[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   18.569534] audit: type=1400 audit(1520960939.680:6): avc:  denied  { map } for  pid=4234 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts.
syzkaller login: [   41.503375] audit: type=1400 audit(1520960962.614:7): avc:  denied  { map } for  pid=4252 comm="syzkaller348359" path="/root/syzkaller348359971" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   41.511925] IPVS: ftp: loaded support on port[0] = 21
net.ipv6.conf.syz_tun.accept_dad = 0
net.ipv6.conf.syz_tun.router_solicitations = 0
[   41.529367] audit: type=1400 audit(1520960962.614:8): avc:  denied  { sys_admin } for  pid=4252 comm="syzkaller348359" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   41.558894] audit: type=1400 audit(1520960962.645:9): avc:  denied  { net_admin } for  pid=4253 comm="syzkaller348359" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
RTNETLINK answers: File exists
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
[   41.768914] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   42.099794] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   42.105887] 8021q: adding VLAN 0 to HW filter on device bond0
executing program
[   42.140892] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   42.176623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.190442] audit: type=1400 audit(1520960963.301:10): avc:  denied  { sys_chroot } for  pid=4253 comm="syzkaller348359" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   42.193110] ==================================================================
[   42.222367] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x1f76/0x2260
[   42.228827] Read of size 8 at addr ffff8801c21d3318 by task syzkaller348359/4253
[   42.236328] 
[   42.237928] CPU: 1 PID: 4253 Comm: syzkaller348359 Not tainted 4.16.0-rc5+ #352
[   42.245342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.254663] Call Trace:
[   42.257225]  dump_stack+0x194/0x24d
[   42.260824]  ? arch_local_irq_restore+0x53/0x53
[   42.265477]  ? show_regs_print_info+0x18/0x18
[   42.269948]  ? ip6_xmit+0x1f76/0x2260
[   42.273723]  print_address_description+0x73/0x250
[   42.278535]  ? ip6_xmit+0x1f76/0x2260
[   42.282308]  kasan_report+0x23c/0x360
[   42.286086]  __asan_report_load8_noabort+0x14/0x20
[   42.290984]  ip6_xmit+0x1f76/0x2260
[   42.294596]  ? ip6_finish_output2+0x23a0/0x23a0
[   42.299589]  ? fl6_update_dst+0x127/0x2b0
[   42.303711]  ? inet6_csk_route_socket+0x691/0xe80
[   42.308528]  ? trace_hardirqs_off+0x10/0x10
[   42.312819]  ? lock_acquire+0x1d5/0x580
[   42.316760]  ? lock_acquire+0x1d5/0x580
[   42.320701]  ? inet6_csk_xmit+0x114/0x580
[   42.324818]  ? trace_hardirqs_off+0x10/0x10
[   42.329111]  ? lock_release+0xa40/0xa40
[   42.333080]  inet6_csk_xmit+0x2fc/0x580
[   42.337027]  ? inet6_csk_update_pmtu+0x160/0x160
[   42.341753]  ? __sk_dst_check+0x1a5/0x380
[   42.345873]  ? sock_kfree_s+0x60/0x60
[   42.349660]  l2tp_xmit_skb+0x105f/0x1410
[   42.353699]  ? l2tp_session_create+0xb80/0xb80
[   42.358250]  ? sock_wmalloc+0x15d/0x1d0
[   42.362198]  ? iov_iter_advance+0x13f0/0x13f0
[   42.366667]  ? pppol2tp_sendmsg+0x41b/0x670
[   42.370961]  pppol2tp_sendmsg+0x470/0x670
[   42.375082]  ? selinux_socket_sendmsg+0x36/0x40
[   42.379722]  ? pppol2tp_getsockopt+0x900/0x900
[   42.384275]  sock_sendmsg+0xca/0x110
[   42.387965]  SYSC_sendto+0x361/0x5c0
[   42.391652]  ? SYSC_connect+0x4a0/0x4a0
[   42.395604]  ? inet_dgram_connect+0x172/0x1f0
[   42.400074]  ? SYSC_connect+0x2e0/0x4a0
[   42.404045]  ? mm_fault_error+0x2c0/0x2c0
[   42.408162]  ? move_addr_to_kernel+0x60/0x60
[   42.412544]  SyS_sendto+0x40/0x50
[   42.415967]  ? SyS_getpeername+0x30/0x30
[   42.420008]  do_syscall_64+0x281/0x940
[   42.423869]  ? __do_page_fault+0xc90/0xc90
[   42.428073]  ? _raw_spin_unlock_irq+0x27/0x70
[   42.432537]  ? finish_task_switch+0x1c1/0x7e0
[   42.437002]  ? syscall_return_slowpath+0x550/0x550
[   42.441900]  ? syscall_return_slowpath+0x2ac/0x550
[   42.446799]  ? prepare_exit_to_usermode+0x350/0x350
[   42.451784]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   42.457122]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   42.461939]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   42.467097] RIP: 0033:0x442dd9
[   42.470259] RSP: 002b:00000000007dfe88 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   42.477938] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000000442dd9
[   42.485177] RDX: 0000000000000000 RSI: 0000000020001180 RDI: 0000000000000004
[   42.492415] RBP: 00000000004a4c79 R08: 00000000200021c0 R09: 0000000000000080
[   42.499655] R10: 0000000000040001 R11: 0000000000000212 R12: 00000000007dff70
[   42.506893] R13: 0000000000403e10 R14: 0000000000000000 R15: 0000000000000000
[   42.514148] 
[   42.515744] Allocated by task 0:
[   42.519074] (stack is not available)
[   42.522752] 
[   42.524347] Freed by task 0:
[   42.527333] (stack is not available)
[   42.531011] 
[   42.532607] The buggy address belongs to the object at ffff8801c21d3300
[   42.532607]  which belongs to the cache ip_dst_cache of size 168
[   42.545316] The buggy address is located 24 bytes inside of
[   42.545316]  168-byte region [ffff8801c21d3300, ffff8801c21d33a8)
[   42.557070] The buggy address belongs to the page:
[   42.561965] page:ffffea00070874c0 count:1 mapcount:0 mapping:ffff8801c21d3000 index:0xffff8801c21d3e00
[   42.571376] flags: 0x2fffc0000000100(slab)
[   42.575580] raw: 02fffc0000000100 ffff8801c21d3000 ffff8801c21d3e00 000000010000000f
[   42.583430] raw: ffff8801d5b8ab38 ffff8801d5b8ab38 ffff8801d543fe00 0000000000000000
[   42.591278] page dumped because: kasan: bad access detected
[   42.596951] 
[   42.598548] Memory state around the buggy address:
[   42.603444]  ffff8801c21d3200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   42.610770]  ffff8801c21d3280: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   42.618095] >ffff8801c21d3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.625418]                             ^
[   42.629531]  ffff8801c21d3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.636857]  ffff8801c21d3400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   42.644184] ==================================================================
[   42.651506] Disabling lock debugging due to kernel taint
[   42.656960] Kernel panic - not syncing: panic_on_warn set ...
[   42.656960] 
[   42.664291] CPU: 1 PID: 4253 Comm: syzkaller348359 Tainted: G    B            4.16.0-rc5+ #352
[   42.673020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.682341] Call Trace:
[   42.684900]  dump_stack+0x194/0x24d
[   42.688496]  ? arch_local_irq_restore+0x53/0x53
[   42.693133]  ? kasan_end_report+0x32/0x50
[   42.697250]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   42.701976]  ? vsnprintf+0x1ed/0x1900
[   42.705748]  ? ip6_xmit+0x1f30/0x2260
[   42.709520]  panic+0x1e4/0x41c
[   42.712682]  ? refcount_error_report+0x214/0x214
[   42.717406]  ? add_taint+0x1c/0x50
[   42.720915]  ? add_taint+0x1c/0x50
[   42.724425]  ? ip6_xmit+0x1f76/0x2260
[   42.728193]  kasan_end_report+0x50/0x50
[   42.732135]  kasan_report+0x149/0x360
[   42.735907]  __asan_report_load8_noabort+0x14/0x20
[   42.740804]  ip6_xmit+0x1f76/0x2260
[   42.744404]  ? ip6_finish_output2+0x23a0/0x23a0
[   42.749041]  ? fl6_update_dst+0x127/0x2b0
[   42.753157]  ? inet6_csk_route_socket+0x691/0xe80
[   42.757970]  ? trace_hardirqs_off+0x10/0x10
[   42.762260]  ? lock_acquire+0x1d5/0x580
[   42.766200]  ? lock_acquire+0x1d5/0x580
[   42.770142]  ? inet6_csk_xmit+0x114/0x580
[   42.774259]  ? trace_hardirqs_off+0x10/0x10
[   42.778549]  ? lock_release+0xa40/0xa40
[   42.782499]  inet6_csk_xmit+0x2fc/0x580
[   42.786440]  ? inet6_csk_update_pmtu+0x160/0x160
[   42.791161]  ? __sk_dst_check+0x1a5/0x380
[   42.795278]  ? sock_kfree_s+0x60/0x60
[   42.799053]  l2tp_xmit_skb+0x105f/0x1410
[   42.803087]  ? l2tp_session_create+0xb80/0xb80
[   42.807637]  ? sock_wmalloc+0x15d/0x1d0
[   42.811580]  ? iov_iter_advance+0x13f0/0x13f0
[   42.816043]  ? pppol2tp_sendmsg+0x41b/0x670
[   42.820333]  pppol2tp_sendmsg+0x470/0x670
[   42.824453]  ? selinux_socket_sendmsg+0x36/0x40
[   42.829093]  ? pppol2tp_getsockopt+0x900/0x900
[   42.833643]  sock_sendmsg+0xca/0x110
[   42.837328]  SYSC_sendto+0x361/0x5c0
[   42.841009]  ? SYSC_connect+0x4a0/0x4a0
[   42.844955]  ? inet_dgram_connect+0x172/0x1f0
[   42.849419]  ? SYSC_connect+0x2e0/0x4a0
[   42.853374]  ? mm_fault_error+0x2c0/0x2c0
[   42.857488]  ? move_addr_to_kernel+0x60/0x60
[   42.861866]  SyS_sendto+0x40/0x50
[   42.865287]  ? SyS_getpeername+0x30/0x30
[   42.869319]  do_syscall_64+0x281/0x940
[   42.873170]  ? __do_page_fault+0xc90/0xc90
[   42.877373]  ? _raw_spin_unlock_irq+0x27/0x70
[   42.881834]  ? finish_task_switch+0x1c1/0x7e0
[   42.886298]  ? syscall_return_slowpath+0x550/0x550
[   42.891195]  ? syscall_return_slowpath+0x2ac/0x550
[   42.896092]  ? prepare_exit_to_usermode+0x350/0x350
[   42.901074]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   42.906406]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   42.911218]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   42.916373] RIP: 0033:0x442dd9
[   42.919532] RSP: 002b:00000000007dfe88 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   42.927204] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000000442dd9
[   42.934441] RDX: 0000000000000000 RSI: 0000000020001180 RDI: 0000000000000004
[   42.941676] RBP: 00000000004a4c79 R08: 00000000200021c0 R09: 0000000000000080
[   42.948913] R10: 0000000000040001 R11: 0000000000000212 R12: 00000000007dff70
[   42.956153] R13: 0000000000403e10 R14: 0000000000000000 R15: 0000000000000000
[   42.963737] Dumping ftrace buffer:
[   42.967245]    (ftrace buffer empty)
[   42.970925] Kernel Offset: disabled
[   42.974522] Rebooting in 86400 seconds..