[....] Starting enhanced syslogd: rsyslogd[ 9.654044] audit: type=1400 audit(1514356695.984:4): avc: denied { syslog } for pid=3162 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-0,10.128.0.4' (ECDSA) to the list of known hosts. 2017/12/27 06:38:27 parsed 1 programs 2017/12/27 06:38:27 executed programs: 0 syzkaller login: [ 21.032741] audit: type=1400 audit(1514356707.364:5): avc: denied { sys_admin } for pid=3323 comm="syz-executor4" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 21.052672] IPVS: Creating netns size=2536 id=1 [ 21.072462] IPVS: Creating netns size=2536 id=2 [ 21.090917] audit: type=1400 audit(1514356707.424:6): avc: denied { sys_chroot } for pid=3326 comm="syz-executor4" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 21.118457] audit: type=1400 audit(1514356707.444:7): avc: denied { dac_override } for pid=3347 comm="syz-executor4" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 21.143254] IPVS: Creating netns size=2536 id=3 [ 21.165859] IPVS: Creating netns size=2536 id=4 [ 21.186832] IPVS: Creating netns size=2536 id=5 [ 21.217521] IPVS: Creating netns size=2536 id=6 [ 21.259981] IPVS: Creating netns size=2536 id=7 [ 21.291868] IPVS: Creating netns size=2536 id=8 2017/12/27 06:38:32 executed programs: 963 [ 28.917763] ================================================================== [ 28.925165] BUG: KASAN: stack-out-of-bounds in __unwind_start+0x3a7/0x3c0 [ 28.932068] Read of size 8 at addr ffff8801c763fa68 by task syz-executor3/10613 [ 28.939485] [ 28.941095] CPU: 0 PID: 10613 Comm: syz-executor3 Not tainted 4.9.71-g2506378 #113 [ 28.948784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.958121] ffff8801c77478f0 ffffffff81d922b9 ffffea00071d8fc0 ffff8801c763fa68 [ 28.966121] 0000000000000000 ffff8801c763fa68 ffff8801c7747a20 ffff8801c7747928 [ 28.974123] ffffffff8153bab3 ffff8801c763fa68 0000000000000008 0000000000000000 [ 28.982122] Call Trace: [ 28.984692] [] dump_stack+0xc1/0x128 [ 28.990036] [] print_address_description+0x73/0x280 [ 28.996686] [] kasan_report+0x275/0x360 [ 29.002291] [] ? __unwind_start+0x3a7/0x3c0 [ 29.008252] [] __asan_report_load8_noabort+0x14/0x20 [ 29.014986] [] __unwind_start+0x3a7/0x3c0 [ 29.020768] [] ? ptrace_may_access+0x24/0x50 [ 29.026804] [] __save_stack_trace+0x59/0xf0 [ 29.032742] [] save_stack_trace_tsk+0x48/0x70 [ 29.038868] [] proc_pid_stack+0x146/0x230 [ 29.044645] [] ? lock_trace+0xc0/0xc0 [ 29.050061] [] proc_single_show+0xf8/0x170 [ 29.055913] [] seq_read+0x32f/0x1290 [ 29.061243] [] ? seq_escape+0x200/0x200 [ 29.066840] [] ? do_futex+0x3f8/0x15c0 [ 29.072349] [] ? __lock_is_held+0xa1/0xf0 [ 29.078109] [] ? seq_escape+0x200/0x200 [ 29.083697] [] __vfs_read+0x103/0x670 [ 29.089112] [] ? default_llseek+0x290/0x290 [ 29.095069] [] ? fsnotify+0x86/0xf30 [ 29.100402] [] ? fsnotify+0xf30/0xf30 [ 29.105825] [] ? avc_policy_seqno+0x9/0x20 [ 29.111681] [] ? selinux_file_permission+0x82/0x460 [ 29.118310] [] ? security_file_permission+0x89/0x1e0 [ 29.125024] [] ? rw_verify_area+0xe5/0x2b0 [ 29.130874] [] vfs_read+0x11e/0x380 [ 29.136116] [] SyS_read+0xd9/0x1b0 [ 29.141276] [] ? vfs_copy_file_range+0x740/0x740 [ 29.147653] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 29.154460] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.161013] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 29.167552] [ 29.169143] The buggy address belongs to the page: [ 29.174034] page:ffffea00071d8fc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 29.182249] flags: 0x8000000000000000() [ 29.186186] page dumped because: kasan: bad access detected [ 29.191863] [ 29.193455] Memory state around the buggy address: [ 29.198351] ffff8801c763f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.205679] ffff8801c763f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.213003] >ffff8801c763fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.220326] ^ [ 29.227042] ffff8801c763fa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.234363] ffff8801c763fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.241684] ================================================================== [ 29.249014] Disabling lock debugging due to kernel taint [ 29.261001] Kernel panic - not syncing: panic_on_warn set ... [ 29.261001] [ 29.268387] CPU: 0 PID: 10613 Comm: syz-executor3 Tainted: G B 4.9.71-g2506378 #113 [ 29.277274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.286592] ffff8801c7747848 ffffffff81d922b9 ffffffff84194b3f ffff8801c7747920 [ 29.294538] 0000000000000000 ffff8801c763fa68 ffff8801c7747a20 ffff8801c7747910 [ 29.302478] ffffffff8142d741 0000000041b58ab3 ffffffff84188580 ffffffff8142d585 [ 29.310426] Call Trace: [ 29.312980] [] dump_stack+0xc1/0x128 [ 29.318305] [] panic+0x1bc/0x3a8 [ 29.323285] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 29.331480] [] ? preempt_schedule+0x25/0x30 [ 29.337423] [] ? ___preempt_schedule+0x16/0x18 [ 29.343619] [] kasan_end_report+0x50/0x50 [ 29.349377] [] kasan_report+0x167/0x360 [ 29.354965] [] ? __unwind_start+0x3a7/0x3c0 [ 29.360907] [] __asan_report_load8_noabort+0x14/0x20 [ 29.367631] [] __unwind_start+0x3a7/0x3c0 [ 29.373397] [] ? ptrace_may_access+0x24/0x50 [ 29.379422] [] __save_stack_trace+0x59/0xf0 [ 29.385362] [] save_stack_trace_tsk+0x48/0x70 [ 29.391476] [] proc_pid_stack+0x146/0x230 [ 29.397244] [] ? lock_trace+0xc0/0xc0 [ 29.402658] [] proc_single_show+0xf8/0x170 [ 29.408509] [] seq_read+0x32f/0x1290 [ 29.413841] [] ? seq_escape+0x200/0x200 [ 29.419426] [] ? do_futex+0x3f8/0x15c0 [ 29.424928] [] ? __lock_is_held+0xa1/0xf0 [ 29.430688] [] ? seq_escape+0x200/0x200 [ 29.436275] [] __vfs_read+0x103/0x670 [ 29.441690] [] ? default_llseek+0x290/0x290 [ 29.447637] [] ? fsnotify+0x86/0xf30 [ 29.452962] [] ? fsnotify+0xf30/0xf30 [ 29.458375] [] ? avc_policy_seqno+0x9/0x20 [ 29.464228] [] ? selinux_file_permission+0x82/0x460 [ 29.470866] [] ? security_file_permission+0x89/0x1e0 [ 29.477582] [] ? rw_verify_area+0xe5/0x2b0 [ 29.483430] [] vfs_read+0x11e/0x380 [ 29.488668] [] SyS_read+0xd9/0x1b0 [ 29.493821] [] ? vfs_copy_file_range+0x740/0x740 [ 29.500190] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 29.506992] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.513536] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 29.520532] Dumping ftrace buffer: [ 29.524037] (ftrace buffer empty) [ 29.527716] Kernel Offset: disabled [ 29.531306] Rebooting in 86400 seconds..