[....] Starting enhanced syslogd: rsyslogd[ 10.942173] audit: type=1400 audit(1515266043.572:4): avc: denied { syslog } for pid=3201 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 21.604472] ================================================================== [ 21.605569] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 21.606519] Read of size 8 at addr ffff8801c921e140 by task syzkaller934178/3356 [ 21.607500] [ 21.607744] CPU: 0 PID: 3356 Comm: syzkaller934178 Not tainted 4.9.75-g06fe41f #16 [ 21.608759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.610300] ffff8801c82efa50 ffffffff81d93049 ffffea0007248780 ffff8801c921e140 [ 21.611860] 0000000000000000 ffff8801c921e140 ffff8801c9762338 ffff8801c82efa88 [ 21.613044] ffffffff8153ca53 ffff8801c921e140 0000000000000008 0000000000000000 [ 21.614174] Call Trace: [ 21.614534] [] dump_stack+0xc1/0x128 [ 21.615274] [] print_address_description+0x73/0x280 [ 21.616149] [] kasan_report+0x275/0x360 [ 21.616890] [] ? sg_remove_request+0x103/0x120 [ 21.617727] [] __asan_report_load8_noabort+0x14/0x20 [ 21.618611] [] sg_remove_request+0x103/0x120 [ 21.619421] [] sg_finish_rem_req+0x295/0x340 [ 21.620218] [] sg_read+0xa1c/0x1440 [ 21.620937] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 21.621845] [] ? __raw_spin_lock_init+0x1c/0x100 [ 21.622688] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 21.623583] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 21.624461] [] __vfs_read+0x103/0x670 [ 21.629222] [] ? default_llseek+0x290/0x290 [ 21.635156] [] ? fsnotify+0x86/0xf30 [ 21.640482] [] ? fsnotify+0xf30/0xf30 [ 21.647118] [] ? avc_policy_seqno+0x9/0x20 [ 21.652966] [] ? selinux_file_permission+0x82/0x460 [ 21.659602] [] ? security_file_permission+0x89/0x1e0 [ 21.666321] [] ? rw_verify_area+0xe5/0x2b0 [ 21.672168] [] vfs_read+0x11e/0x380 [ 21.677407] [] SyS_read+0xd9/0x1b0 [ 21.682559] [] ? vfs_copy_file_range+0x740/0x740 [ 21.688932] [] ? do_fast_syscall_32+0xcf/0x890 [ 21.695126] [] ? vfs_copy_file_range+0x740/0x740 [ 21.701493] [] do_fast_syscall_32+0x2f7/0x890 [ 21.707604] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 21.714233] [] entry_SYSENTER_compat+0x74/0x83 [ 21.720424] [ 21.722016] Allocated by task 0: [ 21.725341] (stack is not available) [ 21.729015] [ 21.730606] Freed by task 0: [ 21.733599] (stack is not available) [ 21.737273] [ 21.738867] The buggy address belongs to the object at ffff8801c921e100 [ 21.738867] which belongs to the cache fasync_cache of size 96 [ 21.751484] The buggy address is located 64 bytes inside of [ 21.751484] 96-byte region [ffff8801c921e100, ffff8801c921e160) [ 21.763144] The buggy address belongs to the page: [ 21.768036] page:ffffea0007248780 count:1 mapcount:0 mapping: (null) index:0x0 [ 21.776257] flags: 0x8000000000000080(slab) [ 21.780539] page dumped because: kasan: bad access detected [ 21.786211] [ 21.787811] Memory state around the buggy address: [ 21.793225] ffff8801c921e000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 21.800553] ffff8801c921e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.807872] >ffff8801c921e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.815191] ^ [ 21.820604] ffff8801c921e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.827926] ffff8801c921e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.836468] ================================================================== [ 21.844048] Disabling lock debugging due to kernel taint [ 21.849744] Kernel panic - not syncing: panic_on_warn set ... [ 21.849744] [ 21.857517] CPU: 0 PID: 3356 Comm: syzkaller934178 Tainted: G B 4.9.75-g06fe41f #16 [ 21.868315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 21.877637] ffff8801c82ef9a8 ffffffff81d93049 ffffffff84195be7 ffff8801c82efa80 [ 21.885585] 0000000000000000 ffff8801c921e140 ffff8801c9762338 ffff8801c82efa70 [ 21.893529] ffffffff8142e281 0000000041b58ab3 ffffffff84189648 ffffffff8142e0c5 [ 21.901465] Call Trace: [ 21.904018] [] dump_stack+0xc1/0x128 [ 21.909346] [] panic+0x1bc/0x3a8 [ 21.914326] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 21.922521] [] ? preempt_schedule+0x25/0x30 [ 21.928457] [] ? ___preempt_schedule+0x16/0x18 [ 21.934656] [] kasan_end_report+0x50/0x50 [ 21.940416] [] kasan_report+0x167/0x360 [ 21.946003] [] ? sg_remove_request+0x103/0x120 [ 21.952201] [] __asan_report_load8_noabort+0x14/0x20 [ 21.959350] [] sg_remove_request+0x103/0x120 [ 21.965371] [] sg_finish_rem_req+0x295/0x340 [ 21.971390] [] sg_read+0xa1c/0x1440 [ 21.976639] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 21.983279] [] ? __raw_spin_lock_init+0x1c/0x100 [ 21.989650] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 21.996456] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 22.003088] [] __vfs_read+0x103/0x670 [ 22.008502] [] ? default_llseek+0x290/0x290 [ 22.014437] [] ? fsnotify+0x86/0xf30 [ 22.019767] [] ? fsnotify+0xf30/0xf30 [ 22.025180] [] ? avc_policy_seqno+0x9/0x20 [ 22.031026] [] ? selinux_file_permission+0x82/0x460 [ 22.037655] [] ? security_file_permission+0x89/0x1e0 [ 22.044378] [] ? rw_verify_area+0xe5/0x2b0 [ 22.050231] [] vfs_read+0x11e/0x380 [ 22.055474] [] SyS_read+0xd9/0x1b0 [ 22.060628] [] ? vfs_copy_file_range+0x740/0x740 [ 22.066996] [] ? do_fast_syscall_32+0xcf/0x890 [ 22.073191] [] ? vfs_copy_file_range+0x740/0x740 [ 22.079565] [] do_fast_syscall_32+0x2f7/0x890 [ 22.085677] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 22.092308] [] entry_SYSENTER_compat+0x74/0x83 [ 22.099212] Dumping ftrace buffer: [ 22.102715] (ftrace buffer empty) [ 22.106389] Kernel Offset: disabled [ 22.109979] Rebooting in 86400 seconds..