[....] Starting enhanced syslogd: rsyslogd[ 11.452106] audit: type=1400 audit(1516821960.715:4): avc: denied { syslog } for pid=3175 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.45' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 19.376507] ================================================================== [ 19.383885] BUG: KASAN: slab-out-of-bounds in string+0x1e8/0x200 [ 19.390003] Read of size 1 at addr ffff8801c910a490 by task syzkaller259379/3323 [ 19.397508] [ 19.399126] CPU: 0 PID: 3323 Comm: syzkaller259379 Not tainted 4.9.78-ge9dabe6 #28 [ 19.406806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.416131] ffff8801cd7975d0 ffffffff81d943a9 ffffea0007244280 ffff8801c910a490 [ 19.424100] 0000000000000000 ffff8801c910a490 ffff8801cd79782c ffff8801cd797608 [ 19.432067] ffffffff8153dc23 ffff8801c910a490 0000000000000001 0000000000000000 [ 19.440037] Call Trace: [ 19.442599] [] dump_stack+0xc1/0x128 [ 19.447932] [] print_address_description+0x73/0x280 [ 19.454575] [] kasan_report+0x275/0x360 [ 19.460168] [] ? string+0x1e8/0x200 [ 19.465416] [] __asan_report_load1_noabort+0x14/0x20 [ 19.472139] [] string+0x1e8/0x200 [ 19.477210] [] vsnprintf+0x7ad/0x16d0 [ 19.482630] [] ? pointer+0xa90/0xa90 [ 19.487967] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 19.494701] [] __request_module+0x14f/0x750 [ 19.500643] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 19.506843] [] ? call_usermodehelper_setup+0x2c0/0x2c0 [ 19.513740] [] ? xt_replace_table+0x3/0x660 [ 19.519769] [] xt_request_find_target+0x8b/0xb0 [ 19.526061] [] translate_compat_table+0x568/0x1760 [ 19.532610] [] ? ipt_register_table+0x2d0/0x2d0 [ 19.538899] [] ? __lock_is_held+0xa1/0xf0 [ 19.544667] [] ? check_stack_object+0x68/0x140 [ 19.550867] [] ? __check_object_size+0x174/0x3a9 [ 19.557247] [] ? 0xffffffff810002b8 [ 19.562494] [] compat_do_replace.isra.15+0x1a7/0x3a0 [ 19.569222] [] ? translate_compat_table+0x1760/0x1760 [ 19.576032] [] ? mark_held_locks+0xaf/0x100 [ 19.581990] [] ? __cap_capable+0x168/0x1c0 [ 19.587850] [] ? ns_capable_common+0xcf/0x160 [ 19.593965] [] compat_do_ipt_set_ctl+0x106/0x150 [ 19.600349] [] compat_nf_setsockopt+0x88/0x130 [ 19.606551] [] ? compat_do_replace.isra.15+0x3a0/0x3a0 [ 19.613456] [] compat_ip_setsockopt+0x9d/0xf0 [ 19.619580] [] inet_csk_compat_setsockopt+0x95/0x120 [ 19.626315] [] ? ip_setsockopt+0xb0/0xb0 [ 19.632002] [] compat_tcp_setsockopt+0x3d/0x70 [ 19.638205] [] compat_sock_common_setsockopt+0xb2/0x140 [ 19.645187] [] ? tcp_setsockopt+0xd0/0xd0 [ 19.650953] [] compat_SyS_setsockopt+0x149/0x290 [ 19.657328] [] ? sock_common_setsockopt+0xd0/0xd0 [ 19.663794] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 19.670345] [] ? do_fast_syscall_32+0xcf/0x890 [ 19.676548] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 19.683094] [] do_fast_syscall_32+0x2f7/0x890 [ 19.689210] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 19.695843] [] entry_SYSENTER_compat+0x74/0x83 [ 19.702043] [ 19.703639] Allocated by task 3323: [ 19.707246] save_stack_trace+0x16/0x20 [ 19.711195] save_stack+0x43/0xd0 [ 19.714622] kasan_kmalloc+0xad/0xe0 [ 19.718305] __kmalloc+0x11d/0x310 [ 19.721815] xt_alloc_table_info+0x71/0x100 [ 19.726104] compat_do_replace.isra.15+0x116/0x3a0 [ 19.731003] compat_do_ipt_set_ctl+0x106/0x150 [ 19.735556] compat_nf_setsockopt+0x88/0x130 [ 19.739947] compat_ip_setsockopt+0x9d/0xf0 [ 19.744235] inet_csk_compat_setsockopt+0x95/0x120 [ 19.749144] compat_tcp_setsockopt+0x3d/0x70 [ 19.753614] compat_sock_common_setsockopt+0xb2/0x140 [ 19.758779] compat_SyS_setsockopt+0x149/0x290 [ 19.763336] do_fast_syscall_32+0x2f7/0x890 [ 19.767628] entry_SYSENTER_compat+0x74/0x83 [ 19.772012] [ 19.773609] Freed by task 1890: [ 19.776856] save_stack_trace+0x16/0x20 [ 19.780798] save_stack+0x43/0xd0 [ 19.784228] kasan_slab_free+0x72/0xc0 [ 19.788080] kfree+0x103/0x300 [ 19.791241] single_release+0x80/0xb0 [ 19.795008] __fput+0x28c/0x6e0 [ 19.798254] ____fput+0x15/0x20 [ 19.801504] task_work_run+0x115/0x190 [ 19.805360] exit_to_usermode_loop+0xfc/0x120 [ 19.809823] syscall_return_slowpath+0x1a0/0x1e0 [ 19.814562] entry_SYSCALL_64_fastpath+0xe6/0xe8 [ 19.819290] [ 19.820887] The buggy address belongs to the object at ffff8801c910a3c0 [ 19.820887] which belongs to the cache kmalloc-256 of size 256 [ 19.833512] The buggy address is located 208 bytes inside of [ 19.833512] 256-byte region [ffff8801c910a3c0, ffff8801c910a4c0) [ 19.845354] The buggy address belongs to the page: [ 19.850254] page:ffffea0007244280 count:1 mapcount:0 mapping: (null) index:0x0 [ 19.858476] flags: 0x8000000000000080(slab) [ 19.862770] page dumped because: kasan: bad access detected [ 19.868447] [ 19.870652] Memory state around the buggy address: [ 19.875551] ffff8801c910a380: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 19.882881] ffff8801c910a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.890208] >ffff8801c910a480: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.897533] ^ [ 19.901399] ffff8801c910a500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.908733] ffff8801c910a580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.916893] ================================================================== [ 19.924225] Disabling lock debugging due to kernel taint [ 19.930542] Kernel panic - not syncing: panic_on_warn set ... [ 19.930542] [ 19.937932] CPU: 0 PID: 3323 Comm: syzkaller259379 Tainted: G B 4.9.78-ge9dabe6 #28 [ 19.946839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.956173] ffff8801cd797528 ffffffff81d943a9 ffffffff841971bf ffff8801cd797600 [ 19.964146] 0000000000000000 ffff8801c910a490 ffff8801cd79782c ffff8801cd7975f0 [ 19.972108] ffffffff8142f451 0000000041b58ab3 ffffffff8418ac30 ffffffff8142f295 [ 19.980096] Call Trace: [ 19.982657] [] dump_stack+0xc1/0x128 [ 19.987993] [] panic+0x1bc/0x3a8 [ 19.992980] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 20.001178] [] ? preempt_schedule+0x25/0x30 [ 20.007127] [] ? ___preempt_schedule+0x16/0x18 [ 20.013330] [] kasan_end_report+0x50/0x50 [ 20.019107] [] kasan_report+0x167/0x360 [ 20.024701] [] ? string+0x1e8/0x200 [ 20.029945] [] __asan_report_load1_noabort+0x14/0x20 [ 20.036667] [] string+0x1e8/0x200 [ 20.041739] [] vsnprintf+0x7ad/0x16d0 [ 20.047158] [] ? pointer+0xa90/0xa90 [ 20.052491] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 20.059312] [] __request_module+0x14f/0x750 [ 20.065252] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 20.071454] [] ? call_usermodehelper_setup+0x2c0/0x2c0 [ 20.078351] [] ? xt_replace_table+0x3/0x660 [ 20.084294] [] xt_request_find_target+0x8b/0xb0 [ 20.090587] [] translate_compat_table+0x568/0x1760 [ 20.097133] [] ? ipt_register_table+0x2d0/0x2d0 [ 20.103428] [] ? __lock_is_held+0xa1/0xf0 [ 20.109198] [] ? check_stack_object+0x68/0x140 [ 20.115416] [] ? __check_object_size+0x174/0x3a9 [ 20.121795] [] ? 0xffffffff810002b8 [ 20.127041] [] compat_do_replace.isra.15+0x1a7/0x3a0 [ 20.133768] [] ? translate_compat_table+0x1760/0x1760 [ 20.140578] [] ? mark_held_locks+0xaf/0x100 [ 20.146519] [] ? __cap_capable+0x168/0x1c0 [ 20.152373] [] ? ns_capable_common+0xcf/0x160 [ 20.158487] [] compat_do_ipt_set_ctl+0x106/0x150 [ 20.164872] [] compat_nf_setsockopt+0x88/0x130 [ 20.171074] [] ? compat_do_replace.isra.15+0x3a0/0x3a0 [ 20.177978] [] compat_ip_setsockopt+0x9d/0xf0 [ 20.184092] [] inet_csk_compat_setsockopt+0x95/0x120 [ 20.190813] [] ? ip_setsockopt+0xb0/0xb0 [ 20.196496] [] compat_tcp_setsockopt+0x3d/0x70 [ 20.202699] [] compat_sock_common_setsockopt+0xb2/0x140 [ 20.209680] [] ? tcp_setsockopt+0xd0/0xd0 [ 20.215446] [] compat_SyS_setsockopt+0x149/0x290 [ 20.221824] [] ? sock_common_setsockopt+0xd0/0xd0 [ 20.228284] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 20.234831] [] ? do_fast_syscall_32+0xcf/0x890 [ 20.241038] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 20.247585] [] do_fast_syscall_32+0x2f7/0x890 [ 20.253696] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 20.260330] [] entry_SYSENTER_compat+0x74/0x83 [ 20.266989] Dumping ftrace buffer: [ 20.270505] (ftrace buffer empty) [ 20.274186] Kernel Offset: disabled [ 20.277783] Rebooting in 86400 seconds..