INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. 2018/04/16 04:56:50 parsed 1 programs 2018/04/16 04:56:50 executed programs: 0 syzkaller login: [ 20.047920] IPVS: Creating netns size=2536 id=1 [ 20.067157] ================================================================== [ 20.074539] BUG: KASAN: stack-out-of-bounds in strlcpy+0x101/0x120 [ 20.080833] Read of size 1 at addr ffff8801b777f9dc by task syz-executor0/3772 [ 20.088166] [ 20.089774] CPU: 0 PID: 3772 Comm: syz-executor0 Not tainted 4.9.94-g8683408 #3 [ 20.097193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.106526] ffff8801b777f8b8 ffffffff81d9b509 ffffea0006dddfc0 ffff8801b777f9dc [ 20.114504] 0000000000000000 ffff8801b777f9dc 000000000000012a ffff8801b777f8f0 [ 20.122580] ffffffff815652cb ffff8801b777f9dc 0000000000000001 0000000000000000 [ 20.130570] Call Trace: [ 20.133130] [] dump_stack+0xc1/0x128 [ 20.138467] [] print_address_description+0x6c/0x234 [ 20.145108] [] kasan_report.cold.6+0x242/0x2fe [ 20.151309] [] ? strlcpy+0x101/0x120 [ 20.156643] [] __asan_report_load1_noabort+0x14/0x20 [ 20.163368] [] strlcpy+0x101/0x120 [ 20.168530] [] xt_copy_counters_from_user+0x152/0x300 [ 20.175337] [] ? xt_hook_ops_alloc+0x270/0x270 [ 20.181546] [] do_add_counters+0x96/0x5c0 [ 20.187313] [] ? arpt_do_table+0x16b0/0x16b0 [ 20.193343] [] ? security_capable+0x94/0xc0 [ 20.199289] [] ? ns_capable_common+0x12a/0x150 [ 20.205494] [] compat_do_arpt_set_ctl+0x1b5/0x640 [ 20.211957] [] ? do_arpt_set_ctl+0x5c0/0x5c0 [ 20.217986] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 20.224797] [] ? __mutex_unlock_slowpath+0x25b/0x3c0 [ 20.231526] [] ? __mutex_unlock_slowpath+0x221/0x3c0 [ 20.238247] [] ? __ww_mutex_lock+0x14c0/0x14c0 [ 20.244447] [] ? sock_has_perm+0x1c2/0x3e0 [ 20.250301] [] ? mutex_unlock+0x9/0x10 [ 20.255811] [] ? nf_sockopt_find.constprop.0+0x1b1/0x230 [ 20.262879] [] compat_nf_setsockopt+0x8b/0x130 [ 20.269083] [] ? do_arpt_set_ctl+0x5c0/0x5c0 [ 20.275111] [] compat_ip_setsockopt+0xa7/0xe0 [ 20.281225] [] inet_csk_compat_setsockopt+0x97/0x120 [ 20.287945] [] ? ip_setsockopt+0xb0/0xb0 [ 20.293627] [] compat_tcp_setsockopt+0x3d/0x70 [ 20.299832] [] compat_sock_common_setsockopt+0xb4/0x150 [ 20.306822] [] ? tcp_setsockopt+0xe0/0xe0 [ 20.312602] [] compat_SyS_setsockopt+0x14c/0x2a0 [ 20.318977] [] ? sock_common_setsockopt+0xe0/0xe0 [ 20.325438] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 20.331989] [] ? do_fast_syscall_32+0xcf/0x870 [ 20.338190] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 20.344737] [] do_fast_syscall_32+0x2f7/0x870 [ 20.350850] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 20.357486] [] entry_SYSENTER_compat+0x90/0xa2 [ 20.363682] [ 20.365281] The buggy address belongs to the page: [ 20.370182] page:ffffea0006dddfc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 20.378409] flags: 0x8000000000000000() [ 20.382356] page dumped because: kasan: bad access detected [ 20.388031] [ 20.389634] Memory state around the buggy address: [ 20.394531] ffff8801b777f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.401858] ffff8801b777f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.409186] >ffff8801b777f980: 00 00 00 f1 f1 f1 f1 00 00 00 00 04 f2 f2 f2 00 [ 20.416513] ^ [ 20.422711] ffff8801b777fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.430039] ffff8801b777fa80: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 f2 f2 f2 [ 20.437363] ================================================================== [ 20.444686] Disabling lock debugging due to kernel taint [ 20.450296] Kernel panic - not syncing: panic_on_warn set ... [ 20.450296] [ 20.457653] CPU: 0 PID: 3772 Comm: syz-executor0 Tainted: G B 4.9.94-g8683408 #3 [ 20.466293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.475632] ffff8801b777f818 ffffffff81d9b509 ffffffff841a8a65 00000000ffffffff [ 20.483609] 0000000000000000 0000000000000000 000000000000012a ffff8801b777f8d8 [ 20.491590] ffffffff8141f845 0000000041b58ab3 ffffffff8419c168 ffffffff8141f686 [ 20.499571] Call Trace: [ 20.502132] [] dump_stack+0xc1/0x128 [ 20.507467] [] panic+0x1bf/0x3bc [ 20.512453] [] ? add_taint.cold.6+0x16/0x16 [ 20.518395] [] ? ___preempt_schedule+0x16/0x18 [ 20.524607] [] kasan_end_report+0x47/0x4f [ 20.530377] [] kasan_report.cold.6+0x76/0x2fe [ 20.536493] [] ? strlcpy+0x101/0x120 [ 20.541826] [] __asan_report_load1_noabort+0x14/0x20 [ 20.548550] [] strlcpy+0x101/0x120 [ 20.553720] [] xt_copy_counters_from_user+0x152/0x300 [ 20.560529] [] ? xt_hook_ops_alloc+0x270/0x270 [ 20.566733] [] do_add_counters+0x96/0x5c0 [ 20.572500] [] ? arpt_do_table+0x16b0/0x16b0 [ 20.578528] [] ? security_capable+0x94/0xc0 [ 20.584470] [] ? ns_capable_common+0x12a/0x150 [ 20.590680] [] compat_do_arpt_set_ctl+0x1b5/0x640 [ 20.597149] [] ? do_arpt_set_ctl+0x5c0/0x5c0 [ 20.603180] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 20.609990] [] ? __mutex_unlock_slowpath+0x25b/0x3c0 [ 20.616713] [] ? __mutex_unlock_slowpath+0x221/0x3c0 [ 20.623436] [] ? __ww_mutex_lock+0x14c0/0x14c0 [ 20.629638] [] ? sock_has_perm+0x1c2/0x3e0 [ 20.635493] [] ? mutex_unlock+0x9/0x10 [ 20.641000] [] ? nf_sockopt_find.constprop.0+0x1b1/0x230 [ 20.648067] [] compat_nf_setsockopt+0x8b/0x130 [ 20.654275] [] ? do_arpt_set_ctl+0x5c0/0x5c0 [ 20.660305] [] compat_ip_setsockopt+0xa7/0xe0 [ 20.666419] [] inet_csk_compat_setsockopt+0x97/0x120 [ 20.673139] [] ? ip_setsockopt+0xb0/0xb0 [ 20.678828] [] compat_tcp_setsockopt+0x3d/0x70 [ 20.685037] [] compat_sock_common_setsockopt+0xb4/0x150 [ 20.692021] [] ? tcp_setsockopt+0xe0/0xe0 [ 20.697787] [] compat_SyS_setsockopt+0x14c/0x2a0 [ 20.704164] [] ? sock_common_setsockopt+0xe0/0xe0 [ 20.710627] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 20.717183] [] ? do_fast_syscall_32+0xcf/0x870 [ 20.723389] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 20.729943] [] do_fast_syscall_32+0x2f7/0x870 [ 20.736058] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 20.742693] [] entry_SYSENTER_compat+0x90/0xa2 [ 20.748936] Dumping ftrace buffer: [ 20.752445] (ftrace buffer empty) [ 20.756126] Kernel Offset: disabled [ 20.759723] Rebooting in 86400 seconds..