[....] Starting enhanced syslogd: rsyslogd[   13.530622] audit: type=1400 audit(1516904732.455:5): avc:  denied  { syslog } for  pid=3497 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.254166] audit: type=1400 audit(1516904738.178:6): avc:  denied  { map } for  pid=3637 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.15' (ECDSA) to the list of known hosts.
[   25.563227] audit: type=1400 audit(1516904744.488:7): avc:  denied  { map } for  pid=3651 comm="syzkaller475089" path="/root/syzkaller475089532" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   25.932514] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   26.265651] ==================================================================
[   26.273062] BUG: KASAN: slab-out-of-bounds in ip6_xmit+0x1d8e/0x2040
[   26.279537] Read of size 8 at addr ffff8801c4854418 by task syzkaller475089/3652
[   26.287037] 
[   26.288641] CPU: 0 PID: 3652 Comm: syzkaller475089 Not tainted 4.15.0-rc9+ #189
[   26.296056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.305383] Call Trace:
[   26.307948]  dump_stack+0x194/0x257
[   26.311552]  ? arch_local_irq_restore+0x53/0x53
[   26.316196]  ? show_regs_print_info+0x18/0x18
[   26.320668]  ? ip6_xmit+0x1d8e/0x2040
[   26.324445]  print_address_description+0x73/0x250
[   26.329270]  ? ip6_xmit+0x1d8e/0x2040
[   26.333044]  kasan_report+0x25b/0x340
[   26.336820]  __asan_report_load8_noabort+0x14/0x20
[   26.341720]  ip6_xmit+0x1d8e/0x2040
[   26.345331]  ? ip6_finish_output2+0x23a0/0x23a0
[   26.349977]  ? fl6_update_dst+0x127/0x2b0
[   26.354100]  ? check_noncircular+0x20/0x20
[   26.358309]  ? inet6_csk_route_socket+0x691/0xe80
[   26.363127]  ? lock_acquire+0x1d5/0x580
[   26.367072]  ? lock_acquire+0x1d5/0x580
[   26.371024]  ? inet6_csk_xmit+0x114/0x580
[   26.375151]  ? lock_release+0xa40/0xa40
[   26.379112]  inet6_csk_xmit+0x2fc/0x580
[   26.383061]  ? inet6_csk_update_pmtu+0x160/0x160
[   26.387790]  ? __sk_dst_check+0x1a5/0x380
[   26.391911]  ? sk_wait_data+0x610/0x610
[   26.395873]  l2tp_xmit_skb+0x1068/0x1410
[   26.399926]  ? l2tp_session_create+0xc60/0xc60
[   26.404482]  ? sock_wmalloc+0x15d/0x1d0
[   26.408433]  ? iov_iter_advance+0x13f0/0x13f0
[   26.412904]  ? pppol2tp_sendmsg+0x41b/0x670
[   26.417200]  pppol2tp_sendmsg+0x470/0x670
[   26.421331]  ? selinux_socket_sendmsg+0x36/0x40
[   26.425979]  ? pppol2tp_session_ioctl+0xa90/0xa90
[   26.430794]  sock_sendmsg+0xca/0x110
[   26.434481]  ___sys_sendmsg+0x767/0x8b0
[   26.438433]  ? copy_msghdr_from_user+0x590/0x590
[   26.443169]  ? check_noncircular+0x20/0x20
[   26.447388]  ? check_noncircular+0x20/0x20
[   26.451604]  ? __pmd_alloc+0x4e0/0x4e0
[   26.455461]  ? selinux_socket_setsockopt+0x80/0x80
[   26.460361]  ? lock_release+0xa40/0xa40
[   26.464318]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   26.470181]  ? __fget_light+0x297/0x380
[   26.474130]  ? fget_raw+0x20/0x20
[   26.477571]  ? handle_mm_fault+0x248/0x8d0
[   26.481780]  ? find_held_lock+0x35/0x1d0
[   26.485830]  __sys_sendmsg+0xe5/0x210
[   26.489615]  ? __sys_sendmsg+0xe5/0x210
[   26.493564]  ? SyS_shutdown+0x290/0x290
[   26.497517]  ? handle_mm_fault+0x410/0x8d0
[   26.501735]  ? __do_page_fault+0x32d/0xc90
[   26.505953]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   26.510506]  ? vmacache_find+0x5f/0x280
[   26.514475]  compat_SyS_sendmsg+0x2a/0x40
[   26.518594]  ? compat_SyS_getsockopt+0x420/0x420
[   26.523322]  do_fast_syscall_32+0x3ee/0xf9d
[   26.527633]  ? do_int80_syscall_32+0x9d0/0x9d0
[   26.532187]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.536921]  ? syscall_return_slowpath+0x2ad/0x550
[   26.541822]  ? prepare_exit_to_usermode+0x340/0x340
[   26.546812]  ? retint_user+0x18/0x18
[   26.550504]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.555341]  entry_SYSENTER_compat+0x54/0x63
[   26.559722] RIP: 0023:0xf7f63c79
[   26.563058] RSP: 002b:00000000ff94a9ac EFLAGS: 00000246 ORIG_RAX: 0000000000000172
[   26.570737] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000002037ffc8
[   26.577988] RDX: 0000000000000081 RSI: 0000000000000000 RDI: 00000000080c1796
[   26.585230] RBP: 00000000080c1807 R08: 0000000000000000 R09: 0000000000000000
[   26.592470] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   26.599722] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   26.606979] 
[   26.608578] Allocated by task 0:
[   26.611912] (stack is not available)
[   26.615591] 
[   26.617189] Freed by task 0:
[   26.620175] (stack is not available)
[   26.623856] 
[   26.625456] The buggy address belongs to the object at ffff8801c4854400
[   26.625456]  which belongs to the cache ip_dst_cache of size 216
[   26.638169] The buggy address is located 24 bytes inside of
[   26.638169]  216-byte region [ffff8801c4854400, ffff8801c48544d8)
[   26.649925] The buggy address belongs to the page:
[   26.654827] page:ffffea0007121500 count:1 mapcount:0 mapping:ffff8801c4854040 index:0x0
[   26.662939] flags: 0x2fffc0000000100(slab)
[   26.667146] raw: 02fffc0000000100 ffff8801c4854040 0000000000000000 000000010000000c
[   26.674999] raw: ffffea00073f6360 ffff8801d6f3bb48 ffff8801d6f3a800 0000000000000000
[   26.682855] page dumped because: kasan: bad access detected
[   26.688532] 
[   26.690130] Memory state around the buggy address:
[   26.695032]  ffff8801c4854300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.702374]  ffff8801c4854380: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.709703] >ffff8801c4854400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.717035]                             ^
[   26.721152]  ffff8801c4854480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.728493]  ffff8801c4854500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.735821] ==================================================================
[   26.743148] Disabling lock debugging due to kernel taint
[   26.748605] Kernel panic - not syncing: panic_on_warn set ...
[   26.748605] 
[   26.755953] CPU: 0 PID: 3652 Comm: syzkaller475089 Tainted: G    B            4.15.0-rc9+ #189
[   26.764685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.774012] Call Trace:
[   26.776577]  dump_stack+0x194/0x257
[   26.780177]  ? arch_local_irq_restore+0x53/0x53
[   26.784818]  ? kasan_end_report+0x32/0x50
[   26.788935]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.793672]  ? vsnprintf+0x1ed/0x1900
[   26.797444]  ? ip6_xmit+0x1d10/0x2040
[   26.801216]  panic+0x1e4/0x41c
[   26.804380]  ? refcount_error_report+0x214/0x214
[   26.809109]  ? add_taint+0x1c/0x50
[   26.812631]  ? add_taint+0x1c/0x50
[   26.816140]  ? ip6_xmit+0x1d8e/0x2040
[   26.819911]  kasan_end_report+0x50/0x50
[   26.823856]  kasan_report+0x144/0x340
[   26.827628]  __asan_report_load8_noabort+0x14/0x20
[   26.832526]  ip6_xmit+0x1d8e/0x2040
[   26.836130]  ? ip6_finish_output2+0x23a0/0x23a0
[   26.840771]  ? fl6_update_dst+0x127/0x2b0
[   26.844889]  ? check_noncircular+0x20/0x20
[   26.849094]  ? inet6_csk_route_socket+0x691/0xe80
[   26.853908]  ? lock_acquire+0x1d5/0x580
[   26.857851]  ? lock_acquire+0x1d5/0x580
[   26.861795]  ? inet6_csk_xmit+0x114/0x580
[   26.865915]  ? lock_release+0xa40/0xa40
[   26.869867]  inet6_csk_xmit+0x2fc/0x580
[   26.873813]  ? inet6_csk_update_pmtu+0x160/0x160
[   26.878539]  ? __sk_dst_check+0x1a5/0x380
[   26.882667]  ? sk_wait_data+0x610/0x610
[   26.886619]  l2tp_xmit_skb+0x1068/0x1410
[   26.890656]  ? l2tp_session_create+0xc60/0xc60
[   26.895208]  ? sock_wmalloc+0x15d/0x1d0
[   26.899154]  ? iov_iter_advance+0x13f0/0x13f0
[   26.903623]  ? pppol2tp_sendmsg+0x41b/0x670
[   26.907916]  pppol2tp_sendmsg+0x470/0x670
[   26.912037]  ? selinux_socket_sendmsg+0x36/0x40
[   26.916688]  ? pppol2tp_session_ioctl+0xa90/0xa90
[   26.921500]  sock_sendmsg+0xca/0x110
[   26.925185]  ___sys_sendmsg+0x767/0x8b0
[   26.929132]  ? copy_msghdr_from_user+0x590/0x590
[   26.933866]  ? check_noncircular+0x20/0x20
[   26.938093]  ? check_noncircular+0x20/0x20
[   26.942308]  ? __pmd_alloc+0x4e0/0x4e0
[   26.946172]  ? selinux_socket_setsockopt+0x80/0x80
[   26.951069]  ? lock_release+0xa40/0xa40
[   26.955017]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   26.960872]  ? __fget_light+0x297/0x380
[   26.964817]  ? fget_raw+0x20/0x20
[   26.968243]  ? handle_mm_fault+0x248/0x8d0
[   26.972459]  ? find_held_lock+0x35/0x1d0
[   26.976496]  __sys_sendmsg+0xe5/0x210
[   26.980277]  ? __sys_sendmsg+0xe5/0x210
[   26.984220]  ? SyS_shutdown+0x290/0x290
[   26.988172]  ? handle_mm_fault+0x410/0x8d0
[   26.992381]  ? __do_page_fault+0x32d/0xc90
[   26.996589]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   27.001149]  ? vmacache_find+0x5f/0x280
[   27.005116]  compat_SyS_sendmsg+0x2a/0x40
[   27.009244]  ? compat_SyS_getsockopt+0x420/0x420
[   27.013980]  do_fast_syscall_32+0x3ee/0xf9d
[   27.018289]  ? do_int80_syscall_32+0x9d0/0x9d0
[   27.022841]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   27.027571]  ? syscall_return_slowpath+0x2ad/0x550
[   27.032469]  ? prepare_exit_to_usermode+0x340/0x340
[   27.037455]  ? retint_user+0x18/0x18
[   27.041142]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.045969]  entry_SYSENTER_compat+0x54/0x63
[   27.050349] RIP: 0023:0xf7f63c79
[   27.053691] RSP: 002b:00000000ff94a9ac EFLAGS: 00000246 ORIG_RAX: 0000000000000172
[   27.061377] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000002037ffc8
[   27.068618] RDX: 0000000000000081 RSI: 0000000000000000 RDI: 00000000080c1796
[   27.075860] RBP: 00000000080c1807 R08: 0000000000000000 R09: 0000000000000000
[   27.083100] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   27.090350] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   27.098096] Dumping ftrace buffer:
[   27.101608]    (ftrace buffer empty)
[   27.105291] Kernel Offset: disabled
[   27.108908] Rebooting in 86400 seconds..