[....] Starting enhanced syslogd: rsyslogd[ 12.635306] audit: type=1400 audit(1518499057.388:4): avc: denied { syslog } for pid=3647 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts. 2018/02/13 05:18:45 parsed 1 programs 2018/02/13 05:18:45 executed programs: 0 syzkaller login: [ 80.998542] IPVS: Creating netns size=2536 id=1 [ 81.029109] IPVS: Creating netns size=2536 id=2 [ 81.060225] IPVS: Creating netns size=2536 id=3 [ 81.094371] IPVS: Creating netns size=2536 id=4 [ 81.115379] IPVS: Creating netns size=2536 id=5 [ 81.137888] IPVS: Creating netns size=2536 id=6 [ 81.159389] IPVS: Creating netns size=2536 id=7 [ 81.180635] IPVS: Creating netns size=2536 id=8 2018/02/13 05:18:50 executed programs: 1016 [ 86.323122] ================================================================== [ 86.330539] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 [ 86.336938] Read of size 8 at addr ffff8801b607fc30 by task syz-executor3/9162 [ 86.344278] [ 86.345898] CPU: 1 PID: 9162 Comm: syz-executor3 Not tainted 4.9.80-g8a174b47 #31 [ 86.353513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.362858] ffff8801b50277e8 ffffffff81d94be9 ffffea0006d81fc0 ffff8801b607fc30 [ 86.370899] 0000000000000000 ffff8801b607fc38 ffff8801b5027918 ffff8801b5027820 [ 86.378950] ffffffff8153e113 ffff8801b607fc30 0000000000000008 0000000000000000 [ 86.386976] Call Trace: [ 86.389553] [] dump_stack+0xc1/0x128 [ 86.394905] [] print_address_description+0x73/0x280 [ 86.401564] [] kasan_report+0x275/0x360 [ 86.407174] [] ? __unwind_start+0x3a7/0x3c0 [ 86.413142] [] __asan_report_load8_noabort+0x14/0x20 [ 86.419887] [] __unwind_start+0x3a7/0x3c0 [ 86.425674] [] ? ptrace_may_access+0x24/0x50 [ 86.431721] [] __save_stack_trace+0x59/0xf0 [ 86.437692] [] save_stack_trace_tsk+0x48/0x70 [ 86.443831] [] proc_pid_stack+0x146/0x230 [ 86.449621] [] ? lock_trace+0xc0/0xc0 [ 86.455059] [] proc_single_show+0xf8/0x170 [ 86.460931] [] seq_read+0x32f/0x1290 [ 86.466267] [] ? seq_escape+0x200/0x200 [ 86.471859] [] ? fsnotify+0x86/0xf30 [ 86.477188] [] ? fsnotify+0xf30/0xf30 [ 86.482622] [] ? avc_policy_seqno+0x9/0x20 [ 86.488487] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 86.495469] [] ? security_file_permission+0x89/0x1e0 [ 86.502196] [] ? seq_escape+0x200/0x200 [ 86.507878] [] ? seq_escape+0x200/0x200 [ 86.513476] [] do_readv_writev+0x520/0x750 [ 86.519332] [] ? vfs_write+0x530/0x530 [ 86.524842] [] ? mark_held_locks+0xaf/0x100 [ 86.530830] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 86.537648] [] ? mutex_lock_nested+0x56f/0x870 [ 86.543848] [] ? __fdget_pos+0x9f/0xc0 [ 86.549354] [] ? __fget+0x201/0x3a0 [ 86.554603] [] ? mutex_lock_killable_nested+0x960/0x960 [ 86.561587] [] ? __fget+0x228/0x3a0 [ 86.566835] [] ? __fget+0x47/0x3a0 [ 86.572006] [] vfs_readv+0x84/0xc0 [ 86.577166] [] do_readv+0xe6/0x250 [ 86.582333] [] ? vfs_readv+0xc0/0xc0 [ 86.587672] [] ? entry_SYSCALL_64_fastpath+0x5/0xe8 [ 86.594308] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 86.601121] [] SyS_readv+0x27/0x30 [ 86.606279] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 86.612823] [ 86.614419] The buggy address belongs to the page: [ 86.619316] page:ffffea0006d81fc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 86.627540] flags: 0x8000000000000000() [ 86.631480] page dumped because: kasan: bad access detected [ 86.637155] [ 86.638752] Memory state around the buggy address: [ 86.643652] ffff8801b607fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.650980] ffff8801b607fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.658307] >ffff8801b607fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.665632] ^ [ 86.670788] ffff8801b607fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.678118] ffff8801b607fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 86.685450] ================================================================== [ 86.692779] Disabling lock debugging due to kernel taint [ 86.700018] Kernel panic - not syncing: panic_on_warn set ... [ 86.700018] [ 86.707399] CPU: 0 PID: 9162 Comm: syz-executor3 Tainted: G B 4.9.80-g8a174b47 #31 [ 86.716201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.725526] ffff8801b5027740 ffffffff81d94be9 ffffffff841970c7 ffff8801b5027818 [ 86.733492] 0000000000000000 ffff8801b607fc38 ffff8801b5027918 ffff8801b5027808 [ 86.741461] ffffffff8142f5c1 0000000041b58ab3 ffffffff8418ab38 ffffffff8142f405 [ 86.749435] Call Trace: [ 86.751992] [] dump_stack+0xc1/0x128 [ 86.757332] [] panic+0x1bc/0x3a8 [ 86.762316] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 86.770515] [] ? preempt_schedule+0x25/0x30 [ 86.776454] [] ? ___preempt_schedule+0x16/0x18 [ 86.782654] [] kasan_end_report+0x50/0x50 [ 86.788423] [] kasan_report+0x167/0x360 [ 86.794014] [] ? __unwind_start+0x3a7/0x3c0 [ 86.799954] [] __asan_report_load8_noabort+0x14/0x20 [ 86.806676] [] __unwind_start+0x3a7/0x3c0 [ 86.812453] [] ? ptrace_may_access+0x24/0x50 [ 86.818478] [] __save_stack_trace+0x59/0xf0 [ 86.824425] [] save_stack_trace_tsk+0x48/0x70 [ 86.830540] [] proc_pid_stack+0x146/0x230 [ 86.836313] [] ? lock_trace+0xc0/0xc0 [ 86.841734] [] proc_single_show+0xf8/0x170 [ 86.847588] [] seq_read+0x32f/0x1290 [ 86.852927] [] ? seq_escape+0x200/0x200 [ 86.858525] [] ? fsnotify+0x86/0xf30 [ 86.863854] [] ? fsnotify+0xf30/0xf30 [ 86.869274] [] ? avc_policy_seqno+0x9/0x20 [ 86.875130] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 86.882110] [] ? security_file_permission+0x89/0x1e0 [ 86.888843] [] ? seq_escape+0x200/0x200 [ 86.894434] [] ? seq_escape+0x200/0x200 [ 86.900035] [] do_readv_writev+0x520/0x750 [ 86.905891] [] ? vfs_write+0x530/0x530 [ 86.911418] [] ? mark_held_locks+0xaf/0x100 [ 86.917358] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 86.924166] [] ? mutex_lock_nested+0x56f/0x870 [ 86.930367] [] ? __fdget_pos+0x9f/0xc0 [ 86.935873] [] ? __fget+0x201/0x3a0 [ 86.941119] [] ? mutex_lock_killable_nested+0x960/0x960 [ 86.948108] [] ? __fget+0x228/0x3a0 [ 86.953355] [] ? __fget+0x47/0x3a0 [ 86.958515] [] vfs_readv+0x84/0xc0 [ 86.963679] [] do_readv+0xe6/0x250 [ 86.968838] [] ? vfs_readv+0xc0/0xc0 [ 86.974169] [] ? entry_SYSCALL_64_fastpath+0x5/0xe8 [ 86.980806] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 86.987615] [] SyS_readv+0x27/0x30 [ 86.992776] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 86.999740] Dumping ftrace buffer: [ 87.003250] (ftrace buffer empty) [ 87.006929] Kernel Offset: disabled [ 87.010528] Rebooting in 86400 seconds..