[....] Starting enhanced syslogd: rsyslogd[ 10.731532] audit: type=1400 audit(1514624135.442:5): avc: denied { syslog } for pid=3036 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 15.810827] audit: type=1400 audit(1514624140.521:6): avc: denied { map } for pid=3177 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.194' (ECDSA) to the list of known hosts.
executing program
[ 37.906927] audit: type=1400 audit(1514624162.617:7): avc: denied { map } for pid=3195 comm="syzkaller330266" path="/root/syzkaller330266731" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 37.930846] device lo entered promiscuous mode
[ 37.938104] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
[ 37.955411] ==================================================================
[ 37.962822] BUG: KASAN: slab-out-of-bounds in tcp_v6_syn_recv_sock+0x628/0x23a0
[ 37.970235] Write of size 160 at addr ffff8801c707fee0 by task syzkaller330266/3197
[ 37.977995]
[ 37.979598] CPU: 0 PID: 3197 Comm: syzkaller330266 Not tainted 4.15.0-rc5+ #151
[ 37.987103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 37.996427] Call Trace:
[ 37.998978]
[ 38.001103] dump_stack+0x194/0x257
[ 38.004702] ? arch_local_irq_restore+0x53/0x53
[ 38.009353] ? show_regs_print_info+0x18/0x18
[ 38.013830] ? tcp_v6_send_synack+0xa90/0xa90
[ 38.018300] ? tcp_v6_syn_recv_sock+0x628/0x23a0
[ 38.023027] print_address_description+0x73/0x250
[ 38.027839] ? tcp_v6_syn_recv_sock+0x628/0x23a0
[ 38.032567] kasan_report+0x25b/0x340
[ 38.036342] check_memory_region+0x137/0x190
[ 38.040722] memcpy+0x37/0x50
[ 38.043801] tcp_v6_syn_recv_sock+0x628/0x23a0
[ 38.048358] ? tcp_v6_conn_request+0x270/0x270
[ 38.052907] ? __local_bh_enable_ip+0x121/0x230
[ 38.057547] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 38.062535] ? ip6_dst_lookup_tail+0xdbd/0x18f0
[ 38.067172] ? trace_hardirqs_on+0xd/0x10
[ 38.071285] ? __local_bh_enable_ip+0x121/0x230
[ 38.075925] ? ip6_dst_lookup_tail+0x40a/0x18f0
[ 38.080570] ? ip6_copy_metadata+0x890/0x890
[ 38.084956] ? selinux_netlbl_inet_conn_request+0x81/0x3c0
[ 38.090548] ? selinux_netlbl_skbuff_setsid+0x5d0/0x5d0
[ 38.095885] ? __bfs+0x706/0x750
[ 38.099220] ? rcu_read_lock_sched_held+0x108/0x120
[ 38.104218] tcp_get_cookie_sock+0x102/0x540
[ 38.108599] ? selinux_inet_conn_request+0x25b/0x390
[ 38.113674] ? cookie_ecn_ok+0x120/0x120
[ 38.117709] ? xfrm_lookup_route+0x4f/0x1a0
[ 38.122003] ? ip6_dst_lookup_flow+0x1ca/0x270
[ 38.126555] ? ip6_dst_lookup+0x60/0x60
[ 38.130504] ? tcp_select_initial_window+0x30c/0x410
[ 38.135591] cookie_v6_check+0x177d/0x2160
[ 38.139808] ? cookie_v6_init_sequence+0xe0/0xe0
[ 38.144546] ? sk_filter_trim_cap+0x40a/0x9c0
[ 38.149018] ? lock_downgrade+0x980/0x980
[ 38.153150] ? lock_release+0xa40/0xa40
[ 38.157110] ? __lock_is_held+0xb6/0x140
[ 38.161153] ? sk_filter_trim_cap+0xe7/0x9c0
[ 38.165534] ? __local_bh_enable_ip+0x121/0x230
[ 38.170194] ? tcp_v6_inbound_md5_hash+0x155/0x5c0
[ 38.175100] tcp_v6_do_rcv+0xe4d/0x11c0
[ 38.179049] ? tcp_v6_do_rcv+0xe4d/0x11c0
[ 38.183164] ? tcp_v6_fill_cb+0x3f0/0x480
[ 38.187283] tcp_v6_rcv+0x22ee/0x2b40
[ 38.191072] ? tcp_v6_reqsk_send_ack+0x370/0x370
[ 38.195815] ip6_input_finish+0x36f/0x1700
[ 38.200019] ? ip6_input+0x3b4/0x560
[ 38.203714] ? ip6_rcv_finish+0x7a0/0x7a0
[ 38.207836] ? nf_hook_slow+0xd3/0x1a0
[ 38.211704] ip6_input+0xe9/0x560
[ 38.215132] ? ip6_input_finish+0x1700/0x1700
[ 38.219610] ? find_held_lock+0x35/0x1d0
[ 38.223646] ? ip6_rcv_finish+0x7a0/0x7a0
[ 38.227775] ? ipv6_rcv+0x16b2/0x1f80
[ 38.231547] ip6_rcv_finish+0x1a9/0x7a0
[ 38.235489] ? ip6_make_skb+0x580/0x580
[ 38.239443] ? nf_hook_slow+0xd3/0x1a0
[ 38.243325] ipv6_rcv+0xf1f/0x1f80
[ 38.246848] ? ip6_input+0x560/0x560
[ 38.250534] ? check_noncircular+0x20/0x20
[ 38.254741] ? print_irqtrace_events+0x270/0x270
[ 38.259463] ? print_irqtrace_events+0x270/0x270
[ 38.264186] ? check_noncircular+0x20/0x20
[ 38.268396] ? check_noncircular+0x20/0x20
[ 38.272609] ? ip6_make_skb+0x580/0x580
[ 38.276560] ? ip6_input+0x560/0x560
[ 38.280249] __netif_receive_skb_core+0x1a3e/0x3450
[ 38.285244] ? nf_ingress+0x9f0/0x9f0
[ 38.289014] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 38.294185] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 38.299354] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 38.304514] ? rcu_read_lock_sched_held+0x108/0x120
[ 38.309498] ? update_cfs_rq_load_avg.part.69+0x23d/0x2d0
[ 38.315005] ? attach_entity_load_avg+0x7a0/0x7a0
[ 38.319818] ? __update_load_avg_se.isra.27+0x56a/0x7c0
[ 38.325144] ? __update_load_avg_se.isra.27+0x56a/0x7c0
[ 38.330485] ? __lock_acquire+0x664/0x3e00
[ 38.334711] ? fastpath_timer_check+0x7d5/0xa70
[ 38.339349] ? print_irqtrace_events+0x270/0x270
[ 38.344088] ? check_noncircular+0x20/0x20
[ 38.348293] ? check_noncircular+0x20/0x20
[ 38.352498] ? check_noncircular+0x20/0x20
[ 38.356707] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 38.361867] ? __lock_acquire+0x664/0x3e00
[ 38.366080] ? find_held_lock+0x35/0x1d0
[ 38.370112] ? lock_acquire+0x1d5/0x580
[ 38.374057] ? process_backlog+0x45f/0x740
[ 38.378259] ? lock_acquire+0x1d5/0x580
[ 38.382199] ? process_backlog+0x1ab/0x740
[ 38.386416] ? lock_release+0xa40/0xa40
[ 38.390369] __netif_receive_skb+0x2c/0x1b0
[ 38.394663] ? __netif_receive_skb+0x2c/0x1b0
[ 38.399131] process_backlog+0x203/0x740
[ 38.403160] ? mark_held_locks+0xaf/0x100
[ 38.407284] net_rx_action+0x792/0x1910
[ 38.411230] ? lock_release+0xa40/0xa40
[ 38.415176] ? napi_complete_done+0x6c0/0x6c0
[ 38.419647] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 38.424728] ? cpu_needs_another_gp+0x69e/0x8d0
[ 38.429385] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 38.434380] ? rcu_gpnum_ovf+0x310/0x310
[ 38.438413] ? synchronize_rcu_expedited+0x10/0x10
[ 38.443315] ? lock_release+0xa40/0xa40
[ 38.447260] ? timerqueue_add+0x1e9/0x280
[ 38.451379] ? do_raw_spin_trylock+0x190/0x190
[ 38.455926] ? rcu_pm_notify+0xc0/0xc0
[ 38.459796] ? rcu_read_lock_sched_held+0x108/0x120
[ 38.464783] ? rcu_process_callbacks+0x3a0/0x17f0
[ 38.469602] ? trigger_dyntick_cpu.isra.29+0x180/0x180
[ 38.474852] ? note_gp_changes+0x650/0x650
[ 38.479062] ? pvclock_read_flags+0x160/0x160
[ 38.483534] ? check_noncircular+0x20/0x20
[ 38.487744] ? print_irqtrace_events+0x270/0x270
[ 38.492467] ? ktime_get_resolution_ns+0x300/0x300
[ 38.497361] ? lock_downgrade+0x980/0x980
[ 38.501480] ? check_noncircular+0x20/0x20
[ 38.505683] ? do_timer+0x50/0x50
[ 38.509110] ? __lock_is_held+0xb6/0x140
[ 38.513161] __do_softirq+0x2d7/0xb85
[ 38.516939] ? task_prio+0x40/0x40
[ 38.520467] ? __irqentry_text_end+0x4/0x4
[ 38.524670] ? irq_exit+0xbb/0x200
[ 38.528177] ? smp_apic_timer_interrupt+0x16b/0x700
[ 38.533157] ? smp_reschedule_interrupt+0xe6/0x670
[ 38.538051] ? smp_call_function_single_interrupt+0x640/0x640
[ 38.543900] ? _raw_spin_lock+0x32/0x40
[ 38.547849] ? task_prio+0x40/0x40
[ 38.551361] ? rcu_eqs_enter_common.constprop.69+0x21a/0x300
[ 38.557133] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 38.561950] do_softirq_own_stack+0x2a/0x40
[ 38.566236]
[ 38.568441] do_softirq.part.21+0x14d/0x190
[ 38.572730] ? ip6_finish_output2+0xb73/0x2390
[ 38.577292] __local_bh_enable_ip+0x1ee/0x230
[ 38.581761] ip6_finish_output2+0xba6/0x2390
[ 38.586145] ? ip6_sk_dst_lookup_flow+0x7f0/0x7f0
[ 38.590957] ? ip6_mtu+0x36f/0x4d0
[ 38.594465] ? check_noncircular+0x20/0x20
[ 38.598674] ? __lock_is_held+0xb6/0x140
[ 38.602722] ? __lock_is_held+0xb6/0x140
[ 38.606760] ip6_finish_output+0x2f9/0x920
[ 38.610959] ? ip6_finish_output+0x2f9/0x920
[ 38.615338] ip6_output+0x1eb/0x840
[ 38.618935] ? ip6_finish_output+0x920/0x920
[ 38.623309] ? lock_release+0xa40/0xa40
[ 38.627255] ? ip6_fragment+0x3420/0x3420
[ 38.631377] ip6_xmit+0xd75/0x2080
[ 38.634885] ? __sk_dst_check+0x1a5/0x380
[ 38.639010] ? ip6_finish_output2+0x2390/0x2390
[ 38.643647] ? fl6_update_dst+0x127/0x2b0
[ 38.647769] ? check_noncircular+0x20/0x20
[ 38.651968] ? inet6_csk_route_socket+0x691/0xe80
[ 38.656780] ? lock_acquire+0x1d5/0x580
[ 38.660731] ? memcpy+0x45/0x50
[ 38.663980] ? lock_acquire+0x1d5/0x580
[ 38.667921] ? inet6_csk_xmit+0x114/0x580
[ 38.672039] ? ip6_forward_finish+0x140/0x140
[ 38.676506] ? lock_release+0xa40/0xa40
[ 38.680451] ? __lock_is_held+0xb6/0x140
[ 38.684507] inet6_csk_xmit+0x2fc/0x580
[ 38.688450] ? inet6_csk_update_pmtu+0x160/0x160
[ 38.693174] ? skb_clone+0x20d/0x480
[ 38.696858] ? tcp_schedule_loss_probe+0x5f0/0x5f0
[ 38.701769] tcp_transmit_skb+0x1b12/0x38b0
[ 38.706072] ? __tcp_select_window+0x900/0x900
[ 38.710621] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 38.715693] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 38.720677] ? trace_hardirqs_on+0xd/0x10
[ 38.724794] ? depot_save_stack+0x3b5/0x490
[ 38.729089] ? check_noncircular+0x20/0x20
[ 38.733293] ? tcp_small_queue_check.isra.26+0x31c/0x450
[ 38.738710] ? tcp_tso_segs+0x240/0x240
[ 38.742651] ? pvclock_read_flags+0x160/0x160
[ 38.747111] ? sock_release+0x8d/0x1e0
[ 38.750961] ? sock_close+0x16/0x20
[ 38.754553] ? __fput+0x327/0x7e0
[ 38.757979] ? ____fput+0x15/0x20
[ 38.761407] ? task_work_run+0x199/0x270
[ 38.765435] ? do_exit+0x9bb/0x1ad0
[ 38.769025] ? do_group_exit+0x149/0x400
[ 38.773053] ? do_signal+0x94/0x1ee0
[ 38.776740] ? sched_clock_cpu+0x1b/0x170
[ 38.780856] ? tcp_init_tso_segs+0x114/0x1f0
[ 38.785233] tcp_write_xmit+0x680/0x5190
[ 38.789278] ? tcp_md5_do_lookup+0x256/0x730
[ 38.793658] ? tcp_v4_parse_md5_keys+0x1f1/0x2d0
[ 38.798386] ? tcp_transmit_skb+0x38b0/0x38b0
[ 38.802856] ? ip6_mtu+0x1cd/0x4d0
[ 38.806366] ? tcp_v6_md5_lookup+0x23/0x30
[ 38.810566] ? tcp_established_options+0x2c5/0x420
[ 38.815466] ? tcp_current_mss+0x254/0x380
[ 38.819667] ? tcp_mtu_to_mss+0x460/0x460
[ 38.823789] ? __lock_is_held+0xb6/0x140
[ 38.828309] __tcp_push_pending_frames+0xa0/0x250
[ 38.833119] tcp_send_fin+0x1b0/0xd20
[ 38.836884] ? tcp_set_state+0x1f2/0x810
[ 38.840913] ? sk_forced_mem_schedule+0x150/0x150
[ 38.845723] ? __sk_dst_check+0x380/0x380
[ 38.849841] ? mark_held_locks+0xaf/0x100
[ 38.853955] ? do_raw_spin_trylock+0x190/0x190
[ 38.858507] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 38.863488] ? lock_sock_nested+0x91/0x110
[ 38.867687] ? trace_hardirqs_on+0xd/0x10
[ 38.871807] tcp_close+0xbe0/0xfc0
[ 38.875315] ? ip_mc_drop_socket+0x1ce/0x230
[ 38.879696] inet_release+0xed/0x1c0
[ 38.883379] inet6_release+0x50/0x70
[ 38.887060] sock_release+0x8d/0x1e0
[ 38.890741] ? sock_alloc_file+0x560/0x560
[ 38.894941] sock_close+0x16/0x20
[ 38.898360] __fput+0x327/0x7e0
[ 38.901611] ? fput+0x140/0x140
[ 38.904859] ? trace_event_raw_event_sched_switch+0x800/0x800
[ 38.910706] ? _raw_spin_unlock_irq+0x27/0x70
[ 38.915171] ____fput+0x15/0x20
[ 38.918432] task_work_run+0x199/0x270
[ 38.922295] ? task_work_cancel+0x210/0x210
[ 38.926584] ? _raw_spin_unlock+0x22/0x30
[ 38.930701] ? switch_task_namespaces+0x87/0xc0
[ 38.935343] do_exit+0x9bb/0x1ad0
[ 38.938769] ? mm_update_next_owner+0x930/0x930
[ 38.943410] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 38.948565] ? futex_wait+0x402/0x9a0
[ 38.952340] ? lock_downgrade+0x980/0x980
[ 38.956466] ? __unqueue_futex+0x1c0/0x290
[ 38.960668] ? lock_release+0xa40/0xa40
[ 38.964610] ? fault_in_user_writeable+0x90/0x90
[ 38.969335] ? do_raw_spin_trylock+0x190/0x190
[ 38.973884] ? futex_wake+0x680/0x680
[ 38.977660] ? drop_futex_key_refs.isra.12+0x63/0xb0
[ 38.982730] ? futex_wait+0x6a9/0x9a0
[ 38.986503] ? check_noncircular+0x20/0x20
[ 38.990707] ? futex_wait_setup+0x3d0/0x3d0
[ 38.995003] ? wake_up_q+0x8a/0xe0
[ 38.998514] ? drop_futex_key_refs.isra.12+0x63/0xb0
[ 39.003584] ? futex_wake+0x2ca/0x680
[ 39.007360] ? find_held_lock+0x35/0x1d0
[ 39.011395] ? get_signal+0x7ae/0x16c0
[ 39.015257] ? lock_downgrade+0x980/0x980
[ 39.019386] do_group_exit+0x149/0x400
[ 39.023242] ? do_raw_spin_trylock+0x190/0x190
[ 39.027800] ? SyS_exit+0x30/0x30
[ 39.031221] ? _raw_spin_unlock_irq+0x27/0x70
[ 39.035708] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 39.040697] get_signal+0x73f/0x16c0
[ 39.044386] ? ptrace_notify+0x130/0x130
[ 39.048433] ? tcp_sendmsg+0x3a/0x50
[ 39.052119] ? inet_sendmsg+0x126/0x5e0
[ 39.056062] ? __might_sleep+0x95/0x190
[ 39.060007] ? inet_recvmsg+0x5f0/0x5f0
[ 39.063961] ? security_socket_sendmsg+0x89/0xb0
[ 39.068704] ? inet_recvmsg+0x5f0/0x5f0
[ 39.072651] do_signal+0x94/0x1ee0
[ 39.076162] ? SYSC_sendto+0x41c/0x5c0
[ 39.080024] ? SYSC_connect+0x4a0/0x4a0
[ 39.083968] ? setup_sigcontext+0x7d0/0x7d0
[ 39.088261] ? find_held_lock+0x35/0x1d0
[ 39.092301] ? lock_downgrade+0x980/0x980
[ 39.096425] ? handle_mm_fault+0x410/0x8d0
[ 39.100624] ? down_read_trylock+0xdb/0x170
[ 39.104914] ? __do_page_fault+0x32d/0xc90
[ 39.109124] ? exit_to_usermode_loop+0x8c/0x310
[ 39.113766] exit_to_usermode_loop+0x214/0x310
[ 39.118336] ? trace_event_raw_event_sys_exit+0x260/0x260
[ 39.123847] ? do_fast_syscall_32+0x156/0xf9d
[ 39.128322] do_fast_syscall_32+0xbfd/0xf9d
[ 39.132616] ? do_int80_syscall_32+0x9d0/0x9d0
[ 39.137175] ? syscall_return_slowpath+0x2ad/0x550
[ 39.142073] ? prepare_exit_to_usermode+0x340/0x340
[ 39.147063] ? sysret32_from_system_call+0x5/0x3b
[ 39.151879] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 39.156698] entry_SYSENTER_compat+0x54/0x63
[ 39.161072] RIP: 0023:0xf7f16c79
[ 39.164401] RSP: 002b:00000000f7ef11ec EFLAGS: 00000296 ORIG_RAX: 00000000000000f0
[ 39.172077] RAX: fffffffffffffe00 RBX: 00000000080f9ff4 RCX: 0000000000000000
[ 39.179317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000080f9ff4
[ 39.186552] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 39.193789] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 39.201025] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 39.208295]
[ 39.209891] Allocated by task 3197:
[ 39.213489] save_stack+0x43/0xd0
[ 39.217001] kasan_kmalloc+0xad/0xe0
[ 39.220681] kasan_slab_alloc+0x12/0x20
[ 39.224629] kmem_cache_alloc+0x12e/0x760
[ 39.228751] sk_prot_alloc+0x65/0x2a0
[ 39.232517] sk_clone_lock+0x152/0x1570
[ 39.236462] inet_csk_clone_lock+0x92/0x4f0
[ 39.240759] tcp_create_openreq_child+0x9b/0x1b70
[ 39.245570] tcp_v6_syn_recv_sock+0x22d/0x23a0
[ 39.250118] tcp_get_cookie_sock+0x102/0x540
[ 39.254493] cookie_v6_check+0x177d/0x2160
[ 39.258691] tcp_v6_do_rcv+0xe4d/0x11c0
[ 39.262642] tcp_v6_rcv+0x22ee/0x2b40
[ 39.266411] ip6_input_finish+0x36f/0x1700
[ 39.270618] ip6_input+0xe9/0x560
[ 39.274056] ip6_rcv_finish+0x1a9/0x7a0
[ 39.277997] ipv6_rcv+0xf1f/0x1f80
[ 39.281506] __netif_receive_skb_core+0x1a3e/0x3450
[ 39.286486] __netif_receive_skb+0x2c/0x1b0
[ 39.290772] process_backlog+0x203/0x740
[ 39.294800] net_rx_action+0x792/0x1910
[ 39.298740] __do_softirq+0x2d7/0xb85
[ 39.302502]
[ 39.304094] Freed by task 0:
[ 39.307076] (stack is not available)
[ 39.310750]
[ 39.312348] The buggy address belongs to the object at ffff8801c707f500
[ 39.312348] which belongs to the cache TCP of size 2528
[ 39.324363] The buggy address is located 0 bytes to the right of
[ 39.324363] 2528-byte region [ffff8801c707f500, ffff8801c707fee0)
[ 39.336636] The buggy address belongs to the page:
[ 39.341533] page:0000000016811dfc count:1 mapcount:0 mapping:000000003df809a9 index:0xffff8801c707fffd compound_mapcount: 0
[ 39.352773] flags: 0x2fffc0000008100(slab|head)
[ 39.357409] raw: 02fffc0000008100 ffff8801c707e000 ffff8801c707fffd 0000000100000003
[ 39.365256] raw: ffffea00074ee8a0 ffffea00071c2020 ffff8801d8441040 0000000000000000
[ 39.373101] page dumped because: kasan: bad access detected
[ 39.378776]
[ 39.380371] Memory state around the buggy address:
[ 39.385265] ffff8801c707fd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 39.392590] ffff8801c707fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 39.399917] >ffff8801c707fe80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 39.407245] ^
[ 39.413701] ffff8801c707ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 39.421025] ffff8801c707ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 39.428346] ==================================================================
[ 39.435670] Disabling lock debugging due to kernel taint
[ 39.441127] Kernel panic - not syncing: panic_on_warn set ...
[ 39.441127]
[ 39.448458] CPU: 0 PID: 3197 Comm: syzkaller330266 Tainted: G B 4.15.0-rc5+ #151
[ 39.457171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 39.466491] Call Trace:
[ 39.469046]
[ 39.471166] dump_stack+0x194/0x257
[ 39.474760] ? arch_local_irq_restore+0x53/0x53
[ 39.479394] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 39.484118] ? vsnprintf+0x1ed/0x1900
[ 39.487885] ? tcp_v6_syn_recv_sock+0x5f0/0x23a0
[ 39.492605] panic+0x1e4/0x41c
[ 39.495762] ? refcount_error_report+0x214/0x214
[ 39.500490] ? add_taint+0x1c/0x50
[ 39.504001] ? add_taint+0x1c/0x50
[ 39.507506] ? tcp_v6_syn_recv_sock+0x628/0x23a0
[ 39.512227] kasan_end_report+0x50/0x50
[ 39.516166] kasan_report+0x144/0x340
[ 39.519931] check_memory_region+0x137/0x190
[ 39.524310] memcpy+0x37/0x50
[ 39.527387] tcp_v6_syn_recv_sock+0x628/0x23a0
[ 39.531939] ? tcp_v6_conn_request+0x270/0x270
[ 39.536494] ? __local_bh_enable_ip+0x121/0x230
[ 39.541132] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 39.546119] ? ip6_dst_lookup_tail+0xdbd/0x18f0
[ 39.550758] ? trace_hardirqs_on+0xd/0x10
[ 39.554873] ? __local_bh_enable_ip+0x121/0x230
[ 39.559514] ? ip6_dst_lookup_tail+0x40a/0x18f0
[ 39.564154] ? ip6_copy_metadata+0x890/0x890
[ 39.568540] ? selinux_netlbl_inet_conn_request+0x81/0x3c0
[ 39.574127] ? selinux_netlbl_skbuff_setsid+0x5d0/0x5d0
[ 39.579459] ? __bfs+0x706/0x750
[ 39.582788] ? rcu_read_lock_sched_held+0x108/0x120
[ 39.587775] tcp_get_cookie_sock+0x102/0x540
[ 39.592148] ? selinux_inet_conn_request+0x25b/0x390
[ 39.597215] ? cookie_ecn_ok+0x120/0x120
[ 39.601244] ? xfrm_lookup_route+0x4f/0x1a0
[ 39.605533] ? ip6_dst_lookup_flow+0x1ca/0x270
[ 39.610084] ? ip6_dst_lookup+0x60/0x60
[ 39.614023] ? tcp_select_initial_window+0x30c/0x410
[ 39.619097] cookie_v6_check+0x177d/0x2160
[ 39.623300] ? cookie_v6_init_sequence+0xe0/0xe0
[ 39.628023] ? sk_filter_trim_cap+0x40a/0x9c0
[ 39.632481] ? lock_downgrade+0x980/0x980
[ 39.636593] ? lock_release+0xa40/0xa40
[ 39.640534] ? __lock_is_held+0xb6/0x140
[ 39.644563] ? sk_filter_trim_cap+0xe7/0x9c0
[ 39.648936] ? __local_bh_enable_ip+0x121/0x230
[ 39.653580] ? tcp_v6_inbound_md5_hash+0x155/0x5c0
[ 39.658480] tcp_v6_do_rcv+0xe4d/0x11c0
[ 39.662419] ? tcp_v6_do_rcv+0xe4d/0x11c0
[ 39.666530] ? tcp_v6_fill_cb+0x3f0/0x480
[ 39.670643] tcp_v6_rcv+0x22ee/0x2b40
[ 39.674417] ? tcp_v6_reqsk_send_ack+0x370/0x370
[ 39.679143] ip6_input_finish+0x36f/0x1700
[ 39.683342] ? ip6_input+0x3b4/0x560
[ 39.687026] ? ip6_rcv_finish+0x7a0/0x7a0
[ 39.691141] ? nf_hook_slow+0xd3/0x1a0
[ 39.695002] ip6_input+0xe9/0x560
[ 39.698420] ? ip6_input_finish+0x1700/0x1700
[ 39.702880] ? find_held_lock+0x35/0x1d0
[ 39.706908] ? ip6_rcv_finish+0x7a0/0x7a0
[ 39.711021] ? ipv6_rcv+0x16b2/0x1f80
[ 39.714788] ip6_rcv_finish+0x1a9/0x7a0
[ 39.718726] ? ip6_make_skb+0x580/0x580
[ 39.722675] ? nf_hook_slow+0xd3/0x1a0
[ 39.726531] ipv6_rcv+0xf1f/0x1f80
[ 39.730041] ? ip6_input+0x560/0x560
[ 39.733719] ? check_noncircular+0x20/0x20
[ 39.737917] ? print_irqtrace_events+0x270/0x270
[ 39.742936] ? print_irqtrace_events+0x270/0x270
[ 39.747657] ? check_noncircular+0x20/0x20
[ 39.751856] ? check_noncircular+0x20/0x20
[ 39.756060] ? ip6_make_skb+0x580/0x580
[ 39.760011] ? ip6_input+0x560/0x560
[ 39.763708] __netif_receive_skb_core+0x1a3e/0x3450
[ 39.768702] ? nf_ingress+0x9f0/0x9f0
[ 39.772476] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 39.777646] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 39.782806] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 39.787958] ? rcu_read_lock_sched_held+0x108/0x120
[ 39.792939] ? update_cfs_rq_load_avg.part.69+0x23d/0x2d0
[ 39.798439] ? attach_entity_load_avg+0x7a0/0x7a0
[ 39.803248] ? __update_load_avg_se.isra.27+0x56a/0x7c0
[ 39.808575] ? __update_load_avg_se.isra.27+0x56a/0x7c0
[ 39.813908] ? __lock_acquire+0x664/0x3e00
[ 39.818118] ? fastpath_timer_check+0x7d5/0xa70
[ 39.822750] ? print_irqtrace_events+0x270/0x270
[ 39.827472] ? check_noncircular+0x20/0x20
[ 39.831668] ? check_noncircular+0x20/0x20
[ 39.835868] ? check_noncircular+0x20/0x20
[ 39.840069] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 39.845230] ? __lock_acquire+0x664/0x3e00
[ 39.849432] ? find_held_lock+0x35/0x1d0
[ 39.853462] ? lock_acquire+0x1d5/0x580
[ 39.857403] ? process_backlog+0x45f/0x740
[ 39.861600] ? lock_acquire+0x1d5/0x580
[ 39.865538] ? process_backlog+0x1ab/0x740
[ 39.869738] ? lock_release+0xa40/0xa40
[ 39.873693] __netif_receive_skb+0x2c/0x1b0
[ 39.877979] ? __netif_receive_skb+0x2c/0x1b0
[ 39.882444] process_backlog+0x203/0x740
[ 39.886468] ? mark_held_locks+0xaf/0x100
[ 39.890584] net_rx_action+0x792/0x1910
[ 39.894525] ? lock_release+0xa40/0xa40
[ 39.898466] ? napi_complete_done+0x6c0/0x6c0
[ 39.902932] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 39.908015] ? cpu_needs_another_gp+0x69e/0x8d0
[ 39.912654] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 39.917635] ? rcu_gpnum_ovf+0x310/0x310
[ 39.921683] ? synchronize_rcu_expedited+0x10/0x10
[ 39.926586] ? lock_release+0xa40/0xa40
[ 39.930529] ? timerqueue_add+0x1e9/0x280
[ 39.934651] ? do_raw_spin_trylock+0x190/0x190
[ 39.939199] ? rcu_pm_notify+0xc0/0xc0
[ 39.943057] ? rcu_read_lock_sched_held+0x108/0x120
[ 39.948039] ? rcu_process_callbacks+0x3a0/0x17f0
[ 39.952855] ? trigger_dyntick_cpu.isra.29+0x180/0x180
[ 39.958094] ? note_gp_changes+0x650/0x650
[ 39.962297] ? pvclock_read_flags+0x160/0x160
[ 39.966760] ? check_noncircular+0x20/0x20
[ 39.970965] ? print_irqtrace_events+0x270/0x270
[ 39.975694] ? ktime_get_resolution_ns+0x300/0x300
[ 39.980588] ? lock_downgrade+0x980/0x980
[ 39.984702] ? check_noncircular+0x20/0x20
[ 39.988915] ? do_timer+0x50/0x50
[ 39.992337] ? __lock_is_held+0xb6/0x140
[ 39.996371] __do_softirq+0x2d7/0xb85
[ 40.000138] ? task_prio+0x40/0x40
[ 40.003645] ? __irqentry_text_end+0x4/0x4
[ 40.007845] ? irq_exit+0xbb/0x200
[ 40.011350] ? smp_apic_timer_interrupt+0x16b/0x700
[ 40.016329] ? smp_reschedule_interrupt+0xe6/0x670
[ 40.021223] ? smp_call_function_single_interrupt+0x640/0x640
[ 40.027082] ? _raw_spin_lock+0x32/0x40
[ 40.031023] ? task_prio+0x40/0x40
[ 40.034546] ? rcu_eqs_enter_common.constprop.69+0x21a/0x300
[ 40.040317] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 40.045131] do_softirq_own_stack+0x2a/0x40
[ 40.049418]
[ 40.051634] do_softirq.part.21+0x14d/0x190
[ 40.055921] ? ip6_finish_output2+0xb73/0x2390
[ 40.060468] __local_bh_enable_ip+0x1ee/0x230
[ 40.064930] ip6_finish_output2+0xba6/0x2390
[ 40.069309] ? ip6_sk_dst_lookup_flow+0x7f0/0x7f0
[ 40.074116] ? ip6_mtu+0x36f/0x4d0
[ 40.077620] ? check_noncircular+0x20/0x20
[ 40.081821] ? __lock_is_held+0xb6/0x140
[ 40.085849] ? __lock_is_held+0xb6/0x140
[ 40.089879] ip6_finish_output+0x2f9/0x920
[ 40.094076] ? ip6_finish_output+0x2f9/0x920
[ 40.098452] ip6_output+0x1eb/0x840
[ 40.102044] ? ip6_finish_output+0x920/0x920
[ 40.106416] ? lock_release+0xa40/0xa40
[ 40.110358] ? ip6_fragment+0x3420/0x3420
[ 40.114473] ip6_xmit+0xd75/0x2080
[ 40.117978] ? __sk_dst_check+0x1a5/0x380
[ 40.122096] ? ip6_finish_output2+0x2390/0x2390
[ 40.126731] ? fl6_update_dst+0x127/0x2b0
[ 40.130846] ? check_noncircular+0x20/0x20
[ 40.135046] ? inet6_csk_route_socket+0x691/0xe80
[ 40.139856] ? lock_acquire+0x1d5/0x580
[ 40.143792] ? memcpy+0x45/0x50
[ 40.147034] ? lock_acquire+0x1d5/0x580
[ 40.150974] ? inet6_csk_xmit+0x114/0x580
[ 40.155088] ? ip6_forward_finish+0x140/0x140
[ 40.159548] ? lock_release+0xa40/0xa40
[ 40.163486] ? __lock_is_held+0xb6/0x140
[ 40.167514] inet6_csk_xmit+0x2fc/0x580
[ 40.171452] ? inet6_csk_update_pmtu+0x160/0x160
[ 40.176175] ? skb_clone+0x20d/0x480
[ 40.179853] ? tcp_schedule_loss_probe+0x5f0/0x5f0
[ 40.184753] tcp_transmit_skb+0x1b12/0x38b0
[ 40.189045] ? __tcp_select_window+0x900/0x900
[ 40.193590] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 40.198673] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 40.203666] ? trace_hardirqs_on+0xd/0x10
[ 40.207788] ? depot_save_stack+0x3b5/0x490
[ 40.212079] ? check_noncircular+0x20/0x20
[ 40.216282] ? tcp_small_queue_check.isra.26+0x31c/0x450
[ 40.221699] ? tcp_tso_segs+0x240/0x240
[ 40.225638] ? pvclock_read_flags+0x160/0x160
[ 40.230099] ? sock_release+0x8d/0x1e0
[ 40.233949] ? sock_close+0x16/0x20
[ 40.237539] ? __fput+0x327/0x7e0
[ 40.240955] ? ____fput+0x15/0x20
[ 40.244377] ? task_work_run+0x199/0x270
[ 40.248401] ? do_exit+0x9bb/0x1ad0
[ 40.251990] ? do_group_exit+0x149/0x400
[ 40.256020] ? do_signal+0x94/0x1ee0
[ 40.259704] ? sched_clock_cpu+0x1b/0x170
[ 40.263816] ? tcp_init_tso_segs+0x114/0x1f0
[ 40.268194] tcp_write_xmit+0x680/0x5190
[ 40.272222] ? tcp_md5_do_lookup+0x256/0x730
[ 40.276597] ? tcp_v4_parse_md5_keys+0x1f1/0x2d0
[ 40.281320] ? tcp_transmit_skb+0x38b0/0x38b0
[ 40.285783] ? ip6_mtu+0x1cd/0x4d0
[ 40.289290] ? tcp_v6_md5_lookup+0x23/0x30
[ 40.293490] ? tcp_established_options+0x2c5/0x420
[ 40.298387] ? tcp_current_mss+0x254/0x380
[ 40.302586] ? tcp_mtu_to_mss+0x460/0x460
[ 40.306704] ? __lock_is_held+0xb6/0x140
[ 40.310735] __tcp_push_pending_frames+0xa0/0x250
[ 40.315543] tcp_send_fin+0x1b0/0xd20
[ 40.319315] ? tcp_set_state+0x1f2/0x810
[ 40.323340] ? sk_forced_mem_schedule+0x150/0x150
[ 40.328150] ? __sk_dst_check+0x380/0x380
[ 40.332263] ? mark_held_locks+0xaf/0x100
[ 40.336374] ? do_raw_spin_trylock+0x190/0x190
[ 40.340922] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 40.345901] ? lock_sock_nested+0x91/0x110
[ 40.350105] ? trace_hardirqs_on+0xd/0x10
[ 40.354221] tcp_close+0xbe0/0xfc0
[ 40.357728] ? ip_mc_drop_socket+0x1ce/0x230
[ 40.362103] inet_release+0xed/0x1c0
[ 40.365787] inet6_release+0x50/0x70
[ 40.369477] sock_release+0x8d/0x1e0
[ 40.373162] ? sock_alloc_file+0x560/0x560
[ 40.377360] sock_close+0x16/0x20
[ 40.380778] __fput+0x327/0x7e0
[ 40.384026] ? fput+0x140/0x140
[ 40.387270] ? trace_event_raw_event_sched_switch+0x800/0x800
[ 40.393117] ? _raw_spin_unlock_irq+0x27/0x70
[ 40.397577] ____fput+0x15/0x20
[ 40.400821] task_work_run+0x199/0x270
[ 40.404674] ? task_work_cancel+0x210/0x210
[ 40.408968] ? _raw_spin_unlock+0x22/0x30
[ 40.413084] ? switch_task_namespaces+0x87/0xc0
[ 40.417719] do_exit+0x9bb/0x1ad0
[ 40.421142] ? mm_update_next_owner+0x930/0x930
[ 40.425775] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 40.430928] ? futex_wait+0x402/0x9a0
[ 40.434691] ? lock_downgrade+0x980/0x980
[ 40.438817] ? __unqueue_futex+0x1c0/0x290
[ 40.443019] ? lock_release+0xa40/0xa40
[ 40.446964] ? fault_in_user_writeable+0x90/0x90
[ 40.451685] ? do_raw_spin_trylock+0x190/0x190
[ 40.456231] ? futex_wake+0x680/0x680
[ 40.460000] ? drop_futex_key_refs.isra.12+0x63/0xb0
[ 40.466376] ? futex_wait+0x6a9/0x9a0
[ 40.470147] ? check_noncircular+0x20/0x20
[ 40.474344] ? futex_wait_setup+0x3d0/0x3d0
[ 40.478639] ? wake_up_q+0x8a/0xe0
[ 40.482148] ? drop_futex_key_refs.isra.12+0x63/0xb0
[ 40.487214] ? futex_wake+0x2ca/0x680
[ 40.490983] ? find_held_lock+0x35/0x1d0
[ 40.495019] ? get_signal+0x7ae/0x16c0
[ 40.498877] ? lock_downgrade+0x980/0x980
[ 40.502995] do_group_exit+0x149/0x400
[ 40.506851] ? do_raw_spin_trylock+0x190/0x190
[ 40.511397] ? SyS_exit+0x30/0x30
[ 40.514821] ? _raw_spin_unlock_irq+0x27/0x70
[ 40.519287] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 40.524278] get_signal+0x73f/0x16c0
[ 40.527961] ? ptrace_notify+0x130/0x130
[ 40.531995] ? tcp_sendmsg+0x3a/0x50
[ 40.535678] ? inet_sendmsg+0x126/0x5e0
[ 40.539615] ? __might_sleep+0x95/0x190
[ 40.543552] ? inet_recvmsg+0x5f0/0x5f0
[ 40.547492] ? security_socket_sendmsg+0x89/0xb0
[ 40.552210] ? inet_recvmsg+0x5f0/0x5f0
[ 40.556150] do_signal+0x94/0x1ee0
[ 40.559829] ? SYSC_sendto+0x41c/0x5c0
[ 40.563686] ? SYSC_connect+0x4a0/0x4a0
[ 40.567624] ? setup_sigcontext+0x7d0/0x7d0
[ 40.571907] ? find_held_lock+0x35/0x1d0
[ 40.575936] ? lock_downgrade+0x980/0x980
[ 40.580052] ? handle_mm_fault+0x410/0x8d0
[ 40.584250] ? down_read_trylock+0xdb/0x170
[ 40.588535] ? __do_page_fault+0x32d/0xc90
[ 40.592738] ? exit_to_usermode_loop+0x8c/0x310
[ 40.597373] exit_to_usermode_loop+0x214/0x310
[ 40.601919] ? trace_event_raw_event_sys_exit+0x260/0x260
[ 40.607422] ? do_fast_syscall_32+0x156/0xf9d
[ 40.611888] do_fast_syscall_32+0xbfd/0xf9d
[ 40.616177] ? do_int80_syscall_32+0x9d0/0x9d0
[ 40.620725] ? syscall_return_slowpath+0x2ad/0x550
[ 40.625622] ? prepare_exit_to_usermode+0x340/0x340
[ 40.630602] ? sysret32_from_system_call+0x5/0x3b
[ 40.635411] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 40.640224] entry_SYSENTER_compat+0x54/0x63
[ 40.644601] RIP: 0023:0xf7f16c79
[ 40.647934] RSP: 002b:00000000f7ef11ec EFLAGS: 00000296 ORIG_RAX: 00000000000000f0
[ 40.655605] RAX: fffffffffffffe00 RBX: 00000000080f9ff4 RCX: 0000000000000000
[ 40.662843] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000080f9ff4
[ 40.670076] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 40.677310] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 40.684549] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 40.692258] Dumping ftrace buffer:
[ 40.695762] (ftrace buffer empty)
[ 40.699438] Kernel Offset: disabled
[ 40.703038] Rebooting in 86400 seconds..