[ 11.705548] audit: type=1400 audit(1513010709.111:5): avc: denied { syslog } for pid=2988 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.964079] audit: type=1400 audit(1513010716.369:6): avc: denied { map } for pid=3133 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-3,10.128.15.194' (ECDSA) to the list of known hosts. executing program [ 39.807163] audit: type=1400 audit(1513010737.212:7): avc: denied { map } for pid=3150 comm="syzkaller331089" path="/root/syzkaller331089076" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 39.835268] ================================================================== [ 39.842651] BUG: KASAN: slab-out-of-bounds in sctp_send_reset_streams+0xadf/0xc10 [ 39.850258] Read of size 2 at addr ffff8801c5404008 by task syzkaller331089/3150 [ 39.858902] [ 39.860522] CPU: 1 PID: 3150 Comm: syzkaller331089 Not tainted 4.15.0-rc2-mm1+ #39 [ 39.868213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.877541] Call Trace: [ 39.880115] dump_stack+0x194/0x257 [ 39.883721] ? arch_local_irq_restore+0x53/0x53 [ 39.888365] ? show_regs_print_info+0x18/0x18 [ 39.892835] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 39.898709] ? sctp_send_reset_streams+0xadf/0xc10 [ 39.903614] print_address_description+0x73/0x250 [ 39.908427] ? sctp_send_reset_streams+0xadf/0xc10 [ 39.913340] kasan_report+0x25b/0x340 [ 39.917117] __asan_report_load2_noabort+0x14/0x20 [ 39.922015] sctp_send_reset_streams+0xadf/0xc10 [ 39.926754] ? _copy_from_user+0x99/0x110 [ 39.930882] sctp_setsockopt+0x70d/0x5d50 [ 39.935006] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 39.940705] ? __thp_get_unmapped_area+0x130/0x130 [ 39.945608] ? __lock_acquire+0x6e9/0x47f0 [ 39.949820] ? __lock_acquire+0x6e9/0x47f0 [ 39.954025] ? __local_bh_enable_ip+0x121/0x230 [ 39.958669] ? release_sock+0x1d4/0x2a0 [ 39.962615] ? trace_hardirqs_on+0xd/0x10 [ 39.966746] ? __local_bh_enable_ip+0x121/0x230 [ 39.971395] ? check_noncircular+0x20/0x20 [ 39.975606] ? sctp_primitive_SEND+0xa0/0xd0 [ 39.979991] ? sctp_sendmsg+0x5a9/0x3300 [ 39.984036] ? find_held_lock+0x39/0x1d0 [ 39.988081] ? lock_downgrade+0x980/0x980 [ 39.992213] ? avc_has_perm+0xd0/0x680 [ 39.996084] ? check_noncircular+0x20/0x20 [ 40.000309] ? lock_release+0xda0/0xda0 [ 40.004254] ? __pmd_alloc+0x4e0/0x4e0 [ 40.008127] ? find_held_lock+0x39/0x1d0 [ 40.012175] ? avc_has_perm+0x43e/0x680 [ 40.016124] ? avc_has_perm_noaudit+0x520/0x520 [ 40.020769] ? lock_downgrade+0x980/0x980 [ 40.024919] ? handle_mm_fault+0x476/0x930 [ 40.029125] ? down_read_trylock+0xdb/0x170 [ 40.033420] ? __handle_mm_fault+0x3dd0/0x3dd0 [ 40.037985] ? vmacache_find+0x5f/0x280 [ 40.041943] ? sock_has_perm+0x29c/0x400 [ 40.045981] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 40.051315] ? __do_page_fault+0x3d6/0xc90 [ 40.055525] ? selinux_netlbl_socket_setsockopt+0x10c/0x460 [ 40.061208] ? selinux_netlbl_sock_rcv_skb+0x730/0x730 [ 40.066476] ? do_fcntl+0x10d/0x1160 [ 40.070174] sock_common_setsockopt+0x95/0xd0 [ 40.074645] SyS_setsockopt+0x189/0x360 [ 40.078597] ? SyS_recv+0x40/0x40 [ 40.082026] ? entry_SYSCALL_64_fastpath+0x5/0x96 [ 40.086855] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 40.091867] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 40.096601] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 40.101328] RIP: 0033:0x43ff59 [ 40.104489] RSP: 002b:00007fff3692b568 EFLAGS: 00000217 ORIG_RAX: 0000000000000036 [ 40.112171] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff59 [ 40.119412] RDX: 0000000000000077 RSI: 0000000000000084 RDI: 0000000000000005 [ 40.126652] RBP: 00000000006ca018 R08: 0000000000000008 R09: 000000000000001c [ 40.133907] R10: 000000002018b000 R11: 0000000000000217 R12: 00000000004018c0 [ 40.141151] R13: 0000000000401950 R14: 0000000000000000 R15: 0000000000000000 [ 40.148415] [ 40.150024] Allocated by task 3150: [ 40.153622] save_stack+0x43/0xd0 [ 40.157046] kasan_kmalloc+0xad/0xe0 [ 40.160732] __kmalloc_track_caller+0x15e/0x760 [ 40.165371] memdup_user+0x2c/0x90 [ 40.168892] sctp_setsockopt+0x6a6/0x5d50 [ 40.173011] sock_common_setsockopt+0x95/0xd0 [ 40.177475] SyS_setsockopt+0x189/0x360 [ 40.181421] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 40.186142] [ 40.187740] Freed by task 1633: [ 40.190997] save_stack+0x43/0xd0 [ 40.194419] kasan_slab_free+0x71/0xc0 [ 40.198278] kfree+0xca/0x250 [ 40.201357] selinux_cred_free+0x48/0x70 [ 40.205404] security_cred_free+0x48/0x80 [ 40.210179] put_cred_rcu+0x106/0x400 [ 40.213952] rcu_process_callbacks+0xd74/0x17d0 [ 40.218591] __do_softirq+0x29d/0xbb2 [ 40.222360] [ 40.223958] The buggy address belongs to the object at ffff8801c5404000 [ 40.223958] which belongs to the cache kmalloc-32 of size 32 [ 40.236411] The buggy address is located 8 bytes inside of [ 40.236411] 32-byte region [ffff8801c5404000, ffff8801c5404020) [ 40.248001] The buggy address belongs to the page: [ 40.252901] page:000000003cc3fcd9 count:1 mapcount:0 mapping:00000000421fe359 index:0xffff8801c5404fc1 [ 40.262320] flags: 0x2fffc0000000100(slab) [ 40.266526] raw: 02fffc0000000100 ffff8801c5404000 ffff8801c5404fc1 0000000100000037 [ 40.274387] raw: ffffea00073c8160 ffffea000717c460 ffff8801dac001c0 0000000000000000 [ 40.282243] page dumped because: kasan: bad access detected [ 40.287920] [ 40.289519] Memory state around the buggy address: [ 40.294416] ffff8801c5403f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.301746] ffff8801c5403f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.309083] >ffff8801c5404000: 00 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 40.316410] ^ [ 40.320015] ffff8801c5404080: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 40.327356] ffff8801c5404100: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 40.334701] ================================================================== [ 40.342030] Disabling lock debugging due to kernel taint [ 40.347546] Kernel panic - not syncing: panic_on_warn set ... [ 40.347546] [ 40.354881] CPU: 1 PID: 3150 Comm: syzkaller331089 Tainted: G B 4.15.0-rc2-mm1+ #39 [ 40.363854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.373175] Call Trace: [ 40.375735] dump_stack+0x194/0x257 [ 40.379329] ? arch_local_irq_restore+0x53/0x53 [ 40.383966] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 40.388691] ? vsnprintf+0x1ed/0x1900 [ 40.392459] ? sctp_send_reset_streams+0xaa0/0xc10 [ 40.397356] panic+0x1e4/0x41c [ 40.400516] ? refcount_error_report+0x214/0x214 [ 40.405249] ? add_taint+0x1c/0x50 [ 40.408753] ? add_taint+0x1c/0x50 [ 40.412258] ? sctp_send_reset_streams+0xadf/0xc10 [ 40.417156] kasan_end_report+0x50/0x50 [ 40.421105] kasan_report+0x144/0x340 [ 40.424875] __asan_report_load2_noabort+0x14/0x20 [ 40.429768] sctp_send_reset_streams+0xadf/0xc10 [ 40.434489] ? _copy_from_user+0x99/0x110 [ 40.438608] sctp_setsockopt+0x70d/0x5d50 [ 40.442725] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 40.448403] ? __thp_get_unmapped_area+0x130/0x130 [ 40.453303] ? __lock_acquire+0x6e9/0x47f0 [ 40.457502] ? __lock_acquire+0x6e9/0x47f0 [ 40.461702] ? __local_bh_enable_ip+0x121/0x230 [ 40.466339] ? release_sock+0x1d4/0x2a0 [ 40.470277] ? trace_hardirqs_on+0xd/0x10 [ 40.474391] ? __local_bh_enable_ip+0x121/0x230 [ 40.479031] ? check_noncircular+0x20/0x20 [ 40.483235] ? sctp_primitive_SEND+0xa0/0xd0 [ 40.487610] ? sctp_sendmsg+0x5a9/0x3300 [ 40.491650] ? find_held_lock+0x39/0x1d0 [ 40.495681] ? lock_downgrade+0x980/0x980 [ 40.499798] ? avc_has_perm+0xd0/0x680 [ 40.503649] ? check_noncircular+0x20/0x20 [ 40.507851] ? lock_release+0xda0/0xda0 [ 40.511792] ? __pmd_alloc+0x4e0/0x4e0 [ 40.515644] ? find_held_lock+0x39/0x1d0 [ 40.519676] ? avc_has_perm+0x43e/0x680 [ 40.523619] ? avc_has_perm_noaudit+0x520/0x520 [ 40.528262] ? lock_downgrade+0x980/0x980 [ 40.532381] ? handle_mm_fault+0x476/0x930 [ 40.536580] ? down_read_trylock+0xdb/0x170 [ 40.540868] ? __handle_mm_fault+0x3dd0/0x3dd0 [ 40.545415] ? vmacache_find+0x5f/0x280 [ 40.549359] ? sock_has_perm+0x29c/0x400 [ 40.553388] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 40.558719] ? __do_page_fault+0x3d6/0xc90 [ 40.562920] ? selinux_netlbl_socket_setsockopt+0x10c/0x460 [ 40.568595] ? selinux_netlbl_sock_rcv_skb+0x730/0x730 [ 40.573843] ? do_fcntl+0x10d/0x1160 [ 40.577527] sock_common_setsockopt+0x95/0xd0 [ 40.581989] SyS_setsockopt+0x189/0x360 [ 40.585929] ? SyS_recv+0x40/0x40 [ 40.589351] ? entry_SYSCALL_64_fastpath+0x5/0x96 [ 40.594169] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 40.599161] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 40.603884] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 40.608603] RIP: 0033:0x43ff59 [ 40.611761] RSP: 002b:00007fff3692b568 EFLAGS: 00000217 ORIG_RAX: 0000000000000036 [ 40.619432] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff59 [ 40.626670] RDX: 0000000000000077 RSI: 0000000000000084 RDI: 0000000000000005 [ 40.633912] RBP: 00000000006ca018 R08: 0000000000000008 R09: 000000000000001c [ 40.641148] R10: 000000002018b000 R11: 0000000000000217 R12: 00000000004018c0 [ 40.648394] R13: 0000000000401950 R14: 0000000000000000 R15: 0000000000000000 [ 40.655675] Dumping ftrace buffer: [ 40.659183] (ftrace buffer empty) [ 40.662865] Kernel Offset: disabled [ 40.666458] Rebooting in 86400 seconds..