[....] Starting enhanced syslogd: rsyslogd[ 14.711352] audit: type=1400 audit(1519964126.461:4): avc: denied { syslog } for pid=3578 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.4' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 31.407712] ================================================================== [ 31.415101] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 31.422170] Read of size 8 at addr ffff8801d8c83140 by task syzkaller470710/3735 [ 31.429671] [ 31.431272] CPU: 0 PID: 3735 Comm: syzkaller470710 Not tainted 4.9.85-g4c4262a #47 [ 31.438946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.448271] ffff8801b97f7a60 ffffffff81d95739 ffffea00076320c0 ffff8801d8c83140 [ 31.456250] 0000000000000000 ffff8801d8c83140 ffff8801ba654438 ffff8801b97f7a98 [ 31.464253] ffffffff8153e0d3 ffff8801d8c83140 0000000000000008 0000000000000000 [ 31.472248] Call Trace: [ 31.474806] [] dump_stack+0xc1/0x128 [ 31.480160] [] print_address_description+0x73/0x280 [ 31.486794] [] kasan_report+0x275/0x360 [ 31.492388] [] ? sg_remove_request+0x103/0x120 [ 31.498590] [] __asan_report_load8_noabort+0x14/0x20 [ 31.505312] [] sg_remove_request+0x103/0x120 [ 31.511341] [] sg_finish_rem_req+0x295/0x340 [ 31.517371] [] sg_read+0xa16/0x1440 [ 31.522618] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 31.529254] [] ? fasync_insert_entry+0x147/0x2e0 [ 31.535628] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 31.542266] [] __vfs_read+0x103/0x670 [ 31.547685] [] ? default_llseek+0x290/0x290 [ 31.553626] [] ? fsnotify+0x86/0xf30 [ 31.558957] [] ? fsnotify+0xf30/0xf30 [ 31.564377] [] ? avc_policy_seqno+0x9/0x20 [ 31.570232] [] ? selinux_file_permission+0x82/0x460 [ 31.576878] [] ? security_file_permission+0x89/0x1e0 [ 31.583600] [] ? rw_verify_area+0xe5/0x2b0 [ 31.589453] [] vfs_read+0x11e/0x380 [ 31.594698] [] SyS_read+0xd9/0x1b0 [ 31.599861] [] ? vfs_copy_file_range+0x740/0x740 [ 31.606251] [] ? do_syscall_64+0x48/0x490 [ 31.612018] [] ? vfs_copy_file_range+0x740/0x740 [ 31.618388] [] do_syscall_64+0x1a4/0x490 [ 31.624068] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 31.630959] [ 31.632560] Allocated by task 0: [ 31.635890] (stack is not available) [ 31.639570] [ 31.641168] Freed by task 0: [ 31.644153] (stack is not available) [ 31.647832] [ 31.649431] The buggy address belongs to the object at ffff8801d8c83100 [ 31.649431] which belongs to the cache fasync_cache of size 96 [ 31.662054] The buggy address is located 64 bytes inside of [ 31.662054] 96-byte region [ffff8801d8c83100, ffff8801d8c83160) [ 31.673723] The buggy address belongs to the page: [ 31.678633] page:ffffea00076320c0 count:1 mapcount:0 mapping: (null) index:0x0 [ 31.686885] flags: 0x8000000000000080(slab) [ 31.691335] page dumped because: kasan: bad access detected [ 31.697021] [ 31.698741] Memory state around the buggy address: [ 31.703653] ffff8801d8c83000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 31.710987] ffff8801d8c83080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.718319] >ffff8801d8c83100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.725648] ^ [ 31.731068] ffff8801d8c83180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.738397] ffff8801d8c83200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.745722] ================================================================== [ 31.753047] Disabling lock debugging due to kernel taint [ 31.758693] Kernel panic - not syncing: panic_on_warn set ... [ 31.758693] [ 31.766034] CPU: 0 PID: 3735 Comm: syzkaller470710 Tainted: G B 4.9.85-g4c4262a #47 [ 31.774925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 31.784253] ffff8801b97f79b8 ffffffff81d95739 ffffffff8419777f ffff8801b97f7a90 [ 31.792246] 0000000000000000 ffff8801d8c83140 ffff8801ba654438 ffff8801b97f7a80 [ 31.800218] ffffffff8142f581 0000000041b58ab3 ffffffff8418b1f0 ffffffff8142f3c5 [ 31.808192] Call Trace: [ 31.810754] [] dump_stack+0xc1/0x128 [ 31.816089] [] panic+0x1bc/0x3a8 [ 31.821078] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 31.829276] [] ? preempt_schedule+0x25/0x30 [ 31.835226] [] ? ___preempt_schedule+0x16/0x18 [ 31.841427] [] kasan_end_report+0x50/0x50 [ 31.847194] [] kasan_report+0x167/0x360 [ 31.852802] [] ? sg_remove_request+0x103/0x120 [ 31.859005] [] __asan_report_load8_noabort+0x14/0x20 [ 31.865732] [] sg_remove_request+0x103/0x120 [ 31.871760] [] sg_finish_rem_req+0x295/0x340 [ 31.877787] [] sg_read+0xa16/0x1440 [ 31.883032] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 31.889673] [] ? fasync_insert_entry+0x147/0x2e0 [ 31.896046] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 31.903464] [] __vfs_read+0x103/0x670 [ 31.908884] [] ? default_llseek+0x290/0x290 [ 31.914825] [] ? fsnotify+0x86/0xf30 [ 31.920158] [] ? fsnotify+0xf30/0xf30 [ 31.925579] [] ? avc_policy_seqno+0x9/0x20 [ 31.931432] [] ? selinux_file_permission+0x82/0x460 [ 31.938068] [] ? security_file_permission+0x89/0x1e0 [ 31.944876] [] ? rw_verify_area+0xe5/0x2b0 [ 31.950729] [] vfs_read+0x11e/0x380 [ 31.955995] [] SyS_read+0xd9/0x1b0 [ 31.961154] [] ? vfs_copy_file_range+0x740/0x740 [ 31.967532] [] ? do_syscall_64+0x48/0x490 [ 31.973299] [] ? vfs_copy_file_range+0x740/0x740 [ 31.979675] [] do_syscall_64+0x1a4/0x490 [ 31.985355] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 31.992678] Dumping ftrace buffer: [ 31.996194] (ftrace buffer empty) [ 31.999876] Kernel Offset: disabled [ 32.003475] Rebooting in 86400 seconds..