[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 11.495251] audit: type=1400 audit(1513964889.022:6): avc: denied { map } for pid=3132 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-5,10.128.15.233' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 19.843270] audit: type=1400 audit(1513964897.370:7): avc: denied { map } for pid=3146 comm="syzkaller227889" path="/root/syzkaller227889473" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 19.878817] ================================================================== [ 19.886217] BUG: KASAN: slab-out-of-bounds in sha3_update+0xdf/0x2e0 [ 19.892679] Write of size 192 at addr ffff8801ced751bc by task syzkaller227889/3146 [ 19.900436] [ 19.902036] CPU: 1 PID: 3146 Comm: syzkaller227889 Not tainted 4.15.0-rc4-mm1+ #48 [ 19.909707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.919029] Call Trace: [ 19.921589] dump_stack+0x194/0x257 [ 19.925188] ? arch_local_irq_restore+0x53/0x53 [ 19.929826] ? show_regs_print_info+0x18/0x18 [ 19.934290] ? keyctl_dh_compute+0xac/0xf3 [ 19.938496] ? sha3_update+0xdf/0x2e0 [ 19.942269] print_address_description+0x73/0x250 [ 19.947079] ? sha3_update+0xdf/0x2e0 [ 19.950848] kasan_report+0x23b/0x360 [ 19.954632] check_memory_region+0x137/0x190 [ 19.959010] memcpy+0x37/0x50 [ 19.962094] sha3_update+0xdf/0x2e0 [ 19.965694] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 19.971551] crypto_shash_update+0xda/0x240 [ 19.975848] hmac_update+0x7e/0xa0 [ 19.979368] crypto_shash_update+0xda/0x240 [ 19.983657] ? hmac_import+0x1bd/0x230 [ 19.987517] __keyctl_dh_compute+0x160f/0x1990 [ 19.992084] ? dh_data_from_key+0x340/0x340 [ 19.996379] ? find_held_lock+0x35/0x1d0 [ 20.000420] ? __might_fault+0x110/0x1d0 [ 20.004448] ? lock_downgrade+0x980/0x980 [ 20.008567] ? __do_page_fault+0x3d6/0xc90 [ 20.012861] ? lock_release+0xa40/0xa40 [ 20.016800] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 20.022680] ? kasan_check_write+0x14/0x20 [ 20.026890] keyctl_dh_compute+0xac/0xf3 [ 20.030918] ? __keyctl_dh_compute+0x1990/0x1990 [ 20.035653] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 20.040644] SyS_keyctl+0x72/0x2c0 [ 20.044158] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 20.048882] RIP: 0033:0x43feb9 [ 20.052040] RSP: 002b:00007ffd932bb888 EFLAGS: 00000203 ORIG_RAX: 00000000000000fa [ 20.059715] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043feb9 [ 20.066952] RDX: 0000000020c2cfff RSI: 00000000204c8ff4 RDI: 0000000000000017 [ 20.074191] RBP: 00000000006ca018 R08: 00000000208e6fd4 R09: 0000000000000000 [ 20.081428] R10: 0000000000000001 R11: 0000000000000203 R12: 0000000000401820 [ 20.088676] R13: 00000000004018b0 R14: 0000000000000000 R15: 0000000000000000 [ 20.095930] [ 20.097540] Allocated by task 3146: [ 20.101139] save_stack+0x43/0xd0 [ 20.104558] kasan_kmalloc+0xad/0xe0 [ 20.108237] __kmalloc+0x162/0x760 [ 20.111743] __keyctl_dh_compute+0x2b0/0x1990 [ 20.116202] keyctl_dh_compute+0xac/0xf3 [ 20.120231] SyS_keyctl+0x72/0x2c0 [ 20.123738] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 20.128456] [ 20.130050] Freed by task 1607: [ 20.133294] save_stack+0x43/0xd0 [ 20.136713] kasan_slab_free+0x71/0xc0 [ 20.140565] kfree+0xd6/0x260 [ 20.143638] skb_free_head+0x74/0xb0 [ 20.147318] skb_release_data+0x58c/0x790 [ 20.151434] skb_release_all+0x4a/0x60 [ 20.155287] consume_skb+0x153/0x490 [ 20.158966] skb_free_datagram+0x1a/0xe0 [ 20.162997] netlink_recvmsg+0x5c6/0x1300 [ 20.167116] sock_recvmsg+0xc9/0x110 [ 20.170795] ___sys_recvmsg+0x2a4/0x640 [ 20.174737] __sys_recvmsg+0xe2/0x210 [ 20.178503] SyS_recvmsg+0x2d/0x50 [ 20.182017] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 20.186749] [ 20.188345] The buggy address belongs to the object at ffff8801ced750c0 [ 20.188345] which belongs to the cache kmalloc-512 of size 512 [ 20.200965] The buggy address is located 252 bytes inside of [ 20.200965] 512-byte region [ffff8801ced750c0, ffff8801ced752c0) [ 20.212804] The buggy address belongs to the page: [ 20.217707] page:ffffea00073b5d40 count:1 mapcount:0 mapping:ffff8801ced750c0 index:0x0 [ 20.225816] flags: 0x2fffc0000000100(slab) [ 20.230024] raw: 02fffc0000000100 ffff8801ced750c0 0000000000000000 0000000100000006 [ 20.237873] raw: ffffea00073b5ce0 ffffea00073b5de0 ffff8801dac00940 0000000000000000 [ 20.245716] page dumped because: kasan: bad access detected [ 20.251388] [ 20.252982] Memory state around the buggy address: [ 20.257877] ffff8801ced75100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.265201] ffff8801ced75180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.272526] >ffff8801ced75200: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 20.279862] ^ [ 20.285538] ffff8801ced75280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.292864] ffff8801ced75300: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 20.300189] ================================================================== [ 20.307517] Disabling lock debugging due to kernel taint [ 20.313100] Kernel panic - not syncing: panic_on_warn set ... [ 20.313100] [ 20.320444] CPU: 1 PID: 3146 Comm: syzkaller227889 Tainted: G B 4.15.0-rc4-mm1+ #48 [ 20.329418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.338737] Call Trace: [ 20.341293] dump_stack+0x194/0x257 [ 20.344888] ? arch_local_irq_restore+0x53/0x53 [ 20.349535] ? kasan_end_report+0x32/0x50 [ 20.353666] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 20.358388] ? vsnprintf+0x1ed/0x1900 [ 20.362157] ? sha3_update+0xd0/0x2e0 [ 20.365926] panic+0x1e4/0x41c [ 20.369088] ? refcount_error_report+0x214/0x214 [ 20.373811] ? add_taint+0x1c/0x50 [ 20.377326] ? add_taint+0x1c/0x50 [ 20.380831] ? sha3_update+0xdf/0x2e0 [ 20.384599] kasan_end_report+0x50/0x50 [ 20.388538] kasan_report+0x148/0x360 [ 20.392306] check_memory_region+0x137/0x190 [ 20.396679] memcpy+0x37/0x50 [ 20.399751] sha3_update+0xdf/0x2e0 [ 20.403349] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 20.409204] crypto_shash_update+0xda/0x240 [ 20.413496] hmac_update+0x7e/0xa0 [ 20.417009] crypto_shash_update+0xda/0x240 [ 20.421298] ? hmac_import+0x1bd/0x230 [ 20.425155] __keyctl_dh_compute+0x160f/0x1990 [ 20.429710] ? dh_data_from_key+0x340/0x340 [ 20.434001] ? find_held_lock+0x35/0x1d0 [ 20.438042] ? __might_fault+0x110/0x1d0 [ 20.442071] ? lock_downgrade+0x980/0x980 [ 20.446183] ? __do_page_fault+0x3d6/0xc90 [ 20.450386] ? lock_release+0xa40/0xa40 [ 20.454328] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 20.460186] ? kasan_check_write+0x14/0x20 [ 20.464388] keyctl_dh_compute+0xac/0xf3 [ 20.468415] ? __keyctl_dh_compute+0x1990/0x1990 [ 20.473139] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 20.478124] SyS_keyctl+0x72/0x2c0 [ 20.481635] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 20.486356] RIP: 0033:0x43feb9 [ 20.489513] RSP: 002b:00007ffd932bb888 EFLAGS: 00000203 ORIG_RAX: 00000000000000fa [ 20.497185] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043feb9 [ 20.504421] RDX: 0000000020c2cfff RSI: 00000000204c8ff4 RDI: 0000000000000017 [ 20.511656] RBP: 00000000006ca018 R08: 00000000208e6fd4 R09: 0000000000000000 [ 20.518891] R10: 0000000000000001 R11: 0000000000000203 R12: 0000000000401820 [ 20.526127] R13: 00000000004018b0 R14: 0000000000000000 R15: 0000000000000000 [ 20.533794] Dumping ftrace buffer: [ 20.537306] (ftrace buffer empty) [ 20.540982] Kernel Offset: disabled [ 20.544576] Rebooting in 86400 seconds..