[....] Starting enhanced syslogd: rsyslogd[   12.055524] audit: type=1400 audit(1514540489.603:5): avc:  denied  { syslog } for  pid=2991 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.708765] audit: type=1400 audit(1514540496.256:6): avc:  denied  { map } for  pid=3131 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts.
executing program
[   40.436901] audit: type=1400 audit(1514540517.984:7): avc:  denied  { map } for  pid=3148 comm="syzkaller274632" path="/root/syzkaller274632759" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   40.441427] ==================================================================
[   40.441445] BUG: KASAN: slab-out-of-bounds in cap_convert_nscap+0x501/0x610
[   40.441449] Read of size 4 at addr ffff8801cb5b85c0 by task syzkaller274632/3148
[   40.441450] 
[   40.441456] CPU: 1 PID: 3148 Comm: syzkaller274632 Not tainted 4.15.0-rc5+ #240
[   40.441459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.441461] Call Trace:
[   40.441469]  dump_stack+0x194/0x257
[   40.441477]  ? arch_local_irq_restore+0x53/0x53
[   40.441485]  ? show_regs_print_info+0x18/0x18
[   40.441494]  ? lock_release+0xa40/0xa40
[   40.441499]  ? cap_convert_nscap+0x501/0x610
[   40.441507]  print_address_description+0x73/0x250
[   40.441512]  ? cap_convert_nscap+0x501/0x610
[   40.441518]  kasan_report+0x25b/0x340
[   40.441527]  __asan_report_load4_noabort+0x14/0x20
[   40.441533]  cap_convert_nscap+0x501/0x610
[   40.441539]  ? kasan_check_write+0x14/0x20
[   40.441550]  setxattr+0x365/0x400
[   40.441553]  ? setxattr+0x365/0x400
[   40.441561]  ? vfs_setxattr+0xe0/0xe0
[   40.441567]  ? lock_acquire+0x1d5/0x580
[   40.441570]  ? lock_acquire+0x1d5/0x580
[   40.441575]  ? mnt_want_write_file_path+0x68/0x110
[   40.441588]  ? __lock_is_held+0xb6/0x140
[   40.441605]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.441610]  ? rcu_sync_lockdep_assert+0x6d/0xb0
[   40.441614]  ? mnt_clone_write+0xc9/0x110
[   40.441620]  ? __mnt_want_write_file+0x7c/0xb0
[   40.441630]  SyS_fsetxattr+0x130/0x190
[   40.441641]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   40.441646] RIP: 0033:0x43fcb9
[   40.441648] RSP: 002b:00007ffceb9ed048 EFLAGS: 00000203 ORIG_RAX: 00000000000000be
[   40.441653] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fcb9
[   40.441655] RDX: 00000000209b8000 RSI: 0000000020d4bfe8 RDI: 0000000000000003
[   40.441658] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   40.441660] R10: 0000000000000001 R11: 0000000000000203 R12: 0000000000401620
[   40.441663] R13: 00000000004016b0 R14: 0000000000000000 R15: 0000000000000000
[   40.441679] 
[   40.441681] Allocated by task 3148:
[   40.441685]  save_stack+0x43/0xd0
[   40.441689]  kasan_kmalloc+0xad/0xe0
[   40.441693]  __kmalloc_node+0x47/0x70
[   40.441697]  kvmalloc_node+0x99/0xd0
[   40.441700]  setxattr+0x152/0x400
[   40.441703]  SyS_fsetxattr+0x130/0x190
[   40.441707]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   40.441708] 
[   40.441710] Freed by task 1646:
[   40.441713]  save_stack+0x43/0xd0
[   40.441716]  kasan_slab_free+0x71/0xc0
[   40.441719]  kfree+0xd6/0x260
[   40.441724]  sel_write_context+0x1bd/0x340
[   40.441727]  selinux_transaction_write+0xd1/0x130
[   40.441731]  __vfs_write+0xef/0x970
[   40.441733]  vfs_write+0x189/0x510
[   40.441736]  SyS_write+0xef/0x220
[   40.441740]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   40.441741] 
[   40.441744] The buggy address belongs to the object at ffff8801cb5b85c0
[   40.441744]  which belongs to the cache kmalloc-32 of size 32
[   40.441747] The buggy address is located 0 bytes inside of
[   40.441747]  32-byte region [ffff8801cb5b85c0, ffff8801cb5b85e0)
[   40.441749] The buggy address belongs to the page:
[   40.441753] page:00000000ed0eaf71 count:1 mapcount:0 mapping:000000001f984ceb index:0xffff8801cb5b8fc1
[   40.441757] flags: 0x2fffc0000000100(slab)
[   40.441764] raw: 02fffc0000000100 ffff8801cb5b8000 ffff8801cb5b8fc1 000000010000003f
[   40.441768] raw: ffffea00072468e0 ffffea0007246e20 ffff8801db0001c0 0000000000000000
[   40.441770] page dumped because: kasan: bad access detected
[   40.441772] 
[   40.441773] Memory state around the buggy address:
[   40.441777]  ffff8801cb5b8480: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   40.441780]  ffff8801cb5b8500: 00 00 01 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   40.441783] >ffff8801cb5b8580: fb fb fb fb fc fc fc fc 01 fc fc fc fc fc fc fc
[   40.441784]                                            ^
[   40.441787]  ffff8801cb5b8600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   40.441790]  ffff8801cb5b8680: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   40.441792] ==================================================================
[   40.441793] Disabling lock debugging due to kernel taint
[   40.441796] Kernel panic - not syncing: panic_on_warn set ...
[   40.441796] 
[   40.441800] CPU: 1 PID: 3148 Comm: syzkaller274632 Tainted: G    B            4.15.0-rc5+ #240
[   40.441802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.441803] Call Trace:
[   40.441807]  dump_stack+0x194/0x257
[   40.441812]  ? arch_local_irq_restore+0x53/0x53
[   40.441815]  ? kasan_end_report+0x32/0x50
[   40.441820]  ? lock_downgrade+0x980/0x980
[   40.441825]  ? vsnprintf+0x1ed/0x1900
[   40.441830]  ? cap_convert_nscap+0x410/0x610
[   40.441835]  panic+0x1e4/0x41c
[   40.441839]  ? refcount_error_report+0x214/0x214
[   40.441845]  ? add_taint+0x40/0x50
[   40.441849]  ? add_taint+0x1c/0x50
[   40.441855]  ? cap_convert_nscap+0x501/0x610
[   40.441859]  kasan_end_report+0x50/0x50
[   40.441862]  kasan_report+0x144/0x340
[   40.441869]  __asan_report_load4_noabort+0x14/0x20
[   40.441873]  cap_convert_nscap+0x501/0x610
[   40.441877]  ? kasan_check_write+0x14/0x20
[   40.441883]  setxattr+0x365/0x400
[   40.441886]  ? setxattr+0x365/0x400
[   40.441892]  ? vfs_setxattr+0xe0/0xe0
[   40.441896]  ? lock_acquire+0x1d5/0x580
[   40.441899]  ? lock_acquire+0x1d5/0x580
[   40.441903]  ? mnt_want_write_file_path+0x68/0x110
[   40.441911]  ? __lock_is_held+0xb6/0x140
[   40.441921]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.441925]  ? rcu_sync_lockdep_assert+0x6d/0xb0
[   40.441928]  ? mnt_clone_write+0xc9/0x110
[   40.441933]  ? __mnt_want_write_file+0x7c/0xb0
[   40.441939]  SyS_fsetxattr+0x130/0x190
[   40.441945]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   40.441948] RIP: 0033:0x43fcb9
[   40.441950] RSP: 002b:00007ffceb9ed048 EFLAGS: 00000203 ORIG_RAX: 00000000000000be
[   40.441954] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fcb9
[   40.441956] RDX: 00000000209b8000 RSI: 0000000020d4bfe8 RDI: 0000000000000003
[   40.441958] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   40.441960] R10: 0000000000000001 R11: 0000000000000203 R12: 0000000000401620
[   40.441962] R13: 00000000004016b0 R14: 0000000000000000 R15: 0000000000000000
[   40.462783] Dumping ftrace buffer:
[   40.462787]    (ftrace buffer empty)
[   40.462789] Kernel Offset: disabled
[   41.057625] Rebooting in 86400 seconds..