[....] Starting enhanced syslogd: rsyslogd[ 12.255404] audit: type=1400 audit(1516827007.492:4): avc: denied { syslog } for pid=3173 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 19.560287] ================================================================== [ 19.567680] BUG: KASAN: slab-out-of-bounds in string+0x1e8/0x200 [ 19.573795] Read of size 1 at addr ffff8801c96a3710 by task syzkaller963845/3321 [ 19.581295] [ 19.582901] CPU: 0 PID: 3321 Comm: syzkaller963845 Not tainted 4.9.78-ge9dabe6 #28 [ 19.590582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.599938] ffff8801c8fc75d0 ffffffff81d943a9 ffffea000725a8c0 ffff8801c96a3710 [ 19.607916] 0000000000000000 ffff8801c96a3710 ffff8801c8fc782c ffff8801c8fc7608 [ 19.615876] ffffffff8153dc23 ffff8801c96a3710 0000000000000001 0000000000000000 [ 19.623852] Call Trace: [ 19.626410] [] dump_stack+0xc1/0x128 [ 19.631745] [] print_address_description+0x73/0x280 [ 19.638557] [] kasan_report+0x275/0x360 [ 19.644155] [] ? string+0x1e8/0x200 [ 19.649405] [] __asan_report_load1_noabort+0x14/0x20 [ 19.656133] [] string+0x1e8/0x200 [ 19.661205] [] vsnprintf+0x7ad/0x16d0 [ 19.666629] [] ? pointer+0xa90/0xa90 [ 19.671971] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 19.678705] [] __request_module+0x14f/0x750 [ 19.684650] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 19.690850] [] ? call_usermodehelper_setup+0x2c0/0x2c0 [ 19.697747] [] ? nft_trace_init+0xc3/0x110 [ 19.703598] [] xt_request_find_target+0x8b/0xb0 [ 19.709903] [] translate_compat_table+0x568/0x1760 [ 19.716468] [] ? ipt_register_table+0x2d0/0x2d0 [ 19.722756] [] ? __lock_is_held+0xa1/0xf0 [ 19.728528] [] ? check_stack_object+0x68/0x140 [ 19.734728] [] ? __check_object_size+0x174/0x3a9 [ 19.741108] [] ? 0xffffffff810002b8 [ 19.746357] [] compat_do_replace.isra.15+0x1a7/0x3a0 [ 19.753080] [] ? translate_compat_table+0x1760/0x1760 [ 19.759888] [] ? mark_held_locks+0xaf/0x100 [ 19.765833] [] ? __cap_capable+0x168/0x1c0 [ 19.771688] [] ? ns_capable_common+0xcf/0x160 [ 19.777805] [] compat_do_ipt_set_ctl+0x106/0x150 [ 19.784180] [] compat_nf_setsockopt+0x88/0x130 [ 19.790386] [] ? compat_do_replace.isra.15+0x3a0/0x3a0 [ 19.797284] [] compat_ip_setsockopt+0x9d/0xf0 [ 19.803405] [] inet_csk_compat_setsockopt+0x95/0x120 [ 19.810212] [] ? ip_setsockopt+0xb0/0xb0 [ 19.815893] [] compat_tcp_setsockopt+0x3d/0x70 [ 19.822095] [] compat_sock_common_setsockopt+0xb2/0x140 [ 19.829076] [] ? tcp_setsockopt+0xd0/0xd0 [ 19.834844] [] compat_SyS_setsockopt+0x149/0x290 [ 19.841224] [] ? sock_common_setsockopt+0xd0/0xd0 [ 19.847689] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 19.854239] [] ? do_fast_syscall_32+0xcf/0x890 [ 19.860440] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 19.866992] [] do_fast_syscall_32+0x2f7/0x890 [ 19.873111] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 19.879834] [] entry_SYSENTER_compat+0x74/0x83 [ 19.886030] [ 19.887629] Allocated by task 3321: [ 19.891224] save_stack_trace+0x16/0x20 [ 19.895166] save_stack+0x43/0xd0 [ 19.898585] kasan_kmalloc+0xad/0xe0 [ 19.902266] __kmalloc+0x11d/0x310 [ 19.905772] xt_alloc_table_info+0x71/0x100 [ 19.910068] compat_do_replace.isra.15+0x116/0x3a0 [ 19.914966] compat_do_ipt_set_ctl+0x106/0x150 [ 19.919520] compat_nf_setsockopt+0x88/0x130 [ 19.923901] compat_ip_setsockopt+0x9d/0xf0 [ 19.928196] inet_csk_compat_setsockopt+0x95/0x120 [ 19.933117] compat_tcp_setsockopt+0x3d/0x70 [ 19.937502] compat_sock_common_setsockopt+0xb2/0x140 [ 19.942661] compat_SyS_setsockopt+0x149/0x290 [ 19.947213] do_fast_syscall_32+0x2f7/0x890 [ 19.951501] entry_SYSENTER_compat+0x74/0x83 [ 19.955874] [ 19.957471] Freed by task 1825: [ 19.960720] save_stack_trace+0x16/0x20 [ 19.964662] save_stack+0x43/0xd0 [ 19.968081] kasan_slab_free+0x72/0xc0 [ 19.971939] kfree+0x103/0x300 [ 19.975116] seq_release+0x59/0x70 [ 19.978626] kernfs_fop_release+0xcb/0x140 [ 19.982828] __fput+0x28c/0x6e0 [ 19.986074] ____fput+0x15/0x20 [ 19.989334] task_work_run+0x115/0x190 [ 19.993194] exit_to_usermode_loop+0xfc/0x120 [ 19.997655] syscall_return_slowpath+0x1a0/0x1e0 [ 20.002390] entry_SYSCALL_64_fastpath+0xe6/0xe8 [ 20.007115] [ 20.008713] The buggy address belongs to the object at ffff8801c96a3640 [ 20.008713] which belongs to the cache kmalloc-256 of size 256 [ 20.021336] The buggy address is located 208 bytes inside of [ 20.021336] 256-byte region [ffff8801c96a3640, ffff8801c96a3740) [ 20.033180] The buggy address belongs to the page: [ 20.038078] page:ffffea000725a8c0 count:1 mapcount:0 mapping: (null) index:0x0 [ 20.046301] flags: 0x8000000000000080(slab) [ 20.050595] page dumped because: kasan: bad access detected [ 20.056446] [ 20.058041] Memory state around the buggy address: [ 20.062939] ffff8801c96a3600: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 20.070266] ffff8801c96a3680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.077593] >ffff8801c96a3700: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.084924] ^ [ 20.088779] ffff8801c96a3780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.096103] ffff8801c96a3800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.104077] ================================================================== [ 20.111413] Disabling lock debugging due to kernel taint [ 20.117214] Kernel panic - not syncing: panic_on_warn set ... [ 20.117214] [ 20.124571] CPU: 0 PID: 3321 Comm: syzkaller963845 Tainted: G B 4.9.78-ge9dabe6 #28 [ 20.133482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.142816] ffff8801c8fc7528 ffffffff81d943a9 ffffffff841971bf ffff8801c8fc7600 [ 20.150787] 0000000000000000 ffff8801c96a3710 ffff8801c8fc782c ffff8801c8fc75f0 [ 20.158773] ffffffff8142f451 0000000041b58ab3 ffffffff8418ac30 ffffffff8142f295 [ 20.166754] Call Trace: [ 20.169311] [] dump_stack+0xc1/0x128 [ 20.174646] [] panic+0x1bc/0x3a8 [ 20.179638] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 20.187849] [] ? preempt_schedule+0x25/0x30 [ 20.193799] [] ? ___preempt_schedule+0x16/0x18 [ 20.200003] [] kasan_end_report+0x50/0x50 [ 20.205769] [] kasan_report+0x167/0x360 [ 20.211375] [] ? string+0x1e8/0x200 [ 20.216620] [] __asan_report_load1_noabort+0x14/0x20 [ 20.223347] [] string+0x1e8/0x200 [ 20.228419] [] vsnprintf+0x7ad/0x16d0 [ 20.233838] [] ? pointer+0xa90/0xa90 [ 20.239178] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 20.245899] [] __request_module+0x14f/0x750 [ 20.251843] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 20.258041] [] ? call_usermodehelper_setup+0x2c0/0x2c0 [ 20.264934] [] ? nft_trace_init+0xc3/0x110 [ 20.270798] [] xt_request_find_target+0x8b/0xb0 [ 20.277092] [] translate_compat_table+0x568/0x1760 [ 20.283641] [] ? ipt_register_table+0x2d0/0x2d0 [ 20.289932] [] ? __lock_is_held+0xa1/0xf0 [ 20.295706] [] ? check_stack_object+0x68/0x140 [ 20.301917] [] ? __check_object_size+0x174/0x3a9 [ 20.308294] [] ? 0xffffffff810002b8 [ 20.313543] [] compat_do_replace.isra.15+0x1a7/0x3a0 [ 20.320271] [] ? translate_compat_table+0x1760/0x1760 [ 20.327083] [] ? mark_held_locks+0xaf/0x100 [ 20.333023] [] ? __cap_capable+0x168/0x1c0 [ 20.338875] [] ? ns_capable_common+0xcf/0x160 [ 20.344997] [] compat_do_ipt_set_ctl+0x106/0x150 [ 20.351372] [] compat_nf_setsockopt+0x88/0x130 [ 20.357571] [] ? compat_do_replace.isra.15+0x3a0/0x3a0 [ 20.364464] [] compat_ip_setsockopt+0x9d/0xf0 [ 20.370578] [] inet_csk_compat_setsockopt+0x95/0x120 [ 20.377298] [] ? ip_setsockopt+0xb0/0xb0 [ 20.382977] [] compat_tcp_setsockopt+0x3d/0x70 [ 20.389177] [] compat_sock_common_setsockopt+0xb2/0x140 [ 20.396164] [] ? tcp_setsockopt+0xd0/0xd0 [ 20.402025] [] compat_SyS_setsockopt+0x149/0x290 [ 20.408402] [] ? sock_common_setsockopt+0xd0/0xd0 [ 20.414859] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 20.421411] [] ? do_fast_syscall_32+0xcf/0x890 [ 20.427611] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 20.434168] [] do_fast_syscall_32+0x2f7/0x890 [ 20.440285] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 20.446924] [] entry_SYSENTER_compat+0x74/0x83 [ 20.453587] Dumping ftrace buffer: [ 20.457099] (ftrace buffer empty) [ 20.460778] Kernel Offset: disabled [ 20.464374] Rebooting in 86400 seconds..