[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 12.320914] audit: type=1400 audit(1514752295.144:6): avc: denied { map } for pid=3126 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.224' (ECDSA) to the list of known hosts. syzkaller login: [ 26.786462] audit: type=1400 audit(1514752309.610:7): avc: denied { map } for pid=3142 comm="syzkaller343753" path="/root/syzkaller343753169" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 26.812542] audit: type=1400 audit(1514752309.610:8): avc: denied { sys_admin } for pid=3142 comm="syzkaller343753" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 executing program [ 26.839550] audit: type=1400 audit(1514752309.663:9): avc: denied { sys_chroot } for pid=3143 comm="syzkaller343753" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 26.846061] device syz0 entered promiscuous mode [ 26.868837] audit: type=1400 audit(1514752309.665:10): avc: denied { net_raw } for pid=3143 comm="syzkaller343753" capability=13 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 26.893229] audit: type=1400 audit(1514752309.668:11): avc: denied { net_admin } for pid=3143 comm="syzkaller343753" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 26.919569] ================================================================== [ 26.927009] BUG: KASAN: slab-out-of-bounds in __dev_queue_xmit+0x20d3/0x2200 [ 26.934168] Read of size 2 at addr ffff8801c85791e0 by task syzkaller343753/3143 [ 26.941667] [ 26.943268] CPU: 0 PID: 3143 Comm: syzkaller343753 Not tainted 4.15.0-rc4-next-20171221+ #78 [ 26.951817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.961147] Call Trace: [ 26.963711] dump_stack+0x194/0x257 [ 26.967416] ? arch_local_irq_restore+0x53/0x53 [ 26.972082] ? show_regs_print_info+0x18/0x18 [ 26.976569] ? lock_release+0xa40/0xa40 [ 26.980517] ? __dev_queue_xmit+0x20d3/0x2200 [ 26.984986] print_address_description+0x73/0x250 [ 26.989802] ? __dev_queue_xmit+0x20d3/0x2200 [ 26.995047] kasan_report+0x25b/0x340 [ 26.998824] __asan_report_load2_noabort+0x14/0x20 [ 27.003725] __dev_queue_xmit+0x20d3/0x2200 [ 27.008029] ? netdev_pick_tx+0x300/0x300 [ 27.012153] ? lock_release+0xa40/0xa40 [ 27.016097] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 27.021964] ? refcount_add+0x24/0x60 [ 27.025745] ? skb_set_owner_w+0x232/0x330 [ 27.029956] ? __might_sleep+0x95/0x190 [ 27.033908] ? kasan_check_write+0x14/0x20 [ 27.038114] ? copyin+0x91/0xb0 [ 27.041393] ? _copy_from_iter+0x367/0xf30 [ 27.045602] ? __check_object_size+0x25d/0x4f0 [ 27.050163] ? check_stack_object+0x140/0x140 [ 27.054635] ? copy_page_to_iter+0xe10/0xe10 [ 27.059014] ? _copy_from_iter_full+0x22b/0xbb0 [ 27.063658] ? skb_copy_datagram_from_iter+0x3a5/0x5a0 [ 27.068906] ? iov_iter_advance+0x13f0/0x13f0 [ 27.073395] dev_queue_xmit+0x17/0x20 [ 27.077168] packet_sendmsg+0x3ad5/0x60a0 [ 27.081292] ? find_held_lock+0x35/0x1d0 [ 27.085330] ? avc_has_perm+0x35e/0x680 [ 27.089294] ? __mem_cgroup_threshold+0x871/0x8f0 [ 27.094115] ? packet_cached_dev_get+0x2b0/0x2b0 [ 27.098853] ? avc_has_perm+0x43e/0x680 [ 27.102804] ? avc_has_perm_noaudit+0x520/0x520 [ 27.107454] ? __handle_mm_fault+0x2747/0x3ce0 [ 27.112010] ? lock_downgrade+0x980/0x980 [ 27.116129] ? lock_release+0xa40/0xa40 [ 27.120084] ? find_held_lock+0x35/0x1d0 [ 27.124120] ? avc_has_perm+0x35e/0x680 [ 27.128065] ? sock_has_perm+0x2a4/0x420 [ 27.132096] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 27.137446] ? selinux_socket_sendmsg+0x36/0x40 [ 27.142084] ? security_socket_sendmsg+0x89/0xb0 [ 27.146805] ? packet_cached_dev_get+0x2b0/0x2b0 [ 27.151534] sock_sendmsg+0xca/0x110 [ 27.155231] sock_write_iter+0x31a/0x5d0 [ 27.159264] ? sock_sendmsg+0x110/0x110 [ 27.163228] ? iov_iter_init+0xaf/0x1d0 [ 27.167184] __vfs_write+0x684/0x970 [ 27.170870] ? kernel_read+0x120/0x120 [ 27.174725] ? bpf_fd_pass+0x280/0x280 [ 27.178588] ? _cond_resched+0x14/0x30 [ 27.182462] ? selinux_file_permission+0x82/0x460 [ 27.187286] ? rw_verify_area+0xe5/0x2b0 [ 27.191315] ? __fdget_raw+0x20/0x20 [ 27.195013] vfs_write+0x189/0x510 [ 27.198531] SyS_write+0xef/0x220 [ 27.201958] ? SyS_read+0x220/0x220 [ 27.205563] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.210554] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.215286] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 27.220012] RIP: 0033:0x444df9 [ 27.223182] RSP: 002b:00000000007eff78 EFLAGS: 00000297 ORIG_RAX: 0000000000000001 [ 27.230867] RAX: ffffffffffffffda RBX: 00007ffc3d2180f0 RCX: 0000000000444df9 [ 27.238108] RDX: 00000000000000ce RSI: 0000000020fecf2b RDI: 0000000000000005 [ 27.245349] RBP: 0000000000000000 R08: 0000000120080522 R09: 0000000120080522 [ 27.252587] R10: 0000000120080522 R11: 0000000000000297 R12: 00000000004029f0 [ 27.259830] R13: 0000000000402a80 R14: 0000000000000000 R15: 0000000000000000 [ 27.267089] [ 27.268690] Allocated by task 3143: [ 27.272289] save_stack+0x43/0xd0 [ 27.275711] kasan_kmalloc+0xad/0xe0 [ 27.279395] __kmalloc_node_track_caller+0x47/0x70 [ 27.284303] __kmalloc_reserve.isra.41+0x41/0xd0 [ 27.289027] __alloc_skb+0x13b/0x780 [ 27.292712] alloc_skb_with_frags+0x10d/0x750 [ 27.297174] sock_alloc_send_pskb+0x787/0x9b0 [ 27.301640] packet_sendmsg+0x1ec2/0x60a0 [ 27.305756] sock_sendmsg+0xca/0x110 [ 27.309436] sock_write_iter+0x31a/0x5d0 [ 27.313462] __vfs_write+0x684/0x970 [ 27.317141] vfs_write+0x189/0x510 [ 27.320647] SyS_write+0xef/0x220 [ 27.324066] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 27.328787] [ 27.330382] Freed by task 0: [ 27.333369] (stack is not available) [ 27.337051] [ 27.338652] The buggy address belongs to the object at ffff8801c8578d80 [ 27.338652] which belongs to the cache kmalloc-1024 of size 1024 [ 27.351451] The buggy address is located 96 bytes to the right of [ 27.351451] 1024-byte region [ffff8801c8578d80, ffff8801c8579180) [ 27.363813] The buggy address belongs to the page: [ 27.368710] page:00000000c294763f count:1 mapcount:0 mapping:0000000098a38184 index:0x0 compound_mapcount: 0 [ 27.378646] flags: 0x2fffc0000008100(slab|head) [ 27.383284] raw: 02fffc0000008100 ffff8801c8578000 0000000000000000 0000000100000007 [ 27.391132] raw: ffffea0007252920 ffff8801dac01848 ffff8801dac00ac0 0000000000000000 [ 27.398979] page dumped because: kasan: bad access detected [ 27.404654] [ 27.406250] Memory state around the buggy address: [ 27.411146] ffff8801c8579080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.418483] ffff8801c8579100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.425821] >ffff8801c8579180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.433154] ^ [ 27.439613] ffff8801c8579200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.446952] ffff8801c8579280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.454276] ================================================================== [ 27.461600] Disabling lock debugging due to kernel taint [ 27.467067] Kernel panic - not syncing: panic_on_warn set ... [ 27.467067] [ 27.474400] CPU: 0 PID: 3143 Comm: syzkaller343753 Tainted: G B 4.15.0-rc4-next-20171221+ #78 [ 27.484244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.493571] Call Trace: [ 27.496138] dump_stack+0x194/0x257 [ 27.499736] ? arch_local_irq_restore+0x53/0x53 [ 27.504371] ? kasan_end_report+0x32/0x50 [ 27.508486] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.513211] ? vsnprintf+0x1ed/0x1900 [ 27.516981] ? __dev_queue_xmit+0x1fe0/0x2200 [ 27.521461] panic+0x1e4/0x41c [ 27.524621] ? refcount_error_report+0x214/0x214 [ 27.529344] ? add_taint+0x1c/0x50 [ 27.532851] ? add_taint+0x1c/0x50 [ 27.536455] ? __dev_queue_xmit+0x20d3/0x2200 [ 27.540926] kasan_end_report+0x50/0x50 [ 27.544872] kasan_report+0x144/0x340 [ 27.548642] __asan_report_load2_noabort+0x14/0x20 [ 27.553539] __dev_queue_xmit+0x20d3/0x2200 [ 27.557841] ? netdev_pick_tx+0x300/0x300 [ 27.561958] ? lock_release+0xa40/0xa40 [ 27.565915] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 27.571774] ? refcount_add+0x24/0x60 [ 27.575544] ? skb_set_owner_w+0x232/0x330 [ 27.579753] ? __might_sleep+0x95/0x190 [ 27.583694] ? kasan_check_write+0x14/0x20 [ 27.587894] ? copyin+0x91/0xb0 [ 27.591142] ? _copy_from_iter+0x367/0xf30 [ 27.595344] ? __check_object_size+0x25d/0x4f0 [ 27.599891] ? check_stack_object+0x140/0x140 [ 27.604352] ? copy_page_to_iter+0xe10/0xe10 [ 27.608725] ? _copy_from_iter_full+0x22b/0xbb0 [ 27.613370] ? skb_copy_datagram_from_iter+0x3a5/0x5a0 [ 27.618611] ? iov_iter_advance+0x13f0/0x13f0 [ 27.623083] dev_queue_xmit+0x17/0x20 [ 27.626852] packet_sendmsg+0x3ad5/0x60a0 [ 27.630975] ? find_held_lock+0x35/0x1d0 [ 27.635008] ? avc_has_perm+0x35e/0x680 [ 27.638950] ? __mem_cgroup_threshold+0x871/0x8f0 [ 27.643762] ? packet_cached_dev_get+0x2b0/0x2b0 [ 27.648488] ? avc_has_perm+0x43e/0x680 [ 27.652440] ? avc_has_perm_noaudit+0x520/0x520 [ 27.657084] ? __handle_mm_fault+0x2747/0x3ce0 [ 27.661635] ? lock_downgrade+0x980/0x980 [ 27.665748] ? lock_release+0xa40/0xa40 [ 27.669690] ? find_held_lock+0x35/0x1d0 [ 27.673721] ? avc_has_perm+0x35e/0x680 [ 27.677673] ? sock_has_perm+0x2a4/0x420 [ 27.681700] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 27.687039] ? selinux_socket_sendmsg+0x36/0x40 [ 27.691676] ? security_socket_sendmsg+0x89/0xb0 [ 27.696397] ? packet_cached_dev_get+0x2b0/0x2b0 [ 27.701119] sock_sendmsg+0xca/0x110 [ 27.704800] sock_write_iter+0x31a/0x5d0 [ 27.708828] ? sock_sendmsg+0x110/0x110 [ 27.712783] ? iov_iter_init+0xaf/0x1d0 [ 27.716724] __vfs_write+0x684/0x970 [ 27.720405] ? kernel_read+0x120/0x120 [ 27.724254] ? bpf_fd_pass+0x280/0x280 [ 27.728109] ? _cond_resched+0x14/0x30 [ 27.731966] ? selinux_file_permission+0x82/0x460 [ 27.736779] ? rw_verify_area+0xe5/0x2b0 [ 27.740909] ? __fdget_raw+0x20/0x20 [ 27.744698] vfs_write+0x189/0x510 [ 27.748208] SyS_write+0xef/0x220 [ 27.751629] ? SyS_read+0x220/0x220 [ 27.755234] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.760229] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.764965] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 27.769689] RIP: 0033:0x444df9 [ 27.772846] RSP: 002b:00000000007eff78 EFLAGS: 00000297 ORIG_RAX: 0000000000000001 [ 27.780524] RAX: ffffffffffffffda RBX: 00007ffc3d2180f0 RCX: 0000000000444df9 [ 27.787771] RDX: 00000000000000ce RSI: 0000000020fecf2b RDI: 0000000000000005 [ 27.795009] RBP: 0000000000000000 R08: 0000000120080522 R09: 0000000120080522 [ 27.802267] R10: 0000000120080522 R11: 0000000000000297 R12: 00000000004029f0 [ 27.809505] R13: 0000000000402a80 R14: 0000000000000000 R15: 0000000000000000 [ 27.817152] Dumping ftrace buffer: [ 27.820664] (ftrace buffer empty) [ 27.824342] Kernel Offset: disabled [ 27.827936] Rebooting in 86400 seconds..