[....] Starting enhanced syslogd: rsyslogd[ 12.578922] audit: type=1400 audit(1513952062.170:4): avc: denied { syslog } for pid=3177 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-386-3,10.128.15.197' (ECDSA) to the list of known hosts. net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 syzkaller login: [ 19.700604] audit: type=1400 audit(1513952069.300:5): avc: denied { sys_admin } for pid=3326 comm="syzkaller825961" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 19.729267] IPVS: Creating netns size=2536 id=1 executing program [ 19.789600] audit: type=1400 audit(1513952069.390:6): avc: denied { sys_chroot } for pid=3350 comm="syzkaller825961" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 19.825327] audit: type=1400 audit(1513952069.420:7): avc: denied { net_admin } for pid=3350 comm="syzkaller825961" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 19.850183] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 19.856219] ================================================================== [ 19.863571] BUG: KASAN: stack-out-of-bounds in string+0x1e8/0x200 [ 19.869764] Read of size 1 at addr ffff8801c957fcd4 by task syzkaller825961/3359 [ 19.877256] [ 19.878850] CPU: 0 PID: 3359 Comm: syzkaller825961 Not tainted 4.9.71-g2506378 #9 [ 19.886431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.895749] ffff8801c957f740 ffffffff81d922b9 ffffea0007255fc0 ffff8801c957fcd4 [ 19.903693] 0000000000000000 ffff8801c957fcd4 ffffffff858b2714 ffff8801c957f778 [ 19.911637] ffffffff8153bab3 ffff8801c957fcd4 0000000000000001 0000000000000000 [ 19.919577] Call Trace: [ 19.922129] [] dump_stack+0xc1/0x128 [ 19.927459] [] print_address_description+0x73/0x280 [ 19.934088] [] kasan_report+0x275/0x360 [ 19.939672] [] ? string+0x1e8/0x200 [ 19.944910] [] __asan_report_load1_noabort+0x14/0x20 [ 19.951623] [] string+0x1e8/0x200 [ 19.956688] [] vsnprintf+0x7ad/0x16d0 [ 19.962101] [] ? pointer+0xa90/0xa90 [ 19.967426] [] vscnprintf+0x2d/0x60 [ 19.972667] [] vprintk_emit+0xf1/0x750 [ 19.978165] [] ? mark_held_locks+0xaf/0x100 [ 19.984097] [] vprintk+0x28/0x30 [ 19.989076] [] vprintk_default+0x1d/0x30 [ 19.994748] [] printk+0xb7/0xe2 [ 19.999640] [] ? load_image_and_restore+0xf9/0xf9 [ 20.006100] [] ? mutex_lock_killable_nested+0x960/0x960 [ 20.013078] [] do_ip_vs_set_ctl+0xa01/0xc00 [ 20.019013] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 20.025821] [] ? mark_held_locks+0xaf/0x100 [ 20.031755] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 20.038468] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 20.044660] [] ? mutex_unlock+0x9/0x10 [ 20.050160] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 20.057221] [] compat_nf_setsockopt+0xfa/0x130 [ 20.063414] [] compat_ip_setsockopt+0x9d/0xf0 [ 20.069520] [] compat_udp_setsockopt+0x45/0x80 [ 20.075713] [] compat_sock_common_setsockopt+0xb2/0x140 [ 20.082686] [] ? udp_lib_setsockopt+0x560/0x560 [ 20.088967] [] compat_SyS_setsockopt+0x149/0x290 [ 20.095333] [] ? sock_common_setsockopt+0xd0/0xd0 [ 20.101789] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 20.108332] [] ? do_fast_syscall_32+0xcf/0x890 [ 20.114524] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 20.121066] [] do_fast_syscall_32+0x2f7/0x890 [ 20.127171] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 20.133799] [] entry_SYSENTER_compat+0x51/0x60 [ 20.139998] [ 20.141588] The buggy address belongs to the page: [ 20.146479] page:ffffea0007255fc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 20.154692] flags: 0x8000000000000000() [ 20.158627] page dumped because: kasan: bad access detected [ 20.164295] [ 20.165887] Memory state around the buggy address: [ 20.170779] ffff8801c957fb80: 00 00 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 04 [ 20.178099] ffff8801c957fc00: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 [ 20.185419] >ffff8801c957fc80: f2 f2 00 00 00 00 00 00 00 00 04 f2 f2 f2 00 00 [ 20.192737] ^ [ 20.198668] ffff8801c957fd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.205991] ffff8801c957fd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.213308] ================================================================== [ 20.220631] Kernel panic - not syncing: panic_on_warn set ... [ 20.220631] [ 20.227960] CPU: 0 PID: 3359 Comm: syzkaller825961 Tainted: G B 4.9.71-g2506378 #9 [ 20.236759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.246080] ffff8801c957f698 ffffffff81d922b9 ffffffff84194b3f ffff8801c957f770 [ 20.254020] 0000000000000000 ffff8801c957fcd4 ffffffff858b2714 ffff8801c957f760 [ 20.261970] ffffffff8142d741 0000000041b58ab3 ffffffff84188580 ffffffff8142d585 [ 20.269932] Call Trace: [ 20.272491] [] dump_stack+0xc1/0x128 [ 20.277822] [] panic+0x1bc/0x3a8 [ 20.282805] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 20.291001] [] ? load_image_and_restore+0xf9/0xf9 [ 20.297454] [] kasan_end_report+0x50/0x50 [ 20.303213] [] kasan_report+0x167/0x360 [ 20.308800] [] ? string+0x1e8/0x200 [ 20.314042] [] __asan_report_load1_noabort+0x14/0x20 [ 20.320755] [] string+0x1e8/0x200 [ 20.325820] [] vsnprintf+0x7ad/0x16d0 [ 20.331233] [] ? pointer+0xa90/0xa90 [ 20.336564] [] vscnprintf+0x2d/0x60 [ 20.341810] [] vprintk_emit+0xf1/0x750 [ 20.347312] [] ? mark_held_locks+0xaf/0x100 [ 20.353244] [] vprintk+0x28/0x30 [ 20.358221] [] vprintk_default+0x1d/0x30 [ 20.363899] [] printk+0xb7/0xe2 [ 20.368790] [] ? load_image_and_restore+0xf9/0xf9 [ 20.375245] [] ? mutex_lock_killable_nested+0x960/0x960 [ 20.382223] [] do_ip_vs_set_ctl+0xa01/0xc00 [ 20.388156] [] ? ip_vs_genl_dump_services+0x430/0x430 [ 20.394960] [] ? mark_held_locks+0xaf/0x100 [ 20.400894] [] ? __mutex_unlock_slowpath+0x25a/0x3d0 [ 20.407607] [] ? __ww_mutex_lock+0x14a0/0x14a0 [ 20.413803] [] ? mutex_unlock+0x9/0x10 [ 20.419307] [] ? nf_sockopt_find.constprop.0+0x1a7/0x220 [ 20.426369] [] compat_nf_setsockopt+0xfa/0x130 [ 20.432565] [] compat_ip_setsockopt+0x9d/0xf0 [ 20.438680] [] compat_udp_setsockopt+0x45/0x80 [ 20.444881] [] compat_sock_common_setsockopt+0xb2/0x140 [ 20.451855] [] ? udp_lib_setsockopt+0x560/0x560 [ 20.458136] [] compat_SyS_setsockopt+0x149/0x290 [ 20.464514] [] ? sock_common_setsockopt+0xd0/0xd0 [ 20.470975] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 20.477517] [] ? do_fast_syscall_32+0xcf/0x890 [ 20.483729] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 20.490283] [] do_fast_syscall_32+0x2f7/0x890 [ 20.496391] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 20.503022] [] entry_SYSENTER_compat+0x51/0x60 [ 20.509628] Dumping ftrace buffer: [ 20.513138] (ftrace buffer empty) [ 20.516815] Kernel Offset: disabled [ 20.520405] Rebooting in 86400 seconds..