[....] Starting enhanced syslogd: rsyslogd[   16.196013] audit: type=1400 audit(1520316119.553:5): avc:  denied  { syslog } for  pid=3966 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   21.323647] audit: type=1400 audit(1520316124.681:6): avc:  denied  { map } for  pid=4106 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.15' (ECDSA) to the list of known hosts.
[   27.655833] audit: type=1400 audit(1520316131.013:7): avc:  denied  { map } for  pid=4120 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/03/06 06:02:11 parsed 1 programs
2018/03/06 06:02:11 executed programs: 0
[   27.895460] audit: type=1400 audit(1520316131.253:8): avc:  denied  { map } for  pid=4120 comm="syz-execprog" path="/root/syzkaller-shm702001817" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   27.912041] IPVS: ftp: loaded support on port[0] = 21
[   27.953026] ==================================================================
[   27.960503] BUG: KASAN: slab-out-of-bounds in setup_udp_tunnel_sock+0x3ee/0x5f0
[   27.967925] Write of size 1 at addr ffff8801c93d2b50 by task syz-executor0/4129
[   27.975348] 
[   27.976953] CPU: 0 PID: 4129 Comm: syz-executor0 Not tainted 4.16.0-rc4+ #252
[   27.984199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.993534] Call Trace:
[   27.996110]  dump_stack+0x194/0x24d
[   27.999717]  ? arch_local_irq_restore+0x53/0x53
[   28.004364]  ? show_regs_print_info+0x18/0x18
[   28.008837]  ? find_held_lock+0x35/0x1d0
[   28.012875]  ? setup_udp_tunnel_sock+0x3ee/0x5f0
[   28.017608]  print_address_description+0x73/0x250
[   28.022428]  ? setup_udp_tunnel_sock+0x3ee/0x5f0
[   28.027157]  kasan_report+0x23c/0x360
[   28.030934]  __asan_report_store1_noabort+0x17/0x20
[   28.035924]  setup_udp_tunnel_sock+0x3ee/0x5f0
[   28.040483]  ? udp_tunnel_sock_release+0x140/0x140
[   28.045407]  l2tp_tunnel_create+0x1361/0x1800
[   28.049882]  ? l2tp_init_net+0x3c0/0x3c0
[   28.053920]  ? lock_downgrade+0x980/0x980
[   28.058054]  ? __local_bh_enable_ip+0x121/0x230
[   28.062704]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.067702]  ? l2tp_tunnel_get+0x3c7/0x690
[   28.071922]  ? trace_hardirqs_on+0xd/0x10
[   28.076052]  ? __local_bh_enable_ip+0x121/0x230
[   28.080705]  ? l2tp_tunnel_get+0x401/0x690
[   28.084926]  ? l2tp_tunnel_find_nth+0x620/0x620
[   28.089579]  ? mark_held_locks+0xaf/0x100
[   28.093697]  ? do_raw_spin_trylock+0x190/0x190
[   28.098252]  ? __local_bh_enable_ip+0x121/0x230
[   28.102900]  ? l2tp_session_get+0x8b0/0x8b0
[   28.107199]  ? l2tp_tunnel_delete+0x50/0x50
[   28.111494]  ? trace_hardirqs_on+0xd/0x10
[   28.115616]  ? __local_bh_enable_ip+0x121/0x230
[   28.120268]  pppol2tp_connect+0x14b8/0x1dd0
[   28.124575]  ? pppol2tp_recv_payload_hook+0x1b0/0x1b0
[   28.129748]  ? selinux_netlbl_socket_connect+0x76/0x1b0
[   28.135090]  ? selinux_socket_connect+0x311/0x730
[   28.139917]  ? lock_downgrade+0x980/0x980
[   28.144065]  ? selinux_socket_setsockopt+0x80/0x80
[   28.148972]  ? lock_release+0xa40/0xa40
[   28.152924]  ? check_same_owner+0x320/0x320
[   28.157220]  ? __check_object_size+0x8b/0x530
[   28.161696]  ? __might_sleep+0x95/0x190
[   28.165656]  ? security_socket_connect+0x89/0xb0
[   28.170391]  SYSC_connect+0x213/0x4a0
[   28.174170]  ? SYSC_bind+0x410/0x410
[   28.177861]  ? handle_mm_fault+0x465/0xb10
[   28.182079]  ? check_same_owner+0x320/0x320
[   28.186391]  ? compat_SyS_get_robust_list+0x300/0x300
[   28.191555]  ? __do_page_fault+0x3d6/0xc90
[   28.195775]  SyS_connect+0x24/0x30
[   28.199290]  ? SyS_accept+0x30/0x30
[   28.202893]  do_fast_syscall_32+0x3ec/0xf9f
[   28.207194]  ? do_int80_syscall_32+0x9c0/0x9c0
[   28.211753]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.216488]  ? syscall_return_slowpath+0x2ac/0x550
[   28.221394]  ? prepare_exit_to_usermode+0x350/0x350
[   28.226389]  ? sysret32_from_system_call+0x5/0x3c
[   28.231209]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   28.236047]  entry_SYSENTER_compat+0x70/0x7f
[   28.240433] RIP: 0023:0xf7fc5c99
[   28.243771] RSP: 002b:00000000ffa2fadc EFLAGS: 00000282 ORIG_RAX: 000000000000016a
[   28.251457] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0
[   28.258697] RDX: 000000000000002e RSI: 0000000000000000 RDI: 0000000000000000
[   28.265938] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   28.273182] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   28.280430] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   28.287690] 
[   28.289291] Allocated by task 4129:
[   28.292894]  save_stack+0x43/0xd0
[   28.296321]  kasan_kmalloc+0xad/0xe0
[   28.300004]  kasan_slab_alloc+0x12/0x20
[   28.303958]  kmem_cache_alloc+0x12e/0x760
[   28.308088]  sk_prot_alloc+0x65/0x2a0
[   28.311863]  sk_alloc+0x105/0x1440
[   28.315376]  inet_create+0x47c/0xf50
[   28.319060]  __sock_create+0x4d4/0x850
[   28.322917]  SyS_socket+0xeb/0x1d0
[   28.326430]  do_fast_syscall_32+0x3ec/0xf9f
[   28.330726]  entry_SYSENTER_compat+0x70/0x7f
[   28.335101] 
[   28.336701] Freed by task 0:
[   28.339688] (stack is not available)
[   28.343370] 
[   28.344974] The buggy address belongs to the object at ffff8801c93d2640
[   28.344974]  which belongs to the cache RAW of size 1296
[   28.356992] The buggy address is located 0 bytes to the right of
[   28.356992]  1296-byte region [ffff8801c93d2640, ffff8801c93d2b50)
[   28.369272] The buggy address belongs to the page:
[   28.374173] page:ffffea000724f480 count:1 mapcount:0 mapping:ffff8801c93d2080 index:0x0 compound_mapcount: 0
[   28.384117] flags: 0x2fffc0000008100(slab|head)
[   28.388778] raw: 02fffc0000008100 ffff8801c93d2080 0000000000000000 0000000100000005
[   28.396645] raw: ffffea0007544fa0 ffff8801d5401e48 ffff8801d5402e00 0000000000000000
[   28.404513] page dumped because: kasan: bad access detected
[   28.410193] 
[   28.411791] Memory state around the buggy address:
[   28.416699]  ffff8801c93d2a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.424033]  ffff8801c93d2a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.431371] >ffff8801c93d2b00: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[   28.438703]                                                  ^
[   28.444653]  ffff8801c93d2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.451983]  ffff8801c93d2c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.459313] ==================================================================
[   28.466641] Disabling lock debugging due to kernel taint
[   28.472124] Kernel panic - not syncing: panic_on_warn set ...
[   28.472124] 
[   28.479470] CPU: 0 PID: 4129 Comm: syz-executor0 Tainted: G    B            4.16.0-rc4+ #252
[   28.488021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.497351] Call Trace:
[   28.499925]  dump_stack+0x194/0x24d
[   28.503529]  ? arch_local_irq_restore+0x53/0x53
[   28.508169]  ? kasan_end_report+0x32/0x50
[   28.512288]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.517019]  ? vsnprintf+0x1ed/0x1900
[   28.520796]  ? setup_udp_tunnel_sock+0x3e0/0x5f0
[   28.525526]  panic+0x1e4/0x41c
[   28.528692]  ? refcount_error_report+0x214/0x214
[   28.533428]  ? add_taint+0x1c/0x50
[   28.536939]  ? add_taint+0x1c/0x50
[   28.540454]  ? setup_udp_tunnel_sock+0x3ee/0x5f0
[   28.545178]  kasan_end_report+0x50/0x50
[   28.549124]  kasan_report+0x149/0x360
[   28.552896]  __asan_report_store1_noabort+0x17/0x20
[   28.557882]  setup_udp_tunnel_sock+0x3ee/0x5f0
[   28.562447]  ? udp_tunnel_sock_release+0x140/0x140
[   28.567355]  l2tp_tunnel_create+0x1361/0x1800
[   28.571826]  ? l2tp_init_net+0x3c0/0x3c0
[   28.575859]  ? lock_downgrade+0x980/0x980
[   28.579983]  ? __local_bh_enable_ip+0x121/0x230
[   28.584623]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.589610]  ? l2tp_tunnel_get+0x3c7/0x690
[   28.593815]  ? trace_hardirqs_on+0xd/0x10
[   28.597932]  ? __local_bh_enable_ip+0x121/0x230
[   28.602570]  ? l2tp_tunnel_get+0x401/0x690
[   28.606778]  ? l2tp_tunnel_find_nth+0x620/0x620
[   28.611420]  ? mark_held_locks+0xaf/0x100
[   28.615539]  ? do_raw_spin_trylock+0x190/0x190
[   28.620093]  ? __local_bh_enable_ip+0x121/0x230
[   28.625430]  ? l2tp_session_get+0x8b0/0x8b0
[   28.629725]  ? l2tp_tunnel_delete+0x50/0x50
[   28.634023]  ? trace_hardirqs_on+0xd/0x10
[   28.638147]  ? __local_bh_enable_ip+0x121/0x230
[   28.642787]  pppol2tp_connect+0x14b8/0x1dd0
[   28.647092]  ? pppol2tp_recv_payload_hook+0x1b0/0x1b0
[   28.652257]  ? selinux_netlbl_socket_connect+0x76/0x1b0
[   28.657595]  ? selinux_socket_connect+0x311/0x730
[   28.662411]  ? lock_downgrade+0x980/0x980
[   28.666529]  ? selinux_socket_setsockopt+0x80/0x80
[   28.671426]  ? lock_release+0xa40/0xa40
[   28.675373]  ? check_same_owner+0x320/0x320
[   28.679668]  ? __check_object_size+0x8b/0x530
[   28.684135]  ? __might_sleep+0x95/0x190
[   28.688088]  ? security_socket_connect+0x89/0xb0
[   28.692821]  SYSC_connect+0x213/0x4a0
[   28.696592]  ? SYSC_bind+0x410/0x410
[   28.700278]  ? handle_mm_fault+0x465/0xb10
[   28.704484]  ? check_same_owner+0x320/0x320
[   28.708786]  ? compat_SyS_get_robust_list+0x300/0x300
[   28.713946]  ? __do_page_fault+0x3d6/0xc90
[   28.718159]  SyS_connect+0x24/0x30
[   28.721670]  ? SyS_accept+0x30/0x30
[   28.725268]  do_fast_syscall_32+0x3ec/0xf9f
[   28.729563]  ? do_int80_syscall_32+0x9c0/0x9c0
[   28.734115]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.738841]  ? syscall_return_slowpath+0x2ac/0x550
[   28.743746]  ? prepare_exit_to_usermode+0x350/0x350
[   28.748734]  ? sysret32_from_system_call+0x5/0x3c
[   28.753553]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   28.758366]  entry_SYSENTER_compat+0x70/0x7f
[   28.762747] RIP: 0023:0xf7fc5c99
[   28.766079] RSP: 002b:00000000ffa2fadc EFLAGS: 00000282 ORIG_RAX: 000000000000016a
[   28.773756] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0
[   28.780994] RDX: 000000000000002e RSI: 0000000000000000 RDI: 0000000000000000
[   28.788235] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   28.795473] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   28.802718] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   28.810416] Dumping ftrace buffer:
[   28.813928]    (ftrace buffer empty)
[   28.817606] Kernel Offset: disabled
[   28.821201] Rebooting in 86400 seconds..