[....] Starting enhanced syslogd: rsyslogd[ 13.082534] audit: type=1400 audit(1517098040.942:5): avc: denied { syslog } for pid=3532 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.761552] audit: type=1400 audit(1517098047.621:6): avc: denied { map } for pid=3673 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.38' (ECDSA) to the list of known hosts. [ 26.032072] audit: type=1400 audit(1517098053.891:7): avc: denied { map } for pid=3687 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/01/28 00:07:34 parsed 1 programs 2018/01/28 00:07:34 executed programs: 0 [ 26.284421] audit: type=1400 audit(1517098054.142:8): avc: denied { map } for pid=3687 comm="syz-execprog" path="/root/syzkaller-shm267652639" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 26.438071] IPVS: ftp: loaded support on port[0] = 21 [ 26.592102] IPVS: ftp: loaded support on port[0] = 21 [ 26.593519] ipt_CLUSTERIP: Please specify destination IP [ 26.594561] ipt_CLUSTERIP: Please specify destination IP [ 26.602951] ipt_CLUSTERIP: Please specify destination IP [ 26.603719] ipt_CLUSTERIP: Please specify destination IP [ 26.611496] ipt_CLUSTERIP: Please specify destination IP [ 26.612205] ipt_CLUSTERIP: Please specify destination IP [ 26.619651] ipt_CLUSTERIP: Please specify destination IP [ 26.620420] ipt_CLUSTERIP: Please specify destination IP [ 26.627868] ipt_CLUSTERIP: Please specify destination IP [ 26.628603] ipt_CLUSTERIP: Please specify destination IP [ 26.635979] ipt_CLUSTERIP: Please specify destination IP [ 26.636787] ipt_CLUSTERIP: Please specify destination IP [ 26.644810] ipt_CLUSTERIP: Please specify destination IP [ 26.645529] ipt_CLUSTERIP: Please specify destination IP [ 26.653621] ipt_CLUSTERIP: Please specify destination IP [ 26.656446] ipt_CLUSTERIP: Please specify destination IP [ 26.664802] ipt_CLUSTERIP: Please specify destination IP [ 26.665555] ipt_CLUSTERIP: Please specify destination IP [ 26.672870] ipt_CLUSTERIP: Please specify destination IP [ 26.673612] ipt_CLUSTERIP: Please specify destination IP [ 26.842469] ipt_CLUSTERIP: Please specify destination IP [ 26.848728] ipt_CLUSTERIP: Please specify destination IP [ 26.856099] IPVS: ftp: loaded support on port[0] = 21 [ 26.863728] ipt_CLUSTERIP: Please specify destination IP [ 26.869978] ipt_CLUSTERIP: Please specify destination IP [ 27.000098] IPVS: ftp: loaded support on port[0] = 21 [ 27.000782] ipt_CLUSTERIP: Please specify destination IP [ 27.001701] ipt_CLUSTERIP: Please specify destination IP [ 27.160098] IPVS: ftp: loaded support on port[0] = 21 [ 27.160906] ipt_CLUSTERIP: Please specify destination IP [ 27.161839] ipt_CLUSTERIP: Please specify destination IP [ 27.169905] ipt_CLUSTERIP: Please specify destination IP [ 27.170645] ipt_CLUSTERIP: Please specify destination IP [ 27.330104] IPVS: ftp: loaded support on port[0] = 21 [ 27.333615] ipt_CLUSTERIP: Please specify destination IP [ 27.334437] ipt_CLUSTERIP: Please specify destination IP [ 27.343857] ipt_CLUSTERIP: Please specify destination IP [ 27.344614] ipt_CLUSTERIP: Please specify destination IP [ 27.499614] ipt_CLUSTERIP: Please specify destination IP [ 27.505825] ipt_CLUSTERIP: Please specify destination IP [ 27.514142] IPVS: ftp: loaded support on port[0] = 21 [ 27.663118] IPVS: ftp: loaded support on port[0] = 21 [ 27.664243] ipt_CLUSTERIP: Please specify destination IP [ 27.665166] ipt_CLUSTERIP: Please specify destination IP [ 27.673703] ipt_CLUSTERIP: Please specify destination IP [ 27.675737] ipt_CLUSTERIP: Please specify destination IP [ 27.676579] ipt_CLUSTERIP: Please specify destination IP [ 27.677127] ipt_CLUSTERIP: Please specify destination IP [ 27.908404] ipt_CLUSTERIP: Please specify destination IP [ 27.914843] ipt_CLUSTERIP: Please specify destination IP [ 27.931041] ipt_CLUSTERIP: Please specify destination IP [ 27.932866] ipt_CLUSTERIP: Please specify destination IP [ 27.934269] ipt_CLUSTERIP: Please specify destination IP [ 27.935153] ipt_CLUSTERIP: Please specify destination IP [ 27.935272] ipt_CLUSTERIP: Please specify destination IP [ 27.937527] ipt_CLUSTERIP: Please specify destination IP [ 27.938638] ipt_CLUSTERIP: Please specify destination IP [ 27.938755] ipt_CLUSTERIP: Please specify destination IP [ 27.940194] ipt_CLUSTERIP: Please specify destination IP [ 27.940328] ipt_CLUSTERIP: Please specify destination IP [ 27.944519] ipt_CLUSTERIP: Please specify destination IP [ 27.945229] ipt_CLUSTERIP: Please specify destination IP [ 27.946119] ipt_CLUSTERIP: Please specify destination IP [ 27.946289] ipt_CLUSTERIP: Please specify destination IP [ 27.961113] ipt_CLUSTERIP: Please specify destination IP [ 27.970883] ipt_CLUSTERIP: Please specify destination IP [ 27.977442] ipt_CLUSTERIP: Please specify destination IP [ 27.978373] ipt_CLUSTERIP: Please specify destination IP [ 27.978379] ipt_CLUSTERIP: Please specify destination IP [ 27.979170] ipt_CLUSTERIP: Please specify destination IP [ 27.980677] ipt_CLUSTERIP: Please specify destination IP [ 27.981902] ipt_CLUSTERIP: Please specify destination IP [ 27.982063] ipt_CLUSTERIP: Please specify destination IP [ 27.982661] ipt_CLUSTERIP: Please specify destination IP [ 27.990474] ipt_CLUSTERIP: Please specify destination IP [ 27.990615] ipt_CLUSTERIP: Please specify destination IP [ 27.993067] ipt_CLUSTERIP: Please specify destination IP [ 27.997805] ipt_CLUSTERIP: Please specify destination IP [ 27.997936] ipt_CLUSTERIP: Please specify destination IP [ 27.998769] ipt_CLUSTERIP: Please specify destination IP [ 28.001760] ipt_CLUSTERIP: Please specify destination IP [ 28.009518] ipt_CLUSTERIP: Please specify destination IP [ 28.009960] ipt_CLUSTERIP: Please specify destination IP [ 28.013676] ipt_CLUSTERIP: Please specify destination IP [ 28.014365] ipt_CLUSTERIP: Please specify destination IP [ 28.014519] ipt_CLUSTERIP: Please specify destination IP [ 28.015205] ipt_CLUSTERIP: Please specify destination IP [ 28.168472] ================================================================== [ 28.175880] BUG: KASAN: slab-out-of-bounds in string+0x1e8/0x200 [ 28.182003] Read of size 1 at addr ffff8801d8afddf8 by task syz-executor1/3817 [ 28.189337] [ 28.190943] CPU: 0 PID: 3817 Comm: syz-executor1 Not tainted 4.15.0-rc9+ #283 [ 28.198187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.207514] Call Trace: [ 28.210080] dump_stack+0x194/0x257 [ 28.213685] ? arch_local_irq_restore+0x53/0x53 [ 28.218330] ? show_regs_print_info+0x18/0x18 [ 28.222806] ? string+0x1e8/0x200 [ 28.226235] print_address_description+0x73/0x250 [ 28.231051] ? string+0x1e8/0x200 [ 28.234482] kasan_report+0x25b/0x340 [ 28.238264] __asan_report_load1_noabort+0x14/0x20 [ 28.243166] string+0x1e8/0x200 [ 28.246427] vsnprintf+0x863/0x1900 [ 28.250043] ? pointer+0x9e0/0x9e0 [ 28.253569] __request_module+0x1bf/0xc20 [ 28.257692] ? lock_downgrade+0x980/0x980 [ 28.261818] ? free_modprobe_argv+0xa0/0xa0 [ 28.266115] ? lock_downgrade+0x980/0x980 [ 28.270235] ? up_read+0x1a/0x40 [ 28.273575] ? led_trigger_register+0x3f1/0x4d0 [ 28.278218] ? led_trigger_blink+0xf0/0xf0 [ 28.282428] ? __kmalloc_track_caller+0x46a/0x760 [ 28.287245] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.292237] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 28.297064] ? memcpy+0x45/0x50 [ 28.300322] ? wait_for_completion+0x770/0x770 [ 28.304880] ? mutex_unlock+0xd/0x10 [ 28.308581] ? led_tg_check+0x1a7/0x560 [ 28.312536] ? wait_for_completion+0x770/0x770 [ 28.317097] ? __save_stack_trace+0x7e/0xd0 [ 28.321395] ? module_unload_free+0x5b0/0x5b0 [ 28.325867] ? reject_tg_check+0x7a/0x170 [ 28.329987] ? masquerade_tg+0x360/0x360 [ 28.334067] xt_request_find_target+0x8b/0xb0 [ 28.338542] find_check_entry.isra.8+0x612/0xcb0 [ 28.343282] ? ipt_do_table+0x1860/0x1860 [ 28.347409] ? mark_held_locks+0xaf/0x100 [ 28.351532] ? kfree+0xf0/0x260 [ 28.354788] ? trace_hardirqs_on+0xd/0x10 [ 28.358928] translate_table+0xed1/0x1610 [ 28.363070] ? alloc_counters.isra.11+0x7d0/0x7d0 [ 28.367888] ? kasan_check_write+0x14/0x20 [ 28.372098] ? _copy_from_user+0x99/0x110 [ 28.376222] do_ipt_set_ctl+0x370/0x5f0 [ 28.380173] ? translate_compat_table+0x1b90/0x1b90 [ 28.385178] ? mutex_unlock+0xd/0x10 [ 28.388869] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 28.394122] nf_setsockopt+0x67/0xc0 [ 28.397815] ip_setsockopt+0xa1/0xb0 [ 28.401505] raw_setsockopt+0xb7/0xd0 [ 28.405284] sock_common_setsockopt+0x95/0xd0 [ 28.409756] SyS_setsockopt+0x189/0x360 [ 28.413709] ? SyS_recv+0x40/0x40 [ 28.417140] ? entry_SYSCALL_64_fastpath+0x5/0xa0 [ 28.421957] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.426949] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.431699] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 28.436435] RIP: 0033:0x453299 [ 28.439599] RSP: 002b:00007fac29affc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 [ 28.447281] RAX: ffffffffffffffda RBX: 00007fac29b00700 RCX: 0000000000453299 [ 28.454531] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 28.461777] RBP: 00007fff3bae59f0 R08: 0000000000000318 R09: 0000000000000000 [ 28.469026] R10: 0000000020020ce8 R11: 0000000000000212 R12: 0000000000000000 [ 28.476278] R13: 00007fff3bae596f R14: 00007fac29b009c0 R15: 0000000000000002 [ 28.483551] [ 28.485157] Allocated by task 3817: [ 28.488766] save_stack+0x43/0xd0 [ 28.492194] kasan_kmalloc+0xad/0xe0 [ 28.495901] __kmalloc_node+0x47/0x70 [ 28.499674] kvmalloc_node+0x99/0xd0 [ 28.503364] xt_alloc_table_info+0x64/0xe0 [ 28.507573] do_ipt_set_ctl+0x29b/0x5f0 [ 28.511519] nf_setsockopt+0x67/0xc0 [ 28.515203] ip_setsockopt+0xa1/0xb0 [ 28.518890] raw_setsockopt+0xb7/0xd0 [ 28.522662] sock_common_setsockopt+0x95/0xd0 [ 28.527129] SyS_setsockopt+0x189/0x360 [ 28.531075] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 28.535810] [ 28.537409] Freed by task 0: [ 28.540393] (stack is not available) [ 28.544075] [ 28.545677] The buggy address belongs to the object at ffff8801d8afdb00 [ 28.545677] which belongs to the cache kmalloc-1024 of size 1024 [ 28.558482] The buggy address is located 760 bytes inside of [ 28.558482] 1024-byte region [ffff8801d8afdb00, ffff8801d8afdf00) [ 28.570414] The buggy address belongs to the page: [ 28.575318] page:ffffea000762bf00 count:1 mapcount:0 mapping:ffff8801d8afc000 index:0x0 compound_mapcount: 0 [ 28.585276] flags: 0x2fffc0000008100(slab|head) [ 28.589921] raw: 02fffc0000008100 ffff8801d8afc000 0000000000000000 0000000100000007 [ 28.597774] raw: ffffea000762d220 ffff8801dac01848 ffff8801dac00ac0 0000000000000000 [ 28.605623] page dumped because: kasan: bad access detected [ 28.611302] [ 28.612900] Memory state around the buggy address: [ 28.617811] ffff8801d8afdc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.625154] ffff8801d8afdd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 28.632486] >ffff8801d8afdd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.639817] ^ [ 28.647083] ffff8801d8afde00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.654414] ffff8801d8afde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.661744] ================================================================== [ 28.669075] Disabling lock debugging due to kernel taint [ 28.674598] Kernel panic - not syncing: panic_on_warn set ... [ 28.674598] [ 28.681956] CPU: 0 PID: 3817 Comm: syz-executor1 Tainted: G B 4.15.0-rc9+ #283 [ 28.690505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.699829] Call Trace: [ 28.702393] dump_stack+0x194/0x257 [ 28.705993] ? arch_local_irq_restore+0x53/0x53 [ 28.710639] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.715367] ? vsnprintf+0x1ed/0x1900 [ 28.719150] ? string+0x140/0x200 [ 28.722576] panic+0x1e4/0x41c [ 28.725750] ? refcount_error_report+0x214/0x214 [ 28.730478] ? add_taint+0x1c/0x50 [ 28.733989] ? add_taint+0x1c/0x50 [ 28.737502] ? string+0x1e8/0x200 [ 28.740930] kasan_end_report+0x50/0x50 [ 28.744886] kasan_report+0x144/0x340 [ 28.748658] __asan_report_load1_noabort+0x14/0x20 [ 28.753571] string+0x1e8/0x200 [ 28.756826] vsnprintf+0x863/0x1900 [ 28.760428] ? pointer+0x9e0/0x9e0 [ 28.763947] __request_module+0x1bf/0xc20 [ 28.768068] ? lock_downgrade+0x980/0x980 [ 28.772189] ? free_modprobe_argv+0xa0/0xa0 [ 28.776480] ? lock_downgrade+0x980/0x980 [ 28.780599] ? up_read+0x1a/0x40 [ 28.783938] ? led_trigger_register+0x3f1/0x4d0 [ 28.788578] ? led_trigger_blink+0xf0/0xf0 [ 28.792787] ? __kmalloc_track_caller+0x46a/0x760 [ 28.797605] ? rcu_read_lock_sched_held+0x108/0x120 [ 28.802595] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 28.807408] ? memcpy+0x45/0x50 [ 28.810660] ? wait_for_completion+0x770/0x770 [ 28.815220] ? mutex_unlock+0xd/0x10 [ 28.818914] ? led_tg_check+0x1a7/0x560 [ 28.822860] ? wait_for_completion+0x770/0x770 [ 28.827419] ? __save_stack_trace+0x7e/0xd0 [ 28.831721] ? module_unload_free+0x5b0/0x5b0 [ 28.836189] ? reject_tg_check+0x7a/0x170 [ 28.840309] ? masquerade_tg+0x360/0x360 [ 28.844361] xt_request_find_target+0x8b/0xb0 [ 28.848833] find_check_entry.isra.8+0x612/0xcb0 [ 28.853568] ? ipt_do_table+0x1860/0x1860 [ 28.857718] ? mark_held_locks+0xaf/0x100 [ 28.861839] ? kfree+0xf0/0x260 [ 28.865105] ? trace_hardirqs_on+0xd/0x10 [ 28.869234] translate_table+0xed1/0x1610 [ 28.873363] ? alloc_counters.isra.11+0x7d0/0x7d0 [ 28.878180] ? kasan_check_write+0x14/0x20 [ 28.882388] ? _copy_from_user+0x99/0x110 [ 28.886509] do_ipt_set_ctl+0x370/0x5f0 [ 28.890456] ? translate_compat_table+0x1b90/0x1b90 [ 28.895450] ? mutex_unlock+0xd/0x10 [ 28.899137] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 28.904389] nf_setsockopt+0x67/0xc0 [ 28.908078] ip_setsockopt+0xa1/0xb0 [ 28.911766] raw_setsockopt+0xb7/0xd0 [ 28.915539] sock_common_setsockopt+0x95/0xd0 [ 28.920010] SyS_setsockopt+0x189/0x360 [ 28.923963] ? SyS_recv+0x40/0x40 [ 28.927391] ? entry_SYSCALL_64_fastpath+0x5/0xa0 [ 28.932209] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.937203] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.941936] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 28.946665] RIP: 0033:0x453299 [ 28.949830] RSP: 002b:00007fac29affc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 [ 28.957510] RAX: ffffffffffffffda RBX: 00007fac29b00700 RCX: 0000000000453299 [ 28.964751] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 28.971994] RBP: 00007fff3bae59f0 R08: 0000000000000318 R09: 0000000000000000 [ 28.979238] R10: 0000000020020ce8 R11: 0000000000000212 R12: 0000000000000000 [ 28.986478] R13: 00007fff3bae596f R14: 00007fac29b009c0 R15: 0000000000000002 [ 28.994169] Dumping ftrace buffer: [ 28.997680] (ftrace buffer empty) [ 29.001366] Kernel Offset: disabled [ 29.004965] Rebooting in 86400 seconds..