[....] Starting enhanced syslogd: rsyslogd[   11.118528] audit: type=1400 audit(1515605142.688:4): avc:  denied  { syslog } for  pid=3177 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.222' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
syzkaller login: [   34.206275] ==================================================================
[   34.213682] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120
[   34.220755] Read of size 8 at addr ffff8801cd5b12c0 by task syzkaller874189/3345
[   34.228256] 
[   34.229867] CPU: 1 PID: 3345 Comm: syzkaller874189 Not tainted 4.9.76-g9154940 #20
[   34.237550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.247150]  ffff8801cb677940 ffffffff81d93149 ffffea0007356c40 ffff8801cd5b12c0
[   34.255215]  0000000000000000 ffff8801cd5b12c0 ffff8801cd692338 ffff8801cb677978
[   34.263207]  ffffffff8153cb43 ffff8801cd5b12c0 0000000000000008 0000000000000000
[   34.271175] Call Trace:
[   34.273735]  [<ffffffff81d93149>] dump_stack+0xc1/0x128
[   34.279070]  [<ffffffff8153cb43>] print_address_description+0x73/0x280
[   34.285719]  [<ffffffff8153d065>] kasan_report+0x275/0x360
[   34.291319]  [<ffffffff82666253>] ? sg_remove_request+0x103/0x120
[   34.297524]  [<ffffffff8153d1c4>] __asan_report_load8_noabort+0x14/0x20
[   34.304257]  [<ffffffff82666253>] sg_remove_request+0x103/0x120
[   34.310290]  [<ffffffff826667d5>] sg_finish_rem_req+0x295/0x340
[   34.316338]  [<ffffffff8266860c>] sg_read+0xa1c/0x1440
[   34.321601]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   34.328240]  [<ffffffff81642d90>] ? fsnotify+0xf30/0xf30
[   34.333675]  [<ffffffff81bda889>] ? avc_policy_seqno+0x9/0x20
[   34.339537]  [<ffffffff8156b571>] do_loop_readv_writev.part.17+0x141/0x1e0
[   34.346526]  [<ffffffff81bd1949>] ? security_file_permission+0x89/0x1e0
[   34.353256]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   34.359911]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   34.366554]  [<ffffffff81570492>] compat_do_readv_writev+0x522/0x760
[   34.373024]  [<ffffffff8123a72d>] ? trace_hardirqs_on+0xd/0x10
[   34.378971]  [<ffffffff8156ff70>] ? do_pwritev+0x1a0/0x1a0
[   34.384570]  [<ffffffff8144dceb>] ? __free_pages+0x5b/0x80
[   34.390166]  [<ffffffff815cfcd1>] ? __fget+0x201/0x3a0
[   34.395414]  [<ffffffff815cfcf8>] ? __fget+0x228/0x3a0
[   34.400663]  [<ffffffff815cfb17>] ? __fget+0x47/0x3a0
[   34.405829]  [<ffffffff815707b3>] compat_readv+0xe3/0x150
[   34.411342]  [<ffffffff81570914>] do_compat_readv+0xf4/0x1d0
[   34.417125]  [<ffffffff81570820>] ? compat_readv+0x150/0x150
[   34.422896]  [<ffffffff81572e86>] compat_SyS_readv+0x26/0x30
[   34.428670]  [<ffffffff81572e60>] ? SyS_pwritev2+0x80/0x80
[   34.434280]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   34.440404]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.447045]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   34.453252] 
[   34.454851] Allocated by task 0:
[   34.458183] (stack is not available)
[   34.461862] 
[   34.463455] Freed by task 0:
[   34.466435] (stack is not available)
[   34.470126] 
[   34.471729] The buggy address belongs to the object at ffff8801cd5b1280
[   34.471729]  which belongs to the cache fasync_cache of size 96
[   34.484360] The buggy address is located 64 bytes inside of
[   34.484360]  96-byte region [ffff8801cd5b1280, ffff8801cd5b12e0)
[   34.496031] The buggy address belongs to the page:
[   34.500939] page:ffffea0007356c40 count:1 mapcount:0 mapping:          (null) index:0x0
[   34.509168] flags: 0x8000000000000080(slab)
[   34.513458] page dumped because: kasan: bad access detected
[   34.519134] 
[   34.520730] Memory state around the buggy address:
[   34.525642]  ffff8801cd5b1180: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   34.532974]  ffff8801cd5b1200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.540346] >ffff8801cd5b1280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.547677]                                            ^
executing program
[   34.553099]  ffff8801cd5b1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.560442]  ffff8801cd5b1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.567779] ==================================================================
[   34.575111] Disabling lock debugging due to kernel taint
[   34.581174] Kernel panic - not syncing: panic_on_warn set ...
[   34.581174] 
[   34.588526] CPU: 1 PID: 3345 Comm: syzkaller874189 Tainted: G    B           4.9.76-g9154940 #20
[   34.597419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.606749]  ffff8801cb677898 ffffffff81d93149 ffffffff84195c17 ffff8801cb677970
[   34.614719]  0000000000000000 ffff8801cd5b12c0 ffff8801cd692338 ffff8801cb677960
[   34.622678]  ffffffff8142e371 0000000041b58ab3 ffffffff84189678 ffffffff8142e1b5
[   34.630636] Call Trace:
[   34.633198]  [<ffffffff81d93149>] dump_stack+0xc1/0x128
[   34.638549]  [<ffffffff8142e371>] panic+0x1bc/0x3a8
[   34.643539]  [<ffffffff8142e1b5>] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7
[   34.651744]  [<ffffffff838a17c5>] ? preempt_schedule+0x25/0x30
[   34.657689]  [<ffffffff81003066>] ? ___preempt_schedule+0x16/0x18
[   34.663893]  [<ffffffff8153cab0>] kasan_end_report+0x50/0x50
[   34.669677]  [<ffffffff8153cf57>] kasan_report+0x167/0x360
[   34.675283]  [<ffffffff82666253>] ? sg_remove_request+0x103/0x120
[   34.681489]  [<ffffffff8153d1c4>] __asan_report_load8_noabort+0x14/0x20
[   34.688230]  [<ffffffff82666253>] sg_remove_request+0x103/0x120
[   34.694287]  [<ffffffff826667d5>] sg_finish_rem_req+0x295/0x340
[   34.700320]  [<ffffffff8266860c>] sg_read+0xa1c/0x1440
[   34.705569]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   34.712210]  [<ffffffff81642d90>] ? fsnotify+0xf30/0xf30
[   34.717637]  [<ffffffff81bda889>] ? avc_policy_seqno+0x9/0x20
[   34.723496]  [<ffffffff8156b571>] do_loop_readv_writev.part.17+0x141/0x1e0
[   34.730483]  [<ffffffff81bd1949>] ? security_file_permission+0x89/0x1e0
[   34.737215]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   34.743856]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   34.750500]  [<ffffffff81570492>] compat_do_readv_writev+0x522/0x760
[   34.757908]  [<ffffffff8123a72d>] ? trace_hardirqs_on+0xd/0x10
[   34.763855]  [<ffffffff8156ff70>] ? do_pwritev+0x1a0/0x1a0
[   34.769468]  [<ffffffff8144dceb>] ? __free_pages+0x5b/0x80
[   34.775078]  [<ffffffff815cfcd1>] ? __fget+0x201/0x3a0
[   34.780336]  [<ffffffff815cfcf8>] ? __fget+0x228/0x3a0
[   34.785586]  [<ffffffff815cfb17>] ? __fget+0x47/0x3a0
[   34.790847]  [<ffffffff815707b3>] compat_readv+0xe3/0x150
[   34.796356]  [<ffffffff81570914>] do_compat_readv+0xf4/0x1d0
[   34.802132]  [<ffffffff81570820>] ? compat_readv+0x150/0x150
[   34.807917]  [<ffffffff81572e86>] compat_SyS_readv+0x26/0x30
[   34.813701]  [<ffffffff81572e60>] ? SyS_pwritev2+0x80/0x80
[   34.819311]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   34.825447]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.832100]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   34.838680] Dumping ftrace buffer:
[   34.842191]    (ftrace buffer empty)
[   34.845870] Kernel Offset: disabled
[   34.849468] Rebooting in 86400 seconds..