[....] Starting enhanced syslogd: rsyslogd[   11.033842] audit: type=1400 audit(1513562428.678:5): avc:  denied  { syslog } for  pid=2986 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.502223] audit: type=1400 audit(1513562435.146:6): avc:  denied  { map } for  pid=3128 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-kasan-gce-5,10.128.0.31' (ECDSA) to the list of known hosts.
executing program
[   29.885934] audit: type=1400 audit(1513562447.530:7): avc:  denied  { map } for  pid=3143 comm="syzkaller873809" path="/root/syzkaller873809978" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   29.889181] ==================================================================
[   29.889194] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x1634/0x3270
[   29.889199] Read of size 8192 at addr ffff8801c92f9318 by task syzkaller873809/3143
[   29.889200] 
[   29.889205] CPU: 1 PID: 3143 Comm: syzkaller873809 Not tainted 4.15.0-rc3+ #226
[   29.889207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.889210] Call Trace:
[   29.889218]  dump_stack+0x194/0x257
[   29.889226]  ? arch_local_irq_restore+0x53/0x53
[   29.889233]  ? show_regs_print_info+0x18/0x18
[   29.889238]  ? __lock_is_held+0xb6/0x140
[   29.889247]  ? pfkey_add+0x1634/0x3270
[   29.889255]  print_address_description+0x73/0x250
[   29.889260]  ? pfkey_add+0x1634/0x3270
[   29.889265]  kasan_report+0x25b/0x340
[   29.889274]  check_memory_region+0x137/0x190
[   29.889279]  memcpy+0x23/0x50
[   29.889285]  pfkey_add+0x1634/0x3270
[   29.889300]  ? set_ipsecrequest+0x310/0x310
[   29.889307]  ? lock_release+0xa40/0xa40
[   29.889313]  ? set_ipsecrequest+0x310/0x310
[   29.889320]  pfkey_process+0x60b/0x720
[   29.889330]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   29.889334]  ? kasan_check_write+0x14/0x20
[   29.889358]  ? dup_iter+0x172/0x260
[   29.889369]  pfkey_sendmsg+0x4d6/0x9f0
[   29.889378]  ? pfkey_spdget+0xb00/0xb00
[   29.889387]  ? selinux_socket_sendmsg+0x36/0x40
[   29.889393]  ? security_socket_sendmsg+0x89/0xb0
[   29.889397]  ? pfkey_spdget+0xb00/0xb00
[   29.889406]  sock_sendmsg+0xca/0x110
[   29.889417]  ___sys_sendmsg+0x755/0x890
[   29.889431]  ? copy_msghdr_from_user+0x590/0x590
[   29.889442]  ? __do_page_fault+0x5f7/0xc90
[   29.889447]  ? lock_downgrade+0x980/0x980
[   29.889463]  ? fget_raw+0x20/0x20
[   29.889469]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   29.889474]  ? vmacache_find+0x5f/0x280
[   29.889488]  ? up_read+0x1a/0x40
[   29.889494]  ? __do_page_fault+0x3d6/0xc90
[   29.889503]  ? get_unused_fd_flags+0x190/0x190
[   29.889515]  ? __fdget+0x18/0x20
[   29.889525]  __sys_sendmsg+0xe5/0x210
[   29.889529]  ? __sys_sendmsg+0xe5/0x210
[   29.889535]  ? SyS_shutdown+0x290/0x290
[   29.889542]  ? __do_page_fault+0xc90/0xc90
[   29.889553]  ? fd_install+0x4d/0x60
[   29.889575]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   29.889585]  SyS_sendmsg+0x2d/0x50
[   29.889593]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   29.889597] RIP: 0033:0x43ff39
[   29.889600] RSP: 002b:00007fff07817d28 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   29.889605] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ff39
[   29.889608] RDX: 0000000000000000 RSI: 0000000020cbd000 RDI: 0000000000000003
[   29.889610] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   29.889613] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018a0
[   29.889615] R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000
[   29.889632] 
[   29.889634] Allocated by task 3143:
[   29.889638]  save_stack+0x43/0xd0
[   29.889641]  kasan_kmalloc+0xad/0xe0
[   29.889649]  __kmalloc_node_track_caller+0x47/0x70
[   29.889653]  __kmalloc_reserve.isra.41+0x41/0xd0
[   29.889657]  __alloc_skb+0x13b/0x780
[   29.889660]  pfkey_sendmsg+0x20f/0x9f0
[   29.889663]  sock_sendmsg+0xca/0x110
[   29.889667]  ___sys_sendmsg+0x755/0x890
[   29.889670]  __sys_sendmsg+0xe5/0x210
[   29.889674]  SyS_sendmsg+0x2d/0x50
[   29.889677]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   29.889678] 
[   29.889680] Freed by task 1602:
[   29.889683]  save_stack+0x43/0xd0
[   29.889686]  kasan_slab_free+0x71/0xc0
[   29.889690]  kfree+0xca/0x250
[   29.889693]  skb_free_head+0x74/0xb0
[   29.889697]  skb_release_data+0x58c/0x790
[   29.889700]  skb_release_all+0x4a/0x60
[   29.889704]  consume_skb+0x153/0x490
[   29.889708]  skb_free_datagram+0x1a/0xe0
[   29.889713]  unix_dgram_recvmsg+0xd12/0x1990
[   29.889717]  sock_recvmsg+0xc9/0x110
[   29.889720]  SYSC_recvfrom+0x2d6/0x570
[   29.889724]  SyS_recvfrom+0x40/0x50
[   29.889727]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   29.889728] 
[   29.889731] The buggy address belongs to the object at ffff8801c92f9300
[   29.889731]  which belongs to the cache kmalloc-512 of size 512
[   29.889737] The buggy address is located 24 bytes inside of
[   29.889737]  512-byte region [ffff8801c92f9300, ffff8801c92f9500)
[   29.889738] The buggy address belongs to the page:
[   29.889742] page:00000000b5be736a count:1 mapcount:0 mapping:0000000006837acf index:0x0
[   29.889750] flags: 0x2fffc0000000100(slab)
[   29.889758] raw: 02fffc0000000100 ffff8801c92f9080 0000000000000000 0000000100000006
[   29.889763] raw: ffffea000728dd20 ffffea0007214d60 ffff8801db000940 0000000000000000
[   29.889765] page dumped because: kasan: bad access detected
[   29.889766] 
[   29.889767] Memory state around the buggy address:
[   29.889770]  ffff8801c92f9400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.889773]  ffff8801c92f9480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.889776] >ffff8801c92f9500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.889778]                    ^
[   29.889781]  ffff8801c92f9580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.889784]  ffff8801c92f9600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.889785] ==================================================================
[   29.889787] Disabling lock debugging due to kernel taint
[   29.889789] Kernel panic - not syncing: panic_on_warn set ...
[   29.889789] 
[   29.889793] CPU: 1 PID: 3143 Comm: syzkaller873809 Tainted: G    B            4.15.0-rc3+ #226
[   29.889795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.889796] Call Trace:
[   29.889802]  dump_stack+0x194/0x257
[   29.889807]  ? arch_local_irq_restore+0x53/0x53
[   29.889811]  ? kasan_end_report+0x32/0x50
[   29.889815]  ? lock_downgrade+0x980/0x980
[   29.889819]  ? vsnprintf+0x1ed/0x1900
[   29.889823]  ? pfkey_add+0x1560/0x3270
[   29.889828]  panic+0x1e4/0x41c
[   29.889834]  ? refcount_error_report+0x214/0x214
[   29.889840]  ? add_taint+0x40/0x50
[   29.889847]  ? add_taint+0x1c/0x50
[   29.889854]  ? pfkey_add+0x1634/0x3270
[   29.889858]  kasan_end_report+0x50/0x50
[   29.889861]  kasan_report+0x144/0x340
[   29.889867]  check_memory_region+0x137/0x190
[   29.889871]  memcpy+0x23/0x50
[   29.889875]  pfkey_add+0x1634/0x3270
[   29.889884]  ? set_ipsecrequest+0x310/0x310
[   29.889889]  ? lock_release+0xa40/0xa40
[   29.889893]  ? set_ipsecrequest+0x310/0x310
[   29.889898]  pfkey_process+0x60b/0x720
[   29.889905]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   29.889908]  ? kasan_check_write+0x14/0x20
[   29.889921]  ? dup_iter+0x172/0x260
[   29.889928]  pfkey_sendmsg+0x4d6/0x9f0
[   29.889933]  ? pfkey_spdget+0xb00/0xb00
[   29.889939]  ? selinux_socket_sendmsg+0x36/0x40
[   29.889944]  ? security_socket_sendmsg+0x89/0xb0
[   29.889947]  ? pfkey_spdget+0xb00/0xb00
[   29.889952]  sock_sendmsg+0xca/0x110
[   29.889957]  ___sys_sendmsg+0x755/0x890
[   29.889964]  ? copy_msghdr_from_user+0x590/0x590
[   29.889973]  ? __do_page_fault+0x5f7/0xc90
[   29.889978]  ? lock_downgrade+0x980/0x980
[   29.889990]  ? fget_raw+0x20/0x20
[   29.889995]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   29.889998]  ? vmacache_find+0x5f/0x280
[   29.890008]  ? up_read+0x1a/0x40
[   29.890016]  ? __do_page_fault+0x3d6/0xc90
[   29.890020]  ? get_unused_fd_flags+0x190/0x190
[   29.890027]  ? __fdget+0x18/0x20
[   29.890034]  __sys_sendmsg+0xe5/0x210
[   29.890037]  ? __sys_sendmsg+0xe5/0x210
[   29.890042]  ? SyS_shutdown+0x290/0x290
[   29.890047]  ? __do_page_fault+0xc90/0xc90
[   29.890053]  ? fd_install+0x4d/0x60
[   29.890068]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   29.890075]  SyS_sendmsg+0x2d/0x50
[   29.890084]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   29.890087] RIP: 0033:0x43ff39
[   29.890090] RSP: 002b:00007fff07817d28 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   29.890094] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ff39
[   29.890096] RDX: 0000000000000000 RSI: 0000000020cbd000 RDI: 0000000000000003
[   29.890098] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   29.890100] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018a0
[   29.890102] R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000
[   29.911859] Dumping ftrace buffer:
[   29.911863]    (ftrace buffer empty)
[   29.911865] Kernel Offset: disabled
[   30.681179] Rebooting in 86400 seconds..