[....] Starting enhanced syslogd: rsyslogd[   11.461624] audit: type=1400 audit(1515499039.111:4): avc:  denied  { syslog } for  pid=3187 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.219' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   39.525768] ==================================================================
[   39.533168] BUG: KASAN: slab-out-of-bounds in sg_remove_request+0x103/0x120
[   39.540240] Read of size 8 at addr ffff8801cd6d7140 by task syzkaller787915/3354
[   39.547736] 
[   39.549334] CPU: 0 PID: 3354 Comm: syzkaller787915 Not tainted 4.9.75-gb54d99a #18
[   39.557004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.566331]  ffff8801c7e77940 ffffffff81d93049 ffffea000735b5c0 ffff8801cd6d7140
[   39.574284]  0000000000000000 ffff8801cd6d7140 ffff8801c9452338 ffff8801c7e77978
[   39.582234]  ffffffff8153ca53 ffff8801cd6d7140 0000000000000008 0000000000000000
[   39.590177] Call Trace:
[   39.592731]  [<ffffffff81d93049>] dump_stack+0xc1/0x128
[   39.598536]  [<ffffffff8153ca53>] print_address_description+0x73/0x280
[   39.607620]  [<ffffffff8153cf75>] kasan_report+0x275/0x360
[   39.615642]  [<ffffffff82666163>] ? sg_remove_request+0x103/0x120
[   39.623660]  [<ffffffff8153d0d4>] __asan_report_load8_noabort+0x14/0x20
[   39.632632]  [<ffffffff82666163>] sg_remove_request+0x103/0x120
[   39.640595]  [<ffffffff826666e5>] sg_finish_rem_req+0x295/0x340
[   39.648879]  [<ffffffff8266851c>] sg_read+0xa1c/0x1440
[   39.654119]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   39.660748]  [<ffffffff81642ca0>] ? fsnotify+0xf30/0xf30
[   39.666162]  [<ffffffff81bda799>] ? avc_policy_seqno+0x9/0x20
[   39.672010]  [<ffffffff8156b481>] do_loop_readv_writev.part.17+0x141/0x1e0
[   39.678986]  [<ffffffff81bd1859>] ? security_file_permission+0x89/0x1e0
[   39.685702]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   39.692331]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   39.698966]  [<ffffffff815703a2>] compat_do_readv_writev+0x522/0x760
[   39.705429]  [<ffffffff8156fe80>] ? do_pwritev+0x1a0/0x1a0
[   39.711020]  [<ffffffff838b01bc>] ? _raw_spin_unlock+0x2c/0x50
[   39.716954]  [<ffffffff814cde8e>] ? handle_mm_fault+0x6ee/0x2530
[   39.723061]  [<ffffffff815abdfa>] ? fasync_helper+0x7a/0xb0
[   39.728735]  [<ffffffff814cd7a0>] ? __pmd_alloc+0x410/0x410
[   39.734414]  [<ffffffff815706c3>] compat_readv+0xe3/0x150
[   39.739915]  [<ffffffff81570824>] do_compat_readv+0xf4/0x1d0
[   39.745676]  [<ffffffff81570730>] ? compat_readv+0x150/0x150
[   39.751439]  [<ffffffff81572d96>] compat_SyS_readv+0x26/0x30
[   39.757200]  [<ffffffff81572d70>] ? SyS_pwritev2+0x80/0x80
[   39.762787]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   39.768895]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.775524]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   39.782933] 
[   39.784525] Allocated by task 0:
[   39.787853] (stack is not available)
[   39.791527] 
[   39.793117] Freed by task 0:
[   39.796098] (stack is not available)
[   39.799773] 
[   39.801366] The buggy address belongs to the object at ffff8801cd6d7100
[   39.801366]  which belongs to the cache fasync_cache of size 96
[   39.813985] The buggy address is located 64 bytes inside of
[   39.813985]  96-byte region [ffff8801cd6d7100, ffff8801cd6d7160)
[   39.825647] The buggy address belongs to the page:
[   39.830539] page:ffffea000735b5c0 count:1 mapcount:0 mapping:          (null) index:0x0
[   39.838753] flags: 0x8000000000000080(slab)
[   39.844524] page dumped because: kasan: bad access detected
[   39.850801] 
[   39.852390] Memory state around the buggy address:
[   39.857285]  ffff8801cd6d7000: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   39.867132]  ffff8801cd6d7080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.876981] >ffff8801cd6d7100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.884304]                                            ^
[   39.889724]  ffff8801cd6d7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.897047]  ffff8801cd6d7200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.904369] ==================================================================
[   39.911690] Disabling lock debugging due to kernel taint
[   39.917273] Kernel panic - not syncing: panic_on_warn set ...
[   39.917273] 
[   39.924614] CPU: 0 PID: 3354 Comm: syzkaller787915 Tainted: G    B           4.9.75-gb54d99a #18
[   39.933497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.942823]  ffff8801c7e77898 ffffffff81d93049 ffffffff84195be7 ffff8801c7e77970
[   39.950774]  0000000000000000 ffff8801cd6d7140 ffff8801c9452338 ffff8801c7e77960
[   39.958757]  ffffffff8142e281 0000000041b58ab3 ffffffff84189648 ffffffff8142e0c5
[   39.966702] Call Trace:
[   39.969261]  [<ffffffff81d93049>] dump_stack+0xc1/0x128
[   39.974588]  [<ffffffff8142e281>] panic+0x1bc/0x3a8
[   39.979572]  [<ffffffff8142e0c5>] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7
[   39.987768]  [<ffffffff838a17c5>] ? preempt_schedule+0x25/0x30
[   39.993703]  [<ffffffff81003066>] ? ___preempt_schedule+0x16/0x18
[   39.999902]  [<ffffffff8153c9c0>] kasan_end_report+0x50/0x50
[   40.006015]  [<ffffffff8153ce67>] kasan_report+0x167/0x360
[   40.011604]  [<ffffffff82666163>] ? sg_remove_request+0x103/0x120
[   40.017801]  [<ffffffff8153d0d4>] __asan_report_load8_noabort+0x14/0x20
[   40.024516]  [<ffffffff82666163>] sg_remove_request+0x103/0x120
[   40.030538]  [<ffffffff826666e5>] sg_finish_rem_req+0x295/0x340
[   40.036561]  [<ffffffff8266851c>] sg_read+0xa1c/0x1440
[   40.041803]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   40.048434]  [<ffffffff81642ca0>] ? fsnotify+0xf30/0xf30
[   40.053851]  [<ffffffff81bda799>] ? avc_policy_seqno+0x9/0x20
[   40.059701]  [<ffffffff8156b481>] do_loop_readv_writev.part.17+0x141/0x1e0
[   40.066679]  [<ffffffff81bd1859>] ? security_file_permission+0x89/0x1e0
[   40.073395]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   40.080026]  [<ffffffff82667b00>] ? sg_proc_seq_show_debug+0xd10/0xd10
[   40.086658]  [<ffffffff815703a2>] compat_do_readv_writev+0x522/0x760
[   40.093113]  [<ffffffff8156fe80>] ? do_pwritev+0x1a0/0x1a0
[   40.098702]  [<ffffffff838b01bc>] ? _raw_spin_unlock+0x2c/0x50
[   40.105058]  [<ffffffff814cde8e>] ? handle_mm_fault+0x6ee/0x2530
[   40.111169]  [<ffffffff815abdfa>] ? fasync_helper+0x7a/0xb0
[   40.116844]  [<ffffffff814cd7a0>] ? __pmd_alloc+0x410/0x410
[   40.122521]  [<ffffffff815706c3>] compat_readv+0xe3/0x150
[   40.128022]  [<ffffffff81570824>] do_compat_readv+0xf4/0x1d0
[   40.133790]  [<ffffffff81570730>] ? compat_readv+0x150/0x150
[   40.139570]  [<ffffffff81572d96>] compat_SyS_readv+0x26/0x30
[   40.145338]  [<ffffffff81572d70>] ? SyS_pwritev2+0x80/0x80
[   40.150928]  [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[   40.157038]  [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[   40.163667]  [<ffffffff838b2334>] entry_SYSENTER_compat+0x74/0x83
[   40.170654] Dumping ftrace buffer:
[   40.174159]    (ftrace buffer empty)
[   40.177834] Kernel Offset: disabled
[   40.181427] Rebooting in 86400 seconds..