[....] Starting enhanced syslogd: rsyslogd[   12.457065] audit: type=1400 audit(1513349687.985:5): avc:  denied  { syslog } for  pid=3000 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.836080] audit: type=1400 audit(1513349694.364:6): avc:  denied  { map } for  pid=3140 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-mmots-kasan-gce-3,10.128.0.22' (ECDSA) to the list of known hosts.
executing program
[   25.166608] audit: type=1400 audit(1513349700.695:7): avc:  denied  { map } for  pid=3154 comm="syzkaller195152" path="/root/syzkaller195152162" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   25.172280] ==================================================================
[   25.172301] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x1634/0x3270
[   25.172310] Read of size 8192 at addr ffff8801c4d947d8 by task syzkaller195152/3154
[   25.172314] 
[   25.172324] CPU: 1 PID: 3154 Comm: syzkaller195152 Not tainted 4.15.0-rc2-mm1+ #39
[   25.172330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.172335] Call Trace:
[   25.172348]  dump_stack+0x194/0x257
[   25.172363]  ? arch_local_irq_restore+0x53/0x53
[   25.172374]  ? show_regs_print_info+0x18/0x18
[   25.172383]  ? __lock_is_held+0xbc/0x140
[   25.172401]  ? pfkey_add+0x1634/0x3270
[   25.172416]  print_address_description+0x73/0x250
[   25.172427]  ? pfkey_add+0x1634/0x3270
[   25.172438]  kasan_report+0x25b/0x340
[   25.172454]  check_memory_region+0x137/0x190
[   25.172465]  memcpy+0x23/0x50
[   25.172478]  pfkey_add+0x1634/0x3270
[   25.172505]  ? set_ipsecrequest+0x310/0x310
[   25.172519]  ? lock_release+0xda0/0xda0
[   25.172531]  ? set_ipsecrequest+0x310/0x310
[   25.172545]  pfkey_process+0x60b/0x720
[   25.172565]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   25.172573]  ? kasan_check_write+0x14/0x20
[   25.172615]  ? dup_iter+0x182/0x260
[   25.172637]  pfkey_sendmsg+0x4d6/0x9f0
[   25.172654]  ? pfkey_spdget+0xb00/0xb00
[   25.172669]  ? selinux_socket_sendmsg+0x36/0x40
[   25.172680]  ? security_socket_sendmsg+0x89/0xb0
[   25.172691]  ? pfkey_spdget+0xb00/0xb00
[   25.172704]  sock_sendmsg+0xca/0x110
[   25.172718]  ___sys_sendmsg+0x75b/0x8a0
[   25.172736]  ? copy_msghdr_from_user+0x590/0x590
[   25.172748]  ? lock_downgrade+0x980/0x980
[   25.172786]  ? fget_raw+0x20/0x20
[   25.172797]  ? __handle_mm_fault+0x3dd0/0x3dd0
[   25.172806]  ? vmacache_find+0x5f/0x280
[   25.172828]  ? up_read+0x1a/0x40
[   25.172840]  ? __do_page_fault+0x3d6/0xc90
[   25.172848]  ? get_unused_fd_flags+0x190/0x190
[   25.172870]  ? __fdget+0x18/0x20
[   25.172888]  __sys_sendmsg+0xe5/0x210
[   25.172896]  ? __sys_sendmsg+0xe5/0x210
[   25.172908]  ? SyS_shutdown+0x290/0x290
[   25.172922]  ? __do_page_fault+0xc90/0xc90
[   25.172939]  ? fd_install+0x4d/0x60
[   25.172972]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   25.172991]  SyS_sendmsg+0x2d/0x50
[   25.173008]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   25.173016] RIP: 0033:0x43ff59
[   25.173022] RSP: 002b:00007fff9a9df368 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   25.173033] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ff59
[   25.173040] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   25.173046] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   25.173052] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018c0
[   25.173058] R13: 0000000000401950 R14: 0000000000000000 R15: 0000000000000000
[   25.173089] 
[   25.173095] Allocated by task 3154:
[   25.173103]  save_stack+0x43/0xd0
[   25.173110]  kasan_kmalloc+0xad/0xe0
[   25.173120]  __kmalloc_node_track_caller+0x47/0x70
[   25.173128]  __kmalloc_reserve.isra.41+0x41/0xd0
[   25.173135]  __alloc_skb+0x13b/0x780
[   25.173143]  pfkey_sendmsg+0x20f/0x9f0
[   25.173150]  sock_sendmsg+0xca/0x110
[   25.173157]  ___sys_sendmsg+0x75b/0x8a0
[   25.173164]  __sys_sendmsg+0xe5/0x210
[   25.173171]  SyS_sendmsg+0x2d/0x50
[   25.173179]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   25.173183] 
[   25.173188] Freed by task 1655:
[   25.173195]  save_stack+0x43/0xd0
[   25.173203]  kasan_slab_free+0x71/0xc0
[   25.173210]  kfree+0xca/0x250
[   25.173218]  skb_free_head+0x74/0xb0
[   25.173226]  skb_release_data+0x58c/0x790
[   25.173233]  skb_release_all+0x4a/0x60
[   25.173239]  kfree_skb+0x15d/0x4c0
[   25.173250]  unix_stream_connect+0x876/0x1580
[   25.173257]  SYSC_connect+0x20a/0x480
[   25.173264]  SyS_connect+0x24/0x30
[   25.173272]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   25.173276] 
[   25.173283] The buggy address belongs to the object at ffff8801c4d947c0
[   25.173283]  which belongs to the cache kmalloc-512 of size 512
[   25.173291] The buggy address is located 24 bytes inside of
[   25.173291]  512-byte region [ffff8801c4d947c0, ffff8801c4d949c0)
[   25.173296] The buggy address belongs to the page:
[   25.173304] page:00000000c2a6932a count:1 mapcount:0 mapping:0000000001bf1343 index:0x0
[   25.173314] flags: 0x2fffc0000000100(slab)
[   25.173325] raw: 02fffc0000000100 ffff8801c4d94040 0000000000000000 0000000100000006
[   25.173335] raw: ffffea00071363e0 ffffea000715e7e0 ffff8801dac00940 0000000000000000
[   25.173340] page dumped because: kasan: bad access detected
[   25.173343] 
[   25.173348] Memory state around the buggy address:
[   25.173355]  ffff8801c4d94880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.173362]  ffff8801c4d94900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.173370] >ffff8801c4d94980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   25.173374]                                            ^
[   25.173382]  ffff8801c4d94a00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   25.173388]  ffff8801c4d94a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.173393] ==================================================================
[   25.173396] Disabling lock debugging due to kernel taint
[   25.173414] Kernel panic - not syncing: panic_on_warn set ...
[   25.173414] 
[   25.173421] CPU: 1 PID: 3154 Comm: syzkaller195152 Tainted: G    B            4.15.0-rc2-mm1+ #39
[   25.173424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.173425] Call Trace:
[   25.173432]  dump_stack+0x194/0x257
[   25.173441]  ? arch_local_irq_restore+0x53/0x53
[   25.173451]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.173459]  ? vsnprintf+0x1ed/0x1900
[   25.173466]  ? pfkey_add+0x15f0/0x3270
[   25.173473]  panic+0x1e4/0x41c
[   25.173480]  ? refcount_error_report+0x214/0x214
[   25.173488]  ? add_taint+0x1c/0x50
[   25.173495]  ? add_taint+0x1c/0x50
[   25.173503]  ? pfkey_add+0x1634/0x3270
[   25.173509]  kasan_end_report+0x50/0x50
[   25.173516]  kasan_report+0x144/0x340
[   25.173525]  check_memory_region+0x137/0x190
[   25.173532]  memcpy+0x23/0x50
[   25.173539]  pfkey_add+0x1634/0x3270
[   25.173554]  ? set_ipsecrequest+0x310/0x310
[   25.173562]  ? lock_release+0xda0/0xda0
[   25.173569]  ? set_ipsecrequest+0x310/0x310
[   25.173577]  pfkey_process+0x60b/0x720
[   25.173589]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   25.173594]  ? kasan_check_write+0x14/0x20
[   25.173614]  ? dup_iter+0x182/0x260
[   25.173626]  pfkey_sendmsg+0x4d6/0x9f0
[   25.173635]  ? pfkey_spdget+0xb00/0xb00
[   25.173645]  ? selinux_socket_sendmsg+0x36/0x40
[   25.173652]  ? security_socket_sendmsg+0x89/0xb0
[   25.173658]  ? pfkey_spdget+0xb00/0xb00
[   25.173665]  sock_sendmsg+0xca/0x110
[   25.173673]  ___sys_sendmsg+0x75b/0x8a0
[   25.173684]  ? copy_msghdr_from_user+0x590/0x590
[   25.173691]  ? lock_downgrade+0x980/0x980
[   25.173710]  ? fget_raw+0x20/0x20
[   25.173716]  ? __handle_mm_fault+0x3dd0/0x3dd0
[   25.173722]  ? vmacache_find+0x5f/0x280
[   25.173733]  ? up_read+0x1a/0x40
[   25.173740]  ? __do_page_fault+0x3d6/0xc90
[   25.173746]  ? get_unused_fd_flags+0x190/0x190
[   25.173757]  ? __fdget+0x18/0x20
[   25.173767]  __sys_sendmsg+0xe5/0x210
[   25.173772]  ? __sys_sendmsg+0xe5/0x210
[   25.173780]  ? SyS_shutdown+0x290/0x290
[   25.173788]  ? __do_page_fault+0xc90/0xc90
[   25.173797]  ? fd_install+0x4d/0x60
[   25.173813]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   25.173823]  SyS_sendmsg+0x2d/0x50
[   25.173832]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   25.173835] RIP: 0033:0x43ff59
[   25.173838] RSP: 002b:00007fff9a9df368 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   25.173845] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ff59
[   25.173848] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   25.173851] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   25.173855] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018c0
[   25.173858] R13: 0000000000401950 R14: 0000000000000000 R15: 0000000000000000
[   25.192904] Dumping ftrace buffer:
[   25.192908]    (ftrace buffer empty)
[   25.192911] Kernel Offset: disabled
[   25.945414] Rebooting in 86400 seconds..