[....] Starting enhanced syslogd: rsyslogd[   11.384100] audit: type=1400 audit(1514506886.689:5): avc:  denied  { syslog } for  pid=2997 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   16.797944] audit: type=1400 audit(1514506892.103:6): avc:  denied  { map } for  pid=3136 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.197' (ECDSA) to the list of known hosts.
executing program
[   23.006926] audit: type=1400 audit(1514506898.312:7): avc:  denied  { map } for  pid=3150 comm="syzkaller787061" path="/root/syzkaller787061260" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   23.012518] ==================================================================
[   23.012534] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x259e/0x3270
[   23.012539] Read of size 8192 at addr ffff8801c9c11cd8 by task syzkaller787061/3150
[   23.012540] 
[   23.012546] CPU: 0 PID: 3150 Comm: syzkaller787061 Not tainted 4.15.0-rc4+ #168
[   23.012549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.012551] Call Trace:
[   23.012559]  dump_stack+0x194/0x257
[   23.012568]  ? arch_local_irq_restore+0x53/0x53
[   23.012574]  ? show_regs_print_info+0x18/0x18
[   23.012579]  ? __lock_is_held+0xb6/0x140
[   23.012588]  ? pfkey_add+0x259e/0x3270
[   23.012597]  print_address_description+0x73/0x250
[   23.012602]  ? pfkey_add+0x259e/0x3270
[   23.012608]  kasan_report+0x25b/0x340
[   23.012616]  check_memory_region+0x137/0x190
[   23.012628]  memcpy+0x23/0x50
[   23.012635]  pfkey_add+0x259e/0x3270
[   23.012650]  ? set_ipsecrequest+0x310/0x310
[   23.012657]  ? lock_release+0xa40/0xa40
[   23.012663]  ? set_ipsecrequest+0x310/0x310
[   23.012670]  pfkey_process+0x60b/0x720
[   23.012681]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   23.012684]  ? kasan_check_write+0x14/0x20
[   23.012709]  ? dup_iter+0x232/0x260
[   23.012721]  pfkey_sendmsg+0x4d6/0x9f0
[   23.012730]  ? pfkey_spdget+0xb00/0xb00
[   23.012739]  ? selinux_socket_sendmsg+0x36/0x40
[   23.012746]  ? security_socket_sendmsg+0x89/0xb0
[   23.012751]  ? pfkey_spdget+0xb00/0xb00
[   23.012758]  sock_sendmsg+0xca/0x110
[   23.012765]  ___sys_sendmsg+0x767/0x8b0
[   23.012775]  ? copy_msghdr_from_user+0x590/0x590
[   23.012789]  ? __do_page_fault+0x5f7/0xc90
[   23.012795]  ? lock_downgrade+0x980/0x980
[   23.012807]  ? __fget_light+0x297/0x380
[   23.012814]  ? fget_raw+0x20/0x20
[   23.012822]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   23.012828]  ? vmacache_find+0x5f/0x280
[   23.012839]  ? up_read+0x1a/0x40
[   23.012844]  ? __do_page_fault+0x3d6/0xc90
[   23.012848]  ? get_unused_fd_flags+0x190/0x190
[   23.012860]  ? __fdget+0x18/0x20
[   23.012870]  __sys_sendmsg+0xe5/0x210
[   23.012873]  ? __sys_sendmsg+0xe5/0x210
[   23.012880]  ? SyS_shutdown+0x290/0x290
[   23.012886]  ? __do_page_fault+0xc90/0xc90
[   23.012895]  ? fd_install+0x4d/0x60
[   23.012911]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.012921]  SyS_sendmsg+0x2d/0x50
[   23.012931]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   23.012935] RIP: 0033:0x43ff39
[   23.012937] RSP: 002b:00007ffec7561ac8 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   23.012942] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff39
[   23.012945] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   23.012947] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   23.012950] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018a0
[   23.012952] R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000
[   23.012969] 
[   23.012972] Allocated by task 3150:
[   23.012976]  save_stack+0x43/0xd0
[   23.012979]  kasan_kmalloc+0xad/0xe0
[   23.012983]  __kmalloc_node_track_caller+0x47/0x70
[   23.012987]  __kmalloc_reserve.isra.41+0x41/0xd0
[   23.012990]  __alloc_skb+0x13b/0x780
[   23.012994]  pfkey_sendmsg+0x20f/0x9f0
[   23.012996]  sock_sendmsg+0xca/0x110
[   23.012999]  ___sys_sendmsg+0x767/0x8b0
[   23.013005]  __sys_sendmsg+0xe5/0x210
[   23.013008]  SyS_sendmsg+0x2d/0x50
[   23.013012]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   23.013013] 
[   23.013015] Freed by task 1656:
[   23.013018]  save_stack+0x43/0xd0
[   23.013022]  kasan_slab_free+0x71/0xc0
[   23.013024]  kfree+0xd6/0x260
[   23.013029]  kernfs_fop_release+0x13f/0x180
[   23.013034]  __fput+0x327/0x7e0
[   23.013037]  ____fput+0x15/0x20
[   23.013043]  task_work_run+0x199/0x270
[   23.013048]  exit_to_usermode_loop+0x296/0x310
[   23.013051]  syscall_return_slowpath+0x490/0x550
[   23.013055]  entry_SYSCALL_64_fastpath+0x94/0x96
[   23.013056] 
[   23.013059] The buggy address belongs to the object at ffff8801c9c11cc0
[   23.013059]  which belongs to the cache kmalloc-512 of size 512
[   23.013062] The buggy address is located 24 bytes inside of
[   23.013062]  512-byte region [ffff8801c9c11cc0, ffff8801c9c11ec0)
[   23.013064] The buggy address belongs to the page:
[   23.013068] page:00000000c9c522e7 count:1 mapcount:0 mapping:0000000018bb23ea index:0x0
[   23.013073] flags: 0x2fffc0000000100(slab)
[   23.013079] raw: 02fffc0000000100 ffff8801c9c11040 0000000000000000 0000000100000006
[   23.013083] raw: ffffea00072703e0 ffffea00072706a0 ffff8801db000940 0000000000000000
[   23.013085] page dumped because: kasan: bad access detected
[   23.013086] 
[   23.013087] Memory state around the buggy address:
[   23.013091]  ffff8801c9c11d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.013094]  ffff8801c9c11e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.013097] >ffff8801c9c11e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   23.013098]                                            ^
[   23.013101]  ffff8801c9c11f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.013104]  ffff8801c9c11f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.013105] ==================================================================
[   23.013107] Disabling lock debugging due to kernel taint
[   23.013125] Kernel panic - not syncing: panic_on_warn set ...
[   23.013125] 
[   23.013129] CPU: 0 PID: 3150 Comm: syzkaller787061 Tainted: G    B            4.15.0-rc4+ #168
[   23.013131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.013132] Call Trace:
[   23.013136]  dump_stack+0x194/0x257
[   23.013142]  ? arch_local_irq_restore+0x53/0x53
[   23.013146]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   23.013152]  ? vsnprintf+0x1ed/0x1900
[   23.013157]  ? pfkey_add+0x24b0/0x3270
[   23.013161]  panic+0x1e4/0x41c
[   23.013165]  ? refcount_error_report+0x214/0x214
[   23.013170]  ? add_taint+0x1c/0x50
[   23.013175]  ? add_taint+0x1c/0x50
[   23.013180]  ? pfkey_add+0x259e/0x3270
[   23.013184]  kasan_end_report+0x50/0x50
[   23.013188]  kasan_report+0x144/0x340
[   23.013194]  check_memory_region+0x137/0x190
[   23.013198]  memcpy+0x23/0x50
[   23.013203]  pfkey_add+0x259e/0x3270
[   23.013212]  ? set_ipsecrequest+0x310/0x310
[   23.013217]  ? lock_release+0xa40/0xa40
[   23.013221]  ? set_ipsecrequest+0x310/0x310
[   23.013226]  pfkey_process+0x60b/0x720
[   23.013233]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   23.013236]  ? kasan_check_write+0x14/0x20
[   23.013250]  ? dup_iter+0x232/0x260
[   23.013257]  pfkey_sendmsg+0x4d6/0x9f0
[   23.013263]  ? pfkey_spdget+0xb00/0xb00
[   23.013268]  ? selinux_socket_sendmsg+0x36/0x40
[   23.013273]  ? security_socket_sendmsg+0x89/0xb0
[   23.013277]  ? pfkey_spdget+0xb00/0xb00
[   23.013281]  sock_sendmsg+0xca/0x110
[   23.013286]  ___sys_sendmsg+0x767/0x8b0
[   23.013292]  ? copy_msghdr_from_user+0x590/0x590
[   23.013300]  ? __do_page_fault+0x5f7/0xc90
[   23.013304]  ? lock_downgrade+0x980/0x980
[   23.013312]  ? __fget_light+0x297/0x380
[   23.013317]  ? fget_raw+0x20/0x20
[   23.013321]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   23.013325]  ? vmacache_find+0x5f/0x280
[   23.013332]  ? up_read+0x1a/0x40
[   23.013336]  ? __do_page_fault+0x3d6/0xc90
[   23.013340]  ? get_unused_fd_flags+0x190/0x190
[   23.013347]  ? __fdget+0x18/0x20
[   23.013353]  __sys_sendmsg+0xe5/0x210
[   23.013356]  ? __sys_sendmsg+0xe5/0x210
[   23.013361]  ? SyS_shutdown+0x290/0x290
[   23.013366]  ? __do_page_fault+0xc90/0xc90
[   23.013372]  ? fd_install+0x4d/0x60
[   23.013382]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.013388]  SyS_sendmsg+0x2d/0x50
[   23.013394]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   23.013396] RIP: 0033:0x43ff39
[   23.013398] RSP: 002b:00007ffec7561ac8 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   23.013402] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff39
[   23.013404] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   23.013406] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   23.013408] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018a0
[   23.013410] R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000
[   23.033039] Dumping ftrace buffer:
[   23.033042]    (ftrace buffer empty)
[   23.033044] Kernel Offset: disabled
[   23.798710] Rebooting in 86400 seconds..