 [ 61.085770][ T6770] ? ext4_rmdir+0xde0/0xde0 [ 61.090291][ T6770] ? security_inode_permission+0xc4/0xf0 [ 61.095908][ T6770] vfs_mkdir+0x419/0x690 [ 61.100146][ T6770] do_mkdirat+0x21e/0x280 [ 61.104455][ T6770] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.109297][ T6770] ? do_syscall_64+0x1c/0xe0 [ 61.113869][ T6770] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.119828][ T6770] do_syscall_64+0x60/0xe0 [ 61.124240][ T6770] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.130109][ T6770] RIP: 0033:0x7fcfa1b70687 [ 61.134523][ T6770] Code: Bad RIP value. [ 61.138568][ T6770] RSP: 002b:00007ffdad12d3d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 61.147031][ T6770] RAX: ffffffffffffffda RBX: 00005584b0da2985 RCX: 00007fcfa1b70687 [ 61.154992][ T6770] RDX: 00007ffdad12d2a0 RSI: 00000000000001ed RDI: 00005584b0da2985 [ 61.162950][ T6770] RBP: 00007fcfa1b70680 R08: 0000000000000100 R09: 0000000000000000 [ 61.170907][ T6770] R10: 00005584b0da2980 R11: 0000000000000246 R12: 00000000000001ed [ 61.178861][ T6770] R13: 00007ffdad12d560 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.51' (ECDSA) to the list of known hosts. 2020/06/17 19:45:05 fuzzer started 2020/06/17 19:45:05 connecting to host at 10.128.0.26:44015 2020/06/17 19:45:05 checking machine... 2020/06/17 19:45:05 checking revisions... 2020/06/17 19:45:05 testing simple program... syzkaller login: [ 66.926734][ T6835] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6835 [ 66.936206][ T6835] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.942215][ T6835] CPU: 1 PID: 6835 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 66.950533][ T6835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.960746][ T6835] Call Trace: [ 66.964033][ T6835] dump_stack+0x18f/0x20d [ 66.968441][ T6835] check_preemption_disabled+0x20d/0x220 [ 66.974062][ T6835] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.979186][ T6835] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.984629][ T6835] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.990339][ T6835] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.995616][ T6835] ? ext4_ext_release+0x10/0x10 [ 67.000466][ T6835] ? down_write_killable+0x170/0x170 [ 67.005737][ T6835] ? ext4_es_lookup_extent+0x41d/0xd10 [ 67.011185][ T6835] ext4_map_blocks+0x4cb/0x1640 [ 67.016027][ T6835] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 67.021210][ T6835] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 67.026757][ T6835] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.032720][ T6835] ? prandom_u32_state+0xe/0x170 [ 67.037745][ T6835] ? __brelse+0x84/0xa0 [ 67.041886][ T6835] ? __ext4_new_inode+0x144/0x55e0 [ 67.046991][ T6835] ext4_getblk+0xad/0x520 [ 67.051310][ T6835] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 67.057028][ T6835] ? ext4_free_inode+0x1700/0x1700 [ 67.062154][ T6835] ext4_bread+0x7c/0x380 [ 67.066383][ T6835] ? ext4_getblk+0x520/0x520 [ 67.070968][ T6835] ? dquot_get_next_dqblk+0x180/0x180 [ 67.076336][ T6835] ext4_append+0x153/0x360 [ 67.080742][ T6835] ext4_mkdir+0x5e0/0xdf0 [ 67.085064][ T6835] ? ext4_rmdir+0xde0/0xde0 [ 67.089563][ T6835] ? security_inode_permission+0xc4/0xf0 [ 67.095194][ T6835] vfs_mkdir+0x419/0x690 [ 67.099442][ T6835] do_mkdirat+0x21e/0x280 [ 67.103779][ T6835] ? __ia32_sys_mknod+0xb0/0xb0 [ 67.108619][ T6835] ? do_syscall_64+0x1c/0xe0 [ 67.113195][ T6835] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.119276][ T6835] do_syscall_64+0x60/0xe0 [ 67.123687][ T6835] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.129561][ T6835] RIP: 0033:0x4b02a0 [ 67.133450][ T6835] Code: Bad RIP value. [ 67.137498][ T6835] RSP: 002b:000000c0000c94b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 67.146150][ T6835] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 67.154119][ T6835] RDX: 00000000000001c0 RSI: 000000c000026840 RDI: ffffffffffffff9c [ 67.162073][ T6835] RBP: 000000c0000c9510 R08: 0000000000000000 R09: 0000000000000000 [ 67.170036][ T6835] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 67.177988][ T6835] R13: 0000000000000043 R14: 0000000000000042 R15: 0000000000000100 [ 67.201671][ T6853] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6853 [ 67.211147][ T6853] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.217153][ T6853] CPU: 0 PID: 6853 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 67.225753][ T6853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.235814][ T6853] Call Trace: [ 67.239098][ T6853] dump_stack+0x18f/0x20d [ 67.243434][ T6853] check_preemption_disabled+0x20d/0x220 [ 67.249072][ T6853] ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.254237][ T6853] ? ext4_ext_search_right+0x2ca/0xb20 [ 67.259812][ T6853] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 67.265609][ T6853] ext4_ext_map_blocks+0x201b/0x33e0 [ 67.270908][ T6853] ? ext4_ext_release+0x10/0x10 [ 67.275778][ T6853] ? down_write_killable+0x170/0x170 [ 67.281134][ T6853] ? ext4_es_lookup_extent+0x41d/0xd10 [ 67.286581][ T6853] ext4_map_blocks+0x4cb/0x1640 [ 67.291447][ T6853] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 67.297701][ T6853] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 67.303328][ T6853] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.309547][ T6853] ? prandom_u32_state+0xe/0x170 [ 67.314468][ T6853] ? __brelse+0x84/0xa0 [ 67.318618][ T6853] ? __ext4_new_inode+0x144/0x55e0 [ 67.323712][ T6853] ext4_getblk+0xad/0x520 [ 67.328037][ T6853] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 67.333757][ T6853] ? ext4_free_inode+0x1700/0x1700 [ 67.338875][ T6853] ext4_bread+0x7c/0x380 [ 67.343097][ T6853] ? ext4_getblk+0x520/0x520 [ 67.347682][ T6853] ? dquot_get_next_dqblk+0x180/0x180 [ 67.353043][ T6853] ext4_append+0x153/0x360 [ 67.357460][ T6853] ext4_mkdir+0x5e0/0xdf0 [ 67.361777][ T6853] ? ext4_rmdir+0xde0/0xde0 [ 67.366485][ T6853] ? security_inode_permission+0xc4/0xf0 [ 67.372132][ T6853] vfs_mkdir+0x419/0x690 [ 67.379414][ T6853] do_mkdirat+0x21e/0x280 [ 67.383879][ T6853] ? __ia32_sys_mknod+0xb0/0xb0 [ 67.388743][ T6853] ? do_syscall_64+0x1c/0xe0 [ 67.393424][ T6853] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.399392][ T6853] do_syscall_64+0x60/0xe0 [ 67.403795][ T6853] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.409676][ T6853] RIP: 0033:0x45bed7 [ 67.413608][ T6853] Code: Bad RIP value. [ 67.417658][ T6853] RSP: 002b:00007ffca3bda058 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 67.426147][ T6853] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 67.434217][ T6853] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffca3bda230 [ 67.442343][ T6853] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003dc0 [ 67.450319][ T6853] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 67.458304][ T6853] R13: 00007ffca3bda230 R14: 8421084210842109 R15: 00007ffca3bda23c [ 67.544657][ T6854] IPVS: ftp: loaded support on port[0] = 21 [ 67.582902][ T6854] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6854 [ 67.592725][ T6854] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.598623][ T6854] CPU: 1 PID: 6854 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 67.607200][ T6854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.617234][ T6854] Call Trace: [ 67.620524][ T6854] dump_stack+0x18f/0x20d [ 67.624851][ T6854] check_preemption_disabled+0x20d/0x220 [ 67.632461][ T6854] ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.637582][ T6854] ? ext4_ext_search_right+0x2ca/0xb20 [ 67.643090][ T6854] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 67.648803][ T6854] ext4_ext_map_blocks+0x201b/0x33e0 [ 67.654081][ T6854] ? ext4_ext_release+0x10/0x10 [ 67.658938][ T6854] ? down_write_killable+0x170/0x170 [ 67.664202][ T6854] ? ext4_es_lookup_extent+0x41d/0xd10 [ 67.669905][ T6854] ext4_map_blocks+0x4cb/0x1640 [ 67.674774][ T6854] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 67.680048][ T6854] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 67.685595][ T6854] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.691744][ T6854] ? prandom_u32_state+0xe/0x170 [ 67.696696][ T6854] ? __brelse+0x84/0xa0 [ 67.700838][ T6854] ? __ext4_new_inode+0x144/0x55e0 [ 67.705945][ T6854] ext4_getblk+0xad/0x520 [ 67.710255][ T6854] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 67.715957][ T6854] ? ext4_free_inode+0x1700/0x1700 [ 67.721048][ T6854] ext4_bread+0x7c/0x380 [ 67.725303][ T6854] ? ext4_getblk+0x520/0x520 [ 67.729897][ T6854] ? dquot_get_next_dqblk+0x180/0x180 [ 67.735261][ T6854] ext4_append+0x153/0x360 [ 67.739682][ T6854] ext4_mkdir+0x5e0/0xdf0 [ 67.744153][ T6854] ? ext4_rmdir+0xde0/0xde0 [ 67.748645][ T6854] ? security_inode_permission+0xc4/0xf0 [ 67.754270][ T6854] vfs_mkdir+0x419/0x690 [ 67.758673][ T6854] do_mkdirat+0x21e/0x280 [ 67.762996][ T6854] ? __ia32_sys_mknod+0xb0/0xb0 [ 67.767853][ T6854] ? do_syscall_64+0x1c/0xe0 [ 67.772450][ T6854] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.778417][ T6854] do_syscall_64+0x60/0xe0 [ 67.782818][ T6854] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.788689][ T6854] RIP: 0033:0x45bed7 [ 67.792571][ T6854] Code: Bad RIP value. [ 67.796613][ T6854] RSP: 002b:00007ffca3bd9f48 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 67.805012][ T6854] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 67.812986][ T6854] RDX: 00007ffca3bd9f93 RSI: 00000000000001ff RDI: 00007ffca3bd9f90 [ 67.821230][ T6854] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 67.829218][ T6854] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 67.837196][ T6854] R13: 00007ffca3bd9f80 R14: 0000000000000000 R15: 00007ffca3bd9f90 [ 67.921496][ T6854] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6854 [ 67.930915][ T6854] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.937077][ T6854] CPU: 1 PID: 6854 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 67.945680][ T6854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.955744][ T6854] Call Trace: [ 67.959044][ T6854] dump_stack+0x18f/0x20d [ 67.963400][ T6854] check_preemption_disabled+0x20d/0x220 [ 67.969031][ T6854] ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.974139][ T6854] ? ext4_ext_search_right+0x2ca/0xb20 [ 67.979578][ T6854] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 67.985298][ T6854] ext4_ext_map_blocks+0x201b/0x33e0 [ 67.990586][ T6854] ? ext4_ext_release+0x10/0x10 [ 67.995436][ T6854] ? down_write_killable+0x170/0x170 [ 68.000704][ T6854] ? ext4_es_lookup_extent+0x41d/0xd10 [ 68.006180][ T6854] ext4_map_blocks+0x4cb/0x1640 [ 68.011147][ T6854] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 68.016375][ T6854] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 68.022078][ T6854] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.028048][ T6854] ? prandom_u32_state+0xe/0x170 [ 68.032975][ T6854] ? __brelse+0x84/0xa0 [ 68.037130][ T6854] ? __ext4_new_inode+0x144/0x55e0 [ 68.042223][ T6854] ext4_getblk+0xad/0x520 [ 68.046552][ T6854] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 68.052261][ T6854] ? ext4_free_inode+0x1700/0x1700 [ 68.057380][ T6854] ext4_bread+0x7c/0x380 [ 68.061607][ T6854] ? ext4_getblk+0x520/0x520 [ 68.066342][ T6854] ? dquot_get_next_dqblk+0x180/0x180 [ 68.072094][ T6854] ext4_append+0x153/0x360 [ 68.076570][ T6854] ext4_mkdir+0x5e0/0xdf0 [ 68.080919][ T6854] ? ext4_rmdir+0xde0/0xde0 [ 68.085440][ T6854] ? security_inode_permission+0xc4/0xf0 [ 68.091152][ T6854] vfs_mkdir+0x419/0x690 [ 68.095479][ T6854] do_mkdirat+0x21e/0x280 [ 68.099798][ T6854] ? __ia32_sys_mknod+0xb0/0xb0 [ 68.104640][ T6854] ? do_syscall_64+0x1c/0xe0 [ 68.109208][ T6854] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 68.115193][ T6854] do_syscall_64+0x60/0xe0 [ 68.119598][ T6854] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.125479][ T6854] RIP: 0033:0x45bed7 [ 68.129357][ T6854] Code: Bad RIP value. [ 68.133405][ T6854] RSP: 002b:00007ffca3bd9f48 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 68.141797][ T6854] RAX: ffffffffffffffda RBX: 000000000001093b RCX: 000000000045bed7 [ 68.149864][ T6854] RDX: 00007ffca3bd9f93 RSI: 00000000000001ff RDI: 00007ffca3bd9f90 [ 68.157819][ T6854] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 68.165862][ T6854] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 68.173902][ T6854] R13: 00007ffca3bd9f80 R14: 0000000000010922 R15: 00007ffca3bd9f90 2020/06/17 19:45:07 building call list... [ 68.411796][ T273] tipc: TX() has been purged, node left! [ 68.913724][ T273] ================================================================== [ 68.922345][ T273] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 68.930244][ T273] Write of size 1 at addr ffff8880a45af9e4 by task kworker/u4:6/273 [ 68.938321][ T273] [ 68.940894][ T273] CPU: 1 PID: 273 Comm: kworker/u4:6 Not tainted 5.8.0-rc1-syzkaller #0 [ 68.949219][ T273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.959292][ T273] Workqueue: netns cleanup_net [ 68.964053][ T273] Call Trace: [ 68.967348][ T273] dump_stack+0x18f/0x20d [ 68.971684][ T273] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.977226][ T273] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.982766][ T273] ? afs_put_call+0xa40/0xa40 [ 68.987729][ T273] print_address_description.constprop.0.cold+0xd3/0x413 [ 68.994782][ T273] ? vprintk_func+0x97/0x1a6 [ 68.999396][ T273] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.004944][ T273] kasan_report.cold+0x1f/0x37 [ 69.009717][ T273] ? rcu_read_lock_held_common+0x51/0xa0 [ 69.015347][ T273] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.020907][ T273] afs_wake_up_async_call+0x6aa/0x770 [ 69.026286][ T273] ? afs_close_socket+0x320/0x320 [ 69.031319][ T273] ? afs_put_call+0xa40/0xa40 [ 69.036086][ T273] rxrpc_notify_socket+0x1db/0x5d0 [ 69.041206][ T273] ? afs_put_call+0xa40/0xa40 [ 69.045883][ T273] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 69.052320][ T273] rxrpc_call_completed+0xca/0xf0 [ 69.057353][ T273] rxrpc_discard_prealloc+0x781/0xab0 [ 69.062730][ T273] ? lock_sock_nested+0x94/0x110 [ 69.067677][ T273] rxrpc_listen+0x147/0x360 [ 69.072273][ T273] afs_close_socket+0x95/0x320 [ 69.077042][ T273] ? afs_purge_servers+0x16d/0x300 [ 69.082160][ T273] ? afs_rx_discard_new_call+0x50/0x50 [ 69.087625][ T273] ? init_wait_var_entry+0x200/0x200 [ 69.092915][ T273] ? rcu_read_lock_held_common+0xa0/0xa0 [ 69.098572][ T273] ? check_preemption_disabled+0x38/0x220 [ 69.104293][ T273] afs_net_exit+0x1bc/0x310 [ 69.108792][ T273] ? afs_net_init+0xe30/0xe30 [ 69.113478][ T273] ops_exit_list.isra.0+0xa8/0x150 [ 69.118594][ T273] cleanup_net+0x511/0xa50 [ 69.123013][ T273] ? unregister_pernet_device+0x70/0x70 [ 69.128580][ T273] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 69.134594][ T273] process_one_work+0x965/0x1690 [ 69.139540][ T273] ? lock_release+0x800/0x800 [ 69.144216][ T273] ? pwq_dec_nr_in_flight+0x310/0x310 [ 69.149595][ T273] ? rwlock_bug.part.0+0x90/0x90 [ 69.154547][ T273] worker_thread+0x96/0xe10 [ 69.159064][ T273] ? process_one_work+0x1690/0x1690 [ 69.164272][ T273] kthread+0x3b5/0x4a0 [ 69.168340][ T273] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.174055][ T273] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.179777][ T273] ret_from_fork+0x1f/0x30 [ 69.184206][ T273] [ 69.186541][ T273] Allocated by task 6854: [ 69.190884][ T273] save_stack+0x1b/0x40 [ 69.195046][ T273] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 69.200680][ T273] kmem_cache_alloc_trace+0x153/0x7d0 [ 69.206048][ T273] afs_alloc_call+0x55/0x630 [ 69.210639][ T273] afs_charge_preallocation+0xe9/0x2d0 [ 69.216099][ T273] afs_open_socket+0x292/0x360 [ 69.220855][ T273] afs_net_init+0xa6c/0xe30 [ 69.225450][ T273] ops_init+0xaf/0x420 [ 69.229512][ T273] setup_net+0x2de/0x860 [ 69.233749][ T273] copy_net_ns+0x293/0x590 [ 69.238167][ T273] create_new_namespaces+0x3fb/0xb30 [ 69.243494][ T273] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 69.249219][ T273] ksys_unshare+0x43d/0x8e0 [ 69.253722][ T273] __x64_sys_unshare+0x2d/0x40 [ 69.258487][ T273] do_syscall_64+0x60/0xe0 [ 69.262929][ T273] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.268807][ T273] [ 69.274688][ T273] Freed by task 273: [ 69.278604][ T273] save_stack+0x1b/0x40 [ 69.282767][ T273] __kasan_slab_free+0xf7/0x140 [ 69.287714][ T273] kfree+0x109/0x2b0 [ 69.291604][ T273] afs_put_call+0x585/0xa40 [ 69.296110][ T273] rxrpc_discard_prealloc+0x764/0xab0 [ 69.301493][ T273] rxrpc_listen+0x147/0x360 [ 69.307491][ T273] afs_close_socket+0x95/0x320 [ 69.312277][ T273] afs_net_exit+0x1bc/0x310 [ 69.316807][ T273] ops_exit_list.isra.0+0xa8/0x150 [ 69.321934][ T273] cleanup_net+0x511/0xa50 [ 69.326351][ T273] process_one_work+0x965/0x1690 [ 69.331287][ T273] worker_thread+0x96/0xe10 [ 69.335787][ T273] kthread+0x3b5/0x4a0 [ 69.339861][ T273] ret_from_fork+0x1f/0x30 [ 69.344267][ T273] [ 69.346609][ T273] The buggy address belongs to the object at ffff8880a45af800 [ 69.346609][ T273] which belongs to the cache kmalloc-1k of size 1024 [ 69.361104][ T273] The buggy address is located 484 bytes inside of [ 69.361104][ T273] 1024-byte region [ffff8880a45af800, ffff8880a45afc00) [ 69.374453][ T273] The buggy address belongs to the page: [ 69.380259][ T273] page:ffffea0002916bc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 69.389460][ T273] flags: 0xfffe0000000200(slab) [ 69.394730][ T273] raw: 00fffe0000000200 ffffea000245b708 ffffea0002477148 ffff8880aa000c40 [ 69.403321][ T273] raw: 0000000000000000 ffff8880a45af000 0000000100000002 0000000000000000 [ 69.411918][ T273] page dumped because: kasan: bad access detected [ 69.420231][ T273] [ 69.422551][ T273] Memory state around the buggy address: [ 69.428288][ T273] ffff8880a45af880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.436348][ T273] ffff8880a45af900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.444491][ T273] >ffff8880a45af980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.452580][ T273] ^ [ 69.459768][ T273] ffff8880a45afa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.468002][ T273] ffff8880a45afa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.476073][ T273] ================================================================== [ 69.484123][ T273] Disabling lock debugging due to kernel taint [ 69.490819][ T273] Kernel panic - not syncing: panic_on_warn set ... [ 69.497422][ T273] CPU: 1 PID: 273 Comm: kworker/u4:6 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 69.507230][ T273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.517297][ T273] Workqueue: netns cleanup_net [ 69.522078][ T273] Call Trace: [ 69.525383][ T273] dump_stack+0x18f/0x20d [ 69.529721][ T273] ? afs_wake_up_async_call+0x680/0x770 [ 69.535289][ T273] ? afs_put_call+0xa40/0xa40 [ 69.540499][ T273] panic+0x2e3/0x75c [ 69.544483][ T273] ? __warn_printk+0xf3/0xf3 [ 69.549191][ T273] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 69.555354][ T273] ? trace_hardirqs_on+0x55/0x220 [ 69.560544][ T273] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.566082][ T273] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.571692][ T273] ? afs_put_call+0xa40/0xa40 [ 69.576484][ T273] end_report+0x4d/0x53 [ 69.581078][ T273] kasan_report.cold+0xd/0x37 [ 69.585753][ T273] ? rcu_read_lock_held_common+0x51/0xa0 [ 69.591413][ T273] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.597044][ T273] afs_wake_up_async_call+0x6aa/0x770 [ 69.602408][ T273] ? afs_close_socket+0x320/0x320 [ 69.607557][ T273] ? afs_put_call+0xa40/0xa40 [ 69.612406][ T273] rxrpc_notify_socket+0x1db/0x5d0 [ 69.617511][ T273] ? afs_put_call+0xa40/0xa40 [ 69.622177][ T273] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 69.628577][ T273] rxrpc_call_completed+0xca/0xf0 [ 69.633594][ T273] rxrpc_discard_prealloc+0x781/0xab0 [ 69.638953][ T273] ? lock_sock_nested+0x94/0x110 [ 69.643872][ T273] rxrpc_listen+0x147/0x360 [ 69.648513][ T273] afs_close_socket+0x95/0x320 [ 69.653357][ T273] ? afs_purge_servers+0x16d/0x300 [ 69.658467][ T273] ? afs_rx_discard_new_call+0x50/0x50 [ 69.664113][ T273] ? init_wait_var_entry+0x200/0x200 [ 69.669414][ T273] ? rcu_read_lock_held_common+0xa0/0xa0 [ 69.675041][ T273] ? check_preemption_disabled+0x38/0x220 [ 69.680743][ T273] afs_net_exit+0x1bc/0x310 [ 69.685224][ T273] ? afs_net_init+0xe30/0xe30 [ 69.689882][ T273] ops_exit_list.isra.0+0xa8/0x150 [ 69.694981][ T273] cleanup_net+0x511/0xa50 [ 69.699372][ T273] ? unregister_pernet_device+0x70/0x70 [ 69.704903][ T273] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 69.710894][ T273] process_one_work+0x965/0x1690 [ 69.718972][ T273] ? lock_release+0x800/0x800 [ 69.723765][ T273] ? pwq_dec_nr_in_flight+0x310/0x310 [ 69.729165][ T273] ? rwlock_bug.part.0+0x90/0x90 [ 69.734089][ T273] worker_thread+0x96/0xe10 [ 69.738580][ T273] ? process_one_work+0x1690/0x1690 [ 69.743777][ T273] kthread+0x3b5/0x4a0 [ 69.747835][ T273] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.753658][ T273] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.759362][ T273] ret_from_fork+0x1f/0x30 [ 69.765239][ T273] Kernel Offset: disabled [ 69.769577][ T273] Rebooting in 86400 seconds..