[....] Starting enhanced syslogd: rsyslogd[ 13.401542] audit: type=1400 audit(1520198030.769:4): avc: denied { syslog } for pid=3653 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 24.751649] ================================================================== [ 24.759033] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 24.766102] Read of size 8 at addr ffff8801b95d9140 by task syzkaller873684/3809 [ 24.773600] [ 24.775201] CPU: 0 PID: 3809 Comm: syzkaller873684 Not tainted 4.9.85-ge0b05e6 #49 [ 24.782874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.792199] ffff8801d7cefa60 ffffffff81d95739 ffffea0006e57640 ffff8801b95d9140 [ 24.800189] 0000000000000000 ffff8801b95d9140 ffff8801d87e4438 ffff8801d7cefa98 [ 24.808154] ffffffff8153e0d3 ffff8801b95d9140 0000000000000008 0000000000000000 [ 24.816121] Call Trace: [ 24.818677] [] dump_stack+0xc1/0x128 [ 24.824010] [] print_address_description+0x73/0x280 [ 24.830643] [] kasan_report+0x275/0x360 [ 24.836240] [] ? sg_remove_request+0x103/0x120 [ 24.842442] [] __asan_report_load8_noabort+0x14/0x20 [ 24.849163] [] sg_remove_request+0x103/0x120 [ 24.855187] [] sg_finish_rem_req+0x295/0x340 [ 24.861212] [] sg_read+0xa16/0x1440 [ 24.866456] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 24.873102] [] ? new_slab+0x318/0x420 [ 24.878526] [] ? fasync_helper+0x37/0xb0 [ 24.884223] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 24.890855] [] __vfs_read+0x103/0x670 [ 24.896272] [] ? default_llseek+0x290/0x290 [ 24.902210] [] ? fsnotify+0x86/0xf30 [ 24.907543] [] ? fsnotify+0xf30/0xf30 [ 24.912965] [] ? avc_policy_seqno+0x9/0x20 [ 24.918824] [] ? selinux_file_permission+0x82/0x460 [ 24.925459] [] ? security_file_permission+0x89/0x1e0 [ 24.932182] [] ? rw_verify_area+0xe5/0x2b0 [ 24.938038] [] vfs_read+0x11e/0x380 [ 24.943285] [] SyS_read+0xd9/0x1b0 [ 24.948443] [] ? vfs_copy_file_range+0x740/0x740 [ 24.954816] [] ? do_syscall_64+0x48/0x490 [ 24.960583] [] ? vfs_copy_file_range+0x740/0x740 [ 24.966958] [] do_syscall_64+0x1a4/0x490 [ 24.972637] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 24.979527] [ 24.981124] Allocated by task 0: [ 24.984453] (stack is not available) [ 24.988136] [ 24.989731] Freed by task 0: [ 24.992713] (stack is not available) [ 24.996390] [ 24.997987] The buggy address belongs to the object at ffff8801b95d9100 [ 24.997987] which belongs to the cache fasync_cache of size 96 [ 25.010608] The buggy address is located 64 bytes inside of [ 25.010608] 96-byte region [ffff8801b95d9100, ffff8801b95d9160) [ 25.022273] The buggy address belongs to the page: [ 25.027170] page:ffffea0006e57640 count:1 mapcount:0 mapping: (null) index:0x0 [ 25.035392] flags: 0x8000000000000080(slab) [ 25.039677] page dumped because: kasan: bad access detected [ 25.045351] [ 25.046948] Memory state around the buggy address: [ 25.051847] ffff8801b95d9000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 25.059172] ffff8801b95d9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.066499] >ffff8801b95d9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.073829] ^ [ 25.079258] ffff8801b95d9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.086584] ffff8801b95d9200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.093926] ================================================================== [ 25.101251] Disabling lock debugging due to kernel taint [ 25.106759] Kernel panic - not syncing: panic_on_warn set ... [ 25.106759] [ 25.114105] CPU: 0 PID: 3809 Comm: syzkaller873684 Tainted: G B 4.9.85-ge0b05e6 #49 [ 25.122995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.132321] ffff8801d7cef9b8 ffffffff81d95739 ffffffff8419777f ffff8801d7cefa90 [ 25.140282] 0000000000000000 ffff8801b95d9140 ffff8801d87e4438 ffff8801d7cefa80 [ 25.148268] ffffffff8142f581 0000000041b58ab3 ffffffff8418b1f0 ffffffff8142f3c5 [ 25.156232] Call Trace: [ 25.158791] [] dump_stack+0xc1/0x128 [ 25.164127] [] panic+0x1bc/0x3a8 [ 25.169115] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 25.177312] [] ? preempt_schedule+0x25/0x30 [ 25.183253] [] ? ___preempt_schedule+0x16/0x18 [ 25.189455] [] kasan_end_report+0x50/0x50 [ 25.195222] [] kasan_report+0x167/0x360 [ 25.200814] [] ? sg_remove_request+0x103/0x120 [ 25.207015] [] __asan_report_load8_noabort+0x14/0x20 [ 25.213733] [] sg_remove_request+0x103/0x120 [ 25.219759] [] sg_finish_rem_req+0x295/0x340 [ 25.225790] [] sg_read+0xa16/0x1440 [ 25.231034] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 25.237668] [] ? new_slab+0x318/0x420 [ 25.243089] [] ? fasync_helper+0x37/0xb0 [ 25.248765] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 25.255398] [] __vfs_read+0x103/0x670 [ 25.260815] [] ? default_llseek+0x290/0x290 [ 25.266756] [] ? fsnotify+0x86/0xf30 [ 25.272086] [] ? fsnotify+0xf30/0xf30 [ 25.277507] [] ? avc_policy_seqno+0x9/0x20 [ 25.283358] [] ? selinux_file_permission+0x82/0x460 [ 25.289991] [] ? security_file_permission+0x89/0x1e0 [ 25.296712] [] ? rw_verify_area+0xe5/0x2b0 [ 25.302562] [] vfs_read+0x11e/0x380 [ 25.307805] [] SyS_read+0xd9/0x1b0 [ 25.312962] [] ? vfs_copy_file_range+0x740/0x740 [ 25.319337] [] ? do_syscall_64+0x48/0x490 [ 25.325104] [] ? vfs_copy_file_range+0x740/0x740 [ 25.331478] [] do_syscall_64+0x1a4/0x490 [ 25.337158] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 25.344510] Dumping ftrace buffer: [ 25.348022] (ftrace buffer empty) [ 25.351701] Kernel Offset: disabled [ 25.355295] Rebooting in 86400 seconds..