[ 51.740716][ T6735] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 51.746608][ T6735] RIP: 0033:0x7f61107f9687 [ 51.751182][ T6735] Code: Bad RIP value. [ 51.755225][ T6735] RSP: 002b:00007ffde1ba6cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 51.763614][ T6735] RAX: ffffffffffffffda RBX: 0000559c1446f985 RCX: 00007f61107f9687 [ 51.772296][ T6735] RDX: 00007ffde1ba6b90 RSI: 00000000000001ed RDI: 0000559c1446f985 [ 51.780254][ T6735] RBP: 00007f61107f9680 R08: 0000000000000100 R09: 0000000000000000 [ 51.788236][ T6735] R10: 0000559c1446f980 R11: 0000000000000246 R12: 00000000000001ed [ 51.796222][ T6735] R13: 00007ffde1ba6e50 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 56.006188][ T26] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:2/26 [ 56.015486][ T26] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.021548][ T26] CPU: 0 PID: 26 Comm: kworker/u4:2 Not tainted 5.7.0-next-20200611-syzkaller #0 [ 56.030747][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.040822][ T26] Workqueue: writeback wb_workfn (flush-8:0) [ 56.046783][ T26] Call Trace: [ 56.050081][ T26] dump_stack+0x18f/0x20d [ 56.054413][ T26] check_preemption_disabled+0x20d/0x220 [ 56.060227][ T26] ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.065495][ T26] ? ext4_find_extent+0x81a/0xad0 [ 56.070549][ T26] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.076116][ T26] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 56.083057][ T26] ext4_ext_map_blocks+0x201b/0x33e0 [ 56.088651][ T26] ? ext4_ext_release+0x10/0x10 [ 56.093626][ T26] ? down_write_killable+0x170/0x170 [ 56.098903][ T26] ? ext4_es_lookup_extent+0x41d/0xd10 [ 56.104533][ T26] ext4_map_blocks+0x4cb/0x1640 [ 56.109378][ T26] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 56.115127][ T26] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.120830][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.126790][ T26] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 56.132233][ T26] ext4_writepages+0x1a83/0x33c0 [ 56.137178][ T26] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.142899][ T26] ? __lock_acquire+0x2224/0x48b0 [ 56.147947][ T26] ? ext4_da_get_block_prep+0x1120/0x1120 [ 56.153689][ T26] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.159663][ T26] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.165305][ T26] ? do_writepages+0xf3/0x2a0 [ 56.170225][ T26] do_writepages+0xf3/0x2a0 [ 56.174713][ T26] ? page_writeback_cpu_online+0x10/0x10 [ 56.180327][ T26] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.186219][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.192193][ T26] ? lock_downgrade+0x840/0x840 [ 56.197140][ T26] __writeback_single_inode+0x12a/0x13d0 [ 56.203534][ T26] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 56.209746][ T26] writeback_sb_inodes+0x541/0xe40 [ 56.214864][ T26] ? __writeback_single_inode+0x13d0/0x13d0 [ 56.220748][ T26] __writeback_inodes_wb+0xc6/0x280 [ 56.225928][ T26] wb_writeback+0x8c9/0xd40 [ 56.231203][ T26] ? find_held_lock+0x2d/0x110 [ 56.235958][ T26] ? writeback_inodes_wb.constprop.0+0x1d0/0x1d0 [ 56.242284][ T26] ? cpumask_next+0x3c/0x40 [ 56.246775][ T26] ? get_nr_dirty_inodes+0xd6/0x130 [ 56.252067][ T26] wb_workfn+0xab5/0x1090 [ 56.256393][ T26] ? inode_wait_for_writeback+0x30/0x30 [ 56.261930][ T26] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.267476][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.273478][ T26] process_one_work+0x965/0x1690 [ 56.278414][ T26] ? lock_release+0x800/0x800 [ 56.283101][ T26] ? pwq_dec_nr_in_flight+0x310/0x310 [ 56.288459][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 56.293479][ T26] worker_thread+0x96/0xe10 [ 56.298065][ T26] ? process_one_work+0x1690/0x1690 [ 56.303245][ T26] kthread+0x3b5/0x4a0 [ 56.307339][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.313243][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.319038][ T26] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.0.45' (ECDSA) to the list of known hosts. 2020/06/11 04:12:35 fuzzer started 2020/06/11 04:12:35 connecting to host at 10.128.0.26:46461 2020/06/11 04:12:35 checking machine... 2020/06/11 04:12:35 checking revisions... 2020/06/11 04:12:35 testing simple program... [ 58.024764][ T6799] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6799 [ 58.034629][ T6799] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.040710][ T6799] CPU: 0 PID: 6799 Comm: syz-fuzzer Not tainted 5.7.0-next-20200611-syzkaller #0 [ 58.049838][ T6799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.059884][ T6799] Call Trace: [ 58.063165][ T6799] dump_stack+0x18f/0x20d [ 58.068115][ T6799] check_preemption_disabled+0x20d/0x220 [ 58.073757][ T6799] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.078854][ T6799] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.084401][ T6799] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.090265][ T6799] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.096179][ T6799] ? ext4_ext_release+0x10/0x10 [ 58.101522][ T6799] ? down_write_killable+0x170/0x170 [ 58.107020][ T6799] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.112579][ T6799] ext4_map_blocks+0x4cb/0x1640 [ 58.117548][ T6799] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.122743][ T6799] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.128297][ T6799] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.134266][ T6799] ? prandom_u32_state+0xe/0x170 [ 58.139364][ T6799] ? __brelse+0x84/0xa0 [ 58.143548][ T6799] ? __ext4_new_inode+0x144/0x55e0 [ 58.148669][ T6799] ext4_getblk+0xad/0x520 [ 58.153000][ T6799] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.159681][ T6799] ? ext4_free_inode+0x1700/0x1700 [ 58.164829][ T6799] ext4_bread+0x7c/0x380 [ 58.169090][ T6799] ? ext4_getblk+0x520/0x520 [ 58.173675][ T6799] ? dquot_get_next_dqblk+0x180/0x180 [ 58.180721][ T6799] ext4_append+0x153/0x360 [ 58.185312][ T6799] ext4_mkdir+0x5e0/0xdf0 [ 58.189749][ T6799] ? ext4_rmdir+0xde0/0xde0 [ 58.194870][ T6799] ? security_inode_permission+0xc4/0xf0 [ 58.200566][ T6799] vfs_mkdir+0x419/0x690 [ 58.204988][ T6799] do_mkdirat+0x21e/0x280 [ 58.209318][ T6799] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.214177][ T6799] ? do_syscall_64+0x1c/0xe0 [ 58.218756][ T6799] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.224734][ T6799] do_syscall_64+0x60/0xe0 [ 58.229240][ T6799] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.235119][ T6799] RIP: 0033:0x4b02a0 [ 58.239026][ T6799] Code: Bad RIP value. [ 58.243519][ T6799] RSP: 002b:000000c0000d14b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 58.251907][ T6799] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 58.259860][ T6799] RDX: 00000000000001c0 RSI: 000000c0000da820 RDI: ffffffffffffff9c [ 58.267896][ T6799] RBP: 000000c0000d1510 R08: 0000000000000000 R09: 0000000000000000 [ 58.276380][ T6799] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 58.284487][ T6799] R13: 0000000000000042 R14: 0000000000000041 R15: 0000000000000100 [ 58.302471][ T6808] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6808 [ 58.311922][ T6808] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.319272][ T6808] CPU: 0 PID: 6808 Comm: syz-executor.0 Not tainted 5.7.0-next-20200611-syzkaller #0 [ 58.328825][ T6808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.339210][ T6808] Call Trace: [ 58.342503][ T6808] dump_stack+0x18f/0x20d [ 58.346834][ T6808] check_preemption_disabled+0x20d/0x220 [ 58.352542][ T6808] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.357906][ T6808] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.363352][ T6808] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.369228][ T6808] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.374514][ T6808] ? ext4_ext_release+0x10/0x10 [ 58.379353][ T6808] ? down_write_killable+0x170/0x170 [ 58.384633][ T6808] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.390354][ T6808] ext4_map_blocks+0x4cb/0x1640 [ 58.395201][ T6808] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.400816][ T6808] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.406451][ T6808] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.412422][ T6808] ? prandom_u32_state+0xe/0x170 [ 58.417428][ T6808] ? __brelse+0x84/0xa0 [ 58.421653][ T6808] ? __ext4_new_inode+0x144/0x55e0 [ 58.426757][ T6808] ext4_getblk+0xad/0x520 [ 58.431172][ T6808] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.436871][ T6808] ? ext4_free_inode+0x1700/0x1700 [ 58.442490][ T6808] ext4_bread+0x7c/0x380 [ 58.446708][ T6808] ? ext4_getblk+0x520/0x520 [ 58.452408][ T6808] ? dquot_get_next_dqblk+0x180/0x180 [ 58.457771][ T6808] ext4_append+0x153/0x360 [ 58.462180][ T6808] ext4_mkdir+0x5e0/0xdf0 [ 58.466491][ T6808] ? ext4_rmdir+0xde0/0xde0 [ 58.470971][ T6808] ? security_inode_permission+0xc4/0xf0 [ 58.476588][ T6808] vfs_mkdir+0x419/0x690 [ 58.480823][ T6808] do_mkdirat+0x21e/0x280 [ 58.485152][ T6808] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.489992][ T6808] ? do_syscall_64+0x1c/0xe0 [ 58.494566][ T6808] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.500524][ T6808] do_syscall_64+0x60/0xe0 [ 58.504934][ T6808] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.510812][ T6808] RIP: 0033:0x45bee7 [ 58.514776][ T6808] Code: Bad RIP value. [ 58.518920][ T6808] RSP: 002b:00007ffc8bdae118 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 58.527493][ T6808] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 58.535452][ T6808] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007ffc8bdae2f0 [ 58.543404][ T6808] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002c00 [ 58.551534][ T6808] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 58.559598][ T6808] R13: 00007ffc8bdae2f0 R14: 8421084210842109 R15: 00007ffc8bdae2fc [ 58.642145][ T6809] IPVS: ftp: loaded support on port[0] = 21 [ 58.678271][ T6809] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6809 [ 58.687713][ T6809] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.693774][ T6809] CPU: 1 PID: 6809 Comm: syz-executor.0 Not tainted 5.7.0-next-20200611-syzkaller #0 [ 58.703219][ T6809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.713611][ T6809] Call Trace: [ 58.716998][ T6809] dump_stack+0x18f/0x20d [ 58.721337][ T6809] check_preemption_disabled+0x20d/0x220 [ 58.726987][ T6809] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.732109][ T6809] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.737584][ T6809] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.743320][ T6809] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.748624][ T6809] ? ext4_ext_release+0x10/0x10 [ 58.753491][ T6809] ? down_write_killable+0x170/0x170 [ 58.758763][ T6809] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.764285][ T6809] ext4_map_blocks+0x4cb/0x1640 [ 58.769148][ T6809] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.774353][ T6809] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.779885][ T6809] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.785874][ T6809] ? prandom_u32_state+0xe/0x170 [ 58.790792][ T6809] ? __brelse+0x84/0xa0 [ 58.794940][ T6809] ? __ext4_new_inode+0x144/0x55e0 [ 58.800058][ T6809] ext4_getblk+0xad/0x520 [ 58.804847][ T6809] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.810567][ T6809] ? ext4_free_inode+0x1700/0x1700 [ 58.815657][ T6809] ext4_bread+0x7c/0x380 [ 58.819877][ T6809] ? ext4_getblk+0x520/0x520 [ 58.825164][ T6809] ? dquot_get_next_dqblk+0x180/0x180 [ 58.830519][ T6809] ext4_append+0x153/0x360 [ 58.834932][ T6809] ext4_mkdir+0x5e0/0xdf0 [ 58.839249][ T6809] ? ext4_rmdir+0xde0/0xde0 [ 58.843734][ T6809] ? security_inode_permission+0xc4/0xf0 [ 58.849367][ T6809] vfs_mkdir+0x419/0x690 [ 58.853589][ T6809] do_mkdirat+0x21e/0x280 [ 58.857902][ T6809] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.862757][ T6809] ? do_syscall_64+0x1c/0xe0 [ 58.867353][ T6809] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.873336][ T6809] do_syscall_64+0x60/0xe0 [ 58.877751][ T6809] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.883728][ T6809] RIP: 0033:0x45bee7 [ 58.887703][ T6809] Code: Bad RIP value. [ 58.891758][ T6809] RSP: 002b:00007ffc8bdae008 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 58.900158][ T6809] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 58.908113][ T6809] RDX: 00007ffc8bdae053 RSI: 00000000000001ff RDI: 00007ffc8bdae050 [ 58.916071][ T6809] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 58.924056][ T6809] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 58.932035][ T6809] R13: 00007ffc8bdae040 R14: 0000000000000000 R15: 00007ffc8bdae050 [ 59.002739][ T6809] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6809 [ 59.012322][ T6809] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.018705][ T6809] CPU: 1 PID: 6809 Comm: syz-executor.0 Not tainted 5.7.0-next-20200611-syzkaller #0 [ 59.028152][ T6809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.038299][ T6809] Call Trace: [ 59.041599][ T6809] dump_stack+0x18f/0x20d [ 59.046239][ T6809] check_preemption_disabled+0x20d/0x220 [ 59.052482][ T6809] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.057699][ T6809] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.063492][ T6809] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.069214][ T6809] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.074492][ T6809] ? ext4_ext_release+0x10/0x10 [ 59.079344][ T6809] ? down_write_killable+0x170/0x170 [ 59.084608][ T6809] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.090060][ T6809] ext4_map_blocks+0x4cb/0x1640 [ 59.094908][ T6809] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.100101][ T6809] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.105635][ T6809] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.111607][ T6809] ? prandom_u32_state+0xe/0x170 [ 59.116622][ T6809] ? __brelse+0x84/0xa0 [ 59.120762][ T6809] ? __ext4_new_inode+0x144/0x55e0 [ 59.125861][ T6809] ext4_getblk+0xad/0x520 [ 59.130201][ T6809] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.136011][ T6809] ? ext4_free_inode+0x1700/0x1700 [ 59.141110][ T6809] ext4_bread+0x7c/0x380 [ 59.145344][ T6809] ? ext4_getblk+0x520/0x520 [ 59.150016][ T6809] ? dquot_get_next_dqblk+0x180/0x180 [ 59.155412][ T6809] ext4_append+0x153/0x360 [ 59.159811][ T6809] ext4_mkdir+0x5e0/0xdf0 [ 59.164124][ T6809] ? ext4_rmdir+0xde0/0xde0 [ 59.168627][ T6809] ? security_inode_permission+0xc4/0xf0 [ 59.174258][ T6809] vfs_mkdir+0x419/0x690 [ 59.178494][ T6809] do_mkdirat+0x21e/0x280 [ 59.182820][ T6809] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.187854][ T6809] ? do_syscall_64+0x1c/0xe0 [ 59.192425][ T6809] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.198504][ T6809] do_syscall_64+0x60/0xe0 [ 59.202900][ T6809] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.208777][ T6809] RIP: 0033:0x45bee7 [ 59.212648][ T6809] Code: Bad RIP value. [ 59.216709][ T6809] RSP: 002b:00007ffc8bdae008 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 59.225103][ T6809] RAX: ffffffffffffffda RBX: 000000000000e672 RCX: 000000000045bee7 [ 59.233074][ T6809] RDX: 00007ffc8bdae053 RSI: 00000000000001ff RDI: 00007ffc8bdae050 [ 59.241041][ T6809] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/11 04:12:37 building call list... [ 59.249109][ T6809] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 59.257059][ T6809] R13: 00007ffc8bdae040 R14: 000000000000e660 R15: 00007ffc8bdae050 [ 59.505385][ T26] tipc: TX() has been purged, node left! [ 60.017413][ T26] ================================================================== [ 60.025642][ T26] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 60.033618][ T26] Write of size 1 at addr ffff888093fd79e4 by task kworker/u4:2/26 [ 60.041496][ T26] [ 60.043826][ T26] CPU: 0 PID: 26 Comm: kworker/u4:2 Not tainted 5.7.0-next-20200611-syzkaller #0 [ 60.052919][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.062976][ T26] Workqueue: netns cleanup_net [ 60.067818][ T26] Call Trace: [ 60.071113][ T26] dump_stack+0x18f/0x20d [ 60.075651][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.081194][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.086735][ T26] ? afs_put_call+0xa40/0xa40 [ 60.091513][ T26] print_address_description.constprop.0.cold+0xd3/0x413 [ 60.098725][ T26] ? vprintk_func+0x97/0x1a6 [ 60.103774][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.109848][ T26] kasan_report.cold+0x1f/0x37 [ 60.114628][ T26] ? rcu_read_lock_held_common+0x71/0xa0 [ 60.120260][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.125982][ T26] afs_wake_up_async_call+0x6aa/0x770 [ 60.131449][ T26] ? afs_close_socket+0x320/0x320 [ 60.136743][ T26] ? afs_put_call+0xa40/0xa40 [ 60.141774][ T26] rxrpc_notify_socket+0x1db/0x5d0 [ 60.146896][ T26] ? afs_put_call+0xa40/0xa40 [ 60.151584][ T26] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 60.158001][ T26] rxrpc_call_completed+0xca/0xf0 [ 60.163026][ T26] rxrpc_discard_prealloc+0x781/0xab0 [ 60.168398][ T26] ? lock_sock_nested+0x94/0x110 [ 60.173336][ T26] rxrpc_listen+0x147/0x360 [ 60.177840][ T26] afs_close_socket+0x95/0x320 [ 60.182611][ T26] ? afs_purge_servers+0x16d/0x300 [ 60.187724][ T26] ? afs_rx_discard_new_call+0x50/0x50 [ 60.193185][ T26] ? init_wait_var_entry+0x200/0x200 [ 60.198471][ T26] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.205234][ T26] ? check_preemption_disabled+0x38/0x220 [ 60.210970][ T26] afs_net_exit+0x1bc/0x310 [ 60.215485][ T26] ? afs_net_init+0xe30/0xe30 [ 60.220343][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 60.225463][ T26] cleanup_net+0x511/0xa50 [ 60.229891][ T26] ? unregister_pernet_device+0x70/0x70 [ 60.235442][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.241429][ T26] process_one_work+0x965/0x1690 [ 60.246378][ T26] ? lock_release+0x800/0x800 [ 60.251057][ T26] ? pwq_dec_nr_in_flight+0x310/0x310 [ 60.256516][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 60.261468][ T26] worker_thread+0x96/0xe10 [ 60.266070][ T26] ? process_one_work+0x1690/0x1690 [ 60.271287][ T26] kthread+0x3b5/0x4a0 [ 60.275351][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.281069][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.286797][ T26] ret_from_fork+0x1f/0x30 [ 60.291223][ T26] [ 60.293555][ T26] Allocated by task 6809: [ 60.297882][ T26] save_stack+0x1b/0x40 [ 60.302032][ T26] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 60.307660][ T26] kmem_cache_alloc_trace+0x153/0x7d0 [ 60.313202][ T26] afs_alloc_call+0x55/0x630 [ 60.317787][ T26] afs_charge_preallocation+0xe9/0x2d0 [ 60.323238][ T26] afs_open_socket+0x292/0x360 [ 60.328000][ T26] afs_net_init+0xa6c/0xe30 [ 60.332500][ T26] ops_init+0xaf/0x420 [ 60.336569][ T26] setup_net+0x2de/0x860 [ 60.340805][ T26] copy_net_ns+0x293/0x590 [ 60.345218][ T26] create_new_namespaces+0x3fb/0xb30 [ 60.350503][ T26] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 60.356303][ T26] ksys_unshare+0x43d/0x8e0 [ 60.360809][ T26] __x64_sys_unshare+0x2d/0x40 [ 60.365575][ T26] do_syscall_64+0x60/0xe0 [ 60.370502][ T26] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.376378][ T26] [ 60.378701][ T26] Freed by task 26: [ 60.382680][ T26] save_stack+0x1b/0x40 [ 60.386830][ T26] __kasan_slab_free+0xf7/0x140 [ 60.391674][ T26] kfree+0x109/0x2b0 [ 60.395585][ T26] afs_put_call+0x585/0xa40 [ 60.400089][ T26] rxrpc_discard_prealloc+0x764/0xab0 [ 60.405477][ T26] rxrpc_listen+0x147/0x360 [ 60.409974][ T26] afs_close_socket+0x95/0x320 [ 60.414729][ T26] afs_net_exit+0x1bc/0x310 [ 60.419225][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 60.424684][ T26] cleanup_net+0x511/0xa50 [ 60.429107][ T26] process_one_work+0x965/0x1690 [ 60.434579][ T26] worker_thread+0x96/0xe10 [ 60.439085][ T26] kthread+0x3b5/0x4a0 [ 60.443150][ T26] ret_from_fork+0x1f/0x30 [ 60.447555][ T26] [ 60.449884][ T26] The buggy address belongs to the object at ffff888093fd7800 [ 60.449884][ T26] which belongs to the cache kmalloc-1k of size 1024 [ 60.463932][ T26] The buggy address is located 484 bytes inside of [ 60.463932][ T26] 1024-byte region [ffff888093fd7800, ffff888093fd7c00) [ 60.477278][ T26] The buggy address belongs to the page: [ 60.482910][ T26] page:ffffea00024ff5c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 60.492008][ T26] flags: 0xfffe0000000200(slab) [ 60.496859][ T26] raw: 00fffe0000000200 ffffea00027d2e88 ffffea000287ac88 ffff8880aa000c40 [ 60.505440][ T26] raw: 0000000000000000 ffff888093fd7000 0000000100000002 0000000000000000 [ 60.514186][ T26] page dumped because: kasan: bad access detected [ 60.520968][ T26] [ 60.523304][ T26] Memory state around the buggy address: [ 60.528928][ T26] ffff888093fd7880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.537070][ T26] ffff888093fd7900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.545145][ T26] >ffff888093fd7980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.553282][ T26] ^ [ 60.560472][ T26] ffff888093fd7a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.568536][ T26] ffff888093fd7a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.576585][ T26] ================================================================== [ 60.584634][ T26] Disabling lock debugging due to kernel taint [ 60.590852][ T26] Kernel panic - not syncing: panic_on_warn set ... [ 60.597561][ T26] CPU: 0 PID: 26 Comm: kworker/u4:2 Tainted: G B 5.7.0-next-20200611-syzkaller #0 [ 60.608047][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.618109][ T26] Workqueue: netns cleanup_net [ 60.622868][ T26] Call Trace: [ 60.626160][ T26] dump_stack+0x18f/0x20d [ 60.630489][ T26] ? afs_wake_up_async_call+0x660/0x770 [ 60.636117][ T26] ? afs_put_call+0xa40/0xa40 [ 60.640791][ T26] panic+0x2e3/0x75c [ 60.644716][ T26] ? __warn_printk+0xf3/0xf3 [ 60.649305][ T26] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 60.655459][ T26] ? trace_hardirqs_on+0x55/0x220 [ 60.660468][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.665997][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.671627][ T26] ? afs_put_call+0xa40/0xa40 [ 60.676334][ T26] end_report+0x4d/0x53 [ 60.680484][ T26] kasan_report.cold+0xd/0x37 [ 60.685151][ T26] ? rcu_read_lock_held_common+0x71/0xa0 [ 60.690769][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.696310][ T26] afs_wake_up_async_call+0x6aa/0x770 [ 60.702411][ T26] ? afs_close_socket+0x320/0x320 [ 60.707475][ T26] ? afs_put_call+0xa40/0xa40 [ 60.712236][ T26] rxrpc_notify_socket+0x1db/0x5d0 [ 60.717518][ T26] ? afs_put_call+0xa40/0xa40 [ 60.722193][ T26] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 60.728586][ T26] rxrpc_call_completed+0xca/0xf0 [ 60.733609][ T26] rxrpc_discard_prealloc+0x781/0xab0 [ 60.738986][ T26] ? lock_sock_nested+0x94/0x110 [ 60.744004][ T26] rxrpc_listen+0x147/0x360 [ 60.748670][ T26] afs_close_socket+0x95/0x320 [ 60.753438][ T26] ? afs_purge_servers+0x16d/0x300 [ 60.758578][ T26] ? afs_rx_discard_new_call+0x50/0x50 [ 60.764466][ T26] ? init_wait_var_entry+0x200/0x200 [ 60.769735][ T26] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.775364][ T26] ? check_preemption_disabled+0x38/0x220 [ 60.781608][ T26] afs_net_exit+0x1bc/0x310 [ 60.786108][ T26] ? afs_net_init+0xe30/0xe30 [ 60.790769][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 60.795910][ T26] cleanup_net+0x511/0xa50 [ 60.800420][ T26] ? unregister_pernet_device+0x70/0x70 [ 60.806512][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.812776][ T26] process_one_work+0x965/0x1690 [ 60.817709][ T26] ? lock_release+0x800/0x800 [ 60.822475][ T26] ? pwq_dec_nr_in_flight+0x310/0x310 [ 60.827954][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 60.832981][ T26] worker_thread+0x96/0xe10 [ 60.837496][ T26] ? process_one_work+0x1690/0x1690 [ 60.842783][ T26] kthread+0x3b5/0x4a0 [ 60.847108][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.852843][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.858638][ T26] ret_from_fork+0x1f/0x30 [ 60.864599][ T26] Kernel Offset: disabled [ 60.868924][ T26] Rebooting in 86400 seconds..