[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   18.534479] audit: type=1400 audit(1521111845.007:6): avc:  denied  { map } for  pid=4232 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   25.763332] audit: type=1400 audit(1521111852.236:7): avc:  denied  { map } for  pid=4247 comm="syzkaller701255" path="/root/syzkaller701255413" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   25.769692] ==================================================================
[   25.796623] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x1f76/0x2260
[   25.803088] Read of size 8 at addr ffff8801b2441018 by task syzkaller701255/4247
[   25.810588] 
[   25.812190] CPU: 1 PID: 4247 Comm: syzkaller701255 Not tainted 4.16.0-rc5+ #354
[   25.819604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.828930] Call Trace:
[   25.831490]  dump_stack+0x194/0x24d
[   25.835094]  ? arch_local_irq_restore+0x53/0x53
[   25.839738]  ? show_regs_print_info+0x18/0x18
[   25.844215]  ? ip6_xmit+0x1f76/0x2260
[   25.847989]  print_address_description+0x73/0x250
[   25.852813]  ? ip6_xmit+0x1f76/0x2260
[   25.856589]  kasan_report+0x23c/0x360
[   25.860393]  __asan_report_load8_noabort+0x14/0x20
[   25.865295]  ip6_xmit+0x1f76/0x2260
[   25.868909]  ? ip6_finish_output2+0x23a0/0x23a0
[   25.873555]  ? fl6_update_dst+0x127/0x2b0
[   25.877680]  ? inet6_csk_route_socket+0x691/0xe80
[   25.882499]  ? trace_hardirqs_off+0x10/0x10
[   25.886793]  ? lock_acquire+0x1d5/0x580
[   25.890738]  ? lock_acquire+0x1d5/0x580
[   25.894683]  ? inet6_csk_xmit+0x114/0x580
[   25.898805]  ? trace_hardirqs_off+0x10/0x10
[   25.903105]  ? lock_release+0xa40/0xa40
[   25.907067]  inet6_csk_xmit+0x2fc/0x580
[   25.911016]  ? inet6_csk_update_pmtu+0x160/0x160
[   25.915760]  ? __sk_dst_check+0x1a5/0x380
[   25.919881]  ? sock_kfree_s+0x60/0x60
[   25.923670]  l2tp_xmit_skb+0x105f/0x1410
[   25.927715]  ? l2tp_session_create+0xb80/0xb80
[   25.932291]  ? sock_wmalloc+0x15d/0x1d0
[   25.936260]  ? iov_iter_advance+0x13f0/0x13f0
[   25.940731]  ? pppol2tp_sendmsg+0x41b/0x670
[   25.945030]  pppol2tp_sendmsg+0x470/0x670
[   25.949153]  ? selinux_socket_sendmsg+0x36/0x40
[   25.953796]  ? pppol2tp_getsockopt+0x900/0x900
[   25.958354]  sock_sendmsg+0xca/0x110
[   25.962051]  ___sys_sendmsg+0x767/0x8b0
[   25.966016]  ? copy_msghdr_from_user+0x590/0x590
[   25.970755]  ? lock_release+0xa40/0xa40
[   25.974702]  ? __ip4_datagram_connect+0xa3a/0x1240
[   25.979606]  ? lock_acquire+0x1d5/0x580
[   25.983558]  ? __local_bh_enable_ip+0x121/0x230
[   25.988200]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   25.993186]  ? release_sock+0x1d4/0x2a0
[   25.997134]  ? trace_hardirqs_on+0xd/0x10
[   26.001257]  ? __local_bh_enable_ip+0x121/0x230
[   26.005896]  ? __fget_light+0x2b2/0x3c0
[   26.009843]  ? fget_raw+0x20/0x20
[   26.013265]  ? release_sock+0x1d4/0x2a0
[   26.017213]  ? __release_sock+0x360/0x360
[   26.021345]  ? ip6_datagram_connect+0x3a/0x50
[   26.025823]  __sys_sendmsg+0xe5/0x210
[   26.029595]  ? __sys_sendmsg+0xe5/0x210
[   26.033546]  ? SyS_shutdown+0x290/0x290
[   26.037511]  ? move_addr_to_kernel+0x60/0x60
[   26.041897]  SyS_sendmsg+0x2d/0x50
[   26.045409]  ? __sys_sendmsg+0x210/0x210
[   26.049448]  do_syscall_64+0x281/0x940
[   26.053305]  ? __do_page_fault+0xc90/0xc90
[   26.057514]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   26.063025]  ? syscall_return_slowpath+0x550/0x550
[   26.067937]  ? syscall_return_slowpath+0x2ac/0x550
[   26.072860]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   26.078203]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.083025]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   26.088185] RIP: 0033:0x440299
[   26.091355] RSP: 002b:00007fffeab94d38 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
[   26.099037] RAX: ffffffffffffffda RBX: 00007fffeab94d50 RCX: 0000000000440299
[   26.106278] RDX: 000000000000c045 RSI: 0000000020002540 RDI: 0000000000000004
[   26.113528] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[   26.120775] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000401ad0
[   26.128019] R13: 0000000000401b60 R14: 0000000000000000 R15: 0000000000000000
[   26.135289] 
[   26.136891] Allocated by task 4177:
[   26.140495]  save_stack+0x43/0xd0
[   26.143919]  kasan_kmalloc+0xad/0xe0
[   26.147601]  kasan_slab_alloc+0x12/0x20
[   26.151546]  kmem_cache_alloc+0x12e/0x760
[   26.155666]  sk_prot_alloc+0x65/0x2a0
[   26.159451]  sk_alloc+0x105/0x1440
[   26.162963]  unix_create1+0x16a/0x610
[   26.166733]  unix_create+0x14f/0x1c0
[   26.170429]  __sock_create+0x4d4/0x850
[   26.174291]  SyS_socketpair+0x1c0/0x6f0
[   26.178239]  do_syscall_64+0x281/0x940
[   26.182099]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   26.187256] 
[   26.188855] Freed by task 4233:
[   26.192107]  save_stack+0x43/0xd0
[   26.195533]  __kasan_slab_free+0x11a/0x170
[   26.199744]  kasan_slab_free+0xe/0x10
[   26.203532]  kmem_cache_free+0x83/0x2a0
[   26.207487]  __sk_destruct+0x628/0x920
[   26.211343]  sk_destruct+0x47/0x80
[   26.214855]  __sk_free+0xf1/0x2b0
[   26.218279]  sk_free+0x2a/0x40
[   26.221447]  unix_release_sock+0x6f1/0xc10
[   26.225653]  unix_release+0x44/0x90
[   26.229259]  sock_release+0x8d/0x1e0
[   26.232944]  sock_close+0x16/0x20
[   26.236369]  __fput+0x327/0x7e0
[   26.239617]  ____fput+0x15/0x20
[   26.242867]  task_work_run+0x199/0x270
[   26.246730]  exit_to_usermode_loop+0x275/0x2f0
[   26.251283]  do_syscall_64+0x6ec/0x940
[   26.255144]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   26.260301] 
[   26.261905] The buggy address belongs to the object at ffff8801b24411c0
[   26.261905]  which belongs to the cache UNIX of size 1664
[   26.274016] The buggy address is located 424 bytes to the left of
[   26.274016]  1664-byte region [ffff8801b24411c0, ffff8801b2441840)
[   26.286402] The buggy address belongs to the page:
[   26.291312] page:ffffea0006c91040 count:1 mapcount:0 mapping:ffff8801b24411c0 index:0x0
[   26.299431] flags: 0x2fffc0000000100(slab)
[   26.303651] raw: 02fffc0000000100 ffff8801b24411c0 0000000000000000 0000000100000002
[   26.311509] raw: ffffea0006c90620 ffffea0007304420 ffff8801d52b1cc0 0000000000000000
[   26.319361] page dumped because: kasan: bad access detected
[   26.325045] 
[   26.326648] Memory state around the buggy address:
[   26.331549]  ffff8801b2440f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.338952]  ffff8801b2440f80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   26.346280] >ffff8801b2441000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.353609]                             ^
[   26.357726]  ffff8801b2441080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.365053]  ffff8801b2441100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.372380] ==================================================================
[   26.379708] Disabling lock debugging due to kernel taint
[   26.385156] Kernel panic - not syncing: panic_on_warn set ...
[   26.385156] 
[   26.392503] CPU: 1 PID: 4247 Comm: syzkaller701255 Tainted: G    B            4.16.0-rc5+ #354
[   26.401219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.410540] Call Trace:
[   26.413101]  dump_stack+0x194/0x24d
[   26.416701]  ? arch_local_irq_restore+0x53/0x53
[   26.421339]  ? kasan_end_report+0x32/0x50
[   26.425460]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.430185]  ? vsnprintf+0x1ed/0x1900
[   26.433956]  ? ip6_xmit+0x1f30/0x2260
[   26.437727]  panic+0x1e4/0x41c
[   26.440889]  ? refcount_error_report+0x214/0x214
[   26.445615]  ? add_taint+0x1c/0x50
[   26.449124]  ? add_taint+0x1c/0x50
[   26.452634]  ? ip6_xmit+0x1f76/0x2260
[   26.456407]  kasan_end_report+0x50/0x50
[   26.460358]  kasan_report+0x149/0x360
[   26.464130]  __asan_report_load8_noabort+0x14/0x20
[   26.469031]  ip6_xmit+0x1f76/0x2260
[   26.472635]  ? ip6_finish_output2+0x23a0/0x23a0
[   26.477275]  ? fl6_update_dst+0x127/0x2b0
[   26.481394]  ? inet6_csk_route_socket+0x691/0xe80
[   26.486211]  ? trace_hardirqs_off+0x10/0x10
[   26.490505]  ? lock_acquire+0x1d5/0x580
[   26.494449]  ? lock_acquire+0x1d5/0x580
[   26.498392]  ? inet6_csk_xmit+0x114/0x580
[   26.502513]  ? trace_hardirqs_off+0x10/0x10
[   26.506807]  ? lock_release+0xa40/0xa40
[   26.510759]  inet6_csk_xmit+0x2fc/0x580
[   26.514705]  ? inet6_csk_update_pmtu+0x160/0x160
[   26.519431]  ? __sk_dst_check+0x1a5/0x380
[   26.523548]  ? sock_kfree_s+0x60/0x60
[   26.527327]  l2tp_xmit_skb+0x105f/0x1410
[   26.531363]  ? l2tp_session_create+0xb80/0xb80
[   26.535916]  ? sock_wmalloc+0x15d/0x1d0
[   26.539862]  ? iov_iter_advance+0x13f0/0x13f0
[   26.544326]  ? pppol2tp_sendmsg+0x41b/0x670
[   26.548619]  pppol2tp_sendmsg+0x470/0x670
[   26.552739]  ? selinux_socket_sendmsg+0x36/0x40
[   26.557381]  ? pppol2tp_getsockopt+0x900/0x900
[   26.561933]  sock_sendmsg+0xca/0x110
[   26.565617]  ___sys_sendmsg+0x767/0x8b0
[   26.569565]  ? copy_msghdr_from_user+0x590/0x590
[   26.574292]  ? lock_release+0xa40/0xa40
[   26.578246]  ? __ip4_datagram_connect+0xa3a/0x1240
[   26.583146]  ? lock_acquire+0x1d5/0x580
[   26.587091]  ? __local_bh_enable_ip+0x121/0x230
[   26.591730]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   26.596715]  ? release_sock+0x1d4/0x2a0
[   26.600660]  ? trace_hardirqs_on+0xd/0x10
[   26.604792]  ? __local_bh_enable_ip+0x121/0x230
[   26.609428]  ? __fget_light+0x2b2/0x3c0
[   26.613372]  ? fget_raw+0x20/0x20
[   26.616799]  ? release_sock+0x1d4/0x2a0
[   26.620745]  ? __release_sock+0x360/0x360
[   26.624873]  ? ip6_datagram_connect+0x3a/0x50
[   26.629345]  __sys_sendmsg+0xe5/0x210
[   26.633117]  ? __sys_sendmsg+0xe5/0x210
[   26.637060]  ? SyS_shutdown+0x290/0x290
[   26.641021]  ? move_addr_to_kernel+0x60/0x60
[   26.645408]  SyS_sendmsg+0x2d/0x50
[   26.648917]  ? __sys_sendmsg+0x210/0x210
[   26.652950]  do_syscall_64+0x281/0x940
[   26.656808]  ? __do_page_fault+0xc90/0xc90
[   26.661015]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   26.666524]  ? syscall_return_slowpath+0x550/0x550
[   26.671432]  ? syscall_return_slowpath+0x2ac/0x550
[   26.676336]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   26.681670]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.686487]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   26.691646] RIP: 0033:0x440299
[   26.694807] RSP: 002b:00007fffeab94d38 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
[   26.702482] RAX: ffffffffffffffda RBX: 00007fffeab94d50 RCX: 0000000000440299
[   26.709729] RDX: 000000000000c045 RSI: 0000000020002540 RDI: 0000000000000004
[   26.716970] RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
[   26.724209] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000401ad0
[   26.731447] R13: 0000000000401b60 R14: 0000000000000000 R15: 0000000000000000
[   26.739102] Dumping ftrace buffer:
[   26.742617]    (ftrace buffer empty)
[   26.746295] Kernel Offset: disabled
[   26.749890] Rebooting in 86400 seconds..