[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 18.579088] audit: type=1400 audit(1521780999.588:6): avc: denied { map } for pid=4230 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 24.972125] audit: type=1400 audit(1521781005.981:7): avc: denied { map } for pid=4244 comm="syzkaller174354" path="/root/syzkaller174354706" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 24.998780] ================================================================== [ 25.006194] BUG: KASAN: stack-out-of-bounds in rdma_bind_addr+0x13b/0x1d60 [ 25.013191] Read of size 48 at addr ffff8801c3d4fa50 by task syzkaller174354/4244 [ 25.020787] [ 25.022405] CPU: 1 PID: 4244 Comm: syzkaller174354 Not tainted 4.16.0-rc6+ #362 [ 25.029831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.039163] Call Trace: [ 25.041729] dump_stack+0x194/0x24d [ 25.045330] ? arch_local_irq_restore+0x53/0x53 [ 25.049969] ? show_regs_print_info+0x18/0x18 [ 25.054438] ? lock_release+0xa40/0xa40 [ 25.058386] ? __radix_tree_lookup+0x435/0x5e0 [ 25.062942] ? rdma_bind_addr+0x13b/0x1d60 [ 25.067150] print_address_description+0x73/0x250 [ 25.071972] ? rdma_bind_addr+0x13b/0x1d60 [ 25.076179] kasan_report+0x23c/0x360 [ 25.079953] check_memory_region+0x137/0x190 [ 25.084333] memcpy+0x23/0x50 [ 25.087420] rdma_bind_addr+0x13b/0x1d60 [ 25.091459] ? lock_release+0xa40/0xa40 [ 25.095404] ? check_same_owner+0x320/0x320 [ 25.099703] ? cma_ndev_work_handler+0x1a0/0x1a0 [ 25.104450] ucma_bind_ip+0x10a/0x190 [ 25.108221] ? ucma_bind+0x260/0x260 [ 25.111916] ? kasan_check_write+0x14/0x20 [ 25.116128] ucma_write+0x2d6/0x3d0 [ 25.119724] ? ucma_bind+0x260/0x260 [ 25.123410] ? ucma_close_id+0x60/0x60 [ 25.127366] ? ucma_close_id+0x60/0x60 [ 25.131226] __vfs_write+0xef/0x970 [ 25.134825] ? rcu_note_context_switch+0x710/0x710 [ 25.139729] ? kernel_read+0x120/0x120 [ 25.143590] ? __might_sleep+0x95/0x190 [ 25.147537] ? _cond_resched+0x14/0x30 [ 25.151398] ? __inode_security_revalidate+0xd9/0x130 [ 25.156558] ? avc_policy_seqno+0x9/0x20 [ 25.160591] ? selinux_file_permission+0x82/0x460 [ 25.165409] ? security_file_permission+0x89/0x1e0 [ 25.170314] ? rw_verify_area+0xe5/0x2b0 [ 25.174345] ? __fdget_raw+0x20/0x20 [ 25.178036] vfs_write+0x189/0x510 [ 25.181553] SyS_write+0xef/0x220 [ 25.184980] ? filp_open+0x70/0x70 [ 25.188495] ? SyS_read+0x220/0x220 [ 25.192095] ? do_syscall_64+0xb7/0x940 [ 25.196042] ? SyS_read+0x220/0x220 [ 25.199640] do_syscall_64+0x281/0x940 [ 25.203495] ? __do_page_fault+0xc90/0xc90 [ 25.207708] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.212446] ? syscall_return_slowpath+0x550/0x550 [ 25.217351] ? syscall_return_slowpath+0x2ac/0x550 [ 25.222253] ? prepare_exit_to_usermode+0x350/0x350 [ 25.227248] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 25.232590] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.237411] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 25.242574] RIP: 0033:0x43fdd9 [ 25.245737] RSP: 002b:00007ffd8e4d62d8 EFLAGS: 00000217 ORIG_RAX: 0000000000000001 [ 25.253418] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdd9 [ 25.260664] RDX: 0000000000000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 25.268258] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 25.275498] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000401700 [ 25.282738] R13: 0000000000401790 R14: 0000000000000000 R15: 0000000000000000 [ 25.290030] [ 25.291633] The buggy address belongs to the page: [ 25.296534] page:ffffea00070f53c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 25.304645] flags: 0x2fffc0000000000() [ 25.308505] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 25.316355] raw: 0000000000000000 ffffea00070f0101 0000000000000000 0000000000000000 [ 25.324201] page dumped because: kasan: bad access detected [ 25.329876] [ 25.331471] Memory state around the buggy address: [ 25.336368] ffff8801c3d4f900: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 [ 25.343702] ffff8801c3d4f980: f2 f2 f2 f2 f2 f2 04 f2 f2 f2 f3 f3 f3 f3 00 00 [ 25.351040] >ffff8801c3d4fa00: 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 f2 f2 [ 25.358368] ^ [ 25.365354] ffff8801c3d4fa80: f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 25.372681] ffff8801c3d4fb00: f1 f1 f1 00 f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 [ 25.380012] ================================================================== [ 25.387344] Disabling lock debugging due to kernel taint [ 25.392903] Kernel panic - not syncing: panic_on_warn set ... [ 25.392903] [ 25.400259] CPU: 1 PID: 4244 Comm: syzkaller174354 Tainted: G B 4.16.0-rc6+ #362 [ 25.408995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.418321] Call Trace: [ 25.420883] dump_stack+0x194/0x24d [ 25.424484] ? arch_local_irq_restore+0x53/0x53 [ 25.429132] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.433867] ? vsnprintf+0x1ed/0x1900 [ 25.437642] ? rdma_bind_addr+0xe0/0x1d60 [ 25.442117] panic+0x1e4/0x41c [ 25.445283] ? refcount_error_report+0x214/0x214 [ 25.450022] ? add_taint+0x1c/0x50 [ 25.453542] ? add_taint+0x1c/0x50 [ 25.457057] ? rdma_bind_addr+0x13b/0x1d60 [ 25.461261] kasan_end_report+0x50/0x50 [ 25.465207] kasan_report+0x149/0x360 [ 25.468979] check_memory_region+0x137/0x190 [ 25.473355] memcpy+0x23/0x50 [ 25.476435] rdma_bind_addr+0x13b/0x1d60 [ 25.480473] ? lock_release+0xa40/0xa40 [ 25.484422] ? check_same_owner+0x320/0x320 [ 25.488718] ? cma_ndev_work_handler+0x1a0/0x1a0 [ 25.493452] ucma_bind_ip+0x10a/0x190 [ 25.497228] ? ucma_bind+0x260/0x260 [ 25.500911] ? kasan_check_write+0x14/0x20 [ 25.505119] ucma_write+0x2d6/0x3d0 [ 25.508715] ? ucma_bind+0x260/0x260 [ 25.512404] ? ucma_close_id+0x60/0x60 [ 25.516275] ? ucma_close_id+0x60/0x60 [ 25.520139] __vfs_write+0xef/0x970 [ 25.523740] ? rcu_note_context_switch+0x710/0x710 [ 25.528638] ? kernel_read+0x120/0x120 [ 25.532495] ? __might_sleep+0x95/0x190 [ 25.536442] ? _cond_resched+0x14/0x30 [ 25.540301] ? __inode_security_revalidate+0xd9/0x130 [ 25.545464] ? avc_policy_seqno+0x9/0x20 [ 25.549496] ? selinux_file_permission+0x82/0x460 [ 25.554326] ? security_file_permission+0x89/0x1e0 [ 25.559237] ? rw_verify_area+0xe5/0x2b0 [ 25.563272] ? __fdget_raw+0x20/0x20 [ 25.566959] vfs_write+0x189/0x510 [ 25.570473] SyS_write+0xef/0x220 [ 25.573893] ? filp_open+0x70/0x70 [ 25.577402] ? SyS_read+0x220/0x220 [ 25.581007] ? do_syscall_64+0xb7/0x940 [ 25.584956] ? SyS_read+0x220/0x220 [ 25.588552] do_syscall_64+0x281/0x940 [ 25.592411] ? __do_page_fault+0xc90/0xc90 [ 25.596630] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.601365] ? syscall_return_slowpath+0x550/0x550 [ 25.606277] ? syscall_return_slowpath+0x2ac/0x550 [ 25.611188] ? prepare_exit_to_usermode+0x350/0x350 [ 25.616189] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 25.621562] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 25.626389] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 25.631558] RIP: 0033:0x43fdd9 [ 25.634981] RSP: 002b:00007ffd8e4d62d8 EFLAGS: 00000217 ORIG_RAX: 0000000000000001 [ 25.642662] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fdd9 [ 25.649904] RDX: 0000000000000090 RSI: 0000000020000080 RDI: 0000000000000003 [ 25.657150] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 25.664394] R10: 00000000004002c8 R11: 0000000000000217 R12: 0000000000401700 [ 25.671643] R13: 0000000000401790 R14: 0000000000000000 R15: 0000000000000000 [ 25.679350] Dumping ftrace buffer: [ 25.682865] (ftrace buffer empty) [ 25.686548] Kernel Offset: disabled [ 25.690164] Rebooting in 86400 seconds..