pkg/report: move from report

5 files changed, 2457 insertions, 1 deletions

diff --git a/pkg/report/guilty.go b/pkg/report/guilty.go
new file mode 100644
index 000000000..087d2f275
--- /dev/null
+++ b/pkg/report/guilty.go
@@ -0,0 +1,54 @@
+// Copyright 2017 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package report
+
+import (
+	"regexp"
+	"strings"
+)
+
+var (
+	filename  = regexp.MustCompile(`[a-zA-Z0-9_\-\./]*[a-zA-Z0-9_\-]+\.(c|h):[0-9]+`)
+	blacklist = []*regexp.Regexp{
+		regexp.MustCompile(`.*\.h`),
+		regexp.MustCompile(`^lib/.*`),
+		regexp.MustCompile(`^virt/lib/.*`),
+		regexp.MustCompile(`^mm/kasan/.*`),
+		regexp.MustCompile(`^mm/kmsan/.*`),
+		regexp.MustCompile(`^mm/percpu.*`),
+		regexp.MustCompile(`^mm/vmalloc.c`),
+		regexp.MustCompile(`^mm/page_alloc.c`),
+		regexp.MustCompile(`^kernel/rcu/.*`),
+		regexp.MustCompile(`^arch/.*/kernel/traps.c`),
+		regexp.MustCompile(`^kernel/locking/*`),
+		regexp.MustCompile(`^kernel/panic.c`),
+		regexp.MustCompile(`^kernel/softirq.c`),
+		regexp.MustCompile(`^net/core/dev.c`),
+		regexp.MustCompile(`^net/core/sock.c`),
+		regexp.MustCompile(`^net/core/skbuff.c`),
+	}
+)
+
+func extractFiles(log string) []string {
+	matches := filename.FindAllString(log, -1)
+	var files []string
+	for _, match := range matches {
+		files = append(files, strings.Split(match, ":")[0])
+	}
+	return files
+}
+
+func ExtractGuiltyFile(log string) string {
+	files := extractFiles(log)
+nextFile:
+	for _, file := range files {
+		for _, re := range blacklist {
+			if re.MatchString(file) {
+				continue nextFile
+			}
+		}
+		return file
+	}
+	return ""
+}
diff --git a/pkg/report/guilty_test.go b/pkg/report/guilty_test.go
new file mode 100644
index 000000000..2f4b9c244
--- /dev/null
+++ b/pkg/report/guilty_test.go
@@ -0,0 +1,715 @@
+// Copyright 2017 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package report
+
+import (
+	"testing"
+)
+
+func TestGuilty(t *testing.T) {
+	tests := map[string]string{
+		`
+==================================================================
+BUG: KASAN: use-after-free in ip6_send_skb+0x2f5/0x330 net/ipv6/ip6_output.c:1748
+Read of size 8 at addr ffff88004fab1858 by task syz-executor0/30168
+
+CPU: 0 PID: 30168 Comm: syz-executor0 Not tainted 4.12.0-rc3+ #3
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+Call Trace:
+ __dump_stack lib/dump_stack.c:16 [inline]
+ dump_stack+0x292/0x395 lib/dump_stack.c:52
+ print_address_description+0x78/0x280 mm/kasan/report.c:252
+ kasan_report_error mm/kasan/report.c:351 [inline]
+ kasan_report+0x230/0x340 mm/kasan/report.c:408
+ __asan_report_load8_noabort+0x19/0x20 mm/kasan/report.c:429
+ ip6_send_skb+0x2f5/0x330 net/ipv6/ip6_output.c:1748
+ ip6_push_pending_frames+0xb8/0xe0 net/ipv6/ip6_output.c:1763
+ rawv6_push_pending_frames net/ipv6/raw.c:613 [inline]
+ rawv6_sendmsg+0x2ede/0x4400 net/ipv6/raw.c:932
+ inet_sendmsg+0x169/0x5c0 net/ipv4/af_inet.c:762
+ sock_sendmsg_nosec net/socket.c:633 [inline]
+ sock_sendmsg+0xcf/0x110 net/socket.c:643
+ SYSC_sendto+0x660/0x810 net/socket.c:1696
+ SyS_sendto+0x45/0x60 net/socket.c:1664
+ entry_SYSCALL_64_fastpath+0x1f/0xbe
+RIP: 0033:0x446179
+RSP: 002b:00007f1f48124c08 EFLAGS: 00000286 ORIG_RAX: 000000000000002c
+RAX: ffffffffffffffda RBX: 0000000000004350 RCX: 0000000000446179
+RDX: 0000000000000873 RSI: 0000000020fd878d RDI: 0000000000000016
+RBP: 00000000ffffffff R08: 00000000204e8fe4 R09: 000000000000001c
+R10: 0000000000000840 R11: 0000000000000286 R12: 0000000000000016
+R13: 0000000000000000 R14: 00007f1f481259c0 R15: 00007f1f48125700
+`: `net/ipv6/ip6_output.c`,
+		`
+DEBUG_LOCKS_WARN_ON(class_idx > MAX_LOCKDEP_KEYS)
+------------[ cut here ]------------
+WARNING: CPU: 2 PID: 24023 at kernel/locking/lockdep.c:3344 __lock_acquire+0x10e5/0x3690 kernel/locking/lockdep.c:3344
+Kernel panic - not syncing: panic_on_warn set ...
+
+CPU: 2 PID: 24023 Comm: syz-executor1 Not tainted 4.12.0-rc3+ #370
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+Call Trace:
+ __dump_stack lib/dump_stack.c:16 [inline]
+ dump_stack+0x292/0x395 lib/dump_stack.c:52
+ panic+0x1cb/0x3a9 kernel/panic.c:180
+ __warn+0x1c4/0x1e0 kernel/panic.c:541
+ report_bug+0x211/0x2d0 lib/bug.c:183
+ fixup_bug arch/x86/kernel/traps.c:190 [inline]
+ do_trap_no_signal arch/x86/kernel/traps.c:224 [inline]
+ do_trap+0x32c/0x410 arch/x86/kernel/traps.c:273
+ do_error_trap+0x15a/0x3e0 arch/x86/kernel/traps.c:310
+ do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:323
+ invalid_op+0x1e/0x30 arch/x86/entry/entry_64.S:844
+RIP: 0010:__lock_acquire+0x10e5/0x3690 kernel/locking/lockdep.c:3344
+RSP: 0018:ffff88005aba6100 EFLAGS: 00010086
+RAX: 0000000000000031 RBX: ffff880058995b40 RCX: 0000000000000000
+RDX: 0000000000000031 RSI: ffffffff81458577 RDI: ffffed000b574c12
+RBP: ffff88005aba6640 R08: 0000000000000001 R09: 0000000000000001
+R10: ffff8800589963a0 R11: fffffbfff0e0fc7a R12: 0000000000000000
+R13: 0000000000000010 R14: 0000000000000001 R15: 0000000000000010
+ lock_acquire+0x22d/0x560 kernel/locking/lockdep.c:3855
+ seqcount_lockdep_reader_access include/linux/seqlock.h:80 [inline]
+ read_seqcount_begin include/linux/seqlock.h:163 [inline]
+ read_seqbegin include/linux/seqlock.h:433 [inline]
+ neigh_hh_output include/net/neighbour.h:456 [inline]
+ neigh_output include/net/neighbour.h:477 [inline]
+ ip6_finish_output2+0x109a/0x2540 net/ipv6/ip6_output.c:123
+ ip6_finish_output+0x302/0x930 net/ipv6/ip6_output.c:149
+ NF_HOOK_COND include/linux/netfilter.h:246 [inline]
+ ip6_output+0x1c2/0x8a0 net/ipv6/ip6_output.c:163
+ ip6_xmit+0xd38/0x21c0 include/net/dst.h:492
+ inet6_csk_xmit+0x331/0x600 net/ipv6/inet6_connection_sock.c:139
+ tcp_transmit_skb+0x1ad8/0x3460 net/ipv4/tcp_output.c:1055
+ tcp_connect+0x2195/0x2f30 net/ipv4/tcp_output.c:3381
+ tcp_v6_connect+0x1c0b/0x20f0 net/ipv6/tcp_ipv6.c:304
+ __inet_stream_connect+0x2ee/0xf90 net/ipv4/af_inet.c:618
+ inet_stream_connect+0x58/0xa0 net/ipv4/af_inet.c:682
+ SYSC_connect+0x251/0x590 net/socket.c:1588
+ SyS_connect+0x24/0x30 net/socket.c:1569
+ entry_SYSCALL_64_fastpath+0x1f/0xbe
+RIP: 0033:0x446179
+RSP: 002b:00007fb738f47c08 EFLAGS: 00000286 ORIG_RAX: 000000000000002a
+RAX: ffffffffffffffda RBX: 0000000000000400 RCX: 0000000000446179
+RDX: 000000000000001c RSI: 0000000020411000 RDI: 0000000000000005
+RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000005
+R13: 0000000000000000 R14: 00007fb738f489c0 R15: 00007fb738f48700
+Dumping ftrace buffer:
+   (ftrace buffer empty)
+Kernel Offset: disabled
+Rebooting in 86400 seconds..
+`: `net/ipv6/ip6_output.c`,
+		`
+kasan: CONFIG_KASAN_INLINE enabled
+kasan: GPF could be caused by NULL-ptr deref or user memory access
+general protection fault: 0000 [#1] SMP KASAN
+Dumping ftrace buffer:
+   (ftrace buffer empty)
+Modules linked in:
+CPU: 2 PID: 10785 Comm: kworker/2:4 Not tainted 4.12.0-rc3+ #370
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+Workqueue: events bpf_map_free_deferred
+task: ffff880061ce9700 task.stack: ffff880060b40000
+RIP: 0010:pcpu_addr_to_page mm/percpu-vm.c:358 [inline]
+RIP: 0010:pcpu_chunk_addr_search mm/percpu.c:852 [inline]
+RIP: 0010:free_percpu+0x189/0x4a0 mm/percpu.c:1264
+RSP: 0018:ffff880060b47188 EFLAGS: 00010002
+RAX: 0000000000000000 RBX: 1ffff1000c168e34 RCX: 0000000000000002
+RDX: dffffc0000000000 RSI: 000000000ca9ca67 RDI: 0000000000000010
+RBP: ffff880060b47328 R08: 0000000000000002 R09: 8a21721700000000
+R10: ffff880061ce9f38 R11: dffffc0000000000 R12: ffff88007ffee210
+R13: ffff880060b47300 R14: ffff88003ec00000 R15: ffffe8fcd0a1c608
+FS:  0000000000000000(0000) GS:ffff88006de00000(0000) knlGS:0000000000000000
+CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00000000006e7680 CR3: 000000002e973000 CR4: 00000000000006e0
+Call Trace:
+ htab_free_elems+0x191/0x250 kernel/bpf/hashtab.c:112
+ prealloc_destroy+0x17/0x90 kernel/bpf/hashtab.c:191
+ htab_map_free+0xe6/0x650 kernel/bpf/hashtab.c:1093
+ bpf_map_free_deferred+0xac/0xd0 kernel/bpf/syscall.c:124
+ process_one_work+0xc03/0x1bd0 kernel/workqueue.c:2097
+ worker_thread+0x223/0x1860 kernel/workqueue.c:2231
+ kthread+0x35e/0x430 kernel/kthread.c:231
+ ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:424
+Code: 80 3c 02 00 0f 85 e0 02 00 00 49 8b 3c 24 4c 01 ff e8 ec be 06 00 48 8d 78 10 48 ba 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 c2 02 00 00 4c 8b 60 10 48 b8 00 00 00 00 00 
+RIP: pcpu_addr_to_page mm/percpu-vm.c:358 [inline] RSP: ffff880060b47188
+RIP: pcpu_chunk_addr_search mm/percpu.c:852 [inline] RSP: ffff880060b47188
+RIP: free_percpu+0x189/0x4a0 mm/percpu.c:1264 RSP: ffff880060b47188
+---[ end trace 2faa26575ba6ca1f ]---
+Kernel panic - not syncing: Fatal exception
+Dumping ftrace buffer:
+   (ftrace buffer empty)
+Kernel Offset: disabled
+Rebooting in 86400 seconds..
+`: `kernel/bpf/hashtab.c`,
+		`
+kasan: CONFIG_KASAN_INLINE enabled
+kasan: GPF could be caused by NULL-ptr deref or user memory access
+general protection fault: 0000 [#1] SMP KASAN
+Dumping ftrace buffer:
+   (ftrace buffer empty)
+Modules linked in:
+CPU: 3 PID: 5124 Comm: kworker/3:3 Not tainted 4.12.0-rc3+ #370
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+Workqueue: events bpf_map_free_deferred
+task: ffff880065321700 task.stack: ffff880065380000
+RIP: 0010:css_put include/linux/cgroup.h:354 [inline]
+RIP: 0010:cgroup_put include/linux/cgroup.h:373 [inline]
+RIP: 0010:cgroup_fd_array_put_ptr+0x88/0x370 kernel/bpf/arraymap.c:535
+RSP: 0018:ffff880065387378 EFLAGS: 00010202
+RAX: 000000002000000d RBX: 1ffff1000ca70e71 RCX: 1ffffffff0a1912c
+RDX: 0000000000000000 RSI: 1ffff1000ca643e6 RDI: 0000000100000069
+RBP: ffff880065387450 R08: ffffffff85b0b9e0 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000000 R12: 00000000fffffffd
+R13: ffff880065387428 R14: dffffc0000000000 R15: ffffffff850c8920
+FS:  0000000000000000(0000) GS:ffff88006df00000(0000) knlGS:0000000000000000
+CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 0000000020014000 CR3: 00000000231ae000 CR4: 00000000000006e0
+Call Trace:
+ fd_array_map_delete_elem kernel/bpf/arraymap.c:374 [inline]
+ bpf_fd_array_map_clear+0x144/0x260 kernel/bpf/arraymap.c:410
+ cgroup_fd_array_free+0x15/0x20 kernel/bpf/arraymap.c:540
+ bpf_map_free_deferred+0xac/0xd0 kernel/bpf/syscall.c:124
+ process_one_work+0xc03/0x1bd0 kernel/workqueue.c:2097
+ worker_thread+0x223/0x1860 kernel/workqueue.c:2231
+ kthread+0x35e/0x430 kernel/kthread.c:231
+ ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:424
+Code: 04 00 f2 f2 f2 c7 40 08 f2 f2 f2 f2 c7 40 0c 00 f2 f2 f2 c7 40 10 f3 f3 f3 f3 e8 a4 dc f0 ff 49 8d 7c 24 6c 48 89 f8 48 c1 e8 03 <42> 0f b6 14 30 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 
+RIP: css_put include/linux/cgroup.h:354 [inline] RSP: ffff880065387378
+RIP: cgroup_put include/linux/cgroup.h:373 [inline] RSP: ffff880065387378
+RIP: cgroup_fd_array_put_ptr+0x88/0x370 kernel/bpf/arraymap.c:535 RSP: ffff880065387378
+---[ end trace 6192ca3b51b170a8 ]---
+Kernel panic - not syncing: Fatal exception
+Dumping ftrace buffer:
+   (ftrace buffer empty)
+Kernel Offset: disabled
+Rebooting in 86400 seconds..
+`: `kernel/bpf/arraymap.c`,
+		`
+------------[ cut here ]------------
+WARNING: CPU: 1 PID: 4961 at lib/refcount.c:150 refcount_inc+0x47/0x50 lib/refcount.c:150
+Kernel panic - not syncing: panic_on_warn set ...
+
+CPU: 1 PID: 4961 Comm: syz-executor1 Not tainted 4.12.0-rc2+ #77
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+Call Trace:
+ __dump_stack lib/dump_stack.c:16 [inline]
+ dump_stack+0x2ee/0x3ea lib/dump_stack.c:52
+ panic+0x1fb/0x412 kernel/panic.c:180
+ __warn+0x1c4/0x1e0 kernel/panic.c:541
+ report_bug+0x211/0x2d0 lib/bug.c:183
+ fixup_bug arch/x86/kernel/traps.c:190 [inline]
+ do_trap_no_signal arch/x86/kernel/traps.c:224 [inline]
+ do_trap+0x32c/0x410 arch/x86/kernel/traps.c:273
+ do_error_trap+0x15a/0x3b0 arch/x86/kernel/traps.c:310
+ do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:323
+ invalid_op+0x1e/0x30 arch/x86/entry/entry_64.S:847
+RIP: 0010:refcount_inc+0x47/0x50 lib/refcount.c:150
+RSP: 0018:ffff8801d3d4fcc0 EFLAGS: 00010282
+RAX: 000000000000002b RBX: ffff8801c2514240 RCX: 0000000000000000
+RDX: 000000000000002b RSI: ffffc90002fb8000 RDI: ffffed003a7a9f8a
+RBP: ffff8801d3d4fcc8 R08: 1ffff1003a7a9e71 R09: 0000000000000000
+R10: dffffc0000000000 R11: 0000000000000000 R12: 1ffff1003a7a9fa0
+R13: 000000001fd29e67 R14: 000000001fd29e67 R15: ffff8801c2514240
+ __key_get include/linux/key.h:254 [inline]
+ key_lookup+0x1ec/0x230 security/keys/key.c:670
+ lookup_user_key+0x8ba/0x11e0 security/keys/process_keys.c:680
+ keyctl_keyring_link+0x24/0xc0 security/keys/keyctl.c:507
+ SYSC_keyctl security/keys/keyctl.c:1661 [inline]
+ SyS_keyctl+0x1af/0x290 security/keys/keyctl.c:1633
+ entry_SYSCALL_64_fastpath+0x1f/0xbe
+RIP: 0033:0x44fe99
+RSP: 002b:00007f93b93c9b58 EFLAGS: 00000212 ORIG_RAX: 00000000000000fa
+RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000044fe99
+RDX: 000000001fd29e67 RSI: ffffffffffffffff RDI: 0000000000000008
+RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000212 R12: 00000000007180a8
+R13: 0000000000001000 R14: 0000000000000003 R15: 0000000000000000
+Dumping ftrace buffer:
+   (ftrace buffer empty)
+Kernel Offset: 0x6000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
+Rebooting in 86400 seconds..
+`: `security/keys/key.c`,
+		`
+kasan: GPF could be caused by NULL-ptr deref or user memory access
+general protection fault: 0000 [#1] SMP KASAN
+Dumping ftrace buffer:
+   (ftrace buffer empty)
+Modules linked in:
+CPU: 1 PID: 14551 Comm: syz-executor0 Not tainted 4.12.0-rc1+ #366
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+task: ffff880028ceadc0 task.stack: ffff880038460000
+RIP: 0010:__read_once_size include/linux/compiler.h:254 [inline]
+RIP: 0010:raw_seqcount_begin include/linux/seqlock.h:183 [inline]
+RIP: 0010:__d_lookup_rcu+0x27b/0xa10 fs/dcache.c:2144
+RSP: 0018:ffff880038466d18 EFLAGS: 00010a03
+RAX: 1fff6a12b169980b RBX: 1ffff1000708cdc2 RCX: ffffc90000abd000
+RDX: 00000000000001b4 RSI: ffffffff819034c6 RDI: 0000000000000a06
+RBP: ffff880038466ef8 R08: ffffffff8590ba60 R09: ffff880038466b20
+R10: 0000000000000000 R11: 0000000000000000 R12: 000000004cfffffb
+R13: fffb50958b4cc05d R14: dffffc0000000000 R15: fffb50958b4cc085
+FS:  00007f63f0717700(0000) GS:ffff88003ed00000(0000) knlGS:0000000000000000
+CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 000000002000fff8 CR3: 0000000027bd5000 CR4: 00000000000006e0
+Call Trace:
+ lookup_fast+0x12c/0xf80 fs/namei.c:1554
+ walk_component+0x129/0x13e0 fs/namei.c:1780
+ lookup_last fs/namei.c:2252 [inline]
+ path_lookupat+0x1d7/0xbc0 fs/namei.c:2302
+ filename_lookup+0x29e/0x5b0 fs/namei.c:2336
+ kern_path+0x33/0x40 fs/namei.c:2425
+ bpf_obj_do_get kernel/bpf/inode.c:305 [inline]
+ bpf_obj_get_user+0x11f/0xdd0 kernel/bpf/inode.c:340
+ bpf_obj_get kernel/bpf/syscall.c:888 [inline]
+ SYSC_bpf kernel/bpf/syscall.c:1061 [inline]
+ SyS_bpf+0xdc2/0x3a80 kernel/bpf/syscall.c:997
+ entry_SYSCALL_64_fastpath+0x1f/0xbe
+RIP: 0033:0x445e89
+RSP: 002b:00007f63f0716b58 EFLAGS: 00000296 ORIG_RAX: 0000000000000141
+RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000445e89
+RDX: 0000000000000010 RSI: 0000000020005ff0 RDI: 0000000000000007
+RBP: 00000000006e0370 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000708000
+R13: 4000000000080000 R14: 0000000000000000 R15: 0000000000000000
+Code: 89 bd 18 ff ff ff 42 c6 04 33 f8 0f 84 33 04 00 00 e8 da fc ca ff 48 8b 85 b0 fe ff ff 4d 8d 6f d8 c6 00 04 4c 89 e8 48 c1 e8 03 <42> 0f b6 0c 30 4c 89 e8 83 e0 07 83 c0 03 38 c8 7c 08 84 c9 0f 
+RIP: __read_once_size include/linux/compiler.h:254 [inline] RSP: ffff880038466d18
+RIP: raw_seqcount_begin include/linux/seqlock.h:183 [inline] RSP: ffff880038466d18
+RIP: __d_lookup_rcu+0x27b/0xa10 fs/dcache.c:2144 RSP: ffff880038466d18
+---[ end trace cc5c09f1eb5b005a ]---
+Kernel panic - not syncing: Fatal exception
+Dumping ftrace buffer:
+   (ftrace buffer empty)
+Kernel Offset: disabled
+Rebooting in 86400 seconds..
+`: `fs/dcache.c`,
+		`
+==================================================================
+BUG: KASAN: use-after-free in ip6_dst_store include/net/ip6_fib.h:176 [inline]
+BUG: KASAN: use-after-free in tcp_v6_connect+0x1dfd/0x20f0 net/ipv6/tcp_ipv6.c:271
+Read of size 4 at addr ffff880066df126c by task syz-executor6/22754
+
+CPU: 0 PID: 22754 Comm: syz-executor6 Not tainted 4.12.0-rc1+ #366
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+Call Trace:
+ __dump_stack lib/dump_stack.c:16 [inline]
+ dump_stack+0x292/0x395 lib/dump_stack.c:52
+ print_address_description+0x73/0x280 mm/kasan/report.c:252
+ kasan_report_error mm/kasan/report.c:351 [inline]
+ kasan_report+0x22b/0x340 mm/kasan/report.c:408
+ __asan_report_load4_noabort+0x14/0x20 mm/kasan/report.c:428
+ ip6_dst_store include/net/ip6_fib.h:176 [inline]
+ tcp_v6_connect+0x1dfd/0x20f0 net/ipv6/tcp_ipv6.c:271
+ __inet_stream_connect+0x2ee/0xf90 net/ipv4/af_inet.c:618
+ inet_stream_connect+0x58/0xa0 net/ipv4/af_inet.c:682
+ SYSC_connect+0x251/0x590 net/socket.c:1588
+ SyS_connect+0x24/0x30 net/socket.c:1569
+ entry_SYSCALL_64_fastpath+0x1f/0xbe
+RIP: 0033:0x445e89
+RSP: 002b:00007fc98a723b58 EFLAGS: 00000286 ORIG_RAX: 000000000000002a
+RAX: ffffffffffffffda RBX: 0000000000000016 RCX: 0000000000445e89
+RDX: 000000000000001c RSI: 0000000020066000 RDI: 0000000000000016
+RBP: 00000000006e04c0 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000286 R12: 00000000007081f8
+R13: 0000000000000000 R14: 00007fc98a7249c0 R15: 00007fc98a724700
+`: `net/ipv6/tcp_ipv6.c`,
+		`
+------------[ cut here ]------------
+WARNING: CPU: 1 PID: 23686 at net/core/dev.c:2444 skb_warn_bad_offload+0x2c0/0x3a0 net/core/dev.c:2439()
+lo: caps=(0x00000014401b7c69, 0x0000000000000000) len=246 data_len=0 gso_size=35328 gso_type=4 ip_summed=0
+Kernel panic - not syncing: panic_on_warn set ...
+
+CPU: 1 PID: 23686 Comm: syz-executor0 Not tainted 4.4.64+ #26
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+ 0000000000000001 ffff8801d8a674b8 ffffffff81bfd89c ffffffff82a382a0
+ ffff8801d8a67590 ffffffff82c2f040 0000000000000009 ffff8801d8a67580
+ ffffffff813a0073 0000000041b58ab3 ffffffff82d52827 ffffffff8139fed1
+Call Trace:
+ [<ffffffff81bfd89c>] __dump_stack lib/dump_stack.c:15 [inline]
+ [<ffffffff81bfd89c>] dump_stack+0x80/0xb4 lib/dump_stack.c:51
+ [<ffffffff813a0073>] panic+0x1a2/0x347 kernel/panic.c:115
+ [<ffffffff810e209a>] warn_slowpath_common+0x12a/0x140 kernel/panic.c:463
+ [<ffffffff810e2160>] warn_slowpath_fmt+0xb0/0xe0 kernel/panic.c:479
+ [<ffffffff8217e980>] skb_warn_bad_offload+0x2c0/0x3a0 net/core/dev.c:2439
+ [<ffffffff8218cc64>] __skb_gso_segment+0x3c4/0x4b0 net/core/dev.c:2596
+ [<ffffffff8218d883>] skb_gso_segment include/linux/netdevice.h:3702 [inline]
+ [<ffffffff8218d883>] validate_xmit_skb.isra.102.part.103+0x453/0x980 net/core/dev.c:2804
+ [<ffffffff821902eb>] validate_xmit_skb include/linux/spinlock.h:347 [inline]
+ [<ffffffff821902eb>] __dev_queue_xmit+0x133b/0x1550 net/core/dev.c:3173
+ [<ffffffff8219051c>] dev_queue_xmit+0x1c/0x20 net/core/dev.c:3215
+ [<ffffffff8278c519>] packet_snd net/packet/af_packet.c:2825 [inline]
+ [<ffffffff8278c519>] packet_sendmsg+0x2959/0x4950 net/packet/af_packet.c:2850
+ [<ffffffff821260af>] sock_sendmsg_nosec net/socket.c:611 [inline]
+ [<ffffffff821260af>] sock_sendmsg+0xcf/0x110 net/socket.c:621
+ [<ffffffff82127c49>] ___sys_sendmsg+0x6f9/0x810 net/socket.c:1947
+ [<ffffffff82129590>] __sys_sendmsg+0xd0/0x180 net/socket.c:1981
+ [<ffffffff82129672>] SYSC_sendmsg net/socket.c:1992 [inline]
+ [<ffffffff82129672>] SyS_sendmsg+0x32/0x50 net/socket.c:1988
+ [<ffffffff828ab96e>] entry_SYSCALL_64_fastpath+0x12/0x6d
+Dumping ftrace buffer:
+   (ftrace buffer empty)
+Kernel Offset: disabled
+`: `net/packet/af_packet.c`,
+		`
+==================================================================
+BUG: KASAN: use-after-free in dst_check include/net/dst.h:498 [inline]
+BUG: KASAN: use-after-free in tcp_v4_early_demux+0x967/0xa60 net/ipv4/tcp_ipv4.c:1480
+Read of size 8 at addr ffff8800397d2fe0 by task syz-executor0/4289
+
+CPU: 0 PID: 4289 Comm: syz-executor0 Not tainted 4.12.0-rc1+ #366
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+Call Trace:
+ <IRQ>
+ __dump_stack lib/dump_stack.c:16 [inline]
+ dump_stack+0x292/0x395 lib/dump_stack.c:52
+ print_address_description+0x73/0x280 mm/kasan/report.c:252
+ kasan_report_error mm/kasan/report.c:351 [inline]
+ kasan_report+0x22b/0x340 mm/kasan/report.c:408
+ __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:429
+ dst_check include/net/dst.h:498 [inline]
+ tcp_v4_early_demux+0x967/0xa60 net/ipv4/tcp_ipv4.c:1480
+ ip_rcv_finish+0x1941/0x2110 net/ipv4/ip_input.c:334
+sctp: [Deprecated]: syz-executor7 (pid 4299) Use of struct sctp_assoc_value in delayed_ack socket option.
+Use struct sctp_sack_info instead
+ NF_HOOK include/linux/netfilter.h:257 [inline]
+ ip_rcv+0xd8c/0x19c0 net/ipv4/ip_input.c:488
+ __netif_receive_skb_core+0x1ad1/0x3400 net/core/dev.c:4216
+ __netif_receive_skb+0x2c/0x1b0 net/core/dev.c:4254
+ netif_receive_skb_internal+0x240/0x1b20 net/core/dev.c:4416
+ napi_skb_finish net/core/dev.c:4773 [inline]
+ napi_gro_receive+0x4e6/0x680 net/core/dev.c:4807
+ e1000_receive_skb drivers/net/ethernet/intel/e1000/e1000_main.c:4018 [inline]
+ e1000_clean_rx_irq+0x5e0/0x1490 drivers/net/ethernet/intel/e1000/e1000_main.c:4474
+ e1000_clean+0xb9a/0x28f0 drivers/net/ethernet/intel/e1000/e1000_main.c:3819
+ napi_poll net/core/dev.c:5407 [inline]
+ net_rx_action+0xe7a/0x18f0 net/core/dev.c:5473
+ __do_softirq+0x2fb/0xb99 kernel/softirq.c:284
+ invoke_softirq kernel/softirq.c:364 [inline]
+ irq_exit+0x19e/0x1d0 kernel/softirq.c:405
+ exiting_irq arch/x86/include/asm/apic.h:652 [inline]
+ smp_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:966
+ apic_timer_interrupt+0x93/0xa0 arch/x86/entry/entry_64.S:484
+RIP: 0033:0x449783
+RSP: 002b:00007ffde3d48590 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff10
+RAX: 00000000006e6bc0 RBX: 0000000000000001 RCX: 0000000000000040
+RDX: 0000000000000001 RSI: 0000000000a640a0 RDI: 00007ffb7ef3a700
+RBP: 0000000000000000 R08: 000000000139cda0 R09: 0000000000000012
+R10: 0000000000020022 R11: 0000000000000201 R12: 00007ffde3d486c0
+R13: 0000000000000000 R14: 0000000000000444 R15: 0000000000a640c8
+ </IRQ>
+`: `net/ipv4/tcp_ipv4.c`,
+		`
+==================================================================
+BUG: KMSAN: use of unitialized memory in rtnl_fdb_dump+0x5dc/0x1000
+CPU: 0 PID: 1039 Comm: probe Not tainted 4.11.0-rc5+ #2727
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+Call Trace:
+ __dump_stack lib/dump_stack.c:16
+ dump_stack+0x143/0x1b0 lib/dump_stack.c:52
+ kmsan_report+0x12a/0x180 mm/kmsan/kmsan.c:1007
+ __kmsan_warning_32+0x66/0xb0 mm/kmsan/kmsan_instr.c:491
+ rtnl_fdb_dump+0x5dc/0x1000 net/core/rtnetlink.c:3230
+ netlink_dump+0x84f/0x1190 net/netlink/af_netlink.c:2168
+ __netlink_dump_start+0xc97/0xe50 net/netlink/af_netlink.c:2258
+ netlink_dump_start ./include/linux/netlink.h:165
+ rtnetlink_rcv_msg+0xae9/0xb40 net/core/rtnetlink.c:4094
+ netlink_rcv_skb+0x339/0x5a0 net/netlink/af_netlink.c:2339
+ rtnetlink_rcv+0x83/0xa0 net/core/rtnetlink.c:4110
+ netlink_unicast_kernel net/netlink/af_netlink.c:1272
+ netlink_unicast+0x13b7/0x1480 net/netlink/af_netlink.c:1298
+ netlink_sendmsg+0x10b8/0x10f0 net/netlink/af_netlink.c:1844
+ sock_sendmsg_nosec net/socket.c:633
+ sock_sendmsg net/socket.c:643
+ ___sys_sendmsg+0xd4b/0x10f0 net/socket.c:1997
+ __sys_sendmsg net/socket.c:2031
+ SYSC_sendmsg+0x2c6/0x3f0 net/socket.c:2042
+ SyS_sendmsg+0x87/0xb0 net/socket.c:2038
+ do_syscall_64+0x102/0x150 arch/x86/entry/common.c:285
+ entry_SYSCALL64_slow_path+0x25/0x25 arch/x86/entry/entry_64.S:246
+`: `net/core/rtnetlink.c`,
+		`
+==================================================================
+BUG: KASAN: use-after-free in __read_once_size include/linux/compiler.h:254 [inline] at addr ffff88004f0f1938
+BUG: KASAN: use-after-free in atomic_read arch/x86/include/asm/atomic.h:26 [inline] at addr ffff88004f0f1938
+BUG: KASAN: use-after-free in virt_spin_lock arch/x86/include/asm/qspinlock.h:62 [inline] at addr ffff88004f0f1938
+BUG: KASAN: use-after-free in queued_spin_lock_slowpath+0xb0a/0xfd0 kernel/locking/qspinlock.c:421 at addr ffff88004f0f1938
+Read of size 4 by task syz-executor0/28813
+CPU: 1 PID: 28813 Comm: syz-executor0 Not tainted 4.11.0-rc7+ #251
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+Call Trace:
+ __dump_stack lib/dump_stack.c:16 [inline]
+ dump_stack+0x292/0x398 lib/dump_stack.c:52
+ kasan_object_err+0x1c/0x70 mm/kasan/report.c:164
+ print_address_description mm/kasan/report.c:202 [inline]
+ kasan_report_error mm/kasan/report.c:291 [inline]
+ kasan_report+0x252/0x510 mm/kasan/report.c:347
+ __asan_report_load4_noabort+0x14/0x20 mm/kasan/report.c:367
+ __read_once_size include/linux/compiler.h:254 [inline]
+ atomic_read arch/x86/include/asm/atomic.h:26 [inline]
+ virt_spin_lock arch/x86/include/asm/qspinlock.h:62 [inline]
+ queued_spin_lock_slowpath+0xb0a/0xfd0 kernel/locking/qspinlock.c:421
+ queued_spin_lock include/asm-generic/qspinlock.h:103 [inline]
+ do_raw_spin_lock+0x151/0x1e0 kernel/locking/spinlock_debug.c:113
+ __raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline]
+ _raw_spin_lock+0x32/0x40 kernel/locking/spinlock.c:151
+ spin_lock include/linux/spinlock.h:299 [inline]
+ lockref_get_not_dead+0x19/0x80 lib/lockref.c:179
+ __ns_get_path+0x197/0x860 fs/nsfs.c:66
+ open_related_ns+0xda/0x200 fs/nsfs.c:143
+ sock_ioctl+0x39d/0x440 net/socket.c:1001
+ vfs_ioctl fs/ioctl.c:45 [inline]
+ do_vfs_ioctl+0x1bf/0x1780 fs/ioctl.c:685
+ SYSC_ioctl fs/ioctl.c:700 [inline]
+ SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
+ entry_SYSCALL_64_fastpath+0x1f/0xc2
+`: `fs/nsfs.c`,
+		`
+irq bypass consumer (token ffff8801bff15e80) registration fails: -16
+kasan: CONFIG_KASAN_INLINE enabled
+kasan: GPF could be caused by NULL-ptr deref or user memory access
+general protection fault: 0000 [#1] SMP KASAN
+Dumping ftrace buffer:
+   (ftrace buffer empty)
+Modules linked in:
+CPU: 0 PID: 1427 Comm: kworker/0:3 Not tainted 4.9.0+ #9
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+Workqueue: kvm-irqfd-cleanup irqfd_shutdown
+task: ffff8801d60cc700 task.stack: ffff8801d62f8000
+RIP: 0010:[<ffffffff84352ab6>]  [<ffffffff84352ab6>] __list_del include/linux/list.h:89 [inline]
+RIP: 0010:[<ffffffff84352ab6>]  [<ffffffff84352ab6>] list_del include/linux/list.h:107 [inline]
+RIP: 0010:[<ffffffff84352ab6>]  [<ffffffff84352ab6>] irq_bypass_unregister_consumer+0x296/0x470 virt/lib/irqbypass.c:258
+RSP: 0018:ffff8801d62ff318  EFLAGS: 00010202
+RAX: 0000000000000000 RBX: 1ffff1003ac5fe65 RCX: dffffc0000000000
+RDX: ffff8801d3075170 RSI: 0000000000000001 RDI: 0000000000000008
+RBP: ffff8801d62ff3b0 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000006 R11: 0000000000000000 R12: ffff8801d3075168
+R13: ffff8801d7d071a8 R14: 0000000000000000 R15: ffffffff8541bbe0
+FS:  0000000000000000(0000) GS:ffff8801dc000000(0000) knlGS:0000000000000000
+CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007f960f8f3db8 CR3: 00000001da19b000 CR4: 00000000001426f0
+DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
+Stack:
+ ffffffff814cc212 ffff8801d60cc700 0000000041b58ab3 ffffffff84ad688d
+ ffffffff84352820 ffffffff815720c0 ffff8801da11b640 0000000041b58ab3
+ ffffffff84aea0a0 ffffffff81262e90 1ffff1003ac5fe74 0000000041b58ab3
+Call Trace:
+ [<ffffffff8108aaf3>] irqfd_shutdown+0x123/0x1c0 arch/x86/kvm/../../../virt/kvm/eventfd.c:145
+ [<ffffffff81492c00>] process_one_work+0xbd0/0x1c10 kernel/workqueue.c:2096
+ [<ffffffff81493e63>] worker_thread+0x223/0x1990 kernel/workqueue.c:2230
+ [<ffffffff814abd53>] kthread+0x323/0x3e0 kernel/kthread.c:209
+ [<ffffffff84377c6a>] ret_from_fork+0x2a/0x40 arch/x86/entry/entry_64.S:433
+Code: 48 89 d1 48 c1 e9 03 80 3c 01 00 0f 85 76 01 00 00 49 8d 7e 08 48 b9 00 00 00 00 00 fc ff df 49 8b 44 24 08 48 89 fe 48 c1 ee 03 <80> 3c 0e 00 0f 85 2c 01 00 00 4c 8d 6d 98 48 b9 00 00 00 00 00 
+RIP  [<ffffffff84352ab6>] __list_del include/linux/list.h:89 [inline]
+RIP  [<ffffffff84352ab6>] list_del include/linux/list.h:107 [inline]
+RIP  [<ffffffff84352ab6>] irq_bypass_unregister_consumer+0x296/0x470 virt/lib/irqbypass.c:258
+ RSP <ffff8801d62ff318>
+---[ end trace c88bb3be8e63e0af ]---
+Kernel panic - not syncing: Fatal exception
+Dumping ftrace buffer:
+   (ftrace buffer empty)
+Kernel Offset: disabled
+Rebooting in 86400 seconds..
+`: `arch/x86/kvm/../../../virt/kvm/eventfd.c`,
+		`
+------------[ cut here ]------------
+kernel BUG at ./include/linux/skbuff.h:2389!
+invalid opcode: 0000 [#1] SMP KASAN
+Dumping ftrace buffer:
+   (ftrace buffer empty)
+Modules linked in:
+CPU: 2 PID: 10793 Comm: syz-executor0 Not tainted 4.10.0-rc8+ #201
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+task: ffff88006aeb1700 task.stack: ffff880069b08000
+RIP: 0010:skb_set_owner_r include/linux/skbuff.h:2389 [inline]
+RIP: 0010:__sock_queue_rcv_skb+0x8c0/0xda0 net/core/sock.c:425
+RSP: 0018:ffff88006de06b58 EFLAGS: 00010206
+RAX: ffff88006aeb1700 RBX: ffff8800581dc170 RCX: 0000000000000000
+RDX: 0000000000000100 RSI: 1ffff1000d5fcb7b RDI: ffff88006afe5be0
+RBP: ffff88006de06dc0 R08: 0000000000000002 R09: 0000000000000001
+R10: 0000000000000000 R11: dffffc0000000000 R12: ffff88006afe5bc0
+R13: ffff88006de06d98 R14: ffff8800581dc198 R15: ffff88006afe5c20
+FS:  00007f06a3bd9700(0000) GS:ffff88006de00000(0000) knlGS:0000000000000000
+CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 0000000020007000 CR3: 000000006a280000 CR4: 00000000000006e0
+Call Trace:
+ <IRQ>
+ sock_queue_rcv_skb+0x3a/0x50 net/core/sock.c:451
+PF_BRIDGE: RTM_DELNEIGH with invalid address
+ llc_sap_state_process+0x3e3/0x4e0 net/llc/llc_sap.c:220
+ llc_sap_rcv net/llc/llc_sap.c:294 [inline]
+ llc_sap_handler+0x695/0x1320 net/llc/llc_sap.c:434
+ llc_rcv+0x6da/0xed0 net/llc/llc_input.c:208
+ __netif_receive_skb_core+0x1ae5/0x3400 net/core/dev.c:4190
+ __netif_receive_skb+0x2a/0x170 net/core/dev.c:4228
+ process_backlog+0xe5/0x6c0 net/core/dev.c:4839
+ napi_poll net/core/dev.c:5202 [inline]
+ net_rx_action+0xe70/0x1900 net/core/dev.c:5267
+ __do_softirq+0x2fb/0xb7d kernel/softirq.c:284
+ do_softirq_own_stack+0x1c/0x30 arch/x86/entry/entry_64.S:902
+ </IRQ>
+ do_softirq.part.17+0x1e8/0x230 kernel/softirq.c:328
+ do_softirq kernel/softirq.c:176 [inline]
+ __local_bh_enable_ip+0x1f2/0x200 kernel/softirq.c:181
+ local_bh_enable include/linux/bottom_half.h:31 [inline]
+ rcu_read_unlock_bh include/linux/rcupdate.h:971 [inline]
+ __dev_queue_xmit+0xd87/0x2860 net/core/dev.c:3399
+ dev_queue_xmit+0x17/0x20 net/core/dev.c:3405
+ llc_build_and_send_ui_pkt+0x240/0x330 net/llc/llc_output.c:74
+ llc_ui_sendmsg+0x98d/0x1430 net/llc/af_llc.c:928
+ sock_sendmsg_nosec net/socket.c:635 [inline]
+ sock_sendmsg+0xca/0x110 net/socket.c:645
+ ___sys_sendmsg+0x9d2/0xae0 net/socket.c:1985
+ __sys_sendmsg+0x138/0x320 net/socket.c:2019
+ SYSC_sendmsg net/socket.c:2030 [inline]
+ SyS_sendmsg+0x2d/0x50 net/socket.c:2026
+ entry_SYSCALL_64_fastpath+0x1f/0xc2
+`: `net/llc/llc_sap.c`,
+		`
+==================================================================
+BUG: KASAN: use-after-free in skb_pfmemalloc include/linux/skbuff.h:829 [inline] at addr ffff88003b910d8c
+BUG: KASAN: use-after-free in skb_clone+0x3a2/0x420 net/core/skbuff.c:1029 at addr ffff88003b910d8c
+Read of size 4 by task syz-executor0/5591
+CPU: 1 PID: 5591 Comm: syz-executor0 Not tainted 4.10.0-rc8+ #201
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+Call Trace:
+ <IRQ>
+ __dump_stack lib/dump_stack.c:15 [inline]
+ dump_stack+0x292/0x398 lib/dump_stack.c:51
+ kasan_object_err+0x1c/0x70 mm/kasan/report.c:162
+ print_address_description mm/kasan/report.c:200 [inline]
+ kasan_report_error mm/kasan/report.c:289 [inline]
+ kasan_report.part.1+0x20e/0x4e0 mm/kasan/report.c:311
+ kasan_report mm/kasan/report.c:331 [inline]
+ __asan_report_load4_noabort+0x29/0x30 mm/kasan/report.c:331
+ skb_pfmemalloc include/linux/skbuff.h:829 [inline]
+ skb_clone+0x3a2/0x420 net/core/skbuff.c:1029
+ dccp_v6_request_recv_sock+0xb5e/0x1960 net/dccp/ipv6.c:527
+ dccp_check_req+0x335/0x5a0 net/dccp/minisocks.c:186
+ dccp_v6_rcv+0x69e/0x1d00 net/dccp/ipv6.c:711
+ ip6_input_finish+0x46d/0x17a0 net/ipv6/ip6_input.c:279
+ NF_HOOK include/linux/netfilter.h:257 [inline]
+ ip6_input+0xdb/0x590 net/ipv6/ip6_input.c:322
+ dst_input include/net/dst.h:507 [inline]
+ ip6_rcv_finish+0x289/0x890 net/ipv6/ip6_input.c:69
+ NF_HOOK include/linux/netfilter.h:257 [inline]
+ ipv6_rcv+0x12ec/0x23d0 net/ipv6/ip6_input.c:203
+ __netif_receive_skb_core+0x1ae5/0x3400 net/core/dev.c:4190
+ __netif_receive_skb+0x2a/0x170 net/core/dev.c:4228
+ process_backlog+0xe5/0x6c0 net/core/dev.c:4839
+ napi_poll net/core/dev.c:5202 [inline]
+ net_rx_action+0xe70/0x1900 net/core/dev.c:5267
+ __do_softirq+0x2fb/0xb7d kernel/softirq.c:284
+ do_softirq_own_stack+0x1c/0x30 arch/x86/entry/entry_64.S:902
+ </IRQ>
+ do_softirq.part.17+0x1e8/0x230 kernel/softirq.c:328
+ do_softirq kernel/softirq.c:176 [inline]
+ __local_bh_enable_ip+0x1f2/0x200 kernel/softirq.c:181
+ local_bh_enable include/linux/bottom_half.h:31 [inline]
+ rcu_read_unlock_bh include/linux/rcupdate.h:971 [inline]
+ ip6_finish_output2+0xbb0/0x23d0 net/ipv6/ip6_output.c:123
+ ip6_finish_output+0x302/0x960 net/ipv6/ip6_output.c:148
+ NF_HOOK_COND include/linux/netfilter.h:246 [inline]
+ ip6_output+0x1cb/0x8d0 net/ipv6/ip6_output.c:162
+ ip6_xmit+0xce6/0x20d0 include/net/dst.h:501
+ inet6_csk_xmit+0x320/0x5f0 net/ipv6/inet6_connection_sock.c:179
+ dccp_transmit_skb+0xb09/0x1120 net/dccp/output.c:141
+ dccp_send_ack+0x1bf/0x350 net/dccp/output.c:594
+ dccp_rcv_request_sent_state_process net/dccp/input.c:501 [inline]
+ dccp_rcv_state_process+0x102f/0x1650 net/dccp/input.c:670
+ dccp_v6_do_rcv+0x213/0x350 net/dccp/ipv6.c:632
+ sk_backlog_rcv include/net/sock.h:893 [inline]
+ __release_sock+0x127/0x3a0 net/core/sock.c:2053
+ release_sock+0xa5/0x2b0 net/core/sock.c:2540
+ inet_wait_for_connect net/ipv4/af_inet.c:557 [inline]
+ __inet_stream_connect+0x5f7/0xeb0 net/ipv4/af_inet.c:626
+ inet_stream_connect+0x55/0xa0 net/ipv4/af_inet.c:665
+ SYSC_connect+0x251/0x590 net/socket.c:1579
+ SyS_connect+0x24/0x30 net/socket.c:1560
+ entry_SYSCALL_64_fastpath+0x1f/0xc2
+`: `net/dccp/ipv6.c`,
+		`
+==================================================================
+BUG: KASAN: use-after-free in __list_add_rcu include/linux/rculist.h:57 [inline] at addr ffff8801c5b6c110
+BUG: KASAN: use-after-free in list_add_rcu include/linux/rculist.h:78 [inline] at addr ffff8801c5b6c110
+BUG: KASAN: use-after-free in timerfd_setup_cancel fs/timerfd.c:141 [inline] at addr ffff8801c5b6c110
+BUG: KASAN: use-after-free in do_timerfd_settime+0xd32/0xf50 fs/timerfd.c:446 at addr ffff8801c5b6c110
+Write of size 8 by task syz-executor5/10885
+CPU: 1 PID: 10885 Comm: syz-executor5 Not tainted 4.10.0+ #7
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+Call Trace:
+ __dump_stack lib/dump_stack.c:15 [inline]
+ dump_stack+0x2ee/0x3ef lib/dump_stack.c:51
+ kasan_object_err+0x1c/0x70 mm/kasan/report.c:162
+ print_address_description mm/kasan/report.c:200 [inline]
+ kasan_report_error mm/kasan/report.c:289 [inline]
+ kasan_report.part.2+0x1e5/0x4b0 mm/kasan/report.c:311
+ kasan_report mm/kasan/report.c:337 [inline]
+ __asan_report_store8_noabort+0x2c/0x30 mm/kasan/report.c:337
+ __list_add_rcu include/linux/rculist.h:57 [inline]
+ list_add_rcu include/linux/rculist.h:78 [inline]
+ timerfd_setup_cancel fs/timerfd.c:141 [inline]
+ do_timerfd_settime+0xd32/0xf50 fs/timerfd.c:446
+ SYSC_timerfd_settime fs/timerfd.c:533 [inline]
+ SyS_timerfd_settime+0xef/0x1c0 fs/timerfd.c:524
+ entry_SYSCALL_64_fastpath+0x1f/0xc
+`: `fs/timerfd.c`,
+		`
+driver/foo/lib/foo.c:10
+`: `driver/foo/lib/foo.c`,
+		`
+BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor2:7067]
+hardirqs last  enabled at (210421): [<ffffffff82c51728>] restore_regs_and_iret+0x0/0x1d
+hardirqs last disabled at (210422): [<ffffffff8100fb22>] apic_timer_interrupt+0x82/0x90 arch/x86/entry/entry_64.S:710
+softirqs last  enabled at (210420): [<ffffffff810114a3>] __do_softirq+0x613/0x8c4 kernel/softirq.c:344
+softirqs last disabled at (210415): [<ffffffff812c1650>] invoke_softirq kernel/softirq.c:395 [inline]
+softirqs last disabled at (210415): [<ffffffff812c1650>] irq_exit+0x170/0x1a0 kernel/softirq.c:436
+RIP: 0010:[<ffffffff8181134a>]  [<ffffffff8181134a>] next_group+0x5a/0x2e0 fs/pnode.c:172
+`: `fs/pnode.c`,
+		`
+------------[ cut here ]------------
+WARNING: CPU: 1 PID: 7733 at mm/vmalloc.c:1473 __vunmap+0x1ca/0x300 mm/vmalloc.c:1472()
+Trying to vfree() bad address (ffff8800b3254fc0)
+Kernel panic - not syncing: panic_on_warn set ...
+
+Call Trace:
+ [<ffffffff81c8f6cd>] __dump_stack lib/dump_stack.c:15 [inline]
+ [<ffffffff81c8f6cd>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
+ [<ffffffff815f5f34>] __panic+0x11f/0x30b kernel/panic.c:179
+ [<ffffffff815f61da>] panic_saved_regs+0xba/0xba kernel/panic.c:280
+ [<ffffffff812b148f>] warn_slowpath_common+0x12f/0x150 kernel/panic.c:642
+ [<ffffffff812b1560>] warn_slowpath_fmt+0xb0/0xe0 kernel/panic.c:658
+ [<ffffffff816d015a>] __vunmap+0x1ca/0x300 mm/vmalloc.c:1472
+ [<ffffffff816d0355>] vfree+0x55/0xe0 mm/vmalloc.c:1533
+ [<ffffffff81b26404>] ipc_free+0x44/0x50 ipc/util.c:420
+ [<ffffffff81b3203d>] semctl_main+0x20d/0x1ba0 ipc/sem.c:1496
+`: `ipc/util.c`,
+		`
+
+===============================
+[ INFO: suspicious RCU usage. ]
+Call Trace:
+ [<ffffffff81c8f6cd>] __dump_stack lib/dump_stack.c:15 [inline]
+ [<ffffffff81c8f6cd>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
+ [<ffffffff81614578>] warn_alloc+0x208/0x230 mm/page_alloc.c:2850
+ [<ffffffff816d0915>] __vmalloc_area_node_memcg mm/vmalloc.c:1647 [inline]
+ [<ffffffff816d0915>] __vmalloc_node_range_memcg+0x375/0x670 mm/vmalloc.c:1690
+ [<ffffffff816d0c79>] __vmalloc_node_memcg mm/vmalloc.c:1751 [inline]
+ [<ffffffff816d0c79>] __vmalloc_node_memcg_flags mm/vmalloc.c:1788 [inline]
+ [<ffffffff816d0c79>] vmalloc+0x69/0x70 mm/vmalloc.c:1803
+ [<ffffffff8279a0b0>] xt_alloc_table_info+0xd0/0x100 net/netfilter/x_tables.c:952
+ [<ffffffff829a50bc>] do_replace net/ipv4/netfilter/ip_tables.c:1140 [inline]
+ [<ffffffff829a50bc>] do_ipt_set_ctl+0x21c/0x430 net/ipv4/netfilter/ip_tables.c:1687
+ [<ffffffff827436ac>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
+`: `net/netfilter/x_tables.c`,
+	}
+	for log, guilty0 := range tests {
+		if guilty := ExtractGuiltyFile(log); guilty != guilty0 {
+			t.Logf("log:\n%s", log)
+			t.Logf("extracted files:\n%s", extractFiles(log))
+			t.Logf("want guilty:\n%s", guilty0)
+			t.Logf("got guilty:\n%s", guilty)
+			t.Fatalf("couldn't extract guilty file")
+		}
+	}
+}
diff --git a/pkg/report/report.go b/pkg/report/report.go
new file mode 100644
index 000000000..fe81e9e21
--- /dev/null
+++ b/pkg/report/report.go
@@ -0,0 +1,638 @@
+// Copyright 2016 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package report
+
+import (
+	"bufio"
+	"bytes"
+	"fmt"
+	"path/filepath"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"github.com/google/syzkaller/symbolizer"
+)
+
+type oops struct {
+	header       []byte
+	formats      []oopsFormat
+	suppressions []*regexp.Regexp
+}
+
+type oopsFormat struct {
+	re  *regexp.Regexp
+	fmt string
+}
+
+var oopses = []*oops{
+	&oops{
+		[]byte("BUG:"),
+		[]oopsFormat{
+			{
+				compile("BUG: KASAN: ([a-z\\-]+) in {{FUNC}}(?:.*\\n)+?.*(Read|Write) of size ([0-9]+)"),
+				"KASAN: %[1]v %[3]v in %[2]v",
+			},
+			{
+				compile("BUG: KASAN: ([a-z\\-]+) on address(?:.*\\n)+?.*(Read|Write) of size ([0-9]+)"),
+				"KASAN: %[1]v %[2]v of size %[3]v",
+			},
+			{
+				compile("BUG: KASAN: (.*)"),
+				"KASAN: %[1]v",
+			},
+			{
+				compile("BUG: unable to handle kernel paging request(?:.*\\n)+?.*IP: (?:{{PC}} +)?{{FUNC}}"),
+				"BUG: unable to handle kernel paging request in %[1]v",
+			},
+			{
+				compile("BUG: unable to handle kernel paging request"),
+				"BUG: unable to handle kernel paging request",
+			},
+			{
+				compile("BUG: unable to handle kernel NULL pointer dereference(?:.*\\n)+?.*IP: (?:{{PC}} +)?{{FUNC}}"),
+				"BUG: unable to handle kernel NULL pointer dereference in %[1]v",
+			},
+			{
+				compile("BUG: spinlock lockup suspected"),
+				"BUG: spinlock lockup suspected",
+			},
+			{
+				compile("BUG: spinlock recursion"),
+				"BUG: spinlock recursion",
+			},
+			{
+				compile("BUG: soft lockup"),
+				"BUG: soft lockup",
+			},
+			{
+				compile("BUG: .*still has locks held!(?:.*\\n)+?.*{{PC}} +{{FUNC}}"),
+				"BUG: still has locks held in %[1]v",
+			},
+			{
+				compile("BUG: bad unlock balance detected!(?:.*\\n)+?.*{{PC}} +{{FUNC}}"),
+				"BUG: bad unlock balance in %[1]v",
+			},
+			{
+				compile("BUG: held lock freed!(?:.*\\n)+?.*{{PC}} +{{FUNC}}"),
+				"BUG: held lock freed in %[1]v",
+			},
+			{
+				compile("BUG: Bad rss-counter state"),
+				"BUG: Bad rss-counter state",
+			},
+			{
+				compile("BUG: non-zero nr_ptes on freeing mm"),
+				"BUG: non-zero nr_ptes on freeing mm",
+			},
+			{
+				compile("BUG: non-zero nr_pmds on freeing mm"),
+				"BUG: non-zero nr_pmds on freeing mm",
+			},
+			{
+				compile("BUG: Dentry .* still in use \\([0-9]+\\) \\[unmount of ([^\\]]+)\\]"),
+				"BUG: Dentry still in use [unmount of %[1]v]",
+			},
+			{
+				compile("BUG: Bad page state .*"),
+				"BUG: Bad page state",
+			},
+			{
+				compile("BUG: spinlock bad magic .*"),
+				"BUG: spinlock bad magic",
+			},
+		},
+		[]*regexp.Regexp{},
+	},
+	&oops{
+		[]byte("WARNING:"),
+		[]oopsFormat{
+			{
+				compile("WARNING: .* at {{SRC}} {{FUNC}}"),
+				"WARNING in %[2]v",
+			},
+			{
+				compile("WARNING: possible circular locking dependency detected(?:.*\\n)+?.*is trying to acquire lock(?:.*\\n)+?.*at: {{PC}} +{{FUNC}}"),
+				"possible deadlock in %[1]v",
+			},
+			{
+				compile("WARNING: possible irq lock inversion dependency detected(?:.*\\n)+?.*just changed the state of lock(?:.*\\n)+?.*at: {{PC}} +{{FUNC}}"),
+				"possible deadlock in %[1]v",
+			},
+			{
+				compile("WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected(?:.*\\n)+?.*is trying to acquire(?:.*\\n)+?.*at: {{PC}} +{{FUNC}}"),
+				"possible deadlock in %[1]v",
+			},
+			{
+				compile("WARNING: possible recursive locking detected(?:.*\\n)+?.*is trying to acquire lock(?:.*\\n)+?.*at: {{PC}} +{{FUNC}}"),
+				"possible deadlock in %[1]v",
+			},
+			{
+				compile("WARNING: inconsistent lock state(?:.*\\n)+?.*takes(?:.*\\n)+?.*at: {{PC}} +{{FUNC}}"),
+				"inconsistent lock state in %[1]v",
+			},
+			{
+				compile("WARNING: suspicious RCU usage(?:.*\n)+?.*?{{SRC}}"),
+				"suspicious RCU usage at %[1]v",
+			},
+			{
+				compile("WARNING: kernel stack regs at [0-9a-f]+ in [^ ]* has bad '([^']+)' value"),
+				"WARNING: kernel stack regs has bad '%[1]v' value",
+			},
+			{
+				compile("WARNING: kernel stack frame pointer at [0-9a-f]+ in [^ ]* has bad value"),
+				"WARNING: kernel stack frame pointer has bad value",
+			},
+		},
+		[]*regexp.Regexp{
+			compile("WARNING: /etc/ssh/moduli does not exist, using fixed modulus"), // printed by sshd
+		},
+	},
+	&oops{
+		[]byte("INFO:"),
+		[]oopsFormat{
+			{
+				compile("INFO: possible circular locking dependency detected \\](?:.*\\n)+?.*is trying to acquire lock(?:.*\\n)+?.*at: {{PC}} +{{FUNC}}"),
+				"possible deadlock in %[1]v",
+			},
+			{
+				compile("INFO: possible irq lock inversion dependency detected \\](?:.*\\n)+?.*just changed the state of lock(?:.*\\n)+?.*at: {{PC}} +{{FUNC}}"),
+				"possible deadlock in %[1]v",
+			},
+			{
+				compile("INFO: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected \\](?:.*\\n)+?.*is trying to acquire(?:.*\\n)+?.*at: {{PC}} +{{FUNC}}"),
+				"possible deadlock in %[1]v",
+			},
+			{
+				compile("INFO: possible recursive locking detected \\](?:.*\\n)+?.*is trying to acquire lock(?:.*\\n)+?.*at: {{PC}} +{{FUNC}}"),
+				"possible deadlock in %[1]v",
+			},
+			{
+				compile("INFO: inconsistent lock state \\](?:.*\\n)+?.*takes(?:.*\\n)+?.*at: {{PC}} +{{FUNC}}"),
+				"inconsistent lock state in %[1]v",
+			},
+			{
+				compile("INFO: rcu_preempt detected stalls(?:.*\\n)+?.*</IRQ>.*\n(?:.* \\? .*\\n)+?(?:.*rcu.*\\n)+?.*\\]  {{FUNC}}"),
+				"INFO: rcu detected stall in %[1]v",
+			},
+			{
+				compile("INFO: rcu_preempt detected stalls"),
+				"INFO: rcu detected stall",
+			},
+			{
+				compile("INFO: rcu_sched detected stalls(?:.*\\n)+?.*</IRQ>.*\n(?:.* \\? .*\\n)+?(?:.*rcu.*\\n)+?.*\\]  {{FUNC}}"),
+				"INFO: rcu detected stall in %[1]v",
+			},
+			{
+				compile("INFO: rcu_sched detected stalls"),
+				"INFO: rcu detected stall",
+			},
+			{
+				compile("INFO: rcu_preempt self-detected stall on CPU(?:.*\\n)+?.*</IRQ>.*\n(?:.* \\? .*\\n)+?(?:.*rcu.*\\n)+?.*\\]  {{FUNC}}"),
+				"INFO: rcu detected stall in %[1]v",
+			},
+			{
+				compile("INFO: rcu_preempt self-detected stall on CPU"),
+				"INFO: rcu detected stall",
+			},
+			{
+				compile("INFO: rcu_sched self-detected stall on CPU(?:.*\\n)+?.*</IRQ>.*\n(?:.* \\? .*\\n)+?(?:.*rcu.*\\n)+?.*\\]  {{FUNC}}"),
+				"INFO: rcu detected stall in %[1]v",
+			},
+			{
+				compile("INFO: rcu_sched self-detected stall on CPU"),
+				"INFO: rcu detected stall",
+			},
+			{
+				compile("INFO: suspicious RCU usage(?:.*\n)+?.*?{{SRC}}"),
+				"suspicious RCU usage at %[1]v",
+			},
+			{
+				compile("INFO: task .* blocked for more than [0-9]+ seconds"),
+				"INFO: task hung",
+			},
+		},
+		[]*regexp.Regexp{
+			compile("INFO: lockdep is turned off"),
+			compile("INFO: Stall ended before state dump start"),
+			compile("INFO: NMI handler .* took too long to run"),
+		},
+	},
+	&oops{
+		[]byte("Unable to handle kernel paging request"),
+		[]oopsFormat{
+			{
+				compile("Unable to handle kernel paging request(?:.*\\n)+?.*PC is at {{FUNC}}"),
+				"unable to handle kernel paging request in %[1]v",
+			},
+		},
+		[]*regexp.Regexp{},
+	},
+	&oops{
+		[]byte("general protection fault:"),
+		[]oopsFormat{
+			{
+				compile("general protection fault:(?:.*\\n)+?.*RIP: [0-9]+:{{PC}} +{{PC}} +{{FUNC}}"),
+				"general protection fault in %[1]v",
+			},
+			{
+				compile("general protection fault:(?:.*\\n)+?.*RIP: [0-9]+:{{FUNC}}"),
+				"general protection fault in %[1]v",
+			},
+		},
+		[]*regexp.Regexp{},
+	},
+	&oops{
+		[]byte("Kernel panic"),
+		[]oopsFormat{
+			{
+				compile("Kernel panic - not syncing: Attempted to kill init!"),
+				"kernel panic: Attempted to kill init!",
+			},
+			{
+				compile("Kernel panic - not syncing: Couldn't open N_TTY ldisc for [^ ]+ --- error -[0-9]+"),
+				"kernel panic: Couldn't open N_TTY ldisc",
+			},
+			{
+				compile("Kernel panic - not syncing: (.*)"),
+				"kernel panic: %[1]v",
+			},
+		},
+		[]*regexp.Regexp{},
+	},
+	&oops{
+		[]byte("kernel BUG"),
+		[]oopsFormat{
+			{
+				compile("kernel BUG (.*)"),
+				"kernel BUG %[1]v",
+			},
+		},
+		[]*regexp.Regexp{},
+	},
+	&oops{
+		[]byte("Kernel BUG"),
+		[]oopsFormat{
+			{
+				compile("Kernel BUG (.*)"),
+				"kernel BUG %[1]v",
+			},
+		},
+		[]*regexp.Regexp{},
+	},
+	&oops{
+		[]byte("BUG kmalloc-"),
+		[]oopsFormat{
+			{
+				compile("BUG kmalloc-.*: Object already free"),
+				"BUG: Object already free",
+			},
+		},
+		[]*regexp.Regexp{},
+	},
+	&oops{
+		[]byte("divide error:"),
+		[]oopsFormat{
+			{
+				compile("divide error: (?:.*\\n)+?.*RIP: [0-9]+:{{PC}} +{{PC}} +{{FUNC}}"),
+				"divide error in %[1]v",
+			},
+			{
+				compile("divide error: (?:.*\\n)+?.*RIP: [0-9]+:{{FUNC}}"),
+				"divide error in %[1]v",
+			},
+		},
+		[]*regexp.Regexp{},
+	},
+	&oops{
+		[]byte("invalid opcode:"),
+		[]oopsFormat{
+			{
+				compile("invalid opcode: (?:.*\\n)+?.*RIP: [0-9]+:{{PC}} +{{PC}} +{{FUNC}}"),
+				"invalid opcode in %[1]v",
+			},
+			{
+				compile("invalid opcode: (?:.*\\n)+?.*RIP: [0-9]+:{{FUNC}}"),
+				"invalid opcode in %[1]v",
+			},
+		},
+		[]*regexp.Regexp{},
+	},
+	&oops{
+		[]byte("unreferenced object"),
+		[]oopsFormat{
+			{
+				compile("unreferenced object {{ADDR}} \\(size ([0-9]+)\\):(?:.*\n.*)+backtrace:.*\n.*{{PC}}.*\n.*{{PC}}.*\n.*{{PC}} {{FUNC}}"),
+				"memory leak in %[2]v (size %[1]v)",
+			},
+		},
+		[]*regexp.Regexp{},
+	},
+	&oops{
+		[]byte("UBSAN:"),
+		[]oopsFormat{},
+		[]*regexp.Regexp{},
+	},
+}
+
+var (
+	consoleOutputRe = regexp.MustCompile(`^(?:\<[0-9]+\>)?\[ *[0-9]+\.[0-9]+\] `)
+	questionableRe  = regexp.MustCompile(`(?:\[\<[0-9a-f]+\>\])? \? +[a-zA-Z0-9_.]+\+0x[0-9a-f]+/[0-9a-f]+`)
+	symbolizeRe     = regexp.MustCompile(`(?:\[\<(?:[0-9a-f]+)\>\])? +(?:[0-9]+:)?([a-zA-Z0-9_.]+)\+0x([0-9a-f]+)/0x([0-9a-f]+)`)
+	decNumRe        = regexp.MustCompile(`[0-9]{5,}`)
+	addrRe          = regexp.MustCompile(`[0-9a-f]{8,}`)
+	funcRe          = regexp.MustCompile(`([a-zA-Z][a-zA-Z0-9_.]+)\+0x[0-9a-z]+/0x[0-9a-z]+`)
+	cpuRe           = regexp.MustCompile(`CPU#[0-9]+`)
+	executorRe      = regexp.MustCompile(`syz-executor[0-9]+((/|:)[0-9]+)?`)
+	eoi             = []byte("<EOI>")
+)
+
+func compile(re string) *regexp.Regexp {
+	re = strings.Replace(re, "{{ADDR}}", "0x[0-9a-f]+", -1)
+	re = strings.Replace(re, "{{PC}}", "\\[\\<[0-9a-f]+\\>\\]", -1)
+	re = strings.Replace(re, "{{FUNC}}", "([a-zA-Z0-9_]+)(?:\\.|\\+)", -1)
+	re = strings.Replace(re, "{{SRC}}", "([a-zA-Z0-9-_/.]+\\.[a-z]+:[0-9]+)", -1)
+	return regexp.MustCompile(re)
+}
+
+// ContainsCrash searches kernel console output for oops messages.
+func ContainsCrash(output []byte, ignores []*regexp.Regexp) bool {
+	for pos := 0; pos < len(output); {
+		next := bytes.IndexByte(output[pos:], '\n')
+		if next != -1 {
+			next += pos
+		} else {
+			next = len(output)
+		}
+		for _, oops := range oopses {
+			match := matchOops(output[pos:next], oops, ignores)
+			if match == -1 {
+				continue
+			}
+			return true
+		}
+		pos = next + 1
+	}
+	return false
+}
+
+// Parse extracts information about oops from console output.
+// Desc contains a representative description of the first oops (empty if no oops found),
+// text contains whole oops text,
+// start and end denote region of output with oops message(s).
+func Parse(output []byte, ignores []*regexp.Regexp) (desc string, text []byte, start int, end int) {
+	var oops *oops
+	var textPrefix [][]byte
+	for pos := 0; pos < len(output); {
+		next := bytes.IndexByte(output[pos:], '\n')
+		if next != -1 {
+			next += pos
+		} else {
+			next = len(output)
+		}
+		for _, oops1 := range oopses {
+			match := matchOops(output[pos:next], oops1, ignores)
+			if match == -1 {
+				continue
+			}
+			if oops == nil {
+				oops = oops1
+				start = pos
+				desc = string(output[pos+match : next])
+			}
+			end = next
+		}
+		if consoleOutputRe.Match(output[pos:next]) &&
+			(!questionableRe.Match(output[pos:next]) || bytes.Index(output[pos:next], eoi) != -1) {
+			lineStart := bytes.Index(output[pos:next], []byte("] ")) + pos + 2
+			lineEnd := next
+			if lineEnd != 0 && output[lineEnd-1] == '\r' {
+				lineEnd--
+			}
+			if oops == nil {
+				textPrefix = append(textPrefix, append([]byte{}, output[lineStart:lineEnd]...))
+				if len(textPrefix) > 5 {
+					textPrefix = textPrefix[1:]
+				}
+			} else {
+				// Prepend 5 lines preceding start of the report,
+				// they can contain additional info related to the report.
+				for _, prefix := range textPrefix {
+					text = append(text, prefix...)
+					text = append(text, '\n')
+				}
+				textPrefix = nil
+				text = append(text, output[lineStart:lineEnd]...)
+				text = append(text, '\n')
+			}
+		}
+		pos = next + 1
+	}
+	if oops == nil {
+		return
+	}
+	desc = extractDescription(output[start:], oops)
+	if len(desc) > 0 && desc[len(desc)-1] == '\r' {
+		desc = desc[:len(desc)-1]
+	}
+	// Executor PIDs are not interesting.
+	desc = executorRe.ReplaceAllLiteralString(desc, "syz-executor")
+	// Replace that everything looks like an address with "ADDR",
+	// addresses in descriptions can't be good regardless of the oops regexps.
+	desc = addrRe.ReplaceAllLiteralString(desc, "ADDR")
+	// Replace that everything looks like a decimal number with "NUM".
+	desc = decNumRe.ReplaceAllLiteralString(desc, "NUM")
+	// Replace all raw references to runctions (e.g. "ip6_fragment+0x1052/0x2d80")
+	// with just function name ("ip6_fragment"). Offsets and sizes are not stable.
+	desc = funcRe.ReplaceAllString(desc, "$1")
+	// CPU numbers are not interesting.
+	desc = cpuRe.ReplaceAllLiteralString(desc, "CPU")
+	// Corrupted/intermixed lines can be very long.
+	const maxDescLen = 180
+	if len(desc) > maxDescLen {
+		desc = desc[:maxDescLen]
+	}
+	return
+}
+
+func ExtractConsoleOutput(output []byte) (result []byte) {
+	for pos := 0; pos < len(output); {
+		next := bytes.IndexByte(output[pos:], '\n')
+		if next != -1 {
+			next += pos
+		} else {
+			next = len(output)
+		}
+		if consoleOutputRe.Match(output[pos:next]) &&
+			(!questionableRe.Match(output[pos:next]) || bytes.Index(output[pos:next], eoi) != -1) {
+			lineStart := bytes.Index(output[pos:next], []byte("] ")) + pos + 2
+			lineEnd := next
+			if lineEnd != 0 && output[lineEnd-1] == '\r' {
+				lineEnd--
+			}
+			result = append(result, output[lineStart:lineEnd]...)
+			result = append(result, '\n')
+		}
+		pos = next + 1
+	}
+	return
+}
+
+func matchOops(line []byte, oops *oops, ignores []*regexp.Regexp) int {
+	match := bytes.Index(line, oops.header)
+	if match == -1 {
+		return -1
+	}
+	for _, supp := range oops.suppressions {
+		if supp.Match(line) {
+			return -1
+		}
+	}
+	for _, ignore := range ignores {
+		if ignore.Match(line) {
+			return -1
+		}
+	}
+	return match
+}
+
+func extractDescription(output []byte, oops *oops) string {
+	result := ""
+	startPos := -1
+	for _, format := range oops.formats {
+		match := format.re.FindSubmatchIndex(output)
+		if match == nil {
+			continue
+		}
+		if startPos != -1 && startPos <= match[0] {
+			continue
+		}
+		startPos = match[0]
+		var args []interface{}
+		for i := 2; i < len(match); i += 2 {
+			args = append(args, string(output[match[i]:match[i+1]]))
+		}
+		result = fmt.Sprintf(format.fmt, args...)
+	}
+	if result != "" {
+		return result
+	}
+	pos := bytes.Index(output, oops.header)
+	if pos == -1 {
+		panic("non matching oops")
+	}
+	end := bytes.IndexByte(output[pos:], '\n')
+	if end == -1 {
+		end = len(output)
+	} else {
+		end += pos
+	}
+	return string(output[pos:end])
+}
+
+func Symbolize(vmlinux string, text []byte, symbols map[string][]symbolizer.Symbol) ([]byte, error) {
+	var symbolized []byte
+	if symbols == nil {
+		var err error
+		symbols, err = symbolizer.ReadSymbols(vmlinux)
+		if err != nil {
+			return nil, err
+		}
+	}
+	symb := symbolizer.NewSymbolizer()
+	defer symb.Close()
+	symbFunc := func(bin string, pc uint64) ([]symbolizer.Frame, error) {
+		return symb.Symbolize(bin, pc)
+	}
+	// Strip vmlinux location from all paths.
+	strip, _ := filepath.Abs(vmlinux)
+	strip = filepath.Dir(strip) + string(filepath.Separator)
+	// Vmlinux may have been moved, so check if we can find debug info
+	// for __sanitizer_cov_trace_pc. We know where it is located,
+	// so we can infer correct strip prefix from it.
+	if covSymbols := symbols["__sanitizer_cov_trace_pc"]; len(covSymbols) != 0 {
+		for _, covSymb := range covSymbols {
+			frames, _ := symb.Symbolize(vmlinux, covSymb.Addr)
+			if len(frames) > 0 {
+				file := frames[len(frames)-1].File
+				if idx := strings.Index(file, "kernel/kcov.c"); idx != -1 {
+					strip = file[:idx]
+					break
+				}
+			}
+		}
+	}
+	s := bufio.NewScanner(bytes.NewReader(text))
+	for s.Scan() {
+		line := append([]byte{}, s.Bytes()...)
+		line = append(line, '\n')
+		line = symbolizeLine(symbFunc, symbols, vmlinux, strip, line)
+		symbolized = append(symbolized, line...)
+	}
+	return symbolized, nil
+}
+
+func symbolizeLine(symbFunc func(bin string, pc uint64) ([]symbolizer.Frame, error), symbols map[string][]symbolizer.Symbol, vmlinux, strip string, line []byte) []byte {
+	match := symbolizeRe.FindSubmatchIndex(line)
+	if match == nil {
+		return line
+	}
+	fn := line[match[2]:match[3]]
+	off, err := strconv.ParseUint(string(line[match[4]:match[5]]), 16, 64)
+	if err != nil {
+		return line
+	}
+	size, err := strconv.ParseUint(string(line[match[6]:match[7]]), 16, 64)
+	if err != nil {
+		return line
+	}
+	symb := symbols[string(fn)]
+	if len(symb) == 0 {
+		return line
+	}
+	var funcStart uint64
+	for _, s := range symb {
+		if funcStart == 0 || int(size) == s.Size {
+			funcStart = s.Addr
+		}
+	}
+	frames, err := symbFunc(vmlinux, funcStart+off-1)
+	if err != nil || len(frames) == 0 {
+		return line
+	}
+	var symbolized []byte
+	for _, frame := range frames {
+		file := frame.File
+		if strings.HasPrefix(file, strip) {
+			file = file[len(strip):]
+		}
+		if strings.HasPrefix(file, "./") {
+			file = file[2:]
+		}
+		info := fmt.Sprintf(" %v:%v", file, frame.Line)
+		modified := append([]byte{}, line...)
+		modified = replace(modified, match[7], match[7], []byte(info))
+		if frame.Inline {
+			end := match[7] + len(info)
+			modified = replace(modified, end, end, []byte(" [inline]"))
+			modified = replace(modified, match[2], match[7], []byte(frame.Func))
+		}
+		symbolized = append(symbolized, modified...)
+	}
+	return symbolized
+}
+
+// replace replaces [start:end] in where with what, inplace.
+func replace(where []byte, start, end int, what []byte) []byte {
+	if len(what) >= end-start {
+		where = append(where, what[end-start:]...)
+		copy(where[start+len(what):], where[end:])
+		copy(where[start:], what)
+	} else {
+		copy(where[start+len(what):], where[end:])
+		where = where[:len(where)-(end-start-len(what))]
+		copy(where[start:], what)
+	}
+	return where
+}
diff --git a/pkg/report/report_test.go b/pkg/report/report_test.go
new file mode 100644
index 000000000..023800142
--- /dev/null
+++ b/pkg/report/report_test.go
@@ -0,0 +1,1049 @@
+// Copyright 2015 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package report
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+	"testing"
+
+	"github.com/google/syzkaller/symbolizer"
+)
+
+func TestParse(t *testing.T) {
+	tests := map[string]string{
+		`
+[  772.918915] BUG: unable to handle kernel paging request at ffff88002bde1e40
+unrelateed line
+[  772.919010] IP: [<ffffffff82d4e304>] __memset+0x24/0x30
+[  772.919010] PGD ae2c067 PUD ae2d067 PMD 7faa5067 PTE 800000002bde1060
+[  772.919010] Oops: 0002 [#1] SMP DEBUG_PAGEALLOC KASAN
+[  772.919010] Dumping ftrace buffer:
+[  772.919010]    (ftrace buffer empty)
+[  772.919010] Modules linked in:
+[  772.919010] CPU: 1 PID: 4070 Comm: syz-executor Not tainted 4.8.0-rc3+ #33
+[  772.919010] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+[  772.919010] task: ffff880066be2280 task.stack: ffff880066be8000
+[  772.919010] RIP: 0010:[<ffffffff82d4e304>]  [<ffffffff82d4e304>] __memset+0x24/0x30
+[  772.919010] RSP: 0018:ffff880066befc88  EFLAGS: 00010006
+`: `BUG: unable to handle kernel paging request in __memset`,
+
+		`
+[ 1019.110825] BUG: unable to handle kernel paging request at 000000010000001a
+[ 1019.112065] IP: skb_release_data+0x258/0x470
+`: `BUG: unable to handle kernel paging request in skb_release_data`,
+
+		`
+BUG: unable to handle kernel paging request at 00000000ffffff8a
+IP: [<ffffffff810a376f>] __call_rcu.constprop.76+0x1f/0x280 kernel/rcu/tree.c:3046
+`: `BUG: unable to handle kernel paging request in __call_rcu`,
+
+		`
+[ 1581.999813] BUG: unable to handle kernel paging request at ffffea0000f0e440
+[ 1581.999824] IP: [<ffffea0000f0e440>] 0xffffea0000f0e440
+`: `BUG: unable to handle kernel paging request`,
+
+		`
+[ 1021.362826] kasan: CONFIG_KASAN_INLINE enabled
+[ 1021.363613] kasan: GPF could be caused by NULL-ptr deref or user memory access
+[ 1021.364461] general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN
+[ 1021.365202] Dumping ftrace buffer:
+[ 1021.365408]    (ftrace buffer empty)
+[ 1021.366951] Modules linked in:
+[ 1021.366951] CPU: 2 PID: 29350 Comm: syz-executor Not tainted 4.8.0-rc3+ #33
+[ 1021.366951] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+[ 1021.366951] task: ffff88005b4347c0 task.stack: ffff8800634c0000
+[ 1021.366951] RIP: 0010:[<ffffffff83408ca0>]  [<ffffffff83408ca0>] drm_legacy_newctx+0x190/0x290
+[ 1021.366951] RSP: 0018:ffff8800634c7c50  EFLAGS: 00010246
+[ 1021.366951] RAX: dffffc0000000000 RBX: ffff880068f28840 RCX: ffffc900021d0000
+[ 1021.372626] RDX: 0000000000000000 RSI: ffff8800634c7cf8 RDI: ffff880064c0b600
+[ 1021.374099] RBP: ffff8800634c7c70 R08: 0000000000000000 R09: 0000000000000000
+[ 1021.374099] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
+[ 1021.375281] R13: ffff880067aa6000 R14: 0000000000000000 R15: 0000000000000000
+`: `general protection fault in drm_legacy_newctx`,
+
+		`
+[ 1722.509639] kasan: GPF could be caused by NULL-ptr deref or user memory access
+[ 1722.510515] general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN
+[ 1722.511227] Dumping ftrace buffer:
+[ 1722.511384]    (ftrace buffer empty)
+[ 1722.511384] Modules linked in:
+[ 1722.511384] CPU: 3 PID: 6856 Comm: syz-executor Not tainted 4.8.0-rc3-next-20160825+ #8
+[ 1722.511384] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+[ 1722.511384] task: ffff88005ea761c0 task.stack: ffff880050628000
+[ 1722.511384] RIP: 0010:[<ffffffff8213c531>]  [<ffffffff8213c531>] logfs_init_inode.isra.6+0x111/0x470
+[ 1722.511384] RSP: 0018:ffff88005062fb48  EFLAGS: 00010206
+`: `general protection fault in logfs_init_inode`,
+
+		`
+general protection fault: 0000 [#1] SMP KASAN
+Dumping ftrace buffer:
+   (ftrace buffer empty)
+Modules linked in:
+CPU: 0 PID: 27388 Comm: syz-executor5 Not tainted 4.10.0-rc6+ #117
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+task: ffff88006252db40 task.stack: ffff880062090000
+RIP: 0010:__ip_options_echo+0x120a/0x1770
+RSP: 0018:ffff880062097530 EFLAGS: 00010206
+RAX: dffffc0000000000 RBX: ffff880062097910 RCX: 0000000000000000
+RDX: 0000000000000003 RSI: ffffffff83988dca RDI: 0000000000000018
+RBP: ffff8800620976a0 R08: ffff88006209791c R09: ffffed000c412f26
+R10: 0000000000000004 R11: ffffed000c412f25 R12: ffff880062097900
+R13: ffff88003a8c0a6c R14: 1ffff1000c412eb3 R15: 000000000000000d
+FS:  00007fd61b443700(0000) GS:ffff88003ec00000(0000) knlGS:0000000000000000
+CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 000000002095f000 CR3: 0000000062876000 CR4: 00000000000006f0
+`: `general protection fault in __ip_options_echo`,
+
+		`
+==================================================================
+BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 at addr ffff88003a6bd110
+Read of size 8 by task a.out/6260
+BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 at addr ffff88003a6bd110
+Write of size 4 by task a.out/6260
+`: `KASAN: slab-out-of-bounds Read in memcpy`,
+
+		`
+[   50.583499] BUG: KASAN: use-after-free in remove_wait_queue+0xfb/0x120 at addr ffff88002db3cf50
+[   50.583499] Write of size 8 by task syzkaller_execu/10568 
+`: `KASAN: use-after-free Write in remove_wait_queue`,
+
+		`
+[  380.688570] BUG: KASAN: use-after-free in copy_from_iter+0xf30/0x15e0 at addr ffff880033f4b02a
+[  380.688570] Read of size 4059 by task syz-executor/29957
+`: `KASAN: use-after-free Read in copy_from_iter`,
+
+		`
+[23818.431954] BUG: KASAN: null-ptr-deref on address           (null)
+
+[23818.438140] Read of size 4 by task syz-executor/22534
+
+[23818.443211] CPU: 3 PID: 22534 Comm: syz-executor Tainted: G     U         3.18.0 #78
+`: `KASAN: null-ptr-deref Read of size 4`,
+
+		`
+[  149.188010] BUG: unable to handle kernel NULL pointer dereference at 000000000000058c
+unrelateed line
+[  149.188010] IP: [<ffffffff8148e81d>] __lock_acquire+0x2bd/0x3410
+`: `BUG: unable to handle kernel NULL pointer dereference in __lock_acquire`,
+
+		`
+[   55.112844] BUG: unable to handle kernel NULL pointer dereference at 000000000000001a
+[   55.113569] IP: skb_release_data+0x258/0x470
+`: `BUG: unable to handle kernel NULL pointer dereference in skb_release_data`,
+
+		`
+[   50.583499] WARNING: CPU: 2 PID: 2636 at ipc/shm.c:162 shm_open.isra.5.part.6+0x74/0x80
+[   50.583499] Modules linked in: 
+`: `WARNING in shm_open`,
+
+		`
+[  753.120788] WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:316 dev_watchdog+0x648/0x770
+[  753.122260] NETDEV WATCHDOG: eth0 (e1000): transmit queue 0 timed out
+`: `WARNING in dev_watchdog`,
+
+		`
+------------[ cut here ]------------
+WARNING: CPU: 3 PID: 1975 at fs/locks.c:241 locks_free_lock_context+0x118/0x180()
+`: `WARNING in locks_free_lock_context`,
+
+		`
+WARNING: CPU: 3 PID: 23810 at /linux-src-3.18/net/netlink/genetlink.c:1037 genl_unbind+0x110/0x130()
+`: `WARNING in genl_unbind`,
+
+		`
+=======================================================
+[ INFO: possible circular locking dependency detected ]
+2.6.32-rc6-00035-g8b17a4f #1
+-------------------------------------------------------
+kacpi_hotplug/246 is trying to acquire lock:
+ (kacpid){+.+.+.}, at: [<ffffffff8105bbd0>] flush_workqueue+0x0/0xb0
+`: `possible deadlock in flush_workqueue`,
+
+		`WARNING: possible circular locking dependency detected
+4.12.0-rc2-next-20170525+ #1 Not tainted
+------------------------------------------------------
+kworker/u4:2/54 is trying to acquire lock:
+ (&buf->lock){+.+...}, at: [<ffffffff9edb41bb>] tty_buffer_flush+0xbb/0x3a0 drivers/tty/tty_buffer.c:221
+
+but task is already holding lock:
+ (&o_tty->termios_rwsem/1){++++..}, at: [<ffffffff9eda4961>] isig+0xa1/0x4d0 drivers/tty/n_tty.c:1100
+
+which lock already depends on the new lock.
+`: `possible deadlock in tty_buffer_flush`,
+
+		`
+[   44.025025] =========================================================
+[   44.025025] [ INFO: possible irq lock inversion dependency detected ]
+[   44.025025] 4.10.0-rc8+ #228 Not tainted
+[   44.025025] ---------------------------------------------------------
+[   44.025025] syz-executor6/1577 just changed the state of lock:
+[   44.025025]  (&(&r->consumer_lock)->rlock){+.+...}, at: [<ffffffff82de6c86>] tun_queue_purge+0xe6/0x210
+`: `possible deadlock in tun_queue_purge`,
+
+		`
+[  121.451623] ======================================================
+[  121.452013] [ INFO: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected ]
+[  121.452013] 4.10.0-rc8+ #228 Not tainted
+[  121.453507] ------------------------------------------------------
+[  121.453507] syz-executor1/19557 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
+[  121.453507]  (&(&r->consumer_lock)->rlock){+.+...}, at: [<ffffffff82df4347>] tun_device_event+0x897/0xc70
+`: `possible deadlock in tun_device_event`,
+
+		`
+[   48.981019] =============================================
+[   48.981019] [ INFO: possible recursive locking detected ]
+[   48.981019] 4.11.0-rc4+ #198 Not tainted
+[   48.981019] ---------------------------------------------
+[   48.981019] kauditd/901 is trying to acquire lock:
+[   48.981019]  (audit_cmd_mutex){+.+.+.}, at: [<ffffffff81585f59>] audit_receive+0x79/0x360
+`: `possible deadlock in audit_receive`,
+
+		`
+[  131.449768] ======================================================
+[  131.449777] [ INFO: possible circular locking dependency detected ]
+[  131.449789] 3.10.37+ #1 Not tainted
+[  131.449797] -------------------------------------------------------
+[  131.449807] swapper/2/0 is trying to acquire lock:
+[  131.449859]  (&port_lock_key){-.-...}, at: [<c036a6dc>]     serial8250_console_write+0x108/0x134
+[  131.449866] 
+`: `possible deadlock in serial8250_console_write`,
+
+		`
+[   52.261501] =================================
+[   52.261501] [ INFO: inconsistent lock state ]
+[   52.261501] 4.10.0+ #60 Not tainted
+[   52.261501] ---------------------------------
+[   52.261501] inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
+[   52.261501] syz-executor3/5076 [HC0[0]:SC0[0]:HE1:SE1] takes:
+[   52.261501]  (&(&hashinfo->ehash_locks[i])->rlock){+.?...}, at: [<ffffffff83a6a370>] inet_ehash_insert+0x240/0xad0
+`: `inconsistent lock state in inet_ehash_insert`,
+
+		`
+[ INFO: suspicious RCU usage. ]
+4.3.5-smp-DEV #101 Not tainted
+-------------------------------
+net/core/filter.c:1917 suspicious rcu_dereference_protected() usage!
+other info that might help us debug this:
+`: `suspicious RCU usage at net/core/filter.c:1917`,
+
+		`
+[   37.540474] ===============================
+[   37.540478] [ INFO: suspicious RCU usage. ]
+[   37.540495] 4.9.0-rc4+ #47 Not tainted
+2016/11/12 06:52:29 executing program 1:
+r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
+[   37.540522] -------------------------------
+[   37.540535] ./include/linux/kvm_host.h:536 suspicious rcu_dereference_check() usage!
+[   37.540539] 
+[   37.540539] other info that might help us debug this:
+[   37.540539] 
+[   37.540548] 
+[   37.540548] rcu_scheduler_active = 1, debug_locks = 0
+[   37.540557] 1 lock held by syz-executor/3985:
+[   37.540566]  #0: 
+[   37.540571]  (
+[   37.540576] &vcpu->mutex
+[   37.540580] ){+.+.+.}
+[   37.540609] , at: 
+[   37.540610] [<ffffffff81055862>] vcpu_load+0x22/0x70
+[   37.540614] 
+[   37.540614] stack backtrace:
+`: `suspicious RCU usage at ./include/linux/kvm_host.h:536`,
+
+		`
+[   80.586804] =====================================
+[  734.270366] [ BUG: syz-executor/31761 still has locks held! ]
+[  734.307462] 4.8.0+ #30 Not tainted
+[  734.325126] -------------------------------------
+[  734.417271] 1 lock held by syz-executor/31761:
+[  734.442178]  #0:  (&pipe->mutex/1){+.+.+.}, at: [<ffffffff81844c6b>] pipe_lock+0x5b/0x70
+[  734.451474] 
+[  734.451474] stack backtrace:
+[  734.521109] CPU: 0 PID: 31761 Comm: syz-executor Not tainted 4.8.0+ #30
+[  734.527900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+[  734.537256]  ffff8800458dfa38 ffffffff82d383a9 ffffffff00000000 fffffbfff1097248
+[  734.545358]  ffff88005639a700 ffff88005639a700 dffffc0000000000 ffff88005639a700
+[  734.553482]  ffff8800530148f8 ffff8800458dfa58 ffffffff81463cb5 0000000000000000
+[  734.562654] Call Trace:
+[  734.565257]  [<ffffffff82d383a9>] dump_stack+0x12e/0x185
+[  734.570819]  [<ffffffff81463cb5>] debug_check_no_locks_held+0x125/0x140
+[  734.577590]  [<ffffffff860bae47>] unix_stream_read_generic+0x1317/0x1b70
+[  734.584440]  [<ffffffff860b9b30>] ? unix_getname+0x290/0x290
+[  734.590238]  [<ffffffff8146870b>] ? __lock_acquire+0x7fb/0x3410
+[  734.596306]  [<ffffffff81467f10>] ? debug_check_no_locks_freed+0x3c0/0x3c0
+[  734.603322]  [<ffffffff81905282>] ? fsnotify+0xca2/0x1020
+[  734.608874]  [<ffffffff81467f10>] ? debug_check_no_locks_freed+0x3c0/0x3c0
+[  734.615894]  [<ffffffff814475b0>] ? prepare_to_wait_event+0x450/0x450
+[  734.622486]  [<ffffffff860bb7fb>] unix_stream_splice_read+0x15b/0x1d0
+[  734.629066]  [<ffffffff860bb6a0>] ? unix_stream_read_generic+0x1b70/0x1b70
+[  734.636086]  [<ffffffff82b27c3a>] ? common_file_perm+0x15a/0x3a0
+[  734.642242]  [<ffffffff860b52f0>] ? unix_accept+0x460/0x460
+[  734.647963]  [<ffffffff82a5c02e>] ? security_file_permission+0x8e/0x1e0
+[  734.654729]  [<ffffffff860bb6a0>] ? unix_stream_read_generic+0x1b70/0x1b70
+[  734.661754]  [<ffffffff85afc54e>] sock_splice_read+0xbe/0x100
+[  734.667649]  [<ffffffff85afc490>] ? kernel_sock_shutdown+0x80/0x80
+[  734.673973]  [<ffffffff818d11ff>] do_splice_to+0x10f/0x170
+[  734.679697]  [<ffffffff818d6acc>] SyS_splice+0x114c/0x15b0
+[  734.685329]  [<ffffffff81506bf4>] ? SyS_futex+0x144/0x2e0
+[  734.690961]  [<ffffffff818d5980>] ? compat_SyS_vmsplice+0x250/0x250
+[  734.697375]  [<ffffffff8146750c>] ? trace_hardirqs_on_caller+0x44c/0x5e0
+[  734.704230]  [<ffffffff8100501a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
+[  734.710821]  [<ffffffff86da6d05>] entry_SYSCALL_64_fastpath+0x23/0xc6
+[  734.717436]  [<ffffffff816939e7>] ? perf_event_mmap+0x77/0xb20
+`: `BUG: still has locks held in pipe_lock`,
+
+		`
+=====================================
+[ BUG: bad unlock balance detected! ]
+4.10.0+ #179 Not tainted
+-------------------------------------
+syz-executor1/21439 is trying to release lock (sk_lock-AF_INET) at:
+[<ffffffff83f7ac8b>] sctp_sendmsg+0x2a3b/0x38a0 net/sctp/socket.c:2007
+`: `BUG: bad unlock balance in sctp_sendmsg`,
+
+		`
+[  633.049984] =========================
+[  633.049987] [ BUG: held lock freed! ]
+[  633.049993] 4.10.0+ #260 Not tainted
+[  633.049996] -------------------------
+[  633.050005] syz-executor7/27251 is freeing memory ffff8800178f8180-ffff8800178f8a77, with a lock still held there!
+[  633.050009]  (slock-AF_INET6){+.-...}, at: [<ffffffff835f22c9>] sk_clone_lock+0x3d9/0x12c0
+`: `BUG: held lock freed in sk_clone_lock`,
+
+		`
+[ 2569.618120] BUG: Bad rss-counter state mm:ffff88005fac4300 idx:0 val:15
+`: `BUG: Bad rss-counter state`,
+
+		`
+[    4.556968] ================================================================================
+[    4.556972] UBSAN: Undefined behaviour in drivers/usb/core/devio.c:1517:25
+[    4.556975] shift exponent -1 is negative
+[    4.556979] CPU: 2 PID: 3624 Comm: usb Not tainted 4.5.0-rc1 #252
+[    4.556981] Hardware name: Apple Inc. MacBookPro10,2/Mac-AFD8A9D944EA4843, BIOS MBP102.88Z.0106.B0A.1509130955 09/13/2015
+[    4.556984]  0000000000000000 0000000000000000 ffffffff845c6528 ffff8802493b3c68
+[    4.556988]  ffffffff81b2e7d9 0000000000000007 ffff8802493b3c98 ffff8802493b3c80
+[    4.556992]  ffffffff81bcb87d ffffffffffffffff ffff8802493b3d10 ffffffff81bcc1c1
+[    4.556996] Call Trace:
+[    4.557004]  [<ffffffff81b2e7d9>] dump_stack+0x45/0x6c
+[    4.557010]  [<ffffffff81bcb87d>] ubsan_epilogue+0xd/0x40
+[    4.557015]  [<ffffffff81bcc1c1>] __ubsan_handle_shift_out_of_bounds+0xf1/0x140
+[    4.557030]  [<ffffffff822247af>] ? proc_do_submiturb+0x9af/0x2c30
+[    4.557034]  [<ffffffff82226794>] proc_do_submiturb+0x2994/0x2c30
+`: `UBSAN: Undefined behaviour in drivers/usb/core/devio.c:1517:25`,
+
+		`
+[    3.805449] ================================================================================
+[    3.805453] UBSAN: Undefined behaviour in ./arch/x86/include/asm/atomic.h:156:2
+[    3.805455] signed integer overflow:
+[    3.805456] -1720106381 + -1531247276 cannot be represented in type 'int'
+[    3.805460] CPU: 3 PID: 3235 Comm: cups-browsed Not tainted 4.5.0-rc1 #252
+[    3.805461] Hardware name: Apple Inc. MacBookPro10,2/Mac-AFD8A9D944EA4843, BIOS MBP102.88Z.0106.B0A.1509130955 09/13/2015
+[    3.805465]  0000000000000000 0000000000000000 ffffffffa4bb0554 ffff88025f2c37c8
+[    3.805468]  ffffffff81b2e7d9 0000000000000001 ffff88025f2c37f8 ffff88025f2c37e0
+[    3.805470]  ffffffff81bcb87d ffffffff84b16a74 ffff88025f2c3868 ffffffff81bcbc4d
+[    3.805471] Call Trace:
+[    3.805478]  <IRQ>  [<ffffffff81b2e7d9>] dump_stack+0x45/0x6c
+[    3.805483]  [<ffffffff81bcb87d>] ubsan_epilogue+0xd/0x40
+[    3.805485]  [<ffffffff81bcbc4d>] handle_overflow+0xbd/0xe0
+[    3.805490]  [<ffffffff82b3409f>] ? csum_partial_copy_nocheck+0xf/0x20
+[    3.805493]  [<ffffffff81d635df>] ? get_random_bytes+0x4f/0x100
+[    3.805496]  [<ffffffff81bcbc7e>] __ubsan_handle_add_overflow+0xe/0x10
+[    3.805500]  [<ffffffff82680a4a>] ip_idents_reserve+0x9a/0xd0
+[    3.805503]  [<ffffffff826835e9>] __ip_select_ident+0xc9/0x160
+`: `UBSAN: Undefined behaviour in ./arch/x86/include/asm/atomic.h:156:2`,
+
+		`
+[   50.583499] UBSAN: Undefined behaviour in kernel/time/hrtimer.c:310:16
+[   50.583499] signed integer overflow:
+`: `UBSAN: Undefined behaviour in kernel/time/hrtimer.c:310:16`,
+
+		`
+------------[ cut here ]------------
+kernel BUG at fs/buffer.c:1917!
+invalid opcode: 0000 [#1] SMP
+`: `kernel BUG at fs/buffer.c:1917!`,
+
+		`
+[  167.347989] Disabling lock debugging due to kernel taint
+[  167.353311] Unable to handle kernel paging request at virtual address dead000000000108
+[  167.361225] pgd = ffffffc0a39a0000
+[  167.364630] [dead000000000108] *pgd=0000000000000000, *pud=0000000000000000
+[  167.371618] Internal error: Oops: 96000044 [#1] PREEMPT SMP
+[  167.377205] CPU: 2 PID: 12170 Comm: syz-executor Tainted: G    BU         3.18.0 #78
+[  167.384944] Hardware name: Google Tegra210 Smaug Rev 1,3+ (DT)
+[  167.390780] task: ffffffc016e04e80 ti: ffffffc016110000 task.ti: ffffffc016110000
+[  167.398267] PC is at _snd_timer_stop.constprop.9+0x184/0x2b0
+[  167.403931] LR is at _snd_timer_stop.constprop.9+0x184/0x2b0
+[  167.409593] pc : [<ffffffc000d394c4>] lr : [<ffffffc000d394c4>] pstate: 200001c5
+[  167.416985] sp : ffffffc016113990
+`: `unable to handle kernel paging request in _snd_timer_stop`,
+
+		`
+Unable to handle kernel paging request at virtual address 0c0c9ca0
+pgd = c0004000
+[0c0c9ca0] *pgd=00000000
+Internal error: Oops: 5 [#1] PREEMPT
+last sysfs file: /sys/devices/virtual/irqk/irqk/dev
+Modules linked in: cmemk dm365mmap edmak irqk
+CPU: 0    Not tainted  (2.6.32-17-ridgerun #22)
+PC is at blk_rq_map_sg+0x70/0x2c0
+LR is at mmc_queue_map_sg+0x2c/0xa4
+pc : [<c01751ac>]    lr : [<c025a42c>]    psr: 80000013
+sp : c23e1db0  ip : c3cf8848  fp : c23e1df4
+`: `unable to handle kernel paging request in blk_rq_map_sg`,
+
+		`
+[ 2713.133889] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000013
+[ 2713.133889] 
+[ 2713.136293] CPU: 2 PID: 1 Comm: init.sh Not tainted 4.8.0-rc3+ #35
+[ 2713.138395] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+[ 2713.138395]  ffffffff884b8280 ffff88003e1f79b8 ffffffff82d1b1d9 ffffffff00000001
+[ 2713.138395]  fffffbfff1097050 ffffffff86e90b20 ffff88003e1f7a90 dffffc0000000000
+[ 2713.138395]  dffffc0000000000 ffff88006cc97af0 ffff88003e1f7a80 ffffffff816ab4e3
+[ 2713.153531] Call Trace:
+[ 2713.153531]  [<ffffffff82d1b1d9>] dump_stack+0x12e/0x185
+[ 2713.153531]  [<ffffffff816ab4e3>] panic+0x1e4/0x3ef
+[ 2713.153531]  [<ffffffff816ab2ff>] ? set_ti_thread_flag+0x1e/0x1e
+[ 2713.153531]  [<ffffffff8138e51e>] ? do_exit+0x8ce/0x2c10
+[ 2713.153531]  [<ffffffff86c24cc7>] ? _raw_write_unlock_irq+0x27/0x70
+[ 2713.153531]  [<ffffffff8139012f>] do_exit+0x24df/0x2c10
+[ 2713.153531]  [<ffffffff8138dc50>] ? mm_update_next_owner+0x640/0x640
+`: `kernel panic: Attempted to kill init!`,
+
+		`
+[  616.344091] Kernel panic - not syncing: Fatal exception in interrupt
+`: `kernel panic: Fatal exception in interrupt`,
+
+		`
+[  616.309156] divide error: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN
+[  616.310026] Dumping ftrace buffer:
+[  616.310085]    (ftrace buffer empty)
+[  616.310085] Modules linked in:
+[  616.310085] CPU: 1 PID: 22257 Comm: syz-executor Not tainted 4.8.0-rc3+ #35
+[  616.310085] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+[  616.312546] task: ffff88002fe9e580 task.stack: ffff8800316a8000
+[  616.312546] RIP: 0010:[<ffffffff8575b41c>]  [<ffffffff8575b41c>] snd_hrtimer_callback+0x1bc/0x3c0
+[  616.312546] RSP: 0018:ffff88003ed07d98  EFLAGS: 00010006
+`: `divide error in snd_hrtimer_callback`,
+
+		`
+divide error: 0000 [#1] SMP KASAN
+Dumping ftrace buffer:
+   (ftrace buffer empty)
+Modules linked in:
+CPU: 2 PID: 5664 Comm: syz-executor5 Not tainted 4.10.0-rc6+ #122
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+task: ffff88003a46adc0 task.stack: ffff880036a00000
+RIP: 0010:__tcp_select_window+0x6db/0x920
+RSP: 0018:ffff880036a07638 EFLAGS: 00010212
+RAX: 0000000000000480 RBX: ffff880036a077d0 RCX: ffffc900030db000
+RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88003809c3b5
+RBP: ffff880036a077f8 R08: ffff880039de5dc0 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000480
+R13: 0000000000000000 R14: ffff88003809bb00 R15: 0000000000000000
+FS:  00007f35ecf32700(0000) GS:ffff88006de00000(0000) knlGS:0000000000000000
+CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00000000205fb000 CR3: 0000000032467000 CR4: 00000000000006e0
+`: `divide error in __tcp_select_window`,
+
+		`
+unreferenced object 0xffff880039a55260 (size 64): 
+  comm "executor", pid 11746, jiffies 4298984475 (age 16.078s) 
+  hex dump (first 32 bytes): 
+    2f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  /............... 
+    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
+  backtrace: 
+    [<ffffffff848a2f5f>] sock_kmalloc+0x7f/0xc0 net/core/sock.c:1774 
+    [<ffffffff84e5bea0>] do_ipv6_setsockopt.isra.7+0x15d0/0x2830 net/ipv6/ipv6_sockglue.c:483 
+    [<ffffffff84e5d19b>] ipv6_setsockopt+0x9b/0x140 net/ipv6/ipv6_sockglue.c:885 
+    [<ffffffff8544616c>] sctp_setsockopt+0x15c/0x36c0 net/sctp/socket.c:3702 
+    [<ffffffff848a2035>] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2645 
+    [<ffffffff8489f1d8>] SyS_setsockopt+0x158/0x240 net/socket.c:1736 
+`: `memory leak in ipv6_setsockopt (size 64)`,
+
+		`
+unreferenced object 0xffff8800342540c0 (size 1864): 
+  comm "a.out", pid 24109, jiffies 4299060398 (age 27.984s) 
+  hex dump (first 32 bytes): 
+    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................ 
+    0a 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00  ...@............ 
+  backtrace: 
+    [<ffffffff85c73a22>] kmemleak_alloc+0x72/0xc0 mm/kmemleak.c:915 
+    [<ffffffff816cc14d>] kmem_cache_alloc+0x12d/0x2c0 mm/slub.c:2607 
+    [<ffffffff84b642c9>] sk_prot_alloc+0x69/0x340 net/core/sock.c:1344 
+    [<ffffffff84b6d36a>] sk_alloc+0x3a/0x6b0 net/core/sock.c:1419 
+    [<ffffffff850c6d57>] inet6_create+0x2d7/0x1000 net/ipv6/af_inet6.c:173 
+    [<ffffffff84b5f47c>] __sock_create+0x37c/0x640 net/socket.c:1162 
+`: `memory leak in sk_prot_alloc (size 1864)`,
+
+		`
+unreferenced object 0xffff880133c63800 (size 1024):
+  comm "exe", pid 1521, jiffies 4294894652
+  backtrace:
+    [<ffffffff810f8f36>] create_object+0x126/0x2b0
+    [<ffffffff810f91d5>] kmemleak_alloc+0x25/0x60
+    [<ffffffff810f32a3>] __kmalloc+0x113/0x200
+    [<ffffffff811aa061>] ext4_mb_init+0x1b1/0x570
+    [<ffffffff8119b3d2>] ext4_fill_super+0x1de2/0x26d0
+`: `memory leak in __kmalloc (size 1024)`,
+
+		`
+unreferenced object 0xc625e000 (size 2048):
+  comm "swapper", pid 1, jiffies 4294937521
+  backtrace:
+    [<c00c89f0>] create_object+0x11c/0x200
+    [<c00c6764>] __kmalloc_track_caller+0x138/0x178
+    [<c01d78c0>] __alloc_skb+0x4c/0x100
+    [<c01d8490>] dev_alloc_skb+0x18/0x3c
+    [<c0198b48>] eth_rx_fill+0xd8/0x3fc
+    [<c019ac74>] mv_eth_start_internals+0x30/0xf8
+`: `memory leak in __alloc_skb (size 2048)`,
+
+		`
+unreferenced object 0xdb8040c0 (size 20):
+  comm "swapper", pid 0, jiffies 4294667296
+  backtrace:
+    [<c04fd8b3>] kmemleak_alloc+0x193/0x2b8
+    [<c04f5e73>] kmem_cache_alloc+0x11e/0x174
+    [<c0aae5a7>] debug_objects_mem_init+0x63/0x1d9
+    [<c0a86a62>] start_kernel+0x2da/0x38d
+    [<c0a86090>] i386_start_kernel+0x7f/0x98
+    [<ffffffff>] 0xffffffff
+`: `memory leak in debug_objects_mem_init (size 20)`,
+
+		`
+BUG: sleeping function called from invalid context at include/linux/wait.h:1095 
+in_atomic(): 1, irqs_disabled(): 0, pid: 3658, name: syz-fuzzer 
+`: `BUG: sleeping function called from invalid context at include/linux/wait.h:1095 `,
+
+		`
+[  277.780013] INFO: rcu_sched self-detected stall on CPU
+[  277.781045] INFO: rcu_sched detected stalls on CPUs/tasks:
+[  277.781153] 	1-...: (65000 ticks this GP) idle=395/140000000000001/0 softirq=122875/122875 fqs=16248 
+[  277.781197] 	(detected by 0, t=65002 jiffies, g=72940, c=72939, q=1777)
+[  277.781212] Sending NMI from CPU 0 to CPUs 1:
+[  277.782014] NMI backtrace for cpu 1
+[  277.782014] CPU: 1 PID: 12579 Comm: syz-executor0 Not tainted 4.11.0-rc3+ #71
+[  277.782014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+[  277.782014] task: ffff8801d379e140 task.stack: ffff8801cd590000
+[  277.782014] RIP: 0010:io_serial_in+0x6b/0x90
+[  277.782014] RSP: 0018:ffff8801dbf066a0 EFLAGS: 00000002
+[  277.782014] RAX: dffffc0000000000 RBX: 00000000000003fd RCX: 0000000000000000
+[  277.782014] RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff87020018
+[  277.782014] RBP: ffff8801dbf066b0 R08: 0000000000000003 R09: 0000000000000001
+[  277.782014] R10: dffffc0000000000 R11: ffffffff867ba200 R12: ffffffff8701ffe0
+[  277.782014] R13: 0000000000000020 R14: fffffbfff0e04041 R15: fffffbfff0e04005
+[  277.782014] FS:  00007fce6fc10700(0000) GS:ffff8801dbf00000(0000) knlGS:0000000000000000
+[  277.782014] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[  277.782014] CR2: 000000002084fffc CR3: 00000001c4500000 CR4: 00000000001406e0
+[  277.782014] Call Trace:
+[  277.782014]  <IRQ>
+[  277.782014]  wait_for_xmitr+0x89/0x1c0
+[  277.782014]  ? wait_for_xmitr+0x1c0/0x1c0
+[  277.782014]  serial8250_console_putchar+0x1f/0x60
+[  277.782014]  uart_console_write+0x57/0xe0
+[  277.782014]  serial8250_console_write+0x423/0x840
+[  277.782014]  ? check_noncircular+0x20/0x20
+[  277.782014]  hrtimer_interrupt+0x1c2/0x5e0
+[  277.782014]  local_apic_timer_interrupt+0x6f/0xe0
+[  277.782014]  smp_apic_timer_interrupt+0x71/0xa0
+[  277.782014]  apic_timer_interrupt+0x93/0xa0
+[  277.782014] RIP: 0010:debug_lockdep_rcu_enabled.part.19+0xf/0x60
+[  277.782014] RSP: 0018:ffff8801cd596778 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff10
+[  277.782014] RAX: dffffc0000000000 RBX: 1ffff10039ab2cf7 RCX: ffffc90001758000
+[  277.782014] RDX: 0000000000000004 RSI: ffffffff840561f1 RDI: ffffffff852a75c0
+[  277.782014] RBP: ffff8801cd596780 R08: 0000000000000001 R09: 0000000000000000
+[  277.782014] R10: dffffc0000000000 R11: ffffffff867ba200 R12: 1ffff10039ab2d1b
+[  277.782014] R13: ffff8801c44d1880 R14: ffff8801cd596918 R15: ffff8801d9b47840
+[  277.782014]  </IRQ>
+[  277.782014]  ? __sctp_write_space+0x5b1/0x920
+[  277.782014]  debug_lockdep_rcu_enabled+0x77/0x90
+[  277.782014]  __sctp_write_space+0x5b6/0x920
+[  277.782014]  ? __sctp_write_space+0x3f7/0x920
+[  277.782014]  ? sctp_transport_lookup_process+0x190/0x190
+[  277.782014]  ? trace_hardirqs_on_thunk+0x1a/0x1c
+`: `INFO: rcu detected stall in __sctp_write_space`,
+
+		`
+INFO: rcu_preempt detected stalls on CPUs/tasks: { 2} (detected by 0, t=65008 jiffies, g=48068, c=48067, q=7339)
+`: `INFO: rcu detected stall`,
+
+		`
+[  317.168127] INFO: rcu_sched detected stalls on CPUs/tasks: { 0} (detected by 1, t=2179 jiffies, g=740, c=739, q=1)
+`: `INFO: rcu detected stall`,
+
+		`
+[   50.583499] something
+[   50.583499] INFO: rcu_preempt self-detected stall on CPU
+[   50.583499]         0: (20822 ticks this GP) idle=94b/140000000000001/0
+`: `INFO: rcu detected stall`,
+
+		`
+[   50.583499] INFO: rcu_sched self-detected stall on CPU
+`: `INFO: rcu detected stall`,
+
+		`
+BUG: spinlock lockup suspected on CPU#2, syz-executor/12636
+`: `BUG: spinlock lockup suspected`,
+
+		`
+BUG: soft lockup - CPU#3 stuck for 11s! [syz-executor:643]
+`: `BUG: soft lockup`,
+
+		`
+BUG: spinlock lockup suspected on CPU#2, syz-executor/12636
+BUG: soft lockup - CPU#3 stuck for 11s! [syz-executor:643]
+`: `BUG: spinlock lockup suspected`,
+
+		`
+BUG: soft lockup - CPU#3 stuck for 11s! [syz-executor:643]
+BUG: spinlock lockup suspected on CPU#2, syz-executor/12636
+`: `BUG: soft lockup`,
+
+		`
+[  213.269287] BUG: spinlock recursion on CPU#0, syz-executor7/5032
+[  213.281506]  lock: 0xffff88006c122d00, .magic: dead4ead, .owner: syz-executor7/5032, .owner_cpu: -1
+[  213.285112] CPU: 0 PID: 5032 Comm: syz-executor7 Not tainted 4.9.0-rc7+ #58
+[  213.285112] Hardware name: Google Google/Google, BIOS Google 01/01/2011
+[  213.285112]  ffff880057c17538 ffffffff834c3ae9 ffffffff00000000 1ffff1000af82e3a
+[  213.285112]  ffffed000af82e32 0000000041b58ab3 ffffffff89580db8 ffffffff834c37fb
+[  213.285112]  ffff880068ad8858 ffff880068ad8860 1ffff1000af82e2c 0000000041b58ab3
+[  213.285112] Call Trace:
+[  213.285112]  [<ffffffff834c3ae9>] dump_stack+0x2ee/0x3f5
+[  213.618060]  [<ffffffff834c37fb>] ? arch_local_irq_restore+0x53/0x53
+[  213.618060]  [<ffffffff81576cd2>] spin_dump+0x152/0x280
+[  213.618060]  [<ffffffff81577284>] do_raw_spin_lock+0x3f4/0x5d0
+[  213.618060]  [<ffffffff881a2750>] _raw_spin_lock+0x40/0x50
+[  213.618060]  [<ffffffff814b7615>] ? __task_rq_lock+0xf5/0x330
+[  213.618060]  [<ffffffff814b7615>] __task_rq_lock+0xf5/0x330
+[  213.618060]  [<ffffffff814c89b2>] wake_up_new_task+0x592/0x1000
+`: `BUG: spinlock recursion`,
+
+		`
+[  843.240752] INFO: task getty:2986 blocked for more than 120 seconds.
+[  843.247365]       Not tainted 3.18.0-13280-g93f6785-dirty #12
+[  843.253777] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
+[  843.261764] getty           D ffffffff83e27d60 28152  2986      1 0x00000002
+[  843.269316]  ffff88005bb6f908 0000000000000046 ffff880050b6ab70 ffff880061e1c5d0
+[  843.277435]  fffffbfff07c4802 ffff880061e1cde8 ffffffff83e27d60 ffff88005cb71580
+[  843.285515]  ffff88005bb6f968 0000000000000000 1ffff1000b76df2b ffff88005cb71580
+[  843.293802] Call Trace:
+[  843.296385]  [<ffffffff835bdeb4>] schedule+0x64/0x160
+[  843.301593]  [<ffffffff835c9c1a>] schedule_timeout+0x2fa/0x5d0
+[  843.307563]  [<ffffffff835c9920>] ? console_conditional_schedule+0x30/0x30
+[  843.314790]  [<ffffffff811c1eb2>] ? pick_next_task_fair+0xeb2/0x1680
+[  843.321296]  [<ffffffff81d9b3ed>] ? check_preemption_disabled+0x3d/0x210
+[  843.328311]  [<ffffffff835cb4ec>] ldsem_down_write+0x1ac/0x357
+[  843.334295]  [<ffffffff835cb340>] ? ldsem_down_read+0x3a0/0x3a0
+[  843.340437]  [<ffffffff835bec62>] ? preempt_schedule+0x62/0xa0
+[  843.346418]  [<ffffffff835cbdd2>] tty_ldisc_lock_pair_timeout+0xb2/0x160
+[  843.353363]  [<ffffffff81f8b03f>] tty_ldisc_hangup+0x21f/0x720
+`: `INFO: task hung`,
+
+		`
+BUG UNIX (Not tainted): kasan: bad access detected
+`: ``,
+
+		`
+[901320.960000] INFO: lockdep is turned off.
+`: ``,
+
+		`
+INFO: Stall ended before state dump start
+`: ``,
+
+		`
+WARNING: /etc/ssh/moduli does not exist, using fixed modulus
+`: ``,
+
+		`
+[ 1579.244514] BUG: KASAN: slab-out-of-bounds in ip6_fragment+0x1052/0x2d80 at addr ffff88004ec29b58
+`: `KASAN: slab-out-of-bounds in ip6_fragment at addr ADDR`,
+
+		`
+[  982.271203] BUG: spinlock bad magic on CPU#0, syz-executor12/24932
+`: `BUG: spinlock bad magic`,
+
+		`
+[  374.860710] BUG: KASAN: use-after-free in do_con_write.part.23+0x1c50/0x1cb0 at addr ffff88000012c43a
+`: `KASAN: use-after-free in do_con_write.part.23 at addr ADDR`,
+
+		`
+[  163.314570] WARNING: kernel stack regs at ffff8801d100fea8 in syz-executor1:16059 has bad 'bp' value ffff8801d100ff28
+`: `WARNING: kernel stack regs has bad 'bp' value`,
+
+		`
+[   76.825838] BUG: using __this_cpu_add() in preemptible [00000000] code: syz-executor0/10076
+`: `BUG: using __this_cpu_add() in preemptible [ADDR] code: syz-executor`,
+
+		`
+[  367.131148] BUG kmalloc-8 (Tainted: G    B         ): Object already free
+`: `BUG: Object already free`,
+
+		`
+[   92.396607] APIC base relocation is unsupported by KVM
+[   95.445015] INFO: NMI handler (perf_event_nmi_handler) took too long to run: 1.356 msecs
+[   95.445015] perf: interrupt took too long (3985 > 3976), lowering kernel.perf_event_max_sample_rate to 50000
+`: ``,
+
+		`[   92.396607] general protection fault: 0000 [#1] [ 387.811073] audit: type=1326 audit(1486238739.637:135): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=10020 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x44fad9 code=0x0`: `general protection fault: 0000 [#1] [ 387.NUM] audit: type=1326 audit(ADDR.637:135): auid=ADDR uid=0 gid=0 ses=ADDR pid=NUM comm="syz-executor" exe="/root/syz-executor" sig=31 arch`,
+
+		`
+[   40.438790] BUG: Bad page map in process syz-executor6  pte:ffff8801a700ff00 pmd:1a700f067
+[   40.447217] addr:00000000009ca000 vm_flags:00100073 anon_vma:ffff8801d16f20e0 mapping:          (null) index:9ca
+[   40.457560] file:          (null) fault:          (null) mmap:          (null) readpage:          (null)
+`: `BUG: Bad page map in process syz-executor  pte:ADDR pmd:ADDR`,
+
+		`
+======================================================
+WARNING: possible circular locking dependency detected
+4.12.0-rc2-next-20170529+ #1 Not tainted
+------------------------------------------------------
+kworker/u4:2/58 is trying to acquire lock:
+ (&buf->lock){+.+...}, at: [<ffffffffa41b4e5b>] tty_buffer_flush+0xbb/0x3a0 drivers/tty/tty_buffer.c:221
+
+but task is already holding lock:
+ (&o_tty->termios_rwsem/1){++++..}, at: [<ffffffffa41a5601>] isig+0xa1/0x4d0 drivers/tty/n_tty.c:1100
+
+which lock already depends on the new lock.
+`: `possible deadlock in tty_buffer_flush`,
+
+		`
+Buffer I/O error on dev loop0, logical block 6, async page read
+BUG: Dentry ffff880175978600{i=8bb9,n=lo}  still in use (1) [unmount of proc proc]
+------------[ cut here ]------------
+WARNING: CPU: 1 PID: 8922 at fs/dcache.c:1445 umount_check+0x246/0x2c0 fs/dcache.c:1436
+Kernel panic - not syncing: panic_on_warn set ...
+`: `BUG: Dentry still in use [unmount of proc proc]`,
+
+		`
+WARNING: kernel stack frame pointer at ffff88003e1f7f40 in migration/1:14 has bad value ffffffff85632fb0
+unwind stack type:0 next_sp:          (null) mask:0x6 graph_idx:0
+ffff88003ed06ef0: ffff88003ed06f78 (0xffff88003ed06f78)
+`: `WARNING: kernel stack frame pointer has bad value`,
+
+		`
+BUG: Bad page state in process syz-executor9  pfn:199e00
+page:ffffea00059a9000 count:0 mapcount:0 mapping:          (null) index:0x20a00
+TCP: request_sock_TCPv6: Possible SYN flooding on port 20032. Sending cookies.  Check SNMP counters.
+flags: 0x200000000040019(locked|uptodate|dirty|swapbacked)
+raw: 0200000000040019 0000000000000000 0000000000020a00 00000000ffffffff
+raw: dead000000000100 dead000000000200 0000000000000000
+page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s)
+`: `BUG: Bad page state`,
+
+		`
+Kernel panic - not syncing: Couldn't open N_TTY ldisc for ptm1 --- error -12.
+CPU: 1 PID: 14836 Comm: syz-executor5 Not tainted 4.12.0-rc4+ #15
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
+Call Trace:
+`: `kernel panic: Couldn't open N_TTY ldisc`,
+	}
+	for log, crash := range tests {
+		if strings.Index(log, "\r\n") != -1 {
+			continue
+		}
+		tests[strings.Replace(log, "\n", "\r\n", -1)] = crash
+	}
+	for log, crash := range tests {
+		containsCrash := ContainsCrash([]byte(log), nil)
+		expectCrash := (crash != "")
+		if expectCrash && !containsCrash {
+			t.Fatalf("ContainsCrash did not find crash")
+		}
+		if !expectCrash && containsCrash {
+			t.Fatalf("ContainsCrash found unexpected crash")
+		}
+		desc, _, _, _ := Parse([]byte(log), nil)
+		if desc == "" && crash != "" {
+			t.Fatalf("did not find crash message '%v' in:\n%v", crash, log)
+		}
+		if desc != "" && crash == "" {
+			t.Fatalf("found bogus crash message '%v' in:\n%v", desc, log)
+		}
+		if desc != crash {
+			t.Fatalf("extracted bad crash message:\n%+q\nwant:\n%+q", desc, crash)
+		}
+	}
+}
+
+func TestIgnores(t *testing.T) {
+	const log = `
+		BUG: bug1
+		BUG: bug2
+	`
+	if !ContainsCrash([]byte(log), nil) {
+		t.Fatalf("no crash")
+	}
+	if desc, _, _, _ := Parse([]byte(log), nil); desc != "BUG: bug1" {
+		t.Fatalf("want `BUG: bug1`, found `%v`", desc)
+	}
+
+	ignores1 := []*regexp.Regexp{
+		regexp.MustCompile("BUG: bug3"),
+	}
+	if !ContainsCrash([]byte(log), ignores1) {
+		t.Fatalf("no crash")
+	}
+	if desc, _, _, _ := Parse([]byte(log), ignores1); desc != "BUG: bug1" {
+		t.Fatalf("want `BUG: bug1`, found `%v`", desc)
+	}
+
+	ignores2 := []*regexp.Regexp{
+		regexp.MustCompile("BUG: bug3"),
+		regexp.MustCompile("BUG: bug1"),
+	}
+	if !ContainsCrash([]byte(log), ignores2) {
+		t.Fatalf("no crash")
+	}
+	if desc, _, _, _ := Parse([]byte(log), ignores2); desc != "BUG: bug2" {
+		t.Fatalf("want `BUG: bug2`, found `%v`", desc)
+	}
+
+	ignores3 := []*regexp.Regexp{
+		regexp.MustCompile("BUG: bug3"),
+		regexp.MustCompile("BUG: bug1"),
+		regexp.MustCompile("BUG: bug2"),
+	}
+	if ContainsCrash([]byte(log), ignores3) {
+		t.Fatalf("found crash, should be ignored")
+	}
+	if desc, _, _, _ := Parse([]byte(log), ignores3); desc != "" {
+		t.Fatalf("found `%v`, should be ignored", desc)
+	}
+}
+
+func TestParseText(t *testing.T) {
+	tests := map[string]string{
+		`mmap(&(0x7f00008dd000/0x1000)=nil, (0x1000), 0x3, 0x32, 0xffffffffffffffff, 0x0)
+getsockopt$NETROM_N2(r2, 0x103, 0x3, &(0x7f00008de000-0x4)=0x1, &(0x7f00008dd000)=0x4)
+[  522.560667] nla_parse: 5 callbacks suppressed
+[  522.565344] netlink: 3 bytes leftover after parsing attributes in process 'syz-executor5'.
+[  536.429346] NMI watchdog: BUG: soft lockup - CPU#1 stuck for 11s! [syz-executor7:16813]
+mmap(&(0x7f0000557000/0x2000)=nil, (0x2000), 0x1, 0x11, r2, 0x1b)
+[  536.437530] Modules linked in:
+[  536.440808] CPU: 1 PID: 16813 Comm: syz-executor7 Not tainted 4.3.5-smp-DEV #119`: `nla_parse: 5 callbacks suppressed
+netlink: 3 bytes leftover after parsing attributes in process 'syz-executor5'.
+NMI watchdog: BUG: soft lockup - CPU#1 stuck for 11s! [syz-executor7:16813]
+Modules linked in:
+CPU: 1 PID: 16813 Comm: syz-executor7 Not tainted 4.3.5-smp-DEV #119
+`,
+
+		// Raw 'dmesg -r' and /proc/kmsg output.
+		`<6>[   85.501187] WARNING: foo
+<6>[   85.501187] nouveau  [     DRM] suspending kernel object tree...
+executing program 1:
+<6>[   85.525111] nouveau  [     DRM] nouveau suspended
+<14>[   85.912347] init: computing context for service 'clear-bcb'`: `WARNING: foo
+nouveau  [     DRM] suspending kernel object tree...
+nouveau  [     DRM] nouveau suspended
+init: computing context for service 'clear-bcb'
+`,
+
+		`[   94.864848] line 0
+[   94.864848] line 1
+[   94.864848] line 2
+[   94.864848] line 3
+[   94.864848] line 4
+[   94.864848] line 5
+[   95.145581] ==================================================================
+[   95.152992] BUG: KASAN: use-after-free in snd_seq_queue_alloc+0x670/0x690 at addr ffff8801d0c6b080
+[   95.162080] Read of size 4 by task syz-executor2/5764`: `line 2
+line 3
+line 4
+line 5
+==================================================================
+BUG: KASAN: use-after-free in snd_seq_queue_alloc+0x670/0x690 at addr ffff8801d0c6b080
+Read of size 4 by task syz-executor2/5764
+`,
+	}
+	for log, text0 := range tests {
+		if desc, text, _, _ := Parse([]byte(log), nil); string(text) != text0 {
+			t.Logf("log:\n%s", log)
+			t.Logf("want text:\n%s", text0)
+			t.Logf("got text:\n%s", text)
+			t.Fatalf("bad text, desc: '%v'", desc)
+		}
+	}
+}
+
+func TestReplace(t *testing.T) {
+	tests := []struct {
+		where  string
+		start  int
+		end    int
+		what   string
+		result string
+	}{
+		{"0123456789", 3, 5, "abcdef", "012abcdef56789"},
+		{"0123456789", 3, 5, "ab", "012ab56789"},
+		{"0123456789", 3, 3, "abcd", "012abcd3456789"},
+		{"0123456789", 0, 2, "abcd", "abcd23456789"},
+		{"0123456789", 0, 0, "ab", "ab0123456789"},
+		{"0123456789", 10, 10, "ab", "0123456789ab"},
+		{"0123456789", 8, 10, "ab", "01234567ab"},
+		{"0123456789", 5, 5, "", "0123456789"},
+		{"0123456789", 3, 8, "", "01289"},
+		{"0123456789", 3, 8, "ab", "012ab89"},
+		{"0123456789", 0, 5, "a", "a56789"},
+		{"0123456789", 5, 10, "ab", "01234ab"},
+	}
+	for _, test := range tests {
+		t.Run(fmt.Sprintf("%+v", test), func(t *testing.T) {
+			result := replace([]byte(test.where), test.start, test.end, []byte(test.what))
+			if test.result != string(result) {
+				t.Errorf("want '%v', got '%v'", test.result, string(result))
+			}
+		})
+	}
+}
+
+func TestSymbolizeLine(t *testing.T) {
+	tests := []struct {
+		line   string
+		result string
+	}{
+		// Normal symbolization.
+		{
+			"[ 2713.153531]  [<ffffffff82d1b1d9>] foo+0x101/0x185\n",
+			"[ 2713.153531]  [<ffffffff82d1b1d9>] foo+0x101/0x185 foo.c:555\n",
+		},
+		{
+			"RIP: 0010:[<ffffffff8188c0e6>]  [<ffffffff8188c0e6>]  foo+0x101/0x185\n",
+			"RIP: 0010:[<ffffffff8188c0e6>]  [<ffffffff8188c0e6>]  foo+0x101/0x185 foo.c:555\n",
+		},
+		// Strip "./" file prefix.
+		{
+			"[ 2713.153531]  [<ffffffff82d1b1d9>] foo+0x111/0x185\n",
+			"[ 2713.153531]  [<ffffffff82d1b1d9>] foo+0x111/0x185 foo.h:111\n",
+		},
+		// Needs symbolization, but symbolizer returns nothing.
+		{
+			"[ 2713.153531]  [<ffffffff82d1b1d9>] foo+0x121/0x185\n",
+			"[ 2713.153531]  [<ffffffff82d1b1d9>] foo+0x121/0x185\n",
+		},
+		// Needs symbolization, but symbolizer returns error.
+		{
+			"[ 2713.153531]  [<ffffffff82d1b1d9>] foo+0x131/0x185\n",
+			"[ 2713.153531]  [<ffffffff82d1b1d9>] foo+0x131/0x185\n",
+		},
+		// Needs symbolization, but symbol is missing.
+		{
+			"[ 2713.153531]  [<ffffffff82d1b1d9>] bar+0x131/0x185\n",
+			"[ 2713.153531]  [<ffffffff82d1b1d9>] bar+0x131/0x185\n",
+		},
+		// Bad offset.
+		{
+			"[ 2713.153531]  [<ffffffff82d1b1d9>] bar+0xffffffffffffffffffff/0x185\n",
+			"[ 2713.153531]  [<ffffffff82d1b1d9>] bar+0xffffffffffffffffffff/0x185\n",
+		},
+		// Should not be symbolized.
+		{
+			"WARNING: CPU: 2 PID: 2636 at ipc/shm.c:162 foo+0x101/0x185\n",
+			"WARNING: CPU: 2 PID: 2636 at ipc/shm.c:162 foo+0x101/0x185 foo.c:555\n",
+		},
+		// Tricky function name.
+		{
+			"    [<ffffffff84e5bea0>] do_ipv6_setsockopt.isra.7.part.3+0x101/0x2830 \n",
+			"    [<ffffffff84e5bea0>] do_ipv6_setsockopt.isra.7.part.3+0x101/0x2830 net.c:111 \n",
+		},
+		// Inlined frames.
+		{
+			"    [<ffffffff84e5bea0>] foo+0x141/0x185\n",
+			"    [<ffffffff84e5bea0>] inlined1 net.c:111 [inline]\n" +
+				"    [<ffffffff84e5bea0>] inlined2 mm.c:222 [inline]\n" +
+				"    [<ffffffff84e5bea0>] foo+0x141/0x185 kasan.c:333\n",
+		},
+		// Several symbols with the same name.
+		{
+			"[<ffffffff82d1b1d9>] baz+0x101/0x200\n",
+			"[<ffffffff82d1b1d9>] baz+0x101/0x200 baz.c:100\n",
+		},
+	}
+	symbols := map[string][]symbolizer.Symbol{
+		"foo": []symbolizer.Symbol{
+			{Addr: 0x1000000, Size: 0x190},
+		},
+		"do_ipv6_setsockopt.isra.7.part.3": []symbolizer.Symbol{
+			{Addr: 0x2000000, Size: 0x2830},
+		},
+		"baz": []symbolizer.Symbol{
+			{Addr: 0x3000000, Size: 0x100},
+			{Addr: 0x4000000, Size: 0x200},
+			{Addr: 0x5000000, Size: 0x300},
+		},
+	}
+	symb := func(bin string, pc uint64) ([]symbolizer.Frame, error) {
+		if bin != "vmlinux" {
+			return nil, fmt.Errorf("unknown pc 0x%x", pc)
+		}
+		switch pc {
+		case 0x1000100:
+			return []symbolizer.Frame{
+				{
+					File: "/linux/foo.c",
+					Line: 555,
+				},
+			}, nil
+		case 0x1000110:
+			return []symbolizer.Frame{
+				{
+					File: "/linux/./foo.h",
+					Line: 111,
+				},
+			}, nil
+		case 0x1000120:
+			return nil, nil
+		case 0x1000130:
+			return nil, fmt.Errorf("unknown pc 0x%x", pc)
+		case 0x2000100:
+			return []symbolizer.Frame{
+				{
+					File: "/linux/net.c",
+					Line: 111,
+				},
+			}, nil
+		case 0x1000140:
+			return []symbolizer.Frame{
+				{
+					Func:   "inlined1",
+					File:   "/linux/net.c",
+					Line:   111,
+					Inline: true,
+				},
+				{
+					Func:   "inlined2",
+					File:   "/linux/mm.c",
+					Line:   222,
+					Inline: true,
+				},
+				{
+					Func:   "noninlined3",
+					File:   "/linux/kasan.c",
+					Line:   333,
+					Inline: false,
+				},
+			}, nil
+		case 0x4000100:
+			return []symbolizer.Frame{
+				{
+					File: "/linux/baz.c",
+					Line: 100,
+				},
+			}, nil
+		default:
+			return nil, fmt.Errorf("unknown pc 0x%x", pc)
+		}
+	}
+	for i, test := range tests {
+		t.Run(fmt.Sprint(i), func(t *testing.T) {
+			result := symbolizeLine(symb, symbols, "vmlinux", "/linux/", []byte(test.line))
+			if test.result != string(result) {
+				t.Errorf("want %q\n\t     get %q", test.result, string(result))
+			}
+		})
+	}
+}
diff --git a/pkg/repro/repro.go b/pkg/repro/repro.go
index 5d66cb279..93ecc24ef 100644
--- a/pkg/repro/repro.go
+++ b/pkg/repro/repro.go
@@ -14,8 +14,8 @@ import (
 	"github.com/google/syzkaller/pkg/csource"
 	"github.com/google/syzkaller/pkg/fileutil"
 	. "github.com/google/syzkaller/pkg/log"
+	"github.com/google/syzkaller/pkg/report"
 	"github.com/google/syzkaller/prog"
-	"github.com/google/syzkaller/report"
 	"github.com/google/syzkaller/syz-manager/mgrconfig"
 	"github.com/google/syzkaller/vm"
 )