�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 18.745791] audit: type=1400 audit(1519960078.624:6): avc: denied { map } for pid=4209 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz_tun.accept_dad = 0
net.ipv6.conf.syz_tun.router_solicitations = 0
syzkaller login: [ 25.960220] audit: type=1400 audit(1519960085.839:7): avc: denied { map } for pid=4224 comm="syzkaller265383" path="/root/syzkaller265383313" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 25.971727] IPVS: ftp: loaded support on port[0] = 21
RTNETLINK answers: File exists
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[ 26.248719] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[ 26.609467] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[ 26.615575] 8021q: adding VLAN 0 to HW filter on device bond0
executing program
[ 26.654092] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 26.692295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 26.701776] ==================================================================
[ 26.709180] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x1f76/0x2260
[ 26.715646] Read of size 8 at addr ffff8801afb31118 by task syzkaller265383/4225
[ 26.723146]
[ 26.724752] CPU: 0 PID: 4225 Comm: syzkaller265383 Not tainted 4.16.0-rc3+ #335
[ 26.732165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 26.741499] Call Trace:
[ 26.744064] dump_stack+0x194/0x24d
[ 26.747666] ? arch_local_irq_restore+0x53/0x53
[ 26.752308] ? show_regs_print_info+0x18/0x18
[ 26.756784] ? ip6_xmit+0x1f76/0x2260
[ 26.760568] print_address_description+0x73/0x250
[ 26.765389] ? ip6_xmit+0x1f76/0x2260
[ 26.769163] kasan_report+0x23b/0x360
[ 26.772941] __asan_report_load8_noabort+0x14/0x20
[ 26.777842] ip6_xmit+0x1f76/0x2260
[ 26.781720] ? ip6_finish_output2+0x23a0/0x23a0
[ 26.786364] ? fl6_update_dst+0x127/0x2b0
[ 26.790489] ? inet6_csk_route_socket+0x691/0xe80
[ 26.795304] ? trace_hardirqs_off+0x10/0x10
[ 26.799598] ? lock_acquire+0x1d5/0x580
[ 26.803544] ? lock_acquire+0x1d5/0x580
[ 26.807491] ? inet6_csk_xmit+0x114/0x580
[ 26.811620] ? trace_hardirqs_off+0x10/0x10
[ 26.815918] ? lock_release+0xa40/0xa40
[ 26.819882] inet6_csk_xmit+0x2fc/0x580
[ 26.823830] ? inet6_csk_update_pmtu+0x160/0x160
[ 26.828558] ? __sk_dst_check+0x1a5/0x380
[ 26.832680] ? sock_kfree_s+0x60/0x60
[ 26.836470] l2tp_xmit_skb+0x105f/0x1410
[ 26.840513] ? l2tp_session_create+0xb80/0xb80
[ 26.845072] ? sock_wmalloc+0x15d/0x1d0
[ 26.849028] ? iov_iter_advance+0x13f0/0x13f0
[ 26.853508] ? pppol2tp_sendmsg+0x41b/0x670
[ 26.857804] pppol2tp_sendmsg+0x470/0x670
[ 26.861928] ? selinux_socket_sendmsg+0x36/0x40
[ 26.866572] ? pppol2tp_getsockopt+0x900/0x900
[ 26.871132] sock_sendmsg+0xca/0x110
[ 26.874832] SYSC_sendto+0x361/0x5c0
[ 26.878523] ? SYSC_connect+0x4a0/0x4a0
[ 26.882479] ? inet_dgram_connect+0x172/0x1f0
[ 26.886947] ? SYSC_connect+0x2e0/0x4a0
[ 26.890923] ? mm_fault_error+0x2c0/0x2c0
[ 26.895549] ? move_addr_to_kernel+0x60/0x60
[ 26.899934] SyS_sendto+0x40/0x50
[ 26.903360] ? SyS_getpeername+0x30/0x30
[ 26.907405] do_syscall_64+0x281/0x940
[ 26.911266] ? __do_page_fault+0xc90/0xc90
[ 26.915475] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 26.920210] ? syscall_return_slowpath+0x550/0x550
[ 26.925114] ? syscall_return_slowpath+0x2ac/0x550
[ 26.930028] ? prepare_exit_to_usermode+0x350/0x350
[ 26.935033] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[ 26.940381] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 26.945250] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 26.950416] RIP: 0033:0x4417b9
[ 26.953578] RSP: 002b:00007ffe9afdbf38 EFLAGS: 00000216 ORIG_RAX: 000000000000002c
[ 26.961255] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 00000000004417b9
[ 26.968498] RDX: 0000000000000000 RSI: 0000000020de7000 RDI: 0000000000000004
[ 26.975746] RBP: 00000000004a3a6e R08: 0000000020000000 R09: 0000000000000000
[ 26.982988] R10: c3fe68eda9554f8b R11: 0000000000000216 R12: 00007ffe9afdc010
[ 26.990234] R13: 0000000000402540 R14: 0000000000000000 R15: 0000000000000000
[ 26.997491]
[ 26.999092] Allocated by task 0:
[ 27.002425] (stack is not available)
[ 27.006105]
[ 27.007706] Freed by task 0:
[ 27.010690] (stack is not available)
[ 27.014368]
[ 27.015969] The buggy address belongs to the object at ffff8801afb31100
[ 27.015969] which belongs to the cache ip_dst_cache of size 168
[ 27.028680] The buggy address is located 24 bytes inside of
[ 27.028680] 168-byte region [ffff8801afb31100, ffff8801afb311a8)
[ 27.040446] The buggy address belongs to the page:
[ 27.045348] page:ffffea0006becc40 count:1 mapcount:0 mapping:ffff8801afb31000 index:0x0
[ 27.053464] flags: 0x2fffc0000000100(slab)
[ 27.057673] raw: 02fffc0000000100 ffff8801afb31000 0000000000000000 0000000100000010
[ 27.065524] raw: ffff8801d6fd2c48 ffff8801d6fd2c48 ffff8801d8342840 0000000000000000
[ 27.073373] page dumped because: kasan: bad access detected
[ 27.079050]
[ 27.080646] Memory state around the buggy address:
[ 27.085546] ffff8801afb31000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 27.092875] ffff8801afb31080: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[ 27.100210] >ffff8801afb31100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 27.107536] ^
[ 27.111661] ffff8801afb31180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 27.118992] ffff8801afb31200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 27.126324] ==================================================================
[ 27.133651] Disabling lock debugging due to kernel taint
[ 27.139095] Kernel panic - not syncing: panic_on_warn set ...
[ 27.139095]
[ 27.146439] CPU: 0 PID: 4225 Comm: syzkaller265383 Tainted: G B 4.16.0-rc3+ #335
[ 27.155158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 27.164483] Call Trace:
[ 27.167045] dump_stack+0x194/0x24d
[ 27.170651] ? arch_local_irq_restore+0x53/0x53
[ 27.175293] ? kasan_end_report+0x32/0x50
[ 27.179413] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 27.184137] ? vsnprintf+0x1ed/0x1900
[ 27.187909] ? ip6_xmit+0x1f00/0x2260
[ 27.191679] panic+0x1e4/0x41c
[ 27.194842] ? refcount_error_report+0x214/0x214
[ 27.199568] ? add_taint+0x1c/0x50
[ 27.203075] ? add_taint+0x1c/0x50
[ 27.206585] ? ip6_xmit+0x1f76/0x2260
[ 27.210353] kasan_end_report+0x50/0x50
[ 27.214297] kasan_report+0x148/0x360
[ 27.218068] __asan_report_load8_noabort+0x14/0x20
[ 27.223314] ip6_xmit+0x1f76/0x2260
[ 27.226920] ? ip6_finish_output2+0x23a0/0x23a0
[ 27.231569] ? fl6_update_dst+0x127/0x2b0
[ 27.235691] ? inet6_csk_route_socket+0x691/0xe80
[ 27.240509] ? trace_hardirqs_off+0x10/0x10
[ 27.244799] ? lock_acquire+0x1d5/0x580
[ 27.248744] ? lock_acquire+0x1d5/0x580
[ 27.252688] ? inet6_csk_xmit+0x114/0x580
[ 27.256805] ? trace_hardirqs_off+0x10/0x10
[ 27.261097] ? lock_release+0xa40/0xa40
[ 27.265054] inet6_csk_xmit+0x2fc/0x580
[ 27.269002] ? inet6_csk_update_pmtu+0x160/0x160
[ 27.273741] ? __sk_dst_check+0x1a5/0x380
[ 27.277862] ? sock_kfree_s+0x60/0x60
[ 27.281644] l2tp_xmit_skb+0x105f/0x1410
[ 27.285683] ? l2tp_session_create+0xb80/0xb80
[ 27.290242] ? sock_wmalloc+0x15d/0x1d0
[ 27.294188] ? iov_iter_advance+0x13f0/0x13f0
[ 27.298654] ? pppol2tp_sendmsg+0x41b/0x670
[ 27.302945] pppol2tp_sendmsg+0x470/0x670
[ 27.307066] ? selinux_socket_sendmsg+0x36/0x40
[ 27.311708] ? pppol2tp_getsockopt+0x900/0x900
[ 27.316258] sock_sendmsg+0xca/0x110
[ 27.319942] SYSC_sendto+0x361/0x5c0
[ 27.323629] ? SYSC_connect+0x4a0/0x4a0
[ 27.327581] ? inet_dgram_connect+0x172/0x1f0
[ 27.332046] ? SYSC_connect+0x2e0/0x4a0
[ 27.336012] ? mm_fault_error+0x2c0/0x2c0
[ 27.340137] ? move_addr_to_kernel+0x60/0x60
[ 27.344517] SyS_sendto+0x40/0x50
[ 27.347942] ? SyS_getpeername+0x30/0x30
[ 27.351974] do_syscall_64+0x281/0x940
[ 27.355833] ? __do_page_fault+0xc90/0xc90
[ 27.360041] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 27.364776] ? syscall_return_slowpath+0x550/0x550
[ 27.369676] ? syscall_return_slowpath+0x2ac/0x550
[ 27.374580] ? prepare_exit_to_usermode+0x350/0x350
[ 27.379569] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[ 27.384905] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 27.389743] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 27.394905] RIP: 0033:0x4417b9
[ 27.398064] RSP: 002b:00007ffe9afdbf38 EFLAGS: 00000216 ORIG_RAX: 000000000000002c
[ 27.405739] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 00000000004417b9
[ 27.412979] RDX: 0000000000000000 RSI: 0000000020de7000 RDI: 0000000000000004
[ 27.420218] RBP: 00000000004a3a6e R08: 0000000020000000 R09: 0000000000000000
[ 27.427460] R10: c3fe68eda9554f8b R11: 0000000000000216 R12: 00007ffe9afdc010
[ 27.434701] R13: 0000000000402540 R14: 0000000000000000 R15: 0000000000000000
[ 27.442374] Dumping ftrace buffer:
[ 27.445890] (ftrace buffer empty)
[ 27.449570] Kernel Offset: disabled
[ 27.453168] Rebooting in 86400 seconds..