INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes Warning: Permanently added '10.128.0.52' (ECDSA) to the list of known hosts. 2019/06/17 14:19:06 parsed 1 programs 2019/06/17 14:19:08 executed programs: 0 [ 951.199271] audit: type=1400 audit(1560781148.935:5): avc: denied { sys_admin } for pid=2242 comm="syz-executor.0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 951.247149] audit: type=1400 audit(1560781148.985:6): avc: denied { net_admin } for pid=2244 comm="syz-executor.0" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 951.398522] audit: type=1400 audit(1560781149.135:7): avc: denied { sys_chroot } for pid=2244 comm="syz-executor.0" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 951.423584] audit: type=1400 audit(1560781149.155:8): avc: denied { associate } for pid=2244 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 951.466085] audit: type=1400 audit(1560781149.195:9): avc: denied { dac_override } for pid=2268 comm="syz-executor.0" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 953.315311] ================================================================== [ 953.322792] BUG: KASAN: use-after-free in pneigh_get_next.isra.4+0x273/0x2b0 [ 953.329976] Read of size 8 at addr ffff8801c6186f00 by task syz-executor.0/2339 [ 953.337410] [ 953.339045] CPU: 1 PID: 2339 Comm: syz-executor.0 Not tainted 4.9.141+ #23 [ 953.346054] ffff8801c619f240 ffffffff81b42e79 ffffea0007186180 ffff8801c6186f00 [ 953.354081] 0000000000000000 ffff8801c6186f00 ffff8801c6186f00 ffff8801c619f278 [ 953.362529] ffffffff815009b8 ffff8801c6186f00 0000000000000008 0000000000000000 [ 953.370564] Call Trace: [ 953.373174] [] dump_stack+0xc1/0x128 [ 953.378559] [] print_address_description+0x6c/0x234 [ 953.385295] [] kasan_report.cold.6+0x242/0x2fe [ 953.391509] [] ? pneigh_get_next.isra.4+0x273/0x2b0 [ 953.398158] [] __asan_report_load8_noabort+0x14/0x20 [ 953.404885] [] pneigh_get_next.isra.4+0x273/0x2b0 [ 953.411399] [] ? mark_held_locks+0xc7/0x130 [ 953.417395] [] neigh_seq_next+0xb1/0x1e0 [ 953.423099] [] seq_read+0xa0b/0x12d0 [ 953.428440] [] ? seq_lseek+0x3c0/0x3c0 [ 953.433986] [] ? __fsnotify_inode_delete+0x30/0x30 [ 953.440602] [] proc_reg_read+0xfd/0x180 [ 953.446224] [] ? seq_lseek+0x3c0/0x3c0 [ 953.451738] [] do_loop_readv_writev.part.1+0xd5/0x280 [ 953.458588] [] do_readv_writev+0x56e/0x7b0 [ 953.464453] [] ? vfs_write+0x520/0x520 [ 953.469966] [] ? kasan_unpoison_shadow+0x35/0x50 [ 953.476369] [] ? push_pipe+0x3e2/0x770 [ 953.481887] [] ? iov_iter_get_pages_alloc+0x2be/0xee0 [ 953.488742] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 953.495646] [] vfs_readv+0x84/0xc0 [ 953.500833] [] default_file_splice_read+0x451/0x7f0 [ 953.507479] [] ? do_splice_direct+0x270/0x270 [ 953.513618] [] ? free_hot_cold_page+0x5b3/0x9d0 [ 953.519917] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 953.526731] [] ? trace_hardirqs_on+0xd/0x10 [ 953.532677] [] ? rw_verify_area+0xe5/0x2a0 [ 953.538538] [] ? do_splice_direct+0x270/0x270 [ 953.544656] [] do_splice_to+0x10c/0x170 [ 953.550255] [] splice_direct_to_actor+0x23f/0x7e0 [ 953.556721] [] ? pipe_to_sendpage+0x330/0x330 [ 953.562839] [] ? do_splice_to+0x170/0x170 [ 953.568650] [] ? security_file_permission+0x8f/0x1e0 [ 953.575378] [] ? rw_verify_area+0xe5/0x2a0 [ 953.581251] [] do_splice_direct+0x1a3/0x270 [ 953.587233] [] ? splice_direct_to_actor+0x7e0/0x7e0 [ 953.593919] [] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 953.600479] [] ? __sb_start_write+0x161/0x300 [ 953.606621] [] do_sendfile+0x4f0/0xc30 [ 953.612135] [] ? do_compat_pwritev64+0x180/0x180 [ 953.618559] [] ? SyS_clock_gettime+0x11e/0x1f0 [ 953.624777] [] ? SyS_clock_settime+0x220/0x220 [ 953.630984] [] compat_SyS_sendfile+0x143/0x160 [ 953.637191] [] ? SyS_sendfile64+0x160/0x160 [ 953.643158] [] ? do_fast_syscall_32+0xcf/0xa10 [ 953.649367] [] ? SyS_sendfile64+0x160/0x160 [ 953.655314] [] do_fast_syscall_32+0x2f1/0xa10 [ 953.661461] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 953.668106] [] entry_SYSENTER_compat+0x90/0xa2 [ 953.674307] [ 953.675909] Allocated by task 2340: [ 953.679527] save_stack_trace+0x16/0x20 [ 953.683477] kasan_kmalloc.part.1+0x62/0xf0 [ 953.687790] kasan_kmalloc+0xaf/0xc0 [ 953.691488] __kmalloc+0x12f/0x310 [ 953.695006] pneigh_lookup+0x17d/0x3f0 [ 953.698924] arp_req_set+0x443/0x570 [ 953.702614] arp_ioctl+0x32a/0x670 [ 953.706124] inet_ioctl+0x90/0x1d0 [ 953.709672] sock_do_ioctl+0x6a/0xb0 [ 953.713363] compat_sock_ioctl+0x95a/0x1310 [ 953.717673] compat_SyS_ioctl+0x12d/0x1fd0 [ 953.721880] do_fast_syscall_32+0x2f1/0xa10 [ 953.726189] entry_SYSENTER_compat+0x90/0xa2 [ 953.730567] [ 953.732172] Freed by task 2337: [ 953.735424] save_stack_trace+0x16/0x20 [ 953.739374] kasan_slab_free+0xac/0x190 [ 953.743322] kfree+0xfb/0x310 [ 953.746430] neigh_ifdown+0x1da/0x2a0 [ 953.750208] arp_ifdown+0x1c/0x20 [ 953.753659] inetdev_event+0x6f2/0x10b0 [ 953.757645] notifier_call_chain+0xb4/0x1d0 [ 953.761945] raw_notifier_call_chain+0x2d/0x40 [ 953.766503] call_netdevice_notifiers_info+0x55/0x70 [ 953.771582] rollback_registered_many+0x6e5/0xb50 [ 953.776397] rollback_registered+0xee/0x1b0 [ 953.780692] unregister_netdevice_queue+0x1aa/0x230 [ 953.785731] __tun_detach+0x821/0xa00 [ 953.789515] tun_chr_close+0x44/0x60 [ 953.793273] __fput+0x263/0x700 [ 953.796522] ____fput+0x15/0x20 [ 953.799796] task_work_run+0x10c/0x180 [ 953.803663] exit_to_usermode_loop+0x129/0x150 [ 953.808222] do_fast_syscall_32+0x6dc/0xa10 [ 953.812517] entry_SYSENTER_compat+0x90/0xa2 [ 953.816894] [ 953.818497] The buggy address belongs to the object at ffff8801c6186f00 [ 953.818497] which belongs to the cache kmalloc-64 of size 64 [ 953.830955] The buggy address is located 0 bytes inside of [ 953.830955] 64-byte region [ffff8801c6186f00, ffff8801c6186f40) [ 953.842556] The buggy address belongs to the page: [ 953.847517] page:ffffea0007186180 count:1 mapcount:0 mapping: (null) index:0x0 [ 953.855776] flags: 0x4000000000000080(slab) [ 953.860070] page dumped because: kasan: bad access detected [ 953.865750] [ 953.867348] Memory state around the buggy address: [ 953.872261] ffff8801c6186e00: fb fb fb fb fc fc fc fc fb fb fb fb fb fb fb fb [ 953.879602] ffff8801c6186e80: fc fc fc fc fb fb fb fb fb fb fb fb fc fc fc fc [ 953.886938] >ffff8801c6186f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 953.894267] ^ [ 953.897607] ffff8801c6186f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 953.904939] ffff8801c6187000: fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb fb [ 953.912271] ================================================================== [ 953.919635] Disabling lock debugging due to kernel taint [ 953.925164] Kernel panic - not syncing: panic_on_warn set ... [ 953.925164] [ 953.932526] CPU: 1 PID: 2339 Comm: syz-executor.0 Tainted: G B 4.9.141+ #23 [ 953.940730] ffff8801c619f1a0 ffffffff81b42e79 ffffffff82e37630 00000000ffffffff [ 953.948754] 0000000000000000 0000000000000001 ffff8801c6186f00 ffff8801c619f260 [ 953.956746] ffffffff813f7125 0000000041b58ab3 ffffffff82e2b62b ffffffff813f6f66 [ 953.964763] Call Trace: [ 953.967355] [] dump_stack+0xc1/0x128 [ 953.972715] [] panic+0x1bf/0x39f [ 953.977711] [] ? add_taint.cold.5+0x16/0x16 [ 953.983663] [] kasan_end_report+0x47/0x4f [ 953.989439] [] kasan_report.cold.6+0x76/0x2fe [ 953.995579] [] ? pneigh_get_next.isra.4+0x273/0x2b0 [ 954.002225] [] __asan_report_load8_noabort+0x14/0x20 [ 954.008954] [] pneigh_get_next.isra.4+0x273/0x2b0 [ 954.015422] [] ? mark_held_locks+0xc7/0x130 [ 954.021370] [] neigh_seq_next+0xb1/0x1e0 [ 954.027061] [] seq_read+0xa0b/0x12d0 [ 954.032410] [] ? seq_lseek+0x3c0/0x3c0 [ 954.037936] [] ? __fsnotify_inode_delete+0x30/0x30 [ 954.044493] [] proc_reg_read+0xfd/0x180 [ 954.050092] [] ? seq_lseek+0x3c0/0x3c0 [ 954.055614] [] do_loop_readv_writev.part.1+0xd5/0x280 [ 954.062471] [] do_readv_writev+0x56e/0x7b0 [ 954.068341] [] ? vfs_write+0x520/0x520 [ 954.073861] [] ? kasan_unpoison_shadow+0x35/0x50 [ 954.080247] [] ? push_pipe+0x3e2/0x770 [ 954.085766] [] ? iov_iter_get_pages_alloc+0x2be/0xee0 [ 954.092585] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 954.099502] [] vfs_readv+0x84/0xc0 [ 954.104671] [] default_file_splice_read+0x451/0x7f0 [ 954.111417] [] ? do_splice_direct+0x270/0x270 [ 954.117545] [] ? free_hot_cold_page+0x5b3/0x9d0 [ 954.123847] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 954.130670] [] ? trace_hardirqs_on+0xd/0x10 [ 954.136618] [] ? rw_verify_area+0xe5/0x2a0 [ 954.142479] [] ? do_splice_direct+0x270/0x270 [ 954.148602] [] do_splice_to+0x10c/0x170 [ 954.154203] [] splice_direct_to_actor+0x23f/0x7e0 [ 954.160672] [] ? pipe_to_sendpage+0x330/0x330 [ 954.166793] [] ? do_splice_to+0x170/0x170 [ 954.172570] [] ? security_file_permission+0x8f/0x1e0 [ 954.179304] [] ? rw_verify_area+0xe5/0x2a0 [ 954.185182] [] do_splice_direct+0x1a3/0x270 [ 954.191129] [] ? splice_direct_to_actor+0x7e0/0x7e0 [ 954.197772] [] ? rcu_sync_lockdep_assert+0x73/0xb0 [ 954.204343] [] ? __sb_start_write+0x161/0x300 [ 954.210464] [] do_sendfile+0x4f0/0xc30 [ 954.215975] [] ? do_compat_pwritev64+0x180/0x180 [ 954.222360] [] ? SyS_clock_gettime+0x11e/0x1f0 [ 954.228568] [] ? SyS_clock_settime+0x220/0x220 [ 954.234777] [] compat_SyS_sendfile+0x143/0x160 [ 954.240983] [] ? SyS_sendfile64+0x160/0x160 [ 954.246931] [] ? do_fast_syscall_32+0xcf/0xa10 [ 954.253163] [] ? SyS_sendfile64+0x160/0x160 [ 954.259121] [] do_fast_syscall_32+0x2f1/0xa10 [ 954.265245] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 954.271888] [] entry_SYSENTER_compat+0x90/0xa2 [ 954.278619] Kernel Offset: disabled [ 954.282231] Rebooting in 86400 seconds..