[....] Starting enhanced syslogd: rsyslogd[   11.328675] audit: type=1400 audit(1515546129.679:4): avc:  denied  { syslog } for  pid=3170 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
syzkaller login: [   26.355335] ==================================================================
[   26.362778] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120
[   26.369848] Read of size 8 at addr ffff8801c9c4c2c0 by task syzkaller647420/3329
[   26.377345] 
[   26.378943] CPU: 1 PID: 3329 Comm: syzkaller647420 Not tainted 4.9.75-g8910fa5 #19
[   26.386623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.395958]  ffff8801cc697a50 ffffffff81d93049 ffffea0007271300 ffff8801c9c4c2c0
[   26.403914]  0000000000000000 ffff8801c9c4c2c0 ffff8801cc480238 ffff8801cc697a88
[   26.411868]  ffffffff8153ca53 ffff8801c9c4c2c0 0000000000000008 0000000000000000
[   26.419818] Call Trace:
[   26.422376]  [<ffffffff81d93049>] dump_stack+0xc1/0x128
[   26.427712]  [<ffffffff8153ca53>] print_address_description+0x73/0x280
[   26.434343]  [<ffffffff8153cf75>] kasan_report+0x275/0x360
[   26.439935]  [<ffffffff82666163>] ? sg_remove_request+0x103/0x120
[   26.446306]  [<ffffffff8153d0d4>] __asan_report_load8_noabort+0x14/0x20
[   26.453023]  [<ffffffff82666163>] sg_remove_request+0x103/0x120
[   26.459049]  [<ffffffff826666e5>] sg_finish_rem_req+0x295/0x340
[   26.465079]  [<ffffffff8266851c>] sg_read+0xa1c/0x1440
[   26.470506]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   26.477149]  [<ffffffff8123ac70>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   26.484146]  [<ffffffff814e149f>] ? vma_set_page_prot+0x10f/0x180
[   26.490347]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   26.496988]  [<ffffffff8156a8a3>] __vfs_read+0x103/0x670
[   26.502404]  [<ffffffff8156a7a0>] ? default_llseek+0x290/0x290
[   26.508343]  [<ffffffff81641df6>] ? fsnotify+0x86/0xf30
[   26.513676]  [<ffffffff81642ca0>] ? fsnotify+0xf30/0xf30
[   26.519098]  [<ffffffff81bda799>] ? avc_policy_seqno+0x9/0x20
[   26.524950]  [<ffffffff81beb0e2>] ? selinux_file_permission+0x82/0x460
[   26.531582]  [<ffffffff81bd1859>] ? security_file_permission+0x89/0x1e0
[   26.538318]  [<ffffffff8156e355>] ? rw_verify_area+0xe5/0x2b0
[   26.544169]  [<ffffffff8156e63e>] vfs_read+0x11e/0x380
[   26.549423]  [<ffffffff81572369>] SyS_read+0xd9/0x1b0
[   26.554578]  [<ffffffff81572290>] ? vfs_copy_file_range+0x740/0x740
[   26.560952]  [<ffffffff81006d9f>] ? do_fast_syscall_32+0xcf/0x890
[   26.567148]  [<ffffffff81572290>] ? vfs_copy_file_range+0x740/0x740
[   26.573519]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   26.579632]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.586266]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   26.592459] 
[   26.594056] Allocated by task 0:
[   26.597387] (stack is not available)
[   26.601066] 
[   26.602659] Freed by task 0:
[   26.605638] (stack is not available)
[   26.609313] 
[   26.610909] The buggy address belongs to the object at ffff8801c9c4c280
[   26.610909]  which belongs to the cache fasync_cache of size 96
[   26.623531] The buggy address is located 64 bytes inside of
[   26.623531]  96-byte region [ffff8801c9c4c280, ffff8801c9c4c2e0)
[   26.635205] The buggy address belongs to the page:
[   26.640103] page:ffffea0007271300 count:1 mapcount:0 mapping:          (null) index:0x0
[   26.648331] flags: 0x8000000000000080(slab)
[   26.652621] page dumped because: kasan: bad access detected
[   26.658293] 
[   26.659884] Memory state around the buggy address:
[   26.664777]  ffff8801c9c4c180: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   26.672101]  ffff8801c9c4c200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.679424] >ffff8801c9c4c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.686759]                                            ^
[   26.692177]  ffff8801c9c4c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
executing program
[   26.700220]  ffff8801c9c4c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.707545] ==================================================================
[   26.714868] Disabling lock debugging due to kernel taint
[   26.721231] Kernel panic - not syncing: panic_on_warn set ...
[   26.721231] 
[   26.728596] CPU: 1 PID: 3329 Comm: syzkaller647420 Tainted: G    B           4.9.75-g8910fa5 #19
[   26.737487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.746812]  ffff8801cc6979a8 ffffffff81d93049 ffffffff84195be7 ffff8801cc697a80
[   26.754775]  0000000000000000 ffff8801c9c4c2c0 ffff8801cc480238 ffff8801cc697a70
[   26.762741]  ffffffff8142e281 0000000041b58ab3 ffffffff84189648 ffffffff8142e0c5
[   26.770707] Call Trace:
[   26.773275]  [<ffffffff81d93049>] dump_stack+0xc1/0x128
[   26.778610]  [<ffffffff8142e281>] panic+0x1bc/0x3a8
[   26.783603]  [<ffffffff8142e0c5>] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7
[   26.791814]  [<ffffffff838a17c5>] ? preempt_schedule+0x25/0x30
[   26.797762]  [<ffffffff81003066>] ? ___preempt_schedule+0x16/0x18
[   26.803967]  [<ffffffff8153c9c0>] kasan_end_report+0x50/0x50
[   26.809734]  [<ffffffff8153ce67>] kasan_report+0x167/0x360
[   26.815327]  [<ffffffff82666163>] ? sg_remove_request+0x103/0x120
[   26.821526]  [<ffffffff8153d0d4>] __asan_report_load8_noabort+0x14/0x20
[   26.828246]  [<ffffffff82666163>] sg_remove_request+0x103/0x120
[   26.834272]  [<ffffffff826666e5>] sg_finish_rem_req+0x295/0x340
[   26.840297]  [<ffffffff8266851c>] sg_read+0xa1c/0x1440
[   26.845542]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   26.852178]  [<ffffffff8123ac70>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   26.859161]  [<ffffffff814e149f>] ? vma_set_page_prot+0x10f/0x180
[   26.865375]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   26.872024]  [<ffffffff8156a8a3>] __vfs_read+0x103/0x670
[   26.877444]  [<ffffffff8156a7a0>] ? default_llseek+0x290/0x290
[   26.883384]  [<ffffffff81641df6>] ? fsnotify+0x86/0xf30
[   26.888715]  [<ffffffff81642ca0>] ? fsnotify+0xf30/0xf30
[   26.894134]  [<ffffffff81bda799>] ? avc_policy_seqno+0x9/0x20
[   26.899989]  [<ffffffff81beb0e2>] ? selinux_file_permission+0x82/0x460
[   26.906623]  [<ffffffff81bd1859>] ? security_file_permission+0x89/0x1e0
[   26.913343]  [<ffffffff8156e355>] ? rw_verify_area+0xe5/0x2b0
[   26.919198]  [<ffffffff8156e63e>] vfs_read+0x11e/0x380
[   26.924455]  [<ffffffff81572369>] SyS_read+0xd9/0x1b0
[   26.929612]  [<ffffffff81572290>] ? vfs_copy_file_range+0x740/0x740
[   26.935990]  [<ffffffff81006d9f>] ? do_fast_syscall_32+0xcf/0x890
[   26.942192]  [<ffffffff81572290>] ? vfs_copy_file_range+0x740/0x740
[   26.948565]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   26.954675]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.961312]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   26.967966] Dumping ftrace buffer:
[   26.971473]    (ftrace buffer empty)
[   26.975153] Kernel Offset: disabled
[   26.978746] Rebooting in 86400 seconds..