[....] Starting enhanced syslogd: rsyslogd[   17.049095] audit: type=1400 audit(1520712976.534:5): avc:  denied  { syslog } for  pid=4079 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   23.008439] audit: type=1400 audit(1520712982.494:6): avc:  denied  { map } for  pid=4219 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts.
[   29.303479] audit: type=1400 audit(1520712988.789:7): avc:  denied  { map } for  pid=4233 comm="syzkaller332915" path="/root/syzkaller332915034" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   29.314210] IPVS: ftp: loaded support on port[0] = 21
net.ipv6.conf.syz_tun.accept_dad = 0
net.ipv6.conf.syz_tun.router_solicitations = 0
[   29.329440] audit: type=1400 audit(1520712988.789:8): avc:  denied  { sys_admin } for  pid=4233 comm="syzkaller332915" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   29.362060] audit: type=1400 audit(1520712988.847:9): avc:  denied  { net_admin } for  pid=4234 comm="syzkaller332915" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
RTNETLINK answers: File exists
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
[   29.598838] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   29.951130] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   29.957218] 8021q: adding VLAN 0 to HW filter on device bond0
executing program
[   29.994208] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   30.033014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   30.044520] audit: type=1400 audit(1520712989.530:10): avc:  denied  { sys_chroot } for  pid=4234 comm="syzkaller332915" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   30.048095] ==================================================================
[   30.076498] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x1f76/0x2260
[   30.082962] Read of size 8 at addr ffff8801afabf218 by task syzkaller332915/4234
[   30.090475] 
[   30.092081] CPU: 0 PID: 4234 Comm: syzkaller332915 Not tainted 4.16.0-rc4+ #260
[   30.099498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.108834] Call Trace:
[   30.111400]  dump_stack+0x194/0x24d
[   30.115002]  ? arch_local_irq_restore+0x53/0x53
[   30.119647]  ? show_regs_print_info+0x18/0x18
[   30.124135]  ? ip6_xmit+0x1f76/0x2260
[   30.127917]  print_address_description+0x73/0x250
[   30.132731]  ? ip6_xmit+0x1f76/0x2260
[   30.136504]  kasan_report+0x23c/0x360
[   30.140280]  __asan_report_load8_noabort+0x14/0x20
[   30.145180]  ip6_xmit+0x1f76/0x2260
[   30.148794]  ? ip6_finish_output2+0x23d0/0x23d0
[   30.153440]  ? fl6_update_dst+0x127/0x2b0
[   30.157563]  ? inet6_csk_route_socket+0x691/0xe80
[   30.162378]  ? trace_hardirqs_off+0x10/0x10
[   30.166673]  ? lock_acquire+0x1d5/0x580
[   30.170617]  ? lock_acquire+0x1d5/0x580
[   30.174567]  ? inet6_csk_xmit+0x114/0x580
[   30.178686]  ? trace_hardirqs_off+0x10/0x10
[   30.182984]  ? lock_release+0xa40/0xa40
[   30.186945]  inet6_csk_xmit+0x2fc/0x580
[   30.190892]  ? inet6_csk_update_pmtu+0x160/0x160
[   30.195623]  ? __sk_dst_check+0x1a5/0x380
[   30.199746]  ? sock_kzfree_s+0x60/0x60
[   30.203629]  l2tp_xmit_skb+0x105f/0x1410
[   30.207675]  ? l2tp_session_create+0xb80/0xb80
[   30.212238]  ? sock_wmalloc+0x15d/0x1d0
[   30.216186]  ? iov_iter_advance+0x13f0/0x13f0
[   30.220656]  ? pppol2tp_sendmsg+0x41b/0x670
[   30.224955]  pppol2tp_sendmsg+0x470/0x670
[   30.229080]  ? selinux_socket_sendmsg+0x36/0x40
[   30.233725]  ? pppol2tp_getsockopt+0x900/0x900
[   30.238278]  sock_sendmsg+0xca/0x110
[   30.241966]  SYSC_sendto+0x361/0x5c0
[   30.245657]  ? SYSC_connect+0x4a0/0x4a0
[   30.249614]  ? inet_dgram_connect+0x172/0x1f0
[   30.254085]  ? SYSC_connect+0x2e0/0x4a0
[   30.258067]  ? mm_fault_error+0x2c0/0x2c0
[   30.262188]  ? move_addr_to_kernel+0x60/0x60
[   30.266573]  SyS_sendto+0x40/0x50
[   30.269999]  ? SyS_getpeername+0x30/0x30
[   30.274043]  do_syscall_64+0x281/0x940
[   30.277902]  ? __do_page_fault+0xc90/0xc90
[   30.282107]  ? _raw_spin_unlock_irq+0x27/0x70
[   30.286575]  ? finish_task_switch+0x1c1/0x7e0
[   30.291044]  ? syscall_return_slowpath+0x550/0x550
[   30.295945]  ? syscall_return_slowpath+0x2ac/0x550
[   30.300846]  ? prepare_exit_to_usermode+0x350/0x350
[   30.305835]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   30.311174]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.315995]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   30.321157] RIP: 0033:0x443519
[   30.324316] RSP: 002b:00000000007efe58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   30.332009] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000000443519
[   30.339257] RDX: 0000000000000000 RSI: 0000000020001180 RDI: 0000000000000004
[   30.346497] RBP: 00000000004a53b9 R08: 00000000200021c0 R09: 0000000000000080
[   30.353739] R10: 0000000000040001 R11: 0000000000000212 R12: 00000000007eff70
[   30.360981] R13: 0000000000404550 R14: 0000000000000000 R15: 0000000000000000
[   30.368237] 
[   30.369835] Allocated by task 0:
[   30.373166] (stack is not available)
[   30.376844] 
[   30.378441] Freed by task 0:
[   30.381425] (stack is not available)
[   30.385108] 
[   30.386709] The buggy address belongs to the object at ffff8801afabf200
[   30.386709]  which belongs to the cache ip_dst_cache of size 160
[   30.399424] The buggy address is located 24 bytes inside of
[   30.399424]  160-byte region [ffff8801afabf200, ffff8801afabf2a0)
[   30.411178] The buggy address belongs to the page:
[   30.416078] page:ffffea0006beafc0 count:1 mapcount:0 mapping:ffff8801afabf000 index:0x0
[   30.424191] flags: 0x2fffc0000000100(slab)
[   30.428397] raw: 02fffc0000000100 ffff8801afabf000 0000000000000000 0000000100000010
[   30.436247] raw: ffffea00072fe8e0 ffff8801d5bc6848 ffff8801d5bc9800 0000000000000000
[   30.444094] page dumped because: kasan: bad access detected
[   30.449771] 
[   30.451367] Memory state around the buggy address:
[   30.456267]  ffff8801afabf100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.463599]  ffff8801afabf180: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[   30.470927] >ffff8801afabf200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.478253]                             ^
[   30.482372]  ffff8801afabf280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.489706]  ffff8801afabf300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.497458] ==================================================================
[   30.504788] Disabling lock debugging due to kernel taint
[   30.510233] Kernel panic - not syncing: panic_on_warn set ...
[   30.510233] 
[   30.517577] CPU: 0 PID: 4234 Comm: syzkaller332915 Tainted: G    B            4.16.0-rc4+ #260
[   30.526291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.535614] Call Trace:
[   30.538174]  dump_stack+0x194/0x24d
[   30.541773]  ? arch_local_irq_restore+0x53/0x53
[   30.546410]  ? kasan_end_report+0x32/0x50
[   30.550529]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.555257]  ? vsnprintf+0x1ed/0x1900
[   30.559037]  ? ip6_xmit+0x1eb0/0x2260
[   30.562808]  panic+0x1e4/0x41c
[   30.565972]  ? refcount_error_report+0x214/0x214
[   30.570697]  ? add_taint+0x1c/0x50
[   30.574207]  ? add_taint+0x1c/0x50
[   30.577721]  ? ip6_xmit+0x1f76/0x2260
[   30.581491]  kasan_end_report+0x50/0x50
[   30.585444]  kasan_report+0x149/0x360
[   30.589216]  __asan_report_load8_noabort+0x14/0x20
[   30.594115]  ip6_xmit+0x1f76/0x2260
[   30.597717]  ? ip6_finish_output2+0x23d0/0x23d0
[   30.602356]  ? fl6_update_dst+0x127/0x2b0
[   30.606475]  ? inet6_csk_route_socket+0x691/0xe80
[   30.611289]  ? trace_hardirqs_off+0x10/0x10
[   30.615580]  ? lock_acquire+0x1d5/0x580
[   30.619521]  ? lock_acquire+0x1d5/0x580
[   30.623464]  ? inet6_csk_xmit+0x114/0x580
[   30.627582]  ? trace_hardirqs_off+0x10/0x10
[   30.631876]  ? lock_release+0xa40/0xa40
[   30.635829]  inet6_csk_xmit+0x2fc/0x580
[   30.639775]  ? inet6_csk_update_pmtu+0x160/0x160
[   30.644503]  ? __sk_dst_check+0x1a5/0x380
[   30.648623]  ? sock_kzfree_s+0x60/0x60
[   30.652490]  l2tp_xmit_skb+0x105f/0x1410
[   30.656525]  ? l2tp_session_create+0xb80/0xb80
[   30.661075]  ? sock_wmalloc+0x15d/0x1d0
[   30.665028]  ? iov_iter_advance+0x13f0/0x13f0
[   30.669499]  ? pppol2tp_sendmsg+0x41b/0x670
[   30.673790]  pppol2tp_sendmsg+0x470/0x670
[   30.677912]  ? selinux_socket_sendmsg+0x36/0x40
[   30.682551]  ? pppol2tp_getsockopt+0x900/0x900
[   30.687111]  sock_sendmsg+0xca/0x110
[   30.690801]  SYSC_sendto+0x361/0x5c0
[   30.694485]  ? SYSC_connect+0x4a0/0x4a0
[   30.698433]  ? inet_dgram_connect+0x172/0x1f0
[   30.702896]  ? SYSC_connect+0x2e0/0x4a0
[   30.706857]  ? mm_fault_error+0x2c0/0x2c0
[   30.710975]  ? move_addr_to_kernel+0x60/0x60
[   30.715354]  SyS_sendto+0x40/0x50
[   30.718777]  ? SyS_getpeername+0x30/0x30
[   30.722813]  do_syscall_64+0x281/0x940
[   30.726673]  ? __do_page_fault+0xc90/0xc90
[   30.730876]  ? _raw_spin_unlock_irq+0x27/0x70
[   30.735340]  ? finish_task_switch+0x1c1/0x7e0
[   30.739806]  ? syscall_return_slowpath+0x550/0x550
[   30.744706]  ? syscall_return_slowpath+0x2ac/0x550
[   30.749607]  ? prepare_exit_to_usermode+0x350/0x350
[   30.754597]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   30.759935]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.764753]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   30.769909] RIP: 0033:0x443519
[   30.773067] RSP: 002b:00000000007efe58 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   30.780748] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000000443519
[   30.787989] RDX: 0000000000000000 RSI: 0000000020001180 RDI: 0000000000000004
[   30.795229] RBP: 00000000004a53b9 R08: 00000000200021c0 R09: 0000000000000080
[   30.802466] R10: 0000000000040001 R11: 0000000000000212 R12: 00000000007eff70
[   30.809707] R13: 0000000000404550 R14: 0000000000000000 R15: 0000000000000000
[   30.817405] Dumping ftrace buffer:
[   30.820912]    (ftrace buffer empty)
[   30.824591] Kernel Offset: disabled
[   30.828190] Rebooting in 86400 seconds..