[....] Starting enhanced syslogd: rsyslogd[ 11.024409] audit: type=1400 audit(1517151749.079:4): avc: denied { syslog } for pid=3191 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.44' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 19.368091] ================================================================== [ 19.369325] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 19.370281] Read of size 8 at addr ffff8801c8c5b140 by task syzkaller101610/3339 [ 19.371287] [ 19.371539] CPU: 1 PID: 3339 Comm: syzkaller101610 Not tainted 4.9.78-g68d447c #23 [ 19.372566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.373864] ffff8801cd7cfab0 ffffffff81d943a9 ffffea00072316c0 ffff8801c8c5b140 [ 19.375096] 0000000000000000 ffff8801c8c5b140 ffff8801c9612338 ffff8801cd7cfae8 [ 19.376337] ffffffff8153dc23 ffff8801c8c5b140 0000000000000008 0000000000000000 [ 19.377587] Call Trace: [ 19.377963] [] dump_stack+0xc1/0x128 [ 19.378706] [] print_address_description+0x73/0x280 [ 19.379586] [] kasan_report+0x275/0x360 [ 19.380392] [] ? sg_remove_request+0x103/0x120 [ 19.381247] [] __asan_report_load8_noabort+0x14/0x20 [ 19.382153] [] sg_remove_request+0x103/0x120 [ 19.383042] [] sg_finish_rem_req+0x295/0x340 [ 19.383900] [] sg_read+0xa16/0x1440 [ 19.384686] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 19.385697] [] ? fasync_insert_entry+0x147/0x2e0 [ 19.386589] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 19.387522] [] __vfs_read+0x103/0x670 [ 19.389048] [] ? default_llseek+0x290/0x290 [ 19.395004] [] ? fsnotify+0x86/0xf30 [ 19.400334] [] ? fsnotify+0xf30/0xf30 [ 19.405754] [] ? avc_policy_seqno+0x9/0x20 [ 19.411608] [] ? selinux_file_permission+0x82/0x460 [ 19.418243] [] ? security_file_permission+0x89/0x1e0 [ 19.424965] [] ? rw_verify_area+0xe5/0x2b0 [ 19.430826] [] vfs_read+0x11e/0x380 [ 19.436082] [] SyS_read+0xd9/0x1b0 [ 19.441240] [] ? vfs_copy_file_range+0x740/0x740 [ 19.447627] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 19.454448] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 19.461007] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 19.467551] [ 19.469147] Allocated by task 0: [ 19.472481] (stack is not available) [ 19.476159] [ 19.477755] Freed by task 0: [ 19.480750] (stack is not available) [ 19.484431] [ 19.486037] The buggy address belongs to the object at ffff8801c8c5b100 [ 19.486037] which belongs to the cache fasync_cache of size 96 [ 19.498663] The buggy address is located 64 bytes inside of [ 19.498663] 96-byte region [ffff8801c8c5b100, ffff8801c8c5b160) [ 19.510331] The buggy address belongs to the page: [ 19.515229] page:ffffea00072316c0 count:1 mapcount:0 mapping: (null) index:0x0 [ 19.523457] flags: 0x8000000000000080(slab) [ 19.527741] page dumped because: kasan: bad access detected [ 19.533427] [ 19.535022] Memory state around the buggy address: [ 19.539919] ffff8801c8c5b000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 19.547247] ffff8801c8c5b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.554587] >ffff8801c8c5b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.561928] ^ [ 19.567349] ffff8801c8c5b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.574678] ffff8801c8c5b200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.582004] ================================================================== [ 19.589339] Disabling lock debugging due to kernel taint [ 19.594837] Kernel panic - not syncing: panic_on_warn set ... [ 19.594837] [ 19.602199] CPU: 1 PID: 3339 Comm: syzkaller101610 Tainted: G B 4.9.78-g68d447c #23 [ 19.611091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.620415] ffff8801cd7cfa08 ffffffff81d943a9 ffffffff841971bf ffff8801cd7cfae0 [ 19.628386] 0000000000000000 ffff8801c8c5b140 ffff8801c9612338 ffff8801cd7cfad0 [ 19.636352] ffffffff8142f451 0000000041b58ab3 ffffffff8418ac30 ffffffff8142f295 [ 19.644336] Call Trace: [ 19.646899] [] dump_stack+0xc1/0x128 [ 19.652243] [] panic+0x1bc/0x3a8 [ 19.657236] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 19.665436] [] ? preempt_schedule+0x25/0x30 [ 19.671376] [] ? ___preempt_schedule+0x16/0x18 [ 19.677580] [] kasan_end_report+0x50/0x50 [ 19.683346] [] kasan_report+0x167/0x360 [ 19.688948] [] ? sg_remove_request+0x103/0x120 [ 19.695148] [] __asan_report_load8_noabort+0x14/0x20 [ 19.701877] [] sg_remove_request+0x103/0x120 [ 19.707907] [] sg_finish_rem_req+0x295/0x340 [ 19.713935] [] sg_read+0xa16/0x1440 [ 19.719181] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 19.725816] [] ? fasync_insert_entry+0x147/0x2e0 [ 19.732189] [] ? sg_proc_seq_show_debug+0xd90/0xd90 [ 19.738839] [] __vfs_read+0x103/0x670 [ 19.744258] [] ? default_llseek+0x290/0x290 [ 19.750197] [] ? fsnotify+0x86/0xf30 [ 19.755529] [] ? fsnotify+0xf30/0xf30 [ 19.760951] [] ? avc_policy_seqno+0x9/0x20 [ 19.766803] [] ? selinux_file_permission+0x82/0x460 [ 19.773436] [] ? security_file_permission+0x89/0x1e0 [ 19.780167] [] ? rw_verify_area+0xe5/0x2b0 [ 19.786019] [] vfs_read+0x11e/0x380 [ 19.791264] [] SyS_read+0xd9/0x1b0 [ 19.796422] [] ? vfs_copy_file_range+0x740/0x740 [ 19.802796] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 19.809616] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 19.816165] [] entry_SYSCALL_64_fastpath+0x29/0xe8 [ 19.823141] Dumping ftrace buffer: [ 19.826652] (ftrace buffer empty) [ 19.830332] Kernel Offset: disabled [ 19.833929] Rebooting in 86400 seconds..