INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes Warning: Permanently added '10.128.0.16' (ECDSA) to the list of known hosts. 2018/10/25 02:43:36 parsed 1 programs 2018/10/25 02:43:38 executed programs: 0 [ 727.310053] audit: type=1400 audit(1540435423.199:5): avc: denied { associate } for pid=2176 comm="syz-executor0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 727.424909] hrtimer: interrupt took 40253 ns 2018/10/25 02:43:43 executed programs: 9 2018/10/25 02:43:48 executed programs: 105 2018/10/25 02:43:53 executed programs: 203 2018/10/25 02:43:59 executed programs: 300 [ 747.999717] ================================================================== [ 748.007149] BUG: KASAN: use-after-free in tcp_connect+0x2606/0x2fa0 [ 748.013557] Read of size 4 at addr ffff8801cfa26528 by task syz-executor5/6979 [ 748.020912] [ 748.022541] CPU: 1 PID: 6979 Comm: syz-executor5 Not tainted 4.9.135+ #13 [ 748.030394] ffff8801d859f610 ffffffff81b36bf9 ffffea00073e8980 ffff8801cfa26528 [ 748.038469] 0000000000000000 ffff8801cfa26528 000000000000ffd7 ffff8801d859f648 [ 748.046527] ffffffff815009ad ffff8801cfa26528 0000000000000004 0000000000000000 [ 748.054584] Call Trace: [ 748.057176] [] dump_stack+0xc1/0x128 [ 748.062536] [] print_address_description+0x6c/0x234 [ 748.069195] [] kasan_report.cold.6+0x242/0x2fe [ 748.075418] [] ? tcp_connect+0x2606/0x2fa0 [ 748.081299] [] __asan_report_load4_noabort+0x14/0x20 [ 748.088043] [] tcp_connect+0x2606/0x2fa0 [ 748.093748] [] ? tcp_push_one+0xe0/0xe0 [ 748.099364] [] tcp_v4_connect+0x19f4/0x1c20 [ 748.105332] [] ? tcp_v4_init_sequence+0x200/0x200 [ 748.111819] [] __inet_stream_connect+0x6e0/0xbf0 [ 748.118218] [] ? check_preemption_disabled+0x3b/0x170 [ 748.125054] [] ? inet_bind+0x8b0/0x8b0 [ 748.130589] [] ? kasan_kmalloc+0xaf/0xc0 [ 748.136301] [] ? kmem_cache_alloc_trace+0x117/0x2e0 [ 748.143004] [] tcp_sendmsg+0x218a/0x2fd0 [ 748.148726] [] ? avc_has_perm_noaudit+0x2f0/0x2f0 [ 748.155222] [] ? trace_hardirqs_on+0x10/0x10 [ 748.161281] [] ? tcp_sendpage+0x1910/0x1910 [ 748.167253] [] ? sock_has_perm+0x293/0x3e0 [ 748.173144] [] ? sock_has_perm+0x9f/0x3e0 [ 748.178943] [] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0 [ 748.186473] [] ? assoc_array_gc+0x12a2/0x12e0 [ 748.192619] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 748.199375] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 748.206134] [] ? check_preemption_disabled+0x3b/0x170 [ 748.212978] [] ? check_preemption_disabled+0x3b/0x170 [ 748.219822] [] ? inet_sendmsg+0x143/0x4d0 [ 748.225617] [] inet_sendmsg+0x203/0x4d0 [ 748.231242] [] ? inet_sendmsg+0x73/0x4d0 [ 748.236945] [] ? inet_recvmsg+0x4c0/0x4c0 [ 748.242740] [] sock_sendmsg+0xbb/0x110 2018/10/25 02:44:04 executed programs: 395 [ 748.248276] [] SyS_sendto+0x220/0x370 [ 748.253725] [] ? SyS_getpeername+0x2d0/0x2d0 [ 748.259783] [] ? kvm_clock_read+0x23/0x40 [ 748.265589] [] ? kvm_clock_get_cycles+0x9/0x10 [ 748.271831] [] ? ktime_get_ts64+0x24e/0x2e0 [ 748.277818] [] ? SyS_clock_settime+0x220/0x220 [ 748.284054] [] ? __compat_put_timespec.isra.3+0xc7/0x140 [ 748.291158] [] ? compat_SyS_clock_gettime+0x131/0x1b0 [ 748.297999] [] ? compat_SyS_clock_settime+0x1a0/0x1a0 [ 748.304839] [] ? do_fast_syscall_32+0xcf/0xa10 [ 748.311073] [] ? SyS_getpeername+0x2d0/0x2d0 [ 748.317139] [] do_fast_syscall_32+0x2f1/0xa10 [ 748.323293] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 748.329959] [] entry_SYSENTER_compat+0x90/0xa2 [ 748.336190] [ 748.337814] Allocated by task 6970: [ 748.341441] save_stack_trace+0x16/0x20 [ 748.345414] kasan_kmalloc.part.1+0x62/0xf0 [ 748.349734] kasan_kmalloc+0xaf/0xc0 [ 748.353442] kasan_slab_alloc+0x12/0x20 [ 748.357412] kmem_cache_alloc+0xd5/0x2b0 [ 748.361473] __alloc_skb+0xe6/0x5b0 [ 748.365099] sk_stream_alloc_skb+0xa3/0x5d0 [ 748.369429] tcp_sendmsg+0xe72/0x2fd0 [ 748.373229] inet_sendmsg+0x203/0x4d0 [ 748.377027] sock_sendmsg+0xbb/0x110 [ 748.380738] SyS_sendto+0x220/0x370 [ 748.384363] do_fast_syscall_32+0x2f1/0xa10 [ 748.388684] entry_SYSENTER_compat+0x90/0xa2 [ 748.393087] [ 748.394715] Freed by task 6979: [ 748.397991] save_stack_trace+0x16/0x20 [ 748.401962] kasan_slab_free+0xac/0x190 [ 748.405928] kmem_cache_free+0xbe/0x310 [ 748.409897] kfree_skbmem+0x7c/0x100 [ 748.413607] __kfree_skb+0x1d/0x20 [ 748.417156] tcp_connect+0xa74/0x2fa0 [ 748.420956] tcp_v4_connect+0x19f4/0x1c20 [ 748.425100] __inet_stream_connect+0x6e0/0xbf0 [ 748.429713] tcp_sendmsg+0x218a/0x2fd0 [ 748.433600] inet_sendmsg+0x203/0x4d0 [ 748.437390] sock_sendmsg+0xbb/0x110 [ 748.441080] SyS_sendto+0x220/0x370 [ 748.444686] do_fast_syscall_32+0x2f1/0xa10 [ 748.448996] entry_SYSENTER_compat+0x90/0xa2 [ 748.453387] [ 748.454994] The buggy address belongs to the object at ffff8801cfa26500 [ 748.454994] which belongs to the cache skbuff_fclone_cache of size 456 [ 748.468325] The buggy address is located 40 bytes inside of [ 748.468325] 456-byte region [ffff8801cfa26500, ffff8801cfa266c8) [ 748.480088] The buggy address belongs to the page: [ 748.484998] page:ffffea00073e8980 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 748.495189] flags: 0x4000000000004080(slab|head) [ 748.499937] page dumped because: kasan: bad access detected [ 748.505621] [ 748.507226] Memory state around the buggy address: [ 748.512140] ffff8801cfa26400: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 748.519485] ffff8801cfa26480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 748.526842] >ffff8801cfa26500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 748.534179] ^ [ 748.538823] ffff8801cfa26580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 748.546159] ffff8801cfa26600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 748.553493] ================================================================== [ 748.560842] Disabling lock debugging due to kernel taint [ 748.566898] Kernel panic - not syncing: panic_on_warn set ... [ 748.566898] [ 748.574272] CPU: 1 PID: 6979 Comm: syz-executor5 Tainted: G B 4.9.135+ #13 [ 748.582408] ffff8801d859f570 ffffffff81b36bf9 ffffffff82e35bc8 00000000ffffffff [ 748.590440] 0000000000000000 0000000000000001 000000000000ffd7 ffff8801d859f630 [ 748.598452] ffffffff813f6aa5 0000000041b58ab3 ffffffff82e29bcb ffffffff813f68e6 [ 748.606468] Call Trace: [ 748.609036] [] dump_stack+0xc1/0x128 [ 748.614381] [] panic+0x1bf/0x39f [ 748.619396] [] ? add_taint.cold.6+0x16/0x16 [ 748.625349] [] ? ___preempt_schedule+0x16/0x18 [ 748.631568] [] kasan_end_report+0x47/0x4f [ 748.637359] [] kasan_report.cold.6+0x76/0x2fe [ 748.643508] [] ? tcp_connect+0x2606/0x2fa0 [ 748.649386] [] __asan_report_load4_noabort+0x14/0x20 [ 748.656116] [] tcp_connect+0x2606/0x2fa0 [ 748.661830] [] ? tcp_push_one+0xe0/0xe0 [ 748.667431] [] tcp_v4_connect+0x19f4/0x1c20 [ 748.673379] [] ? tcp_v4_init_sequence+0x200/0x200 [ 748.679852] [] __inet_stream_connect+0x6e0/0xbf0 [ 748.686261] [] ? check_preemption_disabled+0x3b/0x170 [ 748.693086] [] ? inet_bind+0x8b0/0x8b0 [ 748.698605] [] ? kasan_kmalloc+0xaf/0xc0 [ 748.704297] [] ? kmem_cache_alloc_trace+0x117/0x2e0 [ 748.710942] [] tcp_sendmsg+0x218a/0x2fd0 [ 748.716638] [] ? avc_has_perm_noaudit+0x2f0/0x2f0 [ 748.723132] [] ? trace_hardirqs_on+0x10/0x10 [ 748.729171] [] ? tcp_sendpage+0x1910/0x1910 [ 748.735130] [] ? sock_has_perm+0x293/0x3e0 [ 748.740996] [] ? sock_has_perm+0x9f/0x3e0 [ 748.746774] [] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0 [ 748.754292] [] ? assoc_array_gc+0x12a2/0x12e0 [ 748.760428] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 748.767169] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 748.773904] [] ? check_preemption_disabled+0x3b/0x170 [ 748.780721] [] ? check_preemption_disabled+0x3b/0x170 [ 748.787544] [] ? inet_sendmsg+0x143/0x4d0 [ 748.793333] [] inet_sendmsg+0x203/0x4d0 [ 748.798933] [] ? inet_sendmsg+0x73/0x4d0 [ 748.804636] [] ? inet_recvmsg+0x4c0/0x4c0 [ 748.810421] [] sock_sendmsg+0xbb/0x110 [ 748.815944] [] SyS_sendto+0x220/0x370 [ 748.821386] [] ? SyS_getpeername+0x2d0/0x2d0 [ 748.827434] [] ? kvm_clock_read+0x23/0x40 [ 748.833214] [] ? kvm_clock_get_cycles+0x9/0x10 [ 748.839425] [] ? ktime_get_ts64+0x24e/0x2e0 [ 748.845381] [] ? SyS_clock_settime+0x220/0x220 [ 748.851609] [] ? __compat_put_timespec.isra.3+0xc7/0x140 [ 748.858693] [] ? compat_SyS_clock_gettime+0x131/0x1b0 [ 748.865518] [] ? compat_SyS_clock_settime+0x1a0/0x1a0 [ 748.872335] [] ? do_fast_syscall_32+0xcf/0xa10 [ 748.878560] [] ? SyS_getpeername+0x2d0/0x2d0 [ 748.884631] [] do_fast_syscall_32+0x2f1/0xa10 [ 748.890778] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 748.897421] [] entry_SYSENTER_compat+0x90/0xa2 [ 748.903978] Kernel Offset: disabled [ 748.907594] Rebooting in 86400 seconds..