[....] Starting enhanced syslogd: rsyslogd[   16.898852] audit: type=1400 audit(1519699147.414:5): avc:  denied  { syslog } for  pid=4084 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.586351] audit: type=1400 audit(1519699153.102:6): avc:  denied  { map } for  pid=4224 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts.
executing program
[   36.505249] audit: type=1400 audit(1519699167.021:7): avc:  denied  { map } for  pid=4240 comm="syzkaller703456" path="/root/syzkaller703456610" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   36.508184] ==================================================================
[   36.538594] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x30de/0x3210
[   36.545759] Read of size 4 at addr ffff8801b01b7480 by task syzkaller703456/4240
[   36.553267] 
[   36.554874] CPU: 0 PID: 4240 Comm: syzkaller703456 Not tainted 4.16.0-rc3+ #330
[   36.562297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.571627] Call Trace:
[   36.574196]  dump_stack+0x194/0x24d
[   36.577812]  ? arch_local_irq_restore+0x53/0x53
[   36.582456]  ? show_regs_print_info+0x18/0x18
[   36.586928]  ? lock_release+0xa40/0xa40
[   36.590882]  ? xfrm_state_find+0x30de/0x3210
[   36.595279]  print_address_description+0x73/0x250
[   36.600185]  ? xfrm_state_find+0x30de/0x3210
[   36.604568]  kasan_report+0x23b/0x360
[   36.608349]  __asan_report_load4_noabort+0x14/0x20
[   36.613250]  xfrm_state_find+0x30de/0x3210
[   36.617463]  ? check_noncircular+0x20/0x20
[   36.621688]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   36.626767]  ? print_irqtrace_events+0x270/0x270
[   36.631494]  ? retint_kernel+0x10/0x10
[   36.635367]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   36.640361]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   36.645095]  ? set_pageblock_migratetype+0x40/0x40
[   36.650015]  ? retint_kernel+0x10/0x10
[   36.653896]  ? mark_held_locks+0xaf/0x100
[   36.658106]  ? get_page_from_freelist+0xa80/0x52d0
[   36.663012]  ? kernel_poison_pages+0xce/0x1f0
[   36.667490]  ? kasan_unpoison_shadow+0x35/0x50
[   36.672050]  ? print_irqtrace_events+0x270/0x270
[   36.676780]  ? get_page_from_freelist+0x2d7f/0x52d0
[   36.681770]  ? get_page_from_freelist+0x2deb/0x52d0
[   36.686776]  ? print_irqtrace_events+0x270/0x270
[   36.691504]  ? __lock_acquire+0x664/0x3e00
[   36.695713]  ? print_irqtrace_events+0x270/0x270
[   36.700438]  ? __bfs+0xaa/0x750
[   36.703708]  xfrm_tmpl_resolve+0x2ee/0xc40
[   36.708469]  ? __xfrm_decode_session+0x110/0x110
[   36.713197]  ? __lock_is_held+0xb6/0x140
[   36.717244]  ? rcu_read_lock_sched_held+0x108/0x120
[   36.722233]  ? fib_table_lookup+0xa04/0x1ba0
[   36.726625]  xfrm_resolve_and_create_bundle+0x184/0x28d0
[   36.732051]  ? call_fib_entry_notifiers+0x4f0/0x4f0
[   36.737041]  ? check_noncircular+0x20/0x20
[   36.741255]  ? xfrm_tmpl_resolve+0xc40/0xc40
[   36.745637]  ? __lock_is_held+0xb6/0x140
[   36.749678]  ? find_held_lock+0x35/0x1d0
[   36.753728]  ? xfrm_sk_policy_lookup+0x34c/0x4e0
[   36.758460]  ? lock_downgrade+0x980/0x980
[   36.762587]  ? lock_release+0xa40/0xa40
[   36.766540]  ? refcount_inc_not_zero+0xfe/0x180
[   36.771183]  ? selinux_xfrm_policy_lookup+0xac/0xd0
[   36.776177]  ? security_xfrm_policy_lookup+0x92/0xc0
[   36.781259]  ? xfrm_sk_policy_lookup+0x375/0x4e0
[   36.786005]  ? xfrm_selector_match+0xe00/0xe00
[   36.790569]  xfrm_lookup+0xfcb/0x25c0
[   36.794350]  ? xfrm_lookup+0xfcb/0x25c0
[   36.798300]  ? check_noncircular+0x20/0x20
[   36.802512]  ? xfrm_policy_lookup+0x70/0x70
[   36.806808]  ? lock_downgrade+0x980/0x980
[   36.810934]  ? find_held_lock+0x35/0x1d0
[   36.814979]  ? ip_route_output_key_hash+0x229/0x370
[   36.819969]  ? lock_downgrade+0x980/0x980
[   36.824092]  ? lock_release+0xa40/0xa40
[   36.828038]  ? print_irqtrace_events+0x270/0x270
[   36.832768]  ? find_held_lock+0x35/0x1d0
[   36.836814]  ? ip_route_output_key_hash+0x252/0x370
[   36.841803]  ? ip_route_output_key_hash_rcu+0x2f00/0x2f00
[   36.847310]  ? lock_release+0xa40/0xa40
[   36.851264]  xfrm_lookup_route+0x39/0x1a0
[   36.855401]  ip_route_output_flow+0x7c/0xa0
[   36.859699]  udp_sendmsg+0x19bd/0x2f70
[   36.863560]  ? ip_reply_glue_bits+0xb0/0xb0
[   36.867868]  ? kasan_init_slab_obj+0x10/0x30
[   36.872257]  ? udp4_lib_lookup2+0x310/0x310
[   36.876551]  ? debug_check_no_obj_freed+0x3da/0xf1f
[   36.881549]  ? xfrm_sk_policy_insert+0x358/0x580
[   36.886279]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   36.891272]  ? free_obj_work+0x690/0x690
[   36.895311]  ? check_noncircular+0x20/0x20
[   36.899524]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   36.904686]  ? reacquire_held_locks+0x1f9/0x3e0
[   36.909336]  ? reacquire_held_locks+0x1f9/0x3e0
[   36.913978]  ? find_held_lock+0x35/0x1d0
[   36.918020]  udpv6_sendmsg+0x757/0x3400
[   36.921981]  ? avc_has_perm+0x35e/0x680
[   36.925931]  ? km_migrate+0x340/0x340
[   36.929708]  ? udpv6_setsockopt+0x80/0x80
[   36.933843]  ? avc_has_perm+0x43e/0x680
[   36.937795]  ? avc_has_perm_noaudit+0x520/0x520
[   36.942438]  ? find_held_lock+0x35/0x1d0
[   36.946483]  ? lock_downgrade+0x980/0x980
[   36.950603]  ? check_noncircular+0x20/0x20
[   36.954817]  ? rw_copy_check_uvector+0x1be/0x280
[   36.959554]  ? udp_lib_rehash+0x5aa/0x920
[   36.963678]  ? sock_has_perm+0x2a4/0x420
[   36.967733]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   36.973070]  ? dup_iter+0x1f2/0x260
[   36.976688]  inet_sendmsg+0x11f/0x5e0
[   36.980464]  ? inet_sendmsg+0x11f/0x5e0
[   36.984409]  ? copy_msghdr_from_user+0x3a6/0x590
[   36.989139]  ? inet_create+0xf50/0xf50
[   36.993000]  ? selinux_socket_sendmsg+0x36/0x40
[   36.997645]  ? security_socket_sendmsg+0x89/0xb0
[   37.002374]  ? inet_create+0xf50/0xf50
[   37.006234]  sock_sendmsg+0xca/0x110
[   37.009931]  ___sys_sendmsg+0x767/0x8b0
[   37.013893]  ? copy_msghdr_from_user+0x590/0x590
[   37.018617]  ? avc_has_perm_noaudit+0x520/0x520
[   37.023259]  ? lock_release+0xa40/0xa40
[   37.027202]  ? __ip4_datagram_connect+0xa3a/0x1240
[   37.032514]  ? lock_acquire+0x1d5/0x580
[   37.036464]  ? lock_sock_nested+0xa3/0x110
[   37.040668]  ? lock_acquire+0x1d5/0x580
[   37.044617]  ? __local_bh_enable_ip+0x121/0x230
[   37.049260]  ? release_sock+0x1d4/0x2a0
[   37.053207]  ? trace_hardirqs_on+0xd/0x10
[   37.057326]  ? __local_bh_enable_ip+0x121/0x230
[   37.061968]  ? __fget_light+0x2b2/0x3c0
[   37.065919]  ? fget_raw+0x20/0x20
[   37.069344]  ? release_sock+0x1d4/0x2a0
[   37.073302]  ? sock_has_perm+0x2a4/0x420
[   37.077343]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
[   37.083038]  __sys_sendmsg+0xe5/0x210
[   37.086812]  ? __sys_sendmsg+0xe5/0x210
[   37.090761]  ? SyS_shutdown+0x290/0x290
[   37.094711]  ? sock_common_setsockopt+0x95/0xd0
[   37.099354]  ? SyS_setsockopt+0x215/0x360
[   37.103483]  ? move_addr_to_kernel+0x60/0x60
[   37.107879]  ? __sys_sendmsg+0x210/0x210
[   37.111915]  SyS_sendmsg+0x2d/0x50
[   37.115432]  do_syscall_64+0x280/0x940
[   37.119293]  ? __do_page_fault+0xc90/0xc90
[   37.123503]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   37.129017]  ? syscall_return_slowpath+0x550/0x550
[   37.133921]  ? syscall_return_slowpath+0x2ac/0x550
[   37.138832]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   37.144172]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.149003]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   37.154164] RIP: 0033:0x4402a9
[   37.157327] RSP: 002b:00007ffdde36c7b8 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
[   37.165009] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402a9
[   37.172253] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000003
[   37.179496] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   37.186738] R10: 00000000000000e8 R11: 0000000000000217 R12: 0000000000401bd0
[   37.193980] R13: 0000000000401c60 R14: 0000000000000000 R15: 0000000000000000
[   37.201251] 
[   37.202859] The buggy address belongs to the page:
[   37.207763] page:ffffea0006c06dc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   37.215876] flags: 0x2fffc0000000000()
[   37.219734] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   37.227585] raw: 0000000000000000 ffffea0006c00101 0000000000000000 0000000000000000
[   37.235433] page dumped because: kasan: bad access detected
[   37.241112] 
[   37.242719] Memory state around the buggy address:
[   37.247621]  ffff8801b01b7380: f2 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2
[   37.254950]  ffff8801b01b7400: f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00
[   37.262287] >ffff8801b01b7480: f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2
[   37.269614]                    ^
[   37.272948]  ffff8801b01b7500: f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.280276]  ffff8801b01b7580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[   37.287601] ==================================================================
[   37.294938] Disabling lock debugging due to kernel taint
[   37.300394] Kernel panic - not syncing: panic_on_warn set ...
[   37.300394] 
[   37.307730] CPU: 0 PID: 4240 Comm: syzkaller703456 Tainted: G    B            4.16.0-rc3+ #330
[   37.316451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.325776] Call Trace:
[   37.328340]  dump_stack+0x194/0x24d
[   37.331941]  ? arch_local_irq_restore+0x53/0x53
[   37.336579]  ? kasan_end_report+0x32/0x50
[   37.340699]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   37.345425]  ? vsnprintf+0x1ed/0x1900
[   37.349196]  ? xfrm_state_find+0x3020/0x3210
[   37.353579]  panic+0x1e4/0x41c
[   37.356743]  ? refcount_error_report+0x214/0x214
[   37.361468]  ? add_taint+0x1c/0x50
[   37.364977]  ? add_taint+0x1c/0x50
[   37.368486]  ? xfrm_state_find+0x30de/0x3210
[   37.372863]  kasan_end_report+0x50/0x50
[   37.376826]  kasan_report+0x148/0x360
[   37.380597]  __asan_report_load4_noabort+0x14/0x20
[   37.385496]  xfrm_state_find+0x30de/0x3210
[   37.389722]  ? check_noncircular+0x20/0x20
[   37.393936]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   37.399012]  ? print_irqtrace_events+0x270/0x270
[   37.403738]  ? retint_kernel+0x10/0x10
[   37.407597]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   37.412584]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   37.417311]  ? set_pageblock_migratetype+0x40/0x40
[   37.422208]  ? retint_kernel+0x10/0x10
[   37.426070]  ? mark_held_locks+0xaf/0x100
[   37.430188]  ? get_page_from_freelist+0xa80/0x52d0
[   37.435098]  ? kernel_poison_pages+0xce/0x1f0
[   37.439561]  ? kasan_unpoison_shadow+0x35/0x50
[   37.444113]  ? print_irqtrace_events+0x270/0x270
[   37.448841]  ? get_page_from_freelist+0x2d7f/0x52d0
[   37.453834]  ? get_page_from_freelist+0x2deb/0x52d0
[   37.458830]  ? print_irqtrace_events+0x270/0x270
[   37.463557]  ? __lock_acquire+0x664/0x3e00
[   37.467763]  ? print_irqtrace_events+0x270/0x270
[   37.472486]  ? __bfs+0xaa/0x750
[   37.475746]  xfrm_tmpl_resolve+0x2ee/0xc40
[   37.479958]  ? __xfrm_decode_session+0x110/0x110
[   37.484683]  ? __lock_is_held+0xb6/0x140
[   37.488720]  ? rcu_read_lock_sched_held+0x108/0x120
[   37.493705]  ? fib_table_lookup+0xa04/0x1ba0
[   37.498088]  xfrm_resolve_and_create_bundle+0x184/0x28d0
[   37.503510]  ? call_fib_entry_notifiers+0x4f0/0x4f0
[   37.508500]  ? check_noncircular+0x20/0x20
[   37.512708]  ? xfrm_tmpl_resolve+0xc40/0xc40
[   37.517085]  ? __lock_is_held+0xb6/0x140
[   37.521116]  ? find_held_lock+0x35/0x1d0
[   37.525152]  ? xfrm_sk_policy_lookup+0x34c/0x4e0
[   37.529878]  ? lock_downgrade+0x980/0x980
[   37.533995]  ? lock_release+0xa40/0xa40
[   37.537941]  ? refcount_inc_not_zero+0xfe/0x180
[   37.542580]  ? selinux_xfrm_policy_lookup+0xac/0xd0
[   37.547574]  ? security_xfrm_policy_lookup+0x92/0xc0
[   37.552650]  ? xfrm_sk_policy_lookup+0x375/0x4e0
[   37.557377]  ? xfrm_selector_match+0xe00/0xe00
[   37.561934]  xfrm_lookup+0xfcb/0x25c0
[   37.565702]  ? xfrm_lookup+0xfcb/0x25c0
[   37.569647]  ? check_noncircular+0x20/0x20
[   37.573865]  ? xfrm_policy_lookup+0x70/0x70
[   37.578158]  ? lock_downgrade+0x980/0x980
[   37.582280]  ? find_held_lock+0x35/0x1d0
[   37.586317]  ? ip_route_output_key_hash+0x229/0x370
[   37.591304]  ? lock_downgrade+0x980/0x980
[   37.595423]  ? lock_release+0xa40/0xa40
[   37.599367]  ? print_irqtrace_events+0x270/0x270
[   37.604096]  ? find_held_lock+0x35/0x1d0
[   37.608133]  ? ip_route_output_key_hash+0x252/0x370
[   37.613119]  ? ip_route_output_key_hash_rcu+0x2f00/0x2f00
[   37.618621]  ? lock_release+0xa40/0xa40
[   37.622580]  xfrm_lookup_route+0x39/0x1a0
[   37.626701]  ip_route_output_flow+0x7c/0xa0
[   37.630996]  udp_sendmsg+0x19bd/0x2f70
[   37.634854]  ? ip_reply_glue_bits+0xb0/0xb0
[   37.639147]  ? kasan_init_slab_obj+0x10/0x30
[   37.643530]  ? udp4_lib_lookup2+0x310/0x310
[   37.647820]  ? debug_check_no_obj_freed+0x3da/0xf1f
[   37.652806]  ? xfrm_sk_policy_insert+0x358/0x580
[   37.657538]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   37.662527]  ? free_obj_work+0x690/0x690
[   37.666558]  ? check_noncircular+0x20/0x20
[   37.670769]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   37.675931]  ? reacquire_held_locks+0x1f9/0x3e0
[   37.680569]  ? reacquire_held_locks+0x1f9/0x3e0
[   37.685220]  ? find_held_lock+0x35/0x1d0
[   37.689260]  udpv6_sendmsg+0x757/0x3400
[   37.693206]  ? avc_has_perm+0x35e/0x680
[   37.697154]  ? km_migrate+0x340/0x340
[   37.700927]  ? udpv6_setsockopt+0x80/0x80
[   37.705052]  ? avc_has_perm+0x43e/0x680
[   37.708999]  ? avc_has_perm_noaudit+0x520/0x520
[   37.713640]  ? find_held_lock+0x35/0x1d0
[   37.717676]  ? lock_downgrade+0x980/0x980
[   37.721796]  ? check_noncircular+0x20/0x20
[   37.726005]  ? rw_copy_check_uvector+0x1be/0x280
[   37.730832]  ? udp_lib_rehash+0x5aa/0x920
[   37.734951]  ? sock_has_perm+0x2a4/0x420
[   37.738988]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   37.744324]  ? dup_iter+0x1f2/0x260
[   37.747928]  inet_sendmsg+0x11f/0x5e0
[   37.751700]  ? inet_sendmsg+0x11f/0x5e0
[   37.755645]  ? copy_msghdr_from_user+0x3a6/0x590
[   37.760371]  ? inet_create+0xf50/0xf50
[   37.764244]  ? selinux_socket_sendmsg+0x36/0x40
[   37.768886]  ? security_socket_sendmsg+0x89/0xb0
[   37.773610]  ? inet_create+0xf50/0xf50
[   37.777470]  sock_sendmsg+0xca/0x110
[   37.781155]  ___sys_sendmsg+0x767/0x8b0
[   37.785102]  ? copy_msghdr_from_user+0x590/0x590
[   37.789826]  ? avc_has_perm_noaudit+0x520/0x520
[   37.794468]  ? lock_release+0xa40/0xa40
[   37.798412]  ? __ip4_datagram_connect+0xa3a/0x1240
[   37.803309]  ? lock_acquire+0x1d5/0x580
[   37.807252]  ? lock_sock_nested+0xa3/0x110
[   37.811454]  ? lock_acquire+0x1d5/0x580
[   37.815401]  ? __local_bh_enable_ip+0x121/0x230
[   37.820039]  ? release_sock+0x1d4/0x2a0
[   37.823982]  ? trace_hardirqs_on+0xd/0x10
[   37.828113]  ? __local_bh_enable_ip+0x121/0x230
[   37.832755]  ? __fget_light+0x2b2/0x3c0
[   37.836715]  ? fget_raw+0x20/0x20
[   37.840137]  ? release_sock+0x1d4/0x2a0
[   37.844087]  ? sock_has_perm+0x2a4/0x420
[   37.848125]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
[   37.853810]  __sys_sendmsg+0xe5/0x210
[   37.857579]  ? __sys_sendmsg+0xe5/0x210
[   37.861524]  ? SyS_shutdown+0x290/0x290
[   37.865469]  ? sock_common_setsockopt+0x95/0xd0
[   37.870107]  ? SyS_setsockopt+0x215/0x360
[   37.874233]  ? move_addr_to_kernel+0x60/0x60
[   37.878617]  ? __sys_sendmsg+0x210/0x210
[   37.882660]  SyS_sendmsg+0x2d/0x50
[   37.886175]  do_syscall_64+0x280/0x940
[   37.890035]  ? __do_page_fault+0xc90/0xc90
[   37.894239]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   37.899745]  ? syscall_return_slowpath+0x550/0x550
[   37.904644]  ? syscall_return_slowpath+0x2ac/0x550
[   37.909981]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   37.915318]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.920132]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   37.925291] RIP: 0033:0x4402a9
[   37.928449] RSP: 002b:00007ffdde36c7b8 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
[   37.936126] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402a9
[   37.943369] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000003
[   37.950608] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[   37.957848] R10: 00000000000000e8 R11: 0000000000000217 R12: 0000000000401bd0
[   37.965087] R13: 0000000000401c60 R14: 0000000000000000 R15: 0000000000000000
[   37.972729] Dumping ftrace buffer:
[   37.976237]    (ftrace buffer empty)
[   37.979916] Kernel Offset: disabled
[   37.983516] Rebooting in 86400 seconds..