[....] Starting enhanced syslogd: rsyslogd[ 10.400454] audit: type=1400 audit(1515395517.290:4): avc: denied { syslog } for pid=3175 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 27.078465] ================================================================== [ 27.079659] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 27.080648] Read of size 8 at addr ffff8801c7c90240 by task syzkaller419196/3334 [ 27.081726] [ 27.081958] CPU: 0 PID: 3334 Comm: syzkaller419196 Not tainted 4.9.75-g5f5e5d4 #7 [ 27.083033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.084252] ffff8801c941fab0 ffffffff81d93049 ffffea00071f2400 ffff8801c7c90240 [ 27.085414] 0000000000000000 ffff8801c7c90240 ffff8801c9ad4438 ffff8801c941fae8 [ 27.086587] ffffffff8153ca53 ffff8801c7c90240 0000000000000008 0000000000000000 [ 27.087721] Call Trace: [ 27.088089] [] dump_stack+0xc1/0x128 [ 27.088802] [] print_address_description+0x73/0x280 [ 27.089677] [] kasan_report+0x275/0x360 [ 27.090421] [] ? sg_remove_request+0x103/0x120 [ 27.091240] [] __asan_report_load8_noabort+0x14/0x20 [ 27.092136] [] sg_remove_request+0x103/0x120 [ 27.092966] [] sg_finish_rem_req+0x295/0x340 [ 27.093764] [] sg_read+0xa1c/0x1440 [ 27.094473] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 27.095401] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.096321] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 27.097199] [] __vfs_read+0x103/0x670 [ 27.097946] [] ? default_llseek+0x290/0x290 [ 27.099670] [] ? fsnotify+0x86/0xf30 [ 27.105089] [] ? fsnotify+0xf30/0xf30 [ 27.110511] [] ? avc_policy_seqno+0x9/0x20 [ 27.116363] [] ? selinux_file_permission+0x82/0x460 [ 27.123010] [] ? security_file_permission+0x89/0x1e0 [ 27.129730] [] ? rw_verify_area+0xe5/0x2b0 [ 27.135581] [] vfs_read+0x11e/0x380 [ 27.140824] [] SyS_read+0xd9/0x1b0 [ 27.145983] [] ? vfs_copy_file_range+0x740/0x740 [ 27.152799] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 27.159627] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.166175] [] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 27.172718] [ 27.174310] Allocated by task 0: [ 27.177638] (stack is not available) [ 27.181360] [ 27.182953] Freed by task 0: [ 27.185943] (stack is not available) [ 27.189617] [ 27.191214] The buggy address belongs to the object at ffff8801c7c90200 [ 27.191214] which belongs to the cache fasync_cache of size 96 [ 27.203849] The buggy address is located 64 bytes inside of [ 27.203849] 96-byte region [ffff8801c7c90200, ffff8801c7c90260) [ 27.215523] The buggy address belongs to the page: [ 27.220426] page:ffffea00071f2400 count:1 mapcount:0 mapping: (null) index:0x0 [ 27.228652] flags: 0x8000000000000080(slab) [ 27.232937] page dumped because: kasan: bad access detected [ 27.238618] [ 27.240211] Memory state around the buggy address: [ 27.245105] ffff8801c7c90100: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 27.252429] ffff8801c7c90180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.259753] >ffff8801c7c90200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.267080] ^ executing program [ 27.272493] ffff8801c7c90280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.279817] ffff8801c7c90300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.287140] ================================================================== [ 27.294480] Disabling lock debugging due to kernel taint [ 27.300507] Kernel panic - not syncing: panic_on_warn set ... [ 27.300507] [ 27.307868] CPU: 0 PID: 3334 Comm: syzkaller419196 Tainted: G B 4.9.75-g5f5e5d4 #7 [ 27.316683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.326011] ffff8801c941fa08 ffffffff81d93049 ffffffff84195be7 ffff8801c941fae0 [ 27.333982] 0000000000000000 ffff8801c7c90240 ffff8801c9ad4438 ffff8801c941fad0 [ 27.341934] ffffffff8142e281 0000000041b58ab3 ffffffff84189648 ffffffff8142e0c5 [ 27.349894] Call Trace: [ 27.352466] [] dump_stack+0xc1/0x128 [ 27.357802] [] panic+0x1bc/0x3a8 [ 27.362789] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 27.370987] [] ? preempt_schedule+0x25/0x30 [ 27.376935] [] ? ___preempt_schedule+0x16/0x18 [ 27.383145] [] kasan_end_report+0x50/0x50 [ 27.389360] [] kasan_report+0x167/0x360 [ 27.394951] [] ? sg_remove_request+0x103/0x120 [ 27.401150] [] __asan_report_load8_noabort+0x14/0x20 [ 27.407877] [] sg_remove_request+0x103/0x120 [ 27.413901] [] sg_finish_rem_req+0x295/0x340 [ 27.419924] [] sg_read+0xa1c/0x1440 [ 27.425168] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 27.431804] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.438784] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 27.445419] [] __vfs_read+0x103/0x670 [ 27.450835] [] ? default_llseek+0x290/0x290 [ 27.456784] [] ? fsnotify+0x86/0xf30 [ 27.462124] [] ? fsnotify+0xf30/0xf30 [ 27.467541] [] ? avc_policy_seqno+0x9/0x20 [ 27.473393] [] ? selinux_file_permission+0x82/0x460 [ 27.480033] [] ? security_file_permission+0x89/0x1e0 [ 27.486750] [] ? rw_verify_area+0xe5/0x2b0 [ 27.492605] [] vfs_read+0x11e/0x380 [ 27.497860] [] SyS_read+0xd9/0x1b0 [ 27.503015] [] ? vfs_copy_file_range+0x740/0x740 [ 27.509389] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 27.517585] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.524141] [] entry_SYSCALL_64_fastpath+0x23/0xe2 [ 27.530718] Dumping ftrace buffer: [ 27.534238] (ftrace buffer empty) [ 27.537916] Kernel Offset: disabled [ 27.541513] Rebooting in 86400 seconds..