[....] Starting enhanced syslogd: rsyslogd[ 12.351970] audit: type=1400 audit(1514746573.649:5): avc: denied { syslog } for pid=3341 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.813661] audit: type=1400 audit(1514746580.111:6): avc: denied { map } for pid=3480 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts. executing program [ 25.062626] audit: type=1400 audit(1514746586.360:7): avc: denied { map } for pid=3495 comm="syzkaller990254" path="/root/syzkaller990254661" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 25.067727] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 25.089196] ================================================================== [ 25.089221] BUG: KASAN: slab-out-of-bounds in tcp_v6_syn_recv_sock+0x1612/0x23a0 [ 25.089227] Write of size 160 at addr ffff8801c0de3460 by task ksoftirqd/1/16 [ 25.089229] [ 25.089242] CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 4.15.0-rc5+ #244 [ 25.089245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.089249] Call Trace: [ 25.089260] dump_stack+0x194/0x257 [ 25.089273] ? arch_local_irq_restore+0x53/0x53 [ 25.089284] ? show_regs_print_info+0x18/0x18 [ 25.089298] ? tcp_add_backlog+0x890/0x890 [ 25.089307] ? tcp_v6_syn_recv_sock+0x1612/0x23a0 [ 25.089319] print_address_description+0x73/0x250 [ 25.089327] ? tcp_v6_syn_recv_sock+0x1612/0x23a0 [ 25.089336] kasan_report+0x25b/0x340 [ 25.089350] check_memory_region+0x137/0x190 [ 25.089358] memcpy+0x37/0x50 [ 25.089369] tcp_v6_syn_recv_sock+0x1612/0x23a0 [ 25.089388] ? tcp_v6_conn_request+0x270/0x270 [ 25.089409] ? xfrm_policy_lookup+0x70/0x70 [ 25.089431] ? find_held_lock+0x35/0x1d0 [ 25.089452] ? ip_route_output_key_hash+0x229/0x370 [ 25.089462] ? lock_downgrade+0x980/0x980 [ 25.089470] ? selinux_netlbl_inet_conn_request+0x81/0x3c0 [ 25.089481] ? lock_release+0xa40/0xa40 [ 25.089494] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.089511] tcp_get_cookie_sock+0x102/0x540 [ 25.089523] ? cookie_ecn_ok+0x120/0x120 [ 25.089529] ? ip_route_output_key_hash+0x252/0x370 [ 25.089540] ? ip_route_output_key_hash_rcu+0x2c40/0x2c40 [ 25.089560] ? xfrm_lookup_route+0x4f/0x1a0 [ 25.089568] ? tcp_select_initial_window+0x30c/0x410 [ 25.089585] cookie_v4_check+0x1a87/0x2920 [ 25.089593] ? sk_filter_trim_cap+0x40a/0x9c0 [ 25.089617] ? cookie_v4_init_sequence+0xe0/0xe0 [ 25.089622] ? __lock_is_held+0xb6/0x140 [ 25.089648] ? sk_filter_trim_cap+0xe7/0x9c0 [ 25.089680] ? tcp_v4_reqsk_send_ack+0x3e0/0x3e0 [ 25.089695] tcp_v4_do_rcv+0x6e9/0x7d0 [ 25.089707] tcp_v4_rcv+0x275f/0x2eb0 [ 25.089717] ? print_usage_bug+0x351/0x38c [ 25.089747] ? tcp_v4_early_demux+0xa40/0xa40 [ 25.089771] ip_local_deliver_finish+0x2f1/0xc50 [ 25.089786] ? ip_rcv_finish+0x1e30/0x1e30 [ 25.089799] ? nf_hook_slow+0xd3/0x1a0 [ 25.089815] ip_local_deliver+0x1ce/0x6e0 [ 25.089826] ? ip_call_ra_chain+0x6d0/0x6d0 [ 25.089838] ? check_noncircular+0x20/0x20 [ 25.089852] ? ip_rcv_finish+0x1e30/0x1e30 [ 25.089859] ? __local_bh_enable_ip+0x121/0x230 [ 25.089870] ? ipt_do_table+0xd75/0x1330 [ 25.089882] ip_rcv_finish+0x959/0x1e30 [ 25.089900] ? inet_del_offload+0x40/0x40 [ 25.089925] ? ip_rcv+0xf22/0x1840 [ 25.089933] ? lock_downgrade+0x980/0x980 [ 25.089947] ? nf_nat_ipv4_in+0x1cd/0x270 [ 25.089953] ? iptable_nat_ipv4_fn+0x40/0x40 [ 25.089973] ? nf_hook_slow+0xd3/0x1a0 [ 25.089989] ip_rcv+0xc5a/0x1840 [ 25.090009] ? ip_local_deliver+0x6e0/0x6e0 [ 25.090020] ? check_noncircular+0x20/0x20 [ 25.090046] ? inet_del_offload+0x40/0x40 [ 25.090059] ? ip_local_deliver+0x6e0/0x6e0 [ 25.090073] __netif_receive_skb_core+0x1a41/0x3460 [ 25.090079] ? find_held_lock+0x35/0x1d0 [ 25.090100] ? nf_ingress+0x9f0/0x9f0 [ 25.090113] ? print_irqtrace_events+0x270/0x270 [ 25.090133] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.090148] ? __lock_acquire+0x664/0x3e00 [ 25.090164] ? __lock_acquire+0x664/0x3e00 [ 25.090171] ? numa_migrate_preferred+0x250/0x250 [ 25.090190] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.090203] ? print_irqtrace_events+0x270/0x270 [ 25.090211] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.090218] ? __lock_is_held+0xb6/0x140 [ 25.090223] ? print_irqtrace_events+0x270/0x270 [ 25.090234] ? check_noncircular+0x20/0x20 [ 25.090267] ? __lock_acquire+0x664/0x3e00 [ 25.090284] ? find_held_lock+0x35/0x1d0 [ 25.090301] ? lock_acquire+0x1d5/0x580 [ 25.090307] ? process_backlog+0x45f/0x740 [ 25.090312] ? lock_acquire+0x1d5/0x580 [ 25.090319] ? process_backlog+0x1ab/0x740 [ 25.090337] ? lock_release+0xa40/0xa40 [ 25.090349] ? do_raw_spin_trylock+0x190/0x190 [ 25.090367] __netif_receive_skb+0x2c/0x1b0 [ 25.090374] ? __netif_receive_skb+0x2c/0x1b0 [ 25.090385] process_backlog+0x203/0x740 [ 25.090409] net_rx_action+0x792/0x1910 [ 25.090436] ? napi_complete_done+0x6c0/0x6c0 [ 25.090452] ? find_held_lock+0x35/0x1d0 [ 25.090473] ? __run_timers+0x934/0xb70 [ 25.090485] ? _raw_spin_unlock_irqrestore+0xa6/0xba [ 25.090497] ? lock_release+0xa40/0xa40 [ 25.090508] ? _find_next_bit+0xee/0x120 [ 25.090518] ? do_raw_spin_trylock+0x190/0x190 [ 25.090529] ? _raw_spin_unlock_irq+0x27/0x70 [ 25.090539] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 25.090548] ? trace_hardirqs_on+0xd/0x10 [ 25.090555] ? _raw_spin_unlock_irq+0x27/0x70 [ 25.090563] ? __run_timers+0x16f/0xb70 [ 25.090568] ? finish_task_switch+0x1d3/0x740 [ 25.090591] ? trigger_dyntick_cpu.isra.29+0x180/0x180 [ 25.090599] ? compat_start_thread+0x80/0x80 [ 25.090608] ? do_raw_spin_trylock+0x190/0x190 [ 25.090619] ? _raw_spin_unlock_irq+0x27/0x70 [ 25.090629] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.090638] ? trace_hardirqs_on+0xd/0x10 [ 25.090648] ? finish_task_switch+0x1d3/0x740 [ 25.090653] ? finish_task_switch+0x1aa/0x740 [ 25.090666] ? copy_overflow+0x20/0x20 [ 25.090689] ? __schedule+0x8f3/0x2060 [ 25.090712] ? rcu_pm_notify+0xc0/0xc0 [ 25.090738] __do_softirq+0x2d7/0xb85 [ 25.090743] ? __sched_text_start+0x8/0x8 [ 25.090763] ? __irqentry_text_end+0x1f8d74/0x1f8d74 [ 25.090781] ? schedule+0xf5/0x430 [ 25.090811] ? rcu_note_context_switch+0x710/0x710 [ 25.090817] ? schedule+0xf5/0x430 [ 25.090823] ? run_ksoftirqd+0x55/0x100 [ 25.090835] ? takeover_tasklets+0xa40/0xa40 [ 25.090845] run_ksoftirqd+0x50/0x100 [ 25.090853] smpboot_thread_fn+0x450/0x7c0 [ 25.090866] ? sort_range+0x30/0x30 [ 25.090876] ? __kthread_parkme+0xcf/0x240 [ 25.090883] ? __kthread_parkme+0x175/0x240 [ 25.090897] kthread+0x33c/0x400 [ 25.090903] ? sort_range+0x30/0x30 [ 25.090908] ? kthread_stop+0x7a0/0x7a0 [ 25.090920] ret_from_fork+0x24/0x30 [ 25.090947] [ 25.090951] Allocated by task 16: [ 25.090957] save_stack+0x43/0xd0 [ 25.090962] kasan_kmalloc+0xad/0xe0 [ 25.090967] kasan_slab_alloc+0x12/0x20 [ 25.090971] kmem_cache_alloc+0x12e/0x760 [ 25.090978] sk_prot_alloc+0x65/0x2a0 [ 25.090984] sk_clone_lock+0x152/0x1570 [ 25.090989] inet_csk_clone_lock+0x92/0x4f0 [ 25.090994] tcp_create_openreq_child+0x9b/0x1b70 [ 25.090999] tcp_v4_syn_recv_sock+0x119/0x1270 [ 25.091004] tcp_v6_syn_recv_sock+0x1574/0x23a0 [ 25.091009] tcp_get_cookie_sock+0x102/0x540 [ 25.091013] cookie_v4_check+0x1a87/0x2920 [ 25.091018] tcp_v4_do_rcv+0x6e9/0x7d0 [ 25.091023] tcp_v4_rcv+0x275f/0x2eb0 [ 25.091028] ip_local_deliver_finish+0x2f1/0xc50 [ 25.091034] ip_local_deliver+0x1ce/0x6e0 [ 25.091039] ip_rcv_finish+0x959/0x1e30 [ 25.091044] ip_rcv+0xc5a/0x1840 [ 25.091050] __netif_receive_skb_core+0x1a41/0x3460 [ 25.091055] __netif_receive_skb+0x2c/0x1b0 [ 25.091060] process_backlog+0x203/0x740 [ 25.091066] net_rx_action+0x792/0x1910 [ 25.091070] __do_softirq+0x2d7/0xb85 [ 25.091072] [ 25.091075] Freed by task 0: [ 25.091076] (stack is not available) [ 25.091078] [ 25.091082] The buggy address belongs to the object at ffff8801c0de2a80 [ 25.091082] which belongs to the cache TCP of size 2528 [ 25.091088] The buggy address is located 0 bytes to the right of [ 25.091088] 2528-byte region [ffff8801c0de2a80, ffff8801c0de3460) [ 25.091090] The buggy address belongs to the page: [ 25.091097] page:00000000970e19e7 count:1 mapcount:0 mapping:000000004ca425a4 index:0xffff8801c0de3ffd compound_mapcount: 0 [ 25.091107] flags: 0x2fffc0000008100(slab|head) [ 25.091116] raw: 02fffc0000008100 ffff8801c0de2000 ffff8801c0de3ffd 0000000100000003 [ 25.091123] raw: ffffea00074cb720 ffff8801d8374148 ffff8801d7f4fc40 0000000000000000 [ 25.091125] page dumped because: kasan: bad access detected [ 25.091127] [ 25.091129] Memory state around the buggy address: [ 25.091134] ffff8801c0de3300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.091139] ffff8801c0de3380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.091144] >ffff8801c0de3400: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 25.091146] ^ [ 25.091151] ffff8801c0de3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.091156] ffff8801c0de3500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.091158] ================================================================== [ 25.091160] Disabling lock debugging due to kernel taint [ 25.091177] Kernel panic - not syncing: panic_on_warn set ... [ 25.091177] [ 25.091182] CPU: 1 PID: 16 Comm: ksoftirqd/1 Tainted: G B 4.15.0-rc5+ #244 [ 25.091185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.091187] Call Trace: [ 25.091193] dump_stack+0x194/0x257 [ 25.091201] ? arch_local_irq_restore+0x53/0x53 [ 25.091210] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.091219] ? vsnprintf+0x1ed/0x1900 [ 25.091226] ? tcp_v6_syn_recv_sock+0x1550/0x23a0 [ 25.091232] panic+0x1e4/0x41c [ 25.091243] ? refcount_error_report+0x214/0x214 [ 25.091252] ? add_taint+0x1c/0x50 [ 25.091258] ? add_taint+0x1c/0x50 [ 25.091266] ? tcp_v6_syn_recv_sock+0x1612/0x23a0 [ 25.091272] kasan_end_report+0x50/0x50 [ 25.091278] kasan_report+0x144/0x340 [ 25.091287] check_memory_region+0x137/0x190 [ 25.091294] memcpy+0x37/0x50 [ 25.091301] tcp_v6_syn_recv_sock+0x1612/0x23a0 [ 25.091312] ? tcp_v6_conn_request+0x270/0x270 [ 25.091323] ? xfrm_policy_lookup+0x70/0x70 [ 25.091336] ? find_held_lock+0x35/0x1d0 [ 25.091347] ? ip_route_output_key_hash+0x229/0x370 [ 25.091354] ? lock_downgrade+0x980/0x980 [ 25.091359] ? selinux_netlbl_inet_conn_request+0x81/0x3c0 [ 25.091367] ? lock_release+0xa40/0xa40 [ 25.091376] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.091386] tcp_get_cookie_sock+0x102/0x540 [ 25.091394] ? cookie_ecn_ok+0x120/0x120 [ 25.091399] ? ip_route_output_key_hash+0x252/0x370 [ 25.091407] ? ip_route_output_key_hash_rcu+0x2c40/0x2c40 [ 25.091420] ? xfrm_lookup_route+0x4f/0x1a0 [ 25.091426] ? tcp_select_initial_window+0x30c/0x410 [ 25.091437] cookie_v4_check+0x1a87/0x2920 [ 25.091441] ? sk_filter_trim_cap+0x40a/0x9c0 [ 25.091456] ? cookie_v4_init_sequence+0xe0/0xe0 [ 25.091460] ? __lock_is_held+0xb6/0x140 [ 25.091475] ? sk_filter_trim_cap+0xe7/0x9c0 [ 25.091493] ? tcp_v4_reqsk_send_ack+0x3e0/0x3e0 [ 25.091502] tcp_v4_do_rcv+0x6e9/0x7d0 [ 25.091510] tcp_v4_rcv+0x275f/0x2eb0 [ 25.091518] ? print_usage_bug+0x351/0x38c [ 25.091534] ? tcp_v4_early_demux+0xa40/0xa40 [ 25.091549] ip_local_deliver_finish+0x2f1/0xc50 [ 25.091559] ? ip_rcv_finish+0x1e30/0x1e30 [ 25.091566] ? nf_hook_slow+0xd3/0x1a0 [ 25.091577] ip_local_deliver+0x1ce/0x6e0 [ 25.091585] ? ip_call_ra_chain+0x6d0/0x6d0 [ 25.091593] ? check_noncircular+0x20/0x20 [ 25.091603] ? ip_rcv_finish+0x1e30/0x1e30 [ 25.091608] ? __local_bh_enable_ip+0x121/0x230 [ 25.091615] ? ipt_do_table+0xd75/0x1330 [ 25.091624] ip_rcv_finish+0x959/0x1e30 [ 25.091635] ? inet_del_offload+0x40/0x40 [ 25.091646] ? ip_rcv+0xf22/0x1840 [ 25.091653] ? lock_downgrade+0x980/0x980 [ 25.091662] ? nf_nat_ipv4_in+0x1cd/0x270 [ 25.091667] ? iptable_nat_ipv4_fn+0x40/0x40 [ 25.091679] ? nf_hook_slow+0xd3/0x1a0 [ 25.091689] ip_rcv+0xc5a/0x1840 [ 25.091700] ? ip_local_deliver+0x6e0/0x6e0 [ 25.091708] ? check_noncircular+0x20/0x20 [ 25.091723] ? inet_del_offload+0x40/0x40 [ 25.091732] ? ip_local_deliver+0x6e0/0x6e0 [ 25.091740] __netif_receive_skb_core+0x1a41/0x3460 [ 25.091744] ? find_held_lock+0x35/0x1d0 [ 25.091757] ? nf_ingress+0x9f0/0x9f0 [ 25.091765] ? print_irqtrace_events+0x270/0x270 [ 25.091778] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.091787] ? __lock_acquire+0x664/0x3e00 [ 25.091797] ? __lock_acquire+0x664/0x3e00 [ 25.091802] ? numa_migrate_preferred+0x250/0x250 [ 25.091814] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.091823] ? print_irqtrace_events+0x270/0x270 [ 25.091829] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 25.091835] ? __lock_is_held+0xb6/0x140 [ 25.091840] ? print_irqtrace_events+0x270/0x270 [ 25.091847] ? check_noncircular+0x20/0x20 [ 25.091864] ? __lock_acquire+0x664/0x3e00 [ 25.091875] ? find_held_lock+0x35/0x1d0 [ 25.091885] ? lock_acquire+0x1d5/0x580 [ 25.091891] ? process_backlog+0x45f/0x740 [ 25.091895] ? lock_acquire+0x1d5/0x580 [ 25.091901] ? process_backlog+0x1ab/0x740 [ 25.091912] ? lock_release+0xa40/0xa40 [ 25.091920] ? do_raw_spin_trylock+0x190/0x190 [ 25.091931] __netif_receive_skb+0x2c/0x1b0 [ 25.091937] ? __netif_receive_skb+0x2c/0x1b0 [ 25.091945] process_backlog+0x203/0x740 [ 25.091958] net_rx_action+0x792/0x1910 [ 25.091974] ? napi_complete_done+0x6c0/0x6c0 [ 25.091984] ? find_held_lock+0x35/0x1d0 [ 25.091995] ? __run_timers+0x934/0xb70 [ 25.092006] ? _raw_spin_unlock_irqrestore+0xa6/0xba [ 25.092014] ? lock_release+0xa40/0xa40 [ 25.092021] ? _find_next_bit+0xee/0x120 [ 25.092028] ? do_raw_spin_trylock+0x190/0x190 [ 25.092036] ? _raw_spin_unlock_irq+0x27/0x70 [ 25.092044] ? trace_hardirqs_on_caller+0x19e/0x5c0 [ 25.092050] ? trace_hardirqs_on+0xd/0x10 [ 25.092056] ? _raw_spin_unlock_irq+0x27/0x70 [ 25.092062] ? __run_timers+0x16f/0xb70 [ 25.092067] ? finish_task_switch+0x1d3/0x740 [ 25.092080] ? trigger_dyntick_cpu.isra.29+0x180/0x180 [ 25.092085] ? compat_start_thread+0x80/0x80 [ 25.092093] ? do_raw_spin_trylock+0x190/0x190 [ 25.092101] ? _raw_spin_unlock_irq+0x27/0x70 [ 25.092108] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.092115] ? trace_hardirqs_on+0xd/0x10 [ 25.092122] ? finish_task_switch+0x1d3/0x740 [ 25.092126] ? finish_task_switch+0x1aa/0x740 [ 25.092135] ? copy_overflow+0x20/0x20 [ 25.092148] ? __schedule+0x8f3/0x2060 [ 25.092161] ? rcu_pm_notify+0xc0/0xc0 [ 25.092176] __do_softirq+0x2d7/0xb85 [ 25.092181] ? __sched_text_start+0x8/0x8 [ 25.092193] ? __irqentry_text_end+0x1f8d74/0x1f8d74 [ 25.092204] ? schedule+0xf5/0x430 [ 25.092221] ? rcu_note_context_switch+0x710/0x710 [ 25.092226] ? schedule+0xf5/0x430 [ 25.092231] ? run_ksoftirqd+0x55/0x100 [ 25.092245] ? takeover_tasklets+0xa40/0xa40 [ 25.092252] run_ksoftirqd+0x50/0x100 [ 25.092258] smpboot_thread_fn+0x450/0x7c0 [ 25.092267] ? sort_range+0x30/0x30 [ 25.092274] ? __kthread_parkme+0xcf/0x240 [ 25.092279] ? __kthread_parkme+0x175/0x240 [ 25.092288] kthread+0x33c/0x400 [ 25.092294] ? sort_range+0x30/0x30 [ 25.092298] ? kthread_stop+0x7a0/0x7a0 [ 25.092306] ret_from_fork+0x24/0x30 [ 25.099332] Dumping ftrace buffer: [ 25.099336] (ftrace buffer empty) [ 25.099340] Kernel Offset: disabled [ 26.484905] Rebooting in 86400 seconds..