[....] Starting enhanced syslogd: rsyslogd[ 11.010719] audit: type=1400 audit(1517002254.158:4): avc: denied { syslog } for pid=3166 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.221' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 25.026566] ================================================================== [ 25.027821] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 25.028812] Read of size 8 at addr ffff8801cb230140 by task syzkaller866364/3322 [ 25.030048] [ 25.030384] CPU: 0 PID: 3322 Comm: syzkaller866364 Not tainted 4.9.78-gf518fe4 #22 [ 25.031460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.032762] ffff8801c9b5fab0 ffffffff81d943a9 ffffea00072c8c00 ffff8801cb230140 [ 25.034063] 0000000000000000 ffff8801cb230140 ffff8801c8de2338 ffff8801c9b5fae8 [ 25.035444] ffffffff8153dc23 ffff8801cb230140 0000000000000008 0000000000000000 [ 25.036671] Call Trace: [ 25.037043] [] dump_stack+0xc1/0x128 [ 25.037777] [] print_address_description+0x73/0x280 [ 25.038674] [] kasan_report+0x275/0x360 [ 25.039440] [] ? sg_remove_request+0x103/0x120 [ 25.040468] [] __asan_report_load8_noabort+0x14/0x20 [ 25.041676] [] sg_remove_request+0x103/0x120 [ 25.042505] [] sg_finish_rem_req+0x295/0x340 [ 25.043328] [] sg_read+0xa16/0x1440 [ 25.044155] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 25.045080] [] ? fasync_insert_entry+0x147/0x2e0 [ 25.045972] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 25.047252] [] __vfs_read+0x103/0x670 [ 25.052686] [] ? default_llseek+0x290/0x290 [ 25.058631] [] ? fsnotify+0x86/0xf30 [ 25.063966] [] ? fsnotify+0xf30/0xf30 [ 25.069391] [] ? avc_policy_seqno+0x9/0x20 [ 25.075248] [] ? selinux_file_permission+0x82/0x460 [ 25.081889] [] ? security_file_permission+0x89/0x1e0 [ 25.088616] [] ? rw_verify_area+0xe5/0x2b0 [ 25.094472] [] vfs_read+0x11e/0x380 [ 25.099719] [] SyS_read+0xd9/0x1b0 [ 25.104881] [] ? vfs_copy_file_range+0x740/0x740 [ 25.111260] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 25.118441] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.125002] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 25.131553] [ 25.133155] Allocated by task 0: [ 25.136512] (stack is not available) [ 25.140190] [ 25.141786] Freed by task 0: [ 25.144774] (stack is not available) [ 25.148454] [ 25.150053] The buggy address belongs to the object at ffff8801cb230100 [ 25.150053] which belongs to the cache fasync_cache of size 96 [ 25.162691] The buggy address is located 64 bytes inside of [ 25.162691] 96-byte region [ffff8801cb230100, ffff8801cb230160) [ 25.174358] The buggy address belongs to the page: [ 25.179257] page:ffffea00072c8c00 count:1 mapcount:0 mapping: (null) index:0x0 [ 25.187486] flags: 0x8000000000000080(slab) [ 25.191774] page dumped because: kasan: bad access detected [ 25.197451] [ 25.199048] Memory state around the buggy address: [ 25.203949] ffff8801cb230000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 25.211292] ffff8801cb230080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.218624] >ffff8801cb230100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.225967] ^ [ 25.231398] ffff8801cb230180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.238730] ffff8801cb230200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.246061] ================================================================== [ 25.253389] Disabling lock debugging due to kernel taint [ 25.259364] Kernel panic - not syncing: panic_on_warn set ... [ 25.259364] [ 25.266710] CPU: 0 PID: 3322 Comm: syzkaller866364 Tainted: G B 4.9.78-gf518fe4 #22 [ 25.275609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.284939] ffff8801c9b5fa08 ffffffff81d943a9 ffffffff841971bf ffff8801c9b5fae0 [ 25.292920] 0000000000000000 ffff8801cb230140 ffff8801c8de2338 ffff8801c9b5fad0 [ 25.300903] ffffffff8142f451 0000000041b58ab3 ffffffff8418ac30 ffffffff8142f295 [ 25.308900] Call Trace: [ 25.311462] [] dump_stack+0xc1/0x128 [ 25.316798] [] panic+0x1bc/0x3a8 [ 25.321785] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 25.329990] [] ? preempt_schedule+0x25/0x30 [ 25.335938] [] ? ___preempt_schedule+0x16/0x18 [ 25.342145] [] kasan_end_report+0x50/0x50 [ 25.348286] [] kasan_report+0x167/0x360 [ 25.353885] [] ? sg_remove_request+0x103/0x120 [ 25.360089] [] __asan_report_load8_noabort+0x14/0x20 [ 25.366814] [] sg_remove_request+0x103/0x120 [ 25.372843] [] sg_finish_rem_req+0x295/0x340 [ 25.378885] [] sg_read+0xa16/0x1440 [ 25.384133] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 25.390772] [] ? fasync_insert_entry+0x147/0x2e0 [ 25.397149] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 25.403789] [] __vfs_read+0x103/0x670 [ 25.409223] [] ? default_llseek+0x290/0x290 [ 25.415168] [] ? fsnotify+0x86/0xf30 [ 25.420502] [] ? fsnotify+0xf30/0xf30 [ 25.425930] [] ? avc_policy_seqno+0x9/0x20 [ 25.431786] [] ? selinux_file_permission+0x82/0x460 [ 25.438426] [] ? security_file_permission+0x89/0x1e0 [ 25.445152] [] ? rw_verify_area+0xe5/0x2b0 [ 25.451028] [] vfs_read+0x11e/0x380 [ 25.456277] [] SyS_read+0xd9/0x1b0 [ 25.461449] [] ? vfs_copy_file_range+0x740/0x740 [ 25.467827] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 25.474642] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.481200] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 25.488109] Dumping ftrace buffer: [ 25.491622] (ftrace buffer empty) [ 25.495304] Kernel Offset: disabled [ 25.498979] Rebooting in 86400 seconds..