[....] Starting enhanced syslogd: rsyslogd[ 13.292655] audit: type=1400 audit(1521011627.437:4): avc: denied { syslog } for pid=3648 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program syzkaller login: [ 27.525314] IPVS: Creating netns size=2536 id=1 [ 27.538093] kasan: CONFIG_KASAN_INLINE enabled [ 27.542683] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 27.550345] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 27.556562] Dumping ftrace buffer: [ 27.560073] (ftrace buffer empty) [ 27.561875] IPVS: Creating netns size=2536 id=2 [ 27.568410] Modules linked in:[ 27.569589] kasan: CONFIG_KASAN_INLINE enabled [ 27.569591] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 27.583313] CPU: 0 PID: 3825 Comm: syzkaller212972 Not tainted 4.9.87-g97d7f1c #54 [ 27.590987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.600315] task: ffff8801d8a39800 task.stack: ffff8801b1030000 [ 27.606341] RIP: 0010:[] [] __free_pages+0x21/0x80 [ 27.614574] RSP: 0018:ffff8801b1037940 EFLAGS: 00010a07 [ 27.619997] RAX: dffffc0000000000 RBX: dead4ead00000000 RCX: ffffffff826692ab [ 27.627235] RDX: 1bd5a9d5a0000003 RSI: 0000000000000006 RDI: dead4ead0000001c [ 27.634475] RBP: ffff8801b1037950 R08: 0000000048000000 R09: 0000000000001e30 [ 27.641718] R10: 0000000000002100 R11: ffff8801d8a39800 R12: 0000000000000004 [ 27.648958] R13: 0000000000000020 R14: ffff8801d797a100 R15: dffffc0000000000 [ 27.656200] FS: 00007f6f2c3d3700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 [ 27.664393] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.670243] CR2: 0000000020e94000 CR3: 00000001d847c000 CR4: 0000000000160670 [ 27.677488] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.684954] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.692193] Stack: [ 27.694312] 0000000000000001 ffff8801d797a258 ffff8801b10379b0 ffffffff826692d1 [ 27.702291] ffff8801d797a270 ffffed003af2f44b ffffed003af2f44e ffff8801d797a268 [ 27.710263] dead4ead00000000 ffff8801d797a240 0000000000000000 0000000000000000 [ 27.718238] Call Trace: [ 27.720800] [] sg_remove_scat.isra.19+0x1c1/0x2d0 [ 27.727262] [] sg_finish_rem_req+0x2b5/0x340 [ 27.733291] [] sg_new_read.isra.20+0x18d/0x3e0 [ 27.740414] [] sg_read+0x8b7/0x1440 [ 27.745664] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 27.752299] [] ? fsnotify+0x86/0xf30 [ 27.757632] [] ? fsnotify+0xf30/0xf30 [ 27.763055] [] ? avc_policy_seqno+0x9/0x20 [ 27.768912] [] do_loop_readv_writev.part.17+0xc8/0x2b0 [ 27.775807] [] do_readv_writev+0x5fd/0x740 [ 27.781663] [] ? vfs_write+0x530/0x530 [ 27.787176] [] ? exit_robust_list+0x230/0x230 [ 27.793291] [] ? __fget+0x20a/0x3b0 [ 27.798538] [] ? __fget+0x231/0x3b0 [ 27.803785] [] ? __fget+0x47/0x3b0 [ 27.808946] [] vfs_readv+0x84/0xc0 [ 27.814105] [] do_readv+0xe6/0x250 [ 27.819264] [] ? vfs_readv+0xc0/0xc0 [ 27.824597] [] ? SyS_read+0x1b0/0x1b0 [ 27.830020] [] SyS_readv+0x27/0x30 [ 27.835182] [] ? rw_copy_check_uvector+0x2c0/0x2c0 [ 27.841731] [] do_syscall_64+0x1a4/0x490 [ 27.847425] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 27.854317] Code: e9 27 fc ff ff 0f 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 53 48 89 fb 48 83 c7 1c 48 89 fa 48 83 ec 08 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 3d [ 27.880944] RIP [] __free_pages+0x21/0x80 [ 27.886842] RSP [ 27.890447] general protection fault: 0000 [#2] PREEMPT SMP KASAN [ 27.891902] ---[ end trace c148af6d95af210e ]--- [ 27.891906] Kernel panic - not syncing: Fatal exception [ 27.906725] Dumping ftrace buffer: [ 27.910239] (ftrace buffer empty) [ 27.913921] Modules linked in: [ 27.917209] CPU: 1 PID: 3828 Comm: syzkaller212972 Tainted: G D 4.9.87-g97d7f1c #54 [ 27.926101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.935429] task: ffff8801d78e0000 task.stack: ffff8801d7f28000 [ 27.941458] RIP: 0010:[] [] __free_pages+0x21/0x80 [ 27.949700] RSP: 0018:ffff8801d7f2f940 EFLAGS: 00010a07 [ 27.955121] RAX: dffffc0000000000 RBX: dead4ead00000000 RCX: ffffffff826692ab [ 27.962364] RDX: 1bd5a9d5a0000003 RSI: 0000000000000006 RDI: dead4ead0000001c [ 27.969608] RBP: ffff8801d7f2f950 R08: 0000000048000000 R09: 0000000000001e30 [ 27.976851] R10: 0000000000002100 R11: ffff8801d78e0000 R12: 0000000000000004 [ 27.984094] R13: 0000000000000020 R14: ffff8801d78ca100 R15: dffffc0000000000 [ 27.991339] FS: 00007f6f2c3d3700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 [ 27.999539] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 28.005393] CR2: 0000000020e94000 CR3: 00000001cb032000 CR4: 0000000000160670 [ 28.012639] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 28.019884] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 28.027135] Stack: [ 28.029262] 0000000000000001 ffff8801d78ca258 ffff8801d7f2f9b0 ffffffff826692d1 [ 28.037249] ffff8801d78ca270 ffffed003af1944b ffffed003af1944e ffff8801d78ca268 [ 28.045243] dead4ead00000000 ffff8801d78ca240 0000000000000000 0000000000000000 [ 28.053267] Call Trace: [ 28.055832] [] sg_remove_scat.isra.19+0x1c1/0x2d0 [ 28.062301] [] sg_finish_rem_req+0x2b5/0x340 [ 28.068333] [] sg_new_read.isra.20+0x18d/0x3e0 [ 28.074536] [] sg_read+0x8b7/0x1440 [ 28.079793] [] ? __check_object_size+0x174/0x3a9 [ 28.086171] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 28.092822] [] ? fsnotify+0x86/0xf30 [ 28.098158] [] ? fsnotify+0xf30/0xf30 [ 28.103581] [] ? avc_policy_seqno+0x9/0x20 [ 28.109444] [] do_loop_readv_writev.part.17+0xc8/0x2b0 [ 28.116347] [] do_readv_writev+0x5fd/0x740 [ 28.122206] [] ? vfs_write+0x530/0x530 [ 28.127717] [] ? exit_robust_list+0x230/0x230 [ 28.133835] [] ? __fget+0x47/0x3b0 [ 28.138999] [] ? __fget+0x20a/0x3b0 [ 28.144247] [] ? __fget+0x231/0x3b0 [ 28.149495] [] ? __fget+0x47/0x3b0 [ 28.154660] [] vfs_readv+0x84/0xc0 [ 28.159824] [] do_readv+0xe6/0x250 [ 28.164990] [] ? vfs_readv+0xc0/0xc0 [ 28.170327] [] ? SyS_read+0x1b0/0x1b0 [ 28.175755] [] SyS_readv+0x27/0x30 [ 28.180921] [] ? rw_copy_check_uvector+0x2c0/0x2c0 [ 28.187476] [] do_syscall_64+0x1a4/0x490 [ 28.193163] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 28.200061] Code: e9 27 fc ff ff 0f 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 53 48 89 fb 48 83 c7 1c 48 89 fa 48 83 ec 08 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 3d [ 28.226908] RIP [] __free_pages+0x21/0x80 [ 28.232803] RSP [ 28.236800] Dumping ftrace buffer: [ 28.240321] (ftrace buffer empty) [ 28.243999] Kernel Offset: disabled [ 28.247600] Rebooting in 86400 seconds..