[....] Starting enhanced syslogd: rsyslogd[ 11.372058] audit: type=1400 audit(1514619594.517:5): avc: denied { syslog } for pid=3000 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 15.674452] audit: type=1400 audit(1514619598.820:6): avc: denied { map } for pid=3140 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.194' (ECDSA) to the list of known hosts.
executing program
[ 21.916353] audit: type=1400 audit(1514619605.061:7): avc: denied { map } for pid=3154 comm="syzkaller421837" path="/root/syzkaller421837344" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 21.924428] device lo entered promiscuous mode
[ 21.942759] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
[ 21.962565] ==================================================================
[ 21.969960] BUG: KASAN: slab-out-of-bounds in tcp_v6_syn_recv_sock+0x5f7/0x2330
[ 21.977393] Write of size 152 at addr ffff8801cbf969f0 by task syzkaller421837/3156
[ 21.985166]
[ 21.986775] CPU: 1 PID: 3156 Comm: syzkaller421837 Not tainted 4.15.0-rc4-mm1+ #49
[ 21.994463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 22.003788] Call Trace:
[ 22.006340]
[ 22.008466] dump_stack+0x194/0x257
[ 22.012069] ? arch_local_irq_restore+0x53/0x53
[ 22.016710] ? show_regs_print_info+0x18/0x18
[ 22.021194] ? tcp_v6_send_synack+0xa90/0xa90
[ 22.025660] ? tcp_v6_syn_recv_sock+0x5f7/0x2330
[ 22.030390] print_address_description+0x73/0x250
[ 22.035212] ? tcp_v6_syn_recv_sock+0x5f7/0x2330
[ 22.039945] kasan_report+0x23b/0x360
[ 22.043726] check_memory_region+0x137/0x190
[ 22.048120] memcpy+0x37/0x50
[ 22.051209] tcp_v6_syn_recv_sock+0x5f7/0x2330
[ 22.055789] ? tcp_v6_conn_request+0x270/0x270
[ 22.060355] ? ____fput+0x15/0x20
[ 22.063782] ? task_work_run+0x199/0x270
[ 22.067820] ? do_group_exit+0x149/0x400
[ 22.071856] ? do_signal+0x94/0x1ee0
[ 22.075553] ? exit_to_usermode_loop+0x258/0x2f0
[ 22.080279] ? syscall_return_slowpath+0x490/0x550
[ 22.085181] ? entry_SYSCALL_64_fastpath+0x94/0x96
[ 22.090098] ? mark_held_locks+0xaf/0x100
[ 22.094228] ? kfree+0xf0/0x260
[ 22.097484] ? ip6_pol_route_input+0x70/0x70
[ 22.101865] ? fib6_rule_lookup+0xd4/0x290
[ 22.106087] ? fib6_get_table+0x40/0x40
[ 22.110043] ? selinux_netlbl_skbuff_setsid+0x5d0/0x5d0
[ 22.115400] ? __bfs+0x6c6/0x750
[ 22.118752] tcp_get_cookie_sock+0x102/0x540
[ 22.123137] ? cookie_ecn_ok+0x120/0x120
[ 22.127180] ? xfrm_lookup_route+0x4f/0x1a0
[ 22.131480] ? ip6_dst_lookup_flow+0x1ca/0x270
[ 22.136032] ? ip6_dst_lookup+0x60/0x60
[ 22.139987] ? tcp_select_initial_window+0x30c/0x410
[ 22.145072] cookie_v6_check+0x177d/0x2160
[ 22.149287] ? selinux_socket_sock_rcv_skb+0x24e/0x850
[ 22.154546] ? cookie_v6_init_sequence+0xe0/0xe0
[ 22.159290] ? sk_filter_trim_cap+0x40a/0x9c0
[ 22.163767] ? lock_downgrade+0x980/0x980
[ 22.167897] ? lock_release+0xa40/0xa40
[ 22.171859] ? __lock_is_held+0xb6/0x140
[ 22.175910] ? sk_filter_trim_cap+0xe7/0x9c0
[ 22.180289] ? trace_hardirqs_on+0xd/0x10
[ 22.184416] ? tcp_v6_inbound_md5_hash+0x155/0x5c0
[ 22.189323] tcp_v6_do_rcv+0xe47/0x11b0
[ 22.193276] ? tcp_v6_do_rcv+0xe47/0x11b0
[ 22.197394] ? tcp_v6_fill_cb+0x3a0/0x480
[ 22.201515] tcp_v6_rcv+0x22ee/0x2b40
[ 22.205317] ? tcp_v6_reqsk_send_ack+0x370/0x370
[ 22.210079] ip6_input_finish+0x36f/0x1700
[ 22.214303] ? ip6_input+0x3a7/0x560
[ 22.218030] ? ip6_rcv_finish+0x7a0/0x7a0
[ 22.222190] ? nf_hook_slow+0xd3/0x1a0
[ 22.226059] ip6_input+0xdb/0x560
[ 22.229486] ? ip6_input_finish+0x1700/0x1700
[ 22.233956] ? find_held_lock+0x35/0x1d0
[ 22.237992] ? ip6_rcv_finish+0x7a0/0x7a0
[ 22.242113] ? ipv6_rcv+0x16b2/0x1f80
[ 22.245890] ip6_rcv_finish+0x1a9/0x7a0
[ 22.249847] ? ip6_make_skb+0x580/0x580
[ 22.253801] ? nf_hook_slow+0xd3/0x1a0
[ 22.257662] ipv6_rcv+0xf1f/0x1f80
[ 22.261182] ? ip6_input+0x560/0x560
[ 22.264874] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 22.270035] ? print_irqtrace_events+0x270/0x270
[ 22.274761] ? check_noncircular+0x20/0x20
[ 22.278979] ? ip6_make_skb+0x580/0x580
[ 22.282926] ? ip6_input+0x560/0x560
[ 22.286612] __netif_receive_skb_core+0x1a3e/0x3450
[ 22.291607] ? nf_ingress+0x9f0/0x9f0
[ 22.295380] ? check_noncircular+0x20/0x20
[ 22.299593] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 22.304750] ? rcu_read_lock_sched_held+0x108/0x120
[ 22.309737] ? update_cfs_rq_load_avg.part.68+0x23d/0x2d0
[ 22.315245] ? attach_entity_load_avg+0x7a0/0x7a0
[ 22.320064] ? __lock_acquire+0x664/0x3e00
[ 22.324279] ? update_blocked_averages+0x87e/0x1b60
[ 22.329275] ? lock_downgrade+0x980/0x980
[ 22.333400] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 22.338563] ? check_noncircular+0x20/0x20
[ 22.342773] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 22.347850] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 22.352839] ? trace_hardirqs_on+0xd/0x10
[ 22.356959] ? update_blocked_averages+0x87e/0x1b60
[ 22.361943] ? find_held_lock+0x35/0x1d0
[ 22.365980] ? find_held_lock+0x35/0x1d0
[ 22.370015] ? lock_acquire+0x1d5/0x580
[ 22.373957] ? process_backlog+0x45f/0x740
[ 22.378160] ? lock_acquire+0x1d5/0x580
[ 22.382103] ? process_backlog+0x1ab/0x740
[ 22.386314] ? lock_release+0xa40/0xa40
[ 22.390269] __netif_receive_skb+0x2c/0x1b0
[ 22.394572] ? __netif_receive_skb+0x2c/0x1b0
[ 22.399040] process_backlog+0x203/0x740
[ 22.403068] ? mark_held_locks+0xaf/0x100
[ 22.407194] net_rx_action+0x792/0x1910
[ 22.411151] ? lock_release+0xa40/0xa40
[ 22.415105] ? napi_complete_done+0x6c0/0x6c0
[ 22.419578] ? rebalance_domains+0x396/0xcc0
[ 22.423959] ? _raw_spin_unlock_irq+0x27/0x70
[ 22.428442] ? pick_next_task_fair+0x16b0/0x16b0
[ 22.433169] ? trigger_dyntick_cpu.isra.29+0x180/0x180
[ 22.438413] ? check_noncircular+0x20/0x20
[ 22.442625] ? timerqueue_add+0x1e9/0x280
[ 22.446758] ? enqueue_hrtimer+0x171/0x4a0
[ 22.450963] ? __remove_hrtimer+0x190/0x190
[ 22.455278] ? check_noncircular+0x20/0x20
[ 22.459486] ? run_rebalance_domains+0x378/0x770
[ 22.464221] ? rebalance_domains+0xcc0/0xcc0
[ 22.468610] ? __lock_is_held+0xb6/0x140
[ 22.472652] ? check_noncircular+0x20/0x20
[ 22.476864] ? print_irqtrace_events+0x270/0x270
[ 22.481592] ? lock_downgrade+0x980/0x980
[ 22.485719] ? __irqentry_text_end+0x1f8db4/0x1f8db4
[ 22.490794] ? do_timer+0x50/0x50
[ 22.494230] ? __lock_is_held+0xb6/0x140
[ 22.498272] __do_softirq+0x2d7/0xb85
[ 22.502042] ? task_prio+0x40/0x40
[ 22.505561] ? __irqentry_text_end+0x1f8db4/0x1f8db4
[ 22.510634] ? irq_exit+0xbb/0x200
[ 22.514155] ? smp_apic_timer_interrupt+0x16b/0x700
[ 22.519136] ? smp_reschedule_interrupt+0xe6/0x670
[ 22.524039] ? smp_call_function_single_interrupt+0x640/0x640
[ 22.529894] ? _raw_spin_lock+0x32/0x40
[ 22.533840] ? _raw_spin_unlock+0x22/0x30
[ 22.537957] ? handle_edge_irq+0x2b4/0x7c0
[ 22.542163] ? task_prio+0x40/0x40
[ 22.545696] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 22.550517] do_softirq_own_stack+0x2a/0x40
[ 22.554805]
[ 22.557014] do_softirq.part.21+0x14d/0x190
[ 22.561319] ? ip6_finish_output2+0xaf3/0x2310
[ 22.565869] __local_bh_enable_ip+0x1ee/0x230
[ 22.570333] ip6_finish_output2+0xb26/0x2310
[ 22.574722] ? ip6_copy_metadata+0x890/0x890
[ 22.579105] ? ip6_mtu+0x2a2/0x3e0
[ 22.582617] ? check_noncircular+0x20/0x20
[ 22.586824] ? lock_release+0xa40/0xa40
[ 22.590783] ? __lock_is_held+0xb6/0x140
[ 22.594827] ip6_finish_output+0x2f9/0x920
[ 22.599040] ? ip6_finish_output+0x2f9/0x920
[ 22.603426] ip6_output+0x1eb/0x840
[ 22.607023] ? ip6_finish_output+0x920/0x920
[ 22.611409] ? lock_release+0xa40/0xa40
[ 22.615364] ? ip6_fragment+0x3420/0x3420
[ 22.619489] ip6_xmit+0xf3e/0x1fc0
[ 22.623007] ? __sk_dst_check+0x1a5/0x380
[ 22.627136] ? ip6_finish_output2+0x2310/0x2310
[ 22.631779] ? fl6_update_dst+0x127/0x2b0
[ 22.635898] ? check_noncircular+0x20/0x20
[ 22.640103] ? inet6_csk_route_socket+0x691/0xe50
[ 22.644918] ? lock_acquire+0x1d5/0x580
[ 22.648872] ? memcpy+0x45/0x50
[ 22.652120] ? lock_acquire+0x1d5/0x580
[ 22.656064] ? inet6_csk_xmit+0x114/0x580
[ 22.660190] ? ip6_forward_finish+0x140/0x140
[ 22.664668] ? lock_release+0xa40/0xa40
[ 22.668627] ? __lock_is_held+0xb6/0x140
[ 22.672670] inet6_csk_xmit+0x2fc/0x580
[ 22.676628] ? inet6_csk_update_pmtu+0x160/0x160
[ 22.681364] ? skb_clone+0x20d/0x480
[ 22.685052] ? tcp_schedule_loss_probe+0x490/0x490
[ 22.689969] tcp_transmit_skb+0x1b12/0x38b0
[ 22.694276] ? __tcp_select_window+0x900/0x900
[ 22.698828] ? mark_held_locks+0xaf/0x100
[ 22.702947] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 22.708029] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 22.713018] ? trace_hardirqs_on+0xd/0x10
[ 22.717141] ? depot_save_stack+0x2ca/0x460
[ 22.721440] ? check_noncircular+0x20/0x20
[ 22.725650] ? tcp_small_queue_check.isra.26+0x31c/0x450
[ 22.731085] ? tcp_tso_segs+0x240/0x240
[ 22.735029] ? pvclock_read_flags+0x160/0x160
[ 22.739494] ? sock_release+0x8d/0x1e0
[ 22.743350] ? sock_close+0x16/0x20
[ 22.746944] ? __fput+0x327/0x7e0
[ 22.750366] ? ____fput+0x15/0x20
[ 22.753788] ? task_work_run+0x199/0x270
[ 22.757819] ? do_exit+0x9bb/0x1ad0
[ 22.761412] ? do_group_exit+0x149/0x400
[ 22.765443] ? do_signal+0x94/0x1ee0
[ 22.769132] ? sched_clock_cpu+0x1b/0x170
[ 22.773249] ? tcp_init_tso_segs+0x114/0x1f0
[ 22.777640] tcp_write_xmit+0x680/0x5190
[ 22.781676] ? tcp_md5_do_lookup+0x256/0x730
[ 22.786063] ? tcp_v4_parse_md5_keys+0x221/0x2d0
[ 22.790798] ? tcp_transmit_skb+0x38b0/0x38b0
[ 22.795279] ? tcp_v6_md5_lookup+0x23/0x30
[ 22.799487] ? tcp_established_options+0x2c5/0x420
[ 22.804398] ? tcp_current_mss+0x254/0x380
[ 22.808614] ? tcp_mtu_to_mss+0x460/0x460
[ 22.812764] ? __lock_is_held+0xb6/0x140
[ 22.816839] __tcp_push_pending_frames+0xa0/0x250
[ 22.821675] tcp_send_fin+0x1b0/0xd20
[ 22.825455] ? inet_sendpage+0x660/0x660
[ 22.829488] ? sk_forced_mem_schedule+0x150/0x150
[ 22.834300] ? __sk_dst_check+0x380/0x380
[ 22.838421] ? mark_held_locks+0xaf/0x100
[ 22.842538] ? do_raw_spin_trylock+0x190/0x190
[ 22.847092] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 22.852076] ? lock_sock_nested+0x91/0x110
[ 22.856286] ? trace_hardirqs_on+0xd/0x10
[ 22.860416] tcp_close+0xbe0/0xfc0
[ 22.863927] ? ip_mc_drop_socket+0x1ce/0x230
[ 22.868311] inet_release+0xed/0x1c0
[ 22.871999] inet6_release+0x50/0x70
[ 22.875696] sock_release+0x8d/0x1e0
[ 22.879382] ? sock_alloc_file+0x560/0x560
[ 22.883585] sock_close+0x16/0x20
[ 22.887010] __fput+0x327/0x7e0
[ 22.890265] ? fput+0x140/0x140
[ 22.893528] ? trace_event_raw_event_sched_switch+0x800/0x800
[ 22.899390] ? _raw_spin_unlock_irq+0x27/0x70
[ 22.903887] ____fput+0x15/0x20
[ 22.907138] task_work_run+0x199/0x270
[ 22.910999] ? task_work_cancel+0x210/0x210
[ 22.915299] ? _raw_spin_unlock+0x22/0x30
[ 22.919419] ? switch_task_namespaces+0x87/0xc0
[ 22.924064] do_exit+0x9bb/0x1ad0
[ 22.927487] ? check_noncircular+0x20/0x20
[ 22.931698] ? mm_update_next_owner+0x930/0x930
[ 22.936340] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 22.941504] ? __might_sleep+0x95/0x190
[ 22.945454] ? find_held_lock+0x35/0x1d0
[ 22.949503] ? futex_wait+0x402/0x9a0
[ 22.953274] ? lock_downgrade+0x980/0x980
[ 22.957393] ? __unqueue_futex+0x1c0/0x290
[ 22.961594] ? lock_release+0xa40/0xa40
[ 22.965539] ? fault_in_user_writeable+0x90/0x90
[ 22.970267] ? do_raw_spin_trylock+0x190/0x190
[ 22.974823] ? check_noncircular+0x20/0x20
[ 22.979032] ? drop_futex_key_refs.isra.12+0x63/0xa0
[ 22.984113] ? futex_wait+0x6a9/0x9a0
[ 22.987896] ? find_held_lock+0x35/0x1d0
[ 22.991935] ? get_signal+0x7ae/0x16c0
[ 22.995794] ? lock_downgrade+0x980/0x980
[ 22.999930] do_group_exit+0x149/0x400
[ 23.003790] ? do_raw_spin_trylock+0x190/0x190
[ 23.008341] ? SyS_exit+0x30/0x30
[ 23.011765] ? _raw_spin_unlock_irq+0x27/0x70
[ 23.016230] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 23.021228] get_signal+0x73f/0x16c0
[ 23.024943] ? ptrace_notify+0x130/0x130
[ 23.028977] ? release_sock+0x1d4/0x2a0
[ 23.032934] ? exit_robust_list+0x240/0x240
[ 23.037227] ? _raw_spin_unlock_bh+0x30/0x40
[ 23.041608] ? release_sock+0x1d4/0x2a0
[ 23.045561] ? __release_sock+0x360/0x360
[ 23.049677] ? lock_sock_nested+0x91/0x110
[ 23.053895] ? trace_hardirqs_on+0xd/0x10
[ 23.058037] do_signal+0x94/0x1ee0
[ 23.061560] ? inet_sendmsg+0x126/0x5e0
[ 23.065514] ? __might_sleep+0x95/0x190
[ 23.069460] ? inet_recvmsg+0x5f0/0x5f0
[ 23.073406] ? selinux_socket_sendmsg+0x36/0x40
[ 23.078055] ? setup_sigcontext+0x7d0/0x7d0
[ 23.082345] ? inet_recvmsg+0x5f0/0x5f0
[ 23.086298] ? sock_sendmsg+0x4f/0x110
[ 23.090157] ? fput+0xd2/0x140
[ 23.093321] ? SYSC_sendto+0x41c/0x5c0
[ 23.097191] ? SYSC_connect+0x4a0/0x4a0
[ 23.101149] ? up_read+0x1a/0x40
[ 23.104487] ? __do_page_fault+0x3d6/0xc90
[ 23.108700] ? exit_to_usermode_loop+0x8c/0x2f0
[ 23.113347] exit_to_usermode_loop+0x258/0x2f0
[ 23.117901] ? trace_event_raw_event_sys_exit+0x260/0x260
[ 23.123422] syscall_return_slowpath+0x490/0x550
[ 23.128150] ? prepare_exit_to_usermode+0x340/0x340
[ 23.133138] ? entry_SYSCALL_64_fastpath+0x69/0x96
[ 23.138044] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 23.143031] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 23.147764] entry_SYSCALL_64_fastpath+0x94/0x96
[ 23.152491] RIP: 0033:0x4456e9
[ 23.155661] RSP: 002b:00007f10fbfb3da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 23.163349] RAX: fffffffffffffe00 RBX: 00000000006dac3c RCX: 00000000004456e9
[ 23.170589] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000006dac3c
[ 23.177828] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 23.185067] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac38
[ 23.192308] R13: 0100000000000000 R14: 00007f10fbfb49c0 R15: 0000000000000009
[ 23.199573]
[ 23.201170] Allocated by task 3156:
[ 23.204769] save_stack+0x43/0xd0
[ 23.208189] kasan_kmalloc+0xad/0xe0
[ 23.211874] kasan_slab_alloc+0x12/0x20
[ 23.215817] kmem_cache_alloc+0x12e/0x760
[ 23.219932] sk_prot_alloc+0x65/0x2a0
[ 23.223706] sk_clone_lock+0x152/0x1630
[ 23.227648] inet_csk_clone_lock+0x91/0x4c0
[ 23.231936] tcp_create_openreq_child+0x9b/0x1b70
[ 23.236747] tcp_v6_syn_recv_sock+0x22b/0x2330
[ 23.241298] tcp_get_cookie_sock+0x102/0x540
[ 23.245680] cookie_v6_check+0x177d/0x2160
[ 23.249883] tcp_v6_do_rcv+0xe47/0x11b0
[ 23.253823] tcp_v6_rcv+0x22ee/0x2b40
[ 23.257593] ip6_input_finish+0x36f/0x1700
[ 23.261795] ip6_input+0xdb/0x560
[ 23.265217] ip6_rcv_finish+0x1a9/0x7a0
[ 23.269159] ipv6_rcv+0xf1f/0x1f80
[ 23.272667] __netif_receive_skb_core+0x1a3e/0x3450
[ 23.277652] __netif_receive_skb+0x2c/0x1b0
[ 23.281940] process_backlog+0x203/0x740
[ 23.285972] net_rx_action+0x792/0x1910
[ 23.289914] __do_softirq+0x2d7/0xb85
[ 23.293692]
[ 23.295308] Freed by task 0:
[ 23.298292] (stack is not available)
[ 23.301969]
[ 23.303569] The buggy address belongs to the object at ffff8801cbf96000
[ 23.303569] which belongs to the cache TCP of size 2544
[ 23.315587] The buggy address is located 0 bytes to the right of
[ 23.315587] 2544-byte region [ffff8801cbf96000, ffff8801cbf969f0)
[ 23.327863] The buggy address belongs to the page:
[ 23.332763] page:ffffea00072fe580 count:1 mapcount:0 mapping:ffff8801cbf96000 index:0xffff8801cbf97ffd compound_mapcount: 0
[ 23.344004] flags: 0x2fffc0000008100(slab|head)
[ 23.348647] raw: 02fffc0000008100 ffff8801cbf96000 ffff8801cbf97ffd 0000000100000003
[ 23.356507] raw: ffffea00074ec6a0 ffffea0007210b20 ffff8801d8102340 0000000000000000
[ 23.364359] page dumped because: kasan: bad access detected
[ 23.370033]
[ 23.371630] Memory state around the buggy address:
[ 23.376526] ffff8801cbf96880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 23.383853] ffff8801cbf96900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 23.391181] >ffff8801cbf96980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[ 23.398514] ^
[ 23.405515] ffff8801cbf96a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 23.412842] ffff8801cbf96a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 23.420185] ==================================================================
[ 23.427512] Disabling lock debugging due to kernel taint
[ 23.432978] Kernel panic - not syncing: panic_on_warn set ...
[ 23.432978]
[ 23.440314] CPU: 1 PID: 3156 Comm: syzkaller421837 Tainted: G B 4.15.0-rc4-mm1+ #49
[ 23.449289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 23.458610] Call Trace:
[ 23.461160]
[ 23.463285] dump_stack+0x194/0x257
[ 23.466883] ? arch_local_irq_restore+0x53/0x53
[ 23.471526] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 23.476269] ? vsnprintf+0x1ed/0x1900
[ 23.480051] ? tcp_v6_syn_recv_sock+0x500/0x2330
[ 23.484776] panic+0x1e4/0x41c
[ 23.487935] ? refcount_error_report+0x214/0x214
[ 23.492669] ? add_taint+0x1c/0x50
[ 23.496179] ? add_taint+0x1c/0x50
[ 23.499687] ? tcp_v6_syn_recv_sock+0x5f7/0x2330
[ 23.504413] kasan_end_report+0x50/0x50
[ 23.508353] kasan_report+0x148/0x360
[ 23.512129] check_memory_region+0x137/0x190
[ 23.516506] memcpy+0x37/0x50
[ 23.519581] tcp_v6_syn_recv_sock+0x5f7/0x2330
[ 23.524132] ? tcp_v6_conn_request+0x270/0x270
[ 23.528693] ? ____fput+0x15/0x20
[ 23.532127] ? task_work_run+0x199/0x270
[ 23.536164] ? do_group_exit+0x149/0x400
[ 23.540192] ? do_signal+0x94/0x1ee0
[ 23.543879] ? exit_to_usermode_loop+0x258/0x2f0
[ 23.548603] ? syscall_return_slowpath+0x490/0x550
[ 23.553503] ? entry_SYSCALL_64_fastpath+0x94/0x96
[ 23.558415] ? mark_held_locks+0xaf/0x100
[ 23.562530] ? kfree+0xf0/0x260
[ 23.565784] ? ip6_pol_route_input+0x70/0x70
[ 23.570161] ? fib6_rule_lookup+0xd4/0x290
[ 23.574364] ? fib6_get_table+0x40/0x40
[ 23.578309] ? selinux_netlbl_skbuff_setsid+0x5d0/0x5d0
[ 23.583643] ? __bfs+0x6c6/0x750
[ 23.586980] tcp_get_cookie_sock+0x102/0x540
[ 23.591358] ? cookie_ecn_ok+0x120/0x120
[ 23.595387] ? xfrm_lookup_route+0x4f/0x1a0
[ 23.599677] ? ip6_dst_lookup_flow+0x1ca/0x270
[ 23.604231] ? ip6_dst_lookup+0x60/0x60
[ 23.608174] ? tcp_select_initial_window+0x30c/0x410
[ 23.613258] cookie_v6_check+0x177d/0x2160
[ 23.617468] ? selinux_socket_sock_rcv_skb+0x24e/0x850
[ 23.622718] ? cookie_v6_init_sequence+0xe0/0xe0
[ 23.627445] ? sk_filter_trim_cap+0x40a/0x9c0
[ 23.631909] ? lock_downgrade+0x980/0x980
[ 23.636038] ? lock_release+0xa40/0xa40
[ 23.639981] ? __lock_is_held+0xb6/0x140
[ 23.644013] ? sk_filter_trim_cap+0xe7/0x9c0
[ 23.648405] ? trace_hardirqs_on+0xd/0x10
[ 23.652526] ? tcp_v6_inbound_md5_hash+0x155/0x5c0
[ 23.657441] tcp_v6_do_rcv+0xe47/0x11b0
[ 23.661384] ? tcp_v6_do_rcv+0xe47/0x11b0
[ 23.665500] ? tcp_v6_fill_cb+0x3a0/0x480
[ 23.669616] tcp_v6_rcv+0x22ee/0x2b40
[ 23.673396] ? tcp_v6_reqsk_send_ack+0x370/0x370
[ 23.678128] ip6_input_finish+0x36f/0x1700
[ 23.682331] ? ip6_input+0x3a7/0x560
[ 23.686017] ? ip6_rcv_finish+0x7a0/0x7a0
[ 23.690143] ? nf_hook_slow+0xd3/0x1a0
[ 23.694000] ip6_input+0xdb/0x560
[ 23.697422] ? ip6_input_finish+0x1700/0x1700
[ 23.701888] ? find_held_lock+0x35/0x1d0
[ 23.705916] ? ip6_rcv_finish+0x7a0/0x7a0
[ 23.710032] ? ipv6_rcv+0x16b2/0x1f80
[ 23.713802] ip6_rcv_finish+0x1a9/0x7a0
[ 23.717744] ? ip6_make_skb+0x580/0x580
[ 23.721690] ? nf_hook_slow+0xd3/0x1a0
[ 23.725547] ipv6_rcv+0xf1f/0x1f80
[ 23.729057] ? ip6_input+0x560/0x560
[ 23.732742] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 23.737906] ? print_irqtrace_events+0x270/0x270
[ 23.742637] ? check_noncircular+0x20/0x20
[ 23.746854] ? ip6_make_skb+0x580/0x580
[ 23.750796] ? ip6_input+0x560/0x560
[ 23.754489] __netif_receive_skb_core+0x1a3e/0x3450
[ 23.759505] ? nf_ingress+0x9f0/0x9f0
[ 23.763292] ? check_noncircular+0x20/0x20
[ 23.767503] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 23.772662] ? rcu_read_lock_sched_held+0x108/0x120
[ 23.777645] ? update_cfs_rq_load_avg.part.68+0x23d/0x2d0
[ 23.783151] ? attach_entity_load_avg+0x7a0/0x7a0
[ 23.787975] ? __lock_acquire+0x664/0x3e00
[ 23.792187] ? update_blocked_averages+0x87e/0x1b60
[ 23.797168] ? lock_downgrade+0x980/0x980
[ 23.801286] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 23.806443] ? check_noncircular+0x20/0x20
[ 23.810646] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 23.815727] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 23.820710] ? trace_hardirqs_on+0xd/0x10
[ 23.824831] ? update_blocked_averages+0x87e/0x1b60
[ 23.829814] ? find_held_lock+0x35/0x1d0
[ 23.833857] ? find_held_lock+0x35/0x1d0
[ 23.837898] ? lock_acquire+0x1d5/0x580
[ 23.841846] ? process_backlog+0x45f/0x740
[ 23.846046] ? lock_acquire+0x1d5/0x580
[ 23.849988] ? process_backlog+0x1ab/0x740
[ 23.854195] ? lock_release+0xa40/0xa40
[ 23.858153] __netif_receive_skb+0x2c/0x1b0
[ 23.862443] ? __netif_receive_skb+0x2c/0x1b0
[ 23.866906] process_backlog+0x203/0x740
[ 23.870931] ? mark_held_locks+0xaf/0x100
[ 23.875051] net_rx_action+0x792/0x1910
[ 23.878992] ? lock_release+0xa40/0xa40
[ 23.882938] ? napi_complete_done+0x6c0/0x6c0
[ 23.887403] ? rebalance_domains+0x396/0xcc0
[ 23.891781] ? _raw_spin_unlock_irq+0x27/0x70
[ 23.896249] ? pick_next_task_fair+0x16b0/0x16b0
[ 23.900972] ? trigger_dyntick_cpu.isra.29+0x180/0x180
[ 23.906233] ? check_noncircular+0x20/0x20
[ 23.910445] ? timerqueue_add+0x1e9/0x280
[ 23.914582] ? enqueue_hrtimer+0x171/0x4a0
[ 23.918784] ? __remove_hrtimer+0x190/0x190
[ 23.923145] ? check_noncircular+0x20/0x20
[ 23.927367] ? run_rebalance_domains+0x378/0x770
[ 23.932101] ? rebalance_domains+0xcc0/0xcc0
[ 23.936486] ? __lock_is_held+0xb6/0x140
[ 23.940522] ? check_noncircular+0x20/0x20
[ 23.944726] ? print_irqtrace_events+0x270/0x270
[ 23.949449] ? lock_downgrade+0x980/0x980
[ 23.953570] ? __irqentry_text_end+0x1f8db4/0x1f8db4
[ 23.958649] ? do_timer+0x50/0x50
[ 23.962084] ? __lock_is_held+0xb6/0x140
[ 23.966119] __do_softirq+0x2d7/0xb85
[ 23.969893] ? task_prio+0x40/0x40
[ 23.973430] ? __irqentry_text_end+0x1f8db4/0x1f8db4
[ 23.978507] ? irq_exit+0xbb/0x200
[ 23.982027] ? smp_apic_timer_interrupt+0x16b/0x700
[ 23.987027] ? smp_reschedule_interrupt+0xe6/0x670
[ 23.991942] ? smp_call_function_single_interrupt+0x640/0x640
[ 23.997799] ? _raw_spin_lock+0x32/0x40
[ 24.001748] ? _raw_spin_unlock+0x22/0x30
[ 24.005864] ? handle_edge_irq+0x2b4/0x7c0
[ 24.010068] ? task_prio+0x40/0x40
[ 24.013584] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 24.018397] do_softirq_own_stack+0x2a/0x40
[ 24.022691]
[ 24.024905] do_softirq.part.21+0x14d/0x190
[ 24.029194] ? ip6_finish_output2+0xaf3/0x2310
[ 24.033749] __local_bh_enable_ip+0x1ee/0x230
[ 24.038219] ip6_finish_output2+0xb26/0x2310
[ 24.042601] ? ip6_copy_metadata+0x890/0x890
[ 24.046980] ? ip6_mtu+0x2a2/0x3e0
[ 24.050496] ? check_noncircular+0x20/0x20
[ 24.054701] ? lock_release+0xa40/0xa40
[ 24.058666] ? __lock_is_held+0xb6/0x140
[ 24.062708] ip6_finish_output+0x2f9/0x920
[ 24.066914] ? ip6_finish_output+0x2f9/0x920
[ 24.071293] ip6_output+0x1eb/0x840
[ 24.074888] ? ip6_finish_output+0x920/0x920
[ 24.079267] ? lock_release+0xa40/0xa40
[ 24.083213] ? ip6_fragment+0x3420/0x3420
[ 24.087339] ip6_xmit+0xf3e/0x1fc0
[ 24.090849] ? __sk_dst_check+0x1a5/0x380
[ 24.094969] ? ip6_finish_output2+0x2310/0x2310
[ 24.099608] ? fl6_update_dst+0x127/0x2b0
[ 24.103726] ? check_noncircular+0x20/0x20
[ 24.107927] ? inet6_csk_route_socket+0x691/0xe50
[ 24.112745] ? lock_acquire+0x1d5/0x580
[ 24.116688] ? memcpy+0x45/0x50
[ 24.119940] ? lock_acquire+0x1d5/0x580
[ 24.123880] ? inet6_csk_xmit+0x114/0x580
[ 24.127998] ? ip6_forward_finish+0x140/0x140
[ 24.132466] ? lock_release+0xa40/0xa40
[ 24.136409] ? __lock_is_held+0xb6/0x140
[ 24.140442] inet6_csk_xmit+0x2fc/0x580
[ 24.144385] ? inet6_csk_update_pmtu+0x160/0x160
[ 24.149118] ? skb_clone+0x20d/0x480
[ 24.152802] ? tcp_schedule_loss_probe+0x490/0x490
[ 24.157706] tcp_transmit_skb+0x1b12/0x38b0
[ 24.162002] ? __tcp_select_window+0x900/0x900
[ 24.166555] ? mark_held_locks+0xaf/0x100
[ 24.170676] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 24.175748] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 24.180732] ? trace_hardirqs_on+0xd/0x10
[ 24.184848] ? depot_save_stack+0x2ca/0x460
[ 24.189259] ? check_noncircular+0x20/0x20
[ 24.193462] ? tcp_small_queue_check.isra.26+0x31c/0x450
[ 24.198880] ? tcp_tso_segs+0x240/0x240
[ 24.202830] ? pvclock_read_flags+0x160/0x160
[ 24.207291] ? sock_release+0x8d/0x1e0
[ 24.211145] ? sock_close+0x16/0x20
[ 24.214738] ? __fput+0x327/0x7e0
[ 24.218157] ? ____fput+0x15/0x20
[ 24.221576] ? task_work_run+0x199/0x270
[ 24.225622] ? do_exit+0x9bb/0x1ad0
[ 24.229214] ? do_group_exit+0x149/0x400
[ 24.233242] ? do_signal+0x94/0x1ee0
[ 24.236927] ? sched_clock_cpu+0x1b/0x170
[ 24.241043] ? tcp_init_tso_segs+0x114/0x1f0
[ 24.245423] tcp_write_xmit+0x680/0x5190
[ 24.249456] ? tcp_md5_do_lookup+0x256/0x730
[ 24.253835] ? tcp_v4_parse_md5_keys+0x221/0x2d0
[ 24.258561] ? tcp_transmit_skb+0x38b0/0x38b0
[ 24.263039] ? tcp_v6_md5_lookup+0x23/0x30
[ 24.267248] ? tcp_established_options+0x2c5/0x420
[ 24.272153] ? tcp_current_mss+0x254/0x380
[ 24.276362] ? tcp_mtu_to_mss+0x460/0x460
[ 24.280491] ? __lock_is_held+0xb6/0x140
[ 24.284526] __tcp_push_pending_frames+0xa0/0x250
[ 24.289340] tcp_send_fin+0x1b0/0xd20
[ 24.293111] ? inet_sendpage+0x660/0x660
[ 24.297147] ? sk_forced_mem_schedule+0x150/0x150
[ 24.301962] ? __sk_dst_check+0x380/0x380
[ 24.306085] ? mark_held_locks+0xaf/0x100
[ 24.310200] ? do_raw_spin_trylock+0x190/0x190
[ 24.314751] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 24.319732] ? lock_sock_nested+0x91/0x110
[ 24.323941] ? trace_hardirqs_on+0xd/0x10
[ 24.328067] tcp_close+0xbe0/0xfc0
[ 24.331577] ? ip_mc_drop_socket+0x1ce/0x230
[ 24.335958] inet_release+0xed/0x1c0
[ 24.339641] inet6_release+0x50/0x70
[ 24.343323] sock_release+0x8d/0x1e0
[ 24.347005] ? sock_alloc_file+0x560/0x560
[ 24.351219] sock_close+0x16/0x20
[ 24.354640] __fput+0x327/0x7e0
[ 24.357889] ? fput+0x140/0x140
[ 24.361135] ? trace_event_raw_event_sched_switch+0x800/0x800
[ 24.366986] ? _raw_spin_unlock_irq+0x27/0x70
[ 24.371459] ____fput+0x15/0x20
[ 24.374706] task_work_run+0x199/0x270
[ 24.378562] ? task_work_cancel+0x210/0x210
[ 24.382852] ? _raw_spin_unlock+0x22/0x30
[ 24.386976] ? switch_task_namespaces+0x87/0xc0
[ 24.391617] do_exit+0x9bb/0x1ad0
[ 24.395045] ? check_noncircular+0x20/0x20
[ 24.399252] ? mm_update_next_owner+0x930/0x930
[ 24.403889] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 24.409050] ? __might_sleep+0x95/0x190
[ 24.412994] ? find_held_lock+0x35/0x1d0
[ 24.417031] ? futex_wait+0x402/0x9a0
[ 24.420802] ? lock_downgrade+0x980/0x980
[ 24.424919] ? __unqueue_futex+0x1c0/0x290
[ 24.429121] ? lock_release+0xa40/0xa40
[ 24.433061] ? fault_in_user_writeable+0x90/0x90
[ 24.437786] ? do_raw_spin_trylock+0x190/0x190
[ 24.442337] ? check_noncircular+0x20/0x20
[ 24.446543] ? drop_futex_key_refs.isra.12+0x63/0xa0
[ 24.451617] ? futex_wait+0x6a9/0x9a0
[ 24.455392] ? find_held_lock+0x35/0x1d0
[ 24.459426] ? get_signal+0x7ae/0x16c0
[ 24.463281] ? lock_downgrade+0x980/0x980
[ 24.467407] do_group_exit+0x149/0x400
[ 24.471267] ? do_raw_spin_trylock+0x190/0x190
[ 24.475819] ? SyS_exit+0x30/0x30
[ 24.479241] ? _raw_spin_unlock_irq+0x27/0x70
[ 24.483716] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 24.488702] get_signal+0x73f/0x16c0
[ 24.492389] ? ptrace_notify+0x130/0x130
[ 24.496419] ? release_sock+0x1d4/0x2a0
[ 24.500364] ? exit_robust_list+0x240/0x240
[ 24.504653] ? _raw_spin_unlock_bh+0x30/0x40
[ 24.509034] ? release_sock+0x1d4/0x2a0
[ 24.512977] ? __release_sock+0x360/0x360
[ 24.517097] ? lock_sock_nested+0x91/0x110
[ 24.521305] ? trace_hardirqs_on+0xd/0x10
[ 24.525426] do_signal+0x94/0x1ee0
[ 24.528933] ? inet_sendmsg+0x126/0x5e0
[ 24.532876] ? __might_sleep+0x95/0x190
[ 24.536816] ? inet_recvmsg+0x5f0/0x5f0
[ 24.540767] ? selinux_socket_sendmsg+0x36/0x40
[ 24.545410] ? setup_sigcontext+0x7d0/0x7d0
[ 24.549706] ? inet_recvmsg+0x5f0/0x5f0
[ 24.553649] ? sock_sendmsg+0x4f/0x110
[ 24.557504] ? fput+0xd2/0x140
[ 24.560674] ? SYSC_sendto+0x41c/0x5c0
[ 24.564533] ? SYSC_connect+0x4a0/0x4a0
[ 24.568475] ? up_read+0x1a/0x40
[ 24.571807] ? __do_page_fault+0x3d6/0xc90
[ 24.576017] ? exit_to_usermode_loop+0x8c/0x2f0
[ 24.580661] exit_to_usermode_loop+0x258/0x2f0
[ 24.585211] ? trace_event_raw_event_sys_exit+0x260/0x260
[ 24.590728] syscall_return_slowpath+0x490/0x550
[ 24.595451] ? prepare_exit_to_usermode+0x340/0x340
[ 24.600435] ? entry_SYSCALL_64_fastpath+0x69/0x96
[ 24.605335] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 24.610320] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 24.615049] entry_SYSCALL_64_fastpath+0x94/0x96
[ 24.619773] RIP: 0033:0x4456e9
[ 24.622930] RSP: 002b:00007f10fbfb3da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 24.630604] RAX: fffffffffffffe00 RBX: 00000000006dac3c RCX: 00000000004456e9
[ 24.637848] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000006dac3c
[ 24.645091] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 24.652334] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac38
[ 24.659575] R13: 0100000000000000 R14: 00007f10fbfb49c0 R15: 0000000000000009
[ 24.667300] Dumping ftrace buffer:
[ 24.670817] (ftrace buffer empty)
[ 24.674496] Kernel Offset: disabled
[ 24.678102] Rebooting in 86400 seconds..