[....] Starting enhanced syslogd: rsyslogd[ 13.475109] audit: type=1400 audit(1516643932.833:5): avc: denied { syslog } for pid=3494 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.930793] audit: type=1400 audit(1516643938.289:6): avc: denied { map } for pid=3632 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts. net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 [ 25.895313] audit: type=1400 audit(1516643945.254:7): avc: denied { map } for pid=3646 comm="syzkaller525754" path="/root/syzkaller525754907" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 26.109900] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument executing program [ 26.444020] ================================================================== [ 26.451426] BUG: KASAN: slab-out-of-bounds in erspan_xmit+0x22d4/0x2430 [ 26.458153] Read of size 2 at addr ffff8801c50bb08b by task syzkaller525754/3647 [ 26.465662] [ 26.467269] CPU: 0 PID: 3647 Comm: syzkaller525754 Not tainted 4.15.0-rc8+ #203 [ 26.474689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.484019] Call Trace: [ 26.486589] dump_stack+0x194/0x257 [ 26.490192] ? arch_local_irq_restore+0x53/0x53 [ 26.494843] ? show_regs_print_info+0x18/0x18 [ 26.499350] ? erspan_xmit+0x22d4/0x2430 [ 26.503406] print_address_description+0x73/0x250 [ 26.508228] ? erspan_xmit+0x22d4/0x2430 [ 26.512266] kasan_report+0x25b/0x340 [ 26.516046] __asan_report_load_n_noabort+0xf/0x20 [ 26.520948] erspan_xmit+0x22d4/0x2430 [ 26.524807] ? packet_direct_xmit+0x509/0x790 [ 26.529278] ? validate_xmit_skb+0x4b0/0xaf0 [ 26.533665] ? gretap_fb_dev_create+0x250/0x250 [ 26.538305] ? netif_skb_features+0x9b0/0x9b0 [ 26.542791] packet_direct_xmit+0x3ad/0x790 [ 26.547092] ? packet_mmap+0x590/0x590 [ 26.550956] ? memcpy+0x45/0x50 [ 26.554232] packet_sendmsg+0x3aed/0x60b0 [ 26.558363] ? find_held_lock+0x35/0x1d0 [ 26.562415] ? avc_has_perm+0x35e/0x680 [ 26.566378] ? packet_cached_dev_get+0x2b0/0x2b0 [ 26.571115] ? avc_has_perm+0x43e/0x680 [ 26.575067] ? avc_has_perm_noaudit+0x520/0x520 [ 26.579724] ? find_held_lock+0x35/0x1d0 [ 26.583762] ? fanout_add+0x1430/0x1430 [ 26.587713] ? avc_has_perm+0x35e/0x680 [ 26.591672] ? find_held_lock+0x35/0x1d0 [ 26.595716] ? sock_has_perm+0x2a4/0x420 [ 26.599755] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 26.605103] ? lock_release+0x972/0xa40 [ 26.609054] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 26.614914] ? __check_object_size+0x25d/0x4f0 [ 26.619473] ? avc_has_perm_noaudit+0x520/0x520 [ 26.624130] ? selinux_socket_sendmsg+0x36/0x40 [ 26.628774] ? security_socket_sendmsg+0x89/0xb0 [ 26.633598] ? packet_cached_dev_get+0x2b0/0x2b0 [ 26.638336] sock_sendmsg+0xca/0x110 [ 26.642030] SYSC_sendto+0x361/0x5c0 [ 26.645723] ? SYSC_connect+0x4a0/0x4a0 [ 26.649676] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 26.655015] ? __do_page_fault+0x3d6/0xc90 [ 26.659230] ? selinux_netlbl_sock_rcv_skb+0x730/0x730 [ 26.664504] ? SyS_setsockopt+0x215/0x360 [ 26.668631] ? SyS_recv+0x40/0x40 [ 26.672062] ? entry_SYSCALL_64_fastpath+0x5/0xa0 [ 26.676884] SyS_sendto+0x40/0x50 [ 26.680314] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 26.685045] RIP: 0033:0x445649 [ 26.688210] RSP: 002b:00007ffe82dde5b8 EFLAGS: 00000217 ORIG_RAX: 000000000000002c [ 26.695891] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000445649 [ 26.703138] RDX: 0000000000000000 RSI: 0000000020003fd9 RDI: 0000000000000004 [ 26.710382] RBP: 00000000004a78c5 R08: 0000000020008000 R09: 000000000000001c [ 26.717628] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000402720 [ 26.724882] R13: 00000000004027b0 R14: 0000000000000000 R15: 0000000000000000 [ 26.732145] [ 26.733749] Allocated by task 3221: [ 26.737355] save_stack+0x43/0xd0 [ 26.740781] kasan_kmalloc+0xad/0xe0 [ 26.744465] kasan_slab_alloc+0x12/0x20 [ 26.748415] kmem_cache_alloc+0x12e/0x760 [ 26.752536] getname_flags+0xcb/0x580 [ 26.756316] getname+0x19/0x20 [ 26.759483] do_sys_open+0x2e7/0x6d0 [ 26.763167] SyS_open+0x2d/0x40 [ 26.766425] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 26.771151] [ 26.772753] Freed by task 3221: [ 26.776014] save_stack+0x43/0xd0 [ 26.779438] kasan_slab_free+0x71/0xc0 [ 26.783300] kmem_cache_free+0x83/0x2a0 [ 26.787248] putname+0xee/0x130 [ 26.790501] do_sys_open+0x31b/0x6d0 [ 26.794190] SyS_open+0x2d/0x40 [ 26.797444] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 26.802170] [ 26.803775] The buggy address belongs to the object at ffff8801c50ba000 [ 26.803775] which belongs to the cache names_cache of size 4096 [ 26.816495] The buggy address is located 139 bytes to the right of [ 26.816495] 4096-byte region [ffff8801c50ba000, ffff8801c50bb000) [ 26.828953] The buggy address belongs to the page: [ 26.833861] page:ffffea0007142e80 count:1 mapcount:0 mapping:ffff8801c50ba000 index:0x0 compound_mapcount: 0 [ 26.843807] flags: 0x2fffc0000008100(slab|head) [ 26.848451] raw: 02fffc0000008100 ffff8801c50ba000 0000000000000000 0000000100000001 [ 26.856304] raw: ffffea0007145320 ffffea00071433a0 ffff8801dae2c600 0000000000000000 [ 26.864156] page dumped because: kasan: bad access detected [ 26.869840] [ 26.871442] Memory state around the buggy address: [ 26.876343] ffff8801c50baf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.883675] ffff8801c50bb000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.891007] >ffff8801c50bb080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.898339] ^ [ 26.901937] ffff8801c50bb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.909277] ffff8801c50bb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.916607] ================================================================== [ 26.923935] Disabling lock debugging due to kernel taint [ 26.929396] Kernel panic - not syncing: panic_on_warn set ... [ 26.929396] [ 26.936734] CPU: 0 PID: 3647 Comm: syzkaller525754 Tainted: G B 4.15.0-rc8+ #203 [ 26.945458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.954786] Call Trace: [ 26.957350] dump_stack+0x194/0x257 [ 26.961123] ? arch_local_irq_restore+0x53/0x53 [ 26.965764] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.970490] ? vsnprintf+0x1ed/0x1900 [ 26.974266] ? erspan_xmit+0x21f0/0x2430 [ 26.978301] panic+0x1e4/0x41c [ 26.981466] ? refcount_error_report+0x214/0x214 [ 26.986199] ? add_taint+0x1c/0x50 [ 26.989714] ? add_taint+0x1c/0x50 [ 26.993229] ? erspan_xmit+0x22d4/0x2430 [ 26.997262] kasan_end_report+0x50/0x50 [ 27.001208] kasan_report+0x144/0x340 [ 27.004983] __asan_report_load_n_noabort+0xf/0x20 [ 27.009883] erspan_xmit+0x22d4/0x2430 [ 27.013787] ? packet_direct_xmit+0x509/0x790 [ 27.018257] ? validate_xmit_skb+0x4b0/0xaf0 [ 27.022642] ? gretap_fb_dev_create+0x250/0x250 [ 27.027288] ? netif_skb_features+0x9b0/0x9b0 [ 27.031766] packet_direct_xmit+0x3ad/0x790 [ 27.036063] ? packet_mmap+0x590/0x590 [ 27.039924] ? memcpy+0x45/0x50 [ 27.043190] packet_sendmsg+0x3aed/0x60b0 [ 27.047316] ? find_held_lock+0x35/0x1d0 [ 27.051352] ? avc_has_perm+0x35e/0x680 [ 27.055306] ? packet_cached_dev_get+0x2b0/0x2b0 [ 27.060034] ? avc_has_perm+0x43e/0x680 [ 27.063982] ? avc_has_perm_noaudit+0x520/0x520 [ 27.068623] ? find_held_lock+0x35/0x1d0 [ 27.072659] ? fanout_add+0x1430/0x1430 [ 27.076606] ? avc_has_perm+0x35e/0x680 [ 27.080554] ? find_held_lock+0x35/0x1d0 [ 27.084590] ? sock_has_perm+0x2a4/0x420 [ 27.088624] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 27.093962] ? lock_release+0x972/0xa40 [ 27.097911] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 27.103770] ? __check_object_size+0x25d/0x4f0 [ 27.108328] ? avc_has_perm_noaudit+0x520/0x520 [ 27.112980] ? selinux_socket_sendmsg+0x36/0x40 [ 27.117623] ? security_socket_sendmsg+0x89/0xb0 [ 27.122358] ? packet_cached_dev_get+0x2b0/0x2b0 [ 27.127092] sock_sendmsg+0xca/0x110 [ 27.130779] SYSC_sendto+0x361/0x5c0 [ 27.134464] ? SYSC_connect+0x4a0/0x4a0 [ 27.138420] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 27.143767] ? __do_page_fault+0x3d6/0xc90 [ 27.147979] ? selinux_netlbl_sock_rcv_skb+0x730/0x730 [ 27.153239] ? SyS_setsockopt+0x215/0x360 [ 27.157359] ? SyS_recv+0x40/0x40 [ 27.160784] ? entry_SYSCALL_64_fastpath+0x5/0xa0 [ 27.165601] SyS_sendto+0x40/0x50 [ 27.169026] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 27.173754] RIP: 0033:0x445649 [ 27.176916] RSP: 002b:00007ffe82dde5b8 EFLAGS: 00000217 ORIG_RAX: 000000000000002c [ 27.184594] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000445649 [ 27.191836] RDX: 0000000000000000 RSI: 0000000020003fd9 RDI: 0000000000000004 [ 27.199080] RBP: 00000000004a78c5 R08: 0000000020008000 R09: 000000000000001c [ 27.206323] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000402720 [ 27.213580] R13: 00000000004027b0 R14: 0000000000000000 R15: 0000000000000000 [ 27.221189] Dumping ftrace buffer: [ 27.224703] (ftrace buffer empty) [ 27.228384] Kernel Offset: disabled [ 27.231983] Rebooting in 86400 seconds..