INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-kasan-gce-386-1,10.128.0.54' (ECDSA) to the list of known hosts. 2017/12/07 10:23:18 parsed 1 programs 2017/12/07 10:23:18 executed programs: 0 syzkaller login: [ 40.448600] ================================================================== [ 40.449813] BUG: KASAN: stack-out-of-bounds in rds_sendmsg+0x1f02/0x1f90 [ 40.450716] Read of size 8 at addr ffff8801cbda7a60 by task syz-executor0/3092 [ 40.451680] [ 40.451927] CPU: 0 PID: 3092 Comm: syz-executor0 Not tainted 4.15.0-rc2+ #121 [ 40.452880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.454110] Call Trace: [ 40.454468] dump_stack+0x194/0x257 [ 40.454960] ? arch_local_irq_restore+0x53/0x53 [ 40.455608] ? show_regs_print_info+0x18/0x18 [ 40.456213] ? _raw_spin_unlock_bh+0x30/0x40 [ 40.456803] ? rds_sendmsg+0x1f02/0x1f90 [ 40.457352] print_address_description+0x73/0x250 [ 40.457996] ? rds_sendmsg+0x1f02/0x1f90 [ 40.458562] kasan_report+0x25b/0x340 [ 40.459084] __asan_report_load8_noabort+0x14/0x20 [ 40.459755] rds_sendmsg+0x1f02/0x1f90 [ 40.460293] ? rds_send_drop_to+0x19d0/0x19d0 [ 40.460901] ? lock_release+0xda0/0xda0 [ 40.461514] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 40.462313] ? sock_has_perm+0x29c/0x400 [ 40.462856] ? __check_object_size+0x25d/0x4f0 [ 40.463471] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 40.464202] ? __might_sleep+0x95/0x190 [ 40.464742] ? kasan_check_write+0x14/0x20 [ 40.465315] ? _copy_from_user+0x99/0x110 [ 40.465876] ? selinux_socket_sendmsg+0x36/0x40 [ 40.466499] ? security_socket_sendmsg+0x89/0xb0 [ 40.467133] ? rds_send_drop_to+0x19d0/0x19d0 [ 40.467739] sock_sendmsg+0xca/0x110 [ 40.468261] ___sys_sendmsg+0x75b/0x8a0 [ 40.468977] ? copy_msghdr_from_user+0x590/0x590 [ 40.473713] ? check_noncircular+0x20/0x20 [ 40.477922] ? __pmd_alloc+0x4e0/0x4e0 [ 40.481777] ? find_held_lock+0x39/0x1d0 [ 40.485817] ? __fget_light+0x29d/0x390 [ 40.489762] ? fget_raw+0x20/0x20 [ 40.493190] ? find_held_lock+0x39/0x1d0 [ 40.497230] ? __fdget+0x18/0x20 [ 40.500572] __sys_sendmsg+0xe5/0x210 [ 40.504340] ? __sys_sendmsg+0xe5/0x210 [ 40.508283] ? SyS_shutdown+0x290/0x290 [ 40.512225] ? handle_mm_fault+0x410/0x8d0 [ 40.516441] ? __do_page_fault+0x32d/0xc90 [ 40.520651] ? compat_SyS_futex+0x288/0x380 [ 40.524961] compat_SyS_sendmsg+0x2a/0x40 [ 40.529078] ? compat_SyS_getsockopt+0x420/0x420 [ 40.533803] do_fast_syscall_32+0x3ee/0xf9d [ 40.538098] ? do_int80_syscall_32+0x9d0/0x9d0 [ 40.542648] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 40.547377] ? lockdep_sys_exit+0x47/0xf0 [ 40.551492] ? syscall_return_slowpath+0x2ad/0x550 [ 40.556392] ? sysret32_from_system_call+0x5/0x3b [ 40.561209] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.566028] entry_SYSENTER_compat+0x51/0x60 [ 40.570402] RIP: 0023:0xf7f36c79 [ 40.573735] RSP: 002b:00000000ffdc503c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 40.581412] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000002048cfe4 [ 40.588650] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 40.595886] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 40.603126] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 40.610363] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 40.617617] [ 40.619210] The buggy address belongs to the page: [ 40.624109] page:000000007727554a count:0 mapcount:0 mapping: (null) index:0x0 [ 40.632401] flags: 0x2fffc0000000000() [ 40.636259] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 40.644106] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 [ 40.651951] page dumped because: kasan: bad access detected [ 40.657636] [ 40.659230] Memory state around the buggy address: [ 40.664124] ffff8801cbda7900: 00 00 f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 [ 40.671454] ffff8801cbda7980: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 40.678780] >ffff8801cbda7a00: 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 04 f2 f2 f2 [ 40.686106] ^ [ 40.692576] ffff8801cbda7a80: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.699900] ffff8801cbda7b00: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00 00 [ 40.707221] ================================================================== [ 40.714546] Disabling lock debugging due to kernel taint [ 40.720067] Kernel panic - not syncing: panic_on_warn set ... [ 40.720067] [ 40.727404] CPU: 0 PID: 3092 Comm: syz-executor0 Tainted: G B 4.15.0-rc2+ #121 [ 40.735942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.745266] Call Trace: [ 40.747829] dump_stack+0x194/0x257 [ 40.751425] ? arch_local_irq_restore+0x53/0x53 [ 40.756063] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 40.760786] ? vsnprintf+0x1ed/0x1900 [ 40.764555] ? rds_sendmsg+0x1eb0/0x1f90 [ 40.768587] panic+0x1e4/0x41c [ 40.771743] ? refcount_error_report+0x214/0x214 [ 40.776463] ? add_taint+0x1c/0x50 [ 40.779967] ? add_taint+0x1c/0x50 [ 40.783473] ? rds_sendmsg+0x1f02/0x1f90 [ 40.787501] kasan_end_report+0x50/0x50 [ 40.791440] kasan_report+0x144/0x340 [ 40.795208] __asan_report_load8_noabort+0x14/0x20 [ 40.800104] rds_sendmsg+0x1f02/0x1f90 [ 40.803963] ? rds_send_drop_to+0x19d0/0x19d0 [ 40.808429] ? lock_release+0xda0/0xda0 [ 40.812370] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 40.818221] ? sock_has_perm+0x29c/0x400 [ 40.822253] ? __check_object_size+0x25d/0x4f0 [ 40.826802] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 40.832145] ? __might_sleep+0x95/0x190 [ 40.836090] ? kasan_check_write+0x14/0x20 [ 40.840293] ? _copy_from_user+0x99/0x110 [ 40.844419] ? selinux_socket_sendmsg+0x36/0x40 [ 40.849053] ? security_socket_sendmsg+0x89/0xb0 [ 40.853776] ? rds_send_drop_to+0x19d0/0x19d0 [ 40.858241] sock_sendmsg+0xca/0x110 [ 40.861922] ___sys_sendmsg+0x75b/0x8a0 [ 40.865863] ? copy_msghdr_from_user+0x590/0x590 [ 40.870587] ? check_noncircular+0x20/0x20 [ 40.874802] ? __pmd_alloc+0x4e0/0x4e0 [ 40.878656] ? find_held_lock+0x39/0x1d0 [ 40.882687] ? __fget_light+0x29d/0x390 [ 40.886627] ? fget_raw+0x20/0x20 [ 40.890049] ? find_held_lock+0x39/0x1d0 [ 40.894080] ? __fdget+0x18/0x20 [ 40.897414] __sys_sendmsg+0xe5/0x210 [ 40.901178] ? __sys_sendmsg+0xe5/0x210 [ 40.905119] ? SyS_shutdown+0x290/0x290 [ 40.909057] ? handle_mm_fault+0x410/0x8d0 [ 40.913264] ? __do_page_fault+0x32d/0xc90 [ 40.917467] ? compat_SyS_futex+0x288/0x380 [ 40.921764] compat_SyS_sendmsg+0x2a/0x40 [ 40.925877] ? compat_SyS_getsockopt+0x420/0x420 [ 40.930599] do_fast_syscall_32+0x3ee/0xf9d [ 40.934888] ? do_int80_syscall_32+0x9d0/0x9d0 [ 40.939439] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 40.944160] ? lockdep_sys_exit+0x47/0xf0 [ 40.948276] ? syscall_return_slowpath+0x2ad/0x550 [ 40.953175] ? sysret32_from_system_call+0x5/0x3b [ 40.957989] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.962802] entry_SYSENTER_compat+0x51/0x60 [ 40.967174] RIP: 0023:0xf7f36c79 [ 40.970503] RSP: 002b:00000000ffdc503c EFLAGS: 00000292 ORIG_RAX: 0000000000000172 [ 40.978174] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000002048cfe4 [ 40.985411] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 40.992653] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 40.999888] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 41.007123] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 41.014409] Dumping ftrace buffer: [ 41.017917] (ftrace buffer empty) [ 41.021596] Kernel Offset: disabled [ 41.025191] Rebooting in 86400 seconds..