[....] Starting enhanced syslogd: rsyslogd[   13.138207] audit: type=1400 audit(1515465386.338:4): avc:  denied  { syslog } for  pid=3167 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   25.532033] ==================================================================
[   25.539418] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120
[   25.546481] Read of size 8 at addr ffff8801c255c140 by task syzkaller747751/3323
[   25.553977] 
[   25.555571] CPU: 0 PID: 3323 Comm: syzkaller747751 Not tainted 4.9.75-gb54d99a #18
[   25.563238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.572559]  ffff8801c8c8fa50 ffffffff81d93049 ffffea0007095700 ffff8801c255c140
[   25.580515]  0000000000000000 ffff8801c255c140 ffff8801ce298238 ffff8801c8c8fa88
[   25.588463]  ffffffff8153ca53 ffff8801c255c140 0000000000000008 0000000000000000
[   25.596407] Call Trace:
[   25.598962]  [<ffffffff81d93049>] dump_stack+0xc1/0x128
[   25.604291]  [<ffffffff8153ca53>] print_address_description+0x73/0x280
[   25.610923]  [<ffffffff8153cf75>] kasan_report+0x275/0x360
[   25.616511]  [<ffffffff82666163>] ? sg_remove_request+0x103/0x120
[   25.622706]  [<ffffffff8153d0d4>] __asan_report_load8_noabort+0x14/0x20
[   25.629420]  [<ffffffff82666163>] sg_remove_request+0x103/0x120
[   25.635441]  [<ffffffff826666e5>] sg_finish_rem_req+0x295/0x340
[   25.641459]  [<ffffffff8266851c>] sg_read+0xa1c/0x1440
[   25.646700]  [<ffffffff8124737c>] ? __raw_spin_lock_init+0x1c/0x100
[   25.653068]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   25.659699]  [<ffffffff838b01bc>] ? _raw_spin_unlock+0x2c/0x50
[   25.665631]  [<ffffffff815abbe7>] ? fasync_insert_entry+0x147/0x2e0
[   25.672009]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   25.678638]  [<ffffffff8156a8a3>] __vfs_read+0x103/0x670
[   25.684054]  [<ffffffff8156a7a0>] ? default_llseek+0x290/0x290
[   25.689991]  [<ffffffff81641df6>] ? fsnotify+0x86/0xf30
[   25.695315]  [<ffffffff81642ca0>] ? fsnotify+0xf30/0xf30
[   25.700728]  [<ffffffff81bda799>] ? avc_policy_seqno+0x9/0x20
[   25.706575]  [<ffffffff81beb0e2>] ? selinux_file_permission+0x82/0x460
[   25.713205]  [<ffffffff81bd1859>] ? security_file_permission+0x89/0x1e0
[   25.719921]  [<ffffffff8156e355>] ? rw_verify_area+0xe5/0x2b0
[   25.725766]  [<ffffffff8156e63e>] vfs_read+0x11e/0x380
[   25.731003]  [<ffffffff81572369>] SyS_read+0xd9/0x1b0
[   25.736155]  [<ffffffff81572290>] ? vfs_copy_file_range+0x740/0x740
[   25.742523]  [<ffffffff8167b65c>] ? compat_SyS_ioctl+0x8c/0x2050
[   25.748637]  [<ffffffff81006d9f>] ? do_fast_syscall_32+0xcf/0x890
[   25.754841]  [<ffffffff81572290>] ? vfs_copy_file_range+0x740/0x740
[   25.761207]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   25.767314]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   25.773943]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   25.780135] 
[   25.781726] Allocated by task 0:
[   25.785053] (stack is not available)
[   25.788728] 
[   25.790319] Freed by task 0:
[   25.793297] (stack is not available)
[   25.796972] 
[   25.798564] The buggy address belongs to the object at ffff8801c255c100
[   25.798564]  which belongs to the cache fasync_cache of size 96
[   25.811180] The buggy address is located 64 bytes inside of
[   25.811180]  96-byte region [ffff8801c255c100, ffff8801c255c160)
[   25.822841] The buggy address belongs to the page:
[   25.827731] page:ffffea0007095700 count:1 mapcount:0 mapping:          (null) index:0x0
[   25.835947] flags: 0x8000000000000080(slab)
[   25.840229] page dumped because: kasan: bad access detected
[   25.845897] 
[   25.847486] Memory state around the buggy address:
[   25.852376]  ffff8801c255c000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   25.859696]  ffff8801c255c080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.867019] >ffff8801c255c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.874342]                                            ^
[   25.879760]  ffff8801c255c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.887087]  ffff8801c255c200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.894415] ==================================================================
[   25.901733] Disabling lock debugging due to kernel taint
[   25.907235] Kernel panic - not syncing: panic_on_warn set ...
[   25.907235] 
[   25.914568] CPU: 0 PID: 3323 Comm: syzkaller747751 Tainted: G    B           4.9.75-gb54d99a #18
[   25.923455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.932778]  ffff8801c8c8f9a8 ffffffff81d93049 ffffffff84195be7 ffff8801c8c8fa80
[   25.940723]  0000000000000000 ffff8801c255c140 ffff8801ce298238 ffff8801c8c8fa70
[   25.948669]  ffffffff8142e281 0000000041b58ab3 ffffffff84189648 ffffffff8142e0c5
[   25.956610] Call Trace:
[   25.959165]  [<ffffffff81d93049>] dump_stack+0xc1/0x128
[   25.964495]  [<ffffffff8142e281>] panic+0x1bc/0x3a8
[   25.969476]  [<ffffffff8142e0c5>] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7
[   25.977669]  [<ffffffff838a17c5>] ? preempt_schedule+0x25/0x30
[   25.983602]  [<ffffffff81003066>] ? ___preempt_schedule+0x16/0x18
[   25.989797]  [<ffffffff8153c9c0>] kasan_end_report+0x50/0x50
[   25.995558]  [<ffffffff8153ce67>] kasan_report+0x167/0x360
[   26.001145]  [<ffffffff82666163>] ? sg_remove_request+0x103/0x120
[   26.007339]  [<ffffffff8153d0d4>] __asan_report_load8_noabort+0x14/0x20
[   26.014056]  [<ffffffff82666163>] sg_remove_request+0x103/0x120
[   26.020075]  [<ffffffff826666e5>] sg_finish_rem_req+0x295/0x340
[   26.026093]  [<ffffffff8266851c>] sg_read+0xa1c/0x1440
[   26.031332]  [<ffffffff8124737c>] ? __raw_spin_lock_init+0x1c/0x100
[   26.037705]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   26.044336]  [<ffffffff838b01bc>] ? _raw_spin_unlock+0x2c/0x50
[   26.050268]  [<ffffffff815abbe7>] ? fasync_insert_entry+0x147/0x2e0
[   26.056635]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   26.063264]  [<ffffffff8156a8a3>] __vfs_read+0x103/0x670
[   26.068677]  [<ffffffff8156a7a0>] ? default_llseek+0x290/0x290
[   26.074610]  [<ffffffff81641df6>] ? fsnotify+0x86/0xf30
[   26.079936]  [<ffffffff81642ca0>] ? fsnotify+0xf30/0xf30
[   26.085351]  [<ffffffff81bda799>] ? avc_policy_seqno+0x9/0x20
[   26.091197]  [<ffffffff81beb0e2>] ? selinux_file_permission+0x82/0x460
[   26.097832]  [<ffffffff81bd1859>] ? security_file_permission+0x89/0x1e0
[   26.104548]  [<ffffffff8156e355>] ? rw_verify_area+0xe5/0x2b0
[   26.110395]  [<ffffffff8156e63e>] vfs_read+0x11e/0x380
[   26.115643]  [<ffffffff81572369>] SyS_read+0xd9/0x1b0
[   26.120799]  [<ffffffff81572290>] ? vfs_copy_file_range+0x740/0x740
[   26.127170]  [<ffffffff8167b65c>] ? compat_SyS_ioctl+0x8c/0x2050
[   26.133291]  [<ffffffff81006d9f>] ? do_fast_syscall_32+0xcf/0x890
[   26.139486]  [<ffffffff81572290>] ? vfs_copy_file_range+0x740/0x740
[   26.145854]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   26.151960]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.158590]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   26.165132] Dumping ftrace buffer:
[   26.168636]    (ftrace buffer empty)
[   26.172310] Kernel Offset: disabled
[   26.175901] Rebooting in 86400 seconds..