INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts. 2019/04/16 23:26:46 parsed 1 programs 2019/04/16 23:26:48 executed programs: 0 [ 816.765198] audit: type=1400 audit(1555457208.546:5): avc: denied { associate } for pid=2189 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 2019/04/16 23:26:53 executed programs: 45 2019/04/16 23:26:58 executed programs: 94 2019/04/16 23:27:03 executed programs: 143 2019/04/16 23:27:08 executed programs: 192 2019/04/16 23:27:13 executed programs: 240 2019/04/16 23:28:14 executed programs: 256 2019/04/16 23:28:14 result: hanged=false err=executor 0: failed to write control pipe: write |1: broken pipe [ 906.419988] ================================================================== [ 906.427657] BUG: KASAN: use-after-free in xfrm6_tunnel_destroy+0x4df/0x570 [ 906.434652] Read of size 8 at addr ffff8801c7dc9618 by task kworker/1:1/22 [ 906.441664] [ 906.443274] CPU: 1 PID: 22 Comm: kworker/1:1 Not tainted 4.9.168+ #40 [ 906.449850] Workqueue: events xfrm_state_gc_task [ 906.454702] ffff8801d9c2fa60 ffffffff81b4f5d1 0000000000000000 ffffea00071f7200 [ 906.463191] ffff8801c7dc9618 0000000000000008 ffffffff82772c4f ffff8801d9c2fa98 [ 906.471201] ffffffff81506898 0000000000000000 ffff8801c7dc9618 ffff8801c7dc9618 [ 906.479254] Call Trace: [ 906.481820] [<000000006b13ca42>] dump_stack+0xc1/0x120 [ 906.487179] [<0000000040c6946f>] ? xfrm6_tunnel_destroy+0x4df/0x570 [ 906.493662] [<00000000d722bf75>] print_address_description+0x6f/0x23a [ 906.500314] [<0000000040c6946f>] ? xfrm6_tunnel_destroy+0x4df/0x570 [ 906.506789] [<00000000654bceaf>] kasan_report.cold+0x8c/0x2ba [ 906.512769] [<0000000017b2556d>] __asan_report_load8_noabort+0x14/0x20 [ 906.519502] [<0000000040c6946f>] xfrm6_tunnel_destroy+0x4df/0x570 [ 906.525812] [<000000007c8eda72>] ? xfrm6_tunnel_destroy+0x34/0x570 [ 906.532193] [<00000000c17e054e>] ? kfree+0x1b8/0x310 [ 906.537368] [<00000000afa049ab>] xfrm_state_gc_task+0x3b9/0x520 [ 906.543497] [<0000000076fd0186>] ? xfrm_state_unregister_afinfo+0x170/0x170 [ 906.550697] [<00000000f3a16349>] process_one_work+0x88b/0x1600 [ 906.556736] [<00000000bbf64384>] ? process_one_work+0x7ce/0x1600 [ 906.562948] [<00000000ff2c0977>] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 906.569422] [<00000000c72e07a6>] ? _raw_spin_unlock_irq+0x28/0x60 [ 906.575722] [<00000000afbb6845>] worker_thread+0x5df/0x11d0 [ 906.581499] [<000000004d1fd12b>] ? process_one_work+0x1600/0x1600 [ 906.587804] [<00000000cba7c17d>] kthread+0x278/0x310 [ 906.592976] [<00000000549b61bb>] ? kthread_park+0xa0/0xa0 [ 906.598586] [<00000000324bfff0>] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 906.605324] [<0000000089ef3d44>] ? _raw_spin_unlock_irq+0x39/0x60 [ 906.611712] [<0000000012d4df04>] ? finish_task_switch+0x1e5/0x660 [ 906.618018] [<000000000dd75387>] ? finish_task_switch+0x1b7/0x660 [ 906.624326] [<0000000028a0131f>] ? __switch_to_asm+0x34/0x70 [ 906.630193] [<00000000a7241c7b>] ? __switch_to_asm+0x40/0x70 [ 906.636064] [<0000000028a0131f>] ? __switch_to_asm+0x34/0x70 [ 906.641941] [<00000000549b61bb>] ? kthread_park+0xa0/0xa0 [ 906.647563] [<00000000549b61bb>] ? kthread_park+0xa0/0xa0 [ 906.653178] [<000000006663aa7c>] ret_from_fork+0x5c/0x70 [ 906.658708] [ 906.660319] Allocated by task 2189: [ 906.663933] save_stack_trace+0x16/0x20 [ 906.667887] kasan_kmalloc.part.0+0x62/0xf0 [ 906.672193] kasan_kmalloc+0xb7/0xd0 [ 906.675895] kasan_slab_alloc+0xf/0x20 [ 906.679771] kmem_cache_alloc+0xd5/0x2b0 [ 906.683817] copy_net_ns+0xfa/0x340 [ 906.687420] create_new_namespaces+0x37c/0x7a0 [ 906.691980] unshare_nsproxy_namespaces+0xab/0x1e0 [ 906.696889] SyS_unshare+0x305/0x6f0 [ 906.700588] do_syscall_64+0x1ad/0x570 [ 906.704454] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 906.709710] [ 906.711347] Freed by task 64: [ 906.714438] save_stack_trace+0x16/0x20 [ 906.718478] kasan_slab_free+0xb0/0x190 [ 906.722429] kmem_cache_free+0xbe/0x310 [ 906.726383] net_drop_ns+0x68/0x80 [ 906.729899] cleanup_net+0x505/0x8a0 [ 906.733599] process_one_work+0x88b/0x1600 [ 906.737809] worker_thread+0x5df/0x11d0 [ 906.741780] kthread+0x278/0x310 [ 906.745123] ret_from_fork+0x5c/0x70 [ 906.748805] [ 906.750423] The buggy address belongs to the object at ffff8801c7dc8000 [ 906.750423] which belongs to the cache net_namespace of size 7552 [ 906.763318] The buggy address is located 5656 bytes inside of [ 906.763318] 7552-byte region [ffff8801c7dc8000, ffff8801c7dc9d80) [ 906.775340] The buggy address belongs to the page: [ 906.780289] page:ffffea00071f7200 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 906.790476] flags: 0x4000000000010200(slab|head) [ 906.795203] page dumped because: kasan: bad access detected [ 906.800888] [ 906.802494] Memory state around the buggy address: [ 906.807420] ffff8801c7dc9500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 906.814764] ffff8801c7dc9580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 906.822290] >ffff8801c7dc9600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 906.829628] ^ [ 906.833754] ffff8801c7dc9680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 906.841093] ffff8801c7dc9700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 906.848519] ================================================================== [ 906.855857] Disabling lock debugging due to kernel taint [ 906.862120] Kernel panic - not syncing: panic_on_warn set ... [ 906.862120] [ 906.869502] CPU: 1 PID: 22 Comm: kworker/1:1 Tainted: G B 4.9.168+ #40 [ 906.877314] Workqueue: events xfrm_state_gc_task [ 906.882208] ffff8801d9c2f9a0 ffffffff81b4f5d1 ffff8801d9c2fa00 ffffffff82e3cb7f [ 906.890280] 00000000ffffffff 0000000000000001 ffffffff82772c4f ffff8801d9c2fa80 [ 906.898355] ffffffff813f945a 0000000041b58ab3 ffffffff82e2ec5a ffffffff813f9281 [ 906.906450] Call Trace: [ 906.909036] [<000000006b13ca42>] dump_stack+0xc1/0x120 [ 906.914405] [<0000000040c6946f>] ? xfrm6_tunnel_destroy+0x4df/0x570 [ 906.920901] [<000000009a822673>] panic+0x1d9/0x3bd [ 906.925950] [<00000000a987ba79>] ? add_taint.cold+0x16/0x16 [ 906.931754] [<00000000e7eb498a>] ? preempt_schedule_common+0x4f/0xe0 [ 906.938346] [<0000000040c6946f>] ? xfrm6_tunnel_destroy+0x4df/0x570 [ 906.944844] [<0000000050a434b7>] ? preempt_schedule+0x26/0x30 [ 906.950822] [<00000000b09872a0>] ? ___preempt_schedule+0x16/0x18 [ 906.957063] [<00000000fe45259d>] kasan_end_report+0x47/0x4f [ 906.962864] [<0000000007347be6>] kasan_report.cold+0xa9/0x2ba [ 906.968937] [<0000000017b2556d>] __asan_report_load8_noabort+0x14/0x20 [ 906.975694] [<0000000040c6946f>] xfrm6_tunnel_destroy+0x4df/0x570 [ 906.982017] [<000000007c8eda72>] ? xfrm6_tunnel_destroy+0x34/0x570 [ 906.988426] [<00000000c17e054e>] ? kfree+0x1b8/0x310 [ 906.993622] [<00000000afa049ab>] xfrm_state_gc_task+0x3b9/0x520 [ 906.999775] [<0000000076fd0186>] ? xfrm_state_unregister_afinfo+0x170/0x170 [ 907.006970] [<00000000f3a16349>] process_one_work+0x88b/0x1600 [ 907.013032] [<00000000bbf64384>] ? process_one_work+0x7ce/0x1600 [ 907.019297] [<00000000ff2c0977>] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 907.025798] [<00000000c72e07a6>] ? _raw_spin_unlock_irq+0x28/0x60 [ 907.032122] [<00000000afbb6845>] worker_thread+0x5df/0x11d0 [ 907.038186] [<000000004d1fd12b>] ? process_one_work+0x1600/0x1600 [ 907.044524] [<00000000cba7c17d>] kthread+0x278/0x310 [ 907.049720] [<00000000549b61bb>] ? kthread_park+0xa0/0xa0 [ 907.055349] [<00000000324bfff0>] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 907.062106] [<0000000089ef3d44>] ? _raw_spin_unlock_irq+0x39/0x60 [ 907.068434] [<0000000012d4df04>] ? finish_task_switch+0x1e5/0x660 [ 907.074767] [<000000000dd75387>] ? finish_task_switch+0x1b7/0x660 [ 907.081089] [<0000000028a0131f>] ? __switch_to_asm+0x34/0x70 [ 907.086977] [<00000000a7241c7b>] ? __switch_to_asm+0x40/0x70 [ 907.092861] [<0000000028a0131f>] ? __switch_to_asm+0x34/0x70 [ 907.098749] [<00000000549b61bb>] ? kthread_park+0xa0/0xa0 [ 907.104377] [<00000000549b61bb>] ? kthread_park+0xa0/0xa0 [ 907.110003] [<000000006663aa7c>] ret_from_fork+0x5c/0x70 [ 907.115861] Kernel Offset: disabled [ 907.119483] Rebooting in 86400 seconds..