INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes [ 142.817336] random: sshd: uninitialized urandom read (32 bytes read, 105 bits of entropy available) Warning: Permanently added '10.128.15.199' (ECDSA) to the list of known hosts. [ 148.419678] random: sshd: uninitialized urandom read (32 bytes read, 109 bits of entropy available) 2018/08/20 20:15:10 parsed 1 programs [ 149.587630] random: cc1: uninitialized urandom read (8 bytes read, 111 bits of entropy available) 2018/08/20 20:15:12 executed programs: 0 [ 151.316541] IPVS: Creating netns size=2552 id=1 [ 151.423510] IPVS: Creating netns size=2552 id=2 [ 151.494040] IPVS: Creating netns size=2552 id=3 [ 151.577033] IPVS: Creating netns size=2552 id=4 [ 151.678900] IPVS: Creating netns size=2552 id=5 [ 151.834176] IPVS: Creating netns size=2552 id=6 [ 151.988207] IPVS: Creating netns size=2552 id=7 [ 151.996838] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 152.064855] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 152.175248] IPVS: Creating netns size=2552 id=8 [ 152.506385] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 152.590953] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 152.602109] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 152.620165] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 152.833794] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 152.902516] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 152.914240] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 152.968373] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 152.976768] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 153.018550] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 153.026781] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 153.151806] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 153.191400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 153.205937] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 153.219515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 153.240399] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 153.253904] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 153.263283] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 153.291966] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 153.300727] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 153.309703] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 153.337415] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 153.369055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 153.395870] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 153.404939] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 153.490652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 153.578261] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 153.594405] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 153.603358] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 153.636734] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 153.645640] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 153.659844] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 153.695535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 153.729633] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 153.738494] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 153.805134] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 153.812887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 153.833734] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 153.877506] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 153.924810] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 153.940039] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 153.955824] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 154.017307] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 154.067318] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 154.089037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 154.118316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 154.166772] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 154.187298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 154.213935] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 154.269372] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 154.284950] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 154.294787] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 154.438670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 154.515784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 154.573322] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 154.619521] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 154.655688] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 154.686912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 154.748740] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 154.790748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 154.838043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 154.872404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 156.802411] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 157.093869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.202775] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 157.403954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.413400] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 157.598844] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 157.634091] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.741257] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 157.856557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.926556] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 157.997611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 158.159665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 158.177593] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 158.229128] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 158.389472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 158.483778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/08/20 20:15:20 executed programs: 8 2018/08/20 20:15:25 executed programs: 213 2018/08/20 20:15:30 executed programs: 458 2018/08/20 20:15:35 executed programs: 702 2018/08/20 20:15:40 executed programs: 949 [ 181.570207] random: nonblocking pool is initialized 2018/08/20 20:15:45 executed programs: 1192 2018/08/20 20:15:50 executed programs: 1457 2018/08/20 20:15:55 executed programs: 1729 2018/08/20 20:16:00 executed programs: 1984 2018/08/20 20:16:05 executed programs: 2249 2018/08/20 20:16:10 executed programs: 2517 2018/08/20 20:16:15 executed programs: 2776 2018/08/20 20:16:20 executed programs: 3053 2018/08/20 20:16:25 executed programs: 3321 2018/08/20 20:16:30 executed programs: 3609 2018/08/20 20:16:35 executed programs: 3893 2018/08/20 20:16:40 executed programs: 4182 2018/08/20 20:16:45 executed programs: 4483 2018/08/20 20:16:50 executed programs: 4763 2018/08/20 20:16:55 executed programs: 5055 2018/08/20 20:17:00 executed programs: 5347 2018/08/20 20:17:05 executed programs: 5628 2018/08/20 20:17:10 executed programs: 5924 2018/08/20 20:17:16 executed programs: 6200 2018/08/20 20:17:21 executed programs: 6491 2018/08/20 20:17:26 executed programs: 6768 2018/08/20 20:17:31 executed programs: 7056 2018/08/20 20:17:36 executed programs: 7348 2018/08/20 20:17:41 executed programs: 7642 2018/08/20 20:17:46 executed programs: 7951 2018/08/20 20:17:51 executed programs: 8248 2018/08/20 20:17:56 executed programs: 8556 2018/08/20 20:18:01 executed programs: 8853 2018/08/20 20:18:06 executed programs: 9157 2018/08/20 20:18:11 executed programs: 9463 2018/08/20 20:18:16 executed programs: 9777 2018/08/20 20:18:21 executed programs: 10096 2018/08/20 20:18:26 executed programs: 10392 2018/08/20 20:18:31 executed programs: 10717 2018/08/20 20:18:36 executed programs: 11018 2018/08/20 20:18:41 executed programs: 11341 2018/08/20 20:18:46 executed programs: 11642 2018/08/20 20:18:51 executed programs: 11966 2018/08/20 20:18:56 executed programs: 12280 2018/08/20 20:19:01 executed programs: 12591 2018/08/20 20:19:06 executed programs: 12888 2018/08/20 20:19:11 executed programs: 13199 2018/08/20 20:19:16 executed programs: 13510 2018/08/20 20:19:21 executed programs: 13819 2018/08/20 20:19:26 executed programs: 14144 2018/08/20 20:19:31 executed programs: 14453 2018/08/20 20:19:36 executed programs: 14771 2018/08/20 20:19:41 executed programs: 15071 2018/08/20 20:19:46 executed programs: 15389 2018/08/20 20:19:51 executed programs: 15703 2018/08/20 20:19:56 executed programs: 16019 2018/08/20 20:20:01 executed programs: 16330 2018/08/20 20:20:06 executed programs: 16643 2018/08/20 20:20:11 executed programs: 16949 2018/08/20 20:20:16 executed programs: 17270 2018/08/20 20:20:21 executed programs: 17596 2018/08/20 20:20:26 executed programs: 17900 2018/08/20 20:20:31 executed programs: 18217 2018/08/20 20:20:36 executed programs: 18515 2018/08/20 20:20:41 executed programs: 18841 2018/08/20 20:20:46 executed programs: 19137 2018/08/20 20:20:51 executed programs: 19464 2018/08/20 20:20:56 executed programs: 19762 2018/08/20 20:21:01 executed programs: 20070 2018/08/20 20:21:06 executed programs: 20375 2018/08/20 20:21:11 executed programs: 20699 2018/08/20 20:21:16 executed programs: 21009 2018/08/20 20:21:21 executed programs: 21317 INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes 2018/08/20 20:21:26 executed programs: 21629 2018/08/20 20:21:31 executed programs: 21939 2018/08/20 20:21:36 executed programs: 22252 2018/08/20 20:21:41 executed programs: 22551 2018/08/20 20:21:47 executed programs: 22873 2018/08/20 20:21:52 executed programs: 23181 2018/08/20 20:21:57 executed programs: 23504 2018/08/20 20:22:02 executed programs: 23813 2018/08/20 20:22:07 executed programs: 24139 2018/08/20 20:22:12 executed programs: 24451 2018/08/20 20:22:17 executed programs: 24767 2018/08/20 20:22:22 executed programs: 25088 2018/08/20 20:22:27 executed programs: 25400 [ 590.623503] ================================================================== [ 590.630916] BUG: KASAN: use-after-free in __lock_acquire+0x3c66/0x5270 [ 590.637578] Read of size 8 at addr ffff8800afc7de20 by task syz-executor0/10653 [ 590.645010] [ 590.646642] CPU: 1 PID: 10653 Comm: syz-executor0 Not tainted 4.4.150-g5541782 #83 [ 590.654334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 590.663692] 0000000000000000 10fbfb7a58a3cede ffff8801d797fa70 ffffffff81e14e2d [ 590.671729] ffffea0002bf1e00 ffff8800afc7de20 0000000000000000 ffff8800afc7de20 [ 590.679756] 0000000000000000 ffff8801d797faa8 ffffffff8151a3f0 ffff8800afc7de20 [ 590.687769] Call Trace: [ 590.690379] [] dump_stack+0xc1/0x124 [ 590.695745] [] print_address_description+0x6c/0x216 [ 590.702412] [] kasan_report.cold.7+0x175/0x2f7 [ 590.708700] [] ? __lock_acquire+0x3c66/0x5270 [ 590.714850] [] __asan_report_load8_noabort+0x14/0x20 [ 590.721590] [] __lock_acquire+0x3c66/0x5270 [ 590.727549] [] ? dput.part.26+0x587/0x760 [ 590.733337] [] ? dput+0x1f/0x30 [ 590.738268] [] ? __fput+0x401/0x6f0 [ 590.743529] [] ? ____fput+0x15/0x20 [ 590.748788] [] ? task_work_run+0x10f/0x190 [ 590.754657] [] ? __lock_acquire+0xa86/0x5270 [ 590.760698] [] ? debug_check_no_locks_freed+0x210/0x210 [ 590.767698] [] ? debug_check_no_locks_freed+0x210/0x210 [ 590.774693] [] ? debug_check_no_obj_freed+0x2ec/0x940 [ 590.781524] [] ? quarantine_put+0xda/0x180 [ 590.787401] [] lock_acquire+0x15e/0x450 [ 590.793023] [] ? lock_sock_nested+0x43/0x120 [ 590.799070] [] ? get_parent_ip+0xd/0x50 [ 590.804700] [] ? sock_release+0x1c0/0x1c0 [ 590.810527] [] _raw_spin_lock_bh+0x3a/0x50 [ 590.816410] [] ? lock_sock_nested+0x43/0x120 [ 590.822453] [] lock_sock_nested+0x43/0x120 [ 590.828331] [] pppol2tp_release+0x50/0x310 [ 590.834220] [] sock_release+0x96/0x1c0 [ 590.839740] [] sock_close+0x16/0x20 [ 590.845092] [] __fput+0x235/0x6f0 [ 590.850537] [] ____fput+0x15/0x20 [ 590.855625] [] task_work_run+0x10f/0x190 [ 590.861323] [] exit_to_usermode_loop+0x13d/0x160 [ 590.867713] [] syscall_return_slowpath+0x1b5/0x1f0 [ 590.874279] [] int_ret_from_sys_call+0x25/0xa3 [ 590.880486] [ 590.882137] Allocated by task 10660: [ 590.885833] [] save_stack_trace+0x26/0x50 [ 590.891754] [] save_stack+0x43/0xd0 [ 590.897155] [] kasan_kmalloc+0xc7/0xe0 [ 590.902824] [] __kmalloc+0x124/0x310 [ 590.908315] [] sk_prot_alloc+0x204/0x300 [ 590.914161] [] sk_alloc+0x3a/0x3a0 [ 590.919474] [] pppol2tp_create+0x33/0x1f0 [ 590.925402] [] pppox_create+0xf6/0x200 [ 590.931066] [] __sock_create+0x2f0/0x5f0 [ 590.936930] [] SyS_socket+0xf0/0x1b0 [ 590.942404] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 590.949109] [ 590.950728] Freed by task 10653: [ 590.954450] [] save_stack_trace+0x26/0x50 [ 590.960382] [] save_stack+0x43/0xd0 [ 590.965781] [] kasan_slab_free+0x72/0xc0 [ 590.971597] [] kfree+0xf4/0x310 [ 590.976641] [] sk_destruct+0x407/0x4c0 [ 590.982283] [] __sk_free+0x4f/0x220 [ 590.987680] [] sk_free+0x30/0x40 [ 590.992847] [] pppol2tp_session_sock_put+0x5f/0x70 [ 590.999565] [] l2tp_tunnel_closeall+0x23c/0x350 [ 591.006012] [] l2tp_udp_encap_destroy+0x8b/0xf0 [ 591.012446] [] udpv6_destroy_sock+0xb1/0xd0 [ 591.018540] [] sk_common_release+0x6d/0x300 [ 591.024619] [] udp_lib_close+0x15/0x20 [ 591.030254] [] inet_release+0xff/0x1d0 [ 591.035904] [] inet6_release+0x50/0x70 [ 591.041544] [] sock_release+0x96/0x1c0 [ 591.047202] [] sock_close+0x16/0x20 [ 591.052588] [] __fput+0x235/0x6f0 [ 591.057806] [] ____fput+0x15/0x20 [ 591.063045] [] task_work_run+0x10f/0x190 [ 591.068866] [] exit_to_usermode_loop+0x13d/0x160 [ 591.075375] [] syscall_return_slowpath+0x1b5/0x1f0 [ 591.082068] [] int_ret_from_sys_call+0x25/0xa3 [ 591.088409] [ 591.090021] The buggy address belongs to the object at ffff8800afc7dd80 [ 591.090021] which belongs to the cache kmalloc-2048 of size 2048 [ 591.102848] The buggy address is located 160 bytes inside of [ 591.102848] 2048-byte region [ffff8800afc7dd80, ffff8800afc7e580) [ 591.114798] The buggy address belongs to the page: [ 593.095355] ------------[ cut here ]------------ [ 593.100168] WARNING: CPU: 1 PID: -1345856128 at kernel/locking/lockdep.c:3123 __lock_acquire+0x23b8/0x5270() [ 593.110141] DEBUG_LOCKS_WARN_ON(depth >= MAX_LOCK_DEPTH) [ 593.115406] Kernel panic - not syncing: panic_on_warn set ... [ 593.115406] [ 593.123064] CPU: 1 PID: -1345856128 Comm: `®ªƒÿÿÿÿ€Ýǯ Not tainted 4.4.150-g5541782 #83 [ 593.131198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 593.140545] 0000000000000000 10fbfb7a58a3cede ffff8801db30c970 ffffffff81e14e2d [ 593.148583] ffffffff83a44e40 ffff8801d487c800 ffffffff83a56ca0 0000000000000009 [ 593.156792] 0000000000000c33 ffff8801db30ca30 ffffffff8140d3c4 0000000041b58ab3 [ 593.164824] Call Trace: [ 593.167395] <#DF> [] dump_stack+0xc1/0x124 [ 593.173495] [] panic+0x19e/0x38d [ 593.178499] [] ? add_taint.cold.4+0x16/0x16 [ 593.184456] [] ? warn_slowpath_common.cold.6+0x5/0x20 [ 593.191284] [] warn_slowpath_common.cold.6+0x20/0x20 [ 593.198026] [] ? __lock_acquire+0x23b8/0x5270 [ 593.204163] [] warn_slowpath_fmt+0xbf/0x100 [ 593.210126] [] ? warn_slowpath_common+0x120/0x120 [ 593.216613] [] __lock_acquire+0x23b8/0x5270 [ 593.222588] [] ? debug_check_no_locks_freed+0x210/0x210 [ 593.229607] [] lock_acquire+0x15e/0x450 [ 593.235226] [] ? vprintk_emit+0xa9/0x840 [ 593.240928] [] _raw_spin_lock+0x36/0x50 [ 593.246541] [] ? vprintk_emit+0xa9/0x840 [ 593.252239] [] vprintk_emit+0xa9/0x840 [ 593.257777] [] ? kasan_die_handler+0x1c/0x30 [ 593.263835] [] ? notifier_call_chain+0x192/0x1e0 [ 593.270233] [] vprintk+0x28/0x30 [ 593.275236] [] vprintk_default+0x1d/0x30 [ 593.280937] [] printk+0xaf/0xd7 [ 593.285854] [] ? log_wakeup_reason.cold.1+0x13f/0x13f [ 593.292681] [] ? debug_smp_processor_id+0x1c/0x20 [ 593.299160] [] df_debug+0x14/0x2d [ 593.304252] [] do_double_fault+0x113/0x230 [ 593.310151] [] double_fault+0x2d/0x40 [ 593.315598] [] ? dump_page_badflags+0x8/0x70 [ 593.321638] <> [ 594.444280] Shutting down cpus with NMI [ 594.448879] Dumping ftrace buffer: [ 594.452398] (ftrace buffer empty) [ 594.456081] Kernel Offset: disabled [ 594.459678] Rebooting in 86400 seconds..