[....] Starting enhanced syslogd: rsyslogd[ 13.521865] audit: type=1400 audit(1515874757.669:4): avc: denied { syslog } for pid=3175 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.223' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 25.461875] ================================================================== [ 25.469266] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 25.476337] Read of size 8 at addr ffff8801d4ee6140 by task syzkaller095274/3330 [ 25.483836] [ 25.485438] CPU: 0 PID: 3330 Comm: syzkaller095274 Not tainted 4.9.76-g8e170a5 #21 [ 25.493117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.502446] ffff8801c715f940 ffffffff81d93149 ffffea000753b980 ffff8801d4ee6140 [ 25.510403] 0000000000000000 ffff8801d4ee6140 ffff8801c89f8238 ffff8801c715f978 [ 25.518364] ffffffff8153cb43 ffff8801d4ee6140 0000000000000008 0000000000000000 [ 25.526318] Call Trace: [ 25.528874] [] dump_stack+0xc1/0x128 [ 25.534230] [] print_address_description+0x73/0x280 [ 25.540892] [] kasan_report+0x275/0x360 [ 25.546485] [] ? sg_remove_request+0x103/0x120 [ 25.552693] [] __asan_report_load8_noabort+0x14/0x20 [ 25.559423] [] sg_remove_request+0x103/0x120 [ 25.565459] [] sg_finish_rem_req+0x295/0x340 [ 25.571493] [] sg_read+0xa1c/0x1440 [ 25.576740] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 25.583379] [] ? fsnotify+0xf30/0xf30 [ 25.588813] [] ? avc_policy_seqno+0x9/0x20 [ 25.594674] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 25.601658] [] ? security_file_permission+0x89/0x1e0 [ 25.608380] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 25.615021] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 25.621657] [] compat_do_readv_writev+0x522/0x760 [ 25.628123] [] ? do_pwritev+0x1a0/0x1a0 [ 25.633725] [] ? _raw_spin_unlock+0x2c/0x50 [ 25.639675] [] ? handle_mm_fault+0x6ee/0x2530 [ 25.645793] [] ? __pmd_alloc+0x410/0x410 [ 25.651480] [] compat_readv+0xe3/0x150 [ 25.656994] [] do_compat_readv+0xf4/0x1d0 [ 25.662759] [] ? compat_readv+0x150/0x150 [ 25.668525] [] compat_SyS_readv+0x26/0x30 [ 25.674293] [] ? SyS_pwritev2+0x80/0x80 [ 25.679887] [] do_fast_syscall_32+0x2f7/0x890 [ 25.686000] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.692642] [] entry_SYSENTER_compat+0x74/0x83 [ 25.698848] [ 25.700718] Allocated by task 0: [ 25.704055] (stack is not available) [ 25.707733] [ 25.709332] Freed by task 0: [ 25.712313] (stack is not available) [ 25.715988] [ 25.717583] The buggy address belongs to the object at ffff8801d4ee6100 [ 25.717583] which belongs to the cache fasync_cache of size 96 [ 25.730231] The buggy address is located 64 bytes inside of [ 25.730231] 96-byte region [ffff8801d4ee6100, ffff8801d4ee6160) [ 25.741903] The buggy address belongs to the page: [ 25.746799] page:ffffea000753b980 count:1 mapcount:0 mapping: (null) index:0x0 [ 25.755031] flags: 0x8000000000000080(slab) [ 25.759317] page dumped because: kasan: bad access detected [ 25.764989] [ 25.766582] Memory state around the buggy address: [ 25.771475] ffff8801d4ee6000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 25.778803] ffff8801d4ee6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.786135] >ffff8801d4ee6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.793460] ^ [ 25.798877] ffff8801d4ee6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.806213] ffff8801d4ee6200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.813548] ================================================================== [ 25.820879] Disabling lock debugging due to kernel taint [ 25.826372] Kernel panic - not syncing: panic_on_warn set ... [ 25.826372] [ 25.833710] CPU: 0 PID: 3330 Comm: syzkaller095274 Tainted: G B 4.9.76-g8e170a5 #21 [ 25.842600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.851930] ffff8801c715f898 ffffffff81d93149 ffffffff84195c17 ffff8801c715f970 [ 25.859913] 0000000000000000 ffff8801d4ee6140 ffff8801c89f8238 ffff8801c715f960 [ 25.867867] ffffffff8142e371 0000000041b58ab3 ffffffff84189678 ffffffff8142e1b5 [ 25.875819] Call Trace: [ 25.878385] [] dump_stack+0xc1/0x128 [ 25.883717] [] panic+0x1bc/0x3a8 [ 25.888702] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 25.896898] [] ? preempt_schedule+0x25/0x30 [ 25.902837] [] ? ___preempt_schedule+0x16/0x18 [ 25.909035] [] kasan_end_report+0x50/0x50 [ 25.914798] [] kasan_report+0x167/0x360 [ 25.920396] [] ? sg_remove_request+0x103/0x120 [ 25.926600] [] __asan_report_load8_noabort+0x14/0x20 [ 25.933319] [] sg_remove_request+0x103/0x120 [ 25.939351] [] sg_finish_rem_req+0x295/0x340 [ 25.945385] [] sg_read+0xa1c/0x1440 [ 25.950638] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 25.957288] [] ? fsnotify+0xf30/0xf30 [ 25.962706] [] ? avc_policy_seqno+0x9/0x20 [ 25.968560] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 25.975541] [] ? security_file_permission+0x89/0x1e0 [ 25.982262] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 25.988893] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 25.995525] [] compat_do_readv_writev+0x522/0x760 [ 26.001990] [] ? do_pwritev+0x1a0/0x1a0 [ 26.007585] [] ? _raw_spin_unlock+0x2c/0x50 [ 26.013530] [] ? handle_mm_fault+0x6ee/0x2530 [ 26.019642] [] ? __pmd_alloc+0x410/0x410 [ 26.025318] [] compat_readv+0xe3/0x150 [ 26.030820] [] do_compat_readv+0xf4/0x1d0 [ 26.036583] [] ? compat_readv+0x150/0x150 [ 26.042345] [] compat_SyS_readv+0x26/0x30 [ 26.048106] [] ? SyS_pwritev2+0x80/0x80 [ 26.053704] [] do_fast_syscall_32+0x2f7/0x890 [ 26.059827] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.066460] [] entry_SYSENTER_compat+0x74/0x83 [ 26.072711] Dumping ftrace buffer: [ 26.076227] (ftrace buffer empty) [ 26.079907] Kernel Offset: disabled [ 26.083500] Rebooting in 86400 seconds..