Warning: Permanently added '[localhost]:12623' (ECDSA) to the list of known hosts.
2019/03/18 14:16:24 parsed 1 programs
2019/03/18 14:16:24 executed programs: 0
[  100.755941] IPVS: Creating netns size=2720 id=2
[  100.757257] IPVS: ftp: loaded support on port[0] = 21
[  100.762954] ==================================================================
[  100.764002] BUG: KASAN: use-after-free in ida_get_new_above+0x2eb/0x5d0 at addr ffff8800649956c0
[  100.765223] Write of size 128 by task syz-executor2/5333
[  100.766072] CPU: 1 PID: 5333 Comm: syz-executor2 Not tainted 4.10.0+ #1
[  100.766991] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[  100.768110] Call Trace:
[  100.768790]  dump_stack+0xe6/0x120
[  100.769259]  kasan_object_err+0x1c/0x70
[  100.769785]  kasan_report.part.2+0x1e1/0x4a0
[  100.770386]  ? kmem_cache_alloc+0x13a/0x800
[  100.770961]  ? __kernfs_new_node+0x63/0x290
[  100.771534]  ? ida_get_new_above+0x2eb/0x5d0
[  100.772138]  ? sysfs_create_file_ns+0x6c/0xb0
[  100.772740]  kasan_report+0x20/0x30
[  100.773218]  check_memory_region+0x13d/0x1a0
[  100.773808]  memset+0x23/0x40
[  100.774225]  ida_get_new_above+0x2eb/0x5d0
[  100.774855]  ? kernfs_activate+0x2a/0x200
[  100.775410]  ? idr_replace+0x180/0x180
[  100.775932]  ? kernfs_add_one+0x45/0x430
[  100.776475]  ida_simple_get+0xd1/0x170
[  100.776996]  ? ida_remove+0x1f0/0x1f0
[  100.777508]  ? kmem_cache_alloc+0x38e/0x800
[  100.778084]  __kernfs_new_node+0x84/0x290
[  100.778631]  kernfs_new_node+0x5e/0xe0
[  100.779161]  __kernfs_create_file+0x2d/0x2c0
[  100.779791]  sysfs_add_file_mode_ns+0x1d0/0x4e0
[  100.780467]  sysfs_create_file_ns+0x6c/0xb0
[  100.781085]  kobject_add_internal+0x4ef/0x980
[  100.781735]  kobject_init_and_add+0xc5/0x110
[  100.782367]  ? kset_create_and_add+0x170/0x170
[  100.783032]  netdev_queue_update_kobjects+0xd7/0x300
[  100.783769]  netdev_register_kobject+0x258/0x3a0
[  100.784461]  ? raw_notifier_call_chain+0x11/0x20
[  100.785142]  register_netdevice+0x7c6/0xd60
[  100.785764]  ? netdev_change_features+0x80/0x80
[  100.786439]  ? alloc_netdev_mqs+0x789/0xb80
[  100.787058]  __ip_tunnel_create+0x313/0x410
[  100.787674]  ? ip_tunnel_encap_del_ops+0x40/0x40
[  100.788364]  ip_tunnel_init_net+0x1bd/0x430
[  100.788986]  ? ip_tunnel_changelink+0x400/0x400
[  100.789658]  ? ip_tunnel_changelink+0x400/0x400
[  100.790332]  ipgre_init_net+0x18/0x20
[  100.790877]  ops_init+0x95/0x390
[  100.791361]  setup_net+0x21b/0x520
[  100.791875]  ? ops_init+0x390/0x390
[  100.792394]  ? kmem_cache_alloc+0x38e/0x800
[  100.793017]  copy_net_ns+0x134/0x3b0
[  100.793549]  ? copy_utsname+0x27/0x2c0
[  100.794103]  create_new_namespaces+0x354/0x660
[  100.794760]  unshare_nsproxy_namespaces+0x8a/0x190
[  100.795464]  SyS_unshare+0x308/0x6b0
[  100.795998]  ? walk_process_tree+0x2d0/0x2d0
[  100.796627]  ? _raw_read_unlock+0x2c/0x50
[  100.797216]  ? do_prlimit+0x216/0x580
[  100.797757]  ? entry_SYSCALL_64_fastpath+0x5/0xc6
[  100.798443]  ? trace_hardirqs_on_caller+0x44c/0x5e0
[  100.799157]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  100.799842]  entry_SYSCALL_64_fastpath+0x23/0xc6
[  100.800522] RIP: 0033:0x4582a7
[  100.800976] RSP: 002b:00007ffffc216438 EFLAGS: 00000206 ORIG_RAX: 0000000000000110
[  100.802074] RAX: ffffffffffffffda RBX: 00007ffffc216440 RCX: 00000000004582a7
[  100.803100] RDX: 0000000000000000 RSI: 00007ffffc216420 RDI: 0000000040000000
[  100.804139] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000018
[  100.805172] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  100.806206] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  100.807253] Object at ffff8800649956c0, in cache kmalloc-128 size: 128
[  100.808204] Allocated:
[  100.808560] PID = 5333
[  100.808918]  save_stack_trace+0x16/0x20
[  100.809489]  save_stack+0x46/0xd0
[  100.809981]  kasan_kmalloc+0xad/0xe0
[  100.810518]  kmem_cache_alloc_trace+0x142/0x800
[  100.811186]  ida_pre_get+0xa8/0xc0
[  100.811692]  proc_alloc_inum+0x9b/0x150
[  100.812264]  proc_register+0x20/0x2a0
[  100.812802]  proc_mkdir_data+0xe9/0x160
[  100.813368]  nfs_fs_proc_net_init+0x161/0x340
[  100.814014]  nfs_net_init+0x15/0x20
[  100.814537]  ops_init+0x95/0x390
[  100.815016]  setup_net+0x21b/0x520
[  100.815518]  copy_net_ns+0x134/0x3b0
[  100.816052]  create_new_namespaces+0x354/0x660
[  100.816704]  unshare_nsproxy_namespaces+0x8a/0x190
[  100.817414]  SyS_unshare+0x308/0x6b0
[  100.817944]  entry_SYSCALL_64_fastpath+0x23/0xc6
[  100.818622] Freed:
[  100.818931] PID = 5334
[  100.819283]  save_stack_trace+0x16/0x20
[  100.819850]  save_stack+0x46/0xd0
[  100.820336]  kasan_slab_free+0x70/0xb0
[  100.820887]  kfree+0xcf/0x2c0
[  100.821330]  ida_pre_get+0x6f/0xc0
[  100.821842]  alloc_vfsmnt+0x49/0x720
[  100.822372]  clone_mnt+0x6c/0xf00
[  100.822865]  copy_tree+0x322/0x8e0
[  100.823368]  copy_mnt_ns+0xdc/0xcb0
[  100.823886]  create_new_namespaces+0xc5/0x660
[  100.824526]  unshare_nsproxy_namespaces+0x8a/0x190
[  100.825225]  SyS_unshare+0x308/0x6b0
[  100.825754]  entry_SYSCALL_64_fastpath+0x23/0xc6
[  100.826426] Memory state around the buggy address:
[  100.827126]  ffff880064995580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  100.828181]  ffff880064995600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  100.829232] >ffff880064995680: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  100.830279]                                            ^
[  100.831051]  ffff880064995700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  100.832112]  ffff880064995780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  100.833162] ==================================================================
[  100.834210] Disabling lock debugging due to kernel taint
[  100.834984] Kernel panic - not syncing: panic_on_warn set ...
[  100.834984] 
[  100.836041] CPU: 1 PID: 5333 Comm: syz-executor2 Tainted: G    B           4.10.0+ #1
[  100.837121] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[  100.838331] Call Trace:
[  100.838702]  dump_stack+0xe6/0x120
[  100.839213]  panic+0x1b6/0x358
[  100.839668]  ? percpu_up_read_preempt_enable.constprop.41+0xb9/0xb9
[  100.840585]  ? kasan_end_report+0x32/0x50
[  100.841176]  kasan_end_report+0x50/0x50
[  100.841745]  kasan_report.part.2+0x371/0x4a0
[  100.842371]  ? ida_get_new_above+0x2eb/0x5d0
[  100.842997]  kasan_report+0x20/0x30
[  100.843511]  check_memory_region+0x13d/0x1a0
[  100.844141]  memset+0x23/0x40
[  100.844581]  ida_get_new_above+0x2eb/0x5d0
[  100.845187]  ? kernfs_activate+0x2a/0x200
[  100.845775]  ? idr_replace+0x180/0x180
[  100.846327]  ? kernfs_add_one+0x45/0x430
[  100.846909]  ida_simple_get+0xd1/0x170
[  100.847463]  ? ida_remove+0x1f0/0x1f0
[  100.848010]  ? kmem_cache_alloc+0x38e/0x800
[  100.848570]  __kernfs_new_node+0x84/0x290
[  100.849056]  kernfs_new_node+0x5e/0xe0
[  100.849517]  __kernfs_create_file+0x2d/0x2c0
[  100.850036]  sysfs_add_file_mode_ns+0x1d0/0x4e0
[  100.850585]  sysfs_create_file_ns+0x6c/0xb0
[  100.851094]  kobject_add_internal+0x4ef/0x980
[  100.851630]  kobject_init_and_add+0xc5/0x110
[  100.852147]  ? kset_create_and_add+0x170/0x170
[  100.852818]  netdev_queue_update_kobjects+0xd7/0x300
[  100.853418]  netdev_register_kobject+0x258/0x3a0
[  100.853979]  ? raw_notifier_call_chain+0x11/0x20
[  100.854537]  register_netdevice+0x7c6/0xd60
[  100.855042]  ? netdev_change_features+0x80/0x80
[  100.855592]  ? alloc_netdev_mqs+0x789/0xb80
[  100.856106]  __ip_tunnel_create+0x313/0x410
[  100.856619]  ? ip_tunnel_encap_del_ops+0x40/0x40
[  100.857179]  ip_tunnel_init_net+0x1bd/0x430
[  100.857687]  ? ip_tunnel_changelink+0x400/0x400
[  100.858236]  ? ip_tunnel_changelink+0x400/0x400
[  100.858792]  ipgre_init_net+0x18/0x20
[  100.859249]  ops_init+0x95/0x390
[  100.859648]  setup_net+0x21b/0x520
[  100.860070]  ? ops_init+0x390/0x390
[  100.860493]  ? kmem_cache_alloc+0x38e/0x800
[  100.861004]  copy_net_ns+0x134/0x3b0
[  100.861441]  ? copy_utsname+0x27/0x2c0
[  100.861897]  create_new_namespaces+0x354/0x660
[  100.862441]  unshare_nsproxy_namespaces+0x8a/0x190
[  100.863021]  SyS_unshare+0x308/0x6b0
[  100.863457]  ? walk_process_tree+0x2d0/0x2d0
[  100.863985]  ? _raw_read_unlock+0x2c/0x50
[  100.864483]  ? do_prlimit+0x216/0x580
[  100.864928]  ? entry_SYSCALL_64_fastpath+0x5/0xc6
[  100.865502]  ? trace_hardirqs_on_caller+0x44c/0x5e0
[  100.866099]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  100.866661]  entry_SYSCALL_64_fastpath+0x23/0xc6
[  100.867224] RIP: 0033:0x4582a7
[  100.867596] RSP: 002b:00007ffffc216438 EFLAGS: 00000206 ORIG_RAX: 0000000000000110
[  100.868521] RAX: ffffffffffffffda RBX: 00007ffffc216440 RCX: 00000000004582a7
[  100.869310] RDX: 0000000000000000 RSI: 00007ffffc216420 RDI: 0000000040000000
[  100.870163] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000018
[  100.871023] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  100.871886] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  100.873395] Kernel Offset: disabled
[  100.873826] Rebooting in 86400 seconds..