[....] Starting enhanced syslogd: rsyslogd[ 11.150321] audit: type=1400 audit(1516120723.148:4): avc: denied { syslog } for pid=3170 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.44' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 18.981929] ================================================================== [ 18.983012] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 18.983994] Read of size 8 at addr ffff8801cd50c140 by task syzkaller439099/3318 [ 18.985036] [ 18.985273] CPU: 0 PID: 3318 Comm: syzkaller439099 Not tainted 4.9.76-g8dec074 #13 [ 18.986313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 18.987564] ffff8801c8407ab0 ffffffff81d93169 ffffea0007354300 ffff8801cd50c140 [ 18.988900] 0000000000000000 ffff8801cd50c140 ffff8801c9a1c438 ffff8801c8407ae8 [ 18.990090] ffffffff8153cb43 ffff8801cd50c140 0000000000000008 0000000000000000 [ 18.991237] Call Trace: [ 18.991596] [] dump_stack+0xc1/0x128 [ 18.992346] [] print_address_description+0x73/0x280 [ 18.993265] [] kasan_report+0x275/0x360 [ 18.994056] [] ? sg_remove_request+0x103/0x120 [ 18.994955] [] __asan_report_load8_noabort+0x14/0x20 [ 18.995938] [] sg_remove_request+0x103/0x120 [ 18.996811] [] sg_finish_rem_req+0x295/0x340 [ 18.997636] [] sg_read+0xa1c/0x1440 [ 18.998413] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 18.999355] [] ? fasync_insert_entry+0x147/0x2e0 [ 19.000229] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 19.001249] [] __vfs_read+0x103/0x670 [ 19.001970] [] ? default_llseek+0x290/0x290 [ 19.007562] [] ? fsnotify+0x86/0xf30 [ 19.012893] [] ? fsnotify+0xf30/0xf30 [ 19.018327] [] ? avc_policy_seqno+0x9/0x20 [ 19.024182] [] ? selinux_file_permission+0x82/0x460 [ 19.030817] [] ? security_file_permission+0x89/0x1e0 [ 19.037542] [] ? rw_verify_area+0xe5/0x2b0 [ 19.043397] [] vfs_read+0x11e/0x380 [ 19.048641] [] SyS_read+0xd9/0x1b0 [ 19.053806] [] ? vfs_copy_file_range+0x740/0x740 [ 19.060183] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 19.066993] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 19.073542] [] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 19.080088] [ 19.081688] Allocated by task 0: [ 19.085020] (stack is not available) [ 19.088696] [ 19.090290] Freed by task 0: [ 19.093274] (stack is not available) [ 19.096951] [ 19.098547] The buggy address belongs to the object at ffff8801cd50c100 [ 19.098547] which belongs to the cache fasync_cache of size 96 [ 19.111189] The buggy address is located 64 bytes inside of [ 19.111189] 96-byte region [ffff8801cd50c100, ffff8801cd50c160) [ 19.122860] The buggy address belongs to the page: [ 19.127761] page:ffffea0007354300 count:1 mapcount:0 mapping: (null) index:0x0 [ 19.135983] flags: 0x8000000000000080(slab) [ 19.140271] page dumped because: kasan: bad access detected [ 19.145946] [ 19.147542] Memory state around the buggy address: [ 19.152441] ffff8801cd50c000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 19.159769] ffff8801cd50c080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.167107] >ffff8801cd50c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.174439] ^ [ 19.179858] ffff8801cd50c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.187185] ffff8801cd50c200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.194513] ================================================================== [ 19.201840] Disabling lock debugging due to kernel taint [ 19.207972] Kernel panic - not syncing: panic_on_warn set ... [ 19.207972] [ 19.215329] CPU: 0 PID: 3318 Comm: syzkaller439099 Tainted: G B 4.9.76-g8dec074 #13 [ 19.224231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.233556] ffff8801c8407a08 ffffffff81d93169 ffffffff84195c2f ffff8801c8407ae0 [ 19.241530] 0000000000000000 ffff8801cd50c140 ffff8801c9a1c438 ffff8801c8407ad0 [ 19.249502] ffffffff8142e371 0000000041b58ab3 ffffffff84189690 ffffffff8142e1b5 [ 19.257479] Call Trace: [ 19.260038] [] dump_stack+0xc1/0x128 [ 19.265378] [] panic+0x1bc/0x3a8 [ 19.270363] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 19.278564] [] ? preempt_schedule+0x25/0x30 [ 19.284520] [] ? ___preempt_schedule+0x16/0x18 [ 19.290729] [] kasan_end_report+0x50/0x50 [ 19.296495] [] kasan_report+0x167/0x360 [ 19.302090] [] ? sg_remove_request+0x103/0x120 [ 19.308291] [] __asan_report_load8_noabort+0x14/0x20 [ 19.315011] [] sg_remove_request+0x103/0x120 [ 19.321036] [] sg_finish_rem_req+0x295/0x340 [ 19.327068] [] sg_read+0xa1c/0x1440 [ 19.332316] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 19.338957] [] ? fasync_insert_entry+0x147/0x2e0 [ 19.345333] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 19.351969] [] __vfs_read+0x103/0x670 [ 19.357389] [] ? default_llseek+0x290/0x290 [ 19.363332] [] ? fsnotify+0x86/0xf30 [ 19.368664] [] ? fsnotify+0xf30/0xf30 [ 19.374085] [] ? avc_policy_seqno+0x9/0x20 [ 19.379939] [] ? selinux_file_permission+0x82/0x460 [ 19.386573] [] ? security_file_permission+0x89/0x1e0 [ 19.393302] [] ? rw_verify_area+0xe5/0x2b0 [ 19.399165] [] vfs_read+0x11e/0x380 [ 19.404412] [] SyS_read+0xd9/0x1b0 [ 19.409576] [] ? vfs_copy_file_range+0x740/0x740 [ 19.415954] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 19.422762] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 19.429312] [] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 19.436341] Dumping ftrace buffer: [ 19.439862] (ftrace buffer empty) [ 19.443541] Kernel Offset: disabled [ 19.447136] Rebooting in 86400 seconds..