�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 12.202060] audit: type=1400 audit(1514659578.452:6): avc: denied { map } for pid=3131 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 22.079826] audit: type=1400 audit(1514659588.330:7): avc: denied { map } for pid=3146 comm="syzkaller073510" path="/root/syzkaller073510108" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 22.104853] device lo entered promiscuous mode
[ 22.110868] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
[ 22.137787] ==================================================================
[ 22.145161] BUG: KASAN: slab-out-of-bounds in tcp_v6_syn_recv_sock+0x5f7/0x2330
[ 22.152573] Write of size 152 at addr ffff8801cb3b5470 by task syzkaller073510/3148
[ 22.160329]
[ 22.161928] CPU: 1 PID: 3148 Comm: syzkaller073510 Not tainted 4.15.0-rc4-next-20171221+ #78
[ 22.170467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 22.179786] Call Trace:
[ 22.182339]
[ 22.184460] dump_stack+0x194/0x257
[ 22.188056] ? arch_local_irq_restore+0x53/0x53
[ 22.192691] ? show_regs_print_info+0x18/0x18
[ 22.197153] ? tcp_v6_send_synack+0xa90/0xa90
[ 22.201614] ? tcp_v6_syn_recv_sock+0x5f7/0x2330
[ 22.206337] print_address_description+0x73/0x250
[ 22.211148] ? tcp_v6_syn_recv_sock+0x5f7/0x2330
[ 22.215868] kasan_report+0x25b/0x340
[ 22.219639] check_memory_region+0x137/0x190
[ 22.224018] memcpy+0x37/0x50
[ 22.227095] tcp_v6_syn_recv_sock+0x5f7/0x2330
[ 22.231655] ? tcp_v6_conn_request+0x270/0x270
[ 22.236201] ? ____fput+0x15/0x20
[ 22.239620] ? task_work_run+0x199/0x270
[ 22.243645] ? do_group_exit+0x149/0x400
[ 22.247674] ? do_signal+0x94/0x1ee0
[ 22.251353] ? exit_to_usermode_loop+0x258/0x2f0
[ 22.256074] ? syscall_return_slowpath+0x490/0x550
[ 22.261428] ? entry_SYSCALL_64_fastpath+0x94/0x96
[ 22.266331] ? mark_held_locks+0xaf/0x100
[ 22.270445] ? kfree+0xf0/0x260
[ 22.273697] ? ip6_pol_route_input+0x70/0x70
[ 22.278073] ? fib6_rule_lookup+0xd4/0x290
[ 22.282283] ? fib6_get_table+0x40/0x40
[ 22.286225] ? selinux_netlbl_skbuff_setsid+0x5d0/0x5d0
[ 22.291557] ? check_noncircular+0x16/0x20
[ 22.295766] tcp_get_cookie_sock+0x102/0x540
[ 22.300143] ? cookie_ecn_ok+0x120/0x120
[ 22.304170] ? xfrm_lookup_route+0x4f/0x1a0
[ 22.308459] ? ip6_dst_lookup_flow+0x1ca/0x270
[ 22.313013] ? ip6_dst_lookup+0x60/0x60
[ 22.316962] ? tcp_select_initial_window+0x30c/0x410
[ 22.322037] cookie_v6_check+0x177d/0x2160
[ 22.326239] ? selinux_socket_sock_rcv_skb+0x24e/0x850
[ 22.331492] ? cookie_v6_init_sequence+0xe0/0xe0
[ 22.336220] ? sk_filter_trim_cap+0x40a/0x9c0
[ 22.340684] ? lock_downgrade+0x980/0x980
[ 22.344804] ? lock_release+0xa40/0xa40
[ 22.348747] ? __lock_is_held+0xb6/0x140
[ 22.352784] ? sk_filter_trim_cap+0xe7/0x9c0
[ 22.357166] ? trace_hardirqs_on+0xd/0x10
[ 22.361292] ? tcp_v6_inbound_md5_hash+0x155/0x5c0
[ 22.366195] tcp_v6_do_rcv+0xe47/0x11b0
[ 22.370136] ? tcp_v6_do_rcv+0xe47/0x11b0
[ 22.374248] ? tcp_v6_fill_cb+0x3a0/0x480
[ 22.378364] tcp_v6_rcv+0x22ee/0x2b40
[ 22.382148] ? tcp_v6_reqsk_send_ack+0x370/0x370
[ 22.386879] ip6_input_finish+0x36f/0x1700
[ 22.391080] ? ip6_input+0x3a7/0x560
[ 22.394777] ? ip6_rcv_finish+0x7a0/0x7a0
[ 22.398894] ? nf_hook_slow+0xd3/0x1a0
[ 22.402756] ip6_input+0xdb/0x560
[ 22.406177] ? ip6_input_finish+0x1700/0x1700
[ 22.410642] ? find_held_lock+0x35/0x1d0
[ 22.414673] ? ip6_rcv_finish+0x7a0/0x7a0
[ 22.418794] ? ipv6_rcv+0x16b2/0x1f80
[ 22.422566] ip6_rcv_finish+0x1a9/0x7a0
[ 22.426515] ? ip6_make_skb+0x580/0x580
[ 22.430463] ? nf_hook_slow+0xd3/0x1a0
[ 22.434323] ipv6_rcv+0xf1f/0x1f80
[ 22.437838] ? ip6_input+0x560/0x560
[ 22.441525] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 22.446680] ? print_irqtrace_events+0x270/0x270
[ 22.451402] ? __enqueue_entity+0x30/0x1e0
[ 22.455613] ? ip6_make_skb+0x580/0x580
[ 22.459556] ? ip6_input+0x560/0x560
[ 22.463239] __netif_receive_skb_core+0x1a3e/0x3450
[ 22.468230] ? nf_ingress+0x9f0/0x9f0
[ 22.471997] ? check_noncircular+0x20/0x20
[ 22.476214] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 22.481370] ? rcu_read_lock_sched_held+0x108/0x120
[ 22.486352] ? update_cfs_rq_load_avg.part.68+0x23d/0x2d0
[ 22.491854] ? attach_entity_load_avg+0x7a0/0x7a0
[ 22.496674] ? __lock_acquire+0x664/0x3e00
[ 22.500877] ? update_blocked_averages+0x87e/0x1b60
[ 22.505860] ? lock_downgrade+0x980/0x980
[ 22.509978] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 22.515136] ? check_noncircular+0x20/0x20
[ 22.519344] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 22.524414] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 22.529397] ? trace_hardirqs_on+0xd/0x10
[ 22.533512] ? update_blocked_averages+0x87e/0x1b60
[ 22.538493] ? find_held_lock+0x35/0x1d0
[ 22.542524] ? find_held_lock+0x35/0x1d0
[ 22.546556] ? lock_acquire+0x1d5/0x580
[ 22.550494] ? process_backlog+0x45f/0x740
[ 22.554693] ? lock_acquire+0x1d5/0x580
[ 22.558637] ? process_backlog+0x1ab/0x740
[ 22.562843] ? lock_release+0xa40/0xa40
[ 22.566795] __netif_receive_skb+0x2c/0x1b0
[ 22.571091] ? __netif_receive_skb+0x2c/0x1b0
[ 22.575562] process_backlog+0x203/0x740
[ 22.579593] ? mark_held_locks+0xaf/0x100
[ 22.583717] net_rx_action+0x792/0x1910
[ 22.587662] ? lock_release+0xa40/0xa40
[ 22.591611] ? napi_complete_done+0x6c0/0x6c0
[ 22.596085] ? rebalance_domains+0x396/0xcc0
[ 22.600459] ? _raw_spin_unlock_irq+0x27/0x70
[ 22.604928] ? pick_next_task_fair+0x16b0/0x16b0
[ 22.609653] ? trigger_dyntick_cpu.isra.29+0x180/0x180
[ 22.614894] ? check_noncircular+0x20/0x20
[ 22.619099] ? timerqueue_add+0x1e9/0x280
[ 22.623218] ? enqueue_hrtimer+0x171/0x4a0
[ 22.627419] ? __remove_hrtimer+0x190/0x190
[ 22.631715] ? run_rebalance_domains+0x378/0x770
[ 22.636444] ? rebalance_domains+0xcc0/0xcc0
[ 22.640824] ? rcu_pm_notify+0xc0/0xc0
[ 22.644686] ? check_noncircular+0x20/0x20
[ 22.648896] ? print_irqtrace_events+0x270/0x270
[ 22.653622] ? lock_downgrade+0x980/0x980
[ 22.657741] ? __irqentry_text_end+0x1f8db4/0x1f8db4
[ 22.662810] ? do_timer+0x50/0x50
[ 22.666234] ? __lock_is_held+0xb6/0x140
[ 22.670271] __do_softirq+0x2d7/0xb85
[ 22.674037] ? task_prio+0x40/0x40
[ 22.677552] ? __irqentry_text_end+0x1f8db4/0x1f8db4
[ 22.682621] ? irq_exit+0xbb/0x200
[ 22.686127] ? smp_apic_timer_interrupt+0x16b/0x700
[ 22.691105] ? smp_reschedule_interrupt+0xe6/0x670
[ 22.696002] ? smp_call_function_single_interrupt+0x640/0x640
[ 22.701857] ? _raw_spin_lock+0x32/0x40
[ 22.705799] ? _raw_spin_unlock+0x22/0x30
[ 22.709913] ? handle_edge_irq+0x2b4/0x7c0
[ 22.714114] ? task_prio+0x40/0x40
[ 22.717629] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 22.722444] do_softirq_own_stack+0x2a/0x40
[ 22.726730]
[ 22.728935] do_softirq.part.21+0x14d/0x190
[ 22.733223] ? ip6_finish_output2+0xaf3/0x2310
[ 22.737772] __local_bh_enable_ip+0x1ee/0x230
[ 22.742233] ip6_finish_output2+0xb26/0x2310
[ 22.746616] ? ip6_copy_metadata+0x890/0x890
[ 22.750995] ? ip6_mtu+0x2a2/0x3e0
[ 22.754507] ? check_noncircular+0x20/0x20
[ 22.758709] ? lock_release+0xa40/0xa40
[ 22.762680] ? __lock_is_held+0xb6/0x140
[ 22.766721] ip6_finish_output+0x2f9/0x920
[ 22.770919] ? ip6_finish_output+0x2f9/0x920
[ 22.775297] ip6_output+0x1eb/0x840
[ 22.778892] ? ip6_finish_output+0x920/0x920
[ 22.783265] ? lock_release+0xa40/0xa40
[ 22.787211] ? ip6_fragment+0x3420/0x3420
[ 22.791331] ip6_xmit+0xf3e/0x1fc0
[ 22.794836] ? __sk_dst_check+0x1a5/0x380
[ 22.798961] ? ip6_finish_output2+0x2310/0x2310
[ 22.803598] ? fl6_update_dst+0x127/0x2b0
[ 22.807715] ? check_noncircular+0x20/0x20
[ 22.811915] ? inet6_csk_route_socket+0x691/0xe50
[ 22.816727] ? lock_acquire+0x1d5/0x580
[ 22.820667] ? memcpy+0x45/0x50
[ 22.823914] ? lock_acquire+0x1d5/0x580
[ 22.827870] ? inet6_csk_xmit+0x114/0x580
[ 22.831987] ? ip6_forward_finish+0x140/0x140
[ 22.836449] ? lock_release+0xa40/0xa40
[ 22.840392] ? __lock_is_held+0xb6/0x140
[ 22.844428] inet6_csk_xmit+0x2fc/0x580
[ 22.848372] ? inet6_csk_update_pmtu+0x160/0x160
[ 22.853101] ? skb_clone+0x20d/0x480
[ 22.856784] ? tcp_schedule_loss_probe+0x490/0x490
[ 22.861697] tcp_transmit_skb+0x1b12/0x38b0
[ 22.865997] ? __tcp_select_window+0x900/0x900
[ 22.870550] ? mark_held_locks+0xaf/0x100
[ 22.874665] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 22.879735] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 22.884718] ? trace_hardirqs_on+0xd/0x10
[ 22.888835] ? depot_save_stack+0x2ca/0x460
[ 22.893124] ? check_noncircular+0x20/0x20
[ 22.897328] ? tcp_small_queue_check.isra.26+0x31c/0x450
[ 22.902746] ? tcp_tso_segs+0x240/0x240
[ 22.906688] ? pvclock_read_flags+0x160/0x160
[ 22.911147] ? sock_release+0x8d/0x1e0
[ 22.914997] ? sock_close+0x16/0x20
[ 22.918598] ? __fput+0x327/0x7e0
[ 22.922021] ? ____fput+0x15/0x20
[ 22.925442] ? task_work_run+0x199/0x270
[ 22.929467] ? do_exit+0x9bb/0x1ad0
[ 22.933058] ? do_group_exit+0x149/0x400
[ 22.937087] ? do_signal+0x94/0x1ee0
[ 22.940775] ? sched_clock_cpu+0x1b/0x170
[ 22.944891] ? tcp_init_tso_segs+0x114/0x1f0
[ 22.949267] tcp_write_xmit+0x680/0x5190
[ 22.953298] ? tcp_md5_do_lookup+0x256/0x730
[ 22.957676] ? tcp_v4_parse_md5_keys+0x221/0x2d0
[ 22.962403] ? tcp_transmit_skb+0x38b0/0x38b0
[ 22.966880] ? tcp_v6_md5_lookup+0x23/0x30
[ 22.971082] ? tcp_established_options+0x2c5/0x420
[ 22.975980] ? tcp_current_mss+0x254/0x380
[ 22.980181] ? tcp_mtu_to_mss+0x460/0x460
[ 22.984301] ? __lock_is_held+0xb6/0x140
[ 22.988337] __tcp_push_pending_frames+0xa0/0x250
[ 22.993147] tcp_send_fin+0x1b0/0xd20
[ 22.996914] ? inet_sendpage+0x660/0x660
[ 23.000943] ? sk_forced_mem_schedule+0x150/0x150
[ 23.005752] ? __sk_dst_check+0x380/0x380
[ 23.009875] ? mark_held_locks+0xaf/0x100
[ 23.013989] ? do_raw_spin_trylock+0x190/0x190
[ 23.018542] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 23.023522] ? lock_sock_nested+0x91/0x110
[ 23.027721] ? trace_hardirqs_on+0xd/0x10
[ 23.031843] tcp_close+0xbe0/0xfc0
[ 23.035350] ? ip_mc_drop_socket+0x1ce/0x230
[ 23.039729] inet_release+0xed/0x1c0
[ 23.043412] inet6_release+0x50/0x70
[ 23.047093] sock_release+0x8d/0x1e0
[ 23.050773] ? sock_alloc_file+0x560/0x560
[ 23.054971] sock_close+0x16/0x20
[ 23.058390] __fput+0x327/0x7e0
[ 23.061643] ? fput+0x140/0x140
[ 23.064892] ? trace_event_raw_event_sched_switch+0x800/0x800
[ 23.070742] ? _raw_spin_unlock_irq+0x27/0x70
[ 23.075209] ____fput+0x15/0x20
[ 23.078453] task_work_run+0x199/0x270
[ 23.082310] ? task_work_cancel+0x210/0x210
[ 23.086596] ? _raw_spin_unlock+0x22/0x30
[ 23.090711] ? switch_task_namespaces+0x87/0xc0
[ 23.095350] do_exit+0x9bb/0x1ad0
[ 23.098769] ? check_noncircular+0x20/0x20
[ 23.102974] ? mm_update_next_owner+0x930/0x930
[ 23.107612] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 23.112768] ? __might_sleep+0x95/0x190
[ 23.116715] ? find_held_lock+0x35/0x1d0
[ 23.120751] ? futex_wait+0x402/0x9a0
[ 23.124518] ? lock_downgrade+0x980/0x980
[ 23.128634] ? __unqueue_futex+0x1c0/0x290
[ 23.132832] ? lock_release+0xa40/0xa40
[ 23.136775] ? fault_in_user_writeable+0x90/0x90
[ 23.141498] ? do_raw_spin_trylock+0x190/0x190
[ 23.146047] ? check_noncircular+0x20/0x20
[ 23.150255] ? drop_futex_key_refs.isra.12+0x63/0xa0
[ 23.155338] ? futex_wait+0x6a9/0x9a0
[ 23.159115] ? find_held_lock+0x35/0x1d0
[ 23.163150] ? get_signal+0x7ae/0x16c0
[ 23.167007] ? lock_downgrade+0x980/0x980
[ 23.171134] do_group_exit+0x149/0x400
[ 23.174998] ? do_raw_spin_trylock+0x190/0x190
[ 23.179549] ? SyS_exit+0x30/0x30
[ 23.182967] ? _raw_spin_unlock_irq+0x27/0x70
[ 23.187429] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 23.192414] get_signal+0x73f/0x16c0
[ 23.196112] ? ptrace_notify+0x130/0x130
[ 23.200142] ? release_sock+0x1d4/0x2a0
[ 23.204087] ? exit_robust_list+0x240/0x240
[ 23.208376] ? _raw_spin_unlock_bh+0x30/0x40
[ 23.212753] ? release_sock+0x1d4/0x2a0
[ 23.216694] ? __release_sock+0x360/0x360
[ 23.220806] ? lock_sock_nested+0x91/0x110
[ 23.225010] ? trace_hardirqs_on+0xd/0x10
[ 23.229151] do_signal+0x94/0x1ee0
[ 23.232661] ? inet_sendmsg+0x126/0x5e0
[ 23.236606] ? __might_sleep+0x95/0x190
[ 23.240547] ? inet_recvmsg+0x5f0/0x5f0
[ 23.244489] ? selinux_socket_sendmsg+0x36/0x40
[ 23.249126] ? setup_sigcontext+0x7d0/0x7d0
[ 23.253414] ? inet_recvmsg+0x5f0/0x5f0
[ 23.257355] ? sock_sendmsg+0x4f/0x110
[ 23.261208] ? fput+0xd2/0x140
[ 23.264367] ? SYSC_sendto+0x41c/0x5c0
[ 23.268222] ? SYSC_connect+0x4a0/0x4a0
[ 23.272165] ? up_read+0x1a/0x40
[ 23.275498] ? __do_page_fault+0x3d6/0xc90
[ 23.279705] ? exit_to_usermode_loop+0x8c/0x2f0
[ 23.284346] exit_to_usermode_loop+0x258/0x2f0
[ 23.288897] ? trace_event_raw_event_sys_exit+0x260/0x260
[ 23.294410] syscall_return_slowpath+0x490/0x550
[ 23.299134] ? prepare_exit_to_usermode+0x340/0x340
[ 23.304120] ? entry_SYSCALL_64_fastpath+0x69/0x96
[ 23.309026] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 23.314019] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 23.318750] entry_SYSCALL_64_fastpath+0x94/0x96
[ 23.323469] RIP: 0033:0x4456e9
[ 23.326626] RSP: 002b:00007fcdca1c6da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 23.334299] RAX: fffffffffffffe00 RBX: 00000000006dac3c RCX: 00000000004456e9
[ 23.341532] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000006dac3c
[ 23.348766] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 23.356004] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac38
[ 23.363245] R13: 0100000000000000 R14: 00007fcdca1c79c0 R15: 0000000000000009
[ 23.370495]
[ 23.372090] Allocated by task 3148:
[ 23.375683] save_stack+0x43/0xd0
[ 23.379099] kasan_kmalloc+0xad/0xe0
[ 23.382777] kasan_slab_alloc+0x12/0x20
[ 23.386717] kmem_cache_alloc+0x12e/0x760
[ 23.390831] sk_prot_alloc+0x65/0x2a0
[ 23.394595] sk_clone_lock+0x152/0x1630
[ 23.398534] inet_csk_clone_lock+0x91/0x4c0
[ 23.402820] tcp_create_openreq_child+0x9b/0x1b70
[ 23.407631] tcp_v6_syn_recv_sock+0x22b/0x2330
[ 23.412186] tcp_get_cookie_sock+0x102/0x540
[ 23.416559] cookie_v6_check+0x177d/0x2160
[ 23.420757] tcp_v6_do_rcv+0xe47/0x11b0
[ 23.424710] tcp_v6_rcv+0x22ee/0x2b40
[ 23.428477] ip6_input_finish+0x36f/0x1700
[ 23.432676] ip6_input+0xdb/0x560
[ 23.436092] ip6_rcv_finish+0x1a9/0x7a0
[ 23.440031] ipv6_rcv+0xf1f/0x1f80
[ 23.443535] __netif_receive_skb_core+0x1a3e/0x3450
[ 23.448514] __netif_receive_skb+0x2c/0x1b0
[ 23.452798] process_backlog+0x203/0x740
[ 23.456823] net_rx_action+0x792/0x1910
[ 23.460764] __do_softirq+0x2d7/0xb85
[ 23.464525]
[ 23.466119] Freed by task 0:
[ 23.469099] (stack is not available)
[ 23.472776]
[ 23.474371] The buggy address belongs to the object at ffff8801cb3b4a80
[ 23.474371] which belongs to the cache TCP of size 2544
[ 23.486383] The buggy address is located 0 bytes to the right of
[ 23.486383] 2544-byte region [ffff8801cb3b4a80, ffff8801cb3b5470)
[ 23.498653] The buggy address belongs to the page:
[ 23.503549] page:00000000af8cf391 count:1 mapcount:0 mapping:00000000a921c7f4 index:0xffff8801cb3b5ffd compound_mapcount: 0
[ 23.514781] flags: 0x2fffc0000008100(slab|head)
[ 23.519416] raw: 02fffc0000008100 ffff8801cb3b4000 ffff8801cb3b5ffd 0000000100000003
[ 23.527261] raw: ffffea00074ece20 ffff8801d8264448 ffff8801d79384c0 0000000000000000
[ 23.535104] page dumped because: kasan: bad access detected
[ 23.540777]
[ 23.542369] Memory state around the buggy address:
[ 23.547263] ffff8801cb3b5300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 23.554588] ffff8801cb3b5380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 23.561911] >ffff8801cb3b5400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[ 23.569234] ^
[ 23.576210] ffff8801cb3b5480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 23.583533] ffff8801cb3b5500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 23.590853] ==================================================================
[ 23.598175] Disabling lock debugging due to kernel taint
[ 23.603626] Kernel panic - not syncing: panic_on_warn set ...
[ 23.603626]
[ 23.610971] CPU: 1 PID: 3148 Comm: syzkaller073510 Tainted: G B 4.15.0-rc4-next-20171221+ #78
[ 23.620821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 23.630138] Call Trace:
[ 23.632686]
[ 23.634807] dump_stack+0x194/0x257
[ 23.638399] ? arch_local_irq_restore+0x53/0x53
[ 23.643033] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 23.647751] ? vsnprintf+0x1ed/0x1900
[ 23.651516] ? tcp_v6_syn_recv_sock+0x500/0x2330
[ 23.656234] panic+0x1e4/0x41c
[ 23.659393] ? refcount_error_report+0x214/0x214
[ 23.664113] ? add_taint+0x1c/0x50
[ 23.667617] ? add_taint+0x1c/0x50
[ 23.671129] ? tcp_v6_syn_recv_sock+0x5f7/0x2330
[ 23.675853] kasan_end_report+0x50/0x50
[ 23.679790] kasan_report+0x144/0x340
[ 23.683555] check_memory_region+0x137/0x190
[ 23.687926] memcpy+0x37/0x50
[ 23.691000] tcp_v6_syn_recv_sock+0x5f7/0x2330
[ 23.695555] ? tcp_v6_conn_request+0x270/0x270
[ 23.700113] ? ____fput+0x15/0x20
[ 23.703533] ? task_work_run+0x199/0x270
[ 23.707558] ? do_group_exit+0x149/0x400
[ 23.711584] ? do_signal+0x94/0x1ee0
[ 23.715260] ? exit_to_usermode_loop+0x258/0x2f0
[ 23.719976] ? syscall_return_slowpath+0x490/0x550
[ 23.724871] ? entry_SYSCALL_64_fastpath+0x94/0x96
[ 23.729766] ? mark_held_locks+0xaf/0x100
[ 23.733876] ? kfree+0xf0/0x260
[ 23.737125] ? ip6_pol_route_input+0x70/0x70
[ 23.741498] ? fib6_rule_lookup+0xd4/0x290
[ 23.745696] ? fib6_get_table+0x40/0x40
[ 23.749635] ? selinux_netlbl_skbuff_setsid+0x5d0/0x5d0
[ 23.754964] ? check_noncircular+0x16/0x20
[ 23.759175] tcp_get_cookie_sock+0x102/0x540
[ 23.763556] ? cookie_ecn_ok+0x120/0x120
[ 23.767581] ? xfrm_lookup_route+0x4f/0x1a0
[ 23.771867] ? ip6_dst_lookup_flow+0x1ca/0x270
[ 23.776412] ? ip6_dst_lookup+0x60/0x60
[ 23.780354] ? tcp_select_initial_window+0x30c/0x410
[ 23.785426] cookie_v6_check+0x177d/0x2160
[ 23.789628] ? selinux_socket_sock_rcv_skb+0x24e/0x850
[ 23.794874] ? cookie_v6_init_sequence+0xe0/0xe0
[ 23.799597] ? sk_filter_trim_cap+0x40a/0x9c0
[ 23.804056] ? lock_downgrade+0x980/0x980
[ 23.808168] ? lock_release+0xa40/0xa40
[ 23.812105] ? __lock_is_held+0xb6/0x140
[ 23.816136] ? sk_filter_trim_cap+0xe7/0x9c0
[ 23.820507] ? trace_hardirqs_on+0xd/0x10
[ 23.824624] ? tcp_v6_inbound_md5_hash+0x155/0x5c0
[ 23.829518] tcp_v6_do_rcv+0xe47/0x11b0
[ 23.833455] ? tcp_v6_do_rcv+0xe47/0x11b0
[ 23.837569] ? tcp_v6_fill_cb+0x3a0/0x480
[ 23.841680] tcp_v6_rcv+0x22ee/0x2b40
[ 23.845453] ? tcp_v6_reqsk_send_ack+0x370/0x370
[ 23.850176] ip6_input_finish+0x36f/0x1700
[ 23.854374] ? ip6_input+0x3a7/0x560
[ 23.858056] ? ip6_rcv_finish+0x7a0/0x7a0
[ 23.862169] ? nf_hook_slow+0xd3/0x1a0
[ 23.866026] ip6_input+0xdb/0x560
[ 23.869445] ? ip6_input_finish+0x1700/0x1700
[ 23.873907] ? find_held_lock+0x35/0x1d0
[ 23.877931] ? ip6_rcv_finish+0x7a0/0x7a0
[ 23.882042] ? ipv6_rcv+0x16b2/0x1f80
[ 23.885810] ip6_rcv_finish+0x1a9/0x7a0
[ 23.889750] ? ip6_make_skb+0x580/0x580
[ 23.893692] ? nf_hook_slow+0xd3/0x1a0
[ 23.897545] ipv6_rcv+0xf1f/0x1f80
[ 23.901052] ? ip6_input+0x560/0x560
[ 23.904732] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 23.909885] ? print_irqtrace_events+0x270/0x270
[ 23.914606] ? __enqueue_entity+0x30/0x1e0
[ 23.918810] ? ip6_make_skb+0x580/0x580
[ 23.922756] ? ip6_input+0x560/0x560
[ 23.926438] __netif_receive_skb_core+0x1a3e/0x3450
[ 23.931424] ? nf_ingress+0x9f0/0x9f0
[ 23.935192] ? check_noncircular+0x20/0x20
[ 23.939393] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 23.944548] ? rcu_read_lock_sched_held+0x108/0x120
[ 23.949528] ? update_cfs_rq_load_avg.part.68+0x23d/0x2d0
[ 23.955055] ? attach_entity_load_avg+0x7a0/0x7a0
[ 23.959872] ? __lock_acquire+0x664/0x3e00
[ 23.964075] ? update_blocked_averages+0x87e/0x1b60
[ 23.969056] ? lock_downgrade+0x980/0x980
[ 23.973172] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 23.978325] ? check_noncircular+0x20/0x20
[ 23.982528] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 23.987607] ? trace_hardirqs_on_caller+0x19e/0x5c0
[ 23.992602] ? trace_hardirqs_on+0xd/0x10
[ 23.996720] ? update_blocked_averages+0x87e/0x1b60
[ 24.001700] ? find_held_lock+0x35/0x1d0
[ 24.005732] ? find_held_lock+0x35/0x1d0
[ 24.009761] ? lock_acquire+0x1d5/0x580
[ 24.013701] ? process_backlog+0x45f/0x740
[ 24.017898] ? lock_acquire+0x1d5/0x580
[ 24.021838] ? process_backlog+0x1ab/0x740
[ 24.026043] ? lock_release+0xa40/0xa40
[ 24.029990] __netif_receive_skb+0x2c/0x1b0
[ 24.034287] ? __netif_receive_skb+0x2c/0x1b0
[ 24.038760] process_backlog+0x203/0x740
[ 24.042789] ? mark_held_locks+0xaf/0x100
[ 24.046920] net_rx_action+0x792/0x1910
[ 24.050866] ? lock_release+0xa40/0xa40
[ 24.054811] ? napi_complete_done+0x6c0/0x6c0
[ 24.059274] ? rebalance_domains+0x396/0xcc0
[ 24.063650] ? _raw_spin_unlock_irq+0x27/0x70
[ 24.068118] ? pick_next_task_fair+0x16b0/0x16b0
[ 24.072841] ? trigger_dyntick_cpu.isra.29+0x180/0x180
[ 24.078084] ? check_noncircular+0x20/0x20
[ 24.082291] ? timerqueue_add+0x1e9/0x280
[ 24.086413] ? enqueue_hrtimer+0x171/0x4a0
[ 24.090613] ? __remove_hrtimer+0x190/0x190
[ 24.094911] ? run_rebalance_domains+0x378/0x770
[ 24.099640] ? rebalance_domains+0xcc0/0xcc0
[ 24.104017] ? rcu_pm_notify+0xc0/0xc0
[ 24.107873] ? check_noncircular+0x20/0x20
[ 24.112075] ? print_irqtrace_events+0x270/0x270
[ 24.116812] ? lock_downgrade+0x980/0x980
[ 24.120935] ? __irqentry_text_end+0x1f8db4/0x1f8db4
[ 24.126006] ? do_timer+0x50/0x50
[ 24.129427] ? __lock_is_held+0xb6/0x140
[ 24.133459] __do_softirq+0x2d7/0xb85
[ 24.137228] ? task_prio+0x40/0x40
[ 24.140737] ? __irqentry_text_end+0x1f8db4/0x1f8db4
[ 24.145805] ? irq_exit+0xbb/0x200
[ 24.149309] ? smp_apic_timer_interrupt+0x16b/0x700
[ 24.154291] ? smp_reschedule_interrupt+0xe6/0x670
[ 24.159185] ? smp_call_function_single_interrupt+0x640/0x640
[ 24.165033] ? _raw_spin_lock+0x32/0x40
[ 24.168973] ? _raw_spin_unlock+0x22/0x30
[ 24.173088] ? handle_edge_irq+0x2b4/0x7c0
[ 24.177804] ? task_prio+0x40/0x40
[ 24.181317] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 24.186130] do_softirq_own_stack+0x2a/0x40
[ 24.190414]
[ 24.192622] do_softirq.part.21+0x14d/0x190
[ 24.196912] ? ip6_finish_output2+0xaf3/0x2310
[ 24.201505] __local_bh_enable_ip+0x1ee/0x230
[ 24.205967] ip6_finish_output2+0xb26/0x2310
[ 24.210344] ? ip6_copy_metadata+0x890/0x890
[ 24.214718] ? ip6_mtu+0x2a2/0x3e0
[ 24.218225] ? check_noncircular+0x20/0x20
[ 24.222452] ? lock_release+0xa40/0xa40
[ 24.226400] ? __lock_is_held+0xb6/0x140
[ 24.230431] ip6_finish_output+0x2f9/0x920
[ 24.234629] ? ip6_finish_output+0x2f9/0x920
[ 24.239004] ip6_output+0x1eb/0x840
[ 24.242599] ? ip6_finish_output+0x920/0x920
[ 24.246974] ? lock_release+0xa40/0xa40
[ 24.250923] ? ip6_fragment+0x3420/0x3420
[ 24.255041] ip6_xmit+0xf3e/0x1fc0
[ 24.258549] ? __sk_dst_check+0x1a5/0x380
[ 24.262670] ? ip6_finish_output2+0x2310/0x2310
[ 24.267307] ? fl6_update_dst+0x127/0x2b0
[ 24.271425] ? check_noncircular+0x20/0x20
[ 24.275628] ? inet6_csk_route_socket+0x691/0xe50
[ 24.280439] ? lock_acquire+0x1d5/0x580
[ 24.284382] ? memcpy+0x45/0x50
[ 24.287625] ? lock_acquire+0x1d5/0x580
[ 24.291578] ? inet6_csk_xmit+0x114/0x580
[ 24.295714] ? ip6_forward_finish+0x140/0x140
[ 24.300191] ? lock_release+0xa40/0xa40
[ 24.304133] ? __lock_is_held+0xb6/0x140
[ 24.308168] inet6_csk_xmit+0x2fc/0x580
[ 24.312111] ? inet6_csk_update_pmtu+0x160/0x160
[ 24.316835] ? skb_clone+0x20d/0x480
[ 24.320518] ? tcp_schedule_loss_probe+0x490/0x490
[ 24.325420] tcp_transmit_skb+0x1b12/0x38b0
[ 24.329715] ? __tcp_select_window+0x900/0x900
[ 24.334263] ? mark_held_locks+0xaf/0x100
[ 24.338380] ? _raw_spin_unlock_irqrestore+0x31/0xba
[ 24.343449] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 24.348432] ? trace_hardirqs_on+0xd/0x10
[ 24.352551] ? depot_save_stack+0x2ca/0x460
[ 24.356847] ? check_noncircular+0x20/0x20
[ 24.361048] ? tcp_small_queue_check.isra.26+0x31c/0x450
[ 24.366463] ? tcp_tso_segs+0x240/0x240
[ 24.370406] ? pvclock_read_flags+0x160/0x160
[ 24.374869] ? sock_release+0x8d/0x1e0
[ 24.378722] ? sock_close+0x16/0x20
[ 24.382755] ? __fput+0x327/0x7e0
[ 24.386172] ? ____fput+0x15/0x20
[ 24.389592] ? task_work_run+0x199/0x270
[ 24.393618] ? do_exit+0x9bb/0x1ad0
[ 24.397209] ? do_group_exit+0x149/0x400
[ 24.401246] ? do_signal+0x94/0x1ee0
[ 24.404950] ? sched_clock_cpu+0x1b/0x170
[ 24.409069] ? tcp_init_tso_segs+0x114/0x1f0
[ 24.413444] tcp_write_xmit+0x680/0x5190
[ 24.417476] ? tcp_md5_do_lookup+0x256/0x730
[ 24.421856] ? tcp_v4_parse_md5_keys+0x221/0x2d0
[ 24.426585] ? tcp_transmit_skb+0x38b0/0x38b0
[ 24.431057] ? tcp_v6_md5_lookup+0x23/0x30
[ 24.435260] ? tcp_established_options+0x2c5/0x420
[ 24.440159] ? tcp_current_mss+0x254/0x380
[ 24.444359] ? tcp_mtu_to_mss+0x460/0x460
[ 24.448476] ? __lock_is_held+0xb6/0x140
[ 24.452509] __tcp_push_pending_frames+0xa0/0x250
[ 24.457320] tcp_send_fin+0x1b0/0xd20
[ 24.461086] ? inet_sendpage+0x660/0x660
[ 24.465112] ? sk_forced_mem_schedule+0x150/0x150
[ 24.469921] ? __sk_dst_check+0x380/0x380
[ 24.474043] ? mark_held_locks+0xaf/0x100
[ 24.478163] ? do_raw_spin_trylock+0x190/0x190
[ 24.482721] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 24.487710] ? lock_sock_nested+0x91/0x110
[ 24.491913] ? trace_hardirqs_on+0xd/0x10
[ 24.496037] tcp_close+0xbe0/0xfc0
[ 24.499553] ? ip_mc_drop_socket+0x1ce/0x230
[ 24.503935] inet_release+0xed/0x1c0
[ 24.507616] inet6_release+0x50/0x70
[ 24.511297] sock_release+0x8d/0x1e0
[ 24.514978] ? sock_alloc_file+0x560/0x560
[ 24.519177] sock_close+0x16/0x20
[ 24.522599] __fput+0x327/0x7e0
[ 24.525847] ? fput+0x140/0x140
[ 24.529098] ? trace_event_raw_event_sched_switch+0x800/0x800
[ 24.534949] ? _raw_spin_unlock_irq+0x27/0x70
[ 24.539413] ____fput+0x15/0x20
[ 24.542661] task_work_run+0x199/0x270
[ 24.546533] ? task_work_cancel+0x210/0x210
[ 24.550833] ? _raw_spin_unlock+0x22/0x30
[ 24.554949] ? switch_task_namespaces+0x87/0xc0
[ 24.559586] do_exit+0x9bb/0x1ad0
[ 24.563007] ? check_noncircular+0x20/0x20
[ 24.567212] ? mm_update_next_owner+0x930/0x930
[ 24.571850] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 24.577016] ? __might_sleep+0x95/0x190
[ 24.580964] ? find_held_lock+0x35/0x1d0
[ 24.585003] ? futex_wait+0x402/0x9a0
[ 24.588773] ? lock_downgrade+0x980/0x980
[ 24.592896] ? __unqueue_futex+0x1c0/0x290
[ 24.597101] ? lock_release+0xa40/0xa40
[ 24.601042] ? fault_in_user_writeable+0x90/0x90
[ 24.605764] ? do_raw_spin_trylock+0x190/0x190
[ 24.610311] ? check_noncircular+0x20/0x20
[ 24.614514] ? drop_futex_key_refs.isra.12+0x63/0xa0
[ 24.619582] ? futex_wait+0x6a9/0x9a0
[ 24.623352] ? find_held_lock+0x35/0x1d0
[ 24.627381] ? get_signal+0x7ae/0x16c0
[ 24.631234] ? lock_downgrade+0x980/0x980
[ 24.635356] do_group_exit+0x149/0x400
[ 24.639215] ? do_raw_spin_trylock+0x190/0x190
[ 24.643761] ? SyS_exit+0x30/0x30
[ 24.647182] ? _raw_spin_unlock_irq+0x27/0x70
[ 24.651644] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 24.656627] get_signal+0x73f/0x16c0
[ 24.660311] ? ptrace_notify+0x130/0x130
[ 24.664338] ? release_sock+0x1d4/0x2a0
[ 24.668279] ? exit_robust_list+0x240/0x240
[ 24.672565] ? _raw_spin_unlock_bh+0x30/0x40
[ 24.676938] ? release_sock+0x1d4/0x2a0
[ 24.680876] ? __release_sock+0x360/0x360
[ 24.684986] ? lock_sock_nested+0x91/0x110
[ 24.689188] ? trace_hardirqs_on+0xd/0x10
[ 24.693307] do_signal+0x94/0x1ee0
[ 24.696812] ? inet_sendmsg+0x126/0x5e0
[ 24.700750] ? __might_sleep+0x95/0x190
[ 24.704690] ? inet_recvmsg+0x5f0/0x5f0
[ 24.708632] ? selinux_socket_sendmsg+0x36/0x40
[ 24.713265] ? setup_sigcontext+0x7d0/0x7d0
[ 24.717557] ? inet_recvmsg+0x5f0/0x5f0
[ 24.721500] ? sock_sendmsg+0x4f/0x110
[ 24.725367] ? fput+0xd2/0x140
[ 24.728524] ? SYSC_sendto+0x41c/0x5c0
[ 24.732375] ? SYSC_connect+0x4a0/0x4a0
[ 24.736314] ? up_read+0x1a/0x40
[ 24.739649] ? __do_page_fault+0x3d6/0xc90
[ 24.743854] ? exit_to_usermode_loop+0x8c/0x2f0
[ 24.748491] exit_to_usermode_loop+0x258/0x2f0
[ 24.753044] ? trace_event_raw_event_sys_exit+0x260/0x260
[ 24.758559] syscall_return_slowpath+0x490/0x550
[ 24.763280] ? prepare_exit_to_usermode+0x340/0x340
[ 24.768268] ? entry_SYSCALL_64_fastpath+0x69/0x96
[ 24.773171] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 24.778153] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 24.782879] entry_SYSCALL_64_fastpath+0x94/0x96
[ 24.787603] RIP: 0033:0x4456e9
[ 24.790763] RSP: 002b:00007fcdca1c6da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 24.798449] RAX: fffffffffffffe00 RBX: 00000000006dac3c RCX: 00000000004456e9
[ 24.805694] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000006dac3c
[ 24.812931] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 24.820167] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac38
[ 24.827403] R13: 0100000000000000 R14: 00007fcdca1c79c0 R15: 0000000000000009
[ 24.834702] Dumping ftrace buffer:
[ 24.838207] (ftrace buffer empty)
[ 24.841886] Kernel Offset: disabled
[ 24.845480] Rebooting in 86400 seconds..