device gre0 entered promiscuous mode
netlink: 48 bytes leftover after parsing attributes in process `syz-executor0'.
==================================================================
BUG: KASAN: slab-out-of-bounds in ip6_setup_cork+0xf4a/0x1200 net/ipv6/ip6_output.c:1230 at addr ffff8801c73d1dcc
Write of size 4 by task syz-executor5/9513
CPU: 1 PID: 9513 Comm: syz-executor5 Not tainted 4.9.61-gd55e630 #87
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c8037608 ffffffff81d91589 ffff8801da001c80 ffff8801c73d1dc8
 ffff8801c73d1dd0 ffffed0038e7a3b9 ffff8801c73d1dcc ffff8801c8037630
 ffffffff8153c1bc ffffed0038e7a3b9 ffff8801da001c80 0000000000000001
Call Trace:
 [<ffffffff81d91589>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d91589>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153c1bc>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
 [<ffffffff8153c47c>] print_address_description mm/kasan/report.c:198 [inline]
 [<ffffffff8153c47c>] kasan_report_error mm/kasan/report.c:287 [inline]
 [<ffffffff8153c47c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
 [<ffffffff8153c8dc>] kasan_report mm/kasan/report.c:334 [inline]
 [<ffffffff8153c8dc>] __asan_report_store4_noabort+0x2c/0x30 mm/kasan/report.c:334
 [<ffffffff8340ed0a>] ip6_setup_cork+0xf4a/0x1200 net/ipv6/ip6_output.c:1230
 [<ffffffff83421d48>] ip6_make_skb+0x1b8/0x440 net/ipv6/ip6_output.c:1802
 [<ffffffff83487c9d>] udpv6_sendmsg+0x1b1d/0x2540 net/ipv6/udp.c:1240
 [<ffffffff832e974c>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:770
 [<ffffffff82eceb9a>] sock_sendmsg_nosec net/socket.c:635 [inline]
 [<ffffffff82eceb9a>] sock_sendmsg+0xca/0x110 net/socket.c:645
 [<ffffffff82ecfaf8>] SYSC_sendto+0x2c8/0x340 net/socket.c:1670
 [<ffffffff82ed1fa0>] SyS_sendto+0x40/0x50 net/socket.c:1638
 [<ffffffff838aadc5>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801c73d1dc8, in cache kmalloc-8 size: 8
Allocated:
PID = 9513
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:495
 set_track mm/kasan/kasan.c:507 [inline]
 kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
 __kmalloc+0x11d/0x310 mm/slub.c:3741
 kmalloc include/linux/slab.h:495 [inline]
 kzalloc include/linux/slab.h:636 [inline]
 ip6_setup_cork+0x194/0x1200 net/ipv6/ip6_output.c:1226
 ip6_make_skb+0x1b8/0x440 net/ipv6/ip6_output.c:1802
 udpv6_sendmsg+0x1b1d/0x2540 net/ipv6/udp.c:1240
 inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:770
 sock_sendmsg_nosec net/socket.c:635 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:645
 SYSC_sendto+0x2c8/0x340 net/socket.c:1670
 SyS_sendto+0x40/0x50 net/socket.c:1638
 entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 6181
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:495
 set_track mm/kasan/kasan.c:507 [inline]
 kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
 slab_free_hook mm/slub.c:1355 [inline]
 slab_free_freelist_hook mm/slub.c:1377 [inline]
 slab_free mm/slub.c:2958 [inline]
 kfree+0xf0/0x2f0 mm/slub.c:3878
 SYSC_request_key security/keys/keyctl.c:235 [inline]
 SyS_request_key+0x22f/0x2d0 security/keys/keyctl.c:158
 entry_SYSCALL_64_fastpath+0x23/0xc6
Memory state around the buggy address:
 ffff8801c73d1c80: fc fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc
 ffff8801c73d1d00: fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc fc
>ffff8801c73d1d80: fb fc fc fb fc fc fb fc fc 01 fc fc fb fc fc fb
                                              ^
 ffff8801c73d1e00: fc fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc
 ffff8801c73d1e80: fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in ip6_setup_cork+0xf2c/0x1200 net/ipv6/ip6_output.c:1231 at addr ffff8801c73d1dd0
Write of size 2 by task syz-executor5/9513
CPU: 1 PID: 9513 Comm: syz-executor5 Tainted: G    B           4.9.61-gd55e630 #87
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c8037608 ffffffff81d91589 ffff8801da001c80 ffff8801c73d1dc8
 ffff8801c73d1dd0 ffffed0038e7a3ba ffff8801c73d1dd0 ffff8801c8037630
 ffffffff8153c1bc ffffed0038e7a3ba ffff8801da001c80 0000000000000001
Call Trace:
 [<ffffffff81d91589>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d91589>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153c1bc>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
 [<ffffffff8153c47c>] print_address_description mm/kasan/report.c:198 [inline]
 [<ffffffff8153c47c>] kasan_report_error mm/kasan/report.c:287 [inline]
 [<ffffffff8153c47c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
 [<ffffffff8153c8ac>] kasan_report mm/kasan/report.c:333 [inline]
 [<ffffffff8153c8ac>] __asan_report_store2_noabort+0x2c/0x30 mm/kasan/report.c:333
 [<ffffffff8340ecec>] ip6_setup_cork+0xf2c/0x1200 net/ipv6/ip6_output.c:1231
 [<ffffffff83421d48>] ip6_make_skb+0x1b8/0x440 net/ipv6/ip6_output.c:1802
 [<ffffffff83487c9d>] udpv6_sendmsg+0x1b1d/0x2540 net/ipv6/udp.c:1240
 [<ffffffff832e974c>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:770
 [<ffffffff82eceb9a>] sock_sendmsg_nosec net/socket.c:635 [inline]
 [<ffffffff82eceb9a>] sock_sendmsg+0xca/0x110 net/socket.c:645
 [<ffffffff82ecfaf8>] SYSC_sendto+0x2c8/0x340 net/socket.c:1670
 [<ffffffff82ed1fa0>] SyS_sendto+0x40/0x50 net/socket.c:1638
 [<ffffffff838aadc5>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801c73d1dc8, in cache kmalloc-8 size: 8
Allocated:
PID = 9513
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:495
 set_track mm/kasan/kasan.c:507 [inline]
 kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
 __kmalloc+0x11d/0x310 mm/slub.c:3741
 kmalloc include/linux/slab.h:495 [inline]
 kzalloc include/linux/slab.h:636 [inline]
 ip6_setup_cork+0x194/0x1200 net/ipv6/ip6_output.c:1226
 ip6_make_skb+0x1b8/0x440 net/ipv6/ip6_output.c:1802
 udpv6_sendmsg+0x1b1d/0x2540 net/ipv6/udp.c:1240
 inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:770
 sock_sendmsg_nosec net/socket.c:635 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:645
 SYSC_sendto+0x2c8/0x340 net/socket.c:1670
 SyS_sendto+0x40/0x50 net/socket.c:1638
 entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 6181
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:495
 set_track mm/kasan/kasan.c:507 [inline]
 kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
 slab_free_hook mm/slub.c:1355 [inline]
 slab_free_freelist_hook mm/slub.c:1377 [inline]
 slab_free mm/slub.c:2958 [inline]
 kfree+0xf0/0x2f0 mm/slub.c:3878
 SYSC_request_key security/keys/keyctl.c:235 [inline]
 SyS_request_key+0x22f/0x2d0 security/keys/keyctl.c:158
 entry_SYSCALL_64_fastpath+0x23/0xc6
Memory state around the buggy address:
 ffff8801c73d1c80: fc fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc
 ffff8801c73d1d00: fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc fc
>ffff8801c73d1d80: fb fc fc fb fc fc fb fc fc 01 fc fc fb fc fc fb
                                                 ^
 ffff8801c73d1e00: fc fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc
 ffff8801c73d1e80: fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in ip6_setup_cork+0xf40/0x1200 net/ipv6/ip6_output.c:1232 at addr ffff8801c73d1dd2
Write of size 2 by task syz-executor5/9513
CPU: 1 PID: 9513 Comm: syz-executor5 Tainted: G    B           4.9.61-gd55e630 #87
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c8037608 ffffffff81d91589 ffff8801da001c80 ffff8801c73d1dc8
 ffff8801c73d1dd0 ffffed0038e7a3ba ffff8801c73d1dd2 ffff8801c8037630
 ffffffff8153c1bc ffffed0038e7a3ba ffff8801da001c80 0000000000000001
Call Trace:
 [<ffffffff81d91589>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d91589>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153c1bc>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
 [<ffffffff8153c47c>] print_address_description mm/kasan/report.c:198 [inline]
 [<ffffffff8153c47c>] kasan_report_error mm/kasan/report.c:287 [inline]
 [<ffffffff8153c47c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
 [<ffffffff8153c8ac>] kasan_report mm/kasan/report.c:333 [inline]
 [<ffffffff8153c8ac>] __asan_report_store2_noabort+0x2c/0x30 mm/kasan/report.c:333
 [<ffffffff8340ed00>] ip6_setup_cork+0xf40/0x1200 net/ipv6/ip6_output.c:1232
 [<ffffffff83421d48>] ip6_make_skb+0x1b8/0x440 net/ipv6/ip6_output.c:1802
 [<ffffffff83487c9d>] udpv6_sendmsg+0x1b1d/0x2540 net/ipv6/udp.c:1240
 [<ffffffff832e974c>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:770
 [<ffffffff82eceb9a>] sock_sendmsg_nosec net/socket.c:635 [inline]
 [<ffffffff82eceb9a>] sock_sendmsg+0xca/0x110 net/socket.c:645
 [<ffffffff82ecfaf8>] SYSC_sendto+0x2c8/0x340 net/socket.c:1670
 [<ffffffff82ed1fa0>] SyS_sendto+0x40/0x50 net/socket.c:1638
 [<ffffffff838aadc5>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801c73d1dc8, in cache kmalloc-8 size: 8
Allocated:
PID = 8
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:495
 set_track mm/kasan/kasan.c:507 [inline]
 kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
 __kmalloc+0x11d/0x310 mm/slub.c:3741
 kmalloc include/linux/slab.h:495 [inline]
 kzalloc include/linux/slab.h:636 [inline]
 ip6_setup_cork+0x194/0x1200 net/ipv6/ip6_output.c:1226
 ip6_make_skb+0x1b8/0x440 net/ipv6/ip6_output.c:1802
 udpv6_sendmsg+0x1b1d/0x2540 net/ipv6/udp.c:1240
 inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:770
 sock_sendmsg_nosec net/socket.c:635 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:645
 SYSC_sendto+0x2c8/0x340 net/socket.c:1670
 SyS_sendto+0x40/0x50 net/socket.c:1638
 entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 6181
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:495
 set_track mm/kasan/kasan.c:507 [inline]
 kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
 slab_free_hook mm/slub.c:1355 [inline]
 slab_free_freelist_hook mm/slub.c:1377 [inline]
 slab_free mm/slub.c:2958 [inline]
 kfree+0xf0/0x2f0 mm/slub.c:3878
 SYSC_request_key security/keys/keyctl.c:235 [inline]
 SyS_request_key+0x22f/0x2d0 security/keys/keyctl.c:158
 entry_SYSCALL_64_fastpath+0x23/0xc6
Memory state around the buggy address:
 ffff8801c73d1c80: fc fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc
 ffff8801c73d1d00: fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc fc
>ffff8801c73d1d80: fb fc fc fb fc fc fb fc fc 01 fc fc fb fc fc fb
                                                 ^
 ffff8801c73d1e00: fc fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc
 ffff8801c73d1e80: fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc fc
==================================================================
==================================================================
BUG: KASAN: use-after-free in ip6_setup_cork+0x1048/0x1200 net/ipv6/ip6_output.c:1234 at addr ffff8801c73d1de0
Write of size 8 by task syz-executor5/9513
CPU: 1 PID: 9513 Comm: syz-executor5 Tainted: G    B           4.9.61-gd55e630 #87
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c8037608 ffffffff81d91589 ffff8801da001c80 ffff8801c73d1de0
 ffff8801c73d1de8 ffffed0038e7a3bc ffff8801c73d1de0 ffff8801c8037630
 ffffffff8153c1bc ffffed0038e7a3bc ffff8801da001c80 0000000000000001
Call Trace:
 [<ffffffff81d91589>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d91589>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153c1bc>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
 [<ffffffff8153c47c>] print_address_description mm/kasan/report.c:198 [inline]
 [<ffffffff8153c47c>] kasan_report_error mm/kasan/report.c:287 [inline]
 [<ffffffff8153c47c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
 [<ffffffff8153c90c>] kasan_report mm/kasan/report.c:335 [inline]
 [<ffffffff8153c90c>] __asan_report_store8_noabort+0x2c/0x30 mm/kasan/report.c:335
 [<ffffffff8340ee08>] ip6_setup_cork+0x1048/0x1200 net/ipv6/ip6_output.c:1234
 [<ffffffff83421d48>] ip6_make_skb+0x1b8/0x440 net/ipv6/ip6_output.c:1802
 [<ffffffff83487c9d>] udpv6_sendmsg+0x1b1d/0x2540 net/ipv6/udp.c:1240
 [<ffffffff832e974c>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:770
 [<ffffffff82eceb9a>] sock_sendmsg_nosec net/socket.c:635 [inline]
 [<ffffffff82eceb9a>] sock_sendmsg+0xca/0x110 net/socket.c:645
 [<ffffffff82ecfaf8>] SYSC_sendto+0x2c8/0x340 net/socket.c:1670
 [<ffffffff82ed1fa0>] SyS_sendto+0x40/0x50 net/socket.c:1638
 [<ffffffff838aadc5>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801c73d1de0, in cache kmalloc-8 size: 8
Allocated:
PID = 9456
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:495
 set_track mm/kasan/kasan.c:507 [inline]
 kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
 slab_post_alloc_hook mm/slab.h:417 [inline]
 slab_alloc_node mm/slub.c:2715 [inline]
 slab_alloc mm/slub.c:2723 [inline]
 __kmalloc_track_caller+0xda/0x2b0 mm/slub.c:4232
 kstrdup+0x39/0x70 mm/util.c:53
 kstrdup_const+0x39/0x50 mm/util.c:74
 alloc_vfsmnt+0xe4/0x7f0 fs/namespace.c:215
 vfs_kern_mount.part.21+0x32/0x3e0 fs/namespace.c:976
 vfs_kern_mount fs/namespace.c:2509 [inline]
 do_new_mount fs/namespace.c:2512 [inline]
 do_mount+0x3e1/0x28b0 fs/namespace.c:2834
 SYSC_mount fs/namespace.c:3050 [inline]
 SyS_mount+0xab/0x120 fs/namespace.c:3027
 entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 9452
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:495
 set_track mm/kasan/kasan.c:507 [inline]
 kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
 slab_free_hook mm/slub.c:1355 [inline]
 slab_free_freelist_hook mm/slub.c:1377 [inline]
 slab_free mm/slub.c:2958 [inline]
 kfree+0xf0/0x2f0 mm/slub.c:3878
 kfree_const+0x31/0x40 mm/util.c:35
 free_vfsmnt+0x5b/0xb0 fs/namespace.c:586
 delayed_free_vfsmnt+0x16/0x20 fs/namespace.c:595
 __rcu_reclaim kernel/rcu/rcu.h:118 [inline]
 rcu_do_batch kernel/rcu/tree.c:2789 [inline]
 invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
 __rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
 rcu_process_callbacks+0x871/0x12c0 kernel/rcu/tree.c:3037
 __do_softirq+0x206/0x951 kernel/softirq.c:284
Memory state around the buggy address:
 ffff8801c73d1c80: fc fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc
 ffff8801c73d1d00: fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc fc
>ffff8801c73d1d80: fb fc fc fb fc fc fb fc fc 01 fc fc fb fc fc fb
                                                       ^
 ffff8801c73d1e00: fc fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc
 ffff8801c73d1e80: fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in ip6_setup_cork+0x1102/0x1200 net/ipv6/ip6_output.c:1239 at addr ffff8801c73d1df0
Write of size 8 by task syz-executor5/9513
CPU: 1 PID: 9513 Comm: syz-executor5 Tainted: G    B           4.9.61-gd55e630 #87
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c8037608 ffffffff81d91589 ffff8801da001c80 ffff8801c73d1de0
 ffff8801c73d1de8 ffffed0038e7a3be ffff8801c73d1df0 ffff8801c8037630
 ffffffff8153c1bc ffffed0038e7a3be ffff8801da001c80 0000000000000001
Call Trace:
 [<ffffffff81d91589>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d91589>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153c1bc>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
 [<ffffffff8153c47c>] print_address_description mm/kasan/report.c:198 [inline]
 [<ffffffff8153c47c>] kasan_report_error mm/kasan/report.c:287 [inline]
 [<ffffffff8153c47c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
 [<ffffffff8153c90c>] kasan_report mm/kasan/report.c:335 [inline]
 [<ffffffff8153c90c>] __asan_report_store8_noabort+0x2c/0x30 mm/kasan/report.c:335
 [<ffffffff8340eec2>] ip6_setup_cork+0x1102/0x1200 net/ipv6/ip6_output.c:1239
 [<ffffffff83421d48>] ip6_make_skb+0x1b8/0x440 net/ipv6/ip6_output.c:1802
 [<ffffffff83487c9d>] udpv6_sendmsg+0x1b1d/0x2540 net/ipv6/udp.c:1240
 [<ffffffff832e974c>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:770
 [<ffffffff82eceb9a>] sock_sendmsg_nosec net/socket.c:635 [inline]
 [<ffffffff82eceb9a>] sock_sendmsg+0xca/0x110 net/socket.c:645
 [<ffffffff82ecfaf8>] SYSC_sendto+0x2c8/0x340 net/socket.c:1670
 [<ffffffff82ed1fa0>] SyS_sendto+0x40/0x50 net/socket.c:1638
 [<ffffffff838aadc5>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801c73d1de0, in cache kmalloc-8 size: 8
Allocated:
PID = 9456
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:495
 set_track mm/kasan/kasan.c:507 [inline]
 kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
 slab_post_alloc_hook mm/slab.h:417 [inline]
 slab_alloc_node mm/slub.c:2715 [inline]
 slab_alloc mm/slub.c:2723 [inline]
 __kmalloc_track_caller+0xda/0x2b0 mm/slub.c:4232
 kstrdup+0x39/0x70 mm/util.c:53
 kstrdup_const+0x39/0x50 mm/util.c:74
 alloc_vfsmnt+0xe4/0x7f0 fs/namespace.c:215
 vfs_kern_mount.part.21+0x32/0x3e0 fs/namespace.c:976
 vfs_kern_mount fs/namespace.c:2509 [inline]
 do_new_mount fs/namespace.c:2512 [inline]
 do_mount+0x3e1/0x28b0 fs/namespace.c:2834
 SYSC_mount fs/namespace.c:3050 [inline]
 SyS_mount+0xab/0x120 fs/namespace.c:3027
 entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 9452
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:495
 set_track mm/kasan/kasan.c:507 [inline]
 kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:571
 slab_free_hook mm/slub.c:1355 [inline]
 slab_free_freelist_hook mm/slub.c:1377 [inline]
 slab_free mm/slub.c:2958 [inline]
 kfree+0xf0/0x2f0 mm/slub.c:3878
 kfree_const+0x31/0x40 mm/util.c:35
 free_vfsmnt+0x5b/0xb0 fs/namespace.c:586
 delayed_free_vfsmnt+0x16/0x20 fs/namespace.c:595
 __rcu_reclaim kernel/rcu/rcu.h:118 [inline]
 rcu_do_batch kernel/rcu/tree.c:2789 [inline]
 invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
 __rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
 rcu_process_callbacks+0x871/0x12c0 kernel/rcu/tree.c:3037
 __do_softirq+0x206/0x951 kernel/softirq.c:284
Memory state around the buggy address:
 ffff8801c73d1c80: fc fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc
 ffff8801c73d1d00: fc fb fc fc fb fc fc fb fc fc 00 fc fc fb fc fc
>ffff8801c73d1d80: fb fc fc fb fc fc fb fc fc 01 fc fc fb fc fc fb
                                                             ^
 ffff8801c73d1e00: fc fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc
 ffff8801c73d1e80: fc fb fc fc fb fc fc fb fc fc fb fc fc fb fc fc
==================================================================
==================================================================
BUG: KASAN: slab-out-of-bounds in ip6_setup_cork+0x10b6/0x1200 net/ipv6/ip6_output.c:1241 at addr ffff8801c73d1df0
Read of size 8 by task syz-executor5/9513
CPU: 1 PID: 9513 Comm: syz-executor5 Tainted: G    B           4.9.61-gd55e630 #87
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c8037608 ffffffff81d91589 ffff8801da001c80 ffff8801c73d1de0
 ffff8801c73d1de8 ffffed0038e7a3be ffff8801c73d1df0 ffff8801c8037630
 ffffffff8153c1bc ffffed0038e7a3be ffff8801da001c80 0000000000000000
Call Trace:
 [<ffffffff81d91589>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d91589>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153c1bc>] kasan_object_err+0x1c/0x70 mm/kasan/report.c:160
 [<ffffffff8153c47c>] print_address_description mm/kasan/report.c:198 [inline]
 [<ffffffff8153c47c>] kasan_report_error mm/kasan/report.c:287 [inline]
 [<ffffffff8153c47c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
 [<ffffffff8153c819>] kasan_report mm/kasan/report.c:330 [inline]
 [<ffffffff8153c819>] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:330
 [<ffffffff8340ee76>] ip6_setup_cork+0x10b6/0x1200 net/ipv6/ip6_output.c:1241
 [<ffffffff83421d48>] ip6_make_skb+0x1b8/0x440 net/ipv6/ip6_output.c:1802
 [<ffffffff83487c9d>] udpv6_sendmsg+0x1b1d/0x2540 net/ipv6/udp.c:1240
 [<ffffffff832e974c>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:770
 [<ffffffff82eceb9a>] sock_sendmsg_nosec net/socket.c:635 [inline]
 [<ffffffff82eceb9a>] sock_sendmsg+0xca/0x110 net/socket.c:645
 [<ffffffff82ecfaf8>] SYSC_sendto+0x2c8/0x340 net/socket.c:1670
 [<ffffffff82ed1fa0>] SyS_sendto+0x40/0x50 net/socket.c:1638
 [<ffffffff838aadc5>] entry_SYSCALL_64_fastpath+0x23/0xc6
Object at ffff8801c73d1de0, in cache kmalloc-8 size: 8
Allocated:
PID = 9456
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:495
 set_track mm/kasan/kasan.c:507 [inline]
 kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:598
 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:537
 slab_post_alloc_hook mm/slab.h:417 [inline]
 slab_alloc_node mm/slub.c:2715 [inline]
 slab_alloc mm/slub.c:2723 [inline]
 __kmalloc_track_caller+0xda/0x2b0 mm/slub.c:4232
 kstrdup+0x39/0x70 mm/util.c:53
 kstrdup_const+0x39/0x50 mm/util.c:74
 alloc_vfsmnt+0xe4/0x7f0 fs/namespace.c:215
 vfs_kern_mount.part.21+0x32/0x3e0 fs/namespace.c:976
 vfs_kern_mount fs/namespace.c:2509 [inline]
 do_new_mount fs/namespace.c:2512 [inline]
 do_mount+0x3e1/0x28b0 fs/namespace.c:2834
 SYSC_mount fs/namespace.c:3050 [inline]
 SyS_mount+0xab/0x120 fs/namespace.c:3027
 entry_SYSCALL_64_fastpath+0x23/0xc6
Freed:
PID = 3342671184
BUG: unable to handle kernel paging request at ffffffff87108fa8
IP: [<ffffffff81e3ffb5>] depot_fetch_stack+0x15/0x40 lib/stackdepot.c:194
PGD 441e067 
PUD 441f063 
PMD 0 

Oops: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 9513 Comm: syz-executor5 Tainted: G    B           4.9.61-gd55e630 #87
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801c751e000 task.stack: ffff8801c8030000
RIP: 0010:[<ffffffff81e3ffb5>]  [<ffffffff81e3ffb5>] depot_fetch_stack+0x15/0x40 lib/stackdepot.c:194
RSP: 0018:ffff8801c80375d8  EFLAGS: 00010006
RAX: 00000000001f8801 RBX: ffff8801c73d1df0 RCX: ffffc90003eb2000
RDX: 0000000000000000 RSI: ffff8801c80375e0 RDI: 0000000000003ff0
RBP: ffff8801c8037608 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000000 R12: ffff8801c73d1de0
R13: ffff8801c73d1de8 R14: ffffed0038e7a3be R15: ffff8801c73d1df0
FS:  00007f16e83e8700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff87108fa8 CR3: 00000001aa943000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffffffff8156353e 0000000000000000 ffff8801da001c80 0000000000000008
 daa2f8a1382351de ffff8801da001c80 ffff8801c8037630 ffffffff8153c208
 ffffed0038e7a3be ffff8801da001c80 0000000000000000 ffff8801c80376b8
Call Trace:
 [<ffffffff8153c208>] kasan_object_err+0x68/0x70 mm/kasan/report.c:170
 [<ffffffff8153c47c>] print_address_description mm/kasan/report.c:198 [inline]
 [<ffffffff8153c47c>] kasan_report_error mm/kasan/report.c:287 [inline]
 [<ffffffff8153c47c>] kasan_report.part.1+0x21c/0x500 mm/kasan/report.c:309
 [<ffffffff8153c819>] kasan_report mm/kasan/report.c:330 [inline]
 [<ffffffff8153c819>] __asan_report_load8_noabort+0x29/0x30 mm/kasan/report.c:330
 [<ffffffff8340ee76>] ip6_setup_cork+0x10b6/0x1200 net/ipv6/ip6_output.c:1241
 [<ffffffff83421d48>] ip6_make_skb+0x1b8/0x440 net/ipv6/ip6_output.c:1802
 [<ffffffff83487c9d>] udpv6_sendmsg+0x1b1d/0x2540 net/ipv6/udp.c:1240
 [<ffffffff832e974c>] inet_sendmsg+0x2bc/0x4c0 net/ipv4/af_inet.c:770
 [<ffffffff82eceb9a>] sock_sendmsg_nosec net/socket.c:635 [inline]
 [<ffffffff82eceb9a>] sock_sendmsg+0xca/0x110 net/socket.c:645
 [<ffffffff82ecfaf8>] SYSC_sendto+0x2c8/0x340 net/socket.c:1670
 [<ffffffff82ed1fa0>] SyS_sendto+0x40/0x50 net/socket.c:1638
 [<ffffffff838aadc5>] entry_SYSCALL_64_fastpath+0x23/0xc6
Code: a2 52 ff 0f 0b e8 5c c8 6f ff eb de 66 2e 0f 1f 84 00 00 00 00 00 89 f8 c1 ef 11 55 25 ff ff 1f 00 81 e7 f0 3f 00 00 48 89 e5 5d <48> 03 3c c5 a0 4f 14 86 8b 47 0c 48 83 c7 18 c7 46 10 00 00 00 
RIP  [<ffffffff81e3ffb5>] depot_fetch_stack+0x15/0x40 lib/stackdepot.c:194
 RSP <ffff8801c80375d8>
CR2: ffffffff87108fa8
---[ end trace 8755a200eaf8834b ]---