[....] Starting enhanced syslogd: rsyslogd[ 13.132205] audit: type=1400 audit(1512741317.610:5): avc: denied { syslog } for pid=2995 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.553611] audit: type=1400 audit(1512741324.031:6): avc: denied { map } for pid=3136 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-kasan-gce-0,10.128.15.200' (ECDSA) to the list of known hosts. executing program [ 26.057572] audit: type=1400 audit(1512741330.535:7): avc: denied { map } for pid=3150 comm="syzkaller576099" path="/root/syzkaller576099542" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 26.090737] ================================================================== [ 26.098131] BUG: KASAN: wild-memory-access in scatterwalk_copychunks+0x206/0x480 [ 26.105643] Write of size 16 at addr 00050800c4072f18 by task syzkaller576099/3150 [ 26.113325] [ 26.114929] CPU: 0 PID: 3150 Comm: syzkaller576099 Not tainted 4.15.0-rc2+ #212 [ 26.122345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.131671] Call Trace: [ 26.134233] dump_stack+0x194/0x257 [ 26.137834] ? arch_local_irq_restore+0x53/0x53 [ 26.142480] ? scatterwalk_copychunks+0x206/0x480 [ 26.147296] kasan_report+0x13b/0x340 [ 26.151081] check_memory_region+0x137/0x190 [ 26.155461] memcpy+0x37/0x50 [ 26.158540] scatterwalk_copychunks+0x206/0x480 [ 26.163191] blkcipher_walk_done+0xa4b/0xde0 [ 26.167577] glue_ctr_crypt_128bit+0x597/0xc20 [ 26.172154] ? glue_ecb_crypt_128bit+0x5c0/0x5c0 [ 26.176890] ? wp512_final+0x19e/0x2a0 [ 26.180750] ? memset+0x31/0x40 [ 26.184007] ? memzero_explicit+0xe/0x10 [ 26.188048] ? wp384_final+0x8b/0xc0 [ 26.191736] ? wp256_final+0xc0/0xc0 [ 26.195420] ? wp512_update+0x3b5/0x510 [ 26.199391] ctr_crypt+0x34/0x40 [ 26.202727] ? ctr_crypt+0x34/0x40 [ 26.206242] ? encrypt_callback+0x240/0x240 [ 26.210535] __ablk_encrypt+0x1d1/0x2d0 [ 26.214481] ? ablk_set_key+0x1a0/0x1a0 [ 26.218431] ? shash_async_update+0x20/0x20 [ 26.222721] ? kfree+0xe4/0x250 [ 26.225974] ? __ablk_encrypt+0x2d0/0x2d0 [ 26.230096] ablk_encrypt+0x23e/0x2c0 [ 26.233868] ? __ablk_encrypt+0x2d0/0x2d0 [ 26.237990] skcipher_decrypt_ablkcipher+0x312/0x420 [ 26.243065] ? scatterwalk_ffwd+0xbf/0x370 [ 26.247275] poly_tail_continue+0x42a/0x6b0 [ 26.251575] poly_tail+0x40f/0x520 [ 26.255091] poly_cipherpad+0x33e/0x470 [ 26.259045] poly_cipher+0x303/0x440 [ 26.262733] poly_adpad+0x347/0x480 [ 26.266339] poly_ad+0x25c/0x300 [ 26.269681] poly_setkey+0x2fc/0x3e0 [ 26.273369] poly_init+0x16c/0x1d0 [ 26.276882] poly_genkey+0x422/0x590 [ 26.280585] chachapoly_decrypt+0x73/0x90 [ 26.284706] aead_recvmsg+0x14a7/0x1bc0 [ 26.288669] ? aead_release+0x50/0x50 [ 26.292447] ? selinux_socket_recvmsg+0x36/0x40 [ 26.297089] ? security_socket_recvmsg+0x91/0xc0 [ 26.301818] ? aead_release+0x50/0x50 [ 26.305591] sock_recvmsg+0xc9/0x110 [ 26.309277] ? __sock_recv_wifi_status+0x210/0x210 [ 26.314193] ___sys_recvmsg+0x29b/0x630 [ 26.318147] ? ___sys_sendmsg+0x8a0/0x8a0 [ 26.322288] ? fget_raw+0x20/0x20 [ 26.325712] ? __handle_mm_fault+0x3e20/0x3e20 [ 26.330266] ? vmacache_find+0x5f/0x280 [ 26.334219] ? up_read+0x1a/0x40 [ 26.337559] ? __do_page_fault+0x3d6/0xc90 [ 26.341761] ? fd_install+0x4d/0x60 [ 26.345375] ? __fdget+0x18/0x20 [ 26.348720] __sys_recvmsg+0xe2/0x210 [ 26.352505] ? __sys_recvmsg+0xe2/0x210 [ 26.356464] ? SyS_sendmmsg+0x60/0x60 [ 26.360248] ? __do_page_fault+0xc90/0xc90 [ 26.364459] ? SyS_setsockopt+0x215/0x360 [ 26.368590] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.373593] SyS_recvmsg+0x2d/0x50 [ 26.377106] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 26.381831] RIP: 0033:0x43ff39 [ 26.384995] RSP: 002b:00007ffc8b821e58 EFLAGS: 00000217 ORIG_RAX: 000000000000002f [ 26.392686] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff39 [ 26.399936] RDX: 0000000000000000 RSI: 0000000020c0c000 RDI: 0000000000000004 [ 26.407178] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 26.414418] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004018a0 [ 26.421661] R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000 [ 26.428919] ================================================================== [ 26.436253] Disabling lock debugging due to kernel taint [ 26.442051] Kernel panic - not syncing: panic_on_warn set ... [ 26.442051] [ 26.449395] CPU: 0 PID: 3150 Comm: syzkaller576099 Tainted: G B 4.15.0-rc2+ #212 [ 26.458110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.467430] Call Trace: [ 26.469984] dump_stack+0x194/0x257 [ 26.473579] ? arch_local_irq_restore+0x53/0x53 [ 26.478214] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.482933] ? vsnprintf+0x1ed/0x1900 [ 26.486700] ? scatterwalk_copychunks+0x1d0/0x480 [ 26.491513] panic+0x1e4/0x41c [ 26.494672] ? refcount_error_report+0x214/0x214 [ 26.499393] ? add_taint+0x1c/0x50 [ 26.502898] ? add_taint+0x1c/0x50 [ 26.506403] ? scatterwalk_copychunks+0x206/0x480 [ 26.511212] kasan_end_report+0x50/0x50 [ 26.515152] kasan_report+0x144/0x340 [ 26.518919] check_memory_region+0x137/0x190 [ 26.523293] memcpy+0x37/0x50 [ 26.526367] scatterwalk_copychunks+0x206/0x480 [ 26.531004] blkcipher_walk_done+0xa4b/0xde0 [ 26.535388] glue_ctr_crypt_128bit+0x597/0xc20 [ 26.539941] ? glue_ecb_crypt_128bit+0x5c0/0x5c0 [ 26.544663] ? wp512_final+0x19e/0x2a0 [ 26.548513] ? memset+0x31/0x40 [ 26.551768] ? memzero_explicit+0xe/0x10 [ 26.555800] ? wp384_final+0x8b/0xc0 [ 26.559479] ? wp256_final+0xc0/0xc0 [ 26.563159] ? wp512_update+0x3b5/0x510 [ 26.567109] ctr_crypt+0x34/0x40 [ 26.570441] ? ctr_crypt+0x34/0x40 [ 26.573946] ? encrypt_callback+0x240/0x240 [ 26.578231] __ablk_encrypt+0x1d1/0x2d0 [ 26.582171] ? ablk_set_key+0x1a0/0x1a0 [ 26.586113] ? shash_async_update+0x20/0x20 [ 26.590402] ? kfree+0xe4/0x250 [ 26.593647] ? __ablk_encrypt+0x2d0/0x2d0 [ 26.597769] ablk_encrypt+0x23e/0x2c0 [ 26.601534] ? __ablk_encrypt+0x2d0/0x2d0 [ 26.605648] skcipher_decrypt_ablkcipher+0x312/0x420 [ 26.610714] ? scatterwalk_ffwd+0xbf/0x370 [ 26.614924] poly_tail_continue+0x42a/0x6b0 [ 26.619219] poly_tail+0x40f/0x520 [ 26.622726] poly_cipherpad+0x33e/0x470 [ 26.626669] poly_cipher+0x303/0x440 [ 26.630352] poly_adpad+0x347/0x480 [ 26.633944] poly_ad+0x25c/0x300 [ 26.637277] poly_setkey+0x2fc/0x3e0 [ 26.640959] poly_init+0x16c/0x1d0 [ 26.644464] poly_genkey+0x422/0x590 [ 26.648146] chachapoly_decrypt+0x73/0x90 [ 26.652259] aead_recvmsg+0x14a7/0x1bc0 [ 26.656208] ? aead_release+0x50/0x50 [ 26.659975] ? selinux_socket_recvmsg+0x36/0x40 [ 26.664619] ? security_socket_recvmsg+0x91/0xc0 [ 26.669346] ? aead_release+0x50/0x50 [ 26.673113] sock_recvmsg+0xc9/0x110 [ 26.676792] ? __sock_recv_wifi_status+0x210/0x210 [ 26.681687] ___sys_recvmsg+0x29b/0x630 [ 26.685630] ? ___sys_sendmsg+0x8a0/0x8a0 [ 26.689752] ? fget_raw+0x20/0x20 [ 26.693171] ? __handle_mm_fault+0x3e20/0x3e20 [ 26.697719] ? vmacache_find+0x5f/0x280 [ 26.701669] ? up_read+0x1a/0x40 [ 26.705699] ? __do_page_fault+0x3d6/0xc90 [ 26.709898] ? fd_install+0x4d/0x60 [ 26.713492] ? __fdget+0x18/0x20 [ 26.716831] __sys_recvmsg+0xe2/0x210 [ 26.720601] ? __sys_recvmsg+0xe2/0x210 [ 26.724541] ? SyS_sendmmsg+0x60/0x60 [ 26.728319] ? __do_page_fault+0xc90/0xc90 [ 26.732523] ? SyS_setsockopt+0x215/0x360 [ 26.736642] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.741627] SyS_recvmsg+0x2d/0x50 [ 26.745138] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 26.749859] RIP: 0033:0x43ff39 [ 26.753017] RSP: 002b:00007ffc8b821e58 EFLAGS: 00000217 ORIG_RAX: 000000000000002f [ 26.760690] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff39 [ 26.767925] RDX: 0000000000000000 RSI: 0000000020c0c000 RDI: 0000000000000004 [ 26.775159] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 26.782394] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004018a0 [ 26.789637] R13: 0000000000401930 R14: 0000000000000000 R15: 0000000000000000 [ 26.797342] Dumping ftrace buffer: [ 26.800847] (ftrace buffer empty) [ 26.804531] Kernel Offset: disabled [ 26.808124] Rebooting in 86400 seconds..