[....] Starting enhanced syslogd: rsyslogd[   14.673414] audit: type=1400 audit(1549213276.707:4): avc:  denied  { syslog } for  pid=1923 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.173' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   32.254615] ==================================================================
[   32.262015] BUG: KASAN: slab-out-of-bounds in ip6_tnl_xmit2+0x1f95/0x2320
[   32.268915] Read of size 16 at addr ffff8801d432d930 by task syz-executor827/2076
[   32.276503] 
[   32.278109] CPU: 0 PID: 2076 Comm: syz-executor827 Not tainted 4.4.172+ #13
[   32.285178]  0000000000000000 5ab267c2b17d357a ffff8801d415edd0 ffffffff81aacde1
[   32.293168]  0000000000000000 ffffea000750cb00 ffff8801d432d930 0000000000000010
[   32.301157]  ffff8801d432d680 ffff8801d415ee08 ffffffff8148fedd 0000000000000000
[   32.309137] Call Trace:
[   32.311699]  [<ffffffff81aacde1>] dump_stack+0xc1/0x120
[   32.317037]  [<ffffffff8148fedd>] print_address_description+0x6f/0x21b
[   32.323683]  [<ffffffff81490115>] kasan_report.cold+0x8c/0x2be
[   32.329641]  [<ffffffff826b2b85>] ? ip6_tnl_xmit2+0x1f95/0x2320
[   32.335683]  [<ffffffff81484d9f>] __asan_report_load_n_noabort+0xf/0x20
[   32.342408]  [<ffffffff826b2b85>] ip6_tnl_xmit2+0x1f95/0x2320
[   32.348266]  [<ffffffff8230bcb6>] ? nf_conntrack_tuple_taken+0x656/0x900
[   32.355097]  [<ffffffff8230b6de>] ? nf_conntrack_tuple_taken+0x7e/0x900
[   32.361826]  [<ffffffff826b0bf0>] ? ip6_tnl_create2+0x2d0/0x2d0
[   32.367858]  [<ffffffff811ffdef>] ? __lock_acquire+0xa4f/0x4f50
[   32.373894]  [<ffffffff81b469bc>] ? depot_save_stack+0x20c/0x5f0
[   32.380014]  [<ffffffff82717aaa>] ? _raw_spin_unlock_irqrestore+0x5a/0x70
[   32.386913]  [<ffffffff81b0a7fc>] ? check_preemption_disabled+0x3c/0x200
[   32.393725]  [<ffffffff81b0a7fc>] ? check_preemption_disabled+0x3c/0x200
[   32.400571]  [<ffffffff812d4960>] ? make_kuid+0xf0/0x180
[   32.405998]  [<ffffffff826b48d9>] ip6_tnl_xmit+0xa09/0xe00
[   32.411595]  [<ffffffff826b3ed0>] ? ip6ip6_dscp_ecn_decapsulate+0x790/0x790
[   32.418671]  [<ffffffff82244a81>] dev_hard_start_xmit+0x7c1/0x11e0
[   32.424963]  [<ffffffff82246ddb>] __dev_queue_xmit+0x164b/0x1bb0
[   32.431081]  [<ffffffff82245967>] ? __dev_queue_xmit+0x1d7/0x1bb0
[   32.437288]  [<ffffffff810e15aa>] ? __local_bh_enable_ip+0x6a/0xe0
[   32.443592]  [<ffffffff82245790>] ? netdev_pick_tx+0x2f0/0x2f0
[   32.449539]  [<ffffffff822643bf>] ? __neigh_create+0x96f/0x1b30
[   32.455572]  [<ffffffff810e15aa>] ? __local_bh_enable_ip+0x6a/0xe0
[   32.461867]  [<ffffffff82247358>] dev_queue_xmit+0x18/0x20
[   32.467464]  [<ffffffff8225bb46>] neigh_direct_output+0x16/0x20
[   32.473496]  [<ffffffff823c54b2>] ip_finish_output2+0x6a2/0x1280
[   32.479629]  [<ffffffff823c501b>] ? ip_finish_output2+0x20b/0x1280
[   32.485924]  [<ffffffff822f818c>] ? nf_hook_slow+0x1dc/0x340
[   32.491695]  [<ffffffff823c4e10>] ? ip_send_check+0xb0/0xb0
[   32.497382]  [<ffffffff822f7fb0>] ? nf_iterate+0x220/0x220
[   32.502978]  [<ffffffff823cc782>] ip_finish_output+0x8b2/0xc60
[   32.508918]  [<ffffffff823d0547>] ip_output+0x227/0x4c0
[   32.514271]  [<ffffffff823d0320>] ? ip_mc_output+0xae0/0xae0
[   32.520045]  [<ffffffff823d32f6>] ? ip_make_skb+0x116/0x210
[   32.525728]  [<ffffffff823cbed0>] ? ip_fragment.constprop.0+0x200/0x200
[   32.532451]  [<ffffffff823d31e0>] ? ip_flush_pending_frames+0x30/0x30
[   32.539013]  [<ffffffff823cd2bc>] ip_local_out+0x9c/0x180
[   32.544528]  [<ffffffff823d30ae>] ip_send_skb+0x3e/0xc0
[   32.549866]  [<ffffffff82478e8d>] udp_send_skb+0x4fd/0xc70
[   32.555464]  [<ffffffff8247fc3f>] udp_sendmsg+0x16cf/0x1c60
[   32.561151]  [<ffffffff823c8f40>] ? ip_reply_glue_bits+0xc0/0xc0
[   32.567269]  [<ffffffff8247e570>] ? udp_lib_unhash+0x630/0x630
[   32.573218]  [<ffffffff8123a551>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   32.579957]  [<ffffffff8123a551>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   32.586685]  [<ffffffff81956134>] ? avc_has_perm+0x164/0x3a0
[   32.592455]  [<ffffffff819561a2>] ? avc_has_perm+0x1d2/0x3a0
[   32.598238]  [<ffffffff8195607c>] ? avc_has_perm+0xac/0x3a0
[   32.603925]  [<ffffffff82612e52>] udpv6_sendmsg+0x12f2/0x24f0
[   32.609783]  [<ffffffff811ffdef>] ? __lock_acquire+0xa4f/0x4f50
[   32.615817]  [<ffffffff81b0a7fc>] ? check_preemption_disabled+0x3c/0x200
[   32.622644]  [<ffffffff82611b60>] ? udp_v6_flush_pending_frames+0xe0/0xe0
[   32.629549]  [<ffffffff8195f968>] ? sock_has_perm+0x2a8/0x400
[   32.635416]  [<ffffffff8195f766>] ? sock_has_perm+0xa6/0x400
[   32.641186]  [<ffffffff8195f6c0>] ? selinux_msg_queue_alloc_security+0x2e0/0x2e0
[   32.648701]  [<ffffffff810aaaff>] ? __do_page_fault+0x33f/0x7f0
[   32.654746]  [<ffffffff8123a551>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   32.661472]  [<ffffffff81b0a7fc>] ? check_preemption_disabled+0x3c/0x200
[   32.668302]  [<ffffffff81b0a7fc>] ? check_preemption_disabled+0x3c/0x200
[   32.675116]  [<ffffffff824a8d53>] ? inet_sendmsg+0x143/0x4d0
[   32.680887]  [<ffffffff824a8e12>] inet_sendmsg+0x202/0x4d0
[   32.686484]  [<ffffffff824a8c86>] ? inet_sendmsg+0x76/0x4d0
[   32.692166]  [<ffffffff824a8c10>] ? inet_recvmsg+0x4d0/0x4d0
[   32.697939]  [<ffffffff821d7eae>] sock_sendmsg+0xbe/0x110
[   32.703452]  [<ffffffff821d9d89>] ___sys_sendmsg+0x769/0x890
[   32.709227]  [<ffffffff821d9620>] ? copy_msghdr_from_user+0x550/0x550
[   32.715781]  [<ffffffff813cfef0>] ? __alloc_pages_direct_compact+0x220/0x220
[   32.722947]  [<ffffffff81adfec4>] ? prandom_u32+0x74/0xa0
[   32.728471]  [<ffffffff8123a551>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   32.735204]  [<ffffffff81b0a7fc>] ? check_preemption_disabled+0x3c/0x200
[   32.742020]  [<ffffffff81b0a7fc>] ? check_preemption_disabled+0x3c/0x200
[   32.748835]  [<ffffffff810e15aa>] ? __local_bh_enable_ip+0x6a/0xe0
[   32.755130]  [<ffffffff8123a551>] ? debug_lockdep_rcu_enabled+0x71/0xa0
[   32.761857]  [<ffffffff814f1d23>] ? __fget_light+0xa3/0x1f0
[   32.767543]  [<ffffffff814f1e8b>] ? __fdget+0x1b/0x20
[   32.772717]  [<ffffffff821dcbe5>] __sys_sendmsg+0xc5/0x160
[   32.778318]  [<ffffffff821dcb20>] ? SyS_shutdown+0x1a0/0x1a0
[   32.784092]  [<ffffffff827191d5>] ? retint_user+0x18/0x3c
[   32.789602]  [<ffffffff811ff175>] ? trace_hardirqs_on_caller+0x385/0x5a0
[   32.796419]  [<ffffffff821dccad>] SyS_sendmsg+0x2d/0x50
[   32.801757]  [<ffffffff82718621>] entry_SYSCALL_64_fastpath+0x1e/0x9a
[   32.808307] 
[   32.809909] Allocated by task 2076:
[   32.813505]  [<ffffffff8102e3c6>] save_stack_trace+0x26/0x50
[   32.819397]  [<ffffffff81483d12>] kasan_kmalloc.part.0+0x62/0xf0
[   32.825635]  [<ffffffff81483f87>] kasan_kmalloc+0xb7/0xd0
[   32.831263]  [<ffffffff81480311>] __kmalloc+0x141/0x330
[   32.836715]  [<ffffffff82263c26>] __neigh_create+0x1d6/0x1b30
[   32.842695]  [<ffffffff8239fcbe>] ipv4_neigh_lookup+0x52e/0x6e0
[   32.848855]  [<ffffffff826b0e6b>] ip6_tnl_xmit2+0x27b/0x2320
[   32.854750]  [<ffffffff826b48d9>] ip6_tnl_xmit+0xa09/0xe00
[   32.860464]  [<ffffffff82244a81>] dev_hard_start_xmit+0x7c1/0x11e0
[   32.866879]  [<ffffffff82246ddb>] __dev_queue_xmit+0x164b/0x1bb0
[   32.873116]  [<ffffffff82247358>] dev_queue_xmit+0x18/0x20
[   32.878833]  [<ffffffff8225bb46>] neigh_direct_output+0x16/0x20
[   32.884987]  [<ffffffff823c54b2>] ip_finish_output2+0x6a2/0x1280
[   32.891244]  [<ffffffff823cc782>] ip_finish_output+0x8b2/0xc60
[   32.897303]  [<ffffffff823d0547>] ip_output+0x227/0x4c0
[   32.902754]  [<ffffffff823cd2bc>] ip_local_out+0x9c/0x180
[   32.908384]  [<ffffffff823d30ae>] ip_send_skb+0x3e/0xc0
[   32.913844]  [<ffffffff82478e8d>] udp_send_skb+0x4fd/0xc70
[   32.919559]  [<ffffffff8247fc3f>] udp_sendmsg+0x16cf/0x1c60
[   32.925372]  [<ffffffff82612e52>] udpv6_sendmsg+0x12f2/0x24f0
[   32.931353]  [<ffffffff824a8e12>] inet_sendmsg+0x202/0x4d0
[   32.937071]  [<ffffffff821d7eae>] sock_sendmsg+0xbe/0x110
[   32.942702]  [<ffffffff821d9d89>] ___sys_sendmsg+0x769/0x890
[   32.948594]  [<ffffffff821dcbe5>] __sys_sendmsg+0xc5/0x160
[   32.954310]  [<ffffffff821dccad>] SyS_sendmsg+0x2d/0x50
[   32.959769]  [<ffffffff82718621>] entry_SYSCALL_64_fastpath+0x1e/0x9a
[   32.966442] 
[   32.968043] Freed by task 0:
[   32.971036] (stack is not available)
[   32.974718] 
[   32.976321] The buggy address belongs to the object at ffff8801d432d680
[   32.976321]  which belongs to the cache kmalloc-1024 of size 1024
[   32.989138] The buggy address is located 688 bytes inside of
[   32.989138]  1024-byte region [ffff8801d432d680, ffff8801d432da80)
[   33.001074] The buggy address belongs to the page:
[   34.417666] double fault: 0000 [#1] PREEMPT SMP KASAN
[   34.423346] Modules linked in:
[   34.426632] CPU: 0 PID: 2076 Comm: syz-executor827 Not tainted 4.4.172+ #13
[   34.433708] task: ffff8801d4f74740 task.stack: ffff8801d4158000
[   34.439735] RIP: 0010:[<ffffffff8142a9b8>]  [<ffffffff8142a9b8>] dump_page_badflags+0x8/0x70
[   34.448422] RSP: 0018:ffff880100000000  EFLAGS: 00010046
[   34.453843] RAX: ffff8801d4f74740 RBX: 0000000000000000 RCX: 0000000000000000
[   34.461086] RDX: 0000000000000000 RSI: ffffffff82891be0 RDI: ffffea000750cb00
[   34.468329] RBP: ffff880100000010 R08: 0000000000000026 R09: 0000000000000000
[   34.475575] R10: 0000000000000001 R11: ffffffff83fdf174 R12: ffffea000750cb00
[   34.482820] R13: ffffffff82891be0 R14: ffff8801d432da80 R15: ffff8801d432d680
[   34.490078] FS:  0000000000e86880(0063) GS:ffff8801db600000(0000) knlGS:0000000000000000
[   34.498278] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   34.504131] CR2: ffff8800fffffff8 CR3: 00000001d4f1a000 CR4: 00000000001606b0
[   34.511377] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   34.518619] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   34.525870] Stack:
[   34.528007] 
[   34.529620] Call Trace:
[   34.532173]  <UNK> 
[   34.534210] Code: c0 80 06 00 00 f0 48 ff 80 e8 18 19 83 5b 5d c3 48 89 df e8 0b a3 05 00 eb dd 66 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 <41> 55 49 89 f5 41 54 49 89 fc 53 48 89 d3 48 83 ec 08 e8 11 ea 
[   34.561408] RIP  [<ffffffff8142a9b8>] dump_page_badflags+0x8/0x70
[   34.567739]  RSP <ffff880100000000>
[   34.571336] ---[ end trace 9af38744d659c8da ]---
[   34.576065] Kernel panic - not syncing: Fatal exception in interrupt
[   34.582866] Kernel Offset: disabled
[   34.586473] Rebooting in 86400 seconds..