audit: type=1400 audit(1601953488.473:8): avc: denied { execmem } for pid=6490 comm="syz-executor174" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 skbuff: skb_over_panic: text:00000000a4992447 len:232 put:72 head:00000000b2795519 data:00000000b2795519 tail:0xe8 end:0xc0 dev: ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:104! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 6511 Comm: syz-executor174 Not tainted 4.19.149-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:skb_panic+0x158/0x1e0 net/core/skbuff.c:104 Code: 01 84 c0 74 04 3c 03 7e 33 8b 8b 80 00 00 00 41 56 45 89 e8 48 c7 c7 e0 89 b4 88 41 57 56 48 89 ee 52 4c 89 e2 e8 27 84 47 fb <0f> 0b 48 c7 c7 40 3c dd 8a 48 83 c4 20 e8 d6 53 a2 fd 4c 89 4c 24 RSP: 0018:ffff8880a703efb0 EFLAGS: 00010286 RAX: 0000000000000086 RBX: ffff8880a38c4c00 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff815b623f RDI: ffffed1014e07de8 RBP: ffffffff88b494e0 R08: 0000000000000086 R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000000 R12: ffffffff86d00743 R13: 0000000000000048 R14: ffffffff88b489a0 R15: 00000000000000c0 FS: 00007f41b7f65700(0000) GS:ffff8880ae200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffd55686a20 CR3: 0000000091423000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: skb_over_panic net/core/skbuff.c:109 [inline] skb_put+0x183/0x1c0 net/core/skbuff.c:1702 dump_esp_combs net/key/af_key.c:3012 [inline] pfkey_send_acquire+0x1853/0x2540 net/key/af_key.c:3233 km_query+0xe2/0x240 net/xfrm/xfrm_state.c:1990 xfrm_state_find+0x1c58/0x2c90 net/xfrm/xfrm_state.c:1040 xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:1410 [inline] xfrm_tmpl_resolve+0x2f3/0xc50 net/xfrm/xfrm_policy.c:1455 xfrm_resolve_and_create_bundle+0xd8/0x3e0 net/xfrm/xfrm_policy.c:1753 xfrm_lookup_with_ifid+0x241/0x1f60 net/xfrm/xfrm_policy.c:2076 xfrm_lookup net/xfrm/xfrm_policy.c:2200 [inline] xfrm_lookup_route+0x36/0x200 net/xfrm/xfrm_policy.c:2211 ip_route_output_flow+0xa6/0xc0 net/ipv4/route.c:2638 udp_sendmsg+0x19fc/0x2530 net/ipv4/udp.c:1101 inet_sendmsg+0x174/0x640 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xc7/0x130 net/socket.c:632 ___sys_sendmsg+0x3b3/0x8f0 net/socket.c:2115 __sys_sendmmsg+0x195/0x470 net/socket.c:2210 __do_sys_sendmmsg net/socket.c:2239 [inline] __se_sys_sendmmsg net/socket.c:2236 [inline] __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2236 do_syscall_64+0xf9/0x670 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x447239 Code: e8 dc e6 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 05 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f41b7f64da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00000000006dcc58 RCX: 0000000000447239 RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000003 RBP: 00000000006dcc50 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc5c R13: 0000000000000002 R14: 0000000009000702 R15: 0000000000000005 Modules linked in: ---[ end trace 6f0428ae9617ecfc ]--- RIP: 0010:skb_panic+0x158/0x1e0 net/core/skbuff.c:104 Code: 01 84 c0 74 04 3c 03 7e 33 8b 8b 80 00 00 00 41 56 45 89 e8 48 c7 c7 e0 89 b4 88 41 57 56 48 89 ee 52 4c 89 e2 e8 27 84 47 fb <0f> 0b 48 c7 c7 40 3c dd 8a 48 83 c4 20 e8 d6 53 a2 fd 4c 89 4c 24 RSP: 0018:ffff8880a703efb0 EFLAGS: 00010286 RAX: 0000000000000086 RBX: ffff8880a38c4c00 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff815b623f RDI: ffffed1014e07de8 RBP: ffffffff88b494e0 R08: 0000000000000086 R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000000 R12: ffffffff86d00743 R13: 0000000000000048 R14: ffffffff88b489a0 R15: 00000000000000c0 FS: 00007f41b7f65700(0000) GS:ffff8880ae200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f15702fa000 CR3: 0000000091423000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400