[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   11.102589] mcstransd (3042) used greatest stack depth: 14944 bytes left
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   11.879398] audit: type=1400 audit(1513862976.977:6): avc:  denied  { map } for  pid=3128 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-9,10.128.0.6' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   23.075600] audit: type=1400 audit(1513862988.174:7): avc:  denied  { map } for  pid=3143 comm="syzkaller230693" path="/root/syzkaller230693335" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   23.082207] ==================================================================
[   23.082231] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x259e/0x3270
[   23.082238] Read of size 6144 at addr ffff8801cb988ad8 by task syzkaller230693/3143
[   23.082239] 
[   23.082248] CPU: 1 PID: 3143 Comm: syzkaller230693 Not tainted 4.15.0-rc4-mm1+ #47
[   23.082252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.082255] Call Trace:
[   23.082266]  dump_stack+0x194/0x257
[   23.082279]  ? arch_local_irq_restore+0x53/0x53
[   23.082290]  ? show_regs_print_info+0x18/0x18
[   23.082298]  ? __lock_is_held+0xb6/0x140
[   23.082314]  ? pfkey_add+0x259e/0x3270
[   23.082327]  print_address_description+0x73/0x250
[   23.082334]  ? pfkey_add+0x259e/0x3270
[   23.082344]  kasan_report+0x23b/0x360
[   23.082358]  check_memory_region+0x137/0x190
[   23.082367]  memcpy+0x23/0x50
[   23.082378]  pfkey_add+0x259e/0x3270
[   23.082401]  ? set_ipsecrequest+0x310/0x310
[   23.082414]  ? lock_release+0xa40/0xa40
[   23.082423]  ? set_ipsecrequest+0x310/0x310
[   23.082434]  pfkey_process+0x60b/0x720
[   23.082451]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   23.082457]  ? kasan_check_write+0x14/0x20
[   23.082498]  ? dup_iter+0x1e2/0x260
[   23.082516]  pfkey_sendmsg+0x4d6/0x9f0
[   23.082530]  ? pfkey_spdget+0xb00/0xb00
[   23.082543]  ? selinux_socket_sendmsg+0x36/0x40
[   23.082553]  ? security_socket_sendmsg+0x89/0xb0
[   23.082561]  ? pfkey_spdget+0xb00/0xb00
[   23.082574]  sock_sendmsg+0xca/0x110
[   23.082586]  ___sys_sendmsg+0x767/0x8b0
[   23.082602]  ? copy_msghdr_from_user+0x590/0x590
[   23.082623]  ? __do_page_fault+0x5f7/0xc90
[   23.082633]  ? lock_downgrade+0x980/0x980
[   23.082652]  ? __fget_light+0x297/0x380
[   23.082662]  ? fget_raw+0x20/0x20
[   23.082672]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   23.082677]  ? vmacache_find+0x5f/0x280
[   23.082695]  ? up_read+0x1a/0x40
[   23.082704]  ? __do_page_fault+0x3d6/0xc90
[   23.082710]  ? get_unused_fd_flags+0x190/0x190
[   23.082728]  ? __fdget+0x18/0x20
[   23.082745]  __sys_sendmsg+0xe5/0x210
[   23.082751]  ? __sys_sendmsg+0xe5/0x210
[   23.082762]  ? SyS_shutdown+0x290/0x290
[   23.082773]  ? __do_page_fault+0xc90/0xc90
[   23.082787]  ? fd_install+0x4d/0x60
[   23.082813]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.082830]  SyS_sendmsg+0x2d/0x50
[   23.082842]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   23.082848] RIP: 0033:0x43fea9
[   23.082852] RSP: 002b:00007ffc521b97f8 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   23.082861] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043fea9
[   23.082865] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   23.082869] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   23.082872] R10: 0000000000000000 R11: 0000000000000203 R12: 0000000000401810
[   23.082876] R13: 00000000004018a0 R14: 0000000000000000 R15: 0000000000000000
[   23.082904] 
[   23.082908] Allocated by task 3143:
[   23.082914]  save_stack+0x43/0xd0
[   23.082920]  kasan_kmalloc+0xad/0xe0
[   23.082926]  __kmalloc_node_track_caller+0x47/0x70
[   23.082932]  __kmalloc_reserve.isra.41+0x41/0xd0
[   23.082938]  __alloc_skb+0x13b/0x780
[   23.082943]  pfkey_sendmsg+0x20f/0x9f0
[   23.082948]  sock_sendmsg+0xca/0x110
[   23.082954]  ___sys_sendmsg+0x767/0x8b0
[   23.082959]  __sys_sendmsg+0xe5/0x210
[   23.082965]  SyS_sendmsg+0x2d/0x50
[   23.082970]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   23.082972] 
[   23.082975] Freed by task 1640:
[   23.082980]  save_stack+0x43/0xd0
[   23.082986]  kasan_slab_free+0x71/0xc0
[   23.082990]  kfree+0xd6/0x260
[   23.082999]  kernfs_fop_release+0x13f/0x180
[   23.083008]  __fput+0x327/0x7e0
[   23.083014]  ____fput+0x15/0x20
[   23.083022]  task_work_run+0x199/0x270
[   23.083033]  exit_to_usermode_loop+0x275/0x2f0
[   23.083039]  syscall_return_slowpath+0x490/0x550
[   23.083045]  entry_SYSCALL_64_fastpath+0x94/0x96
[   23.083047] 
[   23.083052] The buggy address belongs to the object at ffff8801cb988ac0
[   23.083052]  which belongs to the cache kmalloc-512 of size 512
[   23.083057] The buggy address is located 24 bytes inside of
[   23.083057]  512-byte region [ffff8801cb988ac0, ffff8801cb988cc0)
[   23.083059] The buggy address belongs to the page:
[   23.083065] page:ffffea00072e6200 count:1 mapcount:0 mapping:ffff8801cb9880c0 index:0x0
[   23.083072] flags: 0x2fffc0000000100(slab)
[   23.083081] raw: 02fffc0000000100 ffff8801cb9880c0 0000000000000000 0000000100000006
[   23.083089] raw: ffffea0007309de0 ffffea0007300660 ffff8801dac00940 0000000000000000
[   23.083092] page dumped because: kasan: bad access detected
[   23.083094] 
[   23.083096] Memory state around the buggy address:
[   23.083102]  ffff8801cb988b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.083107]  ffff8801cb988c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.083111] >ffff8801cb988c80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   23.083114]                                            ^
[   23.083119]  ffff8801cb988d00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   23.083124]  ffff8801cb988d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   23.083126] ==================================================================
[   23.083129] Disabling lock debugging due to kernel taint
[   23.083143] Kernel panic - not syncing: panic_on_warn set ...
[   23.083143] 
[   23.083150] CPU: 1 PID: 3143 Comm: syzkaller230693 Tainted: G    B            4.15.0-rc4-mm1+ #47
[   23.083153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.083155] Call Trace:
[   23.083161]  dump_stack+0x194/0x257
[   23.083169]  ? arch_local_irq_restore+0x53/0x53
[   23.083177]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   23.083185]  ? vsnprintf+0x1ed/0x1900
[   23.083192]  ? pfkey_add+0x24b0/0x3270
[   23.083200]  panic+0x1e4/0x41c
[   23.083206]  ? refcount_error_report+0x214/0x214
[   23.083215]  ? add_taint+0x1c/0x50
[   23.083222]  ? add_taint+0x1c/0x50
[   23.083230]  ? pfkey_add+0x259e/0x3270
[   23.083237]  kasan_end_report+0x50/0x50
[   23.083243]  kasan_report+0x148/0x360
[   23.083253]  check_memory_region+0x137/0x190
[   23.083260]  memcpy+0x23/0x50
[   23.083267]  pfkey_add+0x259e/0x3270
[   23.083281]  ? set_ipsecrequest+0x310/0x310
[   23.083289]  ? lock_release+0xa40/0xa40
[   23.083296]  ? set_ipsecrequest+0x310/0x310
[   23.083304]  pfkey_process+0x60b/0x720
[   23.083314]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   23.083320]  ? kasan_check_write+0x14/0x20
[   23.083340]  ? dup_iter+0x1e2/0x260
[   23.083352]  pfkey_sendmsg+0x4d6/0x9f0
[   23.083361]  ? pfkey_spdget+0xb00/0xb00
[   23.083369]  ? selinux_socket_sendmsg+0x36/0x40
[   23.083377]  ? security_socket_sendmsg+0x89/0xb0
[   23.083383]  ? pfkey_spdget+0xb00/0xb00
[   23.083390]  sock_sendmsg+0xca/0x110
[   23.083399]  ___sys_sendmsg+0x767/0x8b0
[   23.083409]  ? copy_msghdr_from_user+0x590/0x590
[   23.083422]  ? __do_page_fault+0x5f7/0xc90
[   23.083429]  ? lock_downgrade+0x980/0x980
[   23.083440]  ? __fget_light+0x297/0x380
[   23.083447]  ? fget_raw+0x20/0x20
[   23.083454]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   23.083458]  ? vmacache_find+0x5f/0x280
[   23.083470]  ? up_read+0x1a/0x40
[   23.083476]  ? __do_page_fault+0x3d6/0xc90
[   23.083482]  ? get_unused_fd_flags+0x190/0x190
[   23.083493]  ? __fdget+0x18/0x20
[   23.083503]  __sys_sendmsg+0xe5/0x210
[   23.083509]  ? __sys_sendmsg+0xe5/0x210
[   23.083517]  ? SyS_shutdown+0x290/0x290
[   23.083525]  ? __do_page_fault+0xc90/0xc90
[   23.083534]  ? fd_install+0x4d/0x60
[   23.083549]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.083560]  SyS_sendmsg+0x2d/0x50
[   23.083568]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   23.083572] RIP: 0033:0x43fea9
[   23.083575] RSP: 002b:00007ffc521b97f8 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   23.083581] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043fea9
[   23.083585] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   23.083589] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   23.083592] R10: 0000000000000000 R11: 0000000000000203 R12: 0000000000401810
[   23.083595] R13: 00000000004018a0 R14: 0000000000000000 R15: 0000000000000000
[   23.101940] Dumping ftrace buffer:
[   23.101944]    (ftrace buffer empty)
[   23.101947] Kernel Offset: disabled
[   23.867493] Rebooting in 86400 seconds..