[....] Starting enhanced syslogd: rsyslogd[ 10.613832] audit: type=1400 audit(1513950773.933:4): avc: denied { syslog } for pid=3177 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-386-3,10.128.0.56' (ECDSA) to the list of known hosts. syzkaller login: [ 18.932649] audit: type=1400 audit(1513950782.253:5): avc: denied { sys_admin } for pid=3325 comm="syzkaller529974" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 18.940105] IPVS: Creating netns size=2536 id=1 executing program [ 18.967179] audit: type=1400 audit(1513950782.293:6): avc: denied { sys_chroot } for pid=3326 comm="syzkaller529974" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 19.006182] audit: type=1400 audit(1513950782.323:7): avc: denied { net_admin } for pid=3326 comm="syzkaller529974" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 19.031071] ================================================================== [ 19.038936] BUG: KASAN: stack-out-of-bounds in string+0x1e8/0x200 [ 19.045133] Read of size 1 at addr ffff8801c1657cd4 by task syzkaller529974/3334 [ 19.052626] [ 19.054221] CPU: 0 PID: 3334 Comm: syzkaller529974 Not tainted 4.9.71-g2506378 #9 [ 19.061802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.071123] ffff8801c1657740 ffffffff81d922b9 ffffea00070595c0 ffff8801c1657cd4 [ 19.079071] 0000000000000000 ffff8801c1657cd4 ffffffff858b271d ffff8801c1657778 [ 19.087011] ffffffff8153bab3 ffff8801c1657cd4 0000000000000001 0000000000000000 [ 19.095997] Call Trace: [ 19.099072] [] dump_stack+0xc1/0x128 [ 19.104402] [] print_address_description+0x73/0x280 [ 19.111031] [] kasan_report+0x275/0x360 [ 19.116618] [] ? string+0x1e8/0x200 [ 19.121860] [] __asan_report_load1_noabort+0x14/0x20 [ 19.128573] [] string+0x1e8/0x200 [ 19.133638] [] vsnprintf+0x7ad/0x16d0 [ 19.139052] [] ? pointer+0xa90/0xa90 [ 19.144377] [] vscnprintf+0x2d/0x60 [ 19.149617] [] vprintk_emit+0xf1/0x750 [ 19.155119] [] ? mark_held_locks+0xaf/0x100 [ 19.161053] [] vprintk+0x28/0x30 [ 19.166032] [] vprintk_default+0x1d/0x30 [ 19.171710] [] printk+0xb7/0xe2 [ 19.176601] [] ? load_image_and_restore+0xf9/0xf9 [ 19.183058] [] ? mutex_lock_killable_nested+0x960/0x960 [ 19.190041] [] do_ip_vs_set_ctl+0xa01/0xc00 [ 19.195979] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 19.202790] [] ? mark_held_locks+0xaf/0x100 [ 19.208735] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 19.215451] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 19.221645] [] ? mutex_unlock+0x9/0x10 [ 19.227145] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 19.234208] [] compat_nf_setsockopt+0xfa/0x130 [ 19.240402] [] compat_ip_setsockopt+0x9d/0xf0 [ 19.246508] [] compat_udp_setsockopt+0x45/0x80 [ 19.252705] [] compat_sock_common_setsockopt+0xb2/0x140 [ 19.259679] [] ? udp_lib_setsockopt+0x560/0x560 [ 19.265960] [] compat_SyS_setsockopt+0x149/0x290 [ 19.272328] [] ? sock_common_setsockopt+0xd0/0xd0 [ 19.278789] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 19.285504] [] ? do_fast_syscall_32+0xcf/0x890 [ 19.291698] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 19.298239] [] do_fast_syscall_32+0x2f7/0x890 [ 19.304344] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 19.310976] [] entry_SYSENTER_compat+0x51/0x60 [ 19.317167] [ 19.318756] The buggy address belongs to the page: [ 19.323648] page:ffffea00070595c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 19.331861] flags: 0x8000000000000000() [ 19.335795] page dumped because: kasan: bad access detected [ 19.341465] [ 19.343054] Memory state around the buggy address: [ 19.347947] ffff8801c1657b80: 00 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 [ 19.355268] ffff8801c1657c00: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 [ 19.362590] >ffff8801c1657c80: f2 f2 00 00 00 00 00 00 00 00 04 f2 f2 f2 00 00 [ 19.369914] ^ [ 19.375846] ffff8801c1657d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.383169] ffff8801c1657d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.390490] ================================================================== [ 19.397811] Kernel panic - not syncing: panic_on_warn set ... [ 19.397811] [ 19.405136] CPU: 0 PID: 3334 Comm: syzkaller529974 Tainted: G B 4.9.71-g2506378 #9 [ 19.413932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.423257] ffff8801c1657698 ffffffff81d922b9 ffffffff84194b3f ffff8801c1657770 [ 19.432944] 0000000000000000 ffff8801c1657cd4 ffffffff858b271d ffff8801c1657760 [ 19.441332] ffffffff8142d741 0000000041b58ab3 ffffffff84188580 ffffffff8142d585 [ 19.449283] Call Trace: [ 19.451838] [] dump_stack+0xc1/0x128 [ 19.457168] [] panic+0x1bc/0x3a8 [ 19.462150] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 19.470343] [] ? load_image_and_restore+0xf9/0xf9 [ 19.476800] [] kasan_end_report+0x50/0x50 [ 19.482560] [] kasan_report+0x167/0x360 [ 19.488148] [] ? string+0x1e8/0x200 [ 19.493386] [] __asan_report_load1_noabort+0x14/0x20 [ 19.500099] [] string+0x1e8/0x200 [ 19.505165] [] vsnprintf+0x7ad/0x16d0 [ 19.510590] [] ? pointer+0xa90/0xa90 [ 19.515931] [] vscnprintf+0x2d/0x60 [ 19.521172] [] vprintk_emit+0xf1/0x750 [ 19.526673] [] ? mark_held_locks+0xaf/0x100 [ 19.532606] [] vprintk+0x28/0x30 [ 19.537583] [] vprintk_default+0x1d/0x30 [ 19.543256] [] printk+0xb7/0xe2 [ 19.548148] [] ? load_image_and_restore+0xf9/0xf9 [ 19.554606] [] ? mutex_lock_killable_nested+0x960/0x960 [ 19.561581] [] do_ip_vs_set_ctl+0xa01/0xc00 [ 19.567521] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 19.574325] [] ? mark_held_locks+0xaf/0x100 [ 19.580260] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 19.586976] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 19.593170] [] ? mutex_unlock+0x9/0x10 [ 19.598671] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 19.605733] [] compat_nf_setsockopt+0xfa/0x130 [ 19.611932] [] compat_ip_setsockopt+0x9d/0xf0 [ 19.618039] [] compat_udp_setsockopt+0x45/0x80 [ 19.624233] [] compat_sock_common_setsockopt+0xb2/0x140 [ 19.631206] [] ? udp_lib_setsockopt+0x560/0x560 [ 19.637488] [] compat_SyS_setsockopt+0x149/0x290 [ 19.643854] [] ? sock_common_setsockopt+0xd0/0xd0 [ 19.650308] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 19.656853] [] ? do_fast_syscall_32+0xcf/0x890 [ 19.663047] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 19.669594] [] do_fast_syscall_32+0x2f7/0x890 [ 19.675702] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 19.682331] [] entry_SYSENTER_compat+0x51/0x60 [ 19.689214] Dumping ftrace buffer: [ 19.692719] (ftrace buffer empty) [ 19.696392] Kernel Offset: disabled [ 19.699983] Rebooting in 86400 seconds..