INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. 2018/07/20 17:03:00 parsed 1 programs 2018/07/20 17:03:02 executed programs: 0 [ 903.364616] IPVS: Creating netns size=2536 id=1 [ 903.398636] IPVS: Creating netns size=2536 id=2 [ 903.422509] IPVS: Creating netns size=2536 id=3 [ 903.463936] IPVS: Creating netns size=2536 id=4 [ 903.517433] IPVS: Creating netns size=2536 id=5 [ 903.558120] IPVS: Creating netns size=2536 id=6 [ 903.623271] IPVS: Creating netns size=2536 id=7 [ 903.664380] IPVS: Creating netns size=2536 id=8 2018/07/20 17:03:07 executed programs: 342 2018/07/20 17:03:13 executed programs: 552 2018/07/20 17:03:18 executed programs: 906 INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes 2018/07/20 17:03:23 executed programs: 1272 2018/07/20 17:03:28 executed programs: 1629 2018/07/20 17:03:33 executed programs: 1982 2018/07/20 17:03:38 executed programs: 2354 2018/07/20 17:03:43 executed programs: 2705 2018/07/20 17:03:48 executed programs: 3061 2018/07/20 17:03:53 executed programs: 3430 2018/07/20 17:03:58 executed programs: 3779 2018/07/20 17:04:04 executed programs: 3986 2018/07/20 17:04:09 executed programs: 4347 2018/07/20 17:04:14 executed programs: 4703 2018/07/20 17:04:19 executed programs: 4867 2018/07/20 17:04:25 executed programs: 5115 2018/07/20 17:04:30 executed programs: 5479 2018/07/20 17:04:35 executed programs: 5824 2018/07/20 17:04:40 executed programs: 6178 [ 1005.103959] ================================================================== [ 1005.111561] BUG: KASAN: use-after-free in p9_conn_cancel+0x3f3/0x4c0 [ 1005.118053] Read of size 4 at addr ffff8801d6ef6028 by task kworker/1:2/1838 [ 1005.125234] [ 1005.126860] CPU: 1 PID: 1838 Comm: kworker/1:2 Not tainted 4.9.113-g47bbcd6 #10 [ 1005.134300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1005.143663] Workqueue: events p9_poll_workfn [ 1005.148274] ffff8801ce2afaa0 ffffffff81eb32a9 ffffea00075bbd80 ffff8801d6ef6028 [ 1005.156810] 0000000000000000 ffff8801d6ef6028 00000000ffffff87 ffff8801ce2afad8 [ 1005.164997] ffffffff81567bd9 ffff8801d6ef6028 0000000000000004 0000000000000000 [ 1005.173090] Call Trace: [ 1005.175797] [] dump_stack+0xc1/0x128 [ 1005.181256] [] print_address_description+0x6c/0x234 [ 1005.187968] [] kasan_report.cold.6+0x242/0x2fe [ 1005.194239] [] ? p9_conn_cancel+0x3f3/0x4c0 [ 1005.200277] [] __asan_report_load4_noabort+0x14/0x20 [ 1005.207047] [] p9_conn_cancel+0x3f3/0x4c0 [ 1005.212834] [] ? p9_pollwake+0x110/0x110 [ 1005.218600] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 1005.225589] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 1005.232797] [] ? p9_fd_poll+0x246/0x310 [ 1005.238412] [] p9_poll_workfn+0x222/0x330 [ 1005.244281] [] process_one_work+0x7e1/0x1500 [ 1005.250374] [] ? process_one_work+0x728/0x1500 [ 1005.256630] [] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 1005.263116] [] worker_thread+0xd6/0x10a0 [ 1005.268818] [] kthread+0x26d/0x300 [ 1005.274004] [] ? process_one_work+0x1500/0x1500 [ 1005.280320] [] ? kthread_park+0xa0/0xa0 [ 1005.285934] [] ? kthread_park+0xa0/0xa0 [ 1005.291554] [] ? kthread_park+0xa0/0xa0 [ 1005.297187] [] ret_from_fork+0x5c/0x70 [ 1005.302712] [ 1005.304347] Allocated by task 31043: [ 1005.308083] save_stack_trace+0x16/0x20 [ 1005.312046] save_stack+0x43/0xd0 [ 1005.315491] kasan_kmalloc+0xc7/0xe0 [ 1005.319199] kmem_cache_alloc_trace+0xfd/0x2b0 [ 1005.323765] p9_fd_create+0xf3/0x330 [ 1005.327473] p9_client_create+0x6ff/0x10a0 [ 1005.331765] v9fs_session_init+0x333/0x13a0 [ 1005.336074] v9fs_mount+0x7d/0x810 [ 1005.339665] mount_fs+0x28c/0x370 [ 1005.343136] vfs_kern_mount.part.29+0xd1/0x3d0 [ 1005.347705] do_mount+0x3c9/0x2740 [ 1005.351248] SyS_mount+0xfe/0x110 [ 1005.354718] do_syscall_64+0x1a6/0x490 [ 1005.358611] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 1005.363702] [ 1005.365326] Freed by task 31043: [ 1005.368701] save_stack_trace+0x16/0x20 [ 1005.372678] save_stack+0x43/0xd0 [ 1005.376120] kasan_slab_free+0x72/0xc0 [ 1005.379996] kfree+0xfb/0x310 [ 1005.383106] p9_fd_close+0x298/0x330 [ 1005.386813] p9_client_destroy+0x73/0x570 [ 1005.390948] v9fs_session_close+0x46/0x110 [ 1005.395171] v9fs_kill_super+0x4e/0xa0 [ 1005.399041] deactivate_locked_super+0x75/0xd0 [ 1005.403624] v9fs_mount+0x3c6/0x810 [ 1005.407260] mount_fs+0x28c/0x370 [ 1005.410692] vfs_kern_mount.part.29+0xd1/0x3d0 [ 1005.415279] do_mount+0x3c9/0x2740 [ 1005.418829] SyS_mount+0xfe/0x110 [ 1005.422272] do_syscall_64+0x1a6/0x490 [ 1005.426138] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 1005.431212] [ 1005.432848] The buggy address belongs to the object at ffff8801d6ef6000 [ 1005.432848] which belongs to the cache kmalloc-512 of size 512 [ 1005.445484] The buggy address is located 40 bytes inside of [ 1005.445484] 512-byte region [ffff8801d6ef6000, ffff8801d6ef6200) [ 1005.457250] The buggy address belongs to the page: [ 1005.462167] page:ffffea00075bbd80 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 1005.472367] flags: 0x8000000000004080(slab|head) [ 1005.477101] page dumped because: kasan: bad access detected [ 1005.482786] [ 1005.484401] Memory state around the buggy address: [ 1005.489308] ffff8801d6ef5f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 1005.496647] ffff8801d6ef5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1005.503992] >ffff8801d6ef6000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1005.511334] ^ [ 1005.516079] ffff8801d6ef6080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1005.523431] ffff8801d6ef6100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1005.530783] ================================================================== [ 1005.538123] Disabling lock debugging due to kernel taint [ 1005.543551] Kernel panic - not syncing: panic_on_warn set ... [ 1005.543551] [ 1005.550907] CPU: 1 PID: 1838 Comm: kworker/1:2 Tainted: G B 4.9.113-g47bbcd6 #10 [ 1005.559550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1005.569276] Workqueue: events p9_poll_workfn [ 1005.573808] ffff8801ce2afa00 ffffffff81eb32a9 ffffffff843c806f 00000000ffffffff [ 1005.581847] 0000000000000000 0000000000000001 00000000ffffff87 ffff8801ce2afac0 [ 1005.589873] ffffffff81421a55 0000000041b58ab3 ffffffff843bb788 ffffffff81421896 [ 1005.597913] Call Trace: [ 1005.600496] [] dump_stack+0xc1/0x128 [ 1005.605886] [] panic+0x1bf/0x3bc [ 1005.610882] [] ? add_taint.cold.6+0x16/0x16 [ 1005.617018] [] ? kasan_end_report+0x32/0x4f [ 1005.623077] [] kasan_end_report+0x47/0x4f [ 1005.628863] [] kasan_report.cold.6+0x76/0x2fe [ 1005.635016] [] ? p9_conn_cancel+0x3f3/0x4c0 [ 1005.640985] [] __asan_report_load4_noabort+0x14/0x20 [ 1005.647952] [] p9_conn_cancel+0x3f3/0x4c0 [ 1005.653746] [] ? p9_pollwake+0x110/0x110 [ 1005.659660] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 1005.666587] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 1005.673433] [] ? p9_fd_poll+0x246/0x310 [ 1005.679070] [] p9_poll_workfn+0x222/0x330 [ 1005.684854] [] process_one_work+0x7e1/0x1500 [ 1005.690955] [] ? process_one_work+0x728/0x1500 [ 1005.697193] [] ? pwq_dec_nr_in_flight+0x2e0/0x2e0 [ 1005.703687] [] worker_thread+0xd6/0x10a0 [ 1005.709385] [] kthread+0x26d/0x300 [ 1005.714751] [] ? process_one_work+0x1500/0x1500 [ 1005.721066] [] ? kthread_park+0xa0/0xa0 [ 1005.726678] [] ? kthread_park+0xa0/0xa0 [ 1005.732299] [] ? kthread_park+0xa0/0xa0 [ 1005.737906] [] ret_from_fork+0x5c/0x70 [ 1005.743986] Dumping ftrace buffer: [ 1005.747522] (ftrace buffer empty) [ 1005.751730] Kernel Offset: disabled [ 1005.755555] Rebooting in 86400 seconds..