[....] Starting enhanced syslogd: rsyslogd[ 11.823278] audit: type=1400 audit(1516823230.031:4): avc: denied { syslog } for pid=3175 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.201' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 23.212323] ================================================================== [ 23.219723] BUG: KASAN: slab-out-of-bounds in string+0x1e8/0x200 [ 23.225841] Read of size 1 at addr ffff8801c8430210 by task syzkaller313945/3331 [ 23.233348] [ 23.234952] CPU: 1 PID: 3331 Comm: syzkaller313945 Not tainted 4.9.78-ge9dabe6 #28 [ 23.242642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.251975] ffff8801c85675d0 ffffffff81d943a9 ffffea0007210c00 ffff8801c8430210 [ 23.259981] 0000000000000000 ffff8801c8430210 ffff8801c856782c ffff8801c8567608 [ 23.268472] ffffffff8153dc23 ffff8801c8430210 0000000000000001 0000000000000000 [ 23.276453] Call Trace: [ 23.279013] [] dump_stack+0xc1/0x128 [ 23.284350] [] print_address_description+0x73/0x280 [ 23.290986] [] kasan_report+0x275/0x360 [ 23.296581] [] ? string+0x1e8/0x200 [ 23.301831] [] __asan_report_load1_noabort+0x14/0x20 [ 23.308566] [] string+0x1e8/0x200 [ 23.313657] [] vsnprintf+0x7ad/0x16d0 [ 23.319096] [] ? pointer+0xa90/0xa90 [ 23.324455] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 23.331202] [] __request_module+0x14f/0x750 [ 23.337153] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 23.343362] [] ? call_usermodehelper_setup+0x2c0/0x2c0 [ 23.350267] [] ? nft_immediate_destroy+0x44/0x60 [ 23.356648] [] xt_request_find_target+0x8b/0xb0 [ 23.362943] [] translate_compat_table+0x568/0x1760 [ 23.369491] [] ? ipt_register_table+0x2d0/0x2d0 [ 23.375781] [] ? __lock_is_held+0xa1/0xf0 [ 23.381551] [] ? check_stack_object+0x68/0x140 [ 23.387752] [] ? __check_object_size+0x174/0x3a9 [ 23.394128] [] ? 0xffffffff810002b8 [ 23.399381] [] compat_do_replace.isra.15+0x1a7/0x3a0 [ 23.406105] [] ? translate_compat_table+0x1760/0x1760 [ 23.412919] [] ? mark_held_locks+0xaf/0x100 [ 23.418864] [] ? __cap_capable+0x168/0x1c0 [ 23.424724] [] ? ns_capable_common+0xcf/0x160 [ 23.430840] [] compat_do_ipt_set_ctl+0x106/0x150 [ 23.437221] [] compat_nf_setsockopt+0x88/0x130 [ 23.443431] [] ? compat_do_replace.isra.15+0x3a0/0x3a0 [ 23.450330] [] compat_ip_setsockopt+0x9d/0xf0 [ 23.456450] [] inet_csk_compat_setsockopt+0x95/0x120 [ 23.463174] [] ? ip_setsockopt+0xb0/0xb0 [ 23.468864] [] compat_tcp_setsockopt+0x3d/0x70 [ 23.475068] [] compat_sock_common_setsockopt+0xb2/0x140 [ 23.482052] [] ? tcp_setsockopt+0xd0/0xd0 [ 23.487823] [] compat_SyS_setsockopt+0x149/0x290 [ 23.494201] [] ? sock_common_setsockopt+0xd0/0xd0 [ 23.500663] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 23.507217] [] ? do_fast_syscall_32+0xcf/0x890 [ 23.513425] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 23.519977] [] do_fast_syscall_32+0x2f7/0x890 [ 23.526093] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 23.532735] [] entry_SYSENTER_compat+0x74/0x83 [ 23.538951] [ 23.540553] Allocated by task 3331: [ 23.544153] save_stack_trace+0x16/0x20 [ 23.548098] save_stack+0x43/0xd0 [ 23.551527] kasan_kmalloc+0xad/0xe0 [ 23.555216] __kmalloc+0x11d/0x310 [ 23.558726] xt_alloc_table_info+0x71/0x100 [ 23.563021] compat_do_replace.isra.15+0x116/0x3a0 [ 23.567921] compat_do_ipt_set_ctl+0x106/0x150 [ 23.572477] compat_nf_setsockopt+0x88/0x130 [ 23.576862] compat_ip_setsockopt+0x9d/0xf0 [ 23.581152] inet_csk_compat_setsockopt+0x95/0x120 [ 23.586054] compat_tcp_setsockopt+0x3d/0x70 [ 23.590434] compat_sock_common_setsockopt+0xb2/0x140 [ 23.595599] compat_SyS_setsockopt+0x149/0x290 [ 23.600151] do_fast_syscall_32+0x2f7/0x890 [ 23.604443] entry_SYSENTER_compat+0x74/0x83 [ 23.608817] [ 23.610415] Freed by task 1854: [ 23.613671] save_stack_trace+0x16/0x20 [ 23.617616] save_stack+0x43/0xd0 [ 23.621036] kasan_slab_free+0x72/0xc0 [ 23.624892] kfree+0x103/0x300 [ 23.628058] seq_release+0x59/0x70 [ 23.631574] kernfs_fop_release+0xcb/0x140 [ 23.635777] __fput+0x28c/0x6e0 [ 23.639025] ____fput+0x15/0x20 [ 23.642274] task_work_run+0x115/0x190 [ 23.646131] exit_to_usermode_loop+0xfc/0x120 [ 23.650597] syscall_return_slowpath+0x1a0/0x1e0 [ 23.655325] entry_SYSCALL_64_fastpath+0xe6/0xe8 [ 23.660050] [ 23.661651] The buggy address belongs to the object at ffff8801c8430140 [ 23.661651] which belongs to the cache kmalloc-256 of size 256 [ 23.674278] The buggy address is located 208 bytes inside of [ 23.674278] 256-byte region [ffff8801c8430140, ffff8801c8430240) [ 23.686122] The buggy address belongs to the page: [ 23.691022] page:ffffea0007210c00 count:1 mapcount:0 mapping: (null) index:0xffff8801c8430dc0 [ 23.700555] flags: 0x8000000000000080(slab) [ 23.704842] page dumped because: kasan: bad access detected [ 23.710522] [ 23.712121] Memory state around the buggy address: [ 23.717020] ffff8801c8430100: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 23.724351] ffff8801c8430180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 23.731681] >ffff8801c8430200: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.739008] ^ [ 23.742866] ffff8801c8430280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.750215] ffff8801c8430300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.757586] ================================================================== [ 23.764928] Disabling lock debugging due to kernel taint [ 23.770606] Kernel panic - not syncing: panic_on_warn set ... [ 23.770606] [ 23.777964] CPU: 1 PID: 3331 Comm: syzkaller313945 Tainted: G B 4.9.78-ge9dabe6 #28 [ 23.786864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.796205] ffff8801c8567528 ffffffff81d943a9 ffffffff841971bf ffff8801c8567600 [ 23.804184] 0000000000000000 ffff8801c8430210 ffff8801c856782c ffff8801c85675f0 [ 23.812159] ffffffff8142f451 0000000041b58ab3 ffffffff8418ac30 ffffffff8142f295 [ 23.820128] Call Trace: [ 23.822691] [] dump_stack+0xc1/0x128 [ 23.828028] [] panic+0x1bc/0x3a8 [ 23.833021] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 23.841224] [] ? preempt_schedule+0x25/0x30 [ 23.847172] [] ? ___preempt_schedule+0x16/0x18 [ 23.853374] [] kasan_end_report+0x50/0x50 [ 23.859142] [] kasan_report+0x167/0x360 [ 23.864735] [] ? string+0x1e8/0x200 [ 23.869987] [] __asan_report_load1_noabort+0x14/0x20 [ 23.876717] [] string+0x1e8/0x200 [ 23.881792] [] vsnprintf+0x7ad/0x16d0 [ 23.887212] [] ? pointer+0xa90/0xa90 [ 23.892546] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 23.899270] [] __request_module+0x14f/0x750 [ 23.905213] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 23.911423] [] ? call_usermodehelper_setup+0x2c0/0x2c0 [ 23.918326] [] ? nft_immediate_destroy+0x44/0x60 [ 23.924721] [] xt_request_find_target+0x8b/0xb0 [ 23.931017] [] translate_compat_table+0x568/0x1760 [ 23.937571] [] ? ipt_register_table+0x2d0/0x2d0 [ 23.943889] [] ? __lock_is_held+0xa1/0xf0 [ 23.949659] [] ? check_stack_object+0x68/0x140 [ 23.955870] [] ? __check_object_size+0x174/0x3a9 [ 23.962251] [] ? 0xffffffff810002b8 [ 23.967501] [] compat_do_replace.isra.15+0x1a7/0x3a0 [ 23.974230] [] ? translate_compat_table+0x1760/0x1760 [ 23.981042] [] ? mark_held_locks+0xaf/0x100 [ 23.986987] [] ? __cap_capable+0x168/0x1c0 [ 23.992844] [] ? ns_capable_common+0xcf/0x160 [ 23.998963] [] compat_do_ipt_set_ctl+0x106/0x150 [ 24.005357] [] compat_nf_setsockopt+0x88/0x130 [ 24.011577] [] ? compat_do_replace.isra.15+0x3a0/0x3a0 [ 24.018478] [] compat_ip_setsockopt+0x9d/0xf0 [ 24.024594] [] inet_csk_compat_setsockopt+0x95/0x120 [ 24.031318] [] ? ip_setsockopt+0xb0/0xb0 [ 24.037000] [] compat_tcp_setsockopt+0x3d/0x70 [ 24.043206] [] compat_sock_common_setsockopt+0xb2/0x140 [ 24.050193] [] ? tcp_setsockopt+0xd0/0xd0 [ 24.055964] [] compat_SyS_setsockopt+0x149/0x290 [ 24.062343] [] ? sock_common_setsockopt+0xd0/0xd0 [ 24.068804] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 24.075357] [] ? do_fast_syscall_32+0xcf/0x890 [ 24.081559] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 24.088111] [] do_fast_syscall_32+0x2f7/0x890 [ 24.094224] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 24.100861] [] entry_SYSENTER_compat+0x74/0x83 [ 24.107529] Dumping ftrace buffer: [ 24.111041] (ftrace buffer empty) [ 24.114723] Kernel Offset: disabled [ 24.118321] Rebooting in 86400 seconds..