[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 26.973199] kauditd_printk_skb: 7 callbacks suppressed [ 26.973211] audit: type=1800 audit(1538100574.905:29): pid=5238 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 27.000023] audit: type=1800 audit(1538100574.905:30): pid=5238 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.86' (ECDSA) to the list of known hosts. 2018/09/28 02:09:52 parsed 1 programs 2018/09/28 02:09:54 executed programs: 0 syzkaller login: [ 46.294707] IPVS: ftp: loaded support on port[0] = 21 [ 46.306677] IPVS: ftp: loaded support on port[0] = 21 [ 46.308938] IPVS: ftp: loaded support on port[0] = 21 [ 46.334024] IPVS: ftp: loaded support on port[0] = 21 [ 46.335540] IPVS: ftp: loaded support on port[0] = 21 [ 46.370621] IPVS: ftp: loaded support on port[0] = 21 [ 47.199533] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.206350] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.215207] device bridge_slave_0 entered promiscuous mode [ 47.223655] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.230757] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.238794] device bridge_slave_0 entered promiscuous mode [ 47.257331] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.267671] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.275603] device bridge_slave_0 entered promiscuous mode [ 47.282714] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.290838] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.298152] device bridge_slave_0 entered promiscuous mode [ 47.306725] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.313972] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.321491] device bridge_slave_1 entered promiscuous mode [ 47.330090] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.336936] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.344103] device bridge_slave_0 entered promiscuous mode [ 47.352225] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.358588] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.367490] device bridge_slave_1 entered promiscuous mode [ 47.374536] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.381612] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.388663] device bridge_slave_1 entered promiscuous mode [ 47.396514] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.406330] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.413431] device bridge_slave_1 entered promiscuous mode [ 47.420364] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.426748] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.434907] device bridge_slave_0 entered promiscuous mode [ 47.443939] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.451657] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.458702] device bridge_slave_1 entered promiscuous mode [ 47.466533] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.475226] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.483542] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.493683] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.502515] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.512598] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.527062] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.538486] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.549821] device bridge_slave_1 entered promiscuous mode [ 47.558338] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.567494] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.580974] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.589440] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.613501] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.677202] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.698993] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 47.709994] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 47.733321] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 47.754394] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.766339] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 47.781144] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.792067] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.811699] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 47.843039] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.868973] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 47.879723] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.896897] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 47.913536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 47.931266] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 47.944287] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.956010] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 47.975804] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 47.988759] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.001669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.012260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.036496] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.046986] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.072243] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.094632] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.103373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.114300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.175430] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 48.188173] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 48.208782] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.218111] team0: Port device team_slave_0 added [ 48.240521] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.252607] team0: Port device team_slave_0 added [ 48.273818] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.285764] team0: Port device team_slave_0 added [ 48.294701] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.311963] team0: Port device team_slave_1 added [ 48.325666] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.333388] team0: Port device team_slave_1 added [ 48.338856] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.350213] team0: Port device team_slave_1 added [ 48.355756] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.364370] team0: Port device team_slave_0 added [ 48.392855] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.416058] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.441524] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.448986] team0: Port device team_slave_1 added [ 48.461442] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.482185] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.490774] team0: Port device team_slave_0 added [ 48.504866] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.514104] team0: Port device team_slave_0 added [ 48.524338] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.546676] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.564926] team0: Port device team_slave_1 added [ 48.576061] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.594075] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.604833] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.613193] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.621428] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.629407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.641650] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.651528] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.660311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.668247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.677269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.688056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.702887] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.710858] team0: Port device team_slave_1 added [ 48.727094] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.737073] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.760776] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.770004] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.793100] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.801278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.809263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.817071] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.825031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.832962] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.844763] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.864618] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.873904] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.890378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.906107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.929901] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.949302] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.958394] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.967195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.991348] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.001171] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 49.010786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.018810] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.039298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 49.047276] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.086814] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.103476] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.112437] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.121785] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.147095] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.161384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.226908] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.251349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.267611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.614443] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.621160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.628066] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.634634] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.647029] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.672857] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.679430] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.686257] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.692746] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.705292] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.815120] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.821601] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.828273] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.834967] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.844179] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.909742] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.926471] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.941437] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.960483] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.966880] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.973674] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.980110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.988679] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.007533] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.014034] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.020814] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.027439] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.057093] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.164387] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.170996] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.177754] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.184190] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.198894] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.987068] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.994885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.008337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.602646] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.629310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.846876] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.867597] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.930402] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.955011] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.066504] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.078196] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.102209] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.164842] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.196148] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.218768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.229070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.256525] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.271145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.280351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.348140] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.409716] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.433717] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.444089] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.453493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.462424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.470415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.483325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.562601] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.589815] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.626960] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.634526] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.645509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.723343] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.739894] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.747726] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.759846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.766991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.916173] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.073498] 8021q: adding VLAN 0 to HW filter on device team0 2018/09/28 02:10:03 executed programs: 6 2018/09/28 02:10:08 executed programs: 287 [ 60.806140] ================================================================== [ 60.813856] BUG: KASAN: use-after-free in rawv6_sendmsg+0x4421/0x4630 [ 60.820549] Read of size 8 at addr ffff8801bbc63530 by task syz-executor0/8104 [ 60.828066] [ 60.829731] CPU: 0 PID: 8104 Comm: syz-executor0 Not tainted 4.19.0-rc5+ #257 [ 60.837279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.846800] Call Trace: [ 60.849426] dump_stack+0x1c4/0x2b4 [ 60.853250] ? dump_stack_print_info.cold.2+0x52/0x52 [ 60.858465] ? printk+0xa7/0xcf [ 60.858486] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 60.858510] print_address_description.cold.8+0x9/0x1ff [ 60.866714] kasan_report.cold.9+0x242/0x309 [ 60.866731] ? rawv6_sendmsg+0x4421/0x4630 [ 60.866750] __asan_report_load8_noabort+0x14/0x20 [ 60.885945] rawv6_sendmsg+0x4421/0x4630 [ 60.890133] ? rawv6_getsockopt+0x140/0x140 [ 60.894601] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.900002] ? find_held_lock+0x36/0x1c0 [ 60.904100] ? find_held_lock+0x36/0x1c0 [ 60.908197] ? __might_fault+0x12b/0x1e0 [ 60.912290] ? lock_downgrade+0x900/0x900 [ 60.916467] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 60.922034] ? aa_label_sk_perm+0x46d/0x8e0 [ 60.926390] ? aa_profile_af_perm+0x410/0x410 [ 60.931062] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 60.936740] ? _copy_from_user+0xdf/0x150 [ 60.940944] ? aa_af_perm+0x5a0/0x5a0 [ 60.944800] inet_sendmsg+0x1a1/0x690 [ 60.948652] ? rawv6_getsockopt+0x140/0x140 [ 60.952999] ? inet_sendmsg+0x1a1/0x690 [ 60.957005] ? ipip_gro_receive+0x100/0x100 [ 60.961359] ? apparmor_socket_sendmsg+0x29/0x30 [ 60.966147] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.971714] ? security_socket_sendmsg+0x94/0xc0 [ 60.971729] ? ipip_gro_receive+0x100/0x100 [ 60.971747] sock_sendmsg+0xd5/0x120 [ 60.971765] ___sys_sendmsg+0x51d/0x930 [ 60.971780] ? graph_lock+0x170/0x170 [ 60.971802] ? copy_msghdr_from_user+0x580/0x580 [ 60.997466] ? find_held_lock+0x36/0x1c0 [ 61.001605] ? find_held_lock+0x36/0x1c0 [ 61.005806] ? __might_fault+0x12b/0x1e0 [ 61.009926] ? ___might_sleep+0x1ed/0x300 [ 61.014106] ? arch_local_save_flags+0x40/0x40 [ 61.018736] __sys_sendmmsg+0x246/0x6d0 [ 61.022753] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 61.027337] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 61.032904] ? put_timespec64+0x10f/0x1b0 [ 61.037084] ? nsecs_to_jiffies+0x30/0x30 [ 61.041272] ? do_syscall_64+0x9a/0x820 [ 61.045279] ? do_syscall_64+0x9a/0x820 [ 61.049289] ? lockdep_hardirqs_on+0x421/0x5c0 [ 61.053914] ? trace_hardirqs_on+0xbd/0x310 [ 61.058275] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.063856] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.069401] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 61.074897] __x64_sys_sendmmsg+0x9d/0x100 [ 61.079180] do_syscall_64+0x1b9/0x820 [ 61.083102] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 61.088506] ? syscall_return_slowpath+0x5e0/0x5e0 [ 61.093470] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 61.098530] ? trace_hardirqs_on_caller+0x310/0x310 [ 61.098549] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 61.098599] ? prepare_exit_to_usermode+0x291/0x3b0 [ 61.108684] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 61.108713] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.123816] RIP: 0033:0x457579 [ 61.127126] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.146327] RSP: 002b:00007f1e828abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 61.154048] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457579 [ 61.161330] RDX: 0000000000000249 RSI: 0000000020001300 RDI: 0000000000000003 [ 61.168625] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 61.175950] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1e828ac6d4 [ 61.183223] R13: 00000000004c34ed R14: 00000000004d52b0 R15: 00000000ffffffff [ 61.190660] [ 61.192346] Allocated by task 8104: [ 61.195980] save_stack+0x43/0xd0 [ 61.199444] kasan_kmalloc+0xc7/0xe0 [ 61.203157] kasan_slab_alloc+0x12/0x20 [ 61.207132] kmem_cache_alloc+0x12e/0x730 [ 61.211281] dst_alloc+0xbb/0x1d0 [ 61.214737] ip6_dst_alloc+0x35/0xa0 [ 61.218631] ip6_rt_cache_alloc+0x247/0x7b0 [ 61.222955] ip6_pol_route+0x8f8/0xd90 [ 61.226846] ip6_pol_route_output+0x54/0x70 [ 61.231168] fib6_rule_lookup+0x13a/0x860 [ 61.235376] ip6_route_output_flags+0x2c5/0x350 [ 61.240073] ip6_dst_lookup_tail+0x125c/0x1d60 [ 61.244756] ip6_dst_lookup_flow+0xc8/0x270 [ 61.249101] rawv6_sendmsg+0x12d9/0x4630 [ 61.253238] inet_sendmsg+0x1a1/0x690 [ 61.257162] sock_sendmsg+0xd5/0x120 [ 61.261172] ___sys_sendmsg+0x51d/0x930 [ 61.265206] __sys_sendmmsg+0x246/0x6d0 [ 61.269190] __x64_sys_sendmmsg+0x9d/0x100 [ 61.273433] do_syscall_64+0x1b9/0x820 [ 61.277334] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.282521] [ 61.284152] Freed by task 8089: [ 61.287444] save_stack+0x43/0xd0 [ 61.290901] __kasan_slab_free+0x102/0x150 [ 61.295136] kasan_slab_free+0xe/0x10 [ 61.298939] kmem_cache_free+0x83/0x290 [ 61.302915] dst_destroy+0x267/0x3c0 [ 61.306630] dst_destroy_rcu+0x16/0x19 [ 61.310524] rcu_process_callbacks+0xf23/0x2670 [ 61.315398] __do_softirq+0x30b/0xad8 [ 61.319213] [ 61.320846] The buggy address belongs to the object at ffff8801bbc63480 [ 61.320846] which belongs to the cache ip6_dst_cache of size 240 [ 61.333801] The buggy address is located 176 bytes inside of [ 61.333801] 240-byte region [ffff8801bbc63480, ffff8801bbc63570) [ 61.345898] The buggy address belongs to the page: [ 61.350837] page:ffffea0006ef18c0 count:1 mapcount:0 mapping:ffff8801cb1bab00 index:0x0 [ 61.359142] flags: 0x2fffc0000000100(slab) [ 61.363395] raw: 02fffc0000000100 ffffea0006f8ea88 ffffea0007652f88 ffff8801cb1bab00 [ 61.371279] raw: 0000000000000000 ffff8801bbc630c0 000000010000000c 0000000000000000 [ 61.379297] page dumped because: kasan: bad access detected [ 61.385038] [ 61.386791] Memory state around the buggy address: [ 61.391719] ffff8801bbc63400: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 61.399285] ffff8801bbc63480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.406645] >ffff8801bbc63500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 61.414005] ^ [ 61.418952] ffff8801bbc63580: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 61.426305] ffff8801bbc63600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.433664] ================================================================== [ 61.441050] Disabling lock debugging due to kernel taint [ 61.448156] Kernel panic - not syncing: panic_on_warn set ... [ 61.448156] [ 61.455610] CPU: 0 PID: 8104 Comm: syz-executor0 Tainted: G B 4.19.0-rc5+ #257 [ 61.464265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.473603] Call Trace: [ 61.476187] dump_stack+0x1c4/0x2b4 [ 61.479807] ? dump_stack_print_info.cold.2+0x52/0x52 [ 61.484992] panic+0x238/0x4e7 [ 61.488172] ? add_taint.cold.5+0x16/0x16 [ 61.492334] ? preempt_schedule+0x4d/0x60 [ 61.496473] ? ___preempt_schedule+0x16/0x18 [ 61.500870] ? trace_hardirqs_on+0xb4/0x310 [ 61.505186] kasan_end_report+0x47/0x4f [ 61.509189] kasan_report.cold.9+0x76/0x309 [ 61.515857] ? rawv6_sendmsg+0x4421/0x4630 [ 61.520079] __asan_report_load8_noabort+0x14/0x20 [ 61.525000] rawv6_sendmsg+0x4421/0x4630 [ 61.529078] ? rawv6_getsockopt+0x140/0x140 [ 61.533416] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.538795] ? find_held_lock+0x36/0x1c0 [ 61.542871] ? find_held_lock+0x36/0x1c0 [ 61.546922] ? __might_fault+0x12b/0x1e0 [ 61.550972] ? lock_downgrade+0x900/0x900 [ 61.555119] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 61.560651] ? aa_label_sk_perm+0x46d/0x8e0 [ 61.568904] ? aa_profile_af_perm+0x410/0x410 [ 61.573449] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 61.578986] ? _copy_from_user+0xdf/0x150 [ 61.583146] ? aa_af_perm+0x5a0/0x5a0 [ 61.586968] inet_sendmsg+0x1a1/0x690 [ 61.590772] ? rawv6_getsockopt+0x140/0x140 [ 61.595093] ? inet_sendmsg+0x1a1/0x690 [ 61.599065] ? ipip_gro_receive+0x100/0x100 [ 61.603390] ? apparmor_socket_sendmsg+0x29/0x30 [ 61.608147] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.613683] ? security_socket_sendmsg+0x94/0xc0 [ 61.618438] ? ipip_gro_receive+0x100/0x100 [ 61.622763] sock_sendmsg+0xd5/0x120 [ 61.626480] ___sys_sendmsg+0x51d/0x930 [ 61.630483] ? graph_lock+0x170/0x170 [ 61.634289] ? copy_msghdr_from_user+0x580/0x580 [ 61.639072] ? find_held_lock+0x36/0x1c0 [ 61.643159] ? find_held_lock+0x36/0x1c0 [ 61.647245] ? __might_fault+0x12b/0x1e0 [ 61.651361] ? ___might_sleep+0x1ed/0x300 [ 61.655525] ? arch_local_save_flags+0x40/0x40 [ 61.660121] __sys_sendmmsg+0x246/0x6d0 [ 61.664106] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 61.668448] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 61.674002] ? put_timespec64+0x10f/0x1b0 [ 61.678192] ? nsecs_to_jiffies+0x30/0x30 [ 61.682354] ? do_syscall_64+0x9a/0x820 [ 61.686343] ? do_syscall_64+0x9a/0x820 [ 61.690318] ? lockdep_hardirqs_on+0x421/0x5c0 [ 61.694900] ? trace_hardirqs_on+0xbd/0x310 [ 61.699218] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.704783] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.710143] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 61.715600] __x64_sys_sendmmsg+0x9d/0x100 [ 61.719844] do_syscall_64+0x1b9/0x820 [ 61.723733] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 61.729096] ? syscall_return_slowpath+0x5e0/0x5e0 [ 61.734046] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 61.738902] ? trace_hardirqs_on_caller+0x310/0x310 [ 61.743934] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 61.748967] ? prepare_exit_to_usermode+0x291/0x3b0 [ 61.753989] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 61.758844] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.764032] RIP: 0033:0x457579 [ 61.767224] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.786121] RSP: 002b:00007f1e828abc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 61.793840] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457579 [ 61.801108] RDX: 0000000000000249 RSI: 0000000020001300 RDI: 0000000000000003 [ 61.808389] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 61.815675] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1e828ac6d4 [ 61.822942] R13: 00000000004c34ed R14: 00000000004d52b0 R15: 00000000ffffffff [ 61.831338] Kernel Offset: disabled [ 61.834982] Rebooting in 86400 seconds..