syzbot

audit: type=1400 audit(1513952069.420:7): avc:  denied  { net_admin } for  pid=3350 comm="syzkaller825961" capability=12  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 
==================================================================
BUG: KASAN: stack-out-of-bounds in string+0x1e8/0x200 lib/vsprintf.c:592
Read of size 1 at addr ffff8801c957fcd4 by task syzkaller825961/3359

CPU: 0 PID: 3359 Comm: syzkaller825961 Not tainted 4.9.71-g2506378 #9
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801c957f740 ffffffff81d922b9 ffffea0007255fc0 ffff8801c957fcd4
 0000000000000000 ffff8801c957fcd4 ffffffff858b2714 ffff8801c957f778
 ffffffff8153bab3 ffff8801c957fcd4 0000000000000001 0000000000000000
Call Trace:
 [<ffffffff81d922b9>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81d922b9>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8153bab3>] print_address_description+0x73/0x280 mm/kasan/report.c:252
 [<ffffffff8153bfd5>] kasan_report_error mm/kasan/report.c:351 [inline]
 [<ffffffff8153bfd5>] kasan_report+0x275/0x360 mm/kasan/report.c:408
 [<ffffffff8153c0d4>] __asan_report_load1_noabort+0x14/0x20 mm/kasan/report.c:426
 [<ffffffff81db4298>] string+0x1e8/0x200 lib/vsprintf.c:592
 [<ffffffff81dbd22d>] vsnprintf+0x7ad/0x16d0 lib/vsprintf.c:2044
 [<ffffffff81dbe17d>] vscnprintf+0x2d/0x60 lib/vsprintf.c:2147
 [<ffffffff81267251>] vprintk_emit+0xf1/0x750 kernel/printk/printk.c:1847
 [<ffffffff812678d8>] vprintk+0x28/0x30 kernel/printk/printk.c:1913
 [<ffffffff812678fd>] vprintk_default+0x1d/0x30 kernel/printk/printk.c:1914
 [<ffffffff8142e45c>] vprintk_func kernel/printk/internal.h:36 [inline]
 [<ffffffff8142e45c>] printk+0xb7/0xe2 kernel/printk/printk.c:1975
 [<ffffffff831a6cd1>] do_ip_vs_set_ctl+0xa01/0xc00 net/netfilter/ipvs/ip_vs_ctl.c:2439
 [<ffffffff8309e75a>] compat_nf_sockopt net/netfilter/nf_sockopt.c:145 [inline]
 [<ffffffff8309e75a>] compat_nf_setsockopt+0xfa/0x130 net/netfilter/nf_sockopt.c:155
 [<ffffffff8320e6ad>] compat_ip_setsockopt+0x9d/0xf0 net/ipv4/ip_sockglue.c:1277
 [<ffffffff832bb895>] compat_udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2093
 [<ffffffff82edb362>] compat_sock_common_setsockopt+0xb2/0x140 net/core/sock.c:2717
 [<ffffffff82fda9f9>] C_SYSC_setsockopt net/compat.c:398 [inline]
 [<ffffffff82fda9f9>] compat_SyS_setsockopt+0x149/0x290 net/compat.c:381
 [<ffffffff81006fc7>] do_syscall_32_irqs_on arch/x86/entry/common.c:322 [inline]
 [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890 arch/x86/entry/common.c:384
 [<ffffffff838b05e1>] entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124

The buggy address belongs to the page:
page:ffffea0007255fc0 count:0 mapcount:0 mapping:          (null) index:0x0
flags: 0x8000000000000000()
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8801c957fb80: 00 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04
 ffff8801c957fc00: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2
>ffff8801c957fc80: f2 f2 00 00 00 00 00 00 00 00 04 f2 f2 f2 00 00
                                                 ^
 ffff8801c957fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801c957fd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================