[....] Starting enhanced syslogd: rsyslogd[   11.908166] audit: type=1400 audit(1515303252.531:5): avc:  denied  { syslog } for  pid=3315 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.432547] audit: type=1400 audit(1515303258.055:6): avc:  denied  { map } for  pid=3455 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.221' (ECDSA) to the list of known hosts.
executing program
[   23.654473] audit: type=1400 audit(1515303264.277:7): avc:  denied  { map } for  pid=3469 comm="syzkaller049371" path="/root/syzkaller049371331" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   23.663505] ==================================================================
[   23.663527] BUG: KASAN: slab-out-of-bounds in xfrm_hash_rebuild+0xdbe/0xf00
[   23.663533] Read of size 2 at addr ffff8801c0b61c64 by task kworker/1:1/24
[   23.663535] 
[   23.663543] CPU: 1 PID: 24 Comm: kworker/1:1 Not tainted 4.15.0-rc6+ #250
[   23.663547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.663555] Workqueue: events xfrm_hash_rebuild
[   23.663560] Call Trace:
[   23.663571]  dump_stack+0x194/0x257
[   23.663583]  ? arch_local_irq_restore+0x53/0x53
[   23.663593]  ? show_regs_print_info+0x18/0x18
[   23.663607]  ? lock_release+0xa40/0xa40
[   23.663615]  ? debug_object_deactivate+0x364/0x560
[   23.663623]  ? xfrm_hash_rebuild+0xdbe/0xf00
[   23.663635]  print_address_description+0x73/0x250
[   23.663644]  ? xfrm_hash_rebuild+0xdbe/0xf00
[   23.663653]  kasan_report+0x25b/0x340
[   23.663668]  __asan_report_load2_noabort+0x14/0x20
[   23.663676]  xfrm_hash_rebuild+0xdbe/0xf00
[   23.663689]  ? lock_acquire+0x140/0x580
[   23.663701]  ? xfrm_policy_bysel_ctx+0x530/0x530
[   23.663726]  ? __lock_is_held+0xb6/0x140
[   23.663756]  process_one_work+0xbbf/0x1b10
[   23.663763]  ? trace_hardirqs_on+0xd/0x10
[   23.663787]  ? pwq_dec_nr_in_flight+0x450/0x450
[   23.663809]  ? __schedule+0x8f3/0x2060
[   23.663815]  ? update_curr+0x2e3/0xa60
[   23.663837]  ? check_noncircular+0x20/0x20
[   23.663846]  ? __lock_is_held+0xb6/0x140
[   23.663893]  ? lock_acquire+0x1d5/0x580
[   23.663900]  ? lock_acquire+0x1d5/0x580
[   23.663907]  ? worker_thread+0x4a3/0x1990
[   23.663917]  ? lock_downgrade+0x980/0x980
[   23.663930]  ? lock_release+0xa40/0xa40
[   23.663939]  ? check_noncircular+0x20/0x20
[   23.663950]  ? do_raw_spin_trylock+0x190/0x190
[   23.663978]  worker_thread+0x223/0x1990
[   23.664018]  ? process_one_work+0x1b10/0x1b10
[   23.664032]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.664043]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.664053]  ? trace_hardirqs_on+0xd/0x10
[   23.664060]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.664068]  ? finish_task_switch+0x1d3/0x740
[   23.664074]  ? finish_task_switch+0x1aa/0x740
[   23.664087]  ? copy_overflow+0x20/0x20
[   23.664111]  ? __schedule+0x8f3/0x2060
[   23.664151]  ? find_held_lock+0x35/0x1d0
[   23.664170]  ? find_held_lock+0x35/0x1d0
[   23.664190]  ? complete+0x62/0x80
[   23.664210]  ? __schedule+0x2060/0x2060
[   23.664216]  ? do_wait_intr_irq+0x3e0/0x3e0
[   23.664223]  ? __lockdep_init_map+0xe4/0x650
[   23.664233]  ? do_raw_spin_trylock+0x190/0x190
[   23.664241]  ? lockdep_init_map+0x9/0x10
[   23.664249]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   23.664260]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.664270]  ? trace_hardirqs_on+0xd/0x10
[   23.664278]  ? __kthread_parkme+0x175/0x240
[   23.664291]  kthread+0x33c/0x400
[   23.664298]  ? process_one_work+0x1b10/0x1b10
[   23.664303]  ? kthread_stop+0x7a0/0x7a0
[   23.664316]  ret_from_fork+0x24/0x30
[   23.664343] 
[   23.664346] Allocated by task 3469:
[   23.664352]  save_stack+0x43/0xd0
[   23.664358]  kasan_kmalloc+0xad/0xe0
[   23.664363]  __kmalloc+0x162/0x760
[   23.664369]  sk_prot_alloc+0x101/0x2a0
[   23.664375]  sk_alloc+0x105/0x1410
[   23.664381]  pfkey_create+0x2b2/0xae0
[   23.664387]  __sock_create+0x4d4/0x850
[   23.664392]  SyS_socket+0xeb/0x1d0
[   23.664398]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   23.664400] 
[   23.664402] Freed by task 0:
[   23.664404] (stack is not available)
[   23.664406] 
[   23.664410] The buggy address belongs to the object at ffff8801c0b61740
[   23.664410]  which belongs to the cache kmalloc-2048 of size 2048
[   23.664416] The buggy address is located 1316 bytes inside of
[   23.664416]  2048-byte region [ffff8801c0b61740, ffff8801c0b61f40)
[   23.664418] The buggy address belongs to the page:
[   23.664424] page:ffffea000702d800 count:1 mapcount:0 mapping:ffff8801c0b60640 index:0x0 compound_mapcount: 0
[   23.664432] flags: 0x2fffc0000008100(slab|head)
[   23.664441] raw: 02fffc0000008100 ffff8801c0b60640 0000000000000000 0000000100000003
[   23.664449] raw: ffffea00070123a0 ffff8801dac01948 ffff8801dac00c40 0000000000000000
[   23.664451] page dumped because: kasan: bad access detected
[   23.664453] 
[   23.664455] Memory state around the buggy address:
[   23.664460]  ffff8801c0b61b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.664465]  ffff8801c0b61b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.664470] >ffff8801c0b61c00: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[   23.664473]                                                        ^
[   23.664478]  ffff8801c0b61c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.664482]  ffff8801c0b61d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.664485] ==================================================================
[   23.664487] Disabling lock debugging due to kernel taint
[   23.664502] Kernel panic - not syncing: panic_on_warn set ...
[   23.664502] 
[   23.664508] CPU: 1 PID: 24 Comm: kworker/1:1 Tainted: G    B            4.15.0-rc6+ #250
[   23.664512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.664518] Workqueue: events xfrm_hash_rebuild
[   23.664521] Call Trace:
[   23.664528]  dump_stack+0x194/0x257
[   23.664536]  ? arch_local_irq_restore+0x53/0x53
[   23.664547]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   23.664554]  ? vsnprintf+0x1ed/0x1900
[   23.664561]  ? xfrm_hash_rebuild+0xd00/0xf00
[   23.664569]  panic+0x1e4/0x41c
[   23.664576]  ? refcount_error_report+0x214/0x214
[   23.664585]  ? add_taint+0x1c/0x50
[   23.664592]  ? add_taint+0x1c/0x50
[   23.664600]  ? xfrm_hash_rebuild+0xdbe/0xf00
[   23.664607]  kasan_end_report+0x50/0x50
[   23.664613]  kasan_report+0x144/0x340
[   23.664624]  __asan_report_load2_noabort+0x14/0x20
[   23.664630]  xfrm_hash_rebuild+0xdbe/0xf00
[   23.664639]  ? lock_acquire+0x140/0x580
[   23.664648]  ? xfrm_policy_bysel_ctx+0x530/0x530
[   23.664660]  ? __lock_is_held+0xb6/0x140
[   23.664676]  process_one_work+0xbbf/0x1b10
[   23.664682]  ? trace_hardirqs_on+0xd/0x10
[   23.664697]  ? pwq_dec_nr_in_flight+0x450/0x450
[   23.664709]  ? __schedule+0x8f3/0x2060
[   23.664714]  ? update_curr+0x2e3/0xa60
[   23.664731]  ? check_noncircular+0x20/0x20
[   23.664738]  ? __lock_is_held+0xb6/0x140
[   23.664764]  ? lock_acquire+0x1d5/0x580
[   23.664769]  ? lock_acquire+0x1d5/0x580
[   23.664776]  ? worker_thread+0x4a3/0x1990
[   23.664783]  ? lock_downgrade+0x980/0x980
[   23.664792]  ? lock_release+0xa40/0xa40
[   23.664799]  ? check_noncircular+0x20/0x20
[   23.664807]  ? do_raw_spin_trylock+0x190/0x190
[   23.664823]  worker_thread+0x223/0x1990
[   23.664844]  ? process_one_work+0x1b10/0x1b10
[   23.664853]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.664861]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.664868]  ? trace_hardirqs_on+0xd/0x10
[   23.664875]  ? _raw_spin_unlock_irq+0x27/0x70
[   23.664881]  ? finish_task_switch+0x1d3/0x740
[   23.664886]  ? finish_task_switch+0x1aa/0x740
[   23.664894]  ? copy_overflow+0x20/0x20
[   23.664908]  ? __schedule+0x8f3/0x2060
[   23.664930]  ? find_held_lock+0x35/0x1d0
[   23.664942]  ? find_held_lock+0x35/0x1d0
[   23.664954]  ? complete+0x62/0x80
[   23.664966]  ? __schedule+0x2060/0x2060
[   23.664971]  ? do_wait_intr_irq+0x3e0/0x3e0
[   23.664977]  ? __lockdep_init_map+0xe4/0x650
[   23.664985]  ? do_raw_spin_trylock+0x190/0x190
[   23.664991]  ? lockdep_init_map+0x9/0x10
[   23.664998]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   23.665008]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.665015]  ? trace_hardirqs_on+0xd/0x10
[   23.665022]  ? __kthread_parkme+0x175/0x240
[   23.665030]  kthread+0x33c/0x400
[   23.665037]  ? process_one_work+0x1b10/0x1b10
[   23.665042]  ? kthread_stop+0x7a0/0x7a0
[   23.665050]  ret_from_fork+0x24/0x30
[   23.680773] Dumping ftrace buffer:
[   23.680778]    (ftrace buffer empty)
[   23.680780] Kernel Offset: disabled
[   24.410718] Rebooting in 86400 seconds..