[....] Starting enhanced syslogd: rsyslogd[ 13.414805] audit: type=1400 audit(1519686251.225:4): avc: denied { syslog } for pid=3649 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.695613] ================================================================== [ 40.702981] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 40.710050] Read of size 8 at addr ffff8801c35f8140 by task syzkaller945315/3815 [ 40.717548] [ 40.719145] CPU: 1 PID: 3815 Comm: syzkaller945315 Not tainted 4.9.84-ga9d0273 #44 [ 40.726815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.736141] ffff8801cd627a60 ffffffff81d956b9 ffffea00070d7e00 ffff8801c35f8140 [ 40.744115] 0000000000000000 ffff8801c35f8140 ffff8801d7918238 ffff8801cd627a98 [ 40.752082] ffffffff8153e1a3 ffff8801c35f8140 0000000000000008 0000000000000000 [ 40.760048] Call Trace: [ 40.762609] [] dump_stack+0xc1/0x128 [ 40.767942] [] print_address_description+0x73/0x280 [ 40.774575] [] kasan_report+0x275/0x360 [ 40.780165] [] ? sg_remove_request+0x103/0x120 [ 40.786365] [] __asan_report_load8_noabort+0x14/0x20 [ 40.793082] [] sg_remove_request+0x103/0x120 [ 40.799108] [] sg_finish_rem_req+0x295/0x340 [ 40.805141] [] sg_read+0xa16/0x1440 [ 40.810390] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 40.817026] [] ? fasync_insert_entry+0x147/0x2e0 [ 40.823396] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 40.830030] [] __vfs_read+0x103/0x670 [ 40.835449] [] ? default_llseek+0x290/0x290 [ 40.841388] [] ? fsnotify+0x86/0xf30 [ 40.846720] [] ? fsnotify+0xf30/0xf30 [ 40.852141] [] ? avc_policy_seqno+0x9/0x20 [ 40.857993] [] ? selinux_file_permission+0x82/0x460 [ 40.864627] [] ? security_file_permission+0x89/0x1e0 [ 40.871347] [] ? rw_verify_area+0xe5/0x2b0 [ 40.877205] [] vfs_read+0x11e/0x380 [ 40.882450] [] SyS_read+0xd9/0x1b0 [ 40.887606] [] ? vfs_copy_file_range+0x740/0x740 [ 40.893978] [] ? do_syscall_64+0x48/0x490 [ 40.899743] [] ? vfs_copy_file_range+0x740/0x740 [ 40.906116] [] do_syscall_64+0x1a4/0x490 [ 40.911813] [] entry_SYSCALL_64_after_swapgs+0x47/0xc5 [ 40.918705] [ 40.920302] Allocated by task 0: [ 40.923633] (stack is not available) [ 40.927313] [ 40.928908] Freed by task 0: [ 40.931896] (stack is not available) [ 40.935574] [ 40.937170] The buggy address belongs to the object at ffff8801c35f8100 [ 40.937170] which belongs to the cache fasync_cache of size 96 [ 40.949791] The buggy address is located 64 bytes inside of [ 40.949791] 96-byte region [ffff8801c35f8100, ffff8801c35f8160) [ 40.961457] The buggy address belongs to the page: [ 40.966356] page:ffffea00070d7e00 count:1 mapcount:0 mapping: (null) index:0x0 [ 40.974580] flags: 0x8000000000000080(slab) [ 40.978867] page dumped because: kasan: bad access detected [ 40.984541] [ 40.986134] Memory state around the buggy address: [ 40.991028] ffff8801c35f8000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 40.998353] ffff8801c35f8080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.005679] >ffff8801c35f8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.013004] ^ [ 41.018419] ffff8801c35f8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.025746] ffff8801c35f8200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.033071] ================================================================== [ 41.040396] Disabling lock debugging due to kernel taint [ 41.045915] Kernel panic - not syncing: panic_on_warn set ... [ 41.045915] [ 41.053255] CPU: 1 PID: 3815 Comm: syzkaller945315 Tainted: G B 4.9.84-ga9d0273 #44 [ 41.062145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.071493] ffff8801cd6279b8 ffffffff81d956b9 ffffffff8419784f ffff8801cd627a90 [ 41.079479] 0000000000000000 ffff8801c35f8140 ffff8801d7918238 ffff8801cd627a80 [ 41.087452] ffffffff8142f571 0000000041b58ab3 ffffffff8418b2c0 ffffffff8142f3b5 [ 41.095417] Call Trace: [ 41.097976] [] dump_stack+0xc1/0x128 [ 41.103310] [] panic+0x1bc/0x3a8 [ 41.108295] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 41.116492] [] ? preempt_schedule+0x25/0x30 [ 41.122430] [] ? ___preempt_schedule+0x16/0x18 [ 41.128629] [] kasan_end_report+0x50/0x50 [ 41.134395] [] kasan_report+0x167/0x360 [ 41.139986] [] ? sg_remove_request+0x103/0x120 [ 41.146190] [] __asan_report_load8_noabort+0x14/0x20 [ 41.152911] [] sg_remove_request+0x103/0x120 [ 41.158946] [] sg_finish_rem_req+0x295/0x340 [ 41.164972] [] sg_read+0xa16/0x1440 [ 41.170215] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 41.176860] [] ? fasync_insert_entry+0x147/0x2e0 [ 41.183264] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 41.189900] [] __vfs_read+0x103/0x670 [ 41.195320] [] ? default_llseek+0x290/0x290 [ 41.201258] [] ? fsnotify+0x86/0xf30 [ 41.206588] [] ? fsnotify+0xf30/0xf30 [ 41.212007] [] ? avc_policy_seqno+0x9/0x20 [ 41.217858] [] ? selinux_file_permission+0x82/0x460 [ 41.224495] [] ? security_file_permission+0x89/0x1e0 [ 41.231217] [] ? rw_verify_area+0xe5/0x2b0 [ 41.237070] [] vfs_read+0x11e/0x380 [ 41.242316] [] SyS_read+0xd9/0x1b0 [ 41.247481] [] ? vfs_copy_file_range+0x740/0x740 [ 41.253860] [] ? do_syscall_64+0x48/0x490 [ 41.259625] [] ? vfs_copy_file_range+0x740/0x740 [ 41.265995] [] do_syscall_64+0x1a4/0x490 [ 41.271673] [] entry_SYSCALL_64_after_swapgs+0x47/0xc5 [ 41.278922] Dumping ftrace buffer: [ 41.282432] (ftrace buffer empty) [ 41.286109] Kernel Offset: disabled [ 41.289703] Rebooting in 86400 seconds..