[....] Starting enhanced syslogd: rsyslogd[ 14.389719] audit: type=1400 audit(1516129215.223:5): avc: denied { syslog } for pid=3530 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 19.079160] audit: type=1400 audit(1516129219.912:6): avc: denied { map } for pid=3669 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz5.accept_dad = 0
net.ipv6.conf.syz5.router_solicitations = 0
[ 25.349058] audit: type=1400 audit(1516129226.182:7): avc: denied { map } for pid=3683 comm="syzkaller988249" path="/root/syzkaller988249714" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
net.ipv6.conf.syz3.accept_dad = 0
net.ipv6.conf.syz3.router_solicitations = 0
net.ipv6.conf.syz7.accept_dad = 0
net.ipv6.conf.syz1.accept_dad = 0
net.ipv6.conf.syz7.router_solicitations = 0
net.ipv6.conf.syz1.router_solicitations = 0
net.ipv6.conf.syz6.accept_dad = 0
net.ipv6.conf.syz6.router_solicitations = 0
net.ipv6.conf.syz4.accept_dad = 0
net.ipv6.conf.syz4.router_solicitations = 0
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz2.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
net.ipv6.conf.syz2.router_solicitations = 0
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
[ 26.502309] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
[ 26.585395] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[ 26.667526] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
[ 26.731285] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
[ 26.838983] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
[ 26.886581] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[ 26.957798] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 26.978259] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[ 28.690457] audit: type=1400 audit(1516129229.524:8): avc: denied { sys_admin } for pid=3689 comm="syzkaller988249" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[ 28.780606] audit: type=1400 audit(1516129229.553:9): avc: denied { sys_chroot } for pid=4635 comm="syzkaller988249" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[ 28.825248] ==================================================================
[ 28.825274] BUG: KASAN: use-after-free in strp_data_ready+0x232/0x2a0
[ 28.825281] Read of size 1 at addr ffff8801c2fc7bd0 by task syzkaller988249/4653
[ 28.825283]
[ 28.825291] CPU: 1 PID: 4653 Comm: syzkaller988249 Not tainted 4.15.0-rc7+ #191
[ 28.825295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 28.825298] Call Trace:
[ 28.825301]
[ 28.825313] dump_stack+0x194/0x257
[ 28.825326] ? arch_local_irq_restore+0x53/0x53
[ 28.825337] ? show_regs_print_info+0x18/0x18
[ 28.825356] ? strp_data_ready+0x232/0x2a0
[ 28.825370] print_address_description+0x73/0x250
[ 28.825379] ? strp_data_ready+0x232/0x2a0
[ 28.825390] kasan_report+0x25b/0x340
[ 28.825406] __asan_report_load1_noabort+0x14/0x20
[ 28.825415] strp_data_ready+0x232/0x2a0
[ 28.825429] psock_data_ready+0x56/0x70
[ 28.825440] dccp_enqueue_skb+0x3c4/0x4f0
[ 28.825453] dccp_rcv_close+0x2d8/0x3e0
[ 28.825462] ? dccp_check_seqno+0xb50/0xb50
[ 28.825476] ? dccp_ackvec_input+0x3c8/0x510
[ 28.825492] __dccp_rcv_established.isra.5+0x2d0/0x370
[ 28.825512] dccp_rcv_established+0x93/0xb0
[ 28.825526] dccp_v6_do_rcv+0x281/0x9c0
[ 28.825547] __sk_receive_skb+0x33e/0xc10
[ 28.825566] ? sk_free+0x40/0x40
[ 28.825581] ? inet6_ehashfn+0x440/0x440
[ 28.825588] ? skb_send_sock+0x50/0x50
[ 28.825600] ? ip_vs_out_icmp_v6.isra.27+0x610/0x610
[ 28.825610] ? refcount_inc+0x50/0x50
[ 28.825625] ? dccp_invalid_packet+0x55/0x7d0
[ 28.825645] dccp_v6_rcv+0xab0/0x1be0
[ 28.825671] ? dccp_v6_err+0x1430/0x1430
[ 28.825679] ? __lock_acquire+0x664/0x3e00
[ 28.825692] ? lock_release+0xa40/0xa40
[ 28.825705] ? __lock_is_held+0xb6/0x140
[ 28.825735] ip6_input_finish+0x37e/0x17a0
[ 28.825740] ? ip6_input+0x3a7/0x560
[ 28.825771] ? ip6_rcv_finish+0x7a0/0x7a0
[ 28.825785] ? nf_hook_slow+0xd3/0x1a0
[ 28.825802] ip6_input+0xdb/0x560
[ 28.825813] ? ip6_input_finish+0x17a0/0x17a0
[ 28.825820] ? print_irqtrace_events+0x270/0x270
[ 28.825834] ? find_held_lock+0x35/0x1d0
[ 28.825848] ? ip6_rcv_finish+0x7a0/0x7a0
[ 28.825859] ? ipv6_rcv+0x16cd/0x1fa0
[ 28.825874] ip6_rcv_finish+0x1a9/0x7a0
[ 28.825884] ? ip6_make_skb+0x5a0/0x5a0
[ 28.825897] ? __lock_is_held+0xb6/0x140
[ 28.825912] ? nf_hook_slow+0xd3/0x1a0
[ 28.825930] ipv6_rcv+0xf37/0x1fa0
[ 28.825954] ? ip6_input+0x560/0x560
[ 28.825975] ? print_irqtrace_events+0x270/0x270
[ 28.825983] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 28.825992] ? __lock_acquire+0x664/0x3e00
[ 28.826015] ? ip6_make_skb+0x5a0/0x5a0
[ 28.826029] ? ip6_input+0x560/0x560
[ 28.826045] __netif_receive_skb_core+0x1a41/0x3460
[ 28.826070] ? nf_ingress+0x9f0/0x9f0
[ 28.826084] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 28.826090] ? __lock_acquire+0x664/0x3e00
[ 28.826113] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 28.826128] ? __lock_is_held+0xb6/0x140
[ 28.826161] ? __lock_acquire+0x664/0x3e00
[ 28.826178] ? fastpath_timer_check+0x7d5/0xa70
[ 28.826197] ? check_noncircular+0x20/0x20
[ 28.826209] ? check_noncircular+0x20/0x20
[ 28.826218] ? print_irqtrace_events+0x270/0x270
[ 28.826263] ? find_held_lock+0x35/0x1d0
[ 28.826283] ? lock_acquire+0x1d5/0x580
[ 28.826290] ? process_backlog+0x45f/0x740
[ 28.826296] ? lock_acquire+0x1d5/0x580
[ 28.826304] ? process_backlog+0x1ab/0x740
[ 28.826324] ? lock_release+0xa40/0xa40
[ 28.826331] ? mark_held_locks+0xaf/0x100
[ 28.826355] __netif_receive_skb+0x2c/0x1b0
[ 28.826363] ? __netif_receive_skb+0x2c/0x1b0
[ 28.826375] process_backlog+0x203/0x740
[ 28.826382] ? mark_held_locks+0xaf/0x100
[ 28.826387] ? check_noncircular+0x20/0x20
[ 28.826411] net_rx_action+0x792/0x1910
[ 28.826438] ? napi_complete_done+0x6c0/0x6c0
[ 28.826462] ? rcu_read_lock_sched_held+0x108/0x120
[ 28.826490] ? note_gp_changes+0x650/0x650
[ 28.826502] ? timerqueue_add+0x1e9/0x280
[ 28.826528] ? enqueue_hrtimer+0x171/0x4a0
[ 28.826538] ? __remove_hrtimer+0x190/0x190
[ 28.826556] ? check_noncircular+0x20/0x20
[ 28.826566] ? print_irqtrace_events+0x270/0x270
[ 28.826582] ? clockevents_program_event+0x163/0x2e0
[ 28.826592] ? lock_downgrade+0x980/0x980
[ 28.826616] ? __lock_is_held+0xb6/0x140
[ 28.826641] ? check_noncircular+0x20/0x20
[ 28.826652] ? print_irqtrace_events+0x270/0x270
[ 28.826667] ? lock_downgrade+0x980/0x980
[ 28.826682] ? __irqentry_text_end+0x1f8d74/0x1f8d74
[ 28.826692] ? do_timer+0x50/0x50
[ 28.826710] ? __lock_is_held+0xb6/0x140
[ 28.826741] __do_softirq+0x2d7/0xb85
[ 28.826748] ? task_prio+0x40/0x40
[ 28.826770] ? __irqentry_text_end+0x1f8d74/0x1f8d74
[ 28.826777] ? irq_exit+0xbb/0x200
[ 28.826786] ? smp_apic_timer_interrupt+0x16b/0x700
[ 28.826792] ? smp_reschedule_interrupt+0xe6/0x670
[ 28.826802] ? smp_call_function_single_interrupt+0x640/0x640
[ 28.826811] ? _raw_spin_lock+0x32/0x40
[ 28.826825] ? _raw_spin_unlock+0x22/0x30
[ 28.826834] ? handle_edge_irq+0x2b4/0x7c0
[ 28.826843] ? task_prio+0x40/0x40
[ 28.826865] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 28.826886] do_softirq_own_stack+0x2a/0x40
[ 28.826890]
[ 28.826899] do_softirq.part.21+0x14d/0x190
[ 28.826907] ? ip6_finish_output2+0xb6d/0x23a0
[ 28.826915] __local_bh_enable_ip+0x1ee/0x230
[ 28.826927] ip6_finish_output2+0xba0/0x23a0
[ 28.826952] ? ip6_sk_dst_lookup_flow+0x7f0/0x7f0
[ 28.826967] ? ip6_mtu+0x369/0x4d0
[ 28.826978] ? check_noncircular+0x20/0x20
[ 28.826999] ? __lock_is_held+0xb6/0x140
[ 28.827027] ? __lock_is_held+0xb6/0x140
[ 28.827055] ip6_finish_output+0x698/0xaf0
[ 28.827062] ? ip6_finish_output+0x698/0xaf0
[ 28.827080] ip6_output+0x1eb/0x840
[ 28.827093] ? ip6_finish_output+0xaf0/0xaf0
[ 28.827117] ? ip6_fragment+0x3470/0x3470
[ 28.827138] ip6_xmit+0xd84/0x2090
[ 28.827148] ? __sk_dst_check+0x1a5/0x380
[ 28.827176] ? ip6_finish_output2+0x23a0/0x23a0
[ 28.827192] ? fl6_update_dst+0x127/0x2b0
[ 28.827203] ? check_noncircular+0x20/0x20
[ 28.827212] ? inet6_csk_route_socket+0x691/0xe80
[ 28.827227] ? lock_acquire+0x1d5/0x580
[ 28.827233] ? mod_timer+0x571/0x13a0
[ 28.827239] ? lock_acquire+0x1d5/0x580
[ 28.827246] ? inet6_csk_xmit+0x114/0x580
[ 28.827259] ? ip6_forward_finish+0x140/0x140
[ 28.827270] ? lock_release+0xa40/0xa40
[ 28.827310] inet6_csk_xmit+0x2fc/0x580
[ 28.827323] ? inet6_csk_update_pmtu+0x160/0x160
[ 28.827329] ? skb_checksum+0xd1/0x130
[ 28.827343] ? __skb_checksum+0x7e0/0x7e0
[ 28.827350] ? skb_send_sock+0x50/0x50
[ 28.827373] ? dccp_v6_send_check+0x278/0x3e0
[ 28.827392] dccp_transmit_skb+0x9ac/0x10f0
[ 28.827418] dccp_send_close+0x1e3/0x380
[ 28.827425] ? dccp_flush_write_queue+0x1/0x760
[ 28.827438] dccp_close+0x8bc/0xc20
[ 28.827448] ? ip_mc_drop_socket+0x1ce/0x230
[ 28.827466] inet_release+0xed/0x1c0
[ 28.827478] inet6_release+0x50/0x70
[ 28.827488] sock_release+0x8d/0x1e0
[ 28.827499] ? sock_alloc_file+0x560/0x560
[ 28.827512] sock_close+0x16/0x20
[ 28.827521] __fput+0x327/0x7e0
[ 28.827540] ? fput+0x140/0x140
[ 28.827552] ? trace_event_raw_event_sched_switch+0x800/0x800
[ 28.827559] ? _raw_spin_unlock_irq+0x27/0x70
[ 28.827577] ____fput+0x15/0x20
[ 28.827588] task_work_run+0x199/0x270
[ 28.827604] ? task_work_cancel+0x210/0x210
[ 28.827615] ? _raw_spin_unlock+0x22/0x30
[ 28.827625] ? switch_task_namespaces+0x87/0xc0
[ 28.827641] do_exit+0x9bb/0x1ad0
[ 28.827663] ? mm_update_next_owner+0x930/0x930
[ 28.827677] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 28.827687] ? __might_sleep+0x95/0x190
[ 28.827705] ? find_held_lock+0x35/0x1d0
[ 28.827726] ? futex_wait+0x402/0x9a0
[ 28.827737] ? lock_downgrade+0x980/0x980
[ 28.827750] ? __unqueue_futex+0x1c0/0x290
[ 28.827756] ? lock_release+0xa40/0xa40
[ 28.827766] ? fault_in_user_writeable+0x90/0x90
[ 28.827777] ? do_raw_spin_trylock+0x190/0x190
[ 28.827785] ? futex_wake+0x680/0x680
[ 28.827794] ? check_noncircular+0x20/0x20
[ 28.827810] ? drop_futex_key_refs.isra.12+0x63/0xb0
[ 28.827819] ? futex_wait+0x6a9/0x9a0
[ 28.827851] ? find_held_lock+0x35/0x1d0
[ 28.827873] ? get_signal+0x7ae/0x16c0
[ 28.827883] ? lock_downgrade+0x980/0x980
[ 28.827905] do_group_exit+0x149/0x400
[ 28.827915] ? do_raw_spin_trylock+0x190/0x190
[ 28.827924] ? SyS_exit+0x30/0x30
[ 28.827932] ? _raw_spin_unlock_irq+0x27/0x70
[ 28.827944] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 28.827960] get_signal+0x73f/0x16c0
[ 28.827983] ? ptrace_notify+0x130/0x130
[ 28.828001] ? exit_robust_list+0x240/0x240
[ 28.828019] ? __sched_text_start+0x8/0x8
[ 28.828029] ? lock_release+0xa40/0xa40
[ 28.828043] ? __lock_is_held+0xb6/0x140
[ 28.828061] do_signal+0x90/0x1eb0
[ 28.828083] ? wake_up_q+0xe0/0xe0
[ 28.828093] ? setup_sigcontext+0x7d0/0x7d0
[ 28.828117] ? schedule+0xf5/0x430
[ 28.828130] ? __schedule+0x2060/0x2060
[ 28.828137] ? __vfs_read+0xf7/0xa00
[ 28.828152] ? vfs_copy_file_range+0x940/0x940
[ 28.828171] ? fsnotify_first_mark+0x2b0/0x2b0
[ 28.828181] ? exit_to_usermode_loop+0x8c/0x310
[ 28.828201] exit_to_usermode_loop+0x214/0x310
[ 28.828215] ? trace_event_raw_event_sys_exit+0x260/0x260
[ 28.828243] syscall_return_slowpath+0x490/0x550
[ 28.828251] ? prepare_exit_to_usermode+0x340/0x340
[ 28.828258] ? SyS_read+0x184/0x220
[ 28.828268] ? entry_SYSCALL_64_fastpath+0x6d/0x9a
[ 28.828281] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 28.828292] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 28.828313] entry_SYSCALL_64_fastpath+0x98/0x9a
[ 28.828319] RIP: 0033:0x44c9c9
[ 28.828323] RSP: 002b:00007f31102f9cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 28.828332] RAX: fffffffffffffe00 RBX: 00000000006f003c RCX: 000000000044c9c9
[ 28.828336] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000006f003c
[ 28.828340] RBP: 00000000006f0038 R08: 0000000000000000 R09: 0000000000000000
[ 28.828345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 28.828350] R13: 00000000007ff97f R14: 00007f31102fa9c0 R15: 0000000000000001
[ 28.828380]
[ 28.828384] Allocated by task 4653:
[ 28.828393] save_stack+0x43/0xd0
[ 28.828400] kasan_kmalloc+0xad/0xe0
[ 28.828406] kasan_slab_alloc+0x12/0x20
[ 28.828412] kmem_cache_alloc+0x12e/0x760
[ 28.828419] kcm_ioctl+0x2d2/0x1690
[ 28.828424] sock_do_ioctl+0x65/0xb0
[ 28.828430] sock_ioctl+0x2c2/0x440
[ 28.828438] do_vfs_ioctl+0x1b1/0x1520
[ 28.828443] SyS_ioctl+0x8f/0xc0
[ 28.828450] entry_SYSCALL_64_fastpath+0x23/0x9a
[ 28.828452]
[ 28.828455] Freed by task 4653:
[ 28.828461] save_stack+0x43/0xd0
[ 28.828467] kasan_slab_free+0x71/0xc0
[ 28.828471] kmem_cache_free+0x83/0x2a0
[ 28.828477] kcm_unattach+0xe53/0x1510
[ 28.828483] kcm_done+0x5c7/0x1990
[ 28.828488] kcm_release+0x478/0x860
[ 28.828494] sock_release+0x8d/0x1e0
[ 28.828499] sock_close+0x16/0x20
[ 28.828503] __fput+0x327/0x7e0
[ 28.828513] ____fput+0x15/0x20
[ 28.828520] task_work_run+0x199/0x270
[ 28.828525] do_exit+0x9bb/0x1ad0
[ 28.828531] do_group_exit+0x149/0x400
[ 28.828537] get_signal+0x73f/0x16c0
[ 28.828543] do_signal+0x90/0x1eb0
[ 28.828549] exit_to_usermode_loop+0x214/0x310
[ 28.828555] syscall_return_slowpath+0x490/0x550
[ 28.828560] entry_SYSCALL_64_fastpath+0x98/0x9a
[ 28.828562]
[ 28.828568] The buggy address belongs to the object at ffff8801c2fc7bc0
[ 28.828568] which belongs to the cache kcm_psock_cache of size 544
[ 28.828575] The buggy address is located 16 bytes inside of
[ 28.828575] 544-byte region [ffff8801c2fc7bc0, ffff8801c2fc7de0)
[ 28.828577] The buggy address belongs to the page:
[ 28.828583] page:ffffea00070bf180 count:1 mapcount:0 mapping:ffff8801c2fc6040 index:0x0 compound_mapcount: 0
[ 28.828593] flags: 0x2fffc0000008100(slab|head)
[ 28.828602] raw: 02fffc0000008100 ffff8801c2fc6040 0000000000000000 000000010000000b
[ 28.828608] raw: ffff8801d32e9748 ffff8801d32e9748 ffff8801d32580c0 0000000000000000
[ 28.828611] page dumped because: kasan: bad access detected
[ 28.828612]
[ 28.828614] Memory state around the buggy address:
[ 28.828620] ffff8801c2fc7a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 28.828625] ffff8801c2fc7b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 28.828631] >ffff8801c2fc7b80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[ 28.828633] ^
[ 28.828638] ffff8801c2fc7c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 28.828644] ffff8801c2fc7c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 28.828646] ==================================================================
[ 28.828648] Disabling lock debugging due to kernel taint
[ 28.828679] Kernel panic - not syncing: panic_on_warn set ...
[ 28.828679]
[ 28.828687] CPU: 1 PID: 4653 Comm: syzkaller988249 Tainted: G B 4.15.0-rc7+ #191
[ 28.828690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 28.828692] Call Trace:
[ 28.828694]
[ 28.828703] dump_stack+0x194/0x257
[ 28.828712] ? arch_local_irq_restore+0x53/0x53
[ 28.828720] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 28.828728] ? vsnprintf+0x1ed/0x1900
[ 28.828735] ? strp_data_ready+0x1d0/0x2a0
[ 28.828742] panic+0x1e4/0x41c
[ 28.828749] ? refcount_error_report+0x214/0x214
[ 28.828759] ? add_taint+0x1c/0x50
[ 28.828765] ? add_taint+0x1c/0x50
[ 28.828775] ? strp_data_ready+0x232/0x2a0
[ 28.828782] kasan_end_report+0x50/0x50
[ 28.828789] kasan_report+0x144/0x340
[ 28.828799] __asan_report_load1_noabort+0x14/0x20
[ 28.828806] strp_data_ready+0x232/0x2a0
[ 28.828814] psock_data_ready+0x56/0x70
[ 28.828822] dccp_enqueue_skb+0x3c4/0x4f0
[ 28.828831] dccp_rcv_close+0x2d8/0x3e0
[ 28.828839] ? dccp_check_seqno+0xb50/0xb50
[ 28.828849] ? dccp_ackvec_input+0x3c8/0x510
[ 28.828861] __dccp_rcv_established.isra.5+0x2d0/0x370
[ 28.828870] dccp_rcv_established+0x93/0xb0
[ 28.828878] dccp_v6_do_rcv+0x281/0x9c0
[ 28.828892] __sk_receive_skb+0x33e/0xc10
[ 28.828904] ? sk_free+0x40/0x40
[ 28.828914] ? inet6_ehashfn+0x440/0x440
[ 28.828919] ? skb_send_sock+0x50/0x50
[ 28.828930] ? ip_vs_out_icmp_v6.isra.27+0x610/0x610
[ 28.828937] ? refcount_inc+0x50/0x50
[ 28.828947] ? dccp_invalid_packet+0x55/0x7d0
[ 28.828959] dccp_v6_rcv+0xab0/0x1be0
[ 28.828973] ? dccp_v6_err+0x1430/0x1430
[ 28.828980] ? __lock_acquire+0x664/0x3e00
[ 28.828989] ? lock_release+0xa40/0xa40
[ 28.828999] ? __lock_is_held+0xb6/0x140
[ 28.829021] ip6_input_finish+0x37e/0x17a0
[ 28.829026] ? ip6_input+0x3a7/0x560
[ 28.829044] ? ip6_rcv_finish+0x7a0/0x7a0
[ 28.829054] ? nf_hook_slow+0xd3/0x1a0
[ 28.829066] ip6_input+0xdb/0x560
[ 28.829074] ? ip6_input_finish+0x17a0/0x17a0
[ 28.829080] ? print_irqtrace_events+0x270/0x270
[ 28.829090] ? find_held_lock+0x35/0x1d0
[ 28.829099] ? ip6_rcv_finish+0x7a0/0x7a0
[ 28.829108] ? ipv6_rcv+0x16cd/0x1fa0
[ 28.829119] ip6_rcv_finish+0x1a9/0x7a0
[ 28.829126] ? ip6_make_skb+0x5a0/0x5a0
[ 28.829135] ? __lock_is_held+0xb6/0x140
[ 28.829145] ? nf_hook_slow+0xd3/0x1a0
[ 28.829157] ipv6_rcv+0xf37/0x1fa0
[ 28.829172] ? ip6_input+0x560/0x560
[ 28.829185] ? print_irqtrace_events+0x270/0x270
[ 28.829191] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 28.829198] ? __lock_acquire+0x664/0x3e00
[ 28.829213] ? ip6_make_skb+0x5a0/0x5a0
[ 28.829222] ? ip6_input+0x560/0x560
[ 28.829234] __netif_receive_skb_core+0x1a41/0x3460
[ 28.829249] ? nf_ingress+0x9f0/0x9f0
[ 28.829259] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 28.829264] ? __lock_acquire+0x664/0x3e00
[ 28.829278] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 28.829286] ? __lock_is_held+0xb6/0x140
[ 28.829302] ? __lock_acquire+0x664/0x3e00
[ 28.829313] ? fastpath_timer_check+0x7d5/0xa70
[ 28.829325] ? check_noncircular+0x20/0x20
[ 28.829333] ? check_noncircular+0x20/0x20
[ 28.829340] ? print_irqtrace_events+0x270/0x270
[ 28.829363] ? find_held_lock+0x35/0x1d0
[ 28.829375] ? lock_acquire+0x1d5/0x580
[ 28.829380] ? process_backlog+0x45f/0x740
[ 28.829385] ? lock_acquire+0x1d5/0x580
[ 28.829390] ? process_backlog+0x1ab/0x740
[ 28.829402] ? lock_release+0xa40/0xa40
[ 28.829408] ? mark_held_locks+0xaf/0x100
[ 28.829421] __netif_receive_skb+0x2c/0x1b0
[ 28.829427] ? __netif_receive_skb+0x2c/0x1b0
[ 28.829434] process_backlog+0x203/0x740
[ 28.829439] ? mark_held_locks+0xaf/0x100
[ 28.829444] ? check_noncircular+0x20/0x20
[ 28.829457] net_rx_action+0x792/0x1910
[ 28.829471] ? napi_complete_done+0x6c0/0x6c0
[ 28.829486] ? rcu_read_lock_sched_held+0x108/0x120
[ 28.829502] ? note_gp_changes+0x650/0x650
[ 28.829515] ? timerqueue_add+0x1e9/0x280
[ 28.829527] ? enqueue_hrtimer+0x171/0x4a0
[ 28.829535] ? __remove_hrtimer+0x190/0x190
[ 28.829546] ? check_noncircular+0x20/0x20
[ 28.829554] ? print_irqtrace_events+0x270/0x270
[ 28.829567] ? clockevents_program_event+0x163/0x2e0
[ 28.829575] ? lock_downgrade+0x980/0x980
[ 28.829590] ? __lock_is_held+0xb6/0x140
[ 28.829605] ? check_noncircular+0x20/0x20
[ 28.829614] ? print_irqtrace_events+0x270/0x270
[ 28.829624] ? lock_downgrade+0x980/0x980
[ 28.829634] ? __irqentry_text_end+0x1f8d74/0x1f8d74
[ 28.829642] ? do_timer+0x50/0x50
[ 28.829655] ? __lock_is_held+0xb6/0x140
[ 28.829672] __do_softirq+0x2d7/0xb85
[ 28.829679] ? task_prio+0x40/0x40
[ 28.829693] ? __irqentry_text_end+0x1f8d74/0x1f8d74
[ 28.829700] ? irq_exit+0xbb/0x200
[ 28.829707] ? smp_apic_timer_interrupt+0x16b/0x700
[ 28.829712] ? smp_reschedule_interrupt+0xe6/0x670
[ 28.829720] ? smp_call_function_single_interrupt+0x640/0x640
[ 28.829726] ? _raw_spin_lock+0x32/0x40
[ 28.829736] ? _raw_spin_unlock+0x22/0x30
[ 28.829743] ? handle_edge_irq+0x2b4/0x7c0
[ 28.829751] ? task_prio+0x40/0x40
[ 28.829766] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 28.829778] do_softirq_own_stack+0x2a/0x40
[ 28.829781]
[ 28.829787] do_softirq.part.21+0x14d/0x190
[ 28.829794] ? ip6_finish_output2+0xb6d/0x23a0
[ 28.829800] __local_bh_enable_ip+0x1ee/0x230
[ 28.829808] ip6_finish_output2+0xba0/0x23a0
[ 28.829822] ? ip6_sk_dst_lookup_flow+0x7f0/0x7f0
[ 28.829832] ? ip6_mtu+0x369/0x4d0
[ 28.829839] ? check_noncircular+0x20/0x20
[ 28.829852] ? __lock_is_held+0xb6/0x140
[ 28.829869] ? __lock_is_held+0xb6/0x140
[ 28.829885] ip6_finish_output+0x698/0xaf0
[ 28.829890] ? ip6_finish_output+0x698/0xaf0
[ 28.829902] ip6_output+0x1eb/0x840
[ 28.829911] ? ip6_finish_output+0xaf0/0xaf0
[ 28.829926] ? ip6_fragment+0x3470/0x3470
[ 28.829939] ip6_xmit+0xd84/0x2090
[ 28.829946] ? __sk_dst_check+0x1a5/0x380
[ 28.829963] ? ip6_finish_output2+0x23a0/0x23a0
[ 28.829973] ? fl6_update_dst+0x127/0x2b0
[ 28.829980] ? check_noncircular+0x20/0x20
[ 28.829987] ? inet6_csk_route_socket+0x691/0xe80
[ 28.829998] ? lock_acquire+0x1d5/0x580
[ 28.830003] ? mod_timer+0x571/0x13a0
[ 28.830008] ? lock_acquire+0x1d5/0x580
[ 28.830014] ? inet6_csk_xmit+0x114/0x580
[ 28.830023] ? ip6_forward_finish+0x140/0x140
[ 28.830032] ? lock_release+0xa40/0xa40
[ 28.830054] inet6_csk_xmit+0x2fc/0x580
[ 28.830064] ? inet6_csk_update_pmtu+0x160/0x160
[ 28.830069] ? skb_checksum+0xd1/0x130
[ 28.830078] ? __skb_checksum+0x7e0/0x7e0
[ 28.830084] ? skb_send_sock+0x50/0x50
[ 28.830097] ? dccp_v6_send_check+0x278/0x3e0
[ 28.830109] dccp_transmit_skb+0x9ac/0x10f0
[ 28.830122] dccp_send_close+0x1e3/0x380
[ 28.830128] ? dccp_flush_write_queue+0x1/0x760
[ 28.830135] dccp_close+0x8bc/0xc20
[ 28.830143] ? ip_mc_drop_socket+0x1ce/0x230
[ 28.830154] inet_release+0xed/0x1c0
[ 28.830162] inet6_release+0x50/0x70
[ 28.830169] sock_release+0x8d/0x1e0
[ 28.830176] ? sock_alloc_file+0x560/0x560
[ 28.830182] sock_close+0x16/0x20
[ 28.830188] __fput+0x327/0x7e0
[ 28.830198] ? fput+0x140/0x140
[ 28.830206] ? trace_event_raw_event_sched_switch+0x800/0x800
[ 28.830211] ? _raw_spin_unlock_irq+0x27/0x70
[ 28.830222] ____fput+0x15/0x20
[ 28.830230] task_work_run+0x199/0x270
[ 28.830239] ? task_work_cancel+0x210/0x210
[ 28.830246] ? _raw_spin_unlock+0x22/0x30
[ 28.830252] ? switch_task_namespaces+0x87/0xc0
[ 28.830262] do_exit+0x9bb/0x1ad0
[ 28.830273] ? mm_update_next_owner+0x930/0x930
[ 28.830281] ? debug_check_no_locks_freed+0x3c0/0x3c0
[ 28.830286] ? __might_sleep+0x95/0x190
[ 28.830296] ? find_held_lock+0x35/0x1d0
[ 28.830308] ? futex_wait+0x402/0x9a0
[ 28.830317] ? lock_downgrade+0x980/0x980
[ 28.830325] ? __unqueue_futex+0x1c0/0x290
[ 28.830331] ? lock_release+0xa40/0xa40
[ 28.830339] ? fault_in_user_writeable+0x90/0x90
[ 28.830349] ? do_raw_spin_trylock+0x190/0x190
[ 28.830355] ? futex_wake+0x680/0x680
[ 28.830363] ? check_noncircular+0x20/0x20
[ 28.830374] ? drop_futex_key_refs.isra.12+0x63/0xb0
[ 28.830381] ? futex_wait+0x6a9/0x9a0
[ 28.830400] ? find_held_lock+0x35/0x1d0
[ 28.830414] ? get_signal+0x7ae/0x16c0
[ 28.830422] ? lock_downgrade+0x980/0x980
[ 28.830436] do_group_exit+0x149/0x400
[ 28.830444] ? do_raw_spin_trylock+0x190/0x190
[ 28.830452] ? SyS_exit+0x30/0x30
[ 28.830458] ? _raw_spin_unlock_irq+0x27/0x70
[ 28.830468] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 28.830479] get_signal+0x73f/0x16c0
[ 28.830494] ? ptrace_notify+0x130/0x130
[ 28.830511] ? exit_robust_list+0x240/0x240
[ 28.830523] ? __sched_text_start+0x8/0x8
[ 28.830531] ? lock_release+0xa40/0xa40
[ 28.830541] ? __lock_is_held+0xb6/0x140
[ 28.830551] do_signal+0x90/0x1eb0
[ 28.830564] ? wake_up_q+0xe0/0xe0
[ 28.830571] ? setup_sigcontext+0x7d0/0x7d0
[ 28.830584] ? schedule+0xf5/0x430
[ 28.830592] ? __schedule+0x2060/0x2060
[ 28.830599] ? __vfs_read+0xf7/0xa00
[ 28.830610] ? vfs_copy_file_range+0x940/0x940
[ 28.830621] ? fsnotify_first_mark+0x2b0/0x2b0
[ 28.830629] ? exit_to_usermode_loop+0x8c/0x310
[ 28.830641] exit_to_usermode_loop+0x214/0x310
[ 28.830650] ? trace_event_raw_event_sys_exit+0x260/0x260
[ 28.830666] syscall_return_slowpath+0x490/0x550
[ 28.830674] ? prepare_exit_to_usermode+0x340/0x340
[ 28.830680] ? SyS_read+0x184/0x220
[ 28.830688] ? entry_SYSCALL_64_fastpath+0x6d/0x9a
[ 28.830697] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 28.830703] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 28.830714] entry_SYSCALL_64_fastpath+0x98/0x9a
[ 28.830719] RIP: 0033:0x44c9c9
[ 28.830722] RSP: 002b:00007f31102f9cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 28.830729] RAX: fffffffffffffe00 RBX: 00000000006f003c RCX: 000000000044c9c9
[ 28.830732] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000006f003c
[ 28.830736] RBP: 00000000006f0038 R08: 0000000000000000 R09: 0000000000000000
[ 28.830740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 28.830744] R13: 00000000007ff97f R14: 00007f31102fa9c0 R15: 0000000000000001
[ 28.831223] Dumping ftrace buffer:
[ 28.831226] (ftrace buffer empty)
[ 28.831229] Kernel Offset: disabled
[ 30.975730] Rebooting in 86400 seconds..