[....] Starting enhanced syslogd: rsyslogd[   14.388398] audit: type=1400 audit(1520792720.370:4): avc:  denied  { syslog } for  pid=3651 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   30.808606] IPVS: Creating netns size=2536 id=1
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   30.841029] IPVS: Creating netns size=2536 id=2
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   30.863112] IPVS: Creating netns size=2536 id=3
[   30.873394] ==================================================================
[   30.880765] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120
[   30.887851] Read of size 8 at addr ffff8801b4f74f40 by task syzkaller874244/3833
[   30.895365] 
[   30.896983] CPU: 0 PID: 3833 Comm: syzkaller874244 Not tainted 4.9.87-ga290494 #53
[   30.904673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.906042] kasan: CONFIG_KASAN_INLINE enabled
[   30.906044] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   30.906052] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[   30.906057] Dumping ftrace buffer:
[   30.906060]    (ftrace buffer empty)
[   30.906064] Modules linked in:
[   30.906071] CPU: 1 PID: 3835 Comm: syzkaller874244 Not tainted 4.9.87-ga290494 #53
[   30.906074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.906078] task: ffff8801b5e60000 task.stack: ffff8801b5e68000
[   30.906093] RIP: 0010:[<ffffffff8123c334>]  [<ffffffff8123c334>] __lock_acquire+0x194/0x3640
[   30.906096] RSP: 0018:ffff8801b5e6f890  EFLAGS: 00010086
[   30.906100] RAX: dead4ead00000000 RBX: 0000000000000000 RCX: 0000000000000000
[   30.906104] RDX: 1ffff1003911e5d0 RSI: 0000000000000000 RDI: ffff8801c88f2e80
[   30.906107] RBP: ffff8801b5e6fa50 R08: 0000000000000001 R09: 0000000000000001
[   30.906111] R10: 0000000000000000 R11: ffff8801b5e60000 R12: 0000000000000001
[   30.906114] R13: 0000000000000001 R14: 0000000000000000 R15: ffff8801c88f2e78
[   30.906119] FS:  00007f488a9b2700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
[   30.906123] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   30.906126] CR2: 00007f488a9b1e78 CR3: 00000001ba202000 CR4: 0000000000160670
[   30.906133] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   30.906137] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   30.906138] Stack:
[   30.906147]  00000000024000c0 ffff8801cb373a48 ffff8801da0018c0 ffff8801b5e6fad8
[   30.906155]  ffffffff8153d3e3 000000400000000a ffff8801b5e60000 ffff8801b5e608b0
[   30.906163]  00000000000002a0 0000000000000002 0000000000000000 0000000000000000
[   30.906164] Call Trace:
[   30.906174]  [<ffffffff8153d3e3>] ? save_stack+0xa3/0xd0
[   30.906184]  [<ffffffff8123c1a0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   30.906191]  [<ffffffff8123c1a0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   30.906197]  [<ffffffff8124021e>] lock_acquire+0x12e/0x410
[   30.906206]  [<ffffffff82669060>] ? sg_remove_request+0x70/0x120
[   30.906214]  [<ffffffff838b6a8e>] _raw_write_lock_irqsave+0x4e/0x62
[   30.906219]  [<ffffffff82669060>] ? sg_remove_request+0x70/0x120
[   30.906224]  [<ffffffff82669060>] sg_remove_request+0x70/0x120
[   30.906230]  [<ffffffff82669675>] sg_finish_rem_req+0x295/0x340
[   30.906236]  [<ffffffff8266b526>] sg_read+0xa16/0x1440
[   30.906242]  [<ffffffff8266ab10>] ? sg_proc_seq_show_debug+0xd90/0xd90
[   30.906249]  [<ffffffff8123c1a0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   30.906255]  [<ffffffff8266ab10>] ? sg_proc_seq_show_debug+0xd90/0xd90
[   30.906263]  [<ffffffff8156c2e3>] __vfs_read+0x103/0x670
[   30.906269]  [<ffffffff8156c1e0>] ? default_llseek+0x290/0x290
[   30.906275]  [<ffffffff81643c86>] ? fsnotify+0x86/0xf30
[   30.906280]  [<ffffffff81644b30>] ? fsnotify+0xf30/0xf30
[   30.906288]  [<ffffffff81bdc9a9>] ? avc_policy_seqno+0x9/0x20
[   30.906294]  [<ffffffff81bed2f2>] ? selinux_file_permission+0x82/0x460
[   30.906300]  [<ffffffff81bd3a69>] ? security_file_permission+0x89/0x1e0
[   30.906306]  [<ffffffff8156ff15>] ? rw_verify_area+0xe5/0x2b0
[   30.906312]  [<ffffffff815701fe>] vfs_read+0x11e/0x380
[   30.906318]  [<ffffffff81573ef9>] SyS_read+0xd9/0x1b0
[   30.906324]  [<ffffffff81573e20>] ? vfs_copy_file_range+0x740/0x740
[   30.906332]  [<ffffffff810063a8>] ? do_syscall_64+0x48/0x490
[   30.906339]  [<ffffffff81573e20>] ? vfs_copy_file_range+0x740/0x740
[   30.906345]  [<ffffffff81006504>] do_syscall_64+0x1a4/0x490
[   30.906351]  [<ffffffff838b6b53>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   30.906449] Code: 9e ff ff 44 8b 94 24 98 00 00 00 48 85 c0 8b 8c 24 90 00 00 00 44 8b 8c 24 88 00 00 00 4c 8b 9c 24 80 00 00 00 0f 84 ff 07 00 00 <f0> ff 80 98 01 00 00 49 8d b3 a8 08 00 00 48 ba 00 00 00 00 00 
[   30.906455] RIP  [<ffffffff8123c334>] __lock_acquire+0x194/0x3640
[   30.906457]  RSP <ffff8801b5e6f890>
[   30.906464] ---[ end trace 7eacda99e12fb071 ]---
[   30.906467] Kernel panic - not syncing: Fatal exception
[   31.288016]  ffff8801b4d77a60 ffffffff81d95a19 ffffea0006d3dd00 ffff8801b4f74f40
[   31.296008]  0000000000000000 ffff8801b4f74f40 ffff8801d84ba338 ffff8801b4d77a98
[   31.304002]  ffffffff8153e333 ffff8801b4f74f40 0000000000000008 0000000000000000
[   31.311984] Call Trace:
[   31.314551]  [<ffffffff81d95a19>] dump_stack+0xc1/0x128
[   31.319895]  [<ffffffff8153e333>] print_address_description+0x73/0x280
[   31.326534]  [<ffffffff8153e855>] kasan_report+0x275/0x360
[   31.332130]  [<ffffffff826690f3>] ? sg_remove_request+0x103/0x120
[   31.338335]  [<ffffffff8153e9b4>] __asan_report_load8_noabort+0x14/0x20
[   31.345060]  [<ffffffff826690f3>] sg_remove_request+0x103/0x120
[   31.351090]  [<ffffffff82669675>] sg_finish_rem_req+0x295/0x340
[   31.357122]  [<ffffffff8266b526>] sg_read+0xa16/0x1440
[   31.362371]  [<ffffffff8266ab10>] ? sg_proc_seq_show_debug+0xd90/0xd90
[   31.369014]  [<ffffffff8123c1a0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   31.375997]  [<ffffffff8266ab10>] ? sg_proc_seq_show_debug+0xd90/0xd90
[   31.382639]  [<ffffffff8156c2e3>] __vfs_read+0x103/0x670
[   31.388063]  [<ffffffff8156c1e0>] ? default_llseek+0x290/0x290
[   31.394007]  [<ffffffff81643c86>] ? fsnotify+0x86/0xf30
[   31.399344]  [<ffffffff81644b30>] ? fsnotify+0xf30/0xf30
[   31.404784]  [<ffffffff81bdc9a9>] ? avc_policy_seqno+0x9/0x20
[   31.410646]  [<ffffffff81bed2f2>] ? selinux_file_permission+0x82/0x460
[   31.417287]  [<ffffffff81bd3a69>] ? security_file_permission+0x89/0x1e0
[   31.424015]  [<ffffffff8156ff15>] ? rw_verify_area+0xe5/0x2b0
[   31.429876]  [<ffffffff815701fe>] vfs_read+0x11e/0x380
[   31.435126]  [<ffffffff81573ef9>] SyS_read+0xd9/0x1b0
[   31.440290]  [<ffffffff81573e20>] ? vfs_copy_file_range+0x740/0x740
[   31.446670]  [<ffffffff8123b96b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   31.453485]  [<ffffffff810063a8>] ? do_syscall_64+0x48/0x490
[   31.459254]  [<ffffffff81573e20>] ? vfs_copy_file_range+0x740/0x740
[   31.465630]  [<ffffffff81006504>] do_syscall_64+0x1a4/0x490
[   31.471315]  [<ffffffff838b6b53>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
[   31.478212] 
[   31.479825] Allocated by task 0:
[   31.483160] (stack is not available)
[   31.486842] 
[   31.488446] Freed by task 0:
[   31.491434] (stack is not available)
[   31.495114] 
[   31.496715] The buggy address belongs to the object at ffff8801b4f74f00
[   31.496715]  which belongs to the cache fasync_cache of size 96
[   31.509343] The buggy address is located 64 bytes inside of
[   31.509343]  96-byte region [ffff8801b4f74f00, ffff8801b4f74f60)
[   31.521014] The buggy address belongs to the page:
[   31.525915] page:ffffea0006d3dd00 count:1 mapcount:0 mapping:          (null) index:0x0
[   31.534154] flags: 0x8000000000000080(slab)
[   31.538444] page dumped because: kasan: bad access detected
[   31.544121] 
[   31.545723] Memory state around the buggy address:
[   31.550623]  ffff8801b4f74e00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   31.557955]  ffff8801b4f74e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.565286] >ffff8801b4f74f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.572615]                                            ^
[   31.578039]  ffff8801b4f74f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.585370]  ffff8801b4f75000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   31.592697] ==================================================================
[   31.600467] Dumping ftrace buffer:
[   31.603994]    (ftrace buffer empty)
[   31.607672] Kernel Offset: disabled
[   31.611266] Rebooting in 86400 seconds..