[....] Starting enhanced syslogd: rsyslogd[ 11.689760] audit: type=1400 audit(1513919065.158:5): avc: denied { syslog } for pid=2998 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.583197] audit: type=1400 audit(1513919072.051:6): avc: denied { map } for pid=3138 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-kasan-gce-1,10.128.0.12' (ECDSA) to the list of known hosts. executing program [ 24.792283] audit: type=1400 audit(1513919078.260:7): avc: denied { map } for pid=3152 comm="syzkaller717822" path="/root/syzkaller717822551" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 24.826734] ================================================================== [ 24.834118] BUG: KASAN: slab-out-of-bounds in sha3_update+0xdf/0x2e0 [ 24.840577] Write of size 192 at addr ffff8801cf0e3b3c by task syzkaller717822/3152 [ 24.848332] [ 24.849932] CPU: 0 PID: 3152 Comm: syzkaller717822 Not tainted 4.15.0-rc4+ #232 [ 24.857344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 24.866778] Call Trace: [ 24.869341] dump_stack+0x194/0x257 [ 24.872941] ? arch_local_irq_restore+0x53/0x53 [ 24.877596] ? show_regs_print_info+0x18/0x18 [ 24.882064] ? keyctl_dh_compute+0xac/0xf3 [ 24.886454] ? sha3_update+0xdf/0x2e0 [ 24.890235] print_address_description+0x73/0x250 [ 24.895048] ? sha3_update+0xdf/0x2e0 [ 24.898815] kasan_report+0x25b/0x340 [ 24.902586] check_memory_region+0x137/0x190 [ 24.906976] memcpy+0x37/0x50 [ 24.910057] sha3_update+0xdf/0x2e0 [ 24.913657] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.919513] crypto_shash_update+0xda/0x240 [ 24.923811] hmac_update+0x7e/0xa0 [ 24.927324] crypto_shash_update+0xda/0x240 [ 24.931617] ? hmac_import+0x1bd/0x230 [ 24.935481] __keyctl_dh_compute+0x160f/0x1990 [ 24.940047] ? dh_data_from_key+0x340/0x340 [ 24.944342] ? find_held_lock+0x35/0x1d0 [ 24.948377] ? __might_fault+0x110/0x1d0 [ 24.952404] ? lock_downgrade+0x980/0x980 [ 24.956518] ? __do_page_fault+0x3d6/0xc90 [ 24.960722] ? lock_release+0xa40/0xa40 [ 24.964670] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 24.970537] ? kasan_check_write+0x14/0x20 [ 24.974743] keyctl_dh_compute+0xac/0xf3 [ 24.978771] ? __keyctl_dh_compute+0x1990/0x1990 [ 24.983500] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 24.988502] SyS_keyctl+0x72/0x2c0 [ 24.992017] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 24.996741] RIP: 0033:0x43feb9 [ 24.999896] RSP: 002b:00007ffd3aef51a8 EFLAGS: 00000217 ORIG_RAX: 00000000000000fa [ 25.007570] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043feb9 [ 25.014806] RDX: 0000000020c2cfff RSI: 00000000204c8ff4 RDI: 0000000000000017 [ 25.022130] RBP: 00000000006ca018 R08: 00000000208e6fd4 R09: 0000000000000000 [ 25.029367] R10: 0000000000000001 R11: 0000000000000217 R12: 0000000000401820 [ 25.036602] R13: 00000000004018b0 R14: 0000000000000000 R15: 0000000000000000 [ 25.043855] [ 25.045453] Allocated by task 3152: [ 25.049051] save_stack+0x43/0xd0 [ 25.052467] kasan_kmalloc+0xad/0xe0 [ 25.056145] __kmalloc+0x162/0x760 [ 25.059653] __keyctl_dh_compute+0x2b0/0x1990 [ 25.064114] keyctl_dh_compute+0xac/0xf3 [ 25.068139] SyS_keyctl+0x72/0x2c0 [ 25.071644] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 25.076363] [ 25.077956] Freed by task 1637: [ 25.081202] save_stack+0x43/0xd0 [ 25.084620] kasan_slab_free+0x71/0xc0 [ 25.088471] kfree+0xd6/0x260 [ 25.091541] kernfs_fop_release+0x13f/0x180 [ 25.095826] __fput+0x327/0x7e0 [ 25.099070] ____fput+0x15/0x20 [ 25.102317] task_work_run+0x199/0x270 [ 25.106170] exit_to_usermode_loop+0x296/0x310 [ 25.110725] syscall_return_slowpath+0x490/0x550 [ 25.115454] entry_SYSCALL_64_fastpath+0x94/0x96 [ 25.120174] [ 25.121773] The buggy address belongs to the object at ffff8801cf0e3a40 [ 25.121773] which belongs to the cache kmalloc-512 of size 512 [ 25.134395] The buggy address is located 252 bytes inside of [ 25.134395] 512-byte region [ffff8801cf0e3a40, ffff8801cf0e3c40) [ 25.146231] The buggy address belongs to the page: [ 25.151130] page:000000001ae65fa7 count:1 mapcount:0 mapping:0000000077bf18b4 index:0xffff8801cf0e3cc0 [ 25.160541] flags: 0x2fffc0000000100(slab) [ 25.164742] raw: 02fffc0000000100 ffff8801cf0e3040 ffff8801cf0e3cc0 0000000100000005 [ 25.172588] raw: ffff8801db001738 ffffea00073c1c20 ffff8801db000940 0000000000000000 [ 25.180431] page dumped because: kasan: bad access detected [ 25.186114] [ 25.187709] Memory state around the buggy address: [ 25.192606] ffff8801cf0e3a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.199932] ffff8801cf0e3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 25.207257] >ffff8801cf0e3b80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 25.214581] ^ [ 25.220263] ffff8801cf0e3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.227588] ffff8801cf0e3c80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 25.234909] ================================================================== [ 25.242236] Disabling lock debugging due to kernel taint [ 25.247861] Kernel panic - not syncing: panic_on_warn set ... [ 25.247861] [ 25.255226] CPU: 0 PID: 3152 Comm: syzkaller717822 Tainted: G B 4.15.0-rc4+ #232 [ 25.263940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 25.273268] Call Trace: [ 25.275825] dump_stack+0x194/0x257 [ 25.279417] ? arch_local_irq_restore+0x53/0x53 [ 25.284053] ? kasan_end_report+0x32/0x50 [ 25.288166] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 25.292895] ? vsnprintf+0x1ed/0x1900 [ 25.297622] ? sha3_update+0xd0/0x2e0 [ 25.301391] panic+0x1e4/0x41c [ 25.304558] ? refcount_error_report+0x214/0x214 [ 25.309282] ? add_taint+0x1c/0x50 [ 25.312795] ? add_taint+0x1c/0x50 [ 25.316301] ? sha3_update+0xdf/0x2e0 [ 25.320065] kasan_end_report+0x50/0x50 [ 25.324011] kasan_report+0x144/0x340 [ 25.327780] check_memory_region+0x137/0x190 [ 25.332153] memcpy+0x37/0x50 [ 25.335250] sha3_update+0xdf/0x2e0 [ 25.338851] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 25.344701] crypto_shash_update+0xda/0x240 [ 25.348990] hmac_update+0x7e/0xa0 [ 25.352497] crypto_shash_update+0xda/0x240 [ 25.356783] ? hmac_import+0x1bd/0x230 [ 25.360640] __keyctl_dh_compute+0x160f/0x1990 [ 25.365195] ? dh_data_from_key+0x340/0x340 [ 25.369483] ? find_held_lock+0x35/0x1d0 [ 25.373512] ? __might_fault+0x110/0x1d0 [ 25.377538] ? lock_downgrade+0x980/0x980 [ 25.381657] ? __do_page_fault+0x3d6/0xc90 [ 25.385857] ? lock_release+0xa40/0xa40 [ 25.389855] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 25.395712] ? kasan_check_write+0x14/0x20 [ 25.399913] keyctl_dh_compute+0xac/0xf3 [ 25.403940] ? __keyctl_dh_compute+0x1990/0x1990 [ 25.408770] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 25.413751] SyS_keyctl+0x72/0x2c0 [ 25.417261] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 25.421982] RIP: 0033:0x43feb9 [ 25.425136] RSP: 002b:00007ffd3aef51a8 EFLAGS: 00000217 ORIG_RAX: 00000000000000fa [ 25.432806] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043feb9 [ 25.440042] RDX: 0000000020c2cfff RSI: 00000000204c8ff4 RDI: 0000000000000017 [ 25.447274] RBP: 00000000006ca018 R08: 00000000208e6fd4 R09: 0000000000000000 [ 25.454511] R10: 0000000000000001 R11: 0000000000000217 R12: 0000000000401820 [ 25.461750] R13: 00000000004018b0 R14: 0000000000000000 R15: 0000000000000000 [ 25.469568] Dumping ftrace buffer: [ 25.473077] (ftrace buffer empty) [ 25.476752] Kernel Offset: disabled [ 25.480343] Rebooting in 86400 seconds..