[....] Starting enhanced syslogd: rsyslogd[   11.690790] audit: type=1400 audit(1514506897.381:5): avc:  denied  { syslog } for  pid=2995 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   16.369628] audit: type=1400 audit(1514506902.060:6): avc:  denied  { map } for  pid=3134 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts.
executing program
[   22.564900] audit: type=1400 audit(1514506908.255:7): avc:  denied  { map } for  pid=3148 comm="syzkaller653601" path="/root/syzkaller653601738" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   22.571380] ==================================================================
[   22.571404] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x259e/0x3270
[   22.571410] Read of size 8192 at addr ffff8801cf0fda98 by task syzkaller653601/3148
[   22.571412] 
[   22.571422] CPU: 1 PID: 3148 Comm: syzkaller653601 Not tainted 4.15.0-rc5+ #239
[   22.571426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.571429] Call Trace:
[   22.571441]  dump_stack+0x194/0x257
[   22.571454]  ? arch_local_irq_restore+0x53/0x53
[   22.571466]  ? show_regs_print_info+0x18/0x18
[   22.571473]  ? __lock_is_held+0xb6/0x140
[   22.571488]  ? pfkey_add+0x259e/0x3270
[   22.571502]  print_address_description+0x73/0x250
[   22.571510]  ? pfkey_add+0x259e/0x3270
[   22.571519]  kasan_report+0x25b/0x340
[   22.571533]  check_memory_region+0x137/0x190
[   22.571542]  memcpy+0x23/0x50
[   22.571552]  pfkey_add+0x259e/0x3270
[   22.571576]  ? set_ipsecrequest+0x310/0x310
[   22.571588]  ? lock_release+0xa40/0xa40
[   22.571597]  ? set_ipsecrequest+0x310/0x310
[   22.571609]  pfkey_process+0x60b/0x720
[   22.571626]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   22.571631]  ? kasan_check_write+0x14/0x20
[   22.571669]  ? dup_iter+0x1f2/0x260
[   22.571688]  pfkey_sendmsg+0x4d6/0x9f0
[   22.571702]  ? pfkey_spdget+0xb00/0xb00
[   22.571717]  ? selinux_socket_sendmsg+0x36/0x40
[   22.571725]  ? security_socket_sendmsg+0x89/0xb0
[   22.571733]  ? pfkey_spdget+0xb00/0xb00
[   22.571746]  sock_sendmsg+0xca/0x110
[   22.571758]  ___sys_sendmsg+0x767/0x8b0
[   22.571773]  ? copy_msghdr_from_user+0x590/0x590
[   22.571794]  ? __do_page_fault+0x5f7/0xc90
[   22.571803]  ? lock_downgrade+0x980/0x980
[   22.571823]  ? __fget_light+0x297/0x380
[   22.571833]  ? fget_raw+0x20/0x20
[   22.571842]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   22.571849]  ? vmacache_find+0x5f/0x280
[   22.571868]  ? up_read+0x1a/0x40
[   22.571877]  ? __do_page_fault+0x3d6/0xc90
[   22.571883]  ? get_unused_fd_flags+0x190/0x190
[   22.571902]  ? __fdget+0x18/0x20
[   22.571917]  __sys_sendmsg+0xe5/0x210
[   22.571923]  ? __sys_sendmsg+0xe5/0x210
[   22.571933]  ? SyS_shutdown+0x290/0x290
[   22.571944]  ? __do_page_fault+0xc90/0xc90
[   22.571959]  ? fd_install+0x4d/0x60
[   22.571984]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   22.572004]  SyS_sendmsg+0x2d/0x50
[   22.572016]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   22.572023] RIP: 0033:0x43ff39
[   22.572026] RSP: 002b:00007ffea4099578 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   22.572034] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff39
[   22.572038] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   22.572042] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   22.572047] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018a0
[   22.572050] R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000
[   22.572078] 
[   22.572082] Allocated by task 3148:
[   22.572089]  save_stack+0x43/0xd0
[   22.572094]  kasan_kmalloc+0xad/0xe0
[   22.572102]  __kmalloc_node_track_caller+0x47/0x70
[   22.572108]  __kmalloc_reserve.isra.41+0x41/0xd0
[   22.572115]  __alloc_skb+0x13b/0x780
[   22.572121]  pfkey_sendmsg+0x20f/0x9f0
[   22.572126]  sock_sendmsg+0xca/0x110
[   22.572131]  ___sys_sendmsg+0x767/0x8b0
[   22.572136]  __sys_sendmsg+0xe5/0x210
[   22.572145]  SyS_sendmsg+0x2d/0x50
[   22.572151]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   22.572153] 
[   22.572155] Freed by task 1634:
[   22.572161]  save_stack+0x43/0xd0
[   22.572166]  kasan_slab_free+0x71/0xc0
[   22.572170]  kfree+0xd6/0x260
[   22.572180]  kernfs_fop_release+0x13f/0x180
[   22.572186]  __fput+0x327/0x7e0
[   22.572191]  ____fput+0x15/0x20
[   22.572200]  task_work_run+0x199/0x270
[   22.572208]  exit_to_usermode_loop+0x296/0x310
[   22.572214]  syscall_return_slowpath+0x490/0x550
[   22.572220]  entry_SYSCALL_64_fastpath+0x94/0x96
[   22.572221] 
[   22.572226] The buggy address belongs to the object at ffff8801cf0fda80
[   22.572226]  which belongs to the cache kmalloc-512 of size 512
[   22.572232] The buggy address is located 24 bytes inside of
[   22.572232]  512-byte region [ffff8801cf0fda80, ffff8801cf0fdc80)
[   22.572234] The buggy address belongs to the page:
[   22.572240] page:0000000044c0472d count:1 mapcount:0 mapping:00000000872cca8a index:0x0
[   22.572248] flags: 0x2fffc0000000100(slab)
[   22.572257] raw: 02fffc0000000100 ffff8801cf0fd080 0000000000000000 0000000100000006
[   22.572264] raw: ffffea00073c3da0 ffffea00073ca120 ffff8801db000940 0000000000000000
[   22.572267] page dumped because: kasan: bad access detected
[   22.572269] 
[   22.572271] Memory state around the buggy address:
[   22.572277]  ffff8801cf0fdb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.572281]  ffff8801cf0fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.572286] >ffff8801cf0fdc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.572289]                    ^
[   22.572294]  ffff8801cf0fdd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.572299]  ffff8801cf0fdd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.572301] ==================================================================
[   22.572303] Disabling lock debugging due to kernel taint
[   22.572318] Kernel panic - not syncing: panic_on_warn set ...
[   22.572318] 
[   22.572324] CPU: 1 PID: 3148 Comm: syzkaller653601 Tainted: G    B            4.15.0-rc5+ #239
[   22.572327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.572329] Call Trace:
[   22.572335]  dump_stack+0x194/0x257
[   22.572344]  ? arch_local_irq_restore+0x53/0x53
[   22.572351]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   22.572360]  ? vsnprintf+0x1ed/0x1900
[   22.572367]  ? pfkey_add+0x2550/0x3270
[   22.572375]  panic+0x1e4/0x41c
[   22.572382]  ? refcount_error_report+0x214/0x214
[   22.572391]  ? add_taint+0x1c/0x50
[   22.572398]  ? add_taint+0x1c/0x50
[   22.572406]  ? pfkey_add+0x259e/0x3270
[   22.572412]  kasan_end_report+0x50/0x50
[   22.572418]  kasan_report+0x144/0x340
[   22.572428]  check_memory_region+0x137/0x190
[   22.572434]  memcpy+0x23/0x50
[   22.572442]  pfkey_add+0x259e/0x3270
[   22.572456]  ? set_ipsecrequest+0x310/0x310
[   22.572464]  ? lock_release+0xa40/0xa40
[   22.572471]  ? set_ipsecrequest+0x310/0x310
[   22.572479]  pfkey_process+0x60b/0x720
[   22.572490]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   22.572496]  ? kasan_check_write+0x14/0x20
[   22.572516]  ? dup_iter+0x1f2/0x260
[   22.572528]  pfkey_sendmsg+0x4d6/0x9f0
[   22.572537]  ? pfkey_spdget+0xb00/0xb00
[   22.572546]  ? selinux_socket_sendmsg+0x36/0x40
[   22.572553]  ? security_socket_sendmsg+0x89/0xb0
[   22.572560]  ? pfkey_spdget+0xb00/0xb00
[   22.572568]  sock_sendmsg+0xca/0x110
[   22.572576]  ___sys_sendmsg+0x767/0x8b0
[   22.572586]  ? copy_msghdr_from_user+0x590/0x590
[   22.572598]  ? __do_page_fault+0x5f7/0xc90
[   22.572605]  ? lock_downgrade+0x980/0x980
[   22.572617]  ? __fget_light+0x297/0x380
[   22.572624]  ? fget_raw+0x20/0x20
[   22.572631]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   22.572637]  ? vmacache_find+0x5f/0x280
[   22.572648]  ? up_read+0x1a/0x40
[   22.572655]  ? __do_page_fault+0x3d6/0xc90
[   22.572661]  ? get_unused_fd_flags+0x190/0x190
[   22.572673]  ? __fdget+0x18/0x20
[   22.572683]  __sys_sendmsg+0xe5/0x210
[   22.572687]  ? __sys_sendmsg+0xe5/0x210
[   22.572695]  ? SyS_shutdown+0x290/0x290
[   22.572703]  ? __do_page_fault+0xc90/0xc90
[   22.572713]  ? fd_install+0x4d/0x60
[   22.572728]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   22.572738]  SyS_sendmsg+0x2d/0x50
[   22.572747]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   22.572750] RIP: 0033:0x43ff39
[   22.572754] RSP: 002b:00007ffea4099578 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   22.572760] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff39
[   22.572764] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   22.572767] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   22.572771] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018a0
[   22.572774] R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000
[   22.591881] Dumping ftrace buffer:
[   22.591885]    (ftrace buffer empty)
[   22.591888] Kernel Offset: disabled
[   23.369027] Rebooting in 86400 seconds..