[....] Starting enhanced syslogd: rsyslogd[ 15.078259] audit: type=1400 audit(1518970177.692:4): avc: denied { syslog } for pid=3647 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.207' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.043656] IPVS: Creating netns size=2536 id=1 executing program [ 27.064644] IPVS: Creating netns size=2536 id=2 executing program [ 27.085698] IPVS: Creating netns size=2536 id=3 executing program executing program [ 27.106831] IPVS: Creating netns size=2536 id=4 executing program executing program [ 27.128145] IPVS: Creating netns size=2536 id=5 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 27.150182] IPVS: Creating netns size=2536 id=6 [ 27.163802] IPVS: Creating netns size=2536 id=7 [ 27.186919] IPVS: Creating netns size=2536 id=8 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 27.652103] ================================================================== [ 27.659485] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 [ 27.665860] Read of size 8 at addr ffff8801d504fbd8 by task syzkaller903541/4246 [ 27.673358] [ 27.674958] CPU: 1 PID: 4246 Comm: syzkaller903541 Not tainted 4.9.82-gcdfc8df #37 [ 27.682635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.691959] ffff8801ca647898 ffffffff81d94fc9 ffffea00075413c0 ffff8801d504fbd8 executing program executing program executing program [ 27.699928] 0000000000000000 ffff8801d504fbe0 ffff8801ca6479c8 ffff8801ca6478d0 [ 27.707894] ffffffff8153e213 ffff8801d504fbd8 0000000000000008 0000000000000000 [ 27.715868] Call Trace: [ 27.718423] [] dump_stack+0xc1/0x128 [ 27.723756] [] print_address_description+0x73/0x280 [ 27.730391] [] kasan_report+0x275/0x360 [ 27.735982] [] ? __unwind_start+0x3a7/0x3c0 [ 27.741919] [] __asan_report_load8_noabort+0x14/0x20 executing program executing program executing program [ 27.748639] [] __unwind_start+0x3a7/0x3c0 [ 27.754404] [] ? ptrace_may_access+0x24/0x50 [ 27.760430] [] __save_stack_trace+0x59/0xf0 [ 27.766366] [] save_stack_trace_tsk+0x48/0x70 [ 27.772477] [] proc_pid_stack+0x146/0x230 [ 27.778241] [] ? lock_trace+0xc0/0xc0 [ 27.783657] [] proc_single_show+0xf8/0x170 [ 27.789516] [] seq_read+0x32f/0x1290 [ 27.794849] [] ? seq_escape+0x200/0x200 executing program executing program executing program executing program executing program [ 27.800444] [] ? __lock_is_held+0xa1/0xf0 [ 27.806209] [] ? seq_escape+0x200/0x200 [ 27.811804] [] __vfs_read+0x103/0x670 [ 27.817219] [] ? default_llseek+0x290/0x290 [ 27.823157] [] ? fsnotify+0x86/0xf30 [ 27.828486] [] ? fsnotify+0xf30/0xf30 [ 27.833914] [] ? avc_policy_seqno+0x9/0x20 [ 27.839764] [] ? selinux_file_permission+0x82/0x460 [ 27.846395] [] ? security_file_permission+0x89/0x1e0 executing program executing program executing program [ 27.853115] [] ? rw_verify_area+0xe5/0x2b0 [ 27.858968] [] vfs_read+0x11e/0x380 [ 27.864221] [] SyS_read+0xd9/0x1b0 [ 27.869379] [] ? vfs_copy_file_range+0x740/0x740 [ 27.875753] [] ? do_syscall_64+0x48/0x490 [ 27.881520] [] ? vfs_copy_file_range+0x740/0x740 [ 27.887891] [] do_syscall_64+0x1a5/0x490 [ 27.893569] [] entry_SYSCALL_64_after_swapgs+0x47/0xc5 [ 27.900458] executing program executing program [ 27.902051] The buggy address belongs to the page: [ 27.906949] page:ffffea00075413c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 27.915171] flags: 0x8000000000000000() [ 27.919109] page dumped because: kasan: bad access detected [ 27.924784] [ 27.926376] Memory state around the buggy address: [ 27.931272] ffff8801d504fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.938613] ffff8801d504fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.945938] >ffff8801d504fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 executing program executing program executing program executing program executing program [ 27.953262] ^ [ 27.959721] ffff8801d504fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.967050] ffff8801d504fc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.974373] ================================================================== [ 27.981694] Disabling lock debugging due to kernel taint [ 27.987568] Kernel panic - not syncing: panic_on_warn set ... [ 27.987568] [ 27.994915] CPU: 1 PID: 4246 Comm: syzkaller903541 Tainted: G B 4.9.82-gcdfc8df #37 executing program executing program executing program executing program executing program [ 28.003801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.013124] ffff8801ca6477f0 ffffffff81d94fc9 ffffffff8419777f ffff8801ca6478c8 [ 28.021097] 0000000000000000 ffff8801d504fbe0 ffff8801ca6479c8 ffff8801ca6478b8 [ 28.029067] ffffffff8142f6c1 0000000041b58ab3 ffffffff8418b1f0 ffffffff8142f505 [ 28.037028] Call Trace: [ 28.039586] [] dump_stack+0xc1/0x128 [ 28.044921] [] panic+0x1bc/0x3a8 executing program executing program executing program executing program [ 28.049905] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 28.058101] [] ? preempt_schedule+0x25/0x30 [ 28.064041] [] ? ___preempt_schedule+0x16/0x18 [ 28.070239] [] kasan_end_report+0x50/0x50 [ 28.076001] [] kasan_report+0x167/0x360 [ 28.081592] [] ? __unwind_start+0x3a7/0x3c0 [ 28.087533] [] __asan_report_load8_noabort+0x14/0x20 [ 28.094251] [] __unwind_start+0x3a7/0x3c0 executing program executing program executing program executing program executing program [ 28.100025] [] ? ptrace_may_access+0x24/0x50 [ 28.106051] [] __save_stack_trace+0x59/0xf0 [ 28.111987] [] save_stack_trace_tsk+0x48/0x70 [ 28.118099] [] proc_pid_stack+0x146/0x230 [ 28.123863] [] ? lock_trace+0xc0/0xc0 [ 28.129286] [] proc_single_show+0xf8/0x170 [ 28.135140] [] seq_read+0x32f/0x1290 [ 28.140471] [] ? seq_escape+0x200/0x200 [ 28.146064] [] ? __lock_is_held+0xa1/0xf0 executing program executing program executing program [ 28.151829] [] ? seq_escape+0x200/0x200 [ 28.157419] [] __vfs_read+0x103/0x670 [ 28.162835] [] ? default_llseek+0x290/0x290 [ 28.168771] [] ? fsnotify+0x86/0xf30 [ 28.174104] [] ? fsnotify+0xf30/0xf30 [ 28.179522] [] ? avc_policy_seqno+0x9/0x20 [ 28.185374] [] ? selinux_file_permission+0x82/0x460 [ 28.192006] [] ? security_file_permission+0x89/0x1e0 [ 28.198725] [] ? rw_verify_area+0xe5/0x2b0 executing program executing program executing program [ 28.204587] [] vfs_read+0x11e/0x380 [ 28.209838] [] SyS_read+0xd9/0x1b0 [ 28.214994] [] ? vfs_copy_file_range+0x740/0x740 [ 28.221366] [] ? do_syscall_64+0x48/0x490 [ 28.227129] [] ? vfs_copy_file_range+0x740/0x740 [ 28.233508] [] do_syscall_64+0x1a5/0x490 [ 28.239189] [] entry_SYSCALL_64_after_swapgs+0x47/0xc5 [ 28.246437] Dumping ftrace buffer: [ 28.249945] (ftrace buffer empty) [ 28.253627] Kernel Offset: disabled [ 28.257223] Rebooting in 86400 seconds..