[....] Starting enhanced syslogd: rsyslogd[   11.973843] audit: type=1400 audit(1514760173.154:5): avc:  denied  { syslog } for  pid=3340 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.073605] audit: type=1400 audit(1514760178.254:6): avc:  denied  { map } for  pid=3478 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.203' (ECDSA) to the list of known hosts.
executing program
[   23.377166] audit: type=1400 audit(1514760184.557:7): avc:  denied  { map } for  pid=3492 comm="syzkaller233465" path="/root/syzkaller233465124" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   23.387293] device syz0 entered promiscuous mode
[   23.410614] ==================================================================
[   23.410639] BUG: KASAN: slab-out-of-bounds in __dev_queue_xmit+0x27c8/0x2920
[   23.410646] Read of size 2 at addr ffff8801c00a8920 by task syzkaller233465/3492
[   23.410648] 
[   23.410657] CPU: 1 PID: 3492 Comm: syzkaller233465 Not tainted 4.15.0-rc5+ #244
[   23.410661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.410664] Call Trace:
[   23.410676]  dump_stack+0x194/0x257
[   23.410690]  ? arch_local_irq_restore+0x53/0x53
[   23.410702]  ? show_regs_print_info+0x18/0x18
[   23.410717]  ? lock_release+0xa40/0xa40
[   23.410727]  ? __dev_queue_xmit+0x27c8/0x2920
[   23.410741]  print_address_description+0x73/0x250
[   23.410751]  ? __dev_queue_xmit+0x27c8/0x2920
[   23.410761]  kasan_report+0x25b/0x340
[   23.410777]  __asan_report_load2_noabort+0x14/0x20
[   23.410784]  __dev_queue_xmit+0x27c8/0x2920
[   23.410808]  ? netdev_pick_tx+0x300/0x300
[   23.410817]  ? check_noncircular+0x20/0x20
[   23.410832]  ? find_held_lock+0x35/0x1d0
[   23.410854]  ? __might_fault+0x110/0x1d0
[   23.410865]  ? lock_downgrade+0x980/0x980
[   23.410879]  ? lock_release+0xa40/0xa40
[   23.410888]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   23.410898]  ? refcount_add+0x24/0x60
[   23.410910]  ? skb_set_owner_w+0x232/0x330
[   23.410933]  ? kasan_check_write+0x14/0x20
[   23.410941]  ? copyin+0x91/0xb0
[   23.410955]  ? _copy_from_iter+0x367/0xf30
[   23.410966]  ? __check_object_size+0x25d/0x4f0
[   23.410979]  ? check_stack_object+0x140/0x140
[   23.410992]  ? copy_page_to_iter+0xe10/0xe10
[   23.411007]  ? _copy_from_iter_full+0x22b/0xbb0
[   23.411028]  ? skb_copy_datagram_from_iter+0x3b1/0x5c0
[   23.411037]  ? iov_iter_advance+0x13f0/0x13f0
[   23.411055]  dev_queue_xmit+0x17/0x20
[   23.411064]  ? dev_queue_xmit+0x17/0x20
[   23.411076]  packet_sendmsg+0x3aed/0x60b0
[   23.411090]  ? find_held_lock+0x35/0x1d0
[   23.411113]  ? avc_has_perm+0x35e/0x680
[   23.411142]  ? __mem_cgroup_threshold+0x891/0x8f0
[   23.411164]  ? packet_cached_dev_get+0x2b0/0x2b0
[   23.411182]  ? avc_has_perm+0x43e/0x680
[   23.411198]  ? avc_has_perm_noaudit+0x520/0x520
[   23.411204]  ? __handle_mm_fault+0x2747/0x3ce0
[   23.411215]  ? lock_downgrade+0x980/0x980
[   23.411229]  ? lock_release+0xa40/0xa40
[   23.411248]  ? find_held_lock+0x35/0x1d0
[   23.411268]  ? avc_has_perm+0x35e/0x680
[   23.411283]  ? sock_has_perm+0x2a4/0x420
[   23.411297]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   23.411342]  ? selinux_socket_sendmsg+0x36/0x40
[   23.411350]  ? security_socket_sendmsg+0x89/0xb0
[   23.411359]  ? packet_cached_dev_get+0x2b0/0x2b0
[   23.411371]  sock_sendmsg+0xca/0x110
[   23.411384]  sock_write_iter+0x31a/0x5d0
[   23.411396]  ? sock_sendmsg+0x110/0x110
[   23.411421]  ? iov_iter_init+0xaf/0x1d0
[   23.411437]  __vfs_write+0x684/0x970
[   23.411454]  ? kernel_read+0x120/0x120
[   23.411461]  ? bpf_fd_pass+0x280/0x280
[   23.411478]  ? _cond_resched+0x14/0x30
[   23.411494]  ? selinux_file_permission+0x82/0x460
[   23.411520]  ? rw_verify_area+0xe5/0x2b0
[   23.411528]  ? __fdget_raw+0x20/0x20
[   23.411541]  vfs_write+0x189/0x510
[   23.411557]  SyS_write+0xef/0x220
[   23.411570]  ? SyS_read+0x220/0x220
[   23.411577]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.411591]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   23.411612]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   23.411619] RIP: 0033:0x444449
[   23.411624] RSP: 002b:00007fffd57dd798 EFLAGS: 00000297 ORIG_RAX: 0000000000000001
[   23.411632] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444449
[   23.411637] RDX: 00000000000000ce RSI: 0000000020fecf2b RDI: 0000000000000005
[   23.411641] RBP: 00000000006cf018 R08: 0000000000402130 R09: 0000000000402130
[   23.411645] R10: 0000000000402130 R11: 0000000000000297 R12: 0000000000402130
[   23.411650] R13: 00000000004021c0 R14: 0000000000000000 R15: 0000000000000000
[   23.411680] 
[   23.411684] Allocated by task 3492:
[   23.411691]  save_stack+0x43/0xd0
[   23.411697]  kasan_kmalloc+0xad/0xe0
[   23.411702]  __kmalloc_node_track_caller+0x47/0x70
[   23.411707]  __kmalloc_reserve.isra.39+0x41/0xd0
[   23.411712]  __alloc_skb+0x13b/0x780
[   23.411718]  alloc_skb_with_frags+0x10d/0x750
[   23.411725]  sock_alloc_send_pskb+0x787/0x9b0
[   23.411730]  packet_sendmsg+0x1ece/0x60b0
[   23.411735]  sock_sendmsg+0xca/0x110
[   23.411740]  sock_write_iter+0x31a/0x5d0
[   23.411745]  __vfs_write+0x684/0x970
[   23.411750]  vfs_write+0x189/0x510
[   23.411757]  SyS_write+0xef/0x220
[   23.411763]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   23.411765] 
[   23.411768] Freed by task 0:
[   23.411770] (stack is not available)
[   23.411772] 
[   23.411777] The buggy address belongs to the object at ffff8801c00a84c0
[   23.411777]  which belongs to the cache kmalloc-1024 of size 1024
[   23.411783] The buggy address is located 96 bytes to the right of
[   23.411783]  1024-byte region [ffff8801c00a84c0, ffff8801c00a88c0)
[   23.411786] The buggy address belongs to the page:
[   23.411792] page:00000000f9d8af66 count:1 mapcount:0 mapping:00000000603a6de8 index:0x0 compound_mapcount: 0
[   23.411802] flags: 0x2fffc0000008100(slab|head)
[   23.411813] raw: 02fffc0000008100 ffff8801c00a8040 0000000000000000 0000000100000007
[   23.411821] raw: ffffea0007019d20 ffff8801dac01848 ffff8801dac00ac0 0000000000000000
[   23.411824] page dumped because: kasan: bad access detected
[   23.411826] 
[   23.411828] Memory state around the buggy address:
[   23.411834]  ffff8801c00a8800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.411839]  ffff8801c00a8880: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   23.411844] >ffff8801c00a8900: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   23.411847]                                ^
[   23.411852]  ffff8801c00a8980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.411857]  ffff8801c00a8a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.411859] ==================================================================
[   23.411862] Disabling lock debugging due to kernel taint
[   23.411880] Kernel panic - not syncing: panic_on_warn set ...
[   23.411880] 
[   23.411887] CPU: 1 PID: 3492 Comm: syzkaller233465 Tainted: G    B            4.15.0-rc5+ #244
[   23.411890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.411891] Call Trace:
[   23.411899]  dump_stack+0x194/0x257
[   23.411907]  ? arch_local_irq_restore+0x53/0x53
[   23.411914]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   23.411922]  ? vsnprintf+0x1ed/0x1900
[   23.411930]  ? __dev_queue_xmit+0x2730/0x2920
[   23.411939]  panic+0x1e4/0x41c
[   23.411946]  ? refcount_error_report+0x214/0x214
[   23.411955]  ? add_taint+0x1c/0x50
[   23.411961]  ? add_taint+0x1c/0x50
[   23.411969]  ? __dev_queue_xmit+0x27c8/0x2920
[   23.411975]  kasan_end_report+0x50/0x50
[   23.411982]  kasan_report+0x144/0x340
[   23.411993]  __asan_report_load2_noabort+0x14/0x20
[   23.411999]  __dev_queue_xmit+0x27c8/0x2920
[   23.412016]  ? netdev_pick_tx+0x300/0x300
[   23.412023]  ? check_noncircular+0x20/0x20
[   23.412031]  ? find_held_lock+0x35/0x1d0
[   23.412042]  ? __might_fault+0x110/0x1d0
[   23.412050]  ? lock_downgrade+0x980/0x980
[   23.412058]  ? lock_release+0xa40/0xa40
[   23.412064]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   23.412070]  ? refcount_add+0x24/0x60
[   23.412077]  ? skb_set_owner_w+0x232/0x330
[   23.412089]  ? kasan_check_write+0x14/0x20
[   23.412094]  ? copyin+0x91/0xb0
[   23.412103]  ? _copy_from_iter+0x367/0xf30
[   23.412110]  ? __check_object_size+0x25d/0x4f0
[   23.412126]  ? check_stack_object+0x140/0x140
[   23.412136]  ? copy_page_to_iter+0xe10/0xe10
[   23.412143]  ? _copy_from_iter_full+0x22b/0xbb0
[   23.412156]  ? skb_copy_datagram_from_iter+0x3b1/0x5c0
[   23.412163]  ? iov_iter_advance+0x13f0/0x13f0
[   23.412175]  dev_queue_xmit+0x17/0x20
[   23.412181]  ? dev_queue_xmit+0x17/0x20
[   23.412188]  packet_sendmsg+0x3aed/0x60b0
[   23.412197]  ? find_held_lock+0x35/0x1d0
[   23.412209]  ? avc_has_perm+0x35e/0x680
[   23.412222]  ? __mem_cgroup_threshold+0x891/0x8f0
[   23.412235]  ? packet_cached_dev_get+0x2b0/0x2b0
[   23.412246]  ? avc_has_perm+0x43e/0x680
[   23.412256]  ? avc_has_perm_noaudit+0x520/0x520
[   23.412262]  ? __handle_mm_fault+0x2747/0x3ce0
[   23.412269]  ? lock_downgrade+0x980/0x980
[   23.412279]  ? lock_release+0xa40/0xa40
[   23.412291]  ? find_held_lock+0x35/0x1d0
[   23.412303]  ? avc_has_perm+0x35e/0x680
[   23.412312]  ? sock_has_perm+0x2a4/0x420
[   23.412321]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   23.412344]  ? selinux_socket_sendmsg+0x36/0x40
[   23.412351]  ? security_socket_sendmsg+0x89/0xb0
[   23.412358]  ? packet_cached_dev_get+0x2b0/0x2b0
[   23.412366]  sock_sendmsg+0xca/0x110
[   23.412375]  sock_write_iter+0x31a/0x5d0
[   23.412384]  ? sock_sendmsg+0x110/0x110
[   23.412399]  ? iov_iter_init+0xaf/0x1d0
[   23.412409]  __vfs_write+0x684/0x970
[   23.412420]  ? kernel_read+0x120/0x120
[   23.412426]  ? bpf_fd_pass+0x280/0x280
[   23.412435]  ? _cond_resched+0x14/0x30
[   23.412446]  ? selinux_file_permission+0x82/0x460
[   23.412461]  ? rw_verify_area+0xe5/0x2b0
[   23.412467]  ? __fdget_raw+0x20/0x20
[   23.412476]  vfs_write+0x189/0x510
[   23.412485]  SyS_write+0xef/0x220
[   23.412494]  ? SyS_read+0x220/0x220
[   23.412500]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.412508]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   23.412520]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   23.412525] RIP: 0033:0x444449
[   23.412528] RSP: 002b:00007fffd57dd798 EFLAGS: 00000297 ORIG_RAX: 0000000000000001
[   23.412535] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444449
[   23.412538] RDX: 00000000000000ce RSI: 0000000020fecf2b RDI: 0000000000000005
[   23.412542] RBP: 00000000006cf018 R08: 0000000000402130 R09: 0000000000402130
[   23.412546] R10: 0000000000402130 R11: 0000000000000297 R12: 0000000000402130
[   23.412549] R13: 00000000004021c0 R14: 0000000000000000 R15: 0000000000000000
[   23.412987] Dumping ftrace buffer:
[   23.412991]    (ftrace buffer empty)
[   23.412994] Kernel Offset: disabled
[   24.342300] Rebooting in 86400 seconds..