[....] Starting enhanced syslogd: rsyslogd[ 11.812060] audit: type=1400 audit(1513987683.539:5): avc: denied { syslog } for pid=2997 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 16.804861] audit: type=1400 audit(1513987688.532:6): avc: denied { map } for pid=3135 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-next-kasan-gce-1,10.128.0.52' (ECDSA) to the list of known hosts.
executing program
[ 37.588079] audit: type=1400 audit(1513987709.315:7): avc: denied { map } for pid=3153 comm="syzkaller895417" path="/root/syzkaller895417723" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 37.617377] ==================================================================
[ 37.624773] BUG: KASAN: stack-out-of-bounds in rds_sendmsg+0x1f02/0x1f90
[ 37.631585] Read of size 8 at addr ffff8801c7d5fb70 by task syzkaller895417/3153
[ 37.639081]
[ 37.640684] CPU: 1 PID: 3153 Comm: syzkaller895417 Not tainted 4.15.0-rc4-next-20171221+ #78
[ 37.649237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 37.658582] Call Trace:
[ 37.661149] dump_stack+0x194/0x257
[ 37.664748] ? arch_local_irq_restore+0x53/0x53
[ 37.669407] ? show_regs_print_info+0x18/0x18
[ 37.673879] ? _raw_spin_unlock_bh+0x30/0x40
[ 37.678261] ? rds_sendmsg+0x1f02/0x1f90
[ 37.682302] print_address_description+0x73/0x250
[ 37.687122] ? rds_sendmsg+0x1f02/0x1f90
[ 37.691161] kasan_report+0x25b/0x340
[ 37.694946] __asan_report_load8_noabort+0x14/0x20
[ 37.699845] rds_sendmsg+0x1f02/0x1f90
[ 37.703722] ? rds_send_drop_to+0x19d0/0x19d0
[ 37.708197] ? find_held_lock+0x35/0x1d0
[ 37.712233] ? sock_has_perm+0x2a4/0x420
[ 37.716266] ? selinux_secmark_relabel_packet+0xc0/0xc0
[ 37.721612] ? lock_downgrade+0x980/0x980
[ 37.725742] ? dup_iter+0x192/0x260
[ 37.729357] ? lock_release+0xa40/0xa40
[ 37.733314] ? selinux_socket_sendmsg+0x36/0x40
[ 37.737952] ? security_socket_sendmsg+0x89/0xb0
[ 37.742676] ? rds_send_drop_to+0x19d0/0x19d0
[ 37.747153] sock_sendmsg+0xca/0x110
[ 37.750851] ___sys_sendmsg+0x320/0x8b0
[ 37.754801] ? copy_msghdr_from_user+0x590/0x590
[ 37.759538] ? __pmd_alloc+0x4e0/0x4e0
[ 37.763410] ? __fget_light+0x297/0x380
[ 37.767352] ? fget_raw+0x20/0x20
[ 37.770773] ? find_held_lock+0x35/0x1d0
[ 37.774835] ? __do_page_fault+0x5f7/0xc90
[ 37.779056] ? lock_downgrade+0x980/0x980
[ 37.783215] __sys_sendmmsg+0x1ee/0x620
[ 37.787171] ? __sys_sendmmsg+0x1ee/0x620
[ 37.791312] ? SyS_sendmsg+0x50/0x50
[ 37.795015] ? mm_fault_error+0x2c0/0x2c0
[ 37.799146] ? __do_page_fault+0xc90/0xc90
[ 37.803359] ? syscall_return_slowpath+0x2ad/0x550
[ 37.808277] ? prepare_exit_to_usermode+0x340/0x340
[ 37.813279] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 37.818300] SyS_sendmmsg+0x35/0x60
[ 37.821903] entry_SYSCALL_64_fastpath+0x1f/0x96
[ 37.826628] RIP: 0033:0x43fe49
[ 37.829787] RSP: 002b:00007ffecc5e79e8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133
[ 37.837474] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe49
[ 37.844722] RDX: 0000000000000001 RSI: 000000002020c000 RDI: 0000000000000003
[ 37.851968] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[ 37.859217] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004017b0
[ 37.866463] R13: 0000000000401840 R14: 0000000000000000 R15: 0000000000000000
[ 37.873727]
[ 37.875320] The buggy address belongs to the page:
[ 37.880220] page:000000007c8b0bef count:0 mapcount:0 mapping: (null) index:0x0
[ 37.888328] flags: 0x2fffc0000000000()
[ 37.892182] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[ 37.900040] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[ 37.907893] page dumped because: kasan: bad access detected
[ 37.913575]
[ 37.915167] Memory state around the buggy address:
[ 37.920073] ffff8801c7d5fa00: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2
[ 37.927406] ffff8801c7d5fa80: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00
[ 37.934733] >ffff8801c7d5fb00: 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 00 04 f2
[ 37.942060] ^
[ 37.949040] ffff8801c7d5fb80: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00
[ 37.956374] ffff8801c7d5fc00: 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00
[ 37.963707] ==================================================================
[ 37.971041] Disabling lock debugging due to kernel taint
[ 37.976631] Kernel panic - not syncing: panic_on_warn set ...
[ 37.976631]
[ 37.983979] CPU: 1 PID: 3153 Comm: syzkaller895417 Tainted: G B 4.15.0-rc4-next-20171221+ #78
[ 37.993836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 38.003155] Call Trace:
[ 38.005714] dump_stack+0x194/0x257
[ 38.009313] ? arch_local_irq_restore+0x53/0x53
[ 38.013950] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 38.018672] ? vsnprintf+0x1ed/0x1900
[ 38.022446] ? rds_sendmsg+0x1e50/0x1f90
[ 38.026474] panic+0x1e4/0x41c
[ 38.029633] ? refcount_error_report+0x214/0x214
[ 38.034358] ? add_taint+0x1c/0x50
[ 38.037866] ? add_taint+0x1c/0x50
[ 38.041372] ? rds_sendmsg+0x1f02/0x1f90
[ 38.045401] kasan_end_report+0x50/0x50
[ 38.049341] kasan_report+0x144/0x340
[ 38.053114] __asan_report_load8_noabort+0x14/0x20
[ 38.058026] rds_sendmsg+0x1f02/0x1f90
[ 38.061896] ? rds_send_drop_to+0x19d0/0x19d0
[ 38.066360] ? find_held_lock+0x35/0x1d0
[ 38.070390] ? sock_has_perm+0x2a4/0x420
[ 38.074416] ? selinux_secmark_relabel_packet+0xc0/0xc0
[ 38.079744] ? lock_downgrade+0x980/0x980
[ 38.083865] ? dup_iter+0x192/0x260
[ 38.087460] ? lock_release+0xa40/0xa40
[ 38.091407] ? selinux_socket_sendmsg+0x36/0x40
[ 38.096043] ? security_socket_sendmsg+0x89/0xb0
[ 38.100775] ? rds_send_drop_to+0x19d0/0x19d0
[ 38.105248] sock_sendmsg+0xca/0x110
[ 38.108938] ___sys_sendmsg+0x320/0x8b0
[ 38.112890] ? copy_msghdr_from_user+0x590/0x590
[ 38.117613] ? __pmd_alloc+0x4e0/0x4e0
[ 38.121482] ? __fget_light+0x297/0x380
[ 38.125429] ? fget_raw+0x20/0x20
[ 38.128848] ? find_held_lock+0x35/0x1d0
[ 38.132883] ? __do_page_fault+0x5f7/0xc90
[ 38.137085] ? lock_downgrade+0x980/0x980
[ 38.141208] __sys_sendmmsg+0x1ee/0x620
[ 38.145149] ? __sys_sendmmsg+0x1ee/0x620
[ 38.149277] ? SyS_sendmsg+0x50/0x50
[ 38.152961] ? mm_fault_error+0x2c0/0x2c0
[ 38.157093] ? __do_page_fault+0xc90/0xc90
[ 38.161297] ? syscall_return_slowpath+0x2ad/0x550
[ 38.166192] ? prepare_exit_to_usermode+0x340/0x340
[ 38.171179] ? trace_hardirqs_on_caller+0x421/0x5c0
[ 38.176164] SyS_sendmmsg+0x35/0x60
[ 38.179760] entry_SYSCALL_64_fastpath+0x1f/0x96
[ 38.184481] RIP: 0033:0x43fe49
[ 38.187638] RSP: 002b:00007ffecc5e79e8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133
[ 38.195313] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fe49
[ 38.202550] RDX: 0000000000000001 RSI: 000000002020c000 RDI: 0000000000000003
[ 38.209791] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
[ 38.217043] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004017b0
[ 38.224278] R13: 0000000000401840 R14: 0000000000000000 R15: 0000000000000000
[ 38.231557] Dumping ftrace buffer:
[ 38.235067] (ftrace buffer empty)
[ 38.238745] Kernel Offset: disabled
[ 38.242340] Rebooting in 86400 seconds..