INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes [ 767.298355] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts. [ 772.962988] random: sshd: uninitialized urandom read (32 bytes read) [ 773.049737] audit: type=1400 audit(1539378519.539:7): avc: denied { map } for pid=1883 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/10/12 21:08:40 parsed 1 programs [ 773.571710] audit: type=1400 audit(1539378520.069:8): avc: denied { map } for pid=1883 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=4999 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 774.201705] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/12 21:08:41 executed programs: 0 [ 775.316685] audit: type=1400 audit(1539378521.809:9): avc: denied { map } for pid=1883 comm="syz-execprog" path="/root/syzkaller-shm152986289" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2018/10/12 21:08:46 executed programs: 28 2018/10/12 21:08:51 executed programs: 93 2018/10/12 21:08:56 executed programs: 156 2018/10/12 21:09:02 executed programs: 215 2018/10/12 21:09:07 executed programs: 275 2018/10/12 21:09:12 executed programs: 343 2018/10/12 21:09:17 executed programs: 410 2018/10/12 21:09:22 executed programs: 471 2018/10/12 21:09:27 executed programs: 540 2018/10/12 21:09:32 executed programs: 604 2018/10/12 21:09:37 executed programs: 664 2018/10/12 21:09:42 executed programs: 728 2018/10/12 21:09:47 executed programs: 790 2018/10/12 21:09:52 executed programs: 851 2018/10/12 21:09:57 executed programs: 908 2018/10/12 21:10:02 executed programs: 968 2018/10/12 21:10:07 executed programs: 1030 2018/10/12 21:10:12 executed programs: 1089 2018/10/12 21:10:17 executed programs: 1145 2018/10/12 21:10:22 executed programs: 1203 2018/10/12 21:10:27 executed programs: 1264 2018/10/12 21:10:32 executed programs: 1326 2018/10/12 21:10:37 executed programs: 1386 2018/10/12 21:10:42 executed programs: 1442 [ 898.391557] random: crng init done 2018/10/12 21:10:48 executed programs: 1502 2018/10/12 21:10:53 executed programs: 1557 2018/10/12 21:10:58 executed programs: 1611 2018/10/12 21:11:03 executed programs: 1664 INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes 2018/10/12 21:11:08 executed programs: 1722 2018/10/12 21:11:13 executed programs: 1777 2018/10/12 21:11:18 executed programs: 1834 2018/10/12 21:11:23 executed programs: 1889 2018/10/12 21:11:28 executed programs: 1952 2018/10/12 21:11:33 executed programs: 2036 2018/10/12 21:11:38 executed programs: 2099 2018/10/12 21:11:43 executed programs: 2172 2018/10/12 21:11:48 executed programs: 2249 2018/10/12 21:11:53 executed programs: 2322 2018/10/12 21:11:58 executed programs: 2390 2018/10/12 21:12:03 executed programs: 2462 2018/10/12 21:12:08 executed programs: 2547 2018/10/12 21:12:13 executed programs: 2623 2018/10/12 21:12:18 executed programs: 2702 2018/10/12 21:12:23 executed programs: 2770 2018/10/12 21:12:28 executed programs: 2845 2018/10/12 21:12:33 executed programs: 2923 2018/10/12 21:12:38 result: failed=false hanged=false err=executor 0: failed: net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported Error: argument "bridge0" is wrong: Device does not exist Error: argument "bridge0" is wrong: Device does not exist Cannot find device "veth0_to_bridge" Cannot find device "veth1_to_bridge" RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported Error: argument "bond0" is wrong: Device does not exist Error: argument "bond0" is wrong: Device does not exist Cannot find device "veth0_to_bond" Cannot find device "veth1_to_bond" RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported Error: argument "team0" is wrong: Device does not exist Error: argument "team0" is wrong: Device does not exist Cannot find device "veth0_to_team" Cannot find device "veth1_to_team" Cannot find device "bridge_slave_0" Cannot find device "bridge_slave_1" RTNETLINK answers: Operation not supported Cannot find device "bridge0" Cannot find device "bridge0" Cannot find device "bridge0" Cannot find device "bridge0" Cannot find device "vcan0" Cannot find device "vcan0" Cannot find device "vcan0" Cannot find device "vcan0" Cannot find device "tunl0" Cannot find device "tunl0" Cannot find device "tunl0" Cannot find device "tunl0" Cannot find device "gre0" Cannot find device "gre0" Cannot find device "gre0" Cannot find device "gre0" Cannot find device "gretap0" Cannot find device "gretap0" Cannot find device "gretap0" Cannot find device "gretap0" RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument Cannot find device "ip6gre0" Cannot find device "ip6gre0" Cannot find device "ip6gre0" Cannot find device "ip6gre0" Cannot find device "ip6gretap0" Cannot find device "ip6gretap0" Cannot find device "ip6gretap0" Cannot find device "ip6gretap0" Cannot find device "erspan0" Cannot find device "erspan0" Cannot find device "erspan0" Cannot find device "erspan0" Cannot find device "bond0" Cannot find device "bond0" Cannot find device "bond0" Cannot find device "bond0" Cannot find device "veth0" Cannot find device "veth0" Cannot find device "veth0" Cannot find device "veth0" Cannot find device "veth1" Cannot find device "veth1" Cannot find device "veth1" Cannot find device "veth1" Cannot find device "team0" Cannot find device "team0" Cannot find device "team0" Cannot find device "team0" Cannot find device "veth0_to_bridge" Cannot find device "veth0_to_bridge" Cannot find device "veth0_to_bridge" Cannot find device "veth0_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth0_to_bond" Cannot find device "veth0_to_bond" Cannot find device "veth0_to_bond" Cannot find device "veth0_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth0_to_team" Cannot find device "veth0_to_team" Cannot find device "veth0_to_team" Cannot find device "veth0_to_team" Cannot find device "veth1_to_team" Cannot find device "veth1_to_team" Cannot find device "veth1_to_team" Cannot find device "veth1_to_team" control pipe write failedevent already setcontrol pipe write failed (errno 9) control pipe write failed (errno 9) child failed (errno 6) loop failed (errno 0) net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported Error: argument "bridge0" is wrong: Device does not exist Error: argument "bridge0" is wrong: Device does not exist Cannot find device "veth0_to_bridge" Cannot find device "veth1_to_bridge" RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported Error: argument "bond0" is wrong: Device does not exist Error: argument "bond0" is wrong: Device does not exist Cannot find device "veth0_to_bond" Cannot find device "veth1_to_bond" RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported Error: argument "team0" is wrong: Device does not exist Error: argument "team0" is wrong: Device does not exist Cannot find device "veth0_to_team" Cannot find device "veth1_to_team" Cannot find device "bridge_slave_0" Cannot find device "bridge_slave_1" RTNETLINK answers: Operation not supported Cannot find device "bridge0" Cannot find device "bridge0" Cannot find device "bridge0" Cannot find device "bridge0" Cannot find device "vcan0" Cannot find device "vcan0" Cannot find device "vcan0" Cannot find device "vcan0" Cannot find device "tunl0" Cannot find device "tunl0" Cannot find device "tunl0" Cannot find device "tunl0" Cannot find device "gre0" Cannot find device "gre0" Cannot find device "gre0" Cannot find device "gre0" Cannot find device "gretap0" Cannot find device "gretap0" Cannot find device "gretap0" Cannot find device "gretap0" RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument Cannot find device "ip6gre0" Cannot find device "ip6gre0" Cannot find device "ip6gre0" Cannot find device "ip6gre0" Cannot find device "ip6gretap0" Cannot find device "ip6gretap0" Cannot find device "ip6gretap0" Cannot find device "ip6gretap0" Cannot find device "erspan0" Cannot find device "erspan0" Cannot find device "erspan0" Cannot find device "erspan0" Cannot find device "bond0" Cannot find device "bond0" Cannot find device "bond0" Cannot find device "bond0" Cannot find device "veth0" Cannot find device "veth0" Cannot find device "veth0" Cannot find device "veth0" Cannot find device "veth1" Cannot find device "veth1" Cannot find device "veth1" Cannot find device "veth1" Cannot find device "team0" Cannot find device "team0" Cannot find device "team0" Cannot find device "team0" Cannot find device "veth0_to_bridge" Cannot find device "veth0_to_bridge" Cannot find device "veth0_to_bridge" Cannot find device "veth0_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth0_to_bond" Cannot find device "veth0_to_bond" Cannot find device "veth0_to_bond" Cannot find device "veth0_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth0_to_team" Cannot find device "veth0_to_team" Cannot find device "veth0_to_team" Cannot find device "veth0_to_team" Cannot find device "veth1_to_team" Cannot find device "veth1_to_team" Cannot find device "veth1_to_team" Cannot find device "veth1_to_team" control pipe write failedevent already setcontrol pipe write failed (errno 9) control pipe write failed (errno 9) child failed (errno 6) loop failed (errno 0) 2018/10/12 21:12:38 executed programs: 2974 [ 1013.680237] ================================================================== [ 1013.687645] BUG: KASAN: use-after-free in xfrm6_tunnel_destroy+0x5e3/0x650 [ 1013.694646] Read of size 8 at addr ffff8801cb551718 by task kworker/0:253/20415 [ 1013.702067] [ 1013.703680] CPU: 0 PID: 20415 Comm: kworker/0:253 Not tainted 4.14.75+ #18 [ 1013.710674] Workqueue: events xfrm_state_gc_task [ 1013.715407] Call Trace: [ 1013.717971] dump_stack+0xb9/0x11b [ 1013.721493] print_address_description+0x60/0x22b [ 1013.726312] kasan_report.cold.6+0x11b/0x2dd [ 1013.730696] ? xfrm6_tunnel_destroy+0x5e3/0x650 [ 1013.735342] xfrm6_tunnel_destroy+0x5e3/0x650 [ 1013.739814] ? xfrm_state_gc_task+0x25c/0x550 [ 1013.744284] ? rcu_read_lock_sched_held+0x102/0x120 [ 1013.749277] xfrm_state_gc_task+0x3d6/0x550 [ 1013.753572] ? xfrm_state_unregister_afinfo+0x180/0x180 [ 1013.758910] ? lock_acquire+0x10f/0x380 [ 1013.762875] process_one_work+0x86e/0x15c0 [ 1013.767090] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 1013.771743] worker_thread+0xdc/0x1000 [ 1013.775614] ? process_one_work+0x15c0/0x15c0 [ 1013.780080] kthread+0x348/0x420 [ 1013.783423] ? kthread_create_on_node+0xe0/0xe0 [ 1013.788069] ret_from_fork+0x3a/0x50 [ 1013.791763] [ 1013.793370] Allocated by task 1895: [ 1013.796974] kasan_kmalloc.part.1+0x4f/0xd0 [ 1013.801278] kmem_cache_alloc+0xe4/0x2b0 [ 1013.805317] copy_net_ns+0xf2/0x430 [ 1013.808920] create_new_namespaces+0x4f0/0x750 [ 1013.813475] unshare_nsproxy_namespaces+0x9f/0x1d0 [ 1013.818380] SyS_unshare+0x314/0x6b0 [ 1013.822069] do_syscall_64+0x19b/0x4b0 [ 1013.825942] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 1013.831103] [ 1013.832705] Freed by task 10375: [ 1013.836058] kasan_slab_free+0xac/0x190 [ 1013.840004] kmem_cache_free+0x12d/0x350 [ 1013.844038] net_drop_ns.part.6+0x59/0x70 [ 1013.848157] cleanup_net+0x617/0x880 [ 1013.851845] process_one_work+0x86e/0x15c0 [ 1013.856054] worker_thread+0xdc/0x1000 [ 1013.859912] kthread+0x348/0x420 [ 1013.863252] ret_from_fork+0x3a/0x50 [ 1013.866933] [ 1013.868537] The buggy address belongs to the object at ffff8801cb550000 [ 1013.868537] which belongs to the cache net_namespace of size 7296 [ 1013.881429] The buggy address is located 5912 bytes inside of [ 1013.881429] 7296-byte region [ffff8801cb550000, ffff8801cb551c80) [ 1013.893451] The buggy address belongs to the page: [ 1013.898355] page:ffffea00072d5400 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 1013.908298] flags: 0x4000000000008100(slab|head) [ 1013.913030] raw: 4000000000008100 0000000000000000 0000000000000000 0000000180040004 [ 1013.920894] raw: dead000000000100 dead000000000200 ffff8801da97f800 0000000000000000 [ 1013.928744] page dumped because: kasan: bad access detected [ 1013.934426] [ 1013.936027] Memory state around the buggy address: [ 1013.940930] ffff8801cb551600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1013.948263] ffff8801cb551680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1013.955596] >ffff8801cb551700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1013.962928] ^ [ 1013.967052] ffff8801cb551780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1013.974382] ffff8801cb551800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1013.981725] ================================================================== [ 1013.989058] Disabling lock debugging due to kernel taint [ 1013.996307] Kernel panic - not syncing: panic_on_warn set ... [ 1013.996307] [ 1014.003673] CPU: 0 PID: 20415 Comm: kworker/0:253 Tainted: G B 4.14.75+ #18 [ 1014.011880] Workqueue: events xfrm_state_gc_task [ 1014.016608] Call Trace: [ 1014.019170] dump_stack+0xb9/0x11b [ 1014.022685] panic+0x1bf/0x3a4 [ 1014.025852] ? add_taint.cold.4+0x16/0x16 [ 1014.029975] ? ___preempt_schedule+0x16/0x18 [ 1014.034360] kasan_end_report+0x43/0x49 [ 1014.038308] kasan_report.cold.6+0x77/0x2dd [ 1014.042603] ? xfrm6_tunnel_destroy+0x5e3/0x650 [ 1014.047245] xfrm6_tunnel_destroy+0x5e3/0x650 [ 1014.051716] ? xfrm_state_gc_task+0x25c/0x550 [ 1014.056183] ? rcu_read_lock_sched_held+0x102/0x120 [ 1014.061177] xfrm_state_gc_task+0x3d6/0x550 [ 1014.065485] ? xfrm_state_unregister_afinfo+0x180/0x180 [ 1014.070823] ? lock_acquire+0x10f/0x380 [ 1014.074779] process_one_work+0x86e/0x15c0 [ 1014.079003] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 1014.083650] worker_thread+0xdc/0x1000 [ 1014.087516] ? process_one_work+0x15c0/0x15c0 [ 1014.091994] kthread+0x348/0x420 [ 1014.095333] ? kthread_create_on_node+0xe0/0xe0 [ 1014.099976] ret_from_fork+0x3a/0x50 [ 1014.104039] Kernel Offset: 0x38000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 1014.114941] Rebooting in 86400 seconds..