[....] Starting enhanced syslogd: rsyslogd[   11.893611] audit: type=1400 audit(1513021715.231:5): avc:  denied  { syslog } for  pid=3003 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   34.185262] audit: type=1400 audit(1513021737.522:6): avc:  denied  { map } for  pid=3146 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-kasan-gce-9,10.128.0.31' (ECDSA) to the list of known hosts.
executing program
[   40.304078] audit: type=1400 audit(1513021743.641:7): avc:  denied  { map } for  pid=3158 comm="syzkaller209000" path="/root/syzkaller209000069" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   40.307418] ==================================================================
[   40.307433] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x1634/0x3270
[   40.307438] Read of size 8192 at addr ffff8801c4e35598 by task syzkaller209000/3158
[   40.307441] 
[   40.307447] CPU: 1 PID: 3158 Comm: syzkaller209000 Not tainted 4.15.0-rc3+ #217
[   40.307451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.307454] Call Trace:
[   40.307463]  dump_stack+0x194/0x257
[   40.307472]  ? arch_local_irq_restore+0x53/0x53
[   40.307480]  ? show_regs_print_info+0x18/0x18
[   40.307486]  ? __lock_is_held+0xbc/0x140
[   40.307497]  ? pfkey_add+0x1634/0x3270
[   40.307506]  print_address_description+0x73/0x250
[   40.307512]  ? pfkey_add+0x1634/0x3270
[   40.307519]  kasan_report+0x25b/0x340
[   40.307529]  check_memory_region+0x137/0x190
[   40.307535]  memcpy+0x23/0x50
[   40.307543]  pfkey_add+0x1634/0x3270
[   40.307559]  ? set_ipsecrequest+0x310/0x310
[   40.307568]  ? lock_release+0xda0/0xda0
[   40.307580]  ? set_ipsecrequest+0x310/0x310
[   40.307588]  pfkey_process+0x60b/0x720
[   40.307600]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   40.307604]  ? kasan_check_write+0x14/0x20
[   40.307631]  ? dup_iter+0x192/0x260
[   40.307644]  pfkey_sendmsg+0x4d6/0x9f0
[   40.307654]  ? pfkey_spdget+0xb00/0xb00
[   40.307665]  ? selinux_socket_sendmsg+0x36/0x40
[   40.307672]  ? security_socket_sendmsg+0x89/0xb0
[   40.307678]  ? pfkey_spdget+0xb00/0xb00
[   40.307689]  sock_sendmsg+0xca/0x110
[   40.307698]  ___sys_sendmsg+0x75b/0x8a0
[   40.307709]  ? copy_msghdr_from_user+0x590/0x590
[   40.307716]  ? lock_downgrade+0x980/0x980
[   40.307741]  ? fget_raw+0x20/0x20
[   40.307749]  ? __handle_mm_fault+0x3e20/0x3e20
[   40.307755]  ? vmacache_find+0x5f/0x280
[   40.307769]  ? up_read+0x1a/0x40
[   40.307777]  ? __do_page_fault+0x3d6/0xc90
[   40.307782]  ? get_unused_fd_flags+0x190/0x190
[   40.307795]  ? __fdget+0x18/0x20
[   40.307807]  __sys_sendmsg+0xe5/0x210
[   40.307812]  ? __sys_sendmsg+0xe5/0x210
[   40.307820]  ? SyS_shutdown+0x290/0x290
[   40.307828]  ? __do_page_fault+0xc90/0xc90
[   40.307838]  ? fd_install+0x4d/0x60
[   40.307856]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.307868]  SyS_sendmsg+0x2d/0x50
[   40.307877]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   40.307883] RIP: 0033:0x43ff59
[   40.307887] RSP: 002b:00007ffcab2644d8 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   40.307894] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff59
[   40.307898] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   40.307901] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   40.307905] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018c0
[   40.307908] R13: 0000000000401950 R14: 0000000000000000 R15: 0000000000000000
[   40.307927] 
[   40.307931] Allocated by task 3158:
[   40.307936]  save_stack+0x43/0xd0
[   40.307940]  kasan_kmalloc+0xad/0xe0
[   40.307946]  __kmalloc_node_track_caller+0x47/0x70
[   40.307951]  __kmalloc_reserve.isra.41+0x41/0xd0
[   40.307956]  __alloc_skb+0x13b/0x780
[   40.307960]  pfkey_sendmsg+0x20f/0x9f0
[   40.307964]  sock_sendmsg+0xca/0x110
[   40.307969]  ___sys_sendmsg+0x75b/0x8a0
[   40.307974]  __sys_sendmsg+0xe5/0x210
[   40.307978]  SyS_sendmsg+0x2d/0x50
[   40.307983]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   40.307986] 
[   40.307988] Freed by task 1602:
[   40.307993]  save_stack+0x43/0xd0
[   40.307997]  kasan_slab_free+0x71/0xc0
[   40.308004]  kfree+0xca/0x250
[   40.308009]  skb_free_head+0x74/0xb0
[   40.308014]  skb_release_data+0x58c/0x790
[   40.308018]  skb_release_all+0x4a/0x60
[   40.308023]  consume_skb+0x153/0x490
[   40.308028]  skb_free_datagram+0x1a/0xe0
[   40.308035]  unix_dgram_recvmsg+0xd12/0x1990
[   40.308039]  sock_recvmsg+0xc9/0x110
[   40.308044]  SYSC_recvfrom+0x2dc/0x570
[   40.308049]  SyS_recvfrom+0x40/0x50
[   40.308053]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   40.308056] 
[   40.308060] The buggy address belongs to the object at ffff8801c4e35580
[   40.308060]  which belongs to the cache kmalloc-512 of size 512
[   40.308064] The buggy address is located 24 bytes inside of
[   40.308064]  512-byte region [ffff8801c4e35580, ffff8801c4e35780)
[   40.308067] The buggy address belongs to the page:
[   40.308073] page:00000000bd76466e count:1 mapcount:0 mapping:000000000400a193 index:0x0
[   40.308080] flags: 0x2fffc0000000100(slab)
[   40.308088] raw: 02fffc0000000100 ffff8801c4e35080 0000000000000000 0000000100000006
[   40.308093] raw: ffffea0007135f60 ffffea00071023a0 ffff8801db000940 0000000000000000
[   40.308097] page dumped because: kasan: bad access detected
[   40.308099] 
[   40.308102] Memory state around the buggy address:
[   40.308107]  ffff8801c4e35680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.308111]  ffff8801c4e35700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.308116] >ffff8801c4e35780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.308118]                    ^
[   40.308123]  ffff8801c4e35800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.308127]  ffff8801c4e35880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.308130] ==================================================================
[   40.308132] Disabling lock debugging due to kernel taint
[   40.308145] Kernel panic - not syncing: panic_on_warn set ...
[   40.308145] 
[   40.308149] CPU: 1 PID: 3158 Comm: syzkaller209000 Tainted: G    B            4.15.0-rc3+ #217
[   40.308151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.308152] Call Trace:
[   40.308156]  dump_stack+0x194/0x257
[   40.308161]  ? arch_local_irq_restore+0x53/0x53
[   40.308168]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   40.308172]  ? vsnprintf+0x1ed/0x1900
[   40.308176]  ? pfkey_add+0x15b0/0x3270
[   40.308181]  panic+0x1e4/0x41c
[   40.308185]  ? refcount_error_report+0x214/0x214
[   40.308191]  ? add_taint+0x1c/0x50
[   40.308195]  ? add_taint+0x1c/0x50
[   40.308199]  ? pfkey_add+0x1634/0x3270
[   40.308203]  kasan_end_report+0x50/0x50
[   40.308207]  kasan_report+0x144/0x340
[   40.308212]  check_memory_region+0x137/0x190
[   40.308216]  memcpy+0x23/0x50
[   40.308221]  pfkey_add+0x1634/0x3270
[   40.308230]  ? set_ipsecrequest+0x310/0x310
[   40.308235]  ? lock_release+0xda0/0xda0
[   40.308239]  ? set_ipsecrequest+0x310/0x310
[   40.308244]  pfkey_process+0x60b/0x720
[   40.308250]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   40.308253]  ? kasan_check_write+0x14/0x20
[   40.308266]  ? dup_iter+0x192/0x260
[   40.308273]  pfkey_sendmsg+0x4d6/0x9f0
[   40.308279]  ? pfkey_spdget+0xb00/0xb00
[   40.308284]  ? selinux_socket_sendmsg+0x36/0x40
[   40.308288]  ? security_socket_sendmsg+0x89/0xb0
[   40.308292]  ? pfkey_spdget+0xb00/0xb00
[   40.308297]  sock_sendmsg+0xca/0x110
[   40.308302]  ___sys_sendmsg+0x75b/0x8a0
[   40.308309]  ? copy_msghdr_from_user+0x590/0x590
[   40.308313]  ? lock_downgrade+0x980/0x980
[   40.308325]  ? fget_raw+0x20/0x20
[   40.308329]  ? __handle_mm_fault+0x3e20/0x3e20
[   40.308332]  ? vmacache_find+0x5f/0x280
[   40.308339]  ? up_read+0x1a/0x40
[   40.308343]  ? __do_page_fault+0x3d6/0xc90
[   40.308347]  ? get_unused_fd_flags+0x190/0x190
[   40.308354]  ? __fdget+0x18/0x20
[   40.308361]  __sys_sendmsg+0xe5/0x210
[   40.308364]  ? __sys_sendmsg+0xe5/0x210
[   40.308369]  ? SyS_shutdown+0x290/0x290
[   40.308374]  ? __do_page_fault+0xc90/0xc90
[   40.308380]  ? fd_install+0x4d/0x60
[   40.308390]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.308396]  SyS_sendmsg+0x2d/0x50
[   40.308401]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   40.308404] RIP: 0033:0x43ff59
[   40.308406] RSP: 002b:00007ffcab2644d8 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   40.308409] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff59
[   40.308412] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   40.308414] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   40.308416] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018c0
[   40.308418] R13: 0000000000401950 R14: 0000000000000000 R15: 0000000000000000
[   40.329999] Dumping ftrace buffer:
[   40.330002]    (ftrace buffer empty)
[   40.330005] Kernel Offset: disabled
[   41.098676] Rebooting in 86400 seconds..