[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   18.314584] audit: type=1400 audit(1520595527.950:6): avc:  denied  { map } for  pid=4210 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts.
syzkaller login: [   24.620958] audit: type=1400 audit(1520595534.256:7): avc:  denied  { map } for  pid=4224 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/03/09 11:38:54 parsed 1 programs
2018/03/09 11:38:54 executed programs: 0
[   24.868987] audit: type=1400 audit(1520595534.504:8): avc:  denied  { map } for  pid=4224 comm="syz-execprog" path="/root/syzkaller-shm340236244" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   24.881949] IPVS: ftp: loaded support on port[0] = 21
[   25.144416] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   25.487439] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   25.493545] 8021q: adding VLAN 0 to HW filter on device bond0
[   25.529648] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   25.567489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   25.583131] ==================================================================
[   25.590552] BUG: KASAN: use-after-free in ip6_xmit+0x1f76/0x2260
[   25.596669] Read of size 8 at addr ffff8801cb356b18 by task syz-executor0/4390
[   25.603995] 
[   25.605604] CPU: 1 PID: 4390 Comm: syz-executor0 Not tainted 4.16.0-rc4+ #256
[   25.612846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.622182] Call Trace:
[   25.624758]  dump_stack+0x194/0x24d
[   25.628366]  ? arch_local_irq_restore+0x53/0x53
[   25.633019]  ? show_regs_print_info+0x18/0x18
[   25.637503]  ? ip6_xmit+0x1f76/0x2260
[   25.641283]  print_address_description+0x73/0x250
[   25.646102]  ? ip6_xmit+0x1f76/0x2260
[   25.649875]  kasan_report+0x23c/0x360
[   25.653656]  __asan_report_load8_noabort+0x14/0x20
[   25.658559]  ip6_xmit+0x1f76/0x2260
[   25.662175]  ? ip6_finish_output2+0x23a0/0x23a0
[   25.666820]  ? fl6_update_dst+0x127/0x2b0
[   25.670948]  ? inet6_csk_route_socket+0x691/0xe80
[   25.675768]  ? trace_hardirqs_off+0x10/0x10
[   25.680066]  ? lock_acquire+0x1d5/0x580
[   25.684015]  ? lock_acquire+0x1d5/0x580
[   25.688142]  ? inet6_csk_xmit+0x114/0x580
[   25.692263]  ? trace_hardirqs_off+0x10/0x10
[   25.696563]  ? lock_release+0xa40/0xa40
[   25.700528]  inet6_csk_xmit+0x2fc/0x580
[   25.704481]  ? inet6_csk_update_pmtu+0x160/0x160
[   25.709227]  ? __sk_dst_check+0x1a5/0x380
[   25.713351]  ? sock_kfree_s+0x60/0x60
[   25.717142]  l2tp_xmit_skb+0x105f/0x1410
[   25.721362]  ? l2tp_session_create+0xb80/0xb80
[   25.725918]  ? sock_wmalloc+0x15d/0x1d0
[   25.729868]  ? iov_iter_advance+0x13f0/0x13f0
[   25.734340]  ? pppol2tp_sendmsg+0x41b/0x670
[   25.738638]  pppol2tp_sendmsg+0x470/0x670
[   25.742761]  ? selinux_socket_sendmsg+0x36/0x40
[   25.747405]  ? pppol2tp_getsockopt+0x900/0x900
[   25.751965]  sock_sendmsg+0xca/0x110
[   25.755656]  ___sys_sendmsg+0x767/0x8b0
[   25.759612]  ? copy_msghdr_from_user+0x590/0x590
[   25.764349]  ? __handle_mm_fault+0x5ba/0x38c0
[   25.768823]  ? __pmd_alloc+0x4e0/0x4e0
[   25.772682]  ? trace_hardirqs_off+0x10/0x10
[   25.776977]  ? release_sock+0x1d4/0x2a0
[   25.781152]  ? trace_hardirqs_on+0xd/0x10
[   25.785279]  ? __fget_light+0x2b2/0x3c0
[   25.789227]  ? fget_raw+0x20/0x20
[   25.792673]  ? find_held_lock+0x35/0x1d0
[   25.796726]  __sys_sendmsg+0xe5/0x210
[   25.800513]  ? __sys_sendmsg+0xe5/0x210
[   25.804466]  ? SyS_shutdown+0x290/0x290
[   25.808428]  ? compat_SyS_futex+0x288/0x380
[   25.812750]  compat_SyS_sendmsg+0x2a/0x40
[   25.816885]  ? compat_SyS_getsockopt+0x420/0x420
[   25.821617]  do_fast_syscall_32+0x3ec/0xf9f
[   25.825921]  ? do_int80_syscall_32+0x9c0/0x9c0
[   25.830480]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.835219]  ? syscall_return_slowpath+0x2ac/0x550
[   25.840140]  ? prepare_exit_to_usermode+0x350/0x350
[   25.845134]  ? sysret32_from_system_call+0x5/0x3c
[   25.849956]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   25.854780]  entry_SYSENTER_compat+0x70/0x7f
[   25.859175] RIP: 0023:0xf7f04c99
[   25.862514] RSP: 002b:00000000ffa6012c EFLAGS: 00000286 ORIG_RAX: 0000000000000172
[   25.870194] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000002037ffc8
[   25.877442] RDX: 0000000000000081 RSI: 0000000000000000 RDI: 0000000000000000
[   25.884686] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   25.891938] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   25.899180] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   25.906440] 
[   25.908046] Allocated by task 4222:
[   25.911651]  save_stack+0x43/0xd0
[   25.915077]  kasan_kmalloc+0xad/0xe0
[   25.918763]  kasan_slab_alloc+0x12/0x20
[   25.922708]  kmem_cache_alloc+0x12e/0x760
[   25.926829]  dst_alloc+0x11f/0x1a0
[   25.930343]  rt_dst_alloc+0xe9/0x520
[   25.934036]  ip_route_output_key_hash_rcu+0xa59/0x2f00
[   25.939294]  ip_route_output_key_hash+0x20b/0x370
[   25.944110]  __ip4_datagram_connect+0xa67/0x1240
[   25.948839]  __ip6_datagram_connect+0x749/0x12d0
[   25.953566]  ip6_datagram_connect+0x2f/0x50
[   25.957862]  inet_dgram_connect+0x16b/0x1f0
[   25.962154]  SYSC_connect+0x213/0x4a0
[   25.965927]  SyS_connect+0x24/0x30
[   25.969439]  do_syscall_64+0x281/0x940
[   25.973299]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   25.978461] 
[   25.980067] Freed by task 0:
[   25.983061]  save_stack+0x43/0xd0
[   25.986492]  __kasan_slab_free+0x11a/0x170
[   25.990700]  kasan_slab_free+0xe/0x10
[   25.994493]  kmem_cache_free+0x83/0x2a0
[   25.998453]  dst_destroy+0x257/0x370
[   26.002144]  dst_destroy_rcu+0x16/0x20
[   26.006009]  rcu_process_callbacks+0xd6c/0x17f0
[   26.010658]  __do_softirq+0x2d7/0xb85
[   26.014602] 
[   26.016210] The buggy address belongs to the object at ffff8801cb356b00
[   26.016210]  which belongs to the cache ip_dst_cache of size 168
[   26.028939] The buggy address is located 24 bytes inside of
[   26.028939]  168-byte region [ffff8801cb356b00, ffff8801cb356ba8)
[   26.040700] The buggy address belongs to the page:
[   26.045603] page:ffffea00072cd580 count:1 mapcount:0 mapping:ffff8801cb356000 index:0xffff8801cb356000
[   26.055025] flags: 0x2fffc0000000100(slab)
[   26.059237] raw: 02fffc0000000100 ffff8801cb356000 ffff8801cb356000 000000010000000a
[   26.067087] raw: ffffea00072c36e0 ffff8801d5b6e738 ffff8801d5b71680 0000000000000000
[   26.074937] page dumped because: kasan: bad access detected
[   26.080617] 
[   26.082216] Memory state around the buggy address:
[   26.087116]  ffff8801cb356a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.094454]  ffff8801cb356a80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   26.101787] >ffff8801cb356b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.109117]                             ^
[   26.113234]  ffff8801cb356b80: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc
[   26.120564]  ffff8801cb356c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.127890] ==================================================================
[   26.135226] Disabling lock debugging due to kernel taint
[   26.140670] Kernel panic - not syncing: panic_on_warn set ...
[   26.140670] 
[   26.148024] CPU: 1 PID: 4390 Comm: syz-executor0 Tainted: G    B            4.16.0-rc4+ #256
[   26.156579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.166599] Call Trace:
[   26.169159]  dump_stack+0x194/0x24d
[   26.172762]  ? arch_local_irq_restore+0x53/0x53
[   26.177400]  ? kasan_end_report+0x32/0x50
[   26.181518]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.186247]  ? vsnprintf+0x1ed/0x1900
[   26.190030]  ? ip6_xmit+0x1f30/0x2260
[   26.193806]  panic+0x1e4/0x41c
[   26.196969]  ? refcount_error_report+0x214/0x214
[   26.201698]  ? add_taint+0x1c/0x50
[   26.205211]  ? add_taint+0x1c/0x50
[   26.208724]  ? ip6_xmit+0x1f76/0x2260
[   26.212495]  kasan_end_report+0x50/0x50
[   26.216437]  kasan_report+0x149/0x360
[   26.220212]  __asan_report_load8_noabort+0x14/0x20
[   26.225111]  ip6_xmit+0x1f76/0x2260
[   26.228714]  ? ip6_finish_output2+0x23a0/0x23a0
[   26.233353]  ? fl6_update_dst+0x127/0x2b0
[   26.237471]  ? inet6_csk_route_socket+0x691/0xe80
[   26.242287]  ? trace_hardirqs_off+0x10/0x10
[   26.246580]  ? lock_acquire+0x1d5/0x580
[   26.250524]  ? lock_acquire+0x1d5/0x580
[   26.254468]  ? inet6_csk_xmit+0x114/0x580
[   26.258586]  ? trace_hardirqs_off+0x10/0x10
[   26.262877]  ? lock_release+0xa40/0xa40
[   26.266833]  inet6_csk_xmit+0x2fc/0x580
[   26.270780]  ? inet6_csk_update_pmtu+0x160/0x160
[   26.275516]  ? __sk_dst_check+0x1a5/0x380
[   26.279637]  ? sock_kfree_s+0x60/0x60
[   26.283417]  l2tp_xmit_skb+0x105f/0x1410
[   26.287458]  ? l2tp_session_create+0xb80/0xb80
[   26.292013]  ? sock_wmalloc+0x15d/0x1d0
[   26.295964]  ? iov_iter_advance+0x13f0/0x13f0
[   26.300433]  ? pppol2tp_sendmsg+0x41b/0x670
[   26.304736]  pppol2tp_sendmsg+0x470/0x670
[   26.308859]  ? selinux_socket_sendmsg+0x36/0x40
[   26.313502]  ? pppol2tp_getsockopt+0x900/0x900
[   26.318055]  sock_sendmsg+0xca/0x110
[   26.321740]  ___sys_sendmsg+0x767/0x8b0
[   26.325686]  ? copy_msghdr_from_user+0x590/0x590
[   26.330416]  ? __handle_mm_fault+0x5ba/0x38c0
[   26.334883]  ? __pmd_alloc+0x4e0/0x4e0
[   26.338742]  ? trace_hardirqs_off+0x10/0x10
[   26.343039]  ? release_sock+0x1d4/0x2a0
[   26.346989]  ? trace_hardirqs_on+0xd/0x10
[   26.351113]  ? __fget_light+0x2b2/0x3c0
[   26.355057]  ? fget_raw+0x20/0x20
[   26.358485]  ? find_held_lock+0x35/0x1d0
[   26.362522]  __sys_sendmsg+0xe5/0x210
[   26.366293]  ? __sys_sendmsg+0xe5/0x210
[   26.370237]  ? SyS_shutdown+0x290/0x290
[   26.374186]  ? compat_SyS_futex+0x288/0x380
[   26.378488]  compat_SyS_sendmsg+0x2a/0x40
[   26.382608]  ? compat_SyS_getsockopt+0x420/0x420
[   26.387335]  do_fast_syscall_32+0x3ec/0xf9f
[   26.391629]  ? do_int80_syscall_32+0x9c0/0x9c0
[   26.396181]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.400912]  ? syscall_return_slowpath+0x2ac/0x550
[   26.405815]  ? prepare_exit_to_usermode+0x350/0x350
[   26.410808]  ? sysret32_from_system_call+0x5/0x3c
[   26.415625]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.420444]  entry_SYSENTER_compat+0x70/0x7f
[   26.424820] RIP: 0023:0xf7f04c99
[   26.428153] RSP: 002b:00000000ffa6012c EFLAGS: 00000286 ORIG_RAX: 0000000000000172
[   26.435834] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000002037ffc8
[   26.443076] RDX: 0000000000000081 RSI: 0000000000000000 RDI: 0000000000000000
[   26.450317] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   26.457557] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   26.464796] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   26.472424] Dumping ftrace buffer:
[   26.475945]    (ftrace buffer empty)
[   26.479626] Kernel Offset: disabled
[   26.483221] Rebooting in 86400 seconds..