[....] Starting enhanced syslogd: rsyslogd[   11.073436] audit: type=1400 audit(1515345557.742:4): avc:  denied  { syslog } for  pid=3174 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts.
executing program
executing program
syzkaller login: [   25.754972] ==================================================================
[   25.756125] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120
[   25.757087] Read of size 8 at addr ffff8801cca2e140 by task syzkaller430594/3332
[   25.758121] 
[   25.758359] CPU: 1 PID: 3332 Comm: syzkaller430594 Not tainted 4.9.75-g5f5e5d4 #17
[   25.759370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.760643]  ffff8801c83ff940 ffffffff81d93049 ffffea0007328b80 ffff8801cca2e140
[   25.761799]  0000000000000000 ffff8801cca2e140 ffff8801c9794438 ffff8801c83ff978
[   25.763039]  ffffffff8153ca53 ffff8801cca2e140 0000000000000008 0000000000000000
[   25.764193] Call Trace:
[   25.764552]  [<ffffffff81d93049>] dump_stack+0xc1/0x128
[   25.765347]  [<ffffffff8153ca53>] print_address_description+0x73/0x280
[   25.766263]  [<ffffffff8153cf75>] kasan_report+0x275/0x360
[   25.767038]  [<ffffffff82666163>] ? sg_remove_request+0x103/0x120
[   25.767898]  [<ffffffff8153d0d4>] __asan_report_load8_noabort+0x14/0x20
[   25.768789]  [<ffffffff82666163>] sg_remove_request+0x103/0x120
[   25.769603]  [<ffffffff826666e5>] sg_finish_rem_req+0x295/0x340
[   25.770403]  [<ffffffff8266851c>] sg_read+0xa1c/0x1440
[   25.771122]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   25.772015]  [<ffffffff81642ca0>] ? fsnotify+0xf30/0xf30
[   25.772739]  [<ffffffff81bda799>] ? avc_policy_seqno+0x9/0x20
[   25.773518]  [<ffffffff8156b481>] do_loop_readv_writev.part.17+0x141/0x1e0
[   25.774467]  [<ffffffff81bd1859>] ? security_file_permission+0x89/0x1e0
[   25.777055]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   25.783700]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   25.790348]  [<ffffffff815703a2>] compat_do_readv_writev+0x522/0x760
[   25.796826]  [<ffffffff8156fe80>] ? do_pwritev+0x1a0/0x1a0
[   25.802515]  [<ffffffff838b01bc>] ? _raw_spin_unlock+0x2c/0x50
[   25.808458]  [<ffffffff81dfa47b>] ? check_preemption_disabled+0x3b/0x200
[   25.815268]  [<ffffffff815cfbe1>] ? __fget+0x201/0x3a0
[   25.820514]  [<ffffffff815cfc08>] ? __fget+0x228/0x3a0
[   25.825777]  [<ffffffff815cfa27>] ? __fget+0x47/0x3a0
[   25.830941]  [<ffffffff815706c3>] compat_readv+0xe3/0x150
[   25.836457]  [<ffffffff81570824>] do_compat_readv+0xf4/0x1d0
[   25.842224]  [<ffffffff81570730>] ? compat_readv+0x150/0x150
[   25.847992]  [<ffffffff81572d96>] compat_SyS_readv+0x26/0x30
[   25.853778]  [<ffffffff81572d70>] ? SyS_pwritev2+0x80/0x80
[   25.859376]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   25.865487]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   25.872126]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   25.878326] 
[   25.879923] Allocated by task 0:
[   25.883252] (stack is not available)
[   25.886928] 
[   25.888524] Freed by task 0:
[   25.891505] (stack is not available)
[   25.895180] 
[   25.896779] The buggy address belongs to the object at ffff8801cca2e100
[   25.896779]  which belongs to the cache fasync_cache of size 96
[   25.909406] The buggy address is located 64 bytes inside of
[   25.909406]  96-byte region [ffff8801cca2e100, ffff8801cca2e160)
[   25.921074] The buggy address belongs to the page:
[   25.925971] page:ffffea0007328b80 count:1 mapcount:0 mapping:          (null) index:0x0
[   25.934193] flags: 0x8000000000000080(slab)
[   25.938480] page dumped because: kasan: bad access detected
[   25.944154] 
[   25.945748] Memory state around the buggy address:
[   25.950647]  ffff8801cca2e000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   25.957973]  ffff8801cca2e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.965300] >ffff8801cca2e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.972629]                                            ^
[   25.978046]  ffff8801cca2e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.985383]  ffff8801cca2e200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.992717] ==================================================================
[   26.000046] Disabling lock debugging due to kernel taint
[   26.005952] Kernel panic - not syncing: panic_on_warn set ...
[   26.005952] 
[   26.013294] CPU: 1 PID: 3332 Comm: syzkaller430594 Tainted: G    B           4.9.75-g5f5e5d4 #17
[   26.022191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.031537]  ffff8801c83ff898 ffffffff81d93049 ffffffff84195be7 ffff8801c83ff970
[   26.039515]  0000000000000000 ffff8801cca2e140 ffff8801c9794438 ffff8801c83ff960
[   26.047481]  ffffffff8142e281 0000000041b58ab3 ffffffff84189648 ffffffff8142e0c5
[   26.055435] Call Trace:
[   26.057996]  [<ffffffff81d93049>] dump_stack+0xc1/0x128
[   26.063334]  [<ffffffff8142e281>] panic+0x1bc/0x3a8
[   26.068325]  [<ffffffff8142e0c5>] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7
[   26.076555]  [<ffffffff838a17c5>] ? preempt_schedule+0x25/0x30
[   26.082499]  [<ffffffff81003066>] ? ___preempt_schedule+0x16/0x18
[   26.088702]  [<ffffffff8153c9c0>] kasan_end_report+0x50/0x50
[   26.094467]  [<ffffffff8153ce67>] kasan_report+0x167/0x360
[   26.100064]  [<ffffffff82666163>] ? sg_remove_request+0x103/0x120
[   26.106268]  [<ffffffff8153d0d4>] __asan_report_load8_noabort+0x14/0x20
[   26.113095]  [<ffffffff82666163>] sg_remove_request+0x103/0x120
[   26.119122]  [<ffffffff826666e5>] sg_finish_rem_req+0x295/0x340
[   26.125156]  [<ffffffff8266851c>] sg_read+0xa1c/0x1440
[   26.130406]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   26.137039]  [<ffffffff81642ca0>] ? fsnotify+0xf30/0xf30
[   26.142472]  [<ffffffff81bda799>] ? avc_policy_seqno+0x9/0x20
[   26.148330]  [<ffffffff8156b481>] do_loop_readv_writev.part.17+0x141/0x1e0
[   26.155326]  [<ffffffff81bd1859>] ? security_file_permission+0x89/0x1e0
[   26.162064]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   26.168700]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   26.175346]  [<ffffffff815703a2>] compat_do_readv_writev+0x522/0x760
[   26.181813]  [<ffffffff8156fe80>] ? do_pwritev+0x1a0/0x1a0
[   26.187414]  [<ffffffff838b01bc>] ? _raw_spin_unlock+0x2c/0x50
[   26.193355]  [<ffffffff81dfa47b>] ? check_preemption_disabled+0x3b/0x200
[   26.200178]  [<ffffffff815cfbe1>] ? __fget+0x201/0x3a0
[   26.205422]  [<ffffffff815cfc08>] ? __fget+0x228/0x3a0
[   26.210667]  [<ffffffff815cfa27>] ? __fget+0x47/0x3a0
[   26.215828]  [<ffffffff815706c3>] compat_readv+0xe3/0x150
[   26.221336]  [<ffffffff81570824>] do_compat_readv+0xf4/0x1d0
[   26.227099]  [<ffffffff81570730>] ? compat_readv+0x150/0x150
[   26.232878]  [<ffffffff81572d96>] compat_SyS_readv+0x26/0x30
[   26.238648]  [<ffffffff81572d70>] ? SyS_pwritev2+0x80/0x80
[   26.244253]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   26.250367]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.257002]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   26.263243] Dumping ftrace buffer:
[   26.266752]    (ftrace buffer empty)
[   26.270428] Kernel Offset: disabled
[   26.274035] Rebooting in 86400 seconds..