[....] Starting enhanced syslogd: rsyslogd[   16.861241] audit: type=1400 audit(1520533669.996:5): avc:  denied  { syslog } for  pid=4122 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   23.237634] audit: type=1400 audit(1520533676.373:6): avc:  denied  { map } for  pid=4262 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts.
executing program
[   29.591294] audit: type=1400 audit(1520533682.727:7): avc:  denied  { map } for  pid=4276 comm="syzkaller727467" path="/root/syzkaller727467593" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   29.602553] ==================================================================
[   29.624565] BUG: KASAN: stack-out-of-bounds in rdma_bind_addr+0x156/0x1b50
[   29.631555] Read of size 48 at addr ffff8801cb03fa50 by task syzkaller727467/4276
[   29.639147] 
[   29.640756] CPU: 1 PID: 4276 Comm: syzkaller727467 Not tainted 4.16.0-rc4+ #346
[   29.648172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.657499] Call Trace:
[   29.660068]  dump_stack+0x194/0x24d
[   29.663671]  ? arch_local_irq_restore+0x53/0x53
[   29.668314]  ? show_regs_print_info+0x18/0x18
[   29.672782]  ? lock_release+0xa40/0xa40
[   29.676737]  ? __radix_tree_lookup+0x435/0x5e0
[   29.681288]  ? find_held_lock+0x35/0x1d0
[   29.685323]  ? rdma_bind_addr+0x156/0x1b50
[   29.689530]  print_address_description+0x73/0x250
[   29.694345]  ? rdma_bind_addr+0x156/0x1b50
[   29.698550]  kasan_report+0x23c/0x360
[   29.702349]  check_memory_region+0x137/0x190
[   29.706727]  memcpy+0x23/0x50
[   29.709809]  rdma_bind_addr+0x156/0x1b50
[   29.713855]  ? lock_release+0xa40/0xa40
[   29.717804]  ? check_same_owner+0x320/0x320
[   29.722103]  ? cma_ndev_work_handler+0x1a0/0x1a0
[   29.726846]  ucma_bind_ip+0x10a/0x190
[   29.730618]  ? ucma_bind+0x260/0x260
[   29.734310]  ? kasan_check_write+0x14/0x20
[   29.738521]  ucma_write+0x2d6/0x3d0
[   29.742118]  ? ucma_bind+0x260/0x260
[   29.745804]  ? ucma_resolve_route+0x1a0/0x1a0
[   29.750280]  ? ucma_resolve_route+0x1a0/0x1a0
[   29.754748]  __vfs_write+0xef/0x970
[   29.758349]  ? rcu_note_context_switch+0x710/0x710
[   29.763268]  ? kernel_read+0x120/0x120
[   29.767143]  ? __might_sleep+0x95/0x190
[   29.771100]  ? _cond_resched+0x14/0x30
[   29.774958]  ? __inode_security_revalidate+0xd9/0x130
[   29.780119]  ? avc_policy_seqno+0x9/0x20
[   29.784152]  ? selinux_file_permission+0x82/0x460
[   29.788970]  ? security_file_permission+0x89/0x1e0
[   29.793871]  ? rw_verify_area+0xe5/0x2b0
[   29.797903]  ? __fdget_raw+0x20/0x20
[   29.801593]  vfs_write+0x189/0x510
[   29.805110]  SyS_write+0xef/0x220
[   29.808534]  ? filp_open+0x70/0x70
[   29.812049]  ? SyS_read+0x220/0x220
[   29.815656]  ? do_syscall_64+0xb7/0x940
[   29.819611]  ? SyS_read+0x220/0x220
[   29.823209]  do_syscall_64+0x281/0x940
[   29.827067]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   29.832575]  ? syscall_return_slowpath+0x550/0x550
[   29.837477]  ? syscall_return_slowpath+0x2ac/0x550
[   29.842382]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   29.847735]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.852566]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.857728] RIP: 0033:0x43fdb9
[   29.860897] RSP: 002b:00007ffc27556e48 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
[   29.868577] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9
[   29.875823] RDX: 0000000000000024 RSI: 0000000020000bc0 RDI: 0000000000000003
[   29.883064] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   29.890308] R10: 00000000004002c8 R11: 0000000000000213 R12: 00000000004016e0
[   29.897549] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[   29.904807] 
[   29.906403] The buggy address belongs to the page:
[   29.911302] page:ffffea00072c0fc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   29.919415] flags: 0x2fffc0000000000()
[   29.923273] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   29.931125] raw: 0000000000000000 ffffea00072c0101 0000000000000000 0000000000000000
[   29.938972] page dumped because: kasan: bad access detected
[   29.944646] 
[   29.946243] Memory state around the buggy address:
[   29.951140]  ffff8801cb03f900: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2
[   29.958467]  ffff8801cb03f980: f2 f2 f2 f2 f2 f2 04 f2 f2 f2 f3 f3 f3 f3 00 00
[   29.965796] >ffff8801cb03fa00: 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 f2 f2
[   29.973123]                                                              ^
[   29.980102]  ffff8801cb03fa80: f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1
[   29.987430]  ffff8801cb03fb00: f1 f1 f1 00 f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00
[   29.994753] ==================================================================
[   30.002081] Disabling lock debugging due to kernel taint
[   30.007720] Kernel panic - not syncing: panic_on_warn set ...
[   30.007720] 
[   30.015059] CPU: 1 PID: 4276 Comm: syzkaller727467 Tainted: G    B            4.16.0-rc4+ #346
[   30.023788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.033109] Call Trace:
[   30.035667]  dump_stack+0x194/0x24d
[   30.039266]  ? arch_local_irq_restore+0x53/0x53
[   30.043902]  ? kasan_end_report+0x32/0x50
[   30.048023]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.052749]  ? vsnprintf+0x1ed/0x1900
[   30.056522]  ? rdma_bind_addr+0x150/0x1b50
[   30.060727]  panic+0x1e4/0x41c
[   30.063889]  ? refcount_error_report+0x214/0x214
[   30.068618]  ? add_taint+0x1c/0x50
[   30.072127]  ? add_taint+0x1c/0x50
[   30.075640]  ? rdma_bind_addr+0x156/0x1b50
[   30.079846]  kasan_end_report+0x50/0x50
[   30.083789]  kasan_report+0x149/0x360
[   30.087559]  check_memory_region+0x137/0x190
[   30.091935]  memcpy+0x23/0x50
[   30.095010]  rdma_bind_addr+0x156/0x1b50
[   30.099055]  ? lock_release+0xa40/0xa40
[   30.102999]  ? check_same_owner+0x320/0x320
[   30.107294]  ? cma_ndev_work_handler+0x1a0/0x1a0
[   30.112028]  ucma_bind_ip+0x10a/0x190
[   30.115798]  ? ucma_bind+0x260/0x260
[   30.119501]  ? kasan_check_write+0x14/0x20
[   30.123705]  ucma_write+0x2d6/0x3d0
[   30.127300]  ? ucma_bind+0x260/0x260
[   30.130983]  ? ucma_resolve_route+0x1a0/0x1a0
[   30.135450]  ? ucma_resolve_route+0x1a0/0x1a0
[   30.139914]  __vfs_write+0xef/0x970
[   30.143519]  ? rcu_note_context_switch+0x710/0x710
[   30.148428]  ? kernel_read+0x120/0x120
[   30.152299]  ? __might_sleep+0x95/0x190
[   30.156252]  ? _cond_resched+0x14/0x30
[   30.160118]  ? __inode_security_revalidate+0xd9/0x130
[   30.165278]  ? avc_policy_seqno+0x9/0x20
[   30.169312]  ? selinux_file_permission+0x82/0x460
[   30.174142]  ? security_file_permission+0x89/0x1e0
[   30.179056]  ? rw_verify_area+0xe5/0x2b0
[   30.183086]  ? __fdget_raw+0x20/0x20
[   30.186770]  vfs_write+0x189/0x510
[   30.190281]  SyS_write+0xef/0x220
[   30.193704]  ? filp_open+0x70/0x70
[   30.197215]  ? SyS_read+0x220/0x220
[   30.200814]  ? do_syscall_64+0xb7/0x940
[   30.204770]  ? SyS_read+0x220/0x220
[   30.208369]  do_syscall_64+0x281/0x940
[   30.212229]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   30.217733]  ? syscall_return_slowpath+0x550/0x550
[   30.222637]  ? syscall_return_slowpath+0x2ac/0x550
[   30.227538]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   30.232871]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.237695]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   30.242856] RIP: 0033:0x43fdb9
[   30.246015] RSP: 002b:00007ffc27556e48 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
[   30.253689] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdb9
[   30.260928] RDX: 0000000000000024 RSI: 0000000020000bc0 RDI: 0000000000000003
[   30.268166] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   30.275402] R10: 00000000004002c8 R11: 0000000000000213 R12: 00000000004016e0
[   30.282640] R13: 0000000000401770 R14: 0000000000000000 R15: 0000000000000000
[   30.290371] Dumping ftrace buffer:
[   30.293877]    (ftrace buffer empty)
[   30.297558] Kernel Offset: disabled
[   30.301153] Rebooting in 86400 seconds..