[....] Starting enhanced syslogd: rsyslogd[   12.499402] audit: type=1400 audit(1517099333.760:5): avc:  denied  { syslog } for  pid=3530 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.445106] audit: type=1400 audit(1517099341.705:6): avc:  denied  { map } for  pid=3670 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   26.781056] audit: type=1400 audit(1517099348.041:7): avc:  denied  { map } for  pid=3684 comm="syzkaller158921" path="/root/syzkaller158921329" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   27.176302] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
executing program
[   27.586230] ==================================================================
[   27.593641] BUG: KASAN: slab-out-of-bounds in clusterip_tg_check+0x150f/0x1570
[   27.600977] Read of size 2 at addr ffff8801d4bc79f8 by task syzkaller158921/3684
[   27.608482] 
[   27.610087] CPU: 0 PID: 3684 Comm: syzkaller158921 Not tainted 4.15.0-rc9+ #283
[   27.617507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.626847] Call Trace:
[   27.629416]  dump_stack+0x194/0x257
[   27.633016]  ? arch_local_irq_restore+0x53/0x53
[   27.637658]  ? show_regs_print_info+0x18/0x18
[   27.642133]  ? clusterip_tg_check+0x150f/0x1570
[   27.646777]  print_address_description+0x73/0x250
[   27.651593]  ? clusterip_tg_check+0x150f/0x1570
[   27.656236]  kasan_report+0x25b/0x340
[   27.660016]  __asan_report_load2_noabort+0x14/0x20
[   27.664918]  clusterip_tg_check+0x150f/0x1570
[   27.669406]  ? arp_mangle+0x550/0x550
[   27.673192]  ? xt_find_target+0x150/0x1e0
[   27.677315]  ? lock_downgrade+0x980/0x980
[   27.681440]  ? nf_connlabels_get+0x62/0x80
[   27.685741]  ? lock_release+0xa40/0xa40
[   27.689693]  ? ipv4_conntrack_in+0x90/0x90
[   27.693911]  ? __mutex_unlock_slowpath+0xe9/0xac0
[   27.698730]  ? wait_for_completion+0x770/0x770
[   27.703290]  ? nf_connlabels_get+0x67/0x80
[   27.707512]  ? arp_mangle+0x550/0x550
[   27.711290]  xt_check_target+0x22c/0x7d0
[   27.715336]  ? xt_target_seq_next+0x30/0x30
[   27.719632]  ? mutex_unlock+0xd/0x10
[   27.723332]  ? mutex_unlock+0xd/0x10
[   27.727017]  ? xt_find_target+0x17b/0x1e0
[   27.731147]  find_check_entry.isra.8+0x8c8/0xcb0
[   27.735912]  ? ipt_do_table+0x1860/0x1860
[   27.740050]  ? mark_held_locks+0xaf/0x100
[   27.744189]  ? kfree+0xf0/0x260
[   27.747455]  ? trace_hardirqs_on+0xd/0x10
[   27.751601]  translate_table+0xed1/0x1610
[   27.755743]  ? alloc_counters.isra.11+0x7d0/0x7d0
[   27.760565]  ? kasan_check_write+0x14/0x20
[   27.764777]  ? _copy_from_user+0x99/0x110
[   27.768908]  do_ipt_set_ctl+0x370/0x5f0
[   27.772862]  ? translate_compat_table+0x1b90/0x1b90
[   27.777867]  ? mutex_unlock+0xd/0x10
[   27.781574]  ? nf_sockopt_find.constprop.0+0x1a7/0x220
[   27.786831]  nf_setsockopt+0x67/0xc0
[   27.790527]  ip_setsockopt+0xa1/0xb0
[   27.794224]  sctp_setsockopt+0x2a0/0x5de0
[   27.798353]  ? sctp_setsockopt_paddr_thresholds+0x550/0x550
[   27.804079]  ? check_noncircular+0x20/0x20
[   27.808298]  ? lru_cache_add+0x1c7/0x3a0
[   27.812333]  ? get_mem_cgroup_from_mm+0x710/0x710
[   27.817150]  ? lru_cache_add_file+0x20/0x20
[   27.821448]  ? __mem_cgroup_threshold+0x8f0/0x8f0
[   27.826283]  ? mark_held_locks+0xaf/0x100
[   27.830412]  ? find_held_lock+0x35/0x1d0
[   27.834448]  ? check_noncircular+0x20/0x20
[   27.838660]  ? __handle_mm_fault+0x2747/0x3ce0
[   27.843218]  ? lock_downgrade+0x980/0x980
[   27.847344]  ? lock_release+0xa40/0xa40
[   27.851304]  ? find_held_lock+0x35/0x1d0
[   27.855359]  ? avc_has_perm+0x35e/0x680
[   27.859309]  ? lock_downgrade+0x980/0x980
[   27.863435]  ? lock_release+0xa40/0xa40
[   27.867406]  ? check_noncircular+0x20/0x20
[   27.871617]  ? __pmd_alloc+0x4e0/0x4e0
[   27.875485]  ? find_held_lock+0x35/0x1d0
[   27.879530]  ? avc_has_perm+0x43e/0x680
[   27.883485]  ? avc_has_perm_noaudit+0x520/0x520
[   27.888138]  ? __do_page_fault+0x5f7/0xc90
[   27.892351]  ? lock_downgrade+0x980/0x980
[   27.896481]  ? handle_mm_fault+0x410/0x8d0
[   27.900702]  ? down_read_trylock+0xdb/0x170
[   27.905010]  ? __do_page_fault+0x32d/0xc90
[   27.909222]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   27.913788]  ? vmacache_find+0x5f/0x280
[   27.917743]  ? sock_has_perm+0x2a4/0x420
[   27.921784]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   27.927124]  ? __do_page_fault+0x3d6/0xc90
[   27.931351]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
[   27.937041]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   27.942324]  sock_common_setsockopt+0x95/0xd0
[   27.946801]  SyS_setsockopt+0x189/0x360
[   27.950757]  ? SyS_recv+0x40/0x40
[   27.954190]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
[   27.959010]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   27.964012]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   27.968760]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   27.973491] RIP: 0033:0x445ff9
[   27.976653] RSP: 002b:00007ffe24bb05a8 EFLAGS: 00000207 ORIG_RAX: 0000000000000036
[   27.984336] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000445ff9
[   27.991581] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004
[   27.998827] RBP: 00007ffe24bb06e8 R08: 0000000000000358 R09: 0000000000000000
[   28.006073] R10: 0000000020016ca8 R11: 0000000000000207 R12: 00007ffe24bb06e8
[   28.013320] R13: 00000000004034c0 R14: 0000000000000000 R15: 0000000000000000
[   28.020583] 
[   28.022198] Allocated by task 3684:
[   28.025806]  save_stack+0x43/0xd0
[   28.029233]  kasan_kmalloc+0xad/0xe0
[   28.032920]  __kmalloc_node+0x47/0x70
[   28.036699]  kvmalloc_node+0x99/0xd0
[   28.040389]  xt_alloc_table_info+0x64/0xe0
[   28.044601]  do_ipt_set_ctl+0x29b/0x5f0
[   28.048551]  nf_setsockopt+0x67/0xc0
[   28.052238]  ip_setsockopt+0xa1/0xb0
[   28.055926]  sctp_setsockopt+0x2a0/0x5de0
[   28.060057]  sock_common_setsockopt+0x95/0xd0
[   28.064531]  SyS_setsockopt+0x189/0x360
[   28.068478]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   28.073204] 
[   28.074804] Freed by task 2233:
[   28.078066]  save_stack+0x43/0xd0
[   28.081493]  kasan_slab_free+0x71/0xc0
[   28.085353]  kfree+0xd6/0x260
[   28.088433]  free_pipe_info+0x1f8/0x2a0
[   28.092378]  put_pipe_info+0xb0/0xd0
[   28.096072]  pipe_release+0x1af/0x250
[   28.100803]  __fput+0x327/0x7e0
[   28.104062]  ____fput+0x15/0x20
[   28.107320]  task_work_run+0x199/0x270
[   28.111183]  exit_to_usermode_loop+0x296/0x310
[   28.115737]  syscall_return_slowpath+0x490/0x550
[   28.120467]  entry_SYSCALL_64_fastpath+0x9e/0xa0
[   28.125192] 
[   28.126794] The buggy address belongs to the object at ffff8801d4bc76c0
[   28.126794]  which belongs to the cache kmalloc-1024 of size 1024
[   28.139599] The buggy address is located 824 bytes inside of
[   28.139599]  1024-byte region [ffff8801d4bc76c0, ffff8801d4bc7ac0)
[   28.151535] The buggy address belongs to the page:
[   28.156437] page:ffffea000752f180 count:1 mapcount:0 mapping:ffff8801d4bc6040 index:0x0 compound_mapcount: 0
[   28.166384] flags: 0x2fffc0000008100(slab|head)
[   28.171030] raw: 02fffc0000008100 ffff8801d4bc6040 0000000000000000 0000000100000007
[   28.178888] raw: ffffea0007535920 ffffea000752f220 ffff8801dac00ac0 0000000000000000
[   28.186742] page dumped because: kasan: bad access detected
[   28.192424] 
[   28.194027] Memory state around the buggy address:
[   28.198930]  ffff8801d4bc7880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.206266]  ffff8801d4bc7900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.213611] >ffff8801d4bc7980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   28.220944]                                                                 ^
[   28.228192]  ffff8801d4bc7a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.235525]  ffff8801d4bc7a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.242859] ==================================================================
[   28.250219] Disabling lock debugging due to kernel taint
[   28.255909] Kernel panic - not syncing: panic_on_warn set ...
[   28.255909] 
[   28.263266] CPU: 0 PID: 3684 Comm: syzkaller158921 Tainted: G    B            4.15.0-rc9+ #283
[   28.271989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.281316] Call Trace:
[   28.283878]  dump_stack+0x194/0x257
[   28.287490]  ? arch_local_irq_restore+0x53/0x53
[   28.292130]  ? kasan_end_report+0x32/0x50
[   28.296254]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.300981]  ? vsnprintf+0x1ed/0x1900
[   28.304765]  ? clusterip_tg_check+0x1440/0x1570
[   28.309416]  panic+0x1e4/0x41c
[   28.312580]  ? refcount_error_report+0x214/0x214
[   28.317308]  ? add_taint+0x1c/0x50
[   28.320820]  ? add_taint+0x1c/0x50
[   28.324338]  ? clusterip_tg_check+0x150f/0x1570
[   28.328983]  kasan_end_report+0x50/0x50
[   28.332941]  kasan_report+0x144/0x340
[   28.336716]  __asan_report_load2_noabort+0x14/0x20
[   28.341617]  clusterip_tg_check+0x150f/0x1570
[   28.346092]  ? arp_mangle+0x550/0x550
[   28.349871]  ? xt_find_target+0x150/0x1e0
[   28.353993]  ? lock_downgrade+0x980/0x980
[   28.358121]  ? nf_connlabels_get+0x62/0x80
[   28.362331]  ? lock_release+0xa40/0xa40
[   28.366277]  ? ipv4_conntrack_in+0x90/0x90
[   28.370487]  ? __mutex_unlock_slowpath+0xe9/0xac0
[   28.375303]  ? wait_for_completion+0x770/0x770
[   28.379869]  ? nf_connlabels_get+0x67/0x80
[   28.384081]  ? arp_mangle+0x550/0x550
[   28.387856]  xt_check_target+0x22c/0x7d0
[   28.391893]  ? xt_target_seq_next+0x30/0x30
[   28.396188]  ? mutex_unlock+0xd/0x10
[   28.399886]  ? mutex_unlock+0xd/0x10
[   28.403572]  ? xt_find_target+0x17b/0x1e0
[   28.407696]  find_check_entry.isra.8+0x8c8/0xcb0
[   28.412429]  ? ipt_do_table+0x1860/0x1860
[   28.416562]  ? mark_held_locks+0xaf/0x100
[   28.420693]  ? kfree+0xf0/0x260
[   28.423949]  ? trace_hardirqs_on+0xd/0x10
[   28.428076]  translate_table+0xed1/0x1610
[   28.432206]  ? alloc_counters.isra.11+0x7d0/0x7d0
[   28.437029]  ? kasan_check_write+0x14/0x20
[   28.441242]  ? _copy_from_user+0x99/0x110
[   28.445368]  do_ipt_set_ctl+0x370/0x5f0
[   28.449317]  ? translate_compat_table+0x1b90/0x1b90
[   28.454310]  ? mutex_unlock+0xd/0x10
[   28.457996]  ? nf_sockopt_find.constprop.0+0x1a7/0x220
[   28.463250]  nf_setsockopt+0x67/0xc0
[   28.466941]  ip_setsockopt+0xa1/0xb0
[   28.470630]  sctp_setsockopt+0x2a0/0x5de0
[   28.474754]  ? sctp_setsockopt_paddr_thresholds+0x550/0x550
[   28.480442]  ? check_noncircular+0x20/0x20
[   28.484648]  ? lru_cache_add+0x1c7/0x3a0
[   28.488682]  ? get_mem_cgroup_from_mm+0x710/0x710
[   28.493509]  ? lru_cache_add_file+0x20/0x20
[   28.497806]  ? __mem_cgroup_threshold+0x8f0/0x8f0
[   28.502635]  ? mark_held_locks+0xaf/0x100
[   28.506758]  ? find_held_lock+0x35/0x1d0
[   28.510790]  ? check_noncircular+0x20/0x20
[   28.515001]  ? __handle_mm_fault+0x2747/0x3ce0
[   28.519563]  ? lock_downgrade+0x980/0x980
[   28.523686]  ? lock_release+0xa40/0xa40
[   28.527639]  ? find_held_lock+0x35/0x1d0
[   28.531688]  ? avc_has_perm+0x35e/0x680
[   28.535644]  ? lock_downgrade+0x980/0x980
[   28.539769]  ? lock_release+0xa40/0xa40
[   28.543715]  ? check_noncircular+0x20/0x20
[   28.547934]  ? __pmd_alloc+0x4e0/0x4e0
[   28.551801]  ? find_held_lock+0x35/0x1d0
[   28.555850]  ? avc_has_perm+0x43e/0x680
[   28.559798]  ? avc_has_perm_noaudit+0x520/0x520
[   28.564445]  ? __do_page_fault+0x5f7/0xc90
[   28.568654]  ? lock_downgrade+0x980/0x980
[   28.572780]  ? handle_mm_fault+0x410/0x8d0
[   28.576988]  ? down_read_trylock+0xdb/0x170
[   28.581295]  ? __do_page_fault+0x32d/0xc90
[   28.585506]  ? __handle_mm_fault+0x3ce0/0x3ce0
[   28.590061]  ? vmacache_find+0x5f/0x280
[   28.594014]  ? sock_has_perm+0x2a4/0x420
[   28.598052]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   28.603388]  ? __do_page_fault+0x3d6/0xc90
[   28.607602]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
[   28.613288]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   28.618548]  sock_common_setsockopt+0x95/0xd0
[   28.623026]  SyS_setsockopt+0x189/0x360
[   28.626980]  ? SyS_recv+0x40/0x40
[   28.630407]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
[   28.635232]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.640222]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.644954]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   28.649680] RIP: 0033:0x445ff9
[   28.652841] RSP: 002b:00007ffe24bb05a8 EFLAGS: 00000207 ORIG_RAX: 0000000000000036
[   28.660521] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000445ff9
[   28.667763] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004
[   28.675009] RBP: 00007ffe24bb06e8 R08: 0000000000000358 R09: 0000000000000000
[   28.682272] R10: 0000000020016ca8 R11: 0000000000000207 R12: 00007ffe24bb06e8
[   28.689516] R13: 00000000004034c0 R14: 0000000000000000 R15: 0000000000000000
[   28.697294] Dumping ftrace buffer:
[   28.700818]    (ftrace buffer empty)
[   28.704500] Kernel Offset: disabled
[   28.708113] Rebooting in 86400 seconds..