[....] Starting enhanced syslogd: rsyslogd[   12.488763] audit: type=1400 audit(1515303198.433:5): avc:  denied  { syslog } for  pid=3340 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.578134] audit: type=1400 audit(1515303203.522:6): avc:  denied  { map } for  pid=3479 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts.
executing program
[   23.786675] audit: type=1400 audit(1515303209.731:7): avc:  denied  { map } for  pid=3492 comm="syzkaller170253" path="/root/syzkaller170253207" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   23.794847] ==================================================================
[   23.794873] BUG: KASAN: slab-out-of-bounds in xfrm_hash_rebuild+0xdbe/0xf00
[   23.794879] Read of size 2 at addr ffff8801c03ee5a4 by task kworker/0:1/24
[   23.794881] 
[   23.794889] CPU: 0 PID: 24 Comm: kworker/0:1 Not tainted 4.15.0-rc5+ #177
[   23.794893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.794903] Workqueue: events xfrm_hash_rebuild
[   23.794908] Call Trace:
[   23.794921]  dump_stack+0x194/0x257
[   23.794934]  ? arch_local_irq_restore+0x53/0x53
[   23.794945]  ? show_regs_print_info+0x18/0x18
[   23.794959]  ? lock_release+0xa40/0xa40
[   23.794968]  ? debug_object_deactivate+0x364/0x560
[   23.794977]  ? xfrm_hash_rebuild+0xdbe/0xf00
[   23.794990]  print_address_description+0x73/0x250
[   23.794999]  ? xfrm_hash_rebuild+0xdbe/0xf00
[   23.795012]  kasan_report+0x25b/0x340
[   23.795027]  __asan_report_load2_noabort+0x14/0x20
[   23.795035]  xfrm_hash_rebuild+0xdbe/0xf00
[   23.795048]  ? lock_acquire+0x160/0x580
[   23.795061]  ? xfrm_policy_bysel_ctx+0x530/0x530
[   23.795081]  ? __lock_is_held+0xb6/0x140
[   23.795111]  process_one_work+0xbbf/0x1b10
[   23.795118]  ? trace_hardirqs_on+0xd/0x10
[   23.795142]  ? pwq_dec_nr_in_flight+0x450/0x450
[   23.795166]  ? __schedule+0x8f3/0x2060
[   23.795172]  ? update_curr+0x2e3/0xa60
[   23.795194]  ? check_noncircular+0x20/0x20
[   23.795203]  ? __lock_is_held+0xb6/0x140
[   23.795252]  ? lock_acquire+0x1d5/0x580
[   23.795259]  ? lock_acquire+0x1d5/0x580
[   23.795266]  ? worker_thread+0x4a3/0x1990
[   23.795276]  ? lock_downgrade+0x980/0x980
[   23.795289]  ? lock_release+0xa40/0xa40
[   23.795298]  ? check_noncircular+0x20/0x20
[   23.795310]  ? do_raw_spin_trylock+0x190/0x190
[   23.795338]  worker_thread+0x223/0x1990
[   23.795376]  ? process_one_work+0x1b10/0x1b10
[   23.795389]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.795400]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.795409]  ? trace_hardirqs_on+0xd/0x10
[   23.795416]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.795424]  ? finish_task_switch+0x1d3/0x740
[   23.795430]  ? finish_task_switch+0x1aa/0x740
[   23.795444]  ? copy_overflow+0x20/0x20
[   23.795468]  ? __schedule+0x8f3/0x2060
[   23.795511]  ? find_held_lock+0x35/0x1d0
[   23.795530]  ? find_held_lock+0x35/0x1d0
[   23.795550]  ? complete+0x62/0x80
[   23.795570]  ? __schedule+0x2060/0x2060
[   23.795577]  ? do_wait_intr_irq+0x3e0/0x3e0
[   23.795584]  ? __lockdep_init_map+0xe4/0x650
[   23.795594]  ? do_raw_spin_trylock+0x190/0x190
[   23.795602]  ? lockdep_init_map+0x9/0x10
[   23.795609]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   23.795620]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.795630]  ? trace_hardirqs_on+0xd/0x10
[   23.795638]  ? __kthread_parkme+0x175/0x240
[   23.795651]  kthread+0x33c/0x400
[   23.795658]  ? process_one_work+0x1b10/0x1b10
[   23.795664]  ? kthread_stop+0x7a0/0x7a0
[   23.795675]  ret_from_fork+0x24/0x30
[   23.795703] 
[   23.795706] Allocated by task 3492:
[   23.795713]  save_stack+0x43/0xd0
[   23.795718]  kasan_kmalloc+0xad/0xe0
[   23.795723]  __kmalloc+0x162/0x760
[   23.795732]  sk_prot_alloc+0x101/0x2a0
[   23.795739]  sk_alloc+0x105/0x1440
[   23.795746]  pfkey_create+0x2b2/0xae0
[   23.795752]  __sock_create+0x4d4/0x850
[   23.795757]  SyS_socket+0xeb/0x1d0
[   23.795762]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   23.795764] 
[   23.795767] Freed by task 0:
[   23.795769] (stack is not available)
[   23.795770] 
[   23.795775] The buggy address belongs to the object at ffff8801c03ee080
[   23.795775]  which belongs to the cache kmalloc-2048 of size 2048
[   23.795781] The buggy address is located 1316 bytes inside of
[   23.795781]  2048-byte region [ffff8801c03ee080, ffff8801c03ee880)
[   23.795783] The buggy address belongs to the page:
[   23.795790] page:00000000e40da596 count:1 mapcount:0 mapping:00000000f0caf987 index:0x0 compound_mapcount: 0
[   23.795800] flags: 0x2fffc0000008100(slab|head)
[   23.795809] raw: 02fffc0000008100 ffff8801c03ee080 0000000000000000 0000000100000003
[   23.795816] raw: ffffea000700b2a0 ffffea0006ff16a0 ffff8801dac00c40 0000000000000000
[   23.795819] page dumped because: kasan: bad access detected
[   23.795821] 
[   23.795823] Memory state around the buggy address:
[   23.795828]  ffff8801c03ee480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.795833]  ffff8801c03ee500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.795838] >ffff8801c03ee580: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.795841]                                ^
[   23.795845]  ffff8801c03ee600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.795850]  ffff8801c03ee680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.795853] ==================================================================
[   23.795855] Disabling lock debugging due to kernel taint
[   23.795875] Kernel panic - not syncing: panic_on_warn set ...
[   23.795875] 
[   23.795881] CPU: 0 PID: 24 Comm: kworker/0:1 Tainted: G    B            4.15.0-rc5+ #177
[   23.795884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.795891] Workqueue: events xfrm_hash_rebuild
[   23.795894] Call Trace:
[   23.795901]  dump_stack+0x194/0x257
[   23.795911]  ? arch_local_irq_restore+0x53/0x53
[   23.795921]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   23.795930]  ? vsnprintf+0x1ed/0x1900
[   23.795938]  ? xfrm_hash_rebuild+0xd80/0xf00
[   23.795947]  panic+0x1e4/0x41c
[   23.795953]  ? refcount_error_report+0x214/0x214
[   23.795962]  ? add_taint+0x1c/0x50
[   23.795968]  ? add_taint+0x1c/0x50
[   23.795976]  ? xfrm_hash_rebuild+0xdbe/0xf00
[   23.795983]  kasan_end_report+0x50/0x50
[   23.795989]  kasan_report+0x144/0x340
[   23.795999]  __asan_report_load2_noabort+0x14/0x20
[   23.796009]  xfrm_hash_rebuild+0xdbe/0xf00
[   23.796018]  ? lock_acquire+0x160/0x580
[   23.796028]  ? xfrm_policy_bysel_ctx+0x530/0x530
[   23.796040]  ? __lock_is_held+0xb6/0x140
[   23.796057]  process_one_work+0xbbf/0x1b10
[   23.796063]  ? trace_hardirqs_on+0xd/0x10
[   23.796077]  ? pwq_dec_nr_in_flight+0x450/0x450
[   23.796090]  ? __schedule+0x8f3/0x2060
[   23.796095]  ? update_curr+0x2e3/0xa60
[   23.796108]  ? check_noncircular+0x20/0x20
[   23.796115]  ? __lock_is_held+0xb6/0x140
[   23.796142]  ? lock_acquire+0x1d5/0x580
[   23.796148]  ? lock_acquire+0x1d5/0x580
[   23.796154]  ? worker_thread+0x4a3/0x1990
[   23.796161]  ? lock_downgrade+0x980/0x980
[   23.796170]  ? lock_release+0xa40/0xa40
[   23.796177]  ? check_noncircular+0x20/0x20
[   23.796185]  ? do_raw_spin_trylock+0x190/0x190
[   23.796202]  worker_thread+0x223/0x1990
[   23.796223]  ? process_one_work+0x1b10/0x1b10
[   23.796232]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.796240]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.796247]  ? trace_hardirqs_on+0xd/0x10
[   23.796252]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.796259]  ? finish_task_switch+0x1d3/0x740
[   23.796263]  ? finish_task_switch+0x1aa/0x740
[   23.796273]  ? copy_overflow+0x20/0x20
[   23.796287]  ? __schedule+0x8f3/0x2060
[   23.796309]  ? find_held_lock+0x35/0x1d0
[   23.796321]  ? find_held_lock+0x35/0x1d0
[   23.796333]  ? complete+0x62/0x80
[   23.796345]  ? __schedule+0x2060/0x2060
[   23.796351]  ? do_wait_intr_irq+0x3e0/0x3e0
[   23.796357]  ? __lockdep_init_map+0xe4/0x650
[   23.796365]  ? do_raw_spin_trylock+0x190/0x190
[   23.796371]  ? lockdep_init_map+0x9/0x10
[   23.796377]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   23.796385]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.796392]  ? trace_hardirqs_on+0xd/0x10
[   23.796398]  ? __kthread_parkme+0x175/0x240
[   23.796407]  kthread+0x33c/0x400
[   23.796413]  ? process_one_work+0x1b10/0x1b10
[   23.796418]  ? kthread_stop+0x7a0/0x7a0
[   23.796426]  ret_from_fork+0x24/0x30
[   23.812959] Dumping ftrace buffer:
[   23.812963]    (ftrace buffer empty)
[   23.812966] Kernel Offset: disabled
[   24.544692] Rebooting in 86400 seconds..