[....] Starting enhanced syslogd: rsyslogd[ 13.377832] audit: type=1400 audit(1519699093.663:4): avc: denied { syslog } for pid=3647 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.201' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.120120] ================================================================== [ 26.127514] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x2453/0x2830 [ 26.134666] Read of size 4 at addr ffff8801b0a17730 by task syzkaller142215/3803 [ 26.142163] [ 26.143763] CPU: 0 PID: 3803 Comm: syzkaller142215 Not tainted 4.9.84-ge7f51a5 #45 [ 26.151435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.161195] ffff8801b0a16d80 ffffffff81d956b9 ffffea0006c285c0 ffff8801b0a17730 [ 26.169160] 0000000000000000 ffff8801b0a17730 ffff8801bbeb78a0 ffff8801b0a16db8 [ 26.177131] ffffffff8153e1a3 ffff8801b0a17730 0000000000000004 0000000000000000 [ 26.185101] Call Trace: [ 26.187669] [] dump_stack+0xc1/0x128 [ 26.193001] [] print_address_description+0x73/0x280 [ 26.199636] [] kasan_report+0x275/0x360 [ 26.205228] [] ? xfrm_state_find+0x2453/0x2830 [ 26.211426] [] __asan_report_load4_noabort+0x14/0x20 [ 26.218146] [] xfrm_state_find+0x2453/0x2830 [ 26.224171] [] ? xfrm_state_find+0x25a/0x2830 [ 26.230284] [] ? _find_next_bit.part.0+0xe0/0x120 [ 26.236754] [] ? xfrm_unregister_mode+0x200/0x200 [ 26.243217] [] ? update_sd_lb_stats+0x365/0x3240 [ 26.249591] [] ? __bfs+0x29/0x5e0 [ 26.254665] [] ? update_group_capacity+0xc60/0xc60 [ 26.261213] [] xfrm_tmpl_resolve+0x298/0xa90 [ 26.267252] [] ? __xfrm_decode_session+0x100/0x100 [ 26.273797] [] ? __lock_acquire+0x629/0x3640 [ 26.279821] [] ? __lock_acquire+0x629/0x3640 [ 26.285848] [] ? noop_count+0x40/0x40 [ 26.291267] [] xfrm_resolve_and_create_bundle+0xd7/0x1d90 [ 26.298423] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 26.305402] [] ? __lock_acquire+0x629/0x3640 [ 26.311426] [] ? xfrm_tmpl_resolve+0xa90/0xa90 [ 26.317625] [] ? check_preemption_disabled+0x3b/0x200 [ 26.324429] [] ? xfrm_sk_policy_lookup+0x242/0x3c0 [ 26.330975] [] ? xfrm_sk_policy_lookup+0x269/0x3c0 [ 26.337523] [] ? xfrm_selector_match+0xe40/0xe40 [ 26.343895] [] ? xfrm_expand_policies+0x25b/0x5b0 [ 26.350355] [] xfrm_lookup+0x984/0xbf0 [ 26.355863] [] ? xfrm_bundle_lookup+0x11b0/0x11b0 [ 26.362323] [] ? __ip_route_output_key_hash+0x7e5/0x23e0 [ 26.369391] [] ? __ip_route_output_key_hash+0x80c/0x23e0 [ 26.376460] [] ? __ip_route_output_key_hash+0xc94/0x23e0 [ 26.383526] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 26.389723] [] xfrm_lookup_route+0x39/0x1a0 [ 26.395661] [] ip_route_output_flow+0x7f/0xa0 [ 26.401775] [] udp_sendmsg+0xe36/0x1c10 [ 26.407367] [] ? udp_sendmsg+0x1232/0x1c10 [ 26.413220] [] ? save_stack_trace+0x16/0x20 [ 26.419161] [] ? save_stack+0x43/0xd0 [ 26.424579] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 26.430693] [] ? udp_lib_get_port+0x1830/0x1830 [ 26.436983] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 26.443878] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 26.450859] [] ? __lock_acquire+0x629/0x3640 [ 26.456885] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 26.463875] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 26.470687] [] udpv6_sendmsg+0x588/0x2540 [ 26.476458] [] ? avc_has_perm+0x28b/0x4f0 [ 26.482223] [] ? avc_has_perm+0xb0/0x4f0 [ 26.487905] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 26.494714] [] ? udp_v6_rehash+0xa0/0xa0 [ 26.500392] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 26.507375] [] ? sock_has_perm+0x1c2/0x3e0 [ 26.513227] [] ? sock_has_perm+0x292/0x3e0 [ 26.519079] [] ? sock_has_perm+0x9f/0x3e0 [ 26.524846] [] ? check_preemption_disabled+0x3b/0x200 [ 26.531657] [] ? inet_sendmsg+0x201/0x4c0 [ 26.537423] [] inet_sendmsg+0x2bc/0x4c0 [ 26.543017] [] ? inet_sendmsg+0x73/0x4c0 [ 26.548694] [] ? inet_recvmsg+0x4c0/0x4c0 [ 26.554462] [] sock_sendmsg+0xca/0x110 [ 26.559972] [] ___sys_sendmsg+0x6d1/0x7e0 [ 26.565738] [] ? copy_msghdr_from_user+0x570/0x570 [ 26.572284] [] ? avc_has_perm+0x2fd/0x4f0 [ 26.578048] [] ? avc_has_perm_noaudit+0x450/0x450 [ 26.584512] [] ? check_preemption_disabled+0x3b/0x200 [ 26.591319] [] ? sock_has_perm+0x1c2/0x3e0 [ 26.597173] [] ? sock_has_perm+0x292/0x3e0 [ 26.603022] [] ? sock_has_perm+0x9f/0x3e0 [ 26.608788] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 26.615857] [] ? selinux_netlbl_socket_setsockopt+0x116/0x340 [ 26.623369] [] ? __fget_light+0x169/0x1f0 [ 26.629143] [] ? __fdget+0x18/0x20 [ 26.634304] [] ? sockfd_lookup_light+0x118/0x160 [ 26.640678] [] __sys_sendmsg+0xd6/0x190 [ 26.646290] [] ? SyS_shutdown+0x1b0/0x1b0 [ 26.652058] [] ? sock_common_setsockopt+0x95/0xd0 [ 26.658518] [] ? SyS_setsockopt+0x17f/0x250 [ 26.664457] [] SyS_sendmsg+0x2d/0x50 [ 26.669788] [] ? __sys_sendmsg+0x190/0x190 [ 26.675644] [] do_syscall_64+0x1a4/0x490 [ 26.681332] [] entry_SYSCALL_64_after_swapgs+0x47/0xc5 [ 26.688224] [ 26.689824] The buggy address belongs to the page: [ 26.694721] page:ffffea0006c285c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 26.702959] flags: 0x8000000000000000() [ 26.706899] page dumped because: kasan: bad access detected [ 26.712574] [ 26.714171] Memory state around the buggy address: [ 26.719075] ffff8801b0a17600: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 [ 26.726401] ffff8801b0a17680: f2 f2 f2 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 [ 26.733726] >ffff8801b0a17700: 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00 [ 26.741051] ^ [ 26.745947] ffff8801b0a17780: 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00 00 00 [ 26.753271] ffff8801b0a17800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.760595] ================================================================== [ 26.767919] Disabling lock debugging due to kernel taint [ 26.773621] Kernel panic - not syncing: panic_on_warn set ... [ 26.773621] [ 26.780968] CPU: 0 PID: 3803 Comm: syzkaller142215 Tainted: G B 4.9.84-ge7f51a5 #45 [ 26.789857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.799183] ffff8801b0a16cd8 ffffffff81d956b9 ffffffff8419784f ffff8801b0a16db0 [ 26.807152] 0000000000000000 ffff8801b0a17730 ffff8801bbeb78a0 ffff8801b0a16da0 [ 26.815118] ffffffff8142f571 0000000041b58ab3 ffffffff8418b2c0 ffffffff8142f3b5 [ 26.823077] Call Trace: [ 26.825642] [] dump_stack+0xc1/0x128 [ 26.830975] [] panic+0x1bc/0x3a8 [ 26.835963] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 26.844159] [] ? preempt_schedule+0x25/0x30 [ 26.850099] [] ? ___preempt_schedule+0x16/0x18 [ 26.856302] [] kasan_end_report+0x50/0x50 [ 26.862067] [] kasan_report+0x167/0x360 [ 26.867672] [] ? xfrm_state_find+0x2453/0x2830 [ 26.873891] [] __asan_report_load4_noabort+0x14/0x20 [ 26.880613] [] xfrm_state_find+0x2453/0x2830 [ 26.886638] [] ? xfrm_state_find+0x25a/0x2830 [ 26.892752] [] ? _find_next_bit.part.0+0xe0/0x120 [ 26.899214] [] ? xfrm_unregister_mode+0x200/0x200 [ 26.905676] [] ? update_sd_lb_stats+0x365/0x3240 [ 26.912050] [] ? __bfs+0x29/0x5e0 [ 26.917122] [] ? update_group_capacity+0xc60/0xc60 [ 26.923671] [] xfrm_tmpl_resolve+0x298/0xa90 [ 26.929698] [] ? __xfrm_decode_session+0x100/0x100 [ 26.936245] [] ? __lock_acquire+0x629/0x3640 [ 26.942270] [] ? __lock_acquire+0x629/0x3640 [ 26.948299] [] ? noop_count+0x40/0x40 [ 26.953716] [] xfrm_resolve_and_create_bundle+0xd7/0x1d90 [ 26.960886] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 26.967868] [] ? __lock_acquire+0x629/0x3640 [ 26.973893] [] ? xfrm_tmpl_resolve+0xa90/0xa90 [ 26.980096] [] ? check_preemption_disabled+0x3b/0x200 [ 26.986902] [] ? xfrm_sk_policy_lookup+0x242/0x3c0 [ 26.993450] [] ? xfrm_sk_policy_lookup+0x269/0x3c0 [ 26.999999] [] ? xfrm_selector_match+0xe40/0xe40 [ 27.006373] [] ? xfrm_expand_policies+0x25b/0x5b0 [ 27.012832] [] xfrm_lookup+0x984/0xbf0 [ 27.018338] [] ? xfrm_bundle_lookup+0x11b0/0x11b0 [ 27.024797] [] ? __ip_route_output_key_hash+0x7e5/0x23e0 [ 27.031864] [] ? __ip_route_output_key_hash+0x80c/0x23e0 [ 27.038934] [] ? __ip_route_output_key_hash+0xc94/0x23e0 [ 27.046011] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 27.052214] [] xfrm_lookup_route+0x39/0x1a0 [ 27.058154] [] ip_route_output_flow+0x7f/0xa0 [ 27.064269] [] udp_sendmsg+0xe36/0x1c10 [ 27.069861] [] ? udp_sendmsg+0x1232/0x1c10 [ 27.075717] [] ? save_stack_trace+0x16/0x20 [ 27.081657] [] ? save_stack+0x43/0xd0 [ 27.087077] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 27.093191] [] ? udp_lib_get_port+0x1830/0x1830 [ 27.099480] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 27.106377] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.113356] [] ? __lock_acquire+0x629/0x3640 [ 27.119382] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.126366] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 27.133173] [] udpv6_sendmsg+0x588/0x2540 [ 27.138941] [] ? avc_has_perm+0x28b/0x4f0 [ 27.144706] [] ? avc_has_perm+0xb0/0x4f0 [ 27.150388] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 27.157199] [] ? udp_v6_rehash+0xa0/0xa0 [ 27.162889] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.169872] [] ? sock_has_perm+0x1c2/0x3e0 [ 27.175726] [] ? sock_has_perm+0x292/0x3e0 [ 27.181578] [] ? sock_has_perm+0x9f/0x3e0 [ 27.187346] [] ? check_preemption_disabled+0x3b/0x200 [ 27.194155] [] ? inet_sendmsg+0x201/0x4c0 [ 27.199930] [] inet_sendmsg+0x2bc/0x4c0 [ 27.205524] [] ? inet_sendmsg+0x73/0x4c0 [ 27.211203] [] ? inet_recvmsg+0x4c0/0x4c0 [ 27.216970] [] sock_sendmsg+0xca/0x110 [ 27.222475] [] ___sys_sendmsg+0x6d1/0x7e0 [ 27.228241] [] ? copy_msghdr_from_user+0x570/0x570 [ 27.234787] [] ? avc_has_perm+0x2fd/0x4f0 [ 27.240553] [] ? avc_has_perm_noaudit+0x450/0x450 [ 27.247014] [] ? check_preemption_disabled+0x3b/0x200 [ 27.253822] [] ? sock_has_perm+0x1c2/0x3e0 [ 27.259672] [] ? sock_has_perm+0x292/0x3e0 [ 27.265524] [] ? sock_has_perm+0x9f/0x3e0 [ 27.271288] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 27.278357] [] ? selinux_netlbl_socket_setsockopt+0x116/0x340 [ 27.285859] [] ? __fget_light+0x169/0x1f0 [ 27.291623] [] ? __fdget+0x18/0x20 [ 27.296783] [] ? sockfd_lookup_light+0x118/0x160 [ 27.303153] [] __sys_sendmsg+0xd6/0x190 [ 27.308743] [] ? SyS_shutdown+0x1b0/0x1b0 [ 27.314509] [] ? sock_common_setsockopt+0x95/0xd0 [ 27.320967] [] ? SyS_setsockopt+0x17f/0x250 [ 27.326913] [] SyS_sendmsg+0x2d/0x50 [ 27.332246] [] ? __sys_sendmsg+0x190/0x190 [ 27.338099] [] do_syscall_64+0x1a4/0x490 [ 27.343779] [] entry_SYSCALL_64_after_swapgs+0x47/0xc5 [ 27.351188] Dumping ftrace buffer: [ 27.354702] (ftrace buffer empty) [ 27.358379] Kernel Offset: disabled [ 27.361976] Rebooting in 86400 seconds..