�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 16.865354] audit: type=1400 audit(1519569041.215:6): avc: denied { map } for pid=4144 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 23.110050] audit: type=1400 audit(1519569047.459:7): avc: denied { map } for pid=4158 comm="syzkaller145980" path="/root/syzkaller145980823" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 23.139759] ==================================================================
[ 23.147167] BUG: KASAN: use-after-free in ip6_route_me_harder+0x9d8/0xc00
[ 23.154067] Read of size 4 at addr ffff8801be6b51b0 by task syzkaller145980/4158
[ 23.161568]
[ 23.163172] CPU: 1 PID: 4158 Comm: syzkaller145980 Not tainted 4.16.0-rc2+ #241
[ 23.170592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 23.179920] Call Trace:
[ 23.182474]
[ 23.184601] dump_stack+0x194/0x24d
[ 23.188207] ? arch_local_irq_restore+0x53/0x53
[ 23.192849] ? show_regs_print_info+0x18/0x18
[ 23.197322] ? ip6_route_me_harder+0x9d8/0xc00
[ 23.201877] print_address_description+0x73/0x250
[ 23.206693] ? ip6_route_me_harder+0x9d8/0xc00
[ 23.211249] kasan_report+0x23b/0x360
[ 23.215024] __asan_report_load4_noabort+0x14/0x20
[ 23.219923] ip6_route_me_harder+0x9d8/0xc00
[ 23.224309] ? nf_ip6_checksum_partial+0x310/0x310
[ 23.229226] ip6table_mangle_hook+0x636/0x920
[ 23.233699] ? check_noncircular+0x20/0x20
[ 23.237909] ? ip6table_mangle_net_exit+0xa0/0xa0
[ 23.242727] ? ip6_xmit+0xe9d/0x2260
[ 23.246420] ? netlbl_enabled+0x52/0xe0
[ 23.250371] ? lock_release+0xa40/0xa40
[ 23.254325] nf_hook_slow+0xba/0x1a0
[ 23.258012] ? nf_hook_slow+0xba/0x1a0
[ 23.261878] ip6_xmit+0x10ec/0x2260
[ 23.265487] ? ip6_finish_output2+0x23a0/0x23a0
[ 23.270146] ? check_noncircular+0x20/0x20
[ 23.274354] ? lock_acquire+0x1d5/0x580
[ 23.278302] ? lock_acquire+0x1d5/0x580
[ 23.282249] ? tcp_v6_send_synack+0x473/0xaa0
[ 23.286727] ? ip6_forward_finish+0x140/0x140
[ 23.291196] ? lock_release+0xa40/0xa40
[ 23.295153] ? __lock_is_held+0xb6/0x140
[ 23.299225] tcp_v6_send_synack+0x57b/0xaa0
[ 23.303529] ? tcp_v6_conn_request+0x270/0x270
[ 23.308086] ? inet_csk_route_child_sock+0xc50/0xc50
[ 23.313173] tcp_conn_request+0x26fd/0x3660
[ 23.317467] ? check_usage_backwards+0x410/0x410
[ 23.322209] ? tcp_event_data_recv+0xe80/0xe80
[ 23.326772] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 23.331934] ? print_irqtrace_events+0x270/0x270
[ 23.336665] ? ip_rcv_finish+0x6ed/0x2040
[ 23.340787] ? check_noncircular+0x20/0x20
[ 23.344995] ? inet_del_offload+0x40/0x40
[ 23.349134] ? netlbl_enabled+0x52/0xe0
[ 23.353086] ? netlbl_catmap_setrng+0xb0/0xb0
[ 23.357563] ? selinux_peerlbl_enabled+0x97/0x170
[ 23.362378] ? selinux_socket_accept+0x200/0x200
[ 23.367104] ? selinux_nf_register+0x30/0x30
[ 23.371491] ? check_noncircular+0x20/0x20
[ 23.375723] tcp_v6_conn_request+0x212/0x270
[ 23.380107] ? tcp_v6_conn_request+0x212/0x270
[ 23.384665] tcp_rcv_state_process+0x92a/0x4760
[ 23.389309] ? lock_downgrade+0x980/0x980
[ 23.393435] ? tcp_finish_connect+0x420/0x420
[ 23.397904] ? __lock_is_held+0xb6/0x140
[ 23.401952] ? sk_filter_trim_cap+0xe7/0x9c0
[ 23.406337] ? __skb_checksum+0x7e0/0x7e0
[ 23.410470] ? skb_send_sock+0x50/0x50
[ 23.414335] ? bpf_xdp_copy+0x40/0x40
[ 23.418112] ? tcp_v6_inbound_md5_hash+0x155/0x5c0
[ 23.423011] ? inet6_lookup_listener+0x35b/0xd60
[ 23.427744] tcp_v6_do_rcv+0x739/0x1250
[ 23.431692] ? tcp_v6_do_rcv+0x739/0x1250
[ 23.435812] ? tcp_v6_fill_cb+0x3d0/0x490
[ 23.439942] tcp_v6_rcv+0x25a0/0x2d40
[ 23.443735] ? tcp_v6_reqsk_send_ack+0x370/0x370
[ 23.448469] ? __lock_is_held+0xb6/0x140
[ 23.452514] ip6_input_finish+0x37e/0x17a0
[ 23.456719] ? ip6_input+0x3a7/0x560
[ 23.460416] ? ip6_make_skb+0x5e0/0x5e0
[ 23.464365] ? nf_hook_slow+0xd3/0x1a0
[ 23.468230] ip6_input+0xdb/0x560
[ 23.471656] ? ip6_input_finish+0x17a0/0x17a0
[ 23.476135] ? find_held_lock+0x35/0x1d0
[ 23.480173] ? ip6_make_skb+0x5e0/0x5e0
[ 23.484121] ? ipv6_rcv+0x16cd/0x1fa0
[ 23.487897] ip6_rcv_finish+0x297/0x8c0
[ 23.491846] ? ip6_input+0x560/0x560
[ 23.495536] ? ip6table_nat_in+0x2c/0x40
[ 23.499572] ? nf_hook_slow+0xd3/0x1a0
[ 23.503436] ipv6_rcv+0xf37/0x1fa0
[ 23.506960] ? ip6_rcv_finish+0x8c0/0x8c0
[ 23.511085] ? save_stack_trace+0x1a/0x20
[ 23.515211] ? mark_lock+0xb2c/0x1430
[ 23.518982] ? check_usage_backwards+0x410/0x410
[ 23.523727] ? ip6_input+0x560/0x560
[ 23.527416] ? ip6_rcv_finish+0x8c0/0x8c0
[ 23.531538] __netif_receive_skb_core+0x1a41/0x3460
[ 23.536537] ? nf_ingress+0x9f0/0x9f0
[ 23.540323] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 23.545493] ? update_cfs_rq_load_avg.part.68+0x23d/0x2d0
[ 23.551003] ? attach_entity_load_avg+0x7a0/0x7a0
[ 23.555817] ? __update_load_avg_se.isra.27+0x56a/0x7c0
[ 23.561153] ? __update_load_avg_se.isra.27+0x56a/0x7c0
[ 23.566497] ? __lock_acquire+0x664/0x3e00
[ 23.570704] ? __lock_acquire+0x664/0x3e00
[ 23.574922] ? fastpath_timer_check+0x7fe/0xad0
[ 23.579564] ? update_cfs_rq_load_avg.part.68+0x2d0/0x2d0
[ 23.585105] ? print_irqtrace_events+0x270/0x270
[ 23.589839] ? check_noncircular+0x20/0x20
[ 23.594063] ? find_held_lock+0x35/0x1d0
[ 23.598103] ? lock_acquire+0x1d5/0x580
[ 23.602047] ? process_backlog+0x45f/0x740
[ 23.606251] ? lock_acquire+0x1d5/0x580
[ 23.610199] ? process_backlog+0x1ab/0x740
[ 23.614420] ? lock_release+0xa40/0xa40
[ 23.618366] ? check_noncircular+0x20/0x20
[ 23.622583] __netif_receive_skb+0x2c/0x1b0
[ 23.626880] ? __netif_receive_skb+0x2c/0x1b0
[ 23.631350] process_backlog+0x203/0x740
[ 23.635384] ? mark_held_locks+0xaf/0x100
[ 23.639516] net_rx_action+0x792/0x1910
[ 23.643477] ? napi_complete_done+0x6c0/0x6c0
[ 23.648386] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 23.653379] ? trace_hardirqs_on+0xd/0x10
[ 23.657500] ? _raw_spin_unlock_irq+0x27/0x70
[ 23.661968] ? __run_timers+0x16f/0xb70
[ 23.665927] ? trigger_dyntick_cpu.isra.29+0x150/0x150
[ 23.671180] ? timerqueue_add+0x1e9/0x280
[ 23.675311] ? check_noncircular+0x20/0x20
[ 23.679526] ? enqueue_hrtimer+0x177/0x4b0
[ 23.683730] ? lock_release+0xa40/0xa40
[ 23.687681] ? retrigger_next_event+0x1e0/0x1e0
[ 23.692322] ? __lock_is_held+0xb6/0x140
[ 23.696360] ? print_irqtrace_events+0x270/0x270
[ 23.701091] ? check_noncircular+0x20/0x20
[ 23.705307] ? clockevents_program_event+0x163/0x2e0
[ 23.710383] ? lock_downgrade+0x980/0x980
[ 23.714512] ? __lock_is_held+0xb6/0x140
[ 23.718554] ? __local_bh_enable+0x10b/0x130
[ 23.722936] ? print_irqtrace_events+0x270/0x270
[ 23.727668] ? ktime_get+0x26f/0x3a0
[ 23.731353] ? check_noncircular+0x20/0x20
[ 23.735567] ? __irqentry_text_end+0x1f8ad4/0x1f8ad4
[ 23.740650] ? __lock_is_held+0xb6/0x140
[ 23.744706] __do_softirq+0x2d7/0xb85
[ 23.748483] ? task_prio+0x50/0x50
[ 23.752013] ? __irqentry_text_end+0x1f8ad4/0x1f8ad4
[ 23.757095] ? irq_exit+0xbb/0x200
[ 23.760612] ? smp_apic_timer_interrupt+0x16b/0x700
[ 23.765597] ? smp_reschedule_interrupt+0xe6/0x650
[ 23.770499] ? smp_call_function_single_interrupt+0x640/0x640
[ 23.776355] ? _raw_spin_lock+0x32/0x40
[ 23.780309] ? _raw_spin_unlock+0x22/0x30
[ 23.784430] ? handle_edge_irq+0x2b4/0x7c0
[ 23.788640] ? task_prio+0x50/0x50
[ 23.792166] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 23.796988] do_softirq_own_stack+0x2a/0x40
[ 23.801282]
[ 23.803493] do_softirq.part.19+0x14d/0x190
[ 23.807789] ? ip6_finish_output2+0xb6d/0x23a0
[ 23.812342] __local_bh_enable_ip+0x1ee/0x230
[ 23.816818] ip6_finish_output2+0xba0/0x23a0
[ 23.821210] ? ip6_sk_dst_lookup_flow+0x7f0/0x7f0
[ 23.826029] ? ip6_mtu+0x369/0x4d0
[ 23.829545] ? lock_downgrade+0x980/0x980
[ 23.833676] ? __lock_is_held+0xb6/0x140
[ 23.837720] ? ip6_mtu+0x1c7/0x4d0
[ 23.841234] ? ip6_dst_ifdown+0x3d0/0x3d0
[ 23.845355] ? nf_nat_ipv6_out+0x262/0x570
[ 23.849568] ip6_finish_output+0x69b/0xaf0
[ 23.853773] ? ip6_finish_output+0x69b/0xaf0
[ 23.858159] ip6_output+0x1eb/0x840
[ 23.861760] ? ip6_finish_output+0xaf0/0xaf0
[ 23.866149] ? ip6_fragment+0x3470/0x3470
[ 23.870278] ? nf_hook_slow+0xd3/0x1a0
[ 23.874144] ip6_xmit+0xe1f/0x2260
[ 23.877662] ? __sk_dst_check+0x1a5/0x380
[ 23.881797] ? ip6_finish_output2+0x23a0/0x23a0
[ 23.886440] ? fl6_update_dst+0x127/0x2b0
[ 23.890562] ? inet6_csk_route_socket+0x691/0xe80
[ 23.895380] ? check_noncircular+0x20/0x20
[ 23.899588] ? lock_acquire+0x1d5/0x580
[ 23.903531] ? lock_acquire+0x1d5/0x580
[ 23.907475] ? inet6_csk_xmit+0x114/0x580
[ 23.911595] ? ip6_forward_finish+0x140/0x140
[ 23.916064] ? lock_release+0xa40/0xa40
[ 23.920012] ? __lock_is_held+0xb6/0x140
[ 23.924059] inet6_csk_xmit+0x2fc/0x580
[ 23.928006] ? inet6_csk_update_pmtu+0x160/0x160
[ 23.932741] ? refcount_add_not_zero+0x133/0x200
[ 23.937486] tcp_transmit_skb+0x1b12/0x3960
[ 23.941795] ? __tcp_select_window+0x900/0x900
[ 23.946353] ? tcp_fastopen_cache_get+0x449/0x720
[ 23.951187] ? tcp_peer_is_proven+0xc60/0xc60
[ 23.955657] ? ip6_mtu+0x369/0x4d0
[ 23.959176] ? __lock_is_held+0xb6/0x140
[ 23.963222] ? tcp_try_fastopen+0x1b50/0x1b50
[ 23.967694] ? tcp_init_transfer+0x3e0/0x3e0
[ 23.972087] ? tcp_rbtree_insert+0x135/0x190
[ 23.976474] tcp_connect+0x1f45/0x40f0
[ 23.980395] ? tcp_push_one+0x100/0x100
[ 23.984375] ? lock_downgrade+0x967/0x980
[ 23.988497] ? do_raw_spin_trylock+0x190/0x190
[ 23.993073] ? __inet_hash_connect+0x901/0xed0
[ 23.997638] ? pvclock_read_flags+0x160/0x160
[ 24.002107] ? mark_held_locks+0xaf/0x100
[ 24.006230] ? ktime_get_with_offset+0x188/0x420
[ 24.010963] ? kvm_clock_get_cycles+0x25/0x30
[ 24.015428] ? ktime_get_with_offset+0x2c1/0x420
[ 24.020159] ? do_gettimeofday+0x190/0x190
[ 24.024373] ? __siphash_aligned+0x1b9/0x330
[ 24.028753] ? siphash_4u64+0x25/0x3a0
[ 24.032620] ? secure_tcpv6_ts_off+0x1e0/0x420
[ 24.037175] ? secure_tcpv6_seq+0x23c/0x350
[ 24.041468] ? secure_tcpv6_seq+0x350/0x350
[ 24.045764] ? tcp_fastopen_defer_connect+0x163/0x4a0
[ 24.050925] ? secure_dccpv6_sequence_number+0x360/0x360
[ 24.056371] tcp_v6_connect+0x2083/0x26c0
[ 24.060515] ? tcp_v6_syn_recv_sock+0x23f0/0x23f0
[ 24.065337] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 24.070325] ? trace_hardirqs_on+0xd/0x10
[ 24.074447] ? depot_save_stack+0x2ca/0x460
[ 24.078748] ? save_stack+0xa3/0xd0
[ 24.082352] ? save_stack+0x43/0xd0
[ 24.085951] ? kasan_kmalloc+0xad/0xe0
[ 24.089807] ? kmem_cache_alloc_trace+0x136/0x740
[ 24.094623] ? tcp_sendmsg_locked+0x2447/0x3960
[ 24.099264] ? tcp_sendmsg+0x2f/0x50
[ 24.102947] ? inet_sendmsg+0x11f/0x5e0
[ 24.106892] ? sock_sendmsg+0xca/0x110
[ 24.110748] ? SYSC_sendto+0x361/0x5c0
[ 24.114607] ? SyS_sendto+0x40/0x50
[ 24.118210] ? do_syscall_64+0x280/0x940
[ 24.122241] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 24.127578] ? print_irqtrace_events+0x270/0x270
[ 24.132318] ? check_noncircular+0x20/0x20
[ 24.136523] ? __lock_is_held+0xb6/0x140
[ 24.140561] __inet_stream_connect+0x2d4/0xf00
[ 24.145115] ? __inet_stream_connect+0x2d4/0xf00
[ 24.149850] ? inet_bind+0x930/0x930
[ 24.153548] ? tcp_sendmsg_locked+0x2447/0x3960
[ 24.158188] ? rcu_read_lock_sched_held+0x108/0x120
[ 24.163181] ? kmem_cache_alloc_trace+0x459/0x740
[ 24.168015] tcp_sendmsg_locked+0x25ca/0x3960
[ 24.172493] ? avc_has_perm+0x35e/0x680
[ 24.176442] ? lock_downgrade+0x980/0x980
[ 24.180566] ? check_noncircular+0x20/0x20
[ 24.184799] ? tcp_sendpage+0x60/0x60
[ 24.188585] ? print_irqtrace_events+0x270/0x270
[ 24.193309] ? find_held_lock+0x35/0x1d0
[ 24.197348] ? lock_acquire+0x1d5/0x580
[ 24.201293] ? lock_acquire+0x1d5/0x580
[ 24.205236] ? tcp_sendmsg+0x21/0x50
[ 24.208929] ? mark_held_locks+0xaf/0x100
[ 24.213048] ? do_raw_spin_trylock+0x190/0x190
[ 24.217602] ? __local_bh_enable_ip+0x121/0x230
[ 24.222249] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 24.227236] ? lock_sock_nested+0x91/0x110
[ 24.231445] ? trace_hardirqs_on+0xd/0x10
[ 24.235562] ? __local_bh_enable_ip+0x121/0x230
[ 24.240208] tcp_sendmsg+0x2f/0x50
[ 24.243727] inet_sendmsg+0x11f/0x5e0
[ 24.247500] ? __might_sleep+0x95/0x190
[ 24.251444] ? inet_create+0xf50/0xf50
[ 24.255305] ? selinux_socket_sendmsg+0x36/0x40
[ 24.259947] ? security_socket_sendmsg+0x89/0xb0
[ 24.264679] ? inet_create+0xf50/0xf50
[ 24.268539] sock_sendmsg+0xca/0x110
[ 24.272229] SYSC_sendto+0x361/0x5c0
[ 24.275916] ? SYSC_connect+0x4a0/0x4a0
[ 24.279864] ? __local_bh_enable_ip+0x121/0x230
[ 24.284506] ? _raw_spin_unlock_bh+0x30/0x40
[ 24.288887] ? release_sock+0x1d4/0x2a0
[ 24.292833] ? inet6_hash+0x41/0x90
[ 24.296429] ? __release_sock+0x360/0x360
[ 24.300551] ? __local_bh_enable_ip+0x121/0x230
[ 24.305193] ? inet6_hash+0x7f/0x90
[ 24.308802] ? inet_exit_net+0x10/0x10
[ 24.312668] ? SyS_listen+0x207/0x350
[ 24.316439] ? SyS_bind+0x30/0x30
[ 24.319866] ? mm_fault_error+0x2c0/0x2c0
[ 24.323986] ? move_addr_to_kernel+0x60/0x60
[ 24.328369] SyS_sendto+0x40/0x50
[ 24.331799] ? SyS_getpeername+0x30/0x30
[ 24.335836] do_syscall_64+0x280/0x940
[ 24.339695] ? __do_page_fault+0xc90/0xc90
[ 24.343903] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 24.348632] ? syscall_return_slowpath+0x550/0x550
[ 24.353533] ? syscall_return_slowpath+0x2ac/0x550
[ 24.358617] ? prepare_exit_to_usermode+0x350/0x350
[ 24.363609] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[ 24.368949] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 24.373770] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 24.378929] RIP: 0033:0x44c9b9
[ 24.382097] RSP: 002b:00007ffd3f7c97a8 EFLAGS: 00000216 ORIG_RAX: 000000000000002c
[ 24.389776] RAX: ffffffffffffffda RBX: 00007ffd3f7c9890 RCX: 000000000044c9b9
[ 24.397021] RDX: 0000000000000000 RSI: 00000000204e8000 RDI: 0000000000000004
[ 24.404269] RBP: 0000000000000000 R08: 000000002007f000 R09: 000000000000001c
[ 24.411512] R10: 0000000020000001 R11: 0000000000000216 R12: 000000000040e280
[ 24.418756] R13: 000000000040e310 R14: 0000000000000000 R15: 0000000000000000
[ 24.426024]
[ 24.427627] Allocated by task 4156:
[ 24.431227] save_stack+0x43/0xd0
[ 24.434652] kasan_kmalloc+0xad/0xe0
[ 24.438334] kasan_slab_alloc+0x12/0x20
[ 24.442280] kmem_cache_alloc+0x12e/0x760
[ 24.446401] copy_mm+0x8d7/0x131f
[ 24.449824] copy_process.part.38+0x1f56/0x4b60
[ 24.454460] _do_fork+0x1f7/0xf70
[ 24.457883] SyS_clone+0x37/0x50
[ 24.461222] do_syscall_64+0x280/0x940
[ 24.465079] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 24.470236]
[ 24.471836] Freed by task 4158:
[ 24.475088] save_stack+0x43/0xd0
[ 24.478513] __kasan_slab_free+0x11a/0x170
[ 24.482715] kasan_slab_free+0xe/0x10
[ 24.486485] kmem_cache_free+0x83/0x2a0
[ 24.490432] remove_vma+0x162/0x1b0
[ 24.494033] exit_mmap+0x311/0x500
[ 24.497545] mmput+0x223/0x6d0
[ 24.500707] flush_old_exec+0xc8b/0x2010
[ 24.504741] load_elf_binary+0x87b/0x4c10
[ 24.508858] search_binary_handler+0x142/0x6b0
[ 24.513408] do_execveat_common.isra.30+0x1754/0x23c0
[ 24.518569] SyS_execve+0x39/0x50
[ 24.521992] do_syscall_64+0x280/0x940
[ 24.525852] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 24.531011]
[ 24.532617] The buggy address belongs to the object at ffff8801be6b5148
[ 24.532617] which belongs to the cache vm_area_struct of size 200
[ 24.545502] The buggy address is located 104 bytes inside of
[ 24.545502] 200-byte region [ffff8801be6b5148, ffff8801be6b5210)
[ 24.557344] The buggy address belongs to the page:
[ 24.562246] page:ffffea0006f9ad40 count:1 mapcount:0 mapping:ffff8801be6b5040 index:0x0
[ 24.570360] flags: 0x2fffc0000000100(slab)
[ 24.574565] raw: 02fffc0000000100 ffff8801be6b5040 0000000000000000 000000010000000f
[ 24.582422] raw: ffffea0006c4ed20 ffffea0006f97de0 ffff8801da5c3840 0000000000000000
[ 24.590269] page dumped because: kasan: bad access detected
[ 24.595947]
[ 24.597542] Memory state around the buggy address:
[ 24.602437] ffff8801be6b5080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.609767] ffff8801be6b5100: fb fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb
[ 24.617096] >ffff8801be6b5180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.624423] ^
[ 24.629320] ffff8801be6b5200: fb fb fc fc fc fc fc fc fc fc fb fb fb fb fb fb
[ 24.636649] ffff8801be6b5280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 24.643975] ==================================================================
[ 24.651302] Disabling lock debugging due to kernel taint
[ 24.656769] Kernel panic - not syncing: panic_on_warn set ...
[ 24.656769]
[ 24.664118] CPU: 1 PID: 4158 Comm: syzkaller145980 Tainted: G B 4.16.0-rc2+ #241
[ 24.672844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 24.682185] Call Trace:
[ 24.684736]
[ 24.686864] dump_stack+0x194/0x24d
[ 24.690461] ? arch_local_irq_restore+0x53/0x53
[ 24.695102] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 24.699827] ? vsnprintf+0x1ed/0x1900
[ 24.703596] ? ip6_route_me_harder+0x980/0xc00
[ 24.708149] panic+0x1e4/0x41c
[ 24.711312] ? refcount_error_report+0x214/0x214
[ 24.716045] ? add_taint+0x1c/0x50
[ 24.719556] ? add_taint+0x1c/0x50
[ 24.723068] ? ip6_route_me_harder+0x9d8/0xc00
[ 24.727626] kasan_end_report+0x50/0x50
[ 24.731572] kasan_report+0x148/0x360
[ 24.735345] __asan_report_load4_noabort+0x14/0x20
[ 24.740245] ip6_route_me_harder+0x9d8/0xc00
[ 24.744624] ? nf_ip6_checksum_partial+0x310/0x310
[ 24.749532] ip6table_mangle_hook+0x636/0x920
[ 24.753999] ? check_noncircular+0x20/0x20
[ 24.758208] ? ip6table_mangle_net_exit+0xa0/0xa0
[ 24.763026] ? ip6_xmit+0xe9d/0x2260
[ 24.766713] ? netlbl_enabled+0x52/0xe0
[ 24.770657] ? lock_release+0xa40/0xa40
[ 24.774604] nf_hook_slow+0xba/0x1a0
[ 24.778287] ? nf_hook_slow+0xba/0x1a0
[ 24.782146] ip6_xmit+0x10ec/0x2260
[ 24.785749] ? ip6_finish_output2+0x23a0/0x23a0
[ 24.790402] ? check_noncircular+0x20/0x20
[ 24.794608] ? lock_acquire+0x1d5/0x580
[ 24.798555] ? lock_acquire+0x1d5/0x580
[ 24.802503] ? tcp_v6_send_synack+0x473/0xaa0
[ 24.806976] ? ip6_forward_finish+0x140/0x140
[ 24.811444] ? lock_release+0xa40/0xa40
[ 24.815389] ? __lock_is_held+0xb6/0x140
[ 24.819427] tcp_v6_send_synack+0x57b/0xaa0
[ 24.823719] ? tcp_v6_conn_request+0x270/0x270
[ 24.828271] ? inet_csk_route_child_sock+0xc50/0xc50
[ 24.833347] tcp_conn_request+0x26fd/0x3660
[ 24.837637] ? check_usage_backwards+0x410/0x410
[ 24.842369] ? tcp_event_data_recv+0xe80/0xe80
[ 24.846924] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 24.852083] ? print_irqtrace_events+0x270/0x270
[ 24.856812] ? ip_rcv_finish+0x6ed/0x2040
[ 24.860930] ? check_noncircular+0x20/0x20
[ 24.865134] ? inet_del_offload+0x40/0x40
[ 24.869260] ? netlbl_enabled+0x52/0xe0
[ 24.873200] ? netlbl_catmap_setrng+0xb0/0xb0
[ 24.877668] ? selinux_peerlbl_enabled+0x97/0x170
[ 24.882481] ? selinux_socket_accept+0x200/0x200
[ 24.887203] ? selinux_nf_register+0x30/0x30
[ 24.891580] ? check_noncircular+0x20/0x20
[ 24.895794] tcp_v6_conn_request+0x212/0x270
[ 24.900173] ? tcp_v6_conn_request+0x212/0x270
[ 24.904725] tcp_rcv_state_process+0x92a/0x4760
[ 24.909362] ? lock_downgrade+0x980/0x980
[ 24.913484] ? tcp_finish_connect+0x420/0x420
[ 24.917949] ? __lock_is_held+0xb6/0x140
[ 24.921985] ? sk_filter_trim_cap+0xe7/0x9c0
[ 24.926371] ? __skb_checksum+0x7e0/0x7e0
[ 24.930488] ? skb_send_sock+0x50/0x50
[ 24.934344] ? bpf_xdp_copy+0x40/0x40
[ 24.938115] ? tcp_v6_inbound_md5_hash+0x155/0x5c0
[ 24.943015] ? inet6_lookup_listener+0x35b/0xd60
[ 24.947746] tcp_v6_do_rcv+0x739/0x1250
[ 24.951689] ? tcp_v6_do_rcv+0x739/0x1250
[ 24.955805] ? tcp_v6_fill_cb+0x3d0/0x490
[ 24.959924] tcp_v6_rcv+0x25a0/0x2d40
[ 24.963705] ? tcp_v6_reqsk_send_ack+0x370/0x370
[ 24.968431] ? __lock_is_held+0xb6/0x140
[ 24.972466] ip6_input_finish+0x37e/0x17a0
[ 24.976668] ? ip6_input+0x3a7/0x560
[ 24.980357] ? ip6_make_skb+0x5e0/0x5e0
[ 24.984302] ? nf_hook_slow+0xd3/0x1a0
[ 24.988160] ip6_input+0xdb/0x560
[ 24.991588] ? ip6_input_finish+0x17a0/0x17a0
[ 24.996060] ? find_held_lock+0x35/0x1d0
[ 25.000096] ? ip6_make_skb+0x5e0/0x5e0
[ 25.004048] ? ipv6_rcv+0x16cd/0x1fa0
[ 25.007819] ip6_rcv_finish+0x297/0x8c0
[ 25.011766] ? ip6_input+0x560/0x560
[ 25.015452] ? ip6table_nat_in+0x2c/0x40
[ 25.019483] ? nf_hook_slow+0xd3/0x1a0
[ 25.023340] ipv6_rcv+0xf37/0x1fa0
[ 25.026857] ? ip6_rcv_finish+0x8c0/0x8c0
[ 25.030975] ? save_stack_trace+0x1a/0x20
[ 25.035094] ? mark_lock+0xb2c/0x1430
[ 25.038866] ? check_usage_backwards+0x410/0x410
[ 25.043593] ? ip6_input+0x560/0x560
[ 25.047283] ? ip6_rcv_finish+0x8c0/0x8c0
[ 25.051403] __netif_receive_skb_core+0x1a41/0x3460
[ 25.056396] ? nf_ingress+0x9f0/0x9f0
[ 25.060176] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 25.065334] ? update_cfs_rq_load_avg.part.68+0x23d/0x2d0
[ 25.070839] ? attach_entity_load_avg+0x7a0/0x7a0
[ 25.075650] ? __update_load_avg_se.isra.27+0x56a/0x7c0
[ 25.080988] ? __update_load_avg_se.isra.27+0x56a/0x7c0
[ 25.086335] ? __lock_acquire+0x664/0x3e00
[ 25.090561] ? __lock_acquire+0x664/0x3e00
[ 25.094769] ? fastpath_timer_check+0x7fe/0xad0
[ 25.099405] ? update_cfs_rq_load_avg.part.68+0x2d0/0x2d0
[ 25.104924] ? print_irqtrace_events+0x270/0x270
[ 25.109652] ? check_noncircular+0x20/0x20
[ 25.113863] ? find_held_lock+0x35/0x1d0
[ 25.117896] ? lock_acquire+0x1d5/0x580
[ 25.121839] ? process_backlog+0x45f/0x740
[ 25.126041] ? lock_acquire+0x1d5/0x580
[ 25.129984] ? process_backlog+0x1ab/0x740
[ 25.134192] ? lock_release+0xa40/0xa40
[ 25.138144] ? check_noncircular+0x20/0x20
[ 25.142353] __netif_receive_skb+0x2c/0x1b0
[ 25.146645] ? __netif_receive_skb+0x2c/0x1b0
[ 25.151111] process_backlog+0x203/0x740
[ 25.155140] ? mark_held_locks+0xaf/0x100
[ 25.159267] net_rx_action+0x792/0x1910
[ 25.163216] ? napi_complete_done+0x6c0/0x6c0
[ 25.167683] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 25.172667] ? trace_hardirqs_on+0xd/0x10
[ 25.176785] ? _raw_spin_unlock_irq+0x27/0x70
[ 25.181252] ? __run_timers+0x16f/0xb70
[ 25.185199] ? trigger_dyntick_cpu.isra.29+0x150/0x150
[ 25.190445] ? timerqueue_add+0x1e9/0x280
[ 25.194562] ? check_noncircular+0x20/0x20
[ 25.198771] ? enqueue_hrtimer+0x177/0x4b0
[ 25.202986] ? lock_release+0xa40/0xa40
[ 25.206934] ? retrigger_next_event+0x1e0/0x1e0
[ 25.211574] ? __lock_is_held+0xb6/0x140
[ 25.215608] ? print_irqtrace_events+0x270/0x270
[ 25.220338] ? check_noncircular+0x20/0x20
[ 25.224548] ? clockevents_program_event+0x163/0x2e0
[ 25.229620] ? lock_downgrade+0x980/0x980
[ 25.233748] ? __lock_is_held+0xb6/0x140
[ 25.237786] ? __local_bh_enable+0x10b/0x130
[ 25.242164] ? print_irqtrace_events+0x270/0x270
[ 25.246888] ? ktime_get+0x26f/0x3a0
[ 25.250572] ? check_noncircular+0x20/0x20
[ 25.254780] ? __irqentry_text_end+0x1f8ad4/0x1f8ad4
[ 25.259855] ? __lock_is_held+0xb6/0x140
[ 25.263891] __do_softirq+0x2d7/0xb85
[ 25.267661] ? task_prio+0x50/0x50
[ 25.271173] ? __irqentry_text_end+0x1f8ad4/0x1f8ad4
[ 25.276247] ? irq_exit+0xbb/0x200
[ 25.279757] ? smp_apic_timer_interrupt+0x16b/0x700
[ 25.284744] ? smp_reschedule_interrupt+0xe6/0x650
[ 25.289643] ? smp_call_function_single_interrupt+0x640/0x640
[ 25.295498] ? _raw_spin_lock+0x32/0x40
[ 25.299440] ? _raw_spin_unlock+0x22/0x30
[ 25.303557] ? handle_edge_irq+0x2b4/0x7c0
[ 25.307761] ? task_prio+0x50/0x50
[ 25.311279] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 25.316095] do_softirq_own_stack+0x2a/0x40
[ 25.320383]
[ 25.322593] do_softirq.part.19+0x14d/0x190
[ 25.326883] ? ip6_finish_output2+0xb6d/0x23a0
[ 25.331437] __local_bh_enable_ip+0x1ee/0x230
[ 25.335903] ip6_finish_output2+0xba0/0x23a0
[ 25.340285] ? ip6_sk_dst_lookup_flow+0x7f0/0x7f0
[ 25.345098] ? ip6_mtu+0x369/0x4d0
[ 25.348607] ? lock_downgrade+0x980/0x980
[ 25.352728] ? __lock_is_held+0xb6/0x140
[ 25.356764] ? ip6_mtu+0x1c7/0x4d0
[ 25.360272] ? ip6_dst_ifdown+0x3d0/0x3d0
[ 25.364392] ? nf_nat_ipv6_out+0x262/0x570
[ 25.368598] ip6_finish_output+0x69b/0xaf0
[ 25.372803] ? ip6_finish_output+0x69b/0xaf0
[ 25.377184] ip6_output+0x1eb/0x840
[ 25.380784] ? ip6_finish_output+0xaf0/0xaf0
[ 25.385168] ? ip6_fragment+0x3470/0x3470
[ 25.389289] ? nf_hook_slow+0xd3/0x1a0
[ 25.393150] ip6_xmit+0xe1f/0x2260
[ 25.396662] ? __sk_dst_check+0x1a5/0x380
[ 25.400786] ? ip6_finish_output2+0x23a0/0x23a0
[ 25.405427] ? fl6_update_dst+0x127/0x2b0
[ 25.409551] ? inet6_csk_route_socket+0x691/0xe80
[ 25.414364] ? check_noncircular+0x20/0x20
[ 25.418567] ? lock_acquire+0x1d5/0x580
[ 25.422511] ? lock_acquire+0x1d5/0x580
[ 25.426461] ? inet6_csk_xmit+0x114/0x580
[ 25.430584] ? ip6_forward_finish+0x140/0x140
[ 25.435048] ? lock_release+0xa40/0xa40
[ 25.438995] ? __lock_is_held+0xb6/0x140
[ 25.443041] inet6_csk_xmit+0x2fc/0x580
[ 25.446990] ? inet6_csk_update_pmtu+0x160/0x160
[ 25.451722] ? refcount_add_not_zero+0x133/0x200
[ 25.456454] tcp_transmit_skb+0x1b12/0x3960
[ 25.460756] ? __tcp_select_window+0x900/0x900
[ 25.465309] ? tcp_fastopen_cache_get+0x449/0x720
[ 25.470122] ? tcp_peer_is_proven+0xc60/0xc60
[ 25.474585] ? ip6_mtu+0x369/0x4d0
[ 25.478100] ? __lock_is_held+0xb6/0x140
[ 25.482138] ? tcp_try_fastopen+0x1b50/0x1b50
[ 25.486605] ? tcp_init_transfer+0x3e0/0x3e0
[ 25.490990] ? tcp_rbtree_insert+0x135/0x190
[ 25.495371] tcp_connect+0x1f45/0x40f0
[ 25.499233] ? tcp_push_one+0x100/0x100
[ 25.503190] ? lock_downgrade+0x967/0x980
[ 25.507308] ? do_raw_spin_trylock+0x190/0x190
[ 25.511862] ? __inet_hash_connect+0x901/0xed0
[ 25.516413] ? pvclock_read_flags+0x160/0x160
[ 25.520879] ? mark_held_locks+0xaf/0x100
[ 25.524998] ? ktime_get_with_offset+0x188/0x420
[ 25.529729] ? kvm_clock_get_cycles+0x25/0x30
[ 25.534193] ? ktime_get_with_offset+0x2c1/0x420
[ 25.538920] ? do_gettimeofday+0x190/0x190
[ 25.543130] ? __siphash_aligned+0x1b9/0x330
[ 25.547508] ? siphash_4u64+0x25/0x3a0
[ 25.551367] ? secure_tcpv6_ts_off+0x1e0/0x420
[ 25.555917] ? secure_tcpv6_seq+0x23c/0x350
[ 25.560218] ? secure_tcpv6_seq+0x350/0x350
[ 25.564509] ? tcp_fastopen_defer_connect+0x163/0x4a0
[ 25.569667] ? secure_dccpv6_sequence_number+0x360/0x360
[ 25.575098] tcp_v6_connect+0x2083/0x26c0
[ 25.579220] ? tcp_v6_syn_recv_sock+0x23f0/0x23f0
[ 25.584039] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 25.589035] ? trace_hardirqs_on+0xd/0x10
[ 25.593154] ? depot_save_stack+0x2ca/0x460
[ 25.597449] ? save_stack+0xa3/0xd0
[ 25.601047] ? save_stack+0x43/0xd0
[ 25.604641] ? kasan_kmalloc+0xad/0xe0
[ 25.608500] ? kmem_cache_alloc_trace+0x136/0x740
[ 25.613323] ? tcp_sendmsg_locked+0x2447/0x3960
[ 25.617964] ? tcp_sendmsg+0x2f/0x50
[ 25.621645] ? inet_sendmsg+0x11f/0x5e0
[ 25.625588] ? sock_sendmsg+0xca/0x110
[ 25.629459] ? SYSC_sendto+0x361/0x5c0
[ 25.633340] ? SyS_sendto+0x40/0x50
[ 25.636935] ? do_syscall_64+0x280/0x940
[ 25.640966] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 25.646298] ? print_irqtrace_events+0x270/0x270
[ 25.651669] ? check_noncircular+0x20/0x20
[ 25.655872] ? __lock_is_held+0xb6/0x140
[ 25.659907] __inet_stream_connect+0x2d4/0xf00
[ 25.664460] ? __inet_stream_connect+0x2d4/0xf00
[ 25.669188] ? inet_bind+0x930/0x930
[ 25.672875] ? tcp_sendmsg_locked+0x2447/0x3960
[ 25.677512] ? rcu_read_lock_sched_held+0x108/0x120
[ 25.682497] ? kmem_cache_alloc_trace+0x459/0x740
[ 25.687314] tcp_sendmsg_locked+0x25ca/0x3960
[ 25.691785] ? avc_has_perm+0x35e/0x680
[ 25.695728] ? lock_downgrade+0x980/0x980
[ 25.699843] ? check_noncircular+0x20/0x20
[ 25.704053] ? tcp_sendpage+0x60/0x60
[ 25.707832] ? print_irqtrace_events+0x270/0x270
[ 25.712557] ? find_held_lock+0x35/0x1d0
[ 25.716598] ? lock_acquire+0x1d5/0x580
[ 25.720540] ? lock_acquire+0x1d5/0x580
[ 25.724487] ? tcp_sendmsg+0x21/0x50
[ 25.728177] ? mark_held_locks+0xaf/0x100
[ 25.732293] ? do_raw_spin_trylock+0x190/0x190
[ 25.736847] ? __local_bh_enable_ip+0x121/0x230
[ 25.741490] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 25.746481] ? lock_sock_nested+0x91/0x110
[ 25.750684] ? trace_hardirqs_on+0xd/0x10
[ 25.754809] ? __local_bh_enable_ip+0x121/0x230
[ 25.759452] tcp_sendmsg+0x2f/0x50
[ 25.762967] inet_sendmsg+0x11f/0x5e0
[ 25.766738] ? __might_sleep+0x95/0x190
[ 25.770681] ? inet_create+0xf50/0xf50
[ 25.774542] ? selinux_socket_sendmsg+0x36/0x40
[ 25.779184] ? security_socket_sendmsg+0x89/0xb0
[ 25.783918] ? inet_create+0xf50/0xf50
[ 25.787777] sock_sendmsg+0xca/0x110
[ 25.791462] SYSC_sendto+0x361/0x5c0
[ 25.795150] ? SYSC_connect+0x4a0/0x4a0
[ 25.799095] ? __local_bh_enable_ip+0x121/0x230
[ 25.803735] ? _raw_spin_unlock_bh+0x30/0x40
[ 25.808115] ? release_sock+0x1d4/0x2a0
[ 25.812059] ? inet6_hash+0x41/0x90
[ 25.815655] ? __release_sock+0x360/0x360
[ 25.819771] ? __local_bh_enable_ip+0x121/0x230
[ 25.824408] ? inet6_hash+0x7f/0x90
[ 25.828024] ? inet_exit_net+0x10/0x10
[ 25.831889] ? SyS_listen+0x207/0x350
[ 25.835661] ? SyS_bind+0x30/0x30
[ 25.839087] ? mm_fault_error+0x2c0/0x2c0
[ 25.843205] ? move_addr_to_kernel+0x60/0x60
[ 25.847582] SyS_sendto+0x40/0x50
[ 25.851011] ? SyS_getpeername+0x30/0x30
[ 25.855046] do_syscall_64+0x280/0x940
[ 25.858905] ? __do_page_fault+0xc90/0xc90
[ 25.863109] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 25.867836] ? syscall_return_slowpath+0x550/0x550
[ 25.872734] ? syscall_return_slowpath+0x2ac/0x550
[ 25.877633] ? prepare_exit_to_usermode+0x350/0x350
[ 25.882620] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[ 25.887957] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 25.892782] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 25.897939] RIP: 0033:0x44c9b9
[ 25.901106] RSP: 002b:00007ffd3f7c97a8 EFLAGS: 00000216 ORIG_RAX: 000000000000002c
[ 25.908780] RAX: ffffffffffffffda RBX: 00007ffd3f7c9890 RCX: 000000000044c9b9
[ 25.916030] RDX: 0000000000000000 RSI: 00000000204e8000 RDI: 0000000000000004
[ 25.923273] RBP: 0000000000000000 R08: 000000002007f000 R09: 000000000000001c
[ 25.930511] R10: 0000000020000001 R11: 0000000000000216 R12: 000000000040e280
[ 25.937752] R13: 000000000040e310 R14: 0000000000000000 R15: 0000000000000000
[ 25.945422] Dumping ftrace buffer:
[ 25.948937] (ftrace buffer empty)
[ 25.952617] Kernel Offset: disabled
[ 25.956215] Rebooting in 86400 seconds..