[....] Starting enhanced syslogd: rsyslogd[   11.320842] audit: type=1400 audit(1514656947.189:5): avc:  denied  { syslog } for  pid=3041 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.317114] audit: type=1400 audit(1514656953.185:6): avc:  denied  { map } for  pid=3180 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts.
executing program
[   23.460694] audit: type=1400 audit(1514656959.329:7): avc:  denied  { map } for  pid=3194 comm="syzkaller150350" path="/root/syzkaller150350154" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   23.465789] ==================================================================
[   23.465809] BUG: KASAN: slab-out-of-bounds in cap_convert_nscap+0x501/0x610
[   23.465815] Read of size 4 at addr ffff8801c61c7280 by task syzkaller150350/3194
[   23.465817] 
[   23.465824] CPU: 0 PID: 3194 Comm: syzkaller150350 Not tainted 4.15.0-rc5+ #242
[   23.465828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.465831] Call Trace:
[   23.465843]  dump_stack+0x194/0x257
[   23.465856]  ? arch_local_irq_restore+0x53/0x53
[   23.465865]  ? show_regs_print_info+0x18/0x18
[   23.465880]  ? lock_release+0xa40/0xa40
[   23.465889]  ? cap_convert_nscap+0x501/0x610
[   23.465900]  print_address_description+0x73/0x250
[   23.465909]  ? cap_convert_nscap+0x501/0x610
[   23.465918]  kasan_report+0x25b/0x340
[   23.465933]  __asan_report_load4_noabort+0x14/0x20
[   23.465941]  cap_convert_nscap+0x501/0x610
[   23.465950]  ? kasan_check_write+0x14/0x20
[   23.465966]  setxattr+0x365/0x400
[   23.465977]  ? setxattr+0x365/0x400
[   23.465991]  ? vfs_setxattr+0xe0/0xe0
[   23.466004]  ? lock_acquire+0x1d5/0x580
[   23.466009]  ? lock_acquire+0x1d5/0x580
[   23.466017]  ? mnt_want_write_file_path+0x68/0x110
[   23.466039]  ? __lock_is_held+0xb6/0x140
[   23.466047]  ? __mnt_want_write+0x25c/0x370
[   23.466060]  ? do_umount+0xda0/0xda0
[   23.466072]  ? rcu_read_lock_sched_held+0x108/0x120
[   23.466080]  ? rcu_sync_lockdep_assert+0x6d/0xb0
[   23.466093]  ? __mnt_want_write_file+0x97/0xb0
[   23.466109]  SyS_fsetxattr+0x130/0x190
[   23.466125]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   23.466131] RIP: 0033:0x43fcf9
[   23.466135] RSP: 002b:00007ffdc0d4c408 EFLAGS: 00000203 ORIG_RAX: 00000000000000be
[   23.466143] RAX: ffffffffffffffda RBX: 6f72746e6f632f2e RCX: 000000000043fcf9
[   23.466147] RDX: 00000000208c4fe9 RSI: 0000000020f4c000 RDI: 0000000000000003
[   23.466151] RBP: 00000000006ca018 R08: 0000000000000001 R09: 0000000000000000
[   23.466155] R10: 0000000000000001 R11: 0000000000000203 R12: 0000000000401660
[   23.466159] R13: 00000000004016f0 R14: 0000000000000000 R15: 0000000000000000
[   23.466187] 
[   23.466190] Allocated by task 3194:
[   23.466196]  save_stack+0x43/0xd0
[   23.466201]  kasan_kmalloc+0xad/0xe0
[   23.466209]  __kmalloc_node+0x47/0x70
[   23.466216]  kvmalloc_node+0x99/0xd0
[   23.466221]  setxattr+0x152/0x400
[   23.466227]  SyS_fsetxattr+0x130/0x190
[   23.466232]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   23.466234] 
[   23.466237] Freed by task 1679:
[   23.466242]  save_stack+0x43/0xd0
[   23.466247]  kasan_slab_free+0x71/0xc0
[   23.466251]  kfree+0xd6/0x260
[   23.466257]  kfree_link+0x15/0x20
[   23.466264]  walk_component+0x54d/0x13d0
[   23.466269]  link_path_walk+0x6a9/0x1470
[   23.466274]  path_openat+0x2bc/0x3530
[   23.466280]  do_filp_open+0x25b/0x3b0
[   23.466286]  do_sys_open+0x502/0x6d0
[   23.466292]  SyS_open+0x2d/0x40
[   23.466297]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   23.466299] 
[   23.466303] The buggy address belongs to the object at ffff8801c61c7280
[   23.466303]  which belongs to the cache kmalloc-32 of size 32
[   23.466309] The buggy address is located 0 bytes inside of
[   23.466309]  32-byte region [ffff8801c61c7280, ffff8801c61c72a0)
[   23.466311] The buggy address belongs to the page:
[   23.466317] page:0000000077f4e811 count:1 mapcount:0 mapping:000000007008f3c4 index:0xffff8801c61c7fc1
[   23.466324] flags: 0x2fffc0000000100(slab)
[   23.466333] raw: 02fffc0000000100 ffff8801c61c7000 ffff8801c61c7fc1 000000010000003f
[   23.466340] raw: ffffea000718a160 ffffea00071875a0 ffff8801dac001c0 0000000000000000
[   23.466343] page dumped because: kasan: bad access detected
[   23.466345] 
[   23.466347] Memory state around the buggy address:
[   23.466352]  ffff8801c61c7180: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   23.466357]  ffff8801c61c7200: fb fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc
[   23.466362] >ffff8801c61c7280: 01 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   23.466365]                    ^
[   23.466369]  ffff8801c61c7300: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   23.466374]  ffff8801c61c7380: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc
[   23.466377] ==================================================================
[   23.466379] Disabling lock debugging due to kernel taint
[   23.466394] Kernel panic - not syncing: panic_on_warn set ...
[   23.466394] 
[   23.466400] CPU: 0 PID: 3194 Comm: syzkaller150350 Tainted: G    B            4.15.0-rc5+ #242
[   23.466403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.466404] Call Trace:
[   23.466412]  dump_stack+0x194/0x257
[   23.466421]  ? arch_local_irq_restore+0x53/0x53
[   23.466430]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   23.466437]  ? vsnprintf+0x1ed/0x1900
[   23.466445]  ? cap_convert_nscap+0x4c0/0x610
[   23.466453]  panic+0x1e4/0x41c
[   23.466460]  ? refcount_error_report+0x214/0x214
[   23.466468]  ? add_taint+0x1c/0x50
[   23.466475]  ? add_taint+0x1c/0x50
[   23.466484]  ? cap_convert_nscap+0x501/0x610
[   23.466490]  kasan_end_report+0x50/0x50
[   23.466497]  kasan_report+0x144/0x340
[   23.466506]  __asan_report_load4_noabort+0x14/0x20
[   23.466513]  cap_convert_nscap+0x501/0x610
[   23.466520]  ? kasan_check_write+0x14/0x20
[   23.466530]  setxattr+0x365/0x400
[   23.466535]  ? setxattr+0x365/0x400
[   23.466544]  ? vfs_setxattr+0xe0/0xe0
[   23.466551]  ? lock_acquire+0x1d5/0x580
[   23.466556]  ? lock_acquire+0x1d5/0x580
[   23.466562]  ? mnt_want_write_file_path+0x68/0x110
[   23.466575]  ? __lock_is_held+0xb6/0x140
[   23.466582]  ? __mnt_want_write+0x25c/0x370
[   23.466590]  ? do_umount+0xda0/0xda0
[   23.466598]  ? rcu_read_lock_sched_held+0x108/0x120
[   23.466605]  ? rcu_sync_lockdep_assert+0x6d/0xb0
[   23.466614]  ? __mnt_want_write_file+0x97/0xb0
[   23.466624]  SyS_fsetxattr+0x130/0x190
[   23.466634]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   23.466638] RIP: 0033:0x43fcf9
[   23.466641] RSP: 002b:00007ffdc0d4c408 EFLAGS: 00000203 ORIG_RAX: 00000000000000be
[   23.466647] RAX: ffffffffffffffda RBX: 6f72746e6f632f2e RCX: 000000000043fcf9
[   23.466651] RDX: 00000000208c4fe9 RSI: 0000000020f4c000 RDI: 0000000000000003
[   23.466654] RBP: 00000000006ca018 R08: 0000000000000001 R09: 0000000000000000
[   23.466657] R10: 0000000000000001 R11: 0000000000000203 R12: 0000000000401660
[   23.466661] R13: 00000000004016f0 R14: 0000000000000000 R15: 0000000000000000
[   23.487005] Dumping ftrace buffer:
[   23.487008]    (ftrace buffer empty)
[   23.487011] Kernel Offset: disabled
[   24.090059] Rebooting in 86400 seconds..