[....] Starting enhanced syslogd: rsyslogd[   11.199991] audit: type=1400 audit(1513788759.295:5): avc:  denied  { syslog } for  pid=2994 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   16.281310] audit: type=1400 audit(1513788764.377:6): avc:  denied  { map } for  pid=3134 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-net-kasan-gce-7,10.128.15.199' (ECDSA) to the list of known hosts.
executing program
[   31.383890] audit: type=1400 audit(1513788779.479:7): avc:  denied  { map } for  pid=3151 comm="syzkaller022100" path="/root/syzkaller022100158" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   31.388700] ==================================================================
[   31.388714] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x259e/0x3270
[   31.388718] Read of size 6144 at addr ffff8801cabb2cd8 by task syzkaller022100/3151
[   31.388719] 
[   31.388724] CPU: 0 PID: 3151 Comm: syzkaller022100 Not tainted 4.15.0-rc3+ #160
[   31.388727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.388729] Call Trace:
[   31.388737]  dump_stack+0x194/0x257
[   31.388745]  ? arch_local_irq_restore+0x53/0x53
[   31.388752]  ? show_regs_print_info+0x18/0x18
[   31.388756]  ? __lock_is_held+0xb6/0x140
[   31.388766]  ? pfkey_add+0x259e/0x3270
[   31.388774]  print_address_description+0x73/0x250
[   31.388779]  ? pfkey_add+0x259e/0x3270
[   31.388785]  kasan_report+0x25b/0x340
[   31.388793]  check_memory_region+0x137/0x190
[   31.388799]  memcpy+0x23/0x50
[   31.388805]  pfkey_add+0x259e/0x3270
[   31.388820]  ? set_ipsecrequest+0x310/0x310
[   31.388827]  ? lock_release+0xa40/0xa40
[   31.388833]  ? set_ipsecrequest+0x310/0x310
[   31.388840]  pfkey_process+0x60b/0x720
[   31.388851]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   31.388854]  ? kasan_check_write+0x14/0x20
[   31.388879]  ? dup_iter+0x182/0x260
[   31.388891]  pfkey_sendmsg+0x4d6/0x9f0
[   31.388900]  ? pfkey_spdget+0xb00/0xb00
[   31.388908]  ? selinux_socket_sendmsg+0x36/0x40
[   31.388915]  ? security_socket_sendmsg+0x89/0xb0
[   31.388920]  ? pfkey_spdget+0xb00/0xb00
[   31.388928]  sock_sendmsg+0xca/0x110
[   31.388935]  ___sys_sendmsg+0x767/0x8b0
[   31.388944]  ? copy_msghdr_from_user+0x590/0x590
[   31.388959]  ? __do_page_fault+0x5f7/0xc90
[   31.388965]  ? lock_downgrade+0x980/0x980
[   31.388978]  ? __fget_light+0x297/0x380
[   31.388984]  ? fget_raw+0x20/0x20
[   31.388991]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   31.388996]  ? vmacache_find+0x5f/0x280
[   31.389011]  ? up_read+0x1a/0x40
[   31.389016]  ? __do_page_fault+0x3d6/0xc90
[   31.389020]  ? get_unused_fd_flags+0x190/0x190
[   31.389032]  ? __fdget+0x18/0x20
[   31.389041]  __sys_sendmsg+0xe5/0x210
[   31.389045]  ? __sys_sendmsg+0xe5/0x210
[   31.389051]  ? SyS_shutdown+0x290/0x290
[   31.389058]  ? __do_page_fault+0xc90/0xc90
[   31.389067]  ? fd_install+0x4d/0x60
[   31.389082]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.389092]  SyS_sendmsg+0x2d/0x50
[   31.389101]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   31.389106] RIP: 0033:0x43fea9
[   31.389108] RSP: 002b:00007ffc711685b8 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   31.389113] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043fea9
[   31.389115] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   31.389118] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   31.389120] R10: 0000000000000000 R11: 0000000000000203 R12: 0000000000401810
[   31.389122] R13: 00000000004018a0 R14: 0000000000000000 R15: 0000000000000000
[   31.389140] 
[   31.389142] Allocated by task 3151:
[   31.389146]  save_stack+0x43/0xd0
[   31.389149]  kasan_kmalloc+0xad/0xe0
[   31.389153]  __kmalloc_node_track_caller+0x47/0x70
[   31.389157]  __kmalloc_reserve.isra.41+0x41/0xd0
[   31.389160]  __alloc_skb+0x13b/0x780
[   31.389163]  pfkey_sendmsg+0x20f/0x9f0
[   31.389166]  sock_sendmsg+0xca/0x110
[   31.389169]  ___sys_sendmsg+0x767/0x8b0
[   31.389172]  __sys_sendmsg+0xe5/0x210
[   31.389175]  SyS_sendmsg+0x2d/0x50
[   31.389178]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   31.389180] 
[   31.389181] Freed by task 1668:
[   31.389185]  save_stack+0x43/0xd0
[   31.389188]  kasan_slab_free+0x71/0xc0
[   31.389190]  kfree+0xd6/0x260
[   31.389194]  skb_free_head+0x74/0xb0
[   31.389197]  skb_release_data+0x58c/0x790
[   31.389200]  skb_release_all+0x4a/0x60
[   31.389203]  consume_skb+0x153/0x490
[   31.389206]  skb_free_datagram+0x1a/0xe0
[   31.389211]  netlink_recvmsg+0x5c6/0x1300
[   31.389215]  sock_recvmsg+0xc9/0x110
[   31.389218]  ___sys_recvmsg+0x2a4/0x640
[   31.389221]  __sys_recvmsg+0xe2/0x210
[   31.389224]  SyS_recvmsg+0x2d/0x50
[   31.389228]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   31.389229] 
[   31.389232] The buggy address belongs to the object at ffff8801cabb2cc0
[   31.389232]  which belongs to the cache kmalloc-512 of size 512
[   31.389235] The buggy address is located 24 bytes inside of
[   31.389235]  512-byte region [ffff8801cabb2cc0, ffff8801cabb2ec0)
[   31.389236] The buggy address belongs to the page:
[   31.389240] page:00000000d1a94a15 count:1 mapcount:0 mapping:000000002e15f1ff index:0x0
[   31.389244] flags: 0x2fffc0000000100(slab)
[   31.389251] raw: 02fffc0000000100 ffff8801cabb2040 0000000000000000 0000000100000006
[   31.389255] raw: ffffea00072aec20 ffffea00072aed20 ffff8801db000940 0000000000000000
[   31.389257] page dumped because: kasan: bad access detected
[   31.389258] 
[   31.389259] Memory state around the buggy address:
[   31.389263]  ffff8801cabb2d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.389266]  ffff8801cabb2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.389269] >ffff8801cabb2e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   31.389270]                                            ^
[   31.389273]  ffff8801cabb2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.389276]  ffff8801cabb2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.389277] ==================================================================
[   31.389279] Disabling lock debugging due to kernel taint
[   31.389291] Kernel panic - not syncing: panic_on_warn set ...
[   31.389291] 
[   31.389295] CPU: 0 PID: 3151 Comm: syzkaller022100 Tainted: G    B            4.15.0-rc3+ #160
[   31.389297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.389298] Call Trace:
[   31.389303]  dump_stack+0x194/0x257
[   31.389308]  ? arch_local_irq_restore+0x53/0x53
[   31.389314]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.389320]  ? vsnprintf+0x1ed/0x1900
[   31.389324]  ? pfkey_add+0x24b0/0x3270
[   31.389329]  panic+0x1e4/0x41c
[   31.389333]  ? refcount_error_report+0x214/0x214
[   31.389339]  ? add_taint+0x1c/0x50
[   31.389343]  ? add_taint+0x1c/0x50
[   31.389348]  ? pfkey_add+0x259e/0x3270
[   31.389352]  kasan_end_report+0x50/0x50
[   31.389355]  kasan_report+0x144/0x340
[   31.389361]  check_memory_region+0x137/0x190
[   31.389365]  memcpy+0x23/0x50
[   31.389370]  pfkey_add+0x259e/0x3270
[   31.389379]  ? set_ipsecrequest+0x310/0x310
[   31.389384]  ? lock_release+0xa40/0xa40
[   31.389388]  ? set_ipsecrequest+0x310/0x310
[   31.389393]  pfkey_process+0x60b/0x720
[   31.389400]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   31.389403]  ? kasan_check_write+0x14/0x20
[   31.389416]  ? dup_iter+0x182/0x260
[   31.389423]  pfkey_sendmsg+0x4d6/0x9f0
[   31.389429]  ? pfkey_spdget+0xb00/0xb00
[   31.389434]  ? selinux_socket_sendmsg+0x36/0x40
[   31.389438]  ? security_socket_sendmsg+0x89/0xb0
[   31.389442]  ? pfkey_spdget+0xb00/0xb00
[   31.389446]  sock_sendmsg+0xca/0x110
[   31.389451]  ___sys_sendmsg+0x767/0x8b0
[   31.389457]  ? copy_msghdr_from_user+0x590/0x590
[   31.389465]  ? __do_page_fault+0x5f7/0xc90
[   31.389469]  ? lock_downgrade+0x980/0x980
[   31.389477]  ? __fget_light+0x297/0x380
[   31.389481]  ? fget_raw+0x20/0x20
[   31.389485]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   31.389489]  ? vmacache_find+0x5f/0x280
[   31.389496]  ? up_read+0x1a/0x40
[   31.389500]  ? __do_page_fault+0x3d6/0xc90
[   31.389504]  ? get_unused_fd_flags+0x190/0x190
[   31.389511]  ? __fdget+0x18/0x20
[   31.389517]  __sys_sendmsg+0xe5/0x210
[   31.389520]  ? __sys_sendmsg+0xe5/0x210
[   31.389525]  ? SyS_shutdown+0x290/0x290
[   31.389530]  ? __do_page_fault+0xc90/0xc90
[   31.389536]  ? fd_install+0x4d/0x60
[   31.389545]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.389551]  SyS_sendmsg+0x2d/0x50
[   31.389557]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   31.389559] RIP: 0033:0x43fea9
[   31.389561] RSP: 002b:00007ffc711685b8 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   31.389565] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043fea9
[   31.389567] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   31.389569] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   31.389571] R10: 0000000000000000 R11: 0000000000000203 R12: 0000000000401810
[   31.389573] R13: 00000000004018a0 R14: 0000000000000000 R15: 0000000000000000
[   31.409781] Dumping ftrace buffer:
[   31.409786]    (ftrace buffer empty)
[   31.409788] Kernel Offset: disabled
[   32.188986] Rebooting in 86400 seconds..