[....] Starting enhanced syslogd: rsyslogd[ 13.477751] audit: type=1400 audit(1518256204.855:4): avc: denied { syslog } for pid=3654 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.45' (ECDSA) to the list of known hosts. 2018/02/10 09:50:18 parsed 1 programs 2018/02/10 09:50:18 executed programs: 0 syzkaller login: [ 27.088753] IPVS: Creating netns size=2536 id=1 [ 27.110080] IPVS: Creating netns size=2536 id=2 [ 27.142685] IPVS: Creating netns size=2536 id=3 [ 27.165625] IPVS: Creating netns size=2536 id=4 [ 27.198174] IPVS: Creating netns size=2536 id=5 [ 27.213416] IPVS: Creating netns size=2536 id=6 [ 27.250074] IPVS: Creating netns size=2536 id=7 [ 27.287826] IPVS: Creating netns size=2536 id=8 2018/02/10 09:50:23 executed programs: 332 [ 35.850739] ================================================================== [ 35.858133] BUG: KASAN: stack-out-of-bounds in unwind_get_return_address+0x92/0xa0 [ 35.865995] Read of size 8 at addr ffff8801cb3dfde8 by task syz-executor1/7463 [ 35.873329] [ 35.874931] CPU: 0 PID: 7463 Comm: syz-executor1 Not tainted 4.9.80-g8a174b47 #39 [ 35.882523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.891872] ffff8801cc1c77c8 ffffffff81d94be9 ffffea00072cf7c0 ffff8801cb3dfde8 [ 35.899889] 0000000000000000 ffff8801cb3dfde8 0000000000000000 ffff8801cc1c7800 [ 35.907864] ffffffff8153e113 ffff8801cb3dfde8 0000000000000008 0000000000000000 [ 35.915908] Call Trace: [ 35.918489] [] dump_stack+0xc1/0x128 [ 35.923841] [] print_address_description+0x73/0x280 [ 35.930499] [] kasan_report+0x275/0x360 [ 35.936114] [] ? unwind_get_return_address+0x92/0xa0 [ 35.942944] [] __asan_report_load8_noabort+0x14/0x20 [ 35.949687] [] unwind_get_return_address+0x92/0xa0 [ 35.956266] [] __save_stack_trace+0x8d/0xf0 [ 35.962221] [] save_stack_trace_tsk+0x48/0x70 [ 35.968342] [] proc_pid_stack+0x146/0x230 [ 35.974118] [] ? lock_trace+0xc0/0xc0 [ 35.979546] [] proc_single_show+0xf8/0x170 [ 35.985404] [] seq_read+0x32f/0x1290 [ 35.990739] [] ? seq_escape+0x200/0x200 [ 35.996339] [] ? fsnotify+0x86/0xf30 [ 36.001675] [] ? fsnotify+0xf30/0xf30 [ 36.007102] [] ? avc_policy_seqno+0x9/0x20 [ 36.012977] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 36.019959] [] ? security_file_permission+0x89/0x1e0 [ 36.026686] [] ? seq_escape+0x200/0x200 [ 36.032281] [] ? seq_escape+0x200/0x200 [ 36.038136] [] compat_do_readv_writev+0x522/0x760 [ 36.044604] [] ? do_pwritev+0x1a0/0x1a0 [ 36.050208] [] ? mutex_lock_nested+0x5e3/0x870 [ 36.056424] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 36.063240] [] ? mutex_lock_nested+0x56f/0x870 [ 36.069449] [] ? __fdget_pos+0x9f/0xc0 [ 36.074956] [] ? __fget+0x201/0x3a0 [ 36.080212] [] ? mutex_lock_killable_nested+0x960/0x960 [ 36.087296] [] ? __fget+0x228/0x3a0 [ 36.092549] [] ? __fget+0x47/0x3a0 [ 36.097711] [] compat_readv+0xe3/0x150 [ 36.103217] [] do_compat_readv+0xf4/0x1d0 [ 36.109005] [] ? compat_readv+0x150/0x150 [ 36.114778] [] compat_SyS_readv+0x26/0x30 [ 36.120545] [] ? SyS_pwritev2+0x80/0x80 [ 36.126147] [] do_fast_syscall_32+0x2f7/0x890 [ 36.132268] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.138910] [] entry_SYSENTER_compat+0x74/0x83 [ 36.145198] [ 36.146795] The buggy address belongs to the page: [ 36.151695] page:ffffea00072cf7c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 36.159927] flags: 0x8000000000000000() [ 36.163867] page dumped because: kasan: bad access detected [ 36.169545] [ 36.171149] Memory state around the buggy address: [ 36.176049] ffff8801cb3dfc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.183377] ffff8801cb3dfd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.190704] >ffff8801cb3dfd80: f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 [ 36.198033] ^ [ 36.204761] ffff8801cb3dfe00: f2 f2 f2 f2 00 00 f2 f2 00 00 00 00 00 00 00 00 [ 36.212093] ffff8801cb3dfe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.219425] ================================================================== [ 36.226761] Disabling lock debugging due to kernel taint [ 36.238949] Kernel panic - not syncing: panic_on_warn set ... [ 36.238949] [ 36.246342] CPU: 0 PID: 7463 Comm: syz-executor1 Tainted: G B 4.9.80-g8a174b47 #39 [ 36.255179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.264516] ffff8801cc1c7720 ffffffff81d94be9 ffffffff841970c7 ffff8801cc1c77f8 [ 36.272569] 0000000000000000 ffff8801cb3dfde8 0000000000000000 ffff8801cc1c77e8 [ 36.280552] ffffffff8142f5c1 0000000041b58ab3 ffffffff8418ab38 ffffffff8142f405 [ 36.288598] Call Trace: [ 36.291188] [] dump_stack+0xc1/0x128 [ 36.296551] [] panic+0x1bc/0x3a8 [ 36.301564] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 36.309776] [] ? preempt_schedule+0x25/0x30 [ 36.315819] [] ? ___preempt_schedule+0x16/0x18 [ 36.322051] [] kasan_end_report+0x50/0x50 [ 36.327846] [] kasan_report+0x167/0x360 [ 36.333478] [] ? unwind_get_return_address+0x92/0xa0 [ 36.340221] [] __asan_report_load8_noabort+0x14/0x20 [ 36.346984] [] unwind_get_return_address+0x92/0xa0 [ 36.353562] [] __save_stack_trace+0x8d/0xf0 [ 36.359540] [] save_stack_trace_tsk+0x48/0x70 [ 36.365862] [] proc_pid_stack+0x146/0x230 [ 36.371660] [] ? lock_trace+0xc0/0xc0 [ 36.377101] [] proc_single_show+0xf8/0x170 [ 36.382980] [] seq_read+0x32f/0x1290 [ 36.388318] [] ? seq_escape+0x200/0x200 [ 36.393918] [] ? fsnotify+0x86/0xf30 [ 36.399262] [] ? fsnotify+0xf30/0xf30 [ 36.404707] [] ? avc_policy_seqno+0x9/0x20 [ 36.410580] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 36.417660] [] ? security_file_permission+0x89/0x1e0 [ 36.424386] [] ? seq_escape+0x200/0x200 [ 36.430255] [] ? seq_escape+0x200/0x200 [ 36.435865] [] compat_do_readv_writev+0x522/0x760 [ 36.442338] [] ? do_pwritev+0x1a0/0x1a0 [ 36.447970] [] ? mutex_lock_nested+0x5e3/0x870 [ 36.454187] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 36.461005] [] ? mutex_lock_nested+0x56f/0x870 [ 36.467208] [] ? __fdget_pos+0x9f/0xc0 [ 36.472720] [] ? __fget+0x201/0x3a0 [ 36.477975] [] ? mutex_lock_killable_nested+0x960/0x960 [ 36.484973] [] ? __fget+0x228/0x3a0 [ 36.490230] [] ? __fget+0x47/0x3a0 [ 36.495392] [] compat_readv+0xe3/0x150 [ 36.500897] [] do_compat_readv+0xf4/0x1d0 [ 36.506662] [] ? compat_readv+0x150/0x150 [ 36.512432] [] compat_SyS_readv+0x26/0x30 [ 36.518203] [] ? SyS_pwritev2+0x80/0x80 [ 36.523795] [] do_fast_syscall_32+0x2f7/0x890 [ 36.529907] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.536544] [] entry_SYSENTER_compat+0x74/0x83 [ 36.543260] Dumping ftrace buffer: [ 36.546776] (ftrace buffer empty) [ 36.550455] Kernel Offset: disabled [ 36.554050] Rebooting in 86400 seconds..