[....] Starting enhanced syslogd: rsyslogd[   11.304318] audit: type=1400 audit(1515990517.348:4): avc:  denied  { syslog } for  pid=3170 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   18.586840] ==================================================================
[   18.588036] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120
[   18.588974] Read of size 8 at addr ffff8801cc122140 by task syzkaller158933/3318
[   18.589998] 
[   18.590259] CPU: 0 PID: 3318 Comm: syzkaller158933 Not tainted 4.9.76-gf0f6293 #22
[   18.591448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   18.592734]  ffff8801c86bf940 ffffffff81d93149 ffffea0007304880 ffff8801cc122140
[   18.594002]  0000000000000000 ffff8801cc122140 ffff8801cae64438 ffff8801c86bf978
[   18.595290]  ffffffff8153cb43 ffff8801cc122140 0000000000000008 0000000000000000
[   18.596532] Call Trace:
[   18.596903]  [<ffffffff81d93149>] dump_stack+0xc1/0x128
[   18.597743]  [<ffffffff8153cb43>] print_address_description+0x73/0x280
[   18.598893]  [<ffffffff8153d065>] kasan_report+0x275/0x360
[   18.599660]  [<ffffffff82666253>] ? sg_remove_request+0x103/0x120
[   18.600634]  [<ffffffff8153d1c4>] __asan_report_load8_noabort+0x14/0x20
[   18.601937]  [<ffffffff82666253>] sg_remove_request+0x103/0x120
[   18.602739]  [<ffffffff826667d5>] sg_finish_rem_req+0x295/0x340
[   18.603673]  [<ffffffff8266860c>] sg_read+0xa1c/0x1440
[   18.604504]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   18.605395]  [<ffffffff81642d90>] ? fsnotify+0xf30/0xf30
[   18.606159]  [<ffffffff81bda889>] ? avc_policy_seqno+0x9/0x20
[   18.606966]  [<ffffffff8156b571>] do_loop_readv_writev.part.17+0x141/0x1e0
[   18.613971]  [<ffffffff81bd1949>] ? security_file_permission+0x89/0x1e0
[   18.620696]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   18.627336]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   18.633980]  [<ffffffff81570492>] compat_do_readv_writev+0x522/0x760
[   18.640448]  [<ffffffff8156ff70>] ? do_pwritev+0x1a0/0x1a0
[   18.646052]  [<ffffffff838b01bc>] ? _raw_spin_unlock+0x2c/0x50
[   18.652004]  [<ffffffff814cdf7e>] ? handle_mm_fault+0x6ee/0x2530
[   18.658120]  [<ffffffff815abeea>] ? fasync_helper+0x7a/0xb0
[   18.663806]  [<ffffffff814cd890>] ? __pmd_alloc+0x410/0x410
[   18.669487]  [<ffffffff815707b3>] compat_readv+0xe3/0x150
[   18.675001]  [<ffffffff81570914>] do_compat_readv+0xf4/0x1d0
[   18.680772]  [<ffffffff81570820>] ? compat_readv+0x150/0x150
[   18.686543]  [<ffffffff81572e86>] compat_SyS_readv+0x26/0x30
[   18.692315]  [<ffffffff81572e60>] ? SyS_pwritev2+0x80/0x80
[   18.697931]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   18.704054]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   18.710693]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   18.716894] 
[   18.718498] Allocated by task 0:
[   18.721833] (stack is not available)
[   18.725513] 
[   18.727123] Freed by task 0:
[   18.730109] (stack is not available)
[   18.733963] 
[   18.735565] The buggy address belongs to the object at ffff8801cc122100
[   18.735565]  which belongs to the cache fasync_cache of size 96
[   18.748195] The buggy address is located 64 bytes inside of
[   18.748195]  96-byte region [ffff8801cc122100, ffff8801cc122160)
[   18.759868] The buggy address belongs to the page:
[   18.764770] page:ffffea0007304880 count:1 mapcount:0 mapping:          (null) index:0x0
[   18.773002] flags: 0x8000000000000080(slab)
[   18.777292] page dumped because: kasan: bad access detected
[   18.782971] 
[   18.784572] Memory state around the buggy address:
[   18.789472]  ffff8801cc122000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   18.796817]  ffff8801cc122080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.804157] >ffff8801cc122100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.811491]                                            ^
[   18.816911]  ffff8801cc122180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.824250]  ffff8801cc122200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.831581] ==================================================================
[   18.838918] Disabling lock debugging due to kernel taint
[   18.844484] Kernel panic - not syncing: panic_on_warn set ...
[   18.844484] 
[   18.851847] CPU: 0 PID: 3318 Comm: syzkaller158933 Tainted: G    B           4.9.76-gf0f6293 #22
[   18.860753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   18.870089]  ffff8801c86bf898 ffffffff81d93149 ffffffff84195c17 ffff8801c86bf970
[   18.878081]  0000000000000000 ffff8801cc122140 ffff8801cae64438 ffff8801c86bf960
[   18.886071]  ffffffff8142e371 0000000041b58ab3 ffffffff84189678 ffffffff8142e1b5
[   18.894055] Call Trace:
[   18.896615]  [<ffffffff81d93149>] dump_stack+0xc1/0x128
[   18.901952]  [<ffffffff8142e371>] panic+0x1bc/0x3a8
[   18.906943]  [<ffffffff8142e1b5>] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7
[   18.915150]  [<ffffffff838a17c5>] ? preempt_schedule+0x25/0x30
[   18.921098]  [<ffffffff81003066>] ? ___preempt_schedule+0x16/0x18
[   18.927316]  [<ffffffff8153cab0>] kasan_end_report+0x50/0x50
[   18.933087]  [<ffffffff8153cf57>] kasan_report+0x167/0x360
[   18.938681]  [<ffffffff82666253>] ? sg_remove_request+0x103/0x120
[   18.944885]  [<ffffffff8153d1c4>] __asan_report_load8_noabort+0x14/0x20
[   18.951611]  [<ffffffff82666253>] sg_remove_request+0x103/0x120
[   18.957639]  [<ffffffff826667d5>] sg_finish_rem_req+0x295/0x340
[   18.963670]  [<ffffffff8266860c>] sg_read+0xa1c/0x1440
[   18.968917]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   18.975555]  [<ffffffff81642d90>] ? fsnotify+0xf30/0xf30
[   18.980986]  [<ffffffff81bda889>] ? avc_policy_seqno+0x9/0x20
[   18.986846]  [<ffffffff8156b571>] do_loop_readv_writev.part.17+0x141/0x1e0
[   18.993830]  [<ffffffff81bd1949>] ? security_file_permission+0x89/0x1e0
[   19.000557]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   19.007196]  [<ffffffff82667bf0>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   19.013838]  [<ffffffff81570492>] compat_do_readv_writev+0x522/0x760
[   19.020301]  [<ffffffff8156ff70>] ? do_pwritev+0x1a0/0x1a0
[   19.025920]  [<ffffffff838b01bc>] ? _raw_spin_unlock+0x2c/0x50
[   19.031864]  [<ffffffff814cdf7e>] ? handle_mm_fault+0x6ee/0x2530
[   19.037989]  [<ffffffff815abeea>] ? fasync_helper+0x7a/0xb0
[   19.043675]  [<ffffffff814cd890>] ? __pmd_alloc+0x410/0x410
[   19.049357]  [<ffffffff815707b3>] compat_readv+0xe3/0x150
[   19.054866]  [<ffffffff81570914>] do_compat_readv+0xf4/0x1d0
[   19.060633]  [<ffffffff81570820>] ? compat_readv+0x150/0x150
[   19.066402]  [<ffffffff81572e86>] compat_SyS_readv+0x26/0x30
[   19.072173]  [<ffffffff81572e60>] ? SyS_pwritev2+0x80/0x80
[   19.077771]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   19.083908]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   19.090546]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   19.097242] Dumping ftrace buffer:
[   19.100754]    (ftrace buffer empty)
[   19.104435] Kernel Offset: disabled
[   19.108035] Rebooting in 86400 seconds..