[....] Starting enhanced syslogd: rsyslogd[   11.436046] audit: type=1400 audit(1514506921.690:5): avc:  denied  { syslog } for  pid=2998 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   16.626323] audit: type=1400 audit(1514506926.881:6): avc:  denied  { map } for  pid=3138 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts.
executing program
[   22.768461] audit: type=1400 audit(1514506933.023:7): avc:  denied  { map } for  pid=3153 comm="syzkaller038694" path="/root/syzkaller038694101" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   22.773596] ==================================================================
[   22.773610] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x259e/0x3270
[   22.773614] Read of size 8192 at addr ffff8801cea2bd58 by task syzkaller038694/3153
[   22.773616] 
[   22.773622] CPU: 1 PID: 3153 Comm: syzkaller038694 Not tainted 4.15.0-rc4-next-20171221+ #78
[   22.773625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.773627] Call Trace:
[   22.773634]  dump_stack+0x194/0x257
[   22.773642]  ? arch_local_irq_restore+0x53/0x53
[   22.773649]  ? show_regs_print_info+0x18/0x18
[   22.773654]  ? __lock_is_held+0xb6/0x140
[   22.773663]  ? pfkey_add+0x259e/0x3270
[   22.773671]  print_address_description+0x73/0x250
[   22.773676]  ? pfkey_add+0x259e/0x3270
[   22.773682]  kasan_report+0x25b/0x340
[   22.773692]  check_memory_region+0x137/0x190
[   22.773697]  memcpy+0x23/0x50
[   22.773703]  pfkey_add+0x259e/0x3270
[   22.773718]  ? set_ipsecrequest+0x310/0x310
[   22.773726]  ? lock_release+0xa40/0xa40
[   22.773732]  ? set_ipsecrequest+0x310/0x310
[   22.773739]  pfkey_process+0x60b/0x720
[   22.773749]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   22.773753]  ? kasan_check_write+0x14/0x20
[   22.773778]  ? dup_iter+0x192/0x260
[   22.773790]  pfkey_sendmsg+0x4d6/0x9f0
[   22.773798]  ? pfkey_spdget+0xb00/0xb00
[   22.773808]  ? selinux_socket_sendmsg+0x36/0x40
[   22.773815]  ? security_socket_sendmsg+0x89/0xb0
[   22.773820]  ? pfkey_spdget+0xb00/0xb00
[   22.773828]  sock_sendmsg+0xca/0x110
[   22.773836]  ___sys_sendmsg+0x767/0x8b0
[   22.773846]  ? copy_msghdr_from_user+0x590/0x590
[   22.773859]  ? __do_page_fault+0x5f7/0xc90
[   22.773865]  ? lock_downgrade+0x980/0x980
[   22.773877]  ? __fget_light+0x297/0x380
[   22.773883]  ? fget_raw+0x20/0x20
[   22.773890]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   22.773893]  ? vmacache_find+0x5f/0x280
[   22.773905]  ? up_read+0x1a/0x40
[   22.773910]  ? __do_page_fault+0x3d6/0xc90
[   22.773914]  ? get_unused_fd_flags+0x190/0x190
[   22.773925]  ? __fdget+0x18/0x20
[   22.773935]  __sys_sendmsg+0xe5/0x210
[   22.773939]  ? __sys_sendmsg+0xe5/0x210
[   22.773946]  ? SyS_shutdown+0x290/0x290
[   22.773953]  ? __do_page_fault+0xc90/0xc90
[   22.773961]  ? fd_install+0x4d/0x60
[   22.773977]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   22.773988]  SyS_sendmsg+0x2d/0x50
[   22.773996]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   22.774000] RIP: 0033:0x43ff39
[   22.774005] RSP: 002b:00007fff82f88678 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   22.774010] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff39
[   22.774013] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   22.774015] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   22.774018] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018a0
[   22.774020] R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000
[   22.774037] 
[   22.774039] Allocated by task 3153:
[   22.774044]  save_stack+0x43/0xd0
[   22.774047]  kasan_kmalloc+0xad/0xe0
[   22.774051]  __kmalloc_node_track_caller+0x47/0x70
[   22.774055]  __kmalloc_reserve.isra.41+0x41/0xd0
[   22.774059]  __alloc_skb+0x13b/0x780
[   22.774062]  pfkey_sendmsg+0x20f/0x9f0
[   22.774065]  sock_sendmsg+0xca/0x110
[   22.774069]  ___sys_sendmsg+0x767/0x8b0
[   22.774072]  __sys_sendmsg+0xe5/0x210
[   22.774076]  SyS_sendmsg+0x2d/0x50
[   22.774079]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   22.774080] 
[   22.774082] Freed by task 1606:
[   22.774085]  save_stack+0x43/0xd0
[   22.774089]  kasan_slab_free+0x71/0xc0
[   22.774091]  kfree+0xd6/0x260
[   22.774095]  skb_free_head+0x74/0xb0
[   22.774098]  skb_release_data+0x58c/0x790
[   22.774102]  skb_release_all+0x4a/0x60
[   22.774105]  consume_skb+0x153/0x490
[   22.774109]  skb_free_datagram+0x1a/0xe0
[   22.774114]  netlink_recvmsg+0x5c6/0x1300
[   22.774117]  sock_recvmsg+0xc9/0x110
[   22.774121]  ___sys_recvmsg+0x2a4/0x640
[   22.774124]  __sys_recvmsg+0xe2/0x210
[   22.774128]  SyS_recvmsg+0x2d/0x50
[   22.774131]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   22.774132] 
[   22.774135] The buggy address belongs to the object at ffff8801cea2bd40
[   22.774135]  which belongs to the cache kmalloc-512 of size 512
[   22.774139] The buggy address is located 24 bytes inside of
[   22.774139]  512-byte region [ffff8801cea2bd40, ffff8801cea2bf40)
[   22.774140] The buggy address belongs to the page:
[   22.774144] page:00000000368de3b2 count:1 mapcount:0 mapping:00000000f2052d47 index:0x0
[   22.774149] flags: 0x2fffc0000000100(slab)
[   22.774155] raw: 02fffc0000000100 ffff8801cea2b0c0 0000000000000000 0000000100000006
[   22.774159] raw: ffffea00073cfaa0 ffffea00073a8a20 ffff8801dac00940 0000000000000000
[   22.774161] page dumped because: kasan: bad access detected
[   22.774162] 
[   22.774164] Memory state around the buggy address:
[   22.774167]  ffff8801cea2be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.774170]  ffff8801cea2be80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.774173] >ffff8801cea2bf00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   22.774175]                                            ^
[   22.774178]  ffff8801cea2bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.774181]  ffff8801cea2c000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   22.774183] ==================================================================
[   22.774184] Disabling lock debugging due to kernel taint
[   22.774201] Kernel panic - not syncing: panic_on_warn set ...
[   22.774201] 
[   22.774205] CPU: 1 PID: 3153 Comm: syzkaller038694 Tainted: G    B            4.15.0-rc4-next-20171221+ #78
[   22.774207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.774208] Call Trace:
[   22.774212]  dump_stack+0x194/0x257
[   22.774218]  ? arch_local_irq_restore+0x53/0x53
[   22.774224]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   22.774230]  ? vsnprintf+0x1ed/0x1900
[   22.774234]  ? pfkey_add+0x24e0/0x3270
[   22.774239]  panic+0x1e4/0x41c
[   22.774243]  ? refcount_error_report+0x214/0x214
[   22.774249]  ? add_taint+0x1c/0x50
[   22.774253]  ? add_taint+0x1c/0x50
[   22.774258]  ? pfkey_add+0x259e/0x3270
[   22.774262]  kasan_end_report+0x50/0x50
[   22.774266]  kasan_report+0x144/0x340
[   22.774272]  check_memory_region+0x137/0x190
[   22.774277]  memcpy+0x23/0x50
[   22.774281]  pfkey_add+0x259e/0x3270
[   22.774290]  ? set_ipsecrequest+0x310/0x310
[   22.774295]  ? lock_release+0xa40/0xa40
[   22.774300]  ? set_ipsecrequest+0x310/0x310
[   22.774304]  pfkey_process+0x60b/0x720
[   22.774314]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   22.774319]  ? kasan_check_write+0x14/0x20
[   22.774333]  ? dup_iter+0x192/0x260
[   22.774340]  pfkey_sendmsg+0x4d6/0x9f0
[   22.774346]  ? pfkey_spdget+0xb00/0xb00
[   22.774351]  ? selinux_socket_sendmsg+0x36/0x40
[   22.774356]  ? security_socket_sendmsg+0x89/0xb0
[   22.774360]  ? pfkey_spdget+0xb00/0xb00
[   22.774365]  sock_sendmsg+0xca/0x110
[   22.774370]  ___sys_sendmsg+0x767/0x8b0
[   22.774381]  ? copy_msghdr_from_user+0x590/0x590
[   22.774389]  ? __do_page_fault+0x5f7/0xc90
[   22.774393]  ? lock_downgrade+0x980/0x980
[   22.774400]  ? __fget_light+0x297/0x380
[   22.774405]  ? fget_raw+0x20/0x20
[   22.774409]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   22.774412]  ? vmacache_find+0x5f/0x280
[   22.774419]  ? up_read+0x1a/0x40
[   22.774424]  ? __do_page_fault+0x3d6/0xc90
[   22.774427]  ? get_unused_fd_flags+0x190/0x190
[   22.774434]  ? __fdget+0x18/0x20
[   22.774441]  __sys_sendmsg+0xe5/0x210
[   22.774445]  ? __sys_sendmsg+0xe5/0x210
[   22.774450]  ? SyS_shutdown+0x290/0x290
[   22.774455]  ? __do_page_fault+0xc90/0xc90
[   22.774460]  ? fd_install+0x4d/0x60
[   22.774470]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   22.774477]  SyS_sendmsg+0x2d/0x50
[   22.774482]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   22.774485] RIP: 0033:0x43ff39
[   22.774487] RSP: 002b:00007fff82f88678 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   22.774491] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff39
[   22.774493] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   22.774495] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   22.774497] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018a0
[   22.774499] R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000
[   22.794341] Dumping ftrace buffer:
[   22.794345]    (ftrace buffer empty)
[   22.794351] Kernel Offset: disabled
[   23.578842] Rebooting in 86400 seconds..