INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes Warning: Permanently added '10.128.15.202' (ECDSA) to the list of known hosts. 2018/07/08 23:56:19 parsed 1 programs 2018/07/08 23:56:21 executed programs: 0 [ 801.146530] IPVS: Creating netns size=2552 id=1 [ 801.212971] IPVS: Creating netns size=2552 id=2 [ 801.269848] IPVS: Creating netns size=2552 id=3 [ 801.314700] IPVS: Creating netns size=2552 id=4 [ 801.413261] IPVS: Creating netns size=2552 id=5 [ 801.479013] IPVS: Creating netns size=2552 id=6 [ 801.565114] IPVS: Creating netns size=2552 id=7 [ 801.680135] IPVS: Creating netns size=2552 id=8 [ 801.855848] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 801.905922] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 801.930454] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 801.989802] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 802.074847] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 802.131460] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 802.161945] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 802.221826] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 802.309875] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 802.364229] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 802.404619] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 802.413709] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 802.423959] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 802.509298] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 802.517157] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 802.554626] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 802.598780] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 802.626000] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 802.707029] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 802.733155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 802.763103] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 802.771339] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 802.782009] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 802.805775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 802.816002] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 802.852507] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 802.889041] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 802.899406] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 802.934454] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 802.943240] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 802.953236] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 802.963093] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 803.026787] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 803.035131] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 803.059438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 803.079587] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 803.117137] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 803.144076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 803.159846] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 803.236561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 803.250605] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 803.339349] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 803.350750] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 803.358029] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 803.408994] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 803.418503] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 803.428617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 803.469141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 803.520288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 803.598782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 803.642062] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 803.660468] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 803.689856] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 803.736308] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 803.846756] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 803.862198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 803.921773] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 803.930012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 803.984583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 804.029153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 804.096035] ip (4816) used greatest stack depth: 23200 bytes left [ 804.165776] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 804.225308] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 804.309611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 804.375135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 807.631860] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 807.836481] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 807.869303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 808.050574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 808.062141] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 808.081586] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 808.274111] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 808.314390] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 808.359514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 808.421854] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 808.499888] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 808.557280] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 808.693718] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 808.805149] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 809.093681] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 809.297004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/07/08 23:56:29 executed programs: 8 2018/07/08 23:56:35 executed programs: 206 2018/07/08 23:56:40 executed programs: 421 2018/07/08 23:56:45 executed programs: 624 2018/07/08 23:56:50 executed programs: 847 2018/07/08 23:56:55 executed programs: 1068 2018/07/08 23:57:00 executed programs: 1289 2018/07/08 23:57:05 executed programs: 1508 2018/07/08 23:57:10 executed programs: 1724 2018/07/08 23:57:15 executed programs: 1943 2018/07/08 23:57:20 executed programs: 2167 2018/07/08 23:57:25 executed programs: 2388 2018/07/08 23:57:30 executed programs: 2610 2018/07/08 23:57:35 executed programs: 2832 2018/07/08 23:57:40 executed programs: 3038 2018/07/08 23:57:45 executed programs: 3251 2018/07/08 23:57:50 executed programs: 3470 2018/07/08 23:57:55 executed programs: 3683 2018/07/08 23:58:00 executed programs: 3911 2018/07/08 23:58:05 executed programs: 4123 2018/07/08 23:58:10 executed programs: 4336 2018/07/08 23:58:15 executed programs: 4550 2018/07/08 23:58:20 executed programs: 4773 INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes 2018/07/08 23:58:25 executed programs: 5000 2018/07/08 23:58:30 executed programs: 5226 2018/07/08 23:58:35 executed programs: 5441 2018/07/08 23:58:40 executed programs: 5664 2018/07/08 23:58:45 executed programs: 5885 2018/07/08 23:58:50 executed programs: 6100 2018/07/08 23:58:55 executed programs: 6313 2018/07/08 23:59:00 executed programs: 6524 2018/07/08 23:59:05 executed programs: 6734 2018/07/08 23:59:10 executed programs: 6953 2018/07/08 23:59:15 executed programs: 7169 2018/07/08 23:59:20 executed programs: 7396 2018/07/08 23:59:25 executed programs: 7620 2018/07/08 23:59:30 executed programs: 7830 2018/07/08 23:59:35 executed programs: 8043 2018/07/08 23:59:40 executed programs: 8258 2018/07/08 23:59:45 executed programs: 8476 2018/07/08 23:59:50 executed programs: 8703 2018/07/08 23:59:55 executed programs: 8926 2018/07/09 00:00:00 executed programs: 9152 2018/07/09 00:00:05 executed programs: 9375 2018/07/09 00:00:10 executed programs: 9590 2018/07/09 00:00:15 executed programs: 9803 2018/07/09 00:00:20 executed programs: 10015 2018/07/09 00:00:26 executed programs: 10230 2018/07/09 00:00:31 executed programs: 10452 2018/07/09 00:00:36 executed programs: 10670 2018/07/09 00:00:41 executed programs: 10894 2018/07/09 00:00:46 executed programs: 11126 2018/07/09 00:00:51 executed programs: 11343 2018/07/09 00:00:56 executed programs: 11548 2018/07/09 00:01:01 executed programs: 11774 2018/07/09 00:01:06 executed programs: 12002 [ 1089.128825] ================================================================== [ 1089.136290] BUG: KASAN: use-after-free in __lock_acquire+0x3c66/0x5270 [ 1089.142971] Read of size 8 at addr ffff8801d8b20920 by task syz-executor3/22706 [ 1089.150408] [ 1089.152036] CPU: 1 PID: 22706 Comm: syz-executor3 Not tainted 4.4.139-g7ba5557 #2 [ 1089.159690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1089.169049] 0000000000000000 7e23a6c1c2a66737 ffff8801cdf1fa30 ffffffff81e0d58d [ 1089.177070] ffffea000762c800 ffff8801d8b20920 0000000000000000 ffff8801d8b20920 [ 1089.185059] 0000000000000000 ffff8801cdf1fa68 ffffffff81515a16 ffff8801d8b20920 [ 1089.193063] Call Trace: [ 1089.195629] [] dump_stack+0xc1/0x124 [ 1089.200976] [] print_address_description+0x6c/0x216 [ 1089.207718] [] kasan_report.cold.7+0x175/0x2f7 [ 1089.213955] [] ? __lock_acquire+0x3c66/0x5270 [ 1089.220090] [] __asan_report_load8_noabort+0x14/0x20 [ 1089.226830] [] __lock_acquire+0x3c66/0x5270 [ 1089.232787] [] ? dput+0x1f/0x30 [ 1089.237699] [] ? __fput+0x401/0x6f0 [ 1089.242953] [] ? ____fput+0x15/0x20 [ 1089.248216] [] ? task_work_run+0x10f/0x190 [ 1089.254088] [] ? exit_to_usermode_loop+0x13d/0x160 [ 1089.260652] [] ? __lock_acquire+0xa86/0x5270 [ 1089.266694] [] ? debug_check_no_locks_freed+0x210/0x210 [ 1089.273693] [] ? debug_check_no_locks_freed+0x210/0x210 [ 1089.280701] [] ? debug_check_no_obj_freed+0x2ec/0x940 [ 1089.287521] [] lock_acquire+0x15e/0x450 [ 1089.293135] [] ? lock_sock_nested+0x43/0x120 [ 1089.299176] [] ? get_parent_ip+0xd/0x50 [ 1089.304818] [] ? sock_release+0x1c0/0x1c0 [ 1089.310617] [] _raw_spin_lock_bh+0x3a/0x50 [ 1089.316501] [] ? lock_sock_nested+0x43/0x120 [ 1089.322540] [] lock_sock_nested+0x43/0x120 [ 1089.328410] [] pppol2tp_release+0x50/0x310 [ 1089.334849] [] sock_release+0x96/0x1c0 [ 1089.340366] [] sock_close+0x16/0x20 [ 1089.345625] [] __fput+0x235/0x6f0 [ 1089.350712] [] ____fput+0x15/0x20 [ 1089.355798] [] task_work_run+0x10f/0x190 [ 1089.361504] [] exit_to_usermode_loop+0x13d/0x160 [ 1089.367923] [] do_fast_syscall_32+0x620/0x8b0 [ 1089.374065] [] sysenter_flags_fixed+0xd/0x17 [ 1089.380108] [ 1089.381711] Allocated by task 22716: [ 1089.385395] [] save_stack_trace+0x26/0x50 [ 1089.391334] [] save_stack+0x43/0xd0 [ 1089.396707] [] kasan_kmalloc+0xc7/0xe0 [ 1089.402359] [] __kmalloc+0x124/0x310 [ 1089.407823] [] sk_prot_alloc+0x204/0x300 [ 1089.413643] [] sk_alloc+0x3a/0x3a0 [ 1089.418927] [] pppol2tp_create+0x33/0x1f0 [ 1089.424838] [] pppox_create+0xf6/0x200 [ 1089.430480] [] __sock_create+0x2f0/0x5f0 [ 1089.436287] [] SyS_socket+0xf0/0x1b0 [ 1089.441771] [] do_fast_syscall_32+0x326/0x8b0 [ 1089.448023] [] sysenter_flags_fixed+0xd/0x17 [ 1089.454204] [ 1089.455813] Freed by task 22706: [ 1089.459160] [] save_stack_trace+0x26/0x50 [ 1089.465081] [] save_stack+0x43/0xd0 [ 1089.470465] [] kasan_slab_free+0x72/0xc0 [ 1089.476286] [] kfree+0xf4/0x310 [ 1089.481585] [] sk_destruct+0x407/0x4c0 [ 1089.487239] [] __sk_free+0x4f/0x220 [ 1089.492627] [] sk_free+0x30/0x40 [ 1089.497759] [] pppol2tp_session_sock_put+0x5f/0x70 [ 1089.504454] [] l2tp_tunnel_closeall+0x23c/0x350 [ 1089.510902] [] l2tp_udp_encap_destroy+0x8b/0xf0 [ 1089.517329] [] udpv6_destroy_sock+0xb1/0xd0 [ 1089.523402] [] sk_common_release+0x6d/0x300 [ 1089.529477] [] udp_lib_close+0x15/0x20 [ 1089.535116] [] inet_release+0xff/0x1d0 [ 1089.540755] [] inet6_release+0x50/0x70 [ 1089.546399] [] sock_release+0x96/0x1c0 [ 1089.552045] [] sock_close+0x16/0x20 [ 1089.557421] [] __fput+0x235/0x6f0 [ 1089.562685] [] ____fput+0x15/0x20 [ 1089.567905] [] task_work_run+0x10f/0x190 [ 1089.573774] [] exit_to_usermode_loop+0x13d/0x160 [ 1089.580289] [] do_fast_syscall_32+0x620/0x8b0 [ 1089.586544] [] sysenter_flags_fixed+0xd/0x17 [ 1089.592699] [ 1089.594305] The buggy address belongs to the object at ffff8801d8b20880 [ 1089.594305] which belongs to the cache kmalloc-2048 of size 2048 [ 1089.607122] The buggy address is located 160 bytes inside of [ 1089.607122] 2048-byte region [ffff8801d8b20880, ffff8801d8b21080) [ 1089.619074] The buggy address belongs to the page: [ 1089.630295] kasan: CONFIG_KASAN_INLINE enabled [ 1089.634733] kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN [ 1089.647761] Dumping ftrace buffer: [ 1089.651314] (ftrace buffer empty) [ 1089.655035] Modules linked in: [ 1089.658361] CPU: 0 PID: 3980 Comm: syz-executor3 Not tainted 4.4.139-g7ba5557 #2 [ 1089.665897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1089.675257] task: ffff8800bb271800 task.stack: ffff8801d68a8000 [ 1089.681319] RIP: 0010:[] [] debug_check_no_obj_freed+0x1a6/0x940 [ 1089.690879] RSP: 0000:ffff8801d68afa60 EFLAGS: 00010802 [ 1089.696357] RAX: 0000000000000092 RBX: 8000000000004080 RCX: 0000000000000000 [ 1089.703651] RDX: 1000000000000810 RSI: 0000000000000002 RDI: ffffea000762c818 [ 1089.710929] RBP: ffff8801d68afb48 R08: ffff8801d68afae0 R09: dead000000000200 [ 1089.718208] R10: 0000000000000001 R11: ffff8800bb271800 R12: 8000000000004080 [ 1089.725492] R13: dffffc0000000000 R14: ffffffff85a7f2e8 R15: 00000001000f000f [ 1089.732766] FS: 0000000000000000(0000) GS:ffff8801db200000(0063) knlGS:0000000009958900 [ 1089.741000] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 1089.746892] CR2: 00000000ffff8801 CR3: 00000001d8309000 CR4: 00000000001606f0 [ 1089.754173] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1089.761447] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1089.768756] Stack: [ 1089.770911] ffff8800bb2720d8 0000000100000000 ffffffff85a7f2e0 ffff8800b933c000 [ 1089.778999] ffff8800b933b420 ffffffff811bf562 0000000000000002 00000000000ecb40 [ 1089.787055] 1ffff1003ad15f58 ffff8800b933b380 fffffbfff0b4fe5c ffff8800b933b000 [ 1089.795159] Call Trace: [ 1089.797751] [] ? try_to_wake_up+0x62/0xf00 [ 1089.803651] [] ? debug_object_active_state+0x3b0/0x3b0 [ 1089.810594] [] ? debug_check_no_locks_freed+0x170/0x210 [ 1089.817793] [] ? __sigqueue_free.part.28+0x51/0x60 [ 1089.824418] [] kmem_cache_free+0x188/0x340 [ 1089.830324] [] __sigqueue_free.part.28+0x51/0x60 [ 1089.836767] [] __dequeue_signal+0x31b/0x520 [ 1089.842755] [] dequeue_signal+0x90/0x4b0 [ 1089.848481] [] ? kernel_sigaction+0x230/0x230 [ 1089.854644] [] get_signal+0x286/0x14b0 [ 1089.860222] [] ? force_sig_info+0x23e/0x310 [ 1089.866207] [] do_signal+0x8b/0x1d30 [ 1089.871610] [] ? is_prefetch.isra.20+0x390/0x390 [ 1089.878027] [] ? setup_sigcontext+0x780/0x780 [ 1089.884193] [] ? __lock_is_held+0xa2/0xf0 [ 1089.890011] [] ? __bad_area_nosemaphore+0x21e/0x310 [ 1089.896707] [] ? exit_to_usermode_loop+0xe4/0x160 [ 1089.903245] [] exit_to_usermode_loop+0x11a/0x160 [ 1089.909667] [] prepare_exit_to_usermode+0xe3/0x100 [ 1089.916264] [] retint_user+0x8/0x3c [ 1089.921538] Code: 48 c7 c6 a0 27 99 85 4c 8b 24 3e 4d 85 e4 0f 84 f8 03 00 00 49 b9 00 02 00 00 00 00 ad de 31 f6 4c 8d 45 98 4c 89 e2 48 c1 ea 03 <42> 80 3c 2a 00 0f 85 e5 03 00 00 49 8d 7c 24 18 83 c6 01 49 8b [ 1089.949497] RIP [] debug_check_no_obj_freed+0x1a6/0x940 [ 1089.956651] RSP [ 1089.960284] ---[ end trace 7b39d717b6e20794 ]--- [ 1089.965046] Kernel panic - not syncing: Fatal exception [ 1091.107222] Shutting down cpus with NMI [ 1091.111762] Dumping ftrace buffer: [ 1091.115288] (ftrace buffer empty) [ 1091.118980] Kernel Offset: disabled [ 1091.122580] Rebooting in 86400 seconds..