[....] Starting enhanced syslogd: rsyslogd[   12.090792] audit: type=1400 audit(1513673184.897:5): avc:  denied  { syslog } for  pid=2993 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   16.738179] audit: type=1400 audit(1513673189.544:6): avc:  denied  { map } for  pid=3132 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-mmots-kasan-gce-5,10.128.0.20' (ECDSA) to the list of known hosts.
executing program
[   23.486878] audit: type=1400 audit(1513673196.293:7): avc:  denied  { map } for  pid=3146 comm="syzkaller723143" path="/root/syzkaller723143984" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   23.492137] ==================================================================
[   23.492161] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x1634/0x3270
[   23.492171] Read of size 8192 at addr ffff8801c539e098 by task syzkaller723143/3146
[   23.492175] 
[   23.492185] CPU: 1 PID: 3146 Comm: syzkaller723143 Not tainted 4.15.0-rc2-mm1+ #39
[   23.492191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.492197] Call Trace:
[   23.492210]  dump_stack+0x194/0x257
[   23.492226]  ? arch_local_irq_restore+0x53/0x53
[   23.492239]  ? show_regs_print_info+0x18/0x18
[   23.492248]  ? __lock_is_held+0xbc/0x140
[   23.492267]  ? pfkey_add+0x1634/0x3270
[   23.492282]  print_address_description+0x73/0x250
[   23.492292]  ? pfkey_add+0x1634/0x3270
[   23.492303]  kasan_report+0x25b/0x340
[   23.492320]  check_memory_region+0x137/0x190
[   23.492331]  memcpy+0x23/0x50
[   23.492344]  pfkey_add+0x1634/0x3270
[   23.492371]  ? set_ipsecrequest+0x310/0x310
[   23.492385]  ? lock_release+0xda0/0xda0
[   23.492397]  ? set_ipsecrequest+0x310/0x310
[   23.492411]  pfkey_process+0x60b/0x720
[   23.492431]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   23.492438]  ? kasan_check_write+0x14/0x20
[   23.492481]  ? dup_iter+0x182/0x260
[   23.492503]  pfkey_sendmsg+0x4d6/0x9f0
[   23.492520]  ? pfkey_spdget+0xb00/0xb00
[   23.492536]  ? selinux_socket_sendmsg+0x36/0x40
[   23.492547]  ? security_socket_sendmsg+0x89/0xb0
[   23.492558]  ? pfkey_spdget+0xb00/0xb00
[   23.492572]  sock_sendmsg+0xca/0x110
[   23.492585]  ___sys_sendmsg+0x75b/0x8a0
[   23.492604]  ? copy_msghdr_from_user+0x590/0x590
[   23.492615]  ? lock_downgrade+0x980/0x980
[   23.492653]  ? fget_raw+0x20/0x20
[   23.492665]  ? __handle_mm_fault+0x3dd0/0x3dd0
[   23.492674]  ? vmacache_find+0x5f/0x280
[   23.492700]  ? up_read+0x1a/0x40
[   23.492713]  ? __do_page_fault+0x3d6/0xc90
[   23.492721]  ? get_unused_fd_flags+0x190/0x190
[   23.492743]  ? __fdget+0x18/0x20
[   23.492761]  __sys_sendmsg+0xe5/0x210
[   23.492769]  ? __sys_sendmsg+0xe5/0x210
[   23.492782]  ? SyS_shutdown+0x290/0x290
[   23.492795]  ? __do_page_fault+0xc90/0xc90
[   23.492812]  ? fd_install+0x4d/0x60
[   23.492841]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.492859]  SyS_sendmsg+0x2d/0x50
[   23.492874]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   23.492883] RIP: 0033:0x43ff39
[   23.492889] RSP: 002b:00007fff55e6f358 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   23.492901] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ff39
[   23.492907] RDX: 0000000000000000 RSI: 0000000020cbd000 RDI: 0000000000000003
[   23.492913] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   23.492919] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018a0
[   23.492925] R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000
[   23.492956] 
[   23.492962] Allocated by task 3146:
[   23.492970]  save_stack+0x43/0xd0
[   23.492977]  kasan_kmalloc+0xad/0xe0
[   23.492986]  __kmalloc_node_track_caller+0x47/0x70
[   23.492994]  __kmalloc_reserve.isra.41+0x41/0xd0
[   23.493004]  __alloc_skb+0x13b/0x780
[   23.493012]  pfkey_sendmsg+0x20f/0x9f0
[   23.493019]  sock_sendmsg+0xca/0x110
[   23.493026]  ___sys_sendmsg+0x75b/0x8a0
[   23.493033]  __sys_sendmsg+0xe5/0x210
[   23.493041]  SyS_sendmsg+0x2d/0x50
[   23.493049]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   23.493053] 
[   23.493058] Freed by task 1684:
[   23.493065]  save_stack+0x43/0xd0
[   23.493072]  kasan_slab_free+0x71/0xc0
[   23.493080]  kfree+0xca/0x250
[   23.493088]  skb_free_head+0x74/0xb0
[   23.493095]  skb_release_data+0x58c/0x790
[   23.493102]  skb_release_all+0x4a/0x60
[   23.493109]  kfree_skb+0x15d/0x4c0
[   23.493118]  unix_stream_connect+0x876/0x1580
[   23.493125]  SYSC_connect+0x20a/0x480
[   23.493133]  SyS_connect+0x24/0x30
[   23.493141]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   23.493144] 
[   23.493151] The buggy address belongs to the object at ffff8801c539e080
[   23.493151]  which belongs to the cache kmalloc-512 of size 512
[   23.493159] The buggy address is located 24 bytes inside of
[   23.493159]  512-byte region [ffff8801c539e080, ffff8801c539e280)
[   23.493163] The buggy address belongs to the page:
[   23.493172] page:000000000dc1a334 count:1 mapcount:0 mapping:0000000024cce1d2 index:0x0
[   23.493182] flags: 0x2fffc0000000100(slab)
[   23.493194] raw: 02fffc0000000100 ffff8801c539e080 0000000000000000 0000000100000006
[   23.493203] raw: ffffea000714e5e0 ffffea0007137920 ffff8801dac00940 0000000000000000
[   23.493208] page dumped because: kasan: bad access detected
[   23.493212] 
[   23.493216] Memory state around the buggy address:
[   23.493224]  ffff8801c539e180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.493231]  ffff8801c539e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.493238] >ffff8801c539e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.493242]                    ^
[   23.493249]  ffff8801c539e300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   23.493256]  ffff8801c539e380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   23.493261] ==================================================================
[   23.493264] Disabling lock debugging due to kernel taint
[   23.493277] Kernel panic - not syncing: panic_on_warn set ...
[   23.493277] 
[   23.493283] CPU: 1 PID: 3146 Comm: syzkaller723143 Tainted: G    B            4.15.0-rc2-mm1+ #39
[   23.493287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.493288] Call Trace:
[   23.493295]  dump_stack+0x194/0x257
[   23.493304]  ? arch_local_irq_restore+0x53/0x53
[   23.493314]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   23.493321]  ? vsnprintf+0x1ed/0x1900
[   23.493328]  ? pfkey_add+0x15f0/0x3270
[   23.493336]  panic+0x1e4/0x41c
[   23.493343]  ? refcount_error_report+0x214/0x214
[   23.493351]  ? add_taint+0x1c/0x50
[   23.493358]  ? add_taint+0x1c/0x50
[   23.493367]  ? pfkey_add+0x1634/0x3270
[   23.493373]  kasan_end_report+0x50/0x50
[   23.493379]  kasan_report+0x144/0x340
[   23.493389]  check_memory_region+0x137/0x190
[   23.493395]  memcpy+0x23/0x50
[   23.493403]  pfkey_add+0x1634/0x3270
[   23.493417]  ? set_ipsecrequest+0x310/0x310
[   23.493425]  ? lock_release+0xda0/0xda0
[   23.493432]  ? set_ipsecrequest+0x310/0x310
[   23.493441]  pfkey_process+0x60b/0x720
[   23.493452]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   23.493457]  ? kasan_check_write+0x14/0x20
[   23.493477]  ? dup_iter+0x182/0x260
[   23.493489]  pfkey_sendmsg+0x4d6/0x9f0
[   23.493499]  ? pfkey_spdget+0xb00/0xb00
[   23.493508]  ? selinux_socket_sendmsg+0x36/0x40
[   23.493515]  ? security_socket_sendmsg+0x89/0xb0
[   23.493521]  ? pfkey_spdget+0xb00/0xb00
[   23.493529]  sock_sendmsg+0xca/0x110
[   23.493537]  ___sys_sendmsg+0x75b/0x8a0
[   23.493547]  ? copy_msghdr_from_user+0x590/0x590
[   23.493554]  ? lock_downgrade+0x980/0x980
[   23.493573]  ? fget_raw+0x20/0x20
[   23.493580]  ? __handle_mm_fault+0x3dd0/0x3dd0
[   23.493585]  ? vmacache_find+0x5f/0x280
[   23.493596]  ? up_read+0x1a/0x40
[   23.493603]  ? __do_page_fault+0x3d6/0xc90
[   23.493609]  ? get_unused_fd_flags+0x190/0x190
[   23.493620]  ? __fdget+0x18/0x20
[   23.493630]  __sys_sendmsg+0xe5/0x210
[   23.493636]  ? __sys_sendmsg+0xe5/0x210
[   23.493643]  ? SyS_shutdown+0x290/0x290
[   23.493651]  ? __do_page_fault+0xc90/0xc90
[   23.493661]  ? fd_install+0x4d/0x60
[   23.493680]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.493690]  SyS_sendmsg+0x2d/0x50
[   23.493699]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   23.493702] RIP: 0033:0x43ff39
[   23.493706] RSP: 002b:00007fff55e6f358 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   23.493712] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ff39
[   23.493716] RDX: 0000000000000000 RSI: 0000000020cbd000 RDI: 0000000000000003
[   23.493719] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   23.493723] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018a0
[   23.493726] R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000
[   23.513566] Dumping ftrace buffer:
[   23.513571]    (ftrace buffer empty)
[   23.513574] Kernel Offset: disabled
[   24.263499] Rebooting in 86400 seconds..