[....] Starting enhanced syslogd: rsyslogd[   11.461209] audit: type=1400 audit(1514140892.626:5): avc:  denied  { syslog } for  pid=2994 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.234943] audit: type=1400 audit(1514140899.399:6): avc:  denied  { map } for  pid=3135 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-kasan-gce-386-0,10.128.15.205' (ECDSA) to the list of known hosts.
executing program
[   39.034025] audit: type=1400 audit(1514140920.198:7): avc:  denied  { map } for  pid=3152 comm="syzkaller532199" path="/root/syzkaller532199226" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   39.037344] ==================================================================
[   39.037360] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x30de/0x3210
[   39.037365] Read of size 4 at addr ffff8801bb8075a0 by task syzkaller532199/3152
[   39.037366] 
[   39.037371] CPU: 1 PID: 3152 Comm: syzkaller532199 Not tainted 4.15.0-rc5+ #147
[   39.037374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.037376] Call Trace:
[   39.037384]  dump_stack+0x194/0x257
[   39.037392]  ? arch_local_irq_restore+0x53/0x53
[   39.037399]  ? show_regs_print_info+0x18/0x18
[   39.037408]  ? lock_release+0xa40/0xa40
[   39.037414]  ? xfrm_state_find+0x30de/0x3210
[   39.037423]  print_address_description+0x73/0x250
[   39.037428]  ? xfrm_state_find+0x30de/0x3210
[   39.037434]  kasan_report+0x25b/0x340
[   39.037443]  __asan_report_load4_noabort+0x14/0x20
[   39.037447]  xfrm_state_find+0x30de/0x3210
[   39.037454]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   39.037475]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   39.037481]  ? get_page_from_freelist+0x2d70/0x52f0
[   39.037485]  ? get_page_from_freelist+0x2ddc/0x52f0
[   39.037496]  ? find_held_lock+0x35/0x1d0
[   39.037529]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   39.037538]  ? print_irqtrace_events+0x270/0x270
[   39.037550]  ? depot_save_stack+0x3b5/0x490
[   39.037556]  ? lock_downgrade+0x980/0x980
[   39.037564]  ? lock_release+0xa40/0xa40
[   39.037575]  ? __lock_acquire+0x664/0x3e00
[   39.037582]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   39.037588]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   39.037598]  xfrm_tmpl_resolve+0x30e/0xc10
[   39.037618]  ? __xfrm_decode_session+0x110/0x110
[   39.037623]  ? find_held_lock+0x35/0x1d0
[   39.037636]  ? rt_add_uncached_list+0x1b7/0x240
[   39.037642]  ? lock_downgrade+0x980/0x980
[   39.037650]  ? lock_release+0xa40/0xa40
[   39.037660]  xfrm_resolve_and_create_bundle+0x123/0x25f0
[   39.037668]  ? rt_add_uncached_list+0x1b7/0x240
[   39.037672]  ? trace_hardirqs_on+0xd/0x10
[   39.037677]  ? __local_bh_enable_ip+0x121/0x230
[   39.037684]  ? _raw_spin_unlock_bh+0x30/0x40
[   39.037691]  ? ip_rt_bug+0x20/0x20
[   39.037698]  ? xfrm_tmpl_resolve+0xc10/0xc10
[   39.037704]  ? find_held_lock+0x35/0x1d0
[   39.037715]  ? xfrm_sk_policy_lookup+0x30b/0x490
[   39.037721]  ? lock_downgrade+0x980/0x980
[   39.037729]  ? lock_release+0xa40/0xa40
[   39.037738]  ? refcount_inc_not_zero+0xfe/0x180
[   39.037747]  ? selinux_xfrm_policy_lookup+0xac/0xd0
[   39.037755]  ? security_xfrm_policy_lookup+0x92/0xc0
[   39.037764]  ? xfrm_sk_policy_lookup+0x334/0x490
[   39.037774]  ? xfrm_selector_match+0xe00/0xe00
[   39.037788]  xfrm_lookup+0x1574/0x23f0
[   39.037791]  ? xfrm_lookup+0x1574/0x23f0
[   39.037796]  ? check_noncircular+0x20/0x20
[   39.037809]  ? xfrm_policy_lookup_bytype.constprop.46+0x960/0x960
[   39.037814]  ? __lock_acquire+0x664/0x3e00
[   39.037824]  ? find_held_lock+0x35/0x1d0
[   39.037836]  ? ip_route_output_key_hash+0x229/0x370
[   39.037842]  ? lock_downgrade+0x980/0x980
[   39.037847]  ? pagevec_lru_move_fn+0x178/0x230
[   39.037854]  ? lock_release+0xa40/0xa40
[   39.037863]  ? find_held_lock+0x35/0x1d0
[   39.037878]  ? ip_route_output_key_hash+0x252/0x370
[   39.037885]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   39.037888]  ? lock_release+0xa40/0xa40
[   39.037900]  xfrm_lookup_route+0x39/0x1a0
[   39.037908]  ip_route_output_flow+0x7c/0xa0
[   39.037916]  udp_sendmsg+0x19d3/0x2cf0
[   39.037925]  ? ip_reply_glue_bits+0xb0/0xb0
[   39.037939]  ? udp_lib_get_port+0x1b30/0x1b30
[   39.037946]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   39.037951]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   39.037972]  ? lock_downgrade+0x980/0x980
[   39.037989]  ? mark_held_locks+0xaf/0x100
[   39.037994]  ? refcount_inc_not_zero+0xfe/0x180
[   39.037999]  ? __local_bh_enable_ip+0x121/0x230
[   39.038009]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   39.038013]  ? udp_lib_get_port+0x785/0x1b30
[   39.038018]  ? check_noncircular+0x20/0x20
[   39.038022]  ? __local_bh_enable_ip+0x121/0x230
[   39.038031]  udpv6_sendmsg+0x762/0x33a0
[   39.038042]  ? check_noncircular+0x20/0x20
[   39.038052]  ? udpv6_setsockopt+0x80/0x80
[   39.038062]  ? reacquire_held_locks+0x1f9/0x3e0
[   39.038066]  ? reacquire_held_locks+0x1f9/0x3e0
[   39.038074]  ? find_held_lock+0x35/0x1d0
[   39.038088]  ? release_sock+0x1d4/0x2a0
[   39.038096]  ? lock_downgrade+0x980/0x980
[   39.038114]  ? __local_bh_enable_ip+0x121/0x230
[   39.038122]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   39.038126]  ? release_sock+0x1d4/0x2a0
[   39.038130]  ? trace_hardirqs_on+0xd/0x10
[   39.038134]  ? __local_bh_enable_ip+0x121/0x230
[   39.038141]  ? _raw_spin_unlock_bh+0x30/0x40
[   39.038146]  ? release_sock+0x1d4/0x2a0
[   39.038152]  ? __release_sock+0x360/0x360
[   39.038156]  ? udp6_portaddr_hash+0x146/0x2f0
[   39.038165]  ? udp_v6_get_port+0x9c/0xc0
[   39.038175]  inet_sendmsg+0x11f/0x5e0
[   39.038179]  ? inet_sendmsg+0x11f/0x5e0
[   39.038185]  ? __might_sleep+0x95/0x190
[   39.038190]  ? inet_recvmsg+0x5f0/0x5f0
[   39.038197]  ? selinux_socket_sendmsg+0x36/0x40
[   39.038203]  ? security_socket_sendmsg+0x89/0xb0
[   39.038207]  ? inet_recvmsg+0x5f0/0x5f0
[   39.038216]  sock_sendmsg+0xca/0x110
[   39.038223]  SYSC_sendto+0x361/0x5c0
[   39.038231]  ? SYSC_connect+0x4a0/0x4a0
[   39.038239]  ? find_held_lock+0x35/0x1d0
[   39.038253]  ? lock_downgrade+0x980/0x980
[   39.038267]  ? handle_mm_fault+0x410/0x8d0
[   39.038270]  ? down_read_trylock+0xdb/0x170
[   39.038276]  ? __do_page_fault+0x32d/0xc90
[   39.038291]  ? up_read+0x1a/0x40
[   39.038296]  ? __do_page_fault+0x3d6/0xc90
[   39.038309]  SyS_sendto+0x40/0x50
[   39.038315]  ? SyS_getpeername+0x30/0x30
[   39.038323]  do_fast_syscall_32+0x3ee/0xf9d
[   39.038334]  ? do_int80_syscall_32+0x9d0/0x9d0
[   39.038339]  ? kasan_check_read+0x11/0x20
[   39.038346]  ? syscall_return_slowpath+0x550/0x550
[   39.038353]  ? SyS_rt_sigaction+0x94/0x1b0
[   39.038359]  ? SyS_sigprocmask+0x4b0/0x4b0
[   39.038363]  ? SyS_read+0x184/0x220
[   39.038368]  ? retint_user+0x18/0x18
[   39.038378]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.038390]  entry_SYSENTER_compat+0x54/0x63
[   39.038394] RIP: 0023:0xf7faac79
[   39.038396] RSP: 002b:00000000ffa8613c EFLAGS: 00000282 ORIG_RAX: 0000000000000171
[   39.038401] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000002028a000
[   39.038404] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020999000
[   39.038406] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000
[   39.038408] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   39.038411] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   39.038428] 
[   39.038429] The buggy address belongs to the page:
[   39.038434] page:000000007a6cdafd count:0 mapcount:0 mapping:          (null) index:0x0
[   39.038437] flags: 0x2fffc0000000000()
[   39.038443] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   39.038447] raw: 0000000000000000 ffffea0006ee01e0 0000000000000000 0000000000000000
[   39.038449] page dumped because: kasan: bad access detected
[   39.038450] 
[   39.038452] Memory state around the buggy address:
[   39.038455]  ffff8801bb807480: f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2
[   39.038458]  ffff8801bb807500: f2 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00
[   39.038461] >ffff8801bb807580: 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00 00 00
[   39.038463]                                ^
[   39.038466]  ffff8801bb807600: 00 00 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00
[   39.038469]  ffff8801bb807680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   39.038470] ==================================================================
[   39.038472] Disabling lock debugging due to kernel taint
[   39.038488] Kernel panic - not syncing: panic_on_warn set ...
[   39.038488] 
[   39.038492] CPU: 1 PID: 3152 Comm: syzkaller532199 Tainted: G    B            4.15.0-rc5+ #147
[   39.038494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.038495] Call Trace:
[   39.038500]  dump_stack+0x194/0x257
[   39.038505]  ? arch_local_irq_restore+0x53/0x53
[   39.038510]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   39.038515]  ? vsnprintf+0x1ed/0x1900
[   39.038520]  ? xfrm_state_find+0x3070/0x3210
[   39.038524]  panic+0x1e4/0x41c
[   39.038528]  ? refcount_error_report+0x214/0x214
[   39.038534]  ? add_taint+0x1c/0x50
[   39.038538]  ? add_taint+0x1c/0x50
[   39.038543]  ? xfrm_state_find+0x30de/0x3210
[   39.038547]  kasan_end_report+0x50/0x50
[   39.038551]  kasan_report+0x144/0x340
[   39.038557]  __asan_report_load4_noabort+0x14/0x20
[   39.038561]  xfrm_state_find+0x30de/0x3210
[   39.038566]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   39.038579]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   39.038582]  ? get_page_from_freelist+0x2d70/0x52f0
[   39.038586]  ? get_page_from_freelist+0x2ddc/0x52f0
[   39.038593]  ? find_held_lock+0x35/0x1d0
[   39.038611]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   39.038617]  ? print_irqtrace_events+0x270/0x270
[   39.038624]  ? depot_save_stack+0x3b5/0x490
[   39.038629]  ? lock_downgrade+0x980/0x980
[   39.038634]  ? lock_release+0xa40/0xa40
[   39.038641]  ? __lock_acquire+0x664/0x3e00
[   39.038645]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   39.038650]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   39.038657]  xfrm_tmpl_resolve+0x30e/0xc10
[   39.038668]  ? __xfrm_decode_session+0x110/0x110
[   39.038672]  ? find_held_lock+0x35/0x1d0
[   39.038679]  ? rt_add_uncached_list+0x1b7/0x240
[   39.038684]  ? lock_downgrade+0x980/0x980
[   39.038689]  ? lock_release+0xa40/0xa40
[   39.038696]  xfrm_resolve_and_create_bundle+0x123/0x25f0
[   39.038701]  ? rt_add_uncached_list+0x1b7/0x240
[   39.038705]  ? trace_hardirqs_on+0xd/0x10
[   39.038709]  ? __local_bh_enable_ip+0x121/0x230
[   39.038713]  ? _raw_spin_unlock_bh+0x30/0x40
[   39.038718]  ? ip_rt_bug+0x20/0x20
[   39.038723]  ? xfrm_tmpl_resolve+0xc10/0xc10
[   39.038727]  ? find_held_lock+0x35/0x1d0
[   39.038735]  ? xfrm_sk_policy_lookup+0x30b/0x490
[   39.038739]  ? lock_downgrade+0x980/0x980
[   39.038745]  ? lock_release+0xa40/0xa40
[   39.038750]  ? refcount_inc_not_zero+0xfe/0x180
[   39.038756]  ? selinux_xfrm_policy_lookup+0xac/0xd0
[   39.038761]  ? security_xfrm_policy_lookup+0x92/0xc0
[   39.038768]  ? xfrm_sk_policy_lookup+0x334/0x490
[   39.038774]  ? xfrm_selector_match+0xe00/0xe00
[   39.038783]  xfrm_lookup+0x1574/0x23f0
[   39.038786]  ? xfrm_lookup+0x1574/0x23f0
[   39.038790]  ? check_noncircular+0x20/0x20
[   39.038798]  ? xfrm_policy_lookup_bytype.constprop.46+0x960/0x960
[   39.038803]  ? __lock_acquire+0x664/0x3e00
[   39.038809]  ? find_held_lock+0x35/0x1d0
[   39.038817]  ? ip_route_output_key_hash+0x229/0x370
[   39.038821]  ? lock_downgrade+0x980/0x980
[   39.038825]  ? pagevec_lru_move_fn+0x178/0x230
[   39.038830]  ? lock_release+0xa40/0xa40
[   39.038835]  ? find_held_lock+0x35/0x1d0
[   39.038845]  ? ip_route_output_key_hash+0x252/0x370
[   39.038850]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   39.038853]  ? lock_release+0xa40/0xa40
[   39.038860]  xfrm_lookup_route+0x39/0x1a0
[   39.038866]  ip_route_output_flow+0x7c/0xa0
[   39.038871]  udp_sendmsg+0x19d3/0x2cf0
[   39.038877]  ? ip_reply_glue_bits+0xb0/0xb0
[   39.038885]  ? udp_lib_get_port+0x1b30/0x1b30
[   39.038890]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   39.038894]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   39.038907]  ? lock_downgrade+0x980/0x980
[   39.038914]  ? mark_held_locks+0xaf/0x100
[   39.038918]  ? refcount_inc_not_zero+0xfe/0x180
[   39.038922]  ? __local_bh_enable_ip+0x121/0x230
[   39.038927]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   39.038931]  ? udp_lib_get_port+0x785/0x1b30
[   39.038935]  ? check_noncircular+0x20/0x20
[   39.038938]  ? __local_bh_enable_ip+0x121/0x230
[   39.038944]  udpv6_sendmsg+0x762/0x33a0
[   39.038951]  ? check_noncircular+0x20/0x20
[   39.038957]  ? udpv6_setsockopt+0x80/0x80
[   39.038964]  ? reacquire_held_locks+0x1f9/0x3e0
[   39.038967]  ? reacquire_held_locks+0x1f9/0x3e0
[   39.038973]  ? find_held_lock+0x35/0x1d0
[   39.038980]  ? release_sock+0x1d4/0x2a0
[   39.038989]  ? lock_downgrade+0x980/0x980
[   39.038998]  ? __local_bh_enable_ip+0x121/0x230
[   39.039005]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   39.039009]  ? release_sock+0x1d4/0x2a0
[   39.039012]  ? trace_hardirqs_on+0xd/0x10
[   39.039016]  ? __local_bh_enable_ip+0x121/0x230
[   39.039021]  ? _raw_spin_unlock_bh+0x30/0x40
[   39.039025]  ? release_sock+0x1d4/0x2a0
[   39.039030]  ? __release_sock+0x360/0x360
[   39.039033]  ? udp6_portaddr_hash+0x146/0x2f0
[   39.039038]  ? udp_v6_get_port+0x9c/0xc0
[   39.039045]  inet_sendmsg+0x11f/0x5e0
[   39.039048]  ? inet_sendmsg+0x11f/0x5e0
[   39.039051]  ? __might_sleep+0x95/0x190
[   39.039055]  ? inet_recvmsg+0x5f0/0x5f0
[   39.039060]  ? selinux_socket_sendmsg+0x36/0x40
[   39.039065]  ? security_socket_sendmsg+0x89/0xb0
[   39.039068]  ? inet_recvmsg+0x5f0/0x5f0
[   39.039073]  sock_sendmsg+0xca/0x110
[   39.039078]  SYSC_sendto+0x361/0x5c0
[   39.039083]  ? SYSC_connect+0x4a0/0x4a0
[   39.039089]  ? find_held_lock+0x35/0x1d0
[   39.039097]  ? lock_downgrade+0x980/0x980
[   39.039105]  ? handle_mm_fault+0x410/0x8d0
[   39.039108]  ? down_read_trylock+0xdb/0x170
[   39.039112]  ? __do_page_fault+0x32d/0xc90
[   39.039121]  ? up_read+0x1a/0x40
[   39.039125]  ? __do_page_fault+0x3d6/0xc90
[   39.039133]  SyS_sendto+0x40/0x50
[   39.039137]  ? SyS_getpeername+0x30/0x30
[   39.039141]  do_fast_syscall_32+0x3ee/0xf9d
[   39.039148]  ? do_int80_syscall_32+0x9d0/0x9d0
[   39.039152]  ? kasan_check_read+0x11/0x20
[   39.039157]  ? syscall_return_slowpath+0x550/0x550
[   39.039162]  ? SyS_rt_sigaction+0x94/0x1b0
[   39.039166]  ? SyS_sigprocmask+0x4b0/0x4b0
[   39.039169]  ? SyS_read+0x184/0x220
[   39.039173]  ? retint_user+0x18/0x18
[   39.039179]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.039187]  entry_SYSENTER_compat+0x54/0x63
[   39.039189] RIP: 0023:0xf7faac79
[   39.039191] RSP: 002b:00000000ffa8613c EFLAGS: 00000282 ORIG_RAX: 0000000000000171
[   39.039195] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000002028a000
[   39.039197] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020999000
[   39.039199] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000
[   39.039201] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   39.039203] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   39.059924] Dumping ftrace buffer:
[   39.059928]    (ftrace buffer empty)
[   39.059930] Kernel Offset: disabled
[   40.401121] Rebooting in 86400 seconds..