[....] Starting enhanced syslogd: rsyslogd[ 16.206226] audit: type=1400 audit(1517314011.366:4): avc: denied { syslog } for pid=3907 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.222' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 25.962160] ================================================================== [ 25.969540] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 25.976615] Read of size 8 at addr ffff8801d9336140 by task syzkaller091588/4056 [ 25.984117] [ 25.985720] CPU: 1 PID: 4056 Comm: syzkaller091588 Not tainted 4.9.78-g7be1985 #24 [ 25.993391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.002713] ffff8801d3547ab0 ffffffff81d94409 ffffea000764cd80 ffff8801d9336140 [ 26.010719] 0000000000000000 ffff8801d9336140 ffff8801d4a8c438 ffff8801d3547ae8 [ 26.018702] ffffffff8153dc73 ffff8801d9336140 0000000000000008 0000000000000000 [ 26.026663] Call Trace: [ 26.029222] [] dump_stack+0xc1/0x128 [ 26.034555] [] print_address_description+0x73/0x280 [ 26.041208] [] kasan_report+0x275/0x360 [ 26.046809] [] ? sg_remove_request+0x103/0x120 [ 26.053015] [] __asan_report_load8_noabort+0x14/0x20 [ 26.059741] [] sg_remove_request+0x103/0x120 [ 26.065766] [] sg_finish_rem_req+0x295/0x340 [ 26.071803] [] sg_read+0xa16/0x1440 [ 26.077055] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 26.083704] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 26.090707] [] ? fasync_helper+0x37/0xb0 [ 26.096416] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 26.103065] [] __vfs_read+0x103/0x670 [ 26.108508] [] ? default_llseek+0x290/0x290 [ 26.114472] [] ? fsnotify+0x86/0xf30 [ 26.119821] [] ? fsnotify+0xf30/0xf30 [ 26.125258] [] ? avc_policy_seqno+0x9/0x20 [ 26.131132] [] ? selinux_file_permission+0x82/0x460 [ 26.137784] [] ? security_file_permission+0x89/0x1e0 [ 26.144527] [] ? rw_verify_area+0xe5/0x2b0 [ 26.150429] [] vfs_read+0x11e/0x380 [ 26.155711] [] SyS_read+0xd9/0x1b0 [ 26.160880] [] ? vfs_copy_file_range+0x740/0x740 [ 26.167256] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 26.174072] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.180635] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 26.187197] [ 26.188812] Allocated by task 0: [ 26.192146] (stack is not available) [ 26.195825] [ 26.197424] Freed by task 0: [ 26.200410] (stack is not available) [ 26.204092] [ 26.205700] The buggy address belongs to the object at ffff8801d9336100 [ 26.205700] which belongs to the cache fasync_cache of size 96 [ 26.218335] The buggy address is located 64 bytes inside of [ 26.218335] 96-byte region [ffff8801d9336100, ffff8801d9336160) [ 26.230016] The buggy address belongs to the page: [ 26.234926] page:ffffea000764cd80 count:1 mapcount:0 mapping: (null) index:0x0 [ 26.243157] flags: 0x8000000000000080(slab) [ 26.247452] page dumped because: kasan: bad access detected [ 26.253135] [ 26.254735] Memory state around the buggy address: [ 26.259631] ffff8801d9336000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 26.266964] ffff8801d9336080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.274303] >ffff8801d9336100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.281642] ^ [ 26.287072] ffff8801d9336180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.294418] ffff8801d9336200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.301758] ================================================================== [ 26.309090] Disabling lock debugging due to kernel taint [ 26.314796] Kernel panic - not syncing: panic_on_warn set ... [ 26.314796] [ 26.322147] CPU: 1 PID: 4056 Comm: syzkaller091588 Tainted: G B 4.9.78-g7be1985 #24 [ 26.331035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.340366] ffff8801d3547a08 ffffffff81d94409 ffffffff841971bf ffff8801d3547ae0 [ 26.348333] 0000000000000000 ffff8801d9336140 ffff8801d4a8c438 ffff8801d3547ad0 [ 26.356298] ffffffff8142f4a1 0000000041b58ab3 ffffffff8418ac30 ffffffff8142f2e5 [ 26.364302] Call Trace: [ 26.366862] [] dump_stack+0xc1/0x128 [ 26.372283] [] panic+0x1bc/0x3a8 [ 26.377270] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 26.385475] [] ? preempt_schedule+0x25/0x30 [ 26.391422] [] ? ___preempt_schedule+0x16/0x18 [ 26.397633] [] kasan_end_report+0x50/0x50 [ 26.403402] [] kasan_report+0x167/0x360 [ 26.408994] [] ? sg_remove_request+0x103/0x120 [ 26.415192] [] __asan_report_load8_noabort+0x14/0x20 [ 26.421913] [] sg_remove_request+0x103/0x120 [ 26.427952] [] sg_finish_rem_req+0x295/0x340 [ 26.433979] [] sg_read+0xa16/0x1440 [ 26.439222] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 26.445859] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 26.452842] [] ? fasync_helper+0x37/0xb0 [ 26.458522] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 26.465156] [] __vfs_read+0x103/0x670 [ 26.470578] [] ? default_llseek+0x290/0x290 [ 26.476517] [] ? fsnotify+0x86/0xf30 [ 26.481850] [] ? fsnotify+0xf30/0xf30 [ 26.487272] [] ? avc_policy_seqno+0x9/0x20 [ 26.493133] [] ? selinux_file_permission+0x82/0x460 [ 26.499779] [] ? security_file_permission+0x89/0x1e0 [ 26.506516] [] ? rw_verify_area+0xe5/0x2b0 [ 26.512393] [] vfs_read+0x11e/0x380 [ 26.517644] [] SyS_read+0xd9/0x1b0 [ 26.522804] [] ? vfs_copy_file_range+0x740/0x740 [ 26.529192] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 26.535999] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.542553] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 26.549567] Dumping ftrace buffer: [ 26.553082] (ftrace buffer empty) [ 26.556760] Kernel Offset: disabled [ 26.560365] Rebooting in 86400 seconds..