[....] Starting enhanced syslogd: rsyslogd[   12.619148] audit: type=1400 audit(1512810657.684:5): avc:  denied  { syslog } for  pid=2994 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.941687] audit: type=1400 audit(1512810666.007:6): avc:  denied  { map } for  pid=3135 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-next-kasan-gce-1,10.128.0.56' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[   43.291978] audit: type=1400 audit(1512810688.357:7): avc:  denied  { map } for  pid=3152 comm="syzkaller601256" path="/root/syzkaller601256516" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   43.341586] kvm: KVM_SET_TSS_ADDR need to be called before entering vcpu
[   43.385009] ==================================================================
[   43.385028] BUG: KASAN: stack-out-of-bounds in write_mmio+0x560/0x600
[   43.385034] Read of size 8 at addr ffff8801c4587220 by task syzkaller601256/3159
[   43.385037] 
[   43.385044] CPU: 1 PID: 3159 Comm: syzkaller601256 Not tainted 4.15.0-rc2-next-20171208+ #63
[   43.385048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   43.385051] Call Trace:
[   43.385062]  dump_stack+0x194/0x257
[   43.385072]  ? arch_local_irq_restore+0x53/0x53
[   43.385082]  ? show_regs_print_info+0x18/0x18
[   43.385093]  ? write_mmio+0x560/0x600
[   43.385104]  print_address_description+0x73/0x250
[   43.385110]  ? write_mmio+0x560/0x600
[   43.385117]  kasan_report+0x25b/0x340
[   43.385127]  __asan_report_load8_noabort+0x14/0x20
[   43.385132]  write_mmio+0x560/0x600
[   43.385143]  ? __kvm_write_guest_page+0xfa/0x130
[   43.385151]  ? read_exit_mmio+0x3a0/0x3a0
[   43.385158]  ? kvm_vcpu_write_guest+0xaa/0xc0
[   43.385169]  ? emulator_write_phys+0x55/0x70
[   43.385186]  emulator_read_write_onepage+0x45a/0xea0
[   43.385200]  ? vcpu_is_mmio_gpa.part.151+0x620/0x620
[   43.385214]  ? __kvm_read_guest_page+0x8c/0xa0
[   43.385224]  ? kvm_vcpu_read_guest_page+0x44/0x60
[   43.385234]  ? kvm_fetch_guest_virt+0x11b/0x180
[   43.385242]  ? kvm_read_guest_virt_system+0x50/0x50
[   43.385254]  emulator_read_write+0xe7/0x540
[   43.385267]  emulator_fix_hypercall+0x14d/0x1b0
[   43.385275]  ? emulator_write_emulated+0x50/0x50
[   43.385286]  ? check_noncircular+0x20/0x20
[   43.385297]  ? em_clts+0x100/0x100
[   43.385303]  em_hypercall+0x5d/0x120
[   43.385312]  x86_emulate_insn+0x55d/0x3c20
[   43.385326]  ? init_decode_cache+0xc0/0xc0
[   43.385334]  ? __lock_is_held+0xbc/0x140
[   43.385353]  x86_emulate_instruction+0x411/0x1ad0
[   43.385360]  ? check_noncircular+0x20/0x20
[   43.385373]  ? reexecute_instruction.part.168+0x260/0x260
[   43.385380]  ? __lock_is_held+0xbc/0x140
[   43.385397]  ? __lock_is_held+0xbc/0x140
[   43.385412]  handle_exception+0x3d5/0xa20
[   43.385418]  ? handle_cpuid+0x20/0x20
[   43.385428]  vmx_handle_exit+0x25d/0x1ce0
[   43.385434]  ? vmx_set_msr+0x17e0/0x17e0
[   43.385444]  ? handle_vmfunc+0x850/0x850
[   43.385460]  ? kvm_arch_vcpu_ioctl_run+0x168b/0x5be0
[   43.385473]  kvm_arch_vcpu_ioctl_run+0x1836/0x5be0
[   43.385483]  ? find_held_lock+0x39/0x1d0
[   43.385489]  ? check_noncircular+0x20/0x20
[   43.385506]  ? kvm_arch_vcpu_runnable+0x560/0x560
[   43.385522]  ? find_held_lock+0x39/0x1d0
[   43.385539]  ? lock_downgrade+0x980/0x980
[   43.385547]  ? find_get_pid+0x210/0x210
[   43.385554]  ? lock_downgrade+0x980/0x980
[   43.385564]  ? lock_release+0xda0/0xda0
[   43.385573]  ? __lock_is_held+0xbc/0x140
[   43.385590]  ? put_pid+0x183/0x1f0
[   43.385597]  ? task_active_pid_ns+0xd0/0xd0
[   43.385602]  ? find_get_pid+0x210/0x210
[   43.385617]  kvm_vcpu_ioctl+0x64c/0x1010
[   43.385622]  ? kvm_vcpu_ioctl+0x64c/0x1010
[   43.385631]  ? __kvm_gfn_to_hva_cache_init+0xbb0/0xbb0
[   43.385637]  ? find_held_lock+0x39/0x1d0
[   43.385656]  ? find_held_lock+0x39/0x1d0
[   43.385672]  ? lock_downgrade+0x980/0x980
[   43.385694]  ? handle_mm_fault+0x476/0x930
[   43.385699]  ? down_read_trylock+0xdb/0x170
[   43.385707]  ? __handle_mm_fault+0x3dd0/0x3dd0
[   43.385713]  ? vmacache_find+0x5f/0x280
[   43.385718]  ? vmacache_update+0xfe/0x130
[   43.385730]  ? up_read+0x1a/0x40
[   43.385738]  ? __do_page_fault+0x3d6/0xc90
[   43.385743]  ? task_work_run+0x1f4/0x270
[   43.385756]  ? __kvm_gfn_to_hva_cache_init+0xbb0/0xbb0
[   43.385764]  do_vfs_ioctl+0x1b1/0x1530
[   43.385776]  ? ioctl_preallocate+0x2b0/0x2b0
[   43.385786]  ? selinux_capable+0x40/0x40
[   43.385797]  ? __close_fd+0x222/0x360
[   43.385808]  ? syscall_return_slowpath+0x2ad/0x550
[   43.385822]  ? security_file_ioctl+0x89/0xb0
[   43.385833]  SyS_ioctl+0x8f/0xc0
[   43.385845]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   43.385850] RIP: 0033:0x4435c9
[   43.385854] RSP: 002b:00007fffdf34ced8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[   43.385861] RAX: ffffffffffffffda RBX: 00000000205b3000 RCX: 00000000004435c9
[   43.385865] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[   43.385868] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000002
[   43.385872] R10: 0000000000000012 R11: 0000000000000202 R12: 00000000205b7e00
[   43.385876] R13: 00000000205b6e00 R14: 00000000205b7a00 R15: 00000000205b3000
[   43.385899] 
[   43.385901] The buggy address belongs to the page:
[   43.385907] page:000000002e827842 count:0 mapcount:0 mapping:          (null) index:0x0
[   43.385914] flags: 0x2fffc0000000000()
[   43.385922] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   43.385927] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   43.385931] page dumped because: kasan: bad access detected
[   43.385933] 
[   43.385936] Memory state around the buggy address:
[   43.385940]  ffff8801c4587100: f2 f2 f2 f2 00 f2 f2 f2 f3 f3 f3 f3 00 00 00 00
[   43.385945]  ffff8801c4587180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   43.385949] >ffff8801c4587200: f1 f1 f1 f1 03 f2 f2 f2 f3 f3 f3 f3 00 00 00 00
[   43.385952]                                ^
[   43.385956]  ffff8801c4587280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   43.385960]  ffff8801c4587300: 00 f1 f1 f1 f1 02 f2 f2 f2 f2 f2 f2 f2 00 f2 f2
[   43.385963] ==================================================================
[   43.385965] Disabling lock debugging due to kernel taint
[   43.385990] Kernel panic - not syncing: panic_on_warn set ...
[   43.385990] 
[   43.385994] CPU: 1 PID: 3159 Comm: syzkaller601256 Tainted: G    B            4.15.0-rc2-next-20171208+ #63
[   43.385996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   43.385997] Call Trace:
[   43.386004]  dump_stack+0x194/0x257
[   43.386010]  ? arch_local_irq_restore+0x53/0x53
[   43.386014]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   43.386021]  ? vsnprintf+0x1ed/0x1900
[   43.386025]  ? write_mmio+0x4f0/0x600
[   43.386031]  panic+0x1e4/0x41c
[   43.386035]  ? refcount_error_report+0x214/0x214
[   43.386040]  ? add_taint+0x1c/0x50
[   43.386045]  ? add_taint+0x1c/0x50
[   43.386049]  ? write_mmio+0x560/0x600
[   43.386053]  kasan_end_report+0x50/0x50
[   43.386057]  kasan_report+0x144/0x340
[   43.386063]  __asan_report_load8_noabort+0x14/0x20
[   43.386066]  write_mmio+0x560/0x600
[   43.386071]  ? __kvm_write_guest_page+0xfa/0x130
[   43.386075]  ? read_exit_mmio+0x3a0/0x3a0
[   43.386080]  ? kvm_vcpu_write_guest+0xaa/0xc0
[   43.386085]  ? emulator_write_phys+0x55/0x70
[   43.386094]  emulator_read_write_onepage+0x45a/0xea0
[   43.386102]  ? vcpu_is_mmio_gpa.part.151+0x620/0x620
[   43.386110]  ? __kvm_read_guest_page+0x8c/0xa0
[   43.386115]  ? kvm_vcpu_read_guest_page+0x44/0x60
[   43.386121]  ? kvm_fetch_guest_virt+0x11b/0x180
[   43.386127]  ? kvm_read_guest_virt_system+0x50/0x50
[   43.386133]  emulator_read_write+0xe7/0x540
[   43.386141]  emulator_fix_hypercall+0x14d/0x1b0
[   43.386146]  ? emulator_write_emulated+0x50/0x50
[   43.386151]  ? check_noncircular+0x20/0x20
[   43.386156]  ? em_clts+0x100/0x100
[   43.386160]  em_hypercall+0x5d/0x120
[   43.386165]  x86_emulate_insn+0x55d/0x3c20
[   43.386172]  ? init_decode_cache+0xc0/0xc0
[   43.386177]  ? __lock_is_held+0xbc/0x140
[   43.386187]  x86_emulate_instruction+0x411/0x1ad0
[   43.386191]  ? check_noncircular+0x20/0x20
[   43.386198]  ? reexecute_instruction.part.168+0x260/0x260
[   43.386203]  ? __lock_is_held+0xbc/0x140
[   43.386211]  ? __lock_is_held+0xbc/0x140
[   43.386219]  handle_exception+0x3d5/0xa20
[   43.386223]  ? handle_cpuid+0x20/0x20
[   43.386228]  vmx_handle_exit+0x25d/0x1ce0
[   43.386232]  ? vmx_set_msr+0x17e0/0x17e0
[   43.386237]  ? handle_vmfunc+0x850/0x850
[   43.386246]  ? kvm_arch_vcpu_ioctl_run+0x168b/0x5be0
[   43.386253]  kvm_arch_vcpu_ioctl_run+0x1836/0x5be0
[   43.386259]  ? find_held_lock+0x39/0x1d0
[   43.386263]  ? check_noncircular+0x20/0x20
[   43.386272]  ? kvm_arch_vcpu_runnable+0x560/0x560
[   43.386281]  ? find_held_lock+0x39/0x1d0
[   43.386290]  ? lock_downgrade+0x980/0x980
[   43.386294]  ? find_get_pid+0x210/0x210
[   43.386298]  ? lock_downgrade+0x980/0x980
[   43.386304]  ? lock_release+0xda0/0xda0
[   43.386309]  ? __lock_is_held+0xbc/0x140
[   43.386318]  ? put_pid+0x183/0x1f0
[   43.386323]  ? task_active_pid_ns+0xd0/0xd0
[   43.386326]  ? find_get_pid+0x210/0x210
[   43.386334]  kvm_vcpu_ioctl+0x64c/0x1010
[   43.386338]  ? kvm_vcpu_ioctl+0x64c/0x1010
[   43.386343]  ? __kvm_gfn_to_hva_cache_init+0xbb0/0xbb0
[   43.386347]  ? find_held_lock+0x39/0x1d0
[   43.386356]  ? find_held_lock+0x39/0x1d0
[   43.386365]  ? lock_downgrade+0x980/0x980
[   43.386376]  ? handle_mm_fault+0x476/0x930
[   43.386379]  ? down_read_trylock+0xdb/0x170
[   43.386383]  ? __handle_mm_fault+0x3dd0/0x3dd0
[   43.386387]  ? vmacache_find+0x5f/0x280
[   43.386390]  ? vmacache_update+0xfe/0x130
[   43.386396]  ? up_read+0x1a/0x40
[   43.386401]  ? __do_page_fault+0x3d6/0xc90
[   43.386404]  ? task_work_run+0x1f4/0x270
[   43.386412]  ? __kvm_gfn_to_hva_cache_init+0xbb0/0xbb0
[   43.386416]  do_vfs_ioctl+0x1b1/0x1530
[   43.386423]  ? ioctl_preallocate+0x2b0/0x2b0
[   43.386428]  ? selinux_capable+0x40/0x40
[   43.386433]  ? __close_fd+0x222/0x360
[   43.386439]  ? syscall_return_slowpath+0x2ad/0x550
[   43.386446]  ? security_file_ioctl+0x89/0xb0
[   43.386452]  SyS_ioctl+0x8f/0xc0
[   43.386459]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   43.386461] RIP: 0033:0x4435c9
[   43.386463] RSP: 002b:00007fffdf34ced8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[   43.386467] RAX: ffffffffffffffda RBX: 00000000205b3000 RCX: 00000000004435c9
[   43.386469] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[   43.386471] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000002
[   43.386473] R10: 0000000000000012 R11: 0000000000000202 R12: 00000000205b7e00
[   43.386475] R13: 00000000205b6e00 R14: 00000000205b7a00 R15: 00000000205b3000
[   43.387361] Dumping ftrace buffer:
[   43.387364]    (ftrace buffer empty)
[   43.387366] Kernel Offset: disabled
[   44.321575] Rebooting in 86400 seconds..