Warning: Permanently added '[localhost]:26303' (ECDSA) to the list of known hosts. 2019/03/21 01:00:09 parsed 1 programs 2019/03/21 01:00:09 executed programs: 0 [ 119.288024] IPVS: Creating netns size=2720 id=2 [ 119.288743] IPVS: ftp: loaded support on port[0] = 21 [ 119.301505] IPVS: Creating netns size=2720 id=3 [ 119.302826] IPVS: ftp: loaded support on port[0] = 21 [ 119.314237] ================================================================== [ 119.315306] BUG: KASAN: use-after-free in ida_get_new_above+0x2eb/0x5d0 at addr ffff88006baffc00 [ 119.316466] Write of size 128 by task syz-executor0/5627 [ 119.317299] CPU: 1 PID: 5627 Comm: syz-executor0 Not tainted 4.10.0+ #1 [ 119.318302] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 119.319468] Call Trace: [ 119.319828] dump_stack+0xe6/0x120 [ 119.320322] kasan_object_err+0x1c/0x70 [ 119.320875] kasan_report.part.2+0x1e1/0x4a0 [ 119.321487] ? kmem_cache_alloc+0x13a/0x800 [ 119.322093] ? __kernfs_new_node+0x63/0x290 [ 119.322694] ? ida_get_new_above+0x2eb/0x5d0 [ 119.323304] ? sysfs_create_dir_ns+0xa2/0x1b0 [ 119.323930] kasan_report+0x20/0x30 [ 119.324444] check_memory_region+0x13d/0x1a0 [ 119.325050] memset+0x23/0x40 [ 119.325485] ida_get_new_above+0x2eb/0x5d0 [ 119.326082] ? idr_replace+0x180/0x180 [ 119.326626] ida_simple_get+0xd1/0x170 [ 119.327169] ? ida_remove+0x1f0/0x1f0 [ 119.327702] ? kmem_cache_alloc+0x38e/0x800 [ 119.328305] __kernfs_new_node+0x84/0x290 [ 119.328879] kernfs_new_node+0x5e/0xe0 [ 119.329433] kernfs_create_dir_ns+0x24/0x120 [ 119.330050] sysfs_create_dir_ns+0xa2/0x1b0 [ 119.330651] kobject_add_internal+0x343/0x980 [ 119.331275] ? __raw_spin_lock_init+0x2d/0x100 [ 119.331910] kset_register+0x20/0x50 [ 119.332425] kset_create_and_add+0x10d/0x170 [ 119.333039] netdev_register_kobject+0x195/0x3a0 [ 119.333714] ? raw_notifier_call_chain+0x11/0x20 [ 119.334374] register_netdevice+0x7c6/0xd60 [ 119.334972] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 119.335658] ? netdev_change_features+0x80/0x80 [ 119.336303] register_netdev+0x15/0x30 [ 119.336839] ip6_tnl_init_net+0x3ea/0x670 [ 119.337409] ? ip6_tnl_init_net+0x256/0x670 [ 119.338013] ops_init+0x95/0x390 [ 119.338480] setup_net+0x21b/0x520 [ 119.338970] ? ops_init+0x390/0x390 [ 119.339469] ? kmem_cache_alloc+0x38e/0x800 [ 119.340066] copy_net_ns+0x134/0x3b0 [ 119.340577] ? copy_utsname+0x27/0x2c0 [ 119.341113] create_new_namespaces+0x354/0x660 [ 119.341750] unshare_nsproxy_namespaces+0x8a/0x190 [ 119.342421] SyS_unshare+0x308/0x6b0 [ 119.342927] ? walk_process_tree+0x2d0/0x2d0 [ 119.343528] ? _raw_read_unlock+0x2c/0x50 [ 119.344097] ? do_prlimit+0x216/0x580 [ 119.344618] ? entry_SYSCALL_64_fastpath+0x5/0xc6 [ 119.345281] ? trace_hardirqs_on_caller+0x44c/0x5e0 [ 119.345977] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 119.346629] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 119.347273] RIP: 0033:0x458187 [ 119.347702] RSP: 002b:00007ffc4ab977c8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 119.348758] RAX: ffffffffffffffda RBX: 00007ffc4ab977d0 RCX: 0000000000458187 [ 119.349755] RDX: 0000000000000000 RSI: 00007ffc4ab977b0 RDI: 0000000040000000 [ 119.350749] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000018 [ 119.351734] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 119.352725] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 119.353739] Object at ffff88006baffc00, in cache kmalloc-128 size: 128 [ 119.354675] Allocated: [ 119.355024] PID = 5619 [ 119.355376] save_stack_trace+0x16/0x20 [ 119.355938] save_stack+0x46/0xd0 [ 119.356426] kasan_kmalloc+0xad/0xe0 [ 119.356951] kmem_cache_alloc_trace+0x142/0x800 [ 119.357612] ida_pre_get+0xa8/0xc0 [ 119.358115] get_anon_bdev+0x68/0x1a0 [ 119.358650] ns_set_super+0x3a/0x50 [ 119.359175] sget_userns+0x758/0xb20 [ 119.359692] mount_ns+0x5d/0x170 [ 119.360168] proc_mount+0x6d/0xa0 [ 119.360648] mount_fs+0x7c/0x2c0 [ 119.361117] vfs_kern_mount+0x66/0x3c0 [ 119.361664] kern_mount_data+0x36/0x90 [ 119.362212] pid_ns_prepare_proc+0x1b/0x60 [ 119.362813] alloc_pid+0x8e7/0xb80 [ 119.363310] copy_process.part.36+0x3352/0x5ce0 [ 119.363961] _do_fork+0x160/0xbb0 [ 119.364449] SyS_clone+0x14/0x20 [ 119.364911] do_syscall_64+0x1ba/0x5b0 [ 119.365446] return_from_SYSCALL_64+0x0/0x7a [ 119.366053] Freed: [ 119.366345] PID = 5620 [ 119.366688] save_stack_trace+0x16/0x20 [ 119.367235] save_stack+0x46/0xd0 [ 119.367710] kasan_slab_free+0x70/0xb0 [ 119.368243] kfree+0xcf/0x2c0 [ 119.368671] ida_pre_get+0x6f/0xc0 [ 119.369157] alloc_vfsmnt+0x49/0x720 [ 119.369672] clone_mnt+0x6c/0xf00 [ 119.370148] copy_tree+0x322/0x8e0 [ 119.370633] copy_mnt_ns+0xdc/0xcb0 [ 119.371133] create_new_namespaces+0xc5/0x660 [ 119.371751] unshare_nsproxy_namespaces+0x8a/0x190 [ 119.372438] SyS_unshare+0x308/0x6b0 [ 119.372949] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 119.373607] Memory state around the buggy address: [ 119.374291] ffff88006baffb00: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 119.375302] ffff88006baffb80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 119.376313] >ffff88006baffc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.377324] ^ [ 119.377792] ffff88006baffc80: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 119.378802] ffff88006baffd00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 119.379809] ================================================================== [ 119.380817] Disabling lock debugging due to kernel taint [ 119.381567] Kernel panic - not syncing: panic_on_warn set ... [ 119.381567] [ 119.382589] CPU: 1 PID: 5627 Comm: syz-executor0 Tainted: G B 4.10.0+ #1 [ 119.383686] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 119.384845] Call Trace: [ 119.385202] dump_stack+0xe6/0x120 [ 119.385692] panic+0x1b6/0x358 [ 119.386129] ? percpu_up_read_preempt_enable.constprop.41+0xb9/0xb9 [ 119.387003] ? kasan_end_report+0x32/0x50 [ 119.387570] kasan_end_report+0x50/0x50 [ 119.388114] kasan_report.part.2+0x371/0x4a0 [ 119.388717] ? ida_get_new_above+0x2eb/0x5d0 [ 119.389321] kasan_report+0x20/0x30 [ 119.389822] check_memory_region+0x13d/0x1a0 [ 119.390425] memset+0x23/0x40 [ 119.390849] ida_get_new_above+0x2eb/0x5d0 [ 119.391429] ? idr_replace+0x180/0x180 [ 119.391963] ida_simple_get+0xd1/0x170 [ 119.392495] ? ida_remove+0x1f0/0x1f0 [ 119.393014] ? kmem_cache_alloc+0x38e/0x800 [ 119.393609] __kernfs_new_node+0x84/0x290 [ 119.394178] kernfs_new_node+0x5e/0xe0 [ 119.394711] kernfs_create_dir_ns+0x24/0x120 [ 119.395315] sysfs_create_dir_ns+0xa2/0x1b0 [ 119.395906] kobject_add_internal+0x343/0x980 [ 119.396591] ? __raw_spin_lock_init+0x2d/0x100 [ 119.397359] kset_register+0x20/0x50 [ 119.398024] kset_create_and_add+0x10d/0x170 [ 119.398814] netdev_register_kobject+0x195/0x3a0 [ 119.400013] ? raw_notifier_call_chain+0x11/0x20 [ 119.400946] register_netdevice+0x7c6/0xd60 [ 119.401558] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 119.402234] ? netdev_change_features+0x80/0x80 [ 119.402875] register_netdev+0x15/0x30 [ 119.403410] ip6_tnl_init_net+0x3ea/0x670 [ 119.403978] ? ip6_tnl_init_net+0x256/0x670 [ 119.404552] ops_init+0x95/0x390 [ 119.404991] setup_net+0x21b/0x520 [ 119.405450] ? ops_init+0x390/0x390 [ 119.405938] ? kmem_cache_alloc+0x38e/0x800 [ 119.406502] copy_net_ns+0x134/0x3b0 [ 119.406989] ? copy_utsname+0x27/0x2c0 [ 119.407505] create_new_namespaces+0x354/0x660 [ 119.408102] unshare_nsproxy_namespaces+0x8a/0x190 [ 119.408740] SyS_unshare+0x308/0x6b0 [ 119.409219] ? walk_process_tree+0x2d0/0x2d0 [ 119.409799] ? _raw_read_unlock+0x2c/0x50 [ 119.410335] ? do_prlimit+0x216/0x580 [ 119.410833] ? entry_SYSCALL_64_fastpath+0x5/0xc6 [ 119.411485] ? trace_hardirqs_on_caller+0x44c/0x5e0 [ 119.412173] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 119.412824] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 119.413475] RIP: 0033:0x458187 [ 119.413916] RSP: 002b:00007ffc4ab977c8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 119.414973] RAX: ffffffffffffffda RBX: 00007ffc4ab977d0 RCX: 0000000000458187 [ 119.415968] RDX: 0000000000000000 RSI: 00007ffc4ab977b0 RDI: 0000000040000000 [ 119.416963] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000018 [ 119.417964] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 119.418959] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 119.420729] Kernel Offset: disabled [ 119.421237] Rebooting in 86400 seconds..