[info] Using makefile-style concurrent boot in runlevel 2. [ 23.982516] audit: type=1800 audit(1538099817.961:21): pid=5175 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [ 24.009612] audit: type=1800 audit(1538099817.971:22): pid=5175 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.81' (ECDSA) to the list of known hosts. 2018/09/28 01:57:23 parsed 1 programs 2018/09/28 01:57:25 executed programs: 0 syzkaller login: [ 51.199440] IPVS: ftp: loaded support on port[0] = 21 [ 51.212856] IPVS: ftp: loaded support on port[0] = 21 [ 51.234138] IPVS: ftp: loaded support on port[0] = 21 [ 51.249245] IPVS: ftp: loaded support on port[0] = 21 [ 51.249262] IPVS: ftp: loaded support on port[0] = 21 [ 51.269734] IPVS: ftp: loaded support on port[0] = 21 [ 52.443114] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.449998] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.458539] device bridge_slave_0 entered promiscuous mode [ 52.496664] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.505860] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.514734] device bridge_slave_0 entered promiscuous mode [ 52.540157] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.548723] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.556693] device bridge_slave_0 entered promiscuous mode [ 52.577204] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.585849] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.593221] device bridge_slave_1 entered promiscuous mode [ 52.601190] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.610889] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.622595] device bridge_slave_0 entered promiscuous mode [ 52.631338] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.637842] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.645959] device bridge_slave_0 entered promiscuous mode [ 52.654419] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.660778] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.668606] device bridge_slave_1 entered promiscuous mode [ 52.677546] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.689578] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.697051] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.710109] device bridge_slave_1 entered promiscuous mode [ 52.718007] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.724957] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.732336] device bridge_slave_1 entered promiscuous mode [ 52.741719] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.751823] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.759616] device bridge_slave_1 entered promiscuous mode [ 52.768285] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.775895] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.782261] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.792886] device bridge_slave_0 entered promiscuous mode [ 52.803077] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.820364] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.831981] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.844146] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.884205] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.890687] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.899647] device bridge_slave_1 entered promiscuous mode [ 52.908690] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.918502] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.928242] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.958044] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.972391] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 53.052572] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.066069] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.172808] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.188061] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.208662] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.224848] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.251438] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.262235] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.277853] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.294367] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.308497] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.325860] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.338010] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.350373] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.367208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.388843] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.401810] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.413679] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.425790] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.436528] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.452286] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.474562] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.503428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.631891] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.646920] team0: Port device team_slave_0 added [ 53.684214] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.691616] team0: Port device team_slave_0 added [ 53.767263] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.781935] team0: Port device team_slave_1 added [ 53.790841] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.799270] team0: Port device team_slave_0 added [ 53.808954] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.818387] team0: Port device team_slave_0 added [ 53.826365] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.835226] team0: Port device team_slave_1 added [ 53.841168] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.849532] team0: Port device team_slave_0 added [ 53.858949] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.869799] team0: Port device team_slave_1 added [ 53.876600] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.885199] team0: Port device team_slave_0 added [ 53.897395] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.916883] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.936643] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.944973] team0: Port device team_slave_1 added [ 53.962074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.972741] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.986923] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.998016] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.006957] team0: Port device team_slave_1 added [ 54.015304] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.029650] team0: Port device team_slave_1 added [ 54.037174] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.056511] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.071428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.086319] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.095164] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.105007] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 54.112999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.122074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.133009] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.143011] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.151682] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.161366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.172812] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.181298] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.189799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.198927] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.207637] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.215954] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 54.225483] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.232819] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.247790] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.268734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.285217] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.301140] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.309238] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.317409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.325264] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.332712] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.340696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.349326] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.359437] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.369466] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.383260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.395815] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.405260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.413231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.421424] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.429478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.440839] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.452318] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.478728] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.494125] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.502144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.512279] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.520758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.529289] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.537834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.546237] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.559280] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.570590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.634478] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.641738] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.662880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.107551] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.114137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.121082] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.127515] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.150283] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.201986] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.208446] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.215176] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.221543] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.230932] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.271359] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.277794] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.284500] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.290868] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.304495] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.387887] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.394330] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.400990] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.407422] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.416774] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.429100] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.435533] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.442222] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.448649] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.468996] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.487606] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.494045] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.500725] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.507181] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.525132] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.134150] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.144326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.151540] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.163422] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.176795] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.184450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.842543] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.990710] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.088445] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.100621] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.243194] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.294628] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.332994] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.347063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.357252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.368217] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.380306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.404894] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.502752] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.588018] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.602163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.619372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.631173] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.640759] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.651876] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.661851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.678154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.696668] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.755597] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.761775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.770613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.894856] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.931013] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.943726] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.954970] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.969724] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.989194] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.012230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.023298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.048859] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.239410] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.251558] 8021q: adding VLAN 0 to HW filter on device team0 2018/09/28 01:57:34 executed programs: 6 [ 61.008837] ================================================================== [ 61.016364] BUG: KASAN: use-after-free in rawv6_sendmsg+0x4421/0x4630 [ 61.022958] Read of size 8 at addr ffff8801c5a74a30 by task syz-executor2/6971 [ 61.030309] [ 61.030329] CPU: 1 PID: 6971 Comm: syz-executor2 Not tainted 4.19.0-rc5+ #34 [ 61.030336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.030342] Call Trace: [ 61.039261] dump_stack+0x1c4/0x2b4 [ 61.039281] ? dump_stack_print_info.cold.2+0x52/0x52 [ 61.039296] ? printk+0xa7/0xcf [ 61.039316] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 61.068085] print_address_description.cold.8+0x9/0x1ff [ 61.073467] kasan_report.cold.9+0x242/0x309 [ 61.077891] ? rawv6_sendmsg+0x4421/0x4630 [ 61.082146] __asan_report_load8_noabort+0x14/0x20 [ 61.087090] rawv6_sendmsg+0x4421/0x4630 [ 61.091184] ? rawv6_getsockopt+0x140/0x140 [ 61.095518] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.100896] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 61.106697] ? kasan_check_read+0x11/0x20 [ 61.106719] ? find_held_lock+0x36/0x1c0 [ 61.106742] ? find_held_lock+0x36/0x1c0 [ 61.119006] ? __might_fault+0x12b/0x1e0 [ 61.123094] ? lock_downgrade+0x900/0x900 [ 61.127264] ? lock_release+0x970/0x970 [ 61.131252] ? arch_local_save_flags+0x40/0x40 [ 61.135852] ? usercopy_warn+0x110/0x110 [ 61.139943] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 61.145493] ? _copy_from_user+0xdf/0x150 [ 61.149663] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 61.154689] ? rw_copy_check_uvector+0x310/0x3e0 [ 61.159456] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 61.165021] inet_sendmsg+0x1a1/0x690 [ 61.168845] ? rawv6_getsockopt+0x140/0x140 [ 61.173174] ? inet_sendmsg+0x1a1/0x690 [ 61.177164] ? ipip_gro_receive+0x100/0x100 [ 61.181501] ? smack_socket_sendmsg+0xb0/0x190 [ 61.186100] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.191649] ? security_socket_sendmsg+0x94/0xc0 [ 61.196416] ? ipip_gro_receive+0x100/0x100 [ 61.200753] sock_sendmsg+0xd5/0x120 [ 61.204481] ___sys_sendmsg+0x51d/0x930 [ 61.208468] ? graph_lock+0x170/0x170 [ 61.212287] ? copy_msghdr_from_user+0x580/0x580 [ 61.217071] ? find_held_lock+0x36/0x1c0 [ 61.221153] ? find_held_lock+0x36/0x1c0 [ 61.225231] ? __might_fault+0x12b/0x1e0 [ 61.229326] ? ___might_sleep+0x1ed/0x300 [ 61.233492] ? arch_local_save_flags+0x40/0x40 [ 61.238095] __sys_sendmmsg+0x246/0x6d0 [ 61.242098] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 61.246456] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 61.252007] ? put_timespec64+0x10f/0x1b0 [ 61.256178] ? nsecs_to_jiffies+0x30/0x30 [ 61.260343] ? do_syscall_64+0x9a/0x820 [ 61.264330] ? do_syscall_64+0x9a/0x820 [ 61.268321] ? lockdep_hardirqs_on+0x421/0x5c0 [ 61.272920] ? trace_hardirqs_on+0xbd/0x310 [ 61.277254] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.282816] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.288201] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 61.293669] __x64_sys_sendmmsg+0x9d/0x100 [ 61.293690] do_syscall_64+0x1b9/0x820 [ 61.293711] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 61.301819] ? syscall_return_slowpath+0x5e0/0x5e0 [ 61.312089] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 61.316944] ? trace_hardirqs_on_caller+0x310/0x310 [ 61.321986] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 61.327020] ? prepare_exit_to_usermode+0x291/0x3b0 [ 61.332057] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 61.336899] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.342072] RIP: 0033:0x457579 [ 61.345251] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.364143] RSP: 002b:00007fc364dd4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 61.371842] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457579 [ 61.379094] RDX: 0000000000000249 RSI: 0000000020001300 RDI: 0000000000000003 [ 61.386346] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 61.393605] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc364dd56d4 [ 61.400859] R13: 00000000004c34ed R14: 00000000004d52b0 R15: 00000000ffffffff [ 61.408122] [ 61.409792] Allocated by task 6971: [ 61.413407] save_stack+0x43/0xd0 [ 61.416842] kasan_kmalloc+0xc7/0xe0 [ 61.420538] kasan_slab_alloc+0x12/0x20 [ 61.424497] kmem_cache_alloc+0x12e/0x730 [ 61.428628] dst_alloc+0xbb/0x1d0 [ 61.432067] ip6_dst_alloc+0x35/0xa0 [ 61.435780] ip6_rt_cache_alloc+0x247/0x7b0 [ 61.440088] ip6_pol_route+0x8f8/0xd90 [ 61.443960] ip6_pol_route_output+0x54/0x70 [ 61.448263] fib6_rule_lookup+0x13a/0x860 [ 61.452392] ip6_route_output_flags+0x2c5/0x350 [ 61.457051] ip6_dst_lookup_tail+0x125c/0x1d60 [ 61.461621] ip6_dst_lookup_flow+0xc8/0x270 [ 61.465926] rawv6_sendmsg+0x12d9/0x4630 [ 61.469968] inet_sendmsg+0x1a1/0x690 [ 61.473754] sock_sendmsg+0xd5/0x120 [ 61.477450] ___sys_sendmsg+0x51d/0x930 [ 61.481411] __sys_sendmmsg+0x246/0x6d0 [ 61.485369] __x64_sys_sendmmsg+0x9d/0x100 [ 61.489591] do_syscall_64+0x1b9/0x820 [ 61.493465] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.498633] [ 61.500239] Freed by task 18: [ 61.503341] save_stack+0x43/0xd0 [ 61.506776] __kasan_slab_free+0x102/0x150 [ 61.510990] kasan_slab_free+0xe/0x10 [ 61.514772] kmem_cache_free+0x83/0x290 [ 61.518729] dst_destroy+0x267/0x3c0 [ 61.522428] dst_destroy_rcu+0x16/0x19 [ 61.526300] rcu_process_callbacks+0xf23/0x2670 [ 61.530954] __do_softirq+0x30b/0xad8 [ 61.534731] [ 61.536340] The buggy address belongs to the object at ffff8801c5a74980 [ 61.536340] which belongs to the cache ip6_dst_cache of size 240 [ 61.549173] The buggy address is located 176 bytes inside of [ 61.549173] 240-byte region [ffff8801c5a74980, ffff8801c5a74a70) [ 61.561027] The buggy address belongs to the page: [ 61.565944] page:ffffea0007169d00 count:1 mapcount:0 mapping:ffff8801ca90b980 index:0x0 [ 61.574070] flags: 0x2fffc0000000100(slab) [ 61.578293] raw: 02fffc0000000100 ffffea000736f008 ffffea0007373848 ffff8801ca90b980 [ 61.586158] raw: 0000000000000000 ffff8801c5a740c0 000000010000000c 0000000000000000 [ 61.594015] page dumped because: kasan: bad access detected [ 61.599708] [ 61.601317] Memory state around the buggy address: [ 61.606246] ffff8801c5a74900: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 61.613601] ffff8801c5a74980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.620947] >ffff8801c5a74a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 61.628299] ^ [ 61.633210] ffff8801c5a74a80: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 61.640552] ffff8801c5a74b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 61.647893] ================================================================== [ 61.655229] Disabling lock debugging due to kernel taint [ 61.665319] Kernel panic - not syncing: panic_on_warn set ... [ 61.665319] [ 61.672714] CPU: 1 PID: 6971 Comm: syz-executor2 Tainted: G B 4.19.0-rc5+ #34 [ 61.681288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.690871] Call Trace: [ 61.693459] dump_stack+0x1c4/0x2b4 [ 61.697077] ? dump_stack_print_info.cold.2+0x52/0x52 [ 61.702261] panic+0x238/0x4e7 [ 61.705438] ? add_taint.cold.5+0x16/0x16 [ 61.709571] ? preempt_schedule+0x4d/0x60 [ 61.713724] ? ___preempt_schedule+0x16/0x18 [ 61.718133] ? trace_hardirqs_on+0xb4/0x310 [ 61.722446] kasan_end_report+0x47/0x4f [ 61.726414] kasan_report.cold.9+0x76/0x309 [ 61.730720] ? rawv6_sendmsg+0x4421/0x4630 [ 61.734941] __asan_report_load8_noabort+0x14/0x20 [ 61.739855] rawv6_sendmsg+0x4421/0x4630 [ 61.743907] ? rawv6_getsockopt+0x140/0x140 [ 61.748214] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.753581] ? rcu_read_unlock_special.part.39+0x11f0/0x11f0 [ 61.759371] ? kasan_check_read+0x11/0x20 [ 61.763506] ? find_held_lock+0x36/0x1c0 [ 61.767556] ? find_held_lock+0x36/0x1c0 [ 61.771611] ? __might_fault+0x12b/0x1e0 [ 61.775659] ? lock_downgrade+0x900/0x900 [ 61.779807] ? lock_release+0x970/0x970 [ 61.783784] ? arch_local_save_flags+0x40/0x40 [ 61.788367] ? usercopy_warn+0x110/0x110 [ 61.792440] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 61.797983] ? _copy_from_user+0xdf/0x150 [ 61.802135] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 61.807153] ? rw_copy_check_uvector+0x310/0x3e0 [ 61.811912] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 61.817956] inet_sendmsg+0x1a1/0x690 [ 61.821761] ? rawv6_getsockopt+0x140/0x140 [ 61.826079] ? inet_sendmsg+0x1a1/0x690 [ 61.830063] ? ipip_gro_receive+0x100/0x100 [ 61.834385] ? smack_socket_sendmsg+0xb0/0x190 [ 61.838986] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.844524] ? security_socket_sendmsg+0x94/0xc0 [ 61.849283] ? ipip_gro_receive+0x100/0x100 [ 61.853610] sock_sendmsg+0xd5/0x120 [ 61.857331] ___sys_sendmsg+0x51d/0x930 [ 61.861305] ? graph_lock+0x170/0x170 [ 61.865114] ? copy_msghdr_from_user+0x580/0x580 [ 61.869873] ? find_held_lock+0x36/0x1c0 [ 61.873953] ? find_held_lock+0x36/0x1c0 [ 61.878030] ? __might_fault+0x12b/0x1e0 [ 61.882111] ? ___might_sleep+0x1ed/0x300 [ 61.886260] ? arch_local_save_flags+0x40/0x40 [ 61.890853] __sys_sendmmsg+0x246/0x6d0 [ 61.894834] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 61.899174] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 61.904718] ? put_timespec64+0x10f/0x1b0 [ 61.908867] ? nsecs_to_jiffies+0x30/0x30 [ 61.913020] ? do_syscall_64+0x9a/0x820 [ 61.917009] ? do_syscall_64+0x9a/0x820 [ 61.920997] ? lockdep_hardirqs_on+0x421/0x5c0 [ 61.925603] ? trace_hardirqs_on+0xbd/0x310 [ 61.929931] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.935478] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.940849] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 61.946310] __x64_sys_sendmmsg+0x9d/0x100 [ 61.950556] do_syscall_64+0x1b9/0x820 [ 61.954458] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 61.959831] ? syscall_return_slowpath+0x5e0/0x5e0 [ 61.964770] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 61.969625] ? trace_hardirqs_on_caller+0x310/0x310 [ 61.974657] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 61.979693] ? prepare_exit_to_usermode+0x291/0x3b0 [ 61.984727] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 61.989606] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.994807] RIP: 0033:0x457579 [ 61.998013] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.016951] RSP: 002b:00007fc364dd4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 62.024684] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457579 [ 62.031974] RDX: 0000000000000249 RSI: 0000000020001300 RDI: 0000000000000003 [ 62.039259] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 62.046547] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc364dd56d4 [ 62.053835] R13: 00000000004c34ed R14: 00000000004d52b0 R15: 00000000ffffffff [ 62.062180] Kernel Offset: disabled [ 62.065821] Rebooting in 86400 seconds..