[....] Starting enhanced syslogd: rsyslogd[ 11.848524] audit: type=1400 audit(1512949985.760:4): avc: denied { syslog } for pid=3162 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-386-2,10.128.15.220' (ECDSA) to the list of known hosts. syzkaller login: [ 35.712002] audit: type=1400 audit(1512950009.620:5): avc: denied { sys_admin } for pid=3334 comm="syzkaller225460" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 35.740225] IPVS: Creating netns size=2536 id=1 executing program [ 35.778518] audit: type=1400 audit(1512950009.690:6): avc: denied { sys_chroot } for pid=3335 comm="syzkaller225460" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 35.814109] audit: type=1400 audit(1512950009.720:7): avc: denied { net_admin } for pid=3335 comm="syzkaller225460" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 35.838670] ================================================================== [ 35.846009] BUG: KASAN: stack-out-of-bounds in string+0x1e8/0x200 at addr ffff8801c9db7cd4 [ 35.854385] Read of size 1 by task syzkaller225460/3340 [ 35.859714] page:ffffea0007276dc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 35.867937] flags: 0x8000000000000000() [ 35.871876] page dumped because: kasan: bad access detected [ 35.877558] CPU: 0 PID: 3340 Comm: syzkaller225460 Not tainted 4.9.67-gf26d3c7 #2 [ 35.885246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.894569] ffff8801c9db7738 ffffffff81d906e9 ffffed00393b6f9a 0000000000000001 [ 35.902548] 0000000000000000 ffffed00393b6f9a ffff8801c9db7cd4 ffff8801c9db77c0 [ 35.910508] ffffffff8153a833 1ffff100393b6ef5 ffffffff83f1dcc8 ffffffff81db26c8 [ 35.918459] Call Trace: [ 35.921015] [] dump_stack+0xc1/0x128 [ 35.926348] [] kasan_report.part.1+0x4c3/0x500 [ 35.932545] [] ? string+0x1e8/0x200 [ 35.937787] [] __asan_report_load1_noabort+0x29/0x30 [ 35.944515] [] string+0x1e8/0x200 [ 35.949586] [] vsnprintf+0x7ad/0x16d0 [ 35.955002] [] ? pointer+0xa90/0xa90 [ 35.960332] [] vscnprintf+0x2d/0x60 [ 35.965574] [] vprintk_emit+0xf1/0x750 [ 35.971086] [] ? mark_held_locks+0xaf/0x100 [ 35.977022] [] vprintk+0x28/0x30 [ 35.982004] [] vprintk_default+0x1d/0x30 [ 35.987683] [] printk+0xb7/0xe2 [ 35.992577] [] ? load_image_and_restore+0xf9/0xf9 [ 35.999122] [] ? mutex_lock_killable_nested+0x960/0x960 [ 36.006104] [] do_ip_vs_set_ctl+0xa01/0xc00 [ 36.012045] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 36.018849] [] ? mark_held_locks+0xaf/0x100 [ 36.024785] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 36.031501] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 36.037698] [] ? mutex_unlock+0x9/0x10 [ 36.043202] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 36.050265] [] compat_nf_setsockopt+0xfa/0x130 [ 36.056463] [] compat_ip_setsockopt+0x9d/0xf0 [ 36.062576] [] compat_udp_setsockopt+0x45/0x80 [ 36.068775] [] compat_sock_common_setsockopt+0xb2/0x140 [ 36.075756] [] ? udp_lib_setsockopt+0x560/0x560 [ 36.082044] [] compat_SyS_setsockopt+0x149/0x290 [ 36.088414] [] ? sock_common_setsockopt+0xd0/0xd0 [ 36.094870] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 36.101416] [] ? do_fast_syscall_32+0xcf/0x890 [ 36.107611] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 36.114158] [] do_fast_syscall_32+0x2f7/0x890 [ 36.120269] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.126901] [] entry_SYSENTER_compat+0x51/0x60 [ 36.133097] Memory state around the buggy address: [ 36.137991] ffff8801c9db7b80: 00 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 [ 36.145318] ffff8801c9db7c00: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 [ 36.152643] >ffff8801c9db7c80: f2 f2 00 00 00 00 00 00 00 00 04 f2 f2 f2 00 00 [ 36.159965] ^ [ 36.165901] ffff8801c9db7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.173571] ffff8801c9db7d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.180891] ================================================================== [ 36.188216] ================================================================== [ 36.195546] BUG: KASAN: stack-out-of-bounds in string+0x1e8/0x200 at addr ffff8801c9db7cd5 [ 36.203911] Read of size 1 by task syzkaller225460/3340 [ 36.209240] page:ffffea0007276dc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 36.217458] flags: 0x8000000000000000() [ 36.221397] page dumped because: kasan: bad access detected [ 36.227074] CPU: 0 PID: 3340 Comm: syzkaller225460 Tainted: G B 4.9.67-gf26d3c7 #2 [ 36.235872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.245194] ffff8801c9db7738 ffffffff81d906e9 ffffed00393b6f9a 0000000000000001 [ 36.253152] 0000000000000000 ffffed00393b6f9a ffff8801c9db7cd5 ffff8801c9db77c0 [ 36.261103] ffffffff8153a833 0000000000000010 ffffffff00000000 ffffffff81db26c8 [ 36.269073] Call Trace: [ 36.271636] [] dump_stack+0xc1/0x128 [ 36.276968] [] kasan_report.part.1+0x4c3/0x500 [ 36.283163] [] ? string+0x1e8/0x200 [ 36.288407] [] __asan_report_load1_noabort+0x29/0x30 [ 36.295135] [] string+0x1e8/0x200 [ 36.300224] [] vsnprintf+0x7ad/0x16d0 [ 36.305643] [] ? pointer+0xa90/0xa90 [ 36.310975] [] vscnprintf+0x2d/0x60 [ 36.316232] [] vprintk_emit+0xf1/0x750 [ 36.321734] [] ? mark_held_locks+0xaf/0x100 [ 36.327671] [] vprintk+0x28/0x30 [ 36.332651] [] vprintk_default+0x1d/0x30 [ 36.338331] [] printk+0xb7/0xe2 [ 36.343228] [] ? load_image_and_restore+0xf9/0xf9 [ 36.349689] [] ? mutex_lock_killable_nested+0x960/0x960 [ 36.356673] [] do_ip_vs_set_ctl+0xa01/0xc00 [ 36.362610] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 36.369418] [] ? mark_held_locks+0xaf/0x100 [ 36.375356] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 36.382075] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 36.388272] [] ? mutex_unlock+0x9/0x10 [ 36.393778] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 36.400841] [] compat_nf_setsockopt+0xfa/0x130 [ 36.407040] [] compat_ip_setsockopt+0x9d/0xf0 [ 36.413157] [] compat_udp_setsockopt+0x45/0x80 [ 36.419364] [] compat_sock_common_setsockopt+0xb2/0x140 [ 36.426343] [] ? udp_lib_setsockopt+0x560/0x560 [ 36.432628] [] compat_SyS_setsockopt+0x149/0x290 [ 36.438999] [] ? sock_common_setsockopt+0xd0/0xd0 [ 36.445473] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 36.452025] [] ? do_fast_syscall_32+0xcf/0x890 [ 36.458221] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 36.464762] [] do_fast_syscall_32+0x2f7/0x890 [ 36.470871] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.477521] [] entry_SYSENTER_compat+0x51/0x60 [ 36.483717] Memory state around the buggy address: [ 36.488610] ffff8801c9db7b80: 00 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 [ 36.495933] ffff8801c9db7c00: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 [ 36.503256] >ffff8801c9db7c80: f2 f2 00 00 00 00 00 00 00 00 04 f2 f2 f2 00 00 [ 36.510588] ^ [ 36.516524] ffff8801c9db7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.523847] ffff8801c9db7d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.531171] ================================================================== [ 36.538493] ================================================================== [ 36.545826] BUG: KASAN: stack-out-of-bounds in string+0x1e8/0x200 at addr ffff8801c9db7cd6 [ 36.554200] Read of size 1 by task syzkaller225460/3340 [ 36.559531] page:ffffea0007276dc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 36.567751] flags: 0x8000000000000000() [ 36.571688] page dumped because: kasan: bad access detected [ 36.577367] CPU: 0 PID: 3340 Comm: syzkaller225460 Tainted: G B 4.9.67-gf26d3c7 #2 [ 36.586165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.595486] ffff8801c9db7738 ffffffff81d906e9 ffffed00393b6f9a 0000000000000001 [ 36.603432] 0000000000000000 ffffed00393b6f9a ffff8801c9db7cd6 ffff8801c9db77c0 [ 36.611395] ffffffff8153a833 0000000000000010 ffffffff00000000 ffffffff81db26c8 [ 36.619347] Call Trace: [ 36.621903] [] dump_stack+0xc1/0x128 [ 36.627235] [] kasan_report.part.1+0x4c3/0x500 [ 36.633432] [] ? string+0x1e8/0x200 [ 36.638672] [] __asan_report_load1_noabort+0x29/0x30 [ 36.645389] [] string+0x1e8/0x200 [ 36.650457] [] vsnprintf+0x7ad/0x16d0 [ 36.655873] [] ? pointer+0xa90/0xa90 [ 36.661211] [] vscnprintf+0x2d/0x60 [ 36.666463] [] vprintk_emit+0xf1/0x750 [ 36.671967] [] ? mark_held_locks+0xaf/0x100 [ 36.677908] [] vprintk+0x28/0x30 [ 36.682890] [] vprintk_default+0x1d/0x30 [ 36.688567] [] printk+0xb7/0xe2 [ 36.693460] [] ? load_image_and_restore+0xf9/0xf9 [ 36.699919] [] ? mutex_lock_killable_nested+0x960/0x960 [ 36.706898] [] do_ip_vs_set_ctl+0xa01/0xc00 [ 36.712836] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 36.719933] [] ? mark_held_locks+0xaf/0x100 [ 36.725876] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 36.732593] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 36.738797] [] ? mutex_unlock+0x9/0x10 [ 36.744303] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 36.751366] [] compat_nf_setsockopt+0xfa/0x130 [ 36.757568] [] compat_ip_setsockopt+0x9d/0xf0 [ 36.763681] [] compat_udp_setsockopt+0x45/0x80 [ 36.769883] [] compat_sock_common_setsockopt+0xb2/0x140 [ 36.776873] [] ? udp_lib_setsockopt+0x560/0x560 [ 36.783158] [] compat_SyS_setsockopt+0x149/0x290 [ 36.789533] [] ? sock_common_setsockopt+0xd0/0xd0 [ 36.795999] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 36.802546] [] ? do_fast_syscall_32+0xcf/0x890 [ 36.808744] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 36.815296] [] do_fast_syscall_32+0x2f7/0x890 [ 36.821405] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.828040] [] entry_SYSENTER_compat+0x51/0x60 [ 36.834278] Memory state around the buggy address: [ 36.839172] ffff8801c9db7b80: 00 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 [ 36.846495] ffff8801c9db7c00: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 [ 36.853825] >ffff8801c9db7c80: f2 f2 00 00 00 00 00 00 00 00 04 f2 f2 f2 00 00 [ 36.861148] ^ [ 36.867094] ffff8801c9db7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.874425] ffff8801c9db7d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.881754] ================================================================== [ 36.889079] ================================================================== [ 36.896515] BUG: KASAN: stack-out-of-bounds in string+0x1e8/0x200 at addr ffff8801c9db7cd7 [ 36.904884] Read of size 1 by task syzkaller225460/3340 [ 36.910217] page:ffffea0007276dc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 36.918436] flags: 0x8000000000000000() [ 36.922373] page dumped because: kasan: bad access detected [ 36.928052] CPU: 0 PID: 3340 Comm: syzkaller225460 Tainted: G B 4.9.67-gf26d3c7 #2 [ 36.936854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.946172] ffff8801c9db7738 ffffffff81d906e9 ffffed00393b6f9a 0000000000000001 [ 36.954121] 0000000000000000 ffffed00393b6f9a ffff8801c9db7cd7 ffff8801c9db77c0 [ 36.962071] ffffffff8153a833 0000000000000010 ffffffff00000000 ffffffff81db26c8 [ 36.970018] Call Trace: [ 36.972572] [] dump_stack+0xc1/0x128 [ 36.977902] [] kasan_report.part.1+0x4c3/0x500 [ 36.984100] [] ? string+0x1e8/0x200 [ 36.989339] [] __asan_report_load1_noabort+0x29/0x30 [ 36.996056] [] string+0x1e8/0x200 [ 37.001123] [] vsnprintf+0x7ad/0x16d0 [ 37.006546] [] ? pointer+0xa90/0xa90 [ 37.011874] [] vscnprintf+0x2d/0x60 [ 37.017116] [] vprintk_emit+0xf1/0x750 [ 37.022620] [] ? mark_held_locks+0xaf/0x100 [ 37.028551] [] vprintk+0x28/0x30 [ 37.033529] [] vprintk_default+0x1d/0x30 [ 37.039379] [] printk+0xb7/0xe2 [ 37.044270] [] ? load_image_and_restore+0xf9/0xf9 [ 37.050727] [] ? mutex_lock_killable_nested+0x960/0x960 [ 37.057709] [] do_ip_vs_set_ctl+0xa01/0xc00 [ 37.063653] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 37.070461] [] ? mark_held_locks+0xaf/0x100 [ 37.076403] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 37.083119] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 37.089315] [] ? mutex_unlock+0x9/0x10 [ 37.094819] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 37.101888] [] compat_nf_setsockopt+0xfa/0x130 [ 37.108096] [] compat_ip_setsockopt+0x9d/0xf0 [ 37.114205] [] compat_udp_setsockopt+0x45/0x80 [ 37.120410] [] compat_sock_common_setsockopt+0xb2/0x140 [ 37.127395] [] ? udp_lib_setsockopt+0x560/0x560 [ 37.133678] [] compat_SyS_setsockopt+0x149/0x290 [ 37.140046] [] ? sock_common_setsockopt+0xd0/0xd0 [ 37.146500] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 37.153056] [] ? do_fast_syscall_32+0xcf/0x890 [ 37.159249] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 37.165790] [] do_fast_syscall_32+0x2f7/0x890 [ 37.171898] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.178529] [] entry_SYSENTER_compat+0x51/0x60 [ 37.184724] Memory state around the buggy address: [ 37.189616] ffff8801c9db7b80: 00 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 [ 37.196938] ffff8801c9db7c00: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 [ 37.204263] >ffff8801c9db7c80: f2 f2 00 00 00 00 00 00 00 00 04 f2 f2 f2 00 00 [ 37.211584] ^ [ 37.217517] ffff8801c9db7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.224842] ffff8801c9db7d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.232161] ================================================================== [ 37.239483] ================================================================== [ 37.246809] BUG: KASAN: stack-out-of-bounds in string+0x1e8/0x200 at addr ffff8801c9db7cd8 [ 37.255181] Read of size 1 by task syzkaller225460/3340 [ 37.260517] page:ffffea0007276dc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 37.268733] flags: 0x8000000000000000() [ 37.272672] page dumped because: kasan: bad access detected [ 37.278349] CPU: 0 PID: 3340 Comm: syzkaller225460 Tainted: G B 4.9.67-gf26d3c7 #2 [ 37.287146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.296474] ffff8801c9db7738 ffffffff81d906e9 ffffed00393b6f9b 0000000000000001 [ 37.304425] 0000000000000000 ffffed00393b6f9b ffff8801c9db7cd8 ffff8801c9db77c0 [ 37.312370] ffffffff8153a833 0000000000000010 ffffffff00000000 ffffffff81db26c8 [ 37.320313] Call Trace: [ 37.322866] [] dump_stack+0xc1/0x128 [ 37.328197] [] kasan_report.part.1+0x4c3/0x500 [ 37.334391] [] ? string+0x1e8/0x200 [ 37.339641] [] __asan_report_load1_noabort+0x29/0x30 [ 37.346357] [] string+0x1e8/0x200 [ 37.351424] [] vsnprintf+0x7ad/0x16d0 [ 37.356842] [] ? pointer+0xa90/0xa90 [ 37.362170] [] vscnprintf+0x2d/0x60 [ 37.367421] [] vprintk_emit+0xf1/0x750 [ 37.372928] [] ? mark_held_locks+0xaf/0x100 [ 37.378955] [] vprintk+0x28/0x30 [ 37.383937] [] vprintk_default+0x1d/0x30 [ 37.389613] [] printk+0xb7/0xe2 [ 37.394505] [] ? load_image_and_restore+0xf9/0xf9 [ 37.400965] [] ? mutex_lock_killable_nested+0x960/0x960 [ 37.407944] [] do_ip_vs_set_ctl+0xa01/0xc00 [ 37.413884] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 37.420687] [] ? mark_held_locks+0xaf/0x100 [ 37.426625] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 37.433345] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 37.439542] [] ? mutex_unlock+0x9/0x10 [ 37.445048] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 37.452112] [] compat_nf_setsockopt+0xfa/0x130 [ 37.458312] [] compat_ip_setsockopt+0x9d/0xf0 [ 37.464426] [] compat_udp_setsockopt+0x45/0x80 [ 37.470624] [] compat_sock_common_setsockopt+0xb2/0x140 [ 37.477603] [] ? udp_lib_setsockopt+0x560/0x560 [ 37.483889] [] compat_SyS_setsockopt+0x149/0x290 [ 37.490266] [] ? sock_common_setsockopt+0xd0/0xd0 [ 37.496722] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 37.503266] [] ? do_fast_syscall_32+0xcf/0x890 [ 37.509460] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 37.516001] [] do_fast_syscall_32+0x2f7/0x890 [ 37.522109] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.528737] [] entry_SYSENTER_compat+0x51/0x60 [ 37.534930] Memory state around the buggy address: [ 37.539823] ffff8801c9db7b80: 00 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 [ 37.547148] ffff8801c9db7c00: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 [ 37.554472] >ffff8801c9db7c80: f2 f2 00 00 00 00 00 00 00 00 04 f2 f2 f2 00 00 [ 37.561795] ^ [ 37.567989] ffff8801c9db7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.575311] ffff8801c9db7d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.582631] ================================================================== [ 37.589953] ================================================================== [ 37.597283] BUG: KASAN: stack-out-of-bounds in string+0x1e8/0x200 at addr ffff8801c9db7cd9 [ 37.605650] Read of size 1 by task syzkaller225460/3340 [ 37.610978] page:ffffea0007276dc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 37.619194] flags: 0x8000000000000000() [ 37.623129] page dumped because: kasan: bad access detected [ 37.628807] CPU: 0 PID: 3340 Comm: syzkaller225460 Tainted: G B 4.9.67-gf26d3c7 #2 [ 37.637602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.646924] ffff8801c9db7738 ffffffff81d906e9 ffffed00393b6f9b 0000000000000001 [ 37.654873] 0000000000000000 ffffed00393b6f9b ffff8801c9db7cd9 ffff8801c9db77c0 [ 37.662903] ffffffff8153a833 0000000000000010 ffffffff00000000 ffffffff81db26c8 [ 37.670842] Call Trace: [ 37.673394] [] dump_stack+0xc1/0x128 [ 37.678725] [] kasan_report.part.1+0x4c3/0x500 [ 37.684919] [] ? string+0x1e8/0x200 [ 37.690159] [] __asan_report_load1_noabort+0x29/0x30 [ 37.696874] [] string+0x1e8/0x200 [ 37.701953] [] vsnprintf+0x7ad/0x16d0 [ 37.707367] [] ? pointer+0xa90/0xa90 [ 37.712694] [] vscnprintf+0x2d/0x60 [ 37.717936] [] vprintk_emit+0xf1/0x750 [ 37.723442] [] ? mark_held_locks+0xaf/0x100 [ 37.729374] [] vprintk+0x28/0x30 [ 37.734355] [] vprintk_default+0x1d/0x30 [ 37.740030] [] printk+0xb7/0xe2 [ 37.744924] [] ? load_image_and_restore+0xf9/0xf9 [ 37.751385] [] ? mutex_lock_killable_nested+0x960/0x960 [ 37.758368] [] do_ip_vs_set_ctl+0xa01/0xc00 [ 37.764306] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 37.771111] [] ? mark_held_locks+0xaf/0x100 [ 37.777044] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 37.783759] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 37.789951] [] ? mutex_unlock+0x9/0x10 [ 37.795457] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 37.802519] [] compat_nf_setsockopt+0xfa/0x130 [ 37.808715] [] compat_ip_setsockopt+0x9d/0xf0 [ 37.814827] [] compat_udp_setsockopt+0x45/0x80 [ 37.821027] [] compat_sock_common_setsockopt+0xb2/0x140 [ 37.828003] [] ? udp_lib_setsockopt+0x560/0x560 [ 37.834287] [] compat_SyS_setsockopt+0x149/0x290 [ 37.840655] [] ? sock_common_setsockopt+0xd0/0xd0 [ 37.847110] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 37.853656] [] ? do_fast_syscall_32+0xcf/0x890 [ 37.859850] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 37.866395] [] do_fast_syscall_32+0x2f7/0x890 [ 37.872517] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.879322] [] entry_SYSENTER_compat+0x51/0x60 [ 37.885516] Memory state around the buggy address: [ 37.890416] ffff8801c9db7b80: 00 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 [ 37.897741] ffff8801c9db7c00: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 [ 37.905061] >ffff8801c9db7c80: f2 f2 00 00 00 00 00 00 00 00 04 f2 f2 f2 00 00 [ 37.912387] ^ [ 37.918597] ffff8801c9db7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.925918] ffff8801c9db7d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 37.933239] ================================================================== [ 37.940560] ================================================================== [ 37.947890] BUG: KASAN: stack-out-of-bounds in string+0x1e8/0x200 at addr ffff8801c9db7cda [ 37.956257] Read of size 1 by task syzkaller225460/3340 [ 37.961588] page:ffffea0007276dc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 37.969807] flags: 0x8000000000000000() [ 37.973744] page dumped because: kasan: bad access detected [ 37.979418] CPU: 0 PID: 3340 Comm: syzkaller225460 Tainted: G B 4.9.67-gf26d3c7 #2 [ 37.988213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.997532] ffff8801c9db7738 ffffffff81d906e9 ffffed00393b6f9b 0000000000000001 [ 38.005478] 0000000000000000 ffffed00393b6f9b ffff8801c9db7cda ffff8801c9db77c0 [ 38.013422] ffffffff8153a833 0000000000000010 ffffffff00000000 ffffffff81db26c8 [ 38.021361] Call Trace: [ 38.023918] [] dump_stack+0xc1/0x128 [ 38.029246] [] kasan_report.part.1+0x4c3/0x500 [ 38.035450] [] ? string+0x1e8/0x200 [ 38.040697] [] __asan_report_load1_noabort+0x29/0x30 [ 38.047410] [] string+0x1e8/0x200 [ 38.052479] [] vsnprintf+0x7ad/0x16d0 [ 38.057890] [] ? pointer+0xa90/0xa90 [ 38.063227] [] vscnprintf+0x2d/0x60 [ 38.068475] [] vprintk_emit+0xf1/0x750 [ 38.073978] [] ? mark_held_locks+0xaf/0x100 [ 38.079920] [] vprintk+0x28/0x30 [ 38.084902] [] vprintk_default+0x1d/0x30 [ 38.090579] [] printk+0xb7/0xe2 [ 38.095480] [] ? load_image_and_restore+0xf9/0xf9 [ 38.101939] [] ? mutex_lock_killable_nested+0x960/0x960 [ 38.108918] [] do_ip_vs_set_ctl+0xa01/0xc00 [ 38.114853] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 38.121656] [] ? mark_held_locks+0xaf/0x100 [ 38.127592] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 38.134306] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 38.140500] [] ? mutex_unlock+0x9/0x10 [ 38.146003] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 38.153067] [] compat_nf_setsockopt+0xfa/0x130 [ 38.159261] [] compat_ip_setsockopt+0x9d/0xf0 [ 38.165373] [] compat_udp_setsockopt+0x45/0x80 [ 38.171571] [] compat_sock_common_setsockopt+0xb2/0x140 [ 38.178546] [] ? udp_lib_setsockopt+0x560/0x560 [ 38.184829] [] compat_SyS_setsockopt+0x149/0x290 [ 38.191198] [] ? sock_common_setsockopt+0xd0/0xd0 [ 38.197654] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 38.204200] [] ? do_fast_syscall_32+0xcf/0x890 [ 38.210394] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 38.216950] [] do_fast_syscall_32+0x2f7/0x890 [ 38.223234] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 38.229951] [] entry_SYSENTER_compat+0x51/0x60 [ 38.236143] Memory state around the buggy address: [ 38.241034] ffff8801c9db7b80: 00 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 [ 38.248357] ffff8801c9db7c00: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 [ 38.255677] >ffff8801c9db7c80: f2 f2 00 00 00 00 00 00 00 00 04 f2 f2 f2 00 00 [ 38.263009] ^ [ 38.269202] ffff8801c9db7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.276527] ffff8801c9db7d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.283848] ================================================================== [ 38.291169] ================================================================== [ 38.291169] IOS Google 01/01/2011 [ 38.291169] [T�UL\d�*W��