[....] Starting enhanced syslogd: rsyslogd[   12.700053] audit: type=1400 audit(1517127242.330:5): avc:  denied  { syslog } for  pid=3532 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   19.528932] audit: type=1400 audit(1517127249.159:6): avc:  denied  { map } for  pid=3671 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.219' (ECDSA) to the list of known hosts.
executing program
[   25.859078] audit: type=1400 audit(1517127255.489:7): avc:  denied  { map } for  pid=3685 comm="syzkaller761522" path="/root/syzkaller761522862" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   25.936267] ==================================================================
[   25.943687] BUG: KASAN: slab-out-of-bounds in clusterip_tg_check+0x150f/0x1570
[   25.951025] Read of size 2 at addr ffff8801d96d50c0 by task syzkaller761522/3685
[   25.958532] 
[   25.960136] CPU: 0 PID: 3685 Comm: syzkaller761522 Not tainted 4.15.0-rc9+ #283
[   25.967551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.976873] Call Trace:
[   25.979435]  dump_stack+0x194/0x257
[   25.983049]  ? arch_local_irq_restore+0x53/0x53
[   25.987692]  ? show_regs_print_info+0x18/0x18
[   25.992163]  ? clusterip_tg_check+0x150f/0x1570
[   25.996809]  print_address_description+0x73/0x250
[   26.001622]  ? clusterip_tg_check+0x150f/0x1570
[   26.006264]  kasan_report+0x25b/0x340
[   26.010040]  __asan_report_load2_noabort+0x14/0x20
[   26.014940]  clusterip_tg_check+0x150f/0x1570
[   26.019413]  ? arp_mangle+0x550/0x550
[   26.023190]  ? xt_find_target+0x150/0x1e0
[   26.027314]  ? lock_downgrade+0x980/0x980
[   26.031440]  ? nf_connlabels_get+0x62/0x80
[   26.035652]  ? lock_release+0xa40/0xa40
[   26.039595]  ? ipv4_conntrack_in+0x90/0x90
[   26.043810]  ? __mutex_unlock_slowpath+0xe9/0xac0
[   26.048629]  ? wait_for_completion+0x770/0x770
[   26.053194]  ? nf_connlabels_get+0x67/0x80
[   26.057403]  ? arp_mangle+0x550/0x550
[   26.061180]  xt_check_target+0x22c/0x7d0
[   26.065218]  ? xt_target_seq_next+0x30/0x30
[   26.069530]  ? mutex_unlock+0xd/0x10
[   26.073222]  ? mutex_unlock+0xd/0x10
[   26.076906]  ? xt_find_target+0x17b/0x1e0
[   26.081048]  find_check_entry.isra.8+0x8c8/0xcb0
[   26.085787]  ? ipt_do_table+0x1860/0x1860
[   26.089911]  ? mark_held_locks+0xaf/0x100
[   26.094031]  ? kfree+0xf0/0x260
[   26.097288]  ? trace_hardirqs_on+0xd/0x10
[   26.101415]  translate_table+0xed1/0x1610
[   26.105552]  ? alloc_counters.isra.11+0x7d0/0x7d0
[   26.110368]  ? kasan_check_write+0x14/0x20
[   26.114574]  ? _copy_from_user+0x99/0x110
[   26.118698]  do_ipt_set_ctl+0x370/0x5f0
[   26.122664]  ? translate_compat_table+0x1b90/0x1b90
[   26.127665]  ? mutex_unlock+0xd/0x10
[   26.131359]  ? nf_sockopt_find.constprop.0+0x1a7/0x220
[   26.136610]  nf_setsockopt+0x67/0xc0
[   26.140303]  ip_setsockopt+0xa1/0xb0
[   26.143999]  udp_setsockopt+0x45/0x80
[   26.147777]  sock_common_setsockopt+0x95/0xd0
[   26.152245]  SyS_setsockopt+0x189/0x360
[   26.156195]  ? SyS_recv+0x40/0x40
[   26.159620]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
[   26.164436]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   26.169427]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.174162]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   26.178897] RIP: 0033:0x440b49
[   26.182058] RSP: 002b:00007ffca8f45648 EFLAGS: 00000203 ORIG_RAX: 0000000000000036
[   26.189741] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000440b49
[   26.196996] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
[   26.204237] RBP: 00000000006cb018 R08: 0000000000000320 R09: 0000000000000000
[   26.211479] R10: 0000000020027000 R11: 0000000000000203 R12: 0000000000402470
[   26.218728] R13: 0000000000402500 R14: 0000000000000000 R15: 0000000000000000
[   26.225987] 
[   26.227586] Allocated by task 3685:
[   26.231186]  save_stack+0x43/0xd0
[   26.234608]  kasan_kmalloc+0xad/0xe0
[   26.238288]  __kmalloc_node+0x47/0x70
[   26.242059]  kvmalloc_node+0x99/0xd0
[   26.245745]  xt_alloc_table_info+0x64/0xe0
[   26.249954]  do_ipt_set_ctl+0x29b/0x5f0
[   26.253897]  nf_setsockopt+0x67/0xc0
[   26.257583]  ip_setsockopt+0xa1/0xb0
[   26.261271]  udp_setsockopt+0x45/0x80
[   26.265053]  sock_common_setsockopt+0x95/0xd0
[   26.269519]  SyS_setsockopt+0x189/0x360
[   26.273463]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   26.278186] 
[   26.279784] Freed by task 0:
[   26.282768] (stack is not available)
[   26.286448] 
[   26.288048] The buggy address belongs to the object at ffff8801d96d4dc0
[   26.288048]  which belongs to the cache kmalloc-1024 of size 1024
[   26.300857] The buggy address is located 768 bytes inside of
[   26.300857]  1024-byte region [ffff8801d96d4dc0, ffff8801d96d51c0)
[   26.312787] The buggy address belongs to the page:
[   26.317686] page:ffffea000765b500 count:1 mapcount:0 mapping:ffff8801d96d4040 index:0x0 compound_mapcount: 0
[   26.327625] flags: 0x2fffc0000008100(slab|head)
[   26.332267] raw: 02fffc0000008100 ffff8801d96d4040 0000000000000000 0000000100000007
[   26.340118] raw: ffffea0006ebb120 ffffea0007641220 ffff8801dac00ac0 0000000000000000
[   26.347969] page dumped because: kasan: bad access detected
[   26.353648] 
[   26.355247] Memory state around the buggy address:
[   26.360156]  ffff8801d96d4f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.367500]  ffff8801d96d5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.374829] >ffff8801d96d5080: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   26.382161]                                            ^
[   26.387583]  ffff8801d96d5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.394921]  ffff8801d96d5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.402257] ==================================================================
[   26.409583] Disabling lock debugging due to kernel taint
[   26.415106] Kernel panic - not syncing: panic_on_warn set ...
[   26.415106] 
[   26.422447] CPU: 0 PID: 3685 Comm: syzkaller761522 Tainted: G    B            4.15.0-rc9+ #283
[   26.431179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.440503] Call Trace:
[   26.443065]  dump_stack+0x194/0x257
[   26.446667]  ? arch_local_irq_restore+0x53/0x53
[   26.451309]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.456057]  ? vsnprintf+0x1ed/0x1900
[   26.459835]  ? clusterip_tg_check+0x1440/0x1570
[   26.464476]  panic+0x1e4/0x41c
[   26.467640]  ? refcount_error_report+0x214/0x214
[   26.472380]  ? add_taint+0x1c/0x50
[   26.475890]  ? add_taint+0x1c/0x50
[   26.479401]  ? clusterip_tg_check+0x150f/0x1570
[   26.484040]  kasan_end_report+0x50/0x50
[   26.487996]  kasan_report+0x144/0x340
[   26.491790]  __asan_report_load2_noabort+0x14/0x20
[   26.496691]  clusterip_tg_check+0x150f/0x1570
[   26.501168]  ? arp_mangle+0x550/0x550
[   26.504940]  ? xt_find_target+0x150/0x1e0
[   26.509074]  ? lock_downgrade+0x980/0x980
[   26.513197]  ? nf_connlabels_get+0x62/0x80
[   26.517408]  ? lock_release+0xa40/0xa40
[   26.521355]  ? ipv4_conntrack_in+0x90/0x90
[   26.525567]  ? __mutex_unlock_slowpath+0xe9/0xac0
[   26.530381]  ? wait_for_completion+0x770/0x770
[   26.534935]  ? nf_connlabels_get+0x67/0x80
[   26.539149]  ? arp_mangle+0x550/0x550
[   26.542923]  xt_check_target+0x22c/0x7d0
[   26.546958]  ? xt_target_seq_next+0x30/0x30
[   26.551253]  ? mutex_unlock+0xd/0x10
[   26.554941]  ? mutex_unlock+0xd/0x10
[   26.558625]  ? xt_find_target+0x17b/0x1e0
[   26.562750]  find_check_entry.isra.8+0x8c8/0xcb0
[   26.567482]  ? ipt_do_table+0x1860/0x1860
[   26.571602]  ? mark_held_locks+0xaf/0x100
[   26.575722]  ? kfree+0xf0/0x260
[   26.578984]  ? trace_hardirqs_on+0xd/0x10
[   26.583116]  translate_table+0xed1/0x1610
[   26.587257]  ? alloc_counters.isra.11+0x7d0/0x7d0
[   26.592080]  ? kasan_check_write+0x14/0x20
[   26.596287]  ? _copy_from_user+0x99/0x110
[   26.600410]  do_ipt_set_ctl+0x370/0x5f0
[   26.604359]  ? translate_compat_table+0x1b90/0x1b90
[   26.609351]  ? mutex_unlock+0xd/0x10
[   26.613048]  ? nf_sockopt_find.constprop.0+0x1a7/0x220
[   26.618299]  nf_setsockopt+0x67/0xc0
[   26.621987]  ip_setsockopt+0xa1/0xb0
[   26.625672]  udp_setsockopt+0x45/0x80
[   26.629444]  sock_common_setsockopt+0x95/0xd0
[   26.633914]  SyS_setsockopt+0x189/0x360
[   26.637872]  ? SyS_recv+0x40/0x40
[   26.641308]  ? entry_SYSCALL_64_fastpath+0x5/0xa0
[   26.646165]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   26.651152]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.655883]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   26.660618] RIP: 0033:0x440b49
[   26.663796] RSP: 002b:00007ffca8f45648 EFLAGS: 00000203 ORIG_RAX: 0000000000000036
[   26.671475] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000440b49
[   26.678732] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
[   26.685973] RBP: 00000000006cb018 R08: 0000000000000320 R09: 0000000000000000
[   26.693217] R10: 0000000020027000 R11: 0000000000000203 R12: 0000000000402470
[   26.700460] R13: 0000000000402500 R14: 0000000000000000 R15: 0000000000000000
[   26.708095] Dumping ftrace buffer:
[   26.711612]    (ftrace buffer empty)
[   26.715298] Kernel Offset: disabled
[   26.718897] Rebooting in 86400 seconds..