[....] Starting enhanced syslogd: rsyslogd[   13.328907] audit: type=1400 audit(1516034242.994:4): avc:  denied  { syslog } for  pid=3168 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   26.733319] ==================================================================
[   26.740761] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120
[   26.747855] Read of size 8 at addr ffff8801c91d8140 by task syzkaller063358/3325
[   26.755359] 
[   26.756961] CPU: 0 PID: 3325 Comm: syzkaller063358 Not tainted 4.9.76-g8dec074 #23
[   26.764636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.773960]  ffff8801c8597940 ffffffff81d93169 ffffea0007247600 ffff8801c91d8140
[   26.781961]  0000000000000000 ffff8801c91d8140 ffff8801c110c438 ffff8801c8597978
[   26.789932]  ffffffff8153cb43 ffff8801c91d8140 0000000000000008 0000000000000000
[   26.797918] Call Trace:
[   26.800479]  [<ffffffff81d93169>] dump_stack+0xc1/0x128
[   26.805828]  [<ffffffff8153cb43>] print_address_description+0x73/0x280
[   26.812465]  [<ffffffff8153d065>] kasan_report+0x275/0x360
[   26.818060]  [<ffffffff82666273>] ? sg_remove_request+0x103/0x120
[   26.824261]  [<ffffffff8153d1c4>] __asan_report_load8_noabort+0x14/0x20
[   26.830981]  [<ffffffff82666273>] sg_remove_request+0x103/0x120
[   26.837011]  [<ffffffff826667f5>] sg_finish_rem_req+0x295/0x340
[   26.843038]  [<ffffffff8266862c>] sg_read+0xa1c/0x1440
[   26.848294]  [<ffffffff82667c10>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   26.854931]  [<ffffffff81642d90>] ? fsnotify+0xf30/0xf30
[   26.860360]  [<ffffffff81bda829>] ? avc_policy_seqno+0x9/0x20
[   26.866218]  [<ffffffff8156b571>] do_loop_readv_writev.part.17+0x141/0x1e0
[   26.873198]  [<ffffffff81bd18e9>] ? security_file_permission+0x89/0x1e0
[   26.879918]  [<ffffffff82667c10>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   26.886551]  [<ffffffff82667c10>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   26.893196]  [<ffffffff81570492>] compat_do_readv_writev+0x522/0x760
[   26.899678]  [<ffffffff8156ff70>] ? do_pwritev+0x1a0/0x1a0
[   26.905292]  [<ffffffff81464d87>] ? __lru_cache_add+0x187/0x250
[   26.911328]  [<ffffffff838b01bc>] ? _raw_spin_unlock+0x2c/0x50
[   26.917270]  [<ffffffff814cdf7e>] ? handle_mm_fault+0x6ee/0x2530
[   26.923382]  [<ffffffff815abeea>] ? fasync_helper+0x7a/0xb0
[   26.929061]  [<ffffffff814cd890>] ? __pmd_alloc+0x410/0x410
[   26.934741]  [<ffffffff815707b3>] compat_readv+0xe3/0x150
[   26.940249]  [<ffffffff81570914>] do_compat_readv+0xf4/0x1d0
[   26.946016]  [<ffffffff81570820>] ? compat_readv+0x150/0x150
[   26.951784]  [<ffffffff81572e86>] compat_SyS_readv+0x26/0x30
[   26.957548]  [<ffffffff81572e60>] ? SyS_pwritev2+0x80/0x80
[   26.963144]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   26.969259]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.975894]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   26.982094] 
[   26.983690] Allocated by task 0:
[   26.987022] (stack is not available)
[   26.990719] 
[   26.992314] Freed by task 0:
[   26.995297] (stack is not available)
[   26.998976] 
[   27.000574] The buggy address belongs to the object at ffff8801c91d8100
[   27.000574]  which belongs to the cache fasync_cache of size 96
[   27.013197] The buggy address is located 64 bytes inside of
[   27.013197]  96-byte region [ffff8801c91d8100, ffff8801c91d8160)
[   27.024875] The buggy address belongs to the page:
[   27.029774] page:ffffea0007247600 count:1 mapcount:0 mapping:          (null) index:0x0
[   27.038006] flags: 0x8000000000000080(slab)
[   27.042294] page dumped because: kasan: bad access detected
[   27.047970] 
[   27.049566] Memory state around the buggy address:
[   27.054475]  ffff8801c91d8000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   27.061812]  ffff8801c91d8080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.069139] >ffff8801c91d8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.076465]                                            ^
[   27.081883]  ffff8801c91d8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.089211]  ffff8801c91d8200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.096536] ==================================================================
[   27.103948] Disabling lock debugging due to kernel taint
[   27.109574] Kernel panic - not syncing: panic_on_warn set ...
[   27.109574] 
[   27.116921] CPU: 0 PID: 3325 Comm: syzkaller063358 Tainted: G    B           4.9.76-g8dec074 #23
[   27.125812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.135138]  ffff8801c8597898 ffffffff81d93169 ffffffff84195c2f ffff8801c8597970
[   27.143130]  0000000000000000 ffff8801c91d8140 ffff8801c110c438 ffff8801c8597960
[   27.151775]  ffffffff8142e371 0000000041b58ab3 ffffffff84189690 ffffffff8142e1b5
[   27.159752] Call Trace:
[   27.162322]  [<ffffffff81d93169>] dump_stack+0xc1/0x128
[   27.167658]  [<ffffffff8142e371>] panic+0x1bc/0x3a8
[   27.172644]  [<ffffffff8142e1b5>] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7
[   27.180848]  [<ffffffff838a17c5>] ? preempt_schedule+0x25/0x30
[   27.186790]  [<ffffffff81003066>] ? ___preempt_schedule+0x16/0x18
[   27.193004]  [<ffffffff8153cab0>] kasan_end_report+0x50/0x50
[   27.198789]  [<ffffffff8153cf57>] kasan_report+0x167/0x360
[   27.204381]  [<ffffffff82666273>] ? sg_remove_request+0x103/0x120
[   27.210591]  [<ffffffff8153d1c4>] __asan_report_load8_noabort+0x14/0x20
[   27.217313]  [<ffffffff82666273>] sg_remove_request+0x103/0x120
[   27.223338]  [<ffffffff826667f5>] sg_finish_rem_req+0x295/0x340
[   27.229369]  [<ffffffff8266862c>] sg_read+0xa1c/0x1440
[   27.234616]  [<ffffffff82667c10>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   27.241254]  [<ffffffff81642d90>] ? fsnotify+0xf30/0xf30
[   27.246677]  [<ffffffff81bda829>] ? avc_policy_seqno+0x9/0x20
[   27.252533]  [<ffffffff8156b571>] do_loop_readv_writev.part.17+0x141/0x1e0
[   27.259517]  [<ffffffff81bd18e9>] ? security_file_permission+0x89/0x1e0
[   27.266240]  [<ffffffff82667c10>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   27.272876]  [<ffffffff82667c10>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   27.279510]  [<ffffffff81570492>] compat_do_readv_writev+0x522/0x760
[   27.285972]  [<ffffffff8156ff70>] ? do_pwritev+0x1a0/0x1a0
[   27.291581]  [<ffffffff81464d87>] ? __lru_cache_add+0x187/0x250
[   27.297613]  [<ffffffff838b01bc>] ? _raw_spin_unlock+0x2c/0x50
[   27.303555]  [<ffffffff814cdf7e>] ? handle_mm_fault+0x6ee/0x2530
[   27.309946]  [<ffffffff815abeea>] ? fasync_helper+0x7a/0xb0
[   27.315626]  [<ffffffff814cd890>] ? __pmd_alloc+0x410/0x410
[   27.321326]  [<ffffffff815707b3>] compat_readv+0xe3/0x150
[   27.326833]  [<ffffffff81570914>] do_compat_readv+0xf4/0x1d0
[   27.332601]  [<ffffffff81570820>] ? compat_readv+0x150/0x150
[   27.338380]  [<ffffffff81572e86>] compat_SyS_readv+0x26/0x30
[   27.344156]  [<ffffffff81572e60>] ? SyS_pwritev2+0x80/0x80
[   27.349752]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   27.355885]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.362525]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   27.369130] Dumping ftrace buffer:
[   27.372642]    (ftrace buffer empty)
[   27.376325] Kernel Offset: disabled
[   27.379947] Rebooting in 86400 seconds..