syzbot

==================================================================
BUG: KASAN: slab-out-of-bounds in string+0x1e8/0x200 lib/vsprintf.c:592
Read of size 1 at addr ffff8801c8ea9350 by task syzkaller453322/3332

CPU: 1 PID: 3332 Comm: syzkaller453322 Not tainted 4.9.78-ge9dabe6 #19
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c16f7740 ffffffff81d943a9 ffffea000723aa40 ffff8801c8ea9350
 0000000000000000 ffff8801c8ea9350 ffff8801c16f799c ffff8801c16f7778
 ffffffff8153dc23 ffff8801c8ea9350 0000000000000001 0000000000000000
Call Trace:
 [<ffffffff81d943a9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d943a9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153dc23>] print_address_description+0x73/0x280 mm/kasan/report.c:252
 [<ffffffff8153e145>] kasan_report_error mm/kasan/report.c:351 [inline]
 [<ffffffff8153e145>] kasan_report+0x275/0x360 mm/kasan/report.c:408
 [<ffffffff8153e244>] __asan_report_load1_noabort+0x14/0x20 mm/kasan/report.c:426
 [<ffffffff81db6388>] string+0x1e8/0x200 lib/vsprintf.c:592
 [<ffffffff81dbf31d>] vsnprintf+0x7ad/0x16d0 lib/vsprintf.c:2044
 [<ffffffff8117a65f>] __request_module+0x14f/0x750 kernel/kmod.c:146
 [<ffffffff8313beeb>] xt_request_find_target+0x8b/0xb0 net/netfilter/x_tables.c:256
 [<ffffffff8338465a>] find_check_entry net/ipv4/netfilter/ip_tables.c:567 [inline]
 [<ffffffff8338465a>] translate_table+0x177a/0x1e30 net/ipv4/netfilter/ip_tables.c:745
 [<ffffffff810002b8>] ? 0xffffffff810002b8
 [<ffffffff83386eee>] do_replace net/ipv4/netfilter/ip_tables.c:1151 [inline]
 [<ffffffff83386eee>] do_ipt_set_ctl+0x2be/0x470 net/ipv4/netfilter/ip_tables.c:1687
 [<ffffffff830a1a67>] nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
 [<ffffffff830a1a67>] nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114
 [<ffffffff83211b81>] ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1248
 [<ffffffff832bf075>] udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2083
 [<ffffffff82ede275>] sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706
 [<ffffffff82edb230>] SYSC_setsockopt net/socket.c:1772 [inline]
 [<ffffffff82edb230>] SyS_setsockopt+0x160/0x250 net/socket.c:1751
 [<ffffffff838b2c6e>] entry_SYSCALL_64_fastpath+0x29/0xe8

Allocated by task 3332:
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:505
 set_track mm/kasan/kasan.c:517 [inline]
 kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:609
 __kmalloc+0x11d/0x310 mm/slub.c:3741
 kmalloc include/linux/slab.h:495 [inline]
 xt_alloc_table_info+0x71/0x100 net/netfilter/x_tables.c:959
 do_replace net/ipv4/netfilter/ip_tables.c:1140 [inline]
 do_ipt_set_ctl+0x242/0x470 net/ipv4/netfilter/ip_tables.c:1687
 nf_sockopt net/netfilter/nf_sockopt.c:105 [inline]
 nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:114
 ip_setsockopt+0xa1/0xb0 net/ipv4/ip_sockglue.c:1248
 udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2083
 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2706
 SYSC_setsockopt net/socket.c:1772 [inline]
 SyS_setsockopt+0x160/0x250 net/socket.c:1751
 entry_SYSCALL_64_fastpath+0x29/0xe8

Freed by task 1915:
 save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:57
 save_stack+0x43/0xd0 mm/kasan/kasan.c:505
 set_track mm/kasan/kasan.c:517 [inline]
 kasan_slab_free+0x72/0xc0 mm/kasan/kasan.c:582
 slab_free_hook mm/slub.c:1355 [inline]
 slab_free_freelist_hook mm/slub.c:1377 [inline]
 slab_free mm/slub.c:2958 [inline]
 kfree+0x103/0x300 mm/slub.c:3878
 free_bprm+0x19d/0x200 fs/exec.c:1395
 do_execveat_common.isra.37+0x17df/0x1f10 fs/exec.c:1795
 do_execve fs/exec.c:1830 [inline]
 SYSC_execve fs/exec.c:1911 [inline]
 SyS_execve+0x42/0x50 fs/exec.c:1906
 do_syscall_64+0x197/0x490 arch/x86/entry/common.c:280
 return_from_SYSCALL_64+0x0/0x7e

The buggy address belongs to the object at ffff8801c8ea9280
 which belongs to the cache kmalloc-256 of size 256
The buggy address is located 208 bytes inside of
 256-byte region [ffff8801c8ea9280, ffff8801c8ea9380)
The buggy address belongs to the page:
page:ffffea000723aa40 count:1 mapcount:0 mapping:          (null) index:0x0
flags: 0x8000000000000080(slab)
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8801c8ea9200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
 ffff8801c8ea9280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8801c8ea9300: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
                                                 ^
 ffff8801c8ea9380: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
 ffff8801c8ea9400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================