[....] Starting enhanced syslogd: rsyslogd[ 13.616896] audit: type=1400 audit(1516822172.737:5): avc: denied { syslog } for pid=3507 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.946340] audit: type=1400 audit(1516822178.067:6): avc: denied { map } for pid=3647 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts. [ 25.199977] audit: type=1400 audit(1516822184.320:7): avc: denied { map } for pid=3661 comm="syzkaller971881" path="/root/syzkaller971881752" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 25.201747] ================================================================== [ 25.201763] BUG: KASAN: slab-out-of-bounds in string+0x1e8/0x200 [ 25.201767] Read of size 1 at addr ffff8801d9972a10 by task syzkaller971881/3661 [ 25.201769] [ 25.201774] CPU: 1 PID: 3661 Comm: syzkaller971881 Not tainted 4.15.0-rc9+ #207 [ 25.201776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.201778] Call Trace: [ 25.201788] dump_stack+0x194/0x257 [ 25.201797] ? arch_local_irq_restore+0x53/0x53 [ 25.201805] ? show_regs_print_info+0x18/0x18 [ 25.201816] ? string+0x1e8/0x200 [ 25.201824] print_address_description+0x73/0x250 [ 25.201829] ? string+0x1e8/0x200 [ 25.201835] kasan_report+0x25b/0x340 [ 25.201845] __asan_report_load1_noabort+0x14/0x20 [ 25.201849] string+0x1e8/0x200 [ 25.201862] vsnprintf+0x863/0x1900 [ 25.201874] ? pointer+0x9e0/0x9e0 [ 25.201891] __request_module+0x1bf/0xc20 [ 25.201897] ? lock_downgrade+0x980/0x980 [ 25.201905] ? free_modprobe_argv+0xa0/0xa0 [ 25.201911] ? lock_downgrade+0x980/0x980 [ 25.201917] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.201924] ? pcpu_alloc+0x146/0x10e0 [ 25.201939] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 25.201943] ? pcpu_free_area+0xa00/0xa00 [ 25.201951] ? wait_for_completion+0x770/0x770 [ 25.201961] ? __kernel_text_address+0xd/0x40 [ 25.201966] ? wait_for_completion+0x770/0x770 [ 25.201974] ? trace_hardirqs_off+0xd/0x10 [ 25.201983] ? depot_save_stack+0x3b5/0x490 [ 25.201993] ? kvfree+0x36/0x60 [ 25.202014] ? xt_find_target+0x17b/0x1e0 [ 25.202032] xt_request_find_target+0x8b/0xb0 [ 25.202042] find_check_entry.isra.8+0x612/0xcb0 [ 25.202054] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.202060] ? ipt_do_table+0x1330/0x1330 [ 25.202069] ? mark_held_locks+0xaf/0x100 [ 25.202075] ? kfree+0xf0/0x260 [ 25.202079] ? kvfree+0x36/0x60 [ 25.202085] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.202091] ? trace_hardirqs_on+0xd/0x10 [ 25.202102] translate_table+0xed1/0x1610 [ 25.202125] ? alloc_counters.isra.11+0x7d0/0x7d0 [ 25.202133] ? kasan_check_write+0x14/0x20 [ 25.202139] ? _copy_from_user+0x99/0x110 [ 25.202147] do_ipt_set_ctl+0x370/0x5f0 [ 25.202155] ? translate_compat_table+0x1b90/0x1b90 [ 25.202172] ? mutex_unlock+0xd/0x10 [ 25.202177] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 25.202185] nf_setsockopt+0x67/0xc0 [ 25.202195] ip_setsockopt+0xa1/0xb0 [ 25.202205] udp_setsockopt+0x45/0x80 [ 25.202216] sock_common_setsockopt+0x95/0xd0 [ 25.202225] SyS_setsockopt+0x189/0x360 [ 25.202234] ? SyS_recv+0x40/0x40 [ 25.202241] ? entry_SYSCALL_64_fastpath+0x5/0xa0 [ 25.202248] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.202256] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.202268] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 25.202272] RIP: 0033:0x43ffc9 [ 25.202274] RSP: 002b:00007ffee84150e8 EFLAGS: 00000203 ORIG_RAX: 0000000000000036 [ 25.202279] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ffc9 [ 25.202282] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 [ 25.202284] RBP: 00000000006ca018 R08: 00000000000000f0 R09: 0000000000000000 [ 25.202287] R10: 0000000020f20000 R11: 0000000000000203 R12: 00000000004018f0 [ 25.202289] R13: 0000000000401980 R14: 0000000000000000 R15: 0000000000000000 [ 25.202306] [ 25.202308] Allocated by task 3661: [ 25.202313] save_stack+0x43/0xd0 [ 25.202317] kasan_kmalloc+0xad/0xe0 [ 25.202320] __kmalloc_node+0x47/0x70 [ 25.202323] kvmalloc_node+0x99/0xd0 [ 25.202327] xt_alloc_table_info+0x64/0xe0 [ 25.202331] do_ipt_set_ctl+0x29b/0x5f0 [ 25.202333] nf_setsockopt+0x67/0xc0 [ 25.202337] ip_setsockopt+0xa1/0xb0 [ 25.202340] udp_setsockopt+0x45/0x80 [ 25.202344] sock_common_setsockopt+0x95/0xd0 [ 25.202347] SyS_setsockopt+0x189/0x360 [ 25.202351] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 25.202352] [ 25.202354] Freed by task 2010: [ 25.202358] save_stack+0x43/0xd0 [ 25.202362] kasan_slab_free+0x71/0xc0 [ 25.202365] kfree+0xd6/0x260 [ 25.202369] single_release+0x80/0xb0 [ 25.202372] __fput+0x327/0x7e0 [ 25.202375] ____fput+0x15/0x20 [ 25.202379] task_work_run+0x199/0x270 [ 25.202383] exit_to_usermode_loop+0x296/0x310 [ 25.202387] syscall_return_slowpath+0x490/0x550 [ 25.202391] entry_SYSCALL_64_fastpath+0x9e/0xa0 [ 25.202392] [ 25.202395] The buggy address belongs to the object at ffff8801d9972940 [ 25.202395] which belongs to the cache kmalloc-256 of size 256 [ 25.202398] The buggy address is located 208 bytes inside of [ 25.202398] 256-byte region [ffff8801d9972940, ffff8801d9972a40) [ 25.202400] The buggy address belongs to the page: [ 25.202403] page:ffffea0007665c80 count:1 mapcount:0 mapping:ffff8801d9972080 index:0x0 [ 25.202408] flags: 0x2fffc0000000100(slab) [ 25.202418] raw: 02fffc0000000100 ffff8801d9972080 0000000000000000 000000010000000c [ 25.202423] raw: ffffea00076636a0 ffffea0007665e20 ffff8801dac007c0 0000000000000000 [ 25.202425] page dumped because: kasan: bad access detected [ 25.202426] [ 25.202428] Memory state around the buggy address: [ 25.202431] ffff8801d9972900: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 25.202434] ffff8801d9972980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.202437] >ffff8801d9972a00: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.202439] ^ [ 25.202442] ffff8801d9972a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.202445] ffff8801d9972b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.202446] ================================================================== [ 25.202447] Disabling lock debugging due to kernel taint [ 25.202467] Kernel panic - not syncing: panic_on_warn set ... [ 25.202467] [ 25.202471] CPU: 1 PID: 3661 Comm: syzkaller971881 Tainted: G B 4.15.0-rc9+ #207 [ 25.202473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.202475] Call Trace: [ 25.202480] dump_stack+0x194/0x257 [ 25.202485] ? arch_local_irq_restore+0x53/0x53 [ 25.202490] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.202495] ? vsnprintf+0x1ed/0x1900 [ 25.202500] ? string+0x160/0x200 [ 25.202505] panic+0x1e4/0x41c [ 25.202509] ? refcount_error_report+0x214/0x214 [ 25.202515] ? add_taint+0x1c/0x50 [ 25.202519] ? add_taint+0x1c/0x50 [ 25.202524] ? string+0x1e8/0x200 [ 25.202529] kasan_end_report+0x50/0x50 [ 25.202533] kasan_report+0x144/0x340 [ 25.202539] __asan_report_load1_noabort+0x14/0x20 [ 25.202543] string+0x1e8/0x200 [ 25.202551] vsnprintf+0x863/0x1900 [ 25.202558] ? pointer+0x9e0/0x9e0 [ 25.202568] __request_module+0x1bf/0xc20 [ 25.202572] ? lock_downgrade+0x980/0x980 [ 25.202578] ? free_modprobe_argv+0xa0/0xa0 [ 25.202582] ? lock_downgrade+0x980/0x980 [ 25.202586] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.202590] ? pcpu_alloc+0x146/0x10e0 [ 25.202599] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 25.202603] ? pcpu_free_area+0xa00/0xa00 [ 25.202608] ? wait_for_completion+0x770/0x770 [ 25.202615] ? __kernel_text_address+0xd/0x40 [ 25.202619] ? wait_for_completion+0x770/0x770 [ 25.202624] ? trace_hardirqs_off+0xd/0x10 [ 25.202630] ? depot_save_stack+0x3b5/0x490 [ 25.202636] ? kvfree+0x36/0x60 [ 25.202644] ? xt_find_target+0x17b/0x1e0 [ 25.202655] xt_request_find_target+0x8b/0xb0 [ 25.202660] find_check_entry.isra.8+0x612/0xcb0 [ 25.202668] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.202673] ? ipt_do_table+0x1330/0x1330 [ 25.202679] ? mark_held_locks+0xaf/0x100 [ 25.202683] ? kfree+0xf0/0x260 [ 25.202687] ? kvfree+0x36/0x60 [ 25.202691] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.202696] ? trace_hardirqs_on+0xd/0x10 [ 25.202703] translate_table+0xed1/0x1610 [ 25.202716] ? alloc_counters.isra.11+0x7d0/0x7d0 [ 25.202722] ? kasan_check_write+0x14/0x20 [ 25.202725] ? _copy_from_user+0x99/0x110 [ 25.202730] do_ipt_set_ctl+0x370/0x5f0 [ 25.202737] ? translate_compat_table+0x1b90/0x1b90 [ 25.202746] ? mutex_unlock+0xd/0x10 [ 25.202750] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 25.202755] nf_setsockopt+0x67/0xc0 [ 25.202761] ip_setsockopt+0xa1/0xb0 [ 25.202767] udp_setsockopt+0x45/0x80 [ 25.202773] sock_common_setsockopt+0x95/0xd0 [ 25.202779] SyS_setsockopt+0x189/0x360 [ 25.202785] ? SyS_recv+0x40/0x40 [ 25.202790] ? entry_SYSCALL_64_fastpath+0x5/0xa0 [ 25.202796] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.202801] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.202808] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 25.202811] RIP: 0033:0x43ffc9 [ 25.202813] RSP: 002b:00007ffee84150e8 EFLAGS: 00000203 ORIG_RAX: 0000000000000036 [ 25.202817] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ffc9 [ 25.202819] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 [ 25.202821] RBP: 00000000006ca018 R08: 00000000000000f0 R09: 0000000000000000 [ 25.202823] R10: 0000000020f20000 R11: 0000000000000203 R12: 00000000004018f0 [ 25.202826] R13: 0000000000401980 R14: 0000000000000000 R15: 0000000000000000 [ 25.226273] Dumping ftrace buffer: [ 25.226277] (ftrace buffer empty) [ 25.226279] Kernel Offset: disabled [ 26.084403] Rebooting in 86400 seconds..