[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   37.416487] audit: type=1400 audit(1513077361.427:6): avc:  denied  { map } for  pid=3139 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   97.988688] audit: type=1400 audit(1513077421.999:7): avc:  denied  { map } for  pid=3147 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-kasan-gce-6,10.128.0.47' (ECDSA) to the list of known hosts.
[  150.246921] audit: type=1400 audit(1513077474.257:8): avc:  denied  { map } for  pid=3154 comm="syzkaller656319" path="/root/syzkaller656319747" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[  163.298035] ==================================================================
[  163.305455] BUG: KASAN: use-after-free in crypto_chacha20_crypt+0xaf1/0xbd0
[  163.312525] Read of size 4 at addr ffff880100000006 by task syzkaller656319/3820
[  163.320028] 
[  163.321629] CPU: 1 PID: 3820 Comm: syzkaller656319 Not tainted 4.15.0-rc3+ #218
[  163.329043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  163.338365] Call Trace:
[  163.340923]  dump_stack+0x194/0x257
[  163.344522]  ? arch_local_irq_restore+0x53/0x53
[  163.349162]  ? show_regs_print_info+0x18/0x18
[  163.353626]  ? rcutorture_record_progress+0x10/0x10
[  163.358616]  ? crypto_chacha20_crypt+0xaf1/0xbd0
[  163.363347]  print_address_description+0x73/0x250
[  163.368158]  ? crypto_chacha20_crypt+0xaf1/0xbd0
[  163.372885]  kasan_report+0x25b/0x340
[  163.376662]  __asan_report_load4_noabort+0x14/0x20
[  163.381592]  crypto_chacha20_crypt+0xaf1/0xbd0
[  163.386153]  ? crypto_chacha20_setkey+0xc0/0xc0
[  163.390799]  ? __kmalloc+0x162/0x760
[  163.394483]  ? sock_kmalloc+0x112/0x190
[  163.398425]  ? skcipher_recvmsg+0x3f8/0xf20
[  163.402718]  ? sock_recvmsg+0xc9/0x110
[  163.406575]  ? sock_read_iter+0x361/0x560
[  163.410695]  ? aio_read+0x2b0/0x3a0
[  163.414290]  ? do_io_submit+0xf99/0x14f0
[  163.418323]  ? SyS_io_submit+0x27/0x30
[  163.422184]  ? entry_SYSCALL_64_fastpath+0x1f/0x96
[  163.427090]  ? lock_downgrade+0x980/0x980
[  163.431210]  ? check_noncircular+0x20/0x20
[  163.435421]  ? af_alg_pull_tsgl+0x8c2/0xc20
[  163.439718]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  163.444710]  chacha20_simd+0xe4/0x410
[  163.448481]  ? chacha20_simd+0xe4/0x410
[  163.452436]  ? af_alg_get_rsgl+0x990/0x990
[  163.456681]  ? chacha20_dosimd+0x340/0x340
[  163.460902]  ? rcu_read_lock_sched_held+0x108/0x120
[  163.465895]  ? sock_kmalloc+0x112/0x190
[  163.469846]  ? refcount_inc_not_zero+0xfe/0x180
[  163.474486]  ? refcount_add+0x60/0x60
[  163.478256]  ? copy_overflow+0x30/0x30
[  163.482112]  ? lock_sock_nested+0x91/0x110
[  163.486317]  ? trace_hardirqs_on+0xd/0x10
[  163.490443]  skcipher_recvmsg+0x739/0xf20
[  163.494562]  ? skcipher_recvmsg+0x739/0xf20
[  163.498866]  ? skcipher_release+0x50/0x50
[  163.502991]  ? selinux_socket_recvmsg+0x36/0x40
[  163.507640]  ? security_socket_recvmsg+0x91/0xc0
[  163.512367]  ? skcipher_release+0x50/0x50
[  163.516484]  sock_recvmsg+0xc9/0x110
[  163.520172]  sock_read_iter+0x361/0x560
[  163.524121]  ? sock_recvmsg+0x110/0x110
[  163.528064]  ? selinux_file_permission+0x82/0x460
[  163.532890]  ? rw_verify_area+0xe5/0x2b0
[  163.536925]  aio_read+0x2b0/0x3a0
[  163.540352]  ? aio_write+0x5a0/0x5a0
[  163.544051]  ? lock_downgrade+0x980/0x980
[  163.548180]  ? lock_release+0xda0/0xda0
[  163.552124]  ? refcount_inc_not_zero+0xfe/0x180
[  163.556765]  ? refcount_add+0x60/0x60
[  163.560542]  ? __might_sleep+0x95/0x190
[  163.564493]  do_io_submit+0xf99/0x14f0
[  163.568349]  ? do_io_submit+0xf99/0x14f0
[  163.572404]  ? aio_read+0x3a0/0x3a0
[  163.576005]  ? mm_fault_error+0x2c0/0x2c0
[  163.580128]  ? __fd_install+0x288/0x740
[  163.584070]  ? anon_inode_getfile+0x349/0x490
[  163.588542]  ? do_page_fault+0xee/0x720
[  163.592487]  ? __init_waitqueue_head+0x97/0x140
[  163.597128]  ? __do_page_fault+0xc90/0xc90
[  163.601351]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  163.606343]  SyS_io_submit+0x27/0x30
[  163.610038]  ? SyS_io_submit+0x27/0x30
[  163.613899]  entry_SYSCALL_64_fastpath+0x1f/0x96
[  163.618623] RIP: 0033:0x441ee9
[  163.621784] RSP: 002b:00007ffefe5c6aa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  163.629464] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441ee9
[  163.636704] RDX: 0000000020738000 RSI: 0000000000000002 RDI: 00007f5ce9f27000
[  163.643954] RBP: 0000000000000298 R08: 0000000000000298 R09: 0000000000000298
[  163.651193] R10: 0000000000000298 R11: 0000000000000246 R12: 0000000000000000
[  163.658433] R13: 0000000000027dce R14: 0000000000000000 R15: 0000000000000000
[  163.665691] 
[  163.667287] The buggy address belongs to the page:
[  163.672187] page:0000000092f8d210 count:0 mapcount:-127 mapping:          (null) index:0x0
[  163.680561] flags: 0x2fffc0000000000()
[  163.684422] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffff80
[  163.692280] raw: ffff88021fffae20 ffffea0004010020 000000000000000a 0000000000000000
[  163.700127] page dumped because: kasan: bad access detected
[  163.705805] 
[  163.707401] Memory state around the buggy address:
[  163.712308] BUG: unable to handle kernel paging request at ffffed001fffffe0
[  163.719377] IP: memcpy_erms+0x6/0x10
[  163.723061] PGD 21ffd6067 P4D 21ffd6067 PUD 21ffd5067 PMD 0 
[  163.728827] Oops: 0000 [#1] SMP KASAN
[  163.732595] Dumping ftrace buffer:
[  163.736096]    (ftrace buffer empty)
[  163.739769] Modules linked in:
[  163.742930] CPU: 1 PID: 3820 Comm: syzkaller656319 Not tainted 4.15.0-rc3+ #218
[  163.750339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  163.759659] RIP: 0010:memcpy_erms+0x6/0x10
[  163.763855] RSP: 0018:ffff8801bff0f3e8 EFLAGS: 00010092
[  163.769183] RAX: ffff8801bff0f3f4 RBX: ffffed001fffffe0 RCX: 0000000000000010
[  163.776421] RDX: 0000000000000010 RSI: ffffed001fffffe0 RDI: ffff8801bff0f3f4
[  163.783658] RBP: ffff8801bff0f440 R08: ffffed0037fe1e83 R09: ffffed0037fe1e83
[  163.790895] R10: dffffc0000000000 R11: ffffed0037fe1e82 R12: 00000000fffffffe
[  163.798128] R13: ffff8800ffffff00 R14: ffffed0020000000 R15: 0000000000000014
[  163.805364] FS:  0000000002029940(0000) GS:ffff8801db500000(0000) knlGS:0000000000000000
[  163.813553] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  163.819397] CR2: ffffed001fffffe0 CR3: 00000001c0bee000 CR4: 00000000001406e0
[  163.826635] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  163.833869] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  163.841114] Call Trace:
[  163.843672]  ? print_shadow_for_address+0xa8/0x170
[  163.848566]  ? dump_page+0x1d/0x30
[  163.852077]  ? crypto_chacha20_crypt+0xaf1/0xbd0
[  163.856796]  kasan_report+0x26f/0x340
[  163.860564]  __asan_report_load4_noabort+0x14/0x20
[  163.865457]  crypto_chacha20_crypt+0xaf1/0xbd0
[  163.870008]  ? crypto_chacha20_setkey+0xc0/0xc0
[  163.874656]  ? __kmalloc+0x162/0x760
[  163.878335]  ? sock_kmalloc+0x112/0x190
[  163.882274]  ? skcipher_recvmsg+0x3f8/0xf20
[  163.886561]  ? sock_recvmsg+0xc9/0x110
[  163.890411]  ? sock_read_iter+0x361/0x560
[  163.894537]  ? aio_read+0x2b0/0x3a0
[  163.898133]  ? do_io_submit+0xf99/0x14f0
[  163.902161]  ? SyS_io_submit+0x27/0x30
[  163.906020]  ? entry_SYSCALL_64_fastpath+0x1f/0x96
[  163.910923]  ? lock_downgrade+0x980/0x980
[  163.915056]  ? check_noncircular+0x20/0x20
[  163.919265]  ? af_alg_pull_tsgl+0x8c2/0xc20
[  163.923555]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  163.928539]  chacha20_simd+0xe4/0x410
[  163.932306]  ? chacha20_simd+0xe4/0x410
[  163.936246]  ? af_alg_get_rsgl+0x990/0x990
[  163.940448]  ? chacha20_dosimd+0x340/0x340
[  163.944655]  ? rcu_read_lock_sched_held+0x108/0x120
[  163.949640]  ? sock_kmalloc+0x112/0x190
[  163.953584]  ? refcount_inc_not_zero+0xfe/0x180
[  163.958217]  ? refcount_add+0x60/0x60
[  163.961984]  ? copy_overflow+0x30/0x30
[  163.965852]  ? lock_sock_nested+0x91/0x110
[  163.970050]  ? trace_hardirqs_on+0xd/0x10
[  163.974165]  skcipher_recvmsg+0x739/0xf20
[  163.978276]  ? skcipher_recvmsg+0x739/0xf20
[  163.982573]  ? skcipher_release+0x50/0x50
[  163.986688]  ? selinux_socket_recvmsg+0x36/0x40
[  163.991321]  ? security_socket_recvmsg+0x91/0xc0
[  163.996041]  ? skcipher_release+0x50/0x50
[  164.000154]  sock_recvmsg+0xc9/0x110
[  164.003835]  sock_read_iter+0x361/0x560
[  164.007777]  ? sock_recvmsg+0x110/0x110
[  164.011717]  ? selinux_file_permission+0x82/0x460
[  164.016533]  ? rw_verify_area+0xe5/0x2b0
[  164.020559]  aio_read+0x2b0/0x3a0
[  164.023981]  ? aio_write+0x5a0/0x5a0
[  164.027660]  ? lock_downgrade+0x980/0x980
[  164.031774]  ? lock_release+0xda0/0xda0
[  164.035714]  ? refcount_inc_not_zero+0xfe/0x180
[  164.040346]  ? refcount_add+0x60/0x60
[  164.044116]  ? __might_sleep+0x95/0x190
[  164.048057]  do_io_submit+0xf99/0x14f0
[  164.051909]  ? do_io_submit+0xf99/0x14f0
[  164.055939]  ? aio_read+0x3a0/0x3a0
[  164.059531]  ? mm_fault_error+0x2c0/0x2c0
[  164.063644]  ? __fd_install+0x288/0x740
[  164.067583]  ? anon_inode_getfile+0x349/0x490
[  164.072044]  ? do_page_fault+0xee/0x720
[  164.075981]  ? __init_waitqueue_head+0x97/0x140
[  164.080620]  ? __do_page_fault+0xc90/0xc90
[  164.084829]  ? trace_hardirqs_on_caller+0x421/0x5c0
[  164.089814]  SyS_io_submit+0x27/0x30
[  164.094099]  ? SyS_io_submit+0x27/0x30
[  164.097952]  entry_SYSCALL_64_fastpath+0x1f/0x96
[  164.102671] RIP: 0033:0x441ee9
[  164.105824] RSP: 002b:00007ffefe5c6aa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  164.113498] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441ee9
[  164.120733] RDX: 0000000020738000 RSI: 0000000000000002 RDI: 00007f5ce9f27000
[  164.127967] RBP: 0000000000000298 R08: 0000000000000298 R09: 0000000000000298
[  164.135201] R10: 0000000000000298 R11: 0000000000000246 R12: 0000000000000000
[  164.142433] R13: 0000000000027dce R14: 0000000000000000 R15: 0000000000000000
[  164.149677] Code: 90 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 
[  164.168745] RIP: memcpy_erms+0x6/0x10 RSP: ffff8801bff0f3e8
[  164.174416] CR2: ffffed001fffffe0
[  164.177840] ---[ end trace 82e859774a266299 ]---
[  164.182558] Kernel panic - not syncing: Fatal exception
[  164.187927] Dumping ftrace buffer:
[  164.191435]    (ftrace buffer empty)
[  164.195119] Kernel Offset: disabled
[  164.198710] Rebooting in 86400 seconds..