[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 11.152461] audit: type=1400 audit(1514029483.398:6): avc: denied { map } for pid=3129 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-next-kasan-gce-4,10.128.15.204' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 17.311253] audit: type=1400 audit(1514029489.556:7): avc: denied { map } for pid=3143 comm="syzkaller628720" path="/root/syzkaller628720521" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 17.345761] ================================================================== [ 17.353166] BUG: KASAN: slab-out-of-bounds in sha3_update+0xdf/0x2e0 [ 17.359628] Write of size 192 at addr ffff8801ce9aa37c by task syzkaller628720/3143 [ 17.367387] [ 17.368987] CPU: 1 PID: 3143 Comm: syzkaller628720 Not tainted 4.15.0-rc4-next-20171221+ #78 [ 17.377530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 17.386856] Call Trace: [ 17.389414] dump_stack+0x194/0x257 [ 17.393020] ? arch_local_irq_restore+0x53/0x53 [ 17.397666] ? show_regs_print_info+0x18/0x18 [ 17.402132] ? keyctl_dh_compute+0xac/0xf3 [ 17.406351] ? sha3_update+0xdf/0x2e0 [ 17.410124] print_address_description+0x73/0x250 [ 17.414937] ? sha3_update+0xdf/0x2e0 [ 17.418717] kasan_report+0x25b/0x340 [ 17.422500] check_memory_region+0x137/0x190 [ 17.426878] memcpy+0x37/0x50 [ 17.429953] sha3_update+0xdf/0x2e0 [ 17.433555] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 17.439412] crypto_shash_update+0xda/0x240 [ 17.443709] hmac_update+0x7e/0xa0 [ 17.447220] crypto_shash_update+0xda/0x240 [ 17.451510] ? hmac_import+0x1bd/0x230 [ 17.455373] __keyctl_dh_compute+0x160f/0x1990 [ 17.459949] ? dh_data_from_key+0x340/0x340 [ 17.464257] ? find_held_lock+0x35/0x1d0 [ 17.468301] ? __might_fault+0x110/0x1d0 [ 17.472350] ? lock_downgrade+0x980/0x980 [ 17.476467] ? __do_page_fault+0x3d6/0xc90 [ 17.480671] ? lock_release+0xa40/0xa40 [ 17.484614] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 17.490484] ? kasan_check_write+0x14/0x20 [ 17.494698] keyctl_dh_compute+0xac/0xf3 [ 17.498729] ? __keyctl_dh_compute+0x1990/0x1990 [ 17.503462] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 17.508451] SyS_keyctl+0x72/0x2c0 [ 17.511966] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 17.516688] RIP: 0033:0x43feb9 [ 17.519847] RSP: 002b:00007ffd17c31748 EFLAGS: 00000203 ORIG_RAX: 00000000000000fa [ 17.527526] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043feb9 [ 17.534764] RDX: 0000000020c2cfff RSI: 00000000204c8ff4 RDI: 0000000000000017 [ 17.542004] RBP: 00000000006ca018 R08: 00000000208e6fd4 R09: 0000000000000000 [ 17.549256] R10: 0000000000000001 R11: 0000000000000203 R12: 0000000000401820 [ 17.556493] R13: 00000000004018b0 R14: 0000000000000000 R15: 0000000000000000 [ 17.563745] [ 17.565343] Allocated by task 3143: [ 17.568942] save_stack+0x43/0xd0 [ 17.572363] kasan_kmalloc+0xad/0xe0 [ 17.576047] __kmalloc+0x162/0x760 [ 17.579556] __keyctl_dh_compute+0x2b0/0x1990 [ 17.584023] keyctl_dh_compute+0xac/0xf3 [ 17.588053] SyS_keyctl+0x72/0x2c0 [ 17.591561] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 17.596280] [ 17.597876] Freed by task 1606: [ 17.601121] save_stack+0x43/0xd0 [ 17.604546] kasan_slab_free+0x71/0xc0 [ 17.608403] kfree+0xd6/0x260 [ 17.611482] skb_free_head+0x74/0xb0 [ 17.615169] skb_release_data+0x58c/0x790 [ 17.619290] skb_release_all+0x4a/0x60 [ 17.623146] consume_skb+0x153/0x490 [ 17.626832] skb_free_datagram+0x1a/0xe0 [ 17.630879] netlink_recvmsg+0x5c6/0x1300 [ 17.635006] sock_recvmsg+0xc9/0x110 [ 17.638693] ___sys_recvmsg+0x2a4/0x640 [ 17.642638] __sys_recvmsg+0xe2/0x210 [ 17.646408] SyS_recvmsg+0x2d/0x50 [ 17.649921] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 17.654639] [ 17.656234] The buggy address belongs to the object at ffff8801ce9aa280 [ 17.656234] which belongs to the cache kmalloc-512 of size 512 [ 17.668853] The buggy address is located 252 bytes inside of [ 17.668853] 512-byte region [ffff8801ce9aa280, ffff8801ce9aa480) [ 17.680693] The buggy address belongs to the page: [ 17.685601] page:000000008a4f8a81 count:1 mapcount:0 mapping:0000000018a25b23 index:0x0 [ 17.693726] flags: 0x2fffc0000000100(slab) [ 17.697942] raw: 02fffc0000000100 ffff8801ce9aa000 0000000000000000 0000000100000006 [ 17.705814] raw: ffffea00073a69e0 ffffea00073a6b20 ffff8801dac00940 0000000000000000 [ 17.713661] page dumped because: kasan: bad access detected [ 17.719339] [ 17.720933] Memory state around the buggy address: [ 17.725830] ffff8801ce9aa300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.733158] ffff8801ce9aa380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.740485] >ffff8801ce9aa400: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.747807] ^ [ 17.751399] ffff8801ce9aa480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.758725] ffff8801ce9aa500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.766049] ================================================================== [ 17.773370] Disabling lock debugging due to kernel taint [ 17.779162] Kernel panic - not syncing: panic_on_warn set ... [ 17.779162] [ 17.786508] CPU: 1 PID: 3143 Comm: syzkaller628720 Tainted: G B 4.15.0-rc4-next-20171221+ #78 [ 17.796349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 17.805669] Call Trace: [ 17.808234] dump_stack+0x194/0x257 [ 17.811832] ? arch_local_irq_restore+0x53/0x53 [ 17.816467] ? kasan_end_report+0x32/0x50 [ 17.820583] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 17.825303] ? vsnprintf+0x1ed/0x1900 [ 17.829071] ? sha3_update+0x50/0x2e0 [ 17.832842] panic+0x1e4/0x41c [ 17.836012] ? refcount_error_report+0x214/0x214 [ 17.840742] ? add_taint+0x1c/0x50 [ 17.844247] ? add_taint+0x1c/0x50 [ 17.847754] ? sha3_update+0xdf/0x2e0 [ 17.851537] kasan_end_report+0x50/0x50 [ 17.855484] kasan_report+0x144/0x340 [ 17.859259] check_memory_region+0x137/0x190 [ 17.863648] memcpy+0x37/0x50 [ 17.866723] sha3_update+0xdf/0x2e0 [ 17.870325] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 17.876182] crypto_shash_update+0xda/0x240 [ 17.880479] hmac_update+0x7e/0xa0 [ 17.883988] crypto_shash_update+0xda/0x240 [ 17.888277] ? hmac_import+0x1bd/0x230 [ 17.892137] __keyctl_dh_compute+0x160f/0x1990 [ 17.896693] ? dh_data_from_key+0x340/0x340 [ 17.900984] ? find_held_lock+0x35/0x1d0 [ 17.905021] ? __might_fault+0x110/0x1d0 [ 17.909068] ? lock_downgrade+0x980/0x980 [ 17.913184] ? __do_page_fault+0x3d6/0xc90 [ 17.917385] ? lock_release+0xa40/0xa40 [ 17.921324] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 17.927185] ? kasan_check_write+0x14/0x20 [ 17.931386] keyctl_dh_compute+0xac/0xf3 [ 17.935422] ? __keyctl_dh_compute+0x1990/0x1990 [ 17.940147] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 17.945133] SyS_keyctl+0x72/0x2c0 [ 17.948645] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 17.953371] RIP: 0033:0x43feb9 [ 17.956532] RSP: 002b:00007ffd17c31748 EFLAGS: 00000203 ORIG_RAX: 00000000000000fa [ 17.964207] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043feb9 [ 17.971464] RDX: 0000000020c2cfff RSI: 00000000204c8ff4 RDI: 0000000000000017 [ 17.978703] RBP: 00000000006ca018 R08: 00000000208e6fd4 R09: 0000000000000000 [ 17.985939] R10: 0000000000000001 R11: 0000000000000203 R12: 0000000000401820 [ 17.993183] R13: 00000000004018b0 R14: 0000000000000000 R15: 0000000000000000 [ 18.000928] Dumping ftrace buffer: [ 18.004437] (ftrace buffer empty) [ 18.008116] Kernel Offset: disabled [ 18.011710] Rebooting in 86400 seconds..