[....] Starting enhanced syslogd: rsyslogd[   11.406045] audit: type=1400 audit(1514506919.941:5): avc:  denied  { syslog } for  pid=2999 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   16.347909] audit: type=1400 audit(1514506924.883:6): avc:  denied  { map } for  pid=3138 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.223' (ECDSA) to the list of known hosts.
executing program
[   22.537265] audit: type=1400 audit(1514506931.073:7): avc:  denied  { map } for  pid=3152 comm="syzkaller702871" path="/root/syzkaller702871058" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   22.542278] ==================================================================
[   22.542297] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x259e/0x3270
[   22.542304] Read of size 8192 at addr ffff8801c9af6598 by task syzkaller702871/3152
[   22.542306] 
[   22.542314] CPU: 0 PID: 3152 Comm: syzkaller702871 Not tainted 4.15.0-rc4-mm1+ #49
[   22.542318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.542321] Call Trace:
[   22.542332]  dump_stack+0x194/0x257
[   22.542344]  ? arch_local_irq_restore+0x53/0x53
[   22.542354]  ? show_regs_print_info+0x18/0x18
[   22.542360]  ? __lock_is_held+0xb6/0x140
[   22.542375]  ? pfkey_add+0x259e/0x3270
[   22.542388]  print_address_description+0x73/0x250
[   22.542395]  ? pfkey_add+0x259e/0x3270
[   22.542405]  kasan_report+0x23b/0x360
[   22.542419]  check_memory_region+0x137/0x190
[   22.542428]  memcpy+0x23/0x50
[   22.542438]  pfkey_add+0x259e/0x3270
[   22.542462]  ? set_ipsecrequest+0x310/0x310
[   22.542474]  ? lock_release+0xa40/0xa40
[   22.542483]  ? set_ipsecrequest+0x310/0x310
[   22.542495]  pfkey_process+0x60b/0x720
[   22.542511]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   22.542517]  ? kasan_check_write+0x14/0x20
[   22.542556]  ? dup_iter+0x1a2/0x260
[   22.542575]  pfkey_sendmsg+0x4d6/0x9f0
[   22.542589]  ? pfkey_spdget+0xb00/0xb00
[   22.542601]  ? selinux_socket_sendmsg+0x36/0x40
[   22.542611]  ? security_socket_sendmsg+0x89/0xb0
[   22.542624]  ? pfkey_spdget+0xb00/0xb00
[   22.542638]  sock_sendmsg+0xca/0x110
[   22.542650]  ___sys_sendmsg+0x767/0x8b0
[   22.542666]  ? copy_msghdr_from_user+0x590/0x590
[   22.542687]  ? __do_page_fault+0x5f7/0xc90
[   22.542697]  ? lock_downgrade+0x980/0x980
[   22.542715]  ? __fget_light+0x297/0x380
[   22.542725]  ? fget_raw+0x20/0x20
[   22.542735]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   22.542740]  ? vmacache_find+0x5f/0x280
[   22.542759]  ? up_read+0x1a/0x40
[   22.542767]  ? __do_page_fault+0x3d6/0xc90
[   22.542773]  ? get_unused_fd_flags+0x190/0x190
[   22.542791]  ? __fdget+0x18/0x20
[   22.542807]  __sys_sendmsg+0xe5/0x210
[   22.542813]  ? __sys_sendmsg+0xe5/0x210
[   22.542825]  ? SyS_shutdown+0x290/0x290
[   22.542836]  ? __do_page_fault+0xc90/0xc90
[   22.542849]  ? fd_install+0x4d/0x60
[   22.542875]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   22.542892]  SyS_sendmsg+0x2d/0x50
[   22.542904]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   22.542910] RIP: 0033:0x43ff39
[   22.542914] RSP: 002b:00007ffd9f84cc98 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   22.542921] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff39
[   22.542925] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   22.542929] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   22.542933] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018a0
[   22.542936] R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000
[   22.542964] 
[   22.542967] Allocated by task 3152:
[   22.542973]  save_stack+0x43/0xd0
[   22.542978]  kasan_kmalloc+0xad/0xe0
[   22.542984]  __kmalloc_node_track_caller+0x47/0x70
[   22.542990]  __kmalloc_reserve.isra.41+0x41/0xd0
[   22.542996]  __alloc_skb+0x13b/0x780
[   22.543004]  pfkey_sendmsg+0x20f/0x9f0
[   22.543010]  sock_sendmsg+0xca/0x110
[   22.543015]  ___sys_sendmsg+0x767/0x8b0
[   22.543021]  __sys_sendmsg+0xe5/0x210
[   22.543027]  SyS_sendmsg+0x2d/0x50
[   22.543032]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   22.543034] 
[   22.543037] Freed by task 1607:
[   22.543042]  save_stack+0x43/0xd0
[   22.543048]  kasan_slab_free+0x71/0xc0
[   22.543053]  kfree+0xd6/0x260
[   22.543058]  skb_free_head+0x74/0xb0
[   22.543063]  skb_release_data+0x58c/0x790
[   22.543069]  skb_release_all+0x4a/0x60
[   22.543075]  consume_skb+0x153/0x490
[   22.543081]  skb_free_datagram+0x1a/0xe0
[   22.543088]  unix_dgram_recvmsg+0xd12/0x1990
[   22.543093]  sock_recvmsg+0xc9/0x110
[   22.543099]  SYSC_recvfrom+0x2e5/0x5a0
[   22.543105]  SyS_recvfrom+0x40/0x50
[   22.543111]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   22.543112] 
[   22.543117] The buggy address belongs to the object at ffff8801c9af6580
[   22.543117]  which belongs to the cache kmalloc-512 of size 512
[   22.543122] The buggy address is located 24 bytes inside of
[   22.543122]  512-byte region [ffff8801c9af6580, ffff8801c9af6780)
[   22.543124] The buggy address belongs to the page:
[   22.543129] page:ffffea000726bd80 count:1 mapcount:0 mapping:ffff8801c9af6080 index:0x0
[   22.543135] flags: 0x2fffc0000000100(slab)
[   22.543144] raw: 02fffc0000000100 ffff8801c9af6080 0000000000000000 0000000100000006
[   22.543152] raw: ffffea000726b520 ffffea000726a2e0 ffff8801dac00940 0000000000000000
[   22.543155] page dumped because: kasan: bad access detected
[   22.543156] 
[   22.543158] Memory state around the buggy address:
[   22.543164]  ffff8801c9af6680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.543169]  ffff8801c9af6700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.543174] >ffff8801c9af6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.543176]                    ^
[   22.543181]  ffff8801c9af6800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.543186]  ffff8801c9af6880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.543188] ==================================================================
[   22.543191] Disabling lock debugging due to kernel taint
[   22.543205] Kernel panic - not syncing: panic_on_warn set ...
[   22.543205] 
[   22.543211] CPU: 0 PID: 3152 Comm: syzkaller702871 Tainted: G    B            4.15.0-rc4-mm1+ #49
[   22.543214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.543216] Call Trace:
[   22.543222]  dump_stack+0x194/0x257
[   22.543230]  ? arch_local_irq_restore+0x53/0x53
[   22.543239]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   22.543247]  ? vsnprintf+0x1ed/0x1900
[   22.543254]  ? pfkey_add+0x24e0/0x3270
[   22.543262]  panic+0x1e4/0x41c
[   22.543269]  ? refcount_error_report+0x214/0x214
[   22.543278]  ? add_taint+0x1c/0x50
[   22.543285]  ? add_taint+0x1c/0x50
[   22.543292]  ? pfkey_add+0x259e/0x3270
[   22.543299]  kasan_end_report+0x50/0x50
[   22.543305]  kasan_report+0x148/0x360
[   22.543315]  check_memory_region+0x137/0x190
[   22.543322]  memcpy+0x23/0x50
[   22.543329]  pfkey_add+0x259e/0x3270
[   22.543343]  ? set_ipsecrequest+0x310/0x310
[   22.543351]  ? lock_release+0xa40/0xa40
[   22.543358]  ? set_ipsecrequest+0x310/0x310
[   22.543366]  pfkey_process+0x60b/0x720
[   22.543377]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   22.543382]  ? kasan_check_write+0x14/0x20
[   22.543403]  ? dup_iter+0x1a2/0x260
[   22.543414]  pfkey_sendmsg+0x4d6/0x9f0
[   22.543423]  ? pfkey_spdget+0xb00/0xb00
[   22.543431]  ? selinux_socket_sendmsg+0x36/0x40
[   22.543439]  ? security_socket_sendmsg+0x89/0xb0
[   22.543445]  ? pfkey_spdget+0xb00/0xb00
[   22.543453]  sock_sendmsg+0xca/0x110
[   22.543461]  ___sys_sendmsg+0x767/0x8b0
[   22.543472]  ? copy_msghdr_from_user+0x590/0x590
[   22.543484]  ? __do_page_fault+0x5f7/0xc90
[   22.543491]  ? lock_downgrade+0x980/0x980
[   22.543502]  ? __fget_light+0x297/0x380
[   22.543509]  ? fget_raw+0x20/0x20
[   22.543516]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   22.543521]  ? vmacache_find+0x5f/0x280
[   22.543532]  ? up_read+0x1a/0x40
[   22.543539]  ? __do_page_fault+0x3d6/0xc90
[   22.543544]  ? get_unused_fd_flags+0x190/0x190
[   22.543555]  ? __fdget+0x18/0x20
[   22.543565]  __sys_sendmsg+0xe5/0x210
[   22.543571]  ? __sys_sendmsg+0xe5/0x210
[   22.543579]  ? SyS_shutdown+0x290/0x290
[   22.543587]  ? __do_page_fault+0xc90/0xc90
[   22.543596]  ? fd_install+0x4d/0x60
[   22.543611]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   22.543627]  SyS_sendmsg+0x2d/0x50
[   22.543635]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   22.543639] RIP: 0033:0x43ff39
[   22.543642] RSP: 002b:00007ffd9f84cc98 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   22.543648] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff39
[   22.543651] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   22.543655] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   22.543658] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018a0
[   22.543661] R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000
[   22.563627] Dumping ftrace buffer:
[   22.563630]    (ftrace buffer empty)
[   22.563633] Kernel Offset: disabled
[   23.338778] Rebooting in 86400 seconds..