INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-next-kasan-gce-0,10.128.15.201' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   31.896892] ==================================================================
[   31.898046] BUG: KASAN: slab-out-of-bounds in strcmp+0x96/0xb0
[   31.898869] Read of size 1 at addr ffff8801cd99d2c1 by task syzkaller242593/3087
[   31.899909] 
[   31.900145] CPU: 0 PID: 3087 Comm: syzkaller242593 Not tainted 4.15.0-rc1-next-20171201+ #57
[   31.901293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.902583] Call Trace:
[   31.902965]  dump_stack+0x194/0x257
[   31.903492]  ? arch_local_irq_restore+0x53/0x53
[   31.904145]  ? show_regs_print_info+0x65/0x65
[   31.904769]  ? save_stack+0xa3/0xd0
[   31.905280]  ? strcmp+0x96/0xb0
[   31.905728]  print_address_description+0x73/0x250
[   31.906538]  ? strcmp+0x96/0xb0
[   31.906983]  kasan_report+0x25b/0x340
[   31.907501]  __asan_report_load1_noabort+0x14/0x20
[   31.908173]  strcmp+0x96/0xb0
[   31.908598]  ? avc_has_perm_noaudit+0x520/0x520
[   31.909279]  security_context_to_sid_core+0x437/0x620
[   31.909991]  ? security_compute_validatetrans.part.6+0x7d0/0x7d0
[   31.910836]  ? check_stack_object+0x68/0x140
[   31.911432]  security_context_to_sid+0x32/0x40
[   31.912047]  selinux_setprocattr+0x51c/0xb50
[   31.912642]  ? ptrace_parent_sid+0x540/0x540
[   31.913247]  ? __kmalloc_track_caller+0x46d/0x760
[   31.913907]  security_setprocattr+0x85/0xc0
[   31.914494]  proc_pid_attr_write+0x1e6/0x280
[   31.915086]  ? proc_task_getattr+0x180/0x180
[   31.915675]  __vfs_write+0xef/0x970
[   31.916171]  ? trace_hardirqs_on+0xd/0x10
[   31.916741]  ? kernel_read+0x120/0x120
[   31.918584]  ? __lock_is_held+0xbc/0x140
[   31.922629]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   31.928494]  ? save_stack+0xa3/0xd0
[   31.932096]  ? rcu_note_context_switch+0x710/0x710
[   31.937000]  __kernel_write+0xfe/0x350
[   31.940867]  write_pipe_buf+0x175/0x220
[   31.944813]  ? default_file_splice_read+0xae0/0xae0
[   31.949796]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   31.955649]  ? splice_from_pipe_next.part.9+0x22e/0x2f0
[   31.960987]  __splice_from_pipe+0x328/0x730
[   31.965279]  ? default_file_splice_read+0xae0/0xae0
[   31.970271]  splice_from_pipe+0x1e9/0x330
[   31.974401]  ? default_file_splice_read+0xae0/0xae0
[   31.979385]  ? splice_shrink_spd+0xb0/0xb0
[   31.983596]  ? security_file_permission+0x89/0x1f0
[   31.988499]  default_file_splice_write+0x40/0x90
[   31.993223]  ? generic_splice_sendpage+0x50/0x50
[   31.997950]  direct_splice_actor+0x125/0x180
[   32.002331]  splice_direct_to_actor+0x2c1/0x820
[   32.006969]  ? _cond_resched+0x14/0x30
[   32.010827]  ? generic_pipe_buf_nosteal+0x10/0x10
[   32.015646]  ? do_splice_to+0x170/0x170
[   32.019588]  ? security_file_permission+0x89/0x1f0
[   32.024487]  ? rw_verify_area+0xe5/0x2b0
[   32.028521]  do_splice_direct+0x2a7/0x3d0
[   32.032644]  ? splice_direct_to_actor+0x820/0x820
[   32.037471]  ? rcu_sync_lockdep_assert+0x6d/0xb0
[   32.042196]  ? __sb_start_write+0x203/0x290
[   32.046489]  do_sendfile+0x5d5/0xe90
[   32.050183]  ? do_compat_pwritev64+0x100/0x100
[   32.054736]  ? __might_sleep+0x95/0x190
[   32.058687]  ? kasan_check_write+0x14/0x20
[   32.062891]  ? _copy_from_user+0x99/0x110
[   32.067014]  SyS_sendfile64+0xbd/0x160
[   32.070872]  ? SyS_sendfile+0x1a0/0x1a0
[   32.074816]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   32.079803]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   32.084532]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   32.089255] RIP: 0033:0x440189
[   32.092412] RSP: 002b:00007fffa5fa4c08 EFLAGS: 00000207 ORIG_RAX: 0000000000000028
[   32.100087] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440189
[   32.107328] RDX: 0000000020004ff8 RSI: 0000000000000003 RDI: 0000000000000003
[   32.114567] RBP: 00000000006ca018 R08: 68742f636f72702f R09: 68742f636f72702f
[   32.121806] R10: 0000000000000001 R11: 0000000000000207 R12: 0000000000401a50
[   32.129043] R13: 0000000000401ae0 R14: 0000000000000000 R15: 0000000000000000
[   32.136296] 
[   32.137891] Allocated by task 3087:
[   32.141486]  save_stack+0x43/0xd0
[   32.144905]  kasan_kmalloc+0xad/0xe0
[   32.148584]  __kmalloc_track_caller+0x15e/0x760
[   32.153222]  memdup_user+0x2c/0x90
[   32.156729]  proc_pid_attr_write+0x115/0x280
[   32.161102]  __vfs_write+0xef/0x970
[   32.164693]  __kernel_write+0xfe/0x350
[   32.168546]  write_pipe_buf+0x175/0x220
[   32.172485]  __splice_from_pipe+0x328/0x730
[   32.176783]  splice_from_pipe+0x1e9/0x330
[   32.180898]  default_file_splice_write+0x40/0x90
[   32.185620]  direct_splice_actor+0x125/0x180
[   32.189994]  splice_direct_to_actor+0x2c1/0x820
[   32.194629]  do_splice_direct+0x2a7/0x3d0
[   32.198741]  do_sendfile+0x5d5/0xe90
[   32.202421]  SyS_sendfile64+0xbd/0x160
[   32.206275]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   32.210994] 
[   32.212589] Freed by task 1668:
[   32.215837]  save_stack+0x43/0xd0
[   32.219257]  kasan_slab_free+0x71/0xc0
[   32.223112]  kfree+0xca/0x250
[   32.226185]  load_elf_binary+0x1def/0x4c50
[   32.230386]  search_binary_handler+0x142/0x6b0
[   32.234934]  do_execveat_common.isra.30+0x1711/0x22a0
[   32.240090]  SyS_execve+0x39/0x50
[   32.243511]  do_syscall_64+0x26c/0x920
[   32.247363]  return_from_SYSCALL_64+0x0/0x75
[   32.251734] 
[   32.253333] The buggy address belongs to the object at ffff8801cd99d2c0
[   32.253333]  which belongs to the cache kmalloc-32 of size 32
[   32.265781] The buggy address is located 1 bytes inside of
[   32.265781]  32-byte region [ffff8801cd99d2c0, ffff8801cd99d2e0)
[   32.277359] The buggy address belongs to the page:
[   32.282254] page:000000007121f5c4 count:1 mapcount:0 mapping:00000000d98add9a index:0xffff8801cd99dfc1
[   32.291667] flags: 0x2fffc0000000100(slab)
[   32.295871] raw: 02fffc0000000100 ffff8801cd99d000 ffff8801cd99dfc1 000000010000003f
[   32.303717] raw: ffffea000736b3a0 ffffea0007347860 ffff8801db0001c0 0000000000000000
[   32.311561] page dumped because: kasan: bad access detected
[   32.317235] 
[   32.318837] Memory state around the buggy address:
[   32.323730]  ffff8801cd99d180: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   32.331055]  ffff8801cd99d200: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   32.338378] >ffff8801cd99d280: fb fb fb fb fc fc fc fc 01 fc fc fc fc fc fc fc
[   32.345701]                                            ^
[   32.351114]  ffff8801cd99d300: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   32.358440]  ffff8801cd99d380: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   32.365764] ==================================================================
[   32.373087] Disabling lock debugging due to kernel taint
[   32.378553] Kernel panic - not syncing: panic_on_warn set ...
[   32.378553] 
[   32.385889] CPU: 0 PID: 3087 Comm: syzkaller242593 Tainted: G    B            4.15.0-rc1-next-20171201+ #57
[   32.395731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.405053] Call Trace:
[   32.407616]  dump_stack+0x194/0x257
[   32.411210]  ? arch_local_irq_restore+0x53/0x53
[   32.415848]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   32.420581]  ? vsnprintf+0x1ed/0x1900
[   32.424349]  ? strcmp+0x90/0xb0
[   32.427596]  panic+0x1e4/0x41c
[   32.430758]  ? refcount_error_report+0x214/0x214
[   32.435480]  ? add_taint+0x1c/0x50
[   32.438986]  ? add_taint+0x1c/0x50
[   32.442491]  ? strcmp+0x96/0xb0
[   32.445747]  kasan_end_report+0x50/0x50
[   32.449686]  kasan_report+0x144/0x340
[   32.453454]  __asan_report_load1_noabort+0x14/0x20
[   32.458348]  strcmp+0x96/0xb0
[   32.461420]  ? avc_has_perm_noaudit+0x520/0x520
[   32.466057]  security_context_to_sid_core+0x437/0x620
[   32.471214]  ? security_compute_validatetrans.part.6+0x7d0/0x7d0
[   32.477330]  ? check_stack_object+0x68/0x140
[   32.481704]  security_context_to_sid+0x32/0x40
[   32.486254]  selinux_setprocattr+0x51c/0xb50
[   32.490629]  ? ptrace_parent_sid+0x540/0x540
[   32.495011]  ? __kmalloc_track_caller+0x46d/0x760
[   32.499826]  security_setprocattr+0x85/0xc0
[   32.504120]  proc_pid_attr_write+0x1e6/0x280
[   32.508495]  ? proc_task_getattr+0x180/0x180
[   32.512869]  __vfs_write+0xef/0x970
[   32.516464]  ? trace_hardirqs_on+0xd/0x10
[   32.520576]  ? kernel_read+0x120/0x120
[   32.524428]  ? __lock_is_held+0xbc/0x140
[   32.528461]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   32.534308]  ? save_stack+0xa3/0xd0
[   32.537904]  ? rcu_note_context_switch+0x710/0x710
[   32.542800]  __kernel_write+0xfe/0x350
[   32.546656]  write_pipe_buf+0x175/0x220
[   32.550597]  ? default_file_splice_read+0xae0/0xae0
[   32.555577]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   32.561426]  ? splice_from_pipe_next.part.9+0x22e/0x2f0
[   32.566758]  __splice_from_pipe+0x328/0x730
[   32.571045]  ? default_file_splice_read+0xae0/0xae0
[   32.576030]  splice_from_pipe+0x1e9/0x330
[   32.580143]  ? default_file_splice_read+0xae0/0xae0
[   32.585125]  ? splice_shrink_spd+0xb0/0xb0
[   32.589340]  ? security_file_permission+0x89/0x1f0
[   32.594239]  default_file_splice_write+0x40/0x90
[   32.598959]  ? generic_splice_sendpage+0x50/0x50
[   32.603680]  direct_splice_actor+0x125/0x180
[   32.608057]  splice_direct_to_actor+0x2c1/0x820
[   32.612690]  ? _cond_resched+0x14/0x30
[   32.616542]  ? generic_pipe_buf_nosteal+0x10/0x10
[   32.621353]  ? do_splice_to+0x170/0x170
[   32.625291]  ? security_file_permission+0x89/0x1f0
[   32.630189]  ? rw_verify_area+0xe5/0x2b0
[   32.634215]  do_splice_direct+0x2a7/0x3d0
[   32.638328]  ? splice_direct_to_actor+0x820/0x820
[   32.643141]  ? rcu_sync_lockdep_assert+0x6d/0xb0
[   32.647868]  ? __sb_start_write+0x203/0x290
[   32.652156]  do_sendfile+0x5d5/0xe90
[   32.655839]  ? do_compat_pwritev64+0x100/0x100
[   32.660387]  ? __might_sleep+0x95/0x190
[   32.664329]  ? kasan_check_write+0x14/0x20
[   32.668529]  ? _copy_from_user+0x99/0x110
[   32.672645]  SyS_sendfile64+0xbd/0x160
[   32.676499]  ? SyS_sendfile+0x1a0/0x1a0
[   32.680437]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   32.685420]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   32.690147]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   32.694870] RIP: 0033:0x440189
[   32.698027] RSP: 002b:00007fffa5fa4c08 EFLAGS: 00000207 ORIG_RAX: 0000000000000028
[   32.705700] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440189
[   32.712937] RDX: 0000000020004ff8 RSI: 0000000000000003 RDI: 0000000000000003
[   32.720175] RBP: 00000000006ca018 R08: 68742f636f72702f R09: 68742f636f72702f
[   32.727497] R10: 0000000000000001 R11: 0000000000000207 R12: 0000000000401a50
[   32.734732] R13: 0000000000401ae0 R14: 0000000000000000 R15: 0000000000000000
[   32.742358] Dumping ftrace buffer:
[   32.745878]    (ftrace buffer empty)
[   32.749556] Kernel Offset: disabled
[   32.753156] Rebooting in 86400 seconds..