[....] Starting enhanced syslogd: rsyslogd[ 10.484589] audit: type=1400 audit(1515282359.769:4): avc: denied { syslog } for pid=3178 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.207' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.555113] ================================================================== [ 26.556245] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 26.557178] Read of size 8 at addr ffff8801c8e65140 by task syzkaller215203/3335 [ 26.558161] [ 26.558391] CPU: 0 PID: 3335 Comm: syzkaller215203 Not tainted 4.9.75-g06fe41f #6 [ 26.559386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.560604] ffff8801cb23f9b0 ffffffff81d93049 ffffea0007239940 ffff8801c8e65140 [ 26.561747] 0000000000000000 ffff8801c8e65140 ffff8801c91ba338 ffff8801cb23f9e8 [ 26.562872] ffffffff8153ca53 ffff8801c8e65140 0000000000000008 0000000000000000 [ 26.564021] Call Trace: [ 26.564377] [] dump_stack+0xc1/0x128 [ 26.565088] [] print_address_description+0x73/0x280 [ 26.565980] [] kasan_report+0x275/0x360 [ 26.566725] [] ? sg_remove_request+0x103/0x120 [ 26.567545] [] __asan_report_load8_noabort+0x14/0x20 [ 26.568430] [] sg_remove_request+0x103/0x120 [ 26.569228] [] sg_finish_rem_req+0x295/0x340 [ 26.570023] [] sg_read+0xa1c/0x1440 [ 26.570719] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 26.571596] [] ? fsnotify+0xf30/0xf30 [ 26.572320] [] ? avc_policy_seqno+0x9/0x20 [ 26.573135] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 26.574778] [] ? security_file_permission+0x89/0x1e0 [ 26.576031] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 26.584829] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 26.592417] [] do_readv_writev+0x520/0x750 [ 26.598268] [] ? vfs_write+0x530/0x530 [ 26.604129] [] ? __pmd_alloc+0x410/0x410 [ 26.609806] [] ? __do_page_fault+0x5ec/0xd40 [ 26.615828] [] vfs_readv+0x84/0xc0 [ 26.621333] [] do_readv+0xe6/0x250 [ 26.626486] [] ? vfs_readv+0xc0/0xc0 [ 26.631819] [] ? entry_SYSCALL_64_fastpath+0x5/0xe2 [ 26.638449] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 26.645251] [] SyS_readv+0x27/0x30 [ 26.650405] [] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 26.656945] [ 26.658536] Allocated by task 0: [ 26.661861] (stack is not available) [ 26.665533] [ 26.667127] Freed by task 0: [ 26.670106] (stack is not available) [ 26.673779] [ 26.675371] The buggy address belongs to the object at ffff8801c8e65100 [ 26.675371] which belongs to the cache fasync_cache of size 96 [ 26.687989] The buggy address is located 64 bytes inside of [ 26.687989] 96-byte region [ffff8801c8e65100, ffff8801c8e65160) [ 26.699649] The buggy address belongs to the page: [ 26.704541] page:ffffea0007239940 count:1 mapcount:0 mapping: (null) index:0x0 [ 26.712755] flags: 0x8000000000000080(slab) [ 26.717037] page dumped because: kasan: bad access detected [ 26.722708] [ 26.724305] Memory state around the buggy address: [ 26.730075] ffff8801c8e65000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 26.739659] ffff8801c8e65080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.746980] >ffff8801c8e65100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.754302] ^ [ 26.759712] ffff8801c8e65180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.767034] ffff8801c8e65200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.774351] ================================================================== [ 26.781669] Disabling lock debugging due to kernel taint [ 26.787275] Kernel panic - not syncing: panic_on_warn set ... [ 26.787275] [ 26.794612] CPU: 0 PID: 3335 Comm: syzkaller215203 Tainted: G B 4.9.75-g06fe41f #6 [ 26.803410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.812731] ffff8801cb23f908 ffffffff81d93049 ffffffff84195be7 ffff8801cb23f9e0 [ 26.820674] 0000000000000000 ffff8801c8e65140 ffff8801c91ba338 ffff8801cb23f9d0 [ 26.828619] ffffffff8142e281 0000000041b58ab3 ffffffff84189648 ffffffff8142e0c5 [ 26.836561] Call Trace: [ 26.839119] [] dump_stack+0xc1/0x128 [ 26.844447] [] panic+0x1bc/0x3a8 [ 26.849425] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 26.857616] [] ? preempt_schedule+0x25/0x30 [ 26.863557] [] ? ___preempt_schedule+0x16/0x18 [ 26.869751] [] kasan_end_report+0x50/0x50 [ 26.875510] [] kasan_report+0x167/0x360 [ 26.881099] [] ? sg_remove_request+0x103/0x120 [ 26.887297] [] __asan_report_load8_noabort+0x14/0x20 [ 26.894011] [] sg_remove_request+0x103/0x120 [ 26.900032] [] sg_finish_rem_req+0x295/0x340 [ 26.906052] [] sg_read+0xa1c/0x1440 [ 26.911293] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 26.917927] [] ? fsnotify+0xf30/0xf30 [ 26.924645] [] ? avc_policy_seqno+0x9/0x20 [ 26.931537] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 26.938512] [] ? security_file_permission+0x89/0x1e0 [ 26.945230] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 26.951861] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 26.958488] [] do_readv_writev+0x520/0x750 [ 26.964337] [] ? vfs_write+0x530/0x530 [ 26.969835] [] ? __pmd_alloc+0x410/0x410 [ 26.975511] [] ? __do_page_fault+0x5ec/0xd40 [ 26.981531] [] vfs_readv+0x84/0xc0 [ 26.986683] [] do_readv+0xe6/0x250 [ 26.991834] [] ? vfs_readv+0xc0/0xc0 [ 26.997162] [] ? entry_SYSCALL_64_fastpath+0x5/0xe2 [ 27.003792] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 27.010593] [] SyS_readv+0x27/0x30 [ 27.015747] [] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 27.022329] Dumping ftrace buffer: [ 27.025833] (ftrace buffer empty) [ 27.029508] Kernel Offset: disabled [ 27.033100] Rebooting in 86400 seconds..