[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.623263] audit: type=1400 audit(1514727846.237:6): avc:  denied  { map } for  pid=3480 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   17.654257] sshd (3477) used greatest stack depth: 17232 bytes left
Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts.
executing program
[   23.835857] audit: type=1400 audit(1514727852.449:7): avc:  denied  { map } for  pid=3493 comm="syzkaller089378" path="/root/syzkaller089378648" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   23.839943] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[   23.862258] ==================================================================
[   23.862275] BUG: KASAN: slab-out-of-bounds in tcp_v6_syn_recv_sock+0x1612/0x23a0
[   23.862280] Write of size 160 at addr ffff8801c66389f0 by task ksoftirqd/1/16
[   23.862281] 
[   23.862286] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 4.15.0-rc5+ #171
[   23.862289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.862292] Call Trace:
[   23.862302]  dump_stack+0x194/0x257
[   23.862311]  ? arch_local_irq_restore+0x53/0x53
[   23.862318]  ? show_regs_print_info+0x18/0x18
[   23.862328]  ? tcp_add_backlog+0x880/0x880
[   23.862334]  ? tcp_v6_syn_recv_sock+0x1612/0x23a0
[   23.862343]  print_address_description+0x73/0x250
[   23.862348]  ? tcp_v6_syn_recv_sock+0x1612/0x23a0
[   23.862354]  kasan_report+0x25b/0x340
[   23.862363]  check_memory_region+0x137/0x190
[   23.862369]  memcpy+0x37/0x50
[   23.862375]  tcp_v6_syn_recv_sock+0x1612/0x23a0
[   23.862388]  ? tcp_v6_conn_request+0x270/0x270
[   23.862402]  ? xfrm_policy_lookup+0x70/0x70
[   23.862417]  ? find_held_lock+0x35/0x1d0
[   23.862431]  ? ip_route_output_key_hash+0x229/0x370
[   23.862437]  ? lock_downgrade+0x980/0x980
[   23.862444]  ? selinux_netlbl_inet_conn_request+0x81/0x3c0
[   23.862451]  ? lock_release+0xa40/0xa40
[   23.862460]  ? rcu_read_lock_sched_held+0x108/0x120
[   23.862471]  tcp_get_cookie_sock+0x102/0x540
[   23.862479]  ? cookie_ecn_ok+0x120/0x120
[   23.862484]  ? ip_route_output_key_hash+0x252/0x370
[   23.862491]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   23.862504]  ? xfrm_lookup_route+0x4f/0x1a0
[   23.862509]  ? tcp_select_initial_window+0x30c/0x410
[   23.862521]  cookie_v4_check+0x1a87/0x2920
[   23.862526]  ? sk_filter_trim_cap+0x40a/0x9c0
[   23.862542]  ? cookie_v4_init_sequence+0xe0/0xe0
[   23.862545]  ? __lock_is_held+0xb6/0x140
[   23.862561]  ? sk_filter_trim_cap+0xe7/0x9c0
[   23.862582]  ? tcp_v4_reqsk_send_ack+0x3e0/0x3e0
[   23.862592]  tcp_v4_do_rcv+0x6e9/0x7d0
[   23.862600]  tcp_v4_rcv+0x2753/0x2ea0
[   23.862607]  ? lockdep_reset_lock+0x1ca/0x10a0
[   23.862626]  ? tcp_v4_early_demux+0xa40/0xa40
[   23.862640]  ip_local_deliver_finish+0x2f1/0xc50
[   23.862650]  ? ip_rcv_finish+0x1e30/0x1e30
[   23.862658]  ? nf_hook_slow+0xd3/0x1a0
[   23.862668]  ip_local_deliver+0x1ce/0x6e0
[   23.862674]  ? ip_call_ra_chain+0x6d0/0x6d0
[   23.862683]  ? check_noncircular+0x20/0x20
[   23.862691]  ? ip_rcv_finish+0x1e30/0x1e30
[   23.862696]  ? __local_bh_enable_ip+0x121/0x230
[   23.862702]  ? ipt_do_table+0xd75/0x1330
[   23.862710]  ip_rcv_finish+0x953/0x1e30
[   23.862720]  ? inet_del_offload+0x40/0x40
[   23.862732]  ? ip_rcv+0xf22/0x1840
[   23.862737]  ? lock_downgrade+0x980/0x980
[   23.862742]  ? eth_type_trans+0x2b2/0x710
[   23.862750]  ? nf_nat_ipv4_in+0x1cd/0x270
[   23.862754]  ? iptable_nat_ipv4_fn+0x40/0x40
[   23.862766]  ? nf_hook_slow+0xd3/0x1a0
[   23.862776]  ip_rcv+0xc5a/0x1840
[   23.862787]  ? ip_local_deliver+0x6e0/0x6e0
[   23.862793]  ? check_noncircular+0x20/0x20
[   23.862809]  ? inet_del_offload+0x40/0x40
[   23.862817]  ? ip_local_deliver+0x6e0/0x6e0
[   23.862826]  __netif_receive_skb_core+0x1a41/0x3460
[   23.862829]  ? find_held_lock+0x35/0x1d0
[   23.862843]  ? nf_ingress+0x9f0/0x9f0
[   23.862851]  ? print_irqtrace_events+0x270/0x270
[   23.862864]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   23.862873]  ? __lock_acquire+0x664/0x3e00
[   23.862883]  ? __lock_acquire+0x664/0x3e00
[   23.862896]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   23.862904]  ? print_irqtrace_events+0x270/0x270
[   23.862910]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   23.862914]  ? attach_entity_load_avg+0x7a0/0x7a0
[   23.862922]  ? check_noncircular+0x20/0x20
[   23.862940]  ? __lock_acquire+0x664/0x3e00
[   23.862951]  ? find_held_lock+0x35/0x1d0
[   23.862962]  ? lock_acquire+0x1d5/0x580
[   23.862966]  ? process_backlog+0x45f/0x740
[   23.862969]  ? lock_acquire+0x1d5/0x580
[   23.862974]  ? process_backlog+0x1ab/0x740
[   23.862984]  ? lock_release+0xa40/0xa40
[   23.862992]  ? do_raw_spin_trylock+0x190/0x190
[   23.863006]  __netif_receive_skb+0x2c/0x1b0
[   23.863011]  ? __netif_receive_skb+0x2c/0x1b0
[   23.863018]  process_backlog+0x203/0x740
[   23.863033]  net_rx_action+0x792/0x1910
[   23.863051]  ? napi_complete_done+0x6c0/0x6c0
[   23.863061]  ? find_held_lock+0x35/0x1d0
[   23.863076]  ? __run_timers+0x934/0xb70
[   23.863085]  ? _raw_spin_unlock_irqrestore+0xa6/0xba
[   23.863092]  ? lock_release+0xa40/0xa40
[   23.863100]  ? _find_next_bit+0xee/0x120
[   23.863106]  ? do_raw_spin_trylock+0x190/0x190
[   23.863113]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.863120]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   23.863126]  ? trace_hardirqs_on+0xd/0x10
[   23.863130]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.863135]  ? __run_timers+0x16f/0xb70
[   23.863139]  ? finish_task_switch+0x1d3/0x740
[   23.863153]  ? trigger_dyntick_cpu.isra.29+0x180/0x180
[   23.863160]  ? compat_start_thread+0x80/0x80
[   23.863166]  ? do_raw_spin_trylock+0x190/0x190
[   23.863173]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.863180]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.863186]  ? trace_hardirqs_on+0xd/0x10
[   23.863192]  ? finish_task_switch+0x1d3/0x740
[   23.863195]  ? finish_task_switch+0x1aa/0x740
[   23.863204]  ? copy_overflow+0x20/0x20
[   23.863218]  ? __schedule+0x8f3/0x2060
[   23.863233]  ? rcu_pm_notify+0xc0/0xc0
[   23.863251]  __do_softirq+0x2d7/0xb85
[   23.863264]  ? __irqentry_text_end+0x4/0x4
[   23.863276]  ? schedule+0xf5/0x430
[   23.863280]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.863284]  ? takeover_tasklets+0xa40/0xa40
[   23.863301]  ? rcu_note_context_switch+0x710/0x710
[   23.863307]  ? run_ksoftirqd+0x55/0x100
[   23.863315]  ? takeover_tasklets+0xa40/0xa40
[   23.863321]  run_ksoftirqd+0x50/0x100
[   23.863328]  smpboot_thread_fn+0x450/0x7c0
[   23.863336]  ? sort_range+0x30/0x30
[   23.863343]  ? __kthread_parkme+0xcf/0x240
[   23.863348]  ? __kthread_parkme+0x175/0x240
[   23.863357]  kthread+0x33c/0x400
[   23.863361]  ? sort_range+0x30/0x30
[   23.863364]  ? kthread_stop+0x7a0/0x7a0
[   23.863371]  ret_from_fork+0x24/0x30
[   23.863389] 
[   23.863391] Allocated by task 16:
[   23.863395]  save_stack+0x43/0xd0
[   23.863399]  kasan_kmalloc+0xad/0xe0
[   23.863402]  kasan_slab_alloc+0x12/0x20
[   23.863405]  kmem_cache_alloc+0x12e/0x760
[   23.863411]  sk_prot_alloc+0x65/0x2a0
[   23.863414]  sk_clone_lock+0x152/0x1630
[   23.863419]  inet_csk_clone_lock+0x91/0x4c0
[   23.863422]  tcp_create_openreq_child+0x9b/0x1b70
[   23.863426]  tcp_v4_syn_recv_sock+0x119/0x1260
[   23.863429]  tcp_v6_syn_recv_sock+0x1574/0x23a0
[   23.863433]  tcp_get_cookie_sock+0x102/0x540
[   23.863436]  cookie_v4_check+0x1a87/0x2920
[   23.863440]  tcp_v4_do_rcv+0x6e9/0x7d0
[   23.863443]  tcp_v4_rcv+0x2753/0x2ea0
[   23.863446]  ip_local_deliver_finish+0x2f1/0xc50
[   23.863449]  ip_local_deliver+0x1ce/0x6e0
[   23.863452]  ip_rcv_finish+0x953/0x1e30
[   23.863455]  ip_rcv+0xc5a/0x1840
[   23.863459]  __netif_receive_skb_core+0x1a41/0x3460
[   23.863463]  __netif_receive_skb+0x2c/0x1b0
[   23.863466]  process_backlog+0x203/0x740
[   23.863470]  net_rx_action+0x792/0x1910
[   23.863473]  __do_softirq+0x2d7/0xb85
[   23.863475] 
[   23.863476] Freed by task 0:
[   23.863478] (stack is not available)
[   23.863479] 
[   23.863482] The buggy address belongs to the object at ffff8801c6638000
[   23.863482]  which belongs to the cache TCP of size 2544
[   23.863485] The buggy address is located 0 bytes to the right of
[   23.863485]  2544-byte region [ffff8801c6638000, ffff8801c66389f0)
[   23.863486] The buggy address belongs to the page:
[   23.863492] page:000000001c26624d count:1 mapcount:0 mapping:00000000ec79c4c1 index:0xffff8801c6639ffd compound_mapcount: 0
[   23.863498] flags: 0x2fffc0000008100(slab|head)
[   23.863504] raw: 02fffc0000008100 ffff8801c6638000 ffff8801c6639ffd 0000000100000003
[   23.863509] raw: ffff8801d6eeed48 ffffea00074ccfa0 ffff8801d82f51c0 0000000000000000
[   23.863511] page dumped because: kasan: bad access detected
[   23.863512] 
[   23.863513] Memory state around the buggy address:
[   23.863516]  ffff8801c6638880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.863520]  ffff8801c6638900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.863523] >ffff8801c6638980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[   23.863525]                                                              ^
[   23.863528]  ffff8801c6638a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.863531]  ffff8801c6638a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.863532] ==================================================================
[   23.863534] Disabling lock debugging due to kernel taint
[   23.863557] Kernel panic - not syncing: panic_on_warn set ...
[   23.863557] 
[   23.863561] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G    B            4.15.0-rc5+ #171
[   23.863563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.863564] Call Trace:
[   23.863569]  dump_stack+0x194/0x257
[   23.863575]  ? arch_local_irq_restore+0x53/0x53
[   23.863581]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   23.863588]  ? vsnprintf+0x1ed/0x1900
[   23.863592]  ? tcp_v6_syn_recv_sock+0x15d0/0x23a0
[   23.863597]  panic+0x1e4/0x41c
[   23.863601]  ? refcount_error_report+0x214/0x214
[   23.863606]  ? add_taint+0x1c/0x50
[   23.863610]  ? add_taint+0x1c/0x50
[   23.863615]  ? tcp_v6_syn_recv_sock+0x1612/0x23a0
[   23.863620]  kasan_end_report+0x50/0x50
[   23.863624]  kasan_report+0x144/0x340
[   23.863630]  check_memory_region+0x137/0x190
[   23.863634]  memcpy+0x37/0x50
[   23.863639]  tcp_v6_syn_recv_sock+0x1612/0x23a0
[   23.863646]  ? tcp_v6_conn_request+0x270/0x270
[   23.863654]  ? xfrm_policy_lookup+0x70/0x70
[   23.863662]  ? find_held_lock+0x35/0x1d0
[   23.863670]  ? ip_route_output_key_hash+0x229/0x370
[   23.863674]  ? lock_downgrade+0x980/0x980
[   23.863678]  ? selinux_netlbl_inet_conn_request+0x81/0x3c0
[   23.863684]  ? lock_release+0xa40/0xa40
[   23.863689]  ? rcu_read_lock_sched_held+0x108/0x120
[   23.863696]  tcp_get_cookie_sock+0x102/0x540
[   23.863701]  ? cookie_ecn_ok+0x120/0x120
[   23.863705]  ? ip_route_output_key_hash+0x252/0x370
[   23.863711]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   23.863719]  ? xfrm_lookup_route+0x4f/0x1a0
[   23.863723]  ? tcp_select_initial_window+0x30c/0x410
[   23.863730]  cookie_v4_check+0x1a87/0x2920
[   23.863733]  ? sk_filter_trim_cap+0x40a/0x9c0
[   23.863743]  ? cookie_v4_init_sequence+0xe0/0xe0
[   23.863746]  ? __lock_is_held+0xb6/0x140
[   23.863755]  ? sk_filter_trim_cap+0xe7/0x9c0
[   23.863767]  ? tcp_v4_reqsk_send_ack+0x3e0/0x3e0
[   23.863774]  tcp_v4_do_rcv+0x6e9/0x7d0
[   23.863779]  tcp_v4_rcv+0x2753/0x2ea0
[   23.863784]  ? lockdep_reset_lock+0x1ca/0x10a0
[   23.863796]  ? tcp_v4_early_demux+0xa40/0xa40
[   23.863805]  ip_local_deliver_finish+0x2f1/0xc50
[   23.863811]  ? ip_rcv_finish+0x1e30/0x1e30
[   23.863816]  ? nf_hook_slow+0xd3/0x1a0
[   23.863822]  ip_local_deliver+0x1ce/0x6e0
[   23.863827]  ? ip_call_ra_chain+0x6d0/0x6d0
[   23.863832]  ? check_noncircular+0x20/0x20
[   23.863838]  ? ip_rcv_finish+0x1e30/0x1e30
[   23.863842]  ? __local_bh_enable_ip+0x121/0x230
[   23.863846]  ? ipt_do_table+0xd75/0x1330
[   23.863851]  ip_rcv_finish+0x953/0x1e30
[   23.863858]  ? inet_del_offload+0x40/0x40
[   23.863866]  ? ip_rcv+0xf22/0x1840
[   23.863870]  ? lock_downgrade+0x980/0x980
[   23.863873]  ? eth_type_trans+0x2b2/0x710
[   23.863879]  ? nf_nat_ipv4_in+0x1cd/0x270
[   23.863882]  ? iptable_nat_ipv4_fn+0x40/0x40
[   23.863890]  ? nf_hook_slow+0xd3/0x1a0
[   23.863896]  ip_rcv+0xc5a/0x1840
[   23.863903]  ? ip_local_deliver+0x6e0/0x6e0
[   23.863908]  ? check_noncircular+0x20/0x20
[   23.863917]  ? inet_del_offload+0x40/0x40
[   23.863922]  ? ip_local_deliver+0x6e0/0x6e0
[   23.863928]  __netif_receive_skb_core+0x1a41/0x3460
[   23.863932]  ? find_held_lock+0x35/0x1d0
[   23.863940]  ? nf_ingress+0x9f0/0x9f0
[   23.863946]  ? print_irqtrace_events+0x270/0x270
[   23.863954]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   23.863961]  ? __lock_acquire+0x664/0x3e00
[   23.863968]  ? __lock_acquire+0x664/0x3e00
[   23.863976]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   23.863982]  ? print_irqtrace_events+0x270/0x270
[   23.863986]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   23.863990]  ? attach_entity_load_avg+0x7a0/0x7a0
[   23.863995]  ? check_noncircular+0x20/0x20
[   23.864008]  ? __lock_acquire+0x664/0x3e00
[   23.864015]  ? find_held_lock+0x35/0x1d0
[   23.864022]  ? lock_acquire+0x1d5/0x580
[   23.864026]  ? process_backlog+0x45f/0x740
[   23.864029]  ? lock_acquire+0x1d5/0x580
[   23.864032]  ? process_backlog+0x1ab/0x740
[   23.864039]  ? lock_release+0xa40/0xa40
[   23.864045]  ? do_raw_spin_trylock+0x190/0x190
[   23.864053]  __netif_receive_skb+0x2c/0x1b0
[   23.864057]  ? __netif_receive_skb+0x2c/0x1b0
[   23.864062]  process_backlog+0x203/0x740
[   23.864075]  net_rx_action+0x792/0x1910
[   23.864085]  ? napi_complete_done+0x6c0/0x6c0
[   23.864092]  ? find_held_lock+0x35/0x1d0
[   23.864099]  ? __run_timers+0x934/0xb70
[   23.864105]  ? _raw_spin_unlock_irqrestore+0xa6/0xba
[   23.864110]  ? lock_release+0xa40/0xa40
[   23.864115]  ? _find_next_bit+0xee/0x120
[   23.864119]  ? do_raw_spin_trylock+0x190/0x190
[   23.864125]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.864130]  ? trace_hardirqs_on_caller+0x19e/0x5c0
[   23.864134]  ? trace_hardirqs_on+0xd/0x10
[   23.864138]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.864142]  ? __run_timers+0x16f/0xb70
[   23.864145]  ? finish_task_switch+0x1d3/0x740
[   23.864154]  ? trigger_dyntick_cpu.isra.29+0x180/0x180
[   23.864158]  ? compat_start_thread+0x80/0x80
[   23.864162]  ? do_raw_spin_trylock+0x190/0x190
[   23.864168]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.864173]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.864177]  ? trace_hardirqs_on+0xd/0x10
[   23.864182]  ? finish_task_switch+0x1d3/0x740
[   23.864184]  ? finish_task_switch+0x1aa/0x740
[   23.864190]  ? copy_overflow+0x20/0x20
[   23.864199]  ? __schedule+0x8f3/0x2060
[   23.864207]  ? rcu_pm_notify+0xc0/0xc0
[   23.864217]  __do_softirq+0x2d7/0xb85
[   23.864225]  ? __irqentry_text_end+0x4/0x4
[   23.864233]  ? schedule+0xf5/0x430
[   23.864236]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.864240]  ? takeover_tasklets+0xa40/0xa40
[   23.864250]  ? rcu_note_context_switch+0x710/0x710
[   23.864255]  ? run_ksoftirqd+0x55/0x100
[   23.864260]  ? takeover_tasklets+0xa40/0xa40
[   23.864265]  run_ksoftirqd+0x50/0x100
[   23.864269]  smpboot_thread_fn+0x450/0x7c0
[   23.864275]  ? sort_range+0x30/0x30
[   23.864279]  ? __kthread_parkme+0xcf/0x240
[   23.864283]  ? __kthread_parkme+0x175/0x240
[   23.864288]  kthread+0x33c/0x400
[   23.864292]  ? sort_range+0x30/0x30
[   23.864295]  ? kthread_stop+0x7a0/0x7a0
[   23.864299]  ret_from_fork+0x24/0x30
[   23.872364] Dumping ftrace buffer:
[   23.872367]    (ftrace buffer empty)
[   23.872369] Kernel Offset: disabled
[   25.252115] Rebooting in 86400 seconds..