Warning: Permanently added '10.128.15.197' (ECDSA) to the list of known hosts. 2020/06/19 07:07:31 fuzzer started 2020/06/19 07:07:32 connecting to host at 10.128.0.26:43695 2020/06/19 07:07:32 checking machine... 2020/06/19 07:07:32 checking revisions... 2020/06/19 07:07:32 testing simple program... [ 55.718647][ T6815] IPVS: ftp: loaded support on port[0] = 21 2020/06/19 07:07:32 building call list... [ 56.060608][ T7] tipc: TX() has been purged, node left! [ 56.582562][ T7] ================================================================== [ 56.590779][ T7] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 56.598664][ T7] Write of size 1 at addr ffff88809f8df9e4 by task kworker/u4:0/7 [ 56.606537][ T7] [ 56.608869][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.8.0-rc1-next-20200618-syzkaller #0 [ 56.618221][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.628278][ T7] Workqueue: netns cleanup_net [ 56.633052][ T7] Call Trace: [ 56.636346][ T7] dump_stack+0x18f/0x20d [ 56.640683][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 56.646222][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 56.651760][ T7] ? afs_put_call+0xa40/0xa40 [ 56.656433][ T7] print_address_description.constprop.0.cold+0xd3/0x413 [ 56.663458][ T7] ? vprintk_func+0x97/0x1a6 [ 56.668045][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 56.673583][ T7] kasan_report.cold+0x1f/0x37 [ 56.678345][ T7] ? rcu_read_lock_held_common+0x71/0xa0 [ 56.683976][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 56.689520][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 56.694887][ T7] ? afs_close_socket+0x320/0x320 [ 56.699914][ T7] ? afs_put_call+0xa40/0xa40 [ 56.704582][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 56.709697][ T7] ? afs_put_call+0xa40/0xa40 [ 56.714369][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 56.720977][ T7] rxrpc_call_completed+0xca/0xf0 [ 56.726012][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 56.731391][ T7] ? lock_sock_nested+0x94/0x110 [ 56.736329][ T7] rxrpc_listen+0x147/0x360 [ 56.741355][ T7] afs_close_socket+0x95/0x320 [ 56.746114][ T7] ? afs_purge_servers+0x16d/0x300 [ 56.751226][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 56.756685][ T7] ? init_wait_var_entry+0x200/0x200 [ 56.761973][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 56.767598][ T7] ? check_preemption_disabled+0x38/0x220 [ 56.773323][ T7] afs_net_exit+0x1bc/0x310 [ 56.777854][ T7] ? afs_net_init+0xe30/0xe30 [ 56.782528][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 56.787642][ T7] cleanup_net+0x511/0xa50 [ 56.792058][ T7] ? unregister_pernet_device+0x70/0x70 [ 56.797603][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.803592][ T7] process_one_work+0x965/0x1690 [ 56.808545][ T7] ? lock_release+0x800/0x800 [ 56.813270][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 56.818686][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 56.823645][ T7] worker_thread+0x96/0xe10 [ 56.828164][ T7] ? process_one_work+0x1690/0x1690 [ 56.833380][ T7] kthread+0x3b5/0x4a0 [ 56.837503][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.843228][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.849150][ T7] ret_from_fork+0x1f/0x30 [ 56.853594][ T7] [ 56.855914][ T7] Allocated by task 6815: [ 56.860242][ T7] save_stack+0x1b/0x40 [ 56.864425][ T7] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 56.870052][ T7] kmem_cache_alloc_trace+0x153/0x7d0 [ 56.875436][ T7] afs_alloc_call+0x55/0x630 [ 56.880022][ T7] afs_charge_preallocation+0xe9/0x2d0 [ 56.885474][ T7] afs_open_socket+0x292/0x360 [ 56.890247][ T7] afs_net_init+0xa6c/0xe30 [ 56.894743][ T7] ops_init+0xaf/0x420 [ 56.898807][ T7] setup_net+0x2de/0x860 [ 56.903042][ T7] copy_net_ns+0x293/0x590 [ 56.907452][ T7] create_new_namespaces+0x3fb/0xb30 [ 56.912732][ T7] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 56.918373][ T7] ksys_unshare+0x445/0x8e0 [ 56.922897][ T7] __x64_sys_unshare+0x2d/0x40 [ 56.927683][ T7] do_syscall_64+0x60/0xe0 [ 56.932096][ T7] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.937970][ T7] [ 56.940289][ T7] Freed by task 7: [ 56.944036][ T7] save_stack+0x1b/0x40 [ 56.948209][ T7] __kasan_slab_free+0xf7/0x140 [ 56.953056][ T7] kfree+0x109/0x2b0 [ 56.956963][ T7] afs_put_call+0x585/0xa40 [ 56.961466][ T7] rxrpc_discard_prealloc+0x764/0xab0 [ 56.966838][ T7] rxrpc_listen+0x147/0x360 [ 56.971341][ T7] afs_close_socket+0x95/0x320 [ 56.976283][ T7] afs_net_exit+0x1bc/0x310 [ 56.980784][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 56.985887][ T7] cleanup_net+0x511/0xa50 [ 56.990307][ T7] process_one_work+0x965/0x1690 [ 56.995248][ T7] worker_thread+0x96/0xe10 [ 56.999768][ T7] kthread+0x3b5/0x4a0 [ 57.003835][ T7] ret_from_fork+0x1f/0x30 [ 57.008237][ T7] [ 57.010588][ T7] The buggy address belongs to the object at ffff88809f8df800 [ 57.010588][ T7] which belongs to the cache kmalloc-1k of size 1024 [ 57.024988][ T7] The buggy address is located 484 bytes inside of [ 57.024988][ T7] 1024-byte region [ffff88809f8df800, ffff88809f8dfc00) [ 57.038351][ T7] The buggy address belongs to the page: [ 57.044090][ T7] page:ffffea00027e37c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 57.054149][ T7] flags: 0xfffe0000000200(slab) [ 57.059005][ T7] raw: 00fffe0000000200 ffffea0002801408 ffffea000280c508 ffff8880aa000c40 [ 57.067939][ T7] raw: 0000000000000000 ffff88809f8df000 0000000100000002 0000000000000000 [ 57.076517][ T7] page dumped because: kasan: bad access detected [ 57.083094][ T7] [ 57.085417][ T7] Memory state around the buggy address: [ 57.091044][ T7] ffff88809f8df880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.099104][ T7] ffff88809f8df900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.107702][ T7] >ffff88809f8df980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.115758][ T7] ^ [ 57.122960][ T7] ffff88809f8dfa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.131492][ T7] ffff88809f8dfa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.139805][ T7] ================================================================== [ 57.147856][ T7] Disabling lock debugging due to kernel taint [ 57.154128][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 57.160750][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.8.0-rc1-next-20200618-syzkaller #0 [ 57.171494][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.184196][ T7] Workqueue: netns cleanup_net [ 57.189039][ T7] Call Trace: [ 57.192356][ T7] dump_stack+0x18f/0x20d [ 57.196689][ T7] ? afs_wake_up_async_call+0x660/0x770 [ 57.202334][ T7] ? afs_put_call+0xa40/0xa40 [ 57.208397][ T7] panic+0x2e3/0x75c [ 57.212298][ T7] ? __warn_printk+0xf3/0xf3 [ 57.216888][ T7] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 57.223046][ T7] ? trace_hardirqs_on+0x55/0x220 [ 57.228065][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 57.233608][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 57.239513][ T7] ? afs_put_call+0xa40/0xa40 [ 57.244304][ T7] end_report+0x4d/0x53 [ 57.248483][ T7] kasan_report.cold+0xd/0x37 [ 57.253685][ T7] ? rcu_read_lock_held_common+0x71/0xa0 [ 57.259316][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 57.265045][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 57.270408][ T7] ? afs_close_socket+0x320/0x320 [ 57.275425][ T7] ? afs_put_call+0xa40/0xa40 [ 57.280093][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 57.285196][ T7] ? afs_put_call+0xa40/0xa40 [ 57.289862][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 57.296265][ T7] rxrpc_call_completed+0xca/0xf0 [ 57.301282][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 57.306679][ T7] ? lock_sock_nested+0x94/0x110 [ 57.311715][ T7] rxrpc_listen+0x147/0x360 [ 57.316214][ T7] afs_close_socket+0x95/0x320 [ 57.320969][ T7] ? afs_purge_servers+0x16d/0x300 [ 57.326168][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 57.331709][ T7] ? init_wait_var_entry+0x200/0x200 [ 57.337182][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 57.342803][ T7] ? check_preemption_disabled+0x38/0x220 [ 57.348542][ T7] afs_net_exit+0x1bc/0x310 [ 57.353035][ T7] ? afs_net_init+0xe30/0xe30 [ 57.357701][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 57.363447][ T7] cleanup_net+0x511/0xa50 [ 57.367856][ T7] ? unregister_pernet_device+0x70/0x70 [ 57.374185][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.380163][ T7] process_one_work+0x965/0x1690 [ 57.385098][ T7] ? lock_release+0x800/0x800 [ 57.389767][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.397067][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 57.402020][ T7] worker_thread+0x96/0xe10 [ 57.406528][ T7] ? process_one_work+0x1690/0x1690 [ 57.411727][ T7] kthread+0x3b5/0x4a0 [ 57.415795][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.421613][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.427381][ T7] ret_from_fork+0x1f/0x30 [ 57.433303][ T7] Kernel Offset: disabled [ 57.437736][ T7] Rebooting in 86400 seconds..