[....] Starting enhanced syslogd: rsyslogd[   16.086345] audit: type=1400 audit(1520499531.755:5): avc:  denied  { syslog } for  pid=4082 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.053818] audit: type=1400 audit(1520499535.722:6): avc:  denied  { map } for  pid=4221 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts.
[   26.327257] audit: type=1400 audit(1520499541.996:7): avc:  denied  { map } for  pid=4235 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/03/08 08:59:02 parsed 1 programs
2018/03/08 08:59:02 executed programs: 0
[   26.582221] audit: type=1400 audit(1520499542.249:8): avc:  denied  { map } for  pid=4235 comm="syz-execprog" path="/root/syzkaller-shm430034579" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   26.612659] audit: type=1400 audit(1520499542.281:9): avc:  denied  { sys_admin } for  pid=4240 comm="syz-executor0" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   26.642519] IPVS: ftp: loaded support on port[0] = 21
[   26.680098] audit: type=1400 audit(1520499542.347:10): avc:  denied  { net_admin } for  pid=4245 comm="syz-executor5" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   26.683441] IPVS: ftp: loaded support on port[0] = 21
[   26.742660] IPVS: ftp: loaded support on port[0] = 21
[   26.792330] IPVS: ftp: loaded support on port[0] = 21
[   26.846222] IPVS: ftp: loaded support on port[0] = 21
[   26.925078] IPVS: ftp: loaded support on port[0] = 21
[   27.037872] IPVS: ftp: loaded support on port[0] = 21
[   27.177132] IPVS: ftp: loaded support on port[0] = 21
[   27.873519] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   27.963931] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   27.985135] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   28.060737] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   28.120242] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   28.226643] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   28.322629] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   28.368717] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   29.981529] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   29.987711] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.047538] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   30.053802] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.204352] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   30.251222] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   30.257495] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.279351] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   30.287180] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   30.293285] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.333468] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   30.339620] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.418220] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   30.424548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   30.432145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   30.454557] audit: type=1400 audit(1520499546.123:11): avc:  denied  { sys_chroot } for  pid=4246 comm="syz-executor6" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   30.520165] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   30.537965] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   30.544152] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.555848] ------------[ cut here ]------------
[   30.560780] refcount_t: underflow; use-after-free.
[   30.565883] WARNING: CPU: 0 PID: 5416 at lib/refcount.c:187 refcount_sub_and_test+0x167/0x1b0
[   30.572793] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   30.574534] Kernel panic - not syncing: panic_on_warn set ...
[   30.574534] 
[   30.574548] CPU: 0 PID: 5416 Comm: syz-executor6 Not tainted 4.16.0-rc4+ #345
[   30.574552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.574557] Call Trace:
[   30.583099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   30.587955]  dump_stack+0x194/0x24d
[   30.587970]  ? arch_local_irq_restore+0x53/0x53
[   30.587986]  ? vsnprintf+0x1ed/0x1900
[   30.602921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   30.604589]  panic+0x1e4/0x41c
[   30.604599]  ? refcount_error_report+0x214/0x214
[   30.604605]  ? show_regs_print_info+0x18/0x18
[   30.604623]  ? __warn+0x1c1/0x200
[   30.611691] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   30.613662]  ? refcount_sub_and_test+0x167/0x1b0
[   30.613673]  __warn+0x1dc/0x200
[   30.662125]  ? refcount_sub_and_test+0x167/0x1b0
[   30.666881]  report_bug+0x211/0x2d0
[   30.671266]  fixup_bug.part.11+0x37/0x80
[   30.675325]  do_error_trap+0x2d7/0x3e0
[   30.679206]  ? vprintk_default+0x28/0x30
[   30.683266]  ? math_error+0x400/0x400
[   30.685828] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   30.687054]  ? printk+0xaa/0xca
[   30.687065]  ? show_regs_print_info+0x18/0x18
[   30.687089]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.693138] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.696382]  do_invalid_op+0x1b/0x20
[   30.696392]  invalid_op+0x1b/0x40
[   30.696403] RIP: 0010:refcount_sub_and_test+0x167/0x1b0
[   30.724007] RSP: 0018:ffff8801b472e490 EFLAGS: 00010282
[   30.729369] RAX: dffffc0000000008 RBX: 0000000000000401 RCX: ffffffff815abb5e
[   30.736638] RDX: 0000000000000000 RSI: 1ffff100368e5c42 RDI: 1ffff100368e5c17
[   30.741269] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   30.743899] RBP: ffff8801b472e520 R08: 1ffff100368e5bd9 R09: 0000000000000000
[   30.743904] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff100368e5c93
[   30.743909] R13: 00000000ffffff01 R14: 0000000000000500 R15: ffff8801b4e619fc
[   30.743938]  ? vprintk_func+0x5e/0xc0
[   30.750086] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   30.757234]  ? refcount_inc+0x50/0x50
[   30.757242]  ? refcount_sub_and_test+0x115/0x1b0
[   30.757252]  ? refcount_inc+0x50/0x50
[   30.766192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   30.771749]  ? sctp_do_sm+0x32e3/0x6ed0
[   30.771761]  ? sctp_close+0x266/0x9a0
[   30.771769]  ? inet_release+0xed/0x1c0
[   30.771782]  sock_wfree+0xa6/0x140
[   30.805091] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   30.808551]  sctp_wfree+0x2eb/0x670
[   30.808563]  ? __sctp_write_space+0x910/0x910
[   30.812512] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   30.815949]  skb_release_head_state+0x124/0x260
[   30.815961]  skb_release_all+0x15/0x60
[   30.815970]  consume_skb+0x153/0x490
[   30.815977]  ? sctp_chunk_put+0x99/0x420
[   30.815986]  ? alloc_skb_with_frags+0x750/0x750
[   30.815994]  ? sctp_chunk_hold+0x20/0x20
[   30.823494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   30.825636]  ? refcount_sub_and_test+0x115/0x1b0
[   30.825647]  ? refcount_inc+0x50/0x50
[   30.825657]  ? mark_held_locks+0xaf/0x100
[   30.859503] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   30.861545]  ? sctp_datamsg_put+0x46f/0x5b0
[   30.861566]  sctp_chunk_put+0x29c/0x420
[   30.894995]  ? sctp_chunk_hold+0x20/0x20
[   30.899062]  ? sctp_transport_dst_confirm+0x50/0x50
[   30.904078]  ? save_stack+0xa3/0xd0
[   30.907720]  sctp_chunk_free+0x53/0x60
[   30.911606]  __sctp_outq_teardown+0x244/0x1230
[   30.916100] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   30.916179]  ? get_signal+0x73a/0x16d0
[   30.922309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   30.926072]  ? do_signal+0x90/0x1e90
[   30.926095]  ? sctp_inq_set_th_handler+0x1d0/0x1d0
[   30.926107]  ? free_obj_work+0x690/0x690
[   30.926120]  ? kfree+0xf3/0x260
[   30.937384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   30.941179]  ? skb_free_head+0x74/0xb0
[   30.941193]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.941203]  ? trace_hardirqs_on+0xd/0x10
[   30.941217]  ? __lock_is_held+0xb6/0x140
[   30.972040]  ? kfree_skbmem+0x1a1/0x1d0
[   30.972606] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   30.976012]  ? trace_hardirqs_off+0x10/0x10
[   30.976020]  ? rcu_read_lock_sched_held+0x108/0x120
[   30.976033]  ? kmem_cache_free+0x258/0x2a0
[   30.976045]  ? kfree_skbmem+0xe2/0x1d0
[   30.999472]  ? skb_gro_receive+0x1340/0x1340
[   31.003877]  ? sctp_sock_rfree+0x18c/0x200
[   31.008130]  ? find_held_lock+0x35/0x1d0
[   31.012207]  ? sock_def_wakeup+0x1fc/0x350
[   31.016443]  ? lock_downgrade+0x980/0x980
[   31.020595]  ? lock_release+0xa40/0xa40
[   31.024578]  sctp_outq_free+0x15/0x20
[   31.028373]  sctp_association_free+0x2d0/0x930
[   31.032960]  ? sctp_asconf_queue_teardown+0x700/0x700
[   31.038155]  ? sock_def_wakeup+0x225/0x350
[   31.042481]  ? sctp_ulpq_tail_event+0x164/0xc50
[   31.047155]  ? sk_dst_check+0x550/0x550
[   31.051138]  ? sctp_ulpq_reasm_drain+0x430/0x430
[   31.055995]  ? sctp_ulpevent_make_assoc_change+0x66d/0x8a0
[   31.061641]  sctp_do_sm+0x32e3/0x6ed0
[   31.064631] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   31.065463]  ? sctp_do_8_2_transport_strike.isra.15+0x8a0/0x8a0
[   31.071510] 8021q: adding VLAN 0 to HW filter on device bond0
[   31.077544]  ? sctp_chunkify+0x2fc/0x3f0
[   31.077558]  ? sctp_chunk_iif+0xa0/0xa0
[   31.091413]  ? kfree_skbmem+0x1a1/0x1d0
[   31.093182] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   31.095376]  ? rcu_read_lock_sched_held+0x108/0x120
[   31.095391]  ? kmem_cache_free+0x258/0x2a0
[   31.101482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   31.106422]  ? print_irqtrace_events+0x270/0x270
[   31.106442]  ? skb_dequeue+0x12a/0x180
[   31.106451]  ? skb_put+0x155/0x1d0
[   31.114316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   31.117125]  ? sctp_auth_send_cid+0xc4/0x140
[   31.117141]  ? _sctp_make_chunk+0x1f4/0x270
[   31.144427]  ? lock_release+0xa40/0xa40
[   31.148400]  ? skb_put+0x155/0x1d0
[   31.151937]  ? memcpy+0x45/0x50
[   31.155239]  ? sctp_make_abort_no_data+0x290/0x290
[   31.160173]  sctp_primitive_ABORT+0xa0/0xd0
[   31.164501]  sctp_close+0x266/0x9a0
[   31.168139]  ? sctp_apply_peer_addr_params+0xf30/0xf30
[   31.170937] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   31.173404]  ? __dentry_kill+0x4ae/0x700
[   31.173422]  ? check_same_owner+0x320/0x320
[   31.187818]  ? locks_remove_file+0x3fa/0x5a0
[   31.192230]  ? fcntl_setlk+0x1100/0x1100
[   31.196291]  ? fsnotify+0x7b3/0x1140
[   31.200009]  ? ip_mc_drop_socket+0x1ce/0x230
[   31.204424]  inet_release+0xed/0x1c0
[   31.208144]  sock_release+0x8d/0x1e0
[   31.211857]  ? sock_alloc_file+0x560/0x560
[   31.216093]  sock_close+0x16/0x20
[   31.219542]  __fput+0x327/0x7e0
[   31.222834]  ? fput+0x140/0x140
[   31.226109]  ? check_same_owner+0x320/0x320
[   31.226469] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   31.230415]  ? _raw_spin_unlock_irq+0x27/0x70
[   31.230438]  ____fput+0x15/0x20
[   31.236535] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   31.240943]  task_work_run+0x199/0x270
[   31.240957]  ? task_work_cancel+0x210/0x210
[   31.240968]  ? _raw_spin_unlock+0x22/0x30
[   31.240978]  ? switch_task_namespaces+0x87/0xc0
[   31.249446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   31.250708]  do_exit+0x9bb/0x1ad0
[   31.250721]  ? find_held_lock+0x35/0x1d0
[   31.281627]  ? mm_update_next_owner+0x930/0x930
[   31.286301]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   31.291495]  ? lock_downgrade+0x980/0x980
[   31.295663]  ? __unqueue_futex+0x1c0/0x290
[   31.299896]  ? lock_release+0xa40/0xa40
[   31.300141] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   31.303858]  ? fault_in_user_writeable+0x90/0x90
[   31.303873]  ? do_raw_spin_trylock+0x190/0x190
[   31.319220]  ? futex_wake+0x680/0x680
[   31.323018]  ? __local_bh_enable_ip+0x121/0x230
[   31.327702]  ? drop_futex_key_refs.isra.13+0x63/0xb0
[   31.332807]  ? futex_wait+0x6a9/0x9a0
[   31.336641]  ? trace_hardirqs_off+0x10/0x10
[   31.340963]  ? drop_futex_key_refs.isra.13+0x63/0xb0
[   31.346073]  ? futex_wake+0x2ca/0x680
[   31.349877]  ? memset+0x31/0x40
[   31.353164]  ? find_held_lock+0x35/0x1d0
[   31.357230]  ? get_signal+0x7a9/0x16d0
[   31.359625] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   31.361110]  ? lock_downgrade+0x980/0x980
[   31.361132]  do_group_exit+0x149/0x400
[   31.367223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   31.371283]  ? do_raw_spin_trylock+0x190/0x190
[   31.371293]  ? SyS_exit+0x30/0x30
[   31.371302]  ? _raw_spin_unlock_irq+0x27/0x70
[   31.371317]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.380526] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   31.381656]  get_signal+0x73a/0x16d0
[   31.381677]  ? ptrace_notify+0x130/0x130
[   31.413291]  ? avc_has_perm_noaudit+0x520/0x520
[   31.417945]  ? iterate_fd+0x3f0/0x3f0
[   31.421716]  ? inet_create+0xf50/0xf50
[   31.425576]  ? selinux_socket_sendmsg+0x36/0x40
[   31.430219]  ? inet_create+0xf50/0xf50
[   31.434083]  do_signal+0x90/0x1e90
[   31.437595]  ? SYSC_sendto+0x41c/0x5c0
[   31.441458]  ? sock_has_perm+0x2a4/0x420
[   31.445504]  ? setup_sigcontext+0x7d0/0x7d0
[   31.449798]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   31.455133]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   31.460381]  ? alloc_file+0x27e/0x390
[   31.464173]  ? exit_to_usermode_loop+0x8c/0x2f0
[   31.468821]  exit_to_usermode_loop+0x258/0x2f0
[   31.473375]  ? vfs_writev+0x340/0x340
[   31.477150]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   31.482660]  ? do_syscall_64+0xb7/0x940
[   31.486613]  do_syscall_64+0x6ec/0x940
[   31.490489]  ? __do_page_fault+0xc90/0xc90
[   31.494697]  ? _raw_spin_unlock_irq+0x27/0x70
[   31.499167]  ? finish_task_switch+0x1c1/0x7e0
[   31.503639]  ? syscall_return_slowpath+0x550/0x550
[   31.508580]  ? syscall_return_slowpath+0x2ac/0x550
[   31.513487]  ? prepare_exit_to_usermode+0x350/0x350
[   31.518487]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   31.523830]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.528651]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   31.533813] RIP: 0033:0x453e69
[   31.536973] RSP: 002b:00007f3c70044ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   31.544656] RAX: fffffffffffffe00 RBX: 000000000072bec8 RCX: 0000000000453e69
[   31.551895] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000072bec8
[   31.559136] RBP: 000000000072bec8 R08: 0000000000000000 R09: 000000000072bea0
[   31.566376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   31.573619] R13: 0000000000a3e8ef R14: 00007f3c700459c0 R15: 0000000000000000
[   31.581429] Dumping ftrace buffer:
[   31.585313]    (ftrace buffer empty)
[   31.588995] Kernel Offset: disabled
[   31.592596] Rebooting in 86400 seconds..