INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes Warning: Permanently added 'ci-android-49-kasan-gce-4,10.128.0.2' (ECDSA) to the list of known hosts. 2017/09/15 10:39:25 parsed 1 programs 2017/09/15 10:39:25 executed programs: 0 [ 134.339545] dev_remove_pack: ffff8801d9360780 not found [ 137.138873] ================================================================== [ 137.146255] BUG: KASAN: use-after-free in do_raw_spin_lock+0x1ac/0x1e0 at addr ffff8801d936014c [ 137.155057] Read of size 4 by task sshd/3282 [ 137.159433] CPU: 0 PID: 3282 Comm: sshd Not tainted 4.9.50-gf7d2974 #47 [ 137.166160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 137.175481] ffff8801ce9fee10 ffffffff81d92fc9 ffff8801da002000 ffff8801d9360000 [ 137.183432] ffff8801d9360800 ffffed003b26c029 ffff8801d936014c ffff8801ce9fee38 [ 137.191379] ffffffff8153cbcc ffffed003b26c029 ffff8801da002000 0000000000000000 [ 137.199329] Call Trace: [ 137.201887] [] dump_stack+0xc1/0x128 [ 137.207216] [] kasan_object_err+0x1c/0x70 [ 137.212976] [] kasan_report.part.1+0x21c/0x500 [ 137.219175] [] ? do_raw_spin_lock+0x1ac/0x1e0 [ 137.225285] [] __asan_report_load4_noabort+0x29/0x30 [ 137.232002] [] do_raw_spin_lock+0x1ac/0x1e0 [ 137.237937] [] _raw_spin_lock_bh+0x42/0x50 [ 137.243785] [] ? packet_rcv_has_room+0x25/0xb0 [ 137.249986] [] packet_rcv_has_room+0x25/0xb0 [ 137.256008] [] fanout_demux_rollover+0x26f/0x4d0 [ 137.262384] [] packet_rcv_fanout+0x4ce/0x620 [ 137.268407] [] dev_queue_xmit_nit+0x1b9/0x870 [ 137.274517] [] ? __netdev_pick_tx+0x700/0x700 [ 137.280973] [] dev_hard_start_xmit+0xa6/0x8a0 [ 137.287081] [] sch_direct_xmit+0x2bc/0x5d0 [ 137.292931] [] ? dev_deactivate_queue.constprop.28+0x150/0x150 [ 137.300517] [] ? dev_queue_xmit+0x17/0x20 [ 137.306277] [] __dev_queue_xmit+0x15fd/0x1e60 [ 137.312385] [] ? dev_queue_xmit+0x17/0x20 [ 137.318145] [] ? netdev_pick_tx+0x300/0x300 [ 137.324080] [] ? nf_ct_deliver_cached_events+0x26c/0x5f0 [ 137.331141] [] ? nf_ct_deliver_cached_events+0x89/0x5f0 [ 137.338128] [] ? ip_finish_output+0x6b1/0xa00 [ 137.344236] [] dev_queue_xmit+0x17/0x20 [ 137.349819] [] ip_finish_output2+0xbe8/0x1060 [ 137.355924] [] ? ip_finish_output+0x6b1/0xa00 [ 137.362032] [] ? dst_output+0x150/0x150 [ 137.367618] [] ? nf_hook_slow+0x131/0x1e0 [ 137.373381] [] ip_finish_output+0x6b1/0xa00 [ 137.379315] [] ip_output+0x1ca/0x610 [ 137.384640] [] ? ip_output+0x2f6/0x610 [ 137.390141] [] ? ip_mc_output+0xd50/0xd50 [ 137.395901] [] ? ip_fragment.constprop.56+0x200/0x200 [ 137.402701] [] ip_local_out+0x95/0x170 [ 137.408199] [] ip_queue_xmit+0x884/0x1760 [ 137.413958] [] ? ip_queue_xmit+0x3f/0x1760 [ 137.419814] [] ? __tcp_v4_send_check+0x1be/0x350 [ 137.426184] [] tcp_transmit_skb+0x1782/0x2d80 [ 137.432293] [] ? bictcp_cong_avoid+0xef0/0xef0 [ 137.438486] [] ? __tcp_select_window+0x510/0x510 [ 137.444854] [] ? remove_wait_queue+0x14/0x40 [ 137.450877] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 137.457852] [] ? _raw_spin_unlock_irqrestore+0x45/0x70 [ 137.464741] [] tcp_write_xmit+0xbd6/0x4a00 [ 137.470589] [] ? kasan_slab_alloc+0x12/0x20 [ 137.476523] [] ? check_stack_object+0x50/0x140 [ 137.482724] [] __tcp_push_pending_frames+0xa0/0x240 [ 137.489353] [] ? copy_from_iter+0x2d0/0x960 [ 137.495290] [] tcp_push+0x3fc/0x5d0 [ 137.500529] [] tcp_sendmsg+0xb89/0x2e30 [ 137.506117] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 137.513096] [] ? assoc_array_gc+0x1270/0x1300 [ 137.519204] [] ? tcp_sendpage+0x1910/0x1910 [ 137.525140] [] ? sock_has_perm+0x292/0x3e0 [ 137.530986] [] ? sock_has_perm+0x9f/0x3e0 [ 137.536745] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 137.543808] [] ? inet_sendmsg+0x73/0x4c0 [ 137.549484] [] ? inet_sendmsg+0x201/0x4c0 [ 137.555243] [] inet_sendmsg+0x2bc/0x4c0 [ 137.560831] [] ? inet_sendmsg+0x73/0x4c0 [ 137.566504] [] ? inet_recvmsg+0x4c0/0x4c0 [ 137.572265] [] sock_sendmsg+0xca/0x110 [ 137.577765] [] sock_write_iter+0x226/0x3b0 [ 137.583612] [] ? avc_has_perm_noaudit+0x450/0x450 [ 137.590065] [] ? sock_sendmsg+0x110/0x110 [ 137.595827] [] ? iov_iter_init+0xaf/0x1d0 [ 137.601597] [] __vfs_write+0x4bf/0x680 [ 137.607099] [] ? default_llseek+0x290/0x290 [ 137.613033] [] ? __set_current_blocked+0x80/0xa0 [ 137.619405] [] ? selinux_file_permission+0x82/0x460 [ 137.626034] [] ? rw_verify_area+0xe5/0x2b0 [ 137.631882] [] vfs_write+0x170/0x4e0 [ 137.637207] [] SyS_write+0xd9/0x1b0 [ 137.642447] [] ? SyS_read+0x1b0/0x1b0 [ 137.647862] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 137.654404] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 137.660947] Object at ffff8801d9360000, in cache kmalloc-2048 size: 2048 [ 137.667746] Allocated: [ 137.670205] PID = 4026 [ 137.672668] save_stack_trace+0x16/0x20 [ 137.676605] save_stack+0x43/0xd0 [ 137.680019] kasan_kmalloc+0xad/0xe0 [ 137.683694] __kmalloc+0x11d/0x310 [ 137.687198] sk_prot_alloc+0x101/0x2a0 [ 137.691049] sk_alloc+0x3a/0x3a0 [ 137.694379] packet_create+0xf0/0x8e0 [ 137.698145] __sock_create+0x3ab/0x640 [ 137.701994] SyS_socket+0xf0/0x1b0 [ 137.705498] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 137.710215] Freed: [ 137.712328] PID = 4024 [ 137.714793] save_stack_trace+0x16/0x20 [ 137.718727] save_stack+0x43/0xd0 [ 137.722145] kasan_slab_free+0x73/0xc0 [ 137.725995] kfree+0xf0/0x2f0 [ 137.729062] __sk_destruct+0x47f/0x570 [ 137.732911] sk_destruct+0x47/0x80 [ 137.736412] __sk_free+0x57/0x230 [ 137.739826] sk_free+0x23/0x30 [ 137.742982] packet_release+0x732/0xa20 [ 137.746920] sock_release+0x8d/0x1e0 [ 137.750595] sock_close+0x16/0x20 [ 137.754013] __fput+0x28c/0x6e0 [ 137.757256] ____fput+0x15/0x20 [ 137.760500] task_work_run+0x115/0x190 [ 137.764349] do_exit+0x82e/0x2a50 [ 137.767768] do_group_exit+0x108/0x320 [ 137.771617] get_signal+0x55c/0x1600 [ 137.775296] do_signal+0x87/0x1960 [ 137.778799] exit_to_usermode_loop+0xe5/0x130 [ 137.783258] syscall_return_slowpath+0x1a0/0x1e0 [ 137.787976] entry_SYSCALL_64_fastpath+0xc4/0xc6 [ 137.792690] Memory state around the buggy address: [ 137.797582] ffff8801d9360000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 137.804902] ffff8801d9360080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 137.812225] >ffff8801d9360100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 137.819545] ^ [ 137.825219] ffff8801d9360180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 137.832577] ffff8801d9360200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 137.839896] ================================================================== [ 137.847259] ================================================================== [ 137.854585] BUG: KASAN: use-after-free in do_raw_spin_lock+0x1d3/0x1e0 at addr ffff8801d9360158 [ 137.863382] Read of size 8 by task sshd/3282 [ 137.867757] CPU: 0 PID: 3282 Comm: sshd Tainted: G B 4.9.50-gf7d2974 #47 [ 137.875687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 137.885009] ffff8801ce9fee10 ffffffff81d92fc9 ffff8801da002000 ffff8801d9360000 [ 137.892963] ffff8801d9360800 ffffed003b26c02b ffff8801d9360158 ffff8801ce9fee38 [ 137.900908] ffffffff8153cbcc ffffed003b26c02b ffff8801da002000 0000000000000000 [ 137.908853] Call Trace: [ 137.911406] [] dump_stack+0xc1/0x128 [ 137.916735] [] kasan_object_err+0x1c/0x70 [ 137.922505] [] kasan_report.part.1+0x21c/0x500 [ 137.928701] [] ? do_raw_spin_lock+0x1d3/0x1e0 [ 137.934808] [] __asan_report_load8_noabort+0x29/0x30 [ 137.941521] [] do_raw_spin_lock+0x1d3/0x1e0 [ 137.947457] [] _raw_spin_lock_bh+0x42/0x50 [ 137.953310] [] ? packet_rcv_has_room+0x25/0xb0 [ 137.959510] [] packet_rcv_has_room+0x25/0xb0 [ 137.965531] [] fanout_demux_rollover+0x26f/0x4d0 [ 137.971907] [] packet_rcv_fanout+0x4ce/0x620 [ 137.977931] [] dev_queue_xmit_nit+0x1b9/0x870 [ 137.984040] [] ? __netdev_pick_tx+0x700/0x700 [ 137.990148] [] dev_hard_start_xmit+0xa6/0x8a0 [ 137.996258] [] sch_direct_xmit+0x2bc/0x5d0 [ 138.002107] [] ? dev_deactivate_queue.constprop.28+0x150/0x150 [ 138.009690] [] ? dev_queue_xmit+0x17/0x20 [ 138.015451] [] __dev_queue_xmit+0x15fd/0x1e60 [ 138.021558] [] ? dev_queue_xmit+0x17/0x20 [ 138.027324] [] ? netdev_pick_tx+0x300/0x300 [ 138.033261] [] ? nf_ct_deliver_cached_events+0x26c/0x5f0 [ 138.040325] [] ? nf_ct_deliver_cached_events+0x89/0x5f0 [ 138.047301] [] ? ip_finish_output+0x6b1/0xa00 [ 138.053413] [] dev_queue_xmit+0x17/0x20 [ 138.059412] [] ip_finish_output2+0xbe8/0x1060 [ 138.065521] [] ? ip_finish_output+0x6b1/0xa00 [ 138.071628] [] ? dst_output+0x150/0x150 [ 138.077215] [] ? nf_hook_slow+0x131/0x1e0 [ 138.082976] [] ip_finish_output+0x6b1/0xa00 [ 138.088909] [] ip_output+0x1ca/0x610 [ 138.094232] [] ? ip_output+0x2f6/0x610 [ 138.099731] [] ? ip_mc_output+0xd50/0xd50 [ 138.105490] [] ? ip_fragment.constprop.56+0x200/0x200 [ 138.112293] [] ip_local_out+0x95/0x170 [ 138.117795] [] ip_queue_xmit+0x884/0x1760 [ 138.123554] [] ? ip_queue_xmit+0x3f/0x1760 [ 138.129401] [] ? __tcp_v4_send_check+0x1be/0x350 [ 138.135773] [] tcp_transmit_skb+0x1782/0x2d80