INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes [ 194.688061] random: sshd: uninitialized urandom read (32 bytes read, 126 bits of entropy available) Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. [ 200.304540] random: sshd: uninitialized urandom read (32 bytes read, 128 bits of entropy available) 2018/08/29 09:15:00 parsed 1 programs [ 201.318834] random: nonblocking pool is initialized 2018/08/29 09:15:02 executed programs: 0 [ 202.469433] IPVS: Creating netns size=2552 id=1 [ 202.560008] IPVS: Creating netns size=2552 id=2 [ 202.605672] IPVS: Creating netns size=2552 id=3 [ 202.679946] IPVS: Creating netns size=2552 id=4 [ 202.796827] IPVS: Creating netns size=2552 id=5 [ 202.938732] IPVS: Creating netns size=2552 id=6 [ 203.067089] IPVS: Creating netns size=2552 id=7 [ 203.234379] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 203.236429] IPVS: Creating netns size=2552 id=8 [ 203.361722] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 203.434752] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 203.498432] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 203.545707] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 203.595288] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 203.607973] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 203.656943] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 203.680630] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 203.762917] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 203.771228] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 203.813000] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 203.899407] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 203.951844] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 204.040008] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 204.049146] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 204.089894] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 204.097431] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 204.105362] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 204.112891] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 204.122886] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 204.131801] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 204.142066] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 204.193667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.235891] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 204.260523] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 204.285246] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 204.308914] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.317287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.328243] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 204.353030] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 204.362668] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.408100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.419305] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 204.443266] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 204.457573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.469705] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 204.495764] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 204.504898] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 204.512828] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 204.530010] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 204.546337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 204.616815] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 204.626084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 204.656270] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 204.750573] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 204.868249] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 204.941626] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 204.958010] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 204.972012] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 204.996294] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 205.023440] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 205.054738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.068353] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 205.119860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.154349] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 205.184831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.217918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.229646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.255683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.318212] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 205.409417] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 205.529784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.573248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 207.742692] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 207.975945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 207.992279] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 208.037700] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 208.180031] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 208.201566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 208.318221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 208.394092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 208.621589] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 208.649544] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 208.727128] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 208.856075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 208.900035] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 208.980294] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 209.035091] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.231184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 2018/08/29 09:15:09 executed programs: 8 2018/08/29 09:15:14 executed programs: 233 2018/08/29 09:15:19 executed programs: 485 2018/08/29 09:15:24 executed programs: 755 2018/08/29 09:15:29 executed programs: 1013 2018/08/29 09:15:34 executed programs: 1278 2018/08/29 09:15:39 executed programs: 1538 2018/08/29 09:15:44 executed programs: 1796 2018/08/29 09:15:49 executed programs: 2057 2018/08/29 09:15:54 executed programs: 2323 2018/08/29 09:15:59 executed programs: 2592 2018/08/29 09:16:04 executed programs: 2854 2018/08/29 09:16:09 executed programs: 3114 2018/08/29 09:16:14 executed programs: 3381 2018/08/29 09:16:19 executed programs: 3639 2018/08/29 09:16:24 executed programs: 3900 [ 287.156413] ================================================================== [ 287.163816] BUG: KASAN: use-after-free in l2tp_session_create+0xde0/0x1030 [ 287.170822] Read of size 4 at addr ffff8800af568f10 by task syz-executor0/24711 [ 287.178250] [ 287.179876] CPU: 1 PID: 24711 Comm: syz-executor0 Not tainted 4.4.153-g5e24b4e #90 [ 287.187573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 287.196926] 0000000000000000 e55e2123195eeb24 ffff8801d40afaa8 ffffffff81e162ed [ 287.204934] ffffea0002bd5a00 ffff8800af568f10 0000000000000000 ffff8800af568f10 [ 287.212921] ffff8801d46a3348 ffff8801d40afae0 ffffffff8151b4d9 ffff8800af568f10 [ 287.220953] Call Trace: [ 287.223533] [] dump_stack+0xc1/0x124 [ 287.228876] [] print_address_description+0x6c/0x216 [ 287.235528] [] kasan_report.cold.7+0x175/0x2f7 [ 287.241745] [] ? l2tp_session_create+0xde0/0x1030 [ 287.248216] [] __asan_report_load4_noabort+0x14/0x20 [ 287.254946] [] l2tp_session_create+0xde0/0x1030 [ 287.261243] [] ? l2tp_session_create+0xadc/0x1030 [ 287.267713] [] pppol2tp_connect+0x10f0/0x1910 [ 287.273833] [] ? pppol2tp_recv+0x320/0x320 [ 287.279924] [] ? security_socket_connect+0x8f/0xc0 [ 287.286483] [] SYSC_connect+0x1b8/0x300 [ 287.292083] [] ? SYSC_bind+0x280/0x280 [ 287.297598] [] ? get_unused_fd_flags+0xd0/0xd0 [ 287.303812] [] ? do_futex+0x17f0/0x17f0 [ 287.309432] [] ? SyS_socket+0x121/0x1b0 [ 287.315050] [] ? move_addr_to_kernel+0x50/0x50 [ 287.321267] [] SyS_connect+0x24/0x30 [ 287.326607] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 287.333163] [ 287.334786] Allocated by task 24711: [ 287.338469] [] save_stack_trace+0x26/0x50 [ 287.344387] [] save_stack+0x43/0xd0 [ 287.349769] [] kasan_kmalloc+0xc7/0xe0 [ 287.355411] [] __kmalloc+0x124/0x310 [ 287.360877] [] l2tp_session_create+0x39/0x1030 [ 287.367226] [] pppol2tp_connect+0x10f0/0x1910 [ 287.373481] [] SYSC_connect+0x1b8/0x300 [ 287.379206] [] SyS_connect+0x24/0x30 [ 287.384662] [] entry_SYSCALL_64_fastpath+0x22/0x9e [ 287.391365] [ 287.392974] Freed by task 24704: [ 287.396335] [] save_stack_trace+0x26/0x50 [ 287.402239] [] save_stack+0x43/0xd0 [ 287.407626] [] kasan_slab_free+0x72/0xc0 [ 287.413455] [] kfree+0xf4/0x310 [ 287.418479] [] l2tp_session_free+0x170/0x200 [ 287.424656] [] l2tp_tunnel_closeall+0x2b9/0x350 [ 287.431081] [] l2tp_udp_encap_destroy+0x8b/0xf0 [ 287.437497] [] udpv6_destroy_sock+0xb1/0xd0 [ 287.443589] [] sk_common_release+0x6d/0x300 [ 287.449681] [] udp_lib_close+0x15/0x20 [ 287.455322] [] inet_release+0xff/0x1d0 [ 287.460954] [] inet6_release+0x50/0x70 [ 287.466590] [] __sock_release+0xd9/0x260 [ 287.472391] [] sock_close+0x19/0x20 [ 287.477782] [] __fput+0x235/0x6f0 [ 287.482985] [] ____fput+0x15/0x20 [ 287.488189] [] task_work_run+0x10f/0x190 [ 287.494002] [] exit_to_usermode_loop+0x13d/0x160 [ 287.500522] [] syscall_return_slowpath+0x1b5/0x1f0 [ 287.507205] [] int_ret_from_sys_call+0x25/0xa3 [ 287.513542] [ 287.515145] The buggy address belongs to the object at ffff8800af568f00 [ 287.515145] which belongs to the cache kmalloc-512 of size 512 [ 287.527773] The buggy address is located 16 bytes inside of [ 287.527773] 512-byte region [ffff8800af568f00, ffff8800af569100) [ 287.539538] The buggy address belongs to the page: [ 287.553695] page:ffffea0002bd5a00 count:1 mapcount:-2146697203 mapping: (null) index:0x0 [ 287.562711] flags: 0xffff8801d280fc59([ 287.563753] syz-executor1: Corrupted page table at address 482b61 [ 287.563757] PGD 1cd288067 PUD 1d2c5d067 PMD ffffffff814902b7 [ 287.563768] Bad pagetable: 001d [#1] PREEMPT SMP KASAN [ 287.563779] Dumping ftrace buffer: [ 287.563783] (ftrace buffer empty) [ 287.563785] Modules linked in: [ 287.563795] CPU: 0 PID: 24723 Comm: syz-executor1 Not tainted 4.4.153-g5e24b4e #90 [ 287.563799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 287.563803] task: ffff8800aef88000 task.stack: ffff8801ca3a0000 [ 287.563807] RIP: 0033:[<0000000000482b61>] [<0000000000482b61>] 0x482b61 [ 287.563817] RSP: 002b:0000000000a3fbf0 EFLAGS: 00010293 [ 287.563822] RAX: 0000000000000000 RBX: 0000000000046003 RCX: 0000000000482b61 [ 287.563826] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000a3fc00 [ 287.563830] RBP: 00000000009300a0 R08: ffffffffffffffff R09: ffffffffffffffff [ 287.563834] R10: 0000000000a3fcf0 R11: 0000000000000293 R12: 0000000000930aa0 [ 287.563838] R13: 000000000093014c R14: 0000000000045d4a R15: 0000000000045d1d [ 287.563845] FS: 0000000001742940(0063) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 287.563849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 287.563853] CR2: 0000000000482b61 CR3: 00000001ca81b000 CR4: 00000000001606f0 [ 287.563861] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 287.563865] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 287.563866] [ 287.563868] RIP [<0000000000482b61>] 0x482b61 [ 287.563874] RSP <0000000000a3fbf0> [ 287.563881] ---[ end trace c6ccf761e193dd0e ]--- [ 287.563885] Kernel panic - not syncing: Fatal exception [ 287.722625] locked|uptodate|dirty|active|reserved|private|private_2|writeback|head|swapcache) [ 287.732853] page dumped because: VM_BUG_ON_PAGE(PageSlab(page)) [ 287.738909] ------------[ cut here ]------------ [ 287.743653] kernel BUG at include/linux/mm.h:464! [ 287.748476] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 287.754343] Dumping ftrace buffer: [ 287.757860] (ftrace buffer empty) [ 287.761555] Modules linked in: [ 287.764861] CPU: 1 PID: 24711 Comm: syz-executor0 Tainted: G D 4.4.153-g5e24b4e #90 [ 287.773761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 287.783097] task: ffff8800af7bc800 task.stack: ffff8801d40a8000 [ 287.789136] RIP: 0010:[] [] dump_page_badflags+0x57/0x70 [ 287.797922] RSP: 0018:ffff8801d17bc4d8 EFLAGS: 00010093 [ 287.803356] RAX: 0000000000000000 RBX: ffffea0002bd5a00 RCX: 0000000000000001 [ 287.810608] RDX: 0000000000000000 RSI: ffffffff815195a9 RDI: ffff8800af7bd0dc [ 287.817859] RBP: ffff8801d17bc508 R08: 0000000000000001 R09: 0000000000000000 [ 287.825113] R10: 0000000000000001 R11: ffffffff858f0281 R12: 0000000000000000 [ 287.832367] R13: ffffffff83aaae60 R14: ffff8800af568f00 R15: ffff8800af569100 [ 287.839623] FS: 00007f4b196b9700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 287.847831] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 287.853694] CR2: 0000000000400200 CR3: 00000001d81ce000 CR4: 00000000001606f0 [ 287.860947] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 287.868201] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 287.875452] Stack: [ 287.877585] 0000000000000000 ffffea0002bd5a00 0000000000000000 ffffffff83aaae60 [ 287.885611] ffff8800af568f00 ffff8800af569100 ffff8801d17bc548 ffffffff814902b7 [ 287.893629] 0000000000000000 ffffea0002bd5a00 0000000000000000 ffffffff83aaae60 [ 287.901656] Call Trace: [ 287.904218] [ 287.906258] Code: 48 c1 ea 03 80 3c 02 00 75 23 48 8b 03 a8 80 0f 84 d6 91 08 00 e8 ea 42 ec ff 31 d2 48 c7 c6 60 ae aa 83 48 89 df e8 a9 ff ff ff <0f> 0b 48 89 df e8 af e4 06 00 eb d3 0f 1f 00 66 2e 0f 1f 84 00 [ 287.933877] RIP [] dump_page_badflags+0x57/0x70 [ 287.940344] RSP [ 287.943953] ---[ end trace c6ccf761e193dd0f ]--- [ 288.680754] Shutting down cpus with NMI [ 288.685193] Dumping ftrace buffer: [ 288.688710] (ftrace buffer empty) [ 288.692396] Kernel Offset: disabled [ 288.695996] Rebooting in 86400 seconds..