[....] Starting enhanced syslogd: rsyslogd[   13.660660] audit: type=1400 audit(1516645255.799:5): avc:  denied  { syslog } for  pid=3497 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.909820] audit: type=1400 audit(1516645262.048:6): avc:  denied  { map } for  pid=3638 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts.
[   26.481972] audit: type=1400 audit(1516645268.620:7): avc:  denied  { map } for  pid=3652 comm="syzkaller325844" path="/root/syzkaller325844254" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   26.872926] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   27.248380] ==================================================================
[   27.255801] BUG: KASAN: use-after-free in erspan_build_header+0x3bf/0x3d0
[   27.262697] Read of size 2 at addr ffff8801d85ca28b by task syzkaller325844/3653
[   27.270198] 
[   27.271801] CPU: 1 PID: 3653 Comm: syzkaller325844 Not tainted 4.15.0-rc9+ #274
[   27.279215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.288538] Call Trace:
[   27.291112]  dump_stack+0x194/0x257
[   27.294715]  ? arch_local_irq_restore+0x53/0x53
[   27.299356]  ? show_regs_print_info+0x18/0x18
[   27.303827]  ? refcount_add+0x24/0x60
[   27.307600]  ? erspan_build_header+0x3bf/0x3d0
[   27.312158]  print_address_description+0x73/0x250
[   27.316971]  ? erspan_build_header+0x3bf/0x3d0
[   27.321530]  kasan_report+0x25b/0x340
[   27.325305]  __asan_report_load_n_noabort+0xf/0x20
[   27.330203]  erspan_build_header+0x3bf/0x3d0
[   27.334590]  erspan_xmit+0x3b8/0x13b0
[   27.338368]  ? prepare_fb_xmit+0x9a0/0x9a0
[   27.342578]  ? netif_skb_features+0x9b0/0x9b0
[   27.347048]  ? __dev_get_by_index+0x1a0/0x1a0
[   27.351520]  ? check_noncircular+0x20/0x20
[   27.355739]  packet_direct_xmit+0x315/0x6b0
[   27.360039]  packet_sendmsg+0x3aed/0x60b0
[   27.364165]  ? find_held_lock+0x35/0x1d0
[   27.368213]  ? avc_has_perm+0x35e/0x680
[   27.372176]  ? packet_cached_dev_get+0x2b0/0x2b0
[   27.376911]  ? avc_has_perm+0x43e/0x680
[   27.380861]  ? avc_has_perm_noaudit+0x520/0x520
[   27.385513]  ? find_held_lock+0x35/0x1d0
[   27.389550]  ? fanout_add+0x1430/0x1430
[   27.393500]  ? avc_has_perm+0x35e/0x680
[   27.397459]  ? find_held_lock+0x35/0x1d0
[   27.401509]  ? sock_has_perm+0x2a4/0x420
[   27.405556]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   27.410893]  ? lock_release+0x952/0xa40
[   27.414840]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   27.420706]  ? __check_object_size+0x25d/0x4f0
[   27.425271]  ? avc_has_perm_noaudit+0x520/0x520
[   27.429926]  ? selinux_socket_sendmsg+0x36/0x40
[   27.434566]  ? security_socket_sendmsg+0x89/0xb0
[   27.439295]  ? packet_cached_dev_get+0x2b0/0x2b0
[   27.444032]  sock_sendmsg+0xca/0x110
[   27.447721]  SYSC_sendto+0x361/0x5c0
[   27.451410]  ? SYSC_connect+0x4a0/0x4a0
[   27.455359]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   27.460694]  ? __do_page_fault+0x3d6/0xc90
[   27.464904]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   27.470179]  ? SyS_setsockopt+0x215/0x360
[   27.474304]  ? SyS_recv+0x40/0x40
[   27.477731]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
[   27.482551]  SyS_sendto+0x40/0x50
[   27.485980]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   27.490708] RIP: 0033:0x445579
[   27.493869] RSP: 002b:00007ffefb59c4b8 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   27.501548] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000445579
[   27.508802] RDX: 0000000000000000 RSI: 0000000020003fd9 RDI: 0000000000000004
[   27.516044] RBP: 00000000004a7113 R08: 0000000020008000 R09: 000000000000001c
[   27.523303] R10: 0000000000000000 R11: 0000000000000217 R12: 00007ffefb59c568
[   27.530544] R13: 0000000000402740 R14: 0000000000000000 R15: 0000000000000000
[   27.537801] 
[   27.539400] The buggy address belongs to the page:
[   27.544302] page:ffffea0007617280 count:0 mapcount:0 mapping:          (null) index:0xffff8801d85cad40
[   27.553720] flags: 0x2fffc0000000000()
[   27.557579] raw: 02fffc0000000000 0000000000000000 ffff8801d85cad40 00000000ffffffff
[   27.565439] raw: dead000000000100 dead000000000200 ffff8801dae2c600 0000000000000000
[   27.573297] page dumped because: kasan: bad access detected
[   27.578975] 
[   27.580571] Memory state around the buggy address:
[   27.585474]  ffff8801d85ca180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.592803]  ffff8801d85ca200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.600141] >ffff8801d85ca280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.607484]                       ^
[   27.611080]  ffff8801d85ca300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.618408]  ffff8801d85ca380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   27.625733] ==================================================================
[   27.633072] Disabling lock debugging due to kernel taint
[   27.638540] Kernel panic - not syncing: panic_on_warn set ...
[   27.638540] 
[   27.645888] CPU: 1 PID: 3653 Comm: syzkaller325844 Tainted: G    B            4.15.0-rc9+ #274
[   27.654630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.663954] Call Trace:
[   27.666519]  dump_stack+0x194/0x257
[   27.670118]  ? arch_local_irq_restore+0x53/0x53
[   27.674757]  ? kasan_end_report+0x32/0x50
[   27.678876]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   27.683603]  ? vsnprintf+0x1ed/0x1900
[   27.687384]  ? erspan_build_header+0x360/0x3d0
[   27.691952]  panic+0x1e4/0x41c
[   27.695117]  ? refcount_error_report+0x214/0x214
[   27.699844]  ? add_taint+0x1c/0x50
[   27.703355]  ? add_taint+0x1c/0x50
[   27.706868]  ? erspan_build_header+0x3bf/0x3d0
[   27.711421]  kasan_end_report+0x50/0x50
[   27.715366]  kasan_report+0x144/0x340
[   27.719139]  __asan_report_load_n_noabort+0xf/0x20
[   27.724042]  erspan_build_header+0x3bf/0x3d0
[   27.728426]  erspan_xmit+0x3b8/0x13b0
[   27.732197]  ? prepare_fb_xmit+0x9a0/0x9a0
[   27.736406]  ? netif_skb_features+0x9b0/0x9b0
[   27.740876]  ? __dev_get_by_index+0x1a0/0x1a0
[   27.745342]  ? check_noncircular+0x20/0x20
[   27.749553]  packet_direct_xmit+0x315/0x6b0
[   27.753845]  packet_sendmsg+0x3aed/0x60b0
[   27.757974]  ? find_held_lock+0x35/0x1d0
[   27.762016]  ? avc_has_perm+0x35e/0x680
[   27.765974]  ? packet_cached_dev_get+0x2b0/0x2b0
[   27.770702]  ? avc_has_perm+0x43e/0x680
[   27.774655]  ? avc_has_perm_noaudit+0x520/0x520
[   27.779294]  ? find_held_lock+0x35/0x1d0
[   27.783325]  ? fanout_add+0x1430/0x1430
[   27.787271]  ? avc_has_perm+0x35e/0x680
[   27.791219]  ? find_held_lock+0x35/0x1d0
[   27.795255]  ? sock_has_perm+0x2a4/0x420
[   27.799286]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   27.804618]  ? lock_release+0x952/0xa40
[   27.808566]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   27.814517]  ? __check_object_size+0x25d/0x4f0
[   27.819081]  ? avc_has_perm_noaudit+0x520/0x520
[   27.823732]  ? selinux_socket_sendmsg+0x36/0x40
[   27.828373]  ? security_socket_sendmsg+0x89/0xb0
[   27.833111]  ? packet_cached_dev_get+0x2b0/0x2b0
[   27.837946]  sock_sendmsg+0xca/0x110
[   27.841630]  SYSC_sendto+0x361/0x5c0
[   27.845314]  ? SYSC_connect+0x4a0/0x4a0
[   27.849260]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   27.854599]  ? __do_page_fault+0x3d6/0xc90
[   27.858815]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   27.864076]  ? SyS_setsockopt+0x215/0x360
[   27.868196]  ? SyS_recv+0x40/0x40
[   27.871622]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
[   27.876436]  SyS_sendto+0x40/0x50
[   27.879860]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   27.884587] RIP: 0033:0x445579
[   27.887745] RSP: 002b:00007ffefb59c4b8 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   27.895423] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000445579
[   27.902661] RDX: 0000000000000000 RSI: 0000000020003fd9 RDI: 0000000000000004
[   27.909900] RBP: 00000000004a7113 R08: 0000000020008000 R09: 000000000000001c
[   27.917139] R10: 0000000000000000 R11: 0000000000000217 R12: 00007ffefb59c568
[   27.924378] R13: 0000000000402740 R14: 0000000000000000 R15: 0000000000000000
[   27.932090] Dumping ftrace buffer:
[   27.935600]    (ftrace buffer empty)
[   27.939280] Kernel Offset: disabled
[   27.942889] Rebooting in 86400 seconds..