[....] Starting enhanced syslogd: rsyslogd[   16.004182] audit: type=1400 audit(1520717752.728:5): avc:  denied  { syslog } for  pid=3964 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.875976] audit: type=1400 audit(1520717755.600:6): avc:  denied  { map } for  pid=4105 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.10.5' (ECDSA) to the list of known hosts.
[   25.199606] audit: type=1400 audit(1520717761.924:7): avc:  denied  { map } for  pid=4119 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/03/10 21:36:02 parsed 1 programs
2018/03/10 21:36:02 executed programs: 0
[   25.442052] audit: type=1400 audit(1520717762.166:8): avc:  denied  { map } for  pid=4119 comm="syz-execprog" path="/root/syzkaller-shm695625467" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   25.450617] IPVS: ftp: loaded support on port[0] = 21
[   25.499104] ==================================================================
[   25.506513] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x1634/0x3270
[   25.513067] Read of size 2368 at addr ffff8801c6bef880 by task syz-executor0/4127
[   25.520654] 
[   25.522256] CPU: 1 PID: 4127 Comm: syz-executor0 Not tainted 4.16.0-rc4+ #259
[   25.529762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.539094] Call Trace:
[   25.541655]  dump_stack+0x194/0x24d
[   25.545254]  ? arch_local_irq_restore+0x53/0x53
[   25.549901]  ? show_regs_print_info+0x18/0x18
[   25.554365]  ? __lock_is_held+0xb6/0x140
[   25.558402]  ? pfkey_add+0x1634/0x3270
[   25.562265]  print_address_description+0x73/0x250
[   25.567078]  ? pfkey_add+0x1634/0x3270
[   25.570935]  kasan_report+0x23c/0x360
[   25.574710]  check_memory_region+0x137/0x190
[   25.579087]  memcpy+0x23/0x50
[   25.582165]  pfkey_add+0x1634/0x3270
[   25.585864]  ? set_ipsecrequest+0x310/0x310
[   25.590165]  ? lock_release+0xa40/0xa40
[   25.594117]  ? set_ipsecrequest+0x310/0x310
[   25.598412]  pfkey_process+0x67e/0x740
[   25.602276]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   25.607260]  ? kasan_check_write+0x14/0x20
[   25.611490]  pfkey_sendmsg+0x4dc/0xa00
[   25.615351]  ? pfkey_spdget+0xb00/0xb00
[   25.619302]  ? selinux_socket_sendmsg+0x36/0x40
[   25.623946]  ? security_socket_sendmsg+0x89/0xb0
[   25.628676]  ? pfkey_spdget+0xb00/0xb00
[   25.632624]  sock_sendmsg+0xca/0x110
[   25.636322]  ___sys_sendmsg+0x767/0x8b0
[   25.640277]  ? copy_msghdr_from_user+0x590/0x590
[   25.645014]  ? __handle_mm_fault+0x5ba/0x38c0
[   25.649494]  ? __pmd_alloc+0x4e0/0x4e0
[   25.653361]  ? trace_hardirqs_off+0x10/0x10
[   25.657670]  ? __fget_light+0x2b2/0x3c0
[   25.661623]  ? fget_raw+0x20/0x20
[   25.665060]  ? find_held_lock+0x35/0x1d0
[   25.669104]  __sys_sendmsg+0xe5/0x210
[   25.672874]  ? __sys_sendmsg+0xe5/0x210
[   25.676824]  ? SyS_shutdown+0x290/0x290
[   25.680776]  ? compat_SyS_futex+0x288/0x380
[   25.685095]  compat_SyS_sendmsg+0x2a/0x40
[   25.689214]  ? compat_SyS_getsockopt+0x420/0x420
[   25.693941]  do_fast_syscall_32+0x3ec/0xf9f
[   25.698239]  ? do_int80_syscall_32+0x9c0/0x9c0
[   25.702792]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.707522]  ? syscall_return_slowpath+0x2ac/0x550
[   25.712425]  ? prepare_exit_to_usermode+0x350/0x350
[   25.717417]  ? sysret32_from_system_call+0x5/0x3c
[   25.722233]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   25.727060]  entry_SYSENTER_compat+0x70/0x7f
[   25.731444] RIP: 0023:0xf7f43c99
[   25.734780] RSP: 002b:00000000ffe419fc EFLAGS: 00000286 ORIG_RAX: 0000000000000172
[   25.742462] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020b6dfc8
[   25.749703] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   25.756943] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   25.764183] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   25.771422] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   25.778676] 
[   25.780275] Allocated by task 4127:
[   25.783874]  save_stack+0x43/0xd0
[   25.787294]  kasan_kmalloc+0xad/0xe0
[   25.790981]  __kmalloc_node_track_caller+0x47/0x70
[   25.795886]  __kmalloc_reserve.isra.39+0x41/0xd0
[   25.800615]  __alloc_skb+0x13b/0x780
[   25.804303]  pfkey_sendmsg+0x20f/0xa00
[   25.808162]  sock_sendmsg+0xca/0x110
[   25.811841]  ___sys_sendmsg+0x767/0x8b0
[   25.815784]  __sys_sendmsg+0xe5/0x210
[   25.819554]  compat_SyS_sendmsg+0x2a/0x40
[   25.823671]  do_fast_syscall_32+0x3ec/0xf9f
[   25.827963]  entry_SYSENTER_compat+0x70/0x7f
[   25.832335] 
[   25.833934] Freed by task 0:
[   25.836923] (stack is not available)
[   25.840604] 
[   25.842208] The buggy address belongs to the object at ffff8801c6bef840
[   25.842208]  which belongs to the cache kmalloc-512 of size 512
[   25.854838] The buggy address is located 64 bytes inside of
[   25.854838]  512-byte region [ffff8801c6bef840, ffff8801c6befa40)
[   25.866600] The buggy address belongs to the page:
[   25.871499] page:ffffea00071afbc0 count:1 mapcount:0 mapping:ffff8801c6bef0c0 index:0x0
[   25.879610] flags: 0x2fffc0000000100(slab)
[   25.883817] raw: 02fffc0000000100 ffff8801c6bef0c0 0000000000000000 0000000100000006
[   25.891665] raw: ffffea00072059a0 ffffea00072c4d60 ffff8801dac00940 0000000000000000
[   25.899512] page dumped because: kasan: bad access detected
[   25.905192] 
[   25.906785] Memory state around the buggy address:
[   25.911680]  ffff8801c6bef900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.919006]  ffff8801c6bef980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.926330] >ffff8801c6befa00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   25.933655]                                            ^
[   25.939075]  ffff8801c6befa80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   25.946399]  ffff8801c6befb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.953724] ==================================================================
[   25.961048] Disabling lock debugging due to kernel taint
[   25.966548] Kernel panic - not syncing: panic_on_warn set ...
[   25.966548] 
[   25.973883] CPU: 1 PID: 4127 Comm: syz-executor0 Tainted: G    B            4.16.0-rc4+ #259
[   25.982424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.991746] Call Trace:
[   25.994307]  dump_stack+0x194/0x24d
[   25.997901]  ? arch_local_irq_restore+0x53/0x53
[   26.002539]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.007649]  ? vsnprintf+0x1ed/0x1900
[   26.011425]  ? pfkey_add+0x1540/0x3270
[   26.015285]  panic+0x1e4/0x41c
[   26.018446]  ? refcount_error_report+0x214/0x214
[   26.023171]  ? add_taint+0x1c/0x50
[   26.026678]  ? add_taint+0x1c/0x50
[   26.030185]  ? pfkey_add+0x1634/0x3270
[   26.034042]  kasan_end_report+0x50/0x50
[   26.037981]  kasan_report+0x149/0x360
[   26.041750]  check_memory_region+0x137/0x190
[   26.046128]  memcpy+0x23/0x50
[   26.049203]  pfkey_add+0x1634/0x3270
[   26.052889]  ? set_ipsecrequest+0x310/0x310
[   26.057179]  ? lock_release+0xa40/0xa40
[   26.061122]  ? set_ipsecrequest+0x310/0x310
[   26.065412]  pfkey_process+0x67e/0x740
[   26.069269]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   26.074254]  ? kasan_check_write+0x14/0x20
[   26.078471]  pfkey_sendmsg+0x4dc/0xa00
[   26.082326]  ? pfkey_spdget+0xb00/0xb00
[   26.086272]  ? selinux_socket_sendmsg+0x36/0x40
[   26.090913]  ? security_socket_sendmsg+0x89/0xb0
[   26.095636]  ? pfkey_spdget+0xb00/0xb00
[   26.099578]  sock_sendmsg+0xca/0x110
[   26.103262]  ___sys_sendmsg+0x767/0x8b0
[   26.107208]  ? copy_msghdr_from_user+0x590/0x590
[   26.111937]  ? __handle_mm_fault+0x5ba/0x38c0
[   26.116404]  ? __pmd_alloc+0x4e0/0x4e0
[   26.120260]  ? trace_hardirqs_off+0x10/0x10
[   26.124552]  ? __fget_light+0x2b2/0x3c0
[   26.128497]  ? fget_raw+0x20/0x20
[   26.131925]  ? find_held_lock+0x35/0x1d0
[   26.135959]  __sys_sendmsg+0xe5/0x210
[   26.139726]  ? __sys_sendmsg+0xe5/0x210
[   26.143668]  ? SyS_shutdown+0x290/0x290
[   26.147613]  ? compat_SyS_futex+0x288/0x380
[   26.151916]  compat_SyS_sendmsg+0x2a/0x40
[   26.156030]  ? compat_SyS_getsockopt+0x420/0x420
[   26.160754]  do_fast_syscall_32+0x3ec/0xf9f
[   26.165050]  ? do_int80_syscall_32+0x9c0/0x9c0
[   26.169598]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.174329]  ? syscall_return_slowpath+0x2ac/0x550
[   26.179226]  ? prepare_exit_to_usermode+0x350/0x350
[   26.184212]  ? sysret32_from_system_call+0x5/0x3c
[   26.189024]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.193840]  entry_SYSENTER_compat+0x70/0x7f
[   26.198214] RIP: 0023:0xf7f43c99
[   26.201546] RSP: 002b:00000000ffe419fc EFLAGS: 00000286 ORIG_RAX: 0000000000000172
[   26.209219] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020b6dfc8
[   26.216455] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   26.223690] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   26.230925] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   26.238161] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   26.245819] Dumping ftrace buffer:
[   26.249332]    (ftrace buffer empty)
[   26.253010] Kernel Offset: disabled
[   26.256605] Rebooting in 86400 seconds..