INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes Warning: Permanently added 'ci-android-49-kasan-gce-6,10.128.15.193' (ECDSA) to the list of known hosts. 2017/09/26 00:45:12 parsed 1 programs 2017/09/26 00:45:12 executed programs: 0 [ 131.303760] dev_remove_pack: ffff8801d05adc80 not found 2017/09/26 00:45:17 executed programs: 192 [ 135.886939] ================================================================== [ 135.894318] BUG: KASAN: use-after-free in fanout_demux_rollover+0x49b/0x4d0 at addr ffff8801d05adc38 [ 135.903565] Read of size 8 by task swapper/0/0 [ 135.908115] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.9.51-g47589a5 #53 [ 135.915005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 135.924324] ffff8801db2077e0 ffffffff81d93069 ffff8801da002000 ffff8801d05ad500 [ 135.932284] ffff8801d05add00 ffffed003a0b5b87 ffff8801d05adc38 ffff8801db207808 [ 135.940231] ffffffff8153cc6c ffffed003a0b5b87 ffff8801da002000 0000000000000000 [ 135.948173] Call Trace: [ 135.950820] [ 135.952856] [] dump_stack+0xc1/0x128 [ 135.958205] [] kasan_object_err+0x1c/0x70 [ 135.963965] [] kasan_report.part.1+0x21c/0x500 [ 135.970161] [] ? fanout_demux_rollover+0x49b/0x4d0 [ 135.976888] [] ? kfree_skbmem+0xd7/0xf0 [ 135.982485] [] __asan_report_load8_noabort+0x29/0x30 [ 135.989200] [] fanout_demux_rollover+0x49b/0x4d0 [ 135.995570] [] packet_rcv_fanout+0x3e6/0x620 [ 136.001592] [] __netif_receive_skb_core+0x887/0x29e0 [ 136.008309] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 136.015285] [] ? netif_wake_subqueue+0x210/0x210 [ 136.021653] [] ? netif_receive_skb_internal+0x92/0x390 [ 136.028541] [] __netif_receive_skb+0x5b/0x1c0 [ 136.034648] [] netif_receive_skb_internal+0xff/0x390 [ 136.041365] [] ? netif_receive_skb_internal+0x92/0x390 [ 136.048254] [] ? dev_cpu_callback+0x680/0x680 [ 136.054361] [] ? dev_gro_receive+0x1d6/0x16f0 [ 136.060467] [] ? dev_gro_receive+0x67a/0x16f0 [ 136.066577] [] ? eth_type_trans+0x2a8/0x5d0 [ 136.072513] [] napi_gro_receive+0x1fb/0x400 [ 136.078446] [] virtnet_receive+0xe1c/0x1cf0 [ 136.084387] [] ? virtnet_open+0x250/0x250 [ 136.090151] [] ? check_preemption_disabled+0x3b/0x200 [ 136.096960] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 136.103934] [] ? check_preemption_disabled+0x3b/0x200 [ 136.110751] [] ? debug_smp_processor_id+0x1c/0x20 [ 136.117204] [] virtnet_poll+0x26/0x140 [ 136.122704] [] net_rx_action+0x396/0xe00 [ 136.128375] [] ? sk_busy_loop+0xca0/0xca0 [ 136.134134] [] ? handle_edge_irq+0x417/0x8e0 [ 136.140156] [] ? _raw_spin_lock+0x3e/0x50 [ 136.145915] [] ? check_preemption_disabled+0x3b/0x200 [ 136.152717] [] __do_softirq+0x22d/0x964 [ 136.158308] [] irq_exit+0x165/0x190 [ 136.163547] [] do_IRQ+0x107/0x1b0 [ 136.168613] [] common_interrupt+0x8c/0x8c [ 136.174371] [ 136.176399] [] ? native_safe_halt+0x6/0x10 [ 136.182260] [] ? trace_hardirqs_on+0xd/0x10 [ 136.188195] [] default_idle+0x55/0x360 [ 136.193695] [] arch_cpu_idle+0xa/0x10 [ 136.199109] [] default_idle_call+0x36/0x60 [ 136.204955] [] cpu_startup_entry+0x30c/0x3d0 [ 136.210977] [] ? cpu_in_idle+0x20/0x20 [ 136.216479] [] rest_init+0x184/0x190 [ 136.221816] [] start_kernel+0x679/0x6ae [ 136.227406] [] ? thread_stack_cache_init+0xb/0xb [ 136.233775] [] ? early_idt_handler_array+0x120/0x120 [ 136.240492] [] x86_64_start_reservations+0x2a/0x2c [ 136.247033] [] x86_64_start_kernel+0x140/0x163 [ 136.253228] Object at ffff8801d05ad500, in cache kmalloc-2048 size: 2048 [ 136.260026] Allocated: [ 136.262483] PID = 3397 [ 136.264944] save_stack_trace+0x16/0x20 [ 136.268881] save_stack+0x43/0xd0 [ 136.272297] kasan_kmalloc+0xad/0xe0 [ 136.275971] __kmalloc+0x11d/0x310 [ 136.279475] sk_prot_alloc+0x101/0x2a0 [ 136.283325] sk_alloc+0x3a/0x3a0 [ 136.286655] packet_create+0xf0/0x8e0 [ 136.290417] __sock_create+0x3ab/0x640 [ 136.294267] SyS_socket+0xf0/0x1b0 [ 136.297770] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 136.302486] Freed: [ 136.304597] PID = 3397 [ 136.307057] save_stack_trace+0x16/0x20 [ 136.310991] save_stack+0x43/0xd0 [ 136.314407] kasan_slab_free+0x73/0xc0 [ 136.318255] kfree+0xf0/0x2f0 [ 136.321321] __sk_destruct+0x47f/0x570 [ 136.325168] sk_destruct+0x47/0x80 [ 136.328670] __sk_free+0x57/0x230 [ 136.332084] sk_free+0x23/0x30 [ 136.335240] packet_release+0x732/0xa20 [ 136.339179] sock_release+0x8d/0x1e0 [ 136.342853] sock_close+0x16/0x20 [ 136.346269] __fput+0x28c/0x6e0 [ 136.349511] ____fput+0x15/0x20 [ 136.352754] task_work_run+0x115/0x190 [ 136.356607] do_exit+0x82e/0x2a50 [ 136.360025] do_group_exit+0x108/0x320 [ 136.363878] get_signal+0x55c/0x1600 [ 136.367554] do_signal+0x87/0x1960 [ 136.371058] exit_to_usermode_loop+0xe5/0x130 [ 136.375519] syscall_return_slowpath+0x1a0/0x1e0 [ 136.380238] entry_SYSCALL_64_fastpath+0xc4/0xc6 [ 136.384954] Memory state around the buggy address: [ 136.389850] ffff8801d05adb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 136.397173] ffff8801d05adb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 136.404494] >ffff8801d05adc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 136.411914] ^ [ 136.417065] ffff8801d05adc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 136.424385] ffff8801d05add00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 136.431702] ================================================================== [ 136.439056] ================================================================== [ 136.446380] BUG: KASAN: use-after-free in fanout_demux_rollover+0x4bc/0x4d0 at addr ffff8801da0e0300 [ 136.455611] Read of size 4 by task swapper/0/0 [ 136.460158] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.9.51-g47589a5 #53 [ 136.468258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 136.477582] ffff8801db2077e0 ffffffff81d93069 ffff8801da001640 ffff8801da0e0300 [ 136.485525] ffff8801da0e0380 ffffed003b41c060 ffff8801da0e0300 ffff8801db207808 [ 136.493476] ffffffff8153cc6c ffffed003b41c060 ffff8801da001640 0000000000000000 [ 136.501502] Call Trace: [ 136.504047] [ 136.506092] [] dump_stack+0xc1/0x128 [ 136.511440] [] kasan_object_err+0x1c/0x70 [ 136.517201] [] kasan_report.part.1+0x21c/0x500 [ 136.523396] [] ? fanout_demux_rollover+0x4bc/0x4d0 [ 136.530112] [] __asan_report_load4_noabort+0x29/0x30 [ 136.536831] [] fanout_demux_rollover+0x4bc/0x4d0 [ 136.543199] [] packet_rcv_fanout+0x3e6/0x620 [ 136.549224] [] __netif_receive_skb_core+0x887/0x29e0 [ 136.555942] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 136.562932] [] ? netif_wake_subqueue+0x210/0x210 [ 136.569306] [] ? netif_receive_skb_internal+0x92/0x390 [ 136.576196] [] __netif_receive_skb+0x5b/0x1c0 [ 136.582303] [] netif_receive_skb_internal+0xff/0x390 [ 136.589017] [] ? netif_receive_skb_internal+0x92/0x390 [ 136.595904] [] ? dev_cpu_callback+0x680/0x680 [ 136.602011] [] ? dev_gro_receive+0x1d6/0x16f0 [ 136.608118] [] ? dev_gro_receive+0x67a/0x16f0 [ 136.614231] [] ? eth_type_trans+0x2a8/0x5d0 [ 136.620179] [] napi_gro_receive+0x1fb/0x400 [ 136.626112] [] virtnet_receive+0xe1c/0x1cf0 [ 136.632047] [] ? virtnet_open+0x250/0x250 [ 136.637809] [] ? check_preemption_disabled+0x3b/0x200 [ 136.644617] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 136.651591] [] ? check_preemption_disabled+0x3b/0x200 [ 136.658391] [] ? debug_smp_processor_id+0x1c/0x20 [ 136.664846] [] virtnet_poll+0x26/0x140 [ 136.670346] [] net_rx_action+0x396/0xe00 [ 136.676018] [] ? sk_busy_loop+0xca0/0xca0 [ 136.681781] [] ? handle_edge_irq+0x417/0x8e0 [ 136.687803] [] ? _raw_spin_lock+0x3e/0x50 [ 136.693565] [] ? check_preemption_disabled+0x3b/0x200 [ 136.700368] [] __do_softirq+0x22d/0x964 [ 136.705960] [] irq_exit+0x165/0x190 [ 136.711198] [] do_IRQ+0x107/0x1b0 [ 136.716263] [] common_interrupt+0x8c/0x8c [ 136.722021] [ 136.724050] [] ? native_safe_halt+0x6/0x10 [ 136.729911] [] ? trace_hardirqs_on+0xd/0x10 [ 136.735844] [] default_idle+0x55/0x360 [ 136.741345] [] arch_cpu_idle+0xa/0x10 [ 136.746758] [] default_idle_call+0x36/0x60 [ 136.752604] [] cpu_startup_entry+0x30c/0x3d0 [ 136.758624] [] ? cpu_in_idle+0x20/0x20 [ 136.764123] [] rest_init+0x184/0x190 [ 136.769449] [] start_kernel+0x679/0x6ae [ 136.775035] [] ? thread_stack_cache_init+0xb/0xb [ 136.781404] [] ? early_idt_handler_array+0x120/0x120 [ 136.788119] [] x86_64_start_reservations+0x2a/0x2c [ 136.794669] [] x86_64_start_kernel+0x140/0x163 [ 136.800869] Object at ffff8801da0e0300, in cache kmalloc-128 size: 128 [ 136.807493] Allocated: [ 136.809953] PID = 3395 [ 136.812417] save_stack_trace+0x16/0x20 [ 136.816354] save_stack+0x43/0xd0 [ 136.819769] kasan_kmalloc+0xad/0xe0 [ 136.823443] kmem_cache_alloc_trace+0xfb/0x2a0 [ 136.827991] packet_setsockopt+0x181c/0x2240 [ 136.832379] SyS_setsockopt+0x160/0x250 [ 136.836319] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 136.841037] Freed: [ 136.843148] PID = 0 [ 136.845355] save_stack_trace+0x16/0x20 [ 136.849291] save_stack+0x43/0xd0 [ 136.853102] kasan_slab_free+0x73/0xc0 [ 136.856953] kfree+0xf0/0x2f0 [ 136.860032] rcu_process_callbacks+0x981/0x12d0 [ 136.864665] __do_softirq+0x22d/0x964 [ 136.868425] Memory state around the buggy address: [ 136.873317] ffff8801da0e0200: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 136.880640] ffff8801da0e0280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc