Starting Load/Save RF Kill Switch Status...


Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.15.196' (ECDSA) to the list of known hosts.
2020/06/19 03:42:28 fuzzer started
2020/06/19 03:42:29 connecting to host at 10.128.0.26:34211
2020/06/19 03:42:29 checking machine...
2020/06/19 03:42:29 checking revisions...
2020/06/19 03:42:29 testing simple program...
syzkaller login: [   65.928525][ T6822] IPVS: ftp: loaded support on port[0] = 21
2020/06/19 03:42:29 building call list...
[   66.295330][    T7] tipc: TX() has been purged, node left!
[   66.827933][    T7] ==================================================================
[   66.836403][    T7] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770
[   66.844504][    T7] Write of size 1 at addr ffff8880a024f1e4 by task kworker/u4:0/7
[   66.852325][    T7] 
[   66.854662][    T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.8.0-rc1-syzkaller #0
[   66.863854][    T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.873949][    T7] Workqueue: netns cleanup_net
[   66.878717][    T7] Call Trace:
[   66.882024][    T7]  dump_stack+0x18f/0x20d
[   66.886390][    T7]  ? afs_wake_up_async_call+0x6aa/0x770
[   66.891939][    T7]  ? afs_wake_up_async_call+0x6aa/0x770
[   66.898021][    T7]  ? afs_put_call+0xa40/0xa40
[   66.902708][    T7]  print_address_description.constprop.0.cold+0xd3/0x413
[   66.909840][    T7]  ? vprintk_func+0x97/0x1a6
[   66.914458][    T7]  ? afs_wake_up_async_call+0x6aa/0x770
[   66.920031][    T7]  kasan_report.cold+0x1f/0x37
[   66.924820][    T7]  ? rcu_read_lock_held_common+0x51/0xa0
[   66.930672][    T7]  ? afs_wake_up_async_call+0x6aa/0x770
[   66.936302][    T7]  afs_wake_up_async_call+0x6aa/0x770
[   66.941767][    T7]  ? afs_close_socket+0x320/0x320
[   66.947251][    T7]  ? afs_put_call+0xa40/0xa40
[   66.951933][    T7]  rxrpc_notify_socket+0x1db/0x5d0
[   66.957213][    T7]  ? afs_put_call+0xa40/0xa40
[   66.961930][    T7]  __rxrpc_set_call_completion.part.0+0x172/0x410
[   66.968368][    T7]  rxrpc_call_completed+0xca/0xf0
[   66.973412][    T7]  rxrpc_discard_prealloc+0x781/0xab0
[   66.979049][    T7]  ? lock_sock_nested+0x94/0x110
[   66.984007][    T7]  rxrpc_listen+0x147/0x360
[   66.988539][    T7]  afs_close_socket+0x95/0x320
[   66.993318][    T7]  ? afs_purge_servers+0x16d/0x300
[   66.998438][    T7]  ? afs_rx_discard_new_call+0x50/0x50
[   67.003918][    T7]  ? init_wait_var_entry+0x200/0x200
[   67.009226][    T7]  ? rcu_read_lock_held_common+0xa0/0xa0
[   67.014882][    T7]  ? check_preemption_disabled+0x38/0x220
[   67.020644][    T7]  afs_net_exit+0x1bc/0x310
[   67.025173][    T7]  ? afs_net_init+0xe30/0xe30
[   67.029861][    T7]  ops_exit_list.isra.0+0xa8/0x150
[   67.035000][    T7]  cleanup_net+0x511/0xa50
[   67.039424][    T7]  ? unregister_pernet_device+0x70/0x70
[   67.044989][    T7]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   67.050994][    T7]  process_one_work+0x965/0x1690
[   67.055952][    T7]  ? lock_release+0x800/0x800
[   67.060631][    T7]  ? pwq_dec_nr_in_flight+0x310/0x310
[   67.066011][    T7]  ? rwlock_bug.part.0+0x90/0x90
[   67.070960][    T7]  worker_thread+0x96/0xe10
[   67.075504][    T7]  ? process_one_work+0x1690/0x1690
[   67.080712][    T7]  kthread+0x3b5/0x4a0
[   67.084787][    T7]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   67.090551][    T7]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   67.096280][    T7]  ret_from_fork+0x1f/0x30
[   67.100709][    T7] 
[   67.103033][    T7] Allocated by task 6822:
[   67.107363][    T7]  save_stack+0x1b/0x40
[   67.111517][    T7]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   67.117147][    T7]  kmem_cache_alloc_trace+0x153/0x7d0
[   67.122516][    T7]  afs_alloc_call+0x55/0x630
[   67.127102][    T7]  afs_charge_preallocation+0xe9/0x2d0
[   67.132577][    T7]  afs_open_socket+0x292/0x360
[   67.137343][    T7]  afs_net_init+0xa6c/0xe30
[   67.141847][    T7]  ops_init+0xaf/0x420
[   67.145939][    T7]  setup_net+0x2de/0x860
[   67.150177][    T7]  copy_net_ns+0x293/0x590
[   67.154604][    T7]  create_new_namespaces+0x3fb/0xb30
[   67.159888][    T7]  unshare_nsproxy_namespaces+0xbd/0x1f0
[   67.165516][    T7]  ksys_unshare+0x43d/0x8e0
[   67.170016][    T7]  __x64_sys_unshare+0x2d/0x40
[   67.174774][    T7]  do_syscall_64+0x60/0xe0
[   67.179191][    T7]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   67.185069][    T7] 
[   67.187658][    T7] Freed by task 7:
[   67.191386][    T7]  save_stack+0x1b/0x40
[   67.195539][    T7]  __kasan_slab_free+0xf7/0x140
[   67.200392][    T7]  kfree+0x109/0x2b0
[   67.204281][    T7]  afs_put_call+0x585/0xa40
[   67.208783][    T7]  rxrpc_discard_prealloc+0x764/0xab0
[   67.214149][    T7]  rxrpc_listen+0x147/0x360
[   67.218650][    T7]  afs_close_socket+0x95/0x320
[   67.223406][    T7]  afs_net_exit+0x1bc/0x310
[   67.227904][    T7]  ops_exit_list.isra.0+0xa8/0x150
[   67.233009][    T7]  cleanup_net+0x511/0xa50
[   67.237424][    T7]  process_one_work+0x965/0x1690
[   67.242398][    T7]  worker_thread+0x96/0xe10
[   67.246919][    T7]  kthread+0x3b5/0x4a0
[   67.251277][    T7]  ret_from_fork+0x1f/0x30
[   67.255703][    T7] 
[   67.258030][    T7] The buggy address belongs to the object at ffff8880a024f000
[   67.258030][    T7]  which belongs to the cache kmalloc-1k of size 1024
[   67.272870][    T7] The buggy address is located 484 bytes inside of
[   67.272870][    T7]  1024-byte region [ffff8880a024f000, ffff8880a024f400)
[   67.286228][    T7] The buggy address belongs to the page:
[   67.292213][    T7] page:ffffea00028093c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[   67.301321][    T7] flags: 0xfffe0000000200(slab)
[   67.306214][    T7] raw: 00fffe0000000200 ffffea000299a748 ffffea00027f40c8 ffff8880aa000c40
[   67.314813][    T7] raw: 0000000000000000 ffff8880a024f000 0000000100000002 0000000000000000
[   67.323501][    T7] page dumped because: kasan: bad access detected
[   67.329913][    T7] 
[   67.332249][    T7] Memory state around the buggy address:
[   67.337885][    T7]  ffff8880a024f080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.346048][    T7]  ffff8880a024f100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.354123][    T7] >ffff8880a024f180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.362189][    T7]                                                        ^
[   67.369497][    T7]  ffff8880a024f200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.377562][    T7]  ffff8880a024f280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.385623][    T7] ==================================================================
[   67.393678][    T7] Disabling lock debugging due to kernel taint
[   67.399916][    T7] Kernel panic - not syncing: panic_on_warn set ...
[   67.406556][    T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Tainted: G    B             5.8.0-rc1-syzkaller #0
[   67.416112][    T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   67.426185][    T7] Workqueue: netns cleanup_net
[   67.430948][    T7] Call Trace:
[   67.434246][    T7]  dump_stack+0x18f/0x20d
[   67.438590][    T7]  ? afs_wake_up_async_call+0x680/0x770
[   67.444143][    T7]  ? afs_put_call+0xa40/0xa40
[   67.448833][    T7]  panic+0x2e3/0x75c
[   67.452743][    T7]  ? __warn_printk+0xf3/0xf3
[   67.457339][    T7]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[   67.463670][    T7]  ? trace_hardirqs_on+0x55/0x220
[   67.468711][    T7]  ? afs_wake_up_async_call+0x6aa/0x770
[   67.474246][    T7]  ? afs_wake_up_async_call+0x6aa/0x770
[   67.479793][    T7]  ? afs_put_call+0xa40/0xa40
[   67.484473][    T7]  end_report+0x4d/0x53
[   67.489329][    T7]  kasan_report.cold+0xd/0x37
[   67.494004][    T7]  ? rcu_read_lock_held_common+0x51/0xa0
[   67.499637][    T7]  ? afs_wake_up_async_call+0x6aa/0x770
[   67.505177][    T7]  afs_wake_up_async_call+0x6aa/0x770
[   67.510565][    T7]  ? afs_close_socket+0x320/0x320
[   67.515635][    T7]  ? afs_put_call+0xa40/0xa40
[   67.520503][    T7]  rxrpc_notify_socket+0x1db/0x5d0
[   67.525627][    T7]  ? afs_put_call+0xa40/0xa40
[   67.530632][    T7]  __rxrpc_set_call_completion.part.0+0x172/0x410
[   67.537052][    T7]  rxrpc_call_completed+0xca/0xf0
[   67.542594][    T7]  rxrpc_discard_prealloc+0x781/0xab0
[   67.547975][    T7]  ? lock_sock_nested+0x94/0x110
[   67.552916][    T7]  rxrpc_listen+0x147/0x360
[   67.557436][    T7]  afs_close_socket+0x95/0x320
[   67.562186][    T7]  ? afs_purge_servers+0x16d/0x300
[   67.567287][    T7]  ? afs_rx_discard_new_call+0x50/0x50
[   67.572735][    T7]  ? init_wait_var_entry+0x200/0x200
[   67.578017][    T7]  ? rcu_read_lock_held_common+0xa0/0xa0
[   67.583655][    T7]  ? check_preemption_disabled+0x38/0x220
[   67.589500][    T7]  afs_net_exit+0x1bc/0x310
[   67.593995][    T7]  ? afs_net_init+0xe30/0xe30
[   67.598671][    T7]  ops_exit_list.isra.0+0xa8/0x150
[   67.603799][    T7]  cleanup_net+0x511/0xa50
[   67.608215][    T7]  ? unregister_pernet_device+0x70/0x70
[   67.613775][    T7]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   67.619767][    T7]  process_one_work+0x965/0x1690
[   67.624699][    T7]  ? lock_release+0x800/0x800
[   67.629356][    T7]  ? pwq_dec_nr_in_flight+0x310/0x310
[   67.635762][    T7]  ? rwlock_bug.part.0+0x90/0x90
[   67.640707][    T7]  worker_thread+0x96/0xe10
[   67.645201][    T7]  ? process_one_work+0x1690/0x1690
[   67.650426][    T7]  kthread+0x3b5/0x4a0
[   67.654520][    T7]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   67.660229][    T7]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   67.665939][    T7]  ret_from_fork+0x1f/0x30
[   67.671768][    T7] Kernel Offset: disabled
[   67.676105][    T7] Rebooting in 86400 seconds..