[....] Starting enhanced syslogd: rsyslogd[ 12.754940] audit: type=1400 audit(1515670339.805:4): avc: denied { syslog } for pid=3168 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 19.643201] ================================================================== [ 19.650580] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120 [ 19.657649] Read of size 8 at addr ffff8801cd527140 by task syzkaller751298/3320 [ 19.665146] [ 19.666745] CPU: 1 PID: 3320 Comm: syzkaller751298 Not tainted 4.9.76-g9154940 #20 [ 19.674413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.683731] ffff8801c93ffa50 ffffffff81d93149 ffffea00073549c0 ffff8801cd527140 [ 19.691675] 0000000000000000 ffff8801cd527140 ffff8801c94e0238 ffff8801c93ffa88 [ 19.699617] ffffffff8153cb43 ffff8801cd527140 0000000000000008 0000000000000000 [ 19.707616] Call Trace: [ 19.710175] [] dump_stack+0xc1/0x128 [ 19.715505] [] print_address_description+0x73/0x280 [ 19.722135] [] kasan_report+0x275/0x360 [ 19.727722] [] ? sg_remove_request+0x103/0x120 [ 19.733918] [] __asan_report_load8_noabort+0x14/0x20 [ 19.740637] [] sg_remove_request+0x103/0x120 [ 19.746657] [] sg_finish_rem_req+0x295/0x340 [ 19.752679] [] sg_read+0xa1c/0x1440 [ 19.757921] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 19.764557] [] ? __raw_spin_lock_init+0x1c/0x100 [ 19.770927] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 19.777728] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 19.784357] [] __vfs_read+0x103/0x670 [ 19.789771] [] ? default_llseek+0x290/0x290 [ 19.795707] [] ? fsnotify+0x86/0xf30 [ 19.801035] [] ? fsnotify+0xf30/0xf30 [ 19.806449] [] ? avc_policy_seqno+0x9/0x20 [ 19.812297] [] ? selinux_file_permission+0x82/0x460 [ 19.818927] [] ? security_file_permission+0x89/0x1e0 [ 19.825645] [] ? rw_verify_area+0xe5/0x2b0 [ 19.831493] [] vfs_read+0x11e/0x380 [ 19.836739] [] SyS_read+0xd9/0x1b0 [ 19.841897] [] ? vfs_copy_file_range+0x740/0x740 [ 19.848270] [] ? do_fast_syscall_32+0xcf/0x890 [ 19.854465] [] ? vfs_copy_file_range+0x740/0x740 [ 19.860834] [] do_fast_syscall_32+0x2f7/0x890 [ 19.866944] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 19.873577] [] entry_SYSENTER_compat+0x74/0x83 [ 19.879769] [ 19.881361] Allocated by task 0: [ 19.884689] (stack is not available) [ 19.888362] [ 19.889952] Freed by task 0: [ 19.892930] (stack is not available) [ 19.896601] [ 19.898193] The buggy address belongs to the object at ffff8801cd527100 [ 19.898193] which belongs to the cache fasync_cache of size 96 [ 19.910815] The buggy address is located 64 bytes inside of [ 19.910815] 96-byte region [ffff8801cd527100, ffff8801cd527160) [ 19.922489] The buggy address belongs to the page: [ 19.927383] page:ffffea00073549c0 count:1 mapcount:0 mapping: (null) index:0x0 [ 19.935597] flags: 0x8000000000000080(slab) [ 19.939877] page dumped because: kasan: bad access detected [ 19.945549] [ 19.947138] Memory state around the buggy address: [ 19.952032] ffff8801cd527000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 19.959359] ffff8801cd527080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.966680] >ffff8801cd527100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.974000] ^ [ 19.979416] ffff8801cd527180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.986737] ffff8801cd527200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.994056] ================================================================== [ 20.001376] Disabling lock debugging due to kernel taint [ 20.006851] Kernel panic - not syncing: panic_on_warn set ... [ 20.006851] [ 20.014191] CPU: 1 PID: 3320 Comm: syzkaller751298 Tainted: G B 4.9.76-g9154940 #20 [ 20.023078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.032399] ffff8801c93ff9a8 ffffffff81d93149 ffffffff84195c17 ffff8801c93ffa80 [ 20.040350] 0000000000000000 ffff8801cd527140 ffff8801c94e0238 ffff8801c93ffa70 [ 20.048294] ffffffff8142e371 0000000041b58ab3 ffffffff84189678 ffffffff8142e1b5 [ 20.056238] Call Trace: [ 20.058791] [] dump_stack+0xc1/0x128 [ 20.064122] [] panic+0x1bc/0x3a8 [ 20.069103] [] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7 [ 20.077295] [] ? preempt_schedule+0x25/0x30 [ 20.083233] [] ? ___preempt_schedule+0x16/0x18 [ 20.089430] [] kasan_end_report+0x50/0x50 [ 20.095191] [] kasan_report+0x167/0x360 [ 20.100781] [] ? sg_remove_request+0x103/0x120 [ 20.106983] [] __asan_report_load8_noabort+0x14/0x20 [ 20.114826] [] sg_remove_request+0x103/0x120 [ 20.120848] [] sg_finish_rem_req+0x295/0x340 [ 20.126869] [] sg_read+0xa1c/0x1440 [ 20.132110] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 20.138745] [] ? __raw_spin_lock_init+0x1c/0x100 [ 20.145115] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 20.151915] [] ? sg_proc_seq_show_debug+0xd10/0xd10 [ 20.158545] [] __vfs_read+0x103/0x670 [ 20.163958] [] ? default_llseek+0x290/0x290 [ 20.169892] [] ? fsnotify+0x86/0xf30 [ 20.175218] [] ? fsnotify+0xf30/0xf30 [ 20.180634] [] ? avc_policy_seqno+0x9/0x20 [ 20.186485] [] ? selinux_file_permission+0x82/0x460 [ 20.193113] [] ? security_file_permission+0x89/0x1e0 [ 20.199827] [] ? rw_verify_area+0xe5/0x2b0 [ 20.205687] [] vfs_read+0x11e/0x380 [ 20.210928] [] SyS_read+0xd9/0x1b0 [ 20.216081] [] ? vfs_copy_file_range+0x740/0x740 [ 20.222450] [] ? do_fast_syscall_32+0xcf/0x890 [ 20.228649] [] ? vfs_copy_file_range+0x740/0x740 [ 20.235029] [] do_fast_syscall_32+0x2f7/0x890 [ 20.241137] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 20.247766] [] entry_SYSENTER_compat+0x74/0x83 [ 20.253998] Dumping ftrace buffer: [ 20.257519] (ftrace buffer empty) [ 20.261192] Kernel Offset: disabled [ 20.264782] Rebooting in 86400 seconds..