�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 12.062579] audit: type=1400 audit(1514626903.309:6): avc: denied { map } for pid=3177 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.15.212' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 28.736816] audit: type=1400 audit(1514626919.983:7): avc: denied { map } for pid=3194 comm="syzkaller545407" path="/root/syzkaller545407100" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 28.760952] device lo entered promiscuous mode
[ 28.767788] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
[ 28.785484] ==================================================================
[ 28.792890] BUG: KASAN: slab-out-of-bounds in tcp_v6_syn_recv_sock+0x628/0x23a0
[ 28.800323] Write of size 160 at addr ffff8801cbdd7460 by task syzkaller545407/3196
[ 28.808079]
[ 28.809677] CPU: 1 PID: 3196 Comm: syzkaller545407 Not tainted 4.15.0-rc5+ #241
[ 28.817088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 28.826420] Call Trace:
[ 28.828970]
[ 28.831447] dump_stack+0x194/0x257
[ 28.835043] ? arch_local_irq_restore+0x53/0x53
[ 28.839685] ? show_regs_print_info+0x18/0x18
[ 28.844151] ? tcp_v6_send_synack+0xa90/0xa90
[ 28.848613] ? tcp_v6_syn_recv_sock+0x628/0x23a0
[ 28.853340] print_address_description+0x73/0x250
[ 28.858152] ? tcp_v6_syn_recv_sock+0x628/0x23a0
[ 28.862876] kasan_report+0x25b/0x340
[ 28.866648] check_memory_region+0x137/0x190
[ 28.871024] memcpy+0x37/0x50
[ 28.874099] tcp_v6_syn_recv_sock+0x628/0x23a0
[ 28.878655] ? tcp_v6_conn_request+0x270/0x270
[ 28.883202] ? __local_bh_enable_ip+0x121/0x230
[ 28.887927] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 28.892910] ? ip6_dst_lookup_tail+0xdbd/0x18f0
[ 28.897558] ? trace_hardirqs_on+0xd/0x10
[ 28.901670] ? __local_bh_enable_ip+0x121/0x230
[ 28.906306] ? ip6_dst_lookup_tail+0x40a/0x18f0
[ 28.910950] ? ip6_copy_metadata+0x890/0x890
[ 28.915337] ? selinux_netlbl_inet_conn_request+0x81/0x3c0
[ 28.920928] ? selinux_netlbl_skbuff_setsid+0x5d0/0x5d0
[ 28.926267] ? __bfs+0x706/0x750
[ 28.929603] ? rcu_read_lock_sched_held+0x108/0x120
[ 28.934592] tcp_get_cookie_sock+0x102/0x540
[ 28.938971] ? selinux_inet_conn_request+0x25b/0x390
[ 28.944039] ? cookie_ecn_ok+0x120/0x120
[ 28.948066] ? xfrm_lookup_route+0x4f/0x1a0
[ 28.952357] ? ip6_dst_lookup_flow+0x1ca/0x270
[ 28.956907] ? ip6_dst_lookup+0x60/0x60
[ 28.960855] ? tcp_select_initial_window+0x30c/0x410
[ 28.965932] cookie_v6_check+0x177d/0x2160
[ 28.970145] ? cookie_v6_init_sequence+0xe0/0xe0
[ 28.974874] ? sk_filter_trim_cap+0x40a/0x9c0
[ 28.979337] ? lock_downgrade+0x980/0x980
[ 28.983455] ? lock_release+0xa40/0xa40
[ 28.987398] ? __lock_is_held+0xb6/0x140
[ 28.991436] ? sk_filter_trim_cap+0xe7/0x9c0
[ 28.995898] ? __local_bh_enable_ip+0x121/0x230
[ 29.000540] ? tcp_v6_inbound_md5_hash+0x155/0x5c0
[ 29.005444] tcp_v6_do_rcv+0xe4d/0x11c0
[ 29.009385] ? tcp_v6_do_rcv+0xe4d/0x11c0
[ 29.013501] ? tcp_v6_fill_cb+0x3f0/0x480
[ 29.017618] tcp_v6_rcv+0x22ee/0x2b40
[ 29.021408] ? tcp_v6_reqsk_send_ack+0x370/0x370
[ 29.026144] ip6_input_finish+0x36f/0x1700
[ 29.030344] ? ip6_input+0x3b4/0x560
[ 29.034036] ? ip6_rcv_finish+0x7a0/0x7a0
[ 29.038154] ? nf_hook_slow+0xd3/0x1a0
[ 29.042016] ip6_input+0xe9/0x560
[ 29.045436] ? ip6_input_finish+0x1700/0x1700
[ 29.049899] ? find_held_lock+0x35/0x1d0
[ 29.053928] ? ip6_rcv_finish+0x7a0/0x7a0
[ 29.058041] ? ipv6_rcv+0x16b2/0x1f80
[ 29.061810] ip6_rcv_finish+0x1a9/0x7a0
[ 29.065750] ? ip6_make_skb+0x580/0x580
[ 29.069710] ? nf_hook_slow+0xd3/0x1a0
[ 29.073567] ipv6_rcv+0xf1f/0x1f80
[ 29.077082] ? ip6_input+0x560/0x560
[ 29.080768] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 29.085923] ? print_irqtrace_events+0x270/0x270
[ 29.090643] ? check_noncircular+0x20/0x20
[ 29.094855] ? ip6_make_skb+0x580/0x580
[ 29.098806] ? ip6_input+0x560/0x560
[ 29.102492] __netif_receive_skb_core+0x1a3e/0x3450
[ 29.107482] ? nf_ingress+0x9f0/0x9f0
[ 29.111257] ? check_noncircular+0x20/0x20
[ 29.115466] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 29.120619] ? rcu_read_lock_sched_held+0x108/0x120
[ 29.125613] ? update_cfs_rq_load_avg.part.69+0x23d/0x2d0
[ 29.131124] ? attach_entity_load_avg+0x7a0/0x7a0
[ 29.135940] ? __lock_acquire+0x664/0x3e00
[ 29.140142] ? update_blocked_averages+0x87e/0x1b60
[ 29.145125] ? lock_downgrade+0x980/0x980
[ 29.149251] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 29.154409] ? check_noncircular+0x20/0x20
[ 29.158613] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 29.163683] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 29.168679] ? trace_hardirqs_on+0xd/0x10
[ 29.172794] ? update_blocked_averages+0x87e/0x1b60
[ 29.177775] ? find_held_lock+0x35/0x1d0
[ 29.181806] ? find_held_lock+0x35/0x1d0
[ 29.185839] ? lock_acquire+0x1d5/0x580
[ 29.189778] ? process_backlog+0x45f/0x740
[ 29.193982] ? lock_acquire+0x1d5/0x580
[ 29.197922] ? process_backlog+0x1ab/0x740
[ 29.202130] ? lock_release+0xa40/0xa40
[ 29.206084] __netif_receive_skb+0x2c/0x1b0
[ 29.210373] ? __netif_receive_skb+0x2c/0x1b0
[ 29.214838] process_backlog+0x203/0x740
[ 29.218864] ? mark_held_locks+0xaf/0x100
[ 29.222988] net_rx_action+0x792/0x1910
[ 29.226935] ? lock_release+0xa40/0xa40
[ 29.230889] ? napi_complete_done+0x6c0/0x6c0
[ 29.238654] ? rebalance_domains+0x396/0xcc0
[ 29.243028] ? _raw_spin_unlock_irq+0x27/0x70
[ 29.247500] ? pick_next_task_fair+0x16b0/0x16b0
[ 29.252223] ? trigger_dyntick_cpu.isra.29+0x180/0x180
[ 29.257463] ? check_noncircular+0x20/0x20
[ 29.261841] ? timerqueue_add+0x1e9/0x280
[ 29.265961] ? enqueue_hrtimer+0x171/0x4a0
[ 29.270163] ? __remove_hrtimer+0x190/0x190
[ 29.274459] ? check_noncircular+0x20/0x20
[ 29.278665] ? run_rebalance_domains+0x378/0x770
[ 29.283484] ? rebalance_domains+0xcc0/0xcc0
[ 29.287866] ? __lock_is_held+0xb6/0x140
[ 29.291902] ? check_noncircular+0x20/0x20
[ 29.296105] ? print_irqtrace_events+0x270/0x270
[ 29.300834] ? lock_downgrade+0x980/0x980
[ 29.304951] ? __irqentry_text_end+0x4/0x4
[ 29.309156] ? do_timer+0x50/0x50
[ 29.312583] ? __lock_is_held+0xb6/0x140
[ 29.316622] __do_softirq+0x2d7/0xb85
[ 29.320391] ? task_prio+0x40/0x40
[ 29.323903] ? __irqentry_text_end+0x4/0x4
[ 29.328104] ? irq_exit+0xbb/0x200
[ 29.331611] ? smp_apic_timer_interrupt+0x16b/0x700
[ 29.337372] ? smp_reschedule_interrupt+0xe6/0x670
[ 29.342269] ? smp_call_function_single_interrupt+0x640/0x640
[ 29.348120] ? _raw_spin_lock+0x32/0x40
[ 29.352064] ? _raw_spin_unlock+0x22/0x30
[ 29.356180] ? handle_edge_irq+0x2b4/0x7c0
[ 29.360384] ? task_prio+0x40/0x40
[ 29.363900] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 29.368712] do_softirq_own_stack+0x2a/0x40
[ 29.373005]
[ 29.375211] do_softirq.part.21+0x14d/0x190
[ 29.379498] ? ip6_finish_output2+0xb73/0x2390
[ 29.384045] __local_bh_enable_ip+0x1ee/0x230
[ 29.388506] ip6_finish_output2+0xba6/0x2390
[ 29.392897] ? ip6_sk_dst_lookup_flow+0x7f0/0x7f0
[ 29.397709] ? ip6_mtu+0x36f/0x4d0
[ 29.401220] ? check_noncircular+0x20/0x20
[ 29.405429] ? __lock_is_held+0xb6/0x140
[ 29.409469] ? __lock_is_held+0xb6/0x140
[ 29.413507] ip6_finish_output+0x2f9/0x920
[ 29.417713] ? ip6_finish_output+0x2f9/0x920
[ 29.422095] ip6_output+0x1eb/0x840
[ 29.425689] ? ip6_finish_output+0x920/0x920
[ 29.430064] ? lock_release+0xa40/0xa40
[ 29.434012] ? ip6_fragment+0x3420/0x3420
[ 29.438136] ip6_xmit+0xd75/0x2080
[ 29.441644] ? __sk_dst_check+0x1a5/0x380
[ 29.445767] ? ip6_finish_output2+0x2390/0x2390
[ 29.450405] ? fl6_update_dst+0x127/0x2b0
[ 29.454520] ? check_noncircular+0x20/0x20
[ 29.458719] ? inet6_csk_route_socket+0x691/0xe80
[ 29.463529] ? lock_acquire+0x1d5/0x580
[ 29.467468] ? memcpy+0x45/0x50
[ 29.470711] ? lock_acquire+0x1d5/0x580
[ 29.474649] ? inet6_csk_xmit+0x114/0x580
[ 29.478766] ? ip6_forward_finish+0x140/0x140
[ 29.483229] ? lock_release+0xa40/0xa40
[ 29.487178] ? __lock_is_held+0xb6/0x140
[ 29.491213] inet6_csk_xmit+0x2fc/0x580
[ 29.495151] ? inet6_csk_update_pmtu+0x160/0x160
[ 29.499883] ? skb_clone+0x20d/0x480
[ 29.504350] ? tcp_schedule_loss_probe+0x5f0/0x5f0
[ 29.509260] tcp_transmit_skb+0x1b12/0x38b0
[ 29.513561] ? __tcp_select_window+0x900/0x900
[ 29.518113] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 29.523188] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 29.528171] ? trace_hardirqs_on+0xd/0x10
[ 29.532289] ? depot_save_stack+0x3b5/0x490
[ 29.536586] ? check_noncircular+0x20/0x20
[ 29.540792] ? tcp_small_queue_check.isra.26+0x31c/0x450
[ 29.546211] ? tcp_tso_segs+0x240/0x240
[ 29.550153] ? pvclock_read_flags+0x160/0x160
[ 29.554613] ? sock_release+0x8d/0x1e0
[ 29.558462] ? sock_close+0x16/0x20
[ 29.562432] ? __fput+0x327/0x7e0
[ 29.565937] ? ____fput+0x15/0x20
[ 29.569355] ? task_work_run+0x199/0x270
[ 29.573382] ? do_exit+0x9bb/0x1ad0
[ 29.576973] ? do_group_exit+0x149/0x400
[ 29.581014] ? do_signal+0x94/0x1ee0
[ 29.584701] ? sched_clock_cpu+0x1b/0x170
[ 29.588816] ? tcp_init_tso_segs+0x114/0x1f0
[ 29.593194] tcp_write_xmit+0x680/0x5190
[ 29.597224] ? tcp_md5_do_lookup+0x256/0x730
[ 29.601605] ? tcp_v4_parse_md5_keys+0x1f1/0x2d0
[ 29.606331] ? tcp_transmit_skb+0x38b0/0x38b0
[ 29.610800] ? ip6_mtu+0x1cd/0x4d0
[ 29.614310] ? tcp_v6_md5_lookup+0x23/0x30
[ 29.618511] ? tcp_established_options+0x2c5/0x420
[ 29.623409] ? tcp_current_mss+0x254/0x380
[ 29.627608] ? tcp_mtu_to_mss+0x460/0x460
[ 29.631731] ? __lock_is_held+0xb6/0x140
[ 29.635763] __tcp_push_pending_frames+0xa0/0x250
[ 29.640578] tcp_send_fin+0x1b0/0xd20
[ 29.644343] ? tcp_set_state+0x1f2/0x810
[ 29.648373] ? sk_forced_mem_schedule+0x150/0x150
[ 29.653181] ? __sk_dst_check+0x380/0x380
[ 29.657304] ? mark_held_locks+0xaf/0x100
[ 29.661416] ? do_raw_spin_trylock+0x190/0x190
[ 29.665970] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 29.670955] ? lock_sock_nested+0x91/0x110
[ 29.675157] ? trace_hardirqs_on+0xd/0x10
[ 29.679278] tcp_close+0xbe0/0xfc0
[ 29.682786] ? ip_mc_drop_socket+0x1ce/0x230
[ 29.687164] inet_release+0xed/0x1c0
[ 29.690848] inet6_release+0x50/0x70
[ 29.694528] sock_release+0x8d/0x1e0
[ 29.698209] ? sock_alloc_file+0x560/0x560
[ 29.702406] sock_close+0x16/0x20
[ 29.705825] __fput+0x327/0x7e0
[ 29.709076] ? fput+0x140/0x140
[ 29.712323] ? trace_event_raw_event_sched_switch+0x800/0x800
[ 29.718174] ? _raw_spin_unlock_irq+0x27/0x70
[ 29.722640] ____fput+0x15/0x20
[ 29.725885] task_work_run+0x199/0x270
[ 29.729743] ? task_work_cancel+0x210/0x210
[ 29.734032] ? _raw_spin_unlock+0x22/0x30
[ 29.738146] ? switch_task_namespaces+0x87/0xc0
[ 29.742783] do_exit+0x9bb/0x1ad0
[ 29.746201] ? check_noncircular+0x20/0x20
[ 29.750408] ? mm_update_next_owner+0x930/0x930
[ 29.755044] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 29.760201] ? __might_sleep+0x95/0x190
[ 29.764148] ? find_held_lock+0x35/0x1d0
[ 29.768184] ? futex_wait+0x402/0x9a0
[ 29.771950] ? lock_downgrade+0x980/0x980
[ 29.776069] ? __unqueue_futex+0x1c0/0x290
[ 29.780292] ? lock_release+0xa40/0xa40
[ 29.784234] ? fault_in_user_writeable+0x90/0x90
[ 29.788957] ? do_raw_spin_trylock+0x190/0x190
[ 29.793505] ? check_noncircular+0x20/0x20
[ 29.797725] ? drop_futex_key_refs.isra.12+0x63/0xb0
[ 29.802794] ? futex_wait+0x6a9/0x9a0
[ 29.806587] ? find_held_lock+0x35/0x1d0
[ 29.810623] ? get_signal+0x7ae/0x16c0
[ 29.814477] ? lock_downgrade+0x980/0x980
[ 29.818599] do_group_exit+0x149/0x400
[ 29.822453] ? do_raw_spin_trylock+0x190/0x190
[ 29.827003] ? SyS_exit+0x30/0x30
[ 29.830423] ? _raw_spin_unlock_irq+0x27/0x70
[ 29.834886] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 29.839872] get_signal+0x73f/0x16c0
[ 29.843560] ? ptrace_notify+0x130/0x130
[ 29.847589] ? release_sock+0x1d4/0x2a0
[ 29.851533] ? exit_robust_list+0x240/0x240
[ 29.855817] ? _raw_spin_unlock_bh+0x30/0x40
[ 29.860194] ? release_sock+0x1d4/0x2a0
[ 29.864135] ? __release_sock+0x360/0x360
[ 29.868246] ? lock_sock_nested+0x91/0x110
[ 29.872448] ? trace_hardirqs_on+0xd/0x10
[ 29.876572] do_signal+0x94/0x1ee0
[ 29.880080] ? inet_sendmsg+0x126/0x5e0
[ 29.884020] ? __might_sleep+0x95/0x190
[ 29.887960] ? inet_recvmsg+0x5f0/0x5f0
[ 29.891907] ? selinux_socket_sendmsg+0x36/0x40
[ 29.896542] ? setup_sigcontext+0x7d0/0x7d0
[ 29.900827] ? inet_recvmsg+0x5f0/0x5f0
[ 29.904773] ? sock_sendmsg+0x4f/0x110
[ 29.908709] ? fput+0xd2/0x140
[ 29.911869] ? SYSC_sendto+0x41c/0x5c0
[ 29.915727] ? SYSC_connect+0x4a0/0x4a0
[ 29.919666] ? up_read+0x1a/0x40
[ 29.922998] ? __do_page_fault+0x3d6/0xc90
[ 29.927206] ? exit_to_usermode_loop+0x8c/0x310
[ 29.931845] exit_to_usermode_loop+0x214/0x310
[ 29.936395] ? trace_event_raw_event_sys_exit+0x260/0x260
[ 29.941906] syscall_return_slowpath+0x490/0x550
[ 29.946625] ? prepare_exit_to_usermode+0x340/0x340
[ 29.951606] ? entry_SYSCALL_64_fastpath+0x69/0x96
[ 29.956504] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 29.961485] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 29.966210] entry_SYSCALL_64_fastpath+0x94/0x96
[ 29.970927] RIP: 0033:0x4456e9
[ 29.974084] RSP: 002b:00007fb4de631da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 29.981758] RAX: fffffffffffffe00 RBX: 00000000006dac3c RCX: 00000000004456e9
[ 29.989000] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000006dac3c
[ 29.996234] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 30.003466] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac38
[ 30.010700] R13: 0100000000000000 R14: 00007fb4de6329c0 R15: 0000000000000009
[ 30.017950]
[ 30.019545] Allocated by task 3196:
[ 30.023136] save_stack+0x43/0xd0
[ 30.026552] kasan_kmalloc+0xad/0xe0
[ 30.030230] kasan_slab_alloc+0x12/0x20
[ 30.034170] kmem_cache_alloc+0x12e/0x760
[ 30.038284] sk_prot_alloc+0x65/0x2a0
[ 30.042048] sk_clone_lock+0x152/0x1570
[ 30.045988] inet_csk_clone_lock+0x92/0x4f0
[ 30.050273] tcp_create_openreq_child+0x9b/0x1b70
[ 30.055087] tcp_v6_syn_recv_sock+0x22d/0x23a0
[ 30.059634] tcp_get_cookie_sock+0x102/0x540
[ 30.064015] cookie_v6_check+0x177d/0x2160
[ 30.068216] tcp_v6_do_rcv+0xe4d/0x11c0
[ 30.072156] tcp_v6_rcv+0x22ee/0x2b40
[ 30.075921] ip6_input_finish+0x36f/0x1700
[ 30.080119] ip6_input+0xe9/0x560
[ 30.083537] ip6_rcv_finish+0x1a9/0x7a0
[ 30.087476] ipv6_rcv+0xf1f/0x1f80
[ 30.090980] __netif_receive_skb_core+0x1a3e/0x3450
[ 30.095960] __netif_receive_skb+0x2c/0x1b0
[ 30.100248] process_backlog+0x203/0x740
[ 30.104271] net_rx_action+0x792/0x1910
[ 30.108212] __do_softirq+0x2d7/0xb85
[ 30.111972]
[ 30.113564] Freed by task 0:
[ 30.116548] (stack is not available)
[ 30.120224]
[ 30.121821] The buggy address belongs to the object at ffff8801cbdd6a80
[ 30.121821] which belongs to the cache TCP of size 2528
[ 30.133835] The buggy address is located 0 bytes to the right of
[ 30.133835] 2528-byte region [ffff8801cbdd6a80, ffff8801cbdd7460)
[ 30.146128] The buggy address belongs to the page:
[ 30.151024] page:000000006145927c count:1 mapcount:0 mapping:00000000d41dd7c1 index:0xffff8801cbdd7ffd compound_mapcount: 0
[ 30.162260] flags: 0x2fffc0000008100(slab|head)
[ 30.166896] raw: 02fffc0000008100 ffff8801cbdd6000 ffff8801cbdd7ffd 0000000100000003
[ 30.174741] raw: ffffea00074ef120 ffff8801d82b7248 ffff8801d798b640 0000000000000000
[ 30.182583] page dumped because: kasan: bad access detected
[ 30.188267]
[ 30.189860] Memory state around the buggy address:
[ 30.194758] ffff8801cbdd7300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 30.202080] ffff8801cbdd7380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 30.209403] >ffff8801cbdd7400: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[ 30.216725] ^
[ 30.223178] ffff8801cbdd7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 30.230501] ffff8801cbdd7500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 30.237822] ==================================================================
[ 30.245144] Disabling lock debugging due to kernel taint
[ 30.250593] Kernel panic - not syncing: panic_on_warn set ...
[ 30.250593]
[ 30.257931] CPU: 1 PID: 3196 Comm: syzkaller545407 Tainted: G B 4.15.0-rc5+ #241
[ 30.266644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 30.275962] Call Trace:
[ 30.278516]
[ 30.280637] dump_stack+0x194/0x257
[ 30.284229] ? arch_local_irq_restore+0x53/0x53
[ 30.288868] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 30.293591] ? vsnprintf+0x1ed/0x1900
[ 30.297357] ? tcp_v6_syn_recv_sock+0x5f0/0x23a0
[ 30.302075] panic+0x1e4/0x41c
[ 30.305232] ? refcount_error_report+0x214/0x214
[ 30.309951] ? add_taint+0x1c/0x50
[ 30.313455] ? add_taint+0x1c/0x50
[ 30.316960] ? tcp_v6_syn_recv_sock+0x628/0x23a0
[ 30.321680] kasan_end_report+0x50/0x50
[ 30.325629] kasan_report+0x144/0x340
[ 30.329397] check_memory_region+0x137/0x190
[ 30.333769] memcpy+0x37/0x50
[ 30.336838] tcp_v6_syn_recv_sock+0x628/0x23a0
[ 30.341388] ? tcp_v6_conn_request+0x270/0x270
[ 30.345934] ? __local_bh_enable_ip+0x121/0x230
[ 30.350568] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 30.355548] ? ip6_dst_lookup_tail+0xdbd/0x18f0
[ 30.360180] ? trace_hardirqs_on+0xd/0x10
[ 30.364289] ? __local_bh_enable_ip+0x121/0x230
[ 30.368924] ? ip6_dst_lookup_tail+0x40a/0x18f0
[ 30.373561] ? ip6_copy_metadata+0x890/0x890
[ 30.377938] ? selinux_netlbl_inet_conn_request+0x81/0x3c0
[ 30.383524] ? selinux_netlbl_skbuff_setsid+0x5d0/0x5d0
[ 30.388853] ? __bfs+0x706/0x750
[ 30.392189] ? rcu_read_lock_sched_held+0x108/0x120
[ 30.397186] tcp_get_cookie_sock+0x102/0x540
[ 30.401561] ? selinux_inet_conn_request+0x25b/0x390
[ 30.406628] ? cookie_ecn_ok+0x120/0x120
[ 30.410654] ? xfrm_lookup_route+0x4f/0x1a0
[ 30.414956] ? ip6_dst_lookup_flow+0x1ca/0x270
[ 30.419503] ? ip6_dst_lookup+0x60/0x60
[ 30.423443] ? tcp_select_initial_window+0x30c/0x410
[ 30.428513] cookie_v6_check+0x177d/0x2160
[ 30.432717] ? cookie_v6_init_sequence+0xe0/0xe0
[ 30.437439] ? sk_filter_trim_cap+0x40a/0x9c0
[ 30.441897] ? lock_downgrade+0x980/0x980
[ 30.446009] ? lock_release+0xa40/0xa40
[ 30.449954] ? __lock_is_held+0xb6/0x140
[ 30.453983] ? sk_filter_trim_cap+0xe7/0x9c0
[ 30.458357] ? __local_bh_enable_ip+0x121/0x230
[ 30.462996] ? tcp_v6_inbound_md5_hash+0x155/0x5c0
[ 30.467892] tcp_v6_do_rcv+0xe4d/0x11c0
[ 30.471829] ? tcp_v6_do_rcv+0xe4d/0x11c0
[ 30.475940] ? tcp_v6_fill_cb+0x3f0/0x480
[ 30.480065] tcp_v6_rcv+0x22ee/0x2b40
[ 30.483841] ? tcp_v6_reqsk_send_ack+0x370/0x370
[ 30.488566] ip6_input_finish+0x36f/0x1700
[ 30.492763] ? ip6_input+0x3b4/0x560
[ 30.496448] ? ip6_rcv_finish+0x7a0/0x7a0
[ 30.500560] ? nf_hook_slow+0xd3/0x1a0
[ 30.504430] ip6_input+0xe9/0x560
[ 30.507849] ? ip6_input_finish+0x1700/0x1700
[ 30.512312] ? find_held_lock+0x35/0x1d0
[ 30.516339] ? ip6_rcv_finish+0x7a0/0x7a0
[ 30.520449] ? ipv6_rcv+0x16b2/0x1f80
[ 30.524216] ip6_rcv_finish+0x1a9/0x7a0
[ 30.528154] ? ip6_make_skb+0x580/0x580
[ 30.532095] ? nf_hook_slow+0xd3/0x1a0
[ 30.535949] ipv6_rcv+0xf1f/0x1f80
[ 30.539467] ? ip6_input+0x560/0x560
[ 30.543147] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 30.548299] ? print_irqtrace_events+0x270/0x270
[ 30.553026] ? check_noncircular+0x20/0x20
[ 30.557231] ? ip6_make_skb+0x580/0x580
[ 30.561170] ? ip6_input+0x560/0x560
[ 30.564851] __netif_receive_skb_core+0x1a3e/0x3450
[ 30.569835] ? nf_ingress+0x9f0/0x9f0
[ 30.573605] ? check_noncircular+0x20/0x20
[ 30.577810] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 30.582963] ? rcu_read_lock_sched_held+0x108/0x120
[ 30.587944] ? update_cfs_rq_load_avg.part.69+0x23d/0x2d0
[ 30.593443] ? attach_entity_load_avg+0x7a0/0x7a0
[ 30.598252] ? __lock_acquire+0x664/0x3e00
[ 30.602451] ? update_blocked_averages+0x87e/0x1b60
[ 30.607431] ? lock_downgrade+0x980/0x980
[ 30.611546] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 30.616700] ? check_noncircular+0x20/0x20
[ 30.620898] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 30.625966] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 30.630944] ? trace_hardirqs_on+0xd/0x10
[ 30.635056] ? update_blocked_averages+0x87e/0x1b60
[ 30.640036] ? find_held_lock+0x35/0x1d0
[ 30.644065] ? find_held_lock+0x35/0x1d0
[ 30.648090] ? lock_acquire+0x1d5/0x580
[ 30.652033] ? process_backlog+0x45f/0x740
[ 30.656230] ? lock_acquire+0x1d5/0x580
[ 30.660167] ? process_backlog+0x1ab/0x740
[ 30.664367] ? lock_release+0xa40/0xa40
[ 30.668311] __netif_receive_skb+0x2c/0x1b0
[ 30.672595] ? __netif_receive_skb+0x2c/0x1b0
[ 30.677060] process_backlog+0x203/0x740
[ 30.681086] ? mark_held_locks+0xaf/0x100
[ 30.685200] net_rx_action+0x792/0x1910
[ 30.689140] ? lock_release+0xa40/0xa40
[ 30.693080] ? napi_complete_done+0x6c0/0x6c0
[ 30.697541] ? rebalance_domains+0x396/0xcc0
[ 30.701912] ? _raw_spin_unlock_irq+0x27/0x70
[ 30.706376] ? pick_next_task_fair+0x16b0/0x16b0
[ 30.711096] ? trigger_dyntick_cpu.isra.29+0x180/0x180
[ 30.716333] ? check_noncircular+0x20/0x20
[ 30.720532] ? timerqueue_add+0x1e9/0x280
[ 30.724661] ? enqueue_hrtimer+0x171/0x4a0
[ 30.728862] ? __remove_hrtimer+0x190/0x190
[ 30.733152] ? check_noncircular+0x20/0x20
[ 30.737353] ? run_rebalance_domains+0x378/0x770
[ 30.742105] ? rebalance_domains+0xcc0/0xcc0
[ 30.746483] ? __lock_is_held+0xb6/0x140
[ 30.750511] ? check_noncircular+0x20/0x20
[ 30.754711] ? print_irqtrace_events+0x270/0x270
[ 30.759433] ? lock_downgrade+0x980/0x980
[ 30.763548] ? __irqentry_text_end+0x4/0x4
[ 30.767747] ? do_timer+0x50/0x50
[ 30.771165] ? __lock_is_held+0xb6/0x140
[ 30.775196] __do_softirq+0x2d7/0xb85
[ 30.778965] ? task_prio+0x40/0x40
[ 30.782472] ? __irqentry_text_end+0x4/0x4
[ 30.786669] ? irq_exit+0xbb/0x200
[ 30.790172] ? smp_apic_timer_interrupt+0x16b/0x700
[ 30.795151] ? smp_reschedule_interrupt+0xe6/0x670
[ 30.800042] ? smp_call_function_single_interrupt+0x640/0x640
[ 30.805888] ? _raw_spin_lock+0x32/0x40
[ 30.809825] ? _raw_spin_unlock+0x22/0x30
[ 30.813935] ? handle_edge_irq+0x2b4/0x7c0
[ 30.818132] ? task_prio+0x40/0x40
[ 30.821643] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 30.826451] do_softirq_own_stack+0x2a/0x40
[ 30.830732]
[ 30.832933] do_softirq.part.21+0x14d/0x190
[ 30.837220] ? ip6_finish_output2+0xb73/0x2390
[ 30.841765] __local_bh_enable_ip+0x1ee/0x230
[ 30.846224] ip6_finish_output2+0xba6/0x2390
[ 30.850602] ? ip6_sk_dst_lookup_flow+0x7f0/0x7f0
[ 30.855409] ? ip6_mtu+0x36f/0x4d0
[ 30.858912] ? check_noncircular+0x20/0x20
[ 30.863113] ? __lock_is_held+0xb6/0x140
[ 30.867144] ? __lock_is_held+0xb6/0x140
[ 30.871172] ip6_finish_output+0x2f9/0x920
[ 30.875368] ? ip6_finish_output+0x2f9/0x920
[ 30.879744] ip6_output+0x1eb/0x840
[ 30.883335] ? ip6_finish_output+0x920/0x920
[ 30.887707] ? lock_release+0xa40/0xa40
[ 30.891648] ? ip6_fragment+0x3420/0x3420
[ 30.895763] ip6_xmit+0xd75/0x2080
[ 30.899281] ? __sk_dst_check+0x1a5/0x380
[ 30.903399] ? ip6_finish_output2+0x2390/0x2390
[ 30.908033] ? fl6_update_dst+0x127/0x2b0
[ 30.912149] ? check_noncircular+0x20/0x20
[ 30.916347] ? inet6_csk_route_socket+0x691/0xe80
[ 30.921154] ? lock_acquire+0x1d5/0x580
[ 30.925094] ? memcpy+0x45/0x50
[ 30.928337] ? lock_acquire+0x1d5/0x580
[ 30.932274] ? inet6_csk_xmit+0x114/0x580
[ 30.936386] ? ip6_forward_finish+0x140/0x140
[ 30.940845] ? lock_release+0xa40/0xa40
[ 30.944785] ? __lock_is_held+0xb6/0x140
[ 30.948814] inet6_csk_xmit+0x2fc/0x580
[ 30.952752] ? inet6_csk_update_pmtu+0x160/0x160
[ 30.957471] ? skb_clone+0x20d/0x480
[ 30.961149] ? tcp_schedule_loss_probe+0x5f0/0x5f0
[ 30.966050] tcp_transmit_skb+0x1b12/0x38b0
[ 30.970347] ? __tcp_select_window+0x900/0x900
[ 30.974896] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 30.979963] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 30.984944] ? trace_hardirqs_on+0xd/0x10
[ 30.989061] ? depot_save_stack+0x3b5/0x490
[ 30.993358] ? check_noncircular+0x20/0x20
[ 30.997557] ? tcp_small_queue_check.isra.26+0x31c/0x450
[ 31.002970] ? tcp_tso_segs+0x240/0x240
[ 31.006912] ? pvclock_read_flags+0x160/0x160
[ 31.011384] ? sock_release+0x8d/0x1e0
[ 31.015240] ? sock_close+0x16/0x20
[ 31.018830] ? __fput+0x327/0x7e0
[ 31.022245] ? ____fput+0x15/0x20
[ 31.025663] ? task_work_run+0x199/0x270
[ 31.029687] ? do_exit+0x9bb/0x1ad0
[ 31.033276] ? do_group_exit+0x149/0x400
[ 31.037310] ? do_signal+0x94/0x1ee0
[ 31.040991] ? sched_clock_cpu+0x1b/0x170
[ 31.045101] ? tcp_init_tso_segs+0x114/0x1f0
[ 31.049473] tcp_write_xmit+0x680/0x5190
[ 31.053500] ? tcp_md5_do_lookup+0x256/0x730
[ 31.057874] ? tcp_v4_parse_md5_keys+0x1f1/0x2d0
[ 31.062596] ? tcp_transmit_skb+0x38b0/0x38b0
[ 31.067057] ? ip6_mtu+0x1cd/0x4d0
[ 31.070564] ? tcp_v6_md5_lookup+0x23/0x30
[ 31.074762] ? tcp_established_options+0x2c5/0x420
[ 31.079656] ? tcp_current_mss+0x254/0x380
[ 31.083855] ? tcp_mtu_to_mss+0x460/0x460
[ 31.087984] ? __lock_is_held+0xb6/0x140
[ 31.092011] __tcp_push_pending_frames+0xa0/0x250
[ 31.096818] tcp_send_fin+0x1b0/0xd20
[ 31.100583] ? tcp_set_state+0x1f2/0x810
[ 31.104609] ? sk_forced_mem_schedule+0x150/0x150
[ 31.109417] ? __sk_dst_check+0x380/0x380
[ 31.113529] ? mark_held_locks+0xaf/0x100
[ 31.117639] ? do_raw_spin_trylock+0x190/0x190
[ 31.122192] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 31.127172] ? lock_sock_nested+0x91/0x110
[ 31.131371] ? trace_hardirqs_on+0xd/0x10
[ 31.135486] tcp_close+0xbe0/0xfc0
[ 31.138998] ? ip_mc_drop_socket+0x1ce/0x230
[ 31.143375] inet_release+0xed/0x1c0
[ 31.147575] inet6_release+0x50/0x70
[ 31.151252] sock_release+0x8d/0x1e0
[ 31.154929] ? sock_alloc_file+0x560/0x560
[ 31.159128] sock_close+0x16/0x20
[ 31.162547] __fput+0x327/0x7e0
[ 31.165904] ? fput+0x140/0x140
[ 31.169154] ? trace_event_raw_event_sched_switch+0x800/0x800
[ 31.175001] ? _raw_spin_unlock_irq+0x27/0x70
[ 31.179463] ____fput+0x15/0x20
[ 31.182708] task_work_run+0x199/0x270
[ 31.186561] ? task_work_cancel+0x210/0x210
[ 31.190848] ? _raw_spin_unlock+0x22/0x30
[ 31.194964] ? switch_task_namespaces+0x87/0xc0
[ 31.199599] do_exit+0x9bb/0x1ad0
[ 31.203030] ? check_noncircular+0x20/0x20
[ 31.207236] ? mm_update_next_owner+0x930/0x930
[ 31.211873] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 31.217030] ? __might_sleep+0x95/0x190
[ 31.220979] ? find_held_lock+0x35/0x1d0
[ 31.225006] ? futex_wait+0x402/0x9a0
[ 31.228771] ? lock_downgrade+0x980/0x980
[ 31.232884] ? __unqueue_futex+0x1c0/0x290
[ 31.237080] ? lock_release+0xa40/0xa40
[ 31.241017] ? fault_in_user_writeable+0x90/0x90
[ 31.245739] ? do_raw_spin_trylock+0x190/0x190
[ 31.250284] ? check_noncircular+0x20/0x20
[ 31.254484] ? drop_futex_key_refs.isra.12+0x63/0xb0
[ 31.259551] ? futex_wait+0x6a9/0x9a0
[ 31.263321] ? find_held_lock+0x35/0x1d0
[ 31.267349] ? get_signal+0x7ae/0x16c0
[ 31.271202] ? lock_downgrade+0x980/0x980
[ 31.275316] do_group_exit+0x149/0x400
[ 31.279167] ? do_raw_spin_trylock+0x190/0x190
[ 31.283712] ? SyS_exit+0x30/0x30
[ 31.287128] ? _raw_spin_unlock_irq+0x27/0x70
[ 31.291588] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 31.296569] get_signal+0x73f/0x16c0
[ 31.300251] ? ptrace_notify+0x130/0x130
[ 31.304277] ? release_sock+0x1d4/0x2a0
[ 31.308220] ? exit_robust_list+0x240/0x240
[ 31.312509] ? _raw_spin_unlock_bh+0x30/0x40
[ 31.316881] ? release_sock+0x1d4/0x2a0
[ 31.320824] ? __release_sock+0x360/0x360
[ 31.324935] ? lock_sock_nested+0x91/0x110
[ 31.329135] ? trace_hardirqs_on+0xd/0x10
[ 31.333251] do_signal+0x94/0x1ee0
[ 31.336757] ? inet_sendmsg+0x126/0x5e0
[ 31.340701] ? __might_sleep+0x95/0x190
[ 31.344638] ? inet_recvmsg+0x5f0/0x5f0
[ 31.348579] ? selinux_socket_sendmsg+0x36/0x40
[ 31.353214] ? setup_sigcontext+0x7d0/0x7d0
[ 31.357504] ? inet_recvmsg+0x5f0/0x5f0
[ 31.361443] ? sock_sendmsg+0x4f/0x110
[ 31.365302] ? fput+0xd2/0x140
[ 31.368473] ? SYSC_sendto+0x41c/0x5c0
[ 31.372330] ? SYSC_connect+0x4a0/0x4a0
[ 31.376270] ? up_read+0x1a/0x40
[ 31.379959] ? __do_page_fault+0x3d6/0xc90
[ 31.384164] ? exit_to_usermode_loop+0x8c/0x310
[ 31.388799] exit_to_usermode_loop+0x214/0x310
[ 31.393346] ? trace_event_raw_event_sys_exit+0x260/0x260
[ 31.398852] syscall_return_slowpath+0x490/0x550
[ 31.403579] ? prepare_exit_to_usermode+0x340/0x340
[ 31.408560] ? entry_SYSCALL_64_fastpath+0x69/0x96
[ 31.413459] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 31.418441] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 31.423162] entry_SYSCALL_64_fastpath+0x94/0x96
[ 31.427879] RIP: 0033:0x4456e9
[ 31.431034] RSP: 002b:00007fb4de631da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 31.439057] RAX: fffffffffffffe00 RBX: 00000000006dac3c RCX: 00000000004456e9
[ 31.446293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000006dac3c
[ 31.453526] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 31.460760] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac38
[ 31.467992] R13: 0100000000000000 R14: 00007fb4de6329c0 R15: 0000000000000009
[ 31.475268] Dumping ftrace buffer:
[ 31.478776] (ftrace buffer empty)
[ 31.482459] Kernel Offset: disabled
[ 31.486065] Rebooting in 86400 seconds..