[....] Starting enhanced syslogd: rsyslogd[ 11.812060] audit: type=1400 audit(1513987683.539:5): avc: denied { syslog } for pid=2997 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.804861] audit: type=1400 audit(1513987688.532:6): avc: denied { map } for pid=3135 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-next-kasan-gce-1,10.128.0.52' (ECDSA) to the list of known hosts. executing program [ 37.588079] audit: type=1400 audit(1513987709.315:7): avc: denied { map } for pid=3153 comm="syzkaller895417" path="/root/syzkaller895417723" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 37.617377] ================================================================== [ 37.624773] BUG: KASAN: stack-out-of-bounds in rds_sendmsg+0x1f02/0x1f90 [ 37.631585] Read of size 8 at addr ffff8801c7d5fb70 by task syzkaller895417/3153 [ 37.639081] [ 37.640684] CPU: 1 PID: 3153 Comm: syzkaller895417 Not tainted 4.15.0-rc4-next-20171221+ #78 [ 37.649237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.658582] Call Trace: [ 37.661149] dump_stack+0x194/0x257 [ 37.664748] ? arch_local_irq_restore+0x53/0x53 [ 37.669407] ? show_regs_print_info+0x18/0x18 [ 37.673879] ? _raw_spin_unlock_bh+0x30/0x40 [ 37.678261] ? rds_sendmsg+0x1f02/0x1f90 [ 37.682302] print_address_description+0x73/0x250 [ 37.687122] ? rds_sendmsg+0x1f02/0x1f90 [ 37.691161] kasan_report+0x25b/0x340 [ 37.694946] __asan_report_load8_noabort+0x14/0x20 [ 37.699845] rds_sendmsg+0x1f02/0x1f90 [ 37.703722] ? rds_send_drop_to+0x19d0/0x19d0 [ 37.708197] ? find_held_lock+0x35/0x1d0 [ 37.712233] ? sock_has_perm+0x2a4/0x420 [ 37.716266] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 37.721612] ? lock_downgrade+0x980/0x980 [ 37.725742] ? dup_iter+0x192/0x260 [ 37.729357] ? lock_release+0xa40/0xa40 [ 37.733314] ? selinux_socket_sendmsg+0x36/0x40 [ 37.737952] ? security_socket_sendmsg+0x89/0xb0 [ 37.742676] ? rds_send_drop_to+0x19d0/0x19d0 [ 37.747153] sock_sendmsg+0xca/0x110 [ 37.750851] ___sys_sendmsg+0x320/0x8b0 [ 37.754801] ? copy_msghdr_from_user+0x590/0x590 [ 37.759538] ? __pmd_alloc+0x4e0/0x4e0 [ 37.763410] ? __fget_light+0x297/0x380 [ 37.767352] ? fget_raw+0x20/0x20 [ 37.770773] ? find_held_lock+0x35/0x1d0 [ 37.774835] ? __do_page_fault+0x5f7/0xc90 [ 37.779056] ? lock_downgrade+0x980/0x980 [ 37.783215] __sys_sendmmsg+0x1ee/0x620 [ 37.787171] ? __sys_sendmmsg+0x1ee/0x620 [ 37.791312] ? SyS_sendmsg+0x50/0x50 [ 37.795015] ? mm_fault_error+0x2c0/0x2c0 [ 37.799146] ? __do_page_fault+0xc90/0xc90 [ 37.803359] ? syscall_return_slowpath+0x2ad/0x550 [ 37.808277] ? prepare_exit_to_usermode+0x340/0x340 [ 37.813279] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 37.818300] SyS_sendmmsg+0x35/0x60 [ 37.821903] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 37.826628] RIP: 0033:0x43fe49 [ 37.829787] RSP: 002b:00007ffecc5e79e8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 37.837474] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe49 [ 37.844722] RDX: 0000000000000001 RSI: 000000002020c000 RDI: 0000000000000003 [ 37.851968] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 37.859217] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004017b0 [ 37.866463] R13: 0000000000401840 R14: 0000000000000000 R15: 0000000000000000 [ 37.873727] [ 37.875320] The buggy address belongs to the page: [ 37.880220] page:000000007c8b0bef count:0 mapcount:0 mapping: (null) index:0x0 [ 37.888328] flags: 0x2fffc0000000000() [ 37.892182] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 37.900040] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 [ 37.907893] page dumped because: kasan: bad access detected [ 37.913575] [ 37.915167] Memory state around the buggy address: [ 37.920073] ffff8801c7d5fa00: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 [ 37.927406] ffff8801c7d5fa80: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 [ 37.934733] >ffff8801c7d5fb00: 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 00 04 f2 [ 37.942060] ^ [ 37.949040] ffff8801c7d5fb80: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 [ 37.956374] ffff8801c7d5fc00: 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 [ 37.963707] ================================================================== [ 37.971041] Disabling lock debugging due to kernel taint [ 37.976631] Kernel panic - not syncing: panic_on_warn set ... [ 37.976631] [ 37.983979] CPU: 1 PID: 3153 Comm: syzkaller895417 Tainted: G B 4.15.0-rc4-next-20171221+ #78 [ 37.993836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.003155] Call Trace: [ 38.005714] dump_stack+0x194/0x257 [ 38.009313] ? arch_local_irq_restore+0x53/0x53 [ 38.013950] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 38.018672] ? vsnprintf+0x1ed/0x1900 [ 38.022446] ? rds_sendmsg+0x1e50/0x1f90 [ 38.026474] panic+0x1e4/0x41c [ 38.029633] ? refcount_error_report+0x214/0x214 [ 38.034358] ? add_taint+0x1c/0x50 [ 38.037866] ? add_taint+0x1c/0x50 [ 38.041372] ? rds_sendmsg+0x1f02/0x1f90 [ 38.045401] kasan_end_report+0x50/0x50 [ 38.049341] kasan_report+0x144/0x340 [ 38.053114] __asan_report_load8_noabort+0x14/0x20 [ 38.058026] rds_sendmsg+0x1f02/0x1f90 [ 38.061896] ? rds_send_drop_to+0x19d0/0x19d0 [ 38.066360] ? find_held_lock+0x35/0x1d0 [ 38.070390] ? sock_has_perm+0x2a4/0x420 [ 38.074416] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 38.079744] ? lock_downgrade+0x980/0x980 [ 38.083865] ? dup_iter+0x192/0x260 [ 38.087460] ? lock_release+0xa40/0xa40 [ 38.091407] ? selinux_socket_sendmsg+0x36/0x40 [ 38.096043] ? security_socket_sendmsg+0x89/0xb0 [ 38.100775] ? rds_send_drop_to+0x19d0/0x19d0 [ 38.105248] sock_sendmsg+0xca/0x110 [ 38.108938] ___sys_sendmsg+0x320/0x8b0 [ 38.112890] ? copy_msghdr_from_user+0x590/0x590 [ 38.117613] ? __pmd_alloc+0x4e0/0x4e0 [ 38.121482] ? __fget_light+0x297/0x380 [ 38.125429] ? fget_raw+0x20/0x20 [ 38.128848] ? find_held_lock+0x35/0x1d0 [ 38.132883] ? __do_page_fault+0x5f7/0xc90 [ 38.137085] ? lock_downgrade+0x980/0x980 [ 38.141208] __sys_sendmmsg+0x1ee/0x620 [ 38.145149] ? __sys_sendmmsg+0x1ee/0x620 [ 38.149277] ? SyS_sendmsg+0x50/0x50 [ 38.152961] ? mm_fault_error+0x2c0/0x2c0 [ 38.157093] ? __do_page_fault+0xc90/0xc90 [ 38.161297] ? syscall_return_slowpath+0x2ad/0x550 [ 38.166192] ? prepare_exit_to_usermode+0x340/0x340 [ 38.171179] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 38.176164] SyS_sendmmsg+0x35/0x60 [ 38.179760] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 38.184481] RIP: 0033:0x43fe49 [ 38.187638] RSP: 002b:00007ffecc5e79e8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 38.195313] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe49 [ 38.202550] RDX: 0000000000000001 RSI: 000000002020c000 RDI: 0000000000000003 [ 38.209791] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 38.217043] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004017b0 [ 38.224278] R13: 0000000000401840 R14: 0000000000000000 R15: 0000000000000000 [ 38.231557] Dumping ftrace buffer: [ 38.235067] (ftrace buffer empty) [ 38.238745] Kernel Offset: disabled [ 38.242340] Rebooting in 86400 seconds..