[....] Starting enhanced syslogd: rsyslogd[ 10.520355] audit: type=1400 audit(1515776559.144:4): avc: denied { syslog } for pid=3175 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.11' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 45.928159] ================================================================== [ 45.929276] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 45.930209] Read of size 8 at addr ffff8801c953f140 by task syzkaller112575/3348 [ 45.931245] [ 45.931480] CPU: 0 PID: 3348 Comm: syzkaller112575 Not tainted 4.9.76-g9154940 #20 [ 45.932511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.933733] ffff8801c80ef940 ffffffff81d93149 ffffea0007254fc0 ffff8801c953f140 [ 45.934923] 0000000000000000 ffff8801c953f140 ffff8801c8300238 ffff8801c80ef978 [ 45.936056] ffffffff8153cb43 ffff8801c953f140 0000000000000008 0000000000000000 [ 45.937296] Call Trace: [ 45.937674] [] dump_stack+0xc1/0x128 [ 45.938389] [] print_address_description+0x73/0x280 [ 45.939267] [] kasan_report+0x275/0x360 [ 45.940046] [] ? sg_remove_request+0x103/0x120 [ 45.940915] [] __asan_report_load8_noabort+0x14/0x20 [ 45.941892] [] sg_remove_request+0x103/0x120 [ 45.942751] [] sg_finish_rem_req+0x295/0x340 [ 45.943550] [] sg_read+0xa1c/0x1440 [ 45.944247] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 45.945141] [] ? fsnotify+0xf30/0xf30 [ 45.945861] [] ? avc_policy_seqno+0x9/0x20 [ 45.946678] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 45.947627] [] ? security_file_permission+0x89/0x1e0 [ 45.948525] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 45.955158] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 45.961794] [] compat_do_readv_writev+0x522/0x760 [ 45.968263] [] ? do_pwritev+0x1a0/0x1a0 [ 45.973871] [] ? _raw_spin_unlock+0x2c/0x50 [ 45.979809] [] ? handle_mm_fault+0x6ee/0x2530 [ 45.985924] [] ? __pmd_alloc+0x410/0x410 [ 45.991607] [] compat_readv+0xe3/0x150 [ 45.997111] [] do_compat_readv+0xf4/0x1d0 [ 46.002889] [] ? compat_readv+0x150/0x150 [ 46.008654] [] compat_SyS_readv+0x26/0x30 [ 46.014432] [] ? SyS_pwritev2+0x80/0x80 [ 46.020027] [] do_fast_syscall_32+0x2f7/0x890 [ 46.026140] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.032789] [] entry_SYSENTER_compat+0x74/0x83 [ 46.038997] [ 46.040598] Allocated by task 0: [ 46.043945] (stack is not available) [ 46.047619] [ 46.049220] Freed by task 0: [ 46.052205] (stack is not available) [ 46.055883] [ 46.057476] The buggy address belongs to the object at ffff8801c953f100 [ 46.057476] which belongs to the cache fasync_cache of size 96 [ 46.070098] The buggy address is located 64 bytes inside of [ 46.070098] 96-byte region [ffff8801c953f100, ffff8801c953f160) [ 46.081765] The buggy address belongs to the page: [ 46.086663] page:ffffea0007254fc0 count:1 mapcount:0 mapping: (null) index:0x0 [ 46.094889] flags: 0x8000000000000080(slab) [ 46.099174] page dumped because: kasan: bad access detected [ 46.104850] [ 46.106444] Memory state around the buggy address: [ 46.111340] ffff8801c953f000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 46.118674] ffff8801c953f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.126004] >ffff8801c953f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.133331] ^ [ 46.138745] ffff8801c953f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.146072] ffff8801c953f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.153407] ================================================================== [ 46.160733] Disabling lock debugging due to kernel taint [ 46.166434] Kernel panic - not syncing: panic_on_warn set ... [ 46.166434] [ 46.173778] CPU: 0 PID: 3348 Comm: syzkaller112575 Tainted: G B 4.9.76-g9154940 #20 [ 46.182671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.191999] ffff8801c80ef898 ffffffff81d93149 ffffffff84195c17 ffff8801c80ef970 [ 46.199954] 0000000000000000 ffff8801c953f140 ffff8801c8300238 ffff8801c80ef960 [ 46.207910] ffffffff8142e371 0000000041b58ab3 ffffffff84189678 ffffffff8142e1b5 [ 46.215887] Call Trace: [ 46.218447] [] dump_stack+0xc1/0x128 [ 46.223783] [] panic+0x1bc/0x3a8 [ 46.228769] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 46.236969] [] ? preempt_schedule+0x25/0x30 [ 46.242915] [] ? ___preempt_schedule+0x16/0x18 [ 46.249117] [] kasan_end_report+0x50/0x50 [ 46.254886] [] kasan_report+0x167/0x360 [ 46.260483] [] ? sg_remove_request+0x103/0x120 [ 46.266686] [] __asan_report_load8_noabort+0x14/0x20 [ 46.273411] [] sg_remove_request+0x103/0x120 [ 46.279450] [] sg_finish_rem_req+0x295/0x340 [ 46.285490] [] sg_read+0xa1c/0x1440 [ 46.290734] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 46.297368] [] ? fsnotify+0xf30/0xf30 [ 46.302792] [] ? avc_policy_seqno+0x9/0x20 [ 46.308645] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 46.315631] [] ? security_file_permission+0x89/0x1e0 [ 46.322356] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 46.328989] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 46.335637] [] compat_do_readv_writev+0x522/0x760 [ 46.342096] [] ? do_pwritev+0x1a0/0x1a0 [ 46.347704] [] ? _raw_spin_unlock+0x2c/0x50 [ 46.353644] [] ? handle_mm_fault+0x6ee/0x2530 [ 46.359755] [] ? __pmd_alloc+0x410/0x410 [ 46.365437] [] compat_readv+0xe3/0x150 [ 46.370955] [] do_compat_readv+0xf4/0x1d0 [ 46.376720] [] ? compat_readv+0x150/0x150 [ 46.382487] [] compat_SyS_readv+0x26/0x30 [ 46.388275] [] ? SyS_pwritev2+0x80/0x80 [ 46.393881] [] do_fast_syscall_32+0x2f7/0x890 [ 46.400009] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.406647] [] entry_SYSENTER_compat+0x74/0x83 [ 46.413261] Dumping ftrace buffer: [ 46.416770] (ftrace buffer empty) [ 46.420449] Kernel Offset: disabled [ 46.424043] Rebooting in 86400 seconds..