[....] Starting enhanced syslogd: rsyslogd[   12.927769] audit: type=1400 audit(1516634001.851:5): avc:  denied  { syslog } for  pid=3503 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.976538] audit: type=1400 audit(1516634008.900:6): avc:  denied  { map } for  pid=3644 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   27.898642] audit: type=1400 audit(1516634016.822:7): avc:  denied  { map } for  pid=3659 comm="syzkaller653656" path="/root/syzkaller653656877" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   27.924603] audit: type=1400 audit(1516634016.825:8): avc:  denied  { sys_admin } for  pid=3659 comm="syzkaller653656" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   27.949640] audit: type=1400 audit(1516634016.849:9): avc:  denied  { net_admin } for  pid=3660 comm="syzkaller653656" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
[   28.114313] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   28.435671] audit: type=1400 audit(1516634017.359:10): avc:  denied  { sys_chroot } for  pid=3660 comm="syzkaller653656" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   28.437529] ==================================================================
[   28.437547] BUG: KASAN: use-after-free in erspan_xmit+0x22d4/0x2430
[   28.437551] Read of size 2 at addr ffff8801d67715cb by task syzkaller653656/3660
[   28.437553] 
[   28.437559] CPU: 0 PID: 3660 Comm: syzkaller653656 Not tainted 4.15.0-rc8+ #203
[   28.437562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.437564] Call Trace:
[   28.437573]  dump_stack+0x194/0x257
[   28.437582]  ? arch_local_irq_restore+0x53/0x53
[   28.437590]  ? show_regs_print_info+0x18/0x18
[   28.437600]  ? erspan_xmit+0x22d4/0x2430
[   28.437610]  print_address_description+0x73/0x250
[   28.437615]  ? erspan_xmit+0x22d4/0x2430
[   28.437621]  kasan_report+0x25b/0x340
[   28.437631]  __asan_report_load_n_noabort+0xf/0x20
[   28.437635]  erspan_xmit+0x22d4/0x2430
[   28.437644]  ? packet_direct_xmit+0x509/0x790
[   28.437655]  ? validate_xmit_skb+0x4b0/0xaf0
[   28.437663]  ? gretap_fb_dev_create+0x250/0x250
[   28.437669]  ? netif_skb_features+0x9b0/0x9b0
[   28.437690]  packet_direct_xmit+0x3ad/0x790
[   28.437698]  ? packet_mmap+0x590/0x590
[   28.437703]  ? memcpy+0x45/0x50
[   28.437716]  packet_sendmsg+0x3aed/0x60b0
[   28.437726]  ? find_held_lock+0x35/0x1d0
[   28.437741]  ? avc_has_perm+0x35e/0x680
[   28.437762]  ? packet_cached_dev_get+0x2b0/0x2b0
[   28.437773]  ? avc_has_perm+0x43e/0x680
[   28.437782]  ? avc_has_perm_noaudit+0x520/0x520
[   28.437787]  ? find_held_lock+0x35/0x1d0
[   28.437794]  ? fanout_add+0x1430/0x1430
[   28.437801]  ? avc_has_perm+0x35e/0x680
[   28.437814]  ? find_held_lock+0x35/0x1d0
[   28.437828]  ? sock_has_perm+0x2a4/0x420
[   28.437836]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   28.437840]  ? lock_release+0x972/0xa40
[   28.437847]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   28.437854]  ? __check_object_size+0x25d/0x4f0
[   28.437859]  ? avc_has_perm_noaudit+0x520/0x520
[   28.437876]  ? selinux_socket_sendmsg+0x36/0x40
[   28.437881]  ? security_socket_sendmsg+0x89/0xb0
[   28.437886]  ? packet_cached_dev_get+0x2b0/0x2b0
[   28.437895]  sock_sendmsg+0xca/0x110
[   28.437902]  SYSC_sendto+0x361/0x5c0
[   28.437911]  ? SYSC_connect+0x4a0/0x4a0
[   28.437919]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   28.437924]  ? __do_page_fault+0x3d6/0xc90
[   28.437934]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   28.437961]  ? SyS_setsockopt+0x215/0x360
[   28.437970]  ? SyS_recv+0x40/0x40
[   28.437978]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
[   28.437989]  SyS_sendto+0x40/0x50
[   28.437998]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   28.438006] RIP: 0033:0x4458d9
[   28.438009] RSP: 002b:00000000007efdf8 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   28.438014] RAX: ffffffffffffffda RBX: 00000000004a78dd RCX: 00000000004458d9
[   28.438017] RDX: 0000000000000000 RSI: 0000000020003fd9 RDI: 0000000000000004
[   28.438020] RBP: 0000000000000068 R08: 0000000020008000 R09: 000000000000001c
[   28.438022] R10: 0000000000000001 R11: 0000000000000217 R12: 0000000000000000
[   28.438025] R13: 000000000000000a R14: 0000000000000000 R15: 0000000000000000
[   28.438041] 
[   28.438044] Allocated by task 2216:
[   28.438049]  save_stack+0x43/0xd0
[   28.438052]  kasan_kmalloc+0xad/0xe0
[   28.438056]  kmem_cache_alloc_trace+0x136/0x750
[   28.438060]  alloc_pipe_info+0xb1/0x350
[   28.438064]  create_pipe_files+0xda/0x930
[   28.438067]  __do_pipe_flags+0x35/0x220
[   28.438071]  SyS_pipe+0x8d/0x2e0
[   28.438075]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   28.438076] 
[   28.438077] Freed by task 2218:
[   28.438081]  save_stack+0x43/0xd0
[   28.438084]  kasan_slab_free+0x71/0xc0
[   28.438087]  kfree+0xd6/0x260
[   28.438091]  free_pipe_info+0x200/0x2a0
[   28.438094]  put_pipe_info+0xb0/0xd0
[   28.438098]  pipe_release+0x1af/0x250
[   28.438100]  __fput+0x327/0x7e0
[   28.438103]  ____fput+0x15/0x20
[   28.438110]  task_work_run+0x199/0x270
[   28.438116]  do_exit+0x9bb/0x1ad0
[   28.438120]  do_group_exit+0x149/0x400
[   28.438123]  SyS_exit_group+0x1d/0x20
[   28.438127]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   28.438128] 
[   28.438131] The buggy address belongs to the object at ffff8801d6771500
[   28.438131]  which belongs to the cache kmalloc-512 of size 512
[   28.438134] The buggy address is located 203 bytes inside of
[   28.438134]  512-byte region [ffff8801d6771500, ffff8801d6771700)
[   28.438136] The buggy address belongs to the page:
[   28.438139] page:ffffea000759dc40 count:1 mapcount:0 mapping:ffff8801d6771000 index:0x0
[   28.438144] flags: 0x2fffc0000000100(slab)
[   28.438151] raw: 02fffc0000000100 ffff8801d6771000 0000000000000000 0000000100000006
[   28.438155] raw: ffffea000759dba0 ffffea000759dca0 ffff8801dac00940 0000000000000000
[   28.438157] page dumped because: kasan: bad access detected
[   28.438158] 
[   28.438160] Memory state around the buggy address:
[   28.438163]  ffff8801d6771480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.438166]  ffff8801d6771500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.438169] >ffff8801d6771580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.438171]                                               ^
[   28.438174]  ffff8801d6771600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.438176]  ffff8801d6771680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.438178] ==================================================================
[   28.438179] Disabling lock debugging due to kernel taint
[   28.438192] Kernel panic - not syncing: panic_on_warn set ...
[   28.438192] 
[   28.438196] CPU: 0 PID: 3660 Comm: syzkaller653656 Tainted: G    B            4.15.0-rc8+ #203
[   28.438198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.438199] Call Trace:
[   28.438204]  dump_stack+0x194/0x257
[   28.438209]  ? arch_local_irq_restore+0x53/0x53
[   28.438217]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.438223]  ? vsnprintf+0x1ed/0x1900
[   28.438227]  ? erspan_xmit+0x21f0/0x2430
[   28.438232]  panic+0x1e4/0x41c
[   28.438236]  ? refcount_error_report+0x214/0x214
[   28.438241]  ? add_taint+0x1c/0x50
[   28.438246]  ? add_taint+0x1c/0x50
[   28.438251]  ? erspan_xmit+0x22d4/0x2430
[   28.438255]  kasan_end_report+0x50/0x50
[   28.438259]  kasan_report+0x144/0x340
[   28.438270]  __asan_report_load_n_noabort+0xf/0x20
[   28.438274]  erspan_xmit+0x22d4/0x2430
[   28.438278]  ? packet_direct_xmit+0x509/0x790
[   28.438283]  ? validate_xmit_skb+0x4b0/0xaf0
[   28.438289]  ? gretap_fb_dev_create+0x250/0x250
[   28.438293]  ? netif_skb_features+0x9b0/0x9b0
[   28.438306]  packet_direct_xmit+0x3ad/0x790
[   28.438311]  ? packet_mmap+0x590/0x590
[   28.438315]  ? memcpy+0x45/0x50
[   28.438323]  packet_sendmsg+0x3aed/0x60b0
[   28.438329]  ? find_held_lock+0x35/0x1d0
[   28.438337]  ? avc_has_perm+0x35e/0x680
[   28.438353]  ? packet_cached_dev_get+0x2b0/0x2b0
[   28.438360]  ? avc_has_perm+0x43e/0x680
[   28.438365]  ? avc_has_perm_noaudit+0x520/0x520
[   28.438369]  ? find_held_lock+0x35/0x1d0
[   28.438375]  ? fanout_add+0x1430/0x1430
[   28.438380]  ? avc_has_perm+0x35e/0x680
[   28.438388]  ? find_held_lock+0x35/0x1d0
[   28.438396]  ? sock_has_perm+0x2a4/0x420
[   28.438402]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   28.438406]  ? lock_release+0x972/0xa40
[   28.438409]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   28.438414]  ? __check_object_size+0x25d/0x4f0
[   28.438417]  ? avc_has_perm_noaudit+0x520/0x520
[   28.438428]  ? selinux_socket_sendmsg+0x36/0x40
[   28.438432]  ? security_socket_sendmsg+0x89/0xb0
[   28.438436]  ? packet_cached_dev_get+0x2b0/0x2b0
[   28.438441]  sock_sendmsg+0xca/0x110
[   28.438446]  SYSC_sendto+0x361/0x5c0
[   28.438452]  ? SYSC_connect+0x4a0/0x4a0
[   28.438458]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   28.438461]  ? __do_page_fault+0x3d6/0xc90
[   28.438468]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   28.438484]  ? SyS_setsockopt+0x215/0x360
[   28.438490]  ? SyS_recv+0x40/0x40
[   28.438495]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
[   28.438502]  SyS_sendto+0x40/0x50
[   28.438509]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   28.438511] RIP: 0033:0x4458d9
[   28.438513] RSP: 002b:00000000007efdf8 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   28.438517] RAX: ffffffffffffffda RBX: 00000000004a78dd RCX: 00000000004458d9
[   28.438519] RDX: 0000000000000000 RSI: 0000000020003fd9 RDI: 0000000000000004
[   28.438521] RBP: 0000000000000068 R08: 0000000020008000 R09: 000000000000001c
[   28.438523] R10: 0000000000000001 R11: 0000000000000217 R12: 0000000000000000
[   28.438525] R13: 000000000000000a R14: 0000000000000000 R15: 0000000000000000
[   28.460617] Dumping ftrace buffer:
[   28.460621]    (ftrace buffer empty)
[   28.460623] Kernel Offset: disabled
[   29.264005] Rebooting in 86400 seconds..