[....] Starting enhanced syslogd: rsyslogd[ 11.585536] audit: type=1400 audit(1514061534.425:5): avc: denied { syslog } for pid=2995 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 16.307655] audit: type=1400 audit(1514061539.147:6): avc: denied { map } for pid=3133 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-net-kasan-gce-5,10.128.15.201' (ECDSA) to the list of known hosts. executing program [ 22.510465] audit: type=1400 audit(1514061545.350:7): avc: denied { map } for pid=3147 comm="syzkaller714541" path="/root/syzkaller714541549" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 22.538659] ================================================================== [ 22.546047] BUG: KASAN: wild-memory-access in scatterwalk_copychunks+0x206/0x480 [ 22.553559] Write of size 16 at addr 00050800c84ad198 by task syzkaller714541/3147 [ 22.561231] [ 22.562829] CPU: 1 PID: 3147 Comm: syzkaller714541 Not tainted 4.15.0-rc4+ #164 [ 22.570242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.579657] Call Trace: [ 22.582218] dump_stack+0x194/0x257 [ 22.585816] ? arch_local_irq_restore+0x53/0x53 [ 22.590463] ? scatterwalk_copychunks+0x206/0x480 [ 22.595278] kasan_report+0x13b/0x340 [ 22.599051] check_memory_region+0x137/0x190 [ 22.603427] memcpy+0x37/0x50 [ 22.606504] scatterwalk_copychunks+0x206/0x480 [ 22.611156] blkcipher_walk_done+0xa4b/0xde0 [ 22.615543] glue_ctr_crypt_128bit+0x597/0xc20 [ 22.620112] ? glue_ecb_crypt_128bit+0x5c0/0x5c0 [ 22.624856] ? memset+0x31/0x40 [ 22.628107] ? memzero_explicit+0xe/0x10 [ 22.632136] ? wp384_final+0xa6/0xf0 [ 22.635816] ? wp256_final+0xf0/0xf0 [ 22.639505] ? sock_kfree_s+0x29/0x60 [ 22.643307] ctr_crypt+0x34/0x40 [ 22.646638] ? ctr_crypt+0x34/0x40 [ 22.650165] ? lrw_encrypt+0x430/0x430 [ 22.654027] __ablk_encrypt+0x1d1/0x2d0 [ 22.658050] ? ablk_set_key+0x1a0/0x1a0 [ 22.661996] ? shash_async_update+0x20/0x20 [ 22.666286] ? kfree+0xf0/0x260 [ 22.669566] ? __ablk_encrypt+0x2d0/0x2d0 [ 22.673691] ablk_encrypt+0x23e/0x2c0 [ 22.677461] ? __ablk_encrypt+0x2d0/0x2d0 [ 22.681596] skcipher_decrypt_ablkcipher+0x312/0x420 [ 22.686694] ? scatterwalk_ffwd+0xbf/0x370 [ 22.690908] poly_tail_continue+0x42a/0x6b0 [ 22.695206] poly_tail+0x40f/0x520 [ 22.698744] poly_cipherpad+0x33e/0x470 [ 22.702691] poly_cipher+0x303/0x440 [ 22.706377] poly_adpad+0x347/0x480 [ 22.709978] poly_ad+0x25c/0x300 [ 22.713317] poly_setkey+0x2fc/0x3e0 [ 22.717008] poly_init+0x16c/0x1d0 [ 22.720523] poly_genkey+0x422/0x590 [ 22.724209] chachapoly_decrypt+0x73/0x90 [ 22.728327] aead_recvmsg+0x14a7/0x1bc0 [ 22.732298] ? aead_release+0x50/0x50 [ 22.736068] ? selinux_socket_recvmsg+0x36/0x40 [ 22.740706] ? security_socket_recvmsg+0x91/0xc0 [ 22.745526] ? aead_release+0x50/0x50 [ 22.749307] sock_recvmsg+0xc9/0x110 [ 22.753019] ? __sock_recv_wifi_status+0x210/0x210 [ 22.757923] ___sys_recvmsg+0x2a4/0x640 [ 22.761874] ? ___sys_sendmsg+0x8b0/0x8b0 [ 22.765998] ? __do_page_fault+0x5f7/0xc90 [ 22.770209] ? lock_downgrade+0x980/0x980 [ 22.774333] ? __fget_light+0x297/0x380 [ 22.778276] ? fget_raw+0x20/0x20 [ 22.781701] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 22.786266] ? vmacache_find+0x5f/0x280 [ 22.790217] ? up_read+0x1a/0x40 [ 22.793552] ? __do_page_fault+0x3d6/0xc90 [ 22.797762] ? SYSC_accept4+0x4ff/0x870 [ 22.801711] ? __fdget+0x18/0x20 [ 22.805050] __sys_recvmsg+0xe2/0x210 [ 22.808819] ? __sys_recvmsg+0xe2/0x210 [ 22.812761] ? SyS_sendmmsg+0x60/0x60 [ 22.816531] ? __do_page_fault+0xc90/0xc90 [ 22.820737] ? SyS_setsockopt+0x215/0x360 [ 22.824862] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 22.829850] SyS_recvmsg+0x2d/0x50 [ 22.833363] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 22.838084] RIP: 0033:0x43fef9 [ 22.841263] RSP: 002b:00007ffc18c85288 EFLAGS: 00000217 ORIG_RAX: 000000000000002f [ 22.848938] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fef9 [ 22.856187] RDX: 0000000000000000 RSI: 000000002022efc8 RDI: 0000000000000004 [ 22.863424] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 22.870665] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401860 [ 22.877906] R13: 00000000004018f0 R14: 0000000000000000 R15: 0000000000000000 [ 22.885163] ================================================================== [ 22.892523] Disabling lock debugging due to kernel taint [ 22.898030] Kernel panic - not syncing: panic_on_warn set ... [ 22.898030] [ 22.905376] CPU: 1 PID: 3147 Comm: syzkaller714541 Tainted: G B 4.15.0-rc4+ #164 [ 22.914098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.923428] Call Trace: [ 22.925987] dump_stack+0x194/0x257 [ 22.929584] ? arch_local_irq_restore+0x53/0x53 [ 22.934219] ? kasan_end_report+0x32/0x50 [ 22.938335] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 22.943058] ? vsnprintf+0x1ed/0x1900 [ 22.946831] ? scatterwalk_copychunks+0x170/0x480 [ 22.951652] panic+0x1e4/0x41c [ 22.954818] ? refcount_error_report+0x214/0x214 [ 22.959552] ? add_taint+0x1c/0x50 [ 22.963072] ? add_taint+0x1c/0x50 [ 22.966582] ? scatterwalk_copychunks+0x206/0x480 [ 22.971442] kasan_end_report+0x50/0x50 [ 22.975387] kasan_report+0x144/0x340 [ 22.979155] check_memory_region+0x137/0x190 [ 22.983555] memcpy+0x37/0x50 [ 22.986630] scatterwalk_copychunks+0x206/0x480 [ 22.991268] blkcipher_walk_done+0xa4b/0xde0 [ 22.995646] glue_ctr_crypt_128bit+0x597/0xc20 [ 23.000198] ? glue_ecb_crypt_128bit+0x5c0/0x5c0 [ 23.004920] ? memset+0x31/0x40 [ 23.008169] ? memzero_explicit+0xe/0x10 [ 23.012196] ? wp384_final+0xa6/0xf0 [ 23.015884] ? wp256_final+0xf0/0xf0 [ 23.019562] ? sock_kfree_s+0x29/0x60 [ 23.023340] ctr_crypt+0x34/0x40 [ 23.026671] ? ctr_crypt+0x34/0x40 [ 23.030177] ? lrw_encrypt+0x430/0x430 [ 23.034034] __ablk_encrypt+0x1d1/0x2d0 [ 23.037974] ? ablk_set_key+0x1a0/0x1a0 [ 23.041917] ? shash_async_update+0x20/0x20 [ 23.046207] ? kfree+0xf0/0x260 [ 23.049459] ? __ablk_encrypt+0x2d0/0x2d0 [ 23.053571] ablk_encrypt+0x23e/0x2c0 [ 23.057338] ? __ablk_encrypt+0x2d0/0x2d0 [ 23.061451] skcipher_decrypt_ablkcipher+0x312/0x420 [ 23.066520] ? scatterwalk_ffwd+0xbf/0x370 [ 23.070723] poly_tail_continue+0x42a/0x6b0 [ 23.075033] poly_tail+0x40f/0x520 [ 23.078632] poly_cipherpad+0x33e/0x470 [ 23.082574] poly_cipher+0x303/0x440 [ 23.086253] poly_adpad+0x347/0x480 [ 23.089846] poly_ad+0x25c/0x300 [ 23.093176] poly_setkey+0x2fc/0x3e0 [ 23.096856] poly_init+0x16c/0x1d0 [ 23.100363] poly_genkey+0x422/0x590 [ 23.104057] chachapoly_decrypt+0x73/0x90 [ 23.108170] aead_recvmsg+0x14a7/0x1bc0 [ 23.112117] ? aead_release+0x50/0x50 [ 23.115884] ? selinux_socket_recvmsg+0x36/0x40 [ 23.120518] ? security_socket_recvmsg+0x91/0xc0 [ 23.125240] ? aead_release+0x50/0x50 [ 23.129004] sock_recvmsg+0xc9/0x110 [ 23.132687] ? __sock_recv_wifi_status+0x210/0x210 [ 23.137578] ___sys_recvmsg+0x2a4/0x640 [ 23.141520] ? ___sys_sendmsg+0x8b0/0x8b0 [ 23.145634] ? __do_page_fault+0x5f7/0xc90 [ 23.149835] ? lock_downgrade+0x980/0x980 [ 23.153951] ? __fget_light+0x297/0x380 [ 23.157889] ? fget_raw+0x20/0x20 [ 23.161307] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 23.165853] ? vmacache_find+0x5f/0x280 [ 23.169793] ? up_read+0x1a/0x40 [ 23.173124] ? __do_page_fault+0x3d6/0xc90 [ 23.177323] ? SYSC_accept4+0x4ff/0x870 [ 23.181263] ? __fdget+0x18/0x20 [ 23.184595] __sys_recvmsg+0xe2/0x210 [ 23.188360] ? __sys_recvmsg+0xe2/0x210 [ 23.192297] ? SyS_sendmmsg+0x60/0x60 [ 23.196063] ? __do_page_fault+0xc90/0xc90 [ 23.200262] ? SyS_setsockopt+0x215/0x360 [ 23.204380] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 23.209364] SyS_recvmsg+0x2d/0x50 [ 23.212871] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 23.217589] RIP: 0033:0x43fef9 [ 23.220743] RSP: 002b:00007ffc18c85288 EFLAGS: 00000217 ORIG_RAX: 000000000000002f [ 23.228415] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fef9 [ 23.235648] RDX: 0000000000000000 RSI: 000000002022efc8 RDI: 0000000000000004 [ 23.242882] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 23.250114] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401860 [ 23.257349] R13: 00000000004018f0 R14: 0000000000000000 R15: 0000000000000000 [ 23.265015] Dumping ftrace buffer: [ 23.268519] (ftrace buffer empty) [ 23.272195] Kernel Offset: disabled [ 23.275786] Rebooting in 86400 seconds..