[ 57.564744][ T246] process_one_work+0x965/0x1690 [ 57.569701][ T246] ? lock_release+0x800/0x800 [ 57.574392][ T246] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.579775][ T246] ? rwlock_bug.part.0+0x90/0x90 [ 57.584732][ T246] worker_thread+0x96/0xe10 [ 57.589257][ T246] ? process_one_work+0x1690/0x1690 [ 57.594493][ T246] kthread+0x3b5/0x4a0 [ 57.598577][ T246] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.604315][ T246] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.610048][ T246] ret_from_fork+0x1f/0x30 [ 59.985563][ T6778] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6778 [ 59.995128][ T6778] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.001104][ T6778] CPU: 0 PID: 6778 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 60.009674][ T6778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.019704][ T6778] Call Trace: [ 60.023001][ T6778] dump_stack+0x18f/0x20d [ 60.027340][ T6778] check_preemption_disabled+0x20d/0x220 [ 60.032950][ T6778] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.038055][ T6778] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.043500][ T6778] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.049211][ T6778] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.054492][ T6778] ? ext4_ext_release+0x10/0x10 [ 60.059347][ T6778] ? down_write_killable+0x170/0x170 [ 60.064621][ T6778] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.070075][ T6778] ext4_map_blocks+0x4cb/0x1640 [ 60.074919][ T6778] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.080120][ T6778] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.085690][ T6778] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.091670][ T6778] ? prandom_u32_state+0xe/0x170 [ 60.096594][ T6778] ? __brelse+0x84/0xa0 [ 60.100729][ T6778] ? __ext4_new_inode+0x144/0x55e0 [ 60.105828][ T6778] ext4_getblk+0xad/0x520 [ 60.110153][ T6778] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.115860][ T6778] ? ext4_free_inode+0x1700/0x1700 [ 60.120952][ T6778] ext4_bread+0x7c/0x380 [ 60.125190][ T6778] ? ext4_getblk+0x520/0x520 [ 60.129771][ T6778] ? dquot_get_next_dqblk+0x180/0x180 [ 60.135142][ T6778] ext4_append+0x153/0x360 [ 60.139631][ T6778] ext4_mkdir+0x5e0/0xdf0 [ 60.143963][ T6778] ? ext4_rmdir+0xde0/0xde0 [ 60.148462][ T6778] ? security_inode_permission+0xc4/0xf0 [ 60.154088][ T6778] vfs_mkdir+0x419/0x690 [ 60.158324][ T6778] do_mkdirat+0x21e/0x280 [ 60.162639][ T6778] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.167487][ T6778] ? do_syscall_64+0x1c/0xe0 [ 60.172191][ T6778] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.178165][ T6778] do_syscall_64+0x60/0xe0 [ 60.182576][ T6778] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.189596][ T6778] RIP: 0033:0x7fe834b5b687 [ 60.193988][ T6778] Code: Bad RIP value. [ 60.198045][ T6778] RSP: 002b:00007ffed2f57868 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 60.206442][ T6778] RAX: ffffffffffffffda RBX: 00005636794ae985 RCX: 00007fe834b5b687 [ 60.214423][ T6778] RDX: 00007ffed2f57730 RSI: 00000000000001ed RDI: 00005636794ae985 [ 60.222378][ T6778] RBP: 00007fe834b5b680 R08: 0000000000000100 R09: 0000000000000000 [ 60.230355][ T6778] R10: 00005636794ae980 R11: 0000000000000246 R12: 00000000000001ed [ 60.238322][ T6778] R13: 00007ffed2f579f0 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.87' (ECDSA) to the list of known hosts. 2020/06/16 00:33:02 fuzzer started 2020/06/16 00:33:02 connecting to host at 10.128.0.26:41439 2020/06/16 00:33:02 checking machine... 2020/06/16 00:33:02 checking revisions... 2020/06/16 00:33:02 testing simple program... syzkaller login: [ 64.796538][ T6788] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6788 [ 64.808796][ T6788] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.814799][ T6788] CPU: 0 PID: 6788 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 64.823046][ T6788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.833097][ T6788] Call Trace: [ 64.836381][ T6788] dump_stack+0x18f/0x20d [ 64.840954][ T6788] check_preemption_disabled+0x20d/0x220 [ 64.846569][ T6788] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.851875][ T6788] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.857333][ T6788] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.863164][ T6788] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.868554][ T6788] ? ext4_ext_release+0x10/0x10 [ 64.873415][ T6788] ? down_write_killable+0x170/0x170 [ 64.878706][ T6788] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.884260][ T6788] ext4_map_blocks+0x4cb/0x1640 [ 64.889104][ T6788] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.894325][ T6788] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.899923][ T6788] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.906007][ T6788] ? prandom_u32_state+0xe/0x170 [ 64.910988][ T6788] ? __brelse+0x84/0xa0 [ 64.915138][ T6788] ? __ext4_new_inode+0x144/0x55e0 [ 64.920452][ T6788] ext4_getblk+0xad/0x520 [ 64.924787][ T6788] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.930493][ T6788] ? ext4_free_inode+0x1700/0x1700 [ 64.935589][ T6788] ext4_bread+0x7c/0x380 [ 64.939812][ T6788] ? ext4_getblk+0x520/0x520 [ 64.944655][ T6788] ? dquot_get_next_dqblk+0x180/0x180 [ 64.950543][ T6788] ext4_append+0x153/0x360 [ 64.955226][ T6788] ext4_mkdir+0x5e0/0xdf0 [ 64.959552][ T6788] ? ext4_rmdir+0xde0/0xde0 [ 64.964077][ T6788] ? security_inode_permission+0xc4/0xf0 [ 64.969717][ T6788] vfs_mkdir+0x419/0x690 [ 64.973979][ T6788] do_mkdirat+0x21e/0x280 [ 64.978295][ T6788] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.983132][ T6788] ? do_syscall_64+0x1c/0xe0 [ 64.988231][ T6788] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.994585][ T6788] do_syscall_64+0x60/0xe0 [ 64.999197][ T6788] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.005176][ T6788] RIP: 0033:0x4b02a0 [ 65.009042][ T6788] Code: Bad RIP value. [ 65.013296][ T6788] RSP: 002b:000000c0000d94b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 65.021792][ T6788] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 65.029753][ T6788] RDX: 00000000000001c0 RSI: 000000c0000c2300 RDI: ffffffffffffff9c [ 65.037706][ T6788] RBP: 000000c0000d9510 R08: 0000000000000000 R09: 0000000000000000 [ 65.045677][ T6788] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 65.053711][ T6788] R13: 0000000000000019 R14: 0000000000000018 R15: 0000000000000100 [ 65.077969][ T6803] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6803 [ 65.087633][ T6803] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.093870][ T6803] CPU: 1 PID: 6803 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.102476][ T6803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.112574][ T6803] Call Trace: [ 65.115885][ T6803] dump_stack+0x18f/0x20d [ 65.120305][ T6803] check_preemption_disabled+0x20d/0x220 [ 65.125933][ T6803] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.131031][ T6803] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.136568][ T6803] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.142284][ T6803] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.147576][ T6803] ? ext4_ext_release+0x10/0x10 [ 65.152594][ T6803] ? down_write_killable+0x170/0x170 [ 65.157967][ T6803] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.163420][ T6803] ext4_map_blocks+0x4cb/0x1640 [ 65.168286][ T6803] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.173472][ T6803] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.179005][ T6803] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.184969][ T6803] ? prandom_u32_state+0xe/0x170 [ 65.189909][ T6803] ? __brelse+0x84/0xa0 [ 65.194059][ T6803] ? __ext4_new_inode+0x144/0x55e0 [ 65.199151][ T6803] ext4_getblk+0xad/0x520 [ 65.203526][ T6803] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.209429][ T6803] ? ext4_free_inode+0x1700/0x1700 [ 65.214531][ T6803] ext4_bread+0x7c/0x380 [ 65.218801][ T6803] ? ext4_getblk+0x520/0x520 [ 65.223384][ T6803] ? dquot_get_next_dqblk+0x180/0x180 [ 65.228746][ T6803] ext4_append+0x153/0x360 [ 65.233172][ T6803] ext4_mkdir+0x5e0/0xdf0 [ 65.237507][ T6803] ? ext4_rmdir+0xde0/0xde0 [ 65.242007][ T6803] ? security_inode_permission+0xc4/0xf0 [ 65.249296][ T6803] vfs_mkdir+0x419/0x690 [ 65.253535][ T6803] do_mkdirat+0x21e/0x280 [ 65.258123][ T6803] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.263141][ T6803] ? do_syscall_64+0x1c/0xe0 [ 65.267899][ T6803] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.274121][ T6803] do_syscall_64+0x60/0xe0 [ 65.278619][ T6803] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.284525][ T6803] RIP: 0033:0x45bed7 [ 65.288597][ T6803] Code: Bad RIP value. [ 65.292670][ T6803] RSP: 002b:00007ffe2209ade8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 65.301084][ T6803] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 65.309066][ T6803] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffe2209afc0 [ 65.317050][ T6803] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003940 [ 65.325043][ T6803] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 65.333035][ T6803] R13: 00007ffe2209afc0 R14: 8421084210842109 R15: 00007ffe2209afcc [ 65.437905][ T6805] IPVS: ftp: loaded support on port[0] = 21 [ 65.475795][ T6805] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6805 [ 65.485286][ T6805] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.491183][ T6805] CPU: 1 PID: 6805 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.499745][ T6805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.509790][ T6805] Call Trace: [ 65.513065][ T6805] dump_stack+0x18f/0x20d [ 65.517396][ T6805] check_preemption_disabled+0x20d/0x220 [ 65.523008][ T6805] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.528107][ T6805] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.533554][ T6805] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.539257][ T6805] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.545162][ T6805] ? ext4_ext_release+0x10/0x10 [ 65.550038][ T6805] ? down_write_killable+0x170/0x170 [ 65.555402][ T6805] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.560872][ T6805] ext4_map_blocks+0x4cb/0x1640 [ 65.565755][ T6805] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.571271][ T6805] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.576907][ T6805] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.582897][ T6805] ? prandom_u32_state+0xe/0x170 [ 65.587815][ T6805] ? __brelse+0x84/0xa0 [ 65.591950][ T6805] ? __ext4_new_inode+0x144/0x55e0 [ 65.597044][ T6805] ext4_getblk+0xad/0x520 [ 65.601366][ T6805] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.607102][ T6805] ? ext4_free_inode+0x1700/0x1700 [ 65.612208][ T6805] ext4_bread+0x7c/0x380 [ 65.616452][ T6805] ? ext4_getblk+0x520/0x520 [ 65.621029][ T6805] ? dquot_get_next_dqblk+0x180/0x180 [ 65.626387][ T6805] ext4_append+0x153/0x360 [ 65.630888][ T6805] ext4_mkdir+0x5e0/0xdf0 [ 65.635203][ T6805] ? ext4_rmdir+0xde0/0xde0 [ 65.639693][ T6805] ? security_inode_permission+0xc4/0xf0 [ 65.645499][ T6805] vfs_mkdir+0x419/0x690 [ 65.649734][ T6805] do_mkdirat+0x21e/0x280 [ 65.654044][ T6805] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.658874][ T6805] ? do_syscall_64+0x1c/0xe0 [ 65.663455][ T6805] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.669439][ T6805] do_syscall_64+0x60/0xe0 [ 65.673898][ T6805] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.681768][ T6805] RIP: 0033:0x45bed7 [ 65.685644][ T6805] Code: Bad RIP value. [ 65.689684][ T6805] RSP: 002b:00007ffe2209acd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 65.698081][ T6805] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 65.706041][ T6805] RDX: 00007ffe2209ad23 RSI: 00000000000001ff RDI: 00007ffe2209ad20 [ 65.713992][ T6805] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 65.721943][ T6805] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 65.729893][ T6805] R13: 00007ffe2209ad10 R14: 0000000000000000 R15: 00007ffe2209ad20 [ 65.785459][ T6805] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6805 [ 65.795200][ T6805] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.801111][ T6805] CPU: 0 PID: 6805 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.809704][ T6805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.819763][ T6805] Call Trace: [ 65.823070][ T6805] dump_stack+0x18f/0x20d [ 65.827428][ T6805] check_preemption_disabled+0x20d/0x220 [ 65.833072][ T6805] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.838215][ T6805] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.843685][ T6805] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.849426][ T6805] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.854733][ T6805] ? ext4_ext_release+0x10/0x10 [ 65.859624][ T6805] ? down_write_killable+0x170/0x170 [ 65.865158][ T6805] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.870605][ T6805] ext4_map_blocks+0x4cb/0x1640 [ 65.875498][ T6805] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.880783][ T6805] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.886341][ T6805] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.892693][ T6805] ? prandom_u32_state+0xe/0x170 [ 65.897773][ T6805] ? __brelse+0x84/0xa0 [ 65.901922][ T6805] ? __ext4_new_inode+0x144/0x55e0 [ 65.907146][ T6805] ext4_getblk+0xad/0x520 [ 65.911473][ T6805] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.917366][ T6805] ? ext4_free_inode+0x1700/0x1700 [ 65.922478][ T6805] ext4_bread+0x7c/0x380 [ 65.926741][ T6805] ? ext4_getblk+0x520/0x520 [ 65.931461][ T6805] ? dquot_get_next_dqblk+0x180/0x180 [ 65.936876][ T6805] ext4_append+0x153/0x360 [ 65.941279][ T6805] ext4_mkdir+0x5e0/0xdf0 [ 65.945669][ T6805] ? ext4_rmdir+0xde0/0xde0 [ 65.950176][ T6805] ? security_inode_permission+0xc4/0xf0 [ 65.956147][ T6805] vfs_mkdir+0x419/0x690 [ 65.960487][ T6805] do_mkdirat+0x21e/0x280 [ 65.964804][ T6805] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.969658][ T6805] ? do_syscall_64+0x1c/0xe0 [ 65.974258][ T6805] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.980299][ T6805] do_syscall_64+0x60/0xe0 [ 65.984806][ T6805] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.990994][ T6805] RIP: 0033:0x45bed7 [ 65.994873][ T6805] Code: Bad RIP value. [ 65.998919][ T6805] RSP: 002b:00007ffe2209acd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 66.007322][ T6805] RAX: ffffffffffffffda RBX: 00000000000100ed RCX: 000000000045bed7 [ 66.015277][ T6805] RDX: 00007ffe2209ad23 RSI: 00000000000001ff RDI: 00007ffe2209ad20 [ 66.023317][ T6805] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/16 00:33:03 building call list... [ 66.031446][ T6805] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 66.039517][ T6805] R13: 00007ffe2209ad10 R14: 00000000000100e3 R15: 00007ffe2209ad20 [ 66.331557][ T33] tipc: TX() has been purged, node left! [ 66.823903][ T33] ================================================================== [ 66.832255][ T33] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 66.840139][ T33] Write of size 1 at addr ffff8880a459b9e4 by task kworker/u4:3/33 [ 66.848012][ T33] [ 66.850344][ T33] CPU: 0 PID: 33 Comm: kworker/u4:3 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.858572][ T33] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.868643][ T33] Workqueue: netns cleanup_net [ 66.873400][ T33] Call Trace: [ 66.876692][ T33] dump_stack+0x18f/0x20d [ 66.881022][ T33] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.886565][ T33] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.892107][ T33] ? afs_put_call+0xa40/0xa40 [ 66.896786][ T33] print_address_description.constprop.0.cold+0xd3/0x413 [ 66.903813][ T33] ? vprintk_func+0x97/0x1a6 [ 66.908405][ T33] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.913947][ T33] kasan_report.cold+0x1f/0x37 [ 66.918731][ T33] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.924358][ T33] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.929925][ T33] afs_wake_up_async_call+0x6aa/0x770 [ 66.935291][ T33] ? afs_close_socket+0x320/0x320 [ 66.940320][ T33] ? afs_put_call+0xa40/0xa40 [ 66.945081][ T33] rxrpc_notify_socket+0x1db/0x5d0 [ 66.950194][ T33] ? afs_put_call+0xa40/0xa40 [ 66.954872][ T33] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.961297][ T33] rxrpc_call_completed+0xca/0xf0 [ 66.966333][ T33] rxrpc_discard_prealloc+0x781/0xab0 [ 66.971709][ T33] ? lock_sock_nested+0x94/0x110 [ 66.976664][ T33] rxrpc_listen+0x147/0x360 [ 66.981255][ T33] afs_close_socket+0x95/0x320 [ 66.986024][ T33] ? afs_purge_servers+0x16d/0x300 [ 66.991136][ T33] ? afs_rx_discard_new_call+0x50/0x50 [ 66.996599][ T33] ? init_wait_var_entry+0x200/0x200 [ 67.001904][ T33] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.007545][ T33] ? check_preemption_disabled+0x38/0x220 [ 67.013275][ T33] afs_net_exit+0x1bc/0x310 [ 67.017773][ T33] ? afs_net_init+0xe30/0xe30 [ 67.022448][ T33] ops_exit_list.isra.0+0xa8/0x150 [ 67.027591][ T33] cleanup_net+0x511/0xa50 [ 67.032096][ T33] ? unregister_pernet_device+0x70/0x70 [ 67.037800][ T33] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.043801][ T33] process_one_work+0x965/0x1690 [ 67.048775][ T33] ? lock_release+0x800/0x800 [ 67.053727][ T33] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.059101][ T33] ? rwlock_bug.part.0+0x90/0x90 [ 67.064049][ T33] worker_thread+0x96/0xe10 [ 67.068572][ T33] ? process_one_work+0x1690/0x1690 [ 67.073769][ T33] kthread+0x3b5/0x4a0 [ 67.077835][ T33] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.083561][ T33] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.089300][ T33] ret_from_fork+0x1f/0x30 [ 67.093723][ T33] [ 67.096044][ T33] Allocated by task 6805: [ 67.100370][ T33] save_stack+0x1b/0x40 [ 67.104530][ T33] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 67.110175][ T33] kmem_cache_alloc_trace+0x153/0x7d0 [ 67.115544][ T33] afs_alloc_call+0x55/0x630 [ 67.120144][ T33] afs_charge_preallocation+0xe9/0x2d0 [ 67.125596][ T33] afs_open_socket+0x292/0x360 [ 67.130356][ T33] afs_net_init+0xa6c/0xe30 [ 67.134853][ T33] ops_init+0xaf/0x420 [ 67.138918][ T33] setup_net+0x2de/0x860 [ 67.143166][ T33] copy_net_ns+0x293/0x590 [ 67.147594][ T33] create_new_namespaces+0x3fb/0xb30 [ 67.152879][ T33] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 67.158540][ T33] ksys_unshare+0x43d/0x8e0 [ 67.163082][ T33] __x64_sys_unshare+0x2d/0x40 [ 67.167884][ T33] do_syscall_64+0x60/0xe0 [ 67.172301][ T33] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.178365][ T33] [ 67.180688][ T33] Freed by task 33: [ 67.184491][ T33] save_stack+0x1b/0x40 [ 67.188645][ T33] __kasan_slab_free+0xf7/0x140 [ 67.193497][ T33] kfree+0x109/0x2b0 [ 67.197402][ T33] afs_put_call+0x585/0xa40 [ 67.201913][ T33] rxrpc_discard_prealloc+0x764/0xab0 [ 67.207277][ T33] rxrpc_listen+0x147/0x360 [ 67.211784][ T33] afs_close_socket+0x95/0x320 [ 67.216539][ T33] afs_net_exit+0x1bc/0x310 [ 67.221054][ T33] ops_exit_list.isra.0+0xa8/0x150 [ 67.226170][ T33] cleanup_net+0x511/0xa50 [ 67.230683][ T33] process_one_work+0x965/0x1690 [ 67.235624][ T33] worker_thread+0x96/0xe10 [ 67.240129][ T33] kthread+0x3b5/0x4a0 [ 67.244449][ T33] ret_from_fork+0x1f/0x30 [ 67.248916][ T33] [ 67.251247][ T33] The buggy address belongs to the object at ffff8880a459b800 [ 67.251247][ T33] which belongs to the cache kmalloc-1k of size 1024 [ 67.265681][ T33] The buggy address is located 484 bytes inside of [ 67.265681][ T33] 1024-byte region [ffff8880a459b800, ffff8880a459bc00) [ 67.284196][ T33] The buggy address belongs to the page: [ 67.289838][ T33] page:ffffea00029166c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 67.299031][ T33] flags: 0xfffe0000000200(slab) [ 67.305023][ T33] raw: 00fffe0000000200 ffffea00025fe9c8 ffffea0002499248 ffff8880aa000c40 [ 67.313969][ T33] raw: 0000000000000000 ffff8880a459b000 0000000100000002 0000000000000000 [ 67.324928][ T33] page dumped because: kasan: bad access detected [ 67.331349][ T33] [ 67.333669][ T33] Memory state around the buggy address: [ 67.339385][ T33] ffff8880a459b880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.347530][ T33] ffff8880a459b900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.355596][ T33] >ffff8880a459b980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.363649][ T33] ^ [ 67.370842][ T33] ffff8880a459ba00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.378899][ T33] ffff8880a459ba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.387068][ T33] ================================================================== [ 67.395120][ T33] Disabling lock debugging due to kernel taint [ 67.401329][ T33] Kernel panic - not syncing: panic_on_warn set ... [ 67.408177][ T33] CPU: 0 PID: 33 Comm: kworker/u4:3 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 67.417877][ T33] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.428361][ T33] Workqueue: netns cleanup_net [ 67.433245][ T33] Call Trace: [ 67.436540][ T33] dump_stack+0x18f/0x20d [ 67.440866][ T33] ? afs_wake_up_async_call+0x670/0x770 [ 67.446401][ T33] ? afs_put_call+0xa40/0xa40 [ 67.451068][ T33] panic+0x2e3/0x75c [ 67.454959][ T33] ? __warn_printk+0xf3/0xf3 [ 67.459565][ T33] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 67.465728][ T33] ? trace_hardirqs_on+0x55/0x220 [ 67.470742][ T33] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.476275][ T33] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.481809][ T33] ? afs_put_call+0xa40/0xa40 [ 67.486507][ T33] end_report+0x4d/0x53 [ 67.490653][ T33] kasan_report.cold+0xd/0x37 [ 67.495327][ T33] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.501046][ T33] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.506586][ T33] afs_wake_up_async_call+0x6aa/0x770 [ 67.511972][ T33] ? afs_close_socket+0x320/0x320 [ 67.516987][ T33] ? afs_put_call+0xa40/0xa40 [ 67.521670][ T33] rxrpc_notify_socket+0x1db/0x5d0 [ 67.526947][ T33] ? afs_put_call+0xa40/0xa40 [ 67.531620][ T33] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.538983][ T33] rxrpc_call_completed+0xca/0xf0 [ 67.544004][ T33] rxrpc_discard_prealloc+0x781/0xab0 [ 67.549390][ T33] ? lock_sock_nested+0x94/0x110 [ 67.554326][ T33] rxrpc_listen+0x147/0x360 [ 67.558824][ T33] afs_close_socket+0x95/0x320 [ 67.563581][ T33] ? afs_purge_servers+0x16d/0x300 [ 67.568694][ T33] ? afs_rx_discard_new_call+0x50/0x50 [ 67.574510][ T33] ? init_wait_var_entry+0x200/0x200 [ 67.579794][ T33] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.586390][ T33] ? check_preemption_disabled+0x38/0x220 [ 67.592126][ T33] afs_net_exit+0x1bc/0x310 [ 67.596621][ T33] ? afs_net_init+0xe30/0xe30 [ 67.602249][ T33] ops_exit_list.isra.0+0xa8/0x150 [ 67.607353][ T33] cleanup_net+0x511/0xa50 [ 67.611761][ T33] ? unregister_pernet_device+0x70/0x70 [ 67.617309][ T33] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.623375][ T33] process_one_work+0x965/0x1690 [ 67.628307][ T33] ? lock_release+0x800/0x800 [ 67.632977][ T33] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.638339][ T33] ? rwlock_bug.part.0+0x90/0x90 [ 67.643297][ T33] worker_thread+0x96/0xe10 [ 67.647800][ T33] ? process_one_work+0x1690/0x1690 [ 67.652999][ T33] kthread+0x3b5/0x4a0 [ 67.657065][ T33] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.662777][ T33] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.668487][ T33] ret_from_fork+0x1f/0x30 [ 67.674499][ T33] Kernel Offset: disabled [ 67.678816][ T33] Rebooting in 86400 seconds..