[....] Starting enhanced syslogd: rsyslogd[ 12.932401] audit: type=1400 audit(1515881424.407:4): avc: denied { syslog } for pid=3176 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.225' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 20.304360] ================================================================== [ 20.311752] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 20.318825] Read of size 8 at addr ffff8801c908e140 by task syzkaller146445/3325 [ 20.326337] [ 20.327949] CPU: 0 PID: 3325 Comm: syzkaller146445 Not tainted 4.9.76-g8e170a5 #11 [ 20.335627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.344958] ffff8801c8d1fab0 ffffffff81d93149 ffffea0007242380 ffff8801c908e140 [ 20.352944] 0000000000000000 ffff8801c908e140 ffff8801c9e64438 ffff8801c8d1fae8 [ 20.360929] ffffffff8153cb43 ffff8801c908e140 0000000000000008 0000000000000000 [ 20.368909] Call Trace: [ 20.371470] [] dump_stack+0xc1/0x128 [ 20.376806] [] print_address_description+0x73/0x280 [ 20.383443] [] kasan_report+0x275/0x360 [ 20.389051] [] ? sg_remove_request+0x103/0x120 [ 20.395259] [] __asan_report_load8_noabort+0x14/0x20 [ 20.401993] [] sg_remove_request+0x103/0x120 [ 20.408036] [] sg_finish_rem_req+0x295/0x340 [ 20.414068] [] sg_read+0xa1c/0x1440 [ 20.419325] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 20.425969] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 20.432959] [] ? fasync_helper+0x37/0xb0 [ 20.438645] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 20.445292] [] __vfs_read+0x103/0x670 [ 20.450718] [] ? default_llseek+0x290/0x290 [ 20.456663] [] ? fsnotify+0x86/0xf30 [ 20.461996] [] ? fsnotify+0xf30/0xf30 [ 20.467420] [] ? avc_policy_seqno+0x9/0x20 [ 20.473285] [] ? selinux_file_permission+0x82/0x460 [ 20.479922] [] ? security_file_permission+0x89/0x1e0 [ 20.486651] [] ? rw_verify_area+0xe5/0x2b0 [ 20.492515] [] vfs_read+0x11e/0x380 [ 20.497765] [] SyS_read+0xd9/0x1b0 [ 20.502931] [] ? vfs_copy_file_range+0x740/0x740 [ 20.509311] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 20.516124] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 20.522778] [] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 20.529335] [ 20.530934] Allocated by task 0: [ 20.534268] (stack is not available) [ 20.537955] [ 20.539554] Freed by task 0: [ 20.542546] (stack is not available) [ 20.546224] [ 20.547824] The buggy address belongs to the object at ffff8801c908e100 [ 20.547824] which belongs to the cache fasync_cache of size 96 [ 20.560473] The buggy address is located 64 bytes inside of [ 20.560473] 96-byte region [ffff8801c908e100, ffff8801c908e160) [ 20.572148] The buggy address belongs to the page: [ 20.577069] page:ffffea0007242380 count:1 mapcount:0 mapping: (null) index:0x0 [ 20.585306] flags: 0x8000000000000080(slab) [ 20.589601] page dumped because: kasan: bad access detected [ 20.595278] [ 20.596877] Memory state around the buggy address: [ 20.601785] ffff8801c908e000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 20.609127] ffff8801c908e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.616463] >ffff8801c908e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.623793] ^ [ 20.629218] ffff8801c908e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.636552] ffff8801c908e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.643973] ================================================================== [ 20.651301] Disabling lock debugging due to kernel taint [ 20.657025] Kernel panic - not syncing: panic_on_warn set ... [ 20.657025] [ 20.664382] CPU: 0 PID: 3325 Comm: syzkaller146445 Tainted: G B 4.9.76-g8e170a5 #11 [ 20.673277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.682605] ffff8801c8d1fa08 ffffffff81d93149 ffffffff84195c17 ffff8801c8d1fae0 [ 20.690599] 0000000000000000 ffff8801c908e140 ffff8801c9e64438 ffff8801c8d1fad0 [ 20.698662] ffffffff8142e371 0000000041b58ab3 ffffffff84189678 ffffffff8142e1b5 [ 20.706634] Call Trace: [ 20.709198] [] dump_stack+0xc1/0x128 [ 20.714543] [] panic+0x1bc/0x3a8 [ 20.719540] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 20.727741] [] ? preempt_schedule+0x25/0x30 [ 20.733693] [] ? ___preempt_schedule+0x16/0x18 [ 20.739913] [] kasan_end_report+0x50/0x50 [ 20.746473] [] kasan_report+0x167/0x360 [ 20.752073] [] ? sg_remove_request+0x103/0x120 [ 20.758284] [] __asan_report_load8_noabort+0x14/0x20 [ 20.765014] [] sg_remove_request+0x103/0x120 [ 20.771057] [] sg_finish_rem_req+0x295/0x340 [ 20.777094] [] sg_read+0xa1c/0x1440 [ 20.782360] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 20.789002] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 20.795994] [] ? fasync_helper+0x37/0xb0 [ 20.801682] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 20.808322] [] __vfs_read+0x103/0x670 [ 20.813742] [] ? default_llseek+0x290/0x290 [ 20.819694] [] ? fsnotify+0x86/0xf30 [ 20.825219] [] ? fsnotify+0xf30/0xf30 [ 20.830679] [] ? avc_policy_seqno+0x9/0x20 [ 20.836545] [] ? selinux_file_permission+0x82/0x460 [ 20.843186] [] ? security_file_permission+0x89/0x1e0 [ 20.849914] [] ? rw_verify_area+0xe5/0x2b0 [ 20.855770] [] vfs_read+0x11e/0x380 [ 20.861024] [] SyS_read+0xd9/0x1b0 [ 20.866183] [] ? vfs_copy_file_range+0x740/0x740 [ 20.872565] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 20.879377] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 20.885930] [] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 20.892992] Dumping ftrace buffer: [ 20.896509] (ftrace buffer empty) [ 20.900198] Kernel Offset: disabled [ 20.903802] Rebooting in 86400 seconds..