[ 59.417885][ T21] process_one_work+0x965/0x1690 [ 59.422842][ T21] ? lock_release+0x800/0x800 [ 59.427708][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 59.433093][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 59.438050][ T21] worker_thread+0x96/0xe10 [ 59.442572][ T21] ? process_one_work+0x1690/0x1690 [ 59.448210][ T21] kthread+0x3b5/0x4a0 [ 59.452288][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 59.458012][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 59.463737][ T21] ret_from_fork+0x1f/0x30 [ 61.304458][ T6785] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6785 [ 61.314149][ T6785] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.320778][ T6785] CPU: 0 PID: 6785 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 61.329340][ T6785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.339385][ T6785] Call Trace: [ 61.342667][ T6785] dump_stack+0x18f/0x20d [ 61.346993][ T6785] check_preemption_disabled+0x20d/0x220 [ 61.352605][ T6785] ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.357790][ T6785] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.363262][ T6785] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.370021][ T6785] ext4_ext_map_blocks+0x201b/0x33e0 [ 61.375299][ T6785] ? ext4_ext_release+0x10/0x10 [ 61.380834][ T6785] ? down_write_killable+0x170/0x170 [ 61.386095][ T6785] ? ext4_es_lookup_extent+0x41d/0xd10 [ 61.391537][ T6785] ext4_map_blocks+0x4cb/0x1640 [ 61.396890][ T6785] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.402065][ T6785] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.407586][ T6785] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.413542][ T6785] ? prandom_u32_state+0xe/0x170 [ 61.418471][ T6785] ? __brelse+0x84/0xa0 [ 61.422611][ T6785] ? __ext4_new_inode+0x144/0x55e0 [ 61.427700][ T6785] ext4_getblk+0xad/0x520 [ 61.432095][ T6785] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.437816][ T6785] ? ext4_free_inode+0x1700/0x1700 [ 61.442908][ T6785] ext4_bread+0x7c/0x380 [ 61.447132][ T6785] ? ext4_getblk+0x520/0x520 [ 61.451735][ T6785] ? dquot_get_next_dqblk+0x180/0x180 [ 61.457174][ T6785] ext4_append+0x153/0x360 [ 61.461575][ T6785] ext4_mkdir+0x5e0/0xdf0 [ 61.465903][ T6785] ? ext4_rmdir+0xde0/0xde0 [ 61.470481][ T6785] ? security_inode_permission+0xc4/0xf0 [ 61.476102][ T6785] vfs_mkdir+0x419/0x690 [ 61.480340][ T6785] do_mkdirat+0x21e/0x280 [ 61.484650][ T6785] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.489492][ T6785] ? do_syscall_64+0x1c/0xe0 [ 61.494059][ T6785] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.500017][ T6785] do_syscall_64+0x60/0xe0 [ 61.505822][ T6785] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.511714][ T6785] RIP: 0033:0x7fc17b86d687 [ 61.516978][ T6785] Code: Bad RIP value. [ 61.521018][ T6785] RSP: 002b:00007ffd6f45ae98 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 61.529403][ T6785] RAX: ffffffffffffffda RBX: 0000556855984985 RCX: 00007fc17b86d687 [ 61.537363][ T6785] RDX: 00007ffd6f45ad60 RSI: 00000000000001ed RDI: 0000556855984985 [ 61.545321][ T6785] RBP: 00007fc17b86d680 R08: 0000000000000100 R09: 0000000000000000 [ 61.553266][ T6785] R10: 0000556855984980 R11: 0000000000000246 R12: 00000000000001ed [ 61.561220][ T6785] R13: 00007ffd6f45b020 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.55' (ECDSA) to the list of known hosts. 2020/06/15 22:54:18 fuzzer started 2020/06/15 22:54:18 connecting to host at 10.128.0.26:46587 2020/06/15 22:54:18 checking machine... 2020/06/15 22:54:18 checking revisions... 2020/06/15 22:54:18 testing simple program... syzkaller login: [ 66.875613][ T6795] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6795 [ 66.884929][ T6795] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.892050][ T6795] CPU: 0 PID: 6795 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 66.900313][ T6795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.910363][ T6795] Call Trace: [ 66.913645][ T6795] dump_stack+0x18f/0x20d [ 66.918128][ T6795] check_preemption_disabled+0x20d/0x220 [ 66.923746][ T6795] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.928844][ T6795] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.934281][ T6795] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.940571][ T6795] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.947163][ T6795] ? ext4_ext_release+0x10/0x10 [ 66.952364][ T6795] ? down_write_killable+0x170/0x170 [ 66.957944][ T6795] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.963804][ T6795] ext4_map_blocks+0x4cb/0x1640 [ 66.968698][ T6795] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.973984][ T6795] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.979546][ T6795] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.985523][ T6795] ? prandom_u32_state+0xe/0x170 [ 66.990494][ T6795] ? __brelse+0x84/0xa0 [ 66.994666][ T6795] ? __ext4_new_inode+0x144/0x55e0 [ 67.000928][ T6795] ext4_getblk+0xad/0x520 [ 67.005268][ T6795] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 67.011025][ T6795] ? ext4_free_inode+0x1700/0x1700 [ 67.016141][ T6795] ext4_bread+0x7c/0x380 [ 67.020385][ T6795] ? ext4_getblk+0x520/0x520 [ 67.024971][ T6795] ? dquot_get_next_dqblk+0x180/0x180 [ 67.030336][ T6795] ext4_append+0x153/0x360 [ 67.034734][ T6795] ext4_mkdir+0x5e0/0xdf0 [ 67.039075][ T6795] ? ext4_rmdir+0xde0/0xde0 [ 67.043577][ T6795] ? security_inode_permission+0xc4/0xf0 [ 67.049219][ T6795] vfs_mkdir+0x419/0x690 [ 67.053458][ T6795] do_mkdirat+0x21e/0x280 [ 67.057768][ T6795] ? __ia32_sys_mknod+0xb0/0xb0 [ 67.062708][ T6795] ? do_syscall_64+0x1c/0xe0 [ 67.067279][ T6795] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.073249][ T6795] do_syscall_64+0x60/0xe0 [ 67.077648][ T6795] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.084078][ T6795] RIP: 0033:0x4b02a0 [ 67.087952][ T6795] Code: Bad RIP value. [ 67.092010][ T6795] RSP: 002b:000000c0000d14b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 67.100636][ T6795] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 67.108840][ T6795] RDX: 00000000000001c0 RSI: 000000c000026b00 RDI: ffffffffffffff9c [ 67.116971][ T6795] RBP: 000000c0000d1510 R08: 0000000000000000 R09: 0000000000000000 [ 67.125267][ T6795] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 67.133407][ T6795] R13: 0000000000000059 R14: 0000000000000058 R15: 0000000000000100 [ 67.149948][ T6810] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6810 [ 67.160018][ T6810] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.166100][ T6810] CPU: 0 PID: 6810 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 67.174834][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.184997][ T6810] Call Trace: [ 67.188277][ T6810] dump_stack+0x18f/0x20d [ 67.192616][ T6810] check_preemption_disabled+0x20d/0x220 [ 67.198371][ T6810] ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.203488][ T6810] ? ext4_ext_search_right+0x2ca/0xb20 [ 67.209074][ T6810] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 67.214798][ T6810] ext4_ext_map_blocks+0x201b/0x33e0 [ 67.220092][ T6810] ? ext4_ext_release+0x10/0x10 [ 67.225058][ T6810] ? down_write_killable+0x170/0x170 [ 67.231571][ T6810] ? ext4_es_lookup_extent+0x41d/0xd10 [ 67.237025][ T6810] ext4_map_blocks+0x4cb/0x1640 [ 67.241869][ T6810] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 67.247095][ T6810] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 67.252629][ T6810] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.258591][ T6810] ? prandom_u32_state+0xe/0x170 [ 67.263624][ T6810] ? __brelse+0x84/0xa0 [ 67.268043][ T6810] ? __ext4_new_inode+0x144/0x55e0 [ 67.274840][ T6810] ext4_getblk+0xad/0x520 [ 67.280442][ T6810] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 67.287497][ T6810] ? ext4_free_inode+0x1700/0x1700 [ 67.292606][ T6810] ext4_bread+0x7c/0x380 [ 67.297569][ T6810] ? ext4_getblk+0x520/0x520 [ 67.302821][ T6810] ? dquot_get_next_dqblk+0x180/0x180 [ 67.308293][ T6810] ext4_append+0x153/0x360 [ 67.312947][ T6810] ext4_mkdir+0x5e0/0xdf0 [ 67.317660][ T6810] ? ext4_rmdir+0xde0/0xde0 [ 67.322159][ T6810] ? security_inode_permission+0xc4/0xf0 [ 67.328215][ T6810] vfs_mkdir+0x419/0x690 [ 67.332473][ T6810] do_mkdirat+0x21e/0x280 [ 67.337025][ T6810] ? __ia32_sys_mknod+0xb0/0xb0 [ 67.341873][ T6810] ? do_syscall_64+0x1c/0xe0 [ 67.346729][ T6810] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.354432][ T6810] do_syscall_64+0x60/0xe0 [ 67.360551][ T6810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.366938][ T6810] RIP: 0033:0x45bed7 [ 67.370916][ T6810] Code: Bad RIP value. [ 67.374975][ T6810] RSP: 002b:00007fffaf090318 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 67.384083][ T6810] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 67.394382][ T6810] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007fffaf0904f0 [ 67.403563][ T6810] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002dc0 [ 67.413441][ T6810] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 67.423254][ T6810] R13: 00007fffaf0904f0 R14: 8421084210842109 R15: 00007fffaf0904fc [ 67.522966][ T6811] IPVS: ftp: loaded support on port[0] = 21 [ 67.563350][ T6811] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6811 [ 67.572865][ T6811] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.578761][ T6811] CPU: 0 PID: 6811 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 67.587614][ T6811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.597838][ T6811] Call Trace: [ 67.601482][ T6811] dump_stack+0x18f/0x20d [ 67.606245][ T6811] check_preemption_disabled+0x20d/0x220 [ 67.613433][ T6811] ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.618530][ T6811] ? ext4_ext_search_right+0x2ca/0xb20 [ 67.624029][ T6811] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 67.629773][ T6811] ext4_ext_map_blocks+0x201b/0x33e0 [ 67.635068][ T6811] ? ext4_ext_release+0x10/0x10 [ 67.640463][ T6811] ? down_write_killable+0x170/0x170 [ 67.647314][ T6811] ? ext4_es_lookup_extent+0x41d/0xd10 [ 67.653492][ T6811] ext4_map_blocks+0x4cb/0x1640 [ 67.658349][ T6811] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 67.663655][ T6811] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 67.669307][ T6811] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.676170][ T6811] ? prandom_u32_state+0xe/0x170 [ 67.681239][ T6811] ? __brelse+0x84/0xa0 [ 67.685527][ T6811] ? __ext4_new_inode+0x144/0x55e0 [ 67.690670][ T6811] ext4_getblk+0xad/0x520 [ 67.695061][ T6811] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 67.700804][ T6811] ? ext4_free_inode+0x1700/0x1700 [ 67.705928][ T6811] ext4_bread+0x7c/0x380 [ 67.710336][ T6811] ? ext4_getblk+0x520/0x520 [ 67.715172][ T6811] ? dquot_get_next_dqblk+0x180/0x180 [ 67.720688][ T6811] ext4_append+0x153/0x360 [ 67.726164][ T6811] ext4_mkdir+0x5e0/0xdf0 [ 67.731286][ T6811] ? ext4_rmdir+0xde0/0xde0 [ 67.735787][ T6811] ? security_inode_permission+0xc4/0xf0 [ 67.742199][ T6811] vfs_mkdir+0x419/0x690 [ 67.746510][ T6811] do_mkdirat+0x21e/0x280 [ 67.751013][ T6811] ? __ia32_sys_mknod+0xb0/0xb0 [ 67.755969][ T6811] ? do_syscall_64+0x1c/0xe0 [ 67.760545][ T6811] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.768864][ T6811] do_syscall_64+0x60/0xe0 [ 67.773628][ T6811] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.779547][ T6811] RIP: 0033:0x45bed7 [ 67.783429][ T6811] Code: Bad RIP value. [ 67.787664][ T6811] RSP: 002b:00007fffaf090208 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 67.796094][ T6811] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 67.804175][ T6811] RDX: 00007fffaf090253 RSI: 00000000000001ff RDI: 00007fffaf090250 [ 67.812150][ T6811] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 67.820423][ T6811] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185c0 [ 67.828397][ T6811] R13: 00007fffaf090240 R14: 0000000000000000 R15: 00007fffaf090250 [ 67.882829][ T6811] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6811 [ 67.892421][ T6811] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.898323][ T6811] CPU: 1 PID: 6811 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 67.907093][ T6811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.917325][ T6811] Call Trace: [ 67.920637][ T6811] dump_stack+0x18f/0x20d [ 67.925109][ T6811] check_preemption_disabled+0x20d/0x220 [ 67.930757][ T6811] ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.935897][ T6811] ? ext4_ext_search_right+0x2ca/0xb20 [ 67.941680][ T6811] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 67.947992][ T6811] ext4_ext_map_blocks+0x201b/0x33e0 [ 67.953410][ T6811] ? ext4_ext_release+0x10/0x10 [ 67.958307][ T6811] ? down_write_killable+0x170/0x170 [ 67.963615][ T6811] ? ext4_es_lookup_extent+0x41d/0xd10 [ 67.969295][ T6811] ext4_map_blocks+0x4cb/0x1640 [ 67.974310][ T6811] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 67.979522][ T6811] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 67.985193][ T6811] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.991261][ T6811] ? prandom_u32_state+0xe/0x170 [ 67.996189][ T6811] ? __brelse+0x84/0xa0 [ 68.000554][ T6811] ? __ext4_new_inode+0x144/0x55e0 [ 68.005712][ T6811] ext4_getblk+0xad/0x520 [ 68.010057][ T6811] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 68.016825][ T6811] ? ext4_free_inode+0x1700/0x1700 [ 68.022606][ T6811] ext4_bread+0x7c/0x380 [ 68.027826][ T6811] ? ext4_getblk+0x520/0x520 [ 68.032756][ T6811] ? dquot_get_next_dqblk+0x180/0x180 [ 68.038125][ T6811] ext4_append+0x153/0x360 [ 68.042670][ T6811] ext4_mkdir+0x5e0/0xdf0 [ 68.046987][ T6811] ? ext4_rmdir+0xde0/0xde0 [ 68.051697][ T6811] ? security_inode_permission+0xc4/0xf0 [ 68.057534][ T6811] vfs_mkdir+0x419/0x690 [ 68.061781][ T6811] do_mkdirat+0x21e/0x280 [ 68.066124][ T6811] ? __ia32_sys_mknod+0xb0/0xb0 [ 68.070980][ T6811] ? do_syscall_64+0x1c/0xe0 [ 68.075740][ T6811] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 68.081722][ T6811] do_syscall_64+0x60/0xe0 [ 68.086133][ T6811] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.092065][ T6811] RIP: 0033:0x45bed7 [ 68.095995][ T6811] Code: Bad RIP value. [ 68.100062][ T6811] RSP: 002b:00007fffaf090208 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 68.108547][ T6811] RAX: ffffffffffffffda RBX: 000000000001091d RCX: 000000000045bed7 [ 68.116505][ T6811] RDX: 00007fffaf090253 RSI: 00000000000001ff RDI: 00007fffaf090250 [ 68.124616][ T6811] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/15 22:54:20 building call list... [ 68.132593][ T6811] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 68.140555][ T6811] R13: 00007fffaf090240 R14: 000000000001090f R15: 00007fffaf090250 [ 68.391338][ T7] tipc: TX() has been purged, node left! [ 68.933570][ T7] ================================================================== [ 68.942358][ T7] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 68.950332][ T7] Write of size 1 at addr ffff888081f6f9e4 by task kworker/u4:0/7 [ 68.959270][ T7] [ 68.961658][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.8.0-rc1-syzkaller #0 [ 68.969900][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.980135][ T7] Workqueue: netns cleanup_net [ 68.984894][ T7] Call Trace: [ 68.988350][ T7] dump_stack+0x18f/0x20d [ 68.995264][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.000917][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.006835][ T7] ? afs_put_call+0xa40/0xa40 [ 69.011691][ T7] print_address_description.constprop.0.cold+0xd3/0x413 [ 69.018745][ T7] ? vprintk_func+0x97/0x1a6 [ 69.023340][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.028901][ T7] kasan_report.cold+0x1f/0x37 [ 69.033667][ T7] ? rcu_read_lock_held_common+0x51/0xa0 [ 69.039319][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.044870][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 69.050237][ T7] ? afs_close_socket+0x320/0x320 [ 69.055433][ T7] ? afs_put_call+0xa40/0xa40 [ 69.060124][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 69.065271][ T7] ? afs_put_call+0xa40/0xa40 [ 69.069974][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 69.076403][ T7] rxrpc_call_completed+0xca/0xf0 [ 69.081434][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 69.086931][ T7] ? lock_sock_nested+0x94/0x110 [ 69.091889][ T7] rxrpc_listen+0x147/0x360 [ 69.096397][ T7] afs_close_socket+0x95/0x320 [ 69.101160][ T7] ? afs_purge_servers+0x16d/0x300 [ 69.106271][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 69.111739][ T7] ? init_wait_var_entry+0x200/0x200 [ 69.117043][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 69.122678][ T7] ? check_preemption_disabled+0x38/0x220 [ 69.128415][ T7] afs_net_exit+0x1bc/0x310 [ 69.132921][ T7] ? afs_net_init+0xe30/0xe30 [ 69.137602][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 69.142717][ T7] cleanup_net+0x511/0xa50 [ 69.147153][ T7] ? unregister_pernet_device+0x70/0x70 [ 69.152700][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 69.158687][ T7] process_one_work+0x965/0x1690 [ 69.163646][ T7] ? lock_release+0x800/0x800 [ 69.168323][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 69.173961][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 69.178909][ T7] worker_thread+0x96/0xe10 [ 69.183428][ T7] ? process_one_work+0x1690/0x1690 [ 69.188632][ T7] kthread+0x3b5/0x4a0 [ 69.192787][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.198684][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.204494][ T7] ret_from_fork+0x1f/0x30 [ 69.209438][ T7] [ 69.211761][ T7] Allocated by task 6811: [ 69.216540][ T7] save_stack+0x1b/0x40 [ 69.221047][ T7] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 69.227744][ T7] kmem_cache_alloc_trace+0x153/0x7d0 [ 69.233199][ T7] afs_alloc_call+0x55/0x630 [ 69.237782][ T7] afs_charge_preallocation+0xe9/0x2d0 [ 69.243250][ T7] afs_open_socket+0x292/0x360 [ 69.248103][ T7] afs_net_init+0xa6c/0xe30 [ 69.252627][ T7] ops_init+0xaf/0x420 [ 69.256885][ T7] setup_net+0x2de/0x860 [ 69.261136][ T7] copy_net_ns+0x293/0x590 [ 69.265909][ T7] create_new_namespaces+0x3fb/0xb30 [ 69.271320][ T7] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 69.276968][ T7] ksys_unshare+0x43d/0x8e0 [ 69.281495][ T7] __x64_sys_unshare+0x2d/0x40 [ 69.286442][ T7] do_syscall_64+0x60/0xe0 [ 69.291928][ T7] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.297827][ T7] [ 69.300150][ T7] Freed by task 7: [ 69.303896][ T7] save_stack+0x1b/0x40 [ 69.308095][ T7] __kasan_slab_free+0xf7/0x140 [ 69.312948][ T7] kfree+0x109/0x2b0 [ 69.316844][ T7] afs_put_call+0x585/0xa40 [ 69.321351][ T7] rxrpc_discard_prealloc+0x764/0xab0 [ 69.327689][ T7] rxrpc_listen+0x147/0x360 [ 69.332199][ T7] afs_close_socket+0x95/0x320 [ 69.337862][ T7] afs_net_exit+0x1bc/0x310 [ 69.343137][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 69.348396][ T7] cleanup_net+0x511/0xa50 [ 69.352980][ T7] process_one_work+0x965/0x1690 [ 69.357943][ T7] worker_thread+0x96/0xe10 [ 69.362639][ T7] kthread+0x3b5/0x4a0 [ 69.366818][ T7] ret_from_fork+0x1f/0x30 [ 69.371229][ T7] [ 69.373561][ T7] The buggy address belongs to the object at ffff888081f6f800 [ 69.373561][ T7] which belongs to the cache kmalloc-1k of size 1024 [ 69.387624][ T7] The buggy address is located 484 bytes inside of [ 69.387624][ T7] 1024-byte region [ffff888081f6f800, ffff888081f6fc00) [ 69.402023][ T7] The buggy address belongs to the page: [ 69.407673][ T7] page:ffffea000207dbc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 69.418057][ T7] flags: 0xfffe0000000200(slab) [ 69.423003][ T7] raw: 00fffe0000000200 ffffea000207db48 ffffea000207dc08 ffff8880aa000c40 [ 69.431804][ T7] raw: 0000000000000000 ffff888081f6f000 0000000100000002 0000000000000000 [ 69.440398][ T7] page dumped because: kasan: bad access detected [ 69.446799][ T7] [ 69.449120][ T7] Memory state around the buggy address: [ 69.454744][ T7] ffff888081f6f880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.462813][ T7] ffff888081f6f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.471869][ T7] >ffff888081f6f980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.479936][ T7] ^ [ 69.487131][ T7] ffff888081f6fa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.495205][ T7] ffff888081f6fa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.503437][ T7] ================================================================== [ 69.511491][ T7] Disabling lock debugging due to kernel taint [ 69.517722][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 69.524318][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 69.533851][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.543912][ T7] Workqueue: netns cleanup_net [ 69.548670][ T7] Call Trace: [ 69.551965][ T7] dump_stack+0x18f/0x20d [ 69.556294][ T7] ? afs_wake_up_async_call+0x670/0x770 [ 69.561837][ T7] ? afs_put_call+0xa40/0xa40 [ 69.566517][ T7] panic+0x2e3/0x75c [ 69.570411][ T7] ? __warn_printk+0xf3/0xf3 [ 69.575017][ T7] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 69.581170][ T7] ? trace_hardirqs_on+0x55/0x220 [ 69.586196][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.591754][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.597290][ T7] ? afs_put_call+0xa40/0xa40 [ 69.601959][ T7] end_report+0x4d/0x53 [ 69.606105][ T7] kasan_report.cold+0xd/0x37 [ 69.610775][ T7] ? rcu_read_lock_held_common+0x51/0xa0 [ 69.616489][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.622114][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 69.627480][ T7] ? afs_close_socket+0x320/0x320 [ 69.632981][ T7] ? afs_put_call+0xa40/0xa40 [ 69.638288][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 69.644226][ T7] ? afs_put_call+0xa40/0xa40 [ 69.649429][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 69.656539][ T7] rxrpc_call_completed+0xca/0xf0 [ 69.661562][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 69.666932][ T7] ? lock_sock_nested+0x94/0x110 [ 69.671868][ T7] rxrpc_listen+0x147/0x360 [ 69.676715][ T7] afs_close_socket+0x95/0x320 [ 69.681558][ T7] ? afs_purge_servers+0x16d/0x300 [ 69.686675][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 69.692694][ T7] ? init_wait_var_entry+0x200/0x200 [ 69.698360][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 69.704025][ T7] ? check_preemption_disabled+0x38/0x220 [ 69.709746][ T7] afs_net_exit+0x1bc/0x310 [ 69.714259][ T7] ? afs_net_init+0xe30/0xe30 [ 69.719035][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 69.725983][ T7] cleanup_net+0x511/0xa50 [ 69.730393][ T7] ? unregister_pernet_device+0x70/0x70 [ 69.735942][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 69.742192][ T7] process_one_work+0x965/0x1690 [ 69.747148][ T7] ? lock_release+0x800/0x800 [ 69.751822][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 69.757196][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 69.762130][ T7] worker_thread+0x96/0xe10 [ 69.766991][ T7] ? process_one_work+0x1690/0x1690 [ 69.772183][ T7] kthread+0x3b5/0x4a0 [ 69.776679][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.782926][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.788733][ T7] ret_from_fork+0x1f/0x30 [ 69.794734][ T7] Kernel Offset: disabled [ 69.799184][ T7] Rebooting in 86400 seconds..