INIT: Entering runlevel: 2 [[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-6,10.128.0.4' (ECDSA) to the list of known hosts. 2017/12/09 11:48:17 parsed 1 programs 2017/12/09 11:48:17 executed programs: 0 syzkaller login: [ 31.444180] IPVS: Creating netns size=2536 id=1 [ 35.333272] ================================================================== [ 35.340643] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 at addr ffff8801c950fc28 [ 35.349181] Read of size 8 by task syz-executor0/4975 [ 35.354335] page:ffffea00072543c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 35.362544] flags: 0x8000000000000000() [ 35.366481] page dumped because: kasan: bad access detected [ 35.372157] CPU: 1 PID: 4975 Comm: syz-executor0 Not tainted 4.9.67-gf26d3c7 #106 [ 35.379740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.389058] ffff8801c9b5f1a0 ffffffff81d906e9 ffffed00392a1f86 0000000000000008 [ 35.396995] 0000000000000000 ffffed00392a1f86 ffff8801c950fc28 ffff8801c9b5f228 [ 35.404929] ffffffff8153a833 ffff8801c9f80000 ffffffff8389f09e ffffffff810d41b7 [ 35.412862] Call Trace: [ 35.415412] [] dump_stack+0xc1/0x128 [ 35.420739] [] kasan_report.part.1+0x4c3/0x500 [ 35.426935] [] ? mutex_lock_killable_nested+0x60e/0x960 [ 35.433910] [] ? __unwind_start+0x3a7/0x3c0 [ 35.439844] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 35.446644] [] __asan_report_load8_noabort+0x29/0x30 [ 35.453355] [] __unwind_start+0x3a7/0x3c0 [ 35.459418] [] ? ptrace_may_access+0x24/0x50 [ 35.465447] [] __save_stack_trace+0x59/0xf0 [ 35.471383] [] save_stack_trace_tsk+0x48/0x70 [ 35.477816] [] proc_pid_stack+0x146/0x230 [ 35.483574] [] ? lock_trace+0xc0/0xc0 [ 35.488984] [] proc_single_show+0xf8/0x170 [ 35.494832] [] seq_read+0x32f/0x1290 [ 35.500156] [] ? seq_escape+0x200/0x200 [ 35.505744] [] ? fsnotify+0x86/0xf30 [ 35.511075] [] ? fsnotify+0xf30/0xf30 [ 35.516489] [] ? avc_policy_seqno+0x9/0x20 [ 35.522336] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 35.529313] [] ? security_file_permission+0x89/0x1e0 [ 35.536027] [] ? seq_escape+0x200/0x200 [ 35.541615] [] ? seq_escape+0x200/0x200 [ 35.547203] [] do_readv_writev+0x520/0x750 [ 35.553052] [] ? vfs_write+0x530/0x530 [ 35.558551] [] ? kasan_unpoison_shadow+0x35/0x50 [ 35.564921] [] ? push_pipe+0x372/0x770 [ 35.570420] [] ? sanity+0x1ff/0x610 [ 35.575659] [] ? iov_iter_get_pages_alloc+0x2c7/0xf10 [ 35.582460] [] vfs_readv+0x84/0xc0 [ 35.587614] [] default_file_splice_read+0x43f/0x7a0 [ 35.594242] [] ? _raw_spin_unlock_irq+0x38/0x50 [ 35.600521] [] ? do_splice_direct+0x270/0x270 [ 35.606630] [] ? __might_sleep+0x95/0x1a0 [ 35.612389] [] ? futex_wait_queue_me+0x3e9/0x5e0 [ 35.618755] [] ? __fsnotify_parent+0xbc/0x340 [ 35.624862] [] ? fsnotify+0x86/0xf30 [ 35.630185] [] ? fsnotify+0xf30/0xf30 [ 35.635598] [] ? avc_policy_seqno+0x9/0x20 [ 35.641443] [] ? selinux_file_permission+0x82/0x460 [ 35.648070] [] ? security_file_permission+0x89/0x1e0 [ 35.654783] [] ? rw_verify_area+0xe5/0x2b0 [ 35.660628] [] ? do_splice_direct+0x270/0x270 [ 35.666735] [] do_splice_to+0x10a/0x160 [ 35.672322] [] splice_direct_to_actor+0x24d/0x800 [ 35.678773] [] ? generic_pipe_buf_nosteal+0x10/0x10 [ 35.685402] [] ? do_splice_to+0x160/0x160 [ 35.691159] [] ? security_file_permission+0x89/0x1e0 [ 35.697872] [] ? rw_verify_area+0xe5/0x2b0 [ 35.703719] [] do_splice_direct+0x1a7/0x270 [ 35.709651] [] ? splice_direct_to_actor+0x800/0x800 [ 35.716278] [] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 35.722820] [] ? __sb_start_write+0x14a/0x310 [ 35.728924] [] do_sendfile+0x54b/0xd30 [ 35.734421] [] ? do_compat_pwritev64+0x100/0x100 [ 35.740789] [] ? __might_fault+0x114/0x1d0 [ 35.746633] [] SyS_sendfile64+0xd1/0x160 [ 35.752305] [] ? SyS_sendfile+0x160/0x160 [ 35.758067] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 35.764875] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 35.771416] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 35.777955] Memory state around the buggy address: [ 35.782863] ffff8801c950fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.790207] ffff8801c950fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.797537] >ffff8801c950fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.804862] ^ [ 35.809758] ffff8801c950fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.817082] ffff8801c950fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.824407] ================================================================== [ 35.831730] Disabling lock debugging due to kernel taint 2017/12/09 11:48:22 executed programs: 653 2017/12/09 11:48:27 executed programs: 1311