[....] Starting enhanced syslogd: rsyslogd[   13.236130] audit: type=1400 audit(1512850494.420:5): avc:  denied  { syslog } for  pid=2993 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   26.806144] audit: type=1400 audit(1512850507.990:6): avc:  denied  { map } for  pid=3135 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-kasan-gce-0,10.128.0.2' (ECDSA) to the list of known hosts.
executing program
[   32.898739] audit: type=1400 audit(1512850514.083:7): avc:  denied  { map } for  pid=3149 comm="syzkaller168370" path="/root/syzkaller168370441" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   32.903759] ==================================================================
[   32.903774] BUG: KASAN: use-after-free in aead_recvmsg+0x1758/0x1bc0
[   32.903779] Read of size 4 at addr ffff8801c5259e5c by task syzkaller168370/3149
[   32.903781] 
[   32.903788] CPU: 0 PID: 3149 Comm: syzkaller168370 Not tainted 4.15.0-rc2+ #214
[   32.903793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.903795] Call Trace:
[   32.903803]  dump_stack+0x194/0x257
[   32.903813]  ? arch_local_irq_restore+0x53/0x53
[   32.903821]  ? show_regs_print_info+0x18/0x18
[   32.903831]  ? af_alg_make_sg+0x510/0x510
[   32.903838]  ? aead_recvmsg+0x1758/0x1bc0
[   32.903846]  print_address_description+0x73/0x250
[   32.903853]  ? aead_recvmsg+0x1758/0x1bc0
[   32.903860]  kasan_report+0x25b/0x340
[   32.903870]  __asan_report_load4_noabort+0x14/0x20
[   32.903876]  aead_recvmsg+0x1758/0x1bc0
[   32.903900]  ? aead_release+0x50/0x50
[   32.903911]  ? selinux_socket_recvmsg+0x36/0x40
[   32.903918]  ? security_socket_recvmsg+0x91/0xc0
[   32.903927]  ? aead_release+0x50/0x50
[   32.903935]  sock_recvmsg+0xc9/0x110
[   32.903941]  ? __sock_recv_wifi_status+0x210/0x210
[   32.903950]  ___sys_recvmsg+0x29b/0x630
[   32.903965]  ? ___sys_sendmsg+0x8a0/0x8a0
[   32.903992]  ? __handle_mm_fault+0x3e20/0x3e20
[   32.903998]  ? vmacache_find+0x5f/0x280
[   32.904016]  ? up_read+0x1a/0x40
[   32.904025]  ? __do_page_fault+0x3d6/0xc90
[   32.904032]  ? task_work_run+0x1f4/0x270
[   32.904048]  ? __fdget+0x18/0x20
[   32.904059]  __sys_recvmsg+0xe2/0x210
[   32.904064]  ? __sys_recvmsg+0xe2/0x210
[   32.904072]  ? SyS_sendmmsg+0x60/0x60
[   32.904081]  ? __do_page_fault+0xc90/0xc90
[   32.904105]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   32.904117]  SyS_recvmsg+0x2d/0x50
[   32.904131]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   32.904136] RIP: 0033:0x440009
[   32.904140] RSP: 002b:00007ffee19bc768 EFLAGS: 00000286 ORIG_RAX: 000000000000002f
[   32.904147] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440009
[   32.904151] RDX: 0000000000002021 RSI: 0000000020b2dfc8 RDI: 0000000000000004
[   32.904155] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   32.904159] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000401970
[   32.904162] R13: 0000000000401a00 R14: 0000000000000000 R15: 0000000000000000
[   32.904181] 
[   32.904185] Allocated by task 3149:
[   32.904190]  save_stack+0x43/0xd0
[   32.904194]  kasan_kmalloc+0xad/0xe0
[   32.904200]  __kmalloc+0x162/0x760
[   32.904207]  crypto_create_tfm+0x82/0x2e0
[   32.904212]  crypto_alloc_tfm+0x10e/0x2f0
[   32.904217]  crypto_alloc_skcipher+0x2c/0x40
[   32.904223]  crypto_get_default_null_skcipher+0x5f/0x80
[   32.904228]  aead_bind+0x89/0x140
[   32.904232]  alg_bind+0x1ab/0x440
[   32.904236]  SYSC_bind+0x1b4/0x3f0
[   32.904241]  SyS_bind+0x24/0x30
[   32.904246]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   32.904248] 
[   32.904251] Freed by task 3149:
[   32.904255]  save_stack+0x43/0xd0
[   32.904260]  kasan_slab_free+0x71/0xc0
[   32.904264]  kfree+0xca/0x250
[   32.904269]  kzfree+0x28/0x30
[   32.904274]  crypto_destroy_tfm+0x140/0x2e0
[   32.904279]  crypto_put_default_null_skcipher+0x35/0x60
[   32.904284]  aead_sock_destruct+0x13c/0x220
[   32.904289]  __sk_destruct+0xfd/0x910
[   32.904293]  sk_destruct+0x47/0x80
[   32.904298]  __sk_free+0x57/0x230
[   32.904302]  sk_free+0x2a/0x40
[   32.904306]  af_alg_release+0x5d/0x70
[   32.904310]  sock_release+0x8d/0x1e0
[   32.904315]  sock_close+0x16/0x20
[   32.904320]  __fput+0x333/0x7f0
[   32.904325]  ____fput+0x15/0x20
[   32.904330]  task_work_run+0x199/0x270
[   32.904337]  exit_to_usermode_loop+0x296/0x310
[   32.904341]  syscall_return_slowpath+0x490/0x550
[   32.904346]  entry_SYSCALL_64_fastpath+0x94/0x96
[   32.904348] 
[   32.904353] The buggy address belongs to the object at ffff8801c5259e40
[   32.904353]  which belongs to the cache kmalloc-128 of size 128
[   32.904357] The buggy address is located 28 bytes inside of
[   32.904357]  128-byte region [ffff8801c5259e40, ffff8801c5259ec0)
[   32.904360] The buggy address belongs to the page:
[   32.904365] page:00000000ac68fd2d count:1 mapcount:0 mapping:000000003296ebe9 index:0x0
[   32.904372] flags: 0x2fffc0000000100(slab)
[   32.904381] raw: 02fffc0000000100 ffff8801c5259000 0000000000000000 0000000100000015
[   32.904386] raw: ffffea00071653a0 ffffea0007133320 ffff8801db000640 0000000000000000
[   32.904390] page dumped because: kasan: bad access detected
[   32.904392] 
[   32.904394] Memory state around the buggy address:
[   32.904400]  ffff8801c5259d00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   32.904404]  ffff8801c5259d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.904409] >ffff8801c5259e00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   32.904412]                                                     ^
[   32.904417]  ffff8801c5259e80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   32.904421]  ffff8801c5259f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.904424] ==================================================================
[   32.904426] Disabling lock debugging due to kernel taint
[   32.904442] Kernel panic - not syncing: panic_on_warn set ...
[   32.904442] 
[   32.904446] CPU: 0 PID: 3149 Comm: syzkaller168370 Tainted: G    B            4.15.0-rc2+ #214
[   32.904448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.904450] Call Trace:
[   32.904454]  dump_stack+0x194/0x257
[   32.904459]  ? arch_local_irq_restore+0x53/0x53
[   32.904464]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   32.904469]  ? vsnprintf+0x1ed/0x1900
[   32.904473]  ? aead_recvmsg+0x1710/0x1bc0
[   32.904478]  panic+0x1e4/0x41c
[   32.904481]  ? refcount_error_report+0x214/0x214
[   32.904488]  ? add_taint+0x1c/0x50
[   32.904492]  ? add_taint+0x1c/0x50
[   32.904497]  ? aead_recvmsg+0x1758/0x1bc0
[   32.904501]  kasan_end_report+0x50/0x50
[   32.904504]  kasan_report+0x144/0x340
[   32.904510]  __asan_report_load4_noabort+0x14/0x20
[   32.904514]  aead_recvmsg+0x1758/0x1bc0
[   32.904527]  ? aead_release+0x50/0x50
[   32.904532]  ? selinux_socket_recvmsg+0x36/0x40
[   32.904536]  ? security_socket_recvmsg+0x91/0xc0
[   32.904541]  ? aead_release+0x50/0x50
[   32.904545]  sock_recvmsg+0xc9/0x110
[   32.904549]  ? __sock_recv_wifi_status+0x210/0x210
[   32.904554]  ___sys_recvmsg+0x29b/0x630
[   32.904562]  ? ___sys_sendmsg+0x8a0/0x8a0
[   32.904575]  ? __handle_mm_fault+0x3e20/0x3e20
[   32.904579]  ? vmacache_find+0x5f/0x280
[   32.904586]  ? up_read+0x1a/0x40
[   32.904590]  ? __do_page_fault+0x3d6/0xc90
[   32.904594]  ? task_work_run+0x1f4/0x270
[   32.904601]  ? __fdget+0x18/0x20
[   32.904608]  __sys_recvmsg+0xe2/0x210
[   32.904611]  ? __sys_recvmsg+0xe2/0x210
[   32.904616]  ? SyS_sendmmsg+0x60/0x60
[   32.904621]  ? __do_page_fault+0xc90/0xc90
[   32.904634]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   32.904641]  SyS_recvmsg+0x2d/0x50
[   32.904645]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   32.904648] RIP: 0033:0x440009
[   32.904650] RSP: 002b:00007ffee19bc768 EFLAGS: 00000286 ORIG_RAX: 000000000000002f
[   32.904654] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440009
[   32.904656] RDX: 0000000000002021 RSI: 0000000020b2dfc8 RDI: 0000000000000004
[   32.904658] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   32.904660] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000401970
[   32.904662] R13: 0000000000401a00 R14: 0000000000000000 R15: 0000000000000000
[   32.924654] Dumping ftrace buffer:
[   32.924658]    (ftrace buffer empty)
[   32.924660] Kernel Offset: disabled
[   33.628914] Rebooting in 86400 seconds..