[....] Starting enhanced syslogd: rsyslogd[ 13.882770] audit: type=1400 audit(1515982094.467:4): avc: denied { syslog } for pid=3179 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 28.454597] ================================================================== [ 28.462047] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 28.469123] Read of size 8 at addr ffff8801ca37f140 by task syzkaller972990/3335 [ 28.476799] [ 28.478404] CPU: 1 PID: 3335 Comm: syzkaller972990 Not tainted 4.9.76-gf0f6293 #22 [ 28.486080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.496103] ffff8801c7c37940 ffffffff81d93149 ffffea000728dfc0 ffff8801ca37f140 [ 28.504175] 0000000000000000 ffff8801ca37f140 ffff8801c87d0238 ffff8801c7c37978 [ 28.512150] ffffffff8153cb43 ffff8801ca37f140 0000000000000008 0000000000000000 [ 28.520589] Call Trace: [ 28.523162] [] dump_stack+0xc1/0x128 [ 28.528502] [] print_address_description+0x73/0x280 [ 28.535137] [] kasan_report+0x275/0x360 [ 28.540748] [] ? sg_remove_request+0x103/0x120 [ 28.546970] [] __asan_report_load8_noabort+0x14/0x20 [ 28.553712] [] sg_remove_request+0x103/0x120 [ 28.559742] [] sg_finish_rem_req+0x295/0x340 [ 28.566032] [] sg_read+0xa1c/0x1440 [ 28.571280] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 28.578353] [] ? fsnotify+0xf30/0xf30 [ 28.583862] [] ? avc_policy_seqno+0x9/0x20 [ 28.590687] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 28.597673] [] ? security_file_permission+0x89/0x1e0 [ 28.604836] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 28.611478] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 28.618205] [] compat_do_readv_writev+0x522/0x760 [ 28.624669] [] ? do_pwritev+0x1a0/0x1a0 [ 28.630282] [] ? _raw_spin_unlock+0x2c/0x50 [ 28.636226] [] ? handle_mm_fault+0x6ee/0x2530 [ 28.642345] [] ? __pmd_alloc+0x410/0x410 [ 28.648031] [] compat_readv+0xe3/0x150 [ 28.653546] [] do_compat_readv+0xf4/0x1d0 [ 28.659586] [] ? compat_readv+0x150/0x150 [ 28.665444] [] compat_SyS_readv+0x26/0x30 [ 28.671235] [] ? SyS_pwritev2+0x80/0x80 [ 28.676833] [] do_fast_syscall_32+0x2f7/0x890 [ 28.682963] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.689865] [] entry_SYSENTER_compat+0x74/0x83 [ 28.696068] [ 28.697669] Allocated by task 0: [ 28.701351] (stack is not available) [ 28.705029] [ 28.706627] Freed by task 0: [ 28.709624] (stack is not available) [ 28.713741] [ 28.715341] The buggy address belongs to the object at ffff8801ca37f100 [ 28.715341] which belongs to the cache fasync_cache of size 96 [ 28.728488] The buggy address is located 64 bytes inside of [ 28.728488] 96-byte region [ffff8801ca37f100, ffff8801ca37f160) [ 28.740506] The buggy address belongs to the page: [ 28.745727] page:ffffea000728dfc0 count:1 mapcount:0 mapping: (null) index:0x0 [ 28.753971] flags: 0x8000000000000080(slab) [ 28.758540] page dumped because: kasan: bad access detected [ 28.764219] [ 28.765819] Memory state around the buggy address: [ 28.770807] ffff8801ca37f000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 28.778138] ffff8801ca37f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.785467] >ffff8801ca37f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.792883] ^ [ 28.798825] ffff8801ca37f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.806163] ffff8801ca37f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.813493] ================================================================== [ 28.820824] Disabling lock debugging due to kernel taint [ 28.826809] Kernel panic - not syncing: panic_on_warn set ... [ 28.826809] [ 28.834159] CPU: 1 PID: 3335 Comm: syzkaller972990 Tainted: G B 4.9.76-gf0f6293 #22 [ 28.844287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.853619] ffff8801c7c37898 ffffffff81d93149 ffffffff84195c17 ffff8801c7c37970 [ 28.861608] 0000000000000000 ffff8801ca37f140 ffff8801c87d0238 ffff8801c7c37960 [ 28.869593] ffffffff8142e371 0000000041b58ab3 ffffffff84189678 ffffffff8142e1b5 [ 28.877573] Call Trace: [ 28.880139] [] dump_stack+0xc1/0x128 [ 28.885474] [] panic+0x1bc/0x3a8 [ 28.890826] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 28.899029] [] ? preempt_schedule+0x25/0x30 [ 28.905082] [] ? ___preempt_schedule+0x16/0x18 [ 28.912503] [] kasan_end_report+0x50/0x50 [ 28.918272] [] kasan_report+0x167/0x360 [ 28.923869] [] ? sg_remove_request+0x103/0x120 [ 28.930075] [] __asan_report_load8_noabort+0x14/0x20 [ 28.936823] [] sg_remove_request+0x103/0x120 [ 28.942853] [] sg_finish_rem_req+0x295/0x340 [ 28.948896] [] sg_read+0xa1c/0x1440 [ 28.954682] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 28.962882] [] ? fsnotify+0xf30/0xf30 [ 28.968307] [] ? avc_policy_seqno+0x9/0x20 [ 28.974165] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 28.981509] [] ? security_file_permission+0x89/0x1e0 [ 28.988246] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 28.994884] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 29.001523] [] compat_do_readv_writev+0x522/0x760 [ 29.008072] [] ? do_pwritev+0x1a0/0x1a0 [ 29.013891] [] ? _raw_spin_unlock+0x2c/0x50 [ 29.019839] [] ? handle_mm_fault+0x6ee/0x2530 [ 29.025966] [] ? __pmd_alloc+0x410/0x410 [ 29.032094] [] compat_readv+0xe3/0x150 [ 29.038225] [] do_compat_readv+0xf4/0x1d0 [ 29.044001] [] ? compat_readv+0x150/0x150 [ 29.050303] [] compat_SyS_readv+0x26/0x30 [ 29.056333] [] ? SyS_pwritev2+0x80/0x80 [ 29.062558] [] do_fast_syscall_32+0x2f7/0x890 [ 29.068683] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.075320] [] entry_SYSENTER_compat+0x74/0x83 [ 29.082049] Dumping ftrace buffer: [ 29.085577] (ftrace buffer empty) [ 29.089260] Kernel Offset: disabled [ 29.092868] Rebooting in 86400 seconds..