[....] Starting enhanced syslogd: rsyslogd[ 13.859559] audit: type=1400 audit(1516063417.700:4): avc: denied { syslog } for pid=3171 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 25.674322] ================================================================== [ 25.681726] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 25.688800] Read of size 8 at addr ffff8801ca704140 by task syzkaller507288/3326 [ 25.696300] [ 25.697905] CPU: 1 PID: 3326 Comm: syzkaller507288 Not tainted 4.9.76-g8dec074 #13 [ 25.705582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.714909] ffff8801c9d67ab0 ffffffff81d93169 ffffea000729c100 ffff8801ca704140 [ 25.722898] 0000000000000000 ffff8801ca704140 ffff8801c9928238 ffff8801c9d67ae8 [ 25.730873] ffffffff8153cb43 ffff8801ca704140 0000000000000008 0000000000000000 [ 25.738944] Call Trace: [ 25.741509] [] dump_stack+0xc1/0x128 [ 25.746848] [] print_address_description+0x73/0x280 [ 25.753484] [] kasan_report+0x275/0x360 [ 25.759080] [] ? sg_remove_request+0x103/0x120 [ 25.765288] [] __asan_report_load8_noabort+0x14/0x20 [ 25.772013] [] sg_remove_request+0x103/0x120 [ 25.778042] [] sg_finish_rem_req+0x295/0x340 [ 25.784069] [] sg_read+0xa1c/0x1440 [ 25.789317] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 25.795952] [] ? fasync_insert_entry+0x147/0x2e0 [ 25.802327] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 25.808963] [] __vfs_read+0x103/0x670 [ 25.814382] [] ? default_llseek+0x290/0x290 [ 25.820325] [] ? fsnotify+0x86/0xf30 [ 25.825655] [] ? fsnotify+0xf30/0xf30 [ 25.831075] [] ? avc_policy_seqno+0x9/0x20 [ 25.836926] [] ? selinux_file_permission+0x82/0x460 [ 25.843563] [] ? security_file_permission+0x89/0x1e0 [ 25.850310] [] ? rw_verify_area+0xe5/0x2b0 [ 25.856173] [] vfs_read+0x11e/0x380 [ 25.861420] [] SyS_read+0xd9/0x1b0 [ 25.866581] [] ? vfs_copy_file_range+0x740/0x740 [ 25.872959] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 25.879771] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.886330] [] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 25.892891] [ 25.894502] Allocated by task 0: [ 25.897835] (stack is not available) [ 25.901514] [ 25.903112] Freed by task 0: [ 25.906106] (stack is not available) [ 25.909788] [ 25.911385] The buggy address belongs to the object at ffff8801ca704100 [ 25.911385] which belongs to the cache fasync_cache of size 96 [ 25.924010] The buggy address is located 64 bytes inside of [ 25.924010] 96-byte region [ffff8801ca704100, ffff8801ca704160) [ 25.935679] The buggy address belongs to the page: [ 25.940578] page:ffffea000729c100 count:1 mapcount:0 mapping: (null) index:0x0 [ 25.948808] flags: 0x8000000000000080(slab) [ 25.953100] page dumped because: kasan: bad access detected [ 25.958780] [ 25.960375] Memory state around the buggy address: [ 25.965276] ffff8801ca704000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 25.972613] ffff8801ca704080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.979941] >ffff8801ca704100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.987275] ^ [ 25.992698] ffff8801ca704180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.000028] ffff8801ca704200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.007359] ================================================================== [ 26.014690] Disabling lock debugging due to kernel taint [ 26.020211] Kernel panic - not syncing: panic_on_warn set ... [ 26.020211] [ 26.027564] CPU: 1 PID: 3326 Comm: syzkaller507288 Tainted: G B 4.9.76-g8dec074 #13 [ 26.036460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.045790] ffff8801c9d67a08 ffffffff81d93169 ffffffff84195c2f ffff8801c9d67ae0 [ 26.053790] 0000000000000000 ffff8801ca704140 ffff8801c9928238 ffff8801c9d67ad0 [ 26.061791] ffffffff8142e371 0000000041b58ab3 ffffffff84189690 ffffffff8142e1b5 [ 26.069804] Call Trace: [ 26.072370] [] dump_stack+0xc1/0x128 [ 26.077716] [] panic+0x1bc/0x3a8 [ 26.082725] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 26.090928] [] ? preempt_schedule+0x25/0x30 [ 26.096873] [] ? ___preempt_schedule+0x16/0x18 [ 26.103081] [] kasan_end_report+0x50/0x50 [ 26.108855] [] kasan_report+0x167/0x360 [ 26.114455] [] ? sg_remove_request+0x103/0x120 [ 26.120674] [] __asan_report_load8_noabort+0x14/0x20 [ 26.127411] [] sg_remove_request+0x103/0x120 [ 26.133447] [] sg_finish_rem_req+0x295/0x340 [ 26.139475] [] sg_read+0xa1c/0x1440 [ 26.144722] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 26.151362] [] ? fasync_insert_entry+0x147/0x2e0 [ 26.157738] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 26.164387] [] __vfs_read+0x103/0x670 [ 26.169810] [] ? default_llseek+0x290/0x290 [ 26.175764] [] ? fsnotify+0x86/0xf30 [ 26.181107] [] ? fsnotify+0xf30/0xf30 [ 26.186533] [] ? avc_policy_seqno+0x9/0x20 [ 26.192386] [] ? selinux_file_permission+0x82/0x460 [ 26.199025] [] ? security_file_permission+0x89/0x1e0 [ 26.205751] [] ? rw_verify_area+0xe5/0x2b0 [ 26.211605] [] vfs_read+0x11e/0x380 [ 26.216869] [] SyS_read+0xd9/0x1b0 [ 26.222032] [] ? vfs_copy_file_range+0x740/0x740 [ 26.228410] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 26.235310] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.241865] [] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 26.249040] Dumping ftrace buffer: [ 26.252558] (ftrace buffer empty) [ 26.256244] Kernel Offset: disabled [ 26.259845] Rebooting in 86400 seconds..