INIT: Entering runlevel: 2 [[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.17' (ECDSA) to the list of known hosts. 2018/04/22 18:09:55 parsed 1 programs 2018/04/22 18:09:55 executed programs: 0 syzkaller login: [ 26.486498] IPVS: Creating netns size=2536 id=1 [ 26.508430] IPVS: Creating netns size=2536 id=2 [ 26.545302] IPVS: Creating netns size=2536 id=3 [ 26.584436] IPVS: Creating netns size=2536 id=4 [ 26.629953] IPVS: Creating netns size=2536 id=5 [ 26.665789] IPVS: Creating netns size=2536 id=6 [ 26.677254] IPVS: Creating netns size=2536 id=7 [ 26.706811] IPVS: Creating netns size=2536 id=8 2018/04/22 18:10:00 executed programs: 759 [ 31.653626] ================================================================== [ 31.661039] BUG: KASAN: out-of-bounds in unwind_next_frame+0xcd/0xe0 [ 31.667519] Read of size 8 at addr ffff8801ce01fdd0 by task syz-executor5/5970 [ 31.674870] [ 31.676502] CPU: 1 PID: 5970 Comm: syz-executor5 Not tainted 4.9.95-gee0bcd6 #6 [ 31.683932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.693271] ffff8801b5cbf7a8 ffffffff81eb0f89 ffffea00073807c0 ffff8801ce01fdd0 [ 31.701323] 0000000000000000 ffff8801ce01fdd8 ffff8801d758b3c0 ffff8801b5cbf7e0 [ 31.709366] ffffffff815653cb ffff8801ce01fdd0 0000000000000008 0000000000000000 [ 31.717399] Call Trace: [ 31.719977] [] dump_stack+0xc1/0x128 [ 31.725329] [] print_address_description+0x6c/0x234 [ 31.731982] [] kasan_report.cold.6+0x242/0x2fe [ 31.738201] [] ? unwind_next_frame+0xcd/0xe0 [ 31.744254] [] __asan_report_load8_noabort+0x14/0x20 [ 31.750995] [] unwind_next_frame+0xcd/0xe0 [ 31.756868] [] __save_stack_trace+0x7d/0xf0 [ 31.762833] [] save_stack_trace_tsk+0x48/0x70 [ 31.768971] [] proc_pid_stack+0x148/0x220 [ 31.774754] [] ? lock_trace+0xc0/0xc0 [ 31.780195] [] proc_single_show+0xfd/0x170 [ 31.786069] [] seq_read+0x4b6/0x12e0 [ 31.791425] [] ? seq_dentry+0x290/0x290 [ 31.797042] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 31.805525] [] ? fsnotify+0x1100/0x1100 [ 31.811143] [] do_loop_readv_writev.part.18+0xd5/0x280 [ 31.818060] [] compat_do_readv_writev+0x567/0x7a0 [ 31.824542] [] ? do_pwritev+0x240/0x240 [ 31.830242] [] ? mark_held_locks+0xc7/0x130 [ 31.836199] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 31.843013] [] ? mutex_lock_nested+0x596/0x870 [ 31.849220] [] ? __fdget_pos+0xac/0xd0 [ 31.854729] [] ? __fget+0x20a/0x3b0 [ 31.859976] [] ? mutex_trylock+0x3e0/0x3e0 [ 31.865835] [] ? __fget+0x231/0x3b0 [ 31.871091] [] ? __fget+0x47/0x3b0 [ 31.876254] [] compat_readv+0xe2/0x150 [ 31.881762] [] do_compat_readv+0xf2/0x1d0 [ 31.887538] [] ? compat_readv+0x150/0x150 [ 31.893309] [] compat_SyS_readv+0x26/0x30 [ 31.899075] [] ? SyS_pwritev2+0x80/0x80 [ 31.904670] [] do_fast_syscall_32+0x2f7/0x870 [ 31.910785] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 31.917421] [] entry_SYSENTER_compat+0x90/0xa2 [ 31.923621] [ 31.925220] The buggy address belongs to the page: [ 31.930121] page:ffffea00073807c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 31.938357] flags: 0x8000000000000000() [ 31.942299] page dumped because: kasan: bad access detected [ 31.947975] [ 31.949571] Memory state around the buggy address: [ 31.954474] ffff8801ce01fc80: 00 f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00 [ 31.961803] ffff8801ce01fd00: 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 [ 31.969135] >ffff8801ce01fd80: 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 [ 31.976463] ^ [ 31.982664] ffff8801ce01fe00: 00 00 00 f1 f1 f1 f1 00 00 f2 f2 f2 f2 f2 f2 00 [ 31.989994] ffff8801ce01fe80: 00 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.997318] ================================================================== [ 32.004646] Disabling lock debugging due to kernel taint [ 32.013616] Kernel panic - not syncing: panic_on_warn set ... [ 32.013616] [ 32.020991] CPU: 1 PID: 5970 Comm: syz-executor5 Tainted: G B 4.9.95-gee0bcd6 #6 [ 32.029635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.038978] ffff8801b5cbf708 ffffffff81eb0f89 ffffffff841c45f5 00000000ffffffff [ 32.047017] 0000000000000000 0000000000000001 ffff8801d758b3c0 ffff8801b5cbf7c8 [ 32.054997] ffffffff8141f945 0000000041b58ab3 ffffffff841b7cf8 ffffffff8141f786 [ 32.062979] Call Trace: [ 32.065539] [] dump_stack+0xc1/0x128 [ 32.070872] [] panic+0x1bf/0x3bc [ 32.075861] [] ? add_taint.cold.6+0x16/0x16 [ 32.081804] [] ? ___preempt_schedule+0x16/0x18 [ 32.088008] [] kasan_end_report+0x47/0x4f [ 32.093778] [] kasan_report.cold.6+0x76/0x2fe [ 32.099893] [] ? unwind_next_frame+0xcd/0xe0 [ 32.105921] [] __asan_report_load8_noabort+0x14/0x20 [ 32.112646] [] unwind_next_frame+0xcd/0xe0 [ 32.118501] [] __save_stack_trace+0x7d/0xf0 [ 32.124443] [] save_stack_trace_tsk+0x48/0x70 [ 32.130559] [] proc_pid_stack+0x148/0x220 [ 32.136336] [] ? lock_trace+0xc0/0xc0 [ 32.141759] [] proc_single_show+0xfd/0x170 [ 32.147614] [] seq_read+0x4b6/0x12e0 [ 32.152946] [] ? seq_dentry+0x290/0x290 [ 32.158542] [] ? __fsnotify_update_child_dentry_flags.part.1+0x300/0x300 [ 32.167001] [] ? fsnotify+0x1100/0x1100 [ 32.172604] [] do_loop_readv_writev.part.18+0xd5/0x280 [ 32.179502] [] compat_do_readv_writev+0x567/0x7a0 [ 32.185962] [] ? do_pwritev+0x240/0x240 [ 32.191555] [] ? mark_held_locks+0xc7/0x130 [ 32.197498] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 32.204315] [] ? mutex_lock_nested+0x596/0x870 [ 32.210527] [] ? __fdget_pos+0xac/0xd0 [ 32.216040] [] ? __fget+0x20a/0x3b0 [ 32.221288] [] ? mutex_trylock+0x3e0/0x3e0 [ 32.227142] [] ? __fget+0x231/0x3b0 [ 32.232388] [] ? __fget+0x47/0x3b0 [ 32.237547] [] compat_readv+0xe2/0x150 [ 32.243056] [] do_compat_readv+0xf2/0x1d0 [ 32.248832] [] ? compat_readv+0x150/0x150 [ 32.254601] [] compat_SyS_readv+0x26/0x30 [ 32.260368] [] ? SyS_pwritev2+0x80/0x80 [ 32.265962] [] do_fast_syscall_32+0x2f7/0x870 [ 32.272077] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 32.278712] [] entry_SYSENTER_compat+0x90/0xa2 [ 32.285395] Dumping ftrace buffer: [ 32.288904] (ftrace buffer empty) [ 32.292586] Kernel Offset: disabled [ 32.296181] Rebooting in 86400 seconds..