Warning: Permanently added '10.128.0.107' (ECDSA) to the list of known hosts. 2020/06/19 02:07:16 fuzzer started 2020/06/19 02:07:17 connecting to host at 10.128.0.26:42063 2020/06/19 02:07:17 checking machine... 2020/06/19 02:07:17 checking revisions... 2020/06/19 02:07:17 testing simple program... syzkaller login: [ 62.725316][ T6847] IPVS: ftp: loaded support on port[0] = 21 2020/06/19 02:07:17 building call list... [ 63.069302][ T79] tipc: TX() has been purged, node left! [ 63.581650][ T79] ================================================================== [ 63.589894][ T79] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 63.597905][ T79] Write of size 1 at addr ffff888091bf11e4 by task kworker/u4:3/79 [ 63.605792][ T79] [ 63.608127][ T79] CPU: 0 PID: 79 Comm: kworker/u4:3 Not tainted 5.8.0-rc1-syzkaller #0 [ 63.616356][ T79] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.626499][ T79] Workqueue: netns cleanup_net [ 63.631255][ T79] Call Trace: [ 63.634549][ T79] dump_stack+0x18f/0x20d [ 63.638901][ T79] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.644461][ T79] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.650114][ T79] ? afs_put_call+0xa40/0xa40 [ 63.654800][ T79] print_address_description.constprop.0.cold+0xd3/0x413 [ 63.661834][ T79] ? vprintk_func+0x97/0x1a6 [ 63.666436][ T79] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.672334][ T79] kasan_report.cold+0x1f/0x37 [ 63.677136][ T79] ? rcu_read_lock_held_common+0x51/0xa0 [ 63.682764][ T79] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.688323][ T79] afs_wake_up_async_call+0x6aa/0x770 [ 63.693696][ T79] ? afs_close_socket+0x320/0x320 [ 63.698727][ T79] ? afs_put_call+0xa40/0xa40 [ 63.703411][ T79] rxrpc_notify_socket+0x1db/0x5d0 [ 63.708545][ T79] ? afs_put_call+0xa40/0xa40 [ 63.713746][ T79] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 63.720164][ T79] rxrpc_call_completed+0xca/0xf0 [ 63.725210][ T79] rxrpc_discard_prealloc+0x781/0xab0 [ 63.730677][ T79] ? lock_sock_nested+0x94/0x110 [ 63.735618][ T79] rxrpc_listen+0x147/0x360 [ 63.740124][ T79] afs_close_socket+0x95/0x320 [ 63.744894][ T79] ? afs_purge_servers+0x16d/0x300 [ 63.750010][ T79] ? afs_rx_discard_new_call+0x50/0x50 [ 63.755473][ T79] ? init_wait_var_entry+0x200/0x200 [ 63.761631][ T79] ? rcu_read_lock_held_common+0xa0/0xa0 [ 63.767288][ T79] ? check_preemption_disabled+0x38/0x220 [ 63.773034][ T79] afs_net_exit+0x1bc/0x310 [ 63.777536][ T79] ? afs_net_init+0xe30/0xe30 [ 63.782268][ T79] ops_exit_list.isra.0+0xa8/0x150 [ 63.787385][ T79] cleanup_net+0x511/0xa50 [ 63.791804][ T79] ? unregister_pernet_device+0x70/0x70 [ 63.797509][ T79] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.803519][ T79] process_one_work+0x965/0x1690 [ 63.808476][ T79] ? lock_release+0x800/0x800 [ 63.813192][ T79] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.818568][ T79] ? rwlock_bug.part.0+0x90/0x90 [ 63.824136][ T79] worker_thread+0x96/0xe10 [ 63.828680][ T79] ? process_one_work+0x1690/0x1690 [ 63.833883][ T79] kthread+0x3b5/0x4a0 [ 63.837950][ T79] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.843666][ T79] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.849391][ T79] ret_from_fork+0x1f/0x30 [ 63.853834][ T79] [ 63.856160][ T79] Allocated by task 6847: [ 63.860488][ T79] save_stack+0x1b/0x40 [ 63.864639][ T79] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 63.870278][ T79] kmem_cache_alloc_trace+0x153/0x7d0 [ 63.875660][ T79] afs_alloc_call+0x55/0x630 [ 63.880250][ T79] afs_charge_preallocation+0xe9/0x2d0 [ 63.885714][ T79] afs_open_socket+0x292/0x360 [ 63.890513][ T79] afs_net_init+0xa6c/0xe30 [ 63.895015][ T79] ops_init+0xaf/0x420 [ 63.899079][ T79] setup_net+0x2de/0x860 [ 63.903317][ T79] copy_net_ns+0x293/0x590 [ 63.907741][ T79] create_new_namespaces+0x3fb/0xb30 [ 63.913024][ T79] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 63.918673][ T79] ksys_unshare+0x43d/0x8e0 [ 63.923172][ T79] __x64_sys_unshare+0x2d/0x40 [ 63.927989][ T79] do_syscall_64+0x60/0xe0 [ 63.932411][ T79] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.938311][ T79] [ 63.940640][ T79] Freed by task 79: [ 63.944448][ T79] save_stack+0x1b/0x40 [ 63.948599][ T79] __kasan_slab_free+0xf7/0x140 [ 63.953446][ T79] kfree+0x109/0x2b0 [ 63.957341][ T79] afs_put_call+0x585/0xa40 [ 63.961842][ T79] rxrpc_discard_prealloc+0x764/0xab0 [ 63.967216][ T79] rxrpc_listen+0x147/0x360 [ 63.971718][ T79] afs_close_socket+0x95/0x320 [ 63.976475][ T79] afs_net_exit+0x1bc/0x310 [ 63.980983][ T79] ops_exit_list.isra.0+0xa8/0x150 [ 63.986149][ T79] cleanup_net+0x511/0xa50 [ 63.990671][ T79] process_one_work+0x965/0x1690 [ 63.995619][ T79] worker_thread+0x96/0xe10 [ 64.000120][ T79] kthread+0x3b5/0x4a0 [ 64.004187][ T79] ret_from_fork+0x1f/0x30 [ 64.008765][ T79] [ 64.011093][ T79] The buggy address belongs to the object at ffff888091bf1000 [ 64.011093][ T79] which belongs to the cache kmalloc-1k of size 1024 [ 64.025141][ T79] The buggy address is located 484 bytes inside of [ 64.025141][ T79] 1024-byte region [ffff888091bf1000, ffff888091bf1400) [ 64.038489][ T79] The buggy address belongs to the page: [ 64.044134][ T79] page:ffffea000246fc40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 64.053245][ T79] flags: 0xfffe0000000200(slab) [ 64.058137][ T79] raw: 00fffe0000000200 ffffea0002388388 ffffea00024c0c48 ffff8880aa000c40 [ 64.066726][ T79] raw: 0000000000000000 ffff888091bf1000 0000000100000002 0000000000000000 [ 64.075307][ T79] page dumped because: kasan: bad access detected [ 64.081740][ T79] [ 64.084065][ T79] Memory state around the buggy address: [ 64.089725][ T79] ffff888091bf1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.097784][ T79] ffff888091bf1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.105846][ T79] >ffff888091bf1180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.113920][ T79] ^ [ 64.121197][ T79] ffff888091bf1200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.129273][ T79] ffff888091bf1280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.137417][ T79] ================================================================== [ 64.145468][ T79] Disabling lock debugging due to kernel taint [ 64.151650][ T79] Kernel panic - not syncing: panic_on_warn set ... [ 64.158232][ T79] CPU: 0 PID: 79 Comm: kworker/u4:3 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 64.167845][ T79] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.177892][ T79] Workqueue: netns cleanup_net [ 64.182818][ T79] Call Trace: [ 64.186124][ T79] dump_stack+0x18f/0x20d [ 64.190461][ T79] ? afs_wake_up_async_call+0x680/0x770 [ 64.196032][ T79] ? afs_put_call+0xa40/0xa40 [ 64.200715][ T79] panic+0x2e3/0x75c [ 64.204607][ T79] ? __warn_printk+0xf3/0xf3 [ 64.209200][ T79] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 64.215373][ T79] ? trace_hardirqs_on+0x55/0x220 [ 64.220397][ T79] ? afs_wake_up_async_call+0x6aa/0x770 [ 64.226026][ T79] ? afs_wake_up_async_call+0x6aa/0x770 [ 64.231567][ T79] ? afs_put_call+0xa40/0xa40 [ 64.236239][ T79] end_report+0x4d/0x53 [ 64.240391][ T79] kasan_report.cold+0xd/0x37 [ 64.245073][ T79] ? rcu_read_lock_held_common+0x51/0xa0 [ 64.250708][ T79] ? afs_wake_up_async_call+0x6aa/0x770 [ 64.256244][ T79] afs_wake_up_async_call+0x6aa/0x770 [ 64.261603][ T79] ? afs_close_socket+0x320/0x320 [ 64.266618][ T79] ? afs_put_call+0xa40/0xa40 [ 64.271310][ T79] rxrpc_notify_socket+0x1db/0x5d0 [ 64.276436][ T79] ? afs_put_call+0xa40/0xa40 [ 64.281191][ T79] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 64.287603][ T79] rxrpc_call_completed+0xca/0xf0 [ 64.292623][ T79] rxrpc_discard_prealloc+0x781/0xab0 [ 64.298003][ T79] ? lock_sock_nested+0x94/0x110 [ 64.302936][ T79] rxrpc_listen+0x147/0x360 [ 64.307435][ T79] afs_close_socket+0x95/0x320 [ 64.312197][ T79] ? afs_purge_servers+0x16d/0x300 [ 64.317327][ T79] ? afs_rx_discard_new_call+0x50/0x50 [ 64.322777][ T79] ? init_wait_var_entry+0x200/0x200 [ 64.328056][ T79] ? rcu_read_lock_held_common+0xa0/0xa0 [ 64.333683][ T79] ? check_preemption_disabled+0x38/0x220 [ 64.339393][ T79] afs_net_exit+0x1bc/0x310 [ 64.343909][ T79] ? afs_net_init+0xe30/0xe30 [ 64.348948][ T79] ops_exit_list.isra.0+0xa8/0x150 [ 64.354056][ T79] cleanup_net+0x511/0xa50 [ 64.358468][ T79] ? unregister_pernet_device+0x70/0x70 [ 64.364008][ T79] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.369982][ T79] process_one_work+0x965/0x1690 [ 64.374916][ T79] ? lock_release+0x800/0x800 [ 64.379585][ T79] ? pwq_dec_nr_in_flight+0x310/0x310 [ 64.384947][ T79] ? rwlock_bug.part.0+0x90/0x90 [ 64.389881][ T79] worker_thread+0x96/0xe10 [ 64.394380][ T79] ? process_one_work+0x1690/0x1690 [ 64.399589][ T79] kthread+0x3b5/0x4a0 [ 64.403651][ T79] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.409449][ T79] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.415164][ T79] ret_from_fork+0x1f/0x30 [ 64.420970][ T79] Kernel Offset: disabled [ 64.425378][ T79] Rebooting in 86400 seconds..