[....] Starting enhanced syslogd: rsyslogd[ 12.246658] audit: type=1400 audit(1519699139.379:4): avc: denied { syslog } for pid=3597 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.207' (ECDSA) to the list of known hosts. 2018/02/27 02:39:10 parsed 1 programs 2018/02/27 02:39:10 executed programs: 0 syzkaller login: [ 23.831141] IPVS: Creating netns size=2536 id=1 [ 24.493273] ================================================================== [ 24.500663] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x2453/0x2830 [ 24.507818] Read of size 4 at addr ffff8801d48ff720 by task syz-executor0/4030 [ 24.515143] [ 24.516742] CPU: 1 PID: 4030 Comm: syz-executor0 Not tainted 4.9.84-ge7f51a5 #53 [ 24.524239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.533560] ffff8801d48fed70 ffffffff81d956b9 ffffea0007523fc0 ffff8801d48ff720 [ 24.541532] 0000000000000000 ffff8801d48ff720 ffff8801d990f8a0 ffff8801d48feda8 [ 24.549493] ffffffff8153e1a3 ffff8801d48ff720 0000000000000004 0000000000000000 [ 24.557454] Call Trace: [ 24.560011] [] dump_stack+0xc1/0x128 [ 24.565342] [] print_address_description+0x73/0x280 [ 24.571977] [] kasan_report+0x275/0x360 [ 24.577569] [] ? xfrm_state_find+0x2453/0x2830 [ 24.583769] [] __asan_report_load4_noabort+0x14/0x20 [ 24.590491] [] xfrm_state_find+0x2453/0x2830 [ 24.596515] [] ? xfrm_state_find+0x25a/0x2830 [ 24.602628] [] ? xfrm_unregister_mode+0x200/0x200 [ 24.609088] [] xfrm_tmpl_resolve+0x298/0xa90 [ 24.615119] [] ? __xfrm_decode_session+0x100/0x100 [ 24.621665] [] ? __lock_acquire+0x629/0x3640 [ 24.627691] [] ? __lock_acquire+0x629/0x3640 [ 24.633715] [] ? check_usage+0x19e/0xa10 [ 24.639392] [] xfrm_resolve_and_create_bundle+0xd7/0x1d90 [ 24.646546] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 24.653527] [] ? __lock_acquire+0x629/0x3640 [ 24.659554] [] ? xfrm_tmpl_resolve+0xa90/0xa90 [ 24.665753] [] ? check_preemption_disabled+0x3b/0x200 [ 24.672560] [] ? xfrm_sk_policy_lookup+0x242/0x3c0 [ 24.679108] [] ? xfrm_sk_policy_lookup+0x269/0x3c0 [ 24.685662] [] ? xfrm_selector_match+0xe40/0xe40 [ 24.692033] [] ? xfrm_expand_policies+0x25b/0x5b0 [ 24.698492] [] xfrm_lookup+0x984/0xbf0 [ 24.703996] [] ? xfrm_bundle_lookup+0x11b0/0x11b0 [ 24.710456] [] ? __ip_route_output_key_hash+0x7e5/0x23e0 [ 24.717524] [] ? __ip_route_output_key_hash+0x80c/0x23e0 [ 24.724591] [] ? __ip_route_output_key_hash+0xc94/0x23e0 [ 24.731658] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 24.737857] [] xfrm_lookup_route+0x39/0x1a0 [ 24.743797] [] ip_route_output_flow+0x7f/0xa0 [ 24.749910] [] udp_sendmsg+0xe36/0x1c10 [ 24.755503] [] ? udp_sendmsg+0x1232/0x1c10 [ 24.761355] [] ? xfrm_user_policy+0x12b/0x530 [ 24.767467] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 24.773577] [] ? udp_lib_get_port+0x1830/0x1830 [ 24.779864] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 24.786847] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 24.793652] [] ? __lock_acquire+0x629/0x3640 [ 24.799677] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 24.806659] [] udpv6_sendmsg+0x588/0x2540 [ 24.812427] [] ? avc_has_perm+0x28b/0x4f0 [ 24.818191] [] ? avc_has_perm+0xb0/0x4f0 [ 24.823869] [] ? gup_pud_range+0x264/0x2e0 [ 24.829723] [] ? udp_v6_rehash+0xa0/0xa0 [ 24.835403] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 24.842385] [] ? sock_has_perm+0x1c2/0x3e0 [ 24.848237] [] ? sock_has_perm+0x292/0x3e0 [ 24.854088] [] ? sock_has_perm+0x9f/0x3e0 [ 24.859860] [] ? compat_import_iovec+0x219/0x3c0 [ 24.866233] [] ? check_preemption_disabled+0x3b/0x200 [ 24.873042] [] ? inet_sendmsg+0x201/0x4c0 [ 24.878808] [] inet_sendmsg+0x2bc/0x4c0 [ 24.884398] [] ? inet_sendmsg+0x73/0x4c0 [ 24.890074] [] ? inet_recvmsg+0x4c0/0x4c0 [ 24.895843] [] sock_sendmsg+0xca/0x110 [ 24.901352] [] ___sys_sendmsg+0x6d1/0x7e0 [ 24.907116] [] ? copy_msghdr_from_user+0x570/0x570 [ 24.913663] [] ? do_futex+0x3f8/0x15c0 [ 24.919166] [] ? avc_has_perm_noaudit+0x450/0x450 [ 24.925624] [] ? exit_robust_list+0x230/0x230 [ 24.931736] [] ? sock_has_perm+0x1c2/0x3e0 [ 24.937588] [] ? sock_has_perm+0x292/0x3e0 [ 24.943437] [] ? sock_has_perm+0x9f/0x3e0 [ 24.949200] [] ? __fget_light+0x169/0x1f0 [ 24.954962] [] ? __fdget+0x18/0x20 [ 24.960120] [] ? sockfd_lookup_light+0x118/0x160 [ 24.966491] [] __sys_sendmsg+0xd6/0x190 [ 24.972081] [] ? SyS_shutdown+0x1b0/0x1b0 [ 24.977847] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 24.983961] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 24.990509] [] compat_SyS_sendmsg+0x2a/0x40 [ 24.996448] [] ? compat_SyS_getsockopt+0x2a0/0x2a0 [ 25.002995] [] do_fast_syscall_32+0x2f5/0x870 [ 25.009108] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.015762] [] entry_SYSENTER_compat+0x90/0xa2 [ 25.021959] [ 25.023552] The buggy address belongs to the page: [ 25.028448] page:ffffea0007523fc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 25.036676] flags: 0x8000000000000000() [ 25.040616] page dumped because: kasan: bad access detected [ 25.046289] [ 25.047889] Memory state around the buggy address: [ 25.052785] ffff8801d48ff600: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 [ 25.060112] ffff8801d48ff680: f2 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 [ 25.067446] >ffff8801d48ff700: 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 [ 25.074772] ^ [ 25.079144] ffff8801d48ff780: 00 00 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 [ 25.086472] ffff8801d48ff800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.093797] ================================================================== [ 25.101132] Disabling lock debugging due to kernel taint [ 25.107308] Kernel panic - not syncing: panic_on_warn set ... [ 25.107308] [ 25.114662] CPU: 1 PID: 4030 Comm: syz-executor0 Tainted: G B 4.9.84-ge7f51a5 #53 [ 25.123377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.132704] ffff8801d48fecc8 ffffffff81d956b9 ffffffff8419784f ffff8801d48feda0 [ 25.140683] 0000000000000000 ffff8801d48ff720 ffff8801d990f8a0 ffff8801d48fed90 [ 25.148660] ffffffff8142f571 0000000041b58ab3 ffffffff8418b2c0 ffffffff8142f3b5 [ 25.156627] Call Trace: [ 25.159188] [] dump_stack+0xc1/0x128 [ 25.164524] [] panic+0x1bc/0x3a8 [ 25.169511] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 25.177709] [] ? preempt_schedule+0x25/0x30 [ 25.183649] [] ? ___preempt_schedule+0x16/0x18 [ 25.189852] [] kasan_end_report+0x50/0x50 [ 25.195626] [] kasan_report+0x167/0x360 [ 25.201219] [] ? xfrm_state_find+0x2453/0x2830 [ 25.207421] [] __asan_report_load4_noabort+0x14/0x20 [ 25.214148] [] xfrm_state_find+0x2453/0x2830 [ 25.220174] [] ? xfrm_state_find+0x25a/0x2830 [ 25.226304] [] ? xfrm_unregister_mode+0x200/0x200 [ 25.232772] [] xfrm_tmpl_resolve+0x298/0xa90 [ 25.238798] [] ? __xfrm_decode_session+0x100/0x100 [ 25.245349] [] ? __lock_acquire+0x629/0x3640 [ 25.251374] [] ? __lock_acquire+0x629/0x3640 [ 25.257401] [] ? check_usage+0x19e/0xa10 [ 25.263081] [] xfrm_resolve_and_create_bundle+0xd7/0x1d90 [ 25.270239] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 25.277220] [] ? __lock_acquire+0x629/0x3640 [ 25.283247] [] ? xfrm_tmpl_resolve+0xa90/0xa90 [ 25.289448] [] ? check_preemption_disabled+0x3b/0x200 [ 25.296258] [] ? xfrm_sk_policy_lookup+0x242/0x3c0 [ 25.302807] [] ? xfrm_sk_policy_lookup+0x269/0x3c0 [ 25.309357] [] ? xfrm_selector_match+0xe40/0xe40 [ 25.315734] [] ? xfrm_expand_policies+0x25b/0x5b0 [ 25.322209] [] xfrm_lookup+0x984/0xbf0 [ 25.327721] [] ? xfrm_bundle_lookup+0x11b0/0x11b0 [ 25.334185] [] ? __ip_route_output_key_hash+0x7e5/0x23e0 [ 25.341253] [] ? __ip_route_output_key_hash+0x80c/0x23e0 [ 25.348320] [] ? __ip_route_output_key_hash+0xc94/0x23e0 [ 25.355387] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 25.361591] [] xfrm_lookup_route+0x39/0x1a0 [ 25.367532] [] ip_route_output_flow+0x7f/0xa0 [ 25.373648] [] udp_sendmsg+0xe36/0x1c10 [ 25.379244] [] ? udp_sendmsg+0x1232/0x1c10 [ 25.385109] [] ? xfrm_user_policy+0x12b/0x530 [ 25.391226] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 25.397343] [] ? udp_lib_get_port+0x1830/0x1830 [ 25.403635] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 25.410625] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 25.417435] [] ? __lock_acquire+0x629/0x3640 [ 25.423464] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 25.430455] [] udpv6_sendmsg+0x588/0x2540 [ 25.436223] [] ? avc_has_perm+0x28b/0x4f0 [ 25.442008] [] ? avc_has_perm+0xb0/0x4f0 [ 25.447688] [] ? gup_pud_range+0x264/0x2e0 [ 25.453545] [] ? udp_v6_rehash+0xa0/0xa0 [ 25.459225] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 25.466208] [] ? sock_has_perm+0x1c2/0x3e0 [ 25.472062] [] ? sock_has_perm+0x292/0x3e0 [ 25.477923] [] ? sock_has_perm+0x9f/0x3e0 [ 25.483693] [] ? compat_import_iovec+0x219/0x3c0 [ 25.490067] [] ? check_preemption_disabled+0x3b/0x200 [ 25.496887] [] ? inet_sendmsg+0x201/0x4c0 [ 25.502655] [] inet_sendmsg+0x2bc/0x4c0 [ 25.508255] [] ? inet_sendmsg+0x73/0x4c0 [ 25.513933] [] ? inet_recvmsg+0x4c0/0x4c0 [ 25.519702] [] sock_sendmsg+0xca/0x110 [ 25.525297] [] ___sys_sendmsg+0x6d1/0x7e0 [ 25.531065] [] ? copy_msghdr_from_user+0x570/0x570 [ 25.537614] [] ? do_futex+0x3f8/0x15c0 [ 25.543119] [] ? avc_has_perm_noaudit+0x450/0x450 [ 25.549578] [] ? exit_robust_list+0x230/0x230 [ 25.555690] [] ? sock_has_perm+0x1c2/0x3e0 [ 25.561543] [] ? sock_has_perm+0x292/0x3e0 [ 25.567397] [] ? sock_has_perm+0x9f/0x3e0 [ 25.573165] [] ? __fget_light+0x169/0x1f0 [ 25.578930] [] ? __fdget+0x18/0x20 [ 25.584089] [] ? sockfd_lookup_light+0x118/0x160 [ 25.590466] [] __sys_sendmsg+0xd6/0x190 [ 25.596059] [] ? SyS_shutdown+0x1b0/0x1b0 [ 25.601829] [] ? compat_SyS_futex+0x1f9/0x2a0 [ 25.607943] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 25.614491] [] compat_SyS_sendmsg+0x2a/0x40 [ 25.620430] [] ? compat_SyS_getsockopt+0x2a0/0x2a0 [ 25.626980] [] do_fast_syscall_32+0x2f5/0x870 [ 25.633091] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.639724] [] entry_SYSENTER_compat+0x90/0xa2 [ 25.646368] Dumping ftrace buffer: [ 25.649884] (ftrace buffer empty) [ 25.653561] Kernel Offset: disabled [ 25.657158] Rebooting in 86400 seconds..