[....] Starting enhanced syslogd: rsyslogd[   11.727986] audit: type=1400 audit(1513905501.147:5): avc:  denied  { syslog } for  pid=3007 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   16.519952] audit: type=1400 audit(1513905505.939:6): avc:  denied  { map } for  pid=3148 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-next-kasan-gce-9,10.128.0.28' (ECDSA) to the list of known hosts.
executing program
[   22.761304] audit: type=1400 audit(1513905512.180:7): avc:  denied  { map } for  pid=3162 comm="syzkaller927435" path="/root/syzkaller927435178" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   22.768034] ==================================================================
[   22.768062] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x259e/0x3270
[   22.768070] Read of size 6144 at addr ffff8801c9696098 by task syzkaller927435/3162
[   22.768072] 
[   22.768082] CPU: 1 PID: 3162 Comm: syzkaller927435 Not tainted 4.15.0-rc4-next-20171221+ #78
[   22.768086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.768089] Call Trace:
[   22.768102]  dump_stack+0x194/0x257
[   22.768116]  ? arch_local_irq_restore+0x53/0x53
[   22.768129]  ? show_regs_print_info+0x18/0x18
[   22.768137]  ? __lock_is_held+0xb6/0x140
[   22.768153]  ? pfkey_add+0x259e/0x3270
[   22.768168]  print_address_description+0x73/0x250
[   22.768176]  ? pfkey_add+0x259e/0x3270
[   22.768187]  kasan_report+0x25b/0x340
[   22.768203]  check_memory_region+0x137/0x190
[   22.768213]  memcpy+0x23/0x50
[   22.768224]  pfkey_add+0x259e/0x3270
[   22.768251]  ? set_ipsecrequest+0x310/0x310
[   22.768264]  ? lock_release+0xa40/0xa40
[   22.768274]  ? set_ipsecrequest+0x310/0x310
[   22.768287]  pfkey_process+0x60b/0x720
[   22.768306]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   22.768312]  ? kasan_check_write+0x14/0x20
[   22.768356]  ? dup_iter+0x192/0x260
[   22.768376]  pfkey_sendmsg+0x4d6/0x9f0
[   22.768392]  ? pfkey_spdget+0xb00/0xb00
[   22.768406]  ? selinux_socket_sendmsg+0x36/0x40
[   22.768417]  ? security_socket_sendmsg+0x89/0xb0
[   22.768425]  ? pfkey_spdget+0xb00/0xb00
[   22.768439]  sock_sendmsg+0xca/0x110
[   22.768453]  ___sys_sendmsg+0x767/0x8b0
[   22.768470]  ? copy_msghdr_from_user+0x590/0x590
[   22.768493]  ? __do_page_fault+0x5f7/0xc90
[   22.768504]  ? lock_downgrade+0x980/0x980
[   22.768524]  ? __fget_light+0x297/0x380
[   22.768535]  ? fget_raw+0x20/0x20
[   22.768546]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   22.768552]  ? vmacache_find+0x5f/0x280
[   22.768572]  ? up_read+0x1a/0x40
[   22.768581]  ? __do_page_fault+0x3d6/0xc90
[   22.768587]  ? get_unused_fd_flags+0x190/0x190
[   22.768612]  ? __fdget+0x18/0x20
[   22.768629]  __sys_sendmsg+0xe5/0x210
[   22.768636]  ? __sys_sendmsg+0xe5/0x210
[   22.768648]  ? SyS_shutdown+0x290/0x290
[   22.768661]  ? __do_page_fault+0xc90/0xc90
[   22.768676]  ? fd_install+0x4d/0x60
[   22.768704]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   22.768723]  SyS_sendmsg+0x2d/0x50
[   22.768736]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   22.768743] RIP: 0033:0x43fea9
[   22.768747] RSP: 002b:00007ffd0e6cf818 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   22.768755] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043fea9
[   22.768760] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   22.768764] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   22.768768] R10: 0000000000000000 R11: 0000000000000203 R12: 0000000000401810
[   22.768772] R13: 00000000004018a0 R14: 0000000000000000 R15: 0000000000000000
[   22.768802] 
[   22.768806] Allocated by task 3162:
[   22.768815]  save_stack+0x43/0xd0
[   22.768821]  kasan_kmalloc+0xad/0xe0
[   22.768827]  __kmalloc_node_track_caller+0x47/0x70
[   22.768834]  __kmalloc_reserve.isra.41+0x41/0xd0
[   22.768840]  __alloc_skb+0x13b/0x780
[   22.768845]  pfkey_sendmsg+0x20f/0x9f0
[   22.768851]  sock_sendmsg+0xca/0x110
[   22.768857]  ___sys_sendmsg+0x767/0x8b0
[   22.768864]  __sys_sendmsg+0xe5/0x210
[   22.768870]  SyS_sendmsg+0x2d/0x50
[   22.768876]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   22.768878] 
[   22.768881] Freed by task 1607:
[   22.768887]  save_stack+0x43/0xd0
[   22.768893]  kasan_slab_free+0x71/0xc0
[   22.768898]  kfree+0xd6/0x260
[   22.768905]  kernfs_fop_release+0x13f/0x180
[   22.768912]  __fput+0x327/0x7e0
[   22.768917]  ____fput+0x15/0x20
[   22.768925]  task_work_run+0x199/0x270
[   22.768933]  exit_to_usermode_loop+0x275/0x2f0
[   22.768939]  syscall_return_slowpath+0x490/0x550
[   22.768946]  entry_SYSCALL_64_fastpath+0x94/0x96
[   22.768947] 
[   22.768952] The buggy address belongs to the object at ffff8801c9696080
[   22.768952]  which belongs to the cache kmalloc-512 of size 512
[   22.768958] The buggy address is located 24 bytes inside of
[   22.768958]  512-byte region [ffff8801c9696080, ffff8801c9696280)
[   22.768961] The buggy address belongs to the page:
[   22.768968] page:00000000e46e053a count:1 mapcount:0 mapping:000000003d417f43 index:0x0
[   22.768975] flags: 0x2fffc0000000100(slab)
[   22.768985] raw: 02fffc0000000100 ffff8801c9696080 0000000000000000 0000000100000006
[   22.768994] raw: ffffea000722aa60 ffffea00072531e0 ffff8801dac00940 0000000000000000
[   22.768997] page dumped because: kasan: bad access detected
[   22.768999] 
[   22.769001] Memory state around the buggy address:
[   22.769007]  ffff8801c9696180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.769012]  ffff8801c9696200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   22.769018] >ffff8801c9696280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.769020]                    ^
[   22.769026]  ffff8801c9696300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.769031]  ffff8801c9696380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.769034] ==================================================================
[   22.769036] Disabling lock debugging due to kernel taint
[   22.769056] Kernel panic - not syncing: panic_on_warn set ...
[   22.769056] 
[   22.769063] CPU: 1 PID: 3162 Comm: syzkaller927435 Tainted: G    B            4.15.0-rc4-next-20171221+ #78
[   22.769066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.769068] Call Trace:
[   22.769075]  dump_stack+0x194/0x257
[   22.769084]  ? arch_local_irq_restore+0x53/0x53
[   22.769093]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   22.769102]  ? vsnprintf+0x1ed/0x1900
[   22.769110]  ? pfkey_add+0x24e0/0x3270
[   22.769118]  panic+0x1e4/0x41c
[   22.769126]  ? refcount_error_report+0x214/0x214
[   22.769136]  ? add_taint+0x1c/0x50
[   22.769144]  ? add_taint+0x1c/0x50
[   22.769152]  ? pfkey_add+0x259e/0x3270
[   22.769159]  kasan_end_report+0x50/0x50
[   22.769166]  kasan_report+0x144/0x340
[   22.769177]  check_memory_region+0x137/0x190
[   22.769184]  memcpy+0x23/0x50
[   22.769192]  pfkey_add+0x259e/0x3270
[   22.769208]  ? set_ipsecrequest+0x310/0x310
[   22.769217]  ? lock_release+0xa40/0xa40
[   22.769224]  ? set_ipsecrequest+0x310/0x310
[   22.769233]  pfkey_process+0x60b/0x720
[   22.769244]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   22.769250]  ? kasan_check_write+0x14/0x20
[   22.769273]  ? dup_iter+0x192/0x260
[   22.769285]  pfkey_sendmsg+0x4d6/0x9f0
[   22.769295]  ? pfkey_spdget+0xb00/0xb00
[   22.769304]  ? selinux_socket_sendmsg+0x36/0x40
[   22.769312]  ? security_socket_sendmsg+0x89/0xb0
[   22.769319]  ? pfkey_spdget+0xb00/0xb00
[   22.769328]  sock_sendmsg+0xca/0x110
[   22.769337]  ___sys_sendmsg+0x767/0x8b0
[   22.769349]  ? copy_msghdr_from_user+0x590/0x590
[   22.769362]  ? __do_page_fault+0x5f7/0xc90
[   22.769370]  ? lock_downgrade+0x980/0x980
[   22.769382]  ? __fget_light+0x297/0x380
[   22.769390]  ? fget_raw+0x20/0x20
[   22.769397]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   22.769402]  ? vmacache_find+0x5f/0x280
[   22.769413]  ? up_read+0x1a/0x40
[   22.769421]  ? __do_page_fault+0x3d6/0xc90
[   22.769427]  ? get_unused_fd_flags+0x190/0x190
[   22.769439]  ? __fdget+0x18/0x20
[   22.769450]  __sys_sendmsg+0xe5/0x210
[   22.769457]  ? __sys_sendmsg+0xe5/0x210
[   22.769465]  ? SyS_shutdown+0x290/0x290
[   22.769474]  ? __do_page_fault+0xc90/0xc90
[   22.769484]  ? fd_install+0x4d/0x60
[   22.769501]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   22.769513]  SyS_sendmsg+0x2d/0x50
[   22.769522]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   22.769526] RIP: 0033:0x43fea9
[   22.769529] RSP: 002b:00007ffd0e6cf818 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   22.769536] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043fea9
[   22.769540] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   22.769543] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   22.769547] R10: 0000000000000000 R11: 0000000000000203 R12: 0000000000401810
[   22.769551] R13: 00000000004018a0 R14: 0000000000000000 R15: 0000000000000000
[   22.787686] Dumping ftrace buffer:
[   22.787692]    (ftrace buffer empty)
[   22.787695] Kernel Offset: disabled
[   23.554058] Rebooting in 86400 seconds..