[ 52.853194][ T6729] ext4_mkdir+0x5e0/0xdf0 [ 52.857500][ T6729] ? ext4_rmdir+0xde0/0xde0 [ 52.861986][ T6729] ? security_inode_permission+0xc4/0xf0 [ 52.867619][ T6729] vfs_mkdir+0x419/0x690 [ 52.871840][ T6729] do_mkdirat+0x21e/0x280 [ 52.876145][ T6729] ? __ia32_sys_mknod+0xb0/0xb0 [ 52.880974][ T6729] ? do_syscall_64+0x1c/0xe0 [ 52.885540][ T6729] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 52.891501][ T6729] do_syscall_64+0x60/0xe0 [ 52.895892][ T6729] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 52.901760][ T6729] RIP: 0033:0x7fe03a3c2687 [ 52.906144][ T6729] Code: Bad RIP value. [ 52.910199][ T6729] RSP: 002b:00007fff65a01628 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 52.918606][ T6729] RAX: ffffffffffffffda RBX: 000055acc648b985 RCX: 00007fe03a3c2687 [ 52.926553][ T6729] RDX: 00007fff65a014f0 RSI: 00000000000001ed RDI: 000055acc648b985 [ 52.934500][ T6729] RBP: 00007fe03a3c2680 R08: 0000000000000100 R09: 0000000000000000 [ 52.942459][ T6729] R10: 000055acc648b980 R11: 0000000000000246 R12: 00000000000001ed [ 52.950414][ T6729] R13: 00007fff65a017b0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 56.927270][ T7] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:0/7 [ 56.936297][ T7] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.942299][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 56.951489][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.961532][ T7] Workqueue: writeback wb_workfn (flush-8:0) [ 56.967487][ T7] Call Trace: [ 56.970803][ T7] dump_stack+0x18f/0x20d [ 56.975136][ T7] check_preemption_disabled+0x20d/0x220 [ 56.980749][ T7] ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.985848][ T7] ? ext4_find_extent+0x81a/0xad0 [ 56.990853][ T7] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.996296][ T7] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 57.001994][ T7] ext4_ext_map_blocks+0x201b/0x33e0 [ 57.007275][ T7] ? ext4_ext_release+0x10/0x10 [ 57.012113][ T7] ? down_write_killable+0x170/0x170 [ 57.017373][ T7] ? ext4_es_lookup_extent+0x41d/0xd10 [ 57.022811][ T7] ext4_map_blocks+0x4cb/0x1640 [ 57.027644][ T7] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 57.032818][ T7] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.038567][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.044521][ T7] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 57.049957][ T7] ext4_writepages+0x1a83/0x33c0 [ 57.054887][ T7] ? __ext4_mark_inode_dirty+0x940/0x940 [ 57.060502][ T7] ? __lock_acquire+0x2224/0x48b0 [ 57.065511][ T7] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.071475][ T7] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.077444][ T7] ? __ext4_mark_inode_dirty+0x940/0x940 [ 57.083061][ T7] ? do_writepages+0xf3/0x2a0 [ 57.087721][ T7] do_writepages+0xf3/0x2a0 [ 57.092225][ T7] ? page_writeback_cpu_online+0x10/0x10 [ 57.097844][ T7] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.103378][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.109351][ T7] ? lock_downgrade+0x840/0x840 [ 57.114186][ T7] __writeback_single_inode+0x12a/0x13d0 [ 57.119808][ T7] ? _raw_spin_unlock+0x24/0x40 [ 57.124649][ T7] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 57.130620][ T7] writeback_sb_inodes+0x515/0xdc0 [ 57.135819][ T7] ? __writeback_single_inode+0x13d0/0x13d0 [ 57.141731][ T7] __writeback_inodes_wb+0xc3/0x250 [ 57.146913][ T7] wb_writeback+0x8c8/0xd40 [ 57.151402][ T7] ? writeback_inodes_wb.constprop.0+0x190/0x190 [ 57.157742][ T7] ? cpumask_next+0x3c/0x40 [ 57.162226][ T7] ? get_nr_dirty_inodes+0xd6/0x130 [ 57.167404][ T7] wb_workfn+0xab3/0x1090 [ 57.171743][ T7] ? inode_wait_for_writeback+0x30/0x30 [ 57.177270][ T7] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.182887][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.188859][ T7] process_one_work+0x965/0x1690 [ 57.193779][ T7] ? lock_release+0x800/0x800 [ 57.198516][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.203878][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 57.208807][ T7] worker_thread+0x96/0xe10 [ 57.213304][ T7] ? process_one_work+0x1690/0x1690 [ 57.218583][ T7] kthread+0x3b5/0x4a0 [ 57.222628][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.228321][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.234030][ T7] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts. 2020/06/13 03:08:45 fuzzer started 2020/06/13 03:08:45 connecting to host at 10.128.0.26:42059 2020/06/13 03:08:45 checking machine... 2020/06/13 03:08:45 checking revisions... 2020/06/13 03:08:45 testing simple program... [ 58.747551][ T6817] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6817 [ 58.757100][ T6817] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.763115][ T6817] CPU: 0 PID: 6817 Comm: syz-fuzzer Not tainted 5.7.0-next-20200612-syzkaller #0 [ 58.772239][ T6817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.782571][ T6817] Call Trace: [ 58.785863][ T6817] dump_stack+0x18f/0x20d [ 58.790182][ T6817] check_preemption_disabled+0x20d/0x220 [ 58.795803][ T6817] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.801031][ T6817] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.806482][ T6817] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.812304][ T6817] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.817645][ T6817] ? ext4_ext_release+0x10/0x10 [ 58.822531][ T6817] ? down_write_killable+0x170/0x170 [ 58.827848][ T6817] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.833303][ T6817] ext4_map_blocks+0x4cb/0x1640 [ 58.838158][ T6817] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.843348][ T6817] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.848877][ T6817] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.854893][ T6817] ? prandom_u32_state+0xe/0x170 [ 58.859855][ T6817] ? __brelse+0x84/0xa0 [ 58.864029][ T6817] ? __ext4_new_inode+0x144/0x55e0 [ 58.869129][ T6817] ext4_getblk+0xad/0x520 [ 58.873449][ T6817] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.879164][ T6817] ? ext4_free_inode+0x1700/0x1700 [ 58.884414][ T6817] ext4_bread+0x7c/0x380 [ 58.888753][ T6817] ? ext4_getblk+0x520/0x520 [ 58.893726][ T6817] ? dquot_get_next_dqblk+0x180/0x180 [ 58.899088][ T6817] ext4_append+0x153/0x360 [ 58.903493][ T6817] ext4_mkdir+0x5e0/0xdf0 [ 58.907945][ T6817] ? ext4_rmdir+0xde0/0xde0 [ 58.912618][ T6817] ? security_inode_permission+0xc4/0xf0 [ 58.918311][ T6817] vfs_mkdir+0x419/0x690 [ 58.922634][ T6817] do_mkdirat+0x21e/0x280 [ 58.927041][ T6817] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.931888][ T6817] ? do_syscall_64+0x1c/0xe0 [ 58.936470][ T6817] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.942529][ T6817] do_syscall_64+0x60/0xe0 [ 58.946934][ T6817] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.952808][ T6817] RIP: 0033:0x4b02a0 [ 58.956681][ T6817] Code: Bad RIP value. [ 58.960730][ T6817] RSP: 002b:000000c00004f4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 58.969126][ T6817] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 58.977138][ T6817] RDX: 00000000000001c0 RSI: 000000c0000e2c80 RDI: ffffffffffffff9c [ 58.985095][ T6817] RBP: 000000c00004f510 R08: 0000000000000000 R09: 0000000000000000 [ 58.993090][ T6817] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 59.001045][ T6817] R13: 0000000000000065 R14: 0000000000000064 R15: 0000000000000100 [ 59.028908][ T6820] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6820 [ 59.038485][ T6820] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.044366][ T6820] CPU: 1 PID: 6820 Comm: syz-executor.0 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 59.053911][ T6820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.063964][ T6820] Call Trace: [ 59.067260][ T6820] dump_stack+0x18f/0x20d [ 59.071592][ T6820] check_preemption_disabled+0x20d/0x220 [ 59.077211][ T6820] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.083012][ T6820] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.088647][ T6820] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.094378][ T6820] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.100051][ T6820] ? ext4_ext_release+0x10/0x10 [ 59.105048][ T6820] ? down_write_killable+0x170/0x170 [ 59.110545][ T6820] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.116162][ T6820] ext4_map_blocks+0x4cb/0x1640 [ 59.121155][ T6820] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.126556][ T6820] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.132168][ T6820] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.138317][ T6820] ? prandom_u32_state+0xe/0x170 [ 59.143433][ T6820] ? __brelse+0x84/0xa0 [ 59.147651][ T6820] ? __ext4_new_inode+0x144/0x55e0 [ 59.152754][ T6820] ext4_getblk+0xad/0x520 [ 59.157079][ T6820] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.162939][ T6820] ? ext4_free_inode+0x1700/0x1700 [ 59.168181][ T6820] ext4_bread+0x7c/0x380 [ 59.172511][ T6820] ? ext4_getblk+0x520/0x520 [ 59.177382][ T6820] ? dquot_get_next_dqblk+0x180/0x180 [ 59.182751][ T6820] ext4_append+0x153/0x360 [ 59.187883][ T6820] ext4_mkdir+0x5e0/0xdf0 [ 59.192373][ T6820] ? ext4_rmdir+0xde0/0xde0 [ 59.196876][ T6820] ? security_inode_permission+0xc4/0xf0 [ 59.202587][ T6820] vfs_mkdir+0x419/0x690 [ 59.206822][ T6820] do_mkdirat+0x21e/0x280 [ 59.213661][ T6820] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.218514][ T6820] ? do_syscall_64+0x1c/0xe0 [ 59.223089][ T6820] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.229320][ T6820] do_syscall_64+0x60/0xe0 [ 59.233730][ T6820] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.239770][ T6820] RIP: 0033:0x45bee7 [ 59.243647][ T6820] Code: Bad RIP value. [ 59.247795][ T6820] RSP: 002b:00007ffcc6196748 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.256200][ T6820] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 59.264167][ T6820] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffcc6196920 [ 59.272432][ T6820] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003640 [ 59.280707][ T6820] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 59.288976][ T6820] R13: 00007ffcc6196920 R14: 8421084210842109 R15: 00007ffcc619692c [ 59.374122][ T6821] IPVS: ftp: loaded support on port[0] = 21 [ 59.410544][ T6821] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6821 [ 59.420434][ T6821] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.426729][ T6821] CPU: 0 PID: 6821 Comm: syz-executor.0 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 59.436262][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.446486][ T6821] Call Trace: [ 59.449887][ T6821] dump_stack+0x18f/0x20d [ 59.454260][ T6821] check_preemption_disabled+0x20d/0x220 [ 59.459899][ T6821] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.465166][ T6821] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.470620][ T6821] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.476483][ T6821] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.481848][ T6821] ? ext4_ext_release+0x10/0x10 [ 59.486828][ T6821] ? down_write_killable+0x170/0x170 [ 59.492292][ T6821] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.499672][ T6821] ext4_map_blocks+0x4cb/0x1640 [ 59.504523][ T6821] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.509887][ T6821] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.515793][ T6821] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.521798][ T6821] ? prandom_u32_state+0xe/0x170 [ 59.526942][ T6821] ? __brelse+0x84/0xa0 [ 59.531091][ T6821] ? __ext4_new_inode+0x144/0x55e0 [ 59.536195][ T6821] ext4_getblk+0xad/0x520 [ 59.540530][ T6821] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.546410][ T6821] ? ext4_free_inode+0x1700/0x1700 [ 59.551512][ T6821] ext4_bread+0x7c/0x380 [ 59.555739][ T6821] ? ext4_getblk+0x520/0x520 [ 59.560322][ T6821] ? dquot_get_next_dqblk+0x180/0x180 [ 59.565689][ T6821] ext4_append+0x153/0x360 [ 59.570133][ T6821] ext4_mkdir+0x5e0/0xdf0 [ 59.574456][ T6821] ? ext4_rmdir+0xde0/0xde0 [ 59.578953][ T6821] ? security_inode_permission+0xc4/0xf0 [ 59.586152][ T6821] vfs_mkdir+0x419/0x690 [ 59.590445][ T6821] do_mkdirat+0x21e/0x280 [ 59.595400][ T6821] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.600299][ T6821] ? do_syscall_64+0x1c/0xe0 [ 59.605227][ T6821] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.611683][ T6821] do_syscall_64+0x60/0xe0 [ 59.616105][ T6821] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.622183][ T6821] RIP: 0033:0x45bee7 [ 59.626064][ T6821] Code: Bad RIP value. [ 59.630374][ T6821] RSP: 002b:00007ffcc6196638 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 59.638897][ T6821] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 59.646858][ T6821] RDX: 00007ffcc6196683 RSI: 00000000000001ff RDI: 00007ffcc6196680 [ 59.654823][ T6821] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 59.662818][ T6821] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 59.670782][ T6821] R13: 00007ffcc6196670 R14: 0000000000000000 R15: 00007ffcc6196680 [ 59.722869][ T6821] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6821 [ 59.732529][ T6821] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.738776][ T6821] CPU: 1 PID: 6821 Comm: syz-executor.0 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 59.748374][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.759063][ T6821] Call Trace: [ 59.762373][ T6821] dump_stack+0x18f/0x20d [ 59.766747][ T6821] check_preemption_disabled+0x20d/0x220 [ 59.772531][ T6821] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.777671][ T6821] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.783234][ T6821] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.789149][ T6821] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.794434][ T6821] ? ext4_ext_release+0x10/0x10 [ 59.799645][ T6821] ? down_write_killable+0x170/0x170 [ 59.805149][ T6821] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.810885][ T6821] ext4_map_blocks+0x4cb/0x1640 [ 59.815736][ T6821] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.820938][ T6821] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.826502][ T6821] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.832619][ T6821] ? prandom_u32_state+0xe/0x170 [ 59.837633][ T6821] ? __brelse+0x84/0xa0 [ 59.841791][ T6821] ? __ext4_new_inode+0x144/0x55e0 [ 59.846892][ T6821] ext4_getblk+0xad/0x520 [ 59.851209][ T6821] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.856997][ T6821] ? ext4_free_inode+0x1700/0x1700 [ 59.862138][ T6821] ext4_bread+0x7c/0x380 [ 59.866473][ T6821] ? ext4_getblk+0x520/0x520 [ 59.871172][ T6821] ? dquot_get_next_dqblk+0x180/0x180 [ 59.876594][ T6821] ext4_append+0x153/0x360 [ 59.881088][ T6821] ext4_mkdir+0x5e0/0xdf0 [ 59.885419][ T6821] ? ext4_rmdir+0xde0/0xde0 [ 59.889916][ T6821] ? security_inode_permission+0xc4/0xf0 [ 59.895573][ T6821] vfs_mkdir+0x419/0x690 [ 59.900074][ T6821] do_mkdirat+0x21e/0x280 [ 59.904475][ T6821] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.909329][ T6821] ? do_syscall_64+0x1c/0xe0 [ 59.914159][ T6821] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.920438][ T6821] do_syscall_64+0x60/0xe0 [ 59.925372][ T6821] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.931453][ T6821] RIP: 0033:0x45bee7 [ 59.935486][ T6821] Code: Bad RIP value. [ 59.939745][ T6821] RSP: 002b:00007ffcc6196638 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 59.948478][ T6821] RAX: ffffffffffffffda RBX: 000000000000e942 RCX: 000000000045bee7 [ 59.956658][ T6821] RDX: 00007ffcc6196683 RSI: 00000000000001ff RDI: 00007ffcc6196680 [ 59.964864][ T6821] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/13 03:08:46 building call list... [ 59.972977][ T6821] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 59.981087][ T6821] R13: 00007ffcc6196670 R14: 000000000000e937 R15: 00007ffcc6196680 [ 60.226057][ T350] tipc: TX() has been purged, node left! [ 60.718148][ T350] ================================================================== [ 60.726382][ T350] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 60.734498][ T350] Write of size 1 at addr ffff8880a84149e4 by task kworker/u4:5/350 [ 60.742673][ T350] [ 60.745016][ T350] CPU: 1 PID: 350 Comm: kworker/u4:5 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 60.754206][ T350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.764400][ T350] Workqueue: netns cleanup_net [ 60.769167][ T350] Call Trace: [ 60.772466][ T350] dump_stack+0x18f/0x20d [ 60.776808][ T350] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.782355][ T350] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.787916][ T350] ? afs_put_call+0xa40/0xa40 [ 60.792602][ T350] print_address_description.constprop.0.cold+0xd3/0x413 [ 60.799739][ T350] ? vprintk_func+0x97/0x1a6 [ 60.804336][ T350] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.810201][ T350] kasan_report.cold+0x1f/0x37 [ 60.815163][ T350] ? rcu_read_lock_held_common+0x41/0xa0 [ 60.820810][ T350] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.826423][ T350] afs_wake_up_async_call+0x6aa/0x770 [ 60.831798][ T350] ? afs_close_socket+0x320/0x320 [ 60.836832][ T350] ? afs_put_call+0xa40/0xa40 [ 60.841751][ T350] rxrpc_notify_socket+0x1db/0x5d0 [ 60.847112][ T350] ? afs_put_call+0xa40/0xa40 [ 60.851996][ T350] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 60.858425][ T350] rxrpc_call_completed+0xca/0xf0 [ 60.863458][ T350] rxrpc_discard_prealloc+0x781/0xab0 [ 60.868929][ T350] ? lock_sock_nested+0x94/0x110 [ 60.873879][ T350] rxrpc_listen+0x147/0x360 [ 60.878404][ T350] afs_close_socket+0x95/0x320 [ 60.883180][ T350] ? afs_purge_servers+0x16d/0x300 [ 60.888302][ T350] ? afs_rx_discard_new_call+0x50/0x50 [ 60.894725][ T350] ? init_wait_var_entry+0x200/0x200 [ 60.900395][ T350] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.906128][ T350] ? check_preemption_disabled+0x38/0x220 [ 60.911924][ T350] afs_net_exit+0x1bc/0x310 [ 60.916527][ T350] ? afs_net_init+0xe30/0xe30 [ 60.921607][ T350] ops_exit_list.isra.0+0xa8/0x150 [ 60.926742][ T350] cleanup_net+0x511/0xa50 [ 60.931407][ T350] ? unregister_pernet_device+0x70/0x70 [ 60.937094][ T350] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.943177][ T350] process_one_work+0x965/0x1690 [ 60.948171][ T350] ? lock_release+0x800/0x800 [ 60.952965][ T350] ? pwq_dec_nr_in_flight+0x310/0x310 [ 60.959229][ T350] ? rwlock_bug.part.0+0x90/0x90 [ 60.964644][ T350] worker_thread+0x96/0xe10 [ 60.969395][ T350] ? process_one_work+0x1690/0x1690 [ 60.974697][ T350] kthread+0x3b5/0x4a0 [ 60.978775][ T350] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.984715][ T350] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.991732][ T350] ret_from_fork+0x1f/0x30 [ 60.996317][ T350] [ 60.998653][ T350] Allocated by task 6821: [ 61.003080][ T350] save_stack+0x1b/0x40 [ 61.007519][ T350] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 61.013400][ T350] kmem_cache_alloc_trace+0x153/0x7d0 [ 61.019145][ T350] afs_alloc_call+0x55/0x630 [ 61.023744][ T350] afs_charge_preallocation+0xe9/0x2d0 [ 61.029364][ T350] afs_open_socket+0x292/0x360 [ 61.034223][ T350] afs_net_init+0xa6c/0xe30 [ 61.040123][ T350] ops_init+0xaf/0x420 [ 61.044346][ T350] setup_net+0x2de/0x860 [ 61.048762][ T350] copy_net_ns+0x293/0x590 [ 61.054726][ T350] create_new_namespaces+0x3fb/0xb30 [ 61.060097][ T350] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 61.065739][ T350] ksys_unshare+0x43d/0x8e0 [ 61.070369][ T350] __x64_sys_unshare+0x2d/0x40 [ 61.075150][ T350] do_syscall_64+0x60/0xe0 [ 61.079801][ T350] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.085797][ T350] [ 61.088126][ T350] Freed by task 350: [ 61.092326][ T350] save_stack+0x1b/0x40 [ 61.096688][ T350] __kasan_slab_free+0xf7/0x140 [ 61.101645][ T350] kfree+0x109/0x2b0 [ 61.105543][ T350] afs_put_call+0x585/0xa40 [ 61.110049][ T350] rxrpc_discard_prealloc+0x764/0xab0 [ 61.116185][ T350] rxrpc_listen+0x147/0x360 [ 61.120696][ T350] afs_close_socket+0x95/0x320 [ 61.125613][ T350] afs_net_exit+0x1bc/0x310 [ 61.130148][ T350] ops_exit_list.isra.0+0xa8/0x150 [ 61.135437][ T350] cleanup_net+0x511/0xa50 [ 61.139872][ T350] process_one_work+0x965/0x1690 [ 61.145089][ T350] worker_thread+0x96/0xe10 [ 61.149772][ T350] kthread+0x3b5/0x4a0 [ 61.153854][ T350] ret_from_fork+0x1f/0x30 [ 61.159225][ T350] [ 61.161715][ T350] The buggy address belongs to the object at ffff8880a8414800 [ 61.161715][ T350] which belongs to the cache kmalloc-1k of size 1024 [ 61.176288][ T350] The buggy address is located 484 bytes inside of [ 61.176288][ T350] 1024-byte region [ffff8880a8414800, ffff8880a8414c00) [ 61.190468][ T350] The buggy address belongs to the page: [ 61.196946][ T350] page:ffffea0002a10500 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 61.206549][ T350] flags: 0xfffe0000000200(slab) [ 61.211633][ T350] raw: 00fffe0000000200 ffffea0002615cc8 ffffea000257c4c8 ffff8880aa000c40 [ 61.220961][ T350] raw: 0000000000000000 ffff8880a8414000 0000000100000002 0000000000000000 [ 61.229882][ T350] page dumped because: kasan: bad access detected [ 61.236410][ T350] [ 61.238883][ T350] Memory state around the buggy address: [ 61.244856][ T350] ffff8880a8414880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.253021][ T350] ffff8880a8414900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.261599][ T350] >ffff8880a8414980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.269924][ T350] ^ [ 61.277476][ T350] ffff8880a8414a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.285933][ T350] ffff8880a8414a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.294417][ T350] ================================================================== [ 61.303928][ T350] Disabling lock debugging due to kernel taint [ 61.310262][ T350] Kernel panic - not syncing: panic_on_warn set ... [ 61.317113][ T350] CPU: 1 PID: 350 Comm: kworker/u4:5 Tainted: G B 5.7.0-next-20200612-syzkaller #0 [ 61.328068][ T350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.338352][ T350] Workqueue: netns cleanup_net [ 61.343232][ T350] Call Trace: [ 61.346529][ T350] dump_stack+0x18f/0x20d [ 61.350863][ T350] ? afs_wake_up_async_call+0x630/0x770 [ 61.356677][ T350] ? afs_put_call+0xa40/0xa40 [ 61.361482][ T350] panic+0x2e3/0x75c [ 61.365414][ T350] ? __warn_printk+0xf3/0xf3 [ 61.370092][ T350] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 61.376362][ T350] ? trace_hardirqs_on+0x55/0x220 [ 61.381484][ T350] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.387118][ T350] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.392835][ T350] ? afs_put_call+0xa40/0xa40 [ 61.397605][ T350] end_report+0x4d/0x53 [ 61.401858][ T350] kasan_report.cold+0xd/0x37 [ 61.406667][ T350] ? rcu_read_lock_held_common+0x41/0xa0 [ 61.412333][ T350] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.418045][ T350] afs_wake_up_async_call+0x6aa/0x770 [ 61.423415][ T350] ? afs_close_socket+0x320/0x320 [ 61.428441][ T350] ? afs_put_call+0xa40/0xa40 [ 61.433374][ T350] rxrpc_notify_socket+0x1db/0x5d0 [ 61.438496][ T350] ? afs_put_call+0xa40/0xa40 [ 61.443180][ T350] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 61.449757][ T350] rxrpc_call_completed+0xca/0xf0 [ 61.454932][ T350] rxrpc_discard_prealloc+0x781/0xab0 [ 61.460420][ T350] ? lock_sock_nested+0x94/0x110 [ 61.465377][ T350] rxrpc_listen+0x147/0x360 [ 61.469953][ T350] afs_close_socket+0x95/0x320 [ 61.474723][ T350] ? afs_purge_servers+0x16d/0x300 [ 61.479839][ T350] ? afs_rx_discard_new_call+0x50/0x50 [ 61.485437][ T350] ? init_wait_var_entry+0x200/0x200 [ 61.490738][ T350] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.496382][ T350] ? check_preemption_disabled+0x38/0x220 [ 61.502281][ T350] afs_net_exit+0x1bc/0x310 [ 61.508059][ T350] ? afs_net_init+0xe30/0xe30 [ 61.512748][ T350] ops_exit_list.isra.0+0xa8/0x150 [ 61.517884][ T350] cleanup_net+0x511/0xa50 [ 61.522307][ T350] ? unregister_pernet_device+0x70/0x70 [ 61.527866][ T350] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.534175][ T350] process_one_work+0x965/0x1690 [ 61.539652][ T350] ? lock_release+0x800/0x800 [ 61.544513][ T350] ? pwq_dec_nr_in_flight+0x310/0x310 [ 61.550055][ T350] ? rwlock_bug.part.0+0x90/0x90 [ 61.555138][ T350] worker_thread+0x96/0xe10 [ 61.559824][ T350] ? process_one_work+0x1690/0x1690 [ 61.565039][ T350] kthread+0x3b5/0x4a0 [ 61.569300][ T350] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.575036][ T350] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.581175][ T350] ret_from_fork+0x1f/0x30 [ 61.587431][ T350] Kernel Offset: disabled [ 61.592051][ T350] Rebooting in 86400 seconds..