[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   18.908945] audit: type=1400 audit(1521113367.146:6): avc:  denied  { map } for  pid=4231 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.18' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz_tun.accept_dad = 0
net.ipv6.conf.syz_tun.router_solicitations = 0
syzkaller login: [   25.255557] audit: type=1400 audit(1521113373.493:7): avc:  denied  { map } for  pid=4245 comm="syzkaller578297" path="/root/syzkaller578297695" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   25.263657] IPVS: ftp: loaded support on port[0] = 21
RTNETLINK answers: File exists
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   25.507133] ip (4292) used greatest stack depth: 16536 bytes left
[   25.539830] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   25.890795] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   25.896891] 8021q: adding VLAN 0 to HW filter on device bond0
executing program
[   25.935464] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   25.972327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.984889] ==================================================================
[   25.992302] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x1f76/0x2260
[   25.998776] Read of size 8 at addr ffff8801b4d83118 by task syzkaller578297/4246
[   26.006277] 
[   26.007877] CPU: 0 PID: 4246 Comm: syzkaller578297 Not tainted 4.16.0-rc4+ #266
[   26.015291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.024612] Call Trace:
[   26.027173]  dump_stack+0x194/0x24d
[   26.030783]  ? arch_local_irq_restore+0x53/0x53
[   26.035420]  ? show_regs_print_info+0x18/0x18
[   26.039893]  ? ip6_xmit+0x1f76/0x2260
[   26.043667]  print_address_description+0x73/0x250
[   26.048479]  ? ip6_xmit+0x1f76/0x2260
[   26.052253]  kasan_report+0x23c/0x360
[   26.056034]  __asan_report_load8_noabort+0x14/0x20
[   26.060934]  ip6_xmit+0x1f76/0x2260
[   26.064545]  ? ip6_finish_output2+0x23d0/0x23d0
[   26.069188]  ? fl6_update_dst+0x127/0x2b0
[   26.073310]  ? inet6_csk_route_socket+0x691/0xe80
[   26.078125]  ? trace_hardirqs_off+0x10/0x10
[   26.082417]  ? lock_acquire+0x1d5/0x580
[   26.086359]  ? lock_acquire+0x1d5/0x580
[   26.090304]  ? inet6_csk_xmit+0x114/0x580
[   26.094426]  ? trace_hardirqs_off+0x10/0x10
[   26.098720]  ? lock_release+0xa40/0xa40
[   26.102682]  inet6_csk_xmit+0x2fc/0x580
[   26.106629]  ? inet6_csk_update_pmtu+0x160/0x160
[   26.111355]  ? __sk_dst_check+0x1a5/0x380
[   26.115475]  ? sock_kzfree_s+0x60/0x60
[   26.119347]  l2tp_xmit_skb+0x105f/0x1410
[   26.123388]  ? l2tp_session_create+0xb80/0xb80
[   26.127943]  ? sock_wmalloc+0x15d/0x1d0
[   26.131890]  ? iov_iter_advance+0x13f0/0x13f0
[   26.136365]  ? pppol2tp_sendmsg+0x41b/0x670
[   26.140660]  pppol2tp_sendmsg+0x470/0x670
[   26.144783]  ? selinux_socket_sendmsg+0x36/0x40
[   26.149425]  ? pppol2tp_getsockopt+0x900/0x900
[   26.153979]  sock_sendmsg+0xca/0x110
[   26.157669]  ___sys_sendmsg+0x767/0x8b0
[   26.161619]  ? copy_msghdr_from_user+0x590/0x590
[   26.166349]  ? lock_release+0xa40/0xa40
[   26.170297]  ? __ip4_datagram_connect+0xa3a/0x1240
[   26.175200]  ? lock_acquire+0x1d5/0x580
[   26.179150]  ? __local_bh_enable_ip+0x121/0x230
[   26.183793]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   26.188785]  ? release_sock+0x1d4/0x2a0
[   26.192730]  ? trace_hardirqs_on+0xd/0x10
[   26.196862]  ? __local_bh_enable_ip+0x121/0x230
[   26.201507]  ? __fget_light+0x2b2/0x3c0
[   26.205453]  ? fget_raw+0x20/0x20
[   26.208879]  ? release_sock+0x1d4/0x2a0
[   26.212827]  ? __release_sock+0x360/0x360
[   26.216956]  ? ip6_datagram_connect+0x3a/0x50
[   26.221433]  __sys_sendmsg+0xe5/0x210
[   26.225207]  ? __sys_sendmsg+0xe5/0x210
[   26.229156]  ? SyS_shutdown+0x290/0x290
[   26.233121]  ? move_addr_to_kernel+0x60/0x60
[   26.237505]  SyS_sendmsg+0x2d/0x50
[   26.241020]  ? __sys_sendmsg+0x210/0x210
[   26.245058]  do_syscall_64+0x281/0x940
[   26.248914]  ? __do_page_fault+0xc90/0xc90
[   26.253119]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.257849]  ? syscall_return_slowpath+0x550/0x550
[   26.262753]  ? syscall_return_slowpath+0x2ac/0x550
[   26.267659]  ? prepare_exit_to_usermode+0x350/0x350
[   26.272648]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   26.277987]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.282809]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   26.287970] RIP: 0033:0x442b79
[   26.291130] RSP: 002b:00007fff9e75d508 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   26.298810] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000000442b79
[   26.306049] RDX: 000000000000c045 RSI: 0000000020002540 RDI: 0000000000000004
[   26.313290] RBP: 00000000004a456f R08: 00000000004a456f R09: 00000000004a456f
[   26.320531] R10: 00000000004a456f R11: 0000000000000246 R12: 00007fff9e75d5e0
[   26.327776] R13: 0000000000403900 R14: 0000000000000000 R15: 0000000000000000
[   26.335041] 
[   26.336641] Allocated by task 0:
[   26.339971] (stack is not available)
[   26.343651] 
[   26.345249] Freed by task 0:
[   26.348234] (stack is not available)
[   26.351913] 
[   26.353512] The buggy address belongs to the object at ffff8801b4d83100
[   26.353512]  which belongs to the cache ip_dst_cache of size 160
[   26.366229] The buggy address is located 24 bytes inside of
[   26.366229]  160-byte region [ffff8801b4d83100, ffff8801b4d831a0)
[   26.377982] The buggy address belongs to the page:
[   26.382887] page:ffffea0006d360c0 count:1 mapcount:0 mapping:ffff8801b4d83000 index:0x0
[   26.391002] flags: 0x2fffc0000000100(slab)
[   26.395215] raw: 02fffc0000000100 ffff8801b4d83000 0000000000000000 0000000100000010
[   26.403065] raw: ffffea000711a7a0 ffff8801d6f90348 ffff8801d81af300 0000000000000000
[   26.410915] page dumped because: kasan: bad access detected
[   26.416590] 
[   26.418187] Memory state around the buggy address:
[   26.423085]  ffff8801b4d83000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.430412]  ffff8801b4d83080: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[   26.437742] >ffff8801b4d83100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.445075]                             ^
[   26.449189]  ffff8801b4d83180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.456605]  ffff8801b4d83200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.463930] ==================================================================
[   26.471257] Disabling lock debugging due to kernel taint
[   26.476714] Kernel panic - not syncing: panic_on_warn set ...
[   26.476714] 
[   26.484062] CPU: 0 PID: 4246 Comm: syzkaller578297 Tainted: G    B            4.16.0-rc4+ #266
[   26.492791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.502115] Call Trace:
[   26.504676]  dump_stack+0x194/0x24d
[   26.508277]  ? arch_local_irq_restore+0x53/0x53
[   26.512921]  ? kasan_end_report+0x32/0x50
[   26.517038]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.521761]  ? vsnprintf+0x1ed/0x1900
[   26.525534]  ? ip6_xmit+0x1e90/0x2260
[   26.529304]  panic+0x1e4/0x41c
[   26.532464]  ? refcount_error_report+0x214/0x214
[   26.537189]  ? add_taint+0x1c/0x50
[   26.540697]  ? add_taint+0x1c/0x50
[   26.544207]  ? ip6_xmit+0x1f76/0x2260
[   26.547979]  kasan_end_report+0x50/0x50
[   26.551930]  kasan_report+0x149/0x360
[   26.555703]  __asan_report_load8_noabort+0x14/0x20
[   26.560607]  ip6_xmit+0x1f76/0x2260
[   26.564212]  ? ip6_finish_output2+0x23d0/0x23d0
[   26.568853]  ? fl6_update_dst+0x127/0x2b0
[   26.572972]  ? inet6_csk_route_socket+0x691/0xe80
[   26.577786]  ? trace_hardirqs_off+0x10/0x10
[   26.582078]  ? lock_acquire+0x1d5/0x580
[   26.586025]  ? lock_acquire+0x1d5/0x580
[   26.589969]  ? inet6_csk_xmit+0x114/0x580
[   26.594085]  ? trace_hardirqs_off+0x10/0x10
[   26.598378]  ? lock_release+0xa40/0xa40
[   26.602329]  inet6_csk_xmit+0x2fc/0x580
[   26.606273]  ? inet6_csk_update_pmtu+0x160/0x160
[   26.611000]  ? __sk_dst_check+0x1a5/0x380
[   26.615124]  ? sock_kzfree_s+0x60/0x60
[   26.618987]  l2tp_xmit_skb+0x105f/0x1410
[   26.623031]  ? l2tp_session_create+0xb80/0xb80
[   26.627582]  ? sock_wmalloc+0x15d/0x1d0
[   26.631526]  ? iov_iter_advance+0x13f0/0x13f0
[   26.635992]  ? pppol2tp_sendmsg+0x41b/0x670
[   26.640287]  pppol2tp_sendmsg+0x470/0x670
[   26.644405]  ? selinux_socket_sendmsg+0x36/0x40
[   26.649052]  ? pppol2tp_getsockopt+0x900/0x900
[   26.653605]  sock_sendmsg+0xca/0x110
[   26.657289]  ___sys_sendmsg+0x767/0x8b0
[   26.661234]  ? copy_msghdr_from_user+0x590/0x590
[   26.665966]  ? lock_release+0xa40/0xa40
[   26.669910]  ? __ip4_datagram_connect+0xa3a/0x1240
[   26.674809]  ? lock_acquire+0x1d5/0x580
[   26.678760]  ? __local_bh_enable_ip+0x121/0x230
[   26.683399]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   26.688386]  ? release_sock+0x1d4/0x2a0
[   26.692327]  ? trace_hardirqs_on+0xd/0x10
[   26.696459]  ? __local_bh_enable_ip+0x121/0x230
[   26.701097]  ? __fget_light+0x2b2/0x3c0
[   26.705040]  ? fget_raw+0x20/0x20
[   26.708463]  ? release_sock+0x1d4/0x2a0
[   26.712407]  ? __release_sock+0x360/0x360
[   26.716533]  ? ip6_datagram_connect+0x3a/0x50
[   26.721007]  __sys_sendmsg+0xe5/0x210
[   26.724789]  ? __sys_sendmsg+0xe5/0x210
[   26.728740]  ? SyS_shutdown+0x290/0x290
[   26.732694]  ? move_addr_to_kernel+0x60/0x60
[   26.737072]  SyS_sendmsg+0x2d/0x50
[   26.740588]  ? __sys_sendmsg+0x210/0x210
[   26.744620]  do_syscall_64+0x281/0x940
[   26.748480]  ? __do_page_fault+0xc90/0xc90
[   26.752683]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.757410]  ? syscall_return_slowpath+0x550/0x550
[   26.762308]  ? syscall_return_slowpath+0x2ac/0x550
[   26.767206]  ? prepare_exit_to_usermode+0x350/0x350
[   26.772201]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   26.777536]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.782441]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   26.787602] RIP: 0033:0x442b79
[   26.790762] RSP: 002b:00007fff9e75d508 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   26.798439] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000000442b79
[   26.805677] RDX: 000000000000c045 RSI: 0000000020002540 RDI: 0000000000000004
[   26.812924] RBP: 00000000004a456f R08: 00000000004a456f R09: 00000000004a456f
[   26.820598] R10: 00000000004a456f R11: 0000000000000246 R12: 00007fff9e75d5e0
[   26.827839] R13: 0000000000403900 R14: 0000000000000000 R15: 0000000000000000
[   26.835651] Dumping ftrace buffer:
[   26.839182]    (ftrace buffer empty)
[   26.843281] Kernel Offset: disabled
[   26.846878] Rebooting in 86400 seconds..