[....] Starting enhanced syslogd: rsyslogd[   10.475272] audit: type=1400 audit(1515991181.473:4): avc:  denied  { syslog } for  pid=3172 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   35.797873] ==================================================================
[   35.798922] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120
[   35.799873] Read of size 8 at addr ffff8801cd680140 by task syzkaller354504/3337
[   35.800861] 
[   35.801146] CPU: 1 PID: 3337 Comm: syzkaller354504 Not tainted 4.9.76-gf0f6293 #22
[   35.802220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.803516]  ffff8801c902f940 ffffffff81d93149 ffffea000735a000 ffff8801cd680140
[   35.804748]  0000000000000000 ffff8801cd680140 ffff8801c7f30238 ffff8801c902f978
[   35.806078]  ffffffff8153cb43 ffff8801cd680140 0000000000000008 0000000000000000
[   35.807237] Call Trace:
[   35.807597]  [<ffffffff81d93149>] dump_stack+0xc1/0x128
[   35.808506]  [<ffffffff8153cb43>] print_address_description+0x73/0x280
[   35.809419]  [<ffffffff8153d065>] kasan_report+0x275/0x360
[   35.810165]  [<ffffffff82666253>] ? sg_remove_request+0x103/0x120
[   35.811018]  [<ffffffff8153d1c4>] __asan_report_load8_noabort+0x14/0x20
[   35.811990]  [<ffffffff82666253>] sg_remove_request+0x103/0x120
[   35.812812]  [<ffffffff826667d5>] sg_finish_rem_req+0x295/0x340
[   35.813643]  [<ffffffff8266860c>] sg_read+0xa1c/0x1440
[   35.814423]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   35.815303]  [<ffffffff81642d90>] ? fsnotify+0xf30/0xf30
[   35.816061]  [<ffffffff81bda889>] ? avc_policy_seqno+0x9/0x20
[   35.816885]  [<ffffffff8156b571>] do_loop_readv_writev.part.17+0x141/0x1e0
[   35.817855]  [<ffffffff81bd1949>] ? security_file_permission+0x89/0x1e0
[   35.824080]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   35.830718]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   35.837355]  [<ffffffff81570492>] compat_do_readv_writev+0x522/0x760
[   35.843828]  [<ffffffff8156ff70>] ? do_pwritev+0x1a0/0x1a0
[   35.849420]  [<ffffffff81464d87>] ? __lru_cache_add+0x187/0x250
[   35.855449]  [<ffffffff838b01bc>] ? _raw_spin_unlock+0x2c/0x50
[   35.861389]  [<ffffffff814cdf7e>] ? handle_mm_fault+0x6ee/0x2530
[   35.867515]  [<ffffffff814cd890>] ? __pmd_alloc+0x410/0x410
[   35.873203]  [<ffffffff815707b3>] compat_readv+0xe3/0x150
[   35.878721]  [<ffffffff81570914>] do_compat_readv+0xf4/0x1d0
[   35.884489]  [<ffffffff81570820>] ? compat_readv+0x150/0x150
[   35.890255]  [<ffffffff81572e86>] compat_SyS_readv+0x26/0x30
[   35.896035]  [<ffffffff81572e60>] ? SyS_pwritev2+0x80/0x80
[   35.901716]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   35.908794]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   35.915432]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   35.921634] 
[   35.923232] Allocated by task 0:
[   35.926580] (stack is not available)
[   35.930257] 
[   35.931854] Freed by task 0:
[   35.934840] (stack is not available)
[   35.938518] 
[   35.940114] The buggy address belongs to the object at ffff8801cd680100
[   35.940114]  which belongs to the cache fasync_cache of size 96
[   35.952840] The buggy address is located 64 bytes inside of
[   35.952840]  96-byte region [ffff8801cd680100, ffff8801cd680160)
[   35.964513] The buggy address belongs to the page:
[   35.969416] page:ffffea000735a000 count:1 mapcount:0 mapping:          (null) index:0x0
[   35.977647] flags: 0x8000000000000080(slab)
[   35.981934] page dumped because: kasan: bad access detected
[   35.987611] 
[   35.989207] Memory state around the buggy address:
[   35.994108]  ffff8801cd680000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   36.001441]  ffff8801cd680080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   36.008777] >ffff8801cd680100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   36.016106]                                            ^
[   36.021525]  ffff8801cd680180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   36.028856]  ffff8801cd680200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   36.036193] ==================================================================
[   36.043531] Disabling lock debugging due to kernel taint
[   36.049275] Kernel panic - not syncing: panic_on_warn set ...
[   36.049275] 
[   36.056617] CPU: 1 PID: 3337 Comm: syzkaller354504 Tainted: G    B           4.9.76-gf0f6293 #22
[   36.065511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.074845]  ffff8801c902f898 ffffffff81d93149 ffffffff84195c17 ffff8801c902f970
[   36.082842]  0000000000000000 ffff8801cd680140 ffff8801c7f30238 ffff8801c902f960
[   36.090831]  ffffffff8142e371 0000000041b58ab3 ffffffff84189678 ffffffff8142e1b5
[   36.098801] Call Trace:
[   36.101358]  [<ffffffff81d93149>] dump_stack+0xc1/0x128
[   36.106695]  [<ffffffff8142e371>] panic+0x1bc/0x3a8
[   36.111683]  [<ffffffff8142e1b5>] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7
[   36.119885]  [<ffffffff838a17c5>] ? preempt_schedule+0x25/0x30
[   36.125829]  [<ffffffff81003066>] ? ___preempt_schedule+0x16/0x18
[   36.132045]  [<ffffffff8153cab0>] kasan_end_report+0x50/0x50
[   36.137817]  [<ffffffff8153cf57>] kasan_report+0x167/0x360
[   36.143411]  [<ffffffff82666253>] ? sg_remove_request+0x103/0x120
[   36.149614]  [<ffffffff8153d1c4>] __asan_report_load8_noabort+0x14/0x20
[   36.156338]  [<ffffffff82666253>] sg_remove_request+0x103/0x120
[   36.162460]  [<ffffffff826667d5>] sg_finish_rem_req+0x295/0x340
[   36.168488]  [<ffffffff8266860c>] sg_read+0xa1c/0x1440
[   36.173744]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   36.180380]  [<ffffffff81642d90>] ? fsnotify+0xf30/0xf30
[   36.185809]  [<ffffffff81bda889>] ? avc_policy_seqno+0x9/0x20
[   36.191664]  [<ffffffff8156b571>] do_loop_readv_writev.part.17+0x141/0x1e0
[   36.198657]  [<ffffffff81bd1949>] ? security_file_permission+0x89/0x1e0
[   36.205469]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   36.212114]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   36.218761]  [<ffffffff81570492>] compat_do_readv_writev+0x522/0x760
[   36.225233]  [<ffffffff8156ff70>] ? do_pwritev+0x1a0/0x1a0
[   36.230830]  [<ffffffff81464d87>] ? __lru_cache_add+0x187/0x250
[   36.236870]  [<ffffffff838b01bc>] ? _raw_spin_unlock+0x2c/0x50
[   36.242813]  [<ffffffff814cdf7e>] ? handle_mm_fault+0x6ee/0x2530
[   36.248936]  [<ffffffff814cd890>] ? __pmd_alloc+0x410/0x410
[   36.254620]  [<ffffffff815707b3>] compat_readv+0xe3/0x150
[   36.260127]  [<ffffffff81570914>] do_compat_readv+0xf4/0x1d0
[   36.265893]  [<ffffffff81570820>] ? compat_readv+0x150/0x150
[   36.271663]  [<ffffffff81572e86>] compat_SyS_readv+0x26/0x30
[   36.277441]  [<ffffffff81572e60>] ? SyS_pwritev2+0x80/0x80
[   36.283037]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   36.289159]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.295796]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   36.302375] Dumping ftrace buffer:
[   36.305892]    (ftrace buffer empty)
[   36.309571] Kernel Offset: disabled
[   36.313174] Rebooting in 86400 seconds..