[....] Starting enhanced syslogd: rsyslogd[ 16.448852] audit: type=1400 audit(1517471679.470:4): avc: denied { syslog } for pid=3906 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.421723] ================================================================== [ 26.429140] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 26.436212] Read of size 8 at addr ffff8801c9785140 by task syzkaller145053/4055 [ 26.443712] [ 26.445321] CPU: 1 PID: 4055 Comm: syzkaller145053 Not tainted 4.9.79-g71f1469 #25 [ 26.452998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.462326] ffff8801c88579b0 ffffffff81d94829 ffffea000725e140 ffff8801c9785140 [ 26.470298] 0000000000000000 ffff8801c9785140 ffff8801d3540238 ffff8801c88579e8 [ 26.478274] ffffffff8153e083 ffff8801c9785140 0000000000000008 0000000000000000 [ 26.486270] Call Trace: [ 26.488830] [] dump_stack+0xc1/0x128 [ 26.494175] [] print_address_description+0x73/0x280 [ 26.500816] [] kasan_report+0x275/0x360 [ 26.506423] [] ? sg_remove_request+0x103/0x120 [ 26.512637] [] __asan_report_load8_noabort+0x14/0x20 [ 26.519360] [] sg_remove_request+0x103/0x120 [ 26.525386] [] sg_finish_rem_req+0x295/0x340 [ 26.531414] [] sg_read+0xa16/0x1440 [ 26.536665] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 26.543311] [] ? fsnotify+0xf30/0xf30 [ 26.548747] [] ? avc_policy_seqno+0x9/0x20 [ 26.554603] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 26.561589] [] ? security_file_permission+0x89/0x1e0 [ 26.568735] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 26.575405] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 26.582054] [] do_readv_writev+0x520/0x750 [ 26.587909] [] ? vfs_write+0x530/0x530 [ 26.593417] [] ? __pmd_alloc+0x410/0x410 [ 26.599098] [] ? dev_seq_stop+0x50/0x50 [ 26.604692] [] ? __do_page_fault+0x5ec/0xd40 [ 26.610747] [] vfs_readv+0x84/0xc0 [ 26.615907] [] do_readv+0xe6/0x250 [ 26.621083] [] ? vfs_readv+0xc0/0xc0 [ 26.626426] [] ? entry_SYSCALL_64_fastpath+0x5/0xe8 [ 26.633070] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 26.639889] [] SyS_readv+0x27/0x30 [ 26.645052] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 26.651611] [ 26.653219] Allocated by task 0: [ 26.656551] (stack is not available) [ 26.660229] [ 26.661824] Freed by task 0: [ 26.664807] (stack is not available) [ 26.668487] [ 26.670085] The buggy address belongs to the object at ffff8801c9785100 [ 26.670085] which belongs to the cache fasync_cache of size 96 [ 26.682718] The buggy address is located 64 bytes inside of [ 26.682718] 96-byte region [ffff8801c9785100, ffff8801c9785160) [ 26.694995] The buggy address belongs to the page: [ 26.699895] page:ffffea000725e140 count:1 mapcount:0 mapping: (null) index:0x0 [ 26.708233] flags: 0x8000000000000080(slab) [ 26.712520] page dumped because: kasan: bad access detected [ 26.718197] [ 26.719804] Memory state around the buggy address: [ 26.724704] ffff8801c9785000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 26.732038] ffff8801c9785080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.739392] >ffff8801c9785100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.746722] ^ [ 26.752149] ffff8801c9785180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.759487] ffff8801c9785200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.766824] ================================================================== [ 26.774151] Disabling lock debugging due to kernel taint [ 26.779890] Kernel panic - not syncing: panic_on_warn set ... [ 26.779890] [ 26.787249] CPU: 1 PID: 4055 Comm: syzkaller145053 Tainted: G B 4.9.79-g71f1469 #25 [ 26.796142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.805568] ffff8801c8857908 ffffffff81d94829 ffffffff8419709f ffff8801c88579e0 [ 26.813550] 0000000000000000 ffff8801c9785140 ffff8801d3540238 ffff8801c88579d0 [ 26.821538] ffffffff8142f531 0000000041b58ab3 ffffffff8418ab10 ffffffff8142f375 [ 26.829526] Call Trace: [ 26.832088] [] dump_stack+0xc1/0x128 [ 26.837423] [] panic+0x1bc/0x3a8 [ 26.842417] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 26.850617] [] ? preempt_schedule+0x25/0x30 [ 26.856574] [] ? ___preempt_schedule+0x16/0x18 [ 26.862793] [] kasan_end_report+0x50/0x50 [ 26.868563] [] kasan_report+0x167/0x360 [ 26.874160] [] ? sg_remove_request+0x103/0x120 [ 26.880364] [] __asan_report_load8_noabort+0x14/0x20 [ 26.887087] [] sg_remove_request+0x103/0x120 [ 26.893116] [] sg_finish_rem_req+0x295/0x340 [ 26.899154] [] sg_read+0xa16/0x1440 [ 26.904405] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 26.911043] [] ? fsnotify+0xf30/0xf30 [ 26.916466] [] ? avc_policy_seqno+0x9/0x20 [ 26.922344] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 26.929332] [] ? security_file_permission+0x89/0x1e0 [ 26.936056] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 26.942693] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 26.949332] [] do_readv_writev+0x520/0x750 [ 26.955185] [] ? vfs_write+0x530/0x530 [ 26.960693] [] ? __pmd_alloc+0x410/0x410 [ 26.966377] [] ? dev_seq_stop+0x50/0x50 [ 26.971980] [] ? __do_page_fault+0x5ec/0xd40 [ 26.978008] [] vfs_readv+0x84/0xc0 [ 26.983174] [] do_readv+0xe6/0x250 [ 26.988336] [] ? vfs_readv+0xc0/0xc0 [ 26.993679] [] ? entry_SYSCALL_64_fastpath+0x5/0xe8 [ 27.000331] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 27.007141] [] SyS_readv+0x27/0x30 [ 27.012316] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 27.019276] Dumping ftrace buffer: [ 27.022789] (ftrace buffer empty) [ 27.026469] Kernel Offset: disabled [ 27.030071] Rebooting in 86400 seconds..