[....] Starting enhanced syslogd: rsyslogd[   15.886201] audit: type=1400 audit(1517594255.129:4): avc:  denied  { syslog } for  pid=3908 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts.
2018/02/02 17:57:57 parsed 1 programs
2018/02/02 17:57:57 executed programs: 0
syzkaller login: [   38.093473] audit: type=1400 audit(1517594277.329:5): avc:  denied  { sys_admin } for  pid=4078 comm="syz-executor0" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   38.126642] IPVS: Creating netns size=2536 id=1
[   38.150992] IPVS: Creating netns size=2536 id=2
[   38.161757] IPVS: Creating netns size=2536 id=3
[   38.166777] audit: type=1400 audit(1517594277.409:6): avc:  denied  { sys_chroot } for  pid=4081 comm="syz-executor2" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   38.167723] audit: type=1400 audit(1517594277.409:7): avc:  denied  { net_admin } for  pid=4081 comm="syz-executor2" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   38.243362] IPVS: Creating netns size=2536 id=4
[   38.277767] IPVS: Creating netns size=2536 id=5
[   38.310526] IPVS: Creating netns size=2536 id=6
[   38.336533] IPVS: Creating netns size=2536 id=7
[   38.359709] IPVS: Creating netns size=2536 id=8
2018/02/02 17:58:02 executed programs: 471
2018/02/02 17:58:07 executed programs: 884
[   51.913352] ==================================================================
[   51.920771] BUG: KASAN: use-after-free in inet_shutdown+0x2d4/0x350
[   51.927165] Read of size 4 at addr ffff8801cc6c8cc0 by task syz-executor5/13041
[   51.934582] 
[   51.936185] CPU: 0 PID: 13041 Comm: syz-executor5 Not tainted 4.9.79-g71f1469 #34
[   51.943776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.953110]  ffff8801b3127b78 ffffffff81d94829 ffffea000731b200 ffff8801cc6c8cc0
[   51.961130]  0000000000000000 ffff8801cc6c8cc0 ffff8801b5a60558 ffff8801b3127bb0
[   51.969137]  ffffffff8153e083 ffff8801cc6c8cc0 0000000000000004 0000000000000000
[   51.977122] Call Trace:
[   51.979688]  [<ffffffff81d94829>] dump_stack+0xc1/0x128
[   51.985027]  [<ffffffff8153e083>] print_address_description+0x73/0x280
[   51.991663]  [<ffffffff8153e5a5>] kasan_report+0x275/0x360
[   51.997260]  [<ffffffff832e8a64>] ? inet_shutdown+0x2d4/0x350
[   52.003119]  [<ffffffff83589e40>] ? pppol2tp_recvmsg+0x2b0/0x2b0
[   52.009236]  [<ffffffff8153e6e4>] __asan_report_load4_noabort+0x14/0x20
[   52.015990]  [<ffffffff832e8a64>] inet_shutdown+0x2d4/0x350
[   52.021674]  [<ffffffff83589e40>] ? pppol2tp_recvmsg+0x2b0/0x2b0
[   52.027791]  [<ffffffff83589ee0>] pppol2tp_session_close+0xa0/0xe0
[   52.034080]  [<ffffffff835848df>] l2tp_tunnel_closeall+0x21f/0x3a0
[   52.040372]  [<ffffffff8348b190>] ? udp_v6_flush_pending_frames+0xe0/0xe0
[   52.047273]  [<ffffffff82ed49f0>] ? sock_release+0x1e0/0x1e0
[   52.053044]  [<ffffffff835854e7>] l2tp_udp_encap_destroy+0x87/0xe0
[   52.059332]  [<ffffffff83585460>] ? l2tp_tunnel_destruct+0x5a0/0x5a0
[   52.065800]  [<ffffffff8348b241>] udpv6_destroy_sock+0xb1/0xd0
[   52.071746]  [<ffffffff82eeb5ab>] sk_common_release+0x6b/0x2f0
[   52.077691]  [<ffffffff8348a1f5>] udp_lib_close+0x15/0x20
[   52.083203]  [<ffffffff832e8bda>] inet_release+0xfa/0x1d0
[   52.088715]  [<ffffffff8340f730>] inet6_release+0x50/0x70
[   52.094225]  [<ffffffff82ed489d>] sock_release+0x8d/0x1e0
[   52.099737]  [<ffffffff82ed4a06>] sock_close+0x16/0x20
[   52.104990]  [<ffffffff8157551c>] __fput+0x28c/0x6e0
[   52.110070]  [<ffffffff815759f5>] ____fput+0x15/0x20
[   52.115146]  [<ffffffff811957c5>] task_work_run+0x115/0x190
[   52.120831]  [<ffffffff81003a4c>] exit_to_usermode_loop+0xfc/0x120
[   52.127124]  [<ffffffff810072ae>] do_fast_syscall_32+0x5de/0x890
[   52.133240]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   52.139879]  [<ffffffff838b4d34>] entry_SYSENTER_compat+0x74/0x83
[   52.146078] 
[   52.147679] Allocated by task 13021:
[   52.151370]  save_stack_trace+0x16/0x20
[   52.155317]  save_stack+0x43/0xd0
[   52.158756]  kasan_kmalloc+0xad/0xe0
[   52.162443]  kasan_slab_alloc+0x12/0x20
[   52.166386]  kmem_cache_alloc+0xba/0x290
[   52.170423]  sock_alloc_inode+0x1d/0x250
[   52.174455]  alloc_inode+0x65/0x180
[   52.178053]  new_inode_pseudo+0x17/0xe0
[   52.182000]  sock_alloc+0x41/0x270
[   52.185517]  __sock_create+0xa5/0x640
[   52.189303]  SyS_socket+0xf0/0x1b0
[   52.192820]  do_fast_syscall_32+0x2f7/0x890
[   52.197114]  entry_SYSENTER_compat+0x74/0x83
[   52.201582] 
[   52.203188] Freed by task 13021:
[   52.206528]  save_stack_trace+0x16/0x20
[   52.210475]  save_stack+0x43/0xd0
[   52.213900]  kasan_slab_free+0x72/0xc0
[   52.217762]  kmem_cache_free+0xc7/0x300
[   52.221712]  sock_destroy_inode+0x56/0x70
[   52.225833]  destroy_inode+0xc3/0x120
[   52.229603]  evict+0x329/0x4f0
[   52.232772]  iput+0x47b/0x900
[   52.235849]  dentry_unlink_inode+0x470/0x570
[   52.240226]  __dentry_kill+0x25b/0x480
[   52.244084]  dput.part.23+0x680/0x7b0
[   52.247865]  dput+0x1f/0x30
[   52.250787]  __fput+0x46a/0x6e0
[   52.254037]  ____fput+0x15/0x20
[   52.257290]  task_work_run+0x115/0x190
[   52.261149]  exit_to_usermode_loop+0xfc/0x120
[   52.265614]  do_fast_syscall_32+0x5de/0x890
[   52.269907]  entry_SYSENTER_compat+0x74/0x83
[   52.274282] 
[   52.275883] The buggy address belongs to the object at ffff8801cc6c8cc0
[   52.275883]  which belongs to the cache sock_inode_cache of size 944
[   52.288944] The buggy address is located 0 bytes inside of
[   52.288944]  944-byte region [ffff8801cc6c8cc0, ffff8801cc6c9070)
[   52.300613] The buggy address belongs to the page:
[   52.305516] page:ffffea000731b200 count:1 mapcount:0 mapping:          (null) index:0x0 compound_mapcount: 0
[   52.315688] flags: 0x8000000000004080(slab|head)
[   52.320413] page dumped because: kasan: bad access detected
[   52.326090] 
[   52.327690] Memory state around the buggy address:
[   52.332591]  ffff8801cc6c8b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.339922]  ffff8801cc6c8c00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[   52.347254] >ffff8801cc6c8c80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   52.354583]                                            ^
[   52.360005]  ffff8801cc6c8d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.367338]  ffff8801cc6c8d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.374839] ==================================================================
[   52.382174] Disabling lock debugging due to kernel taint
[   52.443618] Kernel panic - not syncing: panic_on_warn set ...
[   52.443618] 
[   52.451032] CPU: 0 PID: 13041 Comm: syz-executor5 Tainted: G    B           4.9.79-g71f1469 #34
[   52.459859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.469208]  ffff8801b3127ad0 ffffffff81d94829 ffffffff8419709f ffff8801b3127ba8
[   52.477247]  0000000000000000 ffff8801cc6c8cc0 ffff8801b5a60558 ffff8801b3127b98
[   52.485321]  ffffffff8142f531 0000000041b58ab3 ffffffff8418ab10 ffffffff8142f375
[   52.493378] Call Trace:
[   52.495961]  [<ffffffff81d94829>] dump_stack+0xc1/0x128
[   52.501319]  [<ffffffff8142f531>] panic+0x1bc/0x3a8
[   52.506333]  [<ffffffff8142f375>] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7
[   52.514564]  [<ffffffff838a41a5>] ? preempt_schedule+0x25/0x30
[   52.520530]  [<ffffffff81003066>] ? ___preempt_schedule+0x16/0x18
[   52.526761]  [<ffffffff8153dff0>] kasan_end_report+0x50/0x50
[   52.532561]  [<ffffffff8153e497>] kasan_report+0x167/0x360
[   52.538178]  [<ffffffff832e8a64>] ? inet_shutdown+0x2d4/0x350
[   52.544039]  [<ffffffff83589e40>] ? pppol2tp_recvmsg+0x2b0/0x2b0
[   52.550160]  [<ffffffff8153e6e4>] __asan_report_load4_noabort+0x14/0x20
[   52.556884]  [<ffffffff832e8a64>] inet_shutdown+0x2d4/0x350
[   52.562566]  [<ffffffff83589e40>] ? pppol2tp_recvmsg+0x2b0/0x2b0
[   52.568678]  [<ffffffff83589ee0>] pppol2tp_session_close+0xa0/0xe0
[   52.574966]  [<ffffffff835848df>] l2tp_tunnel_closeall+0x21f/0x3a0
[   52.581257]  [<ffffffff8348b190>] ? udp_v6_flush_pending_frames+0xe0/0xe0
[   52.588167]  [<ffffffff82ed49f0>] ? sock_release+0x1e0/0x1e0
[   52.593934]  [<ffffffff835854e7>] l2tp_udp_encap_destroy+0x87/0xe0
[   52.600228]  [<ffffffff83585460>] ? l2tp_tunnel_destruct+0x5a0/0x5a0
[   52.606702]  [<ffffffff8348b241>] udpv6_destroy_sock+0xb1/0xd0
[   52.612651]  [<ffffffff82eeb5ab>] sk_common_release+0x6b/0x2f0
[   52.618680]  [<ffffffff8348a1f5>] udp_lib_close+0x15/0x20
[   52.624187]  [<ffffffff832e8bda>] inet_release+0xfa/0x1d0
[   52.629694]  [<ffffffff8340f730>] inet6_release+0x50/0x70
[   52.635201]  [<ffffffff82ed489d>] sock_release+0x8d/0x1e0
[   52.640707]  [<ffffffff82ed4a06>] sock_close+0x16/0x20
[   52.645956]  [<ffffffff8157551c>] __fput+0x28c/0x6e0
[   52.651028]  [<ffffffff815759f5>] ____fput+0x15/0x20
[   52.656102]  [<ffffffff811957c5>] task_work_run+0x115/0x190
[   52.661781]  [<ffffffff81003a4c>] exit_to_usermode_loop+0xfc/0x120
[   52.668079]  [<ffffffff810072ae>] do_fast_syscall_32+0x5de/0x890
[   52.674196]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   52.680834]  [<ffffffff838b4d34>] entry_SYSENTER_compat+0x74/0x83
[   52.687499] Dumping ftrace buffer:
[   52.691019]    (ftrace buffer empty)
[   52.694698] Kernel Offset: disabled
[   52.698305] Rebooting in 86400 seconds..