[....] Starting enhanced syslogd: rsyslogd[ 14.568805] audit: type=1400 audit(1521658637.385:4): avc: denied { syslog } for pid=3649 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 27.255633] ================================================================== [ 27.263464] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 27.270710] Read of size 8 at addr ffff8801bbaf6140 by task syzkaller987411/3805 [ 27.278217] [ 27.279818] CPU: 0 PID: 3805 Comm: syzkaller987411 Not tainted 4.9.88-g71df7bb #60 [ 27.287493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.296822] ffff8801d7cefa60 ffffffff81d95f19 ffffea0006eebd80 ffff8801bbaf6140 [ 27.304785] 0000000000000000 ffff8801bbaf6140 ffff8801b1cdc438 ffff8801d7cefa98 [ 27.312756] ffffffff8153e793 ffff8801bbaf6140 0000000000000008 0000000000000000 [ 27.320729] Call Trace: [ 27.323299] [] dump_stack+0xc1/0x128 [ 27.328636] [] print_address_description+0x73/0x280 [ 27.335271] [] kasan_report+0x255/0x380 [ 27.340870] [] ? sg_remove_request+0x103/0x120 [ 27.347070] [] __asan_report_load8_noabort+0x14/0x20 [ 27.353799] [] sg_remove_request+0x103/0x120 [ 27.359827] [] sg_finish_rem_req+0x295/0x340 [ 27.365862] [] sg_read+0xa16/0x1440 [ 27.371107] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 27.377745] [] ? new_slab+0x318/0x420 [ 27.383176] [] ? fasync_helper+0x37/0xb0 [ 27.388855] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 27.395498] [] __vfs_read+0x103/0x670 [ 27.400918] [] ? default_llseek+0x290/0x290 [ 27.406867] [] ? fsnotify+0x86/0xf30 [ 27.412199] [] ? fsnotify+0xf30/0xf30 [ 27.417621] [] ? avc_policy_seqno+0x9/0x20 [ 27.423474] [] ? selinux_file_permission+0x82/0x460 [ 27.430108] [] ? security_file_permission+0x89/0x1e0 [ 27.436834] [] ? rw_verify_area+0xe5/0x2b0 [ 27.442688] [] vfs_read+0x11e/0x380 [ 27.447942] [] SyS_read+0xd9/0x1b0 [ 27.453104] [] ? vfs_copy_file_range+0x740/0x740 [ 27.459483] [] ? do_syscall_64+0x48/0x490 [ 27.465255] [] ? vfs_copy_file_range+0x740/0x740 [ 27.471630] [] do_syscall_64+0x1a4/0x490 [ 27.477312] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 27.484205] [ 27.485805] Allocated by task 0: [ 27.489135] (stack is not available) [ 27.492825] [ 27.494419] Freed by task 0: [ 27.497402] (stack is not available) [ 27.501080] [ 27.502678] The buggy address belongs to the object at ffff8801bbaf6100 [ 27.502678] which belongs to the cache fasync_cache of size 96 [ 27.515301] The buggy address is located 64 bytes inside of [ 27.515301] 96-byte region [ffff8801bbaf6100, ffff8801bbaf6160) [ 27.526973] The buggy address belongs to the page: [ 27.531877] page:ffffea0006eebd80 count:1 mapcount:0 mapping: (null) index:0x0 [ 27.540100] flags: 0x8000000000000080(slab) [ 27.544392] page dumped because: kasan: bad access detected [ 27.550065] [ 27.551679] Memory state around the buggy address: [ 27.556578] ffff8801bbaf6000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 27.563906] ffff8801bbaf6080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.571231] >ffff8801bbaf6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.578565] ^ [ 27.583993] ffff8801bbaf6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.591320] ffff8801bbaf6200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.598645] ================================================================== [ 27.605971] Disabling lock debugging due to kernel taint [ 27.611602] Kernel panic - not syncing: panic_on_warn set ... [ 27.611602] [ 27.618953] CPU: 0 PID: 3805 Comm: syzkaller987411 Tainted: G B 4.9.88-g71df7bb #60 [ 27.627846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.637171] ffff8801d7cef9b8 ffffffff81d95f19 ffffffff841981e7 ffff8801d7cefa90 [ 27.645155] 0000000000000000 ffff8801bbaf6140 ffff8801b1cdc438 ffff8801d7cefa80 [ 27.653132] ffffffff8142fa71 0000000041b58ab3 ffffffff8418bc48 ffffffff8142f8b5 [ 27.661095] Call Trace: [ 27.663658] [] dump_stack+0xc1/0x128 [ 27.668990] [] panic+0x1bc/0x3a8 [ 27.673977] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 27.682184] [] ? preempt_schedule+0x25/0x30 [ 27.688125] [] ? ___preempt_schedule+0x16/0x18 [ 27.694328] [] kasan_end_report+0x50/0x50 [ 27.700181] [] kasan_report+0x16b/0x380 [ 27.705776] [] ? sg_remove_request+0x103/0x120 [ 27.711981] [] __asan_report_load8_noabort+0x14/0x20 [ 27.718705] [] sg_remove_request+0x103/0x120 [ 27.724733] [] sg_finish_rem_req+0x295/0x340 [ 27.730757] [] sg_read+0xa16/0x1440 [ 27.736021] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 27.742653] [] ? new_slab+0x318/0x420 [ 27.748078] [] ? fasync_helper+0x37/0xb0 [ 27.753762] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 27.760396] [] __vfs_read+0x103/0x670 [ 27.765816] [] ? default_llseek+0x290/0x290 [ 27.771757] [] ? fsnotify+0x86/0xf30 [ 27.777092] [] ? fsnotify+0xf30/0xf30 [ 27.782516] [] ? avc_policy_seqno+0x9/0x20 [ 27.788370] [] ? selinux_file_permission+0x82/0x460 [ 27.795002] [] ? security_file_permission+0x89/0x1e0 [ 27.801723] [] ? rw_verify_area+0xe5/0x2b0 [ 27.807679] [] vfs_read+0x11e/0x380 [ 27.812929] [] SyS_read+0xd9/0x1b0 [ 27.818095] [] ? vfs_copy_file_range+0x740/0x740 [ 27.824467] [] ? do_syscall_64+0x48/0x490 [ 27.830230] [] ? vfs_copy_file_range+0x740/0x740 [ 27.836604] [] do_syscall_64+0x1a4/0x490 [ 27.842287] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 27.849581] Dumping ftrace buffer: [ 27.853092] (ftrace buffer empty) [ 27.856778] Kernel Offset: disabled [ 27.860382] Rebooting in 86400 seconds..