[....] Starting enhanced syslogd: rsyslogd[   15.035920] audit: type=1400 audit(1520713910.738:5): avc:  denied  { syslog } for  pid=4067 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.857920] audit: type=1400 audit(1520713914.560:6): avc:  denied  { map } for  pid=4206 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz_tun.accept_dad = 0
net.ipv6.conf.syz_tun.router_solicitations = 0
[   25.144752] audit: type=1400 audit(1520713920.847:7): avc:  denied  { map } for  pid=4220 comm="syzkaller233036" path="/root/syzkaller233036056" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   25.756845] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   26.117559] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   26.123659] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.162656] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
executing program
[   26.203133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   26.208285] ==================================================================
[   26.217181] BUG: KASAN: use-after-free in ip6_xmit+0x1f76/0x2260
[   26.223302] Read of size 8 at addr ffff8801d8a91018 by task syzkaller233036/4220
[   26.230805] 
[   26.232407] CPU: 0 PID: 4220 Comm: syzkaller233036 Not tainted 4.16.0-rc4+ #348
[   26.239824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.249156] Call Trace:
[   26.251719]  dump_stack+0x194/0x24d
[   26.255322]  ? arch_local_irq_restore+0x53/0x53
[   26.259963]  ? show_regs_print_info+0x18/0x18
[   26.264444]  ? ip6_xmit+0x1f76/0x2260
[   26.268226]  print_address_description+0x73/0x250
[   26.273044]  ? ip6_xmit+0x1f76/0x2260
[   26.276820]  kasan_report+0x23c/0x360
[   26.280597]  __asan_report_load8_noabort+0x14/0x20
[   26.285502]  ip6_xmit+0x1f76/0x2260
[   26.289113]  ? ip6_finish_output2+0x23a0/0x23a0
[   26.293766]  ? fl6_update_dst+0x127/0x2b0
[   26.297901]  ? inet6_csk_route_socket+0x691/0xe80
[   26.302728]  ? trace_hardirqs_off+0x10/0x10
[   26.307031]  ? lock_acquire+0x1d5/0x580
[   26.310977]  ? lock_acquire+0x1d5/0x580
[   26.314925]  ? inet6_csk_xmit+0x114/0x580
[   26.319049]  ? trace_hardirqs_off+0x10/0x10
[   26.323355]  ? lock_release+0xa40/0xa40
[   26.327319]  inet6_csk_xmit+0x2fc/0x580
[   26.331269]  ? inet6_csk_update_pmtu+0x160/0x160
[   26.335999]  ? __sk_dst_check+0x1a5/0x380
[   26.340138]  ? sock_kfree_s+0x60/0x60
[   26.343929]  l2tp_xmit_skb+0x105f/0x1410
[   26.347975]  ? l2tp_session_create+0xb80/0xb80
[   26.352540]  ? sock_wmalloc+0x15d/0x1d0
[   26.356493]  ? iov_iter_advance+0x13f0/0x13f0
[   26.360964]  ? pppol2tp_sendmsg+0x41b/0x670
[   26.365262]  pppol2tp_sendmsg+0x470/0x670
[   26.369387]  ? selinux_socket_sendmsg+0x36/0x40
[   26.374047]  ? pppol2tp_getsockopt+0x900/0x900
[   26.378608]  sock_sendmsg+0xca/0x110
[   26.382301]  SYSC_sendto+0x361/0x5c0
[   26.385993]  ? SYSC_connect+0x4a0/0x4a0
[   26.389958]  ? inet_dgram_connect+0x172/0x1f0
[   26.394429]  ? SYSC_connect+0x2e0/0x4a0
[   26.398404]  ? mm_fault_error+0x2c0/0x2c0
[   26.402527]  ? move_addr_to_kernel+0x60/0x60
[   26.406913]  SyS_sendto+0x40/0x50
[   26.410349]  ? SyS_getpeername+0x30/0x30
[   26.414388]  do_syscall_64+0x281/0x940
[   26.418249]  ? __do_page_fault+0xc90/0xc90
[   26.422461]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   26.427983]  ? syscall_return_slowpath+0x550/0x550
[   26.432900]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   26.438251]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.443075]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   26.448252] RIP: 0033:0x442da9
[   26.451423] RSP: 002b:00007ffe48efebe8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   26.459103] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000000442da9
[   26.466347] RDX: 0000000000000000 RSI: 0000000020001180 RDI: 0000000000000004
[   26.473590] RBP: 00000000004a449b R08: 00000000200021c0 R09: 0000000000000080
[   26.480846] R10: 0000000000040001 R11: 0000000000000212 R12: 00007ffe48efecf0
[   26.488093] R13: 0000000000403e30 R14: 0000000000000000 R15: 0000000000000000
[   26.495352] 
[   26.496950] The buggy address belongs to the page:
[   26.501854] page:ffffea000762a440 count:0 mapcount:-127 mapping:0000000000000000 index:0x0
[   26.510236] flags: 0x2fffc0000000000()
[   26.514105] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffff80
[   26.521965] raw: ffffea0007601aa0 ffffea0006ba2da0 0000000000000000 0000000000000000
[   26.529825] page dumped because: kasan: bad access detected
[   26.535509] 
[   26.537108] Memory state around the buggy address:
[   26.542025]  ffff8801d8a90f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.549359]  ffff8801d8a90f80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   26.556696] >ffff8801d8a91000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.564030]                             ^
[   26.568157]  ffff8801d8a91080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.575494]  ffff8801d8a91100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   26.582821] ==================================================================
[   26.590146] Disabling lock debugging due to kernel taint
[   26.595603] Kernel panic - not syncing: panic_on_warn set ...
[   26.595603] 
[   26.602948] CPU: 0 PID: 4220 Comm: syzkaller233036 Tainted: G    B            4.16.0-rc4+ #348
[   26.611665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.620988] Call Trace:
[   26.623566]  dump_stack+0x194/0x24d
[   26.627166]  ? arch_local_irq_restore+0x53/0x53
[   26.631805]  ? kasan_end_report+0x32/0x50
[   26.635927]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.640653]  ? vsnprintf+0x1ed/0x1900
[   26.644424]  ? ip6_xmit+0x1f30/0x2260
[   26.648196]  panic+0x1e4/0x41c
[   26.651359]  ? refcount_error_report+0x214/0x214
[   26.656086]  ? add_taint+0x1c/0x50
[   26.659594]  ? add_taint+0x1c/0x50
[   26.663124]  ? ip6_xmit+0x1f76/0x2260
[   26.666894]  kasan_end_report+0x50/0x50
[   26.670838]  kasan_report+0x149/0x360
[   26.674610]  __asan_report_load8_noabort+0x14/0x20
[   26.679510]  ip6_xmit+0x1f76/0x2260
[   26.683135]  ? ip6_finish_output2+0x23a0/0x23a0
[   26.687784]  ? fl6_update_dst+0x127/0x2b0
[   26.691903]  ? inet6_csk_route_socket+0x691/0xe80
[   26.696716]  ? trace_hardirqs_off+0x10/0x10
[   26.701009]  ? lock_acquire+0x1d5/0x580
[   26.704958]  ? lock_acquire+0x1d5/0x580
[   26.708902]  ? inet6_csk_xmit+0x114/0x580
[   26.713026]  ? trace_hardirqs_off+0x10/0x10
[   26.717332]  ? lock_release+0xa40/0xa40
[   26.721287]  inet6_csk_xmit+0x2fc/0x580
[   26.725234]  ? inet6_csk_update_pmtu+0x160/0x160
[   26.729968]  ? __sk_dst_check+0x1a5/0x380
[   26.734095]  ? sock_kfree_s+0x60/0x60
[   26.737875]  l2tp_xmit_skb+0x105f/0x1410
[   26.741919]  ? l2tp_session_create+0xb80/0xb80
[   26.746474]  ? sock_wmalloc+0x15d/0x1d0
[   26.750418]  ? iov_iter_advance+0x13f0/0x13f0
[   26.754884]  ? pppol2tp_sendmsg+0x41b/0x670
[   26.759175]  pppol2tp_sendmsg+0x470/0x670
[   26.763294]  ? selinux_socket_sendmsg+0x36/0x40
[   26.767934]  ? pppol2tp_getsockopt+0x900/0x900
[   26.772491]  sock_sendmsg+0xca/0x110
[   26.776175]  SYSC_sendto+0x361/0x5c0
[   26.779867]  ? SYSC_connect+0x4a0/0x4a0
[   26.783821]  ? inet_dgram_connect+0x172/0x1f0
[   26.788289]  ? SYSC_connect+0x2e0/0x4a0
[   26.792261]  ? mm_fault_error+0x2c0/0x2c0
[   26.796398]  ? move_addr_to_kernel+0x60/0x60
[   26.800779]  SyS_sendto+0x40/0x50
[   26.804201]  ? SyS_getpeername+0x30/0x30
[   26.808235]  do_syscall_64+0x281/0x940
[   26.812094]  ? __do_page_fault+0xc90/0xc90
[   26.816296]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   26.821818]  ? syscall_return_slowpath+0x550/0x550
[   26.826722]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   26.832057]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.836876]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   26.842035] RIP: 0033:0x442da9
[   26.845193] RSP: 002b:00007ffe48efebe8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   26.852878] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000000442da9
[   26.860118] RDX: 0000000000000000 RSI: 0000000020001180 RDI: 0000000000000004
[   26.867357] RBP: 00000000004a449b R08: 00000000200021c0 R09: 0000000000000080
[   26.874599] R10: 0000000000040001 R11: 0000000000000212 R12: 00007ffe48efecf0
[   26.881837] R13: 0000000000403e30 R14: 0000000000000000 R15: 0000000000000000
[   26.889609] Dumping ftrace buffer:
[   26.893120]    (ftrace buffer empty)
[   26.896799] Kernel Offset: disabled
[   26.900394] Rebooting in 86400 seconds..