[....] Starting enhanced syslogd: rsyslogd[ 10.666595] audit: type=1400 audit(1516102586.282:4): avc: denied { syslog } for pid=3171 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.53' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 22.201156] ================================================================== [ 22.202330] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 22.203269] Read of size 8 at addr ffff8801cd69f140 by task syzkaller264600/3326 [ 22.204266] [ 22.204501] CPU: 1 PID: 3326 Comm: syzkaller264600 Not tainted 4.9.76-g8dec074 #23 [ 22.205520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.206758] ffff8801c92ff940 ffffffff81d93169 ffffea000735a7c0 ffff8801cd69f140 [ 22.208010] 0000000000000000 ffff8801cd69f140 ffff8801c69e4438 ffff8801c92ff978 [ 22.209182] ffffffff8153cb43 ffff8801cd69f140 0000000000000008 0000000000000000 [ 22.210496] Call Trace: [ 22.210863] [] dump_stack+0xc1/0x128 [ 22.211660] [] print_address_description+0x73/0x280 [ 22.212543] [] kasan_report+0x275/0x360 [ 22.213307] [] ? sg_remove_request+0x103/0x120 [ 22.214180] [] __asan_report_load8_noabort+0x14/0x20 [ 22.215193] [] sg_remove_request+0x103/0x120 [ 22.216023] [] sg_finish_rem_req+0x295/0x340 [ 22.216846] [] sg_read+0xa1c/0x1440 [ 22.217566] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 22.218465] [] ? fsnotify+0xf30/0xf30 [ 22.219229] [] ? avc_policy_seqno+0x9/0x20 [ 22.220029] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 22.220993] [] ? security_file_permission+0x89/0x1e0 [ 22.226449] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 22.233087] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 22.239729] [] compat_do_readv_writev+0x522/0x760 [ 22.246195] [] ? do_pwritev+0x1a0/0x1a0 [ 22.251794] [] ? _raw_spin_unlock+0x2c/0x50 [ 22.257739] [] ? handle_mm_fault+0x6ee/0x2530 [ 22.263865] [] ? __pmd_alloc+0x410/0x410 [ 22.269551] [] compat_readv+0xe3/0x150 [ 22.275062] [] do_compat_readv+0xf4/0x1d0 [ 22.280841] [] ? compat_readv+0x150/0x150 [ 22.286621] [] compat_SyS_readv+0x26/0x30 [ 22.292393] [] ? SyS_pwritev2+0x80/0x80 [ 22.297994] [] do_fast_syscall_32+0x2f7/0x890 [ 22.304110] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 22.310753] [] entry_SYSENTER_compat+0x74/0x83 [ 22.316954] [ 22.318555] Allocated by task 0: [ 22.321888] (stack is not available) [ 22.325570] [ 22.327167] Freed by task 0: [ 22.330153] (stack is not available) [ 22.333834] [ 22.335432] The buggy address belongs to the object at ffff8801cd69f100 [ 22.335432] which belongs to the cache fasync_cache of size 96 [ 22.348060] The buggy address is located 64 bytes inside of [ 22.348060] 96-byte region [ffff8801cd69f100, ffff8801cd69f160) [ 22.359731] The buggy address belongs to the page: [ 22.364632] page:ffffea000735a7c0 count:1 mapcount:0 mapping: (null) index:0x0 [ 22.372870] flags: 0x8000000000000080(slab) [ 22.377160] page dumped because: kasan: bad access detected [ 22.382841] [ 22.384448] Memory state around the buggy address: [ 22.389351] ffff8801cd69f000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 22.396682] ffff8801cd69f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.404011] >ffff8801cd69f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.411341] ^ [ 22.416762] ffff8801cd69f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.424102] ffff8801cd69f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.431431] ================================================================== [ 22.438763] Disabling lock debugging due to kernel taint [ 22.444387] Kernel panic - not syncing: panic_on_warn set ... [ 22.444387] [ 22.451729] CPU: 1 PID: 3326 Comm: syzkaller264600 Tainted: G B 4.9.76-g8dec074 #23 [ 22.460623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.469952] ffff8801c92ff898 ffffffff81d93169 ffffffff84195c2f ffff8801c92ff970 [ 22.477924] 0000000000000000 ffff8801cd69f140 ffff8801c69e4438 ffff8801c92ff960 [ 22.485897] ffffffff8142e371 0000000041b58ab3 ffffffff84189690 ffffffff8142e1b5 [ 22.493891] Call Trace: [ 22.496454] [] dump_stack+0xc1/0x128 [ 22.501791] [] panic+0x1bc/0x3a8 [ 22.506783] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 22.514982] [] ? preempt_schedule+0x25/0x30 [ 22.520927] [] ? ___preempt_schedule+0x16/0x18 [ 22.527130] [] kasan_end_report+0x50/0x50 [ 22.532909] [] kasan_report+0x167/0x360 [ 22.538508] [] ? sg_remove_request+0x103/0x120 [ 22.544709] [] __asan_report_load8_noabort+0x14/0x20 [ 22.551430] [] sg_remove_request+0x103/0x120 [ 22.557457] [] sg_finish_rem_req+0x295/0x340 [ 22.563489] [] sg_read+0xa1c/0x1440 [ 22.568735] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 22.575369] [] ? fsnotify+0xf30/0xf30 [ 22.580791] [] ? avc_policy_seqno+0x9/0x20 [ 22.586648] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 22.593631] [] ? security_file_permission+0x89/0x1e0 [ 22.600354] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 22.606993] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 22.613644] [] compat_do_readv_writev+0x522/0x760 [ 22.620112] [] ? do_pwritev+0x1a0/0x1a0 [ 22.625707] [] ? _raw_spin_unlock+0x2c/0x50 [ 22.631648] [] ? handle_mm_fault+0x6ee/0x2530 [ 22.637792] [] ? __pmd_alloc+0x410/0x410 [ 22.643482] [] compat_readv+0xe3/0x150 [ 22.648998] [] do_compat_readv+0xf4/0x1d0 [ 22.654766] [] ? compat_readv+0x150/0x150 [ 22.660536] [] compat_SyS_readv+0x26/0x30 [ 22.666305] [] ? SyS_pwritev2+0x80/0x80 [ 22.671903] [] do_fast_syscall_32+0x2f7/0x890 [ 22.678030] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 22.684670] [] entry_SYSENTER_compat+0x74/0x83 [ 22.691251] Dumping ftrace buffer: [ 22.694770] (ftrace buffer empty) [ 22.698453] Kernel Offset: disabled [ 22.702066] Rebooting in 86400 seconds..