[....] Starting enhanced syslogd: rsyslogd[ 10.944354] audit: type=1400 audit(1515862423.617:4): avc: denied { syslog } for pid=3173 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 18.645757] ================================================================== [ 18.646923] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 18.647915] Read of size 8 at addr ffff8801cd3b2140 by task syzkaller227245/3321 [ 18.648901] [ 18.649147] CPU: 0 PID: 3321 Comm: syzkaller227245 Not tainted 4.9.76-g8e170a5 #21 [ 18.650206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 18.651501] ffff8801c2377940 ffffffff81d93149 ffffea000734ec80 ffff8801cd3b2140 [ 18.652793] 0000000000000000 ffff8801cd3b2140 ffff8801c8d48238 ffff8801c2377978 [ 18.653976] ffffffff8153cb43 ffff8801cd3b2140 0000000000000008 0000000000000000 [ 18.655196] Call Trace: [ 18.655555] [] dump_stack+0xc1/0x128 [ 18.656324] [] print_address_description+0x73/0x280 [ 18.657250] [] kasan_report+0x275/0x360 [ 18.658052] [] ? sg_remove_request+0x103/0x120 [ 18.658896] [] __asan_report_load8_noabort+0x14/0x20 [ 18.659835] [] sg_remove_request+0x103/0x120 [ 18.660655] [] sg_finish_rem_req+0x295/0x340 [ 18.661474] [] sg_read+0xa1c/0x1440 [ 18.662215] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 18.663113] [] ? fsnotify+0xf30/0xf30 [ 18.663930] [] ? avc_policy_seqno+0x9/0x20 [ 18.664747] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 18.665671] [] ? security_file_permission+0x89/0x1e0 [ 18.666575] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 18.673210] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 18.679845] [] compat_do_readv_writev+0x522/0x760 [ 18.686314] [] ? do_pwritev+0x1a0/0x1a0 [ 18.691907] [] ? __lru_cache_add+0x187/0x250 [ 18.697936] [] ? _raw_spin_unlock+0x2c/0x50 [ 18.703875] [] ? handle_mm_fault+0x6ee/0x2530 [ 18.709997] [] ? fasync_helper+0x7a/0xb0 [ 18.715675] [] ? __pmd_alloc+0x410/0x410 [ 18.721365] [] compat_readv+0xe3/0x150 [ 18.726871] [] do_compat_readv+0xf4/0x1d0 [ 18.732636] [] ? compat_readv+0x150/0x150 [ 18.738402] [] compat_SyS_readv+0x26/0x30 [ 18.744165] [] ? SyS_pwritev2+0x80/0x80 [ 18.749759] [] do_fast_syscall_32+0x2f7/0x890 [ 18.755870] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 18.762504] [] entry_SYSENTER_compat+0x74/0x83 [ 18.768702] [ 18.770297] Allocated by task 0: [ 18.773629] (stack is not available) [ 18.777315] [ 18.778909] Freed by task 0: [ 18.781892] (stack is not available) [ 18.785570] [ 18.787170] The buggy address belongs to the object at ffff8801cd3b2100 [ 18.787170] which belongs to the cache fasync_cache of size 96 [ 18.799794] The buggy address is located 64 bytes inside of [ 18.799794] 96-byte region [ffff8801cd3b2100, ffff8801cd3b2160) [ 18.811462] The buggy address belongs to the page: [ 18.816369] page:ffffea000734ec80 count:1 mapcount:0 mapping: (null) index:0x0 [ 18.824596] flags: 0x8000000000000080(slab) [ 18.828884] page dumped because: kasan: bad access detected [ 18.834561] [ 18.836155] Memory state around the buggy address: [ 18.841051] ffff8801cd3b2000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 18.848386] ffff8801cd3b2080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.855711] >ffff8801cd3b2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.863038] ^ [ 18.868454] ffff8801cd3b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.875780] ffff8801cd3b2200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.883117] ================================================================== [ 18.890441] Disabling lock debugging due to kernel taint [ 18.896244] Kernel panic - not syncing: panic_on_warn set ... [ 18.896244] [ 18.903591] CPU: 0 PID: 3321 Comm: syzkaller227245 Tainted: G B 4.9.76-g8e170a5 #21 [ 18.912502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 18.921826] ffff8801c2377898 ffffffff81d93149 ffffffff84195c17 ffff8801c2377970 [ 18.929793] 0000000000000000 ffff8801cd3b2140 ffff8801c8d48238 ffff8801c2377960 [ 18.937756] ffffffff8142e371 0000000041b58ab3 ffffffff84189678 ffffffff8142e1b5 [ 18.945728] Call Trace: [ 18.948284] [] dump_stack+0xc1/0x128 [ 18.953616] [] panic+0x1bc/0x3a8 [ 18.958601] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 18.966798] [] ? preempt_schedule+0x25/0x30 [ 18.972738] [] ? ___preempt_schedule+0x16/0x18 [ 18.978936] [] kasan_end_report+0x50/0x50 [ 18.984702] [] kasan_report+0x167/0x360 [ 18.990296] [] ? sg_remove_request+0x103/0x120 [ 18.996506] [] __asan_report_load8_noabort+0x14/0x20 [ 19.003227] [] sg_remove_request+0x103/0x120 [ 19.009253] [] sg_finish_rem_req+0x295/0x340 [ 19.015287] [] sg_read+0xa1c/0x1440 [ 19.020532] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 19.027167] [] ? fsnotify+0xf30/0xf30 [ 19.032588] [] ? avc_policy_seqno+0x9/0x20 [ 19.038440] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 19.045423] [] ? security_file_permission+0x89/0x1e0 [ 19.052144] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 19.058779] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 19.065410] [] compat_do_readv_writev+0x522/0x760 [ 19.071868] [] ? do_pwritev+0x1a0/0x1a0 [ 19.077460] [] ? __lru_cache_add+0x187/0x250 [ 19.083490] [] ? _raw_spin_unlock+0x2c/0x50 [ 19.089428] [] ? handle_mm_fault+0x6ee/0x2530 [ 19.095542] [] ? fasync_helper+0x7a/0xb0 [ 19.101219] [] ? __pmd_alloc+0x410/0x410 [ 19.106897] [] compat_readv+0xe3/0x150 [ 19.112403] [] do_compat_readv+0xf4/0x1d0 [ 19.118167] [] ? compat_readv+0x150/0x150 [ 19.123941] [] compat_SyS_readv+0x26/0x30 [ 19.129704] [] ? SyS_pwritev2+0x80/0x80 [ 19.135294] [] do_fast_syscall_32+0x2f7/0x890 [ 19.141414] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 19.148047] [] entry_SYSENTER_compat+0x74/0x83 [ 19.154681] Dumping ftrace buffer: [ 19.158192] (ftrace buffer empty) [ 19.161872] Kernel Offset: disabled [ 19.165477] Rebooting in 86400 seconds..