[....] Starting enhanced syslogd: rsyslogd[   16.474420] audit: type=1400 audit(1517389079.912:5): avc:  denied  { syslog } for  pid=4008 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.669151] audit: type=1400 audit(1517389082.106:6): avc:  denied  { map } for  pid=4145 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.215' (ECDSA) to the list of known hosts.
executing program
[   27.681594] audit: type=1400 audit(1517389091.119:7): avc:  denied  { map } for  pid=4160 comm="syzkaller766320" path="/root/syzkaller766320593" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   27.685583] ==================================================================
[   27.685603] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x30de/0x3210
[   27.685608] Read of size 4 at addr ffff8801b33afad8 by task syzkaller766320/4160
[   27.685610] 
[   27.685617] CPU: 0 PID: 4160 Comm: syzkaller766320 Not tainted 4.15.0-rc9+ #217
[   27.685621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.685624] Call Trace:
[   27.685634]  dump_stack+0x194/0x257
[   27.685647]  ? arch_local_irq_restore+0x53/0x53
[   27.685656]  ? show_regs_print_info+0x18/0x18
[   27.685669]  ? lock_release+0xa40/0xa40
[   27.685679]  ? xfrm_state_find+0x30de/0x3210
[   27.685691]  print_address_description+0x73/0x250
[   27.685701]  ? xfrm_state_find+0x30de/0x3210
[   27.685710]  kasan_report+0x25b/0x340
[   27.685726]  __asan_report_load4_noabort+0x14/0x20
[   27.685733]  xfrm_state_find+0x30de/0x3210
[   27.685744]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.685780]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   27.685790]  ? print_irqtrace_events+0x270/0x270
[   27.685800]  ? __lock_acquire+0x664/0x3e00
[   27.685810]  ? print_irqtrace_events+0x270/0x270
[   27.685821]  ? check_usage_forwards+0x410/0x410
[   27.685838]  ? check_noncircular+0x20/0x20
[   27.685848]  ? find_held_lock+0x35/0x1d0
[   27.685871]  ? check_noncircular+0x20/0x20
[   27.685902]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.685912]  ? is_bpf_text_address+0x7b/0x120
[   27.685929]  ? print_irqtrace_events+0x270/0x270
[   27.685947]  ? depot_save_stack+0x3b5/0x490
[   27.685957]  ? lock_downgrade+0x980/0x980
[   27.685984]  xfrm_tmpl_resolve+0x2ee/0xc40
[   27.686023]  ? __xfrm_decode_session+0x110/0x110
[   27.686034]  ? save_stack+0xa3/0xd0
[   27.686043]  ? save_stack+0x43/0xd0
[   27.686056]  ? find_held_lock+0x35/0x1d0
[   27.686077]  ? rt_add_uncached_list+0x1b7/0x240
[   27.686092]  xfrm_resolve_and_create_bundle+0x184/0x28d0
[   27.686100]  ? lock_release+0xa40/0xa40
[   27.686118]  ? __local_bh_enable_ip+0x121/0x230
[   27.686127]  ? check_noncircular+0x20/0x20
[   27.686134]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   27.686144]  ? trace_hardirqs_on+0xd/0x10
[   27.686158]  ? _raw_spin_unlock_bh+0x30/0x40
[   27.686167]  ? xfrm_tmpl_resolve+0xc40/0xc40
[   27.686176]  ? ip_rt_bug+0x20/0x20
[   27.686195]  ? find_held_lock+0x35/0x1d0
[   27.686215]  ? xfrm_sk_policy_lookup+0x34c/0x4e0
[   27.686225]  ? lock_downgrade+0x980/0x980
[   27.686238]  ? lock_release+0xa40/0xa40
[   27.686252]  ? refcount_inc_not_zero+0xfe/0x180
[   27.686266]  ? selinux_xfrm_policy_lookup+0xac/0xd0
[   27.686279]  ? security_xfrm_policy_lookup+0x92/0xc0
[   27.686294]  ? xfrm_sk_policy_lookup+0x375/0x4e0
[   27.686312]  ? xfrm_selector_match+0xe00/0xe00
[   27.686335]  xfrm_lookup+0xfcb/0x25c0
[   27.686346]  ? xfrm_lookup+0xfcb/0x25c0
[   27.686357]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.686375]  ? xfrm_policy_lookup+0x70/0x70
[   27.686397]  ? find_held_lock+0x35/0x1d0
[   27.686417]  ? ip_route_output_key_hash+0x229/0x370
[   27.686427]  ? lock_downgrade+0x980/0x980
[   27.686440]  ? lock_release+0xa40/0xa40
[   27.686455]  ? find_held_lock+0x35/0x1d0
[   27.686480]  ? ip_route_output_key_hash+0x252/0x370
[   27.686492]  ? ip_route_output_key_hash_rcu+0x2f00/0x2f00
[   27.686497]  ? lock_release+0xa40/0xa40
[   27.686517]  xfrm_lookup_route+0x39/0x1a0
[   27.686531]  ip_route_output_flow+0x7c/0xa0
[   27.686544]  raw_sendmsg+0xcca/0x26b0
[   27.686553]  ? lock_release+0x99d/0xa40
[   27.686589]  ? raw_send_hdrinc.isra.17+0x1880/0x1880
[   27.686605]  ? avc_has_perm+0x43e/0x680
[   27.686620]  ? avc_has_perm_noaudit+0x520/0x520
[   27.686628]  ? find_held_lock+0x35/0x1d0
[   27.686639]  ? check_noncircular+0x20/0x20
[   27.686670]  ? find_held_lock+0x35/0x1d0
[   27.686693]  ? sock_has_perm+0x2a4/0x420
[   27.686706]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   27.686714]  ? lock_release+0x972/0xa40
[   27.686722]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   27.686732]  ? __check_object_size+0x25d/0x4f0
[   27.686739]  ? find_held_lock+0x35/0x1d0
[   27.686754]  inet_sendmsg+0x11f/0x5e0
[   27.686760]  ? __might_sleep+0x95/0x190
[   27.686769]  ? inet_create+0xf50/0xf50
[   27.686781]  ? selinux_socket_sendmsg+0x36/0x40
[   27.686789]  ? security_socket_sendmsg+0x89/0xb0
[   27.686797]  ? inet_create+0xf50/0xf50
[   27.686810]  sock_sendmsg+0xca/0x110
[   27.686822]  SYSC_sendto+0x361/0x5c0
[   27.686837]  ? SYSC_connect+0x4a0/0x4a0
[   27.686845]  ? up_read+0x1a/0x40
[   27.686855]  ? __do_page_fault+0x3d6/0xc90
[   27.686901]  ? __do_page_fault+0xc90/0xc90
[   27.686916]  ? SyS_setsockopt+0x215/0x360
[   27.686931]  ? SyS_recv+0x40/0x40
[   27.686941]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
[   27.686960]  SyS_sendto+0x40/0x50
[   27.686976]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   27.686981] RIP: 0033:0x43ff69
[   27.686985] RSP: 002b:00007ffc88878d38 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   27.686992] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ff69
[   27.686997] RDX: 0000000000000000 RSI: 0000000020098000 RDI: 0000000000000003
[   27.687001] RBP: 00000000006ca018 R08: 0000000020cf9000 R09: 0000000000000010
[   27.687005] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401890
[   27.687009] R13: 0000000000401920 R14: 0000000000000000 R15: 0000000000000000
[   27.687037] 
[   27.687039] The buggy address belongs to the page:
[   27.687045] page:ffffea0006ccebc0 count:0 mapcount:0 mapping:          (null) index:0x0
[   27.687051] flags: 0x2fffc0000000000()
[   27.687060] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   27.687067] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   27.687070] page dumped because: kasan: bad access detected
[   27.687072] 
[   27.687074] Memory state around the buggy address:
[   27.687079]  ffff8801b33af980: f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2
[   27.687084]  ffff8801b33afa00: f2 f2 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 00 00
[   27.687089] >ffff8801b33afa80: f2 f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2 f2 f2
[   27.687093]                                                     ^
[   27.687098]  ffff8801b33afb00: 00 00 00 00 00 00 00 00 00 f2 f2 f2 00 00 00 00
[   27.687102]  ffff8801b33afb80: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2
[   27.687105] ==================================================================
[   27.687107] Disabling lock debugging due to kernel taint
[   27.687126] Kernel panic - not syncing: panic_on_warn set ...
[   27.687126] 
[   27.687132] CPU: 0 PID: 4160 Comm: syzkaller766320 Tainted: G    B            4.15.0-rc9+ #217
[   27.687135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.687137] Call Trace:
[   27.687143]  dump_stack+0x194/0x257
[   27.687152]  ? arch_local_irq_restore+0x53/0x53
[   27.687157]  ? kasan_end_report+0x32/0x50
[   27.687167]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   27.687174]  ? vsnprintf+0x1ed/0x1900
[   27.687182]  ? xfrm_state_find+0x3050/0x3210
[   27.687189]  panic+0x1e4/0x41c
[   27.687196]  ? refcount_error_report+0x214/0x214
[   27.687206]  ? add_taint+0x1c/0x50
[   27.687212]  ? add_taint+0x1c/0x50
[   27.687221]  ? xfrm_state_find+0x30de/0x3210
[   27.687228]  kasan_end_report+0x50/0x50
[   27.687235]  kasan_report+0x144/0x340
[   27.687245]  __asan_report_load4_noabort+0x14/0x20
[   27.687252]  xfrm_state_find+0x30de/0x3210
[   27.687260]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.687280]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   27.687288]  ? print_irqtrace_events+0x270/0x270
[   27.687295]  ? __lock_acquire+0x664/0x3e00
[   27.687303]  ? print_irqtrace_events+0x270/0x270
[   27.687311]  ? check_usage_forwards+0x410/0x410
[   27.687322]  ? check_noncircular+0x20/0x20
[   27.687329]  ? find_held_lock+0x35/0x1d0
[   27.687347]  ? check_noncircular+0x20/0x20
[   27.687365]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.687373]  ? is_bpf_text_address+0x7b/0x120
[   27.687384]  ? print_irqtrace_events+0x270/0x270
[   27.687395]  ? depot_save_stack+0x3b5/0x490
[   27.687402]  ? lock_downgrade+0x980/0x980
[   27.687418]  xfrm_tmpl_resolve+0x2ee/0xc40
[   27.687437]  ? __xfrm_decode_session+0x110/0x110
[   27.687445]  ? save_stack+0xa3/0xd0
[   27.687452]  ? save_stack+0x43/0xd0
[   27.687461]  ? find_held_lock+0x35/0x1d0
[   27.687473]  ? rt_add_uncached_list+0x1b7/0x240
[   27.687483]  xfrm_resolve_and_create_bundle+0x184/0x28d0
[   27.687490]  ? lock_release+0xa40/0xa40
[   27.687500]  ? __local_bh_enable_ip+0x121/0x230
[   27.687507]  ? check_noncircular+0x20/0x20
[   27.687514]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   27.687521]  ? trace_hardirqs_on+0xd/0x10
[   27.687530]  ? _raw_spin_unlock_bh+0x30/0x40
[   27.687537]  ? xfrm_tmpl_resolve+0xc40/0xc40
[   27.687543]  ? ip_rt_bug+0x20/0x20
[   27.687555]  ? find_held_lock+0x35/0x1d0
[   27.687568]  ? xfrm_sk_policy_lookup+0x34c/0x4e0
[   27.687575]  ? lock_downgrade+0x980/0x980
[   27.687584]  ? lock_release+0xa40/0xa40
[   27.687592]  ? refcount_inc_not_zero+0xfe/0x180
[   27.687601]  ? selinux_xfrm_policy_lookup+0xac/0xd0
[   27.687609]  ? security_xfrm_policy_lookup+0x92/0xc0
[   27.687620]  ? xfrm_sk_policy_lookup+0x375/0x4e0
[   27.687631]  ? xfrm_selector_match+0xe00/0xe00
[   27.687644]  xfrm_lookup+0xfcb/0x25c0
[   27.687650]  ? xfrm_lookup+0xfcb/0x25c0
[   27.687658]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   27.687670]  ? xfrm_policy_lookup+0x70/0x70
[   27.687683]  ? find_held_lock+0x35/0x1d0
[   27.687695]  ? ip_route_output_key_hash+0x229/0x370
[   27.687702]  ? lock_downgrade+0x980/0x980
[   27.687711]  ? lock_release+0xa40/0xa40
[   27.687721]  ? find_held_lock+0x35/0x1d0
[   27.687736]  ? ip_route_output_key_hash+0x252/0x370
[   27.687744]  ? ip_route_output_key_hash_rcu+0x2f00/0x2f00
[   27.687749]  ? lock_release+0xa40/0xa40
[   27.687761]  xfrm_lookup_route+0x39/0x1a0
[   27.687770]  ip_route_output_flow+0x7c/0xa0
[   27.687778]  raw_sendmsg+0xcca/0x26b0
[   27.687785]  ? lock_release+0x99d/0xa40
[   27.687800]  ? raw_send_hdrinc.isra.17+0x1880/0x1880
[   27.687810]  ? avc_has_perm+0x43e/0x680
[   27.687820]  ? avc_has_perm_noaudit+0x520/0x520
[   27.687826]  ? find_held_lock+0x35/0x1d0
[   27.687834]  ? check_noncircular+0x20/0x20
[   27.687851]  ? find_held_lock+0x35/0x1d0
[   27.687866]  ? sock_has_perm+0x2a4/0x420
[   27.687875]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   27.687881]  ? lock_release+0x972/0xa40
[   27.687888]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   27.687894]  ? __check_object_size+0x25d/0x4f0
[   27.687900]  ? find_held_lock+0x35/0x1d0
[   27.687909]  inet_sendmsg+0x11f/0x5e0
[   27.687914]  ? __might_sleep+0x95/0x190
[   27.687921]  ? inet_create+0xf50/0xf50
[   27.687929]  ? selinux_socket_sendmsg+0x36/0x40
[   27.687936]  ? security_socket_sendmsg+0x89/0xb0
[   27.687942]  ? inet_create+0xf50/0xf50
[   27.687949]  sock_sendmsg+0xca/0x110
[   27.687958]  SYSC_sendto+0x361/0x5c0
[   27.687967]  ? SYSC_connect+0x4a0/0x4a0
[   27.687974]  ? up_read+0x1a/0x40
[   27.687981]  ? __do_page_fault+0x3d6/0xc90
[   27.688010]  ? __do_page_fault+0xc90/0xc90
[   27.688020]  ? SyS_setsockopt+0x215/0x360
[   27.688029]  ? SyS_recv+0x40/0x40
[   27.688037]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
[   27.688049]  SyS_sendto+0x40/0x50
[   27.688059]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   27.688063] RIP: 0033:0x43ff69
[   27.688066] RSP: 002b:00007ffc88878d38 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   27.688072] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ff69
[   27.688076] RDX: 0000000000000000 RSI: 0000000020098000 RDI: 0000000000000003
[   27.688079] RBP: 00000000006ca018 R08: 0000000020cf9000 R09: 0000000000000010
[   27.688083] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401890
[   27.688086] R13: 0000000000401920 R14: 0000000000000000 R15: 0000000000000000
[   27.707913] Dumping ftrace buffer:
[   27.707917]    (ftrace buffer empty)
[   27.707919] Kernel Offset: disabled
[   28.809347] Rebooting in 86400 seconds..