[....] Starting enhanced syslogd: rsyslogd[ 11.674170] audit: type=1400 audit(1516822611.896:4): avc: denied { syslog } for pid=3185 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.222' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 22.990235] ================================================================== [ 22.997619] BUG: KASAN: slab-out-of-bounds in string+0x1e8/0x200 [ 23.003733] Read of size 1 at addr ffff8801c90bf490 by task syzkaller932404/3341 [ 23.011233] [ 23.012834] CPU: 1 PID: 3341 Comm: syzkaller932404 Not tainted 4.9.78-ge9dabe6 #28 [ 23.020511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.029838] ffff8801c7f6f5d0 ffffffff81d943a9 ffffea0007242fc0 ffff8801c90bf490 [ 23.037805] 0000000000000000 ffff8801c90bf490 ffff8801c7f6f82c ffff8801c7f6f608 [ 23.045773] ffffffff8153dc23 ffff8801c90bf490 0000000000000001 0000000000000000 [ 23.053739] Call Trace: [ 23.056299] [] dump_stack+0xc1/0x128 [ 23.061638] [] print_address_description+0x73/0x280 [ 23.068272] [] kasan_report+0x275/0x360 [ 23.073867] [] ? string+0x1e8/0x200 [ 23.079109] [] __asan_report_load1_noabort+0x14/0x20 [ 23.085828] [] string+0x1e8/0x200 [ 23.090899] [] vsnprintf+0x7ad/0x16d0 [ 23.096317] [] ? pointer+0xa90/0xa90 [ 23.101650] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 23.108371] [] __request_module+0x14f/0x750 [ 23.114309] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 23.120508] [] ? call_usermodehelper_setup+0x2c0/0x2c0 [ 23.127406] [] ? xt_check_match+0x60d/0x720 [ 23.133347] [] xt_request_find_target+0x8b/0xb0 [ 23.139636] [] translate_compat_table+0x568/0x1760 [ 23.146186] [] ? ipt_register_table+0x2d0/0x2d0 [ 23.152473] [] ? __lock_is_held+0xa1/0xf0 [ 23.158237] [] ? check_stack_object+0x68/0x140 [ 23.164437] [] ? __check_object_size+0x174/0x3a9 [ 23.170808] [] ? 0xffffffff810002b8 [ 23.176055] [] compat_do_replace.isra.15+0x1a7/0x3a0 [ 23.182774] [] ? translate_compat_table+0x1760/0x1760 [ 23.189581] [] ? mark_held_locks+0xaf/0x100 [ 23.195520] [] ? __cap_capable+0x168/0x1c0 [ 23.201372] [] ? ns_capable_common+0xcf/0x160 [ 23.207483] [] compat_do_ipt_set_ctl+0x106/0x150 [ 23.213856] [] compat_nf_setsockopt+0x88/0x130 [ 23.220056] [] ? compat_do_replace.isra.15+0x3a0/0x3a0 [ 23.226950] [] compat_ip_setsockopt+0x9d/0xf0 [ 23.233059] [] inet_csk_compat_setsockopt+0x95/0x120 [ 23.239776] [] ? ip_setsockopt+0xb0/0xb0 [ 23.245464] [] compat_tcp_setsockopt+0x3d/0x70 [ 23.251665] [] compat_sock_common_setsockopt+0xb2/0x140 [ 23.258647] [] ? tcp_setsockopt+0xd0/0xd0 [ 23.264416] [] compat_SyS_setsockopt+0x149/0x290 [ 23.270787] [] ? sock_common_setsockopt+0xd0/0xd0 [ 23.277245] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 23.283795] [] ? do_fast_syscall_32+0xcf/0x890 [ 23.289996] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 23.296543] [] do_fast_syscall_32+0x2f7/0x890 [ 23.302656] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 23.309288] [] entry_SYSENTER_compat+0x74/0x83 [ 23.315484] [ 23.317083] Allocated by task 3341: [ 23.320687] save_stack_trace+0x16/0x20 [ 23.324630] save_stack+0x43/0xd0 [ 23.328051] kasan_kmalloc+0xad/0xe0 [ 23.331738] __kmalloc+0x11d/0x310 [ 23.335248] xt_alloc_table_info+0x71/0x100 [ 23.339536] compat_do_replace.isra.15+0x116/0x3a0 [ 23.344433] compat_do_ipt_set_ctl+0x106/0x150 [ 23.348984] compat_nf_setsockopt+0x88/0x130 [ 23.353362] compat_ip_setsockopt+0x9d/0xf0 [ 23.357650] inet_csk_compat_setsockopt+0x95/0x120 [ 23.362547] compat_tcp_setsockopt+0x3d/0x70 [ 23.366922] compat_sock_common_setsockopt+0xb2/0x140 [ 23.372082] compat_SyS_setsockopt+0x149/0x290 [ 23.376630] do_fast_syscall_32+0x2f7/0x890 [ 23.380926] entry_SYSENTER_compat+0x74/0x83 [ 23.385306] [ 23.386901] Freed by task 1879: [ 23.390149] save_stack_trace+0x16/0x20 [ 23.394103] save_stack+0x43/0xd0 [ 23.397522] kasan_slab_free+0x72/0xc0 [ 23.401373] kfree+0x103/0x300 [ 23.404537] single_release+0x80/0xb0 [ 23.408303] __fput+0x28c/0x6e0 [ 23.411548] ____fput+0x15/0x20 [ 23.414797] task_work_run+0x115/0x190 [ 23.418652] exit_to_usermode_loop+0xfc/0x120 [ 23.423113] syscall_return_slowpath+0x1a0/0x1e0 [ 23.427835] entry_SYSCALL_64_fastpath+0xe6/0xe8 [ 23.432555] [ 23.434151] The buggy address belongs to the object at ffff8801c90bf3c0 [ 23.434151] which belongs to the cache kmalloc-256 of size 256 [ 23.446771] The buggy address is located 208 bytes inside of [ 23.446771] 256-byte region [ffff8801c90bf3c0, ffff8801c90bf4c0) [ 23.458610] The buggy address belongs to the page: [ 23.463506] page:ffffea0007242fc0 count:1 mapcount:0 mapping: (null) index:0x0 [ 23.471730] flags: 0x8000000000000080(slab) [ 23.476028] page dumped because: kasan: bad access detected [ 23.481703] [ 23.483297] Memory state around the buggy address: [ 23.488193] ffff8801c90bf380: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 23.495527] ffff8801c90bf400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.502853] >ffff8801c90bf480: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.510176] ^ [ 23.514027] ffff8801c90bf500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.521353] ffff8801c90bf580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.528675] ================================================================== [ 23.536000] Disabling lock debugging due to kernel taint [ 23.541632] Kernel panic - not syncing: panic_on_warn set ... [ 23.541632] [ 23.548966] CPU: 1 PID: 3341 Comm: syzkaller932404 Tainted: G B 4.9.78-ge9dabe6 #28 [ 23.557852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.567176] ffff8801c7f6f528 ffffffff81d943a9 ffffffff841971bf ffff8801c7f6f600 [ 23.575138] 0000000000000000 ffff8801c90bf490 ffff8801c7f6f82c ffff8801c7f6f5f0 [ 23.583098] ffffffff8142f451 0000000041b58ab3 ffffffff8418ac30 ffffffff8142f295 [ 23.591064] Call Trace: [ 23.593623] [] dump_stack+0xc1/0x128 [ 23.598956] [] panic+0x1bc/0x3a8 [ 23.603942] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 23.612138] [] ? preempt_schedule+0x25/0x30 [ 23.618077] [] ? ___preempt_schedule+0x16/0x18 [ 23.624276] [] kasan_end_report+0x50/0x50 [ 23.630041] [] kasan_report+0x167/0x360 [ 23.635634] [] ? string+0x1e8/0x200 [ 23.640891] [] __asan_report_load1_noabort+0x14/0x20 [ 23.647609] [] string+0x1e8/0x200 [ 23.652680] [] vsnprintf+0x7ad/0x16d0 [ 23.658098] [] ? pointer+0xa90/0xa90 [ 23.663427] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 23.670149] [] __request_module+0x14f/0x750 [ 23.676091] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 23.682315] [] ? call_usermodehelper_setup+0x2c0/0x2c0 [ 23.689211] [] ? xt_check_match+0x60d/0x720 [ 23.695149] [] xt_request_find_target+0x8b/0xb0 [ 23.701437] [] translate_compat_table+0x568/0x1760 [ 23.707982] [] ? ipt_register_table+0x2d0/0x2d0 [ 23.714271] [] ? __lock_is_held+0xa1/0xf0 [ 23.720036] [] ? check_stack_object+0x68/0x140 [ 23.726234] [] ? __check_object_size+0x174/0x3a9 [ 23.732605] [] ? 0xffffffff810002b8 [ 23.737851] [] compat_do_replace.isra.15+0x1a7/0x3a0 [ 23.744573] [] ? translate_compat_table+0x1760/0x1760 [ 23.751383] [] ? mark_held_locks+0xaf/0x100 [ 23.757325] [] ? __cap_capable+0x168/0x1c0 [ 23.763180] [] ? ns_capable_common+0xcf/0x160 [ 23.769292] [] compat_do_ipt_set_ctl+0x106/0x150 [ 23.775664] [] compat_nf_setsockopt+0x88/0x130 [ 23.781866] [] ? compat_do_replace.isra.15+0x3a0/0x3a0 [ 23.788758] [] compat_ip_setsockopt+0x9d/0xf0 [ 23.794871] [] inet_csk_compat_setsockopt+0x95/0x120 [ 23.801591] [] ? ip_setsockopt+0xb0/0xb0 [ 23.807269] [] compat_tcp_setsockopt+0x3d/0x70 [ 23.813472] [] compat_sock_common_setsockopt+0xb2/0x140 [ 23.820450] [] ? tcp_setsockopt+0xd0/0xd0 [ 23.826214] [] compat_SyS_setsockopt+0x149/0x290 [ 23.832589] [] ? sock_common_setsockopt+0xd0/0xd0 [ 23.839050] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 23.845599] [] ? do_fast_syscall_32+0xcf/0x890 [ 23.851797] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 23.858353] [] do_fast_syscall_32+0x2f7/0x890 [ 23.864469] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 23.871106] [] entry_SYSENTER_compat+0x74/0x83 [ 23.877713] Dumping ftrace buffer: [ 23.881222] (ftrace buffer empty) [ 23.884901] Kernel Offset: disabled [ 23.888499] Rebooting in 86400 seconds..