[....] Starting enhanced syslogd: rsyslogd[ 13.624884] audit: type=1400 audit(1516823566.541:5): avc: denied { syslog } for pid=3505 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.169817] audit: type=1400 audit(1516823572.086:6): avc: denied { map } for pid=3646 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts. executing program [ 25.418458] audit: type=1400 audit(1516823578.335:7): avc: denied { map } for pid=3660 comm="syzkaller542876" path="/root/syzkaller542876750" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 25.421462] ================================================================== [ 25.421481] BUG: KASAN: slab-out-of-bounds in string+0x1e8/0x200 [ 25.421485] Read of size 1 at addr ffff8801d99ba490 by task syzkaller542876/3660 [ 25.421487] [ 25.421494] CPU: 1 PID: 3660 Comm: syzkaller542876 Not tainted 4.15.0-rc9+ #207 [ 25.421497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.421499] Call Trace: [ 25.421510] dump_stack+0x194/0x257 [ 25.421524] ? arch_local_irq_restore+0x53/0x53 [ 25.421534] ? show_regs_print_info+0x18/0x18 [ 25.421541] ? lock_release+0xa40/0xa40 [ 25.421550] ? string+0x1e8/0x200 [ 25.421560] print_address_description+0x73/0x250 [ 25.421566] ? string+0x1e8/0x200 [ 25.421572] kasan_report+0x25b/0x340 [ 25.421581] __asan_report_load1_noabort+0x14/0x20 [ 25.421585] string+0x1e8/0x200 [ 25.421598] vsnprintf+0x863/0x1900 [ 25.421611] ? pointer+0x9e0/0x9e0 [ 25.421630] __request_module+0x1bf/0xc20 [ 25.421635] ? lock_downgrade+0x980/0x980 [ 25.421644] ? free_modprobe_argv+0xa0/0xa0 [ 25.421649] ? lock_downgrade+0x980/0x980 [ 25.421656] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.421664] ? pcpu_alloc+0x146/0x10e0 [ 25.421680] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 25.421684] ? pcpu_free_area+0xa00/0xa00 [ 25.421692] ? wait_for_completion+0x770/0x770 [ 25.421703] ? __kernel_text_address+0xd/0x40 [ 25.421708] ? wait_for_completion+0x770/0x770 [ 25.421716] ? trace_hardirqs_off+0xd/0x10 [ 25.421727] ? depot_save_stack+0x3b5/0x490 [ 25.421739] ? kvfree+0x36/0x60 [ 25.421755] ? xt_find_target+0x17b/0x1e0 [ 25.421773] xt_request_find_target+0x8b/0xb0 [ 25.421782] find_check_entry.isra.8+0x612/0xcb0 [ 25.421795] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.421801] ? ipt_do_table+0x1330/0x1330 [ 25.421810] ? mark_held_locks+0xaf/0x100 [ 25.421816] ? kfree+0xf0/0x260 [ 25.421821] ? kvfree+0x36/0x60 [ 25.421826] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.421832] ? trace_hardirqs_on+0xd/0x10 [ 25.421843] translate_table+0xed1/0x1610 [ 25.421866] ? alloc_counters.isra.11+0x7d0/0x7d0 [ 25.421874] ? kasan_check_write+0x14/0x20 [ 25.421879] ? _copy_from_user+0x99/0x110 [ 25.421887] do_ipt_set_ctl+0x370/0x5f0 [ 25.421895] ? translate_compat_table+0x1b90/0x1b90 [ 25.421912] ? mutex_unlock+0xd/0x10 [ 25.421917] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 25.421926] nf_setsockopt+0x67/0xc0 [ 25.421936] ip_setsockopt+0xa1/0xb0 [ 25.421945] tcp_setsockopt+0x82/0xd0 [ 25.421956] sock_common_setsockopt+0x95/0xd0 [ 25.421965] SyS_setsockopt+0x189/0x360 [ 25.421974] ? SyS_recv+0x40/0x40 [ 25.421982] ? entry_SYSCALL_64_fastpath+0x5/0xa0 [ 25.421989] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.421997] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.422012] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 25.422017] RIP: 0033:0x43ffc9 [ 25.422019] RSP: 002b:00007ffd2d9748f8 EFLAGS: 00000203 ORIG_RAX: 0000000000000036 [ 25.422024] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ffc9 [ 25.422027] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 [ 25.422030] RBP: 00000000006ca018 R08: 00000000000000f0 R09: 0000000000000000 [ 25.422032] R10: 00000000203b4326 R11: 0000000000000203 R12: 00000000004018f0 [ 25.422035] R13: 0000000000401980 R14: 0000000000000000 R15: 0000000000000000 [ 25.422051] [ 25.422054] Allocated by task 3660: [ 25.422059] save_stack+0x43/0xd0 [ 25.422062] kasan_kmalloc+0xad/0xe0 [ 25.422065] __kmalloc_node+0x47/0x70 [ 25.422069] kvmalloc_node+0x99/0xd0 [ 25.422073] xt_alloc_table_info+0x64/0xe0 [ 25.422077] do_ipt_set_ctl+0x29b/0x5f0 [ 25.422080] nf_setsockopt+0x67/0xc0 [ 25.422083] ip_setsockopt+0xa1/0xb0 [ 25.422087] tcp_setsockopt+0x82/0xd0 [ 25.422091] sock_common_setsockopt+0x95/0xd0 [ 25.422094] SyS_setsockopt+0x189/0x360 [ 25.422098] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 25.422100] [ 25.422102] Freed by task 2028: [ 25.422106] save_stack+0x43/0xd0 [ 25.422110] kasan_slab_free+0x71/0xc0 [ 25.422113] kfree+0xd6/0x260 [ 25.422118] single_release+0x80/0xb0 [ 25.422123] __fput+0x327/0x7e0 [ 25.422126] ____fput+0x15/0x20 [ 25.422130] task_work_run+0x199/0x270 [ 25.422133] exit_to_usermode_loop+0x296/0x310 [ 25.422137] syscall_return_slowpath+0x490/0x550 [ 25.422141] entry_SYSCALL_64_fastpath+0x9e/0xa0 [ 25.422142] [ 25.422145] The buggy address belongs to the object at ffff8801d99ba3c0 [ 25.422145] which belongs to the cache kmalloc-256 of size 256 [ 25.422149] The buggy address is located 208 bytes inside of [ 25.422149] 256-byte region [ffff8801d99ba3c0, ffff8801d99ba4c0) [ 25.422151] The buggy address belongs to the page: [ 25.422155] page:ffffea0007666e80 count:1 mapcount:0 mapping:ffff8801d99ba000 index:0xffff8801d99ba500 [ 25.422160] flags: 0x2fffc0000000100(slab) [ 25.422166] raw: 02fffc0000000100 ffff8801d99ba000 ffff8801d99ba500 0000000100000004 [ 25.422171] raw: ffffea0007663e60 ffffea0007652820 ffff8801dac007c0 0000000000000000 [ 25.422174] page dumped because: kasan: bad access detected [ 25.422175] [ 25.422176] Memory state around the buggy address: [ 25.422180] ffff8801d99ba380: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 25.422183] ffff8801d99ba400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.422186] >ffff8801d99ba480: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.422187] ^ [ 25.422190] ffff8801d99ba500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.422194] ffff8801d99ba580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.422195] ================================================================== [ 25.422197] Disabling lock debugging due to kernel taint [ 25.422214] Kernel panic - not syncing: panic_on_warn set ... [ 25.422214] [ 25.422218] CPU: 1 PID: 3660 Comm: syzkaller542876 Tainted: G B 4.15.0-rc9+ #207 [ 25.422220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.422221] Call Trace: [ 25.422226] dump_stack+0x194/0x257 [ 25.422232] ? arch_local_irq_restore+0x53/0x53 [ 25.422235] ? kasan_end_report+0x32/0x50 [ 25.422240] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.422245] ? vsnprintf+0x1ed/0x1900 [ 25.422249] ? string+0x160/0x200 [ 25.422255] panic+0x1e4/0x41c [ 25.422260] ? refcount_error_report+0x214/0x214 [ 25.422266] ? add_taint+0x1c/0x50 [ 25.422270] ? add_taint+0x1c/0x50 [ 25.422275] ? string+0x1e8/0x200 [ 25.422279] kasan_end_report+0x50/0x50 [ 25.422284] kasan_report+0x144/0x340 [ 25.422291] __asan_report_load1_noabort+0x14/0x20 [ 25.422294] string+0x1e8/0x200 [ 25.422302] vsnprintf+0x863/0x1900 [ 25.422309] ? pointer+0x9e0/0x9e0 [ 25.422319] __request_module+0x1bf/0xc20 [ 25.422323] ? lock_downgrade+0x980/0x980 [ 25.422329] ? free_modprobe_argv+0xa0/0xa0 [ 25.422334] ? lock_downgrade+0x980/0x980 [ 25.422338] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.422342] ? pcpu_alloc+0x146/0x10e0 [ 25.422351] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 25.422355] ? pcpu_free_area+0xa00/0xa00 [ 25.422361] ? wait_for_completion+0x770/0x770 [ 25.422367] ? __kernel_text_address+0xd/0x40 [ 25.422371] ? wait_for_completion+0x770/0x770 [ 25.422377] ? trace_hardirqs_off+0xd/0x10 [ 25.422382] ? depot_save_stack+0x3b5/0x490 [ 25.422389] ? kvfree+0x36/0x60 [ 25.422396] ? xt_find_target+0x17b/0x1e0 [ 25.422408] xt_request_find_target+0x8b/0xb0 [ 25.422413] find_check_entry.isra.8+0x612/0xcb0 [ 25.422423] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.422430] ? ipt_do_table+0x1330/0x1330 [ 25.422437] ? mark_held_locks+0xaf/0x100 [ 25.422441] ? kfree+0xf0/0x260 [ 25.422445] ? kvfree+0x36/0x60 [ 25.422449] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.422454] ? trace_hardirqs_on+0xd/0x10 [ 25.422461] translate_table+0xed1/0x1610 [ 25.422474] ? alloc_counters.isra.11+0x7d0/0x7d0 [ 25.422480] ? kasan_check_write+0x14/0x20 [ 25.422483] ? _copy_from_user+0x99/0x110 [ 25.422489] do_ipt_set_ctl+0x370/0x5f0 [ 25.422495] ? translate_compat_table+0x1b90/0x1b90 [ 25.422505] ? mutex_unlock+0xd/0x10 [ 25.422509] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 25.422514] nf_setsockopt+0x67/0xc0 [ 25.422524] ip_setsockopt+0xa1/0xb0 [ 25.422530] tcp_setsockopt+0x82/0xd0 [ 25.422536] sock_common_setsockopt+0x95/0xd0 [ 25.422543] SyS_setsockopt+0x189/0x360 [ 25.422549] ? SyS_recv+0x40/0x40 [ 25.422554] ? entry_SYSCALL_64_fastpath+0x5/0xa0 [ 25.422559] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.422564] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.422572] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 25.422574] RIP: 0033:0x43ffc9 [ 25.422576] RSP: 002b:00007ffd2d9748f8 EFLAGS: 00000203 ORIG_RAX: 0000000000000036 [ 25.422580] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ffc9 [ 25.422583] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 [ 25.422585] RBP: 00000000006ca018 R08: 00000000000000f0 R09: 0000000000000000 [ 25.422587] R10: 00000000203b4326 R11: 0000000000000203 R12: 00000000004018f0 [ 25.422589] R13: 0000000000401980 R14: 0000000000000000 R15: 0000000000000000 [ 25.444717] Dumping ftrace buffer: [ 25.444722] (ftrace buffer empty) [ 25.444724] Kernel Offset: disabled [ 26.312374] Rebooting in 86400 seconds..