[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 18.137140] audit: type=1400 audit(1520679512.120:6): avc: denied { map } for pid=4211 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.40' (ECDSA) to the list of known hosts. syzkaller login: [ 44.446116] audit: type=1400 audit(1520679538.429:7): avc: denied { map } for pid=4229 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/03/10 10:58:58 parsed 1 programs 2018/03/10 10:58:58 executed programs: 0 [ 44.677238] audit: type=1400 audit(1520679538.661:8): avc: denied { map } for pid=4229 comm="syz-execprog" path="/root/syzkaller-shm923839938" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 44.686225] IPVS: ftp: loaded support on port[0] = 21 [ 45.762295] ================================================================== [ 45.769737] BUG: KASAN: null-ptr-deref in rdma_resolve_addr+0x12e/0x26c0 [ 45.776546] Write of size 28 at addr 00000000000000a0 by task syz-executor0/4707 [ 45.784052] [ 45.785653] CPU: 0 PID: 4707 Comm: syz-executor0 Not tainted 4.16.0-rc4+ #258 [ 45.792891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.802212] Call Trace: [ 45.804769] dump_stack+0x194/0x24d [ 45.808367] ? arch_local_irq_restore+0x53/0x53 [ 45.813008] ? __might_sleep+0x95/0x190 [ 45.816956] ? rdma_resolve_addr+0x12e/0x26c0 [ 45.821425] kasan_report+0x140/0x360 [ 45.825201] check_memory_region+0x137/0x190 [ 45.829580] memcpy+0x37/0x50 [ 45.832810] rdma_resolve_addr+0x12e/0x26c0 [ 45.837104] ? futex_wait+0x6a9/0x9a0 [ 45.840880] ? find_held_lock+0x35/0x1d0 [ 45.844917] ? rdma_bind_addr+0x1b50/0x1b50 [ 45.849209] ? lock_downgrade+0x980/0x980 [ 45.853328] ? futex_wake+0x2ca/0x680 [ 45.857104] ? __radix_tree_lookup+0x435/0x5e0 [ 45.861668] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 45.866482] ? wait_for_completion+0x770/0x770 [ 45.871038] ? lock_release+0xa40/0xa40 [ 45.874983] ? check_same_owner+0x320/0x320 [ 45.879272] ? find_held_lock+0x35/0x1d0 [ 45.883322] ucma_resolve_ip+0x142/0x1f0 [ 45.887349] ? ucma_resolve_ip+0x142/0x1f0 [ 45.891554] ? ucma_resolve_addr+0x330/0x330 [ 45.895941] ? kasan_check_write+0x14/0x20 [ 45.900151] ucma_write+0x2d6/0x3d0 [ 45.903746] ? ucma_resolve_addr+0x330/0x330 [ 45.908124] ? ucma_resolve_route+0x1a0/0x1a0 [ 45.912595] ? ucma_resolve_route+0x1a0/0x1a0 [ 45.917058] __vfs_write+0xef/0x970 [ 45.920658] ? rcu_note_context_switch+0x710/0x710 [ 45.925556] ? kernel_read+0x120/0x120 [ 45.929415] ? __might_sleep+0x95/0x190 [ 45.933359] ? _cond_resched+0x14/0x30 [ 45.937217] ? __inode_security_revalidate+0xd9/0x130 [ 45.942375] ? avc_policy_seqno+0x9/0x20 [ 45.946408] ? selinux_file_permission+0x82/0x460 [ 45.951229] ? security_file_permission+0x89/0x1e0 [ 45.956129] ? rw_verify_area+0xe5/0x2b0 [ 45.960158] ? __fdget_raw+0x20/0x20 [ 45.963842] vfs_write+0x189/0x510 [ 45.967354] SyS_write+0xef/0x220 [ 45.970773] ? filp_open+0x70/0x70 [ 45.974282] ? SyS_read+0x220/0x220 [ 45.977896] ? do_fast_syscall_32+0x156/0xf9f [ 45.982361] ? SyS_read+0x220/0x220 [ 45.985957] do_fast_syscall_32+0x3ec/0xf9f [ 45.990249] ? _raw_spin_unlock_irq+0x27/0x70 [ 45.994718] ? do_int80_syscall_32+0x9c0/0x9c0 [ 45.999266] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.003729] ? finish_task_switch+0x1c1/0x7e0 [ 46.008199] ? syscall_return_slowpath+0x2ac/0x550 [ 46.013101] ? prepare_exit_to_usermode+0x350/0x350 [ 46.018088] ? sysret32_from_system_call+0x5/0x3c [ 46.022904] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.027720] entry_SYSENTER_compat+0x70/0x7f [ 46.032097] RIP: 0023:0xf7fb7c99 [ 46.035429] RSP: 002b:00000000f7f9209c EFLAGS: 00000286 ORIG_RAX: 0000000000000004 [ 46.043103] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000200001c0 [ 46.050344] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 46.057582] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 46.064819] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 46.072057] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 46.079312] ================================================================== [ 46.086638] Disabling lock debugging due to kernel taint [ 46.092126] Kernel panic - not syncing: panic_on_warn set ... [ 46.092126] [ 46.099470] CPU: 0 PID: 4707 Comm: syz-executor0 Tainted: G B 4.16.0-rc4+ #258 [ 46.108009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.117329] Call Trace: [ 46.119884] dump_stack+0x194/0x24d [ 46.123481] ? arch_local_irq_restore+0x53/0x53 [ 46.128119] ? kasan_end_report+0x32/0x50 [ 46.132234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 46.136958] ? vsnprintf+0x1ed/0x1900 [ 46.140728] ? rdma_resolve_addr+0x50/0x26c0 [ 46.145102] panic+0x1e4/0x41c [ 46.148261] ? refcount_error_report+0x214/0x214 [ 46.152986] ? add_taint+0x1c/0x50 [ 46.156492] ? add_taint+0x1c/0x50 [ 46.160002] ? rdma_resolve_addr+0x12e/0x26c0 [ 46.164463] kasan_end_report+0x50/0x50 [ 46.168403] kasan_report+0x149/0x360 [ 46.172170] check_memory_region+0x137/0x190 [ 46.176544] memcpy+0x37/0x50 [ 46.179622] rdma_resolve_addr+0x12e/0x26c0 [ 46.183911] ? futex_wait+0x6a9/0x9a0 [ 46.187682] ? find_held_lock+0x35/0x1d0 [ 46.191715] ? rdma_bind_addr+0x1b50/0x1b50 [ 46.196002] ? lock_downgrade+0x980/0x980 [ 46.200116] ? futex_wake+0x2ca/0x680 [ 46.203884] ? __radix_tree_lookup+0x435/0x5e0 [ 46.208443] ? __mutex_unlock_slowpath+0xe9/0xac0 [ 46.213252] ? wait_for_completion+0x770/0x770 [ 46.217804] ? lock_release+0xa40/0xa40 [ 46.221744] ? check_same_owner+0x320/0x320 [ 46.226034] ? find_held_lock+0x35/0x1d0 [ 46.230073] ucma_resolve_ip+0x142/0x1f0 [ 46.234099] ? ucma_resolve_ip+0x142/0x1f0 [ 46.238301] ? ucma_resolve_addr+0x330/0x330 [ 46.242680] ? kasan_check_write+0x14/0x20 [ 46.246883] ucma_write+0x2d6/0x3d0 [ 46.250476] ? ucma_resolve_addr+0x330/0x330 [ 46.254850] ? ucma_resolve_route+0x1a0/0x1a0 [ 46.259316] ? ucma_resolve_route+0x1a0/0x1a0 [ 46.263778] __vfs_write+0xef/0x970 [ 46.267373] ? rcu_note_context_switch+0x710/0x710 [ 46.272270] ? kernel_read+0x120/0x120 [ 46.276123] ? __might_sleep+0x95/0x190 [ 46.280067] ? _cond_resched+0x14/0x30 [ 46.283925] ? __inode_security_revalidate+0xd9/0x130 [ 46.289083] ? avc_policy_seqno+0x9/0x20 [ 46.293112] ? selinux_file_permission+0x82/0x460 [ 46.297923] ? security_file_permission+0x89/0x1e0 [ 46.302819] ? rw_verify_area+0xe5/0x2b0 [ 46.306845] ? __fdget_raw+0x20/0x20 [ 46.310528] vfs_write+0x189/0x510 [ 46.314045] SyS_write+0xef/0x220 [ 46.317463] ? filp_open+0x70/0x70 [ 46.320974] ? SyS_read+0x220/0x220 [ 46.324573] ? do_fast_syscall_32+0x156/0xf9f [ 46.329038] ? SyS_read+0x220/0x220 [ 46.332632] do_fast_syscall_32+0x3ec/0xf9f [ 46.336918] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.341386] ? do_int80_syscall_32+0x9c0/0x9c0 [ 46.345933] ? _raw_spin_unlock_irq+0x27/0x70 [ 46.350394] ? finish_task_switch+0x1c1/0x7e0 [ 46.354856] ? syscall_return_slowpath+0x2ac/0x550 [ 46.359754] ? prepare_exit_to_usermode+0x350/0x350 [ 46.364736] ? sysret32_from_system_call+0x5/0x3c [ 46.369552] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.374363] entry_SYSENTER_compat+0x70/0x7f [ 46.378738] RIP: 0023:0xf7fb7c99 [ 46.382070] RSP: 002b:00000000f7f9209c EFLAGS: 00000286 ORIG_RAX: 0000000000000004 [ 46.389742] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000200001c0 [ 46.396980] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 46.404218] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 46.411454] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 46.418693] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 46.426309] Dumping ftrace buffer: [ 46.429818] (ftrace buffer empty) [ 46.433496] Kernel Offset: disabled [ 46.437092] Rebooting in 86400 seconds..