[....] Starting enhanced syslogd: rsyslogd[ 11.726404] audit: type=1400 audit(1512948454.299:4): avc: denied { syslog } for pid=3162 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-386-3,10.128.0.25' (ECDSA) to the list of known hosts. syzkaller login: [ 23.505401] audit: type=1400 audit(1512948466.079:5): avc: denied { sys_admin } for pid=3322 comm="syzkaller173535" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 23.533311] IPVS: Creating netns size=2536 id=1 executing program [ 23.590480] audit: type=1400 audit(1512948466.169:6): avc: denied { sys_chroot } for pid=3323 comm="syzkaller173535" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 23.629808] audit: type=1400 audit(1512948466.199:7): avc: denied { net_admin } for pid=3326 comm="syzkaller173535" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 23.654535] ================================================================== [ 23.661891] BUG: KASAN: stack-out-of-bounds in string+0x1e8/0x200 at addr ffff8801cff37cd4 [ 23.670264] Read of size 1 by task syzkaller173535/3332 [ 23.675596] page:ffffea00073fcdc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 23.683822] flags: 0x8000000000000000() [ 23.687759] page dumped because: kasan: bad access detected [ 23.693448] CPU: 1 PID: 3332 Comm: syzkaller173535 Not tainted 4.9.67-gf26d3c7 #2 [ 23.701032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.710355] ffff8801cff37738 ffffffff81d906e9 ffffed0039fe6f9a 0000000000000001 [ 23.718311] 0000000000000000 ffffed0039fe6f9a ffff8801cff37cd4 ffff8801cff377c0 [ 23.726268] ffffffff8153a833 1ffff10039fe6ef5 ffffffff83f1dcc8 ffffffff81db26c8 [ 23.734219] Call Trace: [ 23.736777] [] dump_stack+0xc1/0x128 [ 23.742107] [] kasan_report.part.1+0x4c3/0x500 [ 23.748305] [] ? string+0x1e8/0x200 [ 23.753547] [] __asan_report_load1_noabort+0x29/0x30 [ 23.760269] [] string+0x1e8/0x200 [ 23.765339] [] vsnprintf+0x7ad/0x16d0 [ 23.770757] [] ? pointer+0xa90/0xa90 [ 23.776093] [] vscnprintf+0x2d/0x60 [ 23.781344] [] vprintk_emit+0xf1/0x750 [ 23.786855] [] ? mark_held_locks+0xaf/0x100 [ 23.792791] [] vprintk+0x28/0x30 [ 23.797771] [] vprintk_default+0x1d/0x30 [ 23.803446] [] printk+0xb7/0xe2 [ 23.808346] [] ? load_image_and_restore+0xf9/0xf9 [ 23.814810] [] ? mutex_lock_killable_nested+0x960/0x960 [ 23.821793] [] do_ip_vs_set_ctl+0xa01/0xc00 [ 23.827731] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 23.834539] [] ? mark_held_locks+0xaf/0x100 [ 23.840478] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 23.847197] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 23.853395] [] ? mutex_unlock+0x9/0x10 [ 23.858920] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 23.866018] [] compat_nf_setsockopt+0xfa/0x130 [ 23.872218] [] compat_ip_setsockopt+0x9d/0xf0 [ 23.878340] [] compat_udp_setsockopt+0x45/0x80 [ 23.884551] [] compat_sock_common_setsockopt+0xb2/0x140 [ 23.891541] [] ? udp_lib_setsockopt+0x560/0x560 [ 23.897852] [] compat_SyS_setsockopt+0x149/0x290 [ 23.904226] [] ? sock_common_setsockopt+0xd0/0xd0 [ 23.910691] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 23.917244] [] ? do_fast_syscall_32+0xcf/0x890 [ 23.923446] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 23.929990] [] do_fast_syscall_32+0x2f7/0x890 [ 23.936102] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 23.942732] [] entry_SYSENTER_compat+0x51/0x60 [ 23.948926] Memory state around the buggy address: [ 23.953828] ffff8801cff37b80: 00 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 [ 23.961161] ffff8801cff37c00: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 [ 23.968488] >ffff8801cff37c80: f2 f2 00 00 00 00 00 00 00 00 04 f2 f2 f2 00 00 [ 23.975811] ^ [ 23.981762] ffff8801cff37d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.989093] ffff8801cff37d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.996417] ================================================================== [ 24.003741] ================================================================== [ 24.011071] BUG: KASAN: stack-out-of-bounds in string+0x1e8/0x200 at addr ffff8801cff37cd5 [ 24.019437] Read of size 1 by task syzkaller173535/3332 [ 24.024768] page:ffffea00073fcdc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 24.032989] flags: 0x8000000000000000() [ 24.036924] page dumped because: kasan: bad access detected [ 24.042603] CPU: 1 PID: 3332 Comm: syzkaller173535 Tainted: G B 4.9.67-gf26d3c7 #2 [ 24.051402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.060723] ffff8801cff37738 ffffffff81d906e9 ffffed0039fe6f9a 0000000000000001 [ 24.068671] 0000000000000000 ffffed0039fe6f9a ffff8801cff37cd5 ffff8801cff377c0 [ 24.076619] ffffffff8153a833 0000000000000010 ffffffff00000000 ffffffff81db26c8 [ 24.084586] Call Trace: [ 24.087143] [] dump_stack+0xc1/0x128 [ 24.092473] [] kasan_report.part.1+0x4c3/0x500 [ 24.098673] [] ? string+0x1e8/0x200 [ 24.103915] [] __asan_report_load1_noabort+0x29/0x30 [ 24.110635] [] string+0x1e8/0x200 [ 24.115711] [] vsnprintf+0x7ad/0x16d0 [ 24.121126] [] ? pointer+0xa90/0xa90 [ 24.126453] [] vscnprintf+0x2d/0x60 [ 24.131700] [] vprintk_emit+0xf1/0x750 [ 24.137211] [] ? mark_held_locks+0xaf/0x100 [ 24.143149] [] vprintk+0x28/0x30 [ 24.148132] [] vprintk_default+0x1d/0x30 [ 24.153810] [] printk+0xb7/0xe2 [ 24.158705] [] ? load_image_and_restore+0xf9/0xf9 [ 24.165170] [] ? mutex_lock_killable_nested+0x960/0x960 [ 24.172161] [] do_ip_vs_set_ctl+0xa01/0xc00 [ 24.178101] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 24.184907] [] ? mark_held_locks+0xaf/0x100 [ 24.190866] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 24.197584] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 24.203782] [] ? mutex_unlock+0x9/0x10 [ 24.209287] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 24.216366] [] compat_nf_setsockopt+0xfa/0x130 [ 24.222563] [] compat_ip_setsockopt+0x9d/0xf0 [ 24.228674] [] compat_udp_setsockopt+0x45/0x80 [ 24.234872] [] compat_sock_common_setsockopt+0xb2/0x140 [ 24.241848] [] ? udp_lib_setsockopt+0x560/0x560 [ 24.248137] [] compat_SyS_setsockopt+0x149/0x290 [ 24.254508] [] ? sock_common_setsockopt+0xd0/0xd0 [ 24.260969] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 24.267519] [] ? do_fast_syscall_32+0xcf/0x890 [ 24.273716] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 24.280261] [] do_fast_syscall_32+0x2f7/0x890 [ 24.286374] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.293008] [] entry_SYSENTER_compat+0x51/0x60 [ 24.299206] Memory state around the buggy address: [ 24.304343] ffff8801cff37b80: 00 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 [ 24.311668] ffff8801cff37c00: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 [ 24.318992] >ffff8801cff37c80: f2 f2 00 00 00 00 00 00 00 00 04 f2 f2 f2 00 00 [ 24.326317] ^ [ 24.332254] ffff8801cff37d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.339579] ffff8801cff37d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.346902] ================================================================== [ 24.354229] ================================================================== [ 24.361559] BUG: KASAN: stack-out-of-bounds in string+0x1e8/0x200 at addr ffff8801cff37cd6 [ 24.369932] Read of size 1 by task syzkaller173535/3332 [ 24.375266] page:ffffea00073fcdc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 24.383487] flags: 0x8000000000000000() [ 24.387426] page dumped because: kasan: bad access detected [ 24.393102] CPU: 1 PID: 3332 Comm: syzkaller173535 Tainted: G B 4.9.67-gf26d3c7 #2 [ 24.401903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.411230] ffff8801cff37738 ffffffff81d906e9 ffffed0039fe6f9a 0000000000000001 [ 24.419216] 0000000000000000 ffffed0039fe6f9a ffff8801cff37cd6 ffff8801cff377c0 [ 24.427185] ffffffff8153a833 0000000000000010 ffffffff00000000 ffffffff81db26c8 [ 24.435132] Call Trace: [ 24.437688] [] dump_stack+0xc1/0x128 [ 24.443021] [] kasan_report.part.1+0x4c3/0x500 [ 24.449236] [] ? string+0x1e8/0x200 [ 24.454478] [] __asan_report_load1_noabort+0x29/0x30 [ 24.461200] [] string+0x1e8/0x200 [ 24.466273] [] vsnprintf+0x7ad/0x16d0 [ 24.471688] [] ? pointer+0xa90/0xa90 [ 24.477017] [] vscnprintf+0x2d/0x60 [ 24.482259] [] vprintk_emit+0xf1/0x750 [ 24.487761] [] ? mark_held_locks+0xaf/0x100 [ 24.493697] [] vprintk+0x28/0x30 [ 24.498679] [] vprintk_default+0x1d/0x30 [ 24.504358] [] printk+0xb7/0xe2 [ 24.509254] [] ? load_image_and_restore+0xf9/0xf9 [ 24.515712] [] ? mutex_lock_killable_nested+0x960/0x960 [ 24.522697] [] do_ip_vs_set_ctl+0xa01/0xc00 [ 24.528634] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 24.535455] [] ? mark_held_locks+0xaf/0x100 [ 24.541390] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 24.548111] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 24.554311] [] ? mutex_unlock+0x9/0x10 [ 24.559816] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 24.566882] [] compat_nf_setsockopt+0xfa/0x130 [ 24.573082] [] compat_ip_setsockopt+0x9d/0xf0 [ 24.579200] [] compat_udp_setsockopt+0x45/0x80 [ 24.585407] [] compat_sock_common_setsockopt+0xb2/0x140 [ 24.592394] [] ? udp_lib_setsockopt+0x560/0x560 [ 24.598683] [] compat_SyS_setsockopt+0x149/0x290 [ 24.605069] [] ? sock_common_setsockopt+0xd0/0xd0 [ 24.611528] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 24.618083] [] ? do_fast_syscall_32+0xcf/0x890 [ 24.624279] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 24.630821] [] do_fast_syscall_32+0x2f7/0x890 [ 24.636929] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.643560] [] entry_SYSENTER_compat+0x51/0x60 [ 24.649755] Memory state around the buggy address: [ 24.654648] ffff8801cff37b80: 00 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 [ 24.661973] ffff8801cff37c00: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 [ 24.669300] >ffff8801cff37c80: f2 f2 00 00 00 00 00 00 00 00 04 f2 f2 f2 00 00 [ 24.676625] ^ [ 24.682564] ffff8801cff37d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.689888] ffff8801cff37d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.697224] ================================================================== [ 24.704559] ================================================================== [ 24.711888] BUG: KASAN: stack-out-of-bounds in string+0x1e8/0x200 at addr ffff8801cff37cd7 [ 24.720263] Read of size 1 by task syzkaller173535/3332 [ 24.725594] page:ffffea00073fcdc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 24.733814] flags: 0x8000000000000000() [ 24.737755] page dumped because: kasan: bad access detected [ 24.743448] CPU: 1 PID: 3332 Comm: syzkaller173535 Tainted: G B 4.9.67-gf26d3c7 #2 [ 24.752248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.761571] ffff8801cff37738 ffffffff81d906e9 ffffed0039fe6f9a 0000000000000001 [ 24.769521] 0000000000000000 ffffed0039fe6f9a ffff8801cff37cd7 ffff8801cff377c0 [ 24.777485] ffffffff8153a833 0000000000000010 ffffffff00000000 ffffffff81db26c8 [ 24.786450] Call Trace: [ 24.789006] [] dump_stack+0xc1/0x128 [ 24.794336] [] kasan_report.part.1+0x4c3/0x500 [ 24.800532] [] ? string+0x1e8/0x200 [ 24.805776] [] __asan_report_load1_noabort+0x29/0x30 [ 24.812493] [] string+0x1e8/0x200 [ 24.817560] [] vsnprintf+0x7ad/0x16d0 [ 24.822977] [] ? pointer+0xa90/0xa90 [ 24.828310] [] vscnprintf+0x2d/0x60 [ 24.833550] [] vprintk_emit+0xf1/0x750 [ 24.839052] [] ? mark_held_locks+0xaf/0x100 [ 24.844999] [] vprintk+0x28/0x30 [ 24.849980] [] vprintk_default+0x1d/0x30 [ 24.855655] [] printk+0xb7/0xe2 [ 24.860550] [] ? load_image_and_restore+0xf9/0xf9 [ 24.867010] [] ? mutex_lock_killable_nested+0x960/0x960 [ 24.873991] [] do_ip_vs_set_ctl+0xa01/0xc00 [ 24.879932] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 24.886737] [] ? mark_held_locks+0xaf/0x100 [ 24.892673] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 24.899389] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 24.905583] [] ? mutex_unlock+0x9/0x10 [ 24.911084] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 24.918166] [] compat_nf_setsockopt+0xfa/0x130 [ 24.924365] [] compat_ip_setsockopt+0x9d/0xf0 [ 24.930479] [] compat_udp_setsockopt+0x45/0x80 [ 24.936678] [] compat_sock_common_setsockopt+0xb2/0x140 [ 24.943654] [] ? udp_lib_setsockopt+0x560/0x560 [ 24.949946] [] compat_SyS_setsockopt+0x149/0x290 [ 24.956329] [] ? sock_common_setsockopt+0xd0/0xd0 [ 24.962788] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 24.969333] [] ? do_fast_syscall_32+0xcf/0x890 [ 24.975529] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 24.982074] [] do_fast_syscall_32+0x2f7/0x890 [ 24.988184] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.994827] [] entry_SYSENTER_compat+0x51/0x60 [ 25.001023] Memory state around the buggy address: [ 25.005917] ffff8801cff37b80: 00 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 [ 25.013240] ffff8801cff37c00: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 [ 25.020564] >ffff8801cff37c80: f2 f2 00 00 00 00 00 00 00 00 04 f2 f2 f2 00 00 [ 25.027885] ^ [ 25.033827] ffff8801cff37d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.041155] ffff8801cff37d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.048492] ================================================================== [ 25.055818] ================================================================== [ 25.063151] BUG: KASAN: stack-out-of-bounds in string+0x1e8/0x200 at addr ffff8801cff37cd8 [ 25.071514] Read of size 1 by task syzkaller173535/3332 [ 25.076845] page:ffffea00073fcdc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 25.085059] flags: 0x8000000000000000() [ 25.088994] page dumped because: kasan: bad access detected [ 25.094670] CPU: 1 PID: 3332 Comm: syzkaller173535 Tainted: G B 4.9.67-gf26d3c7 #2 [ 25.103468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.112787] ffff8801cff37738 ffffffff81d906e9 ffffed0039fe6f9b 0000000000000001 [ 25.120761] 0000000000000000 ffffed0039fe6f9b ffff8801cff37cd8 ffff8801cff377c0 [ 25.128721] ffffffff8153a833 0000000000000010 ffffffff00000000 ffffffff81db26c8 [ 25.136682] Call Trace: [ 25.139252] [] dump_stack+0xc1/0x128 [ 25.144581] [] kasan_report.part.1+0x4c3/0x500 [ 25.150780] [] ? string+0x1e8/0x200 [ 25.156020] [] __asan_report_load1_noabort+0x29/0x30 [ 25.162737] [] string+0x1e8/0x200 [ 25.167806] [] vsnprintf+0x7ad/0x16d0 [ 25.173221] [] ? pointer+0xa90/0xa90 [ 25.178550] [] vscnprintf+0x2d/0x60 [ 25.183790] [] vprintk_emit+0xf1/0x750 [ 25.189293] [] ? mark_held_locks+0xaf/0x100 [ 25.195229] [] vprintk+0x28/0x30 [ 25.200209] [] vprintk_default+0x1d/0x30 [ 25.205894] [] printk+0xb7/0xe2 [ 25.210791] [] ? load_image_and_restore+0xf9/0xf9 [ 25.217250] [] ? mutex_lock_killable_nested+0x960/0x960 [ 25.224229] [] do_ip_vs_set_ctl+0xa01/0xc00 [ 25.230169] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 25.236978] [] ? mark_held_locks+0xaf/0x100 [ 25.242915] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 25.249638] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 25.255835] [] ? mutex_unlock+0x9/0x10 [ 25.261339] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 25.268403] [] compat_nf_setsockopt+0xfa/0x130 [ 25.274600] [] compat_ip_setsockopt+0x9d/0xf0 [ 25.280712] [] compat_udp_setsockopt+0x45/0x80 [ 25.286912] [] compat_sock_common_setsockopt+0xb2/0x140 [ 25.293895] [] ? udp_lib_setsockopt+0x560/0x560 [ 25.300178] [] compat_SyS_setsockopt+0x149/0x290 [ 25.306547] [] ? sock_common_setsockopt+0xd0/0xd0 [ 25.313004] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 25.319550] [] ? do_fast_syscall_32+0xcf/0x890 [ 25.325745] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 25.332289] [] do_fast_syscall_32+0x2f7/0x890 [ 25.338398] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.345039] [] entry_SYSENTER_compat+0x51/0x60 [ 25.351235] Memory state around the buggy address: [ 25.356133] ffff8801cff37b80: 00 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 [ 25.363458] ffff8801cff37c00: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 [ 25.370789] >ffff8801cff37c80: f2 f2 00 00 00 00 00 00 00 00 04 f2 f2 f2 00 00 [ 25.378123] ^ [ 25.384329] ffff8801cff37d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.391652] ffff8801cff37d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.398975] ================================================================== [ 25.406297] ================================================================== [ 25.413626] BUG: KASAN: stack-out-of-bounds in string+0x1e8/0x200 at addr ffff8801cff37cd9 [ 25.421993] Read of size 1 by task syzkaller173535/3332 [ 25.427322] page:ffffea00073fcdc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 25.435539] flags: 0x8000000000000000() [ 25.439474] page dumped because: kasan: bad access detected [ 25.445150] CPU: 1 PID: 3332 Comm: syzkaller173535 Tainted: G B 4.9.67-gf26d3c7 #2 [ 25.453948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.463268] ffff8801cff37738 ffffffff81d906e9 ffffed0039fe6f9b 0000000000000001 [ 25.471215] 0000000000000000 ffffed0039fe6f9b ffff8801cff37cd9 ffff8801cff377c0 [ 25.479171] ffffffff8153a833 0000000000000010 ffffffff00000000 ffffffff81db26c8 [ 25.487135] Call Trace: [ 25.489699] [] dump_stack+0xc1/0x128 [ 25.495032] [] kasan_report.part.1+0x4c3/0x500 [ 25.501229] [] ? string+0x1e8/0x200 [ 25.506474] [] __asan_report_load1_noabort+0x29/0x30 [ 25.513195] [] string+0x1e8/0x200 [ 25.518265] [] vsnprintf+0x7ad/0x16d0 [ 25.523681] [] ? pointer+0xa90/0xa90 [ 25.529009] [] vscnprintf+0x2d/0x60 [ 25.534258] [] vprintk_emit+0xf1/0x750 [ 25.539759] [] ? mark_held_locks+0xaf/0x100 [ 25.545695] [] vprintk+0x28/0x30 [ 25.550676] [] vprintk_default+0x1d/0x30 [ 25.556355] [] printk+0xb7/0xe2 [ 25.561257] [] ? load_image_and_restore+0xf9/0xf9 [ 25.567716] [] ? mutex_lock_killable_nested+0x960/0x960 [ 25.574695] [] do_ip_vs_set_ctl+0xa01/0xc00 [ 25.580632] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 25.587985] [] ? mark_held_locks+0xaf/0x100 [ 25.593922] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 25.600640] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 25.606838] [] ? mutex_unlock+0x9/0x10 [ 25.612341] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 25.619406] [] compat_nf_setsockopt+0xfa/0x130 [ 25.625607] [] compat_ip_setsockopt+0x9d/0xf0 [ 25.631731] [] compat_udp_setsockopt+0x45/0x80 [ 25.637930] [] compat_sock_common_setsockopt+0xb2/0x140 [ 25.644912] [] ? udp_lib_setsockopt+0x560/0x560 [ 25.651201] [] compat_SyS_setsockopt+0x149/0x290 [ 25.657577] [] ? sock_common_setsockopt+0xd0/0xd0 [ 25.664039] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 25.670585] [] ? do_fast_syscall_32+0xcf/0x890 [ 25.676795] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 25.683341] [] do_fast_syscall_32+0x2f7/0x890 [ 25.689460] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.696090] [] entry_SYSENTER_compat+0x51/0x60 [ 25.702284] Memory state around the buggy address: [ 25.707178] ffff8801cff37b80: 00 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 [ 25.714514] ffff8801cff37c00: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 [ 25.721838] >ffff8801cff37c80: f2 f2 00 00 00 00 00 00 00 00 04 f2 f2 f2 00 00 [ 25.729174] ^ [ 25.735370] ffff8801cff37d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.742691] ffff8801cff37d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.750154] ================================================================== [ 25.757477] ================================================================== [ 25.764811] BUG: KASAN: stack-out-of-bounds in string+0x1e8/0x200 at addr ffff8801cff37cda [ 25.773178] Read of size 1 by task syzkaller173535/3332 [ 25.778508] page:ffffea00073fcdc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 25.786727] flags: 0x8000000000000000() [ 25.790663] page dumped because: kasan: bad access detected [ 25.796340] CPU: 1 PID: 3332 Comm: syzkaller173535 Tainted: G B 4.9.67-gf26d3c7 #2 [ 25.805143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.814464] ffff8801cff37738 ffffffff81d906e9 ffffed0039fe6f9b 0000000000000001 [ 25.822415] 0000000000000000 ffffed0039fe6f9b ffff8801cff37cda ffff8801cff377c0 [ 25.830369] ffffffff8153a833 0000000000000010 ffffffff00000000 ffffffff81db26c8 [ 25.838350] Call Trace: [ 25.840907] [] dump_stack+0xc1/0x128 [ 25.846239] [] kasan_report.part.1+0x4c3/0x500 [ 25.852434] [] ? string+0x1e8/0x200 [ 25.857689] [] __asan_report_load1_noabort+0x29/0x30 [ 25.864409] [] string+0x1e8/0x200 [ 25.869479] [] vsnprintf+0x7ad/0x16d0 [ 25.874895] [] ? pointer+0xa90/0xa90 [ 25.880221] [] vscnprintf+0x2d/0x60 [ 25.885478] [] vprintk_emit+0xf1/0x750 [ 25.890984] [] ? mark_held_locks+0xaf/0x100 [ 25.896919] [] vprintk+0x28/0x30 [ 25.901898] [] vprintk_default+0x1d/0x30 [ 25.907573] [] printk+0xb7/0xe2 [ 25.912467] [] ? load_image_and_restore+0xf9/0xf9 [ 25.918926] [] ? mutex_lock_killable_nested+0x960/0x960 [ 25.925907] [] do_ip_vs_set_ctl+0xa01/0xc00 [ 25.931844] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 25.938650] [] ? mark_held_locks+0xaf/0x100 [ 25.944586] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 25.951303] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 25.957509] [] ? mutex_unlock+0x9/0x10 [ 25.963012] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 25.970074] [] compat_nf_setsockopt+0xfa/0x130 [ 25.976270] [] compat_ip_setsockopt+0x9d/0xf0 [ 25.982385] [] compat_udp_setsockopt+0x45/0x80 [ 25.988587] [] compat_sock_common_setsockopt+0xb2/0x140 [ 25.995564] [] ? udp_lib_setsockopt+0x560/0x560 [ 26.001846] [] compat_SyS_setsockopt+0x149/0x290 [ 26.008218] [] ? sock_common_setsockopt+0xd0/0xd0 [ 26.014684] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 26.021229] [] ? do_fast_syscall_32+0xcf/0x890 [ 26.027433] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 26.033978] [] do_fast_syscall_32+0x2f7/0x890 [ 26.040088] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.046718] [] entry_SYSENTER_compat+0x51/0x60 [ 26.052913] Memory state around the buggy address: [ 26.057817] ffff8801cff37b80: 00 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 [ 26.065155] ffff8801cff37c00: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 [ 26.072483] >ffff8801cff37c80: f2 f2 00 00 00 00 00 00 00 00 04 f2 f2 f2 00 00 [ 26.079808] ^ [ 26.086005] ffff8801cff37d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.093330] ffff8801cff37d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 executing program [ 26.100653] ================================================================== [ 26.107978] ================================================================== [ 26.107978] IOS Google 01/01/2011 [ 26.107978] tý5BýH(¶¹˜²BZ SÞÀÿÿÿÿ‰ executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program