[....] Starting enhanced syslogd: rsyslogd[   16.591086] audit: type=1400 audit(1520834642.465:5): avc:  denied  { syslog } for  pid=4071 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.224564] audit: type=1400 audit(1520834645.099:6): avc:  denied  { map } for  pid=4211 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts.
[   25.579951] audit: type=1400 audit(1520834651.454:7): avc:  denied  { map } for  pid=4225 comm="syzkaller965195" path="/root/syzkaller965195937" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   25.591556] IPVS: ftp: loaded support on port[0] = 21
net.ipv6.conf.syz_tun.accept_dad = 0
net.ipv6.conf.syz_tun.router_solicitations = 0
[   25.605934] audit: type=1400 audit(1520834651.454:8): avc:  denied  { sys_admin } for  pid=4225 comm="syzkaller965195" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   25.638934] audit: type=1400 audit(1520834651.513:9): avc:  denied  { net_admin } for  pid=4226 comm="syzkaller965195" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
RTNETLINK answers: File exists
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   25.880364] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   26.232322] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   26.238412] 8021q: adding VLAN 0 to HW filter on device bond0
executing program
[   26.275132] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   26.313452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   26.325601] audit: type=1400 audit(1520834652.200:10): avc:  denied  { sys_chroot } for  pid=4226 comm="syzkaller965195" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   26.329591] ==================================================================
[   26.357576] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x1f76/0x2260
[   26.364041] Read of size 8 at addr ffff8801d04d1118 by task syzkaller965195/4226
[   26.371542] 
[   26.373145] CPU: 1 PID: 4226 Comm: syzkaller965195 Not tainted 4.16.0-rc4+ #350
[   26.380559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.389880] Call Trace:
[   26.392441]  dump_stack+0x194/0x24d
[   26.396043]  ? arch_local_irq_restore+0x53/0x53
[   26.400685]  ? show_regs_print_info+0x18/0x18
[   26.405158]  ? ip6_xmit+0x1f76/0x2260
[   26.408933]  print_address_description+0x73/0x250
[   26.413753]  ? ip6_xmit+0x1f76/0x2260
[   26.417525]  kasan_report+0x23c/0x360
[   26.421302]  __asan_report_load8_noabort+0x14/0x20
[   26.426201]  ip6_xmit+0x1f76/0x2260
[   26.429809]  ? ip6_finish_output2+0x23a0/0x23a0
[   26.434452]  ? fl6_update_dst+0x127/0x2b0
[   26.438575]  ? inet6_csk_route_socket+0x691/0xe80
[   26.443392]  ? trace_hardirqs_off+0x10/0x10
[   26.447684]  ? lock_acquire+0x1d5/0x580
[   26.451627]  ? lock_acquire+0x1d5/0x580
[   26.455570]  ? inet6_csk_xmit+0x114/0x580
[   26.459697]  ? trace_hardirqs_off+0x10/0x10
[   26.463997]  ? lock_release+0xa40/0xa40
[   26.467971]  inet6_csk_xmit+0x2fc/0x580
[   26.471916]  ? inet6_csk_update_pmtu+0x160/0x160
[   26.476643]  ? __sk_dst_check+0x1a5/0x380
[   26.480766]  ? sock_kfree_s+0x60/0x60
[   26.484552]  l2tp_xmit_skb+0x105f/0x1410
[   26.488595]  ? l2tp_session_create+0xb80/0xb80
[   26.493150]  ? sock_wmalloc+0x15d/0x1d0
[   26.497096]  ? iov_iter_advance+0x13f0/0x13f0
[   26.501573]  ? pppol2tp_sendmsg+0x41b/0x670
[   26.505868]  pppol2tp_sendmsg+0x470/0x670
[   26.509989]  ? selinux_socket_sendmsg+0x36/0x40
[   26.514631]  ? pppol2tp_getsockopt+0x900/0x900
[   26.519184]  sock_sendmsg+0xca/0x110
[   26.522872]  SYSC_sendto+0x361/0x5c0
[   26.526560]  ? SYSC_connect+0x4a0/0x4a0
[   26.530514]  ? inet_dgram_connect+0x172/0x1f0
[   26.534981]  ? SYSC_connect+0x2e0/0x4a0
[   26.538956]  ? mm_fault_error+0x2c0/0x2c0
[   26.543077]  ? move_addr_to_kernel+0x60/0x60
[   26.547460]  SyS_sendto+0x40/0x50
[   26.550887]  ? SyS_getpeername+0x30/0x30
[   26.554923]  do_syscall_64+0x281/0x940
[   26.558780]  ? __do_page_fault+0xc90/0xc90
[   26.562983]  ? _raw_spin_unlock_irq+0x27/0x70
[   26.567450]  ? finish_task_switch+0x1c1/0x7e0
[   26.571916]  ? syscall_return_slowpath+0x550/0x550
[   26.576817]  ? syscall_return_slowpath+0x2ac/0x550
[   26.581718]  ? prepare_exit_to_usermode+0x350/0x350
[   26.586715]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   26.592055]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.596874]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   26.602035] RIP: 0033:0x441ca9
[   26.605197] RSP: 002b:00000000007dfe98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   26.612884] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000000441ca9
[   26.620124] RDX: 0000000000000000 RSI: 0000000020001180 RDI: 0000000000000004
[   26.627366] RBP: 00000000004a3cc6 R08: 00000000200021c0 R09: 0000000000000080
[   26.634608] R10: 0000000000040001 R11: 0000000000000212 R12: 00000000007dff70
[   26.641847] R13: 0000000000402ce0 R14: 0000000000000000 R15: 0000000000000000
[   26.649111] 
[   26.650709] Allocated by task 0:
[   26.654041] (stack is not available)
[   26.657728] 
[   26.659326] Freed by task 0:
[   26.662313] (stack is not available)
[   26.665992] 
[   26.667593] The buggy address belongs to the object at ffff8801d04d1100
[   26.667593]  which belongs to the cache ip_dst_cache of size 168
[   26.680306] The buggy address is located 24 bytes inside of
[   26.680306]  168-byte region [ffff8801d04d1100, ffff8801d04d11a8)
[   26.692061] The buggy address belongs to the page:
[   26.696959] page:ffffea0007413440 count:1 mapcount:0 mapping:ffff8801d04d1000 index:0x0
[   26.705071] flags: 0x2fffc0000000100(slab)
[   26.709275] raw: 02fffc0000000100 ffff8801d04d1000 0000000000000000 0000000100000010
[   26.717125] raw: ffffea0006b26ae0 ffff8801d5bd5948 ffff8801d5bd7980 0000000000000000
[   26.725162] page dumped because: kasan: bad access detected
[   26.730839] 
[   26.732436] Memory state around the buggy address:
[   26.737333]  ffff8801d04d1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.744662]  ffff8801d04d1080: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   26.751990] >ffff8801d04d1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.759319]                             ^
[   26.763444]  ffff8801d04d1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.770783]  ffff8801d04d1200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.778111] ==================================================================
[   26.785438] Disabling lock debugging due to kernel taint
[   26.790890] Kernel panic - not syncing: panic_on_warn set ...
[   26.790890] 
[   26.798240] CPU: 1 PID: 4226 Comm: syzkaller965195 Tainted: G    B            4.16.0-rc4+ #350
[   26.806958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.816289] Call Trace:
[   26.818855]  dump_stack+0x194/0x24d
[   26.822452]  ? arch_local_irq_restore+0x53/0x53
[   26.827090]  ? kasan_end_report+0x32/0x50
[   26.831208]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.835932]  ? vsnprintf+0x1ed/0x1900
[   26.839703]  ? ip6_xmit+0x1f30/0x2260
[   26.843878]  panic+0x1e4/0x41c
[   26.847042]  ? refcount_error_report+0x214/0x214
[   26.851772]  ? add_taint+0x1c/0x50
[   26.855281]  ? add_taint+0x1c/0x50
[   26.858794]  ? ip6_xmit+0x1f76/0x2260
[   26.862564]  kasan_end_report+0x50/0x50
[   26.866505]  kasan_report+0x149/0x360
[   26.870275]  __asan_report_load8_noabort+0x14/0x20
[   26.875175]  ip6_xmit+0x1f76/0x2260
[   26.878776]  ? ip6_finish_output2+0x23a0/0x23a0
[   26.883414]  ? fl6_update_dst+0x127/0x2b0
[   26.887530]  ? inet6_csk_route_socket+0x691/0xe80
[   26.892343]  ? trace_hardirqs_off+0x10/0x10
[   26.896632]  ? lock_acquire+0x1d5/0x580
[   26.900572]  ? lock_acquire+0x1d5/0x580
[   26.904515]  ? inet6_csk_xmit+0x114/0x580
[   26.908633]  ? trace_hardirqs_off+0x10/0x10
[   26.912925]  ? lock_release+0xa40/0xa40
[   26.916878]  inet6_csk_xmit+0x2fc/0x580
[   26.920829]  ? inet6_csk_update_pmtu+0x160/0x160
[   26.927036]  ? __sk_dst_check+0x1a5/0x380
[   26.931153]  ? sock_kfree_s+0x60/0x60
[   26.934933]  l2tp_xmit_skb+0x105f/0x1410
[   26.938970]  ? l2tp_session_create+0xb80/0xb80
[   26.943530]  ? sock_wmalloc+0x15d/0x1d0
[   26.947473]  ? iov_iter_advance+0x13f0/0x13f0
[   26.951939]  ? pppol2tp_sendmsg+0x41b/0x670
[   26.956231]  pppol2tp_sendmsg+0x470/0x670
[   26.960348]  ? selinux_socket_sendmsg+0x36/0x40
[   26.964985]  ? pppol2tp_getsockopt+0x900/0x900
[   26.969538]  sock_sendmsg+0xca/0x110
[   26.973220]  SYSC_sendto+0x361/0x5c0
[   26.976903]  ? SYSC_connect+0x4a0/0x4a0
[   26.980854]  ? inet_dgram_connect+0x172/0x1f0
[   26.985319]  ? SYSC_connect+0x2e0/0x4a0
[   26.989284]  ? mm_fault_error+0x2c0/0x2c0
[   26.993402]  ? move_addr_to_kernel+0x60/0x60
[   26.997780]  SyS_sendto+0x40/0x50
[   27.001207]  ? SyS_getpeername+0x30/0x30
[   27.005240]  do_syscall_64+0x281/0x940
[   27.009094]  ? __do_page_fault+0xc90/0xc90
[   27.013299]  ? _raw_spin_unlock_irq+0x27/0x70
[   27.017764]  ? finish_task_switch+0x1c1/0x7e0
[   27.022227]  ? syscall_return_slowpath+0x550/0x550
[   27.027124]  ? syscall_return_slowpath+0x2ac/0x550
[   27.032027]  ? prepare_exit_to_usermode+0x350/0x350
[   27.037019]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   27.042363]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.047178]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   27.052334] RIP: 0033:0x441ca9
[   27.055492] RSP: 002b:00000000007dfe98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   27.063170] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000000441ca9
[   27.070408] RDX: 0000000000000000 RSI: 0000000020001180 RDI: 0000000000000004
[   27.077646] RBP: 00000000004a3cc6 R08: 00000000200021c0 R09: 0000000000000080
[   27.084893] R10: 0000000000040001 R11: 0000000000000212 R12: 00000000007dff70
[   27.092131] R13: 0000000000402ce0 R14: 0000000000000000 R15: 0000000000000000
[   27.099795] Dumping ftrace buffer:
[   27.103308]    (ftrace buffer empty)
[   27.106986] Kernel Offset: disabled
[   27.110582] Rebooting in 86400 seconds..