[....] Starting enhanced syslogd: rsyslogd[ 10.225463] audit: type=1400 audit(1514023314.788:5): avc: denied { syslog } for pid=2988 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.272374] audit: type=1400 audit(1514023320.835:6): avc: denied { map } for pid=3128 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-6,10.128.0.41' (ECDSA) to the list of known hosts. executing program [ 24.288220] audit: type=1400 audit(1514023328.850:7): avc: denied { map } for pid=3143 comm="syzkaller917862" path="/root/syzkaller917862622" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 24.317057] ================================================================== [ 24.324431] BUG: KASAN: stack-out-of-bounds in rds_sendmsg+0x1f02/0x1f90 [ 24.331256] Read of size 8 at addr ffff8801c8e0fb70 by task syzkaller917862/3143 [ 24.338754] [ 24.340351] CPU: 0 PID: 3143 Comm: syzkaller917862 Not tainted 4.15.0-rc4-mm1+ #49 [ 24.348024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.357351] Call Trace: [ 24.359908] dump_stack+0x194/0x257 [ 24.363505] ? arch_local_irq_restore+0x53/0x53 [ 24.368142] ? show_regs_print_info+0x18/0x18 [ 24.372608] ? _raw_spin_unlock_bh+0x30/0x40 [ 24.376984] ? rds_sendmsg+0x1f02/0x1f90 [ 24.381030] print_address_description+0x73/0x250 [ 24.385839] ? rds_sendmsg+0x1f02/0x1f90 [ 24.389865] kasan_report+0x23b/0x360 [ 24.393643] __asan_report_load8_noabort+0x14/0x20 [ 24.398538] rds_sendmsg+0x1f02/0x1f90 [ 24.402405] ? rds_send_drop_to+0x19d0/0x19d0 [ 24.406870] ? find_held_lock+0x35/0x1d0 [ 24.410914] ? sock_has_perm+0x2a4/0x420 [ 24.414943] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 24.420272] ? lock_downgrade+0x980/0x980 [ 24.424389] ? dup_iter+0x1a2/0x260 [ 24.428000] ? lock_release+0xa40/0xa40 [ 24.431962] ? selinux_socket_sendmsg+0x36/0x40 [ 24.436599] ? security_socket_sendmsg+0x89/0xb0 [ 24.441323] ? rds_send_drop_to+0x19d0/0x19d0 [ 24.445789] sock_sendmsg+0xca/0x110 [ 24.449473] ___sys_sendmsg+0x320/0x8b0 [ 24.453420] ? copy_msghdr_from_user+0x590/0x590 [ 24.458145] ? __pmd_alloc+0x4e0/0x4e0 [ 24.462007] ? find_held_lock+0x35/0x1d0 [ 24.466041] ? __fget_light+0x297/0x380 [ 24.469987] ? fget_raw+0x20/0x20 [ 24.473404] ? find_held_lock+0x35/0x1d0 [ 24.477441] ? __do_page_fault+0x5f7/0xc90 [ 24.481654] ? lock_downgrade+0x980/0x980 [ 24.485785] __sys_sendmmsg+0x1ee/0x620 [ 24.489727] ? __sys_sendmmsg+0x1ee/0x620 [ 24.493858] ? SyS_sendmsg+0x50/0x50 [ 24.497556] ? mm_fault_error+0x2c0/0x2c0 [ 24.501685] ? __do_page_fault+0xc90/0xc90 [ 24.505895] ? syscall_return_slowpath+0x2ad/0x550 [ 24.510803] ? prepare_exit_to_usermode+0x340/0x340 [ 24.515790] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.520778] SyS_sendmmsg+0x35/0x60 [ 24.524377] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.529097] RIP: 0033:0x43fde9 [ 24.532254] RSP: 002b:00007ffcd591fd78 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 24.539926] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fde9 [ 24.547164] RDX: 0000000000000001 RSI: 0000000020573000 RDI: 0000000000000003 [ 24.554398] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 24.561636] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401750 [ 24.568879] R13: 00000000004017e0 R14: 0000000000000000 R15: 0000000000000000 [ 24.576146] [ 24.577737] The buggy address belongs to the page: [ 24.582633] page:ffffea00072383c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 24.590739] flags: 0x2fffc0000000000() [ 24.594591] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 24.602452] raw: 0000000000000000 ffffea0007230101 0000000000000000 0000000000000000 [ 24.610296] page dumped because: kasan: bad access detected [ 24.615967] [ 24.617557] Memory state around the buggy address: [ 24.622450] ffff8801c8e0fa00: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 [ 24.629774] ffff8801c8e0fa80: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 [ 24.637104] >ffff8801c8e0fb00: 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 00 04 f2 [ 24.644428] ^ [ 24.651407] ffff8801c8e0fb80: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 [ 24.658730] ffff8801c8e0fc00: 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 [ 24.666058] ================================================================== [ 24.673380] Disabling lock debugging due to kernel taint [ 24.678841] Kernel panic - not syncing: panic_on_warn set ... [ 24.678841] [ 24.686171] CPU: 0 PID: 3143 Comm: syzkaller917862 Tainted: G B 4.15.0-rc4-mm1+ #49 [ 24.695145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.704464] Call Trace: [ 24.707022] dump_stack+0x194/0x257 [ 24.710613] ? arch_local_irq_restore+0x53/0x53 [ 24.715249] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 24.719971] ? vsnprintf+0x1ed/0x1900 [ 24.723737] ? rds_sendmsg+0x1e50/0x1f90 [ 24.727764] panic+0x1e4/0x41c [ 24.730921] ? refcount_error_report+0x214/0x214 [ 24.735648] ? add_taint+0x1c/0x50 [ 24.739158] ? add_taint+0x1c/0x50 [ 24.742665] ? rds_sendmsg+0x1f02/0x1f90 [ 24.746688] kasan_end_report+0x50/0x50 [ 24.750626] kasan_report+0x148/0x360 [ 24.754394] __asan_report_load8_noabort+0x14/0x20 [ 24.759289] rds_sendmsg+0x1f02/0x1f90 [ 24.763147] ? rds_send_drop_to+0x19d0/0x19d0 [ 24.767607] ? find_held_lock+0x35/0x1d0 [ 24.771636] ? sock_has_perm+0x2a4/0x420 [ 24.775661] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 24.780987] ? lock_downgrade+0x980/0x980 [ 24.785100] ? dup_iter+0x1a2/0x260 [ 24.788692] ? lock_release+0xa40/0xa40 [ 24.792637] ? selinux_socket_sendmsg+0x36/0x40 [ 24.797276] ? security_socket_sendmsg+0x89/0xb0 [ 24.801995] ? rds_send_drop_to+0x19d0/0x19d0 [ 24.806457] sock_sendmsg+0xca/0x110 [ 24.810133] ___sys_sendmsg+0x320/0x8b0 [ 24.814073] ? copy_msghdr_from_user+0x590/0x590 [ 24.818824] ? __pmd_alloc+0x4e0/0x4e0 [ 24.822690] ? find_held_lock+0x35/0x1d0 [ 24.826721] ? __fget_light+0x297/0x380 [ 24.830662] ? fget_raw+0x20/0x20 [ 24.834079] ? find_held_lock+0x35/0x1d0 [ 24.838108] ? __do_page_fault+0x5f7/0xc90 [ 24.842309] ? lock_downgrade+0x980/0x980 [ 24.846429] __sys_sendmmsg+0x1ee/0x620 [ 24.850369] ? __sys_sendmmsg+0x1ee/0x620 [ 24.854491] ? SyS_sendmsg+0x50/0x50 [ 24.858170] ? mm_fault_error+0x2c0/0x2c0 [ 24.862291] ? __do_page_fault+0xc90/0xc90 [ 24.866496] ? syscall_return_slowpath+0x2ad/0x550 [ 24.871387] ? prepare_exit_to_usermode+0x340/0x340 [ 24.876368] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.881349] SyS_sendmmsg+0x35/0x60 [ 24.884941] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.889658] RIP: 0033:0x43fde9 [ 24.892814] RSP: 002b:00007ffcd591fd78 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 24.900486] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fde9 [ 24.907721] RDX: 0000000000000001 RSI: 0000000020573000 RDI: 0000000000000003 [ 24.914965] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 24.922201] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401750 [ 24.929438] R13: 00000000004017e0 R14: 0000000000000000 R15: 0000000000000000 [ 24.937077] Dumping ftrace buffer: [ 24.940581] (ftrace buffer empty) [ 24.944258] Kernel Offset: disabled [ 24.947852] Rebooting in 86400 seconds..