[....] Starting enhanced syslogd: rsyslogd[ 9.325719] audit: type=1400 audit(1514194939.042:4): avc: denied { syslog } for pid=3157 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-9,10.128.15.225' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 16.170828] ================================================================== [ 16.171947] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x2453/0x2830 [ 16.172890] Read of size 4 at addr ffff8801ca3878b0 by task syzkaller949618/3307 [ 16.173910] [ 16.174156] CPU: 0 PID: 3307 Comm: syzkaller949618 Not tainted 4.9.71-g2506378 #113 [ 16.175188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 16.176415] ffff8801ca386f00 ffffffff81d922b9 ffffea000728e1c0 ffff8801ca3878b0 [ 16.177589] 0000000000000000 ffff8801ca3878b0 ffff8801d035afa0 ffff8801ca386f38 [ 16.178732] ffffffff8153bab3 ffff8801ca3878b0 0000000000000004 0000000000000000 [ 16.179855] Call Trace: [ 16.180210] [] dump_stack+0xc1/0x128 [ 16.180919] [] print_address_description+0x73/0x280 [ 16.181839] [] kasan_report+0x275/0x360 [ 16.182605] [] ? xfrm_state_find+0x2453/0x2830 [ 16.183722] [] __asan_report_load4_noabort+0x14/0x20 [ 16.184929] [] xfrm_state_find+0x2453/0x2830 [ 16.186447] [] ? xfrm_state_find+0x25a/0x2830 [ 16.187646] [] ? xfrm_unregister_mode+0x200/0x200 [ 16.188872] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 16.190370] [] ? check_usage_forwards+0x310/0x310 [ 16.193140] [] ? update_sd_lb_stats+0x3240/0x3240 [ 16.199601] [] xfrm_tmpl_resolve+0x298/0xa90 [ 16.205620] [] ? __xfrm_decode_session+0x100/0x100 [ 16.212161] [] ? __lock_acquire+0x629/0x3640 [ 16.218185] [] ? save_stack+0xa3/0xd0 [ 16.223598] [] xfrm_resolve_and_create_bundle+0xd7/0x1d90 [ 16.230756] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 16.237740] [] ? xfrm_tmpl_resolve+0xa90/0xa90 [ 16.244458] [] ? check_preemption_disabled+0x3b/0x200 [ 16.252649] [] ? xfrm_sk_policy_lookup+0x200/0x370 [ 16.259189] [] ? xfrm_sk_policy_lookup+0x227/0x370 [ 16.265730] [] ? xfrm_selector_match+0xe40/0xe40 [ 16.272100] [] ? xfrm_expand_policies+0x25b/0x5b0 [ 16.278555] [] xfrm_lookup+0x984/0xbf0 [ 16.284054] [] ? xfrm_bundle_lookup+0x11b0/0x11b0 [ 16.290508] [] ? __ip_route_output_key_hash+0x7e5/0x23e0 [ 16.297570] [] ? __ip_route_output_key_hash+0x80c/0x23e0 [ 16.304630] [] ? __ip_route_output_key_hash+0x16a/0x23e0 [ 16.311692] [] ? save_stack_trace+0x16/0x20 [ 16.318232] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 16.324425] [] xfrm_lookup_route+0x39/0x1a0 [ 16.330361] [] ip_route_output_flow+0x7f/0xa0 [ 16.336470] [] udp_sendmsg+0xe36/0x1c10 [ 16.342057] [] ? udp_sendmsg+0x1232/0x1c10 [ 16.347904] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 16.354012] [] ? udp_lib_get_port+0x1830/0x1830 [ 16.360296] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 16.366579] [] udpv6_sendmsg+0x588/0x2540 [ 16.372341] [] ? trace_hardirqs_on+0xd/0x10 [ 16.378278] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 16.384561] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 16.390755] [] ? udp_v6_rehash+0xa0/0xa0 [ 16.396810] [] ? udp_seq_next+0x80/0x80 [ 16.402403] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 16.409379] [] ? release_sock+0x20/0x1c0 [ 16.415052] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 16.421333] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 16.428134] [] ? release_sock+0x14c/0x1c0 [ 16.433893] [] ? trace_hardirqs_on+0xd/0x10 [ 16.439830] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 16.446113] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 16.452306] [] ? release_sock+0x14c/0x1c0 [ 16.458067] [] inet_sendmsg+0x2bc/0x4c0 [ 16.463652] [] ? inet_sendmsg+0x73/0x4c0 [ 16.469324] [] ? inet_recvmsg+0x4c0/0x4c0 [ 16.475083] [] sock_sendmsg+0xca/0x110 [ 16.480583] [] SYSC_sendto+0x2c8/0x340 [ 16.486082] [] ? SYSC_connect+0x310/0x310 [ 16.491847] [] ? __pmd_alloc+0x410/0x410 [ 16.497523] [] ? __do_page_fault+0x5ec/0xd40 [ 16.503543] [] ? __do_page_fault+0x3bd/0xd40 [ 16.509563] [] ? SyS_setsockopt+0x17f/0x250 [ 16.515500] [] ? entry_SYSCALL_64_fastpath+0x5/0xc6 [ 16.522131] [] SyS_sendto+0x40/0x50 [ 16.528413] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 16.534957] [ 16.536548] The buggy address belongs to the page: [ 16.541442] page:ffffea000728e1c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 16.549658] flags: 0x8000000000000000() [ 16.553591] page dumped because: kasan: bad access detected [ 16.559382] [ 16.560972] Memory state around the buggy address: [ 16.565864] ffff8801ca387780: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 [ 16.573187] ffff8801ca387800: f2 f2 f2 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 [ 16.580508] >ffff8801ca387880: 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00 [ 16.587827] ^ [ 16.592728] ffff8801ca387900: 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00 00 00 [ 16.600049] ffff8801ca387980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.607368] ================================================================== [ 16.614687] Disabling lock debugging due to kernel taint [ 16.620315] Kernel panic - not syncing: panic_on_warn set ... [ 16.620315] [ 16.627660] CPU: 0 PID: 3307 Comm: syzkaller949618 Tainted: G B 4.9.71-g2506378 #113 [ 16.636639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 16.645960] ffff8801ca386e58 ffffffff81d922b9 ffffffff84194b3f ffff8801ca386f30 [ 16.653902] 0000000000000000 ffff8801ca3878b0 ffff8801d035afa0 ffff8801ca386f20 [ 16.661842] ffffffff8142d741 0000000041b58ab3 ffffffff84188580 ffffffff8142d585 [ 16.669778] Call Trace: [ 16.672337] [] dump_stack+0xc1/0x128 [ 16.677664] [] panic+0x1bc/0x3a8 [ 16.682648] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 16.693272] [] ? preempt_schedule+0x25/0x30 [ 16.699205] [] ? ___preempt_schedule+0x16/0x18 [ 16.705403] [] kasan_end_report+0x50/0x50 [ 16.711163] [] kasan_report+0x167/0x360 [ 16.716749] [] ? xfrm_state_find+0x2453/0x2830 [ 16.722944] [] __asan_report_load4_noabort+0x14/0x20 [ 16.730708] [] xfrm_state_find+0x2453/0x2830 [ 16.736728] [] ? xfrm_state_find+0x25a/0x2830 [ 16.742837] [] ? xfrm_unregister_mode+0x200/0x200 [ 16.749554] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 16.758874] [] ? check_usage_forwards+0x310/0x310 [ 16.765328] [] ? update_sd_lb_stats+0x3240/0x3240 [ 16.771785] [] xfrm_tmpl_resolve+0x298/0xa90 [ 16.777806] [] ? __xfrm_decode_session+0x100/0x100 [ 16.784346] [] ? __lock_acquire+0x629/0x3640 [ 16.790367] [] ? save_stack+0xa3/0xd0 [ 16.795782] [] xfrm_resolve_and_create_bundle+0xd7/0x1d90 [ 16.802935] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 16.809912] [] ? xfrm_tmpl_resolve+0xa90/0xa90 [ 16.816119] [] ? check_preemption_disabled+0x3b/0x200 [ 16.822929] [] ? xfrm_sk_policy_lookup+0x200/0x370 [ 16.829472] [] ? xfrm_sk_policy_lookup+0x227/0x370 [ 16.836014] [] ? xfrm_selector_match+0xe40/0xe40 [ 16.842389] [] ? xfrm_expand_policies+0x25b/0x5b0 [ 16.848845] [] xfrm_lookup+0x984/0xbf0 [ 16.854346] [] ? xfrm_bundle_lookup+0x11b0/0x11b0 [ 16.860809] [] ? __ip_route_output_key_hash+0x7e5/0x23e0 [ 16.867875] [] ? __ip_route_output_key_hash+0x80c/0x23e0 [ 16.874936] [] ? __ip_route_output_key_hash+0x16a/0x23e0 [ 16.881999] [] ? save_stack_trace+0x16/0x20 [ 16.887944] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 16.894137] [] xfrm_lookup_route+0x39/0x1a0 [ 16.901285] [] ip_route_output_flow+0x7f/0xa0 [ 16.907393] [] udp_sendmsg+0xe36/0x1c10 [ 16.912978] [] ? udp_sendmsg+0x1232/0x1c10 [ 16.919172] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 16.925279] [] ? udp_lib_get_port+0x1830/0x1830 [ 16.931560] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 16.937840] [] udpv6_sendmsg+0x588/0x2540 [ 16.943610] [] ? trace_hardirqs_on+0xd/0x10 [ 16.949542] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 16.955824] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 16.962017] [] ? udp_v6_rehash+0xa0/0xa0 [ 16.967688] [] ? udp_seq_next+0x80/0x80 [ 16.973275] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 16.980513] [] ? release_sock+0x20/0x1c0 [ 16.986190] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 16.992470] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 16.999271] [] ? release_sock+0x14c/0x1c0 [ 17.005030] [] ? trace_hardirqs_on+0xd/0x10 [ 17.010964] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 17.017245] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 17.023438] [] ? release_sock+0x14c/0x1c0 [ 17.029199] [] inet_sendmsg+0x2bc/0x4c0 [ 17.034783] [] ? inet_sendmsg+0x73/0x4c0 [ 17.040463] [] ? inet_recvmsg+0x4c0/0x4c0 [ 17.046223] [] sock_sendmsg+0xca/0x110 [ 17.051720] [] SYSC_sendto+0x2c8/0x340 [ 17.057219] [] ? SYSC_connect+0x310/0x310 [ 17.062980] [] ? __pmd_alloc+0x410/0x410 [ 17.068655] [] ? __do_page_fault+0x5ec/0xd40 [ 17.074675] [] ? __do_page_fault+0x3bd/0xd40 [ 17.080694] [] ? SyS_setsockopt+0x17f/0x250 [ 17.086629] [] ? entry_SYSCALL_64_fastpath+0x5/0xc6 [ 17.093257] [] SyS_sendto+0x40/0x50 [ 17.098496] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 17.105625] Dumping ftrace buffer: [ 17.109134] (ftrace buffer empty) [ 17.112808] Kernel Offset: disabled [ 17.116398] Rebooting in 86400 seconds..