[....] Starting enhanced syslogd: rsyslogd[ 11.321497] audit: type=1400 audit(1515517454.705:4): avc: denied { syslog } for pid=3172 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 18.841148] ================================================================== [ 18.848540] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 18.855616] Read of size 8 at addr ffff8801cc9fd140 by task syzkaller401386/3320 [ 18.863122] [ 18.864719] CPU: 1 PID: 3320 Comm: syzkaller401386 Not tainted 4.9.75-g8910fa5 #19 [ 18.872388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 18.881710] ffff8801c8d47940 ffffffff81d93049 ffffea0007327f40 ffff8801cc9fd140 [ 18.889675] 0000000000000000 ffff8801cc9fd140 ffff8801c9084438 ffff8801c8d47978 [ 18.897629] ffffffff8153ca53 ffff8801cc9fd140 0000000000000008 0000000000000000 [ 18.905577] Call Trace: [ 18.908139] [] dump_stack+0xc1/0x128 [ 18.913468] [] print_address_description+0x73/0x280 [ 18.920110] [] kasan_report+0x275/0x360 [ 18.925700] [] ? sg_remove_request+0x103/0x120 [ 18.931898] [] __asan_report_load8_noabort+0x14/0x20 [ 18.938628] [] sg_remove_request+0x103/0x120 [ 18.944652] [] sg_finish_rem_req+0x295/0x340 [ 18.950675] [] sg_read+0xa1c/0x1440 [ 18.955927] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 18.962568] [] ? fsnotify+0xf30/0xf30 [ 18.967991] [] ? avc_policy_seqno+0x9/0x20 [ 18.973843] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 18.980822] [] ? security_file_permission+0x89/0x1e0 [ 18.987558] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 18.994198] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 19.000836] [] compat_do_readv_writev+0x522/0x760 [ 19.007294] [] ? do_pwritev+0x1a0/0x1a0 [ 19.012893] [] ? _raw_spin_unlock+0x2c/0x50 [ 19.018833] [] ? handle_mm_fault+0x6ee/0x2530 [ 19.024942] [] ? __pmd_alloc+0x410/0x410 [ 19.030618] [] compat_readv+0xe3/0x150 [ 19.036118] [] do_compat_readv+0xf4/0x1d0 [ 19.041882] [] ? compat_readv+0x150/0x150 [ 19.047657] [] compat_SyS_readv+0x26/0x30 [ 19.053421] [] ? SyS_pwritev2+0x80/0x80 [ 19.059015] [] do_fast_syscall_32+0x2f7/0x890 [ 19.065126] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 19.071760] [] entry_SYSENTER_compat+0x74/0x83 [ 19.077954] [ 19.079546] Allocated by task 0: [ 19.082874] (stack is not available) [ 19.086550] [ 19.088142] Freed by task 0: [ 19.091121] (stack is not available) [ 19.094802] [ 19.096406] The buggy address belongs to the object at ffff8801cc9fd100 [ 19.096406] which belongs to the cache fasync_cache of size 96 [ 19.109041] The buggy address is located 64 bytes inside of [ 19.109041] 96-byte region [ffff8801cc9fd100, ffff8801cc9fd160) [ 19.120707] The buggy address belongs to the page: [ 19.125613] page:ffffea0007327f40 count:1 mapcount:0 mapping: (null) index:0x0 [ 19.133832] flags: 0x8000000000000080(slab) [ 19.138117] page dumped because: kasan: bad access detected [ 19.143792] [ 19.145383] Memory state around the buggy address: [ 19.150286] ffff8801cc9fd000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 19.157620] ffff8801cc9fd080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.164944] >ffff8801cc9fd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.172267] ^ [ 19.177680] ffff8801cc9fd180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.185005] ffff8801cc9fd200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.192327] ================================================================== [ 19.199650] Disabling lock debugging due to kernel taint [ 19.205129] Kernel panic - not syncing: panic_on_warn set ... [ 19.205129] [ 19.212472] CPU: 1 PID: 3320 Comm: syzkaller401386 Tainted: G B 4.9.75-g8910fa5 #19 [ 19.221372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.230704] ffff8801c8d47898 ffffffff81d93049 ffffffff84195be7 ffff8801c8d47970 [ 19.238673] 0000000000000000 ffff8801cc9fd140 ffff8801c9084438 ffff8801c8d47960 [ 19.246636] ffffffff8142e281 0000000041b58ab3 ffffffff84189648 ffffffff8142e0c5 [ 19.254593] Call Trace: [ 19.257154] [] dump_stack+0xc1/0x128 [ 19.262486] [] panic+0x1bc/0x3a8 [ 19.267473] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 19.275682] [] ? preempt_schedule+0x25/0x30 [ 19.281620] [] ? ___preempt_schedule+0x16/0x18 [ 19.287820] [] kasan_end_report+0x50/0x50 [ 19.293582] [] kasan_report+0x167/0x360 [ 19.299174] [] ? sg_remove_request+0x103/0x120 [ 19.305372] [] __asan_report_load8_noabort+0x14/0x20 [ 19.312087] [] sg_remove_request+0x103/0x120 [ 19.318112] [] sg_finish_rem_req+0x295/0x340 [ 19.324134] [] sg_read+0xa1c/0x1440 [ 19.329377] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 19.336012] [] ? fsnotify+0xf30/0xf30 [ 19.341436] [] ? avc_policy_seqno+0x9/0x20 [ 19.347289] [] do_loop_readv_writev.part.17+0x141/0x1e0 [ 19.354275] [] ? security_file_permission+0x89/0x1e0 [ 19.360995] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 19.367627] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 19.374260] [] compat_do_readv_writev+0x522/0x760 [ 19.380716] [] ? do_pwritev+0x1a0/0x1a0 [ 19.386310] [] ? _raw_spin_unlock+0x2c/0x50 [ 19.392257] [] ? handle_mm_fault+0x6ee/0x2530 [ 19.398375] [] ? __pmd_alloc+0x410/0x410 [ 19.404062] [] compat_readv+0xe3/0x150 [ 19.409565] [] do_compat_readv+0xf4/0x1d0 [ 19.415327] [] ? compat_readv+0x150/0x150 [ 19.421089] [] compat_SyS_readv+0x26/0x30 [ 19.426852] [] ? SyS_pwritev2+0x80/0x80 [ 19.432443] [] do_fast_syscall_32+0x2f7/0x890 [ 19.438553] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 19.445188] [] entry_SYSENTER_compat+0x74/0x83 [ 19.451429] Dumping ftrace buffer: [ 19.454936] (ftrace buffer empty) [ 19.458611] Kernel Offset: disabled [ 19.462204] Rebooting in 86400 seconds..