audit: type=1400 audit(1564931184.289:8): avc: denied { prog_load } for pid=1778 comm="syz-executor912" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
audit: type=1400 audit(1564931184.319:9): avc: denied { prog_run } for pid=1778 comm="syz-executor912" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
==================================================================
BUG: KASAN: use-after-free in _copy_to_user+0x9d/0xd0 lib/usercopy.c:27
Read of size 931 at addr ffff8881c33ffff3 by task syz-executor912/1778
CPU: 0 PID: 1778 Comm: syz-executor912 Not tainted 4.14.136+ #27
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xca/0x134 lib/dump_stack.c:53
print_address_description+0x60/0x226 mm/kasan/report.c:187
__kasan_report.cold+0x1a/0x41 mm/kasan/report.c:316
The buggy address belongs to the page:
page:ffffea00070cffc0 count:0 mapcount:0 mapping: (null) index:0x0
flags: 0x4000000000000000()
raw: 4000000000000000 0000000000000000 0000000000000000 00000000ffffffff
raw: ffffea00070cffe0 ffffea00070cffe0 0000000000000000 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8881c33ffe80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff8881c33fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff8881c33fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff8881c3400000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8881c3400080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================