[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   18.062587] audit: type=1400 audit(1520579237.333:6): avc:  denied  { map } for  pid=4225 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts.
syzkaller login: [   24.416680] audit: type=1400 audit(1520579243.687:7): avc:  denied  { map } for  pid=4239 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/03/09 07:07:23 parsed 1 programs
2018/03/09 07:07:23 executed programs: 0
[   24.664573] audit: type=1400 audit(1520579243.935:8): avc:  denied  { map } for  pid=4239 comm="syz-execprog" path="/root/syzkaller-shm734209432" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   24.678347] IPVS: ftp: loaded support on port[0] = 21
[   24.938787] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   25.288903] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   25.295032] 8021q: adding VLAN 0 to HW filter on device bond0
[   25.331429] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   25.368577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.385538] ==================================================================
[   25.392958] BUG: KASAN: use-after-free in ip6_xmit+0x1f76/0x2260
[   25.399075] Read of size 8 at addr ffff8801c49dd718 by task syz-executor0/4405
[   25.406401] 
[   25.408007] CPU: 0 PID: 4405 Comm: syz-executor0 Not tainted 4.16.0-rc4+ #256
[   25.415254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.424578] Call Trace:
[   25.427142]  dump_stack+0x194/0x24d
[   25.430745]  ? arch_local_irq_restore+0x53/0x53
[   25.435386]  ? show_regs_print_info+0x18/0x18
[   25.439872]  ? ip6_xmit+0x1f76/0x2260
[   25.443649]  print_address_description+0x73/0x250
[   25.448467]  ? ip6_xmit+0x1f76/0x2260
[   25.452244]  kasan_report+0x23c/0x360
[   25.456030]  __asan_report_load8_noabort+0x14/0x20
[   25.460936]  ip6_xmit+0x1f76/0x2260
[   25.464553]  ? ip6_finish_output2+0x23a0/0x23a0
[   25.469197]  ? fl6_update_dst+0x127/0x2b0
[   25.473321]  ? inet6_csk_route_socket+0x691/0xe80
[   25.478140]  ? trace_hardirqs_off+0x10/0x10
[   25.482438]  ? lock_acquire+0x1d5/0x580
[   25.486384]  ? lock_acquire+0x1d5/0x580
[   25.490336]  ? inet6_csk_xmit+0x114/0x580
[   25.494459]  ? trace_hardirqs_off+0x10/0x10
[   25.498758]  ? lock_release+0xa40/0xa40
[   25.502730]  inet6_csk_xmit+0x2fc/0x580
[   25.506679]  ? inet6_csk_update_pmtu+0x160/0x160
[   25.511408]  ? __sk_dst_check+0x1a5/0x380
[   25.515530]  ? sock_kfree_s+0x60/0x60
[   25.519321]  l2tp_xmit_skb+0x105f/0x1410
[   25.523397]  ? l2tp_session_create+0xb80/0xb80
[   25.528053]  ? sock_wmalloc+0x15d/0x1d0
[   25.532005]  ? iov_iter_advance+0x13f0/0x13f0
[   25.536475]  ? pppol2tp_sendmsg+0x41b/0x670
[   25.540775]  pppol2tp_sendmsg+0x470/0x670
[   25.544898]  ? selinux_socket_sendmsg+0x36/0x40
[   25.549539]  ? pppol2tp_getsockopt+0x900/0x900
[   25.554093]  sock_sendmsg+0xca/0x110
[   25.557779]  ___sys_sendmsg+0x767/0x8b0
[   25.561728]  ? copy_msghdr_from_user+0x590/0x590
[   25.566461]  ? __handle_mm_fault+0x5ba/0x38c0
[   25.570931]  ? __pmd_alloc+0x4e0/0x4e0
[   25.574787]  ? trace_hardirqs_off+0x10/0x10
[   25.579081]  ? release_sock+0x1d4/0x2a0
[   25.583027]  ? trace_hardirqs_on+0xd/0x10
[   25.587147]  ? __fget_light+0x2b2/0x3c0
[   25.591093]  ? fget_raw+0x20/0x20
[   25.594539]  ? find_held_lock+0x35/0x1d0
[   25.598590]  __sys_sendmsg+0xe5/0x210
[   25.602359]  ? __sys_sendmsg+0xe5/0x210
[   25.606307]  ? SyS_shutdown+0x290/0x290
[   25.610262]  ? compat_SyS_futex+0x288/0x380
[   25.614575]  compat_SyS_sendmsg+0x2a/0x40
[   25.618697]  ? compat_SyS_getsockopt+0x420/0x420
[   25.623426]  do_fast_syscall_32+0x3ec/0xf9f
[   25.627726]  ? do_int80_syscall_32+0x9c0/0x9c0
[   25.632280]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.637012]  ? syscall_return_slowpath+0x2ac/0x550
[   25.641915]  ? prepare_exit_to_usermode+0x350/0x350
[   25.646905]  ? sysret32_from_system_call+0x5/0x3c
[   25.651722]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   25.656541]  entry_SYSENTER_compat+0x70/0x7f
[   25.660921] RIP: 0023:0xf7f7bc99
[   25.664253] RSP: 002b:00000000ff8cb4fc EFLAGS: 00000286 ORIG_RAX: 0000000000000172
[   25.671931] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000002037ffc8
[   25.679170] RDX: 0000000000000081 RSI: 0000000000000000 RDI: 0000000000000000
[   25.686407] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   25.693645] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   25.700886] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   25.708142] 
[   25.709741] Allocated by task 4233:
[   25.713338]  save_stack+0x43/0xd0
[   25.716758]  kasan_kmalloc+0xad/0xe0
[   25.720442]  kasan_slab_alloc+0x12/0x20
[   25.724388]  kmem_cache_alloc+0x12e/0x760
[   25.728508]  dst_alloc+0x11f/0x1a0
[   25.732019]  rt_dst_alloc+0xe9/0x520
[   25.735701]  ip_route_output_key_hash_rcu+0xa59/0x2f00
[   25.740945]  ip_route_output_key_hash+0x20b/0x370
[   25.745848]  __ip4_datagram_connect+0xa67/0x1240
[   25.750576]  __ip6_datagram_connect+0x749/0x12d0
[   25.755301]  ip6_datagram_connect+0x2f/0x50
[   25.759593]  inet_dgram_connect+0x16b/0x1f0
[   25.763882]  SYSC_connect+0x213/0x4a0
[   25.767651]  SyS_connect+0x24/0x30
[   25.771161]  do_syscall_64+0x281/0x940
[   25.775018]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   25.780181] 
[   25.781778] Freed by task 7:
[   25.784765]  save_stack+0x43/0xd0
[   25.788183]  __kasan_slab_free+0x11a/0x170
[   25.792384]  kasan_slab_free+0xe/0x10
[   25.796155]  kmem_cache_free+0x83/0x2a0
[   25.800099]  dst_destroy+0x257/0x370
[   25.803782]  dst_destroy_rcu+0x16/0x20
[   25.807642]  rcu_process_callbacks+0xd6c/0x17f0
[   25.812278]  __do_softirq+0x2d7/0xb85
[   25.816045] 
[   25.817642] The buggy address belongs to the object at ffff8801c49dd700
[   25.817642]  which belongs to the cache ip_dst_cache of size 168
[   25.830354] The buggy address is located 24 bytes inside of
[   25.830354]  168-byte region [ffff8801c49dd700, ffff8801c49dd7a8)
[   25.842109] The buggy address belongs to the page:
[   25.847007] page:ffffea0007127740 count:1 mapcount:0 mapping:ffff8801c49dd000 index:0xffff8801c49dd000
[   25.856421] flags: 0x2fffc0000000100(slab)
[   25.860625] raw: 02fffc0000000100 ffff8801c49dd000 ffff8801c49dd000 000000010000000c
[   25.868474] raw: ffff8801d6bdf538 ffffea00072a28e0 ffff8801d5443680 0000000000000000
[   25.876318] page dumped because: kasan: bad access detected
[   25.881995] 
[   25.883594] Memory state around the buggy address:
[   25.888490]  ffff8801c49dd600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.895818]  ffff8801c49dd680: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   25.903143] >ffff8801c49dd700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.910467]                             ^
[   25.914581]  ffff8801c49dd780: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[   25.921908]  ffff8801c49dd800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.929233] ==================================================================
[   25.936559] Disabling lock debugging due to kernel taint
[   25.942039] Kernel panic - not syncing: panic_on_warn set ...
[   25.942039] 
[   25.949374] CPU: 0 PID: 4405 Comm: syz-executor0 Tainted: G    B            4.16.0-rc4+ #256
[   25.957915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.967237] Call Trace:
[   25.969794]  dump_stack+0x194/0x24d
[   25.973389]  ? arch_local_irq_restore+0x53/0x53
[   25.978028]  ? kasan_end_report+0x32/0x50
[   25.982147]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.986880]  ? vsnprintf+0x1ed/0x1900
[   25.990648]  ? ip6_xmit+0x1f30/0x2260
[   25.994420]  panic+0x1e4/0x41c
[   25.997578]  ? refcount_error_report+0x214/0x214
[   26.002302]  ? add_taint+0x1c/0x50
[   26.005808]  ? add_taint+0x1c/0x50
[   26.009315]  ? ip6_xmit+0x1f76/0x2260
[   26.013083]  kasan_end_report+0x50/0x50
[   26.017023]  kasan_report+0x149/0x360
[   26.020792]  __asan_report_load8_noabort+0x14/0x20
[   26.025688]  ip6_xmit+0x1f76/0x2260
[   26.029290]  ? ip6_finish_output2+0x23a0/0x23a0
[   26.033927]  ? fl6_update_dst+0x127/0x2b0
[   26.038045]  ? inet6_csk_route_socket+0x691/0xe80
[   26.042856]  ? trace_hardirqs_off+0x10/0x10
[   26.047146]  ? lock_acquire+0x1d5/0x580
[   26.051087]  ? lock_acquire+0x1d5/0x580
[   26.055028]  ? inet6_csk_xmit+0x114/0x580
[   26.059144]  ? trace_hardirqs_off+0x10/0x10
[   26.063433]  ? lock_release+0xa40/0xa40
[   26.067381]  inet6_csk_xmit+0x2fc/0x580
[   26.071325]  ? inet6_csk_update_pmtu+0x160/0x160
[   26.076051]  ? __sk_dst_check+0x1a5/0x380
[   26.080171]  ? sock_kfree_s+0x60/0x60
[   26.083948]  l2tp_xmit_skb+0x105f/0x1410
[   26.087987]  ? l2tp_session_create+0xb80/0xb80
[   26.092538]  ? sock_wmalloc+0x15d/0x1d0
[   26.096480]  ? iov_iter_advance+0x13f0/0x13f0
[   26.100945]  ? pppol2tp_sendmsg+0x41b/0x670
[   26.105234]  pppol2tp_sendmsg+0x470/0x670
[   26.109352]  ? selinux_socket_sendmsg+0x36/0x40
[   26.114167]  ? pppol2tp_getsockopt+0x900/0x900
[   26.118718]  sock_sendmsg+0xca/0x110
[   26.122400]  ___sys_sendmsg+0x767/0x8b0
[   26.126344]  ? copy_msghdr_from_user+0x590/0x590
[   26.131071]  ? __handle_mm_fault+0x5ba/0x38c0
[   26.135535]  ? __pmd_alloc+0x4e0/0x4e0
[   26.139391]  ? trace_hardirqs_off+0x10/0x10
[   26.143685]  ? release_sock+0x1d4/0x2a0
[   26.147627]  ? trace_hardirqs_on+0xd/0x10
[   26.151743]  ? __fget_light+0x2b2/0x3c0
[   26.155688]  ? fget_raw+0x20/0x20
[   26.159114]  ? find_held_lock+0x35/0x1d0
[   26.163149]  __sys_sendmsg+0xe5/0x210
[   26.166915]  ? __sys_sendmsg+0xe5/0x210
[   26.170858]  ? SyS_shutdown+0x290/0x290
[   26.174804]  ? compat_SyS_futex+0x288/0x380
[   26.179104]  compat_SyS_sendmsg+0x2a/0x40
[   26.183230]  ? compat_SyS_getsockopt+0x420/0x420
[   26.187952]  do_fast_syscall_32+0x3ec/0xf9f
[   26.192244]  ? do_int80_syscall_32+0x9c0/0x9c0
[   26.196795]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.201520]  ? syscall_return_slowpath+0x2ac/0x550
[   26.206417]  ? prepare_exit_to_usermode+0x350/0x350
[   26.211405]  ? sysret32_from_system_call+0x5/0x3c
[   26.216218]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.221031]  entry_SYSENTER_compat+0x70/0x7f
[   26.225408] RIP: 0023:0xf7f7bc99
[   26.228739] RSP: 002b:00000000ff8cb4fc EFLAGS: 00000286 ORIG_RAX: 0000000000000172
[   26.236414] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000002037ffc8
[   26.243653] RDX: 0000000000000081 RSI: 0000000000000000 RDI: 0000000000000000
[   26.250891] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   26.258130] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   26.265367] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   26.272986] Dumping ftrace buffer:
[   26.276492]    (ftrace buffer empty)
[   26.280169] Kernel Offset: disabled
[   26.283767] Rebooting in 86400 seconds..