Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[   10.741940] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[ ok 8[?25h[?0c.
[   11.395201] random: crng init done

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.154' (ECDSA) to the list of known hosts.
2019/01/31 20:46:48 parsed 1 programs
2019/01/31 20:46:50 executed programs: 0
syzkaller login: [   34.755110] audit: type=1400 audit(1548967610.537:5): avc:  denied  { associate } for  pid=2072 comm="syz-executor0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[   34.777050] ==================================================================
[   34.784445] BUG: KASAN: use-after-free in ipv4_conntrack_defrag+0x2ae/0x2f0
[   34.791518] Write of size 4 at addr ffff8801c9ef21c8 by task syz-executor0/2220
[   34.798938] 
[   34.800550] CPU: 1 PID: 2220 Comm: syz-executor0 Not tainted 4.9.154+ #19
[   34.807447]  ffff8801c982f110 ffffffff81b47411 0000000000000001 ffffea000727bc80
[   34.815440]  ffff8801c9ef21c8 0000000000000004 ffffffff826028fe ffff8801c982f148
[   34.823423]  ffffffff81502615 0000000000000001 ffff8801c9ef21c8 ffff8801c9ef21c8
[   34.831431] Call Trace:
[   34.833996]  [<ffffffff81b47411>] dump_stack+0xc1/0x120
[   34.839337]  [<ffffffff826028fe>] ? ipv4_conntrack_defrag+0x2ae/0x2f0
[   34.845903]  [<ffffffff81502615>] print_address_description+0x6f/0x238
[   34.852553]  [<ffffffff826028fe>] ? ipv4_conntrack_defrag+0x2ae/0x2f0
[   34.859105]  [<ffffffff8150286a>] kasan_report.cold+0x8c/0x2ba
[   34.865045]  [<ffffffff82602650>] ? nf_defrag_ipv4_enable+0x10/0x10
[   34.871631]  [<ffffffff814f4ae7>] __asan_report_store4_noabort+0x17/0x20
[   34.878454]  [<ffffffff826028fe>] ipv4_conntrack_defrag+0x2ae/0x2f0
[   34.884955]  [<ffffffff823de69e>] nf_iterate+0x12e/0x310
[   34.890377]  [<ffffffff823de994>] nf_hook_slow+0x114/0x1f0
[   34.895984]  [<ffffffff823de880>] ? nf_iterate+0x310/0x310
[   34.901594]  [<ffffffff8255f32c>] raw_sendmsg+0x1ccc/0x23e0
[   34.907283]  [<ffffffff8255eeb1>] ? raw_sendmsg+0x1851/0x23e0
[   34.913261]  [<ffffffff819f2914>] ? avc_has_perm+0x164/0x3a0
[   34.919053]  [<ffffffff8255d660>] ? compat_raw_setsockopt+0xd0/0xd0
[   34.925439]  [<ffffffff81207a55>] ? __lock_acquire+0x5e5/0x4350
[   34.931473]  [<ffffffff81243601>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   34.938201]  [<ffffffff81bab71c>] ? check_preemption_disabled+0x3c/0x200
[   34.945017]  [<ffffffff8255af50>] ? ip4_datagram_release_cb+0x970/0x970
[   34.951855]  [<ffffffff819fa020>] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0
[   34.959452]  [<ffffffff81243601>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   34.966177]  [<ffffffff81bab71c>] ? check_preemption_disabled+0x3c/0x200
[   34.972991]  [<ffffffff81bab71c>] ? check_preemption_disabled+0x3c/0x200
[   34.979814]  [<ffffffff81bab71c>] ? check_preemption_disabled+0x3c/0x200
[   34.986654]  [<ffffffff82595523>] ? inet_sendmsg+0x143/0x4d0
[   34.992429]  [<ffffffff825955e2>] inet_sendmsg+0x202/0x4d0
[   34.998035]  [<ffffffff82595456>] ? inet_sendmsg+0x76/0x4d0
[   35.003722]  [<ffffffff825953e0>] ? inet_recvmsg+0x4d0/0x4d0
[   35.009612]  [<ffffffff822a392e>] sock_sendmsg+0xbe/0x110
[   35.015137]  [<ffffffff822a3d94>] kernel_sendmsg+0x44/0x50
[   35.020734]  [<ffffffff822ae466>] sock_no_sendpage+0x116/0x150
[   35.026679]  [<ffffffff822ae350>] ? skb_page_frag_refill+0x3e0/0x3e0
[   35.033244]  [<ffffffff812599e1>] ? timespec_trunc+0xc1/0x160
[   35.039103]  [<ffffffff81259920>] ? nsecs_to_jiffies+0x30/0x30
[   35.045051]  [<ffffffff81bab71c>] ? check_preemption_disabled+0x3c/0x200
[   35.052001]  [<ffffffff82596ada>] ? inet_sendpage+0x14a/0x520
[   35.057859]  [<ffffffff82596d4c>] inet_sendpage+0x3bc/0x520
[   35.063547]  [<ffffffff82596a0c>] ? inet_sendpage+0x7c/0x520
[   35.069316]  [<ffffffff822a3605>] kernel_sendpage+0x95/0xf0
[   35.074999]  [<ffffffff82596990>] ? inet_getname+0x3b0/0x3b0
[   35.080766]  [<ffffffff822a36eb>] sock_sendpage+0x8b/0xc0
[   35.086278]  [<ffffffff822a3660>] ? kernel_sendpage+0xf0/0xf0
[   35.092139]  [<ffffffff815ac06d>] pipe_to_sendpage+0x28d/0x3d0
[   35.098098]  [<ffffffff815abde0>] ? direct_splice_actor+0x1a0/0x1a0
[   35.104477]  [<ffffffff815afa69>] ? splice_from_pipe_next.part.0+0x1e9/0x290
[   35.111649]  [<ffffffff815afe61>] __splice_from_pipe+0x351/0x790
[   35.117768]  [<ffffffff815abde0>] ? direct_splice_actor+0x1a0/0x1a0
[   35.124151]  [<ffffffff815abde0>] ? direct_splice_actor+0x1a0/0x1a0
[   35.130557]  [<ffffffff815b1868>] splice_from_pipe+0x108/0x170
[   35.136505]  [<ffffffff815b1760>] ? splice_shrink_spd+0xb0/0xb0
[   35.142540]  [<ffffffff819ea20f>] ? security_file_permission+0x8f/0x1f0
[   35.149265]  [<ffffffff815b190c>] generic_splice_sendpage+0x3c/0x50
[   35.155646]  [<ffffffff815b18d0>] ? splice_from_pipe+0x170/0x170
[   35.161763]  [<ffffffff815abd66>] direct_splice_actor+0x126/0x1a0
[   35.167976]  [<ffffffff815adcd8>] splice_direct_to_actor+0x2c8/0x820
[   35.174437]  [<ffffffff815abc40>] ? generic_pipe_buf_nosteal+0x10/0x10
[   35.181229]  [<ffffffff815ada10>] ? do_splice_to+0x170/0x170
[   35.187003]  [<ffffffff819ea20f>] ? security_file_permission+0x8f/0x1f0
[   35.193731]  [<ffffffff8150c31a>] ? rw_verify_area+0xea/0x2b0
[   35.199590]  [<ffffffff815ae3d5>] do_splice_direct+0x1a5/0x260
[   35.205541]  [<ffffffff815ae230>] ? splice_direct_to_actor+0x820/0x820
[   35.212182]  [<ffffffff81a088c5>] ? selinux_file_permission+0x85/0x470
[   35.218821]  [<ffffffff819ea20f>] ? security_file_permission+0x8f/0x1f0
[   35.225548]  [<ffffffff8150c31a>] ? rw_verify_area+0xea/0x2b0
[   35.231403]  [<ffffffff8150f5c3>] do_sendfile+0x503/0xc00
[   35.236909]  [<ffffffff8150f0c0>] ? do_compat_pwritev64+0x180/0x180
[   35.243288]  [<ffffffff81496084>] ? __might_fault+0x114/0x1d0
[   35.249145]  [<ffffffff815115b5>] SyS_sendfile64+0x145/0x160
[   35.254921]  [<ffffffff81511470>] ? SyS_sendfile+0x160/0x160
[   35.260707]  [<ffffffff8100555a>] ? do_syscall_64+0x4a/0x570
[   35.266475]  [<ffffffff81511470>] ? SyS_sendfile+0x160/0x160
[   35.272383]  [<ffffffff810056bd>] do_syscall_64+0x1ad/0x570
[   35.278080]  [<ffffffff82816493>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   35.284976] 
[   35.286579] Allocated by task 2220:
[   35.290201]  save_stack_trace+0x16/0x20
[   35.294155]  kasan_kmalloc.part.0+0x62/0xf0
[   35.298450]  kasan_kmalloc+0xb7/0xd0
[   35.302137]  kasan_slab_alloc+0xf/0x20
[   35.305996]  kmem_cache_alloc+0xd5/0x2b0
[   35.310029]  __alloc_skb+0xe7/0x5e0
[   35.313628]  alloc_skb_with_frags+0xb0/0x4f0
[   35.318009]  sock_alloc_send_pskb+0x5ec/0x760
[   35.322476]  sock_alloc_send_skb+0x32/0x40
[   35.326683]  raw_sendmsg+0x10ed/0x23e0
[   35.330669]  inet_sendmsg+0x202/0x4d0
[   35.334442]  sock_sendmsg+0xbe/0x110
[   35.338126]  kernel_sendmsg+0x44/0x50
[   35.341895]  sock_no_sendpage+0x116/0x150
[   35.346015]  inet_sendpage+0x3bc/0x520
[   35.349883]  kernel_sendpage+0x95/0xf0
[   35.353757]  sock_sendpage+0x8b/0xc0
[   35.357443]  pipe_to_sendpage+0x28d/0x3d0
[   35.361560]  __splice_from_pipe+0x351/0x790
[   35.365854]  splice_from_pipe+0x108/0x170
[   35.369974]  generic_splice_sendpage+0x3c/0x50
[   35.374525]  direct_splice_actor+0x126/0x1a0
[   35.378907]  splice_direct_to_actor+0x2c8/0x820
[   35.383549]  do_splice_direct+0x1a5/0x260
[   35.387749]  do_sendfile+0x503/0xc00
[   35.391444]  SyS_sendfile64+0x145/0x160
[   35.395390]  do_syscall_64+0x1ad/0x570
[   35.399255]  entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   35.404328] 
[   35.405929] Freed by task 2220:
[   35.409194]  save_stack_trace+0x16/0x20
[   35.413139]  kasan_slab_free+0xb0/0x190
[   35.417081]  kmem_cache_free+0xbe/0x310
[   35.421027]  kfree_skbmem+0x9f/0x100
[   35.424710]  kfree_skb+0xd4/0x350
[   35.428136]  ip_defrag+0x620/0x3bc0
[   35.431742]  ipv4_conntrack_defrag+0x1b4/0x2f0
[   35.436295]  nf_iterate+0x12e/0x310
[   35.439893]  nf_hook_slow+0x114/0x1f0
[   35.443669]  raw_sendmsg+0x1ccc/0x23e0
[   35.447526]  inet_sendmsg+0x202/0x4d0
[   35.451297]  sock_sendmsg+0xbe/0x110
[   35.454991]  kernel_sendmsg+0x44/0x50
[   35.458763]  sock_no_sendpage+0x116/0x150
[   35.462881]  inet_sendpage+0x3bc/0x520
[   35.466739]  kernel_sendpage+0x95/0xf0
[   35.470602]  sock_sendpage+0x8b/0xc0
[   35.474286]  pipe_to_sendpage+0x28d/0x3d0
[   35.478407]  __splice_from_pipe+0x351/0x790
[   35.482704]  splice_from_pipe+0x108/0x170
[   35.486931]  generic_splice_sendpage+0x3c/0x50
[   35.491495]  direct_splice_actor+0x126/0x1a0
[   35.495893]  splice_direct_to_actor+0x2c8/0x820
[   35.500543]  do_splice_direct+0x1a5/0x260
[   35.504663]  do_sendfile+0x503/0xc00
[   35.508348]  SyS_sendfile64+0x145/0x160
[   35.512427]  do_syscall_64+0x1ad/0x570
[   35.516289]  entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   35.521454] 
[   35.523062] The buggy address belongs to the object at ffff8801c9ef2140
[   35.523062]  which belongs to the cache skbuff_head_cache of size 224
[   35.536213] The buggy address is located 136 bytes inside of
[   35.536213]  224-byte region [ffff8801c9ef2140, ffff8801c9ef2220)
[   35.548057] The buggy address belongs to the page:
[   35.552960] page:ffffea000727bc80 count:1 mapcount:0 mapping:          (null) index:0x0
[   35.561203] flags: 0x4000000000000080(slab)
[   35.565497] page dumped because: kasan: bad access detected
[   35.571178] 
[   35.572794] Memory state around the buggy address:
[   35.577695]  ffff8801c9ef2080: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   35.585024]  ffff8801c9ef2100: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   35.592354] >ffff8801c9ef2180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.599688]                                               ^
[   35.605371]  ffff8801c9ef2200: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   35.612712]  ffff8801c9ef2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.620045] ==================================================================
[   35.627431] Disabling lock debugging due to kernel taint
[   35.633203] Kernel panic - not syncing: panic_on_warn set ...
[   35.633203] 
[   35.640774] CPU: 1 PID: 2220 Comm: syz-executor0 Tainted: G    B           4.9.154+ #19
[   35.648930]  ffff8801c982f050 ffffffff81b47411 ffff8801c982f100 ffffffff82e439da
[   35.657065]  00000000ffffffff 0000000000000001 ffffffff826028fe ffff8801c982f130
[   35.665068]  ffffffff813f725a 0000000041b58ab3 ffffffff82e35b02 ffffffff813f7081
[   35.673081] Call Trace:
[   35.675651]  [<ffffffff81b47411>] dump_stack+0xc1/0x120
[   35.680990]  [<ffffffff826028fe>] ? ipv4_conntrack_defrag+0x2ae/0x2f0
[   35.687634]  [<ffffffff813f725a>] panic+0x1d9/0x3bd
[   35.692623]  [<ffffffff813f7081>] ? add_taint.cold+0x16/0x16
[   35.698397]  [<ffffffff82807f0f>] ? preempt_schedule_common+0x4f/0xe0
[   35.704950]  [<ffffffff826028fe>] ? ipv4_conntrack_defrag+0x2ae/0x2f0
[   35.711521]  [<ffffffff82807fc6>] ? preempt_schedule+0x26/0x30
[   35.717466]  [<ffffffff81002226>] ? ___preempt_schedule+0x16/0x18
[   35.723677]  [<ffffffff8150252f>] kasan_end_report+0x47/0x4f
[   35.729446]  [<ffffffff81502887>] kasan_report.cold+0xa9/0x2ba
[   35.735389]  [<ffffffff82602650>] ? nf_defrag_ipv4_enable+0x10/0x10
[   35.741773]  [<ffffffff814f4ae7>] __asan_report_store4_noabort+0x17/0x20
[   35.748595]  [<ffffffff826028fe>] ipv4_conntrack_defrag+0x2ae/0x2f0
[   35.754979]  [<ffffffff823de69e>] nf_iterate+0x12e/0x310
[   35.760504]  [<ffffffff823de994>] nf_hook_slow+0x114/0x1f0
[   35.766108]  [<ffffffff823de880>] ? nf_iterate+0x310/0x310
[   35.771711]  [<ffffffff8255f32c>] raw_sendmsg+0x1ccc/0x23e0
[   35.777411]  [<ffffffff8255eeb1>] ? raw_sendmsg+0x1851/0x23e0
[   35.783267]  [<ffffffff819f2914>] ? avc_has_perm+0x164/0x3a0
[   35.789036]  [<ffffffff8255d660>] ? compat_raw_setsockopt+0xd0/0xd0
[   35.795426]  [<ffffffff81207a55>] ? __lock_acquire+0x5e5/0x4350
[   35.801462]  [<ffffffff81243601>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   35.808191]  [<ffffffff81bab71c>] ? check_preemption_disabled+0x3c/0x200
[   35.815005]  [<ffffffff8255af50>] ? ip4_datagram_release_cb+0x970/0x970
[   35.821736]  [<ffffffff819fa020>] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0
[   35.829244]  [<ffffffff81243601>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   35.835972]  [<ffffffff81bab71c>] ? check_preemption_disabled+0x3c/0x200
[   35.842783]  [<ffffffff81bab71c>] ? check_preemption_disabled+0x3c/0x200
[   35.849599]  [<ffffffff81bab71c>] ? check_preemption_disabled+0x3c/0x200
[   35.856673]  [<ffffffff82595523>] ? inet_sendmsg+0x143/0x4d0
[   35.862442]  [<ffffffff825955e2>] inet_sendmsg+0x202/0x4d0
[   35.868034]  [<ffffffff82595456>] ? inet_sendmsg+0x76/0x4d0
[   35.873718]  [<ffffffff825953e0>] ? inet_recvmsg+0x4d0/0x4d0
[   35.879491]  [<ffffffff822a392e>] sock_sendmsg+0xbe/0x110
[   35.885000]  [<ffffffff822a3d94>] kernel_sendmsg+0x44/0x50
[   35.890595]  [<ffffffff822ae466>] sock_no_sendpage+0x116/0x150
[   35.896538]  [<ffffffff822ae350>] ? skb_page_frag_refill+0x3e0/0x3e0
[   35.903005]  [<ffffffff812599e1>] ? timespec_trunc+0xc1/0x160
[   35.908860]  [<ffffffff81259920>] ? nsecs_to_jiffies+0x30/0x30
[   35.914804]  [<ffffffff81bab71c>] ? check_preemption_disabled+0x3c/0x200
[   35.921742]  [<ffffffff82596ada>] ? inet_sendpage+0x14a/0x520
[   35.927599]  [<ffffffff82596d4c>] inet_sendpage+0x3bc/0x520
[   35.933279]  [<ffffffff82596a0c>] ? inet_sendpage+0x7c/0x520
[   35.939049]  [<ffffffff822a3605>] kernel_sendpage+0x95/0xf0
[   35.944730]  [<ffffffff82596990>] ? inet_getname+0x3b0/0x3b0
[   35.950498]  [<ffffffff822a36eb>] sock_sendpage+0x8b/0xc0
[   35.956012]  [<ffffffff822a3660>] ? kernel_sendpage+0xf0/0xf0
[   35.961871]  [<ffffffff815ac06d>] pipe_to_sendpage+0x28d/0x3d0
[   35.967833]  [<ffffffff815abde0>] ? direct_splice_actor+0x1a0/0x1a0
[   35.974255]  [<ffffffff815afa69>] ? splice_from_pipe_next.part.0+0x1e9/0x290
[   35.981426]  [<ffffffff815afe61>] __splice_from_pipe+0x351/0x790
[   35.987563]  [<ffffffff815abde0>] ? direct_splice_actor+0x1a0/0x1a0
[   35.993954]  [<ffffffff815abde0>] ? direct_splice_actor+0x1a0/0x1a0
[   36.000357]  [<ffffffff815b1868>] splice_from_pipe+0x108/0x170
[   36.006467]  [<ffffffff815b1760>] ? splice_shrink_spd+0xb0/0xb0
[   36.012503]  [<ffffffff819ea20f>] ? security_file_permission+0x8f/0x1f0
[   36.019235]  [<ffffffff815b190c>] generic_splice_sendpage+0x3c/0x50
[   36.025617]  [<ffffffff815b18d0>] ? splice_from_pipe+0x170/0x170
[   36.031739]  [<ffffffff815abd66>] direct_splice_actor+0x126/0x1a0
[   36.037954]  [<ffffffff815adcd8>] splice_direct_to_actor+0x2c8/0x820
[   36.044420]  [<ffffffff815abc40>] ? generic_pipe_buf_nosteal+0x10/0x10
[   36.051056]  [<ffffffff815ada10>] ? do_splice_to+0x170/0x170
[   36.056827]  [<ffffffff819ea20f>] ? security_file_permission+0x8f/0x1f0
[   36.063560]  [<ffffffff8150c31a>] ? rw_verify_area+0xea/0x2b0
[   36.069417]  [<ffffffff815ae3d5>] do_splice_direct+0x1a5/0x260
[   36.075495]  [<ffffffff815ae230>] ? splice_direct_to_actor+0x820/0x820
[   36.082312]  [<ffffffff81a088c5>] ? selinux_file_permission+0x85/0x470
[   36.088956]  [<ffffffff819ea20f>] ? security_file_permission+0x8f/0x1f0
[   36.095777]  [<ffffffff8150c31a>] ? rw_verify_area+0xea/0x2b0
[   36.101641]  [<ffffffff8150f5c3>] do_sendfile+0x503/0xc00
[   36.107160]  [<ffffffff8150f0c0>] ? do_compat_pwritev64+0x180/0x180
[   36.113548]  [<ffffffff81496084>] ? __might_fault+0x114/0x1d0
[   36.119416]  [<ffffffff815115b5>] SyS_sendfile64+0x145/0x160
[   36.125184]  [<ffffffff81511470>] ? SyS_sendfile+0x160/0x160
[   36.130961]  [<ffffffff8100555a>] ? do_syscall_64+0x4a/0x570
[   36.136827]  [<ffffffff81511470>] ? SyS_sendfile+0x160/0x160
[   36.142598]  [<ffffffff810056bd>] do_syscall_64+0x1ad/0x570
[   36.148405]  [<ffffffff82816493>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   36.155813] Kernel Offset: disabled
[   36.159419] Rebooting in 86400 seconds..