[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 18.605750] audit: type=1400 audit(1520861106.250:6): avc: denied { map } for pid=4113 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts. syzkaller login: [ 24.939475] audit: type=1400 audit(1520861112.584:7): avc: denied { map } for pid=4127 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/03/12 13:25:12 parsed 1 programs 2018/03/12 13:25:12 executed programs: 0 [ 25.199364] audit: type=1400 audit(1520861112.844:8): avc: denied { map } for pid=4127 comm="syz-execprog" path="/root/syzkaller-shm902439871" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 25.214965] IPVS: ftp: loaded support on port[0] = 21 [ 25.265952] audit: type=1400 audit(1520861112.910:9): avc: denied { create } for pid=4135 comm="syz-executor0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 25.518221] ================================================================== [ 25.525706] BUG: KASAN: null-ptr-deref in rdma_resolve_addr+0x12e/0x26c0 [ 25.532524] Write of size 28 at addr 00000000000000a0 by task syz-executor0/4184 [ 25.540035] [ 25.541906] CPU: 1 PID: 4184 Comm: syz-executor0 Not tainted 4.16.0-rc5+ #261 [ 25.549159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.558494] Call Trace: [ 25.561066] dump_stack+0x194/0x24d [ 25.564676] ? arch_local_irq_restore+0x53/0x53 [ 25.569413] ? trace_event_raw_event_lock+0x340/0x340 [ 25.574581] ? __might_sleep+0x95/0x190 [ 25.578547] ? rdma_resolve_addr+0x12e/0x26c0 [ 25.583031] kasan_report+0x140/0x360 [ 25.586824] check_memory_region+0x137/0x190 [ 25.591210] memcpy+0x37/0x50 [ 25.594297] rdma_resolve_addr+0x12e/0x26c0 [ 25.598597] ? perf_trace_lock_acquire+0xe3/0x980 [ 25.603425] ? find_held_lock+0x35/0x1d0 [ 25.607486] ? rdma_bind_addr+0x1b50/0x1b50 [ 25.611792] ? lock_downgrade+0x980/0x980 [ 25.615923] ? perf_trace_lock+0xd6/0x900 [ 25.620058] ? perf_trace_lock_acquire+0xe3/0x980 [ 25.624878] ? perf_trace_lock+0x900/0x900 [ 25.629100] ? __radix_tree_lookup+0x435/0x5e0 [ 25.633668] ? perf_trace_lock+0x900/0x900 [ 25.637891] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 25.642715] ? wait_for_completion+0x770/0x770 [ 25.647282] ? lock_release+0xa40/0xa40 [ 25.651244] ? find_held_lock+0x35/0x1d0 [ 25.655325] ucma_resolve_ip+0x142/0x1f0 [ 25.659367] ? ucma_resolve_ip+0x142/0x1f0 [ 25.663597] ? ucma_resolve_addr+0x330/0x330 [ 25.667999] ? kasan_check_write+0x14/0x20 [ 25.672230] ucma_write+0x2d6/0x3d0 [ 25.675841] ? ucma_resolve_addr+0x330/0x330 [ 25.680225] ? ucma_resolve_route+0x1a0/0x1a0 [ 25.684713] ? ucma_resolve_route+0x1a0/0x1a0 [ 25.689185] __vfs_write+0xef/0x970 [ 25.692789] ? rcu_note_context_switch+0x710/0x710 [ 25.697698] ? kernel_read+0x120/0x120 [ 25.701572] ? __might_sleep+0x95/0x190 [ 25.705529] ? _cond_resched+0x14/0x30 [ 25.709393] ? __inode_security_revalidate+0xd9/0x130 [ 25.714561] ? avc_policy_seqno+0x9/0x20 [ 25.718598] ? selinux_file_permission+0x82/0x460 [ 25.723422] ? security_file_permission+0x89/0x1e0 [ 25.728331] ? rw_verify_area+0xe5/0x2b0 [ 25.732366] ? __fdget_raw+0x20/0x20 [ 25.736059] vfs_write+0x189/0x510 [ 25.739584] SyS_write+0xef/0x220 [ 25.743019] ? exit_to_usermode_loop+0x198/0x2f0 [ 25.747759] ? SyS_read+0x220/0x220 [ 25.751374] ? do_fast_syscall_32+0x156/0xf9f [ 25.755850] ? SyS_read+0x220/0x220 [ 25.759464] do_fast_syscall_32+0x3ec/0xf9f [ 25.763781] ? do_int80_syscall_32+0x9c0/0x9c0 [ 25.768346] ? _raw_spin_unlock_irq+0x27/0x70 [ 25.772838] ? finish_task_switch+0x1c1/0x7e0 [ 25.777317] ? syscall_return_slowpath+0x2ac/0x550 [ 25.782224] ? prepare_exit_to_usermode+0x350/0x350 [ 25.787219] ? sysret32_from_system_call+0x5/0x3c [ 25.792050] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.796877] entry_SYSENTER_compat+0x70/0x7f [ 25.801261] RIP: 0023:0xf7f01c99 [ 25.804604] RSP: 002b:00000000f7edc09c EFLAGS: 00000286 ORIG_RAX: 0000000000000004 [ 25.812296] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000200025c0 [ 25.819545] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 25.826796] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 25.834043] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 25.841292] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 25.848563] ================================================================== [ 25.855896] Disabling lock debugging due to kernel taint [ 25.861493] Kernel panic - not syncing: panic_on_warn set ... [ 25.861493] [ 25.868844] CPU: 1 PID: 4184 Comm: syz-executor0 Tainted: G B 4.16.0-rc5+ #261 [ 25.877401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.886730] Call Trace: [ 25.889298] dump_stack+0x194/0x24d [ 25.892904] ? arch_local_irq_restore+0x53/0x53 [ 25.897554] ? kasan_end_report+0x32/0x50 [ 25.901679] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.906414] ? vsnprintf+0x1ed/0x1900 [ 25.910198] ? rdma_resolve_addr+0x60/0x26c0 [ 25.914589] panic+0x1e4/0x41c [ 25.917757] ? refcount_error_report+0x214/0x214 [ 25.922499] ? rdma_resolve_addr+0x12e/0x26c0 [ 25.926975] kasan_end_report+0x50/0x50 [ 25.930925] kasan_report+0x149/0x360 [ 25.934702] check_memory_region+0x137/0x190 [ 25.939084] memcpy+0x37/0x50 [ 25.942165] rdma_resolve_addr+0x12e/0x26c0 [ 25.946459] ? perf_trace_lock_acquire+0xe3/0x980 [ 25.951304] ? find_held_lock+0x35/0x1d0 [ 25.955345] ? rdma_bind_addr+0x1b50/0x1b50 [ 25.959655] ? lock_downgrade+0x980/0x980 [ 25.963781] ? perf_trace_lock+0xd6/0x900 [ 25.967904] ? perf_trace_lock_acquire+0xe3/0x980 [ 25.972727] ? perf_trace_lock+0x900/0x900 [ 25.976936] ? __radix_tree_lookup+0x435/0x5e0 [ 25.981494] ? perf_trace_lock+0x900/0x900 [ 25.985711] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 25.990528] ? wait_for_completion+0x770/0x770 [ 25.995087] ? lock_release+0xa40/0xa40 [ 25.999045] ? find_held_lock+0x35/0x1d0 [ 26.003103] ucma_resolve_ip+0x142/0x1f0 [ 26.007136] ? ucma_resolve_ip+0x142/0x1f0 [ 26.011353] ? ucma_resolve_addr+0x330/0x330 [ 26.015748] ? kasan_check_write+0x14/0x20 [ 26.019967] ucma_write+0x2d6/0x3d0 [ 26.023569] ? ucma_resolve_addr+0x330/0x330 [ 26.027954] ? ucma_resolve_route+0x1a0/0x1a0 [ 26.032433] ? ucma_resolve_route+0x1a0/0x1a0 [ 26.036902] __vfs_write+0xef/0x970 [ 26.040506] ? rcu_note_context_switch+0x710/0x710 [ 26.045410] ? kernel_read+0x120/0x120 [ 26.049270] ? __might_sleep+0x95/0x190 [ 26.053230] ? _cond_resched+0x14/0x30 [ 26.057089] ? __inode_security_revalidate+0xd9/0x130 [ 26.062251] ? avc_policy_seqno+0x9/0x20 [ 26.066297] ? selinux_file_permission+0x82/0x460 [ 26.071116] ? security_file_permission+0x89/0x1e0 [ 26.076026] ? rw_verify_area+0xe5/0x2b0 [ 26.080061] ? __fdget_raw+0x20/0x20 [ 26.083749] vfs_write+0x189/0x510 [ 26.087264] SyS_write+0xef/0x220 [ 26.090693] ? exit_to_usermode_loop+0x198/0x2f0 [ 26.095427] ? SyS_read+0x220/0x220 [ 26.099031] ? do_fast_syscall_32+0x156/0xf9f [ 26.103500] ? SyS_read+0x220/0x220 [ 26.107101] do_fast_syscall_32+0x3ec/0xf9f [ 26.111399] ? do_int80_syscall_32+0x9c0/0x9c0 [ 26.115958] ? _raw_spin_unlock_irq+0x27/0x70 [ 26.120437] ? finish_task_switch+0x1c1/0x7e0 [ 26.124912] ? syscall_return_slowpath+0x2ac/0x550 [ 26.129812] ? prepare_exit_to_usermode+0x350/0x350 [ 26.134804] ? sysret32_from_system_call+0x5/0x3c [ 26.139633] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.144554] entry_SYSENTER_compat+0x70/0x7f [ 26.148950] RIP: 0023:0xf7f01c99 [ 26.152290] RSP: 002b:00000000f7edc09c EFLAGS: 00000286 ORIG_RAX: 0000000000000004 [ 26.159995] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000200025c0 [ 26.167241] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 26.174480] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 26.181721] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 26.188965] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 26.196799] Dumping ftrace buffer: [ 26.200327] (ftrace buffer empty) [ 26.204022] Kernel Offset: disabled [ 26.207636] Rebooting in 86400 seconds..