[....] Starting enhanced syslogd: rsyslogd[ 10.693766] audit: type=1400 audit(1514160757.435:4): avc: denied { syslog } for pid=3171 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-2,10.128.0.13' (ECDSA) to the list of known hosts. 2017/12/25 00:12:45 parsed 1 programs 2017/12/25 00:12:45 executed programs: 0 syzkaller login: [ 18.760401] audit: type=1400 audit(1514160765.495:5): avc: denied { sys_admin } for pid=3326 comm="syz-executor4" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 18.772523] IPVS: Creating netns size=2536 id=1 [ 18.789912] IPVS: Creating netns size=2536 id=2 [ 18.814532] IPVS: Creating netns size=2536 id=3 [ 18.823675] audit: type=1400 audit(1514160765.565:6): avc: denied { sys_chroot } for pid=3332 comm="syz-executor0" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 18.860674] IPVS: Creating netns size=2536 id=4 [ 18.892874] IPVS: Creating netns size=2536 id=5 [ 18.909024] audit: type=1400 audit(1514160765.645:7): avc: denied { dac_override } for pid=3360 comm="syz-executor4" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 18.934421] IPVS: Creating netns size=2536 id=6 [ 18.958000] IPVS: Creating netns size=2536 id=7 [ 18.979700] IPVS: Creating netns size=2536 id=8 2017/12/25 00:12:50 executed programs: 729 2017/12/25 00:12:55 executed programs: 1471 [ 28.933717] ================================================================== [ 28.941106] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 [ 28.947496] Read of size 8 at addr ffff8801cd6cfc30 by task syz-executor2/10025 [ 28.954908] [ 28.956508] CPU: 0 PID: 10025 Comm: syz-executor2 Not tainted 4.9.71-g2506378 #113 [ 28.964186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.973522] ffff8801cc8778f0 ffffffff81d922b9 ffffea000735b3c0 ffff8801cd6cfc30 [ 28.982235] 0000000000000000 ffff8801cd6cfc38 ffff8801cc877a20 ffff8801cc877928 [ 28.993217] ffffffff8153bab3 ffff8801cd6cfc30 0000000000000008 0000000000000000 [ 29.001699] Call Trace: [ 29.004269] [] dump_stack+0xc1/0x128 [ 29.009618] [] print_address_description+0x73/0x280 [ 29.016270] [] kasan_report+0x275/0x360 [ 29.021867] [] ? __unwind_start+0x3a7/0x3c0 [ 29.027811] [] __asan_report_load8_noabort+0x14/0x20 [ 29.034546] [] __unwind_start+0x3a7/0x3c0 [ 29.040333] [] ? ptrace_may_access+0x24/0x50 [ 29.047086] [] __save_stack_trace+0x59/0xf0 [ 29.053031] [] save_stack_trace_tsk+0x48/0x70 [ 29.059148] [] proc_pid_stack+0x146/0x230 [ 29.064919] [] ? lock_trace+0xc0/0xc0 [ 29.070350] [] proc_single_show+0xf8/0x170 [ 29.076226] [] seq_read+0x32f/0x1290 [ 29.081561] [] ? seq_escape+0x200/0x200 [ 29.087154] [] ? do_futex+0x3f8/0x15c0 [ 29.092670] [] ? __lock_is_held+0xa1/0xf0 [ 29.098447] [] ? seq_escape+0x200/0x200 [ 29.104049] [] __vfs_read+0x103/0x670 [ 29.109502] [] ? default_llseek+0x290/0x290 [ 29.115463] [] ? fsnotify+0x86/0xf30 [ 29.120795] [] ? fsnotify+0xf30/0xf30 [ 29.126213] [] ? avc_policy_seqno+0x9/0x20 [ 29.132074] [] ? selinux_file_permission+0x82/0x460 [ 29.138720] [] ? security_file_permission+0x89/0x1e0 [ 29.145467] [] ? rw_verify_area+0xe5/0x2b0 [ 29.151316] [] vfs_read+0x11e/0x380 [ 29.156566] [] SyS_read+0xd9/0x1b0 [ 29.161729] [] ? vfs_copy_file_range+0x740/0x740 [ 29.168106] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 29.174920] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.183812] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 29.190788] [ 29.192382] The buggy address belongs to the page: [ 29.197283] page:ffffea000735b3c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 29.205504] flags: 0x8000000000000000() [ 29.209442] page dumped because: kasan: bad access detected [ 29.215114] [ 29.216713] Memory state around the buggy address: [ 29.221606] ffff8801cd6cfb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.228931] ffff8801cd6cfb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.236256] >ffff8801cd6cfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.243580] ^ [ 29.248739] ffff8801cd6cfc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.256063] ffff8801cd6cfd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.263387] ================================================================== [ 29.270721] Disabling lock debugging due to kernel taint [ 29.276959] Kernel panic - not syncing: panic_on_warn set ... [ 29.276959] [ 29.284329] CPU: 0 PID: 10025 Comm: syz-executor2 Tainted: G B 4.9.71-g2506378 #113 [ 29.293222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.302545] ffff8801cc877848 ffffffff81d922b9 ffffffff84194b3f ffff8801cc877920 [ 29.310496] 0000000000000000 ffff8801cd6cfc38 ffff8801cc877a20 ffff8801cc877910 [ 29.318463] ffffffff8142d741 0000000041b58ab3 ffffffff84188580 ffffffff8142d585 [ 29.326415] Call Trace: [ 29.328971] [] dump_stack+0xc1/0x128 [ 29.334303] [] panic+0x1bc/0x3a8 [ 29.339907] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 29.348101] [] ? preempt_schedule+0x25/0x30 [ 29.354054] [] ? ___preempt_schedule+0x16/0x18 [ 29.360254] [] kasan_end_report+0x50/0x50 [ 29.366014] [] kasan_report+0x167/0x360 [ 29.371603] [] ? __unwind_start+0x3a7/0x3c0 [ 29.377539] [] __asan_report_load8_noabort+0x14/0x20 [ 29.384259] [] __unwind_start+0x3a7/0x3c0 [ 29.390979] [] ? ptrace_may_access+0x24/0x50 [ 29.397010] [] __save_stack_trace+0x59/0xf0 [ 29.402958] [] save_stack_trace_tsk+0x48/0x70 [ 29.409071] [] proc_pid_stack+0x146/0x230 [ 29.414832] [] ? lock_trace+0xc0/0xc0 [ 29.420247] [] proc_single_show+0xf8/0x170 [ 29.426540] [] seq_read+0x32f/0x1290 [ 29.431879] [] ? seq_escape+0x200/0x200 [ 29.437470] [] ? do_futex+0x3f8/0x15c0 [ 29.442974] [] ? __lock_is_held+0xa1/0xf0 [ 29.448733] [] ? seq_escape+0x200/0x200 [ 29.454324] [] __vfs_read+0x103/0x670 [ 29.459738] [] ? default_llseek+0x290/0x290 [ 29.465676] [] ? fsnotify+0x86/0xf30 [ 29.471002] [] ? fsnotify+0xf30/0xf30 [ 29.476419] [] ? avc_policy_seqno+0x9/0x20 [ 29.482268] [] ? selinux_file_permission+0x82/0x460 [ 29.488896] [] ? security_file_permission+0x89/0x1e0 [ 29.495620] [] ? rw_verify_area+0xe5/0x2b0 [ 29.501471] [] vfs_read+0x11e/0x380 [ 29.506714] [] SyS_read+0xd9/0x1b0 [ 29.511870] [] ? vfs_copy_file_range+0x740/0x740 [ 29.518246] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 29.525049] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.531594] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 29.538179] Dumping ftrace buffer: [ 29.541686] (ftrace buffer empty) [ 29.545370] Kernel Offset: disabled [ 29.548968] Rebooting in 86400 seconds..