[....] Starting enhanced syslogd: rsyslogd[ 9.880884] audit: type=1400 audit(1514258426.083:5): avc: denied { syslog } for pid=2993 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 12.507524] audit: type=1400 audit(1514258428.710:6): avc: denied { map } for pid=3128 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-2,10.128.0.54' (ECDSA) to the list of known hosts. executing program [ 18.680971] audit: type=1400 audit(1514258434.883:7): avc: denied { map } for pid=3142 comm="syzkaller743832" path="/root/syzkaller743832962" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 18.724691] ================================================================== [ 18.732089] BUG: KASAN: wild-memory-access in scatterwalk_copychunks+0x206/0x480 [ 18.739594] Write of size 16 at addr 00050800c803d918 by task syzkaller743832/3142 [ 18.747264] [ 18.748863] CPU: 1 PID: 3142 Comm: syzkaller743832 Not tainted 4.15.0-rc4-mm1+ #49 [ 18.756538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 18.765863] Call Trace: [ 18.768426] dump_stack+0x194/0x257 [ 18.772035] ? arch_local_irq_restore+0x53/0x53 [ 18.776685] ? scatterwalk_copychunks+0x206/0x480 [ 18.781497] kasan_report+0x13f/0x360 [ 18.785271] check_memory_region+0x137/0x190 [ 18.789649] memcpy+0x37/0x50 [ 18.792725] scatterwalk_copychunks+0x206/0x480 [ 18.797372] blkcipher_walk_done+0xa4b/0xde0 [ 18.801757] glue_ctr_crypt_128bit+0x597/0xc20 [ 18.806318] ? glue_ecb_crypt_128bit+0x5c0/0x5c0 [ 18.811043] ? sha512_base_init+0x220/0x220 [ 18.815366] ctr_crypt+0x34/0x40 [ 18.818708] ? ctr_crypt+0x34/0x40 [ 18.822219] ? twofish_enc_blk_3way+0x30/0x30 [ 18.826687] __ablk_encrypt+0x1d1/0x2d0 [ 18.830639] ? ablk_set_key+0x1a0/0x1a0 [ 18.834587] ? shash_async_update+0x20/0x20 [ 18.838875] ? kfree+0xf0/0x260 [ 18.842123] ? __ablk_encrypt+0x2d0/0x2d0 [ 18.846242] ablk_encrypt+0x23e/0x2c0 [ 18.850017] ? __ablk_encrypt+0x2d0/0x2d0 [ 18.854141] skcipher_decrypt_ablkcipher+0x312/0x420 [ 18.859211] ? scatterwalk_ffwd+0xbf/0x370 [ 18.863417] poly_tail_continue+0x42a/0x6b0 [ 18.867712] poly_tail+0x40f/0x520 [ 18.871223] poly_cipherpad+0x33e/0x470 [ 18.875173] poly_cipher+0x303/0x440 [ 18.878863] poly_adpad+0x347/0x480 [ 18.882463] poly_ad+0x25c/0x300 [ 18.885816] poly_setkey+0x2fc/0x3e0 [ 18.889507] poly_init+0x16c/0x1d0 [ 18.893027] poly_genkey+0x422/0x590 [ 18.896718] chachapoly_decrypt+0x73/0x90 [ 18.900843] aead_recvmsg+0x154a/0x1cf0 [ 18.904807] ? aead_release+0x50/0x50 [ 18.908580] ? selinux_socket_recvmsg+0x36/0x40 [ 18.913236] ? security_socket_recvmsg+0x91/0xc0 [ 18.917970] ? aead_release+0x50/0x50 [ 18.921739] sock_recvmsg+0xc9/0x110 [ 18.925426] ? __sock_recv_wifi_status+0x210/0x210 [ 18.930328] ___sys_recvmsg+0x2a4/0x640 [ 18.934279] ? ___sys_sendmsg+0x8b0/0x8b0 [ 18.938402] ? __do_page_fault+0x5f7/0xc90 [ 18.942613] ? lock_downgrade+0x980/0x980 [ 18.946736] ? __fget_light+0x297/0x380 [ 18.950679] ? fget_raw+0x20/0x20 [ 18.954107] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 18.958663] ? vmacache_find+0x5f/0x280 [ 18.962612] ? up_read+0x1a/0x40 [ 18.965949] ? __do_page_fault+0x3d6/0xc90 [ 18.970152] ? SYSC_accept4+0x4ff/0x870 [ 18.974100] ? __fdget+0x18/0x20 [ 18.977440] __sys_recvmsg+0xe2/0x210 [ 18.981209] ? __sys_recvmsg+0xe2/0x210 [ 18.985159] ? SyS_sendmmsg+0x60/0x60 [ 18.988929] ? __do_page_fault+0xc90/0xc90 [ 18.993136] ? SyS_setsockopt+0x215/0x360 [ 18.997264] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 19.002257] SyS_recvmsg+0x2d/0x50 [ 19.005775] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.010497] RIP: 0033:0x43fef9 [ 19.013658] RSP: 002b:00007fff5160b338 EFLAGS: 00000217 ORIG_RAX: 000000000000002f [ 19.021343] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fef9 [ 19.028592] RDX: 0000000000000000 RSI: 000000002022efc8 RDI: 0000000000000004 [ 19.035832] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 19.043073] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401860 [ 19.050311] R13: 00000000004018f0 R14: 0000000000000000 R15: 0000000000000000 [ 19.057575] ================================================================== [ 19.064900] Disabling lock debugging due to kernel taint [ 19.070369] Kernel panic - not syncing: panic_on_warn set ... [ 19.070369] [ 19.077716] CPU: 1 PID: 3142 Comm: syzkaller743832 Tainted: G B 4.15.0-rc4-mm1+ #49 [ 19.086691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.096014] Call Trace: [ 19.098575] dump_stack+0x194/0x257 [ 19.102169] ? arch_local_irq_restore+0x53/0x53 [ 19.106803] ? kasan_end_report+0x32/0x50 [ 19.110918] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 19.115639] ? vsnprintf+0x1ed/0x1900 [ 19.119406] ? scatterwalk_copychunks+0x1f0/0x480 [ 19.124218] panic+0x1e4/0x41c [ 19.127377] ? refcount_error_report+0x214/0x214 [ 19.132109] ? add_taint+0x1c/0x50 [ 19.135618] ? add_taint+0x1c/0x50 [ 19.139129] ? scatterwalk_copychunks+0x206/0x480 [ 19.143941] kasan_end_report+0x50/0x50 [ 19.147881] kasan_report+0x148/0x360 [ 19.151649] check_memory_region+0x137/0x190 [ 19.156029] memcpy+0x37/0x50 [ 19.159116] scatterwalk_copychunks+0x206/0x480 [ 19.163757] blkcipher_walk_done+0xa4b/0xde0 [ 19.168144] glue_ctr_crypt_128bit+0x597/0xc20 [ 19.172699] ? glue_ecb_crypt_128bit+0x5c0/0x5c0 [ 19.177423] ? sha512_base_init+0x220/0x220 [ 19.181732] ctr_crypt+0x34/0x40 [ 19.185068] ? ctr_crypt+0x34/0x40 [ 19.188578] ? twofish_enc_blk_3way+0x30/0x30 [ 19.193040] __ablk_encrypt+0x1d1/0x2d0 [ 19.196981] ? ablk_set_key+0x1a0/0x1a0 [ 19.200929] ? shash_async_update+0x20/0x20 [ 19.205217] ? kfree+0xf0/0x260 [ 19.208465] ? __ablk_encrypt+0x2d0/0x2d0 [ 19.212596] ablk_encrypt+0x23e/0x2c0 [ 19.216364] ? __ablk_encrypt+0x2d0/0x2d0 [ 19.220480] skcipher_decrypt_ablkcipher+0x312/0x420 [ 19.225547] ? scatterwalk_ffwd+0xbf/0x370 [ 19.229749] poly_tail_continue+0x42a/0x6b0 [ 19.234047] poly_tail+0x40f/0x520 [ 19.237563] poly_cipherpad+0x33e/0x470 [ 19.241506] poly_cipher+0x303/0x440 [ 19.245187] poly_adpad+0x347/0x480 [ 19.248786] poly_ad+0x25c/0x300 [ 19.252122] poly_setkey+0x2fc/0x3e0 [ 19.255812] poly_init+0x16c/0x1d0 [ 19.259318] poly_genkey+0x422/0x590 [ 19.262999] chachapoly_decrypt+0x73/0x90 [ 19.267119] aead_recvmsg+0x154a/0x1cf0 [ 19.271068] ? aead_release+0x50/0x50 [ 19.274834] ? selinux_socket_recvmsg+0x36/0x40 [ 19.279471] ? security_socket_recvmsg+0x91/0xc0 [ 19.284198] ? aead_release+0x50/0x50 [ 19.287965] sock_recvmsg+0xc9/0x110 [ 19.291645] ? __sock_recv_wifi_status+0x210/0x210 [ 19.296545] ___sys_recvmsg+0x2a4/0x640 [ 19.300490] ? ___sys_sendmsg+0x8b0/0x8b0 [ 19.304610] ? __do_page_fault+0x5f7/0xc90 [ 19.308813] ? lock_downgrade+0x980/0x980 [ 19.312930] ? __fget_light+0x297/0x380 [ 19.316873] ? fget_raw+0x20/0x20 [ 19.320297] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 19.324843] ? vmacache_find+0x5f/0x280 [ 19.328790] ? up_read+0x1a/0x40 [ 19.332126] ? __do_page_fault+0x3d6/0xc90 [ 19.336326] ? SYSC_accept4+0x4ff/0x870 [ 19.340270] ? __fdget+0x18/0x20 [ 19.343610] __sys_recvmsg+0xe2/0x210 [ 19.347377] ? __sys_recvmsg+0xe2/0x210 [ 19.351317] ? SyS_sendmmsg+0x60/0x60 [ 19.355087] ? __do_page_fault+0xc90/0xc90 [ 19.359292] ? SyS_setsockopt+0x215/0x360 [ 19.363414] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 19.368398] SyS_recvmsg+0x2d/0x50 [ 19.371905] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.376629] RIP: 0033:0x43fef9 [ 19.379790] RSP: 002b:00007fff5160b338 EFLAGS: 00000217 ORIG_RAX: 000000000000002f [ 19.387461] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fef9 [ 19.394696] RDX: 0000000000000000 RSI: 000000002022efc8 RDI: 0000000000000004 [ 19.401931] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 19.409173] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401860 [ 19.416415] R13: 00000000004018f0 R14: 0000000000000000 R15: 0000000000000000 [ 19.424083] Dumping ftrace buffer: [ 19.427591] (ftrace buffer empty) [ 19.431269] Kernel Offset: disabled [ 19.434860] Rebooting in 86400 seconds..