[....] Starting enhanced syslogd: rsyslogd[ 16.460443] audit: type=1400 audit(1520534452.579:5): avc: denied { syslog } for pid=4084 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.933728] audit: type=1400 audit(1520534455.052:6): avc: denied { map } for pid=4222 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts. executing program [ 25.260406] audit: type=1400 audit(1520534461.379:7): avc: denied { map } for pid=4236 comm="syzkaller709666" path="/root/syzkaller709666647" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 25.264489] ================================================================== [ 25.293683] BUG: KASAN: stack-out-of-bounds in rdma_resolve_addr+0x12e/0x26c0 [ 25.300925] Read of size 48 at addr ffff8801af5b7a44 by task syzkaller709666/4236 [ 25.308508] [ 25.310107] CPU: 0 PID: 4236 Comm: syzkaller709666 Not tainted 4.16.0-rc4+ #346 [ 25.317517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.326838] Call Trace: [ 25.329396] dump_stack+0x194/0x24d [ 25.332996] ? arch_local_irq_restore+0x53/0x53 [ 25.337637] ? show_regs_print_info+0x18/0x18 [ 25.342108] ? rdma_resolve_addr+0x12e/0x26c0 [ 25.346577] print_address_description+0x73/0x250 [ 25.351394] ? rdma_resolve_addr+0x12e/0x26c0 [ 25.355860] kasan_report+0x23c/0x360 [ 25.359631] check_memory_region+0x137/0x190 [ 25.364011] memcpy+0x23/0x50 [ 25.367088] rdma_resolve_addr+0x12e/0x26c0 [ 25.371383] ? find_held_lock+0x35/0x1d0 [ 25.375421] ? rdma_bind_addr+0x1b50/0x1b50 [ 25.379721] ? lock_downgrade+0x980/0x980 [ 25.383843] ? _warn_unseeded_randomness+0x9f/0x1e0 [ 25.388825] ? SyS_membarrier+0x700/0x700 [ 25.392942] ? __radix_tree_lookup+0x435/0x5e0 [ 25.397507] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 25.402321] ? wait_for_completion+0x770/0x770 [ 25.406872] ? check_same_owner+0x320/0x320 [ 25.411163] ? lock_release+0xa40/0xa40 [ 25.415105] ? check_same_owner+0x320/0x320 [ 25.419398] ? find_held_lock+0x35/0x1d0 [ 25.423448] ucma_resolve_ip+0x142/0x1f0 [ 25.427477] ? ucma_resolve_ip+0x142/0x1f0 [ 25.431686] ? ucma_resolve_addr+0x330/0x330 [ 25.436073] ? kasan_check_write+0x14/0x20 [ 25.440281] ucma_write+0x2d6/0x3d0 [ 25.443877] ? ucma_resolve_addr+0x330/0x330 [ 25.448255] ? ucma_resolve_route+0x1a0/0x1a0 [ 25.452726] ? ucma_resolve_route+0x1a0/0x1a0 [ 25.457190] __vfs_write+0xef/0x970 [ 25.460787] ? rcu_note_context_switch+0x710/0x710 [ 25.465689] ? kernel_read+0x120/0x120 [ 25.469545] ? __might_sleep+0x95/0x190 [ 25.473490] ? _cond_resched+0x14/0x30 [ 25.477346] ? __inode_security_revalidate+0xd9/0x130 [ 25.482507] ? avc_policy_seqno+0x9/0x20 [ 25.486541] ? selinux_file_permission+0x82/0x460 [ 25.491359] ? security_file_permission+0x89/0x1e0 [ 25.496262] ? rw_verify_area+0xe5/0x2b0 [ 25.500293] ? __fdget_raw+0x20/0x20 [ 25.503981] vfs_write+0x189/0x510 [ 25.507497] SyS_write+0xef/0x220 [ 25.510920] ? filp_open+0x70/0x70 [ 25.514429] ? SyS_read+0x220/0x220 [ 25.518029] ? do_syscall_64+0xb7/0x940 [ 25.521975] ? SyS_read+0x220/0x220 [ 25.525580] do_syscall_64+0x281/0x940 [ 25.529436] ? __do_page_fault+0xc90/0xc90 [ 25.533641] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.538367] ? syscall_return_slowpath+0x550/0x550 [ 25.543267] ? syscall_return_slowpath+0x2ac/0x550 [ 25.548165] ? prepare_exit_to_usermode+0x350/0x350 [ 25.553153] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 25.558489] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.563304] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 25.568461] RIP: 0033:0x43fe49 [ 25.571622] RSP: 002b:00007fffc4577208 EFLAGS: 00000217 ORIG_RAX: 0000000000000001 [ 25.579297] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe49 [ 25.586536] RDX: 0000000000000048 RSI: 0000000020000740 RDI: 0000000000000003 [ 25.593775] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 25.601013] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000401770 [ 25.608253] R13: 0000000000401800 R14: 0000000000000000 R15: 0000000000000000 [ 25.615505] [ 25.617101] The buggy address belongs to the page: [ 25.621997] page:ffffea0006bd6dc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 25.630106] flags: 0x2fffc0000000000() [ 25.633964] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 25.641811] raw: 0000000000000000 ffffea0006bd0101 0000000000000000 0000000000000000 [ 25.649659] page dumped because: kasan: bad access detected [ 25.655333] [ 25.656927] Memory state around the buggy address: [ 25.661821] ffff8801af5b7900: f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 [ 25.669145] ffff8801af5b7980: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.676470] >ffff8801af5b7a00: 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 f3 f3 f3 [ 25.683795] ^ [ 25.690511] ffff8801af5b7a80: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.697836] ffff8801af5b7b00: f1 f1 f1 00 f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 [ 25.705159] ================================================================== [ 25.712482] Disabling lock debugging due to kernel taint [ 25.718173] Kernel panic - not syncing: panic_on_warn set ... [ 25.718173] [ 25.725524] CPU: 0 PID: 4236 Comm: syzkaller709666 Tainted: G B 4.16.0-rc4+ #346 [ 25.734241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.743565] Call Trace: [ 25.746124] dump_stack+0x194/0x24d [ 25.749719] ? arch_local_irq_restore+0x53/0x53 [ 25.754356] ? kasan_end_report+0x32/0x50 [ 25.758475] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.763200] ? vsnprintf+0x1ed/0x1900 [ 25.766971] ? rdma_resolve_addr+0x100/0x26c0 [ 25.771446] panic+0x1e4/0x41c [ 25.774608] ? refcount_error_report+0x214/0x214 [ 25.779332] ? add_taint+0x1c/0x50 [ 25.782838] ? add_taint+0x1c/0x50 [ 25.786351] ? rdma_resolve_addr+0x12e/0x26c0 [ 25.790815] kasan_end_report+0x50/0x50 [ 25.794758] kasan_report+0x149/0x360 [ 25.798528] check_memory_region+0x137/0x190 [ 25.802906] memcpy+0x23/0x50 [ 25.805982] rdma_resolve_addr+0x12e/0x26c0 [ 25.810275] ? find_held_lock+0x35/0x1d0 [ 25.814308] ? rdma_bind_addr+0x1b50/0x1b50 [ 25.818597] ? lock_downgrade+0x980/0x980 [ 25.822715] ? _warn_unseeded_randomness+0x9f/0x1e0 [ 25.827697] ? SyS_membarrier+0x700/0x700 [ 25.831814] ? __radix_tree_lookup+0x435/0x5e0 [ 25.836374] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 25.841187] ? wait_for_completion+0x770/0x770 [ 25.845737] ? check_same_owner+0x320/0x320 [ 25.850032] ? lock_release+0xa40/0xa40 [ 25.853974] ? check_same_owner+0x320/0x320 [ 25.858271] ? find_held_lock+0x35/0x1d0 [ 25.862313] ucma_resolve_ip+0x142/0x1f0 [ 25.866342] ? ucma_resolve_ip+0x142/0x1f0 [ 25.870550] ? ucma_resolve_addr+0x330/0x330 [ 25.874930] ? kasan_check_write+0x14/0x20 [ 25.879138] ucma_write+0x2d6/0x3d0 [ 25.882736] ? ucma_resolve_addr+0x330/0x330 [ 25.887113] ? ucma_resolve_route+0x1a0/0x1a0 [ 25.891583] ? ucma_resolve_route+0x1a0/0x1a0 [ 25.896054] __vfs_write+0xef/0x970 [ 25.899650] ? rcu_note_context_switch+0x710/0x710 [ 25.904556] ? kernel_read+0x120/0x120 [ 25.908411] ? __might_sleep+0x95/0x190 [ 25.912354] ? _cond_resched+0x14/0x30 [ 25.916209] ? __inode_security_revalidate+0xd9/0x130 [ 25.921366] ? avc_policy_seqno+0x9/0x20 [ 25.925396] ? selinux_file_permission+0x82/0x460 [ 25.930207] ? security_file_permission+0x89/0x1e0 [ 25.935107] ? rw_verify_area+0xe5/0x2b0 [ 25.939135] ? __fdget_raw+0x20/0x20 [ 25.942819] vfs_write+0x189/0x510 [ 25.946332] SyS_write+0xef/0x220 [ 25.949753] ? filp_open+0x70/0x70 [ 25.953261] ? SyS_read+0x220/0x220 [ 25.956860] ? do_syscall_64+0xb7/0x940 [ 25.960804] ? SyS_read+0x220/0x220 [ 25.964399] do_syscall_64+0x281/0x940 [ 25.968254] ? __do_page_fault+0xc90/0xc90 [ 25.972457] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.977182] ? syscall_return_slowpath+0x550/0x550 [ 25.982080] ? syscall_return_slowpath+0x2ac/0x550 [ 25.986980] ? prepare_exit_to_usermode+0x350/0x350 [ 25.991964] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 25.997297] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 26.002114] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 26.007272] RIP: 0033:0x43fe49 [ 26.010429] RSP: 002b:00007fffc4577208 EFLAGS: 00000217 ORIG_RAX: 0000000000000001 [ 26.018102] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe49 [ 26.025339] RDX: 0000000000000048 RSI: 0000000020000740 RDI: 0000000000000003 [ 26.032578] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 26.039816] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000401770 [ 26.047055] R13: 0000000000401800 R14: 0000000000000000 R15: 0000000000000000 [ 26.054738] Dumping ftrace buffer: [ 26.058249] (ftrace buffer empty) [ 26.061927] Kernel Offset: disabled [ 26.065525] Rebooting in 86400 seconds..