[....] Starting enhanced syslogd: rsyslogd[ 11.160330] audit: type=1400 audit(1516211494.816:4): avc: denied { syslog } for pid=3173 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 19.677237] ================================================================== [ 19.678398] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 19.679370] Read of size 8 at addr ffff8801cc8f2140 by task syzkaller164313/3322 [ 19.680374] [ 19.680626] CPU: 1 PID: 3322 Comm: syzkaller164313 Not tainted 4.9.77-g033d019 #24 [ 19.681657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.682900] ffff8801c8eef940 ffffffff81d941c9 ffffea0007323c80 ffff8801cc8f2140 [ 19.684121] 0000000000000000 ffff8801cc8f2140 ffff8801c8cf0238 ffff8801c8eef978 [ 19.685347] ffffffff8153db93 ffff8801cc8f2140 0000000000000008 0000000000000000 [ 19.686657] Call Trace: [ 19.687036] [] dump_stack+0xc1/0x128 [ 19.687790] [] print_address_description+0x73/0x280 [ 19.688705] [] kasan_report+0x275/0x360 [ 19.689453] [] ? sg_remove_request+0x103/0x120 [ 19.690329] [] __asan_report_load8_noabort+0x14/0x20 [ 19.691273] [] sg_remove_request+0x103/0x120 [ 19.692096] [] sg_finish_rem_req+0x295/0x340 [ 19.692898] [] sg_read+0xa1c/0x1440 [ 19.693619] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 19.694529] [] ? fsnotify+0xf30/0xf30 [ 19.695278] [] ? avc_policy_seqno+0x9/0x20 [ 19.696133] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 19.697077] [] ? security_file_permission+0x89/0x1e0 [ 19.697996] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 19.704628] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 19.711261] [] compat_do_readv_writev+0x522/0x760 [ 19.717720] [] ? do_pwritev+0x1a0/0x1a0 [ 19.723311] [] ? fasync_insert_entry+0x147/0x2e0 [ 19.729683] [] ? dev_seq_stop+0x50/0x50 [ 19.735275] [] ? sg_fasync+0x8d/0xb0 [ 19.740608] [] ? handle_mm_fault+0x6ee/0x2530 [ 19.746719] [] ? ioctl_preallocate+0x220/0x220 [ 19.752922] [] ? selinux_file_ioctl+0x355/0x530 [ 19.759206] [] ? __pmd_alloc+0x410/0x410 [ 19.764884] [] ? selinux_capable+0x40/0x40 [ 19.770736] [] compat_readv+0xe3/0x150 [ 19.776240] [] do_compat_readv+0xf4/0x1d0 [ 19.782008] [] ? compat_readv+0x150/0x150 [ 19.787773] [] ? compat_SyS_ioctl+0x8c/0x2050 [ 19.793887] [] compat_SyS_readv+0x26/0x30 [ 19.799651] [] ? SyS_pwritev2+0x80/0x80 [ 19.805245] [] do_fast_syscall_32+0x2f7/0x890 [ 19.811359] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 19.817994] [] entry_SYSENTER_compat+0x74/0x83 [ 19.824191] [ 19.825789] Allocated by task 0: [ 19.829119] (stack is not available) [ 19.832798] [ 19.834402] Freed by task 0: [ 19.837387] (stack is not available) [ 19.841065] [ 19.842661] The buggy address belongs to the object at ffff8801cc8f2100 [ 19.842661] which belongs to the cache fasync_cache of size 96 [ 19.855283] The buggy address is located 64 bytes inside of [ 19.855283] 96-byte region [ffff8801cc8f2100, ffff8801cc8f2160) [ 19.866965] The buggy address belongs to the page: [ 19.871867] page:ffffea0007323c80 count:1 mapcount:0 mapping: (null) index:0x0 [ 19.880093] flags: 0x8000000000000080(slab) [ 19.884380] page dumped because: kasan: bad access detected [ 19.890053] [ 19.891647] Memory state around the buggy address: [ 19.896542] ffff8801cc8f2000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 19.903868] ffff8801cc8f2080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.911193] >ffff8801cc8f2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.918522] ^ [ 19.923940] ffff8801cc8f2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.931268] ffff8801cc8f2200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.938594] ================================================================== [ 19.945919] Disabling lock debugging due to kernel taint [ 19.951418] Kernel panic - not syncing: panic_on_warn set ... [ 19.951418] [ 19.958764] CPU: 1 PID: 3322 Comm: syzkaller164313 Tainted: G B 4.9.77-g033d019 #24 [ 19.967657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.976983] ffff8801c8eef898 ffffffff81d941c9 ffffffff841970ff ffff8801c8eef970 [ 19.984959] 0000000000000000 ffff8801cc8f2140 ffff8801c8cf0238 ffff8801c8eef960 [ 19.992925] ffffffff8142f3c1 0000000041b58ab3 ffffffff8418ab70 ffffffff8142f205 [ 20.000895] Call Trace: [ 20.003460] [] dump_stack+0xc1/0x128 [ 20.008793] [] panic+0x1bc/0x3a8 [ 20.013778] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 20.021976] [] ? preempt_schedule+0x25/0x30 [ 20.027917] [] ? ___preempt_schedule+0x16/0x18 [ 20.034118] [] kasan_end_report+0x50/0x50 [ 20.039886] [] kasan_report+0x167/0x360 [ 20.045479] [] ? sg_remove_request+0x103/0x120 [ 20.051683] [] __asan_report_load8_noabort+0x14/0x20 [ 20.058407] [] sg_remove_request+0x103/0x120 [ 20.064434] [] sg_finish_rem_req+0x295/0x340 [ 20.070462] [] sg_read+0xa1c/0x1440 [ 20.075709] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 20.082344] [] ? fsnotify+0xf30/0xf30 [ 20.087771] [] ? avc_policy_seqno+0x9/0x20 [ 20.093626] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 20.100604] [] ? security_file_permission+0x89/0x1e0 [ 20.107324] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 20.113961] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 20.120597] [] compat_do_readv_writev+0x522/0x760 [ 20.127060] [] ? do_pwritev+0x1a0/0x1a0 [ 20.132656] [] ? fasync_insert_entry+0x147/0x2e0 [ 20.139030] [] ? dev_seq_stop+0x50/0x50 [ 20.144621] [] ? sg_fasync+0x8d/0xb0 [ 20.149956] [] ? handle_mm_fault+0x6ee/0x2530 [ 20.156073] [] ? ioctl_preallocate+0x220/0x220 [ 20.162275] [] ? selinux_file_ioctl+0x355/0x530 [ 20.168562] [] ? __pmd_alloc+0x410/0x410 [ 20.174242] [] ? selinux_capable+0x40/0x40 [ 20.180100] [] compat_readv+0xe3/0x150 [ 20.185607] [] do_compat_readv+0xf4/0x1d0 [ 20.191376] [] ? compat_readv+0x150/0x150 [ 20.197144] [] ? compat_SyS_ioctl+0x8c/0x2050 [ 20.203257] [] compat_SyS_readv+0x26/0x30 [ 20.209023] [] ? SyS_pwritev2+0x80/0x80 [ 20.214617] [] do_fast_syscall_32+0x2f7/0x890 [ 20.220731] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 20.227368] [] entry_SYSENTER_compat+0x74/0x83 [ 20.234012] Dumping ftrace buffer: [ 20.237525] (ftrace buffer empty) [ 20.241207] Kernel Offset: disabled [ 20.244805] Rebooting in 86400 seconds..