[....] Starting enhanced syslogd: rsyslogd[   11.870915] audit: type=1400 audit(1514539420.882:5): avc:  denied  { syslog } for  pid=3006 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.638887] audit: type=1400 audit(1514539426.650:6): avc:  denied  { map } for  pid=3146 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts.
executing program
[   23.825651] audit: type=1400 audit(1514539432.837:7): avc:  denied  { map } for  pid=3159 comm="syzkaller841149" path="/root/syzkaller841149303" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   23.830926] ==================================================================
[   23.830953] BUG: KASAN: slab-out-of-bounds in cap_convert_nscap+0x501/0x610
[   23.830961] Read of size 4 at addr ffff8801c8d031c0 by task syzkaller841149/3159
[   23.830963] 
[   23.830973] CPU: 1 PID: 3159 Comm: syzkaller841149 Not tainted 4.15.0-rc5+ #150
[   23.830977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.830980] Call Trace:
[   23.830992]  dump_stack+0x194/0x257
[   23.831008]  ? arch_local_irq_restore+0x53/0x53
[   23.831019]  ? show_regs_print_info+0x18/0x18
[   23.831027]  ? lock_downgrade+0x980/0x980
[   23.831044]  ? cap_convert_nscap+0x501/0x610
[   23.831056]  print_address_description+0x73/0x250
[   23.831065]  ? cap_convert_nscap+0x501/0x610
[   23.831074]  kasan_report+0x25b/0x340
[   23.831089]  __asan_report_load4_noabort+0x14/0x20
[   23.831097]  cap_convert_nscap+0x501/0x610
[   23.831119]  setxattr+0x365/0x400
[   23.831126]  ? setxattr+0x365/0x400
[   23.831139]  ? vfs_setxattr+0xe0/0xe0
[   23.831148]  ? lock_acquire+0x1d5/0x580
[   23.831155]  ? lock_acquire+0x1d5/0x580
[   23.831162]  ? mnt_want_write_file_path+0x68/0x110
[   23.831184]  ? __lock_is_held+0xb6/0x140
[   23.831210]  ? rcu_read_lock_sched_held+0x108/0x120
[   23.831218]  ? rcu_sync_lockdep_assert+0x6d/0xb0
[   23.831225]  ? mnt_clone_write+0xc9/0x110
[   23.831235]  ? __mnt_want_write_file+0x7c/0xb0
[   23.831251]  SyS_fsetxattr+0x130/0x190
[   23.831262]  ? SyS_lsetxattr+0x50/0x50
[   23.831273]  do_fast_syscall_32+0x3ee/0xf9d
[   23.831292]  ? do_int80_syscall_32+0x9d0/0x9d0
[   23.831300]  ? kasan_check_read+0x11/0x20
[   23.831312]  ? syscall_return_slowpath+0x550/0x550
[   23.831324]  ? SyS_rt_sigaction+0x94/0x1b0
[   23.831333]  ? SyS_sigprocmask+0x4b0/0x4b0
[   23.831339]  ? SyS_read+0x184/0x220
[   23.831350]  ? retint_user+0x18/0x18
[   23.831366]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   23.831385]  entry_SYSENTER_compat+0x54/0x63
[   23.831391] RIP: 0023:0xf7fa7c79
[   23.831395] RSP: 002b:00000000ffd39c6c EFLAGS: 00000282 ORIG_RAX: 00000000000000e4
[   23.831403] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020d4bfe8
[   23.831407] RDX: 00000000209b8000 RSI: 0000000000000001 RDI: 0000000000000000
[   23.831411] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   23.831415] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   23.831419] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   23.831446] 
[   23.831450] Allocated by task 3159:
[   23.831456]  save_stack+0x43/0xd0
[   23.831461]  kasan_kmalloc+0xad/0xe0
[   23.831467]  __kmalloc_node+0x47/0x70
[   23.831475]  kvmalloc_node+0x99/0xd0
[   23.831480]  setxattr+0x152/0x400
[   23.831486]  SyS_fsetxattr+0x130/0x190
[   23.831492]  do_fast_syscall_32+0x3ee/0xf9d
[   23.831498]  entry_SYSENTER_compat+0x54/0x63
[   23.831499] 
[   23.831502] Freed by task 1644:
[   23.831508]  save_stack+0x43/0xd0
[   23.831514]  kasan_slab_free+0x71/0xc0
[   23.831518]  kfree+0xd6/0x260
[   23.831524]  security_inode_init_security+0x1c3/0x390
[   23.831530]  shmem_mknod+0x9b/0x1b0
[   23.831535]  shmem_create+0x2b/0x40
[   23.831543]  lookup_open+0x1217/0x1970
[   23.831548]  path_openat+0xd76/0x3530
[   23.831554]  do_filp_open+0x25b/0x3b0
[   23.831563]  do_sys_open+0x502/0x6d0
[   23.831569]  SyS_open+0x2d/0x40
[   23.831574]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   23.831576] 
[   23.831581] The buggy address belongs to the object at ffff8801c8d031c0
[   23.831581]  which belongs to the cache kmalloc-32 of size 32
[   23.831586] The buggy address is located 0 bytes inside of
[   23.831586]  32-byte region [ffff8801c8d031c0, ffff8801c8d031e0)
[   23.831589] The buggy address belongs to the page:
[   23.831596] page:00000000bd743ed1 count:1 mapcount:0 mapping:00000000690d0687 index:0xffff8801c8d03fc1
[   23.831602] flags: 0x2fffc0000000100(slab)
[   23.831612] raw: 02fffc0000000100 ffff8801c8d03000 ffff8801c8d03fc1 000000010000003f
[   23.831620] raw: ffffea000723dc20 ffffea000721b820 ffff8801db0001c0 0000000000000000
[   23.831623] page dumped because: kasan: bad access detected
[   23.831625] 
[   23.831627] Memory state around the buggy address:
[   23.831632]  ffff8801c8d03080: fb fb fb fb fc fc fc fc 00 04 fc fc fc fc fc fc
[   23.831637]  ffff8801c8d03100: 00 00 01 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   23.831642] >ffff8801c8d03180: fb fb fb fb fc fc fc fc 01 fc fc fc fc fc fc fc
[   23.831645]                                            ^
[   23.831650]  ffff8801c8d03200: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   23.831655]  ffff8801c8d03280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   23.831657] ==================================================================
[   23.831659] Disabling lock debugging due to kernel taint
[   23.831684] Kernel panic - not syncing: panic_on_warn set ...
[   23.831684] 
[   23.831690] CPU: 1 PID: 3159 Comm: syzkaller841149 Tainted: G    B            4.15.0-rc5+ #150
[   23.831693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.831695] Call Trace:
[   23.831701]  dump_stack+0x194/0x257
[   23.831710]  ? arch_local_irq_restore+0x53/0x53
[   23.831718]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   23.831727]  ? vsnprintf+0x1ed/0x1900
[   23.831735]  ? cap_convert_nscap+0x410/0x610
[   23.831743]  panic+0x1e4/0x41c
[   23.831749]  ? refcount_error_report+0x214/0x214
[   23.831758]  ? add_taint+0x1c/0x50
[   23.831765]  ? add_taint+0x1c/0x50
[   23.831774]  ? cap_convert_nscap+0x501/0x610
[   23.831781]  kasan_end_report+0x50/0x50
[   23.831787]  kasan_report+0x144/0x340
[   23.831797]  __asan_report_load4_noabort+0x14/0x20
[   23.831803]  cap_convert_nscap+0x501/0x610
[   23.831815]  setxattr+0x365/0x400
[   23.831821]  ? setxattr+0x365/0x400
[   23.831830]  ? vfs_setxattr+0xe0/0xe0
[   23.831837]  ? lock_acquire+0x1d5/0x580
[   23.831843]  ? lock_acquire+0x1d5/0x580
[   23.831849]  ? mnt_want_write_file_path+0x68/0x110
[   23.831861]  ? __lock_is_held+0xb6/0x140
[   23.831877]  ? rcu_read_lock_sched_held+0x108/0x120
[   23.831883]  ? rcu_sync_lockdep_assert+0x6d/0xb0
[   23.831889]  ? mnt_clone_write+0xc9/0x110
[   23.831896]  ? __mnt_want_write_file+0x7c/0xb0
[   23.831907]  SyS_fsetxattr+0x130/0x190
[   23.831915]  ? SyS_lsetxattr+0x50/0x50
[   23.831922]  do_fast_syscall_32+0x3ee/0xf9d
[   23.831934]  ? do_int80_syscall_32+0x9d0/0x9d0
[   23.831940]  ? kasan_check_read+0x11/0x20
[   23.831949]  ? syscall_return_slowpath+0x550/0x550
[   23.831956]  ? SyS_rt_sigaction+0x94/0x1b0
[   23.831964]  ? SyS_sigprocmask+0x4b0/0x4b0
[   23.831969]  ? SyS_read+0x184/0x220
[   23.831975]  ? retint_user+0x18/0x18
[   23.831986]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   23.831998]  entry_SYSENTER_compat+0x54/0x63
[   23.832005] RIP: 0023:0xf7fa7c79
[   23.832008] RSP: 002b:00000000ffd39c6c EFLAGS: 00000282 ORIG_RAX: 00000000000000e4
[   23.832014] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020d4bfe8
[   23.832017] RDX: 00000000209b8000 RSI: 0000000000000001 RDI: 0000000000000000
[   23.832021] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   23.832024] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   23.832027] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   23.851982] Dumping ftrace buffer:
[   23.851985]    (ftrace buffer empty)
[   23.851988] Kernel Offset: disabled
[   24.534143] Rebooting in 86400 seconds..