[....] Starting enhanced syslogd: rsyslogd[   10.275106] audit: type=1400 audit(1513866974.465:5): avc:  denied  { syslog } for  pid=2993 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   12.480561] audit: type=1400 audit(1513866976.671:6): avc:  denied  { map } for  pid=3132 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-kasan-gce-8,10.128.0.7' (ECDSA) to the list of known hosts.
executing program
[   36.742326] audit: type=1400 audit(1513867000.933:7): avc:  denied  { map } for  pid=3151 comm="syzkaller614057" path="/root/syzkaller614057198" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   36.810150] ==================================================================
[   36.817549] BUG: KASAN: slab-out-of-bounds in xfrm_hash_rebuild+0xdbe/0xf00
[   36.824618] Read of size 2 at addr ffff8801c8a02f24 by task kworker/0:1/24
[   36.831596] 
[   36.833194] CPU: 0 PID: 24 Comm: kworker/0:1 Not tainted 4.15.0-rc4+ #231
[   36.840084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.849422] Workqueue: events xfrm_hash_rebuild
[   36.854057] Call Trace:
[   36.856615]  dump_stack+0x194/0x257
[   36.860220]  ? arch_local_irq_restore+0x53/0x53
[   36.864857]  ? show_regs_print_info+0x18/0x18
[   36.869324]  ? lock_release+0xa40/0xa40
[   36.873264]  ? debug_object_deactivate+0x364/0x560
[   36.878160]  ? xfrm_hash_rebuild+0xdbe/0xf00
[   36.882540]  print_address_description+0x73/0x250
[   36.887348]  ? xfrm_hash_rebuild+0xdbe/0xf00
[   36.891726]  kasan_report+0x25b/0x340
[   36.895497]  __asan_report_load2_noabort+0x14/0x20
[   36.900391]  xfrm_hash_rebuild+0xdbe/0xf00
[   36.904598]  ? lock_acquire+0x160/0x580
[   36.908541]  ? xfrm_policy_bysel_ctx+0x530/0x530
[   36.913269]  ? __lock_is_held+0xb6/0x140
[   36.917310]  process_one_work+0xbbf/0x1b10
[   36.921525]  ? trace_hardirqs_on+0xd/0x10
[   36.925650]  ? pwq_dec_nr_in_flight+0x450/0x450
[   36.930295]  ? __schedule+0x8f3/0x2060
[   36.934149]  ? update_curr+0x2e3/0xa60
[   36.938012]  ? check_noncircular+0x20/0x20
[   36.942216]  ? __lock_is_held+0xb6/0x140
[   36.946269]  ? lock_acquire+0x1d5/0x580
[   36.950225]  ? lock_acquire+0x1d5/0x580
[   36.954169]  ? worker_thread+0x4a3/0x1990
[   36.958289]  ? lock_downgrade+0x980/0x980
[   36.962407]  ? lock_release+0xa40/0xa40
[   36.966351]  ? check_noncircular+0x20/0x20
[   36.970556]  ? do_raw_spin_trylock+0x190/0x190
[   36.975119]  worker_thread+0x223/0x1990
[   36.979081]  ? process_one_work+0x1b10/0x1b10
[   36.983550]  ? _raw_spin_unlock_irq+0x27/0x70
[   36.988015]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   36.993001]  ? trace_hardirqs_on+0xd/0x10
[   36.997131]  ? _raw_spin_unlock_irq+0x27/0x70
[   37.001595]  ? finish_task_switch+0x1d3/0x740
[   37.006057]  ? finish_task_switch+0x1aa/0x740
[   37.010532]  ? copy_overflow+0x20/0x20
[   37.014398]  ? __schedule+0x8f3/0x2060
[   37.018274]  ? find_held_lock+0x35/0x1d0
[   37.022309]  ? find_held_lock+0x35/0x1d0
[   37.026345]  ? complete+0x62/0x80
[   37.029774]  ? __schedule+0x2060/0x2060
[   37.033711]  ? do_wait_intr_irq+0x3e0/0x3e0
[   37.037998]  ? __lockdep_init_map+0xe4/0x650
[   37.042377]  ? do_raw_spin_trylock+0x190/0x190
[   37.046932]  ? lockdep_init_map+0x9/0x10
[   37.050961]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   37.056033]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   37.061015]  ? trace_hardirqs_on+0xd/0x10
[   37.065126]  ? __kthread_parkme+0x175/0x240
[   37.069419]  kthread+0x33c/0x400
[   37.072751]  ? process_one_work+0x1b10/0x1b10
[   37.077212]  ? kthread_stop+0x7a0/0x7a0
[   37.081158]  ret_from_fork+0x24/0x30
[   37.084850] 
[   37.086444] Allocated by task 3157:
[   37.090039]  save_stack+0x43/0xd0
[   37.093456]  kasan_kmalloc+0xad/0xe0
[   37.097149]  __kmalloc+0x162/0x760
[   37.100659]  sk_prot_alloc+0x101/0x2a0
[   37.104517]  sk_alloc+0x89/0x700
[   37.107852]  pfkey_create+0x2b2/0xae0
[   37.111623]  __sock_create+0x4d4/0x850
[   37.115479]  SyS_socket+0xeb/0x1d0
[   37.118986]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   37.123705] 
[   37.125298] Freed by task 0:
[   37.128279] (stack is not available)
[   37.131954] 
[   37.133547] The buggy address belongs to the object at ffff8801c8a02a00
[   37.133547]  which belongs to the cache kmalloc-2048 of size 2048
[   37.146342] The buggy address is located 1316 bytes inside of
[   37.146342]  2048-byte region [ffff8801c8a02a00, ffff8801c8a03200)
[   37.158354] The buggy address belongs to the page:
[   37.163250] page:000000005dd162a6 count:1 mapcount:0 mapping:00000000d2303c4e index:0x0 compound_mapcount: 0
[   37.173186] flags: 0x2fffc0000008100(slab|head)
[   37.177822] raw: 02fffc0000008100 ffff8801c8a02180 0000000000000000 0000000100000003
[   37.185669] raw: ffffea000728cca0 ffffea000722c020 ffff8801db000c40 0000000000000000
[   37.193515] page dumped because: kasan: bad access detected
[   37.199187] 
[   37.200779] Memory state around the buggy address:
[   37.205674]  ffff8801c8a02e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.212999]  ffff8801c8a02e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.220323] >ffff8801c8a02f00: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.227646]                                ^
[   37.232018]  ffff8801c8a02f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.239347]  ffff8801c8a03000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.246669] ==================================================================
[   37.253995] Disabling lock debugging due to kernel taint
[   37.259445] Kernel panic - not syncing: panic_on_warn set ...
[   37.259445] 
[   37.266773] CPU: 0 PID: 24 Comm: kworker/0:1 Tainted: G    B            4.15.0-rc4+ #231
[   37.274970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.284296] Workqueue: events xfrm_hash_rebuild
[   37.288930] Call Trace:
[   37.291484]  dump_stack+0x194/0x257
[   37.295078]  ? arch_local_irq_restore+0x53/0x53
[   37.299712]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   37.304433]  ? vsnprintf+0x1ed/0x1900
[   37.308199]  ? xfrm_hash_rebuild+0xd20/0xf00
[   37.312571]  panic+0x1e4/0x41c
[   37.315738]  ? refcount_error_report+0x214/0x214
[   37.320458]  ? add_taint+0x1c/0x50
[   37.323964]  ? add_taint+0x1c/0x50
[   37.327471]  ? xfrm_hash_rebuild+0xdbe/0xf00
[   37.331845]  kasan_end_report+0x50/0x50
[   37.335787]  kasan_report+0x144/0x340
[   37.339553]  __asan_report_load2_noabort+0x14/0x20
[   37.344447]  xfrm_hash_rebuild+0xdbe/0xf00
[   37.348651]  ? lock_acquire+0x160/0x580
[   37.352590]  ? xfrm_policy_bysel_ctx+0x530/0x530
[   37.357313]  ? __lock_is_held+0xb6/0x140
[   37.361344]  process_one_work+0xbbf/0x1b10
[   37.365542]  ? trace_hardirqs_on+0xd/0x10
[   37.369657]  ? pwq_dec_nr_in_flight+0x450/0x450
[   37.374295]  ? __schedule+0x8f3/0x2060
[   37.378145]  ? update_curr+0x2e3/0xa60
[   37.382004]  ? check_noncircular+0x20/0x20
[   37.386203]  ? __lock_is_held+0xb6/0x140
[   37.390242]  ? lock_acquire+0x1d5/0x580
[   37.394183]  ? lock_acquire+0x1d5/0x580
[   37.398124]  ? worker_thread+0x4a3/0x1990
[   37.402237]  ? lock_downgrade+0x980/0x980
[   37.406350]  ? lock_release+0xa40/0xa40
[   37.410296]  ? check_noncircular+0x20/0x20
[   37.414496]  ? do_raw_spin_trylock+0x190/0x190
[   37.419048]  worker_thread+0x223/0x1990
[   37.422998]  ? process_one_work+0x1b10/0x1b10
[   37.427463]  ? _raw_spin_unlock_irq+0x27/0x70
[   37.431932]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   37.436918]  ? trace_hardirqs_on+0xd/0x10
[   37.441031]  ? _raw_spin_unlock_irq+0x27/0x70
[   37.445493]  ? finish_task_switch+0x1d3/0x740
[   37.449952]  ? finish_task_switch+0x1aa/0x740
[   37.454413]  ? copy_overflow+0x20/0x20
[   37.458269]  ? __schedule+0x8f3/0x2060
[   37.462130]  ? find_held_lock+0x35/0x1d0
[   37.466159]  ? find_held_lock+0x35/0x1d0
[   37.470187]  ? complete+0x62/0x80
[   37.473610]  ? __schedule+0x2060/0x2060
[   37.477546]  ? do_wait_intr_irq+0x3e0/0x3e0
[   37.481831]  ? __lockdep_init_map+0xe4/0x650
[   37.486206]  ? do_raw_spin_trylock+0x190/0x190
[   37.490755]  ? lockdep_init_map+0x9/0x10
[   37.494780]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   37.499848]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   37.504838]  ? trace_hardirqs_on+0xd/0x10
[   37.508952]  ? __kthread_parkme+0x175/0x240
[   37.513241]  kthread+0x33c/0x400
[   37.516573]  ? process_one_work+0x1b10/0x1b10
[   37.521031]  ? kthread_stop+0x7a0/0x7a0
[   37.524972]  ret_from_fork+0x24/0x30
[   37.528684] Dumping ftrace buffer:
[   37.532191]    (ftrace buffer empty)
[   37.535866] Kernel Offset: disabled
[   37.539465] Rebooting in 86400 seconds..