[ 44.939986] audit: type=1800 audit(1584298494.872:31): pid=7843 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0
[ 44.963662] audit: type=1800 audit(1584298494.872:32): pid=7843 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2450 res=0
Starting mcstransd:
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.194' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 57.115471] kauditd_printk_skb: 3 callbacks suppressed
[ 57.115485] audit: type=1400 audit(1584298507.132:36): avc: denied { map } for pid=8027 comm="syz-executor559" path="/root/syz-executor559645294" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 57.121079] ==================================================================
[ 57.154443] BUG: KASAN: slab-out-of-bounds in selinux_xfrm_alloc_user+0x205/0x400
[ 57.162045] Read of size 768 at addr ffff888097bcf334 by task syz-executor559/8027
[ 57.169729]
[ 57.171344] CPU: 1 PID: 8027 Comm: syz-executor559 Not tainted 4.19.109-syzkaller #0
[ 57.179203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 57.188534] Call Trace:
[ 57.191108] dump_stack+0x188/0x20d
[ 57.194720] ? selinux_xfrm_alloc_user+0x205/0x400
[ 57.199633] print_address_description.cold+0x7c/0x212
[ 57.204940] ? selinux_xfrm_alloc_user+0x205/0x400
[ 57.209856] kasan_report.cold+0x88/0x2b9
[ 57.213993] memcpy+0x20/0x50
[ 57.217095] selinux_xfrm_alloc_user+0x205/0x400
[ 57.221851] security_xfrm_policy_alloc+0x6c/0xb0
[ 57.226687] xfrm_policy_construct+0x2a8/0x660
[ 57.231253] xfrm_add_acquire+0x215/0x9f0
[ 57.235423] ? mark_lock+0x85c/0x11b0
[ 57.239207] ? print_shortest_lock_dependencies+0x80/0x80
[ 57.244727] ? cap_capable+0x1eb/0x250
[ 57.248599] ? xfrm_add_policy+0x4e0/0x4e0
[ 57.252818] ? nla_parse+0x1f3/0x2f0
[ 57.256518] ? xfrm_add_policy+0x4e0/0x4e0
[ 57.260742] xfrm_user_rcv_msg+0x40c/0x6b0
[ 57.264963] ? xfrm_dump_sa_done+0xe0/0xe0
[ 57.269188] ? __lock_acquire+0x6ee/0x49c0
[ 57.273420] ? __mutex_lock+0x3cd/0x1300
[ 57.277463] ? xfrm_netlink_rcv+0x5c/0x90
[ 57.281604] netlink_rcv_skb+0x160/0x410
[ 57.285650] ? xfrm_dump_sa_done+0xe0/0xe0
[ 57.289867] ? netlink_ack+0xa60/0xa60
[ 57.293739] ? lock_downgrade+0x740/0x740
[ 57.297868] xfrm_netlink_rcv+0x6b/0x90
[ 57.301825] netlink_unicast+0x4d7/0x6a0
[ 57.305871] ? netlink_attachskb+0x710/0x710
[ 57.310298] netlink_sendmsg+0x80b/0xcd0
[ 57.314345] ? netlink_unicast+0x6a0/0x6a0
[ 57.318557] ? move_addr_to_kernel.part.0+0x110/0x110
[ 57.323733] ? netlink_unicast+0x6a0/0x6a0
[ 57.327959] sock_sendmsg+0xcf/0x120
[ 57.331740] ___sys_sendmsg+0x803/0x920
[ 57.335713] ? copy_msghdr_from_user+0x410/0x410
[ 57.340462] ? prep_transhuge_page+0xa0/0xa0
[ 57.344860] ? pud_val+0x7c/0xf0
[ 57.348216] ? __pmd+0x60/0x60
[ 57.351395] ? __handle_mm_fault+0x754/0x3b60
[ 57.355920] ? copy_page_range+0x1e70/0x1e70
[ 57.360314] ? count_memcg_event_mm+0x279/0x4c0
[ 57.364974] ? find_held_lock+0x2d/0x110
[ 57.369020] ? __do_page_fault+0x631/0xdd0
[ 57.373235] ? __fget_light+0x1a2/0x230
[ 57.377192] __sys_sendmsg+0xec/0x1b0
[ 57.380975] ? __ia32_sys_shutdown+0x70/0x70
[ 57.385379] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 57.390153] ? trace_hardirqs_off_caller+0x55/0x210
[ 57.395152] ? do_syscall_64+0x21/0x620
[ 57.399110] do_syscall_64+0xf9/0x620
[ 57.402897] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 57.408074] RIP: 0033:0x4406e9
[ 57.411247] Code: 23 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 57.430167] RSP: 002b:00007fff605be978 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 57.437856] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004406e9
[ 57.445105] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[ 57.452352] RBP: 00000000006cb018 R08: 0000000000000000 R09: 6c616b7a79732f2e
[ 57.459600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401f10
[ 57.466886] R13: 0000000000401fa0 R14: 0000000000000000 R15: 0000000000000000
[ 57.474180]
[ 57.475785] Allocated by task 8027:
[ 57.479417] kasan_kmalloc+0xbf/0xe0
[ 57.483112] __kmalloc_node_track_caller+0x4c/0x70
[ 57.488022] __kmalloc_reserve.isra.0+0x39/0xe0
[ 57.492667] __alloc_skb+0xef/0x5b0
[ 57.496303] netlink_sendmsg+0x8d6/0xcd0
[ 57.500343] sock_sendmsg+0xcf/0x120
[ 57.504042] ___sys_sendmsg+0x803/0x920
[ 57.507997] __sys_sendmsg+0xec/0x1b0
[ 57.511778] do_syscall_64+0xf9/0x620
[ 57.515561] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 57.520726]
[ 57.522331] Freed by task 0:
[ 57.525322] (stack is not available)
[ 57.529009]
[ 57.530615] The buggy address belongs to the object at ffff888097bcf200
[ 57.530615] which belongs to the cache kmalloc-1024 of size 1024
[ 57.543525] The buggy address is located 308 bytes inside of
[ 57.543525] 1024-byte region [ffff888097bcf200, ffff888097bcf600)
[ 57.555463] The buggy address belongs to the page:
[ 57.560386] page:ffffea00025ef380 count:1 mapcount:0 mapping:ffff88812c3dcac0 index:0x0 compound_mapcount: 0
[ 57.570331] flags: 0xfffe0000008100(slab|head)
[ 57.574909] raw: 00fffe0000008100 ffffea0001f7a688 ffffea0002976608 ffff88812c3dcac0
[ 57.582789] raw: 0000000000000000 ffff888097bce000 0000000100000007 0000000000000000
[ 57.590654] page dumped because: kasan: bad access detected
[ 57.596341]
[ 57.597946] Memory state around the buggy address:
[ 57.602856] ffff888097bcf500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 57.610194] ffff888097bcf580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 57.617533] >ffff888097bcf600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 57.624869] ^
[ 57.628237] ffff888097bcf680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.635580] ffff888097bcf700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.642939] ==================================================================
[ 57.650309] Disabling lock debugging due to kernel taint
[ 57.656156] Kernel panic - not syncing: panic_on_warn set ...
[ 57.656156]
[ 57.663516] CPU: 1 PID: 8027 Comm: syz-executor559 Tainted: G B 4.19.109-syzkaller #0
[ 57.672765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 57.682103] Call Trace:
[ 57.684673] dump_stack+0x188/0x20d
[ 57.688282] panic+0x26a/0x50e
[ 57.691455] ? __warn_printk+0xf3/0xf3
[ 57.695325] ? preempt_schedule_common+0x4a/0xc0
[ 57.700100] ? selinux_xfrm_alloc_user+0x205/0x400
[ 57.705049] ? ___preempt_schedule+0x16/0x18
[ 57.709439] ? trace_hardirqs_on+0x55/0x210
[ 57.713743] ? selinux_xfrm_alloc_user+0x205/0x400
[ 57.718665] kasan_end_report+0x43/0x49
[ 57.722638] kasan_report.cold+0xa4/0x2b9
[ 57.726781] memcpy+0x20/0x50
[ 57.729867] selinux_xfrm_alloc_user+0x205/0x400
[ 57.734607] security_xfrm_policy_alloc+0x6c/0xb0
[ 57.739433] xfrm_policy_construct+0x2a8/0x660
[ 57.744034] xfrm_add_acquire+0x215/0x9f0
[ 57.748162] ? mark_lock+0x85c/0x11b0
[ 57.751960] ? print_shortest_lock_dependencies+0x80/0x80
[ 57.757479] ? cap_capable+0x1eb/0x250
[ 57.761351] ? xfrm_add_policy+0x4e0/0x4e0
[ 57.765580] ? nla_parse+0x1f3/0x2f0
[ 57.769324] ? xfrm_add_policy+0x4e0/0x4e0
[ 57.773540] xfrm_user_rcv_msg+0x40c/0x6b0
[ 57.777759] ? xfrm_dump_sa_done+0xe0/0xe0
[ 57.781977] ? __lock_acquire+0x6ee/0x49c0
[ 57.786201] ? __mutex_lock+0x3cd/0x1300
[ 57.790246] ? xfrm_netlink_rcv+0x5c/0x90
[ 57.794378] netlink_rcv_skb+0x160/0x410
[ 57.798423] ? xfrm_dump_sa_done+0xe0/0xe0
[ 57.802651] ? netlink_ack+0xa60/0xa60
[ 57.806535] ? lock_downgrade+0x740/0x740
[ 57.810662] xfrm_netlink_rcv+0x6b/0x90
[ 57.814616] netlink_unicast+0x4d7/0x6a0
[ 57.818657] ? netlink_attachskb+0x710/0x710
[ 57.823048] netlink_sendmsg+0x80b/0xcd0
[ 57.827114] ? netlink_unicast+0x6a0/0x6a0
[ 57.831329] ? move_addr_to_kernel.part.0+0x110/0x110
[ 57.836499] ? netlink_unicast+0x6a0/0x6a0
[ 57.840712] sock_sendmsg+0xcf/0x120
[ 57.844412] ___sys_sendmsg+0x803/0x920
[ 57.848366] ? copy_msghdr_from_user+0x410/0x410
[ 57.853113] ? prep_transhuge_page+0xa0/0xa0
[ 57.857511] ? pud_val+0x7c/0xf0
[ 57.860860] ? __pmd+0x60/0x60
[ 57.864035] ? __handle_mm_fault+0x754/0x3b60
[ 57.868508] ? copy_page_range+0x1e70/0x1e70
[ 57.872895] ? count_memcg_event_mm+0x279/0x4c0
[ 57.877541] ? find_held_lock+0x2d/0x110
[ 57.881583] ? __do_page_fault+0x631/0xdd0
[ 57.885842] ? __fget_light+0x1a2/0x230
[ 57.889806] __sys_sendmsg+0xec/0x1b0
[ 57.893587] ? __ia32_sys_shutdown+0x70/0x70
[ 57.897984] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 57.902717] ? trace_hardirqs_off_caller+0x55/0x210
[ 57.907839] ? do_syscall_64+0x21/0x620
[ 57.911793] do_syscall_64+0xf9/0x620
[ 57.915591] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 57.920761] RIP: 0033:0x4406e9
[ 57.924025] Code: 23 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 57.942997] RSP: 002b:00007fff605be978 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 57.950723] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004406e9
[ 57.958059] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[ 57.965306] RBP: 00000000006cb018 R08: 0000000000000000 R09: 6c616b7a79732f2e
[ 57.972554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401f10
[ 57.979799] R13: 0000000000401fa0 R14: 0000000000000000 R15: 0000000000000000
[ 57.988122] Kernel Offset: disabled
[ 57.991740] Rebooting in 86400 seconds..