[....] Starting enhanced syslogd: rsyslogd[ 11.105889] audit: type=1400 audit(1516049351.262:4): avc: denied { syslog } for pid=3171 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 20.775548] ================================================================== [ 20.776598] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 20.777531] Read of size 8 at addr ffff8801c9fd5140 by task syzkaller113265/3320 [ 20.778536] [ 20.778769] CPU: 0 PID: 3320 Comm: syzkaller113265 Not tainted 4.9.76-g8dec074 #13 [ 20.779797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.781021] ffff8801ca92fab0 ffffffff81d93169 ffffea000727f540 ffff8801c9fd5140 [ 20.782189] 0000000000000000 ffff8801c9fd5140 ffff8801c8480238 ffff8801ca92fae8 [ 20.783351] ffffffff8153cb43 ffff8801c9fd5140 0000000000000008 0000000000000000 [ 20.784518] Call Trace: [ 20.784901] [] dump_stack+0xc1/0x128 [ 20.785615] [] print_address_description+0x73/0x280 [ 20.786493] [] kasan_report+0x275/0x360 [ 20.787277] [] ? sg_remove_request+0x103/0x120 [ 20.788119] [] __asan_report_load8_noabort+0x14/0x20 [ 20.794538] [] sg_remove_request+0x103/0x120 [ 20.795360] [] sg_finish_rem_req+0x295/0x340 [ 20.796185] [] sg_read+0xa1c/0x1440 [ 20.801431] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 20.808077] [] ? fasync_insert_entry+0x147/0x2e0 [ 20.814452] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 20.821091] [] __vfs_read+0x103/0x670 [ 20.826509] [] ? default_llseek+0x290/0x290 [ 20.832448] [] ? fsnotify+0x86/0xf30 [ 20.837782] [] ? fsnotify+0xf30/0xf30 [ 20.843203] [] ? avc_policy_seqno+0x9/0x20 [ 20.849055] [] ? selinux_file_permission+0x82/0x460 [ 20.855692] [] ? security_file_permission+0x89/0x1e0 [ 20.862415] [] ? rw_verify_area+0xe5/0x2b0 [ 20.868268] [] vfs_read+0x11e/0x380 [ 20.873514] [] SyS_read+0xd9/0x1b0 [ 20.878671] [] ? vfs_copy_file_range+0x740/0x740 [ 20.885048] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 20.891858] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 20.898407] [] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 20.904954] [ 20.906552] Allocated by task 0: [ 20.909882] (stack is not available) [ 20.913558] [ 20.915152] Freed by task 0: [ 20.918134] (stack is not available) [ 20.921811] [ 20.923415] The buggy address belongs to the object at ffff8801c9fd5100 [ 20.923415] which belongs to the cache fasync_cache of size 96 [ 20.936038] The buggy address is located 64 bytes inside of [ 20.936038] 96-byte region [ffff8801c9fd5100, ffff8801c9fd5160) [ 20.947727] The buggy address belongs to the page: [ 20.952626] page:ffffea000727f540 count:1 mapcount:0 mapping: (null) index:0x0 [ 20.960852] flags: 0x8000000000000080(slab) [ 20.965139] page dumped because: kasan: bad access detected [ 20.971559] [ 20.973156] Memory state around the buggy address: [ 20.978053] ffff8801c9fd5000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 20.985381] ffff8801c9fd5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.992709] >ffff8801c9fd5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.000036] ^ [ 21.005451] ffff8801c9fd5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.012780] ffff8801c9fd5200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.020106] ================================================================== [ 21.027436] Disabling lock debugging due to kernel taint [ 21.032924] Kernel panic - not syncing: panic_on_warn set ... [ 21.032924] [ 21.040274] CPU: 0 PID: 3320 Comm: syzkaller113265 Tainted: G B 4.9.76-g8dec074 #13 [ 21.049165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.058495] ffff8801ca92fa08 ffffffff81d93169 ffffffff84195c2f ffff8801ca92fae0 [ 21.066464] 0000000000000000 ffff8801c9fd5140 ffff8801c8480238 ffff8801ca92fad0 [ 21.074431] ffffffff8142e371 0000000041b58ab3 ffffffff84189690 ffffffff8142e1b5 [ 21.082408] Call Trace: [ 21.084966] [] dump_stack+0xc1/0x128 [ 21.090301] [] panic+0x1bc/0x3a8 [ 21.095287] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 21.103486] [] ? preempt_schedule+0x25/0x30 [ 21.109426] [] ? ___preempt_schedule+0x16/0x18 [ 21.115627] [] kasan_end_report+0x50/0x50 [ 21.121394] [] kasan_report+0x167/0x360 [ 21.126986] [] ? sg_remove_request+0x103/0x120 [ 21.133188] [] __asan_report_load8_noabort+0x14/0x20 [ 21.139910] [] sg_remove_request+0x103/0x120 [ 21.145937] [] sg_finish_rem_req+0x295/0x340 [ 21.151963] [] sg_read+0xa1c/0x1440 [ 21.157207] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 21.163851] [] ? fasync_insert_entry+0x147/0x2e0 [ 21.170227] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 21.176877] [] __vfs_read+0x103/0x670 [ 21.182300] [] ? default_llseek+0x290/0x290 [ 21.188245] [] ? fsnotify+0x86/0xf30 [ 21.193579] [] ? fsnotify+0xf30/0xf30 [ 21.199007] [] ? avc_policy_seqno+0x9/0x20 [ 21.204865] [] ? selinux_file_permission+0x82/0x460 [ 21.211514] [] ? security_file_permission+0x89/0x1e0 [ 21.218235] [] ? rw_verify_area+0xe5/0x2b0 [ 21.224088] [] vfs_read+0x11e/0x380 [ 21.229336] [] SyS_read+0xd9/0x1b0 [ 21.234494] [] ? vfs_copy_file_range+0x740/0x740 [ 21.240869] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 21.247677] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 21.254231] [] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 21.261243] Dumping ftrace buffer: [ 21.264753] (ftrace buffer empty) [ 21.268433] Kernel Offset: disabled [ 21.272028] Rebooting in 86400 seconds..