[....] Starting enhanced syslogd: rsyslogd[   11.794652] audit: type=1400 audit(1515708017.327:5): avc:  denied  { syslog } for  pid=3350 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.869720] audit: type=1400 audit(1515708023.402:6): avc:  denied  { map } for  pid=3491 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts.
[   24.070871] audit: type=1400 audit(1515708029.603:7): avc:  denied  { map } for  pid=3505 comm="syzkaller623626" path="/root/syzkaller623626261" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   24.096897] audit: type=1400 audit(1515708029.603:8): avc:  denied  { sys_admin } for  pid=3505 comm="syzkaller623626" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
executing program
[   24.127524] audit: type=1400 audit(1515708029.660:9): avc:  denied  { sys_chroot } for  pid=3506 comm="syzkaller623626" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   24.152061] audit: type=1400 audit(1515708029.661:10): avc:  denied  { map_create } for  pid=3506 comm="syzkaller623626" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
[   24.174734] audit: type=1400 audit(1515708029.662:11): avc:  denied  { map_read map_write } for  pid=3506 comm="syzkaller623626" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
[   24.209189] ==================================================================
[   24.216611] BUG: KASAN: slab-out-of-bounds in perf_event_fd_array_release+0x435/0x480
[   24.224552] Read of size 8 at addr ffff8801cbc7e740 by task syzkaller623626/3506
[   24.232050] 
[   24.233649] CPU: 0 PID: 3506 Comm: syzkaller623626 Not tainted 4.15.0-rc7-next-20180111+ #94
[   24.242189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.251510] Call Trace:
[   24.254072]  dump_stack+0x194/0x257
[   24.257669]  ? arch_local_irq_restore+0x53/0x53
[   24.262313]  ? show_regs_print_info+0x18/0x18
[   24.266807]  ? lock_release+0xa40/0xa40
[   24.270756]  ? perf_event_fd_array_release+0x435/0x480
[   24.276008]  print_address_description+0x73/0x250
[   24.280831]  ? perf_event_fd_array_release+0x435/0x480
[   24.286086]  kasan_report+0x23b/0x360
[   24.289859]  __asan_report_load8_noabort+0x14/0x20
[   24.294759]  perf_event_fd_array_release+0x435/0x480
[   24.299836]  ? array_of_map_alloc+0x130/0x130
[   24.304313]  ? fsnotify_first_mark+0x2b0/0x2b0
[   24.308887]  ? lock_downgrade+0x980/0x980
[   24.313007]  ? array_of_map_alloc+0x130/0x130
[   24.317471]  ? __bpf_map_put+0x2e0/0x2e0
[   24.321503]  bpf_map_release+0x84/0xc0
[   24.325361]  __fput+0x327/0x7e0
[   24.328613]  ? fput+0x140/0x140
[   24.331863]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   24.337725]  ____fput+0x15/0x20
[   24.340974]  task_work_run+0x199/0x270
[   24.344832]  ? task_work_cancel+0x210/0x210
[   24.349141]  ? free_nsproxy+0x185/0x1f0
[   24.353085]  ? switch_task_namespaces+0xa2/0xc0
[   24.357728]  do_exit+0x9bb/0x1ad0
[   24.361153]  ? __pmd_alloc+0x4e0/0x4e0
[   24.365005]  ? vma_link+0xe9/0x170
[   24.368520]  ? mm_update_next_owner+0x930/0x930
[   24.373158]  ? find_held_lock+0x35/0x1d0
[   24.377195]  ? handle_mm_fault+0x2a0/0x930
[   24.381401]  ? find_held_lock+0x35/0x1d0
[   24.385439]  ? __do_page_fault+0x5f7/0xc90
[   24.389645]  ? lock_downgrade+0x980/0x980
[   24.393777]  ? down_read_trylock+0xdb/0x170
[   24.398087]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   24.402638]  ? vmacache_find+0x5f/0x280
[   24.406581]  ? vmacache_update+0xfe/0x130
[   24.410702]  ? up_read+0x1a/0x40
[   24.414060]  ? __do_page_fault+0x3d6/0xc90
[   24.418281]  ? mm_fault_error+0x2c0/0x2c0
[   24.422408]  ? do_page_fault+0xee/0x720
[   24.426360]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   24.431881]  ? __do_page_fault+0xc90/0xc90
[   24.436098]  do_group_exit+0x149/0x400
[   24.439956]  ? SyS_exit+0x30/0x30
[   24.443381]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   24.448368]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   24.453106]  SyS_exit_group+0x1d/0x20
[   24.456878]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   24.461602] RIP: 0033:0x440a69
[   24.464759] RSP: 002b:00000000007dff48 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7
[   24.472438] RAX: ffffffffffffffda RBX: 00007fff81d9f6b0 RCX: 0000000000440a69
[   24.479676] RDX: 0000000000440a69 RSI: 000000000000002c RDI: 0000000000000001
[   24.486935] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   24.494185] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000402240
[   24.501425] R13: 00000000004022d0 R14: 0000000000000000 R15: 0000000000000000
[   24.508680] 
[   24.510297] Allocated by task 3506:
[   24.513896]  save_stack+0x43/0xd0
[   24.517318]  kasan_kmalloc+0xad/0xe0
[   24.520998]  __kmalloc_node+0x47/0x70
[   24.524767]  bpf_map_area_alloc+0x32/0x80
[   24.528892]  array_map_alloc+0x351/0xa00
[   24.532922]  fd_array_map_alloc+0x57/0x70
[   24.537037]  SyS_bpf+0x7f8/0x4400
[   24.540465]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   24.545198] 
[   24.546796] Freed by task 1848:
[   24.550056]  save_stack+0x43/0xd0
[   24.553477]  __kasan_slab_free+0x11a/0x170
[   24.557679]  kasan_slab_free+0xe/0x10
[   24.561447]  kfree+0xd9/0x260
[   24.564519]  single_release+0x80/0xb0
[   24.568284]  __fput+0x327/0x7e0
[   24.571537]  ____fput+0x15/0x20
[   24.574784]  task_work_run+0x199/0x270
[   24.578639]  exit_to_usermode_loop+0x275/0x2f0
[   24.583187]  syscall_return_slowpath+0x490/0x550
[   24.587910]  entry_SYSCALL_64_fastpath+0x9e/0xa0
[   24.592642] 
[   24.594238] The buggy address belongs to the object at ffff8801cbc7e640
[   24.594238]  which belongs to the cache kmalloc-256 of size 256
[   24.606862] The buggy address is located 0 bytes to the right of
[   24.606862]  256-byte region [ffff8801cbc7e640, ffff8801cbc7e740)
[   24.619059] The buggy address belongs to the page:
[   24.623958] page:ffffea00072f1f80 count:1 mapcount:0 mapping:ffff8801cbc7e000 index:0x0
[   24.632068] flags: 0x2fffc0000000100(slab)
[   24.636271] raw: 02fffc0000000100 ffff8801cbc7e000 0000000000000000 000000010000000c
[   24.644133] raw: ffffea00072f1e60 ffffea00072f41a0 ffff8801dac007c0 0000000000000000
[   24.651989] page dumped because: kasan: bad access detected
[   24.657676] 
[   24.659276] Memory state around the buggy address:
[   24.664170]  ffff8801cbc7e600: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   24.671503]  ffff8801cbc7e680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.678837] >ffff8801cbc7e700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   24.686162]                                            ^
[   24.691612]  ffff8801cbc7e780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.698939]  ffff8801cbc7e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.706267] ==================================================================
[   24.713598] Disabling lock debugging due to kernel taint
[   24.719096] Kernel panic - not syncing: panic_on_warn set ...
[   24.719096] 
[   24.726433] CPU: 0 PID: 3506 Comm: syzkaller623626 Tainted: G    B            4.15.0-rc7-next-20180111+ #94
[   24.736275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.745596] Call Trace:
[   24.748155]  dump_stack+0x194/0x257
[   24.751748]  ? arch_local_irq_restore+0x53/0x53
[   24.756393]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   24.761119]  ? vsnprintf+0x1ed/0x1900
[   24.764886]  ? perf_event_fd_array_release+0x3c0/0x480
[   24.770129]  panic+0x1e4/0x41c
[   24.773303]  ? refcount_error_report+0x214/0x214
[   24.778032]  ? add_taint+0x1c/0x50
[   24.781537]  ? add_taint+0x1c/0x50
[   24.785047]  ? perf_event_fd_array_release+0x435/0x480
[   24.790293]  kasan_end_report+0x50/0x50
[   24.794234]  kasan_report+0x148/0x360
[   24.798011]  __asan_report_load8_noabort+0x14/0x20
[   24.802907]  perf_event_fd_array_release+0x435/0x480
[   24.807984]  ? array_of_map_alloc+0x130/0x130
[   24.812448]  ? fsnotify_first_mark+0x2b0/0x2b0
[   24.816995]  ? lock_downgrade+0x980/0x980
[   24.821118]  ? array_of_map_alloc+0x130/0x130
[   24.825590]  ? __bpf_map_put+0x2e0/0x2e0
[   24.829619]  bpf_map_release+0x84/0xc0
[   24.833472]  __fput+0x327/0x7e0
[   24.836720]  ? fput+0x140/0x140
[   24.839975]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   24.845829]  ____fput+0x15/0x20
[   24.849076]  task_work_run+0x199/0x270
[   24.852931]  ? task_work_cancel+0x210/0x210
[   24.857220]  ? free_nsproxy+0x185/0x1f0
[   24.861159]  ? switch_task_namespaces+0xa2/0xc0
[   24.865798]  do_exit+0x9bb/0x1ad0
[   24.869218]  ? __pmd_alloc+0x4e0/0x4e0
[   24.873069]  ? vma_link+0xe9/0x170
[   24.876576]  ? mm_update_next_owner+0x930/0x930
[   24.881210]  ? find_held_lock+0x35/0x1d0
[   24.885240]  ? handle_mm_fault+0x2a0/0x930
[   24.889440]  ? find_held_lock+0x35/0x1d0
[   24.893474]  ? __do_page_fault+0x5f7/0xc90
[   24.897675]  ? lock_downgrade+0x980/0x980
[   24.901793]  ? down_read_trylock+0xdb/0x170
[   24.906092]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   24.910640]  ? vmacache_find+0x5f/0x280
[   24.914587]  ? vmacache_update+0xfe/0x130
[   24.918704]  ? up_read+0x1a/0x40
[   24.922039]  ? __do_page_fault+0x3d6/0xc90
[   24.926245]  ? mm_fault_error+0x2c0/0x2c0
[   24.930362]  ? do_page_fault+0xee/0x720
[   24.934302]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   24.939806]  ? __do_page_fault+0xc90/0xc90
[   24.944011]  do_group_exit+0x149/0x400
[   24.947866]  ? SyS_exit+0x30/0x30
[   24.951304]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   24.956290]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   24.961013]  SyS_exit_group+0x1d/0x20
[   24.964791]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   24.969513] RIP: 0033:0x440a69
[   24.972668] RSP: 002b:00000000007dff48 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7
[   24.980342] RAX: ffffffffffffffda RBX: 00007fff81d9f6b0 RCX: 0000000000440a69
[   24.987578] RDX: 0000000000440a69 RSI: 000000000000002c RDI: 0000000000000001
[   24.994821] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   25.002059] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000402240
[   25.009294] R13: 00000000004022d0 R14: 0000000000000000 R15: 0000000000000000
[   25.016583] Dumping ftrace buffer:
[   25.020103]    (ftrace buffer empty)
[   25.023786] Kernel Offset: disabled
[   25.027380] Rebooting in 86400 seconds..