[....] Starting enhanced syslogd: rsyslogd[   11.229403] audit: type=1400 audit(1515658828.242:4): avc:  denied  { syslog } for  pid=3175 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
syzkaller login: [   27.868937] ==================================================================
[   27.870835] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120
[   27.872473] Read of size 8 at addr ffff8801cc60e1c0 by task syzkaller879367/3334
[   27.874539] 
[   27.875104] CPU: 0 PID: 3334 Comm: syzkaller879367 Not tainted 4.9.76-g9154940 #20
[   27.877281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.879632]  ffff8801c8237940 ffffffff81d93149 ffffea0007318380 ffff8801cc60e1c0
[   27.881816]  0000000000000000 ffff8801cc60e1c0 ffff8801c812c438 ffff8801c8237978
[   27.884302]  ffffffff8153cb43 ffff8801cc60e1c0 0000000000000008 0000000000000000
[   27.886603] Call Trace:
[   27.887140]  [<ffffffff81d93149>] dump_stack+0xc1/0x128
[   27.888430]  [<ffffffff8153cb43>] print_address_description+0x73/0x280
[   27.893732]  [<ffffffff8153d065>] kasan_report+0x275/0x360
[   27.899334]  [<ffffffff82666253>] ? sg_remove_request+0x103/0x120
[   27.905560]  [<ffffffff8153d1c4>] __asan_report_load8_noabort+0x14/0x20
[   27.912293]  [<ffffffff82666253>] sg_remove_request+0x103/0x120
[   27.918325]  [<ffffffff826667d5>] sg_finish_rem_req+0x295/0x340
[   27.924356]  [<ffffffff8266860c>] sg_read+0xa1c/0x1440
[   27.929609]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   27.936436]  [<ffffffff81642d90>] ? fsnotify+0xf30/0xf30
[   27.942035]  [<ffffffff81bda889>] ? avc_policy_seqno+0x9/0x20
[   27.947918]  [<ffffffff8156b571>] do_loop_readv_writev.part.17+0x141/0x1e0
[   27.954909]  [<ffffffff81bd1949>] ? security_file_permission+0x89/0x1e0
[   27.961646]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   27.968281]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   27.974927]  [<ffffffff81570492>] compat_do_readv_writev+0x522/0x760
[   27.981398]  [<ffffffff8156ff70>] ? do_pwritev+0x1a0/0x1a0
[   27.987000]  [<ffffffff838b01bc>] ? _raw_spin_unlock+0x2c/0x50
[   27.992956]  [<ffffffff81dfa57b>] ? check_preemption_disabled+0x3b/0x200
[   27.999782]  [<ffffffff815cfcd1>] ? __fget+0x201/0x3a0
[   28.005034]  [<ffffffff815cfcf8>] ? __fget+0x228/0x3a0
[   28.010300]  [<ffffffff815cfb17>] ? __fget+0x47/0x3a0
[   28.015461]  [<ffffffff815707b3>] compat_readv+0xe3/0x150
[   28.020964]  [<ffffffff81570914>] do_compat_readv+0xf4/0x1d0
[   28.026746]  [<ffffffff81570820>] ? compat_readv+0x150/0x150
[   28.032522]  [<ffffffff81572e86>] compat_SyS_readv+0x26/0x30
[   28.038290]  [<ffffffff81572e60>] ? SyS_pwritev2+0x80/0x80
[   28.043883]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   28.049999]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   28.056654]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   28.062853] 
[   28.064456] Allocated by task 0:
[   28.067787] (stack is not available)
[   28.071465] 
[   28.073059] Freed by task 0:
[   28.076042] (stack is not available)
[   28.079719] 
[   28.081311] The buggy address belongs to the object at ffff8801cc60e180
[   28.081311]  which belongs to the cache fasync_cache of size 96
[   28.093934] The buggy address is located 64 bytes inside of
[   28.093934]  96-byte region [ffff8801cc60e180, ffff8801cc60e1e0)
[   28.105601] The buggy address belongs to the page:
[   28.110503] page:ffffea0007318380 count:1 mapcount:0 mapping:          (null) index:0x0
[   28.118729] flags: 0x8000000000000080(slab)
[   28.123014] page dumped because: kasan: bad access detected
[   28.128700] 
[   28.130293] Memory state around the buggy address:
[   28.135189]  ffff8801cc60e080: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   28.142527]  ffff8801cc60e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.149856] >ffff8801cc60e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.157184]                                            ^
[   28.162605]  ffff8801cc60e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.169933]  ffff8801cc60e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   28.177260] ==================================================================
[   28.184584] Disabling lock debugging due to kernel taint
[   28.190482] Kernel panic - not syncing: panic_on_warn set ...
[   28.190482] 
[   28.197825] CPU: 0 PID: 3334 Comm: syzkaller879367 Tainted: G    B           4.9.76-g9154940 #20
[   28.206820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.216149]  ffff8801c8237898 ffffffff81d93149 ffffffff84195c17 ffff8801c8237970
[   28.224108]  0000000000000000 ffff8801cc60e1c0 ffff8801c812c438 ffff8801c8237960
[   28.232062]  ffffffff8142e371 0000000041b58ab3 ffffffff84189678 ffffffff8142e1b5
[   28.240012] Call Trace:
[   28.242571]  [<ffffffff81d93149>] dump_stack+0xc1/0x128
[   28.247908]  [<ffffffff8142e371>] panic+0x1bc/0x3a8
[   28.252894]  [<ffffffff8142e1b5>] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7
[   28.261100]  [<ffffffff838a17c5>] ? preempt_schedule+0x25/0x30
[   28.267044]  [<ffffffff81003066>] ? ___preempt_schedule+0x16/0x18
[   28.273244]  [<ffffffff8153cab0>] kasan_end_report+0x50/0x50
[   28.279010]  [<ffffffff8153cf57>] kasan_report+0x167/0x360
[   28.284615]  [<ffffffff82666253>] ? sg_remove_request+0x103/0x120
[   28.290818]  [<ffffffff8153d1c4>] __asan_report_load8_noabort+0x14/0x20
[   28.297557]  [<ffffffff82666253>] sg_remove_request+0x103/0x120
[   28.303583]  [<ffffffff826667d5>] sg_finish_rem_req+0x295/0x340
[   28.309612]  [<ffffffff8266860c>] sg_read+0xa1c/0x1440
[   28.314868]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   28.321503]  [<ffffffff81642d90>] ? fsnotify+0xf30/0xf30
[   28.326939]  [<ffffffff81bda889>] ? avc_policy_seqno+0x9/0x20
[   28.332794]  [<ffffffff8156b571>] do_loop_readv_writev.part.17+0x141/0x1e0
[   28.339775]  [<ffffffff81bd1949>] ? security_file_permission+0x89/0x1e0
[   28.346510]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   28.353144]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   28.359793]  [<ffffffff81570492>] compat_do_readv_writev+0x522/0x760
[   28.366270]  [<ffffffff8156ff70>] ? do_pwritev+0x1a0/0x1a0
[   28.371868]  [<ffffffff838b01bc>] ? _raw_spin_unlock+0x2c/0x50
[   28.377811]  [<ffffffff81dfa57b>] ? check_preemption_disabled+0x3b/0x200
[   28.384619]  [<ffffffff815cfcd1>] ? __fget+0x201/0x3a0
[   28.389862]  [<ffffffff815cfcf8>] ? __fget+0x228/0x3a0
[   28.395107]  [<ffffffff815cfb17>] ? __fget+0x47/0x3a0
[   28.400266]  [<ffffffff815707b3>] compat_readv+0xe3/0x150
[   28.405773]  [<ffffffff81570914>] do_compat_readv+0xf4/0x1d0
[   28.411538]  [<ffffffff81570820>] ? compat_readv+0x150/0x150
[   28.417304]  [<ffffffff81572e86>] compat_SyS_readv+0x26/0x30
[   28.423071]  [<ffffffff81572e60>] ? SyS_pwritev2+0x80/0x80
[   28.428675]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   28.434798]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   28.441435]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   28.447691] Dumping ftrace buffer:
[   28.451216]    (ftrace buffer empty)
[   28.454898] Kernel Offset: disabled
[   28.458493] Rebooting in 86400 seconds..