INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes Warning: Permanently added '10.128.10.45' (ECDSA) to the list of known hosts. 2018/12/08 22:35:30 parsed 1 programs 2018/12/08 22:35:31 executed programs: 0 [ 834.759088] audit: type=1400 audit(1544308532.490:5): avc: denied { associate } for pid=2176 comm="syz-executor0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 2018/12/08 22:35:36 executed programs: 45 2018/12/08 22:35:41 executed programs: 110 2018/12/08 22:35:46 executed programs: 173 2018/12/08 22:35:51 executed programs: 233 2018/12/08 22:35:56 executed programs: 294 2018/12/08 22:36:01 executed programs: 353 2018/12/08 22:36:06 executed programs: 416 2018/12/08 22:36:11 executed programs: 476 2018/12/08 22:36:16 executed programs: 536 2018/12/08 22:36:21 executed programs: 596 2018/12/08 22:36:26 executed programs: 657 2018/12/08 22:36:31 executed programs: 714 2018/12/08 22:36:37 executed programs: 770 2018/12/08 22:36:42 executed programs: 826 2018/12/08 22:36:47 executed programs: 882 INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes 2018/12/08 22:36:52 executed programs: 947 2018/12/08 22:36:57 executed programs: 1009 2018/12/08 22:37:02 executed programs: 1072 2018/12/08 22:37:07 executed programs: 1136 2018/12/08 22:37:12 executed programs: 1197 2018/12/08 22:37:17 executed programs: 1259 2018/12/08 22:37:22 executed programs: 1322 2018/12/08 22:37:27 executed programs: 1382 2018/12/08 22:37:32 executed programs: 1446 2018/12/08 22:37:37 executed programs: 1507 2018/12/08 22:37:42 executed programs: 1580 2018/12/08 22:37:47 executed programs: 1647 2018/12/08 22:37:52 executed programs: 1725 2018/12/08 22:37:57 executed programs: 1813 2018/12/08 22:38:02 result: failed=false hanged=false err=executor 0: failed: net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported Error: argument "bridge0" is wrong: Device does not exist Error: argument "bridge0" is wrong: Device does not exist Cannot find device "veth0_to_bridge" Cannot find device "veth1_to_bridge" RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported Error: argument "bond0" is wrong: Device does not exist Error: argument "bond0" is wrong: Device does not exist Cannot find device "veth0_to_bond" Cannot find device "veth1_to_bond" RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported Error: argument "team0" is wrong: Device does not exist Error: argument "team0" is wrong: Device does not exist Cannot find device "veth0_to_team" Cannot find device "veth1_to_team" Cannot find device "bridge_slave_0" Cannot find device "bridge_slave_1" RTNETLINK answers: Operation not supported Cannot find device "bridge0" Cannot find device "bridge0" Cannot find device "bridge0" Cannot find device "bridge0" Cannot find device "vcan0" Cannot find device "vcan0" Cannot find device "vcan0" Cannot find device "vcan0" Cannot find device "tunl0" Cannot find device "tunl0" Cannot find device "tunl0" Cannot find device "tunl0" Cannot find device "gre0" Cannot find device "gre0" Cannot find device "gre0" Cannot find device "gre0" Cannot find device "gretap0" Cannot find device "gretap0" Cannot find device "gretap0" Cannot find device "gretap0" RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument Cannot find device "ip6gre0" Cannot find device "ip6gre0" Cannot find device "ip6gre0" Cannot find device "ip6gre0" Cannot find device "ip6gretap0" Cannot find device "ip6gretap0" Cannot find device "ip6gretap0" Cannot find device "ip6gretap0" Cannot find device "erspan0" Cannot find device "erspan0" Cannot find device "erspan0" Cannot find device "erspan0" Cannot find device "bond0" Cannot find device "bond0" Cannot find device "bond0" Cannot find device "bond0" Cannot find device "veth0" Cannot find device "veth0" Cannot find device "veth0" Cannot find device "veth0" Cannot find device "veth1" Cannot find device "veth1" Cannot find device "veth1" Cannot find device "veth1" Cannot find device "team0" Cannot find device "team0" Cannot find device "team0" Cannot find device "team0" Cannot find device "veth0_to_bridge" Cannot find device "veth0_to_bridge" Cannot find device "veth0_to_bridge" Cannot find device "veth0_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth0_to_bond" Cannot find device "veth0_to_bond" Cannot find device "veth0_to_bond" Cannot find device "veth0_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth0_to_team" Cannot find device "veth0_to_team" Cannot find device "veth0_to_team" Cannot find device "veth0_to_team" Cannot find device "veth1_to_team" Cannot find device "veth1_to_team" Cannot find device "veth1_to_team" Cannot find device "veth1_to_team" control pipe write failed (errno 9) child failed (errno 6) loop failed (errno 0) net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported Error: argument "bridge0" is wrong: Device does not exist Error: argument "bridge0" is wrong: Device does not exist Cannot find device "veth0_to_bridge" Cannot find device "veth1_to_bridge" RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported Error: argument "bond0" is wrong: Device does not exist Error: argument "bond0" is wrong: Device does not exist Cannot find device "veth0_to_bond" Cannot find device "veth1_to_bond" RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported Error: argument "team0" is wrong: Device does not exist Error: argument "team0" is wrong: Device does not exist Cannot find device "veth0_to_team" Cannot find device "veth1_to_team" Cannot find device "bridge_slave_0" Cannot find device "bridge_slave_1" RTNETLINK answers: Operation not supported Cannot find device "bridge0" Cannot find device "bridge0" Cannot find device "bridge0" Cannot find device "bridge0" Cannot find device "vcan0" Cannot find device "vcan0" Cannot find device "vcan0" Cannot find device "vcan0" Cannot find device "tunl0" Cannot find device "tunl0" Cannot find device "tunl0" Cannot find device "tunl0" Cannot find device "gre0" Cannot find device "gre0" Cannot find device "gre0" Cannot find device "gre0" Cannot find device "gretap0" Cannot find device "gretap0" Cannot find device "gretap0" Cannot find device "gretap0" RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument Cannot find device "ip6gre0" Cannot find device "ip6gre0" Cannot find device "ip6gre0" Cannot find device "ip6gre0" Cannot find device "ip6gretap0" Cannot find device "ip6gretap0" Cannot find device "ip6gretap0" Cannot find device "ip6gretap0" Cannot find device "erspan0" Cannot find device "erspan0" Cannot find device "erspan0" Cannot find device "erspan0" Cannot find device "bond0" Cannot find device "bond0" Cannot find device "bond0" Cannot find device "bond0" Cannot find device "veth0" Cannot find device "veth0" Cannot find device "veth0" Cannot find device "veth0" Cannot find device "veth1" Cannot find device "veth1" Cannot find device "veth1" Cannot find device "veth1" Cannot find device "team0" Cannot find device "team0" Cannot find device "team0" Cannot find device "team0" Cannot find device "veth0_to_bridge" Cannot find device "veth0_to_bridge" Cannot find device "veth0_to_bridge" Cannot find device "veth0_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth1_to_bridge" Cannot find device "veth0_to_bond" Cannot find device "veth0_to_bond" Cannot find device "veth0_to_bond" Cannot find device "veth0_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth1_to_bond" Cannot find device "veth0_to_team" Cannot find device "veth0_to_team" Cannot find device "veth0_to_team" Cannot find device "veth0_to_team" Cannot find device "veth1_to_team" Cannot find device "veth1_to_team" Cannot find device "veth1_to_team" Cannot find device "veth1_to_team" control pipe write failed (errno 9) child failed (errno 6) loop failed (errno 0) [ 987.824547] ================================================================== [ 987.831956] BUG: KASAN: use-after-free in xfrm6_tunnel_destroy+0x5a5/0x630 [ 987.838959] Read of size 8 at addr ffff8801cf239618 by task kworker/1:0/14011 [ 987.846289] [ 987.847905] CPU: 1 PID: 14011 Comm: kworker/1:0 Not tainted 4.9.144+ #77 [ 987.854728] Workqueue: events xfrm_state_gc_task [ 987.859576] ffff8801c11e7aa0 ffffffff81b43b89 ffffea00073c8e00 ffff8801cf239618 [ 987.867582] 0000000000000000 ffff8801cf239618 ffff8801c9755528 ffff8801c11e7ad8 [ 987.875563] ffffffff81500c38 ffff8801cf239618 0000000000000008 0000000000000000 [ 987.884108] Call Trace: [ 987.886680] [] dump_stack+0xc1/0x128 [ 987.892027] [] print_address_description+0x6c/0x234 [ 987.898680] [] kasan_report.cold.6+0x242/0x2fe [ 987.904897] [] ? xfrm6_tunnel_destroy+0x5a5/0x630 [ 987.911373] [] __asan_report_load8_noabort+0x14/0x20 [ 987.918109] [] xfrm6_tunnel_destroy+0x5a5/0x630 [ 987.924426] [] ? xfrm6_tunnel_destroy+0x34/0x630 [ 987.930815] [] ? rcu_read_lock_sched_held+0x103/0x120 [ 987.937641] [] ? kfree+0x1b7/0x310 [ 987.942837] [] xfrm_state_gc_task+0x3ad/0x510 [ 987.948965] [] ? xfrm_state_unregister_afinfo+0x160/0x160 [ 987.956134] [] process_one_work+0x831/0x15f0 [ 987.962175] [] ? process_one_work+0x774/0x15f0 [ 987.968497] [] ? cancel_delayed_work_sync+0x20/0x20 [ 987.975143] [] worker_thread+0xd6/0x1140 [ 987.980832] [] ? ___preempt_schedule+0x16/0x18 [ 987.987052] [] kthread+0x26d/0x300 [ 987.992223] [] ? process_one_work+0x15f0/0x15f0 [ 987.998523] [] ? kthread_park+0xa0/0xa0 [ 988.004126] [] ? __switch_to_asm+0x34/0x70 [ 988.010044] [] ? kthread_park+0xa0/0xa0 [ 988.015655] [] ? kthread_park+0xa0/0xa0 [ 988.021257] [] ret_from_fork+0x5c/0x70 [ 988.026766] [ 988.028367] Allocated by task 2176: [ 988.031977] save_stack_trace+0x16/0x20 [ 988.035927] kasan_kmalloc.part.1+0x62/0xf0 [ 988.040223] kasan_kmalloc+0xaf/0xc0 [ 988.043914] kasan_slab_alloc+0x12/0x20 [ 988.047867] kmem_cache_alloc+0xd5/0x2b0 [ 988.051903] copy_net_ns+0xf5/0x330 [ 988.055542] create_new_namespaces+0x501/0x760 [ 988.060116] unshare_nsproxy_namespaces+0xa5/0x1d0 [ 988.065019] SyS_unshare+0x319/0x710 [ 988.068737] do_syscall_64+0x19f/0x550 [ 988.072600] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 988.077673] [ 988.079272] Freed by task 5764: [ 988.082529] save_stack_trace+0x16/0x20 [ 988.086476] kasan_slab_free+0xac/0x190 [ 988.090422] kmem_cache_free+0xbe/0x310 [ 988.094370] net_drop_ns+0x62/0x80 [ 988.097883] cleanup_net+0x627/0x8b0 [ 988.101570] process_one_work+0x831/0x15f0 [ 988.105778] worker_thread+0xd6/0x1140 [ 988.109652] kthread+0x26d/0x300 [ 988.113014] ret_from_fork+0x5c/0x70 [ 988.116704] [ 988.118318] The buggy address belongs to the object at ffff8801cf238000 [ 988.118318] which belongs to the cache net_namespace of size 7552 [ 988.131245] The buggy address is located 5656 bytes inside of [ 988.131245] 7552-byte region [ffff8801cf238000, ffff8801cf239d80) [ 988.143268] The buggy address belongs to the page: [ 988.148173] page:ffffea00073c8e00 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 988.158358] flags: 0x4000000000004080(slab|head) [ 988.163085] page dumped because: kasan: bad access detected [ 988.168876] [ 988.170494] Memory state around the buggy address: [ 988.175413] ffff8801cf239500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 988.182944] ffff8801cf239580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 988.190275] >ffff8801cf239600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 988.197603] ^ [ 988.201792] ffff8801cf239680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 988.209153] ffff8801cf239700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 988.216486] ================================================================== [ 988.223871] Disabling lock debugging due to kernel taint [ 988.229497] Kernel panic - not syncing: panic_on_warn set ... [ 988.229497] [ 988.236887] CPU: 1 PID: 14011 Comm: kworker/1:0 Tainted: G B 4.9.144+ #77 [ 988.244969] Workqueue: events xfrm_state_gc_task [ 988.249837] ffff8801c11e7a00 ffffffff81b43b89 ffffffff82e3a858 00000000ffffffff [ 988.257824] 0000000000000000 0000000000000001 ffff8801c9755528 ffff8801c11e7ac0 [ 988.265831] ffffffff813f7575 0000000041b58ab3 ffffffff82e2e82b ffffffff813f73b6 [ 988.273849] Call Trace: [ 988.276417] [] dump_stack+0xc1/0x128 [ 988.281822] [] panic+0x1bf/0x39f [ 988.286824] [] ? add_taint.cold.5+0x16/0x16 [ 988.292774] [] ? ___preempt_schedule+0x16/0x18 [ 988.298983] [] kasan_end_report+0x47/0x4f [ 988.304757] [] kasan_report.cold.6+0x76/0x2fe [ 988.310880] [] ? xfrm6_tunnel_destroy+0x5a5/0x630 [ 988.317348] [] __asan_report_load8_noabort+0x14/0x20 [ 988.324072] [] xfrm6_tunnel_destroy+0x5a5/0x630 [ 988.330363] [] ? xfrm6_tunnel_destroy+0x34/0x630 [ 988.336750] [] ? rcu_read_lock_sched_held+0x103/0x120 [ 988.343567] [] ? kfree+0x1b7/0x310 [ 988.348731] [] xfrm_state_gc_task+0x3ad/0x510 [ 988.354847] [] ? xfrm_state_unregister_afinfo+0x160/0x160 [ 988.362016] [] process_one_work+0x831/0x15f0 [ 988.368057] [] ? process_one_work+0x774/0x15f0 [ 988.374266] [] ? cancel_delayed_work_sync+0x20/0x20 [ 988.380903] [] worker_thread+0xd6/0x1140 [ 988.386603] [] ? ___preempt_schedule+0x16/0x18 [ 988.392865] [] kthread+0x26d/0x300 [ 988.398032] [] ? process_one_work+0x15f0/0x15f0 [ 988.404365] [] ? kthread_park+0xa0/0xa0 [ 988.409971] [] ? __switch_to_asm+0x34/0x70 [ 988.415829] [] ? kthread_park+0xa0/0xa0 [ 988.421432] [] ? kthread_park+0xa0/0xa0 [ 988.427033] [] ret_from_fork+0x5c/0x70 [ 988.432869] Kernel Offset: disabled [ 988.436484] Rebooting in 86400 seconds..