[....] Starting enhanced syslogd: rsyslogd[ 10.932469] audit: type=1400 audit(1516825777.093:4): avc: denied { syslog } for pid=3166 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.200' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.738818] ================================================================== [ 32.739961] BUG: KASAN: slab-out-of-bounds in string+0x1e8/0x200 [ 32.740780] Read of size 1 at addr ffff8801c94d50d0 by task syzkaller264309/3332 [ 32.741770] [ 32.742005] CPU: 0 PID: 3332 Comm: syzkaller264309 Not tainted 4.9.78-ge9dabe6 #28 [ 32.743016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.744238] ffff8801cdff7610 ffffffff81d943a9 ffffea0007253540 ffff8801c94d50d0 [ 32.745392] 0000000000000000 ffff8801c94d50d0 ffff8801cdff786c ffff8801cdff7648 [ 32.746549] ffffffff8153dc23 ffff8801c94d50d0 0000000000000001 0000000000000000 [ 32.747693] Call Trace: [ 32.748096] [] dump_stack+0xc1/0x128 [ 32.748822] [] print_address_description+0x73/0x280 [ 32.749704] [] kasan_report+0x275/0x360 [ 32.750487] [] ? string+0x1e8/0x200 [ 32.751243] [] __asan_report_load1_noabort+0x14/0x20 [ 32.752210] [] string+0x1e8/0x200 [ 32.752888] [] vsnprintf+0x7ad/0x16d0 [ 32.753627] [] ? pointer+0xa90/0xa90 [ 32.754355] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 32.755294] [] __request_module+0x14f/0x750 [ 32.756103] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 32.756925] [] ? call_usermodehelper_setup+0x2c0/0x2c0 [ 32.757841] [] ? nft_payload_set_init+0x298/0x4b0 [ 32.758699] [] xt_request_find_target+0x8b/0xb0 [ 32.763439] [] translate_compat_table+0x568/0x1760 [ 32.769998] [] ? ipt_register_table+0x2d0/0x2d0 [ 32.776298] [] ? __lock_is_held+0xa1/0xf0 [ 32.782066] [] ? check_stack_object+0x68/0x140 [ 32.788270] [] ? __check_object_size+0x174/0x3a9 [ 32.794643] [] ? 0xffffffff810002b8 [ 32.799890] [] compat_do_replace.isra.15+0x1a7/0x3a0 [ 32.807544] [] ? translate_compat_table+0x1760/0x1760 [ 32.814357] [] ? mark_held_locks+0xaf/0x100 [ 32.820306] [] ? __cap_capable+0x168/0x1c0 [ 32.826162] [] ? ns_capable_common+0xcf/0x160 [ 32.832274] [] compat_do_ipt_set_ctl+0x106/0x150 [ 32.838652] [] compat_nf_setsockopt+0x88/0x130 [ 32.844855] [] ? compat_do_replace.isra.15+0x3a0/0x3a0 [ 32.851764] [] compat_ip_setsockopt+0x9d/0xf0 [ 32.857880] [] compat_udp_setsockopt+0x45/0x80 [ 32.864094] [] compat_sock_common_setsockopt+0xb2/0x140 [ 32.871078] [] ? udp_lib_setsockopt+0x560/0x560 [ 32.878080] [] compat_SyS_setsockopt+0x149/0x290 [ 32.884808] [] ? sock_common_setsockopt+0xd0/0xd0 [ 32.891268] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 32.897830] [] ? do_fast_syscall_32+0xcf/0x890 [ 32.904394] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 32.910945] [] do_fast_syscall_32+0x2f7/0x890 [ 32.917060] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.923696] [] entry_SYSENTER_compat+0x74/0x83 [ 32.929905] [ 32.931506] Allocated by task 3332: [ 32.935102] save_stack_trace+0x16/0x20 [ 32.939051] save_stack+0x43/0xd0 [ 32.942471] kasan_kmalloc+0xad/0xe0 [ 32.946154] __kmalloc+0x11d/0x310 [ 32.949663] xt_alloc_table_info+0x71/0x100 [ 32.953969] compat_do_replace.isra.15+0x116/0x3a0 [ 32.958867] compat_do_ipt_set_ctl+0x106/0x150 [ 32.963418] compat_nf_setsockopt+0x88/0x130 [ 32.967794] compat_ip_setsockopt+0x9d/0xf0 [ 32.972083] compat_udp_setsockopt+0x45/0x80 [ 32.976458] compat_sock_common_setsockopt+0xb2/0x140 [ 32.981616] compat_SyS_setsockopt+0x149/0x290 [ 32.986167] do_fast_syscall_32+0x2f7/0x890 [ 32.992022] entry_SYSENTER_compat+0x74/0x83 [ 32.996570] [ 32.998174] Freed by task 1822: [ 33.001421] save_stack_trace+0x16/0x20 [ 33.005363] save_stack+0x43/0xd0 [ 33.008786] kasan_slab_free+0x72/0xc0 [ 33.012640] kfree+0x103/0x300 [ 33.015802] seq_release+0x59/0x70 [ 33.019327] kernfs_fop_release+0xcb/0x140 [ 33.023531] __fput+0x28c/0x6e0 [ 33.026970] ____fput+0x15/0x20 [ 33.030219] task_work_run+0x115/0x190 [ 33.034074] exit_to_usermode_loop+0xfc/0x120 [ 33.038538] syscall_return_slowpath+0x1a0/0x1e0 [ 33.043270] entry_SYSCALL_64_fastpath+0xe6/0xe8 [ 33.047991] [ 33.049588] The buggy address belongs to the object at ffff8801c94d5000 [ 33.049588] which belongs to the cache kmalloc-256 of size 256 [ 33.062218] The buggy address is located 208 bytes inside of [ 33.062218] 256-byte region [ffff8801c94d5000, ffff8801c94d5100) [ 33.074059] The buggy address belongs to the page: [ 33.079392] page:ffffea0007253540 count:1 mapcount:0 mapping: (null) index:0xffff8801c94d58c0 [ 33.088927] flags: 0x8000000000000080(slab) [ 33.093214] page dumped because: kasan: bad access detected [ 33.098890] [ 33.100487] Memory state around the buggy address: [ 33.105384] ffff8801c94d4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.112714] ffff8801c94d5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 33.120044] >ffff8801c94d5080: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 33.127461] ^ [ 33.133408] ffff8801c94d5100: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 33.140744] ffff8801c94d5180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.148072] ================================================================== [ 33.155409] Disabling lock debugging due to kernel taint [ 33.161034] Kernel panic - not syncing: panic_on_warn set ... [ 33.161034] [ 33.168388] CPU: 0 PID: 3332 Comm: syzkaller264309 Tainted: G B 4.9.78-ge9dabe6 #28 [ 33.178430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.189150] ffff8801cdff7568 ffffffff81d943a9 ffffffff841971bf ffff8801cdff7640 [ 33.197125] 0000000000000000 ffff8801c94d50d0 ffff8801cdff786c ffff8801cdff7630 [ 33.205118] ffffffff8142f451 0000000041b58ab3 ffffffff8418ac30 ffffffff8142f295 [ 33.213095] Call Trace: [ 33.215655] [] dump_stack+0xc1/0x128 [ 33.220991] [] panic+0x1bc/0x3a8 [ 33.225977] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 33.234192] [] ? preempt_schedule+0x25/0x30 [ 33.240133] [] ? ___preempt_schedule+0x16/0x18 [ 33.246335] [] kasan_end_report+0x50/0x50 [ 33.252101] [] kasan_report+0x167/0x360 [ 33.257703] [] ? string+0x1e8/0x200 [ 33.262957] [] __asan_report_load1_noabort+0x14/0x20 [ 33.269692] [] string+0x1e8/0x200 [ 33.274777] [] vsnprintf+0x7ad/0x16d0 [ 33.280197] [] ? pointer+0xa90/0xa90 [ 33.285532] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 33.292254] [] __request_module+0x14f/0x750 [ 33.299713] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 33.305914] [] ? call_usermodehelper_setup+0x2c0/0x2c0 [ 33.312826] [] ? nft_payload_set_init+0x298/0x4b0 [ 33.319291] [] xt_request_find_target+0x8b/0xb0 [ 33.325580] [] translate_compat_table+0x568/0x1760 [ 33.332147] [] ? ipt_register_table+0x2d0/0x2d0 [ 33.338448] [] ? __lock_is_held+0xa1/0xf0 [ 33.344215] [] ? check_stack_object+0x68/0x140 [ 33.350417] [] ? __check_object_size+0x174/0x3a9 [ 33.356965] [] ? 0xffffffff810002b8 [ 33.362212] [] compat_do_replace.isra.15+0x1a7/0x3a0 [ 33.368953] [] ? translate_compat_table+0x1760/0x1760 [ 33.375764] [] ? mark_held_locks+0xaf/0x100 [ 33.381709] [] ? __cap_capable+0x168/0x1c0 [ 33.387575] [] ? ns_capable_common+0xcf/0x160 [ 33.393867] [] compat_do_ipt_set_ctl+0x106/0x150 [ 33.400421] [] compat_nf_setsockopt+0x88/0x130 [ 33.406625] [] ? compat_do_replace.isra.15+0x3a0/0x3a0 [ 33.413535] [] compat_ip_setsockopt+0x9d/0xf0 [ 33.419652] [] compat_udp_setsockopt+0x45/0x80 [ 33.425857] [] compat_sock_common_setsockopt+0xb2/0x140 [ 33.432839] [] ? udp_lib_setsockopt+0x560/0x560 [ 33.439127] [] compat_SyS_setsockopt+0x149/0x290 [ 33.445501] [] ? sock_common_setsockopt+0xd0/0xd0 [ 33.451964] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 33.458513] [] ? do_fast_syscall_32+0xcf/0x890 [ 33.464714] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 33.471275] [] do_fast_syscall_32+0x2f7/0x890 [ 33.477388] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 33.484030] [] entry_SYSENTER_compat+0x74/0x83 [ 33.490624] Dumping ftrace buffer: [ 33.494139] (ftrace buffer empty) [ 33.497820] Kernel Offset: disabled [ 33.501415] Rebooting in 86400 seconds..