[....] Starting enhanced syslogd: rsyslogd[   10.459142] audit: type=1400 audit(1515566932.959:5): avc:  denied  { syslog } for  pid=3327 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.098931] audit: type=1400 audit(1515566940.598:6): avc:  denied  { map } for  pid=3470 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts.
[   40.056651] audit: type=1400 audit(1515566962.556:7): avc:  denied  { map } for  pid=3487 comm="syzkaller000829" path="/root/syzkaller000829928" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   40.082662] audit: type=1400 audit(1515566962.556:8): avc:  denied  { sys_admin } for  pid=3487 comm="syzkaller000829" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
executing program
[   40.109512] audit: type=1400 audit(1515566962.609:9): avc:  denied  { sys_chroot } for  pid=3488 comm="syzkaller000829" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   40.134039] audit: type=1400 audit(1515566962.610:10): avc:  denied  { map_create } for  pid=3488 comm="syzkaller000829" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
[   40.157231] audit: type=1400 audit(1515566962.610:11): avc:  denied  { map_read map_write } for  pid=3488 comm="syzkaller000829" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
[   40.183195] ==================================================================
[   40.190591] BUG: KASAN: slab-out-of-bounds in perf_event_fd_array_release+0x435/0x480
[   40.198529] Read of size 8 at addr ffff8801c0055140 by task syzkaller000829/3488
[   40.206033] 
[   40.207632] CPU: 0 PID: 3488 Comm: syzkaller000829 Not tainted 4.15.0-rc7-next-20180110+ #93
[   40.216178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.225497] Call Trace:
[   40.228070]  dump_stack+0x194/0x257
[   40.231667]  ? arch_local_irq_restore+0x53/0x53
[   40.236302]  ? show_regs_print_info+0x18/0x18
[   40.240768]  ? lock_release+0xa40/0xa40
[   40.244710]  ? perf_event_fd_array_release+0x435/0x480
[   40.249969]  print_address_description+0x73/0x250
[   40.254780]  ? perf_event_fd_array_release+0x435/0x480
[   40.260024]  kasan_report+0x23b/0x360
[   40.263799]  __asan_report_load8_noabort+0x14/0x20
[   40.268695]  perf_event_fd_array_release+0x435/0x480
[   40.273772]  ? array_of_map_alloc+0x130/0x130
[   40.278239]  ? fsnotify_first_mark+0x2b0/0x2b0
[   40.282787]  ? lock_downgrade+0x980/0x980
[   40.286907]  ? array_of_map_alloc+0x130/0x130
[   40.291368]  ? __bpf_map_put+0x2e0/0x2e0
[   40.295397]  bpf_map_release+0x84/0xc0
[   40.299257]  __fput+0x327/0x7e0
[   40.302509]  ? fput+0x140/0x140
[   40.305758]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   40.311616]  ____fput+0x15/0x20
[   40.314866]  task_work_run+0x199/0x270
[   40.318723]  ? task_work_cancel+0x210/0x210
[   40.323013]  ? free_nsproxy+0x185/0x1f0
[   40.326956]  ? switch_task_namespaces+0xa2/0xc0
[   40.331605]  do_exit+0x9bb/0x1ad0
[   40.335026]  ? __pmd_alloc+0x4e0/0x4e0
[   40.338880]  ? vma_link+0xe9/0x170
[   40.342394]  ? mm_update_next_owner+0x930/0x930
[   40.347028]  ? find_held_lock+0x35/0x1d0
[   40.351065]  ? handle_mm_fault+0x2a0/0x930
[   40.355277]  ? find_held_lock+0x35/0x1d0
[   40.359316]  ? __do_page_fault+0x5f7/0xc90
[   40.363519]  ? lock_downgrade+0x980/0x980
[   40.367645]  ? down_read_trylock+0xdb/0x170
[   40.371938]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   40.376486]  ? vmacache_find+0x5f/0x280
[   40.380426]  ? vmacache_update+0xfe/0x130
[   40.384545]  ? up_read+0x1a/0x40
[   40.387888]  ? __do_page_fault+0x3d6/0xc90
[   40.392121]  ? mm_fault_error+0x2c0/0x2c0
[   40.396249]  ? do_page_fault+0xee/0x720
[   40.400208]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   40.405712]  ? __do_page_fault+0xc90/0xc90
[   40.409932]  do_group_exit+0x149/0x400
[   40.413801]  ? SyS_exit+0x30/0x30
[   40.417231]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.422224]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   40.426953]  SyS_exit_group+0x1d/0x20
[   40.430724]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   40.435453] RIP: 0033:0x440a69
[   40.438610] RSP: 002b:00000000007dff48 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7
[   40.446285] RAX: ffffffffffffffda RBX: 00007ffda1715470 RCX: 0000000000440a69
[   40.453523] RDX: 0000000000440a69 RSI: 000000000000002c RDI: 0000000000000001
[   40.460773] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   40.468011] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000402240
[   40.475250] R13: 00000000004022d0 R14: 0000000000000000 R15: 0000000000000000
[   40.482509] 
[   40.484106] Allocated by task 3488:
[   40.487699]  save_stack+0x43/0xd0
[   40.491123]  kasan_kmalloc+0xad/0xe0
[   40.494809]  __kmalloc_node+0x47/0x70
[   40.498584]  bpf_map_area_alloc+0x32/0x80
[   40.502699]  array_map_alloc+0x351/0xa00
[   40.506736]  fd_array_map_alloc+0x57/0x70
[   40.510851]  SyS_bpf+0x7f8/0x4400
[   40.514277]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   40.519006] 
[   40.520601] Freed by task 1980:
[   40.523848]  save_stack+0x43/0xd0
[   40.527267]  __kasan_slab_free+0x11a/0x170
[   40.531479]  kasan_slab_free+0xe/0x10
[   40.535245]  kfree+0xd9/0x260
[   40.538319]  single_release+0x80/0xb0
[   40.542087]  __fput+0x327/0x7e0
[   40.545331]  ____fput+0x15/0x20
[   40.548576]  task_work_run+0x199/0x270
[   40.552431]  exit_to_usermode_loop+0x275/0x2f0
[   40.556979]  syscall_return_slowpath+0x490/0x550
[   40.561699]  entry_SYSCALL_64_fastpath+0x9e/0xa0
[   40.566419] 
[   40.568015] The buggy address belongs to the object at ffff8801c0055040
[   40.568015]  which belongs to the cache kmalloc-256 of size 256
[   40.580641] The buggy address is located 0 bytes to the right of
[   40.580641]  256-byte region [ffff8801c0055040, ffff8801c0055140)
[   40.592828] The buggy address belongs to the page:
[   40.597727] page:ffffea0007001540 count:1 mapcount:0 mapping:ffff8801c0055040 index:0x0
[   40.605838] flags: 0x2fffc0000000100(slab)
[   40.610049] raw: 02fffc0000000100 ffff8801c0055040 0000000000000000 000000010000000c
[   40.617898] raw: ffffea000701e720 ffffea000700c7a0 ffff8801dac007c0 0000000000000000
[   40.625744] page dumped because: kasan: bad access detected
[   40.631418] 
[   40.633010] Memory state around the buggy address:
[   40.637916]  ffff8801c0055000: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   40.645243]  ffff8801c0055080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.652572] >ffff8801c0055100: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   40.659907]                                            ^
[   40.665330]  ffff8801c0055180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.672654]  ffff8801c0055200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.679987] ==================================================================
[   40.687311] Disabling lock debugging due to kernel taint
[   40.692808] Kernel panic - not syncing: panic_on_warn set ...
[   40.692808] 
[   40.700148] CPU: 0 PID: 3488 Comm: syzkaller000829 Tainted: G    B            4.15.0-rc7-next-20180110+ #93
[   40.709991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.719310] Call Trace:
[   40.721869]  dump_stack+0x194/0x257
[   40.725461]  ? arch_local_irq_restore+0x53/0x53
[   40.730107]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   40.734830]  ? vsnprintf+0x1ed/0x1900
[   40.738605]  ? perf_event_fd_array_release+0x360/0x480
[   40.743848]  panic+0x1e4/0x41c
[   40.747007]  ? refcount_error_report+0x214/0x214
[   40.751733]  ? add_taint+0x1c/0x50
[   40.755239]  ? add_taint+0x1c/0x50
[   40.758756]  ? perf_event_fd_array_release+0x435/0x480
[   40.764000]  kasan_end_report+0x50/0x50
[   40.767938]  kasan_report+0x148/0x360
[   40.771706]  __asan_report_load8_noabort+0x14/0x20
[   40.776602]  perf_event_fd_array_release+0x435/0x480
[   40.781679]  ? array_of_map_alloc+0x130/0x130
[   40.786155]  ? fsnotify_first_mark+0x2b0/0x2b0
[   40.790702]  ? lock_downgrade+0x980/0x980
[   40.794817]  ? array_of_map_alloc+0x130/0x130
[   40.799285]  ? __bpf_map_put+0x2e0/0x2e0
[   40.803319]  bpf_map_release+0x84/0xc0
[   40.807182]  __fput+0x327/0x7e0
[   40.810429]  ? fput+0x140/0x140
[   40.813677]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   40.819531]  ____fput+0x15/0x20
[   40.822788]  task_work_run+0x199/0x270
[   40.826647]  ? task_work_cancel+0x210/0x210
[   40.830934]  ? free_nsproxy+0x185/0x1f0
[   40.834884]  ? switch_task_namespaces+0xa2/0xc0
[   40.839531]  do_exit+0x9bb/0x1ad0
[   40.842961]  ? __pmd_alloc+0x4e0/0x4e0
[   40.846815]  ? vma_link+0xe9/0x170
[   40.850324]  ? mm_update_next_owner+0x930/0x930
[   40.854958]  ? find_held_lock+0x35/0x1d0
[   40.859001]  ? handle_mm_fault+0x2a0/0x930
[   40.863201]  ? find_held_lock+0x35/0x1d0
[   40.867242]  ? __do_page_fault+0x5f7/0xc90
[   40.871445]  ? lock_downgrade+0x980/0x980
[   40.875570]  ? down_read_trylock+0xdb/0x170
[   40.879951]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   40.884499]  ? vmacache_find+0x5f/0x280
[   40.888446]  ? vmacache_update+0xfe/0x130
[   40.892562]  ? up_read+0x1a/0x40
[   40.895903]  ? __do_page_fault+0x3d6/0xc90
[   40.900115]  ? mm_fault_error+0x2c0/0x2c0
[   40.904245]  ? do_page_fault+0xee/0x720
[   40.908187]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   40.913690]  ? __do_page_fault+0xc90/0xc90
[   40.917896]  do_group_exit+0x149/0x400
[   40.921751]  ? SyS_exit+0x30/0x30
[   40.925178]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.930168]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   40.934890]  SyS_exit_group+0x1d/0x20
[   40.938657]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   40.943378] RIP: 0033:0x440a69
[   40.946540] RSP: 002b:00000000007dff48 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7
[   40.954213] RAX: ffffffffffffffda RBX: 00007ffda1715470 RCX: 0000000000440a69
[   40.961450] RDX: 0000000000440a69 RSI: 000000000000002c RDI: 0000000000000001
[   40.968687] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   40.975925] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000402240
[   40.983180] R13: 00000000004022d0 R14: 0000000000000000 R15: 0000000000000000
[   40.990472] Dumping ftrace buffer:
[   40.993980]    (ftrace buffer empty)
[   40.997658] Kernel Offset: disabled
[   41.001250] Rebooting in 86400 seconds..