[....] Starting enhanced syslogd: rsyslogd[ 13.549993] audit: type=1400 audit(1516618915.434:4): avc: denied { syslog } for pid=3183 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts. 2018/01/22 11:02:10 parsed 1 programs 2018/01/22 11:02:10 executed programs: 0 syzkaller login: [ 28.430975] IPVS: Creating netns size=2536 id=1 [ 28.440359] audit: type=1400 audit(1516618930.324:5): avc: denied { sys_admin } for pid=3344 comm="syz-executor0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 28.515306] audit: type=1400 audit(1516618930.404:6): avc: denied { sys_chroot } for pid=3349 comm="syz-executor0" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 28.542506] audit: type=1400 audit(1516618930.424:7): avc: denied { dac_override } for pid=3350 comm="syz-executor0" capability=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 30.305834] ================================================================== [ 30.313217] BUG: KASAN: out-of-bounds in __unwind_start+0x3a7/0x3c0 [ 30.319595] Read of size 8 at addr ffff8801c69878b8 by task syz-executor0/3682 [ 30.326920] [ 30.328527] CPU: 1 PID: 3682 Comm: syz-executor0 Not tainted 4.9.77-ge12a9c4 #18 [ 30.336036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.345366] ffff8801c6a1f900 ffffffff81d941c9 ffffea00071a61c0 ffff8801c69878b8 [ 30.353329] 0000000000000000 ffff8801c69878c0 ffff8801c6a1fa30 ffff8801c6a1f938 [ 30.361318] ffffffff8153db93 ffff8801c69878b8 0000000000000008 0000000000000000 [ 30.369295] Call Trace: [ 30.371856] [] dump_stack+0xc1/0x128 [ 30.377200] [] print_address_description+0x73/0x280 [ 30.383844] [] kasan_report+0x275/0x360 [ 30.389441] [] ? __unwind_start+0x3a7/0x3c0 [ 30.395383] [] __asan_report_load8_noabort+0x14/0x20 [ 30.402106] [] __unwind_start+0x3a7/0x3c0 [ 30.407881] [] ? ptrace_may_access+0x24/0x50 [ 30.413913] [] __save_stack_trace+0x59/0xf0 [ 30.419857] [] save_stack_trace_tsk+0x48/0x70 [ 30.425974] [] proc_pid_stack+0x146/0x230 [ 30.431748] [] ? lock_trace+0xc0/0xc0 [ 30.437181] [] proc_single_show+0xf8/0x170 [ 30.443040] [] seq_read+0x32f/0x1290 [ 30.448898] [] ? seq_escape+0x200/0x200 [ 30.454514] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 30.461505] [] ? seq_escape+0x200/0x200 [ 30.467114] [] __vfs_read+0x103/0x670 [ 30.472534] [] ? default_llseek+0x290/0x290 [ 30.478479] [] ? fsnotify+0x86/0xf30 [ 30.483815] [] ? fsnotify+0xf30/0xf30 [ 30.489238] [] ? avc_policy_seqno+0x9/0x20 [ 30.495101] [] ? selinux_file_permission+0x82/0x460 [ 30.501738] [] ? security_file_permission+0x89/0x1e0 [ 30.508458] [] ? rw_verify_area+0xe5/0x2b0 [ 30.514309] [] vfs_read+0x11e/0x380 [ 30.519555] [] SyS_pread64+0x13f/0x170 [ 30.525060] [] ? SyS_write+0x1b0/0x1b0 [ 30.530570] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 30.537395] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 30.543954] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 30.550505] [ 30.552102] The buggy address belongs to the page: [ 30.556999] page:ffffea00071a61c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 30.565227] flags: 0x8000000000000000() [ 30.569168] page dumped because: kasan: bad access detected [ 30.574842] [ 30.576438] Memory state around the buggy address: [ 30.581336] ffff8801c6987780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.588663] ffff8801c6987800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.596000] >ffff8801c6987880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.603341] ^ [ 30.608760] ffff8801c6987900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.616097] ffff8801c6987980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.623422] ================================================================== [ 30.630746] Disabling lock debugging due to kernel taint [ 30.636348] Kernel panic - not syncing: panic_on_warn set ... [ 30.636348] [ 30.643707] CPU: 1 PID: 3682 Comm: syz-executor0 Tainted: G B 4.9.77-ge12a9c4 #18 [ 30.652426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.661753] ffff8801c6a1f858 ffffffff81d941c9 ffffffff841970ff ffff8801c6a1f930 [ 30.669714] 0000000000000000 ffff8801c69878c0 ffff8801c6a1fa30 ffff8801c6a1f920 [ 30.677701] ffffffff8142f3c1 0000000041b58ab3 ffffffff8418ab70 ffffffff8142f205 [ 30.685682] Call Trace: [ 30.688244] [] dump_stack+0xc1/0x128 [ 30.693579] [] panic+0x1bc/0x3a8 [ 30.698569] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 30.706770] [] ? preempt_schedule+0x25/0x30 [ 30.712710] [] ? ___preempt_schedule+0x16/0x18 [ 30.718911] [] kasan_end_report+0x50/0x50 [ 30.724680] [] kasan_report+0x167/0x360 [ 30.730274] [] ? __unwind_start+0x3a7/0x3c0 [ 30.736214] [] __asan_report_load8_noabort+0x14/0x20 [ 30.742938] [] __unwind_start+0x3a7/0x3c0 [ 30.748795] [] ? ptrace_may_access+0x24/0x50 [ 30.754822] [] __save_stack_trace+0x59/0xf0 [ 30.760762] [] save_stack_trace_tsk+0x48/0x70 [ 30.766880] [] proc_pid_stack+0x146/0x230 [ 30.772648] [] ? lock_trace+0xc0/0xc0 [ 30.778065] [] proc_single_show+0xf8/0x170 [ 30.783919] [] seq_read+0x32f/0x1290 [ 30.789256] [] ? seq_escape+0x200/0x200 [ 30.794856] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 30.801845] [] ? seq_escape+0x200/0x200 [ 30.807442] [] __vfs_read+0x103/0x670 [ 30.812861] [] ? default_llseek+0x290/0x290 [ 30.818803] [] ? fsnotify+0x86/0xf30 [ 30.824138] [] ? fsnotify+0xf30/0xf30 [ 30.829561] [] ? avc_policy_seqno+0x9/0x20 [ 30.835417] [] ? selinux_file_permission+0x82/0x460 [ 30.842061] [] ? security_file_permission+0x89/0x1e0 [ 30.848791] [] ? rw_verify_area+0xe5/0x2b0 [ 30.854643] [] vfs_read+0x11e/0x380 [ 30.859892] [] SyS_pread64+0x13f/0x170 [ 30.865398] [] ? SyS_write+0x1b0/0x1b0 [ 30.870907] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 30.877720] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 30.884271] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 30.891262] Dumping ftrace buffer: [ 30.894771] (ftrace buffer empty) [ 30.898451] Kernel Offset: disabled [ 30.902060] Rebooting in 86400 seconds..