[....] Starting enhanced syslogd: rsyslogd[   11.961087] audit: type=1400 audit(1513022351.405:5): avc:  denied  { syslog } for  pid=3001 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   36.023183] audit: type=1400 audit(1513022375.468:6): avc:  denied  { map } for  pid=3147 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-next-kasan-gce-1,10.128.15.224' (ECDSA) to the list of known hosts.
executing program
[   57.523408] audit: type=1400 audit(1513022396.968:7): avc:  denied  { map } for  pid=3159 comm="syzkaller982359" path="/root/syzkaller982359856" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   57.526830] ==================================================================
[   57.526846] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x1634/0x3270
[   57.526852] Read of size 8192 at addr ffff8801c35e6518 by task syzkaller982359/3159
[   57.526854] 
[   57.526861] CPU: 0 PID: 3159 Comm: syzkaller982359 Not tainted 4.15.0-rc2-next-20171211+ #64
[   57.526865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   57.526868] Call Trace:
[   57.526877]  dump_stack+0x194/0x257
[   57.526887]  ? arch_local_irq_restore+0x53/0x53
[   57.526896]  ? show_regs_print_info+0x18/0x18
[   57.526902]  ? __lock_is_held+0xbc/0x140
[   57.526913]  ? pfkey_add+0x1634/0x3270
[   57.526922]  print_address_description+0x73/0x250
[   57.526929]  ? pfkey_add+0x1634/0x3270
[   57.526936]  kasan_report+0x25b/0x340
[   57.526947]  check_memory_region+0x137/0x190
[   57.526954]  memcpy+0x23/0x50
[   57.526962]  pfkey_add+0x1634/0x3270
[   57.526979]  ? set_ipsecrequest+0x310/0x310
[   57.526988]  ? lock_release+0xda0/0xda0
[   57.526995]  ? set_ipsecrequest+0x310/0x310
[   57.527008]  pfkey_process+0x60b/0x720
[   57.527020]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   57.527024]  ? kasan_check_write+0x14/0x20
[   57.527051]  ? dup_iter+0x242/0x260
[   57.527065]  pfkey_sendmsg+0x4d6/0x9f0
[   57.527075]  ? pfkey_spdget+0xb00/0xb00
[   57.527086]  ? selinux_socket_sendmsg+0x36/0x40
[   57.527093]  ? security_socket_sendmsg+0x89/0xb0
[   57.527099]  ? pfkey_spdget+0xb00/0xb00
[   57.527109]  sock_sendmsg+0xca/0x110
[   57.527117]  ___sys_sendmsg+0x75b/0x8a0
[   57.527129]  ? copy_msghdr_from_user+0x590/0x590
[   57.527136]  ? lock_downgrade+0x980/0x980
[   57.527160]  ? fget_raw+0x20/0x20
[   57.527167]  ? __handle_mm_fault+0x3dd0/0x3dd0
[   57.527174]  ? vmacache_find+0x5f/0x280
[   57.527188]  ? up_read+0x1a/0x40
[   57.527198]  ? __do_page_fault+0x3d6/0xc90
[   57.527203]  ? get_unused_fd_flags+0x190/0x190
[   57.527216]  ? __fdget+0x18/0x20
[   57.527228]  __sys_sendmsg+0xe5/0x210
[   57.527232]  ? __sys_sendmsg+0xe5/0x210
[   57.527240]  ? SyS_shutdown+0x290/0x290
[   57.527248]  ? __do_page_fault+0xc90/0xc90
[   57.527259]  ? fd_install+0x4d/0x60
[   57.527277]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   57.527289]  SyS_sendmsg+0x2d/0x50
[   57.527299]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   57.527304] RIP: 0033:0x43ff59
[   57.527308] RSP: 002b:00007ffdd9d4f108 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   57.527315] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff59
[   57.527319] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   57.527323] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   57.527326] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018c0
[   57.527330] R13: 0000000000401950 R14: 0000000000000000 R15: 0000000000000000
[   57.527350] 
[   57.527353] Allocated by task 3159:
[   57.527358]  save_stack+0x43/0xd0
[   57.527363]  kasan_kmalloc+0xad/0xe0
[   57.527368]  __kmalloc_node_track_caller+0x47/0x70
[   57.527373]  __kmalloc_reserve.isra.41+0x41/0xd0
[   57.527377]  __alloc_skb+0x13b/0x780
[   57.527386]  pfkey_sendmsg+0x20f/0x9f0
[   57.527390]  sock_sendmsg+0xca/0x110
[   57.527394]  ___sys_sendmsg+0x75b/0x8a0
[   57.527399]  __sys_sendmsg+0xe5/0x210
[   57.527403]  SyS_sendmsg+0x2d/0x50
[   57.527408]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   57.527410] 
[   57.527413] Freed by task 1646:
[   57.527417]  save_stack+0x43/0xd0
[   57.527422]  kasan_slab_free+0x71/0xc0
[   57.527426]  kfree+0xca/0x250
[   57.527431]  kernfs_fop_release+0x13f/0x180
[   57.527437]  __fput+0x333/0x7f0
[   57.527441]  ____fput+0x15/0x20
[   57.527448]  task_work_run+0x199/0x270
[   57.527455]  exit_to_usermode_loop+0x275/0x2f0
[   57.527459]  syscall_return_slowpath+0x490/0x550
[   57.527465]  entry_SYSCALL_64_fastpath+0x94/0x96
[   57.527467] 
[   57.527471] The buggy address belongs to the object at ffff8801c35e6500
[   57.527471]  which belongs to the cache kmalloc-512 of size 512
[   57.527476] The buggy address is located 24 bytes inside of
[   57.527476]  512-byte region [ffff8801c35e6500, ffff8801c35e6700)
[   57.527478] The buggy address belongs to the page:
[   57.527483] page:0000000004269175 count:1 mapcount:0 mapping:000000005a9b32ed index:0x0
[   57.527490] flags: 0x2fffc0000000100(slab)
[   57.527498] raw: 02fffc0000000100 ffff8801c35e6000 0000000000000000 0000000100000006
[   57.527503] raw: ffffea00070de460 ffffea00070de5a0 ffff8801dac00940 0000000000000000
[   57.527507] page dumped because: kasan: bad access detected
[   57.527509] 
[   57.527512] Memory state around the buggy address:
[   57.527516]  ffff8801c35e6600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   57.527520]  ffff8801c35e6680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   57.527524] >ffff8801c35e6700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.527527]                    ^
[   57.527531]  ffff8801c35e6780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.527535]  ffff8801c35e6800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.527538] ==================================================================
[   57.527540] Disabling lock debugging due to kernel taint
[   57.527567] Kernel panic - not syncing: panic_on_warn set ...
[   57.527567] 
[   57.527572] CPU: 0 PID: 3159 Comm: syzkaller982359 Tainted: G    B            4.15.0-rc2-next-20171211+ #64
[   57.527573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   57.527575] Call Trace:
[   57.527579]  dump_stack+0x194/0x257
[   57.527585]  ? arch_local_irq_restore+0x53/0x53
[   57.527590]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   57.527596]  ? vsnprintf+0x1ed/0x1900
[   57.527600]  ? pfkey_add+0x1610/0x3270
[   57.527606]  panic+0x1e4/0x41c
[   57.527610]  ? refcount_error_report+0x214/0x214
[   57.527615]  ? add_taint+0x1c/0x50
[   57.527619]  ? add_taint+0x1c/0x50
[   57.527625]  ? pfkey_add+0x1634/0x3270
[   57.527628]  kasan_end_report+0x50/0x50
[   57.527632]  kasan_report+0x144/0x340
[   57.527638]  check_memory_region+0x137/0x190
[   57.527642]  memcpy+0x23/0x50
[   57.527647]  pfkey_add+0x1634/0x3270
[   57.527656]  ? set_ipsecrequest+0x310/0x310
[   57.527661]  ? lock_release+0xda0/0xda0
[   57.527666]  ? set_ipsecrequest+0x310/0x310
[   57.527671]  pfkey_process+0x60b/0x720
[   57.527678]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   57.527681]  ? kasan_check_write+0x14/0x20
[   57.527694]  ? dup_iter+0x242/0x260
[   57.527702]  pfkey_sendmsg+0x4d6/0x9f0
[   57.527708]  ? pfkey_spdget+0xb00/0xb00
[   57.527714]  ? selinux_socket_sendmsg+0x36/0x40
[   57.527718]  ? security_socket_sendmsg+0x89/0xb0
[   57.527722]  ? pfkey_spdget+0xb00/0xb00
[   57.527726]  sock_sendmsg+0xca/0x110
[   57.527731]  ___sys_sendmsg+0x75b/0x8a0
[   57.527738]  ? copy_msghdr_from_user+0x590/0x590
[   57.527742]  ? lock_downgrade+0x980/0x980
[   57.527754]  ? fget_raw+0x20/0x20
[   57.527758]  ? __handle_mm_fault+0x3dd0/0x3dd0
[   57.527762]  ? vmacache_find+0x5f/0x280
[   57.527769]  ? up_read+0x1a/0x40
[   57.527773]  ? __do_page_fault+0x3d6/0xc90
[   57.527777]  ? get_unused_fd_flags+0x190/0x190
[   57.527784]  ? __fdget+0x18/0x20
[   57.527790]  __sys_sendmsg+0xe5/0x210
[   57.527793]  ? __sys_sendmsg+0xe5/0x210
[   57.527798]  ? SyS_shutdown+0x290/0x290
[   57.527803]  ? __do_page_fault+0xc90/0xc90
[   57.527809]  ? fd_install+0x4d/0x60
[   57.527819]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   57.527825]  SyS_sendmsg+0x2d/0x50
[   57.527831]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   57.527833] RIP: 0033:0x43ff59
[   57.527835] RSP: 002b:00007ffdd9d4f108 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   57.527839] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff59
[   57.527841] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   57.527843] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   57.527845] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018c0
[   57.527847] R13: 0000000000401950 R14: 0000000000000000 R15: 0000000000000000
[   57.550092] Dumping ftrace buffer:
[   57.550096]    (ftrace buffer empty)
[   57.550098] Kernel Offset: disabled
[   58.311235] Rebooting in 86400 seconds..