Warning: Permanently added '10.128.0.198' (ECDSA) to the list of known hosts. 2019/11/22 03:06:11 parsed 1 programs 2019/11/22 03:06:13 executed programs: 0 [ 20.243539] audit: type=1400 audit(1574391973.424:5): avc: denied { create } for pid=2053 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 20.268428] audit: type=1400 audit(1574391973.444:6): avc: denied { write } for pid=2053 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 20.295920] audit: type=1400 audit(1574391973.474:7): avc: denied { read } for pid=2053 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 20.817326] audit: type=1400 audit(1574391973.994:8): avc: denied { associate } for pid=2053 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 2019/11/22 03:06:18 executed programs: 41 2019/11/22 03:06:23 executed programs: 91 2019/11/22 03:06:28 executed programs: 141 2019/11/22 03:06:33 executed programs: 191 [ 44.582246] ================================================================== [ 44.591404] BUG: KASAN: use-after-free in ip6t_do_table+0x14e2/0x17e0 [ 44.597981] Read of size 8 at addr ffff8801cbd0c000 by task syz-executor.0/3171 [ 44.605411] [ 44.607075] CPU: 1 PID: 3171 Comm: syz-executor.0 Not tainted 4.9.141+ #1 [ 44.614013] ffff8801cad07020 ffffffff81b42e79 ffffea00072f4300 ffff8801cbd0c000 [ 44.622589] 0000000000000000 ffff8801cbd0c000 dffffc0000000000 ffff8801cad07058 [ 44.630642] ffffffff815009b8 ffff8801cbd0c000 0000000000000008 0000000000000000 [ 44.638676] Call Trace: [ 44.641306] [] dump_stack+0xc1/0x128 [ 44.646678] [] print_address_description+0x6c/0x234 [ 44.653451] [] kasan_report.cold.6+0x242/0x2fe [ 44.659687] [] ? ip6t_do_table+0x14e2/0x17e0 [ 44.665743] [] __asan_report_load8_noabort+0x14/0x20 [ 44.672536] [] ip6t_do_table+0x14e2/0x17e0 [ 44.678417] [] ? udp_packet+0x1d9/0x230 [ 44.684158] [] ? nf_conntrack_in+0x812/0x1940 [ 44.690308] [] ? nf_ct_frag6_gather+0x131/0x3200 [ 44.696720] [] ? ip6t_alloc_initial_table+0x670/0x670 [ 44.703595] [] ip6table_mangle_hook+0x2d7/0x660 [ 44.709896] [] nf_iterate+0x126/0x310 [ 44.715347] [] nf_hook_slow+0x114/0x1e0 [ 44.720971] [] ? nf_iterate+0x310/0x310 [ 44.726600] [] __ip6_local_out+0x484/0x620 [ 44.732494] [] ? __ip6_local_out+0x230/0x620 [ 44.738557] [] ? ip6_find_1stfragopt+0x300/0x300 [ 44.745126] [] ? ip6_output+0x64a/0x6d0 [ 44.750738] [] ? icmpv6_send+0x1b0/0x1b0 [ 44.756496] [] ip6_local_out+0x29/0x180 [ 44.762111] [] ip6_send_skb+0xa1/0x340 [ 44.767644] [] ? csum_ipv6_magic+0x2e/0x90 [ 44.773618] [] udp_v6_send_skb+0x429/0xe70 [ 44.779539] [] udp_v6_push_pending_frames+0x22d/0x340 [ 44.786420] [] ? udp_v6_send_skb+0xe70/0xe70 [ 44.792470] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 44.798765] [] udpv6_sendmsg+0x1dc1/0x2430 [ 44.804652] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 44.810787] [] ? __lock_acquire+0x654/0x4a10 [ 44.816856] [] ? udp_v6_flush_pending_frames+0xe0/0xe0 [ 44.823774] [] ? trace_hardirqs_on+0x10/0x10 [ 44.829837] [] ? sock_has_perm+0x1c1/0x3e0 [ 44.835715] [] ? sock_has_perm+0x293/0x3e0 [ 44.841592] [] ? sock_has_perm+0x9f/0x3e0 [ 44.847392] [] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0 [ 44.854949] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 44.861712] [] ? check_preemption_disabled+0x3b/0x200 [ 44.868553] [] ? check_preemption_disabled+0x3b/0x200 [ 44.876514] [] ? inet_sendmsg+0x143/0x4d0 [ 44.882421] [] inet_sendmsg+0x203/0x4d0 [ 44.888040] [] ? inet_sendmsg+0x73/0x4d0 [ 44.893743] [] ? inet_recvmsg+0x4c0/0x4c0 [ 44.899578] [] sock_sendmsg+0xbb/0x110 [ 44.905113] [] ___sys_sendmsg+0x47a/0x840 [ 44.910954] [] ? trace_hardirqs_on+0x10/0x10 [ 44.917708] [] ? copy_msghdr_from_user+0x530/0x530 [ 44.924283] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 44.931028] [] ? check_preemption_disabled+0x3b/0x200 [ 44.937908] [] ? check_preemption_disabled+0x3b/0x200 [ 44.944758] [] ? __fget+0x214/0x3d0 [ 44.950650] [] ? __fget+0x23b/0x3d0 [ 44.956062] [] ? __fget+0x47/0x3d0 [ 44.961237] [] ? __fget_light+0x169/0x1f0 [ 44.967025] [] ? __fdget+0x18/0x20 [ 44.972262] [] __sys_sendmmsg+0x161/0x3d0 [ 44.978046] [] ? SyS_sendmsg+0x50/0x50 [ 44.983563] [] ? __might_fault+0x114/0x1d0 [ 44.989439] [] ? __might_fault+0x18e/0x1d0 [ 44.995321] [] ? __might_fault+0xe4/0x1d0 [ 45.001109] [] ? SyS_clock_gettime+0x11e/0x1f0 [ 45.007914] [] ? SyS_clock_settime+0x220/0x220 [ 45.014192] [] SyS_sendmmsg+0x35/0x60 [ 45.019627] [] ? __sys_sendmmsg+0x3d0/0x3d0 [ 45.025715] [] do_syscall_64+0x19f/0x550 [ 45.031421] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 45.038335] [ 45.039948] The buggy address belongs to the page: [ 45.044914] page:ffffea00072f4300 count:0 mapcount:-127 mapping: (null) index:0x0 [ 45.053436] flags: 0x4000000000000000() [ 45.057655] page dumped because: kasan: bad access detected [ 45.063358] [ 45.064969] Memory state around the buggy address: [ 45.069887] ffff8801cbd0bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.077236] ffff8801cbd0bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.084585] >ffff8801cbd0c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.091936] ^ [ 45.095296] ffff8801cbd0c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.102649] ffff8801cbd0c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 45.110001] ================================================================== [ 45.117354] Disabling lock debugging due to kernel taint [ 45.122848] Kernel panic - not syncing: panic_on_warn set ... [ 45.122848] [ 45.130218] CPU: 1 PID: 3171 Comm: syz-executor.0 Tainted: G B 4.9.141+ #1 [ 45.138610] ffff8801cad06f80 ffffffff81b42e79 ffffffff82e37630 00000000ffffffff [ 45.146806] 0000000000000000 0000000000000001 dffffc0000000000 ffff8801cad07040 [ 45.155029] ffffffff813f7125 0000000041b58ab3 ffffffff82e2b62b ffffffff813f6f66 [ 45.163197] Call Trace: [ 45.165787] [] dump_stack+0xc1/0x128 [ 45.171148] [] panic+0x1bf/0x39f [ 45.176268] [] ? add_taint.cold.5+0x16/0x16 [ 45.182239] [] kasan_end_report+0x47/0x4f [ 45.188014] [] kasan_report.cold.6+0x76/0x2fe [ 45.194136] [] ? ip6t_do_table+0x14e2/0x17e0 [ 45.200175] [] __asan_report_load8_noabort+0x14/0x20 [ 45.206904] [] ip6t_do_table+0x14e2/0x17e0 [ 45.212767] [] ? udp_packet+0x1d9/0x230 [ 45.218395] [] ? nf_conntrack_in+0x812/0x1940 [ 45.224519] [] ? nf_ct_frag6_gather+0x131/0x3200 [ 45.230901] [] ? ip6t_alloc_initial_table+0x670/0x670 [ 45.237715] [] ip6table_mangle_hook+0x2d7/0x660 [ 45.244014] [] nf_iterate+0x126/0x310 [ 45.249439] [] nf_hook_slow+0x114/0x1e0 [ 45.255041] [] ? nf_iterate+0x310/0x310 [ 45.260644] [] __ip6_local_out+0x484/0x620 [ 45.266514] [] ? __ip6_local_out+0x230/0x620 [ 45.272546] [] ? ip6_find_1stfragopt+0x300/0x300 [ 45.278927] [] ? ip6_output+0x64a/0x6d0 [ 45.284527] [] ? icmpv6_send+0x1b0/0x1b0 [ 45.290215] [] ip6_local_out+0x29/0x180 [ 45.295815] [] ip6_send_skb+0xa1/0x340 [ 45.301329] [] ? csum_ipv6_magic+0x2e/0x90 [ 45.307203] [] udp_v6_send_skb+0x429/0xe70 [ 45.313064] [] udp_v6_push_pending_frames+0x22d/0x340 [ 45.319888] [] ? udp_v6_send_skb+0xe70/0xe70 [ 45.325936] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 45.332054] [] udpv6_sendmsg+0x1dc1/0x2430 [ 45.337912] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 45.344036] [] ? __lock_acquire+0x654/0x4a10 [ 45.350069] [] ? udp_v6_flush_pending_frames+0xe0/0xe0 [ 45.356971] [] ? trace_hardirqs_on+0x10/0x10 [ 45.363026] [] ? sock_has_perm+0x1c1/0x3e0 [ 45.368884] [] ? sock_has_perm+0x293/0x3e0 [ 45.374757] [] ? sock_has_perm+0x9f/0x3e0 [ 45.380534] [] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0 [ 45.388044] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 45.394775] [] ? check_preemption_disabled+0x3b/0x200 [ 45.401600] [] ? check_preemption_disabled+0x3b/0x200 [ 45.408416] [] ? inet_sendmsg+0x143/0x4d0 [ 45.414186] [] inet_sendmsg+0x203/0x4d0 [ 45.419784] [] ? inet_sendmsg+0x73/0x4d0 [ 45.425477] [] ? inet_recvmsg+0x4c0/0x4c0 [ 45.431264] [] sock_sendmsg+0xbb/0x110 [ 45.436774] [] ___sys_sendmsg+0x47a/0x840 [ 45.442550] [] ? trace_hardirqs_on+0x10/0x10 [ 45.448585] [] ? copy_msghdr_from_user+0x530/0x530 [ 45.455140] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 45.461867] [] ? check_preemption_disabled+0x3b/0x200 [ 45.468682] [] ? check_preemption_disabled+0x3b/0x200 [ 45.475500] [] ? __fget+0x214/0x3d0 [ 45.480750] [] ? __fget+0x23b/0x3d0 [ 45.486007] [] ? __fget+0x47/0x3d0 [ 45.491189] [] ? __fget_light+0x169/0x1f0 [ 45.496961] [] ? __fdget+0x18/0x20 [ 45.502137] [] __sys_sendmmsg+0x161/0x3d0 [ 45.507912] [] ? SyS_sendmsg+0x50/0x50 [ 45.513425] [] ? __might_fault+0x114/0x1d0 [ 45.519292] [] ? __might_fault+0x18e/0x1d0 [ 45.525166] [] ? __might_fault+0xe4/0x1d0 [ 45.530940] [] ? SyS_clock_gettime+0x11e/0x1f0 [ 45.537148] [] ? SyS_clock_settime+0x220/0x220 [ 45.543367] [] SyS_sendmmsg+0x35/0x60 [ 45.548845] [] ? __sys_sendmmsg+0x3d0/0x3d0 [ 45.554815] [] do_syscall_64+0x19f/0x550 [ 45.560510] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 45.567964] Kernel Offset: disabled [ 45.571615] Rebooting in 86400 seconds..