[....] Starting enhanced syslogd: rsyslogd[   15.889849] audit: type=1400 audit(1521114149.168:5): avc:  denied  { syslog } for  pid=4013 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.395499] audit: type=1400 audit(1521114151.674:6): avc:  denied  { map } for  pid=4152 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts.
[   44.626822] audit: type=1400 audit(1521114177.905:7): avc:  denied  { map } for  pid=4170 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/03/15 11:42:58 parsed 1 programs
2018/03/15 11:42:58 executed programs: 0
[   44.857594] audit: type=1400 audit(1521114178.136:8): avc:  denied  { map } for  pid=4170 comm="syz-execprog" path="/root/syzkaller-shm875529319" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   44.893663] IPVS: ftp: loaded support on port[0] = 21
[   45.150479] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   45.499198] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   45.505320] 8021q: adding VLAN 0 to HW filter on device bond0
[   45.542805] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   45.579258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   45.595962] ==================================================================
[   45.603374] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x1f76/0x2260
[   45.609836] Read of size 8 at addr ffff8801b6c14818 by task syz-executor0/4336
[   45.617160] 
[   45.618760] CPU: 1 PID: 4336 Comm: syz-executor0 Not tainted 4.16.0-rc5+ #264
[   45.626011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.635336] Call Trace:
[   45.637901]  dump_stack+0x194/0x24d
[   45.641504]  ? arch_local_irq_restore+0x53/0x53
[   45.646146]  ? show_regs_print_info+0x18/0x18
[   45.650622]  ? ip6_xmit+0x1f76/0x2260
[   45.654398]  print_address_description+0x73/0x250
[   45.659228]  ? ip6_xmit+0x1f76/0x2260
[   45.663004]  kasan_report+0x23c/0x360
[   45.666782]  __asan_report_load8_noabort+0x14/0x20
[   45.671684]  ip6_xmit+0x1f76/0x2260
[   45.675295]  ? ip6_finish_output2+0x23a0/0x23a0
[   45.679943]  ? fl6_update_dst+0x127/0x2b0
[   45.684071]  ? inet6_csk_route_socket+0x691/0xe80
[   45.688888]  ? trace_hardirqs_off+0x10/0x10
[   45.693184]  ? lock_acquire+0x1d5/0x580
[   45.697131]  ? lock_acquire+0x1d5/0x580
[   45.701076]  ? inet6_csk_xmit+0x114/0x580
[   45.705198]  ? trace_hardirqs_off+0x10/0x10
[   45.709506]  ? lock_release+0xa40/0xa40
[   45.713471]  inet6_csk_xmit+0x2fc/0x580
[   45.717418]  ? inet6_csk_update_pmtu+0x160/0x160
[   45.722147]  ? __sk_dst_check+0x1a5/0x380
[   45.726269]  ? sock_kfree_s+0x60/0x60
[   45.730059]  l2tp_xmit_skb+0x105f/0x1410
[   45.734106]  ? l2tp_session_create+0xb80/0xb80
[   45.738664]  ? sock_wmalloc+0x15d/0x1d0
[   45.742614]  ? iov_iter_advance+0x13f0/0x13f0
[   45.747081]  ? pppol2tp_sendmsg+0x41b/0x670
[   45.751379]  pppol2tp_sendmsg+0x470/0x670
[   45.755501]  ? selinux_socket_sendmsg+0x36/0x40
[   45.760142]  ? pppol2tp_getsockopt+0x900/0x900
[   45.764695]  sock_sendmsg+0xca/0x110
[   45.768386]  ___sys_sendmsg+0x767/0x8b0
[   45.772338]  ? copy_msghdr_from_user+0x590/0x590
[   45.777071]  ? lock_release+0xa40/0xa40
[   45.781018]  ? __ip4_datagram_connect+0xa3a/0x1240
[   45.785919]  ? lock_acquire+0x1d5/0x580
[   45.789867]  ? __local_bh_enable_ip+0x121/0x230
[   45.794525]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   45.799511]  ? release_sock+0x1d4/0x2a0
[   45.803455]  ? trace_hardirqs_on+0xd/0x10
[   45.807574]  ? __local_bh_enable_ip+0x121/0x230
[   45.812214]  ? __fget_light+0x2b2/0x3c0
[   45.816159]  ? fget_raw+0x20/0x20
[   45.819582]  ? release_sock+0x1d4/0x2a0
[   45.823531]  ? __release_sock+0x360/0x360
[   45.827669]  ? ip6_datagram_connect+0x3a/0x50
[   45.832146]  __sys_sendmsg+0xe5/0x210
[   45.835916]  ? __sys_sendmsg+0xe5/0x210
[   45.839865]  ? SyS_shutdown+0x290/0x290
[   45.843833]  ? compat_SyS_futex+0x288/0x380
[   45.848156]  compat_SyS_sendmsg+0x2a/0x40
[   45.852278]  ? compat_SyS_getsockopt+0x420/0x420
[   45.857008]  do_fast_syscall_32+0x3ec/0xf9f
[   45.861309]  ? do_int80_syscall_32+0x9c0/0x9c0
[   45.865865]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   45.870596]  ? syscall_return_slowpath+0x2ac/0x550
[   45.875498]  ? prepare_exit_to_usermode+0x350/0x350
[   45.880498]  ? sysret32_from_system_call+0x5/0x3c
[   45.885317]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   45.890137]  entry_SYSENTER_compat+0x70/0x7f
[   45.894516] RIP: 0023:0xf7f0ac99
[   45.897850] RSP: 002b:00000000ff8b8d6c EFLAGS: 00000282 ORIG_RAX: 0000000000000172
[   45.905528] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002540
[   45.912770] RDX: 000000000000c045 RSI: 0000000000000000 RDI: 0000000000000000
[   45.920013] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   45.927256] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   45.934497] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   45.941755] 
[   45.943355] Allocated by task 0:
[   45.946690] (stack is not available)
[   45.950371] 
[   45.951979] Freed by task 0:
[   45.954978] (stack is not available)
[   45.958662] 
[   45.960263] The buggy address belongs to the object at ffff8801b6c14800
[   45.960263]  which belongs to the cache ip_dst_cache of size 168
[   45.972983] The buggy address is located 24 bytes inside of
[   45.972983]  168-byte region [ffff8801b6c14800, ffff8801b6c148a8)
[   45.984741] The buggy address belongs to the page:
[   45.989646] page:ffffea0006db0500 count:1 mapcount:0 mapping:ffff8801b6c14000 index:0x0
[   45.997760] flags: 0x2fffc0000000100(slab)
[   46.001971] raw: 02fffc0000000100 ffff8801b6c14000 0000000000000000 0000000100000010
[   46.009824] raw: ffff8801d5befb48 ffff8801d5befb48 ffff8801d5bee800 0000000000000000
[   46.017674] page dumped because: kasan: bad access detected
[   46.023352] 
[   46.024951] Memory state around the buggy address:
[   46.029854]  ffff8801b6c14700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   46.037185]  ffff8801b6c14780: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   46.044516] >ffff8801b6c14800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   46.051848]                             ^
[   46.055980]  ffff8801b6c14880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   46.063319]  ffff8801b6c14900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   46.070649] ==================================================================
[   46.077977] Disabling lock debugging due to kernel taint
[   46.083441] Kernel panic - not syncing: panic_on_warn set ...
[   46.083441] 
[   46.090779] CPU: 1 PID: 4336 Comm: syz-executor0 Tainted: G    B            4.16.0-rc5+ #264
[   46.099325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.108836] Call Trace:
[   46.111403]  dump_stack+0x194/0x24d
[   46.115003]  ? arch_local_irq_restore+0x53/0x53
[   46.119730]  ? kasan_end_report+0x32/0x50
[   46.123850]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   46.128574]  ? vsnprintf+0x1ed/0x1900
[   46.132348]  ? ip6_xmit+0x1f30/0x2260
[   46.136158]  panic+0x1e4/0x41c
[   46.139324]  ? refcount_error_report+0x214/0x214
[   46.144052]  ? add_taint+0x1c/0x50
[   46.147562]  ? add_taint+0x1c/0x50
[   46.151072]  ? ip6_xmit+0x1f76/0x2260
[   46.154840]  kasan_end_report+0x50/0x50
[   46.158785]  kasan_report+0x149/0x360
[   46.162558]  __asan_report_load8_noabort+0x14/0x20
[   46.167459]  ip6_xmit+0x1f76/0x2260
[   46.171062]  ? ip6_finish_output2+0x23a0/0x23a0
[   46.175703]  ? fl6_update_dst+0x127/0x2b0
[   46.179822]  ? inet6_csk_route_socket+0x691/0xe80
[   46.184636]  ? trace_hardirqs_off+0x10/0x10
[   46.188927]  ? lock_acquire+0x1d5/0x580
[   46.192869]  ? lock_acquire+0x1d5/0x580
[   46.196812]  ? inet6_csk_xmit+0x114/0x580
[   46.200927]  ? trace_hardirqs_off+0x10/0x10
[   46.205221]  ? lock_release+0xa40/0xa40
[   46.209172]  inet6_csk_xmit+0x2fc/0x580
[   46.213118]  ? inet6_csk_update_pmtu+0x160/0x160
[   46.217858]  ? __sk_dst_check+0x1a5/0x380
[   46.221977]  ? sock_kfree_s+0x60/0x60
[   46.225757]  l2tp_xmit_skb+0x105f/0x1410
[   46.229793]  ? l2tp_session_create+0xb80/0xb80
[   46.234347]  ? sock_wmalloc+0x15d/0x1d0
[   46.238295]  ? iov_iter_advance+0x13f0/0x13f0
[   46.242761]  ? pppol2tp_sendmsg+0x41b/0x670
[   46.247051]  pppol2tp_sendmsg+0x470/0x670
[   46.251193]  ? selinux_socket_sendmsg+0x36/0x40
[   46.255832]  ? pppol2tp_getsockopt+0x900/0x900
[   46.260384]  sock_sendmsg+0xca/0x110
[   46.264079]  ___sys_sendmsg+0x767/0x8b0
[   46.268025]  ? copy_msghdr_from_user+0x590/0x590
[   46.272751]  ? lock_release+0xa40/0xa40
[   46.276699]  ? __ip4_datagram_connect+0xa3a/0x1240
[   46.281595]  ? lock_acquire+0x1d5/0x580
[   46.285546]  ? __local_bh_enable_ip+0x121/0x230
[   46.290190]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   46.295177]  ? release_sock+0x1d4/0x2a0
[   46.299219]  ? trace_hardirqs_on+0xd/0x10
[   46.303338]  ? __local_bh_enable_ip+0x121/0x230
[   46.307977]  ? __fget_light+0x2b2/0x3c0
[   46.311937]  ? fget_raw+0x20/0x20
[   46.315367]  ? release_sock+0x1d4/0x2a0
[   46.319313]  ? __release_sock+0x360/0x360
[   46.323438]  ? ip6_datagram_connect+0x3a/0x50
[   46.327911]  __sys_sendmsg+0xe5/0x210
[   46.331682]  ? __sys_sendmsg+0xe5/0x210
[   46.335628]  ? SyS_shutdown+0x290/0x290
[   46.339577]  ? compat_SyS_futex+0x288/0x380
[   46.343881]  compat_SyS_sendmsg+0x2a/0x40
[   46.348000]  ? compat_SyS_getsockopt+0x420/0x420
[   46.352727]  do_fast_syscall_32+0x3ec/0xf9f
[   46.357023]  ? do_int80_syscall_32+0x9c0/0x9c0
[   46.361575]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   46.366303]  ? syscall_return_slowpath+0x2ac/0x550
[   46.371202]  ? prepare_exit_to_usermode+0x350/0x350
[   46.376190]  ? sysret32_from_system_call+0x5/0x3c
[   46.381003]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   46.385819]  entry_SYSENTER_compat+0x70/0x7f
[   46.390198] RIP: 0023:0xf7f0ac99
[   46.393529] RSP: 002b:00000000ff8b8d6c EFLAGS: 00000282 ORIG_RAX: 0000000000000172
[   46.401205] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020002540
[   46.408446] RDX: 000000000000c045 RSI: 0000000000000000 RDI: 0000000000000000
[   46.415699] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   46.422941] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   46.430181] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   46.437842] Dumping ftrace buffer:
[   46.441353]    (ftrace buffer empty)
[   46.445033] Kernel Offset: disabled
[   46.448631] Rebooting in 86400 seconds..