[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   18.425397] audit: type=1400 audit(1520402061.006:6): avc:  denied  { map } for  pid=4161 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.32' (ECDSA) to the list of known hosts.
syzkaller login: [   24.768349] audit: type=1400 audit(1520402067.349:7): avc:  denied  { map } for  pid=4175 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/03/07 05:54:27 parsed 1 programs
2018/03/07 05:54:27 executed programs: 0
[   25.020258] audit: type=1400 audit(1520402067.600:8): avc:  denied  { map } for  pid=4175 comm="syz-execprog" path="/root/syzkaller-shm528163200" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   25.031857] IPVS: ftp: loaded support on port[0] = 21
[   25.298434] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   25.644443] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   25.650528] 8021q: adding VLAN 0 to HW filter on device bond0
[   25.687347] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   25.724571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.740864] ==================================================================
[   25.748265] BUG: KASAN: use-after-free in ip6_xmit+0x1f76/0x2260
[   25.754384] Read of size 8 at addr ffff8801d01a2b18 by task syz-executor0/4341
[   25.761711] 
[   25.763311] CPU: 1 PID: 4341 Comm: syz-executor0 Not tainted 4.16.0-rc4+ #253
[   25.770556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.779877] Call Trace:
[   25.782434]  dump_stack+0x194/0x24d
[   25.786037]  ? arch_local_irq_restore+0x53/0x53
[   25.790677]  ? show_regs_print_info+0x18/0x18
[   25.795148]  ? ip6_xmit+0x1f76/0x2260
[   25.798921]  print_address_description+0x73/0x250
[   25.803737]  ? ip6_xmit+0x1f76/0x2260
[   25.807511]  kasan_report+0x23c/0x360
[   25.811285]  __asan_report_load8_noabort+0x14/0x20
[   25.816186]  ip6_xmit+0x1f76/0x2260
[   25.819806]  ? ip6_finish_output2+0x23a0/0x23a0
[   25.824453]  ? fl6_update_dst+0x127/0x2b0
[   25.828574]  ? inet6_csk_route_socket+0x691/0xe80
[   25.833389]  ? trace_hardirqs_off+0x10/0x10
[   25.837683]  ? lock_acquire+0x1d5/0x580
[   25.841626]  ? lock_acquire+0x1d5/0x580
[   25.845571]  ? inet6_csk_xmit+0x114/0x580
[   25.849701]  ? trace_hardirqs_off+0x10/0x10
[   25.854004]  ? lock_release+0xa40/0xa40
[   25.857971]  inet6_csk_xmit+0x2fc/0x580
[   25.861920]  ? inet6_csk_update_pmtu+0x160/0x160
[   25.866647]  ? __sk_dst_check+0x1a5/0x380
[   25.870769]  ? sock_kfree_s+0x60/0x60
[   25.874562]  l2tp_xmit_skb+0x105f/0x1410
[   25.878606]  ? l2tp_session_create+0xb80/0xb80
[   25.883161]  ? sock_wmalloc+0x15d/0x1d0
[   25.887112]  ? iov_iter_advance+0x13f0/0x13f0
[   25.891582]  ? pppol2tp_sendmsg+0x41b/0x670
[   25.895880]  pppol2tp_sendmsg+0x470/0x670
[   25.900028]  ? selinux_socket_sendmsg+0x36/0x40
[   25.904674]  ? pppol2tp_getsockopt+0x900/0x900
[   25.909226]  sock_sendmsg+0xca/0x110
[   25.912914]  ___sys_sendmsg+0x767/0x8b0
[   25.916877]  ? copy_msghdr_from_user+0x590/0x590
[   25.921614]  ? __handle_mm_fault+0x5ba/0x38c0
[   25.926085]  ? __pmd_alloc+0x4e0/0x4e0
[   25.929943]  ? trace_hardirqs_off+0x10/0x10
[   25.934237]  ? selinux_socket_setsockopt+0x80/0x80
[   25.939134]  ? lock_release+0xa40/0xa40
[   25.943082]  ? __fget_light+0x2b2/0x3c0
[   25.947034]  ? fget_raw+0x20/0x20
[   25.950476]  ? find_held_lock+0x35/0x1d0
[   25.954526]  __sys_sendmsg+0xe5/0x210
[   25.958297]  ? __sys_sendmsg+0xe5/0x210
[   25.962249]  ? SyS_shutdown+0x290/0x290
[   25.966203]  ? compat_SyS_futex+0x288/0x380
[   25.970515]  compat_SyS_sendmsg+0x2a/0x40
[   25.974636]  ? compat_SyS_getsockopt+0x420/0x420
[   25.979363]  do_fast_syscall_32+0x3ec/0xf9f
[   25.983662]  ? do_int80_syscall_32+0x9c0/0x9c0
[   25.988215]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.992946]  ? syscall_return_slowpath+0x2ac/0x550
[   25.997849]  ? prepare_exit_to_usermode+0x350/0x350
[   26.002839]  ? sysret32_from_system_call+0x5/0x3c
[   26.007657]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.012476]  entry_SYSENTER_compat+0x70/0x7f
[   26.016856] RIP: 0023:0xf7f72c99
[   26.020191] RSP: 002b:00000000ff8e6ffc EFLAGS: 00000286 ORIG_RAX: 0000000000000172
[   26.027868] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000002037ffc8
[   26.035112] RDX: 0000000000000081 RSI: 0000000000000000 RDI: 0000000000000000
[   26.042355] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   26.049595] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   26.056837] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   26.064094] 
[   26.065692] Allocated by task 4173:
[   26.069293]  save_stack+0x43/0xd0
[   26.072714]  kasan_kmalloc+0xad/0xe0
[   26.076395]  kasan_slab_alloc+0x12/0x20
[   26.080340]  kmem_cache_alloc+0x12e/0x760
[   26.084455]  dst_alloc+0x11f/0x1a0
[   26.087967]  rt_dst_alloc+0xe9/0x520
[   26.091649]  ip_route_output_key_hash_rcu+0xa59/0x2f00
[   26.096897]  ip_route_output_key_hash+0x20b/0x370
[   26.101710]  __ip4_datagram_connect+0xa67/0x1240
[   26.106438]  __ip6_datagram_connect+0x749/0x12d0
[   26.111169]  ip6_datagram_connect+0x2f/0x50
[   26.115462]  inet_dgram_connect+0x16b/0x1f0
[   26.119753]  SYSC_connect+0x213/0x4a0
[   26.123524]  SyS_connect+0x24/0x30
[   26.127040]  do_syscall_64+0x281/0x940
[   26.130903]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   26.136057] 
[   26.137657] Freed by task 0:
[   26.140645]  save_stack+0x43/0xd0
[   26.144066]  __kasan_slab_free+0x11a/0x170
[   26.148269]  kasan_slab_free+0xe/0x10
[   26.152042]  kmem_cache_free+0x83/0x2a0
[   26.155987]  dst_destroy+0x257/0x370
[   26.159673]  dst_destroy_rcu+0x16/0x20
[   26.163529]  rcu_process_callbacks+0xd6c/0x17f0
[   26.168169]  __do_softirq+0x2d7/0xb85
[   26.171945] 
[   26.173544] The buggy address belongs to the object at ffff8801d01a2b00
[   26.173544]  which belongs to the cache ip_dst_cache of size 168
[   26.186255] The buggy address is located 24 bytes inside of
[   26.186255]  168-byte region [ffff8801d01a2b00, ffff8801d01a2ba8)
[   26.198010] The buggy address belongs to the page:
[   26.202913] page:ffffea0007406880 count:1 mapcount:0 mapping:ffff8801d01a2000 index:0xffff8801d01a2000
[   26.212324] flags: 0x2fffc0000000100(slab)
[   26.216530] raw: 02fffc0000000100 ffff8801d01a2000 ffff8801d01a2000 0000000100000007
[   26.224380] raw: ffff8801d6bbd038 ffffea000740bce0 ffff8801d5bf8e00 0000000000000000
[   26.232226] page dumped because: kasan: bad access detected
[   26.237903] 
[   26.239499] Memory state around the buggy address:
[   26.244395]  ffff8801d01a2a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.251723]  ffff8801d01a2a80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   26.259050] >ffff8801d01a2b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.266375]                             ^
[   26.270492]  ffff8801d01a2b80: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[   26.277819]  ffff8801d01a2c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.285145] ==================================================================
[   26.292469] Disabling lock debugging due to kernel taint
[   26.297919] Kernel panic - not syncing: panic_on_warn set ...
[   26.297919] 
[   26.305262] CPU: 1 PID: 4341 Comm: syz-executor0 Tainted: G    B            4.16.0-rc4+ #253
[   26.313813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.323134] Call Trace:
[   26.325690]  dump_stack+0x194/0x24d
[   26.329285]  ? arch_local_irq_restore+0x53/0x53
[   26.334193]  ? kasan_end_report+0x32/0x50
[   26.338312]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.343035]  ? vsnprintf+0x1ed/0x1900
[   26.346807]  ? ip6_xmit+0x1f30/0x2260
[   26.350579]  panic+0x1e4/0x41c
[   26.353738]  ? refcount_error_report+0x214/0x214
[   26.358465]  ? add_taint+0x1c/0x50
[   26.361973]  ? add_taint+0x1c/0x50
[   26.365484]  ? ip6_xmit+0x1f76/0x2260
[   26.369258]  kasan_end_report+0x50/0x50
[   26.373200]  kasan_report+0x149/0x360
[   26.376976]  __asan_report_load8_noabort+0x14/0x20
[   26.381877]  ip6_xmit+0x1f76/0x2260
[   26.385478]  ? ip6_finish_output2+0x23a0/0x23a0
[   26.390117]  ? fl6_update_dst+0x127/0x2b0
[   26.394233]  ? inet6_csk_route_socket+0x691/0xe80
[   26.399044]  ? trace_hardirqs_off+0x10/0x10
[   26.403334]  ? lock_acquire+0x1d5/0x580
[   26.407277]  ? lock_acquire+0x1d5/0x580
[   26.411217]  ? inet6_csk_xmit+0x114/0x580
[   26.415332]  ? trace_hardirqs_off+0x10/0x10
[   26.419622]  ? lock_release+0xa40/0xa40
[   26.423571]  inet6_csk_xmit+0x2fc/0x580
[   26.427521]  ? inet6_csk_update_pmtu+0x160/0x160
[   26.432247]  ? __sk_dst_check+0x1a5/0x380
[   26.436363]  ? sock_kfree_s+0x60/0x60
[   26.440144]  l2tp_xmit_skb+0x105f/0x1410
[   26.444178]  ? l2tp_session_create+0xb80/0xb80
[   26.448727]  ? sock_wmalloc+0x15d/0x1d0
[   26.452670]  ? iov_iter_advance+0x13f0/0x13f0
[   26.457135]  ? pppol2tp_sendmsg+0x41b/0x670
[   26.461425]  pppol2tp_sendmsg+0x470/0x670
[   26.465542]  ? selinux_socket_sendmsg+0x36/0x40
[   26.470179]  ? pppol2tp_getsockopt+0x900/0x900
[   26.474732]  sock_sendmsg+0xca/0x110
[   26.478417]  ___sys_sendmsg+0x767/0x8b0
[   26.482360]  ? copy_msghdr_from_user+0x590/0x590
[   26.487094]  ? __handle_mm_fault+0x5ba/0x38c0
[   26.491566]  ? __pmd_alloc+0x4e0/0x4e0
[   26.495420]  ? trace_hardirqs_off+0x10/0x10
[   26.499708]  ? selinux_socket_setsockopt+0x80/0x80
[   26.504602]  ? lock_release+0xa40/0xa40
[   26.508547]  ? __fget_light+0x2b2/0x3c0
[   26.512491]  ? fget_raw+0x20/0x20
[   26.515918]  ? find_held_lock+0x35/0x1d0
[   26.519953]  __sys_sendmsg+0xe5/0x210
[   26.523722]  ? __sys_sendmsg+0xe5/0x210
[   26.527662]  ? SyS_shutdown+0x290/0x290
[   26.531608]  ? compat_SyS_futex+0x288/0x380
[   26.535907]  compat_SyS_sendmsg+0x2a/0x40
[   26.540025]  ? compat_SyS_getsockopt+0x420/0x420
[   26.544750]  do_fast_syscall_32+0x3ec/0xf9f
[   26.549048]  ? do_int80_syscall_32+0x9c0/0x9c0
[   26.553596]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.558320]  ? syscall_return_slowpath+0x2ac/0x550
[   26.563216]  ? prepare_exit_to_usermode+0x350/0x350
[   26.568205]  ? sysret32_from_system_call+0x5/0x3c
[   26.573024]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.577837]  entry_SYSENTER_compat+0x70/0x7f
[   26.582211] RIP: 0023:0xf7f72c99
[   26.585542] RSP: 002b:00000000ff8e6ffc EFLAGS: 00000286 ORIG_RAX: 0000000000000172
[   26.593215] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000002037ffc8
[   26.600455] RDX: 0000000000000081 RSI: 0000000000000000 RDI: 0000000000000000
[   26.607691] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   26.614930] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   26.622166] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   26.629827] Dumping ftrace buffer:
[   26.633333]    (ftrace buffer empty)
[   26.637010] Kernel Offset: disabled
[   26.640603] Rebooting in 86400 seconds..