bisecting cause commit starting from abb3438d69fb6dd5baa4ae23eafbf5b87945eff1 building syzkaller on 344da168cb738076d82a75e1a7a1f5177df8dbc7 testing commit abb3438d69fb6dd5baa4ae23eafbf5b87945eff1 with gcc (GCC) 8.1.0 kernel signature: b4b6a7485658fd952a3ca2e1cf128c91e5e89c43383daa4b7add33228a193824 run #0: crashed: WARNING: proc registration bug in afs_manage_cell run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #2: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #3: crashed: general protection fault in afs_deactivate_cell run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #5: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_deactivate_cell run #6: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #7: crashed: BUG: Dentry still in use [unmount of afs afs] run #8: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #9: crashed: WARNING: ODEBUG bug in __do_softirq testing release v5.8 testing commit bcf876870b95592b52519ed4aafcf9d95999bc9c with gcc (GCC) 8.1.0 kernel signature: f35d72fdc2f3f02cdbb15652df8dcc6fa3e1617049853fb14d1d014e6bd8344e run #0: crashed: WARNING: ODEBUG bug in __do_softirq run #1: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #2: crashed: BUG: sleeping function called from invalid context in exc_page_fault run #3: crashed: WARNING: ODEBUG bug in __do_softirq run #4: crashed: BUG: unable to handle kernel NULL pointer dereference in afs_manage_cell run #5: crashed: WARNING: proc registration bug in afs_manage_cell run #6: crashed: general protection fault in afs_proc_cell_setup run #7: crashed: general protection fault in afs_proc_cell_remove run #8: crashed: BUG: unable to handle kernel paging request in afs_proc_cell_remove run #9: boot failed: can't ssh into the instance testing release v5.7 testing commit 3d77e6a8804abcc0504c904bd6e5cdf3a5cf8162 with gcc (GCC) 8.1.0 kernel signature: 56835aad02883f897e3ac5cd806c4772a2df89e3db6f8a4be37c3e4dbc5b46e6 run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: WARNING: ODEBUG bug in __do_softirq run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: WARNING: ODEBUG bug in __do_softirq run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: WARNING: ODEBUG bug in __do_softirq run #7: crashed: KASAN: use-after-free Write in afs_manage_cell run #8: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #9: crashed: KASAN: use-after-free Write in afs_manage_cell testing release v5.6 testing commit 7111951b8d4973bda27ff663f2cf18b663d15b48 with gcc (GCC) 8.1.0 kernel signature: 5c1b481cb97502b170f31b1003803ba7731f4acbee92bbd0e3c29162212f8974 run #0: crashed: KASAN: use-after-free Read in __proc_create run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: WARNING: ODEBUG bug in __do_softirq run #7: crashed: KASAN: use-after-free Write in afs_manage_cell run #8: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #9: crashed: KASAN: use-after-free Write in afs_manage_cell testing release v5.5 testing commit d5226fa6dbae0569ee43ecfc08bdcd6770fc4755 with gcc (GCC) 8.1.0 kernel signature: 428b170a76c49f9e0d3786f2417de182b864fe94923850a26491c85e93d76d0e run #0: crashed: KASAN: use-after-free Read in __proc_create run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #7: crashed: KASAN: use-after-free Read in __proc_create run #8: crashed: WARNING: ODEBUG bug in __do_softirq run #9: crashed: KASAN: use-after-free Read in afs_deactivate_cell testing release v5.4 testing commit 219d54332a09e8d8741c1e1982f5eae56099de85 with gcc (GCC) 8.1.0 kernel signature: b1f0d1f23498a7898f2052d5f1783b62e206fbcb8588e2ca30efcbdc0460345e run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Read in afs_manage_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #8: crashed: KASAN: use-after-free Write in afs_manage_cell run #9: crashed: KASAN: use-after-free Write in afs_manage_cell testing release v5.3 testing commit 4d856f72c10ecb060868ed10ff1b1453943fc6c8 with gcc (GCC) 8.1.0 kernel signature: ef0d28156c2a2cf239f6f9d3b822ec1628ecc7087a34d1c0aaf4278cd9cbdc57 run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Read in __proc_create run #4: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #8: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #9: crashed: KASAN: use-after-free Read in fscache_alloc_cookie testing release v5.2 testing commit 0ecfebd2b52404ae0c54a878c872bb93363ada36 with gcc (GCC) 8.1.0 kernel signature: 256dd1359935f5cd58685b46039fcd6cfe4156acc88356aa0dc7ffd4a6e23658 run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #5: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: KASAN: use-after-free Read in __proc_create run #8: crashed: KASAN: use-after-free Write in afs_manage_cell run #9: crashed: KASAN: use-after-free Write in afs_manage_cell testing release v5.1 testing commit e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd with gcc (GCC) 8.1.0 kernel signature: a6f5d9aee3a66ddc8ec6812c0c0af85b60adfff731e3b7ef374a5704a10bc2bc run #0: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #1: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #2: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: KASAN: use-after-free Read in __d_alloc run #8: OK run #9: OK testing release v5.0 testing commit 1c163f4c7b3f621efff9b28a47abb36f7378d783 with gcc (GCC) 8.1.0 kernel signature: 5007e3c033e292b7850b8a72bc53268d68a256eddeb9dd9c92e7040ff1ab7262 all runs: OK # git bisect start e93c9c99a629c61837d5a7fc2120cd2b6c70dbdd 1c163f4c7b3f621efff9b28a47abb36f7378d783 Bisecting: 7074 revisions left to test after this (roughly 13 steps) [b5dd0c658c31b469ccff1b637e5124851e7a4a1c] Merge branch 'akpm' (patches from Andrew) testing commit b5dd0c658c31b469ccff1b637e5124851e7a4a1c with gcc (GCC) 8.1.0 kernel signature: c12bc155ae97c4f63d79eac62811e0ae5d1f0787211d02c2d96086ddbb45ca4e all runs: OK # git bisect good b5dd0c658c31b469ccff1b637e5124851e7a4a1c Bisecting: 3573 revisions left to test after this (roughly 12 steps) [4f0237062ca70c8e34e16e518aee4b84c30d1832] Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input testing commit 4f0237062ca70c8e34e16e518aee4b84c30d1832 with gcc (GCC) 8.1.0 kernel signature: f0684dab3c0b940fb2365813977addf94db3ef4c794eef81596d95b9debf3b43 all runs: OK # git bisect good 4f0237062ca70c8e34e16e518aee4b84c30d1832 Bisecting: 1796 revisions left to test after this (roughly 11 steps) [345077c8e172c255ea0707214303ccd099e5656b] KVM: PPC: Book3S: Protect memslots while validating user address testing commit 345077c8e172c255ea0707214303ccd099e5656b with gcc (GCC) 8.1.0 kernel signature: 39e052a115128cfd2c728bf90ad4060db4be7da61546595de552e7e17cf2ee07 run #0: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #1: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Read in afs_manage_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: KASAN: use-after-free Write in afs_manage_cell run #8: OK run #9: OK # git bisect bad 345077c8e172c255ea0707214303ccd099e5656b Bisecting: 880 revisions left to test after this (roughly 10 steps) [f3ca4c55a6581c46e9f4a592dd698a7c67a713dd] Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net testing commit f3ca4c55a6581c46e9f4a592dd698a7c67a713dd with gcc (GCC) 8.1.0 kernel signature: 13d541dc401c49d0eae20095e2feed0de1db154a07238bf0b2b5ea2316532ea2 run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #7: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #8: crashed: WARNING: ODEBUG bug in afs_cell_destroy run #9: crashed: WARNING: ODEBUG bug in afs_cell_destroy # git bisect bad f3ca4c55a6581c46e9f4a592dd698a7c67a713dd Bisecting: 441 revisions left to test after this (roughly 9 steps) [a5adcfcad55d5f034b33f79f1a873229d1e77b24] Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 testing commit a5adcfcad55d5f034b33f79f1a873229d1e77b24 with gcc (GCC) 8.1.0 kernel signature: b9aa0b2eaf3929e456db5b8c6140af80805a10c5b474ee717af451995409c98b run #0: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #6: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #7: OK run #8: OK run #9: OK # git bisect bad a5adcfcad55d5f034b33f79f1a873229d1e77b24 Bisecting: 225 revisions left to test after this (roughly 8 steps) [5f739e4a491ab63730ef3b7464171340c689fbff] Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit 5f739e4a491ab63730ef3b7464171340c689fbff with gcc (GCC) 8.1.0 kernel signature: 4598d8c1a75781ef16050a60ad19a146292b4735ad922a5100bf70d4eb38b095 all runs: OK # git bisect good 5f739e4a491ab63730ef3b7464171340c689fbff Bisecting: 134 revisions left to test after this (roughly 7 steps) [4d6c671ace569d4b0d3f8d92ab3aef18a5d166bc] SUNRPC: Take the transport send lock before binding+connecting testing commit 4d6c671ace569d4b0d3f8d92ab3aef18a5d166bc with gcc (GCC) 8.1.0 kernel signature: 2a002b925e2053b31466ced7276d417cfe45115912a3edacbe726f20062e7b1c all runs: OK # git bisect good 4d6c671ace569d4b0d3f8d92ab3aef18a5d166bc Bisecting: 63 revisions left to test after this (roughly 6 steps) [dfee9c257b102d7c0407629eef2ed32e152de0d2] Merge tag 'fuse-update-5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse testing commit dfee9c257b102d7c0407629eef2ed32e152de0d2 with gcc (GCC) 8.1.0 kernel signature: 14b501530a1609c09872290f551ca94c18d3f8f0722433d1bb06d688612b27cb run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Write in afs_manage_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: OK run #8: OK run #9: OK # git bisect bad dfee9c257b102d7c0407629eef2ed32e152de0d2 Bisecting: 35 revisions left to test after this (roughly 5 steps) [32021982a324dce93b4ae00c06213bf45fb319c8] hugetlbfs: Convert to fs_context testing commit 32021982a324dce93b4ae00c06213bf45fb319c8 with gcc (GCC) 8.1.0 kernel signature: 4ceb280ae250fc56943b95974dfc0c191eeacd34cf464022e0a6605f329277b8 all runs: OK # git bisect good 32021982a324dce93b4ae00c06213bf45fb319c8 Bisecting: 17 revisions left to test after this (roughly 4 steps) [75126f5504524dd0f24753d8815db42d9ab23614] fuse: use atomic64_t for khctr testing commit 75126f5504524dd0f24753d8815db42d9ab23614 with gcc (GCC) 8.1.0 kernel signature: e3fd4e2b7c94da00a7d32e0ffb94de28b368b17c1e84c0c507fa9a371ba147ca all runs: OK # git bisect good 75126f5504524dd0f24753d8815db42d9ab23614 Bisecting: 7 revisions left to test after this (roughly 3 steps) [7b47a9e7c8f672b6fb0b77fca11a63a8a77f5a91] Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs testing commit 7b47a9e7c8f672b6fb0b77fca11a63a8a77f5a91 with gcc (GCC) 8.1.0 kernel signature: f37c0afb8884f58ecaa49b43c018677944a3159d72923cdcb553c2e5f6c75586 run #0: crashed: KASAN: use-after-free Read in __proc_create run #1: crashed: KASAN: use-after-free Write in afs_deactivate_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #4: crashed: KASAN: use-after-free Write in afs_manage_cell run #5: crashed: KASAN: use-after-free Read in afs_deactivate_cell run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: KASAN: use-after-free Write in afs_manage_cell run #8: OK run #9: OK # git bisect bad 7b47a9e7c8f672b6fb0b77fca11a63a8a77f5a91 Bisecting: 4 revisions left to test after this (roughly 2 steps) [13fcc6837049f1bd76d57e9abc217a91fdbad764] afs: Add fs_context support testing commit 13fcc6837049f1bd76d57e9abc217a91fdbad764 with gcc (GCC) 8.1.0 kernel signature: 8657d3931b23580a18b98a1a18c4020329a1ab54684750044c4d82482061f65e all runs: OK # git bisect good 13fcc6837049f1bd76d57e9abc217a91fdbad764 Bisecting: 2 revisions left to test after this (roughly 1 step) [6daef95b8c914866a46247232a048447fff97279] iov_iter: optimize page_copy_sane() testing commit 6daef95b8c914866a46247232a048447fff97279 with gcc (GCC) 8.1.0 kernel signature: 3f75087fca9df83806773ab35729fc9bbf5c9d53ab2d8a05e37b57fc6ecea5c5 all runs: OK # git bisect good 6daef95b8c914866a46247232a048447fff97279 Bisecting: 1 revision left to test after this (roughly 1 step) [c99c2171fc61476afac0dfb59fb2c447a01fb1e0] afs: Use fs_context to pass parameters over automount testing commit c99c2171fc61476afac0dfb59fb2c447a01fb1e0 with gcc (GCC) 8.1.0 kernel signature: 948f8b46468f2b70b733da147b62ec4a6ad79acd51121e6ca901bf7662c93c42 run #0: crashed: KASAN: use-after-free Write in afs_manage_cell run #1: crashed: KASAN: use-after-free Write in afs_manage_cell run #2: crashed: KASAN: use-after-free Write in afs_manage_cell run #3: crashed: KASAN: use-after-free Write in afs_manage_cell run #4: crashed: INFO: rcu detected stall in sys_mount run #5: crashed: KASAN: use-after-free Read in __proc_create run #6: crashed: KASAN: use-after-free Write in afs_manage_cell run #7: crashed: KASAN: use-after-free Read in fscache_alloc_cookie run #8: OK run #9: OK # git bisect bad c99c2171fc61476afac0dfb59fb2c447a01fb1e0 c99c2171fc61476afac0dfb59fb2c447a01fb1e0 is the first bad commit commit c99c2171fc61476afac0dfb59fb2c447a01fb1e0 Author: David Howells Date: Thu Nov 1 23:07:27 2018 +0000 afs: Use fs_context to pass parameters over automount Alter the AFS automounting code to create and modify an fs_context struct when parameterising a new mount triggered by an AFS mountpoint rather than constructing device name and option strings. Also remove the cell=, vol= and rwpath options as they are then redundant. The reason they existed is because the 'device name' may be derived literally from a mountpoint object in the filesystem, so default cell and parent-type information needed to be passed in by some other method from the automount routines. The vol= option didn't end up being used. Signed-off-by: David Howells cc: Eric W. Biederman Signed-off-by: Al Viro fs/afs/internal.h | 1 - fs/afs/mntpt.c | 148 ++++++++++++++++++++++++++++-------------------------- fs/afs/super.c | 40 ++------------- 3 files changed, 80 insertions(+), 109 deletions(-) culprit signature: 948f8b46468f2b70b733da147b62ec4a6ad79acd51121e6ca901bf7662c93c42 parent signature: 8657d3931b23580a18b98a1a18c4020329a1ab54684750044c4d82482061f65e revisions tested: 24, total time: 6h13m24.03198591s (build: 2h18m49.108871029s, test: 3h51m45.927648865s) first bad commit: c99c2171fc61476afac0dfb59fb2c447a01fb1e0 afs: Use fs_context to pass parameters over automount recipients (to): ["dhowells@redhat.com" "dhowells@redhat.com" "linux-afs@lists.infradead.org" "viro@zeniv.linux.org.uk"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: KASAN: use-after-free Read in fscache_alloc_cookie FS-Cache: N-cookie c=0000000067dad07c [p=000000005748f991 fl=2 nc=0 na=1] FS-Cache: N-cookie d=00000000658e519f n=0000000095cd0a16 FS-Cache: N-key=[5] '23ee2ea1fb' kAFS: unable to lookup cell '#î.¡Û' ================================================================== BUG: KASAN: use-after-free in memcpy include/linux/string.h:352 [inline] BUG: KASAN: use-after-free in fscache_set_key fs/fscache/cookie.c:97 [inline] BUG: KASAN: use-after-free in fscache_alloc_cookie+0xd3/0x5d0 fs/fscache/cookie.c:157 Read of size 5 at addr ffff8880a0366131 by task kworker/0:4/8001 CPU: 0 PID: 8001 Comm: kworker/0:4 Not tainted 5.0.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: afs afs_manage_cell Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x165/0x21a lib/dump_stack.c:113 print_address_description.cold.3+0x9/0x211 mm/kasan/report.c:187 kasan_report.cold.4+0x1b/0x37 mm/kasan/report.c:317 check_memory_region_inline mm/kasan/generic.c:185 [inline] check_memory_region+0x13c/0x1b0 mm/kasan/generic.c:191 memcpy+0x23/0x50 mm/kasan/common.c:130 memcpy include/linux/string.h:352 [inline] fscache_set_key fs/fscache/cookie.c:97 [inline] fscache_alloc_cookie+0xd3/0x5d0 fs/fscache/cookie.c:157 __fscache_acquire_cookie+0xc6/0x620 fs/fscache/cookie.c:292 fscache_acquire_cookie include/linux/fscache.h:338 [inline] afs_activate_cell fs/afs/cell.c:547 [inline] afs_manage_cell+0x403/0xe50 fs/afs/cell.c:633 process_one_work+0x7b9/0x15a0 kernel/workqueue.c:2153 worker_thread+0x85/0xb60 kernel/workqueue.c:2296 kthread+0x324/0x3e0 kernel/kthread.c:246 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Allocated by task 12025: save_stack mm/kasan/common.c:73 [inline] set_track mm/kasan/common.c:85 [inline] __kasan_kmalloc.part.0+0x66/0x100 mm/kasan/common.c:496 __kasan_kmalloc.constprop.1+0xb5/0xc0 mm/kasan/common.c:477 kasan_kmalloc+0x9/0x10 mm/kasan/common.c:504 kmem_cache_alloc_trace+0x15b/0x3d0 mm/slab.c:3609 kmalloc include/linux/slab.h:545 [inline] kzalloc include/linux/slab.h:740 [inline] afs_alloc_cell fs/afs/cell.c:141 [inline] afs_lookup_cell+0x14a/0xb70 fs/afs/cell.c:229 afs_parse_source fs/afs/super.c:272 [inline] afs_parse_param+0x32d/0x7c0 fs/afs/super.c:308 vfs_parse_fs_param+0x228/0x470 fs/fs_context.c:147 vfs_parse_fs_string+0xb8/0x110 fs/fs_context.c:190 generic_parse_monolithic+0x117/0x190 fs/fs_context.c:230 parse_monolithic_mount_data+0x5c/0x83 fs/fs_context.c:641 do_new_mount fs/namespace.c:2618 [inline] do_mount+0x10e4/0x2ae0 fs/namespace.c:2942 ksys_mount+0xba/0xe0 fs/namespace.c:3151 __do_sys_mount fs/namespace.c:3165 [inline] __se_sys_mount fs/namespace.c:3162 [inline] __x64_sys_mount+0xb9/0x150 fs/namespace.c:3162 do_syscall_64+0xd0/0x4d0 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 9: save_stack mm/kasan/common.c:73 [inline] set_track mm/kasan/common.c:85 [inline] __kasan_slab_free+0x13c/0x220 mm/kasan/common.c:458 kasan_slab_free+0xe/0x10 mm/kasan/common.c:466 __cache_free mm/slab.c:3487 [inline] kfree+0xcf/0x220 mm/slab.c:3806 afs_cell_destroy+0xd3/0x110 fs/afs/cell.c:438 __rcu_reclaim kernel/rcu/rcu.h:240 [inline] rcu_do_batch kernel/rcu/tree.c:2452 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2773 [inline] rcu_process_callbacks+0x8a7/0x12e0 kernel/rcu/tree.c:2754 __do_softirq+0x25e/0x958 kernel/softirq.c:292 The buggy address belongs to the object at ffff8880a0366000 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 305 bytes inside of 512-byte region [ffff8880a0366000, ffff8880a0366200) The buggy address belongs to the page: page:ffffea000280d980 count:1 mapcount:0 mapping:ffff88812c3f6940 index:0xffff8880a0366780 flags: 0xfffe0000000200(slab) raw: 00fffe0000000200 ffffea00029786c8 ffffea0002a472c8 ffff88812c3f6940 raw: ffff8880a0366780 ffff8880a0366000 0000000100000005 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880a0366000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880a0366080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8880a0366100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8880a0366180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8880a0366200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================