[....] Starting enhanced syslogd: rsyslogd[ 15.132942] audit: type=1400 audit(1521453879.879:4): avc: denied { syslog } for pid=3635 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 26.532555] ================================================================== [ 26.539935] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 26.547000] Read of size 8 at addr ffff8801c8a3d140 by task syzkaller891647/3790 [ 26.554495] [ 26.556092] CPU: 1 PID: 3790 Comm: syzkaller891647 Not tainted 4.9.88-gbb52bba #59 [ 26.563761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.573082] ffff8801d7817a60 ffffffff81d95f19 ffffea0007228f40 ffff8801c8a3d140 [ 26.581045] 0000000000000000 ffff8801c8a3d140 ffff8801d89d4438 ffff8801d7817a98 [ 26.589008] ffffffff8153e793 ffff8801c8a3d140 0000000000000008 0000000000000000 [ 26.596971] Call Trace: [ 26.599531] [] dump_stack+0xc1/0x128 [ 26.604864] [] print_address_description+0x73/0x280 [ 26.611495] [] kasan_report+0x255/0x380 [ 26.617086] [] ? sg_remove_request+0x103/0x120 [ 26.623288] [] __asan_report_load8_noabort+0x14/0x20 [ 26.630005] [] sg_remove_request+0x103/0x120 [ 26.636030] [] sg_finish_rem_req+0x295/0x340 [ 26.642056] [] sg_read+0xa16/0x1440 [ 26.647300] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 26.653933] [] ? fasync_insert_entry+0x147/0x2e0 [ 26.660308] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 26.666943] [] __vfs_read+0x103/0x670 [ 26.672362] [] ? default_llseek+0x290/0x290 [ 26.678298] [] ? fsnotify+0x86/0xf30 [ 26.683626] [] ? fsnotify+0xf30/0xf30 [ 26.689045] [] ? avc_policy_seqno+0x9/0x20 [ 26.694899] [] ? selinux_file_permission+0x82/0x460 [ 26.701537] [] ? security_file_permission+0x89/0x1e0 [ 26.708256] [] ? rw_verify_area+0xe5/0x2b0 [ 26.714106] [] vfs_read+0x11e/0x380 [ 26.719349] [] SyS_read+0xd9/0x1b0 [ 26.724507] [] ? vfs_copy_file_range+0x740/0x740 [ 26.730883] [] ? do_syscall_64+0x48/0x490 [ 26.736647] [] ? vfs_copy_file_range+0x740/0x740 [ 26.743020] [] do_syscall_64+0x1a4/0x490 [ 26.748707] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 26.755603] [ 26.757199] Allocated by task 0: [ 26.760529] (stack is not available) [ 26.764205] [ 26.765796] Freed by task 0: [ 26.768779] (stack is not available) [ 26.772457] [ 26.774052] The buggy address belongs to the object at ffff8801c8a3d100 [ 26.774052] which belongs to the cache fasync_cache of size 96 [ 26.786675] The buggy address is located 64 bytes inside of [ 26.786675] 96-byte region [ffff8801c8a3d100, ffff8801c8a3d160) [ 26.798337] The buggy address belongs to the page: [ 26.803234] page:ffffea0007228f40 count:1 mapcount:0 mapping: (null) index:0x0 [ 26.811457] flags: 0x8000000000000080(slab) [ 26.815744] page dumped because: kasan: bad access detected [ 26.821426] [ 26.823033] Memory state around the buggy address: [ 26.827944] ffff8801c8a3d000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 26.835269] ffff8801c8a3d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.842597] >ffff8801c8a3d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.849919] ^ [ 26.855332] ffff8801c8a3d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.862655] ffff8801c8a3d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.869979] ================================================================== [ 26.877301] Disabling lock debugging due to kernel taint [ 26.882827] Kernel panic - not syncing: panic_on_warn set ... [ 26.882827] [ 26.890171] CPU: 1 PID: 3790 Comm: syzkaller891647 Tainted: G B 4.9.88-gbb52bba #59 [ 26.899060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.908381] ffff8801d78179b8 ffffffff81d95f19 ffffffff841981e7 ffff8801d7817a90 [ 26.916343] 0000000000000000 ffff8801c8a3d140 ffff8801d89d4438 ffff8801d7817a80 [ 26.924310] ffffffff8142fa71 0000000041b58ab3 ffffffff8418bc48 ffffffff8142f8b5 [ 26.932272] Call Trace: [ 26.934830] [] dump_stack+0xc1/0x128 [ 26.940164] [] panic+0x1bc/0x3a8 [ 26.945146] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 26.953345] [] ? preempt_schedule+0x25/0x30 [ 26.959285] [] ? ___preempt_schedule+0x16/0x18 [ 26.965486] [] kasan_end_report+0x50/0x50 [ 26.971249] [] kasan_report+0x16b/0x380 [ 26.976839] [] ? sg_remove_request+0x103/0x120 [ 26.983042] [] __asan_report_load8_noabort+0x14/0x20 [ 26.989764] [] sg_remove_request+0x103/0x120 [ 26.995787] [] sg_finish_rem_req+0x295/0x340 [ 27.001812] [] sg_read+0xa16/0x1440 [ 27.007057] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 27.013691] [] ? fasync_insert_entry+0x147/0x2e0 [ 27.020065] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 27.026696] [] __vfs_read+0x103/0x670 [ 27.032114] [] ? default_llseek+0x290/0x290 [ 27.038050] [] ? fsnotify+0x86/0xf30 [ 27.043378] [] ? fsnotify+0xf30/0xf30 [ 27.048799] [] ? avc_policy_seqno+0x9/0x20 [ 27.054652] [] ? selinux_file_permission+0x82/0x460 [ 27.061284] [] ? security_file_permission+0x89/0x1e0 [ 27.068012] [] ? rw_verify_area+0xe5/0x2b0 [ 27.073868] [] vfs_read+0x11e/0x380 [ 27.079112] [] SyS_read+0xd9/0x1b0 [ 27.084271] [] ? vfs_copy_file_range+0x740/0x740 [ 27.090642] [] ? do_syscall_64+0x48/0x490 [ 27.096406] [] ? vfs_copy_file_range+0x740/0x740 [ 27.102780] [] do_syscall_64+0x1a4/0x490 [ 27.108458] [] entry_SYSCALL_64_after_swapgs+0x5d/0xdb [ 27.115803] Dumping ftrace buffer: [ 27.119310] (ftrace buffer empty) [ 27.122986] Kernel Offset: disabled [ 27.126587] Rebooting in 86400 seconds..