[�[0;32m OK �[0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
Starting Load/Save RF Kill Switch Status...
[�[0;32m OK �[0m] Started Update UTMP about System Runlevel Changes.
[�[0;32m OK �[0m] Started Load/Save RF Kill Switch Status.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.1.10' (ECDSA) to the list of known hosts.
2020/06/21 15:31:08 fuzzer started
2020/06/21 15:31:08 connecting to host at 10.128.0.26:45759
2020/06/21 15:31:08 checking machine...
2020/06/21 15:31:08 checking revisions...
2020/06/21 15:31:08 testing simple program...
syzkaller login: [ 56.732077][ T6802] IPVS: ftp: loaded support on port[0] = 21
2020/06/21 15:31:08 building call list...
[ 57.086014][ T303] tipc: TX() has been purged, node left!
[ 57.598144][ T303] ==================================================================
[ 57.606353][ T303] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770
[ 57.614502][ T303] Write of size 1 at addr ffff88809136f9e4 by task kworker/u4:5/303
[ 57.622462][ T303]
[ 57.624794][ T303] CPU: 1 PID: 303 Comm: kworker/u4:5 Not tainted 5.8.0-rc1-next-20200618-syzkaller #0
[ 57.634351][ T303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 57.644409][ T303] Workqueue: netns cleanup_net
[ 57.649344][ T303] Call Trace:
[ 57.653850][ T303] dump_stack+0x18f/0x20d
[ 57.658179][ T303] ? afs_wake_up_async_call+0x6aa/0x770
[ 57.663977][ T303] ? afs_wake_up_async_call+0x6aa/0x770
[ 57.669547][ T303] ? afs_put_call+0xa40/0xa40
[ 57.674228][ T303] print_address_description.constprop.0.cold+0xd3/0x413
[ 57.681338][ T303] ? vprintk_func+0x97/0x1a6
[ 57.685928][ T303] ? afs_wake_up_async_call+0x6aa/0x770
[ 57.691479][ T303] kasan_report.cold+0x1f/0x37
[ 57.696332][ T303] ? rcu_read_lock_held_common+0x71/0xa0
[ 57.702066][ T303] ? afs_wake_up_async_call+0x6aa/0x770
[ 57.707706][ T303] afs_wake_up_async_call+0x6aa/0x770
[ 57.713090][ T303] ? afs_close_socket+0x320/0x320
[ 57.718638][ T303] ? afs_put_call+0xa40/0xa40
[ 57.723315][ T303] rxrpc_notify_socket+0x1db/0x5d0
[ 57.728449][ T303] ? afs_put_call+0xa40/0xa40
[ 57.733368][ T303] __rxrpc_set_call_completion.part.0+0x172/0x410
[ 57.739807][ T303] rxrpc_call_completed+0xca/0xf0
[ 57.744840][ T303] rxrpc_discard_prealloc+0x781/0xab0
[ 57.750227][ T303] ? lock_sock_nested+0x94/0x110
[ 57.756596][ T303] rxrpc_listen+0x147/0x360
[ 57.761115][ T303] afs_close_socket+0x95/0x320
[ 57.765891][ T303] ? afs_purge_servers+0x16d/0x300
[ 57.771015][ T303] ? afs_rx_discard_new_call+0x50/0x50
[ 57.776480][ T303] ? init_wait_var_entry+0x200/0x200
[ 57.781876][ T303] ? rcu_read_lock_held_common+0xa0/0xa0
[ 57.787519][ T303] ? check_preemption_disabled+0x38/0x220
[ 57.793276][ T303] afs_net_exit+0x1bc/0x310
[ 57.797877][ T303] ? afs_net_init+0xe30/0xe30
[ 57.802649][ T303] ops_exit_list.isra.0+0xa8/0x150
[ 57.808775][ T303] cleanup_net+0x511/0xa50
[ 57.813192][ T303] ? unregister_pernet_device+0x70/0x70
[ 57.818744][ T303] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 57.824734][ T303] process_one_work+0x965/0x1690
[ 57.829694][ T303] ? lock_release+0x800/0x800
[ 57.834376][ T303] ? pwq_dec_nr_in_flight+0x310/0x310
[ 57.839753][ T303] ? rwlock_bug.part.0+0x90/0x90
[ 57.844701][ T303] worker_thread+0x96/0xe10
[ 57.849217][ T303] ? process_one_work+0x1690/0x1690
[ 57.854414][ T303] kthread+0x3b5/0x4a0
[ 57.858479][ T303] ? kthread_mod_delayed_work+0x1a0/0x1a0
[ 57.864230][ T303] ? kthread_mod_delayed_work+0x1a0/0x1a0
[ 57.870325][ T303] ret_from_fork+0x1f/0x30
[ 57.874750][ T303]
[ 57.877072][ T303] Allocated by task 6802:
[ 57.881400][ T303] save_stack+0x1b/0x40
[ 57.885551][ T303] __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 57.891176][ T303] kmem_cache_alloc_trace+0x153/0x7d0
[ 57.896979][ T303] afs_alloc_call+0x55/0x630
[ 57.901654][ T303] afs_charge_preallocation+0xe9/0x2d0
[ 57.907399][ T303] afs_open_socket+0x292/0x360
[ 57.915129][ T303] afs_net_init+0xa6c/0xe30
[ 57.919649][ T303] ops_init+0xaf/0x420
[ 57.923751][ T303] setup_net+0x2de/0x860
[ 57.927989][ T303] copy_net_ns+0x293/0x590
[ 57.932403][ T303] create_new_namespaces+0x3fb/0xb30
[ 57.938049][ T303] unshare_nsproxy_namespaces+0xbd/0x1f0
[ 57.943696][ T303] ksys_unshare+0x445/0x8e0
[ 57.948197][ T303] __x64_sys_unshare+0x2d/0x40
[ 57.952960][ T303] do_syscall_64+0x60/0xe0
[ 57.957681][ T303] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 57.963677][ T303]
[ 57.965999][ T303] Freed by task 303:
[ 57.970557][ T303] save_stack+0x1b/0x40
[ 57.974728][ T303] __kasan_slab_free+0xf7/0x140
[ 57.979570][ T303] kfree+0x109/0x2b0
[ 57.983463][ T303] afs_put_call+0x585/0xa40
[ 57.987962][ T303] rxrpc_discard_prealloc+0x764/0xab0
[ 57.993333][ T303] rxrpc_listen+0x147/0x360
[ 57.997858][ T303] afs_close_socket+0x95/0x320
[ 58.002619][ T303] afs_net_exit+0x1bc/0x310
[ 58.007121][ T303] ops_exit_list.isra.0+0xa8/0x150
[ 58.012235][ T303] cleanup_net+0x511/0xa50
[ 58.016669][ T303] process_one_work+0x965/0x1690
[ 58.021618][ T303] worker_thread+0x96/0xe10
[ 58.026129][ T303] kthread+0x3b5/0x4a0
[ 58.030200][ T303] ret_from_fork+0x1f/0x30
[ 58.034607][ T303]
[ 58.036929][ T303] The buggy address belongs to the object at ffff88809136f800
[ 58.036929][ T303] which belongs to the cache kmalloc-1k of size 1024
[ 58.050976][ T303] The buggy address is located 484 bytes inside of
[ 58.050976][ T303] 1024-byte region [ffff88809136f800, ffff88809136fc00)
[ 58.064361][ T303] The buggy address belongs to the page:
[ 58.069992][ T303] page:ffffea000244dbc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[ 58.079087][ T303] flags: 0xfffe0000000200(slab)
[ 58.083938][ T303] raw: 00fffe0000000200 ffffea00029c5dc8 ffffea000240cf48 ffff8880aa000c40
[ 58.092516][ T303] raw: 0000000000000000 ffff88809136f000 0000000100000002 0000000000000000
[ 58.101085][ T303] page dumped because: kasan: bad access detected
[ 58.107482][ T303]
[ 58.109799][ T303] Memory state around the buggy address:
[ 58.115424][ T303] ffff88809136f880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.123478][ T303] ffff88809136f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.131529][ T303] >ffff88809136f980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.139577][ T303] ^
[ 58.146772][ T303] ffff88809136fa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.154843][ T303] ffff88809136fa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 58.162890][ T303] ==================================================================
[ 58.170938][ T303] Disabling lock debugging due to kernel taint
[ 58.177131][ T303] Kernel panic - not syncing: panic_on_warn set ...
[ 58.183722][ T303] CPU: 1 PID: 303 Comm: kworker/u4:5 Tainted: G B 5.8.0-rc1-next-20200618-syzkaller #0
[ 58.194636][ T303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 58.204687][ T303] Workqueue: netns cleanup_net
[ 58.209441][ T303] Call Trace:
[ 58.212729][ T303] dump_stack+0x18f/0x20d
[ 58.217050][ T303] ? afs_wake_up_async_call+0x660/0x770
[ 58.222582][ T303] ? afs_put_call+0xa40/0xa40
[ 58.227247][ T303] panic+0x2e3/0x75c
[ 58.231135][ T303] ? __warn_printk+0xf3/0xf3
[ 58.235721][ T303] ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 58.241876][ T303] ? trace_hardirqs_on+0x55/0x220
[ 58.246893][ T303] ? afs_wake_up_async_call+0x6aa/0x770
[ 58.252425][ T303] ? afs_wake_up_async_call+0x6aa/0x770
[ 58.257957][ T303] ? afs_put_call+0xa40/0xa40
[ 58.262631][ T303] end_report+0x4d/0x53
[ 58.266781][ T303] kasan_report.cold+0xd/0x37
[ 58.271451][ T303] ? rcu_read_lock_held_common+0x71/0xa0
[ 58.277100][ T303] ? afs_wake_up_async_call+0x6aa/0x770
[ 58.282646][ T303] afs_wake_up_async_call+0x6aa/0x770
[ 58.288009][ T303] ? afs_close_socket+0x320/0x320
[ 58.293028][ T303] ? afs_put_call+0xa40/0xa40
[ 58.297885][ T303] rxrpc_notify_socket+0x1db/0x5d0
[ 58.303289][ T303] ? afs_put_call+0xa40/0xa40
[ 58.307960][ T303] __rxrpc_set_call_completion.part.0+0x172/0x410
[ 58.314381][ T303] rxrpc_call_completed+0xca/0xf0
[ 58.319487][ T303] rxrpc_discard_prealloc+0x781/0xab0
[ 58.325365][ T303] ? lock_sock_nested+0x94/0x110
[ 58.336320][ T303] rxrpc_listen+0x147/0x360
[ 58.342862][ T303] afs_close_socket+0x95/0x320
[ 58.358954][ T303] ? afs_purge_servers+0x16d/0x300
[ 58.368214][ T303] ? afs_rx_discard_new_call+0x50/0x50
[ 58.373901][ T303] ? init_wait_var_entry+0x200/0x200
[ 58.385199][ T303] ? rcu_read_lock_held_common+0xa0/0xa0
[ 58.390835][ T303] ? check_preemption_disabled+0x38/0x220
[ 58.396648][ T303] afs_net_exit+0x1bc/0x310
[ 58.401168][ T303] ? afs_net_init+0xe30/0xe30
[ 58.405852][ T303] ops_exit_list.isra.0+0xa8/0x150
[ 58.411001][ T303] cleanup_net+0x511/0xa50
[ 58.415955][ T303] ? unregister_pernet_device+0x70/0x70
[ 58.421849][ T303] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 58.427911][ T303] process_one_work+0x965/0x1690
[ 58.432857][ T303] ? lock_release+0x800/0x800
[ 58.437647][ T303] ? pwq_dec_nr_in_flight+0x310/0x310
[ 58.443054][ T303] ? rwlock_bug.part.0+0x90/0x90
[ 58.448035][ T303] worker_thread+0x96/0xe10
[ 58.452551][ T303] ? process_one_work+0x1690/0x1690
[ 58.457753][ T303] kthread+0x3b5/0x4a0
[ 58.461820][ T303] ? kthread_mod_delayed_work+0x1a0/0x1a0
[ 58.467548][ T303] ? kthread_mod_delayed_work+0x1a0/0x1a0
[ 58.473506][ T303] ret_from_fork+0x1f/0x30
[ 58.479416][ T303] Kernel Offset: disabled
[ 58.483735][ T303] Rebooting in 86400 seconds..