[....] Starting enhanced syslogd: rsyslogd[ 13.033841] audit: type=1400 audit(1516311194.160:5): avc: denied { syslog } for pid=3501 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.289443] audit: type=1400 audit(1516311199.416:6): avc: denied { map } for pid=3641 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.27' (ECDSA) to the list of known hosts. executing program [ 27.055012] audit: type=1400 audit(1516311208.181:7): avc: denied { map } for pid=3655 comm="syzkaller104104" path="/root/syzkaller104104653" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 27.060210] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=2816 sclass=netlink_tcpdiag_socket pig=3655 comm=syzkaller104104 [ 27.060315] ================================================================== [ 27.060334] BUG: KASAN: stack-out-of-bounds in __nla_put+0x37/0x40 [ 27.060340] Read of size 255 at addr ffff8801c4977710 by task syzkaller104104/3655 [ 27.060342] [ 27.060350] CPU: 0 PID: 3655 Comm: syzkaller104104 Not tainted 4.15.0-rc8+ #178 [ 27.060353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.060356] Call Trace: [ 27.060368] dump_stack+0x194/0x257 [ 27.060381] ? arch_local_irq_restore+0x53/0x53 [ 27.060391] ? show_regs_print_info+0x18/0x18 [ 27.060405] ? __alloc_skb+0x57e/0x780 [ 27.060415] ? __nla_put+0x37/0x40 [ 27.060427] print_address_description+0x73/0x250 [ 27.060435] ? __nla_put+0x37/0x40 [ 27.060444] kasan_report+0x25b/0x340 [ 27.060459] check_memory_region+0x137/0x190 [ 27.060468] memcpy+0x23/0x50 [ 27.060478] __nla_put+0x37/0x40 [ 27.060489] nla_put+0xf5/0x130 [ 27.060504] netlink_ack+0x78a/0xa10 [ 27.060520] ? netlink_sendmsg+0xe60/0xe60 [ 27.060529] ? netlink_deliver_tap+0x171/0xcf0 [ 27.060549] netlink_rcv_skb+0x2d1/0x400 [ 27.060556] ? sock_diag_bind+0x80/0x80 [ 27.060568] ? netlink_ack+0xa10/0xa10 [ 27.060582] ? idr_get_free_cmn+0xfd0/0xfd0 [ 27.060592] ? netlink_skb_destructor+0x1d0/0x1d0 [ 27.060613] sock_diag_rcv+0x2a/0x40 [ 27.060620] netlink_unicast+0x4ee/0x700 [ 27.060637] ? netlink_attachskb+0x8a0/0x8a0 [ 27.060654] ? security_netlink_send+0x81/0xb0 [ 27.060666] netlink_sendmsg+0xa4a/0xe60 [ 27.060685] ? netlink_unicast+0x700/0x700 [ 27.060699] ? security_socket_sendmsg+0x89/0xb0 [ 27.060707] ? netlink_unicast+0x700/0x700 [ 27.060718] sock_sendmsg+0xca/0x110 [ 27.060729] ___sys_sendmsg+0x767/0x8b0 [ 27.060738] ? do_raw_spin_trylock+0x190/0x190 [ 27.060752] ? copy_msghdr_from_user+0x590/0x590 [ 27.060758] ? check_noncircular+0x20/0x20 [ 27.060786] ? check_noncircular+0x20/0x20 [ 27.060794] ? __pmd_alloc+0x4e0/0x4e0 [ 27.060802] ? lock_release+0xa40/0xa40 [ 27.060813] ? __fget_light+0x297/0x380 [ 27.060823] ? fget_raw+0x20/0x20 [ 27.060842] ? handle_mm_fault+0x248/0x8d0 [ 27.060856] ? find_held_lock+0x35/0x1d0 [ 27.060886] __sys_sendmsg+0xe5/0x210 [ 27.060893] ? __sys_sendmsg+0xe5/0x210 [ 27.060903] ? SyS_shutdown+0x290/0x290 [ 27.060909] ? handle_mm_fault+0x410/0x8d0 [ 27.060919] ? __do_page_fault+0x32d/0xc90 [ 27.060928] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 27.060935] ? vmacache_find+0x5f/0x280 [ 27.060981] compat_SyS_sendmsg+0x2a/0x40 [ 27.060990] ? compat_SyS_getsockopt+0x420/0x420 [ 27.061000] do_fast_syscall_32+0x3ee/0xf9d [ 27.061022] ? do_int80_syscall_32+0x9d0/0x9d0 [ 27.061030] ? kasan_check_read+0x11/0x20 [ 27.061042] ? syscall_return_slowpath+0x550/0x550 [ 27.061054] ? SyS_rt_sigaction+0x94/0x1b0 [ 27.061064] ? SyS_sigprocmask+0x4b0/0x4b0 [ 27.061070] ? SyS_read+0x184/0x220 [ 27.061078] ? retint_user+0x18/0x18 [ 27.061094] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.061113] entry_SYSENTER_compat+0x54/0x63 [ 27.061118] RIP: 0023:0xf7fe8c79 [ 27.061122] RSP: 002b:00000000ffa7713c EFLAGS: 00000282 ORIG_RAX: 0000000000000172 [ 27.061130] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000002058efc8 [ 27.061134] RDX: 0000000000000000 RSI: 00000000080ea00c RDI: 000000000000003f [ 27.061138] RBP: 0000000000001000 R08: 0000000000000000 R09: 0000000000000000 [ 27.061142] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 27.061146] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 27.061174] [ 27.061176] The buggy address belongs to the page: [ 27.061183] page:ffffea0007125dc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 27.061188] flags: 0x2fffc0000000000() [ 27.061198] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 27.061205] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 [ 27.061207] page dumped because: kasan: bad access detected [ 27.061209] [ 27.061211] Memory state around the buggy address: [ 27.061217] ffff8801c4977600: 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 f3 f3 f3 f3 [ 27.061222] ffff8801c4977680: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 27.061227] >ffff8801c4977700: 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00 00 [ 27.061230] ^ [ 27.061235] ffff8801c4977780: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 27.061240] ffff8801c4977800: f1 00 f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 [ 27.061242] ================================================================== [ 27.061244] Disabling lock debugging due to kernel taint [ 27.061260] Kernel panic - not syncing: panic_on_warn set ... [ 27.061260] [ 27.061266] CPU: 0 PID: 3655 Comm: syzkaller104104 Tainted: G B 4.15.0-rc8+ #178 [ 27.061270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.061271] Call Trace: [ 27.061278] dump_stack+0x194/0x257 [ 27.061287] ? arch_local_irq_restore+0x53/0x53 [ 27.061293] ? kasan_end_report+0x32/0x50 [ 27.061301] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.061308] ? vsnprintf+0x1ed/0x1900 [ 27.061315] ? nla_put_64bit+0x130/0x150 [ 27.061322] panic+0x1e4/0x41c [ 27.061329] ? refcount_error_report+0x214/0x214 [ 27.061338] ? add_taint+0x1c/0x50 [ 27.061344] ? add_taint+0x1c/0x50 [ 27.061352] ? __nla_put+0x37/0x40 [ 27.061359] kasan_end_report+0x50/0x50 [ 27.061365] kasan_report+0x144/0x340 [ 27.061375] check_memory_region+0x137/0x190 [ 27.061381] memcpy+0x23/0x50 [ 27.061389] __nla_put+0x37/0x40 [ 27.061397] nla_put+0xf5/0x130 [ 27.061406] netlink_ack+0x78a/0xa10 [ 27.061415] ? netlink_sendmsg+0xe60/0xe60 [ 27.061423] ? netlink_deliver_tap+0x171/0xcf0 [ 27.061435] netlink_rcv_skb+0x2d1/0x400 [ 27.061440] ? sock_diag_bind+0x80/0x80 [ 27.061448] ? netlink_ack+0xa10/0xa10 [ 27.061454] ? idr_get_free_cmn+0xfd0/0xfd0 [ 27.061462] ? netlink_skb_destructor+0x1d0/0x1d0 [ 27.061474] sock_diag_rcv+0x2a/0x40 [ 27.061482] netlink_unicast+0x4ee/0x700 [ 27.061492] ? netlink_attachskb+0x8a0/0x8a0 [ 27.061502] ? security_netlink_send+0x81/0xb0 [ 27.061510] netlink_sendmsg+0xa4a/0xe60 [ 27.061522] ? netlink_unicast+0x700/0x700 [ 27.061531] ? security_socket_sendmsg+0x89/0xb0 [ 27.061537] ? netlink_unicast+0x700/0x700 [ 27.061544] sock_sendmsg+0xca/0x110 [ 27.061552] ___sys_sendmsg+0x767/0x8b0 [ 27.061558] ? do_raw_spin_trylock+0x190/0x190 [ 27.061568] ? copy_msghdr_from_user+0x590/0x590 [ 27.061578] ? check_noncircular+0x20/0x20 [ 27.061594] ? check_noncircular+0x20/0x20 [ 27.061600] ? __pmd_alloc+0x4e0/0x4e0 [ 27.061606] ? lock_release+0xa40/0xa40 [ 27.061613] ? __fget_light+0x297/0x380 [ 27.061620] ? fget_raw+0x20/0x20 [ 27.061632] ? handle_mm_fault+0x248/0x8d0 [ 27.061641] ? find_held_lock+0x35/0x1d0 [ 27.061658] __sys_sendmsg+0xe5/0x210 [ 27.061664] ? __sys_sendmsg+0xe5/0x210 [ 27.061671] ? SyS_shutdown+0x290/0x290 [ 27.061676] ? handle_mm_fault+0x410/0x8d0 [ 27.061683] ? __do_page_fault+0x32d/0xc90 [ 27.061690] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 27.061696] ? vmacache_find+0x5f/0x280 [ 27.061720] compat_SyS_sendmsg+0x2a/0x40 [ 27.061728] ? compat_SyS_getsockopt+0x420/0x420 [ 27.061734] do_fast_syscall_32+0x3ee/0xf9d [ 27.061746] ? do_int80_syscall_32+0x9d0/0x9d0 [ 27.061753] ? kasan_check_read+0x11/0x20 [ 27.061761] ? syscall_return_slowpath+0x550/0x550 [ 27.061769] ? SyS_rt_sigaction+0x94/0x1b0 [ 27.061776] ? SyS_sigprocmask+0x4b0/0x4b0 [ 27.061782] ? SyS_read+0x184/0x220 [ 27.061787] ? retint_user+0x18/0x18 [ 27.061798] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 27.061809] entry_SYSENTER_compat+0x54/0x63 [ 27.061813] RIP: 0023:0xf7fe8c79 [ 27.061817] RSP: 002b:00000000ffa7713c EFLAGS: 00000282 ORIG_RAX: 0000000000000172 [ 27.061823] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000002058efc8 [ 27.061826] RDX: 0000000000000000 RSI: 00000000080ea00c RDI: 000000000000003f [ 27.061830] RBP: 0000000000001000 R08: 0000000000000000 R09: 0000000000000000 [ 27.061833] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 27.061836] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 27.081347] Dumping ftrace buffer: [ 27.081351] (ftrace buffer empty) [ 27.081354] Kernel Offset: disabled [ 27.871955] Rebooting in 86400 seconds..