[....] Starting enhanced syslogd: rsyslogd[   13.181315] audit: type=1400 audit(1538210067.121:4): avc:  denied  { syslog } for  pid=1919 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.25' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   33.089448] ==================================================================
[   33.096960] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x2418/0x24e0
[   33.104125] Read of size 4 at addr ffff8800b6bef660 by task syz-executor434/2071
[   33.111630] 
[   33.113235] CPU: 1 PID: 2071 Comm: syz-executor434 Not tainted 4.4.158+ #105
[   33.120391]  0000000000000000 c8fcbd098412c719 ffff8800b6beece0 ffffffff81a991dd
[   33.128373]  ffffea0002dafbc0 ffff8800b6bef660 0000000000000000 ffff8800b6bef660
[   33.136356]  0000000000000003 ffff8800b6beed18 ffffffff8148a7c9 ffff8800b6bef660
[   33.144337] Call Trace:
[   33.146911]  [<ffffffff81a991dd>] dump_stack+0xc1/0x124
[   33.152384]  [<ffffffff8148a7c9>] print_address_description+0x6c/0x217
[   33.159027]  [<ffffffff8148aae9>] kasan_report.cold.6+0x175/0x2f7
[   33.165238]  [<ffffffff82553c78>] ? xfrm_state_find+0x2418/0x24e0
[   33.171445]  [<ffffffff8147f744>] __asan_report_load4_noabort+0x14/0x20
[   33.178176]  [<ffffffff82553c78>] xfrm_state_find+0x2418/0x24e0
[   33.184291]  [<ffffffff82551860>] ? xfrm_unregister_mode+0x190/0x190
[   33.190767]  [<ffffffff811fb4b0>] ? trace_hardirqs_on+0x10/0x10
[   33.196800]  [<ffffffff8129f8a3>] ? __module_text_address+0x13/0x140
[   33.203267]  [<ffffffff811f9222>] ? check_usage_backwards+0x122/0x290
[   33.209827]  [<ffffffff811f9100>] ? check_usage_forwards+0x290/0x290
[   33.216299]  [<ffffffff8253a732>] xfrm_tmpl_resolve_one+0x1d2/0x7a0
[   33.222680]  [<ffffffff8253a560>] ? xfrm_expand_policies.constprop.15+0x290/0x290
[   33.230278]  [<ffffffff811f33f0>] ? usage_match+0x80/0x80
[   33.235787]  [<ffffffff811fa3dc>] ? mark_lock+0x8bc/0x12c0
[   33.241446]  [<ffffffff811f9100>] ? check_usage_forwards+0x290/0x290
[   33.247927]  [<ffffffff811fcc94>] ? __lock_acquire+0x17e4/0x5f10
[   33.254056]  [<ffffffff8253af19>] xfrm_resolve_and_create_bundle+0x219/0x1da0
[   33.261307]  [<ffffffff811fb4b0>] ? trace_hardirqs_on+0x10/0x10
[   33.267345]  [<ffffffff8253ad00>] ? xfrm_tmpl_resolve_one+0x7a0/0x7a0
[   33.273914]  [<ffffffff811fb4b0>] ? trace_hardirqs_on+0x10/0x10
[   33.279950]  [<ffffffff811fbf35>] ? __lock_acquire+0xa85/0x5f10
[   33.286058]  [<ffffffff81237987>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   33.292796]  [<ffffffff81237987>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   33.299536]  [<ffffffff810e1d1a>] ? __local_bh_enable_ip+0x6a/0xd0
[   33.305834]  [<ffffffff8253db18>] ? xfrm_sk_policy_lookup+0x228/0x350
[   33.312392]  [<ffffffff8253db3f>] ? xfrm_sk_policy_lookup+0x24f/0x350
[   33.318954]  [<ffffffff8253a491>] ? xfrm_expand_policies.constprop.15+0x1c1/0x290
[   33.326554]  [<ffffffff8253de78>] xfrm_lookup+0x238/0xb70
[   33.332069]  [<ffffffff82700002>] ? __down_interruptible+0x2b2/0x480
[   33.338664]  [<ffffffff8253dc40>] ? xfrm_sk_policy_lookup+0x350/0x350
[   33.345222]  [<ffffffff8239150b>] ? __ip_route_output_key_hash+0xc7b/0x2040
[   33.352346]  [<ffffffff82391532>] ? __ip_route_output_key_hash+0xca2/0x2040
[   33.359441]  [<ffffffff823909fa>] ? __ip_route_output_key_hash+0x16a/0x2040
[   33.366518]  [<ffffffff82390890>] ? rt_set_nexthop.constprop.13+0xcc0/0xcc0
[   33.373598]  [<ffffffff8253f659>] xfrm_lookup_route+0x39/0x140
[   33.379547]  [<ffffffff82392960>] ip_route_output_flow+0x90/0xa0
[   33.385666]  [<ffffffff8246ccf0>] udp_sendmsg+0x1480/0x1c70
[   33.391358]  [<ffffffff8246be85>] ? udp_sendmsg+0x615/0x1c70
[   33.397132]  [<ffffffff823b6630>] ? ip_reply_glue_bits+0xc0/0xc0
[   33.403323]  [<ffffffff8246b870>] ? udp_lib_unhash+0x630/0x630
[   33.409290]  [<ffffffff811fb4b0>] ? trace_hardirqs_on+0x10/0x10
[   33.415324]  [<ffffffff811faea7>] ? mark_held_locks+0xc7/0x130
[   33.421273]  [<ffffffff810e1d1a>] ? __local_bh_enable_ip+0x6a/0xd0
[   33.427568]  [<ffffffff82600c3d>] udpv6_sendmsg+0x12cd/0x24c0
[   33.433428]  [<ffffffff810e1d1a>] ? __local_bh_enable_ip+0x6a/0xd0
[   33.439796]  [<ffffffff811fb29b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   33.446617]  [<ffffffff82462d38>] ? udp_lib_get_port+0x718/0xe20
[   33.452739]  [<ffffffff825ff970>] ? udp_v6_flush_pending_frames+0xe0/0xe0
[   33.459644]  [<ffffffff825fa3c0>] ? udpv6_rcv+0x30/0x30
[   33.464983]  [<ffffffff81237987>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   33.471714]  [<ffffffff810e1d1a>] ? __local_bh_enable_ip+0x6a/0xd0
[   33.478008]  [<ffffffff811fb29b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   33.484823]  [<ffffffff821d09f6>] ? release_sock+0x3b6/0x500
[   33.490603]  [<ffffffff811fb4ad>] ? trace_hardirqs_on+0xd/0x10
[   33.496604]  [<ffffffff810e1d1a>] ? __local_bh_enable_ip+0x6a/0xd0
[   33.502958]  [<ffffffff82704eb0>] ? _raw_spin_unlock_bh+0x30/0x40
[   33.509172]  [<ffffffff821d09f6>] ? release_sock+0x3b6/0x500
[   33.514947]  [<ffffffff825fa877>] ? udp_v6_get_port+0xa7/0xd0
[   33.520874]  [<ffffffff824961d3>] inet_sendmsg+0x203/0x4d0
[   33.526480]  [<ffffffff82496043>] ? inet_sendmsg+0x73/0x4d0
[   33.532167]  [<ffffffff82495fd0>] ? inet_recvmsg+0x4c0/0x4c0
[   33.537942]  [<ffffffff821c2bdb>] sock_sendmsg+0xbb/0x110
[   33.543452]  [<ffffffff821c4721>] ___sys_sendmsg+0x441/0x880
[   33.549224]  [<ffffffff821c42e0>] ? copy_msghdr_from_user+0x550/0x550
[   33.555778]  [<ffffffff81237987>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   33.562505]  [<ffffffff819420ca>] ? avc_has_perm+0x15a/0x3a0
[   33.568278]  [<ffffffff81237987>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   33.575006]  [<ffffffff814eb07f>] ? __fget_light+0x9f/0x1f0
[   33.580754]  [<ffffffff814eb1e8>] ? __fdget+0x18/0x20
[   33.585933]  [<ffffffff821c7cae>] __sys_sendmmsg+0x12e/0x2e0
[   33.591707]  [<ffffffff821c7b80>] ? SyS_sendmsg+0x50/0x50
[   33.597231]  [<ffffffff8143519a>] ? handle_mm_fault+0x49a/0x2f30
[   33.603368]  [<ffffffff825ed0a8>] ? ipv6_setsockopt+0x68/0x130
[   33.609314]  [<ffffffff821c9a7a>] ? sock_common_setsockopt+0x9a/0xe0
[   33.615894]  [<ffffffff821c74d5>] ? SyS_setsockopt+0x185/0x260
[   33.621847]  [<ffffffff810ab716>] ? __do_page_fault+0x2b6/0x7e0
[   33.627893]  [<ffffffff821c7350>] ? SyS_recv+0x40/0x40
[   33.633145]  [<ffffffff827065d5>] ? retint_user+0x18/0x3c
[   33.638656]  [<ffffffff821c7e95>] SyS_sendmmsg+0x35/0x60
[   33.644085]  [<ffffffff82705a61>] entry_SYSCALL_64_fastpath+0x1e/0x9a
[   33.650634] 
[   33.652237] The buggy address belongs to the page:
[   33.657138] page:ffffea0002dafbc0 count:0 mapcount:0 mapping:          (null) index:0x0
[   33.665250] flags: 0x0()
[   33.668012] page dumped because: kasan: bad access detected
[   33.673743] 
[   33.675355] Memory state around the buggy address:
[   33.680257]  ffff8800b6bef500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.687590]  ffff8800b6bef580: 00 f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 00
[   33.694919] >ffff8800b6bef600: f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2 f2
[   33.702249]                                                        ^
[   33.708712]  ffff8800b6bef680: f2 00 00 00 00 00 00 00 00 00 f2 f2 f2 00 00 00
[   33.716091]  ffff8800b6bef700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.723429] ==================================================================
[   33.730761] Disabling lock debugging due to kernel taint
[   33.736248] Kernel panic - not syncing: panic_on_warn set ...
[   33.736248] 
[   33.743609] CPU: 1 PID: 2071 Comm: syz-executor434 Tainted: G    B           4.4.158+ #105
[   33.751995]  0000000000000000 c8fcbd098412c719 ffff8800b6beec40 ffffffff81a991dd
[   33.759979]  ffffffff82c4b2e1 0000000000000004 0000000000000000 ffff8800b6bef660
[   33.767955]  0000000000000003 ffff8800b6beed00 ffffffff813a1024 0000000041b58ab3
[   33.775935] Call Trace:
[   33.778504]  [<ffffffff81a991dd>] dump_stack+0xc1/0x124
[   33.783850]  [<ffffffff813a1024>] panic+0x19e/0x359
[   33.788839]  [<ffffffff813a0e86>] ? add_taint.cold.4+0x16/0x16
[   33.794787]  [<ffffffff8148a6e6>] kasan_end_report+0x47/0x4f
[   33.800559]  [<ffffffff8148ab06>] kasan_report.cold.6+0x192/0x2f7
[   33.806770]  [<ffffffff82553c78>] ? xfrm_state_find+0x2418/0x24e0
[   33.812978]  [<ffffffff8147f744>] __asan_report_load4_noabort+0x14/0x20
[   33.819706]  [<ffffffff82553c78>] xfrm_state_find+0x2418/0x24e0
[   33.825792]  [<ffffffff82551860>] ? xfrm_unregister_mode+0x190/0x190
[   33.832268]  [<ffffffff811fb4b0>] ? trace_hardirqs_on+0x10/0x10
[   33.838305]  [<ffffffff8129f8a3>] ? __module_text_address+0x13/0x140
[   33.844780]  [<ffffffff811f9222>] ? check_usage_backwards+0x122/0x290
[   33.851337]  [<ffffffff811f9100>] ? check_usage_forwards+0x290/0x290
[   33.857815]  [<ffffffff8253a732>] xfrm_tmpl_resolve_one+0x1d2/0x7a0
[   33.864197]  [<ffffffff8253a560>] ? xfrm_expand_policies.constprop.15+0x290/0x290
[   33.871791]  [<ffffffff811f33f0>] ? usage_match+0x80/0x80
[   33.877306]  [<ffffffff811fa3dc>] ? mark_lock+0x8bc/0x12c0
[   33.882903]  [<ffffffff811f9100>] ? check_usage_forwards+0x290/0x290
[   33.889375]  [<ffffffff811fcc94>] ? __lock_acquire+0x17e4/0x5f10
[   33.895503]  [<ffffffff8253af19>] xfrm_resolve_and_create_bundle+0x219/0x1da0
[   33.902752]  [<ffffffff811fb4b0>] ? trace_hardirqs_on+0x10/0x10
[   33.908788]  [<ffffffff8253ad00>] ? xfrm_tmpl_resolve_one+0x7a0/0x7a0
[   33.915359]  [<ffffffff811fb4b0>] ? trace_hardirqs_on+0x10/0x10
[   33.921440]  [<ffffffff811fbf35>] ? __lock_acquire+0xa85/0x5f10
[   33.927489]  [<ffffffff81237987>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   33.934265]  [<ffffffff81237987>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   33.941068]  [<ffffffff810e1d1a>] ? __local_bh_enable_ip+0x6a/0xd0
[   33.947382]  [<ffffffff8253db18>] ? xfrm_sk_policy_lookup+0x228/0x350
[   33.953934]  [<ffffffff8253db3f>] ? xfrm_sk_policy_lookup+0x24f/0x350
[   33.960491]  [<ffffffff8253a491>] ? xfrm_expand_policies.constprop.15+0x1c1/0x290
[   33.968088]  [<ffffffff8253de78>] xfrm_lookup+0x238/0xb70
[   33.973603]  [<ffffffff82700002>] ? __down_interruptible+0x2b2/0x480
[   33.980072]  [<ffffffff8253dc40>] ? xfrm_sk_policy_lookup+0x350/0x350
[   33.986625]  [<ffffffff8239150b>] ? __ip_route_output_key_hash+0xc7b/0x2040
[   33.993703]  [<ffffffff82391532>] ? __ip_route_output_key_hash+0xca2/0x2040
[   34.000779]  [<ffffffff823909fa>] ? __ip_route_output_key_hash+0x16a/0x2040
[   34.007853]  [<ffffffff82390890>] ? rt_set_nexthop.constprop.13+0xcc0/0xcc0
[   34.014930]  [<ffffffff8253f659>] xfrm_lookup_route+0x39/0x140
[   34.020878]  [<ffffffff82392960>] ip_route_output_flow+0x90/0xa0
[   34.026998]  [<ffffffff8246ccf0>] udp_sendmsg+0x1480/0x1c70
[   34.032683]  [<ffffffff8246be85>] ? udp_sendmsg+0x615/0x1c70
[   34.038460]  [<ffffffff823b6630>] ? ip_reply_glue_bits+0xc0/0xc0
[   34.044578]  [<ffffffff8246b870>] ? udp_lib_unhash+0x630/0x630
[   34.050526]  [<ffffffff811fb4b0>] ? trace_hardirqs_on+0x10/0x10
[   34.056558]  [<ffffffff811faea7>] ? mark_held_locks+0xc7/0x130
[   34.062508]  [<ffffffff810e1d1a>] ? __local_bh_enable_ip+0x6a/0xd0
[   34.068805]  [<ffffffff82600c3d>] udpv6_sendmsg+0x12cd/0x24c0
[   34.074856]  [<ffffffff810e1d1a>] ? __local_bh_enable_ip+0x6a/0xd0
[   34.081152]  [<ffffffff811fb29b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   34.087972]  [<ffffffff82462d38>] ? udp_lib_get_port+0x718/0xe20
[   34.094143]  [<ffffffff825ff970>] ? udp_v6_flush_pending_frames+0xe0/0xe0
[   34.101053]  [<ffffffff825fa3c0>] ? udpv6_rcv+0x30/0x30
[   34.106397]  [<ffffffff81237987>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   34.113126]  [<ffffffff810e1d1a>] ? __local_bh_enable_ip+0x6a/0xd0
[   34.119426]  [<ffffffff811fb29b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   34.126243]  [<ffffffff821d09f6>] ? release_sock+0x3b6/0x500
[   34.132016]  [<ffffffff811fb4ad>] ? trace_hardirqs_on+0xd/0x10
[   34.138080]  [<ffffffff810e1d1a>] ? __local_bh_enable_ip+0x6a/0xd0
[   34.144381]  [<ffffffff82704eb0>] ? _raw_spin_unlock_bh+0x30/0x40
[   34.150593]  [<ffffffff821d09f6>] ? release_sock+0x3b6/0x500
[   34.156371]  [<ffffffff825fa877>] ? udp_v6_get_port+0xa7/0xd0
[   34.162361]  [<ffffffff824961d3>] inet_sendmsg+0x203/0x4d0
[   34.167962]  [<ffffffff82496043>] ? inet_sendmsg+0x73/0x4d0
[   34.173647]  [<ffffffff82495fd0>] ? inet_recvmsg+0x4c0/0x4c0
[   34.179423]  [<ffffffff821c2bdb>] sock_sendmsg+0xbb/0x110
[   34.184933]  [<ffffffff821c4721>] ___sys_sendmsg+0x441/0x880
[   34.190776]  [<ffffffff821c42e0>] ? copy_msghdr_from_user+0x550/0x550
[   34.197338]  [<ffffffff81237987>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   34.204076]  [<ffffffff819420ca>] ? avc_has_perm+0x15a/0x3a0
[   34.209851]  [<ffffffff81237987>] ? debug_lockdep_rcu_enabled+0x77/0x90
[   34.216578]  [<ffffffff814eb07f>] ? __fget_light+0x9f/0x1f0
[   34.222264]  [<ffffffff814eb1e8>] ? __fdget+0x18/0x20
[   34.227429]  [<ffffffff821c7cae>] __sys_sendmmsg+0x12e/0x2e0
[   34.233199]  [<ffffffff821c7b80>] ? SyS_sendmsg+0x50/0x50
[   34.238711]  [<ffffffff8143519a>] ? handle_mm_fault+0x49a/0x2f30
[   34.244834]  [<ffffffff825ed0a8>] ? ipv6_setsockopt+0x68/0x130
[   34.250784]  [<ffffffff821c9a7a>] ? sock_common_setsockopt+0x9a/0xe0
[   34.257255]  [<ffffffff821c74d5>] ? SyS_setsockopt+0x185/0x260
[   34.263210]  [<ffffffff810ab716>] ? __do_page_fault+0x2b6/0x7e0
[   34.269253]  [<ffffffff821c7350>] ? SyS_recv+0x40/0x40
[   34.274528]  [<ffffffff827065d5>] ? retint_user+0x18/0x3c
[   34.280057]  [<ffffffff821c7e95>] SyS_sendmmsg+0x35/0x60
[   34.285514]  [<ffffffff82705a61>] entry_SYSCALL_64_fastpath+0x1e/0x9a
[   34.285847] Kernel Offset: disabled
[   34.295997] Rebooting in 86400 seconds..