[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 33.691295] audit: type=1800 audit(1538649744.725:25): pid=5866 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 33.710778] audit: type=1800 audit(1538649744.725:26): pid=5866 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 33.738357] audit: type=1800 audit(1538649744.725:27): pid=5866 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.33' (ECDSA) to the list of known hosts. 2018/10/04 10:42:44 parsed 1 programs 2018/10/04 10:42:45 executed programs: 0 syzkaller login: [ 54.826842] IPVS: ftp: loaded support on port[0] = 21 [ 54.827262] IPVS: ftp: loaded support on port[0] = 21 [ 54.836139] IPVS: ftp: loaded support on port[0] = 21 [ 54.841398] IPVS: ftp: loaded support on port[0] = 21 [ 54.846575] IPVS: ftp: loaded support on port[0] = 21 [ 54.862281] IPVS: ftp: loaded support on port[0] = 21 [ 55.437859] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.445694] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.453150] device bridge_slave_0 entered promiscuous mode [ 55.463403] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.471331] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.478130] device bridge_slave_0 entered promiscuous mode [ 55.499955] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.509953] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.519349] device bridge_slave_1 entered promiscuous mode [ 55.527501] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.535273] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.542665] device bridge_slave_0 entered promiscuous mode [ 55.565842] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.576370] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.585372] device bridge_slave_1 entered promiscuous mode [ 55.593297] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.603109] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.610652] device bridge_slave_0 entered promiscuous mode [ 55.618372] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.634062] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.642754] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.650940] device bridge_slave_1 entered promiscuous mode [ 55.667011] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.678064] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.692094] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.699878] device bridge_slave_1 entered promiscuous mode [ 55.707953] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.721612] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.729742] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.736100] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.746500] device bridge_slave_0 entered promiscuous mode [ 55.753828] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.767790] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.774956] device bridge_slave_0 entered promiscuous mode [ 55.783016] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.792103] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.816157] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.834167] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.844881] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.853019] device bridge_slave_1 entered promiscuous mode [ 55.870372] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.876719] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.886494] device bridge_slave_1 entered promiscuous mode [ 55.902129] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.927694] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.953778] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.970515] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.987300] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.005236] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.018836] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.040383] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.053401] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.071847] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.093908] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.136940] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.197294] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.219316] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.245521] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.267019] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.293854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.306174] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.318074] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.340697] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 56.349083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.363101] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.375910] team0: Port device team_slave_0 added [ 56.387855] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.400924] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.412613] team0: Port device team_slave_0 added [ 56.418119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.427275] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.437204] team0: Port device team_slave_0 added [ 56.444080] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 56.462711] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.472117] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.480959] team0: Port device team_slave_1 added [ 56.486289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.501741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.510285] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.517515] team0: Port device team_slave_1 added [ 56.525178] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.532528] team0: Port device team_slave_1 added [ 56.547213] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 56.565691] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.575651] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.592981] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 56.602839] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.610581] team0: Port device team_slave_0 added [ 56.615742] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.625541] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.637751] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 56.665063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.679095] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.693082] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.701211] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.710540] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.717552] team0: Port device team_slave_1 added [ 56.727438] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.739393] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.748991] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.756281] team0: Port device team_slave_0 added [ 56.770090] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.779307] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.787547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.795933] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.803971] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.818825] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.832215] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.845871] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.854753] team0: Port device team_slave_1 added [ 56.866887] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.874448] team0: Port device team_slave_0 added [ 56.880418] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.889667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.897636] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.905221] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.913028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.921059] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.928361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.936203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.947772] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.964888] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.978855] team0: Port device team_slave_1 added [ 56.987190] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.996678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.005447] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.013269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.035399] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.044898] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.057849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.071496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.082994] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.098642] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 57.107069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.121760] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.141552] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.159075] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.173934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.182882] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.200620] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.208800] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.219911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.241074] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 57.248338] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.256656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.287692] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 57.299681] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.310800] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.625550] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.631977] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.638666] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.645027] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.657738] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.666759] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.673176] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.679829] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.686185] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.695515] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.705507] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.711925] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.718603] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.725267] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.737013] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.795568] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.802082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.808742] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.815107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.833006] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.925645] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.932066] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.938747] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.945106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.953148] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 58.017005] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.023432] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.030116] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.036481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.049629] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 58.298552] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.306456] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.319674] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.329405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.338348] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.345352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.827260] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.904699] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.963129] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.975029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.986623] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.036761] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.087149] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.119676] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.193363] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.201600] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.218871] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.269661] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.281612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.292149] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.316443] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.331020] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.342490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.349748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.430463] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.439422] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.446863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.456275] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.472253] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.480465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.500511] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.511179] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.518306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.525203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.547105] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.574545] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.583890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.593566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.698678] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.729192] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.747574] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.795703] 8021q: adding VLAN 0 to HW filter on device team0 2018/10/04 10:42:52 executed programs: 6 2018/10/04 10:42:57 executed programs: 405 2018/10/04 10:43:02 executed programs: 833 2018/10/04 10:43:07 executed programs: 1265 2018/10/04 10:43:12 executed programs: 1696 2018/10/04 10:43:17 executed programs: 2138 2018/10/04 10:43:22 executed programs: 2576 2018/10/04 10:43:27 executed programs: 3006 2018/10/04 10:43:32 executed programs: 3444 [ 105.633838] ================================================================== [ 105.641282] BUG: KASAN: use-after-free in rawv6_sendmsg+0x4312/0x4630 [ 105.647894] Read of size 8 at addr ffff8801c33430f0 by task syz-executor3/21698 [ 105.655351] [ 105.657002] CPU: 1 PID: 21698 Comm: syz-executor3 Not tainted 4.19.0-rc6-next-20181004+ #87 [ 105.665515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 105.674885] Call Trace: [ 105.677488] dump_stack+0x1d3/0x2c4 [ 105.681132] ? dump_stack_print_info.cold.2+0x52/0x52 [ 105.686341] ? printk+0xa7/0xcf [ 105.689638] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 105.694422] print_address_description.cold.8+0x9/0x1ff [ 105.699799] kasan_report.cold.9+0x242/0x309 [ 105.699815] ? rawv6_sendmsg+0x4312/0x4630 [ 105.699833] __asan_report_load8_noabort+0x14/0x20 [ 105.699852] rawv6_sendmsg+0x4312/0x4630 [ 105.708545] ? rawv6_getsockopt+0x140/0x140 [ 105.708558] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 105.708573] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 105.708590] ? kasan_check_read+0x11/0x20 [ 105.717604] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 105.717631] ? rcu_softirq_qs+0x20/0x20 [ 105.717647] ? unwind_dump+0x190/0x190 [ 105.727342] ? __might_fault+0x12b/0x1e0 [ 105.727364] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 105.736420] ? aa_label_sk_perm+0xfc/0xa50 [ 105.736438] ? lock_release+0x970/0x970 [ 105.736456] ? check_same_owner+0x330/0x330 [ 105.745745] ? aa_profile_af_perm+0x410/0x410 [ 105.745767] ? check_same_owner+0x330/0x330 [ 105.780549] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 105.786367] ? _copy_from_user+0xdf/0x150 [ 105.786393] ? __might_sleep+0x95/0x190 [ 105.794560] ? aa_af_perm+0x5a0/0x5a0 [ 105.798389] inet_sendmsg+0x19c/0x690 [ 105.798406] ? rawv6_getsockopt+0x140/0x140 [ 105.798417] ? inet_sendmsg+0x19c/0x690 [ 105.798434] ? ipip_gro_receive+0x100/0x100 [ 105.814820] ? apparmor_socket_sendmsg+0x29/0x30 [ 105.819594] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 105.825164] ? security_socket_sendmsg+0x94/0xc0 [ 105.829939] ? ipip_gro_receive+0x100/0x100 [ 105.834285] sock_sendmsg+0xd5/0x120 [ 105.838016] ___sys_sendmsg+0x51d/0x930 [ 105.842007] ? copy_msghdr_from_user+0x580/0x580 [ 105.847476] ? ip6_datagram_send_ctl+0x14c0/0x14c0 [ 105.852596] ? __might_fault+0x12b/0x1e0 [ 105.856683] ? __local_bh_enable_ip+0x160/0x260 [ 105.861347] ? check_same_owner+0x330/0x330 [ 105.865663] __sys_sendmmsg+0x246/0x6d0 [ 105.869667] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 105.873995] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 105.879519] ? put_timespec64+0x10f/0x1b0 [ 105.883673] ? nsecs_to_jiffies+0x30/0x30 [ 105.887804] ? trace_hardirqs_on+0xbd/0x310 [ 105.892108] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 105.897627] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 105.902975] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 105.908426] __x64_sys_sendmmsg+0x9d/0x100 [ 105.912657] do_syscall_64+0x1b9/0x820 [ 105.916545] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 105.921910] ? syscall_return_slowpath+0x5e0/0x5e0 [ 105.926823] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 105.931661] ? trace_hardirqs_on_caller+0x310/0x310 [ 105.936666] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 105.941697] ? prepare_exit_to_usermode+0x291/0x3b0 [ 105.946697] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 105.951536] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 105.956709] RIP: 0033:0x457579 [ 105.959886] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 105.978775] RSP: 002b:00007efecb344c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 105.986465] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457579 [ 105.993732] RDX: 0000000000000249 RSI: 0000000020001300 RDI: 0000000000000003 [ 106.001854] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 106.010159] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efecb3456d4 [ 106.017427] R13: 00000000004c34ed R14: 00000000004d52b0 R15: 00000000ffffffff [ 106.024686] [ 106.026295] Allocated by task 21698: [ 106.030010] save_stack+0x43/0xd0 [ 106.033443] kasan_kmalloc+0xc7/0xe0 [ 106.037135] kasan_slab_alloc+0x12/0x20 [ 106.041089] kmem_cache_alloc+0x12e/0x730 [ 106.045220] dst_alloc+0xbb/0x1d0 [ 106.048672] ip6_dst_alloc+0x35/0xa0 [ 106.052367] ip6_rt_cache_alloc+0x247/0x7b0 [ 106.056692] ip6_pol_route+0x8f8/0xd90 [ 106.060561] ip6_pol_route_output+0x54/0x70 [ 106.064890] fib6_rule_lookup+0x13a/0x860 [ 106.069034] ip6_route_output_flags+0x2c5/0x350 [ 106.073732] ip6_dst_lookup_tail+0x125c/0x1d60 [ 106.078296] ip6_dst_lookup_flow+0xc8/0x270 [ 106.082633] rawv6_sendmsg+0x12d9/0x4630 [ 106.086677] inet_sendmsg+0x19c/0x690 [ 106.090476] sock_sendmsg+0xd5/0x120 [ 106.094178] ___sys_sendmsg+0x51d/0x930 [ 106.098152] __sys_sendmmsg+0x246/0x6d0 [ 106.102108] __x64_sys_sendmmsg+0x9d/0x100 [ 106.106341] do_syscall_64+0x1b9/0x820 [ 106.110230] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 106.115398] [ 106.117004] Freed by task 16: [ 106.120112] save_stack+0x43/0xd0 [ 106.123548] __kasan_slab_free+0x102/0x150 [ 106.127782] kasan_slab_free+0xe/0x10 [ 106.131579] kmem_cache_free+0x83/0x290 [ 106.135551] dst_destroy+0x267/0x3c0 [ 106.139325] dst_destroy_rcu+0x16/0x19 [ 106.143203] rcu_process_callbacks+0xff9/0x1ad0 [ 106.147855] __do_softirq+0x30b/0xb03 [ 106.151636] [ 106.153246] The buggy address belongs to the object at ffff8801c3343040 [ 106.153246] which belongs to the cache ip6_dst_cache of size 224 [ 106.166065] The buggy address is located 176 bytes inside of [ 106.166065] 224-byte region [ffff8801c3343040, ffff8801c3343120) [ 106.177935] The buggy address belongs to the page: [ 106.182850] page:ffffea00070cd0c0 count:1 mapcount:0 mapping:ffff8801cafbdc00 index:0x0 [ 106.190989] flags: 0x2fffc0000000200(slab) [ 106.195221] raw: 02fffc0000000200 ffffea000709ca88 ffffea0007657588 ffff8801cafbdc00 [ 106.203085] raw: 0000000000000000 ffff8801c3343040 000000010000000c 0000000000000000 [ 106.210967] page dumped because: kasan: bad access detected [ 106.216830] [ 106.218610] Memory state around the buggy address: [ 106.224584] ffff8801c3342f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 106.232270] ffff8801c3343000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 106.239609] >ffff8801c3343080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 106.247006] ^ [ 106.254001] ffff8801c3343100: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 106.261380] ffff8801c3343180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 106.269195] ================================================================== [ 106.278888] Kernel panic - not syncing: panic_on_warn set ... [ 106.278888] [ 106.286274] CPU: 1 PID: 21698 Comm: syz-executor3 Tainted: G B 4.19.0-rc6-next-20181004+ #87 [ 106.296157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 106.305494] Call Trace: [ 106.308080] dump_stack+0x1d3/0x2c4 [ 106.311713] ? dump_stack_print_info.cold.2+0x52/0x52 [ 106.316907] panic+0x238/0x4e7 [ 106.320094] ? add_taint.cold.5+0x16/0x16 [ 106.324229] ? preempt_schedule+0x4d/0x60 [ 106.328383] ? ___preempt_schedule+0x16/0x18 [ 106.332793] ? trace_hardirqs_on+0xb4/0x310 [ 106.338239] kasan_end_report+0x47/0x4f [ 106.342391] kasan_report.cold.9+0x76/0x309 [ 106.346698] ? rawv6_sendmsg+0x4312/0x4630 [ 106.350918] __asan_report_load8_noabort+0x14/0x20 [ 106.355832] rawv6_sendmsg+0x4312/0x4630 [ 106.359891] ? rawv6_getsockopt+0x140/0x140 [ 106.364243] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 106.369609] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 106.374556] ? kasan_check_read+0x11/0x20 [ 106.378692] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 106.383967] ? rcu_softirq_qs+0x20/0x20 [ 106.387933] ? unwind_dump+0x190/0x190 [ 106.391834] ? __might_fault+0x12b/0x1e0 [ 106.395930] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 106.401452] ? aa_label_sk_perm+0xfc/0xa50 [ 106.405703] ? lock_release+0x970/0x970 [ 106.409677] ? check_same_owner+0x330/0x330 [ 106.413982] ? aa_profile_af_perm+0x410/0x410 [ 106.418479] ? check_same_owner+0x330/0x330 [ 106.422788] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 106.428323] ? _copy_from_user+0xdf/0x150 [ 106.432479] ? __might_sleep+0x95/0x190 [ 106.436644] ? aa_af_perm+0x5a0/0x5a0 [ 106.440633] inet_sendmsg+0x19c/0x690 [ 106.444419] ? rawv6_getsockopt+0x140/0x140 [ 106.448739] ? inet_sendmsg+0x19c/0x690 [ 106.452702] ? ipip_gro_receive+0x100/0x100 [ 106.457024] ? apparmor_socket_sendmsg+0x29/0x30 [ 106.461796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.467318] ? security_socket_sendmsg+0x94/0xc0 [ 106.472060] ? ipip_gro_receive+0x100/0x100 [ 106.476378] sock_sendmsg+0xd5/0x120 [ 106.480077] ___sys_sendmsg+0x51d/0x930 [ 106.484063] ? copy_msghdr_from_user+0x580/0x580 [ 106.488808] ? ip6_datagram_send_ctl+0x14c0/0x14c0 [ 106.493725] ? __might_fault+0x12b/0x1e0 [ 106.497773] ? __local_bh_enable_ip+0x160/0x260 [ 106.502431] ? check_same_owner+0x330/0x330 [ 106.506764] __sys_sendmmsg+0x246/0x6d0 [ 106.510730] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 106.515093] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 106.520625] ? put_timespec64+0x10f/0x1b0 [ 106.524775] ? nsecs_to_jiffies+0x30/0x30 [ 106.528930] ? trace_hardirqs_on+0xbd/0x310 [ 106.533240] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 106.538761] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 106.544111] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 106.549548] __x64_sys_sendmmsg+0x9d/0x100 [ 106.553769] do_syscall_64+0x1b9/0x820 [ 106.557664] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 106.563016] ? syscall_return_slowpath+0x5e0/0x5e0 [ 106.567933] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 106.572763] ? trace_hardirqs_on_caller+0x310/0x310 [ 106.577782] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 106.582815] ? prepare_exit_to_usermode+0x291/0x3b0 [ 106.587834] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 106.592666] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 106.597847] RIP: 0033:0x457579 [ 106.601028] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 106.619918] RSP: 002b:00007efecb344c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 106.627631] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457579 [ 106.634897] RDX: 0000000000000249 RSI: 0000000020001300 RDI: 0000000000000003 [ 106.642154] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 106.649430] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efecb3456d4 [ 106.656684] R13: 00000000004c34ed R14: 00000000004d52b0 R15: 00000000ffffffff [ 106.665525] Kernel Offset: disabled [ 106.669149] Rebooting in 86400 seconds..