[....] Starting enhanced syslogd: rsyslogd[ 12.744903] audit: type=1400 audit(1521467431.054:4): avc: denied { syslog } for pid=3657 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.33' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 24.204879] ================================================================== [ 24.212266] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 24.219349] Read of size 8 at addr ffff8801c8bca140 by task syzkaller956691/3813 [ 24.226850] [ 24.228448] CPU: 1 PID: 3813 Comm: syzkaller956691 Not tainted 4.9.88-gbb52bba #59 [ 24.236122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.245448] ffff8801d7d6fa60 ffffffff81d95f19 ffffea000722f280 ffff8801c8bca140 [ 24.253416] 0000000000000000 ffff8801c8bca140 ffff8801c8958238 ffff8801d7d6fa98 [ 24.261398] ffffffff8153e793 ffff8801c8bca140 0000000000000008 0000000000000000 [ 24.269383] Call Trace: [ 24.271945] [] dump_stack+0xc1/0x128 [ 24.277282] [] print_address_description+0x73/0x280 [ 24.283921] [] kasan_report+0x255/0x380 [ 24.289598] [] ? sg_remove_request+0x103/0x120 [ 24.295800] [] __asan_report_load8_noabort+0x14/0x20 [ 24.302525] [] sg_remove_request+0x103/0x120 [ 24.308552] [] sg_finish_rem_req+0x295/0x340 [ 24.314579] [] sg_read+0xa16/0x1440 [ 24.319824] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 24.326459] [] ? new_slab+0x318/0x420 [ 24.331881] [] ? fasync_helper+0x37/0xb0 [ 24.337558] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 24.344194] [] __vfs_read+0x103/0x670 [ 24.349612] [] ? default_llseek+0x290/0x290 [ 24.355586] [] ? fsnotify+0x86/0xf30 [ 24.360916] [] ? fsnotify+0xf30/0xf30 [ 24.366338] [] ? avc_policy_seqno+0x9/0x20 [ 24.372192] [] ? selinux_file_permission+0x82/0x460 [ 24.378827] [] ? security_file_permission+0x89/0x1e0 [ 24.385552] [] ? rw_verify_area+0xe5/0x2b0 [ 24.391405] [] vfs_read+0x11e/0x380 [ 24.396651] [] SyS_read+0xd9/0x1b0 [ 24.401810] [] ? vfs_copy_file_range+0x740/0x740 [ 24.408183] [] ? do_syscall_64+0x48/0x490 [ 24.413950] [] ? vfs_copy_file_range+0x740/0x740 [ 24.420323] [] do_syscall_64+0x1a4/0x490 [ 24.426003] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 24.432897] [ 24.434492] Allocated by task 0: [ 24.437828] (stack is not available) [ 24.441507] [ 24.443100] Freed by task 0: [ 24.446087] (stack is not available) [ 24.449764] [ 24.451361] The buggy address belongs to the object at ffff8801c8bca100 [ 24.451361] which belongs to the cache fasync_cache of size 96 [ 24.463982] The buggy address is located 64 bytes inside of [ 24.463982] 96-byte region [ffff8801c8bca100, ffff8801c8bca160) [ 24.475647] The buggy address belongs to the page: [ 24.480544] page:ffffea000722f280 count:1 mapcount:0 mapping: (null) index:0x0 [ 24.488765] flags: 0x8000000000000080(slab) [ 24.493051] page dumped because: kasan: bad access detected [ 24.498725] [ 24.500319] Memory state around the buggy address: [ 24.505217] ffff8801c8bca000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 24.512544] ffff8801c8bca080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.519871] >ffff8801c8bca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.527196] ^ [ 24.532613] ffff8801c8bca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.539939] ffff8801c8bca200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.547263] ================================================================== [ 24.554586] Disabling lock debugging due to kernel taint [ 24.560117] Kernel panic - not syncing: panic_on_warn set ... [ 24.560117] [ 24.567458] CPU: 1 PID: 3813 Comm: syzkaller956691 Tainted: G B 4.9.88-gbb52bba #59 [ 24.576350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.585678] ffff8801d7d6f9b8 ffffffff81d95f19 ffffffff841981e7 ffff8801d7d6fa90 [ 24.593812] 0000000000000000 ffff8801c8bca140 ffff8801c8958238 ffff8801d7d6fa80 [ 24.601804] ffffffff8142fa71 0000000041b58ab3 ffffffff8418bc48 ffffffff8142f8b5 [ 24.609785] Call Trace: [ 24.612350] [] dump_stack+0xc1/0x128 [ 24.617686] [] panic+0x1bc/0x3a8 [ 24.622675] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 24.630873] [] ? preempt_schedule+0x25/0x30 [ 24.636817] [] ? ___preempt_schedule+0x16/0x18 [ 24.643022] [] kasan_end_report+0x50/0x50 [ 24.648790] [] kasan_report+0x16b/0x380 [ 24.654384] [] ? sg_remove_request+0x103/0x120 [ 24.660589] [] __asan_report_load8_noabort+0x14/0x20 [ 24.667311] [] sg_remove_request+0x103/0x120 [ 24.673340] [] sg_finish_rem_req+0x295/0x340 [ 24.679371] [] sg_read+0xa16/0x1440 [ 24.684621] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 24.691262] [] ? new_slab+0x318/0x420 [ 24.696701] [] ? fasync_helper+0x37/0xb0 [ 24.702389] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 24.709029] [] __vfs_read+0x103/0x670 [ 24.714451] [] ? default_llseek+0x290/0x290 [ 24.720395] [] ? fsnotify+0x86/0xf30 [ 24.725727] [] ? fsnotify+0xf30/0xf30 [ 24.731158] [] ? avc_policy_seqno+0x9/0x20 [ 24.737022] [] ? selinux_file_permission+0x82/0x460 [ 24.743659] [] ? security_file_permission+0x89/0x1e0 [ 24.750383] [] ? rw_verify_area+0xe5/0x2b0 [ 24.756241] [] vfs_read+0x11e/0x380 [ 24.761489] [] SyS_read+0xd9/0x1b0 [ 24.766651] [] ? vfs_copy_file_range+0x740/0x740 [ 24.773027] [] ? do_syscall_64+0x48/0x490 [ 24.778796] [] ? vfs_copy_file_range+0x740/0x740 [ 24.785274] [] do_syscall_64+0x1a4/0x490 [ 24.790956] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 24.798266] Dumping ftrace buffer: [ 24.801775] (ftrace buffer empty) [ 24.805457] Kernel Offset: disabled [ 24.809055] Rebooting in 86400 seconds..