[....] Starting enhanced syslogd: rsyslogd[ 11.433470] audit: type=1400 audit(1513849700.068:5): avc: denied { syslog } for pid=2997 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.964936] audit: type=1400 audit(1513849705.599:6): avc: denied { map } for pid=3137 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-kasan-gce-5,10.128.0.13' (ECDSA) to the list of known hosts. executing program [ 23.141604] audit: type=1400 audit(1513849711.776:7): avc: denied { map } for pid=3151 comm="syzkaller059303" path="/root/syzkaller059303482" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 23.170067] ================================================================== [ 23.177470] BUG: KASAN: stack-out-of-bounds in rds_sendmsg+0x1f02/0x1f90 [ 23.184280] Read of size 8 at addr ffff8801c8e87b70 by task syzkaller059303/3151 [ 23.191790] [ 23.193391] CPU: 0 PID: 3151 Comm: syzkaller059303 Not tainted 4.15.0-rc4+ #231 [ 23.200803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.210124] Call Trace: [ 23.212681] dump_stack+0x194/0x257 [ 23.216281] ? arch_local_irq_restore+0x53/0x53 [ 23.220916] ? show_regs_print_info+0x18/0x18 [ 23.225383] ? _raw_spin_unlock_bh+0x30/0x40 [ 23.229768] ? rds_sendmsg+0x1f02/0x1f90 [ 23.233808] print_address_description+0x73/0x250 [ 23.238621] ? rds_sendmsg+0x1f02/0x1f90 [ 23.242649] kasan_report+0x25b/0x340 [ 23.246421] __asan_report_load8_noabort+0x14/0x20 [ 23.251316] rds_sendmsg+0x1f02/0x1f90 [ 23.255186] ? rds_send_drop_to+0x19d0/0x19d0 [ 23.259651] ? find_held_lock+0x35/0x1d0 [ 23.263703] ? sock_has_perm+0x2a4/0x420 [ 23.267733] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 23.273061] ? lock_downgrade+0x980/0x980 [ 23.277173] ? dup_iter+0x252/0x260 [ 23.280768] ? lock_release+0xa40/0xa40 [ 23.284723] ? selinux_socket_sendmsg+0x36/0x40 [ 23.289366] ? security_socket_sendmsg+0x89/0xb0 [ 23.294090] ? rds_send_drop_to+0x19d0/0x19d0 [ 23.298554] sock_sendmsg+0xca/0x110 [ 23.302237] ___sys_sendmsg+0x320/0x8b0 [ 23.306182] ? copy_msghdr_from_user+0x590/0x590 [ 23.310906] ? __pmd_alloc+0x4e0/0x4e0 [ 23.314777] ? __fget_light+0x297/0x380 [ 23.318719] ? fget_raw+0x20/0x20 [ 23.322136] ? find_held_lock+0x35/0x1d0 [ 23.326172] ? __do_page_fault+0x5f7/0xc90 [ 23.330376] ? lock_downgrade+0x980/0x980 [ 23.334509] __sys_sendmmsg+0x1ee/0x620 [ 23.338449] ? __sys_sendmmsg+0x1ee/0x620 [ 23.342573] ? SyS_sendmsg+0x50/0x50 [ 23.346260] ? mm_fault_error+0x2c0/0x2c0 [ 23.350391] ? __do_page_fault+0xc90/0xc90 [ 23.354605] ? syscall_return_slowpath+0x2ad/0x550 [ 23.359504] ? prepare_exit_to_usermode+0x340/0x340 [ 23.364493] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.369482] SyS_sendmmsg+0x35/0x60 [ 23.373082] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.377806] RIP: 0033:0x43fe49 [ 23.380963] RSP: 002b:00007fff4dd9eaa8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 23.388643] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe49 [ 23.395882] RDX: 0000000000000001 RSI: 000000002020c000 RDI: 0000000000000003 [ 23.403587] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 23.410840] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004017b0 [ 23.418078] R13: 0000000000401840 R14: 0000000000000000 R15: 0000000000000000 [ 23.425334] [ 23.426931] The buggy address belongs to the page: [ 23.431841] page:0000000081798ea4 count:0 mapcount:0 mapping: (null) index:0x0 [ 23.439954] flags: 0x2fffc0000000000() [ 23.443811] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 23.451659] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 [ 23.459505] page dumped because: kasan: bad access detected [ 23.465181] [ 23.466773] Memory state around the buggy address: [ 23.471665] ffff8801c8e87a00: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 [ 23.478988] ffff8801c8e87a80: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 [ 23.486311] >ffff8801c8e87b00: 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 00 04 f2 [ 23.493635] ^ [ 23.500611] ffff8801c8e87b80: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 [ 23.507935] ffff8801c8e87c00: 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 [ 23.515259] ================================================================== [ 23.522591] Disabling lock debugging due to kernel taint [ 23.528061] Kernel panic - not syncing: panic_on_warn set ... [ 23.528061] [ 23.535392] CPU: 0 PID: 3151 Comm: syzkaller059303 Tainted: G B 4.15.0-rc4+ #231 [ 23.544104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 23.553423] Call Trace: [ 23.555981] dump_stack+0x194/0x257 [ 23.559576] ? arch_local_irq_restore+0x53/0x53 [ 23.564212] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 23.568935] ? vsnprintf+0x1ed/0x1900 [ 23.572702] ? rds_sendmsg+0x1e50/0x1f90 [ 23.576728] panic+0x1e4/0x41c [ 23.579885] ? refcount_error_report+0x214/0x214 [ 23.584607] ? add_taint+0x1c/0x50 [ 23.588111] ? add_taint+0x1c/0x50 [ 23.591617] ? rds_sendmsg+0x1f02/0x1f90 [ 23.595645] kasan_end_report+0x50/0x50 [ 23.599584] kasan_report+0x144/0x340 [ 23.603354] __asan_report_load8_noabort+0x14/0x20 [ 23.608247] rds_sendmsg+0x1f02/0x1f90 [ 23.612107] ? rds_send_drop_to+0x19d0/0x19d0 [ 23.616570] ? find_held_lock+0x35/0x1d0 [ 23.620600] ? sock_has_perm+0x2a4/0x420 [ 23.624627] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 23.629955] ? lock_downgrade+0x980/0x980 [ 23.634067] ? dup_iter+0x252/0x260 [ 23.637661] ? lock_release+0xa40/0xa40 [ 23.641606] ? selinux_socket_sendmsg+0x36/0x40 [ 23.646237] ? security_socket_sendmsg+0x89/0xb0 [ 23.650958] ? rds_send_drop_to+0x19d0/0x19d0 [ 23.655420] sock_sendmsg+0xca/0x110 [ 23.659100] ___sys_sendmsg+0x320/0x8b0 [ 23.663039] ? copy_msghdr_from_user+0x590/0x590 [ 23.667760] ? __pmd_alloc+0x4e0/0x4e0 [ 23.671620] ? __fget_light+0x297/0x380 [ 23.675560] ? fget_raw+0x20/0x20 [ 23.678976] ? find_held_lock+0x35/0x1d0 [ 23.683010] ? __do_page_fault+0x5f7/0xc90 [ 23.687209] ? lock_downgrade+0x980/0x980 [ 23.691330] __sys_sendmmsg+0x1ee/0x620 [ 23.695269] ? __sys_sendmmsg+0x1ee/0x620 [ 23.699384] ? SyS_sendmsg+0x50/0x50 [ 23.703065] ? mm_fault_error+0x2c0/0x2c0 [ 23.707183] ? __do_page_fault+0xc90/0xc90 [ 23.711388] ? syscall_return_slowpath+0x2ad/0x550 [ 23.716281] ? prepare_exit_to_usermode+0x340/0x340 [ 23.721262] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.726244] SyS_sendmmsg+0x35/0x60 [ 23.729840] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.734573] RIP: 0033:0x43fe49 [ 23.737737] RSP: 002b:00007fff4dd9eaa8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 23.745408] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe49 [ 23.752653] RDX: 0000000000000001 RSI: 000000002020c000 RDI: 0000000000000003 [ 23.759888] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 23.767123] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004017b0 [ 23.774357] R13: 0000000000401840 R14: 0000000000000000 R15: 0000000000000000 [ 23.781975] Dumping ftrace buffer: [ 23.785483] (ftrace buffer empty) [ 23.789157] Kernel Offset: disabled [ 23.792753] Rebooting in 86400 seconds..