INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-6,10.128.0.18' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program syzkaller login: [ 36.408921] ================================================================== [ 36.410071] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 at addr ffff8801c958fba8 [ 36.411215] Read of size 8 by task syzkaller741581/4291 [ 36.411939] page:ffffea00072563c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 36.413059] flags: 0x8000000000000000() [ 36.413604] page dumped because: kasan: bad access detected [ 36.414375] CPU: 0 PID: 4291 Comm: syzkaller741581 Not tainted 4.9.67-gf26d3c7 #106 [ 36.415404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.416638] ffff8801c95b71a0 ffffffff81d906e9 ffffed00392b1f76 0000000000000008 [ 36.417768] 0000000000000000 ffffed00392b1f76 ffff8801c958fba8 ffff8801c95b7228 [ 36.418946] ffffffff8153a833 ffff8801cb8b4800 ffffffff8389f09e ffffffff810d41b7 [ 36.420095] Call Trace: [ 36.420449] [] dump_stack+0xc1/0x128 [ 36.421159] [] kasan_report.part.1+0x4c3/0x500 [ 36.421980] [] ? mutex_lock_killable_nested+0x60e/0x960 [ 36.422899] [] ? __unwind_start+0x3a7/0x3c0 [ 36.423689] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 36.424598] [] __asan_report_load8_noabort+0x29/0x30 [ 36.425483] [] __unwind_start+0x3a7/0x3c0 [ 36.426248] [] ? ptrace_may_access+0x24/0x50 [ 36.427045] [] __save_stack_trace+0x59/0xf0 [ 36.427830] [] save_stack_trace_tsk+0x48/0x70 [ 36.428640] [] proc_pid_stack+0x146/0x230 [ 36.431872] [] ? lock_trace+0xc0/0xc0 [ 36.437290] [] proc_single_show+0xf8/0x170 [ 36.443230] [] seq_read+0x32f/0x1290 [ 36.448559] [] ? seq_escape+0x200/0x200 [ 36.454148] [] ? fsnotify+0x86/0xf30 [ 36.459487] [] ? fsnotify+0xf30/0xf30 [ 36.464916] [] ? avc_policy_seqno+0x9/0x20 [ 36.470773] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 36.477762] [] ? security_file_permission+0x89/0x1e0 [ 36.484480] [] ? seq_escape+0x200/0x200 [ 36.490067] [] ? seq_escape+0x200/0x200 [ 36.495654] [] do_readv_writev+0x520/0x750 [ 36.501503] [] ? vfs_write+0x530/0x530 [ 36.507004] [] ? kasan_unpoison_shadow+0x35/0x50 [ 36.513373] [] ? push_pipe+0x372/0x770 [ 36.518875] [] ? sanity+0x1ff/0x610 [ 36.524118] [] ? __unwind_start+0x1e3/0x3c0 [ 36.530053] [] vfs_readv+0x84/0xc0 [ 36.535208] [] default_file_splice_read+0x43f/0x7a0 [ 36.541837] [] ? depot_save_stack+0x122/0x4a0 [ 36.547947] [] ? do_splice_direct+0x270/0x270 [ 36.554068] [] ? save_stack+0x43/0xd0 [ 36.559482] [] ? kasan_kmalloc+0xad/0xe0 [ 36.565158] [] ? __kmalloc+0x11d/0x310 [ 36.570661] [] ? alloc_pipe_info+0x135/0x350 [ 36.576686] [] ? splice_direct_to_actor+0x64a/0x800 [ 36.583325] [] ? do_splice_direct+0x1a7/0x270 [ 36.589443] [] ? do_sendfile+0x54b/0xd30 [ 36.595120] [] ? entry_SYSCALL_64_fastpath+0x23/0xc6 [ 36.601840] [] ? avc_policy_seqno+0x9/0x20 [ 36.607689] [] ? selinux_file_permission+0x82/0x460 [ 36.614320] [] ? security_file_permission+0x89/0x1e0 [ 36.621038] [] ? rw_verify_area+0xe5/0x2b0 [ 36.626886] [] ? do_splice_direct+0x270/0x270 [ 36.632994] [] do_splice_to+0x10a/0x160 [ 36.638582] [] splice_direct_to_actor+0x24d/0x800 [ 36.645038] [] ? generic_pipe_buf_nosteal+0x10/0x10 [ 36.651672] [] ? do_splice_to+0x160/0x160 [ 36.657436] [] ? security_file_permission+0x89/0x1e0 [ 36.664151] [] ? rw_verify_area+0xe5/0x2b0 [ 36.669998] [] do_splice_direct+0x1a7/0x270 [ 36.675950] [] ? splice_direct_to_actor+0x800/0x800 [ 36.682591] [] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 36.689134] [] ? __sb_start_write+0x14a/0x310 [ 36.695248] [] do_sendfile+0x54b/0xd30 [ 36.700747] [] ? do_compat_pwritev64+0x100/0x100 [ 36.707127] [] ? __might_fault+0x114/0x1d0 [ 36.712984] [] SyS_sendfile64+0xd1/0x160 [ 36.718657] [] ? SyS_sendfile+0x160/0x160 [ 36.724432] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 36.731237] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 36.737779] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 36.744320] Memory state around the buggy address: [ 36.749214] ffff8801c958fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 executing program executing program executing program executing program executing program executing program [ 36.756535] ffff8801c958fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.763857] >ffff8801c958fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.771188] ^ [ 36.776080] ffff8801c958fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.783403] ffff8801c958fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.790724] ================================================================== [ 36.798043] Disabling lock debugging due to kernel taint executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 40.047697] ================================================================== [ 40.055084] BUG: KASAN: stack-out-of-bounds in __unwind_start+0x3a7/0x3c0 at addr ffff8801cdcd7e60 [ 40.064143] Read of size 8 by task syzkaller741581/7495 [ 40.069474] page:ffffea00073735c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 40.077689] flags: 0x8000000000000000() [ 40.081626] page dumped because: kasan: bad access detected [ 40.087669] CPU: 0 PID: 7495 Comm: syzkaller741581 Tainted: G B 4.9.67-gf26d3c7 #106 [ 40.096640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.105959] ffff8801c93bf1a0 ffffffff81d906e9 ffffed0039b9afcc 0000000000000008 [ 40.113904] 0000000000000000 ffffed0039b9afcc ffff8801cdcd7e60 ffff8801c93bf228 [ 40.121849] ffffffff8153a833 0000000000000000 0000000000000000 ffffffff810d41b7 [ 40.129800] Call Trace: [ 40.132357] [] dump_stack+0xc1/0x128 [ 40.137686] [] kasan_report.part.1+0x4c3/0x500 [ 40.143880] [] ? __unwind_start+0x3a7/0x3c0 [ 40.149815] [] __asan_report_load8_noabort+0x29/0x30 [ 40.156531] [] __unwind_start+0x3a7/0x3c0 [ 40.162291] [] ? ptrace_may_access+0x24/0x50 [ 40.168325] [] __save_stack_trace+0x59/0xf0 [ 40.174258] [] save_stack_trace_tsk+0x48/0x70 [ 40.180367] [] proc_pid_stack+0x146/0x230 [ 40.186136] [] ? lock_trace+0xc0/0xc0 [ 40.191550] [] proc_single_show+0xf8/0x170 [ 40.197401] [] seq_read+0x32f/0x1290 [ 40.202729] [] ? __check_object_size+0x174/0x3a9 [ 40.209099] [] ? seq_escape+0x200/0x200 [ 40.214686] [] ? fsnotify+0x86/0xf30 [ 40.220014] [] ? fsnotify+0xf30/0xf30 [ 40.225428] [] ? avc_policy_seqno+0x9/0x20 [ 40.231276] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 40.238255] [] ? security_file_permission+0x89/0x1e0 [ 40.244972] [] ? seq_escape+0x200/0x200 [ 40.250560] [] ? seq_escape+0x200/0x200 [ 40.256146] [] do_readv_writev+0x520/0x750 [ 40.261993] [] ? vfs_write+0x530/0x530 [ 40.267496] [] ? kasan_unpoison_shadow+0x35/0x50 [ 40.273866] [] ? push_pipe+0x372/0x770 [ 40.279366] [] ? sanity+0x1ff/0x610 [ 40.284606] [] ? __unwind_start+0x1e3/0x3c0 [ 40.290539] [] vfs_readv+0x84/0xc0 [ 40.295694] [] default_file_splice_read+0x43f/0x7a0 [ 40.302326] [] ? depot_save_stack+0x122/0x4a0 [ 40.308434] [] ? do_splice_direct+0x270/0x270 [ 40.314543] [] ? save_stack+0x43/0xd0 [ 40.319957] [] ? kasan_kmalloc+0xad/0xe0 [ 40.325631] [] ? __kmalloc+0x11d/0x310 [ 40.331132] [] ? alloc_pipe_info+0x135/0x350 [ 40.337155] [] ? splice_direct_to_actor+0x64a/0x800 [ 40.343785] [] ? do_splice_direct+0x1a7/0x270 [ 40.349893] [] ? do_sendfile+0x54b/0xd30 [ 40.355570] [] ? entry_SYSCALL_64_fastpath+0x23/0xc6 [ 40.362289] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 40.369266] [] ? set_next_entity+0x275/0xbe0 [ 40.375288] [] ? pick_next_task_fair+0x11c6/0x1fe0 [ 40.381832] [] ? avc_policy_seqno+0x9/0x20 [ 40.387681] [] ? selinux_file_permission+0x82/0x460 [ 40.394310] [] ? security_file_permission+0x89/0x1e0 [ 40.401026] [] ? rw_verify_area+0xe5/0x2b0 [ 40.406875] [] ? do_splice_direct+0x270/0x270 [ 40.412984] [] do_splice_to+0x10a/0x160 [ 40.418572] [] splice_direct_to_actor+0x24d/0x800 [ 40.425028] [] ? generic_pipe_buf_nosteal+0x10/0x10 [ 40.431658] [] ? do_splice_to+0x160/0x160 [ 40.437421] [] ? security_file_permission+0x89/0x1e0 [ 40.444137] [] ? rw_verify_area+0xe5/0x2b0 [ 40.450000] [] do_splice_direct+0x1a7/0x270 [ 40.455944] [] ? splice_direct_to_actor+0x800/0x800 [ 40.462584] [] ? check_preemption_disabled+0x3b/0x200 [ 40.469390] [] ? rcu_sync_lockdep_assert+0xd/0xb0 [ 40.476019] [] ? __sb_start_write+0x14a/0x310 [ 40.482128] [] do_sendfile+0x54b/0xd30 [ 40.487632] [] ? do_compat_pwritev64+0x100/0x100 [ 40.494005] [] ? __might_fault+0xe4/0x1d0 [ 40.499766] [] ? __might_fault+0x114/0x1d0 [ 40.505612] [] SyS_sendfile64+0xd1/0x160 [ 40.511294] [] ? SyS_sendfile+0x160/0x160 [ 40.517056] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 40.523600] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 40.530140] Memory state around the buggy address: [ 40.535032] ffff8801cdcd7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.542354] ffff8801cdcd7d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 executing program executing program executing program executing program executing program [ 40.549676] >ffff8801cdcd7e00: 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 [ 40.557001] ^ [ 40.563458] ffff8801cdcd7e80: f2 00 f2 f2 f2 f2 f2 f2 f2 00 00 f2 f2 00 00 00 [ 40.570780] ffff8801cdcd7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.578102] ================================================================== executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program