[....] Starting enhanced syslogd: rsyslogd[   12.955944] audit: type=1400 audit(1513023728.212:5): avc:  denied  { syslog } for  pid=2990 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.861213] audit: type=1400 audit(1513023734.118:6): avc:  denied  { map } for  pid=3131 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-mmots-kasan-gce-6,10.128.15.196' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   33.953402] audit: type=1400 audit(1513023749.210:7): avc:  denied  { map } for  pid=3148 comm="syzkaller093882" path="/root/syzkaller093882399" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
executing program
executing program
executing program
[   33.998850] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu
[   34.051816] ==================================================================
[   34.051832] BUG: KASAN: stack-out-of-bounds in write_mmio+0x560/0x600
[   34.051838] Read of size 8 at addr ffff8801c5b87220 by task syzkaller093882/3155
[   34.051840] 
[   34.051847] CPU: 0 PID: 3155 Comm: syzkaller093882 Not tainted 4.15.0-rc2-mm1+ #39
[   34.051851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.051854] Call Trace:
[   34.051864]  dump_stack+0x194/0x257
[   34.051874]  ? arch_local_irq_restore+0x53/0x53
[   34.051883]  ? show_regs_print_info+0x18/0x18
[   34.051895]  ? write_mmio+0x560/0x600
[   34.051905]  print_address_description+0x73/0x250
[   34.051911]  ? write_mmio+0x560/0x600
[   34.051918]  kasan_report+0x25b/0x340
[   34.051929]  __asan_report_load8_noabort+0x14/0x20
[   34.051934]  write_mmio+0x560/0x600
[   34.051943]  ? __kvm_write_guest_page+0xfa/0x130
[   34.051951]  ? read_exit_mmio+0x3a0/0x3a0
[   34.051958]  ? kvm_vcpu_write_guest+0xaa/0xc0
[   34.051970]  ? emulator_write_phys+0x55/0x70
[   34.051987]  emulator_read_write_onepage+0x45a/0xea0
[   34.052005]  ? vcpu_is_mmio_gpa.part.151+0x620/0x620
[   34.052019]  ? __kvm_read_guest_page+0x8c/0xa0
[   34.052029]  ? kvm_vcpu_read_guest_page+0x44/0x60
[   34.052039]  ? kvm_fetch_guest_virt+0x11b/0x180
[   34.052052]  ? kvm_read_guest_virt_system+0x50/0x50
[   34.052064]  emulator_read_write+0xe7/0x540
[   34.052078]  emulator_fix_hypercall+0x14d/0x1b0
[   34.052086]  ? emulator_write_emulated+0x50/0x50
[   34.052096]  ? check_noncircular+0x20/0x20
[   34.052107]  ? em_clts+0x100/0x100
[   34.052113]  em_hypercall+0x5d/0x120
[   34.052123]  x86_emulate_insn+0x55d/0x3c20
[   34.052137]  ? init_decode_cache+0xc0/0xc0
[   34.052145]  ? __lock_is_held+0xbc/0x140
[   34.052164]  x86_emulate_instruction+0x411/0x1ad0
[   34.052171]  ? check_noncircular+0x20/0x20
[   34.052185]  ? reexecute_instruction.part.168+0x260/0x260
[   34.052192]  ? __lock_is_held+0xbc/0x140
[   34.052214]  ? __lock_is_held+0xbc/0x140
[   34.052232]  handle_exception+0x3d5/0xa20
[   34.052240]  ? handle_cpuid+0x20/0x20
[   34.052249]  vmx_handle_exit+0x25d/0x1ce0
[   34.052256]  ? vmx_set_msr+0x17e0/0x17e0
[   34.052266]  ? handle_vmfunc+0x850/0x850
[   34.052282]  ? kvm_arch_vcpu_ioctl_run+0x168b/0x5be0
[   34.052295]  kvm_arch_vcpu_ioctl_run+0x1836/0x5be0
[   34.052306]  ? find_held_lock+0x39/0x1d0
[   34.052312]  ? check_noncircular+0x20/0x20
[   34.052329]  ? kvm_arch_vcpu_runnable+0x560/0x560
[   34.052346]  ? find_held_lock+0x39/0x1d0
[   34.052363]  ? lock_downgrade+0x980/0x980
[   34.052372]  ? find_get_pid+0x210/0x210
[   34.052378]  ? lock_downgrade+0x980/0x980
[   34.052388]  ? lock_release+0xda0/0xda0
[   34.052398]  ? __lock_is_held+0xbc/0x140
[   34.052415]  ? put_pid+0x183/0x1f0
[   34.052422]  ? task_active_pid_ns+0xd0/0xd0
[   34.052427]  ? find_get_pid+0x210/0x210
[   34.052442]  kvm_vcpu_ioctl+0x64c/0x1010
[   34.052447]  ? kvm_vcpu_ioctl+0x64c/0x1010
[   34.052457]  ? __kvm_gfn_to_hva_cache_init+0xbb0/0xbb0
[   34.052463]  ? find_held_lock+0x39/0x1d0
[   34.052482]  ? find_held_lock+0x39/0x1d0
[   34.052499]  ? lock_downgrade+0x980/0x980
[   34.052521]  ? handle_mm_fault+0x476/0x930
[   34.052526]  ? down_read_trylock+0xdb/0x170
[   34.052534]  ? __handle_mm_fault+0x3dd0/0x3dd0
[   34.052540]  ? vmacache_find+0x5f/0x280
[   34.052546]  ? vmacache_update+0xfe/0x130
[   34.052558]  ? up_read+0x1a/0x40
[   34.052566]  ? __do_page_fault+0x3d6/0xc90
[   34.052572]  ? task_work_run+0x1f4/0x270
[   34.052586]  ? __kvm_gfn_to_hva_cache_init+0xbb0/0xbb0
[   34.052593]  do_vfs_ioctl+0x1b1/0x1530
[   34.052605]  ? ioctl_preallocate+0x2b0/0x2b0
[   34.052616]  ? selinux_capable+0x40/0x40
[   34.052626]  ? __close_fd+0x222/0x360
[   34.052638]  ? syscall_return_slowpath+0x2ad/0x550
[   34.052651]  ? security_file_ioctl+0x89/0xb0
[   34.052662]  SyS_ioctl+0x8f/0xc0
[   34.052674]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   34.052679] RIP: 0033:0x4435c9
[   34.052683] RSP: 002b:00007fff805a07d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[   34.052690] RAX: ffffffffffffffda RBX: 00000000205b3000 RCX: 00000000004435c9
[   34.052694] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[   34.052698] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000002
[   34.052702] R10: 0000000000000012 R11: 0000000000000202 R12: 00000000205b7e00
[   34.052705] R13: 00000000205b6e00 R14: 00000000205b7a00 R15: 00000000205b3000
[   34.052725] 
[   34.052728] The buggy address belongs to the page:
[   34.052734] page:0000000068f6483a count:0 mapcount:0 mapping:          (null) index:0x0
[   34.052740] flags: 0x2fffc0000000000()
[   34.052747] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   34.052753] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   34.052757] page dumped because: kasan: bad access detected
[   34.052759] 
[   34.052762] Memory state around the buggy address:
[   34.052766]  ffff8801c5b87100: f2 f2 f2 f2 00 f2 f2 f2 f3 f3 f3 f3 00 00 00 00
[   34.052771]  ffff8801c5b87180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.052775] >ffff8801c5b87200: f1 f1 f1 f1 03 f2 f2 f2 f3 f3 f3 f3 00 00 00 00
[   34.052779]                                ^
[   34.052783]  ffff8801c5b87280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.052787]  ffff8801c5b87300: 00 f1 f1 f1 f1 02 f2 f2 f2 f2 f2 f2 f2 00 f2 f2
[   34.052790] ==================================================================
[   34.052792] Disabling lock debugging due to kernel taint
[   34.052819] Kernel panic - not syncing: panic_on_warn set ...
[   34.052819] 
[   34.052823] CPU: 0 PID: 3155 Comm: syzkaller093882 Tainted: G    B            4.15.0-rc2-mm1+ #39
[   34.052825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.052827] Call Trace:
[   34.052831]  dump_stack+0x194/0x257
[   34.052837]  ? arch_local_irq_restore+0x53/0x53
[   34.052841]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   34.052848]  ? vsnprintf+0x1ed/0x1900
[   34.052852]  ? write_mmio+0x4f0/0x600
[   34.052857]  panic+0x1e4/0x41c
[   34.052861]  ? refcount_error_report+0x214/0x214
[   34.052866]  ? add_taint+0x1c/0x50
[   34.052870]  ? add_taint+0x1c/0x50
[   34.052875]  ? write_mmio+0x560/0x600
[   34.052879]  kasan_end_report+0x50/0x50
[   34.052883]  kasan_report+0x144/0x340
[   34.052889]  __asan_report_load8_noabort+0x14/0x20
[   34.052892]  write_mmio+0x560/0x600
[   34.052897]  ? __kvm_write_guest_page+0xfa/0x130
[   34.052902]  ? read_exit_mmio+0x3a0/0x3a0
[   34.052906]  ? kvm_vcpu_write_guest+0xaa/0xc0
[   34.052912]  ? emulator_write_phys+0x55/0x70
[   34.052921]  emulator_read_write_onepage+0x45a/0xea0
[   34.052929]  ? vcpu_is_mmio_gpa.part.151+0x620/0x620
[   34.052937]  ? __kvm_read_guest_page+0x8c/0xa0
[   34.052943]  ? kvm_vcpu_read_guest_page+0x44/0x60
[   34.052949]  ? kvm_fetch_guest_virt+0x11b/0x180
[   34.052954]  ? kvm_read_guest_virt_system+0x50/0x50
[   34.052961]  emulator_read_write+0xe7/0x540
[   34.052969]  emulator_fix_hypercall+0x14d/0x1b0
[   34.052974]  ? emulator_write_emulated+0x50/0x50
[   34.052979]  ? check_noncircular+0x20/0x20
[   34.052984]  ? em_clts+0x100/0x100
[   34.052988]  em_hypercall+0x5d/0x120
[   34.052993]  x86_emulate_insn+0x55d/0x3c20
[   34.053003]  ? init_decode_cache+0xc0/0xc0
[   34.053008]  ? __lock_is_held+0xbc/0x140
[   34.053018]  x86_emulate_instruction+0x411/0x1ad0
[   34.053023]  ? check_noncircular+0x20/0x20
[   34.053030]  ? reexecute_instruction.part.168+0x260/0x260
[   34.053035]  ? __lock_is_held+0xbc/0x140
[   34.053044]  ? __lock_is_held+0xbc/0x140
[   34.053055]  handle_exception+0x3d5/0xa20
[   34.053058]  ? handle_cpuid+0x20/0x20
[   34.053064]  vmx_handle_exit+0x25d/0x1ce0
[   34.053068]  ? vmx_set_msr+0x17e0/0x17e0
[   34.053073]  ? handle_vmfunc+0x850/0x850
[   34.053082]  ? kvm_arch_vcpu_ioctl_run+0x168b/0x5be0
[   34.053089]  kvm_arch_vcpu_ioctl_run+0x1836/0x5be0
[   34.053095]  ? find_held_lock+0x39/0x1d0
[   34.053099]  ? check_noncircular+0x20/0x20
[   34.053109]  ? kvm_arch_vcpu_runnable+0x560/0x560
[   34.053118]  ? find_held_lock+0x39/0x1d0
[   34.053127]  ? lock_downgrade+0x980/0x980
[   34.053131]  ? find_get_pid+0x210/0x210
[   34.053136]  ? lock_downgrade+0x980/0x980
[   34.053141]  ? lock_release+0xda0/0xda0
[   34.053147]  ? __lock_is_held+0xbc/0x140
[   34.053156]  ? put_pid+0x183/0x1f0
[   34.053161]  ? task_active_pid_ns+0xd0/0xd0
[   34.053164]  ? find_get_pid+0x210/0x210
[   34.053172]  kvm_vcpu_ioctl+0x64c/0x1010
[   34.053176]  ? kvm_vcpu_ioctl+0x64c/0x1010
[   34.053182]  ? __kvm_gfn_to_hva_cache_init+0xbb0/0xbb0
[   34.053186]  ? find_held_lock+0x39/0x1d0
[   34.053196]  ? find_held_lock+0x39/0x1d0
[   34.053205]  ? lock_downgrade+0x980/0x980
[   34.053216]  ? handle_mm_fault+0x476/0x930
[   34.053219]  ? down_read_trylock+0xdb/0x170
[   34.053223]  ? __handle_mm_fault+0x3dd0/0x3dd0
[   34.053227]  ? vmacache_find+0x5f/0x280
[   34.053231]  ? vmacache_update+0xfe/0x130
[   34.053237]  ? up_read+0x1a/0x40
[   34.053242]  ? __do_page_fault+0x3d6/0xc90
[   34.053245]  ? task_work_run+0x1f4/0x270
[   34.053253]  ? __kvm_gfn_to_hva_cache_init+0xbb0/0xbb0
[   34.053257]  do_vfs_ioctl+0x1b1/0x1530
[   34.053265]  ? ioctl_preallocate+0x2b0/0x2b0
[   34.053270]  ? selinux_capable+0x40/0x40
[   34.053276]  ? __close_fd+0x222/0x360
[   34.053282]  ? syscall_return_slowpath+0x2ad/0x550
[   34.053289]  ? security_file_ioctl+0x89/0xb0
[   34.053296]  SyS_ioctl+0x8f/0xc0
[   34.053302]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   34.053305] RIP: 0033:0x4435c9
[   34.053307] RSP: 002b:00007fff805a07d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[   34.053311] RAX: ffffffffffffffda RBX: 00000000205b3000 RCX: 00000000004435c9
[   34.053313] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[   34.053315] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000002
[   34.053317] R10: 0000000000000012 R11: 0000000000000202 R12: 00000000205b7e00
[   34.053319] R13: 00000000205b6e00 R14: 00000000205b7a00 R15: 00000000205b3000
[   34.053675] Dumping ftrace buffer:
[   34.053677]    (ftrace buffer empty)
[   34.053679] Kernel Offset: disabled
[   34.993807] Rebooting in 86400 seconds..