[....] Starting enhanced syslogd: rsyslogd[ 13.591077] audit: type=1400 audit(1514860280.377:4): avc: denied { syslog } for pid=3176 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts. 2018/01/02 02:32:51 parsed 1 programs 2018/01/02 02:32:51 executed programs: 0 syzkaller login: [ 104.771359] IPVS: Creating netns size=2536 id=1 2018/01/02 02:32:56 executed programs: 490 INIT: Id "3" respawning too fast: disabled for 5 minutes INIT: Id "5" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "6" respawning too fast: disabled for 5 minutes 2018/01/02 02:33:01 executed programs: 908 [ 117.782952] ================================================================== [ 117.790330] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 [ 117.796701] Read of size 8 at addr ffff8801d0daf850 by task syz-executor0/6974 [ 117.804022] [ 117.805626] CPU: 1 PID: 6974 Comm: syz-executor0 Not tainted 4.9.73-gf3f3457 #11 [ 117.813122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 117.822441] ffff8801d0f77138 ffffffff81d922b9 ffffea0007436bc0 ffff8801d0daf850 [ 117.830398] 0000000000000000 ffff8801d0daf858 ffff8801d0f77268 ffff8801d0f77170 [ 117.838372] ffffffff8153bab3 ffff8801d0daf850 0000000000000008 0000000000000000 [ 117.846321] Call Trace: [ 117.848876] [] dump_stack+0xc1/0x128 [ 117.854216] [] print_address_description+0x73/0x280 [ 117.860853] [] kasan_report+0x275/0x360 [ 117.866456] [] ? __unwind_start+0x3a7/0x3c0 [ 117.872393] [] __asan_report_load8_noabort+0x14/0x20 [ 117.879112] [] __unwind_start+0x3a7/0x3c0 [ 117.884876] [] ? ptrace_may_access+0x24/0x50 [ 117.890899] [] __save_stack_trace+0x59/0xf0 [ 117.896833] [] save_stack_trace_tsk+0x48/0x70 [ 117.902943] [] proc_pid_stack+0x146/0x230 [ 117.908705] [] ? lock_trace+0xc0/0xc0 [ 117.914121] [] proc_single_show+0xf8/0x170 [ 117.919971] [] seq_read+0x32f/0x1290 [ 117.925301] [] ? seq_escape+0x200/0x200 [ 117.930890] [] ? fsnotify+0x86/0xf30 [ 117.936881] [] ? fsnotify+0xf30/0xf30 [ 117.944033] [] ? avc_policy_seqno+0x9/0x20 [ 117.949886] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 117.957211] [] ? security_file_permission+0x89/0x1e0 [ 117.966273] [] ? seq_escape+0x200/0x200 [ 117.972124] [] ? seq_escape+0x200/0x200 [ 117.977723] [] do_readv_writev+0x520/0x750 [ 117.984457] [] ? vfs_write+0x530/0x530 [ 117.991005] [] ? kasan_unpoison_shadow+0x35/0x50 [ 117.997463] [] ? push_pipe+0x372/0x770 [ 118.002965] [] ? sanity+0x1ff/0x610 [ 118.008210] [] ? iov_iter_get_pages_alloc+0x2c7/0xf10 [ 118.015014] [] vfs_readv+0x84/0xc0 [ 118.020171] [] default_file_splice_read+0x43f/0x7a0 [ 118.026802] [] ? _raw_spin_unlock_irq+0x38/0x50 [ 118.033090] [] ? do_splice_direct+0x270/0x270 [ 118.039209] [] ? __might_sleep+0x95/0x1a0 [ 118.044971] [] ? __fsnotify_parent+0xbc/0x340 [ 118.051081] [] ? fsnotify+0x86/0xf30 [ 118.056410] [] ? fsnotify+0xf30/0xf30 [ 118.061829] [] ? avc_policy_seqno+0x9/0x20 [ 118.067678] [] ? selinux_file_permission+0x82/0x460 [ 118.074316] [] ? security_file_permission+0x89/0x1e0 [ 118.081390] [] ? rw_verify_area+0xe5/0x2b0 [ 118.087242] [] ? do_splice_direct+0x270/0x270 [ 118.093355] [] do_splice_to+0x10a/0x160 [ 118.098956] [] splice_direct_to_actor+0x24d/0x800 [ 118.105416] [] ? generic_pipe_buf_nosteal+0x10/0x10 [ 118.112052] [] ? do_splice_to+0x160/0x160 [ 118.117815] [] ? security_file_permission+0x89/0x1e0 [ 118.124543] [] ? rw_verify_area+0xe5/0x2b0 [ 118.130396] [] do_splice_direct+0x1a7/0x270 [ 118.136335] [] ? splice_direct_to_actor+0x800/0x800 [ 118.142966] [] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 118.149508] [] ? __sb_start_write+0x14a/0x310 [ 118.155618] [] do_sendfile+0x54b/0xd30 [ 118.161126] [] ? do_compat_pwritev64+0x100/0x100 [ 118.167505] [] ? __might_fault+0x114/0x1d0 [ 118.173356] [] compat_SyS_sendfile+0xd1/0x160 [ 118.180232] [] ? SyS_sendfile64+0x160/0x160 [ 118.186173] [] ? do_fast_syscall_32+0xcf/0x890 [ 118.192375] [] ? SyS_sendfile64+0x160/0x160 [ 118.198313] [] do_fast_syscall_32+0x2f7/0x890 [ 118.204426] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 118.211068] [] entry_SYSENTER_compat+0x51/0x60 [ 118.217270] [ 118.218864] The buggy address belongs to the page: [ 118.223760] page:ffffea0007436bc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 118.231980] flags: 0x8000000000000000() [ 118.235917] page dumped because: kasan: bad access detected [ 118.241589] [ 118.243181] Memory state around the buggy address: [ 118.248085] ffff8801d0daf700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 118.255409] ffff8801d0daf780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 118.262731] >ffff8801d0daf800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 118.270054] ^ [ 118.276254] ffff8801d0daf880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 118.283579] ffff8801d0daf900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 118.290901] ================================================================== [ 118.298231] Disabling lock debugging due to kernel taint [ 118.303926] Kernel panic - not syncing: panic_on_warn set ... [ 118.303926] [ 118.311270] CPU: 1 PID: 6974 Comm: syz-executor0 Tainted: G B 4.9.73-gf3f3457 #11 [ 118.319986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 118.329307] ffff8801d0f77090 ffffffff81d922b9 ffffffff841955bf ffff8801d0f77168 [ 118.337256] 0000000000000000 ffff8801d0daf858 ffff8801d0f77268 ffff8801d0f77158 [ 118.345219] ffffffff8142d741 0000000041b58ab3 ffffffff84189000 ffffffff8142d585 [ 118.353170] Call Trace: [ 118.355727] [] dump_stack+0xc1/0x128 [ 118.361057] [] panic+0x1bc/0x3a8 [ 118.366040] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 118.374323] [] ? preempt_schedule+0x25/0x30 [ 118.380260] [] ? ___preempt_schedule+0x16/0x18 [ 118.386466] [] kasan_end_report+0x50/0x50 [ 118.392227] [] kasan_report+0x167/0x360 [ 118.397817] [] ? __unwind_start+0x3a7/0x3c0 [ 118.404102] [] __asan_report_load8_noabort+0x14/0x20 [ 118.410820] [] __unwind_start+0x3a7/0x3c0 [ 118.416583] [] ? ptrace_may_access+0x24/0x50 [ 118.422605] [] __save_stack_trace+0x59/0xf0 [ 118.428545] [] save_stack_trace_tsk+0x48/0x70 [ 118.434659] [] proc_pid_stack+0x146/0x230 [ 118.440418] [] ? lock_trace+0xc0/0xc0 [ 118.445833] [] proc_single_show+0xf8/0x170 [ 118.451681] [] seq_read+0x32f/0x1290 [ 118.457007] [] ? seq_escape+0x200/0x200 [ 118.462597] [] ? fsnotify+0x86/0xf30 [ 118.467923] [] ? fsnotify+0xf30/0xf30 [ 118.473340] [] ? avc_policy_seqno+0x9/0x20 [ 118.479191] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 118.486167] [] ? security_file_permission+0x89/0x1e0 [ 118.492882] [] ? seq_escape+0x200/0x200 [ 118.498477] [] ? seq_escape+0x200/0x200 [ 118.504066] [] do_readv_writev+0x520/0x750 [ 118.509917] [] ? vfs_write+0x530/0x530 [ 118.515417] [] ? kasan_unpoison_shadow+0x35/0x50 [ 118.521787] [] ? push_pipe+0x372/0x770 [ 118.527288] [] ? sanity+0x1ff/0x610 [ 118.532538] [] ? iov_iter_get_pages_alloc+0x2c7/0xf10 [ 118.539346] [] vfs_readv+0x84/0xc0 [ 118.544501] [] default_file_splice_read+0x43f/0x7a0 [ 118.551133] [] ? _raw_spin_unlock_irq+0x38/0x50 [ 118.557415] [] ? do_splice_direct+0x270/0x270 [ 118.563535] [] ? __might_sleep+0x95/0x1a0 [ 118.569301] [] ? __fsnotify_parent+0xbc/0x340 [ 118.575410] [] ? fsnotify+0x86/0xf30 [ 118.580738] [] ? fsnotify+0xf30/0xf30 [ 118.586156] [] ? avc_policy_seqno+0x9/0x20 [ 118.592005] [] ? selinux_file_permission+0x82/0x460 [ 118.598636] [] ? security_file_permission+0x89/0x1e0 [ 118.605352] [] ? rw_verify_area+0xe5/0x2b0 [ 118.611200] [] ? do_splice_direct+0x270/0x270 [ 118.617307] [] do_splice_to+0x10a/0x160 [ 118.622895] [] splice_direct_to_actor+0x24d/0x800 [ 118.629349] [] ? generic_pipe_buf_nosteal+0x10/0x10 [ 118.635980] [] ? do_splice_to+0x160/0x160 [ 118.641740] [] ? security_file_permission+0x89/0x1e0 [ 118.648457] [] ? rw_verify_area+0xe5/0x2b0 [ 118.654305] [] do_splice_direct+0x1a7/0x270 [ 118.660240] [] ? splice_direct_to_actor+0x800/0x800 [ 118.666874] [] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 118.673418] [] ? __sb_start_write+0x14a/0x310 [ 118.679530] [] do_sendfile+0x54b/0xd30 [ 118.685032] [] ? do_compat_pwritev64+0x100/0x100 [ 118.691402] [] ? __might_fault+0x114/0x1d0 [ 118.697251] [] compat_SyS_sendfile+0xd1/0x160 [ 118.703361] [] ? SyS_sendfile64+0x160/0x160 [ 118.709298] [] ? do_fast_syscall_32+0xcf/0x890 [ 118.715505] [] ? SyS_sendfile64+0x160/0x160 [ 118.721443] [] do_fast_syscall_32+0x2f7/0x890 [ 118.727550] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 118.734179] [] entry_SYSENTER_compat+0x51/0x60 [ 118.741165] Dumping ftrace buffer: [ 118.744671] (ftrace buffer empty) [ 118.748347] Kernel Offset: disabled [ 118.751938] Rebooting in 86400 seconds..