[....] Starting enhanced syslogd: rsyslogd[   17.277321] audit: type=1400 audit(1520535371.264:5): avc:  denied  { syslog } for  pid=4088 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.844780] audit: type=1400 audit(1520535376.831:6): avc:  denied  { map } for  pid=4228 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts.
executing program
[   29.180314] audit: type=1400 audit(1520535383.167:7): avc:  denied  { map } for  pid=4243 comm="syzkaller780425" path="/root/syzkaller780425472" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   29.185401] ==================================================================
[   29.213658] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x259e/0x3270
[   29.220214] Read of size 4096 at addr ffff8801ae14eac0 by task syzkaller780425/4243
[   29.227983] 
[   29.229588] CPU: 1 PID: 4243 Comm: syzkaller780425 Not tainted 4.16.0-rc4+ #257
[   29.237002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.246326] Call Trace:
[   29.248888]  dump_stack+0x194/0x24d
[   29.252492]  ? arch_local_irq_restore+0x53/0x53
[   29.257136]  ? show_regs_print_info+0x18/0x18
[   29.261607]  ? __lock_is_held+0xb6/0x140
[   29.265644]  ? pfkey_add+0x259e/0x3270
[   29.269505]  print_address_description+0x73/0x250
[   29.274318]  ? pfkey_add+0x259e/0x3270
[   29.278188]  kasan_report+0x23c/0x360
[   29.281963]  check_memory_region+0x137/0x190
[   29.286343]  memcpy+0x23/0x50
[   29.289422]  pfkey_add+0x259e/0x3270
[   29.293116]  ? set_ipsecrequest+0x310/0x310
[   29.297415]  ? lock_release+0xa40/0xa40
[   29.301360]  ? set_ipsecrequest+0x310/0x310
[   29.305656]  pfkey_process+0x67e/0x740
[   29.309521]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   29.314508]  ? kasan_check_write+0x14/0x20
[   29.318734]  ? dup_iter+0x182/0x260
[   29.322340]  pfkey_sendmsg+0x4dc/0xa00
[   29.326203]  ? pfkey_spdget+0xb00/0xb00
[   29.330159]  ? selinux_socket_sendmsg+0x36/0x40
[   29.334804]  ? security_socket_sendmsg+0x89/0xb0
[   29.339532]  ? pfkey_spdget+0xb00/0xb00
[   29.343484]  sock_sendmsg+0xca/0x110
[   29.347180]  ___sys_sendmsg+0x767/0x8b0
[   29.351144]  ? SyS_membarrier+0x700/0x700
[   29.355271]  ? copy_msghdr_from_user+0x590/0x590
[   29.360008]  ? __pmd_alloc+0x4e0/0x4e0
[   29.363888]  ? trace_hardirqs_off+0x10/0x10
[   29.368182]  ? find_held_lock+0x35/0x1d0
[   29.372221]  ? __fget_light+0x2b2/0x3c0
[   29.376170]  ? fget_raw+0x20/0x20
[   29.379600]  ? find_held_lock+0x35/0x1d0
[   29.383641]  ? __do_page_fault+0x5f7/0xc90
[   29.387852]  ? lock_downgrade+0x980/0x980
[   29.391980]  __sys_sendmsg+0xe5/0x210
[   29.395753]  ? __sys_sendmsg+0xe5/0x210
[   29.399699]  ? SyS_shutdown+0x290/0x290
[   29.403653]  ? __do_page_fault+0x3d6/0xc90
[   29.407869]  ? move_addr_to_kernel+0x60/0x60
[   29.412256]  SyS_sendmsg+0x2d/0x50
[   29.415777]  ? __sys_sendmsg+0x210/0x210
[   29.419813]  do_syscall_64+0x281/0x940
[   29.423673]  ? __do_page_fault+0xc90/0xc90
[   29.427879]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   29.433389]  ? syscall_return_slowpath+0x550/0x550
[   29.438291]  ? syscall_return_slowpath+0x2ac/0x550
[   29.443197]  ? retint_user+0x18/0x18
[   29.446887]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.451708]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.456868] RIP: 0033:0x43ffd9
[   29.460030] RSP: 002b:00007ffe013cf238 EFLAGS: 00000213 ORIG_RAX: 000000000000002e
[   29.467709] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ffd9
[   29.474951] RDX: 0000000000000000 RSI: 0000000020196fe4 RDI: 0000000000000003
[   29.482192] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   29.489436] R10: 00000000004002c8 R11: 0000000000000213 R12: 0000000000401900
[   29.496679] R13: 0000000000401990 R14: 0000000000000000 R15: 0000000000000000
[   29.503935] 
[   29.505534] Allocated by task 4243:
[   29.509136]  save_stack+0x43/0xd0
[   29.512559]  kasan_kmalloc+0xad/0xe0
[   29.516243]  __kmalloc_node_track_caller+0x47/0x70
[   29.521143]  __kmalloc_reserve.isra.39+0x41/0xd0
[   29.525867]  __alloc_skb+0x13b/0x780
[   29.529554]  pfkey_sendmsg+0x20f/0xa00
[   29.533411]  sock_sendmsg+0xca/0x110
[   29.537096]  ___sys_sendmsg+0x767/0x8b0
[   29.541039]  __sys_sendmsg+0xe5/0x210
[   29.544809]  SyS_sendmsg+0x2d/0x50
[   29.548321]  do_syscall_64+0x281/0x940
[   29.552180]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.557337] 
[   29.558934] Freed by task 0:
[   29.561917] (stack is not available)
[   29.565599] 
[   29.567200] The buggy address belongs to the object at ffff8801ae14ea80
[   29.567200]  which belongs to the cache kmalloc-512 of size 512
[   29.579826] The buggy address is located 64 bytes inside of
[   29.579826]  512-byte region [ffff8801ae14ea80, ffff8801ae14ec80)
[   29.591580] The buggy address belongs to the page:
[   29.596481] page:ffffea0006b85380 count:1 mapcount:0 mapping:ffff8801ae14e080 index:0x0
[   29.604594] flags: 0x2fffc0000000100(slab)
[   29.608800] raw: 02fffc0000000100 ffff8801ae14e080 0000000000000000 0000000100000006
[   29.616650] raw: ffffea0006bdb4e0 ffff8801dac01748 ffff8801dac00940 0000000000000000
[   29.624498] page dumped because: kasan: bad access detected
[   29.630189] 
[   29.631786] Memory state around the buggy address:
[   29.636684]  ffff8801ae14eb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.644016]  ffff8801ae14ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.651350] >ffff8801ae14ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.658675]                    ^
[   29.662012]  ffff8801ae14ed00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.669346]  ffff8801ae14ed80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.676673] ==================================================================
[   29.684002] Disabling lock debugging due to kernel taint
[   29.689607] Kernel panic - not syncing: panic_on_warn set ...
[   29.689607] 
[   29.696977] CPU: 1 PID: 4243 Comm: syzkaller780425 Tainted: G    B            4.16.0-rc4+ #257
[   29.705710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.715034] Call Trace:
[   29.717597]  dump_stack+0x194/0x24d
[   29.721203]  ? arch_local_irq_restore+0x53/0x53
[   29.725845]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   29.730569]  ? vsnprintf+0x1ed/0x1900
[   29.734339]  ? pfkey_add+0x2520/0x3270
[   29.738197]  panic+0x1e4/0x41c
[   29.741359]  ? refcount_error_report+0x214/0x214
[   29.746095]  ? add_taint+0x1c/0x50
[   29.749609]  ? add_taint+0x1c/0x50
[   29.753123]  ? pfkey_add+0x259e/0x3270
[   29.756981]  kasan_end_report+0x50/0x50
[   29.760922]  kasan_report+0x149/0x360
[   29.764693]  check_memory_region+0x137/0x190
[   29.769069]  memcpy+0x23/0x50
[   29.772146]  pfkey_add+0x259e/0x3270
[   29.775843]  ? set_ipsecrequest+0x310/0x310
[   29.780140]  ? lock_release+0xa40/0xa40
[   29.784083]  ? set_ipsecrequest+0x310/0x310
[   29.788376]  pfkey_process+0x67e/0x740
[   29.792236]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   29.797245]  ? kasan_check_write+0x14/0x20
[   29.801480]  ? dup_iter+0x182/0x260
[   29.805090]  pfkey_sendmsg+0x4dc/0xa00
[   29.808962]  ? pfkey_spdget+0xb00/0xb00
[   29.812910]  ? selinux_socket_sendmsg+0x36/0x40
[   29.817556]  ? security_socket_sendmsg+0x89/0xb0
[   29.822290]  ? pfkey_spdget+0xb00/0xb00
[   29.826238]  sock_sendmsg+0xca/0x110
[   29.829929]  ___sys_sendmsg+0x767/0x8b0
[   29.833877]  ? SyS_membarrier+0x700/0x700
[   29.838003]  ? copy_msghdr_from_user+0x590/0x590
[   29.842746]  ? __pmd_alloc+0x4e0/0x4e0
[   29.846609]  ? trace_hardirqs_off+0x10/0x10
[   29.850910]  ? find_held_lock+0x35/0x1d0
[   29.854944]  ? __fget_light+0x2b2/0x3c0
[   29.858889]  ? fget_raw+0x20/0x20
[   29.862318]  ? find_held_lock+0x35/0x1d0
[   29.866358]  ? __do_page_fault+0x5f7/0xc90
[   29.870563]  ? lock_downgrade+0x980/0x980
[   29.874687]  __sys_sendmsg+0xe5/0x210
[   29.878460]  ? __sys_sendmsg+0xe5/0x210
[   29.882408]  ? SyS_shutdown+0x290/0x290
[   29.886369]  ? __do_page_fault+0x3d6/0xc90
[   29.890583]  ? move_addr_to_kernel+0x60/0x60
[   29.894970]  SyS_sendmsg+0x2d/0x50
[   29.898481]  ? __sys_sendmsg+0x210/0x210
[   29.902514]  do_syscall_64+0x281/0x940
[   29.906372]  ? __do_page_fault+0xc90/0xc90
[   29.910580]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   29.916095]  ? syscall_return_slowpath+0x550/0x550
[   29.920997]  ? syscall_return_slowpath+0x2ac/0x550
[   29.925905]  ? retint_user+0x18/0x18
[   29.929591]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.934410]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.939571] RIP: 0033:0x43ffd9
[   29.942736] RSP: 002b:00007ffe013cf238 EFLAGS: 00000213 ORIG_RAX: 000000000000002e
[   29.950413] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ffd9
[   29.957668] RDX: 0000000000000000 RSI: 0000000020196fe4 RDI: 0000000000000003
[   29.964912] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   29.972152] R10: 00000000004002c8 R11: 0000000000000213 R12: 0000000000401900
[   29.979392] R13: 0000000000401990 R14: 0000000000000000 R15: 0000000000000000
[   29.987087] Dumping ftrace buffer:
[   29.990606]    (ftrace buffer empty)
[   29.994288] Kernel Offset: disabled
[   29.997889] Rebooting in 86400 seconds..