INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes Warning: Permanently added 'ci-android-49-kasan-gce-1,10.128.0.4' (ECDSA) to the list of known hosts. 2017/09/12 02:41:41 parsed 1 programs 2017/09/12 02:41:41 executed programs: 0 2017/09/12 02:41:46 executed programs: 189 2017/09/12 02:41:51 executed programs: 379 2017/09/12 02:41:56 executed programs: 565 2017/09/12 02:42:01 executed programs: 760 2017/09/12 02:42:06 executed programs: 950 2017/09/12 02:42:11 executed programs: 1139 2017/09/12 02:42:16 executed programs: 1328 2017/09/12 02:42:21 executed programs: 1519 2017/09/12 02:42:26 executed programs: 1714 2017/09/12 02:42:31 executed programs: 1906 [ 184.214563] dev_remove_pack: ffff8801ce336500 not found [ 184.253861] dev_remove_pack: ffff8801d8e87600 not found 2017/09/12 02:42:36 executed programs: 2104 [ 187.627770] ================================================================== [ 187.635179] BUG: KASAN: use-after-free in fanout_demux_rollover+0x49b/0x4d0 at addr ffff8801d8e875b8 [ 187.644410] Read of size 8 by task syz-executor1/3302 [ 187.649563] CPU: 0 PID: 3302 Comm: syz-executor1 Not tainted 4.9.49-g5316da5 #45 [ 187.657057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.666372] ffff8801db2077e0 ffffffff81d92f89 ffff8801da002000 ffff8801d8e86e80 [ 187.674310] ffff8801d8e87680 ffffed003b1d0eb7 ffff8801d8e875b8 ffff8801db207808 [ 187.682264] ffffffff8153cbcc ffffed003b1d0eb7 ffff8801da002000 0000000000000000 [ 187.690215] Call Trace: [ 187.692760] [ 187.694789] [] dump_stack+0xc1/0x128 [ 187.700133] [] kasan_object_err+0x1c/0x70 [ 187.705893] [] kasan_report.part.1+0x21c/0x500 [ 187.712088] [] ? fanout_demux_rollover+0x49b/0x4d0 [ 187.718633] [] ? kfree_skbmem+0xd7/0xf0 [ 187.724220] [] __asan_report_load8_noabort+0x29/0x30 [ 187.730935] [] fanout_demux_rollover+0x49b/0x4d0 [ 187.737307] [] packet_rcv_fanout+0x3e6/0x620 [ 187.743331] [] __netif_receive_skb_core+0x887/0x29e0 [ 187.750050] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 187.757026] [] ? netif_wake_subqueue+0x210/0x210 [ 187.763394] [] ? netif_receive_skb_internal+0x92/0x390 [ 187.770285] [] __netif_receive_skb+0x5b/0x1c0 [ 187.776393] [] netif_receive_skb_internal+0xff/0x390 [ 187.783108] [] ? netif_receive_skb_internal+0x92/0x390 [ 187.789995] [] ? dev_cpu_callback+0x680/0x680 [ 187.796102] [] ? dev_gro_receive+0x1d6/0x16f0 [ 187.802209] [] ? dev_gro_receive+0x67a/0x16f0 [ 187.808316] [] ? eth_type_trans+0x2a8/0x5d0 [ 187.814249] [] napi_gro_receive+0x1fb/0x400 [ 187.820185] [] virtnet_receive+0xe1c/0x1cf0 [ 187.826116] [] ? virtnet_open+0x250/0x250 [ 187.831881] [] ? check_preemption_disabled+0x3b/0x200 [ 187.838689] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 187.845663] [] ? check_preemption_disabled+0x3b/0x200 [ 187.852467] [] ? debug_smp_processor_id+0x1c/0x20 [ 187.858921] [] virtnet_poll+0x26/0x140 [ 187.864418] [] net_rx_action+0x396/0xe00 [ 187.870091] [] ? sk_busy_loop+0xca0/0xca0 [ 187.875854] [] ? handle_edge_irq+0x417/0x8e0 [ 187.881878] [] ? _raw_spin_lock+0x3e/0x50 [ 187.887639] [] ? check_preemption_disabled+0x3b/0x200 [ 187.894441] [] __do_softirq+0x22d/0x964 [ 187.900029] [] irq_exit+0x165/0x190 [ 187.905266] [] do_IRQ+0x107/0x1b0 [ 187.910330] [] common_interrupt+0x8c/0x8c [ 187.916085] [ 187.918112] [] ? memcmp+0x95/0x160 [ 187.923278] [] ? __save_stack_trace+0x7d/0xf0 [ 187.929387] [] depot_save_stack+0x122/0x4a0 [ 187.935321] [] save_stack+0xa3/0xd0 [ 187.940557] [] ? save_stack_trace+0x16/0x20 [ 187.946488] [] ? save_stack+0x43/0xd0 [ 187.951908] [] ? kasan_kmalloc+0xad/0xe0 [ 187.957580] [] ? kasan_slab_alloc+0x12/0x20 [ 187.963513] [] ? kmem_cache_alloc+0xba/0x290 [ 187.969533] [] ? anon_vma_clone+0xde/0x4a0 [ 187.975379] [] ? anon_vma_fork+0x87/0x4b0 [ 187.981141] [] ? copy_process.part.51+0x4506/0x5d40 [ 187.987770] [] ? _do_fork+0x1c0/0xd70 [ 187.993182] [] ? SyS_clone+0x37/0x50 [ 187.998508] [] ? do_syscall_64+0x197/0x490 [ 188.004356] [] ? entry_SYSCALL64_slow_path+0x25/0x25 [ 188.011070] [] ? save_stack+0xa3/0xd0 [ 188.016481] [] ? save_stack_trace+0x16/0x20 [ 188.022414] [] ? save_stack+0x43/0xd0 [ 188.027826] [] ? kasan_kmalloc+0xad/0xe0 [ 188.033498] [] ? kasan_slab_alloc+0x12/0x20 [ 188.039432] [] ? kmem_cache_alloc+0xba/0x290 [ 188.045452] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 188.052428] [] ? entry_SYSCALL64_slow_path+0x25/0x25 [ 188.059143] [] ? avc_has_perm_noaudit+0x2b7/0x450 [ 188.065596] [] ? avc_has_perm_noaudit+0xa2/0x450 [ 188.071975] [] ? avc_has_extended_perms+0xf10/0xf10 [ 188.078609] [] ? __anon_vma_interval_tree_augment_rotate+0x1a9/0x220 [ 188.086714] [] ? __rb_insert_augmented+0x212/0xe90 [ 188.093256] [] ? kasan_unpoison_shadow+0x35/0x50 [ 188.099623] [] kasan_kmalloc+0xad/0xe0 [ 188.105121] [] ? anon_vma_interval_tree_insert+0x22a/0x2c0 [ 188.112356] [] ? anon_vma_clone+0xde/0x4a0 [ 188.118204] [] kasan_slab_alloc+0x12/0x20 [ 188.123961] [] kmem_cache_alloc+0xba/0x290 [ 188.129808] [] ? anon_vma_chain_link+0x91/0xd0 [ 188.136000] [] anon_vma_clone+0xde/0x4a0 [ 188.141672] [] anon_vma_fork+0x87/0x4b0 [ 188.147257] [] ? kmem_cache_alloc+0x10c/0x290 [ 188.153365] [] copy_process.part.51+0x4506/0x5d40 [ 188.159820] [] ? do_wp_page+0x243/0x2020 [ 188.165492] [] ? __cleanup_sighand+0x40/0x40 [ 188.171512] [] ? handle_mm_fault+0x6ee/0x2530 [ 188.177619] [] _do_fork+0x1c0/0xd70 [ 188.182858] [] ? fork_idle+0x270/0x270 [ 188.188358] [] ? __do_page_fault+0x2a7/0xbd0 [ 188.194378] [] ? __do_page_fault+0x510/0xbd0 [ 188.200400] [] SyS_clone+0x37/0x50 [ 188.205555] [] ? ptregs_sys_rt_sigreturn+0x10/0x10 [ 188.212097] [] do_syscall_64+0x197/0x490 [ 188.217768] [] ? sys_vfork+0x30/0x30 [ 188.223093] [] entry_SYSCALL64_slow_path+0x25/0x25 [ 188.229633] Object at ffff8801d8e86e80, in cache kmalloc-2048 size: 2048 [ 188.236431] Allocated: [ 188.239227] PID = 11180 [ 188.241780] save_stack_trace+0x16/0x20 [ 188.245716] save_stack+0x43/0xd0 [ 188.249129] kasan_kmalloc+0xad/0xe0 [ 188.252804] __kmalloc+0x11d/0x310 [ 188.256310] sk_prot_alloc+0x101/0x2a0 [ 188.260158] sk_alloc+0x3a/0x3a0 [ 188.263488] packet_create+0xf0/0x8e0 [ 188.267250] __sock_create+0x3ab/0x640 [ 188.271099] SyS_socket+0xf0/0x1b0 [ 188.274601] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 188.279316] Freed: [ 188.281427] PID = 11180 [ 188.283973] save_stack_trace+0x16/0x20 [ 188.287909] save_stack+0x43/0xd0 [ 188.291323] kasan_slab_free+0x73/0xc0 [ 188.295187] kfree+0xf0/0x2f0 [ 188.298255] __sk_destruct+0x47f/0x570 [ 188.302104] sk_destruct+0x47/0x80 [ 188.305606] __sk_free+0x57/0x230 [ 188.309019] sk_free+0x23/0x30 [ 188.312174] packet_release+0x732/0xa20 [ 188.316109] sock_release+0x8d/0x1e0 [ 188.319783] sock_close+0x16/0x20 [ 188.323199] __fput+0x28c/0x6e0 [ 188.326439] ____fput+0x15/0x20 [ 188.329683] task_work_run+0x115/0x190 [ 188.333536] do_exit+0x82e/0x2a50 [ 188.336949] do_group_exit+0x108/0x320 [ 188.340799] get_signal+0x55c/0x1600 [ 188.344478] do_signal+0x87/0x1960 [ 188.347980] exit_to_usermode_loop+0xe5/0x130 [ 188.352438] syscall_return_slowpath+0x1a0/0x1e0 [ 188.357155] entry_SYSCALL_64_fastpath+0xc4/0xc6 [ 188.361871] Memory state around the buggy address: [ 188.366763] ffff8801d8e87480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 188.374084] ffff8801d8e87500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 188.381404] >ffff8801d8e87580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 188.388726] ^ [ 188.393875] ffff8801d8e87600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 188.401196] ffff8801d8e87680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 188.408515] ================================================================== [ 188.415896] ================================================================== [ 188.423221] BUG: KASAN: use-after-free in fanout_demux_rollover+0x4bc/0x4d0 at addr ffff8801cae74a80 [ 188.432452] Read of size 4 by task syz-executor1/3302 [ 188.437606] CPU: 0 PID: 3302 Comm: syz-executor1 Tainted: G B 4.9.49-g5316da5 #45 [ 188.446316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.455635] ffff8801db2077e0 ffffffff81d92f89 ffff8801da001640 ffff8801cae74a80 [ 188.463580] ffff8801cae74b00 ffffed00395ce950 ffff8801cae74a80 ffff8801db207808 [ 188.471520] ffffffff8153cbcc ffffed00395ce950 ffff8801da001640 0000000000000000 [ 188.479463] Call Trace: [ 188.482009] [ 188.484039] [] dump_stack+0xc1/0x128 [ 188.489379] [] kasan_object_err+0x1c/0x70 [ 188.495140] [] kasan_report.part.1+0x21c/0x500 [ 188.501333] [] ? fanout_demux_rollover+0x4bc/0x4d0 [ 188.507874] [] __asan_report_load4_noabort+0x29/0x30 [ 188.514587] [] fanout_demux_rollover+0x4bc/0x4d0 [ 188.520955] [] packet_rcv_fanout+0x3e6/0x620 [ 188.526977] [] __netif_receive_skb_core+0x887/0x29e0 [ 188.533695] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 188.540671] [] ? netif_wake_subqueue+0x210/0x210 [ 188.547037] [] ? netif_receive_skb_internal+0x92/0x390 [ 188.553924] [] __netif_receive_skb+0x5b/0x1c0 [ 188.560031] [] netif_receive_skb_internal+0xff/0x390 [ 188.566746] [] ? netif_receive_skb_internal+0x92/0x390 [ 188.573637] [] ? dev_cpu_callback+0x680/0x680 [ 188.579745] [] ? dev_gro_receive+0x1d6/0x16f0 [ 188.585849] [] ? dev_gro_receive+0x67a/0x16f0 [ 188.591959] [] ? eth_type_trans+0x2a8/0x5d0 [ 188.597893] [] napi_gro_receive+0x1fb/0x400 [ 188.603831] [] virtnet_receive+0xe1c/0x1cf0 [ 188.609765] [] ? virtnet_open+0x250/0x250 [ 188.615529] [] ? check_preemption_disabled+0x3b/0x200 [ 188.622329] [] ? debug_check_no_locks_freed+0x2c0/0x2c0