[....] Starting enhanced syslogd: rsyslogd[ 13.475653] audit: type=1400 audit(1536840435.576:4): avc: denied { syslog } for pid=1928 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 44.702238] ================================================================== [ 44.709664] BUG: KASAN: stack-out-of-bounds in strlcpy+0x101/0x120 [ 44.715971] Read of size 1 at addr ffff8801d3a57afc by task syz-executor612/2093 [ 44.723485] [ 44.725098] CPU: 1 PID: 2093 Comm: syz-executor612 Not tainted 4.4.155+ #34 [ 44.732187] 0000000000000000 220268c42c23185a ffff8801d3a579d8 ffffffff81a556dd [ 44.740204] ffffea00074e95c0 ffff8801d3a57afc 0000000000000000 ffff8801d3a57afc [ 44.748212] ffff8801d3a57be0 ffff8801d3a57a10 ffffffff8146c8f9 ffff8801d3a57afc [ 44.756224] Call Trace: [ 44.758800] [] dump_stack+0xc1/0x124 [ 44.764340] [] print_address_description+0x6c/0x217 [ 44.771014] [] kasan_report.cold.6+0x175/0x2f7 [ 44.777237] [] ? strlcpy+0x101/0x120 [ 44.782588] [] __asan_report_load1_noabort+0x14/0x20 [ 44.789331] [] strlcpy+0x101/0x120 [ 44.794518] [] xt_copy_counters_from_user+0x13e/0x2e0 [ 44.801358] [] ? xt_alloc_entry_offsets+0x60/0x60 [ 44.808007] [] ? mutex_lock_nested+0x629/0x840 [ 44.814238] [] do_add_counters+0x96/0x5c0 [ 44.820026] [] ? __do_replace+0x620/0x620 [ 44.825815] [] ? security_capable+0x94/0xc0 [ 44.831826] [] ? ns_capable_common+0x12a/0x150 [ 44.838105] [] compat_do_ip6t_set_ctl+0xd6/0x140 [ 44.844803] [] compat_nf_setsockopt+0x8b/0x130 [ 44.851030] [] ? compat_do_replace.isra.10+0x400/0x400 [ 44.857946] [] compat_ipv6_setsockopt+0x15d/0x1d0 [ 44.864438] [] inet_csk_compat_setsockopt+0x97/0x120 [ 44.871195] [] ? ipv6_setsockopt+0x130/0x130 [ 44.877246] [] compat_tcp_setsockopt+0x3d/0x70 [ 44.883585] [] compat_sock_common_setsockopt+0xb4/0x150 [ 44.890641] [] ? do_tcp_setsockopt.isra.5+0x1890/0x1890 [ 44.897644] [] compat_SyS_setsockopt+0x169/0x6e0 [ 44.904035] [] ? sock_common_setsockopt+0xe0/0xe0 [ 44.910520] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 44.917086] [] ? __do_page_fault+0x2b6/0x7e0 [ 44.923144] [] ? do_fast_syscall_32+0xdb/0x8b0 [ 44.929380] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 44.936005] [] do_fast_syscall_32+0x31e/0x8b0 [ 44.942165] [] sysenter_flags_fixed+0xd/0x1a [ 44.948346] [ 44.949958] The buggy address belongs to the page: [ 44.954872] page:ffffea00074e95c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 44.963003] flags: 0x4000000000000000() [ 44.967137] page dumped because: kasan: bad access detected [ 44.972828] [ 44.974438] Memory state around the buggy address: [ 44.979363] ffff8801d3a57980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.986711] ffff8801d3a57a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 44.994207] >ffff8801d3a57a80: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 04 [ 45.001750] ^ [ 45.009010] ffff8801d3a57b00: f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.016356] ffff8801d3a57b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 [ 45.023694] ================================================================== [ 45.031037] Disabling lock debugging due to kernel taint [ 45.036549] Kernel panic - not syncing: panic_on_warn set ... [ 45.036549] [ 45.043918] CPU: 1 PID: 2093 Comm: syz-executor612 Tainted: G B 4.4.155+ #34 [ 45.052297] 0000000000000000 220268c42c23185a ffff8801d3a57938 ffffffff81a556dd [ 45.060317] ffffffff82c4a341 0000000000000001 0000000000000000 ffff8801d3a57afc [ 45.068379] ffff8801d3a57be0 ffff8801d3a579f8 ffffffff8138af64 0000000041b58ab3 [ 45.076423] Call Trace: [ 45.078997] [] dump_stack+0xc1/0x124 [ 45.084352] [] panic+0x19e/0x359 [ 45.089359] [] ? add_taint.cold.4+0x16/0x16 [ 45.095322] [] ? preempt_schedule_common+0x22/0x60 [ 45.101898] [] ? preempt_schedule+0x25/0x30 [ 45.107862] [] ? ___preempt_schedule+0x12/0x14 [ 45.114089] [] kasan_end_report+0x47/0x4f [ 45.119891] [] kasan_report.cold.6+0x192/0x2f7 [ 45.126116] [] ? strlcpy+0x101/0x120 [ 45.131467] [] __asan_report_load1_noabort+0x14/0x20 [ 45.138209] [] strlcpy+0x101/0x120 [ 45.143398] [] xt_copy_counters_from_user+0x13e/0x2e0 [ 45.150353] [] ? xt_alloc_entry_offsets+0x60/0x60 [ 45.156839] [] ? mutex_lock_nested+0x629/0x840 [ 45.163058] [] do_add_counters+0x96/0x5c0 [ 45.168849] [] ? __do_replace+0x620/0x620 [ 45.174641] [] ? security_capable+0x94/0xc0 [ 45.180606] [] ? ns_capable_common+0x12a/0x150 [ 45.186831] [] compat_do_ip6t_set_ctl+0xd6/0x140 [ 45.193225] [] compat_nf_setsockopt+0x8b/0x130 [ 45.199454] [] ? compat_do_replace.isra.10+0x400/0x400 [ 45.206371] [] compat_ipv6_setsockopt+0x15d/0x1d0 [ 45.212860] [] inet_csk_compat_setsockopt+0x97/0x120 [ 45.219605] [] ? ipv6_setsockopt+0x130/0x130 [ 45.225649] [] compat_tcp_setsockopt+0x3d/0x70 [ 45.231870] [] compat_sock_common_setsockopt+0xb4/0x150 [ 45.238869] [] ? do_tcp_setsockopt.isra.5+0x1890/0x1890 [ 45.245876] [] compat_SyS_setsockopt+0x169/0x6e0 [ 45.252270] [] ? sock_common_setsockopt+0xe0/0xe0 [ 45.258759] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 45.265328] [] ? __do_page_fault+0x2b6/0x7e0 [ 45.271377] [] ? do_fast_syscall_32+0xdb/0x8b0 [ 45.277598] [] ? scm_detach_fds_compat+0x3b0/0x3b0 [ 45.284168] [] do_fast_syscall_32+0x31e/0x8b0 [ 45.290305] [] sysenter_flags_fixed+0xd/0x1a [ 45.296642] Dumping ftrace buffer: [ 45.300173] (ftrace buffer empty) [ 45.303873] Kernel Offset: disabled [ 45.307480] Rebooting in 86400 seconds..