Warning: Permanently added '10.128.15.224' (ECDSA) to the list of known hosts. 2019/04/10 11:01:13 parsed 1 programs 2019/04/10 11:01:13 executed programs: 0 [ 90.821842] IPVS: Creating netns size=2712 id=2 [ 90.826856] IPVS: ftp: loaded support on port[0] = 21 [ 90.906902] IPVS: Creating netns size=2712 id=3 [ 90.912577] IPVS: ftp: loaded support on port[0] = 21 [ 91.006953] IPVS: Creating netns size=2712 id=4 [ 91.012846] IPVS: ftp: loaded support on port[0] = 21 [ 91.146158] IPVS: Creating netns size=2712 id=5 [ 91.167944] IPVS: ftp: loaded support on port[0] = 21 [ 91.361146] IPVS: Creating netns size=2712 id=6 [ 91.366267] IPVS: ftp: loaded support on port[0] = 21 [ 91.662066] IPVS: Creating netns size=2712 id=7 [ 91.666906] IPVS: ftp: loaded support on port[0] = 21 [ 91.992504] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.999376] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.009833] device bridge_slave_0 entered promiscuous mode [ 92.070076] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.078466] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.090796] device bridge_slave_1 entered promiscuous mode [ 92.230388] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 92.292242] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 92.410426] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.416984] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.429067] device bridge_slave_0 entered promiscuous mode [ 92.488862] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.495713] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.505237] device bridge_slave_1 entered promiscuous mode [ 92.635930] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 92.690241] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 92.739301] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 92.751953] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 93.024701] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.033952] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.043738] device bridge_slave_0 entered promiscuous mode [ 93.074641] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.082047] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.104679] device bridge_slave_0 entered promiscuous mode [ 93.185344] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.193492] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.205388] device bridge_slave_1 entered promiscuous mode [ 93.215957] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.224220] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.235773] device bridge_slave_1 entered promiscuous mode [ 93.301473] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 93.312217] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 93.413221] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 93.453444] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 93.463960] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 93.475155] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 93.490872] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 93.550851] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 93.611477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.711007] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.719872] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.730532] device bridge_slave_0 entered promiscuous mode [ 93.781088] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 93.824437] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.831744] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.842296] device bridge_slave_1 entered promiscuous mode [ 93.863848] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 93.886358] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 93.898994] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.989073] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 94.039427] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 94.052382] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.066975] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.085911] device bridge_slave_0 entered promiscuous mode [ 94.142947] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 94.164266] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.177005] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.199404] device bridge_slave_1 entered promiscuous mode [ 94.255962] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 94.356946] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 94.415523] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 94.430710] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 94.515981] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 94.580581] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 94.599819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 94.620058] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 94.649137] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 94.670339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 94.691204] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 94.714507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 94.752502] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 94.764166] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 94.779112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 94.864279] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 95.044901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 95.098982] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 95.121070] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.127623] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.135089] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.141675] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.348872] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 95.366125] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 95.415590] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 95.440079] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 95.486028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 95.531722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 95.557372] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.563855] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.570803] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.577300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.600815] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.607361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.614383] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.620832] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.641988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 95.675881] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 95.970416] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.976864] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.984147] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.990606] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.420579] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.427135] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.434164] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.440875] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.593359] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.599827] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.606897] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.613528] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.342443] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.596747] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 98.680754] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.693764] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.828035] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.931841] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 98.941870] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 99.232519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 99.267139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 99.304513] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.566953] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 99.604308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.816803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.840851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 99.865186] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 100.049142] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 100.168106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 100.297542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 101.179290] hrtimer: interrupt took 31369 ns [ 101.201992] [ 101.204024] ========================================================= [ 101.211122] [ INFO: possible irq lock inversion dependency detected ] [ 101.218402] 4.6.0-rc2+ #1 Not tainted [ 101.222293] --------------------------------------------------------- [ 101.229581] syz-executor3/7291 just changed the state of lock: [ 101.236013] (&sctp_ep_hashtable[i].lock){++.+..}, at: [] sctp_for_each_endpoint+0x9f/0x190 [ 101.247728] but this lock was taken by another, SOFTIRQ-safe lock in the past: [ 101.255836] (slock-AF_INET){+.-...} and interrupts could create inverse lock ordering between them. [ 101.266750] [ 101.266750] other info that might help us debug this: [ 101.273847] Possible interrupt unsafe locking scenario: [ 101.273847] [ 101.281290] CPU0 CPU1 [ 101.286136] ---- ---- [ 101.291342] lock(&sctp_ep_hashtable[i].lock); [ 101.296792] local_irq_disable(); [ 101.303103] lock(slock-AF_INET); [ 101.309810] lock(&sctp_ep_hashtable[i].lock); [ 101.318216] [ 101.321262] lock(slock-AF_INET); [ 101.326108] [ 101.326108] *** DEADLOCK *** [ 101.326108] [ 101.333371] 4 locks held by syz-executor3/7291: [ 101.338465] #0: (sock_diag_mutex){+.+.+.}, at: [] sock_diag_rcv+0x16/0x40 [ 101.348265] #1: (sock_diag_table_mutex){+.+.+.}, at: [] sock_diag_rcv_msg+0x11c/0x350 [ 101.361338] #2: (nlk->cb_mutex){+.+.+.}, at: [] netlink_dump+0x4b/0xa40 [ 101.371931] #3: (inet_diag_table_mutex){+.+...}, at: [] inet_diag_lock_handler+0x4b/0xd0 [ 101.383601] [ 101.383601] the shortest dependencies between 2nd lock and 1st lock: [ 101.392292] -> (slock-AF_INET){+.-...} ops: 10285 { [ 101.398680] HARDIRQ-ON-W at: [ 101.402820] [] __lock_acquire+0x1324/0x4f90 [ 101.411510] [] lock_acquire+0x196/0x480 [ 101.420278] [] _raw_spin_lock_bh+0x3a/0x50 [ 101.429817] [] lock_sock_nested+0x3e/0x100 [ 101.438127] [] do_tcp_setsockopt.isra.32+0x129/0x1730 [ 101.448195] [] tcp_setsockopt+0x7e/0xd0 [ 101.456313] [] sock_common_setsockopt+0x73/0xf0 [ 101.464942] [] rds_tcp_nonagle+0x130/0x1b0 [ 101.472876] [] rds_tcp_listen_init+0x108/0x380 [ 101.481358] [] rds_tcp_init_net+0x1ec/0x4d0 [ 101.489483] [] ops_init+0x95/0x360 [ 101.497266] [] register_pernet_operations+0x21d/0x480 [ 101.506773] [] register_pernet_subsys+0x25/0x40 [ 101.515525] [] rds_tcp_init+0x47/0xc0 [ 101.523647] [] do_one_initcall+0x10e/0x330 [ 101.533032] [] kernel_init_freeable+0x43b/0x4d2 [ 101.541640] [] kernel_init+0xe/0x120 [ 101.549744] [] ret_from_fork+0x22/0x50 [ 101.557626] IN-SOFTIRQ-W at: [ 101.561313] [] __lock_acquire+0x12f0/0x4f90 [ 101.570034] [] lock_acquire+0x196/0x480 [ 101.578057] [] _raw_spin_lock+0x36/0x50 [ 101.586230] [] udp_queue_rcv_skb+0x49f/0x1650 [ 101.595554] [] __udp4_lib_rcv+0x579/0x2f10 [ 101.604058] [] udp_rcv+0x15/0x20 [ 101.611862] [] ip_local_deliver_finish+0x2b2/0x9b0 [ 101.620699] [] ip_local_deliver+0x197/0x330 [ 101.629086] [] ip_rcv_finish+0x5ba/0x17e0 [ 101.637470] [] ip_rcv+0x867/0x1470 [ 101.645090] [] __netif_receive_skb_core+0x1740/0x2d90 [ 101.654709] [] __netif_receive_skb+0x1f/0x150 [ 101.663178] [] netif_receive_skb_internal+0xc7/0x300 [ 101.672565] [] napi_gro_receive+0x293/0x4a0 [ 101.681545] [] virtnet_receive+0xa97/0x1da0 [ 101.690653] [] virtnet_poll+0x1d/0x120 [ 101.698692] [] net_rx_action+0x721/0xe70 [ 101.706673] [] __do_softirq+0x2cc/0xa06 [ 101.715077] [] irq_exit+0x157/0x190 [ 101.722753] [] do_IRQ+0x92/0x1c0 [ 101.732083] [] ret_from_intr+0x0/0x20 [ 101.741412] [] default_idle+0x4f/0x390 [ 101.751199] [] arch_cpu_idle+0xa/0x10 [ 101.760406] [] default_idle_call+0x48/0xa0 [ 101.770767] [] cpu_startup_entry+0x5a7/0x7e0 [ 101.779701] [] rest_init+0x152/0x160 [ 101.787782] [] start_kernel+0x5ba/0x5e0 [ 101.795808] [] x86_64_start_reservations+0x2a/0x2c [ 101.807721] [] x86_64_start_kernel+0x14a/0x157 [ 101.816158] INITIAL USE at: [ 101.819883] [] __lock_acquire+0xb9e/0x4f90 [ 101.828990] [] lock_acquire+0x196/0x480 [ 101.837811] [] _raw_spin_lock_bh+0x3a/0x50 [ 101.846665] [] lock_sock_nested+0x3e/0x100 [ 101.855433] [] do_tcp_setsockopt.isra.32+0x129/0x1730 [ 101.864820] [] tcp_setsockopt+0x7e/0xd0 [ 101.873391] [] sock_common_setsockopt+0x73/0xf0 [ 101.882130] [] rds_tcp_nonagle+0x130/0x1b0 [ 101.890306] [] rds_tcp_listen_init+0x108/0x380 [ 101.898607] [] rds_tcp_init_net+0x1ec/0x4d0 [ 101.906782] [] ops_init+0x95/0x360 [ 101.914500] [] register_pernet_operations+0x21d/0x480 [ 101.923660] [] register_pernet_subsys+0x25/0x40 [ 101.932955] [] rds_tcp_init+0x47/0xc0 [ 101.940879] [] do_one_initcall+0x10e/0x330 [ 101.949267] [] kernel_init_freeable+0x43b/0x4d2 [ 101.959680] [] kernel_init+0xe/0x120 [ 101.967099] [] ret_from_fork+0x22/0x50 [ 101.975716] } [ 101.977581] ... key at: [] af_family_slock_keys+0x10/0x180 [ 101.985685] ... acquired at: [ 101.989217] [] lock_acquire+0x196/0x480 [ 101.995223] [] _raw_write_lock+0x36/0x50 [ 102.001323] [] sctp_unhash_endpoint+0x13c/0x290 [ 102.008006] [] sctp_endpoint_free+0x8a/0xb0 [ 102.014599] [] sctp_destroy_sock+0x80/0x1d0 [ 102.021121] [] sk_common_release+0x5e/0x3e0 [ 102.028349] [] sctp_close+0x4bf/0x740 [ 102.034888] [] inet_release+0xd9/0x1c0 [ 102.041620] [] sock_release+0x83/0x1a0 [ 102.048076] [] sock_close+0xd/0x20 [ 102.053951] [] __fput+0x20e/0x750 [ 102.059958] [] ____fput+0x9/0x10 [ 102.065627] [] task_work_run+0x132/0x200 [ 102.071658] [] exit_to_usermode_loop+0x183/0x1c0 [ 102.078340] [] syscall_return_slowpath+0x275/0x2f0 [ 102.085312] [] entry_SYSCALL_64_fastpath+0xbf/0xc1 [ 102.092252] [ 102.093854] -> (&sctp_ep_hashtable[i].lock){++.+..} ops: 6 { [ 102.100272] HARDIRQ-ON-W at: [ 102.103650] [] __lock_acquire+0x1324/0x4f90 [ 102.112940] [] lock_acquire+0x196/0x480 [ 102.127101] [] _raw_write_lock+0x36/0x50 [ 102.134880] [] sctp_unhash_endpoint+0x13c/0x290 [ 102.143051] [] sctp_endpoint_free+0x8a/0xb0 [ 102.150948] [] sctp_destroy_sock+0x80/0x1d0 [ 102.158787] [] sctp_v6_destroy_sock+0xd/0x20 [ 102.166783] [] sk_common_release+0x5e/0x3e0 [ 102.174598] [] sctp_close+0x4bf/0x740 [ 102.181804] [] inet_release+0xd9/0x1c0 [ 102.189197] [] inet6_release+0x46/0x60 [ 102.196680] [] sock_release+0x83/0x1a0 [ 102.204017] [] sctp_ctrlsock_exit+0x5c/0x70 [ 102.211855] [] ops_exit_list.isra.4+0x8e/0x120 [ 102.219930] [] cleanup_net+0x2d0/0x540 [ 102.227224] [] process_one_work+0x698/0x1570 [ 102.235230] [] worker_thread+0xd7/0xf10 [ 102.242655] [] kthread+0x209/0x2d0 [ 102.249592] [] ret_from_fork+0x22/0x50 [ 102.256975] HARDIRQ-ON-R at: [ 102.260360] [] __lock_acquire+0xa8b/0x4f90 [ 102.268482] [] lock_acquire+0x196/0x480 [ 102.275997] [] _raw_read_lock+0x39/0x50 [ 102.283393] [] sctp_for_each_endpoint+0x9f/0x190 [ 102.291564] [] sctp_diag_dump+0x25a/0x380 [ 102.299405] [] __inet_diag_dump+0x80/0x120 [ 102.307381] [] inet_diag_dump+0x77/0xe0 [ 102.314775] [] netlink_dump+0x32d/0xa40 [ 102.322387] [] __netlink_dump_start+0x4a1/0x720 [ 102.330611] [] inet_diag_handler_cmd+0x241/0x2f0 [ 102.339084] [] sock_diag_rcv_msg+0x2d5/0x350 [ 102.347131] [] netlink_rcv_skb+0x242/0x350 [ 102.354983] [] sock_diag_rcv+0x25/0x40 [ 102.362353] [] netlink_unicast+0x455/0x660 [ 102.370079] [] netlink_sendmsg+0x893/0xb40 [ 102.377897] [] sock_sendmsg+0xb5/0xf0 [ 102.385198] [] sock_write_iter+0x1e2/0x3b0 [ 102.392935] [] do_iter_readv_writev+0x184/0x330 [ 102.401200] [] do_readv_writev+0x359/0x660 [ 102.408844] [] vfs_writev+0x6a/0xb0 [ 102.415898] [] do_writev+0xd8/0x270 [ 102.422970] [] SyS_writev+0xb/0x10 [ 102.430194] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 102.438744] SOFTIRQ-ON-R at: [ 102.442126] [] __lock_acquire+0x1392/0x4f90 [ 102.450198] [] lock_acquire+0x196/0x480 [ 102.457830] [] _raw_read_lock+0x39/0x50 [ 102.465310] [] sctp_for_each_endpoint+0x9f/0x190 [ 102.473765] [] sctp_diag_dump+0x25a/0x380 [ 102.481316] [] __inet_diag_dump+0x80/0x120 [ 102.488958] [] inet_diag_dump+0x77/0xe0 [ 102.496485] [] netlink_dump+0x32d/0xa40 [ 102.503942] [] __netlink_dump_start+0x4a1/0x720 [ 102.512029] [] inet_diag_handler_cmd+0x241/0x2f0 [ 102.520185] [] sock_diag_rcv_msg+0x2d5/0x350 [ 102.528002] [] netlink_rcv_skb+0x242/0x350 [ 102.536021] [] sock_diag_rcv+0x25/0x40 [ 102.543310] [] netlink_unicast+0x455/0x660 [ 102.550960] [] netlink_sendmsg+0x893/0xb40 [ 102.558600] [] sock_sendmsg+0xb5/0xf0 [ 102.566124] [] sock_write_iter+0x1e2/0x3b0 [ 102.573902] [] do_iter_readv_writev+0x184/0x330 [ 102.582187] [] do_readv_writev+0x359/0x660 [ 102.589875] [] vfs_writev+0x6a/0xb0 [ 102.597347] [] do_writev+0xd8/0x270 [ 102.604401] [] SyS_writev+0xb/0x10 [ 102.618519] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 102.627197] INITIAL USE at: [ 102.630587] [] __lock_acquire+0xb9e/0x4f90 [ 102.638418] [] lock_acquire+0x196/0x480 [ 102.645930] [] _raw_write_lock+0x36/0x50 [ 102.653381] [] sctp_unhash_endpoint+0x13c/0x290 [ 102.661508] [] sctp_endpoint_free+0x8a/0xb0 [ 102.669341] [] sctp_destroy_sock+0x80/0x1d0 [ 102.677000] [] sctp_v6_destroy_sock+0xd/0x20 [ 102.685046] [] sk_common_release+0x5e/0x3e0 [ 102.692869] [] sctp_close+0x4bf/0x740 [ 102.700408] [] inet_release+0xd9/0x1c0 [ 102.707697] [] inet6_release+0x46/0x60 [ 102.714996] [] sock_release+0x83/0x1a0 [ 102.722309] [] sctp_ctrlsock_exit+0x5c/0x70 [ 102.730552] [] ops_exit_list.isra.4+0x8e/0x120 [ 102.738545] [] cleanup_net+0x2d0/0x540 [ 102.745831] [] process_one_work+0x698/0x1570 [ 102.753643] [] worker_thread+0xd7/0xf10 [ 102.761290] [] kthread+0x209/0x2d0 [ 102.768619] [] ret_from_fork+0x22/0x50 [ 102.776003] } [ 102.777785] ... key at: [] __key.62716+0x0/0x40 [ 102.784670] ... acquired at: [ 102.787875] [] check_usage_backwards+0x2fa/0x330 [ 102.794570] [] mark_lock+0x76a/0x1200 [ 102.800414] [] __lock_acquire+0x1392/0x4f90 [ 102.806922] [] lock_acquire+0x196/0x480 [ 102.813107] [] _raw_read_lock+0x39/0x50 [ 102.819091] [] sctp_for_each_endpoint+0x9f/0x190 [ 102.825982] [] sctp_diag_dump+0x25a/0x380 [ 102.832265] [] __inet_diag_dump+0x80/0x120 [ 102.839105] [] inet_diag_dump+0x77/0xe0 [ 102.845093] [] netlink_dump+0x32d/0xa40 [ 102.851189] [] __netlink_dump_start+0x4a1/0x720 [ 102.858571] [] inet_diag_handler_cmd+0x241/0x2f0 [ 102.865507] [] sock_diag_rcv_msg+0x2d5/0x350 [ 102.872220] [] netlink_rcv_skb+0x242/0x350 [ 102.878568] [] sock_diag_rcv+0x25/0x40 [ 102.884555] [] netlink_unicast+0x455/0x660 [ 102.890861] [] netlink_sendmsg+0x893/0xb40 [ 102.897046] [] sock_sendmsg+0xb5/0xf0 [ 102.902778] [] sock_write_iter+0x1e2/0x3b0 [ 102.909145] [] do_iter_readv_writev+0x184/0x330 [ 102.915744] [] do_readv_writev+0x359/0x660 [ 102.921916] [] vfs_writev+0x6a/0xb0 [ 102.927477] [] do_writev+0xd8/0x270 [ 102.933271] [] SyS_writev+0xb/0x10 [ 102.938760] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 102.945698] [ 102.947323] [ 102.947323] stack backtrace: [ 102.951802] CPU: 0 PID: 7291 Comm: syz-executor3 Not tainted 4.6.0-rc2+ #1 [ 102.958831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 102.968166] 1ffffffff0cd5746 ffff8801cc347158 ffffffff829c2f86 ffffffff87d07c20 [ 102.976368] ffff8801cc347230 ffffffff87d07c20 ffffffff879a6e90 ffff8801cc3471b0 [ 102.984369] ffffffff8162624e ffff8801cc3471f0 00000000cc347188 ffffffff00000000 [ 102.992552] Call Trace: [ 102.995331] [] dump_stack+0xe6/0x120 [ 103.000770] [] print_irq_inversion_bug.part.42+0x347/0x356 [ 103.008051] [] check_usage_backwards+0x2fa/0x330 [ 103.014636] [] ? check_usage_forwards+0x330/0x330 [ 103.021285] [] ? save_stack_trace+0x26/0x50 [ 103.027340] [] ? save_trace+0xe0/0x2c0 [ 103.032858] [] mark_lock+0x76a/0x1200 [ 103.038293] [] ? check_usage_forwards+0x330/0x330 [ 103.044771] [] __lock_acquire+0x1392/0x4f90 [ 103.050895] [] ? mark_held_locks+0xc8/0x120 [ 103.056841] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 103.064362] [] ? retint_kernel+0x2d/0x2d [ 103.070051] [] ? sctp_tsp_dump+0xcc0/0xcc0 [ 103.076004] [] lock_acquire+0x196/0x480 [ 103.081608] [] ? sctp_for_each_endpoint+0x9f/0x190 [ 103.088340] [] ? sctp_tsp_dump+0xcc0/0xcc0 [ 103.094295] [] _raw_read_lock+0x39/0x50 [ 103.099924] [] ? sctp_for_each_endpoint+0x9f/0x190 [ 103.106497] [] sctp_for_each_endpoint+0x9f/0x190 [ 103.112965] [] sctp_diag_dump+0x25a/0x380 [ 103.118759] [] ? inet_diag_msg_sctpasoc_fill+0x970/0x970 [ 103.125960] [] __inet_diag_dump+0x80/0x120 [ 103.131919] [] inet_diag_dump+0x77/0xe0 [ 103.137525] [] netlink_dump+0x32d/0xa40 [ 103.143144] [] ? mark_held_locks+0xc8/0x120 [ 103.150188] [] __netlink_dump_start+0x4a1/0x720 [ 103.156493] [] inet_diag_handler_cmd+0x241/0x2f0 [ 103.162984] [] ? inet_diag_rcv_msg_compat+0x2e0/0x2e0 [ 103.170274] [] ? inet_diag_dump_compat+0x2a0/0x2a0 [ 103.176845] [] sock_diag_rcv_msg+0x2d5/0x350 [ 103.182919] [] netlink_rcv_skb+0x242/0x350 [ 103.188899] [] ? sock_diag_bind+0x50/0x50 [ 103.194796] [] sock_diag_rcv+0x25/0x40 [ 103.200329] [] netlink_unicast+0x455/0x660 [ 103.206367] [] ? netlink_unicast+0x3b5/0x660 [ 103.212582] [] ? netlink_attachskb+0x730/0x730 [ 103.218791] [] netlink_sendmsg+0x893/0xb40 [ 103.224946] [] ? netlink_unicast+0x660/0x660 [ 103.230990] [] ? selinux_socket_sendmsg+0x3a/0x50 [ 103.237770] [] ? security_socket_sendmsg+0x6a/0xa0 [ 103.244356] [] ? netlink_unicast+0x660/0x660 [ 103.250414] [] sock_sendmsg+0xb5/0xf0 [ 103.255863] [] sock_write_iter+0x1e2/0x3b0 [ 103.261734] [] ? sock_sendmsg+0xf0/0xf0 [ 103.267505] [] ? selinux_bprm_committing_creds+0x6f0/0x6f0 [ 103.275366] [] ? ___might_sleep+0x431/0x440 [ 103.281377] [] do_iter_readv_writev+0x184/0x330 [ 103.287801] [] ? vfs_iter_write+0x390/0x390 [ 103.293953] [] ? rw_verify_area+0xb9/0x290 [ 103.300159] [] do_readv_writev+0x359/0x660 [ 103.306553] [] ? vfs_write+0x4a0/0x4a0 [ 103.312355] [] ? retint_kernel+0x2d/0x2d [ 103.318251] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 103.327275] [] ? __fget+0x1df/0x320 [ 103.332962] [] ? __fget+0x42/0x320 [ 103.340448] [] vfs_writev+0x6a/0xb0 [ 103.347655] [] ? __fdget_pos+0x13/0xb0 [ 103.353444] [] do_writev+0xd8/0x270 [ 103.359982] [] ? vfs_writev+0xb0/0xb0 [ 103.366284] [] ? trace_hardirqs_on_caller+0x44c/0x5e0 [ 103.373113] [] ? trace_hardirqs_on_thunk+0x1b/0x1d [ 103.379860] [] SyS_writev+0xb/0x10 [ 103.385266] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 103.440043] ================================================================== [ 103.447540] BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 at addr ffff8800af82efa0 [ 103.455764] Read of size 128 by task syz-executor3/7291 [ 103.461135] CPU: 0 PID: 7291 Comm: syz-executor3 Not tainted 4.6.0-rc2+ #1 [ 103.468320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 103.477666] 1ffffffff0cd5746 ffff8801cc3472b8 ffffffff829c2f86 0000000000000080 [ 103.486176] ffff8801cc347348 ffff8800af82ef80 ffff8801da800200 ffff8801cc347338 [ 103.494410] ffffffff8174e337 0000000000000001 0000000000000007 0000000000000286 [ 103.502626] Call Trace: [ 103.505204] [] dump_stack+0xe6/0x120 [ 103.510649] [] kasan_report_error+0x1e7/0x5c0 [ 103.517150] [] ? retint_kernel+0x2d/0x2d [ 103.523145] [] kasan_report+0x34/0x40 [ 103.528688] [] ? memcpy+0x1d/0x40 [ 103.533880] [] __asan_loadN+0x12a/0x180 [ 103.539589] [] memcpy+0x1d/0x40 [ 103.544522] [] inet_sctp_diag_fill+0x65e/0xc60 [ 103.551005] [] ? sctp_diag_dump+0x380/0x380 [ 103.557281] [] ? __schedule+0x917/0x1c10 [ 103.563157] [] ? sctp_tsp_dump+0xcc0/0xcc0 [ 103.569297] [] sctp_ep_dump+0x46b/0x6d0 [ 103.574904] [] ? sctp_tsp_dump+0xcc0/0xcc0 [ 103.580781] [] ? sctp_tsp_dump+0xcc0/0xcc0 [ 103.586651] [] sctp_for_each_endpoint+0xe4/0x190 [ 103.593208] [] sctp_diag_dump+0x25a/0x380 [ 103.598981] [] ? inet_diag_msg_sctpasoc_fill+0x970/0x970 [ 103.606282] [] __inet_diag_dump+0x80/0x120 [ 103.612158] [] inet_diag_dump+0x77/0xe0 [ 103.618212] [] netlink_dump+0x32d/0xa40 [ 103.624102] [] ? mark_held_locks+0xc8/0x120 [ 103.630225] [] __netlink_dump_start+0x4a1/0x720 [ 103.636639] [] inet_diag_handler_cmd+0x241/0x2f0 [ 103.643196] [] ? inet_diag_rcv_msg_compat+0x2e0/0x2e0 [ 103.650273] [] ? inet_diag_dump_compat+0x2a0/0x2a0 [ 103.656837] [] sock_diag_rcv_msg+0x2d5/0x350 [ 103.662959] [] netlink_rcv_skb+0x242/0x350 [ 103.668912] [] ? sock_diag_bind+0x50/0x50 [ 103.674771] [] sock_diag_rcv+0x25/0x40 [ 103.680282] [] netlink_unicast+0x455/0x660 [ 103.686239] [] ? netlink_unicast+0x3b5/0x660 [ 103.692460] [] ? netlink_attachskb+0x730/0x730 [ 103.698669] [] netlink_sendmsg+0x893/0xb40 [ 103.704710] [] ? netlink_unicast+0x660/0x660 [ 103.710843] [] ? selinux_socket_sendmsg+0x3a/0x50 [ 103.717404] [] ? security_socket_sendmsg+0x6a/0xa0 [ 103.724056] [] ? netlink_unicast+0x660/0x660 [ 103.730218] [] sock_sendmsg+0xb5/0xf0 [ 103.735908] [] sock_write_iter+0x1e2/0x3b0 [ 103.741765] [] ? sock_sendmsg+0xf0/0xf0 [ 103.747750] [] ? selinux_bprm_committing_creds+0x6f0/0x6f0 [ 103.755111] [] ? ___might_sleep+0x431/0x440 [ 103.761154] [] do_iter_readv_writev+0x184/0x330 [ 103.767906] [] ? vfs_iter_write+0x390/0x390 [ 103.774112] [] ? rw_verify_area+0xb9/0x290 [ 103.779973] [] do_readv_writev+0x359/0x660 [ 103.785831] [] ? vfs_write+0x4a0/0x4a0 [ 103.791346] [] ? retint_kernel+0x2d/0x2d [ 103.797234] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 103.804144] [] ? __fget+0x1df/0x320 [ 103.809403] [] ? __fget+0x42/0x320 [ 103.814743] [] vfs_writev+0x6a/0xb0 [ 103.820081] [] ? __fdget_pos+0x13/0xb0 [ 103.826228] [] do_writev+0xd8/0x270 [ 103.831479] [] ? vfs_writev+0xb0/0xb0 [ 103.837014] [] ? trace_hardirqs_on_caller+0x44c/0x5e0 [ 103.843832] [] ? trace_hardirqs_on_thunk+0x1b/0x1d [ 103.850503] [] SyS_writev+0xb/0x10 [ 103.855680] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 103.862423] Object at ffff8800af82ef80, in cache kmalloc-64 [ 103.868285] Object allocated with size 64 bytes. [ 103.873295] Allocation: [ 103.875954] PID = 7291 [ 103.878424] [] save_stack_trace+0x26/0x50 [ 103.884439] [] save_stack+0x46/0xd0 [ 103.889816] [] kasan_kmalloc+0xc9/0xe0 [ 103.895622] [] kmem_cache_alloc_trace+0x142/0x6b0 [ 103.902724] [] sctp_add_bind_addr+0x5f/0x240 [ 103.908969] [] sctp_do_bind+0x2cf/0x4c0 [ 103.914867] [] sctp_autobind+0x14c/0x1b0 [ 103.920684] [] __sctp_connect+0x4f5/0xa30 [ 103.926586] [] sctp_connect+0x95/0xd0 [ 103.932132] [] inet_dgram_connect+0xf1/0x220 [ 103.938540] [] SYSC_connect+0x202/0x2a0 [ 103.944266] [] SyS_connect+0x9/0x10 [ 103.949655] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 103.956386] Memory state around the buggy address: [ 103.961305] ffff8800af82ee80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 103.968692] ffff8800af82ef00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 103.976111] >ffff8800af82ef80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 103.983457] ^ [ 103.988990] ffff8800af82f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 103.996412] ffff8800af82f080: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 104.004124] ================================================================== [ 104.025850] ================================================================== [ 104.033375] BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 at addr ffff8801d7b64ca0 [ 104.041493] Read of size 128 by task syz-executor3/7291 [ 104.046918] CPU: 0 PID: 7291 Comm: syz-executor3 Tainted: G B 4.6.0-rc2+ #1 [ 104.055473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 104.064952] 1ffffffff0cd5746 ffff8801cc3472b8 ffffffff829c2f86 0000000000000080 [ 104.072963] ffff8801cc347348 ffff8801d7b64c80 ffff8801da800200 ffff8801cc347338 [ 104.080982] ffffffff8174e337 0000000000000001 0000000000000007 0000000000000286 [ 104.088984] Call Trace: [ 104.091548] [] dump_stack+0xe6/0x120 [ 104.096889] [] kasan_report_error+0x1e7/0x5c0 [ 104.103009] [] ? retint_kernel+0x2d/0x2d [ 104.108693] [] kasan_report+0x34/0x40 [ 104.114118] [] ? memcpy+0x1d/0x40 [ 104.119211] [] __asan_loadN+0x12a/0x180 [ 104.124815] [] memcpy+0x1d/0x40 [ 104.129732] [] inet_sctp_diag_fill+0x65e/0xc60 [ 104.135948] [] ? sctp_diag_dump+0x380/0x380 [ 104.141893] [] ? sctp_tsp_dump+0xcc0/0xcc0 [ 104.147846] [] sctp_ep_dump+0x46b/0x6d0 [ 104.153549] [] ? sctp_tsp_dump+0xcc0/0xcc0 [ 104.159514] [] ? sctp_tsp_dump+0xcc0/0xcc0 [ 104.166942] [] sctp_for_each_endpoint+0xe4/0x190 [ 104.173371] [] sctp_diag_dump+0x25a/0x380 [ 104.179144] [] ? inet_diag_msg_sctpasoc_fill+0x970/0x970 [ 104.186232] [] __inet_diag_dump+0x80/0x120 [ 104.192095] [] inet_diag_dump+0x77/0xe0 [ 104.197695] [] netlink_dump+0x32d/0xa40 [ 104.203472] [] ? mark_held_locks+0xc8/0x120 [ 104.209528] [] __netlink_dump_start+0x4a1/0x720 [ 104.215916] [] inet_diag_handler_cmd+0x241/0x2f0 [ 104.222359] [] ? inet_diag_rcv_msg_compat+0x2e0/0x2e0 [ 104.229958] [] ? inet_diag_dump_compat+0x2a0/0x2a0 [ 104.236776] [] sock_diag_rcv_msg+0x2d5/0x350 [ 104.242816] [] netlink_rcv_skb+0x242/0x350 [ 104.248771] [] ? sock_diag_bind+0x50/0x50 [ 104.254638] [] sock_diag_rcv+0x25/0x40 [ 104.260161] [] netlink_unicast+0x455/0x660 [ 104.266017] [] ? netlink_unicast+0x3b5/0x660 [ 104.272224] [] ? netlink_attachskb+0x730/0x730 [ 104.278547] [] netlink_sendmsg+0x893/0xb40 [ 104.284404] [] ? netlink_unicast+0x660/0x660 [ 104.290534] [] ? selinux_socket_sendmsg+0x3a/0x50 [ 104.296999] [] ? security_socket_sendmsg+0x6a/0xa0 [ 104.303657] [] ? netlink_unicast+0x660/0x660 [ 104.309691] [] sock_sendmsg+0xb5/0xf0 [ 104.315125] [] sock_write_iter+0x1e2/0x3b0 [ 104.321094] [] ? sock_sendmsg+0xf0/0xf0 [ 104.326709] [] ? selinux_bprm_committing_creds+0x6f0/0x6f0 [ 104.333973] [] ? ___might_sleep+0x431/0x440 [ 104.340095] [] do_iter_readv_writev+0x184/0x330 [ 104.346391] [] ? vfs_iter_write+0x390/0x390 [ 104.352384] [] ? rw_verify_area+0xb9/0x290 [ 104.358422] [] do_readv_writev+0x359/0x660 [ 104.364280] [] ? vfs_write+0x4a0/0x4a0 [ 104.369793] [] ? retint_kernel+0x2d/0x2d [ 104.375562] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 104.382299] [] ? __fget+0x1df/0x320 [ 104.387693] [] ? __fget+0x42/0x320 [ 104.392862] [] vfs_writev+0x6a/0xb0 [ 104.398155] [] ? __fdget_pos+0x13/0xb0 [ 104.403672] [] do_writev+0xd8/0x270 [ 104.408933] [] ? vfs_writev+0xb0/0xb0 [ 104.414532] [] ? trace_hardirqs_on_caller+0x44c/0x5e0 [ 104.421365] [] ? trace_hardirqs_on_thunk+0x1b/0x1d [ 104.428025] [] SyS_writev+0xb/0x10 [ 104.433276] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 104.439827] Object at ffff8801d7b64c80, in cache kmalloc-64 [ 104.445526] Object allocated with size 64 bytes. [ 104.450419] Allocation: [ 104.452976] PID = 7303 [ 104.455445] [] save_stack_trace+0x26/0x50 [ 104.461523] [] save_stack+0x46/0xd0 [ 104.466991] [] kasan_kmalloc+0xc9/0xe0 [ 104.472708] [] kmem_cache_alloc_trace+0x142/0x6b0 [ 104.479475] [] sctp_add_bind_addr+0x5f/0x240 [ 104.485715] [] sctp_do_bind+0x2cf/0x4c0 [ 104.491436] [] sctp_autobind+0x14c/0x1b0 [ 104.497330] [] __sctp_connect+0x4f5/0xa30 [ 104.503330] [] sctp_connect+0x95/0xd0 [ 104.508894] [] inet_dgram_connect+0xf1/0x220 [ 104.515249] [] SYSC_connect+0x202/0x2a0 [ 104.520973] [] SyS_connect+0x9/0x10 [ 104.526342] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 104.533118] Memory state around the buggy address: [ 104.538024] ffff8801d7b64b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 104.545618] ffff8801d7b64c00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 104.553293] >ffff8801d7b64c80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 104.560623] ^ [ 104.566045] ffff8801d7b64d00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 104.573385] ffff8801d7b64d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 104.580815] ================================================================== [ 104.595954] ================================================================== [ 104.603719] BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 at addr ffff8801d7b64ca0 [ 104.612115] Read of size 128 by task syz-executor3/7303 [ 104.617553] CPU: 0 PID: 7303 Comm: syz-executor3 Tainted: G B 4.6.0-rc2+ #1 [ 104.636762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 104.646655] 1ffffffff0cd5746 ffff8800af8a72b8 ffffffff829c2f86 0000000000000080 [ 104.654745] ffff8800af8a7348 ffff8801d7b64c80 ffff8801da800200 ffff8800af8a7338 [ 104.662870] ffffffff8174e337 ffffed0015f12597 ffff8800af892cb3 0000000000000286 [ 104.670996] Call Trace: [ 104.673578] [] dump_stack+0xe6/0x120 [ 104.678929] [] kasan_report_error+0x1e7/0x5c0 [ 104.685063] [] kasan_report+0x34/0x40 [ 104.690843] [] ? memcpy+0x1d/0x40 [ 104.696039] [] __asan_loadN+0x12a/0x180 [ 104.701740] [] memcpy+0x1d/0x40 [ 104.706649] [] inet_sctp_diag_fill+0x65e/0xc60 [ 104.712858] [] ? sctp_diag_dump+0x380/0x380 [ 104.718899] [] ? retint_kernel+0x2d/0x2d [ 104.724776] [] sctp_ep_dump+0x46b/0x6d0 [ 104.730472] [] ? sctp_tsp_dump+0xcc0/0xcc0 [ 104.736511] [] ? sctp_tsp_dump+0xcc0/0xcc0 [ 104.742460] [] sctp_for_each_endpoint+0xe4/0x190 [ 104.749107] [] sctp_diag_dump+0x25a/0x380 [ 104.754884] [] ? inet_diag_msg_sctpasoc_fill+0x970/0x970 [ 104.762050] [] __inet_diag_dump+0x80/0x120 [ 104.768471] [] inet_diag_dump+0x77/0xe0 [ 104.774473] [] netlink_dump+0x32d/0xa40 [ 104.780267] [] __netlink_dump_start+0x4a1/0x720 [ 104.787087] [] inet_diag_handler_cmd+0x241/0x2f0 [ 104.793730] [] ? inet_diag_rcv_msg_compat+0x2e0/0x2e0 [ 104.800892] [] ? inet_diag_dump_compat+0x2a0/0x2a0 [ 104.807822] [] ? mutex_lock_nested+0x638/0xb30 [ 104.814549] [] ? sock_diag_rcv+0x16/0x40 [ 104.820567] [] ? netlink_lookup+0xd4/0x630 [ 104.826523] [] sock_diag_rcv_msg+0x2d5/0x350 [ 104.832732] [] netlink_rcv_skb+0x242/0x350 [ 104.838778] [] ? sock_diag_bind+0x50/0x50 [ 104.844644] [] sock_diag_rcv+0x25/0x40 [ 104.850588] [] netlink_unicast+0x455/0x660 [ 104.856447] [] ? netlink_unicast+0x3b5/0x660 [ 104.862665] [] ? netlink_attachskb+0x730/0x730 [ 104.869155] [] netlink_sendmsg+0x893/0xb40 [ 104.875100] [] ? netlink_unicast+0x660/0x660 [ 104.881149] [] ? selinux_socket_sendmsg+0x3a/0x50 [ 104.887654] [] ? security_socket_sendmsg+0x6a/0xa0 [ 104.894207] [] ? netlink_unicast+0x660/0x660 [ 104.900356] [] sock_sendmsg+0xb5/0xf0 [ 104.905778] [] sock_write_iter+0x1e2/0x3b0 [ 104.911681] [] ? sock_sendmsg+0xf0/0xf0 [ 104.917560] [] ? selinux_bprm_committing_creds+0x6f0/0x6f0 [ 104.924817] [] ? ___might_sleep+0x431/0x440 [ 104.930995] [] do_iter_readv_writev+0x184/0x330 [ 104.937289] [] ? vfs_iter_write+0x390/0x390 [ 104.943242] [] ? rw_verify_area+0xb9/0x290 [ 104.949297] [] do_readv_writev+0x359/0x660 [ 104.955156] [] ? vfs_write+0x4a0/0x4a0 [ 104.960982] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 104.968059] [] ? __fget+0x42/0x320 [ 104.973237] [] ? __fget+0x1df/0x320 [ 104.978760] [] ? __fget+0x42/0x320 [ 104.983938] [] vfs_writev+0x6a/0xb0 [ 104.989412] [] ? __fdget_pos+0x13/0xb0 [ 104.995225] [] do_writev+0xd8/0x270 [ 105.000476] [] ? vfs_writev+0xb0/0xb0 [ 105.006606] [] ? trace_hardirqs_on_thunk+0x1b/0x1d [ 105.013246] [] SyS_writev+0xb/0x10 [ 105.018414] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 105.025158] Object at ffff8801d7b64c80, in cache kmalloc-64 [ 105.030842] Object allocated with size 64 bytes. [ 105.035568] Allocation: [ 105.038130] PID = 7303 [ 105.040672] [] save_stack_trace+0x26/0x50 [ 105.046574] [] save_stack+0x46/0xd0 [ 105.052130] [] kasan_kmalloc+0xc9/0xe0 [ 105.057761] [] kmem_cache_alloc_trace+0x142/0x6b0 [ 105.064505] [] sctp_add_bind_addr+0x5f/0x240 [ 105.070781] [] sctp_do_bind+0x2cf/0x4c0 [ 105.076506] [] sctp_autobind+0x14c/0x1b0 [ 105.082377] [] __sctp_connect+0x4f5/0xa30 [ 105.088275] [] sctp_connect+0x95/0xd0 [ 105.093836] [] inet_dgram_connect+0xf1/0x220 [ 105.100087] [] SYSC_connect+0x202/0x2a0 [ 105.105804] [] SyS_connect+0x9/0x10 [ 105.111245] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 105.118192] Memory state around the buggy address: [ 105.123097] ffff8801d7b64b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.130435] ffff8801d7b64c00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 105.137781] >ffff8801d7b64c80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 105.145119] ^ [ 105.150670] ffff8801d7b64d00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 105.158141] ffff8801d7b64d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 105.165645] ================================================================== [ 105.188622] ------------[ cut here ]------------ [ 105.193494] WARNING: CPU: 1 PID: 5693 at include/net/sock.h:1408 tcp_close+0x458/0xef0 [ 105.201709] Kernel panic - not syncing: panic_on_warn set ... [ 105.201709] [ 105.209083] CPU: 1 PID: 5693 Comm: syz-executor5 Tainted: G B 4.6.0-rc2+ #1 [ 105.217428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 105.226768] 1ffffffff0cd5746 ffff8800b4fbfbe8 ffffffff829c2f86 ffffffff85884a00 [ 105.234966] ffff8800b4fbfcc0 ffffffff8605d300 ffffffff84b72b28 ffff8800b4fbfcb0 [ 105.242997] ffffffff81625833 0000000041b58ab3 ffffffff8645bc17 ffffffff81625684 [ 105.251063] Call Trace: [ 105.251531] ------------[ cut here ]------------ [ 105.251542] WARNING: CPU: 0 PID: 5695 at include/net/sock.h:1408 tcp_close+0x458/0xef0 [ 105.251545] Modules linked in: [ 105.269748] [] dump_stack+0xe6/0x120 [ 105.275275] [] ? tcp_close+0x458/0xef0 [ 105.280878] [] panic+0x1af/0x348 [ 105.286405] [] ? set_ti_thread_flag+0xf/0xf [ 105.292444] [] ? tcp_close+0x458/0xef0 [ 105.297964] [] __warn+0x18d/0x1b0 [ 105.303139] [] warn_slowpath_null+0x18/0x20 [ 105.309355] [] tcp_close+0x458/0xef0 [ 105.314787] [] ? __might_fault+0x161/0x1b0 [ 105.320647] [] ? __might_fault+0xc6/0x1b0 [ 105.326438] [] ? __fsnotify_update_child_dentry_flags.part.1+0x260/0x260 [ 105.335001] [] inet_release+0xd9/0x1c0 [ 105.340789] [] sock_release+0x83/0x1a0 [ 105.346574] [] sock_close+0xd/0x20 [ 105.351870] [] __fput+0x20e/0x750 [ 105.357049] [] ____fput+0x9/0x10 [ 105.362049] [] task_work_run+0x132/0x200 [ 105.367748] [] exit_to_usermode_loop+0x183/0x1c0 [ 105.374134] [] syscall_return_slowpath+0x275/0x2f0 [ 105.380689] [] entry_SYSCALL_64_fastpath+0xbf/0xc1 [ 105.387425] CPU: 0 PID: 5695 Comm: syz-executor4 Tainted: G B 4.6.0-rc2+ #1 [ 105.395640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 105.404969] 1ffffffff0cd5746 ffff8800b0457cb0 ffffffff829c2f86 0000000000000000 [ 105.413101] 0000000000000000 ffffffff8605d300 ffffffff84b72b28 ffff8800b0457cf8 [ 105.421369] ffffffff8134dadd ffff8800b7fb8600 ffff880100000580 ffff8801cc2ad492 [ 105.429463] Call Trace: [ 105.432066] [] dump_stack+0xe6/0x120 [ 105.437667] [] ? tcp_close+0x458/0xef0 [ 105.443184] [] __warn+0x16d/0x1b0 [ 105.448361] [] warn_slowpath_null+0x18/0x20 [ 105.454311] [] tcp_close+0x458/0xef0 [ 105.459657] [] ? __might_fault+0x161/0x1b0 [ 105.465603] [] ? __might_fault+0xc6/0x1b0 [ 105.471617] [] ? __fsnotify_update_child_dentry_flags.part.1+0x260/0x260 [ 105.480085] [] inet_release+0xd9/0x1c0 [ 105.485624] [] sock_release+0x83/0x1a0 [ 105.491185] [] sock_close+0xd/0x20 [ 105.496459] [] __fput+0x20e/0x750 [ 105.501548] [] ____fput+0x9/0x10 [ 105.506724] [] task_work_run+0x132/0x200 [ 105.512500] [] exit_to_usermode_loop+0x183/0x1c0 [ 105.518883] [] syscall_return_slowpath+0x275/0x2f0 [ 105.525656] [] entry_SYSCALL_64_fastpath+0xbf/0xc1 [ 105.534363] Kernel Offset: disabled