[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   12.208967] audit: type=1400 audit(1513863975.937:6): avc:  denied  { map } for  pid=3132 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-net-kasan-gce-8,10.128.0.55' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   18.406649] audit: type=1400 audit(1513863982.135:7): avc:  denied  { map } for  pid=3146 comm="syzkaller652482" path="/root/syzkaller652482305" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   18.458051] ==================================================================
[   18.465464] BUG: KASAN: slab-out-of-bounds in xfrm_hash_rebuild+0xdbe/0xf00
[   18.472534] Read of size 2 at addr ffff8801c8e92fe4 by task kworker/1:1/23
[   18.479513] 
[   18.481114] CPU: 1 PID: 23 Comm: kworker/1:1 Not tainted 4.15.0-rc3+ #161
[   18.488009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   18.497346] Workqueue: events xfrm_hash_rebuild
[   18.501985] Call Trace:
[   18.504546]  dump_stack+0x194/0x257
[   18.508158]  ? arch_local_irq_restore+0x53/0x53
[   18.512804]  ? show_regs_print_info+0x18/0x18
[   18.517274]  ? lock_release+0xa40/0xa40
[   18.521217]  ? debug_object_deactivate+0x364/0x560
[   18.526117]  ? xfrm_hash_rebuild+0xdbe/0xf00
[   18.530497]  print_address_description+0x73/0x250
[   18.535308]  ? xfrm_hash_rebuild+0xdbe/0xf00
[   18.539695]  kasan_report+0x25b/0x340
[   18.544166]  __asan_report_load2_noabort+0x14/0x20
[   18.549065]  xfrm_hash_rebuild+0xdbe/0xf00
[   18.553273]  ? lock_acquire+0x180/0x580
[   18.557310]  ? xfrm_policy_bysel_ctx+0x530/0x530
[   18.562045]  ? __lock_is_held+0xb6/0x140
[   18.566092]  process_one_work+0xbbf/0x1b10
[   18.570303]  ? trace_hardirqs_on+0xd/0x10
[   18.574434]  ? pwq_dec_nr_in_flight+0x450/0x450
[   18.579087]  ? __schedule+0x8f3/0x2060
[   18.582942]  ? update_curr+0x2e3/0xa60
[   18.586808]  ? check_noncircular+0x20/0x20
[   18.591024]  ? __lock_is_held+0xb6/0x140
[   18.595086]  ? lock_acquire+0x1d5/0x580
[   18.599041]  ? lock_acquire+0x1d5/0x580
[   18.602986]  ? worker_thread+0x4a3/0x1990
[   18.607107]  ? lock_downgrade+0x980/0x980
[   18.611228]  ? lock_release+0xa40/0xa40
[   18.615185]  ? retint_kernel+0x10/0x10
[   18.619044]  ? do_raw_spin_trylock+0x190/0x190
[   18.623611]  worker_thread+0x223/0x1990
[   18.627594]  ? process_one_work+0x1b10/0x1b10
[   18.632062]  ? _raw_spin_unlock_irq+0x27/0x70
[   18.636532]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   18.641527]  ? trace_hardirqs_on+0xd/0x10
[   18.645645]  ? _raw_spin_unlock_irq+0x27/0x70
[   18.650110]  ? finish_task_switch+0x1d3/0x740
[   18.654665]  ? finish_task_switch+0x1aa/0x740
[   18.659136]  ? copy_overflow+0x20/0x20
[   18.663006]  ? __schedule+0x8f3/0x2060
[   18.666905]  ? find_held_lock+0x35/0x1d0
[   18.670948]  ? find_held_lock+0x35/0x1d0
[   18.674990]  ? complete+0x62/0x80
[   18.678431]  ? __schedule+0x2060/0x2060
[   18.682372]  ? do_wait_intr_irq+0x3e0/0x3e0
[   18.686663]  ? __lockdep_init_map+0xe4/0x650
[   18.691042]  ? do_raw_spin_trylock+0x190/0x190
[   18.695680]  ? lockdep_init_map+0x9/0x10
[   18.699718]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   18.704798]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   18.709792]  ? trace_hardirqs_on+0xd/0x10
[   18.713920]  ? __kthread_parkme+0x175/0x240
[   18.718222]  kthread+0x33c/0x400
[   18.721562]  ? process_one_work+0x1b10/0x1b10
[   18.726025]  ? kthread_stop+0x7a0/0x7a0
[   18.729974]  ret_from_fork+0x24/0x30
[   18.733688] 
[   18.735372] Allocated by task 3152:
[   18.738971]  save_stack+0x43/0xd0
[   18.742399]  kasan_kmalloc+0xad/0xe0
[   18.746165]  __kmalloc+0x162/0x760
[   18.749673]  sk_prot_alloc+0x101/0x2a0
[   18.753527]  sk_alloc+0x8c/0x730
[   18.756870]  pfkey_create+0x2b2/0xae0
[   18.760638]  __sock_create+0x4d4/0x850
[   18.764494]  SyS_socket+0xeb/0x1d0
[   18.768004]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   18.772729] 
[   18.774324] Freed by task 0:
[   18.777393] (stack is not available)
[   18.781069] 
[   18.782665] The buggy address belongs to the object at ffff8801c8e92ac0
[   18.782665]  which belongs to the cache kmalloc-2048 of size 2048
[   18.795460] The buggy address is located 1316 bytes inside of
[   18.795460]  2048-byte region [ffff8801c8e92ac0, ffff8801c8e932c0)
[   18.807485] The buggy address belongs to the page:
[   18.812386] page:000000004ba28b34 count:1 mapcount:0 mapping:00000000d439dc9d index:0x0 compound_mapcount: 0
[   18.822325] flags: 0x2fffc0000008100(slab|head)
[   18.826964] raw: 02fffc0000008100 ffff8801c8e92240 0000000000000000 0000000100000003
[   18.834815] raw: ffffea000723d120 ffff8801db001948 ffff8801db000c40 0000000000000000
[   18.842667] page dumped because: kasan: bad access detected
[   18.848356] 
[   18.849949] Memory state around the buggy address:
[   18.854863]  ffff8801c8e92e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.862275]  ffff8801c8e92f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   18.869609] >ffff8801c8e92f80: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
[   18.876935]                                                        ^
[   18.883392]  ffff8801c8e93000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.890722]  ffff8801c8e93080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.898054] ==================================================================
[   18.905381] Disabling lock debugging due to kernel taint
[   18.910826] Kernel panic - not syncing: panic_on_warn set ...
[   18.910826] 
[   18.918157] CPU: 1 PID: 23 Comm: kworker/1:1 Tainted: G    B            4.15.0-rc3+ #161
[   18.926350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   18.935683] Workqueue: events xfrm_hash_rebuild
[   18.940318] Call Trace:
[   18.942882]  dump_stack+0x194/0x257
[   18.946493]  ? arch_local_irq_restore+0x53/0x53
[   18.951131]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   18.955856]  ? vsnprintf+0x1ed/0x1900
[   18.959627]  ? xfrm_hash_rebuild+0xd70/0xf00
[   18.964002]  panic+0x1e4/0x41c
[   18.967165]  ? refcount_error_report+0x214/0x214
[   18.971892]  ? add_taint+0x1c/0x50
[   18.975398]  ? add_taint+0x1c/0x50
[   18.978909]  ? xfrm_hash_rebuild+0xdbe/0xf00
[   18.983288]  kasan_end_report+0x50/0x50
[   18.987315]  kasan_report+0x144/0x340
[   18.991086]  __asan_report_load2_noabort+0x14/0x20
[   18.995983]  xfrm_hash_rebuild+0xdbe/0xf00
[   19.000187]  ? lock_acquire+0x180/0x580
[   19.004132]  ? xfrm_policy_bysel_ctx+0x530/0x530
[   19.008861]  ? __lock_is_held+0xb6/0x140
[   19.012896]  process_one_work+0xbbf/0x1b10
[   19.017099]  ? trace_hardirqs_on+0xd/0x10
[   19.021219]  ? pwq_dec_nr_in_flight+0x450/0x450
[   19.025955]  ? __schedule+0x8f3/0x2060
[   19.029901]  ? update_curr+0x2e3/0xa60
[   19.033762]  ? check_noncircular+0x20/0x20
[   19.037964]  ? __lock_is_held+0xb6/0x140
[   19.042011]  ? lock_acquire+0x1d5/0x580
[   19.045952]  ? lock_acquire+0x1d5/0x580
[   19.049896]  ? worker_thread+0x4a3/0x1990
[   19.054012]  ? lock_downgrade+0x980/0x980
[   19.058129]  ? lock_release+0xa40/0xa40
[   19.062088]  ? retint_kernel+0x10/0x10
[   19.065945]  ? do_raw_spin_trylock+0x190/0x190
[   19.070511]  worker_thread+0x223/0x1990
[   19.074463]  ? process_one_work+0x1b10/0x1b10
[   19.080319]  ? _raw_spin_unlock_irq+0x27/0x70
[   19.084789]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   19.089773]  ? trace_hardirqs_on+0xd/0x10
[   19.094061]  ? _raw_spin_unlock_irq+0x27/0x70
[   19.098525]  ? finish_task_switch+0x1d3/0x740
[   19.102987]  ? finish_task_switch+0x1aa/0x740
[   19.107457]  ? copy_overflow+0x20/0x20
[   19.111316]  ? __schedule+0x8f3/0x2060
[   19.115182]  ? find_held_lock+0x35/0x1d0
[   19.119215]  ? find_held_lock+0x35/0x1d0
[   19.123251]  ? complete+0x62/0x80
[   19.126677]  ? __schedule+0x2060/0x2060
[   19.130624]  ? do_wait_intr_irq+0x3e0/0x3e0
[   19.134912]  ? __lockdep_init_map+0xe4/0x650
[   19.139289]  ? do_raw_spin_trylock+0x190/0x190
[   19.143837]  ? lockdep_init_map+0x9/0x10
[   19.147864]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   19.152936]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   19.157919]  ? trace_hardirqs_on+0xd/0x10
[   19.162037]  ? __kthread_parkme+0x175/0x240
[   19.166340]  kthread+0x33c/0x400
[   19.169674]  ? process_one_work+0x1b10/0x1b10
[   19.174136]  ? kthread_stop+0x7a0/0x7a0
[   19.178081]  ret_from_fork+0x24/0x30
[   19.182231] Dumping ftrace buffer:
[   19.185741]    (ftrace buffer empty)
[   19.189419] Kernel Offset: disabled
[   19.193018] Rebooting in 86400 seconds..