[....] Starting enhanced syslogd: rsyslogd[ 10.843184] audit: type=1400 audit(1513865227.341:4): avc: denied { syslog } for pid=3173 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-5,10.128.0.52' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 21.526912] ================================================================== [ 21.527999] BUG: KASAN: slab-out-of-bounds in xfrm_hash_rebuild+0xa08/0xad0 [ 21.528931] Read of size 2 at addr ffff8801c991c0cc by task kworker/1:2/1554 [ 21.529883] [ 21.530114] CPU: 1 PID: 1554 Comm: kworker/1:2 Not tainted 4.9.71-g2506378 #113 [ 21.531100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.532333] Workqueue: events xfrm_hash_rebuild [ 21.532986] ffff8801d0a5fb10 ffffffff81d922b9 ffffea0007264600 ffff8801c991c0cc [ 21.534136] 0000000000000000 ffff8801c991c0cc 0000000000000002 ffff8801d0a5fb48 [ 21.535258] ffffffff8153bab3 ffff8801c991c0cc 0000000000000002 0000000000000000 [ 21.536380] Call Trace: [ 21.536762] [] dump_stack+0xc1/0x128 [ 21.537490] [] print_address_description+0x73/0x280 [ 21.538365] [] kasan_report+0x275/0x360 [ 21.539106] [] ? xfrm_hash_rebuild+0xa08/0xad0 [ 21.539928] [] __asan_report_load2_noabort+0x14/0x20 [ 21.540815] [] xfrm_hash_rebuild+0xa08/0xad0 [ 21.541612] [] ? process_one_work+0x7e0/0x1610 [ 21.542433] [] process_one_work+0x7e0/0x1610 [ 21.543229] [] ? process_one_work+0x72c/0x1610 [ 21.544049] [] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 21.544904] [] worker_thread+0xe0/0x10d0 [ 21.545659] [] ? __schedule+0x683/0x1ba0 [ 21.546410] [] kthread+0x26d/0x300 [ 21.547579] [] ? process_one_work+0x1610/0x1610 [ 21.553864] [] ? kthread_park+0xa0/0xa0 [ 21.559452] [] ? kthread_park+0xa0/0xa0 [ 21.565039] [] ? kthread_park+0xa0/0xa0 [ 21.570628] [] ret_from_fork+0x2a/0x40 [ 21.576128] [ 21.577720] Allocated by task 3335: [ 21.581324] save_stack_trace+0x16/0x20 [ 21.585265] save_stack+0x43/0xd0 [ 21.588682] kasan_kmalloc+0xad/0xe0 [ 21.592359] __kmalloc+0x11d/0x310 [ 21.595865] sk_prot_alloc+0x101/0x2a0 [ 21.599713] sk_alloc+0x3a/0x3a0 [ 21.603042] pfkey_create+0x1da/0x8d0 [ 21.606818] __sock_create+0x3ab/0x640 [ 21.610676] SyS_socket+0xf0/0x1b0 [ 21.614183] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 21.618901] [ 21.620494] Freed by task 0: [ 21.623472] (stack is not available) [ 21.627153] [ 21.628746] The buggy address belongs to the object at ffff8801c991bb80 [ 21.628746] which belongs to the cache kmalloc-2048 of size 2048 [ 21.641543] The buggy address is located 1356 bytes inside of [ 21.641543] 2048-byte region [ffff8801c991bb80, ffff8801c991c380) [ 21.653557] The buggy address belongs to the page: [ 21.658452] page:ffffea0007264600 count:1 mapcount:0 mapping: (null) index:0x0 compound_mapcount: 0 [ 21.668599] flags: 0x8000000000004080(slab|head) [ 21.673323] page dumped because: kasan: bad access detected [ 21.678993] [ 21.680581] Memory state around the buggy address: [ 21.685475] ffff8801c991bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.692797] ffff8801c991c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 21.700126] >ffff8801c991c080: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.707449] ^ [ 21.713123] ffff8801c991c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.720447] ffff8801c991c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.727771] ================================================================== [ 21.735096] Disabling lock debugging due to kernel taint [ 21.740546] Kernel panic - not syncing: panic_on_warn set ... [ 21.740546] [ 21.747877] CPU: 1 PID: 1554 Comm: kworker/1:2 Tainted: G B 4.9.71-g2506378 #113 [ 21.756505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.765836] Workqueue: events xfrm_hash_rebuild [ 21.770578] ffff8801d0a5fa68 ffffffff81d922b9 ffffffff84194b3f ffff8801d0a5fb40 [ 21.778555] 0000000000000000 ffff8801c991c0cc 0000000000000002 ffff8801d0a5fb30 [ 21.786508] ffffffff8142d741 0000000041b58ab3 ffffffff84188580 ffffffff8142d585 [ 21.794454] Call Trace: [ 21.797012] [] dump_stack+0xc1/0x128 [ 21.802343] [] panic+0x1bc/0x3a8 [ 21.807324] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 21.815519] [] kasan_end_report+0x50/0x50 [ 21.821291] [] kasan_report+0x167/0x360 [ 21.826883] [] ? xfrm_hash_rebuild+0xa08/0xad0 [ 21.833081] [] __asan_report_load2_noabort+0x14/0x20 [ 21.839805] [] xfrm_hash_rebuild+0xa08/0xad0 [ 21.845830] [] ? process_one_work+0x7e0/0x1610 [ 21.852034] [] process_one_work+0x7e0/0x1610 [ 21.858059] [] ? process_one_work+0x72c/0x1610 [ 21.864253] [] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 21.870707] [] worker_thread+0xe0/0x10d0 [ 21.876383] [] ? __schedule+0x683/0x1ba0 [ 21.882058] [] kthread+0x26d/0x300 [ 21.887211] [] ? process_one_work+0x1610/0x1610 [ 21.893493] [] ? kthread_park+0xa0/0xa0 [ 21.899090] [] ? kthread_park+0xa0/0xa0 [ 21.904678] [] ? kthread_park+0xa0/0xa0 [ 21.910265] [] ret_from_fork+0x2a/0x40 [ 21.915796] Dumping ftrace buffer: [ 21.919303] (ftrace buffer empty) [ 21.922978] Kernel Offset: disabled [ 21.926569] Rebooting in 86400 seconds..