INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-kasan-gce-386-4,10.128.15.217' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 25.276464] ================================================================== [ 25.277551] BUG: KASAN: slab-out-of-bounds in strcmp+0x96/0xb0 [ 25.278347] Read of size 1 at addr ffff8801d8d18ec1 by task syzkaller795015/3076 [ 25.279332] [ 25.279564] CPU: 0 PID: 3076 Comm: syzkaller795015 Not tainted 4.15.0-rc1+ #113 [ 25.280539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.281782] Call Trace: [ 25.282142] dump_stack+0x194/0x257 [ 25.282652] ? arch_local_irq_restore+0x53/0x53 [ 25.283277] ? show_regs_print_info+0x65/0x65 [ 25.283880] ? save_stack+0xa3/0xd0 [ 25.284370] ? strcmp+0x96/0xb0 [ 25.284818] print_address_description+0x73/0x250 [ 25.285465] ? strcmp+0x96/0xb0 [ 25.285918] kasan_report+0x25b/0x340 [ 25.286433] __asan_report_load1_noabort+0x14/0x20 [ 25.287088] strcmp+0x96/0xb0 [ 25.287513] ? avc_has_perm_noaudit+0x520/0x520 [ 25.288139] security_context_to_sid_core+0x437/0x620 [ 25.288832] ? security_compute_validatetrans.part.6+0x7d0/0x7d0 [ 25.289656] ? check_stack_object+0x68/0x140 [ 25.290248] security_context_to_sid+0x32/0x40 [ 25.290864] selinux_setprocattr+0x51c/0xb50 [ 25.291458] ? ptrace_parent_sid+0x540/0x540 [ 25.292047] ? __kmalloc_track_caller+0x46d/0x760 [ 25.292702] security_setprocattr+0x85/0xc0 [ 25.293287] proc_pid_attr_write+0x1e6/0x280 [ 25.293897] ? proc_task_getattr+0x180/0x180 [ 25.294485] __vfs_write+0xef/0x970 [ 25.294977] ? trace_hardirqs_on+0xd/0x10 [ 25.295552] ? kernel_read+0x120/0x120 [ 25.296081] ? __lock_is_held+0xbc/0x140 [ 25.296810] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 25.302661] ? save_stack+0xa3/0xd0 [ 25.306258] ? rcu_note_context_switch+0x710/0x710 [ 25.311159] __kernel_write+0xfe/0x350 [ 25.315020] write_pipe_buf+0x175/0x220 [ 25.318964] ? default_file_splice_read+0xae0/0xae0 [ 25.323946] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 25.329803] ? splice_from_pipe_next.part.9+0x22e/0x2f0 [ 25.335153] __splice_from_pipe+0x328/0x730 [ 25.339445] ? default_file_splice_read+0xae0/0xae0 [ 25.344440] splice_from_pipe+0x1e9/0x330 [ 25.348555] ? default_file_splice_read+0xae0/0xae0 [ 25.353547] ? splice_shrink_spd+0xb0/0xb0 [ 25.357758] ? security_file_permission+0x89/0x1f0 [ 25.362657] default_file_splice_write+0x40/0x90 [ 25.367379] ? generic_splice_sendpage+0x50/0x50 [ 25.372111] direct_splice_actor+0x125/0x180 [ 25.376500] splice_direct_to_actor+0x2c1/0x820 [ 25.381136] ? _cond_resched+0x14/0x30 [ 25.384992] ? generic_pipe_buf_nosteal+0x10/0x10 [ 25.389808] ? do_splice_to+0x170/0x170 [ 25.393748] ? security_file_permission+0x89/0x1f0 [ 25.398648] ? rw_verify_area+0xe5/0x2b0 [ 25.402690] do_splice_direct+0x2a7/0x3d0 [ 25.406808] ? splice_direct_to_actor+0x820/0x820 [ 25.411624] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 25.416351] ? __sb_start_write+0x203/0x290 [ 25.420643] do_sendfile+0x5d5/0xe90 [ 25.424340] ? do_compat_pwritev64+0x100/0x100 [ 25.428887] ? handle_mm_fault+0x410/0x8d0 [ 25.433097] ? __do_page_fault+0x32d/0xc90 [ 25.437302] ? __might_sleep+0x95/0x190 [ 25.441263] compat_SyS_sendfile+0xea/0x1a0 [ 25.445555] ? SyS_sendfile64+0x160/0x160 [ 25.449677] ? do_fast_syscall_32+0x156/0xf9d [ 25.454142] ? SyS_sendfile64+0x160/0x160 [ 25.458259] do_fast_syscall_32+0x3ee/0xf9d [ 25.462557] ? do_int80_syscall_32+0x9d0/0x9d0 [ 25.467109] ? kasan_check_read+0x11/0x20 [ 25.471227] ? syscall_return_slowpath+0x550/0x550 [ 25.476127] ? SyS_rt_sigaction+0x94/0x1b0 [ 25.480335] ? lockdep_sys_exit+0x47/0xf0 [ 25.484449] ? retint_user+0x18/0x18 [ 25.488133] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.492952] entry_SYSENTER_compat+0x51/0x60 [ 25.497326] RIP: 0023:0xf7f3cc79 [ 25.500656] RSP: 002b:00000000ffeea38c EFLAGS: 00000207 ORIG_RAX: 00000000000000bb [ 25.508338] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000003 [ 25.515584] RDX: 0000000020004ff8 RSI: 0000000000000001 RDI: 0000000000000003 [ 25.522823] RBP: 0000000020002fff R08: 0000000000000000 R09: 0000000000000000 [ 25.530060] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 25.537303] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 25.544564] [ 25.546158] Allocated by task 3076: [ 25.549752] save_stack+0x43/0xd0 [ 25.553171] kasan_kmalloc+0xad/0xe0 [ 25.556859] __kmalloc_track_caller+0x15e/0x760 [ 25.561504] memdup_user+0x2c/0x90 [ 25.565010] proc_pid_attr_write+0x115/0x280 [ 25.569397] __vfs_write+0xef/0x970 [ 25.572994] __kernel_write+0xfe/0x350 [ 25.576848] write_pipe_buf+0x175/0x220 [ 25.580789] __splice_from_pipe+0x328/0x730 [ 25.585077] splice_from_pipe+0x1e9/0x330 [ 25.589190] default_file_splice_write+0x40/0x90 [ 25.593912] direct_splice_actor+0x125/0x180 [ 25.598292] splice_direct_to_actor+0x2c1/0x820 [ 25.602925] do_splice_direct+0x2a7/0x3d0 [ 25.607036] do_sendfile+0x5d5/0xe90 [ 25.610714] compat_SyS_sendfile+0xea/0x1a0 [ 25.615002] do_fast_syscall_32+0x3ee/0xf9d [ 25.619289] entry_SYSENTER_compat+0x51/0x60 [ 25.623660] [ 25.625254] Freed by task 1: [ 25.628244] save_stack+0x43/0xd0 [ 25.631661] kasan_slab_free+0x71/0xc0 [ 25.635521] kfree+0xca/0x250 [ 25.638594] kobject_uevent_env+0x248/0xbc0 [ 25.642881] kobject_uevent+0x1f/0x30 [ 25.646651] param_sysfs_init+0x3f9/0x474 [ 25.650766] do_one_initcall+0x9e/0x330 [ 25.654705] kernel_init_freeable+0x469/0x521 [ 25.659166] kernel_init+0x13/0x172 [ 25.662757] ret_from_fork+0x24/0x30 [ 25.666433] [ 25.668028] The buggy address belongs to the object at ffff8801d8d18ec0 [ 25.668028] which belongs to the cache kmalloc-32 of size 32 [ 25.680475] The buggy address is located 1 bytes inside of [ 25.680475] 32-byte region [ffff8801d8d18ec0, ffff8801d8d18ee0) [ 25.692051] The buggy address belongs to the page: [ 25.696947] page:0000000072829867 count:1 mapcount:0 mapping:000000005b9976d6 index:0xffff8801d8d18fc1 [ 25.706359] flags: 0x2fffc0000000100(slab) [ 25.710563] raw: 02fffc0000000100 ffff8801d8d18000 ffff8801d8d18fc1 000000010000003f [ 25.718413] raw: ffffea0007636fa0 ffff8801db001250 ffff8801db0001c0 0000000000000000 [ 25.726259] page dumped because: kasan: bad access detected [ 25.731934] [ 25.733528] Memory state around the buggy address: [ 25.738424] ffff8801d8d18d80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 25.745762] ffff8801d8d18e00: fb fb fb fb fc fc fc fc 00 01 fc fc fc fc fc fc [ 25.753089] >ffff8801d8d18e80: 00 01 fc fc fc fc fc fc 01 fc fc fc fc fc fc fc [ 25.760414] ^ [ 25.765828] ffff8801d8d18f00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 25.773152] ffff8801d8d18f80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 25.780474] ================================================================== [ 25.787800] Disabling lock debugging due to kernel taint [ 25.793273] Kernel panic - not syncing: panic_on_warn set ... [ 25.793273] [ 25.800608] CPU: 0 PID: 3076 Comm: syzkaller795015 Tainted: G B 4.15.0-rc1+ #113 [ 25.809322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.818640] Call Trace: [ 25.821205] dump_stack+0x194/0x257 [ 25.824797] ? arch_local_irq_restore+0x53/0x53 [ 25.829433] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.834154] ? vsnprintf+0x1ed/0x1900 [ 25.837920] ? strcmp+0x40/0xb0 [ 25.841168] panic+0x1e4/0x41c [ 25.844328] ? refcount_error_report+0x214/0x214 [ 25.849058] ? add_taint+0x1c/0x50 [ 25.852563] ? add_taint+0x1c/0x50 [ 25.856071] ? strcmp+0x96/0xb0 [ 25.859317] kasan_end_report+0x50/0x50 [ 25.863255] kasan_report+0x144/0x340 [ 25.867023] __asan_report_load1_noabort+0x14/0x20 [ 25.871915] strcmp+0x96/0xb0 [ 25.874987] ? avc_has_perm_noaudit+0x520/0x520 [ 25.879623] security_context_to_sid_core+0x437/0x620 [ 25.884782] ? security_compute_validatetrans.part.6+0x7d0/0x7d0 [ 25.891072] ? check_stack_object+0x68/0x140 [ 25.895448] security_context_to_sid+0x32/0x40 [ 25.899996] selinux_setprocattr+0x51c/0xb50 [ 25.904370] ? ptrace_parent_sid+0x540/0x540 [ 25.908745] ? __kmalloc_track_caller+0x46d/0x760 [ 25.913558] security_setprocattr+0x85/0xc0 [ 25.917848] proc_pid_attr_write+0x1e6/0x280 [ 25.922230] ? proc_task_getattr+0x180/0x180 [ 25.926602] __vfs_write+0xef/0x970 [ 25.930194] ? trace_hardirqs_on+0xd/0x10 [ 25.934308] ? kernel_read+0x120/0x120 [ 25.938161] ? __lock_is_held+0xbc/0x140 [ 25.942193] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 25.948048] ? save_stack+0xa3/0xd0 [ 25.951641] ? rcu_note_context_switch+0x710/0x710 [ 25.956536] __kernel_write+0xfe/0x350 [ 25.960393] write_pipe_buf+0x175/0x220 [ 25.964334] ? default_file_splice_read+0xae0/0xae0 [ 25.969314] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 25.975170] ? splice_from_pipe_next.part.9+0x22e/0x2f0 [ 25.980501] __splice_from_pipe+0x328/0x730 [ 25.984788] ? default_file_splice_read+0xae0/0xae0 [ 25.989774] splice_from_pipe+0x1e9/0x330 [ 25.993888] ? default_file_splice_read+0xae0/0xae0 [ 25.998869] ? splice_shrink_spd+0xb0/0xb0 [ 26.003073] ? security_file_permission+0x89/0x1f0 [ 26.007970] default_file_splice_write+0x40/0x90 [ 26.012692] ? generic_splice_sendpage+0x50/0x50 [ 26.017414] direct_splice_actor+0x125/0x180 [ 26.021801] splice_direct_to_actor+0x2c1/0x820 [ 26.026444] ? _cond_resched+0x14/0x30 [ 26.030300] ? generic_pipe_buf_nosteal+0x10/0x10 [ 26.035110] ? do_splice_to+0x170/0x170 [ 26.039049] ? security_file_permission+0x89/0x1f0 [ 26.043946] ? rw_verify_area+0xe5/0x2b0 [ 26.047973] do_splice_direct+0x2a7/0x3d0 [ 26.052086] ? splice_direct_to_actor+0x820/0x820 [ 26.056903] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 26.061627] ? __sb_start_write+0x203/0x290 [ 26.065920] do_sendfile+0x5d5/0xe90 [ 26.069611] ? do_compat_pwritev64+0x100/0x100 [ 26.074157] ? handle_mm_fault+0x410/0x8d0 [ 26.078356] ? __do_page_fault+0x32d/0xc90 [ 26.082557] ? __might_sleep+0x95/0x190 [ 26.086499] compat_SyS_sendfile+0xea/0x1a0 [ 26.090793] ? SyS_sendfile64+0x160/0x160 [ 26.094907] ? do_fast_syscall_32+0x156/0xf9d [ 26.099367] ? SyS_sendfile64+0x160/0x160 [ 26.103484] do_fast_syscall_32+0x3ee/0xf9d [ 26.108142] ? do_int80_syscall_32+0x9d0/0x9d0 [ 26.112689] ? kasan_check_read+0x11/0x20 [ 26.116803] ? syscall_return_slowpath+0x550/0x550 [ 26.121701] ? SyS_rt_sigaction+0x94/0x1b0 [ 26.125903] ? lockdep_sys_exit+0x47/0xf0 [ 26.130018] ? retint_user+0x18/0x18 [ 26.133700] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.138511] entry_SYSENTER_compat+0x51/0x60 [ 26.142884] RIP: 0023:0xf7f3cc79 [ 26.146213] RSP: 002b:00000000ffeea38c EFLAGS: 00000207 ORIG_RAX: 00000000000000bb [ 26.153883] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000003 [ 26.161119] RDX: 0000000020004ff8 RSI: 0000000000000001 RDI: 0000000000000003 [ 26.168353] RBP: 0000000020002fff R08: 0000000000000000 R09: 0000000000000000 [ 26.175588] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 26.182824] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 26.190100] Dumping ftrace buffer: [ 26.193604] (ftrace buffer empty) [ 26.197281] Kernel Offset: disabled [ 26.200874] Rebooting in 86400 seconds..