[....] Starting enhanced syslogd: rsyslogd[   10.944354] audit: type=1400 audit(1515862423.617:4): avc:  denied  { syslog } for  pid=3173 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.41' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   18.645757] ==================================================================
[   18.646923] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120
[   18.647915] Read of size 8 at addr ffff8801cd3b2140 by task syzkaller227245/3321
[   18.648901] 
[   18.649147] CPU: 0 PID: 3321 Comm: syzkaller227245 Not tainted 4.9.76-g8e170a5 #21
[   18.650206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   18.651501]  ffff8801c2377940 ffffffff81d93149 ffffea000734ec80 ffff8801cd3b2140
[   18.652793]  0000000000000000 ffff8801cd3b2140 ffff8801c8d48238 ffff8801c2377978
[   18.653976]  ffffffff8153cb43 ffff8801cd3b2140 0000000000000008 0000000000000000
[   18.655196] Call Trace:
[   18.655555]  [<ffffffff81d93149>] dump_stack+0xc1/0x128
[   18.656324]  [<ffffffff8153cb43>] print_address_description+0x73/0x280
[   18.657250]  [<ffffffff8153d065>] kasan_report+0x275/0x360
[   18.658052]  [<ffffffff82666253>] ? sg_remove_request+0x103/0x120
[   18.658896]  [<ffffffff8153d1c4>] __asan_report_load8_noabort+0x14/0x20
[   18.659835]  [<ffffffff82666253>] sg_remove_request+0x103/0x120
[   18.660655]  [<ffffffff826667d5>] sg_finish_rem_req+0x295/0x340
[   18.661474]  [<ffffffff8266860c>] sg_read+0xa1c/0x1440
[   18.662215]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   18.663113]  [<ffffffff81642d90>] ? fsnotify+0xf30/0xf30
[   18.663930]  [<ffffffff81bda889>] ? avc_policy_seqno+0x9/0x20
[   18.664747]  [<ffffffff8156b571>] do_loop_readv_writev.part.17+0x141/0x1e0
[   18.665671]  [<ffffffff81bd1949>] ? security_file_permission+0x89/0x1e0
[   18.666575]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   18.673210]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   18.679845]  [<ffffffff81570492>] compat_do_readv_writev+0x522/0x760
[   18.686314]  [<ffffffff8156ff70>] ? do_pwritev+0x1a0/0x1a0
[   18.691907]  [<ffffffff81464d87>] ? __lru_cache_add+0x187/0x250
[   18.697936]  [<ffffffff838b01bc>] ? _raw_spin_unlock+0x2c/0x50
[   18.703875]  [<ffffffff814cdf7e>] ? handle_mm_fault+0x6ee/0x2530
[   18.709997]  [<ffffffff815abeea>] ? fasync_helper+0x7a/0xb0
[   18.715675]  [<ffffffff814cd890>] ? __pmd_alloc+0x410/0x410
[   18.721365]  [<ffffffff815707b3>] compat_readv+0xe3/0x150
[   18.726871]  [<ffffffff81570914>] do_compat_readv+0xf4/0x1d0
[   18.732636]  [<ffffffff81570820>] ? compat_readv+0x150/0x150
[   18.738402]  [<ffffffff81572e86>] compat_SyS_readv+0x26/0x30
[   18.744165]  [<ffffffff81572e60>] ? SyS_pwritev2+0x80/0x80
[   18.749759]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   18.755870]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   18.762504]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   18.768702] 
[   18.770297] Allocated by task 0:
[   18.773629] (stack is not available)
[   18.777315] 
[   18.778909] Freed by task 0:
[   18.781892] (stack is not available)
[   18.785570] 
[   18.787170] The buggy address belongs to the object at ffff8801cd3b2100
[   18.787170]  which belongs to the cache fasync_cache of size 96
[   18.799794] The buggy address is located 64 bytes inside of
[   18.799794]  96-byte region [ffff8801cd3b2100, ffff8801cd3b2160)
[   18.811462] The buggy address belongs to the page:
[   18.816369] page:ffffea000734ec80 count:1 mapcount:0 mapping:          (null) index:0x0
[   18.824596] flags: 0x8000000000000080(slab)
[   18.828884] page dumped because: kasan: bad access detected
[   18.834561] 
[   18.836155] Memory state around the buggy address:
[   18.841051]  ffff8801cd3b2000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   18.848386]  ffff8801cd3b2080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.855711] >ffff8801cd3b2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.863038]                                            ^
[   18.868454]  ffff8801cd3b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.875780]  ffff8801cd3b2200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.883117] ==================================================================
[   18.890441] Disabling lock debugging due to kernel taint
[   18.896244] Kernel panic - not syncing: panic_on_warn set ...
[   18.896244] 
[   18.903591] CPU: 0 PID: 3321 Comm: syzkaller227245 Tainted: G    B           4.9.76-g8e170a5 #21
[   18.912502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   18.921826]  ffff8801c2377898 ffffffff81d93149 ffffffff84195c17 ffff8801c2377970
[   18.929793]  0000000000000000 ffff8801cd3b2140 ffff8801c8d48238 ffff8801c2377960
[   18.937756]  ffffffff8142e371 0000000041b58ab3 ffffffff84189678 ffffffff8142e1b5
[   18.945728] Call Trace:
[   18.948284]  [<ffffffff81d93149>] dump_stack+0xc1/0x128
[   18.953616]  [<ffffffff8142e371>] panic+0x1bc/0x3a8
[   18.958601]  [<ffffffff8142e1b5>] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7
[   18.966798]  [<ffffffff838a17c5>] ? preempt_schedule+0x25/0x30
[   18.972738]  [<ffffffff81003066>] ? ___preempt_schedule+0x16/0x18
[   18.978936]  [<ffffffff8153cab0>] kasan_end_report+0x50/0x50
[   18.984702]  [<ffffffff8153cf57>] kasan_report+0x167/0x360
[   18.990296]  [<ffffffff82666253>] ? sg_remove_request+0x103/0x120
[   18.996506]  [<ffffffff8153d1c4>] __asan_report_load8_noabort+0x14/0x20
[   19.003227]  [<ffffffff82666253>] sg_remove_request+0x103/0x120
[   19.009253]  [<ffffffff826667d5>] sg_finish_rem_req+0x295/0x340
[   19.015287]  [<ffffffff8266860c>] sg_read+0xa1c/0x1440
[   19.020532]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   19.027167]  [<ffffffff81642d90>] ? fsnotify+0xf30/0xf30
[   19.032588]  [<ffffffff81bda889>] ? avc_policy_seqno+0x9/0x20
[   19.038440]  [<ffffffff8156b571>] do_loop_readv_writev.part.17+0x141/0x1e0
[   19.045423]  [<ffffffff81bd1949>] ? security_file_permission+0x89/0x1e0
[   19.052144]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   19.058779]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   19.065410]  [<ffffffff81570492>] compat_do_readv_writev+0x522/0x760
[   19.071868]  [<ffffffff8156ff70>] ? do_pwritev+0x1a0/0x1a0
[   19.077460]  [<ffffffff81464d87>] ? __lru_cache_add+0x187/0x250
[   19.083490]  [<ffffffff838b01bc>] ? _raw_spin_unlock+0x2c/0x50
[   19.089428]  [<ffffffff814cdf7e>] ? handle_mm_fault+0x6ee/0x2530
[   19.095542]  [<ffffffff815abeea>] ? fasync_helper+0x7a/0xb0
[   19.101219]  [<ffffffff814cd890>] ? __pmd_alloc+0x410/0x410
[   19.106897]  [<ffffffff815707b3>] compat_readv+0xe3/0x150
[   19.112403]  [<ffffffff81570914>] do_compat_readv+0xf4/0x1d0
[   19.118167]  [<ffffffff81570820>] ? compat_readv+0x150/0x150
[   19.123941]  [<ffffffff81572e86>] compat_SyS_readv+0x26/0x30
[   19.129704]  [<ffffffff81572e60>] ? SyS_pwritev2+0x80/0x80
[   19.135294]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   19.141414]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   19.148047]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   19.154681] Dumping ftrace buffer:
[   19.158192]    (ftrace buffer empty)
[   19.161872] Kernel Offset: disabled
[   19.165477] Rebooting in 86400 seconds..