[....] Starting enhanced syslogd: rsyslogd[ 13.029754] audit: type=1400 audit(1517120100.089:5): avc: denied { syslog } for pid=3528 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.472085] audit: type=1400 audit(1517120105.531:6): avc: denied { map } for pid=3667 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts. [ 24.730368] audit: type=1400 audit(1517120111.790:7): avc: denied { map } for pid=3681 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/01/28 06:15:12 parsed 1 programs 2018/01/28 06:15:12 executed programs: 0 [ 24.968123] audit: type=1400 audit(1517120112.026:8): avc: denied { map } for pid=3681 comm="syz-execprog" path="/root/syzkaller-shm225512828" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 24.995501] IPVS: ftp: loaded support on port[0] = 21 [ 25.029391] ipt_CLUSTERIP: Please specify destination IP [ 25.037035] IPVS: ftp: loaded support on port[0] = 21 [ 25.045394] ipt_CLUSTERIP: Please specify destination IP [ 25.065335] IPVS: ftp: loaded support on port[0] = 21 [ 25.067614] ipt_CLUSTERIP: Please specify destination IP [ 25.069716] ipt_CLUSTERIP: Please specify destination IP [ 25.070147] ipt_CLUSTERIP: Please specify destination IP [ 25.070653] ipt_CLUSTERIP: Please specify destination IP [ 25.076253] ipt_CLUSTERIP: Please specify destination IP [ 25.077174] ipt_CLUSTERIP: Please specify destination IP [ 25.080423] ipt_CLUSTERIP: Please specify destination IP [ 25.087266] ipt_CLUSTERIP: Please specify destination IP [ 25.088160] ipt_CLUSTERIP: Please specify destination IP [ 25.089548] ipt_CLUSTERIP: Please specify destination IP [ 25.093839] ipt_CLUSTERIP: Please specify destination IP [ 25.099416] ipt_CLUSTERIP: Please specify destination IP [ 25.100619] ipt_CLUSTERIP: Please specify destination IP [ 25.100729] ipt_CLUSTERIP: Please specify destination IP [ 25.116804] ipt_CLUSTERIP: Please specify destination IP [ 25.117832] ipt_CLUSTERIP: Please specify destination IP [ 25.118781] ipt_CLUSTERIP: Please specify destination IP [ 25.123910] ipt_CLUSTERIP: Please specify destination IP [ 25.124448] ipt_CLUSTERIP: Please specify destination IP [ 25.124560] ipt_CLUSTERIP: Please specify destination IP [ 25.208074] IPVS: ftp: loaded support on port[0] = 21 [ 25.215353] ipt_CLUSTERIP: Please specify destination IP [ 25.221583] ipt_CLUSTERIP: Please specify destination IP [ 25.236360] IPVS: ftp: loaded support on port[0] = 21 [ 25.237036] ipt_CLUSTERIP: Please specify destination IP [ 25.237542] ipt_CLUSTERIP: Please specify destination IP [ 25.275435] IPVS: ftp: loaded support on port[0] = 21 [ 25.276340] ipt_CLUSTERIP: Please specify destination IP [ 25.276878] ipt_CLUSTERIP: Please specify destination IP [ 25.313818] IPVS: ftp: loaded support on port[0] = 21 [ 25.313971] ipt_CLUSTERIP: Please specify destination IP [ 25.314529] ipt_CLUSTERIP: Please specify destination IP [ 25.351459] IPVS: ftp: loaded support on port[0] = 21 [ 25.352283] ipt_CLUSTERIP: Please specify destination IP [ 25.352823] ipt_CLUSTERIP: Please specify destination IP [ 25.360800] ipt_CLUSTERIP: Please specify destination IP [ 25.362897] ipt_CLUSTERIP: Please specify destination IP [ 25.364070] ipt_CLUSTERIP: Please specify destination IP [ 25.367281] ipt_CLUSTERIP: Please specify destination IP [ 25.368288] ipt_CLUSTERIP: Please specify destination IP [ 25.371726] ipt_CLUSTERIP: Please specify destination IP [ 25.372133] ipt_CLUSTERIP: Please specify destination IP [ 25.373052] ipt_CLUSTERIP: Please specify destination IP [ 25.376324] ipt_CLUSTERIP: Please specify destination IP [ 25.376490] ipt_CLUSTERIP: Please specify destination IP [ 25.445863] ipt_CLUSTERIP: Please specify destination IP [ 25.451977] ipt_CLUSTERIP: Please specify destination IP [ 25.465250] ipt_CLUSTERIP: Please specify destination IP [ 25.466941] ipt_CLUSTERIP: Please specify destination IP [ 25.467096] ipt_CLUSTERIP: Please specify destination IP [ 25.468079] ipt_CLUSTERIP: Please specify destination IP [ 25.468192] ipt_CLUSTERIP: Please specify destination IP [ 25.468544] ipt_CLUSTERIP: Please specify destination IP [ 25.469104] ipt_CLUSTERIP: Please specify destination IP [ 25.471236] ipt_CLUSTERIP: Please specify destination IP [ 25.471719] ipt_CLUSTERIP: Please specify destination IP [ 25.475283] ipt_CLUSTERIP: Please specify destination IP [ 25.475714] ipt_CLUSTERIP: Please specify destination IP [ 25.476035] ipt_CLUSTERIP: Please specify destination IP [ 25.478768] ipt_CLUSTERIP: Please specify destination IP [ 25.482183] ipt_CLUSTERIP: Please specify destination IP [ 25.482911] ipt_CLUSTERIP: Please specify destination IP [ 25.486037] ipt_CLUSTERIP: Please specify destination IP [ 25.490425] ipt_CLUSTERIP: Please specify destination IP [ 25.491330] ipt_CLUSTERIP: Please specify destination IP [ 25.494448] ipt_CLUSTERIP: Please specify destination IP [ 25.495341] ipt_CLUSTERIP: Please specify destination IP [ 25.495778] ipt_CLUSTERIP: Please specify destination IP [ 25.495904] ipt_CLUSTERIP: Please specify destination IP [ 25.495990] ipt_CLUSTERIP: Please specify destination IP [ 25.498346] ipt_CLUSTERIP: Please specify destination IP [ 25.504952] ipt_CLUSTERIP: Please specify destination IP [ 25.505112] ipt_CLUSTERIP: Please specify destination IP [ 25.505808] ipt_CLUSTERIP: Please specify destination IP [ 25.505942] ipt_CLUSTERIP: Please specify destination IP [ 25.506072] ipt_CLUSTERIP: Please specify destination IP [ 25.510596] ipt_CLUSTERIP: Please specify destination IP [ 25.511038] ipt_CLUSTERIP: Please specify destination IP [ 25.514476] ipt_CLUSTERIP: Please specify destination IP [ 25.515314] ipt_CLUSTERIP: Please specify destination IP [ 25.515801] ipt_CLUSTERIP: Please specify destination IP [ 25.515885] ipt_CLUSTERIP: Please specify destination IP [ 25.518942] ipt_CLUSTERIP: Please specify destination IP [ 25.519951] ipt_CLUSTERIP: Please specify destination IP [ 25.693874] ================================================================== [ 25.701258] BUG: KASAN: slab-out-of-bounds in string+0x1e8/0x200 [ 25.707386] Read of size 1 at addr ffff8801d8dad9b8 by task syz-executor0/3828 [ 25.714715] [ 25.716318] CPU: 1 PID: 3828 Comm: syz-executor0 Not tainted 4.15.0-rc9+ #212 [ 25.723560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.732887] Call Trace: [ 25.735452] dump_stack+0x194/0x257 [ 25.739060] ? arch_local_irq_restore+0x53/0x53 [ 25.743717] ? show_regs_print_info+0x18/0x18 [ 25.748189] ? string+0x1e8/0x200 [ 25.751622] ? string+0x1e8/0x200 [ 25.755053] print_address_description+0x73/0x250 [ 25.759869] ? string+0x1e8/0x200 [ 25.763297] kasan_report+0x25b/0x340 [ 25.767077] __asan_report_load1_noabort+0x14/0x20 [ 25.771979] string+0x1e8/0x200 [ 25.775237] vsnprintf+0x863/0x1900 [ 25.778843] ? pointer+0x9e0/0x9e0 [ 25.782369] __request_module+0x1bf/0xc20 [ 25.786488] ? lock_downgrade+0x980/0x980 [ 25.790614] ? free_modprobe_argv+0xa0/0xa0 [ 25.794911] ? lock_downgrade+0x980/0x980 [ 25.799043] ? up_read+0x1a/0x40 [ 25.802386] ? led_trigger_register+0x3f1/0x4d0 [ 25.807028] ? led_trigger_blink+0xf0/0xf0 [ 25.811235] ? __kmalloc_track_caller+0x46a/0x760 [ 25.816050] ? rcu_read_lock_sched_held+0x108/0x120 [ 25.821054] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 25.825868] ? memcpy+0x45/0x50 [ 25.829123] ? wait_for_completion+0x770/0x770 [ 25.833693] ? mutex_unlock+0xd/0x10 [ 25.837396] ? led_tg_check+0x1a7/0x560 [ 25.841347] ? wait_for_completion+0x770/0x770 [ 25.845914] ? __save_stack_trace+0x7e/0xd0 [ 25.850213] ? module_unload_free+0x5b0/0x5b0 [ 25.854687] ? reject_tg_check+0x7a/0x170 [ 25.858811] ? masquerade_tg+0x360/0x360 [ 25.862878] xt_request_find_target+0x8b/0xb0 [ 25.867350] find_check_entry.isra.8+0x612/0xcb0 [ 25.872088] ? ipt_do_table+0x1860/0x1860 [ 25.876216] ? mark_held_locks+0xaf/0x100 [ 25.880339] ? kfree+0xf0/0x260 [ 25.883596] ? trace_hardirqs_on+0xd/0x10 [ 25.887723] translate_table+0xed1/0x1610 [ 25.891862] ? alloc_counters.isra.11+0x7d0/0x7d0 [ 25.896768] ? kasan_check_write+0x14/0x20 [ 25.900976] ? _copy_from_user+0x99/0x110 [ 25.905123] do_ipt_set_ctl+0x370/0x5f0 [ 25.909076] ? translate_compat_table+0x1b90/0x1b90 [ 25.914767] ? mutex_unlock+0xd/0x10 [ 25.918471] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 25.923723] nf_setsockopt+0x67/0xc0 [ 25.927415] ip_setsockopt+0xa1/0xb0 [ 25.931108] raw_setsockopt+0xb7/0xd0 [ 25.934889] sock_common_setsockopt+0x95/0xd0 [ 25.939365] SyS_setsockopt+0x189/0x360 [ 25.943326] ? SyS_recv+0x40/0x40 [ 25.946755] ? entry_SYSCALL_64_fastpath+0x5/0xa0 [ 25.951576] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.956581] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.961318] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 25.966045] RIP: 0033:0x453299 [ 25.969222] RSP: 002b:00007f79cc71dc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 [ 25.976911] RAX: ffffffffffffffda RBX: 00007f79cc71e700 RCX: 0000000000453299 [ 25.984164] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 25.991413] RBP: 00007ffe1f109c20 R08: 0000000000000318 R09: 0000000000000000 [ 25.998656] R10: 0000000020020ce8 R11: 0000000000000212 R12: 0000000000000000 [ 26.005917] R13: 00007ffe1f109b9f R14: 00007f79cc71e9c0 R15: 0000000000000002 [ 26.013176] [ 26.014778] Allocated by task 3828: [ 26.018381] save_stack+0x43/0xd0 [ 26.021806] kasan_kmalloc+0xad/0xe0 [ 26.025497] __kmalloc_node+0x47/0x70 [ 26.029268] kvmalloc_node+0x99/0xd0 [ 26.032955] xt_alloc_table_info+0x64/0xe0 [ 26.037161] do_ipt_set_ctl+0x29b/0x5f0 [ 26.041131] nf_setsockopt+0x67/0xc0 [ 26.044817] ip_setsockopt+0xa1/0xb0 [ 26.048501] raw_setsockopt+0xb7/0xd0 [ 26.052278] sock_common_setsockopt+0x95/0xd0 [ 26.056745] SyS_setsockopt+0x189/0x360 [ 26.060692] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 26.065422] [ 26.067032] Freed by task 0: [ 26.070018] (stack is not available) [ 26.073698] [ 26.075298] The buggy address belongs to the object at ffff8801d8dad6c0 [ 26.075298] which belongs to the cache kmalloc-1024 of size 1024 [ 26.088109] The buggy address is located 760 bytes inside of [ 26.088109] 1024-byte region [ffff8801d8dad6c0, ffff8801d8dadac0) [ 26.100047] The buggy address belongs to the page: [ 26.104955] page:ffffea0007636b00 count:1 mapcount:0 mapping:ffff8801d8dac040 index:0x0 compound_mapcount: 0 [ 26.114902] flags: 0x2fffc0000008100(slab|head) [ 26.119545] raw: 02fffc0000008100 ffff8801d8dac040 0000000000000000 0000000100000007 [ 26.127398] raw: ffffea0006eca3a0 ffff8801dac01848 ffff8801dac00ac0 0000000000000000 [ 26.135248] page dumped because: kasan: bad access detected [ 26.140939] [ 26.142545] Memory state around the buggy address: [ 26.147455] ffff8801d8dad880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.154785] ffff8801d8dad900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.162122] >ffff8801d8dad980: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 26.169461] ^ [ 26.174620] ffff8801d8dada00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.181949] ffff8801d8dada80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.189277] ================================================================== [ 26.196606] Disabling lock debugging due to kernel taint [ 26.202146] Kernel panic - not syncing: panic_on_warn set ... [ 26.202146] [ 26.209487] CPU: 1 PID: 3828 Comm: syz-executor0 Tainted: G B 4.15.0-rc9+ #212 [ 26.218038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.227363] Call Trace: [ 26.229926] dump_stack+0x194/0x257 [ 26.233526] ? arch_local_irq_restore+0x53/0x53 [ 26.238167] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.242895] ? vsnprintf+0x1ed/0x1900 [ 26.246667] ? string+0x160/0x200 [ 26.250100] panic+0x1e4/0x41c [ 26.253263] ? refcount_error_report+0x214/0x214 [ 26.257998] ? add_taint+0x1c/0x50 [ 26.261511] ? add_taint+0x1c/0x50 [ 26.265034] ? string+0x1e8/0x200 [ 26.268462] kasan_end_report+0x50/0x50 [ 26.272408] kasan_report+0x144/0x340 [ 26.276182] __asan_report_load1_noabort+0x14/0x20 [ 26.281081] string+0x1e8/0x200 [ 26.284346] vsnprintf+0x863/0x1900 [ 26.287948] ? pointer+0x9e0/0x9e0 [ 26.291465] __request_module+0x1bf/0xc20 [ 26.295588] ? lock_downgrade+0x980/0x980 [ 26.299709] ? free_modprobe_argv+0xa0/0xa0 [ 26.304002] ? lock_downgrade+0x980/0x980 [ 26.308123] ? up_read+0x1a/0x40 [ 26.311465] ? led_trigger_register+0x3f1/0x4d0 [ 26.316111] ? led_trigger_blink+0xf0/0xf0 [ 26.320315] ? __kmalloc_track_caller+0x46a/0x760 [ 26.325136] ? rcu_read_lock_sched_held+0x108/0x120 [ 26.330126] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 26.334944] ? memcpy+0x45/0x50 [ 26.338206] ? wait_for_completion+0x770/0x770 [ 26.342766] ? mutex_unlock+0xd/0x10 [ 26.346455] ? led_tg_check+0x1a7/0x560 [ 26.350408] ? wait_for_completion+0x770/0x770 [ 26.354975] ? __save_stack_trace+0x7e/0xd0 [ 26.359278] ? module_unload_free+0x5b0/0x5b0 [ 26.363759] ? reject_tg_check+0x7a/0x170 [ 26.367876] ? masquerade_tg+0x360/0x360 [ 26.371927] xt_request_find_target+0x8b/0xb0 [ 26.376403] find_check_entry.isra.8+0x612/0xcb0 [ 26.381135] ? ipt_do_table+0x1860/0x1860 [ 26.385257] ? mark_held_locks+0xaf/0x100 [ 26.389376] ? kfree+0xf0/0x260 [ 26.392630] ? trace_hardirqs_on+0xd/0x10 [ 26.396753] translate_table+0xed1/0x1610 [ 26.400880] ? alloc_counters.isra.11+0x7d0/0x7d0 [ 26.405706] ? kasan_check_write+0x14/0x20 [ 26.409920] ? _copy_from_user+0x99/0x110 [ 26.414048] do_ipt_set_ctl+0x370/0x5f0 [ 26.417996] ? translate_compat_table+0x1b90/0x1b90 [ 26.422988] ? mutex_unlock+0xd/0x10 [ 26.426680] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 26.431928] nf_setsockopt+0x67/0xc0 [ 26.435615] ip_setsockopt+0xa1/0xb0 [ 26.439300] raw_setsockopt+0xb7/0xd0 [ 26.443077] sock_common_setsockopt+0x95/0xd0 [ 26.447543] SyS_setsockopt+0x189/0x360 [ 26.451490] ? SyS_recv+0x40/0x40 [ 26.454913] ? entry_SYSCALL_64_fastpath+0x5/0xa0 [ 26.459730] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.464721] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.469453] entry_SYSCALL_64_fastpath+0x29/0xa0 [ 26.474185] RIP: 0033:0x453299 [ 26.477345] RSP: 002b:00007f79cc71dc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 [ 26.485022] RAX: ffffffffffffffda RBX: 00007f79cc71e700 RCX: 0000000000453299 [ 26.492282] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 26.499523] RBP: 00007ffe1f109c20 R08: 0000000000000318 R09: 0000000000000000 [ 26.506765] R10: 0000000020020ce8 R11: 0000000000000212 R12: 0000000000000000 [ 26.514006] R13: 00007ffe1f109b9f R14: 00007f79cc71e9c0 R15: 0000000000000002 [ 26.521621] Dumping ftrace buffer: [ 26.525134] (ftrace buffer empty) [ 26.528826] Kernel Offset: disabled [ 26.532425] Rebooting in 86400 seconds..