[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [ 11.958186] sshd (3065) used greatest stack depth: 14944 bytes left [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.290095] audit: type=1400 audit(1513916139.973:6): avc: denied { map } for pid=3133 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-4,10.128.15.211' (ECDSA) to the list of known hosts. executing program [ 27.589725] audit: type=1400 audit(1513916151.273:7): avc: denied { map } for pid=3149 comm="syzkaller036649" path="/root/syzkaller036649338" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 27.620080] ================================================================== [ 27.645543] BUG: KASAN: stack-out-of-bounds in rds_sendmsg+0x1f02/0x1f90 [ 27.652366] Read of size 8 at addr ffff8801c89efb70 by task syzkaller036649/3149 [ 27.659869] [ 27.661470] CPU: 0 PID: 3149 Comm: syzkaller036649 Not tainted 4.15.0-rc4-mm1+ #48 [ 27.669149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.678497] Call Trace: [ 27.681060] dump_stack+0x194/0x257 [ 27.684663] ? arch_local_irq_restore+0x53/0x53 [ 27.689308] ? show_regs_print_info+0x18/0x18 [ 27.693780] ? _raw_spin_unlock_bh+0x30/0x40 [ 27.698159] ? rds_sendmsg+0x1f02/0x1f90 [ 27.702205] print_address_description+0x73/0x250 [ 27.707019] ? rds_sendmsg+0x1f02/0x1f90 [ 27.711053] kasan_report+0x23b/0x360 [ 27.714828] __asan_report_load8_noabort+0x14/0x20 [ 27.719746] rds_sendmsg+0x1f02/0x1f90 [ 27.723625] ? rds_send_drop_to+0x19d0/0x19d0 [ 27.728100] ? find_held_lock+0x35/0x1d0 [ 27.732153] ? sock_has_perm+0x2a4/0x420 [ 27.736189] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 27.741611] ? lock_downgrade+0x980/0x980 [ 27.745729] ? dup_iter+0x1a2/0x260 [ 27.749344] ? lock_release+0xa40/0xa40 [ 27.753303] ? selinux_socket_sendmsg+0x36/0x40 [ 27.757955] ? security_socket_sendmsg+0x89/0xb0 [ 27.762685] ? rds_send_drop_to+0x19d0/0x19d0 [ 27.767153] sock_sendmsg+0xca/0x110 [ 27.770846] ___sys_sendmsg+0x320/0x8b0 [ 27.774799] ? copy_msghdr_from_user+0x590/0x590 [ 27.779547] ? __pmd_alloc+0x4e0/0x4e0 [ 27.783437] ? __fget_light+0x297/0x380 [ 27.787391] ? fget_raw+0x20/0x20 [ 27.790816] ? find_held_lock+0x35/0x1d0 [ 27.794856] ? __do_page_fault+0x5f7/0xc90 [ 27.799061] ? lock_downgrade+0x980/0x980 [ 27.803203] __sys_sendmmsg+0x1ee/0x620 [ 27.807148] ? __sys_sendmmsg+0x1ee/0x620 [ 27.811275] ? SyS_sendmsg+0x50/0x50 [ 27.814966] ? mm_fault_error+0x2c0/0x2c0 [ 27.819097] ? __do_page_fault+0xc90/0xc90 [ 27.823316] ? syscall_return_slowpath+0x2ad/0x550 [ 27.828221] ? prepare_exit_to_usermode+0x340/0x340 [ 27.833213] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.838204] SyS_sendmmsg+0x35/0x60 [ 27.841805] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 27.846529] RIP: 0033:0x43fe49 [ 27.849689] RSP: 002b:00007ffefa4b0438 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 27.857376] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe49 [ 27.864625] RDX: 0000000000000001 RSI: 000000002020c000 RDI: 0000000000000003 [ 27.871867] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 27.879106] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004017b0 [ 27.886345] R13: 0000000000401840 R14: 0000000000000000 R15: 0000000000000000 [ 27.893604] [ 27.895214] The buggy address belongs to the page: [ 27.900117] page:ffffea0007227bc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 27.908238] flags: 0x2fffc0000000000() [ 27.912097] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 27.919945] raw: 0000000000000000 ffffea0007220101 0000000000000000 0000000000000000 [ 27.927791] page dumped because: kasan: bad access detected [ 27.933464] [ 27.935057] Memory state around the buggy address: [ 27.939954] ffff8801c89efa00: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 [ 27.947285] ffff8801c89efa80: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 [ 27.954613] >ffff8801c89efb00: 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 00 04 f2 [ 27.961941] ^ [ 27.969011] ffff8801c89efb80: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 [ 27.976351] ffff8801c89efc00: 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 [ 27.983693] ================================================================== [ 27.991030] Disabling lock debugging due to kernel taint [ 27.996516] Kernel panic - not syncing: panic_on_warn set ... [ 27.996516] [ 28.003853] CPU: 0 PID: 3149 Comm: syzkaller036649 Tainted: G B 4.15.0-rc4-mm1+ #48 [ 28.012829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.022163] Call Trace: [ 28.024723] dump_stack+0x194/0x257 [ 28.028320] ? arch_local_irq_restore+0x53/0x53 [ 28.032957] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.037679] ? vsnprintf+0x1ed/0x1900 [ 28.041449] ? rds_sendmsg+0x1e50/0x1f90 [ 28.045480] panic+0x1e4/0x41c [ 28.048642] ? refcount_error_report+0x214/0x214 [ 28.053366] ? add_taint+0x1c/0x50 [ 28.056877] ? add_taint+0x1c/0x50 [ 28.060385] ? rds_sendmsg+0x1f02/0x1f90 [ 28.064416] kasan_end_report+0x50/0x50 [ 28.068371] kasan_report+0x148/0x360 [ 28.072151] __asan_report_load8_noabort+0x14/0x20 [ 28.077060] rds_sendmsg+0x1f02/0x1f90 [ 28.080935] ? rds_send_drop_to+0x19d0/0x19d0 [ 28.085418] ? find_held_lock+0x35/0x1d0 [ 28.089461] ? sock_has_perm+0x2a4/0x420 [ 28.093499] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 28.098861] ? lock_downgrade+0x980/0x980 [ 28.103001] ? dup_iter+0x1a2/0x260 [ 28.106606] ? lock_release+0xa40/0xa40 [ 28.111169] ? selinux_socket_sendmsg+0x36/0x40 [ 28.115806] ? security_socket_sendmsg+0x89/0xb0 [ 28.120530] ? rds_send_drop_to+0x19d0/0x19d0 [ 28.124996] sock_sendmsg+0xca/0x110 [ 28.128684] ___sys_sendmsg+0x320/0x8b0 [ 28.132630] ? copy_msghdr_from_user+0x590/0x590 [ 28.137355] ? __pmd_alloc+0x4e0/0x4e0 [ 28.141218] ? __fget_light+0x297/0x380 [ 28.145157] ? fget_raw+0x20/0x20 [ 28.148576] ? find_held_lock+0x35/0x1d0 [ 28.152620] ? __do_page_fault+0x5f7/0xc90 [ 28.156823] ? lock_downgrade+0x980/0x980 [ 28.160954] __sys_sendmmsg+0x1ee/0x620 [ 28.164894] ? __sys_sendmmsg+0x1ee/0x620 [ 28.169013] ? SyS_sendmsg+0x50/0x50 [ 28.172695] ? mm_fault_error+0x2c0/0x2c0 [ 28.176815] ? __do_page_fault+0xc90/0xc90 [ 28.181021] ? syscall_return_slowpath+0x2ad/0x550 [ 28.185916] ? prepare_exit_to_usermode+0x340/0x340 [ 28.190901] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.195885] SyS_sendmmsg+0x35/0x60 [ 28.199481] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 28.204204] RIP: 0033:0x43fe49 [ 28.207362] RSP: 002b:00007ffefa4b0438 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 28.215050] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe49 [ 28.222291] RDX: 0000000000000001 RSI: 000000002020c000 RDI: 0000000000000003 [ 28.229553] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 28.236799] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004017b0 [ 28.244040] R13: 0000000000401840 R14: 0000000000000000 R15: 0000000000000000 [ 28.251338] Dumping ftrace buffer: [ 28.254861] (ftrace buffer empty) [ 28.258539] Kernel Offset: disabled [ 28.262133] Rebooting in 86400 seconds..