INIT: Entering runlevel: 2 [[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts. 2018/04/22 17:29:56 parsed 1 programs 2018/04/22 17:29:56 executed programs: 0 syzkaller login: [ 42.287342] IPVS: Creating netns size=2536 id=1 [ 42.320722] IPVS: Creating netns size=2536 id=2 [ 42.348357] IPVS: Creating netns size=2536 id=3 [ 42.375612] IPVS: Creating netns size=2536 id=4 [ 42.426677] IPVS: Creating netns size=2536 id=5 [ 42.438811] IPVS: Creating netns size=2536 id=6 [ 42.463530] IPVS: Creating netns size=2536 id=7 [ 42.488930] IPVS: Creating netns size=2536 id=8 2018/04/22 17:30:01 executed programs: 737 2018/04/22 17:30:06 executed programs: 1427 2018/04/22 17:30:11 executed programs: 2117 2018/04/22 17:30:16 executed programs: 2800 2018/04/22 17:30:21 executed programs: 3514 2018/04/22 17:30:26 executed programs: 4219 2018/04/22 17:30:31 executed programs: 4916 2018/04/22 17:30:36 executed programs: 5619 [ 83.137767] ================================================================== [ 83.145198] BUG: KASAN: stack-out-of-bounds in __unwind_start+0x37c/0x3c0 [ 83.152143] Read of size 8 at addr ffff8801cb77fa98 by task syz-executor0/19369 [ 83.159577] [ 83.161202] CPU: 1 PID: 19369 Comm: syz-executor0 Not tainted 4.9.95-gee0bcd6 #6 [ 83.168726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.178096] ffff8801d9177770 ffffffff81eb0f89 ffffea00072ddfc0 ffff8801cb77fa98 [ 83.178104] 0000000000000000 ffff8801cb77fa98 ffff8801d91778a8 ffff8801d91777a8 [ 83.178112] ffffffff815653cb ffff8801cb77fa98 0000000000000008 0000000000000000 [ 83.178114] Call Trace: [ 83.178126] [] dump_stack+0xc1/0x128 [ 83.178134] [] print_address_description+0x6c/0x234 [ 83.178141] [] kasan_report.cold.6+0x242/0x2fe [ 83.178149] [] ? __unwind_start+0x37c/0x3c0 [ 83.178155] [] __asan_report_load8_noabort+0x14/0x20 [ 83.178161] [] __unwind_start+0x37c/0x3c0 [ 83.178168] [] ? ptrace_may_access+0x24/0x50 [ 83.178175] [] __save_stack_trace+0x59/0xf0 [ 83.178186] [] save_stack_trace_tsk+0x48/0x70 [ 83.178194] [] proc_pid_stack+0x148/0x220 [ 83.178199] [] ? lock_trace+0xc0/0xc0 [ 83.178204] [] proc_single_show+0xfd/0x170 [ 83.178211] [] seq_read+0x4b6/0x12e0 [ 83.178218] [] ? seq_dentry+0x290/0x290 [ 83.178228] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 83.178235] [] ? fsnotify+0x1100/0x1100 [ 83.178243] [] do_loop_readv_writev.part.18+0xd5/0x280 [ 83.178249] [] do_readv_writev+0x565/0x7a0 [ 83.178255] [] ? vfs_write+0x530/0x530 [ 83.178263] [] ? mark_held_locks+0xc7/0x130 [ 83.178270] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 83.178279] [] ? mutex_lock_nested+0x596/0x870 [ 83.178285] [] ? __fdget_pos+0xac/0xd0 [ 83.178292] [] ? __fget+0x20a/0x3b0 [ 83.178299] [] ? mutex_trylock+0x3e0/0x3e0 [ 83.178305] [] ? __fget+0x231/0x3b0 [ 83.178312] [] ? __fget+0x47/0x3b0 [ 83.178319] [] vfs_readv+0x84/0xc0 [ 83.178325] [] do_readv+0xe6/0x260 [ 83.178331] [] ? vfs_readv+0xc0/0xc0 [ 83.178339] [] SyS_readv+0x27/0x30 [ 83.178346] [] ? rw_copy_check_uvector+0x330/0x330 [ 83.178353] [] do_syscall_64+0x1a6/0x490 [ 83.178360] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 83.178362] [ 83.178364] The buggy address belongs to the page: [ 83.178373] page:ffffea00072ddfc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 83.178376] flags: 0x8000000000000000() [ 83.178378] page dumped because: kasan: bad access detected [ 83.178379] [ 83.178381] Memory state around the buggy address: [ 83.178387] ffff8801cb77f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 83.178392] ffff8801cb77fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 83.178396] >ffff8801cb77fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 83.178398] ^ [ 83.178402] ffff8801cb77fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 83.178406] ffff8801cb77fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 83.178408] ================================================================== [ 83.178410] Disabling lock debugging due to kernel taint [ 83.245080] Kernel panic - not syncing: panic_on_warn set ... [ 83.245080] [ 83.245089] CPU: 1 PID: 19369 Comm: syz-executor0 Tainted: G B 4.9.95-gee0bcd6 #6 [ 83.245093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.245105] ffff8801d91776d0 ffffffff81eb0f89 ffffffff841c45f5 00000000ffffffff [ 83.245113] 0000000000000000 0000000000000001 ffff8801d91778a8 ffff8801d9177790 [ 83.245122] ffffffff8141f945 0000000041b58ab3 ffffffff841b7cf8 ffffffff8141f786 [ 83.245124] Call Trace: [ 83.245136] [] dump_stack+0xc1/0x128 [ 83.245144] [] panic+0x1bf/0x3bc [ 83.245151] [] ? add_taint.cold.6+0x16/0x16 [ 83.245159] [] ? ___preempt_schedule+0x16/0x18 [ 83.245166] [] kasan_end_report+0x47/0x4f [ 83.245178] [] kasan_report.cold.6+0x76/0x2fe [ 83.245186] [] ? __unwind_start+0x37c/0x3c0 [ 83.245194] [] __asan_report_load8_noabort+0x14/0x20 [ 83.245201] [] __unwind_start+0x37c/0x3c0 [ 83.245213] [] ? ptrace_may_access+0x24/0x50 [ 83.245220] [] __save_stack_trace+0x59/0xf0 [ 83.245227] [] save_stack_trace_tsk+0x48/0x70 [ 83.245235] [] proc_pid_stack+0x148/0x220 [ 83.245241] [] ? lock_trace+0xc0/0xc0 [ 83.245248] [] proc_single_show+0xfd/0x170 [ 83.245256] [] seq_read+0x4b6/0x12e0 [ 83.245263] [] ? seq_dentry+0x290/0x290 [ 83.245274] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 83.245281] [] ? fsnotify+0x1100/0x1100 [ 83.245289] [] do_loop_readv_writev.part.18+0xd5/0x280 [ 83.245296] [] do_readv_writev+0x565/0x7a0 [ 83.245302] [] ? vfs_write+0x530/0x530 [ 83.245311] [] ? mark_held_locks+0xc7/0x130 [ 83.245318] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 83.245327] [] ? mutex_lock_nested+0x596/0x870 [ 83.245333] [] ? __fdget_pos+0xac/0xd0 [ 83.245340] [] ? __fget+0x20a/0x3b0 [ 83.245347] [] ? mutex_trylock+0x3e0/0x3e0 [ 83.245354] [] ? __fget+0x231/0x3b0 [ 83.245360] [] ? __fget+0x47/0x3b0 [ 83.245366] [] vfs_readv+0x84/0xc0 [ 83.245373] [] do_readv+0xe6/0x260 [ 83.245379] [] ? vfs_readv+0xc0/0xc0 [ 83.245386] [] SyS_readv+0x27/0x30 [ 83.245393] [] ? rw_copy_check_uvector+0x330/0x330 [ 83.245399] [] do_syscall_64+0x1a6/0x490 [ 83.245406] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 83.247870] Dumping ftrace buffer: [ 83.247873] (ftrace buffer empty) [ 83.247876] Kernel Offset: disabled [ 83.821234] Rebooting in 86400 seconds..