[....] Starting enhanced syslogd: rsyslogd[   11.319488] audit: type=1400 audit(1514131057.822:5): avc:  denied  { syslog } for  pid=2993 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   17.010072] audit: type=1400 audit(1514131063.512:6): avc:  denied  { map } for  pid=3132 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-net-kasan-gce-5,10.128.15.211' (ECDSA) to the list of known hosts.
executing program
[   23.279943] audit: type=1400 audit(1514131069.782:7): avc:  denied  { map } for  pid=3146 comm="syzkaller494321" path="/root/syzkaller494321498" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   23.284522] ==================================================================
[   23.284541] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x30de/0x3210
[   23.284547] Read of size 4 at addr ffff8801c99d7740 by task syzkaller494321/3146
[   23.284549] 
[   23.284557] CPU: 0 PID: 3146 Comm: syzkaller494321 Not tainted 4.15.0-rc4+ #164
[   23.284561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.284564] Call Trace:
[   23.284574]  dump_stack+0x194/0x257
[   23.284588]  ? arch_local_irq_restore+0x53/0x53
[   23.284597]  ? show_regs_print_info+0x18/0x18
[   23.284610]  ? lock_release+0xa40/0xa40
[   23.284619]  ? xfrm_state_find+0x30de/0x3210
[   23.284631]  print_address_description+0x73/0x250
[   23.284640]  ? xfrm_state_find+0x30de/0x3210
[   23.284649]  kasan_report+0x25b/0x340
[   23.284663]  __asan_report_load4_noabort+0x14/0x20
[   23.284670]  xfrm_state_find+0x30de/0x3210
[   23.284676]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   23.284720]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   23.284732]  ? __isolate_free_page+0x8a0/0x8a0
[   23.284739]  ? __isolate_free_page+0x8a0/0x8a0
[   23.284751]  ? print_irqtrace_events+0x270/0x270
[   23.284769]  ? check_noncircular+0x20/0x20
[   23.284780]  ? find_held_lock+0x35/0x1d0
[   23.284836]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   23.284851]  ? print_irqtrace_events+0x270/0x270
[   23.284875]  ? depot_save_stack+0x3b5/0x490
[   23.284884]  ? lock_downgrade+0x980/0x980
[   23.284897]  ? lock_release+0xa40/0xa40
[   23.284920]  xfrm_tmpl_resolve+0x30e/0xc10
[   23.284955]  ? __xfrm_decode_session+0x110/0x110
[   23.284965]  ? save_stack+0xa3/0xd0
[   23.284974]  ? save_stack+0x43/0xd0
[   23.284979]  ? kasan_kmalloc+0xad/0xe0
[   23.284985]  ? kasan_slab_alloc+0x12/0x20
[   23.284990]  ? kmem_cache_alloc+0x12e/0x760
[   23.285006]  ? find_held_lock+0x35/0x1d0
[   23.285037]  xfrm_resolve_and_create_bundle+0x134/0x2760
[   23.285054]  ? kmem_cache_alloc+0x4e9/0x760
[   23.285064]  ? check_noncircular+0x20/0x20
[   23.285078]  ? rt_add_uncached_list+0x1b7/0x240
[   23.285088]  ? __local_bh_enable_ip+0x121/0x230
[   23.285100]  ? xfrm_tmpl_resolve+0xc10/0xc10
[   23.285108]  ? rt_add_uncached_list+0x1b7/0x240
[   23.285119]  ? ip_rt_bug+0x20/0x20
[   23.285136]  ? find_held_lock+0x35/0x1d0
[   23.285156]  ? xfrm_sk_policy_lookup+0x30b/0x490
[   23.285166]  ? lock_downgrade+0x980/0x980
[   23.285179]  ? lock_release+0xa40/0xa40
[   23.285191]  ? refcount_inc_not_zero+0xfe/0x180
[   23.285208]  ? selinux_xfrm_policy_lookup+0xac/0xd0
[   23.285224]  ? security_xfrm_policy_lookup+0x92/0xc0
[   23.285239]  ? xfrm_sk_policy_lookup+0x334/0x490
[   23.285256]  ? xfrm_selector_match+0xe00/0xe00
[   23.285280]  xfrm_lookup+0x156b/0x23e0
[   23.285286]  ? xfrm_lookup+0x156b/0x23e0
[   23.285299]  ? print_irqtrace_events+0x270/0x270
[   23.285320]  ? xfrm_policy_lookup_bytype.constprop.48+0x960/0x960
[   23.285341]  ? find_held_lock+0x35/0x1d0
[   23.285365]  ? ip_route_output_key_hash+0x229/0x370
[   23.285377]  ? lock_downgrade+0x980/0x980
[   23.285386]  ? __lru_cache_add+0x2a4/0x410
[   23.285404]  ? lock_release+0xa40/0xa40
[   23.285422]  ? find_held_lock+0x35/0x1d0
[   23.285453]  ? ip_route_output_key_hash+0x252/0x370
[   23.285464]  ? ip_route_output_key_hash_rcu+0x2c10/0x2c10
[   23.285472]  ? lock_release+0xa40/0xa40
[   23.285491]  xfrm_lookup_route+0x39/0x1a0
[   23.285511]  ip_route_output_flow+0x7c/0xa0
[   23.285528]  udp_sendmsg+0x19d3/0x2ce0
[   23.285545]  ? ip_reply_glue_bits+0xb0/0xb0
[   23.285577]  ? udp_lib_get_port+0x1b30/0x1b30
[   23.285586]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   23.285599]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   23.285637]  ? lock_downgrade+0x980/0x980
[   23.285656]  ? mark_held_locks+0xaf/0x100
[   23.285661]  ? refcount_inc_not_zero+0xfe/0x180
[   23.285670]  ? __local_bh_enable_ip+0x121/0x230
[   23.285681]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.285688]  ? udp_lib_get_port+0x785/0x1b30
[   23.285697]  ? trace_hardirqs_on+0xd/0x10
[   23.285705]  ? check_noncircular+0x20/0x20
[   23.285726]  udpv6_sendmsg+0x762/0x33a0
[   23.285738]  ? check_noncircular+0x20/0x20
[   23.285763]  ? udpv6_setsockopt+0x80/0x80
[   23.285776]  ? reacquire_held_locks+0x1f9/0x3e0
[   23.285783]  ? reacquire_held_locks+0x1f9/0x3e0
[   23.285797]  ? find_held_lock+0x35/0x1d0
[   23.285818]  ? release_sock+0x1d4/0x2a0
[   23.285827]  ? lock_downgrade+0x980/0x980
[   23.285836]  ? lock_downgrade+0x980/0x980
[   23.285856]  ? __local_bh_enable_ip+0x121/0x230
[   23.285867]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.285875]  ? release_sock+0x1d4/0x2a0
[   23.285882]  ? trace_hardirqs_on+0xd/0x10
[   23.285891]  ? __local_bh_enable_ip+0x121/0x230
[   23.285903]  ? _raw_spin_unlock_bh+0x30/0x40
[   23.285913]  ? release_sock+0x1d4/0x2a0
[   23.285926]  ? __release_sock+0x360/0x360
[   23.285939]  ? udp_v6_get_port+0x355/0x600
[   23.285960]  inet_sendmsg+0x11f/0x5e0
[   23.285965]  ? inet_sendmsg+0x11f/0x5e0
[   23.285973]  ? __might_sleep+0x95/0x190
[   23.285982]  ? inet_recvmsg+0x5f0/0x5f0
[   23.285992]  ? selinux_socket_sendmsg+0x36/0x40
[   23.286001]  ? security_socket_sendmsg+0x89/0xb0
[   23.286009]  ? inet_recvmsg+0x5f0/0x5f0
[   23.286019]  sock_sendmsg+0xca/0x110
[   23.286031]  SYSC_sendto+0x361/0x5c0
[   23.286045]  ? SYSC_connect+0x4a0/0x4a0
[   23.286054]  ? up_read+0x1a/0x40
[   23.286064]  ? __do_page_fault+0x3d6/0xc90
[   23.286109]  ? __do_page_fault+0xc90/0xc90
[   23.286123]  ? SyS_setsockopt+0x215/0x360
[   23.286137]  ? SyS_recv+0x40/0x40
[   23.286147]  ? entry_SYSCALL_64_fastpath+0x5/0x96
[   23.286165]  SyS_sendto+0x40/0x50
[   23.286180]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   23.286186] RIP: 0033:0x43ff29
[   23.286190] RSP: 002b:00007ffe4c5b3d28 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   23.286197] RAX: ffffffffffffffda RBX: 0100000000000000 RCX: 000000000043ff29
[   23.286201] RDX: 0000000000000000 RSI: 000000002028a000 RDI: 0000000000000003
[   23.286205] RBP: 00000000006ca018 R08: 0000000020999000 R09: 000000000000001c
[   23.286209] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401890
[   23.286213] R13: 0000000000401920 R14: 0000000000000000 R15: 0000000000000000
[   23.286241] 
[   23.286243] The buggy address belongs to the page:
[   23.286250] page:00000000fcab11d7 count:0 mapcount:0 mapping:          (null) index:0x0
[   23.286256] flags: 0x2fffc0000000000()
[   23.286264] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   23.286272] raw: dead000000000100 dead000000000200 0000000000000000 0000000000000000
[   23.286274] page dumped because: kasan: bad access detected
[   23.286276] 
[   23.286278] Memory state around the buggy address:
[   23.286283]  ffff8801c99d7600: f1 04 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2
[   23.286288]  ffff8801c99d7680: f2 f8 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 f2 f2 f2
[   23.286293] >ffff8801c99d7700: f2 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00
[   23.286296]                                            ^
[   23.286301]  ffff8801c99d7780: 00 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00
[   23.286306]  ffff8801c99d7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.286308] ==================================================================
[   23.286311] Disabling lock debugging due to kernel taint
[   23.286330] Kernel panic - not syncing: panic_on_warn set ...
[   23.286330] 
[   23.286336] CPU: 0 PID: 3146 Comm: syzkaller494321 Tainted: G    B            4.15.0-rc4+ #164
[   23.286339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.286341] Call Trace:
[   23.286348]  dump_stack+0x194/0x257
[   23.286356]  ? arch_local_irq_restore+0x53/0x53
[   23.286366]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   23.286374]  ? vsnprintf+0x1ed/0x1900
[   23.286381]  ? xfrm_state_find+0x30c0/0x3210
[   23.286388]  panic+0x1e4/0x41c
[   23.286394]  ? refcount_error_report+0x214/0x214
[   23.286403]  ? add_taint+0x1c/0x50
[   23.286409]  ? add_taint+0x1c/0x50
[   23.286417]  ? xfrm_state_find+0x30de/0x3210
[   23.286423]  kasan_end_report+0x50/0x50
[   23.286430]  kasan_report+0x144/0x340
[   23.286439]  __asan_report_load4_noabort+0x14/0x20
[   23.286445]  xfrm_state_find+0x30de/0x3210
[   23.286451]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   23.286472]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   23.286480]  ? __isolate_free_page+0x8a0/0x8a0
[   23.286486]  ? __isolate_free_page+0x8a0/0x8a0
[   23.286494]  ? print_irqtrace_events+0x270/0x270
[   23.286509]  ? check_noncircular+0x20/0x20
[   23.286516]  ? find_held_lock+0x35/0x1d0
[   23.286545]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   23.286555]  ? print_irqtrace_events+0x270/0x270
[   23.286566]  ? depot_save_stack+0x3b5/0x490
[   23.286573]  ? lock_downgrade+0x980/0x980
[   23.286582]  ? lock_release+0xa40/0xa40
[   23.286595]  xfrm_tmpl_resolve+0x30e/0xc10
[   23.286614]  ? __xfrm_decode_session+0x110/0x110
[   23.286620]  ? save_stack+0xa3/0xd0
[   23.286626]  ? save_stack+0x43/0xd0
[   23.286631]  ? kasan_kmalloc+0xad/0xe0
[   23.286636]  ? kasan_slab_alloc+0x12/0x20
[   23.286642]  ? kmem_cache_alloc+0x12e/0x760
[   23.286650]  ? find_held_lock+0x35/0x1d0
[   23.286667]  xfrm_resolve_and_create_bundle+0x134/0x2760
[   23.286676]  ? kmem_cache_alloc+0x4e9/0x760
[   23.286684]  ? check_noncircular+0x20/0x20
[   23.286693]  ? rt_add_uncached_list+0x1b7/0x240
[   23.286700]  ? __local_bh_enable_ip+0x121/0x230
[   23.286708]  ? xfrm_tmpl_resolve+0xc10/0xc10
[   23.286714]  ? rt_add_uncached_list+0x1b7/0x240
[   23.286721]  ? ip_rt_bug+0x20/0x20
[   23.286731]  ? find_held_lock+0x35/0x1d0
[   23.286743]  ? xfrm_sk_policy_lookup+0x30b/0x490
[   23.286750]  ? lock_downgrade+0x980/0x980
[   23.286758]  ? lock_release+0xa40/0xa40
[   23.286766]  ? refcount_inc_not_zero+0xfe/0x180
[   23.286776]  ? selinux_xfrm_policy_lookup+0xac/0xd0
[   23.286784]  ? security_xfrm_policy_lookup+0x92/0xc0
[   23.286794]  ? xfrm_sk_policy_lookup+0x334/0x490
[   23.286805]  ? xfrm_selector_match+0xe00/0xe00
[   23.286819]  xfrm_lookup+0x156b/0x23e0
[   23.286825]  ? xfrm_lookup+0x156b/0x23e0
[   23.286833]  ? print_irqtrace_events+0x270/0x270
[   23.286844]  ? xfrm_policy_lookup_bytype.constprop.48+0x960/0x960
[   23.286857]  ? find_held_lock+0x35/0x1d0
[   23.286869]  ? ip_route_output_key_hash+0x229/0x370
[   23.286876]  ? lock_downgrade+0x980/0x980
[   23.286881]  ? __lru_cache_add+0x2a4/0x410
[   23.286890]  ? lock_release+0xa40/0xa40
[   23.286899]  ? find_held_lock+0x35/0x1d0
[   23.286914]  ? ip_route_output_key_hash+0x252/0x370
[   23.286922]  ? ip_route_output_key_hash_rcu+0x2c10/0x2c10
[   23.286927]  ? lock_release+0xa40/0xa40
[   23.286939]  xfrm_lookup_route+0x39/0x1a0
[   23.286948]  ip_route_output_flow+0x7c/0xa0
[   23.286956]  udp_sendmsg+0x19d3/0x2ce0
[   23.286966]  ? ip_reply_glue_bits+0xb0/0xb0
[   23.286980]  ? udp_lib_get_port+0x1b30/0x1b30
[   23.286987]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   23.286994]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   23.287016]  ? lock_downgrade+0x980/0x980
[   23.287028]  ? mark_held_locks+0xaf/0x100
[   23.287033]  ? refcount_inc_not_zero+0xfe/0x180
[   23.287040]  ? __local_bh_enable_ip+0x121/0x230
[   23.287048]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.287054]  ? udp_lib_get_port+0x785/0x1b30
[   23.287060]  ? trace_hardirqs_on+0xd/0x10
[   23.287066]  ? check_noncircular+0x20/0x20
[   23.287077]  udpv6_sendmsg+0x762/0x33a0
[   23.287086]  ? check_noncircular+0x20/0x20
[   23.287099]  ? udpv6_setsockopt+0x80/0x80
[   23.287108]  ? reacquire_held_locks+0x1f9/0x3e0
[   23.287114]  ? reacquire_held_locks+0x1f9/0x3e0
[   23.287123]  ? find_held_lock+0x35/0x1d0
[   23.287135]  ? release_sock+0x1d4/0x2a0
[   23.287143]  ? lock_downgrade+0x980/0x980
[   23.287149]  ? lock_downgrade+0x980/0x980
[   23.287162]  ? __local_bh_enable_ip+0x121/0x230
[   23.287170]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   23.287176]  ? release_sock+0x1d4/0x2a0
[   23.287182]  ? trace_hardirqs_on+0xd/0x10
[   23.287188]  ? __local_bh_enable_ip+0x121/0x230
[   23.287196]  ? _raw_spin_unlock_bh+0x30/0x40
[   23.287203]  ? release_sock+0x1d4/0x2a0
[   23.287211]  ? __release_sock+0x360/0x360
[   23.287220]  ? udp_v6_get_port+0x355/0x600
[   23.287232]  inet_sendmsg+0x11f/0x5e0
[   23.287237]  ? inet_sendmsg+0x11f/0x5e0
[   23.287242]  ? __might_sleep+0x95/0x190
[   23.287249]  ? inet_recvmsg+0x5f0/0x5f0
[   23.287256]  ? selinux_socket_sendmsg+0x36/0x40
[   23.287263]  ? security_socket_sendmsg+0x89/0xb0
[   23.287269]  ? inet_recvmsg+0x5f0/0x5f0
[   23.287276]  sock_sendmsg+0xca/0x110
[   23.287284]  SYSC_sendto+0x361/0x5c0
[   23.287293]  ? SYSC_connect+0x4a0/0x4a0
[   23.287299]  ? up_read+0x1a/0x40
[   23.287306]  ? __do_page_fault+0x3d6/0xc90
[   23.287331]  ? __do_page_fault+0xc90/0xc90
[   23.287341]  ? SyS_setsockopt+0x215/0x360
[   23.287349]  ? SyS_recv+0x40/0x40
[   23.287357]  ? entry_SYSCALL_64_fastpath+0x5/0x96
[   23.287369]  SyS_sendto+0x40/0x50
[   23.287379]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   23.287383] RIP: 0033:0x43ff29
[   23.287386] RSP: 002b:00007ffe4c5b3d28 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   23.287392] RAX: ffffffffffffffda RBX: 0100000000000000 RCX: 000000000043ff29
[   23.287395] RDX: 0000000000000000 RSI: 000000002028a000 RDI: 0000000000000003
[   23.287399] RBP: 00000000006ca018 R08: 0000000020999000 R09: 000000000000001c
[   23.287402] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401890
[   23.287406] R13: 0000000000401920 R14: 0000000000000000 R15: 0000000000000000
[   23.306266] Dumping ftrace buffer:
[   23.306269]    (ftrace buffer empty)
[   23.306271] Kernel Offset: disabled
[   24.557036] Rebooting in 86400 seconds..