[....] Starting enhanced syslogd: rsyslogd[ 15.498160] audit: type=1400 audit(1520963052.405:5): avc: denied { syslog } for pid=4027 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 17.646777] audit: type=1400 audit(1520963054.553:6): avc: denied { map } for pid=4167 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.0' (ECDSA) to the list of known hosts. [ 23.902974] audit: type=1400 audit(1520963060.809:7): avc: denied { map } for pid=4181 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/03/13 17:44:21 parsed 1 programs 2018/03/13 17:44:21 executed programs: 0 [ 24.156964] audit: type=1400 audit(1520963061.063:8): avc: denied { map } for pid=4181 comm="syz-execprog" path="/root/syzkaller-shm315120406" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 24.170300] IPVS: ftp: loaded support on port[0] = 21 [ 24.445468] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 24.807405] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 24.813497] 8021q: adding VLAN 0 to HW filter on device bond0 [ 24.852492] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 24.891537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.909487] ================================================================== [ 24.916903] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x1f76/0x2260 [ 24.923368] Read of size 8 at addr ffff8801c47a6118 by task syz-executor0/4346 [ 24.930709] [ 24.932310] CPU: 1 PID: 4346 Comm: syz-executor0 Not tainted 4.16.0-rc5+ #262 [ 24.939550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.948879] Call Trace: [ 24.951446] dump_stack+0x194/0x24d [ 24.955050] ? arch_local_irq_restore+0x53/0x53 [ 24.959693] ? show_regs_print_info+0x18/0x18 [ 24.964172] ? ip6_xmit+0x1f76/0x2260 [ 24.967946] print_address_description+0x73/0x250 [ 24.972760] ? ip6_xmit+0x1f76/0x2260 [ 24.976535] kasan_report+0x23c/0x360 [ 24.980320] __asan_report_load8_noabort+0x14/0x20 [ 24.985223] ip6_xmit+0x1f76/0x2260 [ 24.988833] ? ip6_finish_output2+0x23a0/0x23a0 [ 24.993480] ? fl6_update_dst+0x127/0x2b0 [ 24.997607] ? inet6_csk_route_socket+0x691/0xe80 [ 25.002433] ? trace_hardirqs_off+0x10/0x10 [ 25.006728] ? lock_acquire+0x1d5/0x580 [ 25.010676] ? lock_acquire+0x1d5/0x580 [ 25.014623] ? inet6_csk_xmit+0x114/0x580 [ 25.018748] ? trace_hardirqs_off+0x10/0x10 [ 25.023050] ? lock_release+0xa40/0xa40 [ 25.027020] inet6_csk_xmit+0x2fc/0x580 [ 25.030976] ? inet6_csk_update_pmtu+0x160/0x160 [ 25.035705] ? __sk_dst_check+0x1a5/0x380 [ 25.039828] ? sock_kfree_s+0x60/0x60 [ 25.043618] l2tp_xmit_skb+0x105f/0x1410 [ 25.047661] ? l2tp_session_create+0xb80/0xb80 [ 25.052222] ? sock_wmalloc+0x15d/0x1d0 [ 25.056170] ? iov_iter_advance+0x13f0/0x13f0 [ 25.060640] ? pppol2tp_sendmsg+0x41b/0x670 [ 25.064935] pppol2tp_sendmsg+0x470/0x670 [ 25.069060] ? selinux_socket_sendmsg+0x36/0x40 [ 25.073705] ? pppol2tp_getsockopt+0x900/0x900 [ 25.078264] sock_sendmsg+0xca/0x110 [ 25.081953] SYSC_sendto+0x361/0x5c0 [ 25.085644] ? SYSC_connect+0x4a0/0x4a0 [ 25.089595] ? find_held_lock+0x35/0x1d0 [ 25.093640] ? lock_downgrade+0x980/0x980 [ 25.097787] ? __do_page_fault+0x3d6/0xc90 [ 25.102005] SyS_sendto+0x40/0x50 [ 25.105444] ? SyS_getpeername+0x30/0x30 [ 25.109482] do_fast_syscall_32+0x3ec/0xf9f [ 25.113786] ? do_int80_syscall_32+0x9c0/0x9c0 [ 25.118345] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.123084] ? syscall_return_slowpath+0x2ac/0x550 [ 25.127992] ? prepare_exit_to_usermode+0x350/0x350 [ 25.132992] ? sysret32_from_system_call+0x5/0x3c [ 25.137817] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.142648] entry_SYSENTER_compat+0x70/0x7f [ 25.147034] RIP: 0023:0xf7fdec99 [ 25.150369] RSP: 002b:00000000ff8f362c EFLAGS: 00000286 ORIG_RAX: 0000000000000171 [ 25.158056] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020001180 [ 25.165955] RDX: 0000000000000000 RSI: 0000000000040001 RDI: 00000000200021c0 [ 25.173206] RBP: 0000000000000080 R08: 0000000000000000 R09: 0000000000000000 [ 25.180456] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 25.187698] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 25.194958] [ 25.196561] Allocated by task 0: [ 25.199896] (stack is not available) [ 25.203577] [ 25.205173] Freed by task 0: [ 25.208157] (stack is not available) [ 25.211835] [ 25.213435] The buggy address belongs to the object at ffff8801c47a6100 [ 25.213435] which belongs to the cache ip_dst_cache of size 168 [ 25.226149] The buggy address is located 24 bytes inside of [ 25.226149] 168-byte region [ffff8801c47a6100, ffff8801c47a61a8) [ 25.237904] The buggy address belongs to the page: [ 25.242805] page:ffffea000711e980 count:1 mapcount:0 mapping:ffff8801c47a6000 index:0x0 [ 25.250920] flags: 0x2fffc0000000100(slab) [ 25.255130] raw: 02fffc0000000100 ffff8801c47a6000 0000000000000000 0000000100000010 [ 25.262982] raw: ffffea0007141b20 ffff8801d5433b48 ffff8801d5432800 0000000000000000 [ 25.270829] page dumped because: kasan: bad access detected [ 25.276508] [ 25.278107] Memory state around the buggy address: [ 25.283010] ffff8801c47a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.290344] ffff8801c47a6080: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 25.297682] >ffff8801c47a6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.305014] ^ [ 25.309135] ffff8801c47a6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.316465] ffff8801c47a6200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.323798] ================================================================== [ 25.331127] Disabling lock debugging due to kernel taint [ 25.336575] Kernel panic - not syncing: panic_on_warn set ... [ 25.336575] [ 25.343924] CPU: 1 PID: 4346 Comm: syz-executor0 Tainted: G B 4.16.0-rc5+ #262 [ 25.352494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.361829] Call Trace: [ 25.364394] dump_stack+0x194/0x24d [ 25.367993] ? arch_local_irq_restore+0x53/0x53 [ 25.372635] ? kasan_end_report+0x32/0x50 [ 25.376754] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.381480] ? vsnprintf+0x1ed/0x1900 [ 25.385250] ? ip6_xmit+0x1f30/0x2260 [ 25.389025] panic+0x1e4/0x41c [ 25.392188] ? refcount_error_report+0x214/0x214 [ 25.396924] ? add_taint+0x1c/0x50 [ 25.400439] ? add_taint+0x1c/0x50 [ 25.403950] ? ip6_xmit+0x1f76/0x2260 [ 25.407721] kasan_end_report+0x50/0x50 [ 25.411667] kasan_report+0x149/0x360 [ 25.415439] __asan_report_load8_noabort+0x14/0x20 [ 25.420337] ip6_xmit+0x1f76/0x2260 [ 25.423942] ? ip6_finish_output2+0x23a0/0x23a0 [ 25.428579] ? fl6_update_dst+0x127/0x2b0 [ 25.432698] ? inet6_csk_route_socket+0x691/0xe80 [ 25.437512] ? trace_hardirqs_off+0x10/0x10 [ 25.441802] ? lock_acquire+0x1d5/0x580 [ 25.445745] ? lock_acquire+0x1d5/0x580 [ 25.449686] ? inet6_csk_xmit+0x114/0x580 [ 25.453803] ? trace_hardirqs_off+0x10/0x10 [ 25.458092] ? lock_release+0xa40/0xa40 [ 25.462044] inet6_csk_xmit+0x2fc/0x580 [ 25.465997] ? inet6_csk_update_pmtu+0x160/0x160 [ 25.470729] ? __sk_dst_check+0x1a5/0x380 [ 25.474848] ? sock_kfree_s+0x60/0x60 [ 25.478627] l2tp_xmit_skb+0x105f/0x1410 [ 25.482661] ? l2tp_session_create+0xb80/0xb80 [ 25.487216] ? sock_wmalloc+0x15d/0x1d0 [ 25.491165] ? iov_iter_advance+0x13f0/0x13f0 [ 25.495637] ? pppol2tp_sendmsg+0x41b/0x670 [ 25.499932] pppol2tp_sendmsg+0x470/0x670 [ 25.504057] ? selinux_socket_sendmsg+0x36/0x40 [ 25.508700] ? pppol2tp_getsockopt+0x900/0x900 [ 25.513257] sock_sendmsg+0xca/0x110 [ 25.516946] SYSC_sendto+0x361/0x5c0 [ 25.520646] ? SYSC_connect+0x4a0/0x4a0 [ 25.524599] ? find_held_lock+0x35/0x1d0 [ 25.528638] ? lock_downgrade+0x980/0x980 [ 25.532768] ? __do_page_fault+0x3d6/0xc90 [ 25.536979] SyS_sendto+0x40/0x50 [ 25.540402] ? SyS_getpeername+0x30/0x30 [ 25.544441] do_fast_syscall_32+0x3ec/0xf9f [ 25.548740] ? do_int80_syscall_32+0x9c0/0x9c0 [ 25.553291] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.558026] ? syscall_return_slowpath+0x2ac/0x550 [ 25.562926] ? prepare_exit_to_usermode+0x350/0x350 [ 25.567913] ? sysret32_from_system_call+0x5/0x3c [ 25.572732] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.577550] entry_SYSENTER_compat+0x70/0x7f [ 25.581932] RIP: 0023:0xf7fdec99 [ 25.585266] RSP: 002b:00000000ff8f362c EFLAGS: 00000286 ORIG_RAX: 0000000000000171 [ 25.592941] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020001180 [ 25.600184] RDX: 0000000000000000 RSI: 0000000000040001 RDI: 00000000200021c0 [ 25.607444] RBP: 0000000000000080 R08: 0000000000000000 R09: 0000000000000000 [ 25.614682] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 25.621922] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 25.629620] Dumping ftrace buffer: [ 25.633132] (ftrace buffer empty) [ 25.636812] Kernel Offset: disabled [ 25.640408] Rebooting in 86400 seconds..