[....] Starting enhanced syslogd: rsyslogd[ 11.959473] audit: type=1400 audit(1515537118.868:4): avc: denied { syslog } for pid=3158 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 20.087374] ================================================================== [ 20.094765] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 20.101838] Read of size 8 at addr ffff8801c91ef140 by task syzkaller226965/3325 [ 20.109355] [ 20.110963] CPU: 1 PID: 3325 Comm: syzkaller226965 Not tainted 4.9.75-g8910fa5 #9 [ 20.118547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.127872] ffff8801c81a79b0 ffffffff81d93049 ffffea0007247bc0 ffff8801c91ef140 [ 20.135828] 0000000000000000 ffff8801c91ef140 ffff8801c964c438 ffff8801c81a79e8 [ 20.144075] ffffffff8153ca53 ffff8801c91ef140 0000000000000008 0000000000000000 [ 20.152026] Call Trace: [ 20.154588] [] dump_stack+0xc1/0x128 [ 20.159922] [] print_address_description+0x73/0x280 [ 20.166559] [] kasan_report+0x275/0x360 [ 20.172150] [] ? sg_remove_request+0x103/0x120 [ 20.178347] [] __asan_report_load8_noabort+0x14/0x20 [ 20.185067] [] sg_remove_request+0x103/0x120 [ 20.191090] [] sg_finish_rem_req+0x295/0x340 [ 20.197115] [] sg_read+0xa1c/0x1440 [ 20.202358] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 20.208996] [] ? fsnotify+0xf30/0xf30 [ 20.214414] [] ? avc_policy_seqno+0x9/0x20 [ 20.220811] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 20.227796] [] ? security_file_permission+0x89/0x1e0 [ 20.234523] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 20.241152] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 20.247786] [] do_readv_writev+0x520/0x750 [ 20.254159] [] ? vfs_write+0x530/0x530 [ 20.259662] [] ? __pmd_alloc+0x410/0x410 [ 20.265862] [] ? __do_page_fault+0x5ec/0xd40 [ 20.271885] [] vfs_readv+0x84/0xc0 [ 20.277042] [] do_readv+0xe6/0x250 [ 20.282203] [] ? vfs_readv+0xc0/0xc0 [ 20.287548] [] ? entry_SYSCALL_64_fastpath+0x5/0xe2 [ 20.294709] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 20.301516] [] SyS_readv+0x27/0x30 [ 20.306681] [] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 20.313227] [ 20.314821] Allocated by task 0: [ 20.318149] (stack is not available) [ 20.321824] [ 20.323416] Freed by task 0: [ 20.326405] (stack is not available) [ 20.330531] [ 20.332473] The buggy address belongs to the object at ffff8801c91ef100 [ 20.332473] which belongs to the cache fasync_cache of size 96 [ 20.345093] The buggy address is located 64 bytes inside of [ 20.345093] 96-byte region [ffff8801c91ef100, ffff8801c91ef160) [ 20.356757] The buggy address belongs to the page: [ 20.361656] page:ffffea0007247bc0 count:1 mapcount:0 mapping: (null) index:0x0 [ 20.370147] flags: 0x8000000000000080(slab) [ 20.374438] page dumped because: kasan: bad access detected [ 20.380116] [ 20.381712] Memory state around the buggy address: [ 20.386611] ffff8801c91ef000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 20.393945] ffff8801c91ef080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.401272] >ffff8801c91ef100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.408596] ^ [ 20.414019] ffff8801c91ef180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.421362] ffff8801c91ef200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.428712] ================================================================== [ 20.436045] Disabling lock debugging due to kernel taint [ 20.441693] Kernel panic - not syncing: panic_on_warn set ... [ 20.441693] [ 20.449050] CPU: 1 PID: 3325 Comm: syzkaller226965 Tainted: G B 4.9.75-g8910fa5 #9 [ 20.458238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.467914] ffff8801c81a7908 ffffffff81d93049 ffffffff84195be7 ffff8801c81a79e0 [ 20.476920] 0000000000000000 ffff8801c91ef140 ffff8801c964c438 ffff8801c81a79d0 [ 20.484868] ffffffff8142e281 0000000041b58ab3 ffffffff84189648 ffffffff8142e0c5 [ 20.492817] Call Trace: [ 20.495643] [] dump_stack+0xc1/0x128 [ 20.500971] [] panic+0x1bc/0x3a8 [ 20.505972] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 20.515158] [] ? preempt_schedule+0x25/0x30 [ 20.521876] [] ? ___preempt_schedule+0x16/0x18 [ 20.528075] [] kasan_end_report+0x50/0x50 [ 20.533845] [] kasan_report+0x167/0x360 [ 20.539434] [] ? sg_remove_request+0x103/0x120 [ 20.545631] [] __asan_report_load8_noabort+0x14/0x20 [ 20.552615] [] sg_remove_request+0x103/0x120 [ 20.560556] [] sg_finish_rem_req+0x295/0x340 [ 20.566581] [] sg_read+0xa1c/0x1440 [ 20.571825] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 20.578724] [] ? fsnotify+0xf30/0xf30 [ 20.584574] [] ? avc_policy_seqno+0x9/0x20 [ 20.590423] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 20.597751] [] ? security_file_permission+0x89/0x1e0 [ 20.604469] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 20.611099] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 20.617730] [] do_readv_writev+0x520/0x750 [ 20.623581] [] ? vfs_write+0x530/0x530 [ 20.629085] [] ? __pmd_alloc+0x410/0x410 [ 20.634765] [] ? __do_page_fault+0x5ec/0xd40 [ 20.640790] [] vfs_readv+0x84/0xc0 [ 20.645946] [] do_readv+0xe6/0x250 [ 20.651101] [] ? vfs_readv+0xc0/0xc0 [ 20.656440] [] ? entry_SYSCALL_64_fastpath+0x5/0xe2 [ 20.663074] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 20.670398] [] SyS_readv+0x27/0x30 [ 20.676601] [] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 20.683626] Dumping ftrace buffer: [ 20.687479] (ftrace buffer empty) [ 20.691764] Kernel Offset: disabled [ 20.695356] Rebooting in 86400 seconds..