[....] Starting enhanced syslogd: rsyslogd[   12.773795] audit: type=1400 audit(1513202915.896:5): avc:  denied  { syslog } for  pid=2992 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.570745] audit: type=1400 audit(1513202921.693:6): avc:  denied  { map } for  pid=3132 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-mmots-kasan-gce-7,10.128.15.219' (ECDSA) to the list of known hosts.
executing program
[   24.910057] audit: type=1400 audit(1513202928.032:7): avc:  denied  { map } for  pid=3146 comm="syzkaller919950" path="/root/syzkaller919950492" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   24.913358] ==================================================================
[   24.913373] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x1634/0x3270
[   24.913379] Read of size 8192 at addr ffff8801cca92ad8 by task syzkaller919950/3146
[   24.913382] 
[   24.913388] CPU: 1 PID: 3146 Comm: syzkaller919950 Not tainted 4.15.0-rc2-mm1+ #39
[   24.913392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.913395] Call Trace:
[   24.913404]  dump_stack+0x194/0x257
[   24.913414]  ? arch_local_irq_restore+0x53/0x53
[   24.913422]  ? show_regs_print_info+0x18/0x18
[   24.913428]  ? __lock_is_held+0xbc/0x140
[   24.913439]  ? pfkey_add+0x1634/0x3270
[   24.913449]  print_address_description+0x73/0x250
[   24.913455]  ? pfkey_add+0x1634/0x3270
[   24.913463]  kasan_report+0x25b/0x340
[   24.913473]  check_memory_region+0x137/0x190
[   24.913480]  memcpy+0x23/0x50
[   24.913488]  pfkey_add+0x1634/0x3270
[   24.913505]  ? set_ipsecrequest+0x310/0x310
[   24.913514]  ? lock_release+0xda0/0xda0
[   24.913522]  ? set_ipsecrequest+0x310/0x310
[   24.913536]  pfkey_process+0x60b/0x720
[   24.913548]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   24.913553]  ? kasan_check_write+0x14/0x20
[   24.913580]  ? dup_iter+0x182/0x260
[   24.913594]  pfkey_sendmsg+0x4d6/0x9f0
[   24.913604]  ? pfkey_spdget+0xb00/0xb00
[   24.913615]  ? selinux_socket_sendmsg+0x36/0x40
[   24.913623]  ? security_socket_sendmsg+0x89/0xb0
[   24.913629]  ? pfkey_spdget+0xb00/0xb00
[   24.913639]  sock_sendmsg+0xca/0x110
[   24.913648]  ___sys_sendmsg+0x75b/0x8a0
[   24.913659]  ? copy_msghdr_from_user+0x590/0x590
[   24.913666]  ? lock_downgrade+0x980/0x980
[   24.913691]  ? fget_raw+0x20/0x20
[   24.913699]  ? __handle_mm_fault+0x3dd0/0x3dd0
[   24.913705]  ? vmacache_find+0x5f/0x280
[   24.913718]  ? up_read+0x1a/0x40
[   24.913727]  ? __do_page_fault+0x3d6/0xc90
[   24.913732]  ? get_unused_fd_flags+0x190/0x190
[   24.913746]  ? __fdget+0x18/0x20
[   24.913757]  __sys_sendmsg+0xe5/0x210
[   24.913762]  ? __sys_sendmsg+0xe5/0x210
[   24.913770]  ? SyS_shutdown+0x290/0x290
[   24.913778]  ? __do_page_fault+0xc90/0xc90
[   24.913789]  ? fd_install+0x4d/0x60
[   24.913807]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   24.913818]  SyS_sendmsg+0x2d/0x50
[   24.913830]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   24.913835] RIP: 0033:0x43ff59
[   24.913838] RSP: 002b:00007ffd1ef18aa8 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   24.913846] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff59
[   24.913850] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   24.913854] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   24.913858] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018c0
[   24.913862] R13: 0000000000401950 R14: 0000000000000000 R15: 0000000000000000
[   24.913881] 
[   24.913885] Allocated by task 3146:
[   24.913890]  save_stack+0x43/0xd0
[   24.913894]  kasan_kmalloc+0xad/0xe0
[   24.913901]  __kmalloc_node_track_caller+0x47/0x70
[   24.913905]  __kmalloc_reserve.isra.41+0x41/0xd0
[   24.913909]  __alloc_skb+0x13b/0x780
[   24.913914]  pfkey_sendmsg+0x20f/0x9f0
[   24.913918]  sock_sendmsg+0xca/0x110
[   24.913923]  ___sys_sendmsg+0x75b/0x8a0
[   24.913927]  __sys_sendmsg+0xe5/0x210
[   24.913931]  SyS_sendmsg+0x2d/0x50
[   24.913937]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   24.913939] 
[   24.913942] Freed by task 1601:
[   24.913946]  save_stack+0x43/0xd0
[   24.913951]  kasan_slab_free+0x71/0xc0
[   24.913956]  kfree+0xca/0x250
[   24.913961]  skb_free_head+0x74/0xb0
[   24.913965]  skb_release_data+0x58c/0x790
[   24.913969]  skb_release_all+0x4a/0x60
[   24.913973]  consume_skb+0x153/0x490
[   24.913978]  skb_free_datagram+0x1a/0xe0
[   24.913985]  netlink_recvmsg+0x5c6/0x1300
[   24.913989]  sock_recvmsg+0xc9/0x110
[   24.913993]  ___sys_recvmsg+0x29b/0x630
[   24.913997]  __sys_recvmsg+0xe2/0x210
[   24.914004]  SyS_recvmsg+0x2d/0x50
[   24.914009]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   24.914012] 
[   24.914016] The buggy address belongs to the object at ffff8801cca92ac0
[   24.914016]  which belongs to the cache kmalloc-512 of size 512
[   24.914021] The buggy address is located 24 bytes inside of
[   24.914021]  512-byte region [ffff8801cca92ac0, ffff8801cca92cc0)
[   24.914024] The buggy address belongs to the page:
[   24.914030] page:0000000020d1debb count:1 mapcount:0 mapping:000000001d8e8ae8 index:0x0
[   24.914037] flags: 0x2fffc0000000100(slab)
[   24.914044] raw: 02fffc0000000100 ffff8801cca920c0 0000000000000000 0000000100000006
[   24.914050] raw: ffffea00073221a0 ffffea000732aae0 ffff8801dac00940 0000000000000000
[   24.914053] page dumped because: kasan: bad access detected
[   24.914055] 
[   24.914058] Memory state around the buggy address:
[   24.914063]  ffff8801cca92b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.914067]  ffff8801cca92c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.914072] >ffff8801cca92c80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   24.914075]                                            ^
[   24.914079]  ffff8801cca92d00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   24.914083]  ffff8801cca92d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.914086] ==================================================================
[   24.914088] Disabling lock debugging due to kernel taint
[   24.914101] Kernel panic - not syncing: panic_on_warn set ...
[   24.914101] 
[   24.914105] CPU: 1 PID: 3146 Comm: syzkaller919950 Tainted: G    B            4.15.0-rc2-mm1+ #39
[   24.914107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.914108] Call Trace:
[   24.914112]  dump_stack+0x194/0x257
[   24.914118]  ? arch_local_irq_restore+0x53/0x53
[   24.914125]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   24.914131]  ? vsnprintf+0x1ed/0x1900
[   24.914136]  ? pfkey_add+0x15f0/0x3270
[   24.914141]  panic+0x1e4/0x41c
[   24.914145]  ? refcount_error_report+0x214/0x214
[   24.914151]  ? add_taint+0x1c/0x50
[   24.914155]  ? add_taint+0x1c/0x50
[   24.914160]  ? pfkey_add+0x1634/0x3270
[   24.914164]  kasan_end_report+0x50/0x50
[   24.914168]  kasan_report+0x144/0x340
[   24.914174]  check_memory_region+0x137/0x190
[   24.914178]  memcpy+0x23/0x50
[   24.914183]  pfkey_add+0x1634/0x3270
[   24.914193]  ? set_ipsecrequest+0x310/0x310
[   24.914198]  ? lock_release+0xda0/0xda0
[   24.914202]  ? set_ipsecrequest+0x310/0x310
[   24.914208]  pfkey_process+0x60b/0x720
[   24.914215]  ? pfkey_send_new_mapping+0x11b0/0x11b0
[   24.914218]  ? kasan_check_write+0x14/0x20
[   24.914232]  ? dup_iter+0x182/0x260
[   24.914240]  pfkey_sendmsg+0x4d6/0x9f0
[   24.914246]  ? pfkey_spdget+0xb00/0xb00
[   24.914252]  ? selinux_socket_sendmsg+0x36/0x40
[   24.914257]  ? security_socket_sendmsg+0x89/0xb0
[   24.914261]  ? pfkey_spdget+0xb00/0xb00
[   24.914265]  sock_sendmsg+0xca/0x110
[   24.914270]  ___sys_sendmsg+0x75b/0x8a0
[   24.914277]  ? copy_msghdr_from_user+0x590/0x590
[   24.914281]  ? lock_downgrade+0x980/0x980
[   24.914294]  ? fget_raw+0x20/0x20
[   24.914299]  ? __handle_mm_fault+0x3dd0/0x3dd0
[   24.914302]  ? vmacache_find+0x5f/0x280
[   24.914310]  ? up_read+0x1a/0x40
[   24.914314]  ? __do_page_fault+0x3d6/0xc90
[   24.914318]  ? get_unused_fd_flags+0x190/0x190
[   24.914325]  ? __fdget+0x18/0x20
[   24.914332]  __sys_sendmsg+0xe5/0x210
[   24.914335]  ? __sys_sendmsg+0xe5/0x210
[   24.914340]  ? SyS_shutdown+0x290/0x290
[   24.914345]  ? __do_page_fault+0xc90/0xc90
[   24.914351]  ? fd_install+0x4d/0x60
[   24.914361]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   24.914368]  SyS_sendmsg+0x2d/0x50
[   24.914373]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   24.914376] RIP: 0033:0x43ff59
[   24.914378] RSP: 002b:00007ffd1ef18aa8 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
[   24.914382] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff59
[   24.914384] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003
[   24.914386] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   24.914389] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018c0
[   24.914391] R13: 0000000000401950 R14: 0000000000000000 R15: 0000000000000000
[   24.935986] Dumping ftrace buffer:
[   24.935989]    (ftrace buffer empty)
[   24.935993] Kernel Offset: disabled
[   25.700146] Rebooting in 86400 seconds..