[....] Starting enhanced syslogd: rsyslogd[ 10.760558] audit: type=1400 audit(1515854319.977:4): avc: denied { syslog } for pid=3177 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.210' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 37.779370] ================================================================== [ 37.780608] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 37.781539] Read of size 8 at addr ffff8801c975d140 by task syzkaller248122/3343 [ 37.782536] [ 37.782767] CPU: 0 PID: 3343 Comm: syzkaller248122 Not tainted 4.9.76-g8e170a5 #11 [ 37.783804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.785034] ffff8801c1f379b0 ffffffff81d93149 ffffea000725d740 ffff8801c975d140 [ 37.786166] 0000000000000000 ffff8801c975d140 ffff8801c7fa0238 ffff8801c1f379e8 [ 37.787302] ffffffff8153cb43 ffff8801c975d140 0000000000000008 0000000000000000 [ 37.788427] Call Trace: [ 37.788796] [] dump_stack+0xc1/0x128 [ 37.789506] [] print_address_description+0x73/0x280 [ 37.790382] [] kasan_report+0x275/0x360 [ 37.791124] [] ? sg_remove_request+0x103/0x120 [ 37.792042] [] __asan_report_load8_noabort+0x14/0x20 [ 37.792926] [] sg_remove_request+0x103/0x120 [ 37.793721] [] sg_finish_rem_req+0x295/0x340 [ 37.794557] [] sg_read+0xa1c/0x1440 [ 37.795253] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 37.796168] [] ? fsnotify+0xf30/0xf30 [ 37.796901] [] ? avc_policy_seqno+0x9/0x20 [ 37.797676] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 37.798657] [] ? security_file_permission+0x89/0x1e0 [ 37.799938] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 37.806567] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 37.813197] [] do_readv_writev+0x520/0x750 [ 37.819045] [] ? vfs_write+0x530/0x530 [ 37.824544] [] ? __pmd_alloc+0x410/0x410 [ 37.830218] [] ? dev_seq_stop+0x50/0x50 [ 37.835808] [] ? __do_page_fault+0x5ec/0xd40 [ 37.841829] [] vfs_readv+0x84/0xc0 [ 37.846989] [] do_readv+0xe6/0x250 [ 37.852145] [] ? vfs_readv+0xc0/0xc0 [ 37.857476] [] ? entry_SYSCALL_64_fastpath+0x5/0xe2 [ 37.864107] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 37.870912] [] SyS_readv+0x27/0x30 [ 37.876066] [] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 37.882613] [ 37.884204] Allocated by task 0: [ 37.887531] (stack is not available) [ 37.891204] [ 37.892794] Freed by task 0: [ 37.895789] (stack is not available) [ 37.899463] [ 37.901061] The buggy address belongs to the object at ffff8801c975d100 [ 37.901061] which belongs to the cache fasync_cache of size 96 [ 37.913686] The buggy address is located 64 bytes inside of [ 37.913686] 96-byte region [ffff8801c975d100, ffff8801c975d160) [ 37.925350] The buggy address belongs to the page: [ 37.930243] page:ffffea000725d740 count:1 mapcount:0 mapping: (null) index:0x0 [ 37.938477] flags: 0x8000000000000080(slab) [ 37.942761] page dumped because: kasan: bad access detected [ 37.948433] [ 37.950022] Memory state around the buggy address: [ 37.954916] ffff8801c975d000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 37.962241] ffff8801c975d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.969568] >ffff8801c975d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.976894] ^ [ 37.982305] ffff8801c975d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.989629] ffff8801c975d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.996962] ================================================================== [ 38.004289] Disabling lock debugging due to kernel taint [ 38.009922] Kernel panic - not syncing: panic_on_warn set ... [ 38.009922] [ 38.017258] CPU: 0 PID: 3343 Comm: syzkaller248122 Tainted: G B 4.9.76-g8e170a5 #11 [ 38.026154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.035476] ffff8801c1f37908 ffffffff81d93149 ffffffff84195c17 ffff8801c1f379e0 [ 38.043429] 0000000000000000 ffff8801c975d140 ffff8801c7fa0238 ffff8801c1f379d0 [ 38.051379] ffffffff8142e371 0000000041b58ab3 ffffffff84189678 ffffffff8142e1b5 [ 38.059321] Call Trace: [ 38.061874] [] dump_stack+0xc1/0x128 [ 38.067204] [] panic+0x1bc/0x3a8 [ 38.072192] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 38.080390] [] ? preempt_schedule+0x25/0x30 [ 38.086327] [] ? ___preempt_schedule+0x16/0x18 [ 38.092527] [] kasan_end_report+0x50/0x50 [ 38.098291] [] kasan_report+0x167/0x360 [ 38.103892] [] ? sg_remove_request+0x103/0x120 [ 38.110090] [] __asan_report_load8_noabort+0x14/0x20 [ 38.116809] [] sg_remove_request+0x103/0x120 [ 38.122829] [] sg_finish_rem_req+0x295/0x340 [ 38.128858] [] sg_read+0xa1c/0x1440 [ 38.134097] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 38.140735] [] ? fsnotify+0xf30/0xf30 [ 38.146153] [] ? avc_policy_seqno+0x9/0x20 [ 38.152003] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 38.158986] [] ? security_file_permission+0x89/0x1e0 [ 38.165704] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 38.172341] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 38.178981] [] do_readv_writev+0x520/0x750 [ 38.184834] [] ? vfs_write+0x530/0x530 [ 38.190339] [] ? __pmd_alloc+0x410/0x410 [ 38.196015] [] ? dev_seq_stop+0x50/0x50 [ 38.201613] [] ? __do_page_fault+0x5ec/0xd40 [ 38.207642] [] vfs_readv+0x84/0xc0 [ 38.212797] [] do_readv+0xe6/0x250 [ 38.217960] [] ? vfs_readv+0xc0/0xc0 [ 38.223299] [] ? entry_SYSCALL_64_fastpath+0x5/0xe2 [ 38.229933] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 38.236737] [] SyS_readv+0x27/0x30 [ 38.241892] [] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 38.248805] Dumping ftrace buffer: [ 38.252318] (ftrace buffer empty) [ 38.255993] Kernel Offset: disabled [ 38.259584] Rebooting in 86400 seconds..