[....] Starting enhanced syslogd: rsyslogd[ 10.725567] audit: type=1400 audit(1514349486.266:4): avc: denied { syslog } for pid=3173 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-386-2,10.128.0.36' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 19.524660] ================================================================== [ 19.525844] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x2453/0x2830 [ 19.526785] Read of size 4 at addr ffff8801c1f87ae8 by task syzkaller041799/3321 [ 19.527783] [ 19.528013] CPU: 0 PID: 3321 Comm: syzkaller041799 Not tainted 4.9.71-g2506378 #9 [ 19.529027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.530256] ffff8801c1f87130 ffffffff81d922b9 ffffea000707e1c0 ffff8801c1f87ae8 [ 19.531499] 0000000000000000 ffff8801c1f87ae8 ffff8801c91b7420 ffff8801c1f87168 [ 19.532627] ffffffff8153bab3 ffff8801c1f87ae8 0000000000000004 0000000000000000 [ 19.533756] Call Trace: [ 19.534141] [] dump_stack+0xc1/0x128 [ 19.534951] [] print_address_description+0x73/0x280 [ 19.535824] [] kasan_report+0x275/0x360 [ 19.536565] [] ? xfrm_state_find+0x2453/0x2830 [ 19.537395] [] __asan_report_load4_noabort+0x14/0x20 [ 19.538297] [] xfrm_state_find+0x2453/0x2830 [ 19.539092] [] ? xfrm_state_find+0x25a/0x2830 [ 19.539918] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 19.540839] [] ? xfrm_unregister_mode+0x200/0x200 [ 19.541718] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 19.542648] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 19.543698] [] ? check_usage_forwards+0x310/0x310 [ 19.544565] [] ? depot_save_stack+0x1c5/0x4a0 [ 19.549508] [] xfrm_tmpl_resolve+0x298/0xa90 [ 19.555535] [] ? mutex_remove_waiter+0x352/0x400 [ 19.561926] [] ? __xfrm_decode_session+0x100/0x100 [ 19.568504] [] ? __lock_acquire+0x629/0x3640 [ 19.574532] [] ? save_stack+0xa3/0xd0 [ 19.579949] [] xfrm_resolve_and_create_bundle+0xd7/0x1d90 [ 19.587101] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 19.594078] [] ? xfrm_tmpl_resolve+0xa90/0xa90 [ 19.600274] [] ? check_preemption_disabled+0x3b/0x200 [ 19.607079] [] ? xfrm_sk_policy_lookup+0x200/0x370 [ 19.613623] [] ? xfrm_sk_policy_lookup+0x227/0x370 [ 19.620171] [] ? xfrm_selector_match+0xe40/0xe40 [ 19.626543] [] ? xfrm_expand_policies+0x25b/0x5b0 [ 19.632998] [] xfrm_lookup+0x984/0xbf0 [ 19.638502] [] ? xfrm_bundle_lookup+0x11b0/0x11b0 [ 19.644972] [] ? __ip_route_output_key_hash+0x7e5/0x23e0 [ 19.652039] [] ? __ip_route_output_key_hash+0x80c/0x23e0 [ 19.659110] [] ? __ip_route_output_key_hash+0x16a/0x23e0 [ 19.666173] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 19.672371] [] xfrm_lookup_route+0x39/0x1a0 [ 19.678306] [] ip_route_output_flow+0x7f/0xa0 [ 19.684423] [] udp_sendmsg+0xe36/0x1c10 [ 19.690010] [] ? udp_sendmsg+0x1232/0x1c10 [ 19.695864] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 19.701972] [] ? udp_lib_get_port+0x1830/0x1830 [ 19.708257] [] ? ip4_datagram_release_cb+0x1da/0x940 [ 19.714974] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 19.721776] [] ? release_sock+0x14c/0x1c0 [ 19.727540] [] ? trace_hardirqs_on+0xd/0x10 [ 19.733476] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 19.739772] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 19.745967] [] ? release_sock+0x14c/0x1c0 [ 19.751742] [] inet_sendmsg+0x2bc/0x4c0 [ 19.757340] [] ? inet_sendmsg+0x73/0x4c0 [ 19.763014] [] ? inet_recvmsg+0x4c0/0x4c0 [ 19.768776] [] sock_sendmsg+0xca/0x110 [ 19.774278] [] SYSC_sendto+0x2c8/0x340 [ 19.779782] [] ? SYSC_connect+0x310/0x310 [ 19.785547] [] ? do_huge_pmd_anonymous_page+0x2d4/0x10d0 [ 19.792640] [] ? handle_mm_fault+0x6ee/0x2530 [ 19.798751] [] ? __pmd_alloc+0x410/0x410 [ 19.804428] [] ? __do_page_fault+0x5ec/0xd40 [ 19.810455] [] ? up_read+0x1a/0x40 [ 19.815611] [] ? __do_page_fault+0x3bd/0xd40 [ 19.821644] [] SyS_sendto+0x40/0x50 [ 19.826889] [] ? SyS_getpeername+0x30/0x30 [ 19.832749] [] do_fast_syscall_32+0x2f7/0x890 [ 19.838867] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 19.845503] [] entry_SYSENTER_compat+0x51/0x60 [ 19.851704] [ 19.853295] The buggy address belongs to the page: [ 19.858189] page:ffffea000707e1c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 19.866407] flags: 0x8000000000000000() [ 19.870349] page dumped because: kasan: bad access detected [ 19.876020] [ 19.877615] Memory state around the buggy address: [ 19.882510] ffff8801c1f87980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.889836] ffff8801c1f87a00: 00 00 f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 [ 19.897158] >ffff8801c1f87a80: 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2 [ 19.904479] ^ [ 19.911196] ffff8801c1f87b00: f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2 00 00 [ 19.918521] ffff8801c1f87b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.925850] ================================================================== [ 19.933171] Disabling lock debugging due to kernel taint [ 19.939019] Kernel panic - not syncing: panic_on_warn set ... [ 19.939019] [ 19.946370] CPU: 0 PID: 3321 Comm: syzkaller041799 Tainted: G B 4.9.71-g2506378 #9 [ 19.955171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.964495] ffff8801c1f87088 ffffffff81d922b9 ffffffff84194b3f ffff8801c1f87160 [ 19.972446] 0000000000000000 ffff8801c1f87ae8 ffff8801c91b7420 ffff8801c1f87150 [ 19.980402] ffffffff8142d741 0000000041b58ab3 ffffffff84188580 ffffffff8142d585 [ 19.988349] Call Trace: [ 19.990903] [] dump_stack+0xc1/0x128 [ 19.996233] [] panic+0x1bc/0x3a8 [ 20.001226] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 20.009424] [] ? preempt_schedule+0x25/0x30 [ 20.015362] [] ? ___preempt_schedule+0x16/0x18 [ 20.021559] [] kasan_end_report+0x50/0x50 [ 20.027321] [] kasan_report+0x167/0x360 [ 20.032918] [] ? xfrm_state_find+0x2453/0x2830 [ 20.039123] [] __asan_report_load4_noabort+0x14/0x20 [ 20.045842] [] xfrm_state_find+0x2453/0x2830 [ 20.051866] [] ? xfrm_state_find+0x25a/0x2830 [ 20.057992] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 20.064974] [] ? xfrm_unregister_mode+0x200/0x200 [ 20.071433] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 20.078411] [] ? _raw_spin_unlock_irqrestore+0x5a/0x70 [ 20.085301] [] ? check_usage_forwards+0x310/0x310 [ 20.091761] [] ? depot_save_stack+0x1c5/0x4a0 [ 20.097881] [] xfrm_tmpl_resolve+0x298/0xa90 [ 20.103911] [] ? mutex_remove_waiter+0x352/0x400 [ 20.110375] [] ? __xfrm_decode_session+0x100/0x100 [ 20.116921] [] ? __lock_acquire+0x629/0x3640 [ 20.122944] [] ? save_stack+0xa3/0xd0 [ 20.128366] [] xfrm_resolve_and_create_bundle+0xd7/0x1d90 [ 20.135528] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 20.142514] [] ? xfrm_tmpl_resolve+0xa90/0xa90 [ 20.148715] [] ? check_preemption_disabled+0x3b/0x200 [ 20.155521] [] ? xfrm_sk_policy_lookup+0x200/0x370 [ 20.162065] [] ? xfrm_sk_policy_lookup+0x227/0x370 [ 20.168612] [] ? xfrm_selector_match+0xe40/0xe40 [ 20.174984] [] ? xfrm_expand_policies+0x25b/0x5b0 [ 20.181439] [] xfrm_lookup+0x984/0xbf0 [ 20.186941] [] ? xfrm_bundle_lookup+0x11b0/0x11b0 [ 20.193412] [] ? __ip_route_output_key_hash+0x7e5/0x23e0 [ 20.200478] [] ? __ip_route_output_key_hash+0x80c/0x23e0 [ 20.207552] [] ? __ip_route_output_key_hash+0x16a/0x23e0 [ 20.214619] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 20.220816] [] xfrm_lookup_route+0x39/0x1a0 [ 20.226752] [] ip_route_output_flow+0x7f/0xa0 [ 20.232862] [] udp_sendmsg+0xe36/0x1c10 [ 20.238449] [] ? udp_sendmsg+0x1232/0x1c10 [ 20.244297] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 20.250407] [] ? udp_lib_get_port+0x1830/0x1830 [ 20.256695] [] ? ip4_datagram_release_cb+0x1da/0x940 [ 20.263414] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 20.270223] [] ? release_sock+0x14c/0x1c0 [ 20.275984] [] ? trace_hardirqs_on+0xd/0x10 [ 20.281919] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 20.288209] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 20.294404] [] ? release_sock+0x14c/0x1c0 [ 20.300173] [] inet_sendmsg+0x2bc/0x4c0 [ 20.305762] [] ? inet_sendmsg+0x73/0x4c0 [ 20.311438] [] ? inet_recvmsg+0x4c0/0x4c0 [ 20.317201] [] sock_sendmsg+0xca/0x110 [ 20.322710] [] SYSC_sendto+0x2c8/0x340 [ 20.328212] [] ? SYSC_connect+0x310/0x310 [ 20.333977] [] ? do_huge_pmd_anonymous_page+0x2d4/0x10d0 [ 20.341047] [] ? handle_mm_fault+0x6ee/0x2530 [ 20.347156] [] ? __pmd_alloc+0x410/0x410 [ 20.352832] [] ? __do_page_fault+0x5ec/0xd40 [ 20.358863] [] ? up_read+0x1a/0x40 [ 20.364016] [] ? __do_page_fault+0x3bd/0xd40 [ 20.370043] [] SyS_sendto+0x40/0x50 [ 20.375286] [] ? SyS_getpeername+0x30/0x30 [ 20.381139] [] do_fast_syscall_32+0x2f7/0x890 [ 20.387248] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 20.393884] [] entry_SYSENTER_compat+0x51/0x60 [ 20.400511] Dumping ftrace buffer: [ 20.404020] (ftrace buffer empty) [ 20.407696] Kernel Offset: disabled [ 20.411291] Rebooting in 86400 seconds..