[....] Starting enhanced syslogd: rsyslogd[   16.597414] audit: type=1400 audit(1520590071.902:5): avc:  denied  { syslog } for  pid=4039 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.750657] audit: type=1400 audit(1520590078.055:6): avc:  denied  { map } for  pid=4178 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz_tun.accept_dad = 0
net.ipv6.conf.syz_tun.router_solicitations = 0
[   29.110967] audit: type=1400 audit(1520590084.415:7): avc:  denied  { map } for  pid=4192 comm="syzkaller190613" path="/root/syzkaller190613250" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   29.119446] IPVS: ftp: loaded support on port[0] = 21
RTNETLINK answers: File exists
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   29.398823] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   29.763749] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   29.769861] 8021q: adding VLAN 0 to HW filter on device bond0
executing program
[   29.808756] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   29.846629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   29.856555] ==================================================================
[   29.863996] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x1f76/0x2260
[   29.870467] Read of size 8 at addr ffff8801c2ead618 by task syzkaller190613/4193
[   29.877970] 
[   29.879586] CPU: 0 PID: 4193 Comm: syzkaller190613 Not tainted 4.16.0-rc4+ #258
[   29.887002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.896336] Call Trace:
[   29.898902]  dump_stack+0x194/0x24d
[   29.902504]  ? arch_local_irq_restore+0x53/0x53
[   29.907150]  ? show_regs_print_info+0x18/0x18
[   29.911630]  ? ip6_xmit+0x1f76/0x2260
[   29.915406]  print_address_description+0x73/0x250
[   29.920221]  ? ip6_xmit+0x1f76/0x2260
[   29.923995]  kasan_report+0x23c/0x360
[   29.927774]  __asan_report_load8_noabort+0x14/0x20
[   29.932675]  ip6_xmit+0x1f76/0x2260
[   29.936300]  ? ip6_finish_output2+0x23d0/0x23d0
[   29.940946]  ? fl6_update_dst+0x127/0x2b0
[   29.945072]  ? inet6_csk_route_socket+0x691/0xe80
[   29.949897]  ? trace_hardirqs_off+0x10/0x10
[   29.954193]  ? lock_acquire+0x1d5/0x580
[   29.958140]  ? lock_acquire+0x1d5/0x580
[   29.962087]  ? inet6_csk_xmit+0x114/0x580
[   29.966214]  ? trace_hardirqs_off+0x10/0x10
[   29.970513]  ? lock_release+0xa40/0xa40
[   29.974474]  inet6_csk_xmit+0x2fc/0x580
[   29.978423]  ? inet6_csk_update_pmtu+0x160/0x160
[   29.983155]  ? __sk_dst_check+0x1a5/0x380
[   29.987289]  ? sock_kzfree_s+0x60/0x60
[   29.991165]  l2tp_xmit_skb+0x105f/0x1410
[   29.995210]  ? l2tp_session_create+0xb80/0xb80
[   29.999770]  ? sock_wmalloc+0x15d/0x1d0
[   30.003722]  ? iov_iter_advance+0x13f0/0x13f0
[   30.008206]  ? pppol2tp_sendmsg+0x41b/0x670
[   30.012518]  pppol2tp_sendmsg+0x470/0x670
[   30.016641]  ? selinux_socket_sendmsg+0x36/0x40
[   30.021288]  ? pppol2tp_getsockopt+0x900/0x900
[   30.025846]  sock_sendmsg+0xca/0x110
[   30.029540]  ___sys_sendmsg+0x767/0x8b0
[   30.033494]  ? copy_msghdr_from_user+0x590/0x590
[   30.038231]  ? __pmd_alloc+0x4e0/0x4e0
[   30.042098]  ? trace_hardirqs_off+0x10/0x10
[   30.046391]  ? find_held_lock+0x35/0x1d0
[   30.050433]  ? __fget_light+0x2b2/0x3c0
[   30.054380]  ? fget_raw+0x20/0x20
[   30.057824]  ? __do_page_fault+0x5f7/0xc90
[   30.062050]  ? lock_downgrade+0x980/0x980
[   30.066183]  __sys_sendmsg+0xe5/0x210
[   30.069958]  ? __sys_sendmsg+0xe5/0x210
[   30.073908]  ? SyS_shutdown+0x290/0x290
[   30.077867]  ? __do_page_fault+0x3d6/0xc90
[   30.082089]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   30.087622]  SyS_sendmsg+0x2d/0x50
[   30.091137]  ? __sys_sendmsg+0x210/0x210
[   30.095177]  do_syscall_64+0x281/0x940
[   30.099053]  ? __do_page_fault+0xc90/0xc90
[   30.103263]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.107993]  ? syscall_return_slowpath+0x550/0x550
[   30.112900]  ? syscall_return_slowpath+0x2ac/0x550
[   30.117804]  ? prepare_exit_to_usermode+0x350/0x350
[   30.122795]  ? retint_user+0x18/0x18
[   30.126488]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.131316]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   30.136494] RIP: 0033:0x4418d9
[   30.139655] RSP: 002b:00007fff53e05e08 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
[   30.147334] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 00000000004418d9
[   30.154574] RDX: 0000000000000081 RSI: 000000002037ffc8 RDI: 0000000000000004
[   30.161817] RBP: 00000000004a343c R08: 0000000000000000 R09: 0000000000000000
[   30.169062] R10: 0000000000000000 R11: 0000000000000217 R12: 00007fff53e05ed0
[   30.176304] R13: 0000000000402660 R14: 0000000000000000 R15: 0000000000000000
[   30.183561] 
[   30.185164] Allocated by task 0:
[   30.188498] (stack is not available)
[   30.192180] 
[   30.193779] Freed by task 0:
[   30.196766] (stack is not available)
[   30.200448] 
[   30.202051] The buggy address belongs to the object at ffff8801c2ead600
[   30.202051]  which belongs to the cache ip_dst_cache of size 160
[   30.214775] The buggy address is located 24 bytes inside of
[   30.214775]  160-byte region [ffff8801c2ead600, ffff8801c2ead6a0)
[   30.226536] The buggy address belongs to the page:
[   30.231441] page:ffffea00070bab40 count:1 mapcount:0 mapping:ffff8801c2ead000 index:0xffff8801c2ead000
[   30.240862] flags: 0x2fffc0000000100(slab)
[   30.245076] raw: 02fffc0000000100 ffff8801c2ead000 ffff8801c2ead000 000000010000000c
[   30.252931] raw: ffff8801d6bb2138 ffff8801d6bb2138 ffff8801d6bb6340 0000000000000000
[   30.260781] page dumped because: kasan: bad access detected
[   30.266461] 
[   30.268063] Memory state around the buggy address:
[   30.272974]  ffff8801c2ead500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.280308]  ffff8801c2ead580: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[   30.287638] >ffff8801c2ead600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.294968]                             ^
[   30.299090]  ffff8801c2ead680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.306427]  ffff8801c2ead700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.313759] ==================================================================
[   30.321089] Disabling lock debugging due to kernel taint
[   30.326543] Kernel panic - not syncing: panic_on_warn set ...
[   30.326543] 
[   30.333891] CPU: 0 PID: 4193 Comm: syzkaller190613 Tainted: G    B            4.16.0-rc4+ #258
[   30.342611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.351940] Call Trace:
[   30.354505]  dump_stack+0x194/0x24d
[   30.358107]  ? arch_local_irq_restore+0x53/0x53
[   30.362747]  ? kasan_end_report+0x32/0x50
[   30.366868]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.371595]  ? vsnprintf+0x1ed/0x1900
[   30.375369]  ? ip6_xmit+0x1ee0/0x2260
[   30.379156]  panic+0x1e4/0x41c
[   30.382324]  ? refcount_error_report+0x214/0x214
[   30.387056]  ? add_taint+0x1c/0x50
[   30.390568]  ? add_taint+0x1c/0x50
[   30.394080]  ? ip6_xmit+0x1f76/0x2260
[   30.397852]  kasan_end_report+0x50/0x50
[   30.401795]  kasan_report+0x149/0x360
[   30.405569]  __asan_report_load8_noabort+0x14/0x20
[   30.410469]  ip6_xmit+0x1f76/0x2260
[   30.414085]  ? ip6_finish_output2+0x23d0/0x23d0
[   30.418728]  ? fl6_update_dst+0x127/0x2b0
[   30.422850]  ? inet6_csk_route_socket+0x691/0xe80
[   30.427666]  ? trace_hardirqs_off+0x10/0x10
[   30.431960]  ? lock_acquire+0x1d5/0x580
[   30.435904]  ? lock_acquire+0x1d5/0x580
[   30.439846]  ? inet6_csk_xmit+0x114/0x580
[   30.443963]  ? trace_hardirqs_off+0x10/0x10
[   30.448256]  ? lock_release+0xa40/0xa40
[   30.452209]  inet6_csk_xmit+0x2fc/0x580
[   30.456155]  ? inet6_csk_update_pmtu+0x160/0x160
[   30.460894]  ? __sk_dst_check+0x1a5/0x380
[   30.465024]  ? sock_kzfree_s+0x60/0x60
[   30.468910]  l2tp_xmit_skb+0x105f/0x1410
[   30.472957]  ? l2tp_session_create+0xb80/0xb80
[   30.477510]  ? sock_wmalloc+0x15d/0x1d0
[   30.481455]  ? iov_iter_advance+0x13f0/0x13f0
[   30.485924]  ? pppol2tp_sendmsg+0x41b/0x670
[   30.490219]  pppol2tp_sendmsg+0x470/0x670
[   30.494340]  ? selinux_socket_sendmsg+0x36/0x40
[   30.498983]  ? pppol2tp_getsockopt+0x900/0x900
[   30.503542]  sock_sendmsg+0xca/0x110
[   30.507227]  ___sys_sendmsg+0x767/0x8b0
[   30.511174]  ? copy_msghdr_from_user+0x590/0x590
[   30.515902]  ? __pmd_alloc+0x4e0/0x4e0
[   30.519763]  ? trace_hardirqs_off+0x10/0x10
[   30.524057]  ? find_held_lock+0x35/0x1d0
[   30.528091]  ? __fget_light+0x2b2/0x3c0
[   30.532041]  ? fget_raw+0x20/0x20
[   30.535474]  ? __do_page_fault+0x5f7/0xc90
[   30.539682]  ? lock_downgrade+0x980/0x980
[   30.543804]  __sys_sendmsg+0xe5/0x210
[   30.547578]  ? __sys_sendmsg+0xe5/0x210
[   30.551522]  ? SyS_shutdown+0x290/0x290
[   30.555473]  ? __do_page_fault+0x3d6/0xc90
[   30.559694]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   30.565216]  SyS_sendmsg+0x2d/0x50
[   30.568728]  ? __sys_sendmsg+0x210/0x210
[   30.572758]  do_syscall_64+0x281/0x940
[   30.576617]  ? __do_page_fault+0xc90/0xc90
[   30.580840]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.585569]  ? syscall_return_slowpath+0x550/0x550
[   30.590471]  ? syscall_return_slowpath+0x2ac/0x550
[   30.595370]  ? prepare_exit_to_usermode+0x350/0x350
[   30.600359]  ? retint_user+0x18/0x18
[   30.604047]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.608865]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   30.614031] RIP: 0033:0x4418d9
[   30.617204] RSP: 002b:00007fff53e05e08 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
[   30.624892] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 00000000004418d9
[   30.632138] RDX: 0000000000000081 RSI: 000000002037ffc8 RDI: 0000000000000004
[   30.639379] RBP: 00000000004a343c R08: 0000000000000000 R09: 0000000000000000
[   30.646621] R10: 0000000000000000 R11: 0000000000000217 R12: 00007fff53e05ed0
[   30.653863] R13: 0000000000402660 R14: 0000000000000000 R15: 0000000000000000
[   30.661562] Dumping ftrace buffer:
[   30.665084]    (ftrace buffer empty)
[   30.668765] Kernel Offset: disabled
[   30.672363] Rebooting in 86400 seconds..