[....] Starting enhanced syslogd: rsyslogd[ 10.587342] audit: type=1400 audit(1515537234.670:4): avc: denied { syslog } for pid=3175 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.717676] ================================================================== [ 40.718785] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 40.719731] Read of size 8 at addr ffff8801c843a140 by task syzkaller305717/3341 [ 40.720792] [ 40.721022] CPU: 0 PID: 3341 Comm: syzkaller305717 Not tainted 4.9.75-g8910fa5 #19 [ 40.722097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.723329] ffff8801c7e07940 ffffffff81d93049 ffffea0007210e80 ffff8801c843a140 [ 40.724525] 0000000000000000 ffff8801c843a140 ffff8801ca284438 ffff8801c7e07978 [ 40.725722] ffffffff8153ca53 ffff8801c843a140 0000000000000008 0000000000000000 [ 40.726846] Call Trace: [ 40.727204] [] dump_stack+0xc1/0x128 [ 40.727937] [] print_address_description+0x73/0x280 [ 40.728822] [] kasan_report+0x275/0x360 [ 40.729564] [] ? sg_remove_request+0x103/0x120 [ 40.730383] [] __asan_report_load8_noabort+0x14/0x20 [ 40.731270] [] sg_remove_request+0x103/0x120 [ 40.732080] [] sg_finish_rem_req+0x295/0x340 [ 40.732949] [] sg_read+0xa1c/0x1440 [ 40.733647] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 40.734523] [] ? fsnotify+0xf30/0xf30 [ 40.735243] [] ? avc_policy_seqno+0x9/0x20 [ 40.736032] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 40.736961] [] ? security_file_permission+0x89/0x1e0 [ 40.738172] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 40.744809] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 40.751441] [] compat_do_readv_writev+0x522/0x760 [ 40.757902] [] ? do_pwritev+0x1a0/0x1a0 [ 40.763501] [] ? _raw_spin_unlock+0x2c/0x50 [ 40.769439] [] ? __pmd_alloc+0x410/0x410 [ 40.775306] [] compat_readv+0xe3/0x150 [ 40.780814] [] do_compat_readv+0xf4/0x1d0 [ 40.786577] [] ? compat_readv+0x150/0x150 [ 40.792341] [] compat_SyS_readv+0x26/0x30 [ 40.798107] [] ? SyS_pwritev2+0x80/0x80 [ 40.803708] [] do_fast_syscall_32+0x2f7/0x890 [ 40.809816] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.816455] [] entry_SYSENTER_compat+0x74/0x83 [ 40.822654] [ 40.824258] Allocated by task 0: [ 40.827596] (stack is not available) [ 40.831275] [ 40.832871] Freed by task 0: [ 40.835859] (stack is not available) [ 40.839540] [ 40.841136] The buggy address belongs to the object at ffff8801c843a100 [ 40.841136] which belongs to the cache fasync_cache of size 96 [ 40.853759] The buggy address is located 64 bytes inside of [ 40.853759] 96-byte region [ffff8801c843a100, ffff8801c843a160) [ 40.865424] The buggy address belongs to the page: [ 40.870322] page:ffffea0007210e80 count:1 mapcount:0 mapping: (null) index:0x0 [ 40.878539] flags: 0x8000000000000080(slab) [ 40.882823] page dumped because: kasan: bad access detected [ 40.888496] [ 40.890086] Memory state around the buggy address: [ 40.894983] ffff8801c843a000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 40.902309] ffff8801c843a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.909642] >ffff8801c843a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.916974] ^ [ 40.922406] ffff8801c843a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.929736] ffff8801c843a200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 40.937075] ================================================================== [ 40.944405] Disabling lock debugging due to kernel taint [ 40.949926] Kernel panic - not syncing: panic_on_warn set ... [ 40.949926] [ 40.957267] CPU: 0 PID: 3341 Comm: syzkaller305717 Tainted: G B 4.9.75-g8910fa5 #19 [ 40.966155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.975480] ffff8801c7e07898 ffffffff81d93049 ffffffff84195be7 ffff8801c7e07970 [ 40.983444] 0000000000000000 ffff8801c843a140 ffff8801ca284438 ffff8801c7e07960 [ 40.991394] ffffffff8142e281 0000000041b58ab3 ffffffff84189648 ffffffff8142e0c5 [ 40.999340] Call Trace: [ 41.001897] [] dump_stack+0xc1/0x128 [ 41.007233] [] panic+0x1bc/0x3a8 [ 41.012216] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 41.020412] [] ? preempt_schedule+0x25/0x30 [ 41.026349] [] ? ___preempt_schedule+0x16/0x18 [ 41.032555] [] kasan_end_report+0x50/0x50 [ 41.038318] [] kasan_report+0x167/0x360 [ 41.043910] [] ? sg_remove_request+0x103/0x120 [ 41.050116] [] __asan_report_load8_noabort+0x14/0x20 [ 41.056837] [] sg_remove_request+0x103/0x120 [ 41.062868] [] sg_finish_rem_req+0x295/0x340 [ 41.068892] [] sg_read+0xa1c/0x1440 [ 41.074144] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 41.080777] [] ? fsnotify+0xf30/0xf30 [ 41.086194] [] ? avc_policy_seqno+0x9/0x20 [ 41.092048] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 41.099028] [] ? security_file_permission+0x89/0x1e0 [ 41.105752] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 41.112395] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 41.119026] [] compat_do_readv_writev+0x522/0x760 [ 41.125485] [] ? do_pwritev+0x1a0/0x1a0 [ 41.131084] [] ? _raw_spin_unlock+0x2c/0x50 [ 41.137024] [] ? __pmd_alloc+0x410/0x410 [ 41.142701] [] compat_readv+0xe3/0x150 [ 41.148205] [] do_compat_readv+0xf4/0x1d0 [ 41.154063] [] ? compat_readv+0x150/0x150 [ 41.159827] [] compat_SyS_readv+0x26/0x30 [ 41.165599] [] ? SyS_pwritev2+0x80/0x80 [ 41.171190] [] do_fast_syscall_32+0x2f7/0x890 [ 41.177309] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.183942] [] entry_SYSENTER_compat+0x74/0x83 [ 41.190535] Dumping ftrace buffer: [ 41.190538] (ftrace buffer empty) [ 41.190540] Kernel Offset: disabled [ 41.201321] Rebooting in 86400 seconds..