[....] Starting enhanced syslogd: rsyslogd[ 11.452741] audit: type=1400 audit(1516823838.159:4): avc: denied { syslog } for pid=3182 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.207' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 23.097023] ================================================================== [ 23.104397] BUG: KASAN: slab-out-of-bounds in string+0x1e8/0x200 [ 23.110512] Read of size 1 at addr ffff8801c8dda850 by task syzkaller039728/3338 [ 23.118011] [ 23.119608] CPU: 0 PID: 3338 Comm: syzkaller039728 Not tainted 4.9.78-ge9dabe6 #28 [ 23.127278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.136602] ffff8801cb0f7610 ffffffff81d943a9 ffffea0007237680 ffff8801c8dda850 [ 23.144569] 0000000000000000 ffff8801c8dda850 ffff8801cb0f786c ffff8801cb0f7648 [ 23.152545] ffffffff8153dc23 ffff8801c8dda850 0000000000000001 0000000000000000 [ 23.160512] Call Trace: [ 23.163070] [] dump_stack+0xc1/0x128 [ 23.168405] [] print_address_description+0x73/0x280 [ 23.175037] [] kasan_report+0x275/0x360 [ 23.180626] [] ? string+0x1e8/0x200 [ 23.185871] [] __asan_report_load1_noabort+0x14/0x20 [ 23.192599] [] string+0x1e8/0x200 [ 23.197676] [] vsnprintf+0x7ad/0x16d0 [ 23.203098] [] ? pointer+0xa90/0xa90 [ 23.208431] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 23.215152] [] __request_module+0x14f/0x750 [ 23.221093] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 23.227296] [] ? call_usermodehelper_setup+0x2c0/0x2c0 [ 23.234197] [] ? nft_dynset_init+0xc48/0x1230 [ 23.240315] [] xt_request_find_target+0x8b/0xb0 [ 23.246611] [] translate_compat_table+0x568/0x1760 [ 23.253173] [] ? ipt_register_table+0x2d0/0x2d0 [ 23.259470] [] ? __lock_is_held+0xa1/0xf0 [ 23.265241] [] ? check_stack_object+0x68/0x140 [ 23.271442] [] ? __check_object_size+0x174/0x3a9 [ 23.277816] [] ? 0xffffffff810002b8 [ 23.283066] [] compat_do_replace.isra.15+0x1a7/0x3a0 [ 23.289790] [] ? translate_compat_table+0x1760/0x1760 [ 23.296600] [] ? mark_held_locks+0xaf/0x100 [ 23.302544] [] ? __cap_capable+0x168/0x1c0 [ 23.308406] [] ? ns_capable_common+0xcf/0x160 [ 23.314524] [] compat_do_ipt_set_ctl+0x106/0x150 [ 23.320906] [] compat_nf_setsockopt+0x88/0x130 [ 23.327107] [] ? compat_do_replace.isra.15+0x3a0/0x3a0 [ 23.334004] [] compat_ip_setsockopt+0x9d/0xf0 [ 23.340121] [] compat_udp_setsockopt+0x45/0x80 [ 23.346326] [] compat_sock_common_setsockopt+0xb2/0x140 [ 23.353312] [] ? udp_lib_setsockopt+0x560/0x560 [ 23.359601] [] compat_SyS_setsockopt+0x149/0x290 [ 23.365978] [] ? sock_common_setsockopt+0xd0/0xd0 [ 23.372451] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 23.379187] [] ? do_fast_syscall_32+0xcf/0x890 [ 23.385392] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 23.391944] [] do_fast_syscall_32+0x2f7/0x890 [ 23.398060] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 23.404702] [] entry_SYSENTER_compat+0x74/0x83 [ 23.410900] [ 23.412499] Allocated by task 3338: [ 23.416092] save_stack_trace+0x16/0x20 [ 23.420035] save_stack+0x43/0xd0 [ 23.423455] kasan_kmalloc+0xad/0xe0 [ 23.427136] __kmalloc+0x11d/0x310 [ 23.430646] xt_alloc_table_info+0x71/0x100 [ 23.434937] compat_do_replace.isra.15+0x116/0x3a0 [ 23.439835] compat_do_ipt_set_ctl+0x106/0x150 [ 23.444402] compat_nf_setsockopt+0x88/0x130 [ 23.448780] compat_ip_setsockopt+0x9d/0xf0 [ 23.453076] compat_udp_setsockopt+0x45/0x80 [ 23.457453] compat_sock_common_setsockopt+0xb2/0x140 [ 23.462612] compat_SyS_setsockopt+0x149/0x290 [ 23.467160] do_fast_syscall_32+0x2f7/0x890 [ 23.471451] entry_SYSENTER_compat+0x74/0x83 [ 23.475824] [ 23.477417] Freed by task 1834: [ 23.480666] save_stack_trace+0x16/0x20 [ 23.484604] save_stack+0x43/0xd0 [ 23.488025] kasan_slab_free+0x72/0xc0 [ 23.491879] kfree+0x103/0x300 [ 23.495040] seq_release+0x59/0x70 [ 23.498550] kernfs_fop_release+0xcb/0x140 [ 23.502749] __fput+0x28c/0x6e0 [ 23.505999] ____fput+0x15/0x20 [ 23.509246] task_work_run+0x115/0x190 [ 23.513098] exit_to_usermode_loop+0xfc/0x120 [ 23.517559] syscall_return_slowpath+0x1a0/0x1e0 [ 23.522281] entry_SYSCALL_64_fastpath+0xe6/0xe8 [ 23.527120] [ 23.528714] The buggy address belongs to the object at ffff8801c8dda780 [ 23.528714] which belongs to the cache kmalloc-256 of size 256 [ 23.541341] The buggy address is located 208 bytes inside of [ 23.541341] 256-byte region [ffff8801c8dda780, ffff8801c8dda880) [ 23.553182] The buggy address belongs to the page: [ 23.558078] page:ffffea0007237680 count:1 mapcount:0 mapping: (null) index:0x0 [ 23.566299] flags: 0x8000000000000080(slab) [ 23.570584] page dumped because: kasan: bad access detected [ 23.576256] [ 23.577848] Memory state around the buggy address: [ 23.582742] ffff8801c8dda700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.590066] ffff8801c8dda780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.597393] >ffff8801c8dda800: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 23.604716] ^ [ 23.610652] ffff8801c8dda880: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 23.617977] ffff8801c8dda900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.625308] ================================================================== [ 23.632630] Disabling lock debugging due to kernel taint [ 23.638134] Kernel panic - not syncing: panic_on_warn set ... [ 23.638134] [ 23.645469] CPU: 0 PID: 3338 Comm: syzkaller039728 Tainted: G B 4.9.78-ge9dabe6 #28 [ 23.654363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.663688] ffff8801cb0f7568 ffffffff81d943a9 ffffffff841971bf ffff8801cb0f7640 [ 23.671663] 0000000000000000 ffff8801c8dda850 ffff8801cb0f786c ffff8801cb0f7630 [ 23.679625] ffffffff8142f451 0000000041b58ab3 ffffffff8418ac30 ffffffff8142f295 [ 23.687584] Call Trace: [ 23.690145] [] dump_stack+0xc1/0x128 [ 23.695480] [] panic+0x1bc/0x3a8 [ 23.700465] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 23.708661] [] ? preempt_schedule+0x25/0x30 [ 23.714598] [] ? ___preempt_schedule+0x16/0x18 [ 23.720801] [] kasan_end_report+0x50/0x50 [ 23.726572] [] kasan_report+0x167/0x360 [ 23.732163] [] ? string+0x1e8/0x200 [ 23.737407] [] __asan_report_load1_noabort+0x14/0x20 [ 23.744131] [] string+0x1e8/0x200 [ 23.749201] [] vsnprintf+0x7ad/0x16d0 [ 23.754624] [] ? pointer+0xa90/0xa90 [ 23.759954] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 23.766674] [] __request_module+0x14f/0x750 [ 23.772613] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 23.778811] [] ? call_usermodehelper_setup+0x2c0/0x2c0 [ 23.785703] [] ? nft_dynset_init+0xc48/0x1230 [ 23.791815] [] xt_request_find_target+0x8b/0xb0 [ 23.798100] [] translate_compat_table+0x568/0x1760 [ 23.804645] [] ? ipt_register_table+0x2d0/0x2d0 [ 23.810929] [] ? __lock_is_held+0xa1/0xf0 [ 23.816692] [] ? check_stack_object+0x68/0x140 [ 23.822892] [] ? __check_object_size+0x174/0x3a9 [ 23.829262] [] ? 0xffffffff810002b8 [ 23.834505] [] compat_do_replace.isra.15+0x1a7/0x3a0 [ 23.841224] [] ? translate_compat_table+0x1760/0x1760 [ 23.848029] [] ? mark_held_locks+0xaf/0x100 [ 23.853968] [] ? __cap_capable+0x168/0x1c0 [ 23.859820] [] ? ns_capable_common+0xcf/0x160 [ 23.865933] [] compat_do_ipt_set_ctl+0x106/0x150 [ 23.872306] [] compat_nf_setsockopt+0x88/0x130 [ 23.878504] [] ? compat_do_replace.isra.15+0x3a0/0x3a0 [ 23.885398] [] compat_ip_setsockopt+0x9d/0xf0 [ 23.891515] [] compat_udp_setsockopt+0x45/0x80 [ 23.897716] [] compat_sock_common_setsockopt+0xb2/0x140 [ 23.904693] [] ? udp_lib_setsockopt+0x560/0x560 [ 23.910977] [] compat_SyS_setsockopt+0x149/0x290 [ 23.917356] [] ? sock_common_setsockopt+0xd0/0xd0 [ 23.923813] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 23.930359] [] ? do_fast_syscall_32+0xcf/0x890 [ 23.936557] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 23.943102] [] do_fast_syscall_32+0x2f7/0x890 [ 23.949212] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 23.955848] [] entry_SYSENTER_compat+0x74/0x83 [ 23.962408] Dumping ftrace buffer: [ 23.965921] (ftrace buffer empty) [ 23.969600] Kernel Offset: disabled [ 23.973197] Rebooting in 86400 seconds..