[....] Starting enhanced syslogd: rsyslogd[ 12.999085] audit: type=1400 audit(1513208931.403:5): avc: denied { syslog } for pid=2992 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 18.725460] audit: type=1400 audit(1513208937.130:6): avc: denied { map } for pid=3133 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-5,10.128.0.50' (ECDSA) to the list of known hosts. executing program [ 27.423967] audit: type=1400 audit(1513208945.828:7): avc: denied { map } for pid=3148 comm="syzkaller114896" path="/root/syzkaller114896418" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 27.429919] ================================================================== [ 27.429938] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x25a1/0x3270 [ 27.429946] Read of size 2048 at addr ffff8801c4adf5d8 by task syzkaller114896/3148 [ 27.429949] [ 27.429959] CPU: 0 PID: 3148 Comm: syzkaller114896 Not tainted 4.15.0-rc2-mm1+ #39 [ 27.429965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.429970] Call Trace: [ 27.429983] dump_stack+0x194/0x257 [ 27.429999] ? arch_local_irq_restore+0x53/0x53 [ 27.430014] ? show_regs_print_info+0x18/0x18 [ 27.430024] ? __lock_is_held+0xbc/0x140 [ 27.430042] ? pfkey_add+0x25a1/0x3270 [ 27.430056] print_address_description+0x73/0x250 [ 27.430067] ? pfkey_add+0x25a1/0x3270 [ 27.430078] kasan_report+0x25b/0x340 [ 27.430095] check_memory_region+0x137/0x190 [ 27.430106] memcpy+0x23/0x50 [ 27.430119] pfkey_add+0x25a1/0x3270 [ 27.430146] ? set_ipsecrequest+0x310/0x310 [ 27.430161] ? lock_release+0xda0/0xda0 [ 27.430173] ? set_ipsecrequest+0x310/0x310 [ 27.430187] pfkey_process+0x60b/0x720 [ 27.430207] ? pfkey_send_new_mapping+0x11b0/0x11b0 [ 27.430215] ? kasan_check_write+0x14/0x20 [ 27.430258] ? dup_iter+0x182/0x260 [ 27.430285] pfkey_sendmsg+0x4d6/0x9f0 [ 27.430301] ? pfkey_spdget+0xb00/0xb00 [ 27.430318] ? selinux_socket_sendmsg+0x36/0x40 [ 27.430329] ? security_socket_sendmsg+0x89/0xb0 [ 27.430340] ? pfkey_spdget+0xb00/0xb00 [ 27.430354] sock_sendmsg+0xca/0x110 [ 27.430368] ___sys_sendmsg+0x75b/0x8a0 [ 27.430386] ? copy_msghdr_from_user+0x590/0x590 [ 27.430398] ? lock_downgrade+0x980/0x980 [ 27.430436] ? fget_raw+0x20/0x20 [ 27.430449] ? __handle_mm_fault+0x3dd0/0x3dd0 [ 27.430458] ? vmacache_find+0x5f/0x280 [ 27.430479] ? up_read+0x1a/0x40 [ 27.430492] ? __do_page_fault+0x3d6/0xc90 [ 27.430500] ? get_unused_fd_flags+0x190/0x190 [ 27.430522] ? __fdget+0x18/0x20 [ 27.430540] __sys_sendmsg+0xe5/0x210 [ 27.430548] ? __sys_sendmsg+0xe5/0x210 [ 27.430561] ? SyS_shutdown+0x290/0x290 [ 27.430576] ? __do_page_fault+0xc90/0xc90 [ 27.430593] ? fd_install+0x4d/0x60 [ 27.430621] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.430640] SyS_sendmsg+0x2d/0x50 [ 27.430655] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 27.430663] RIP: 0033:0x43ff59 [ 27.430669] RSP: 002b:00007ffe6e10fad8 EFLAGS: 00000203 ORIG_RAX: 000000000000002e [ 27.430680] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff59 [ 27.430686] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003 [ 27.430692] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 27.430698] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018c0 [ 27.430704] R13: 0000000000401950 R14: 0000000000000000 R15: 0000000000000000 [ 27.430735] [ 27.430740] Allocated by task 3148: [ 27.430748] save_stack+0x43/0xd0 [ 27.430755] kasan_kmalloc+0xad/0xe0 [ 27.430765] __kmalloc_node_track_caller+0x47/0x70 [ 27.430773] __kmalloc_reserve.isra.41+0x41/0xd0 [ 27.430779] __alloc_skb+0x13b/0x780 [ 27.430787] pfkey_sendmsg+0x20f/0x9f0 [ 27.430794] sock_sendmsg+0xca/0x110 [ 27.430801] ___sys_sendmsg+0x75b/0x8a0 [ 27.430808] __sys_sendmsg+0xe5/0x210 [ 27.430815] SyS_sendmsg+0x2d/0x50 [ 27.430823] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 27.430827] [ 27.430832] Freed by task 1635: [ 27.430839] save_stack+0x43/0xd0 [ 27.430846] kasan_slab_free+0x71/0xc0 [ 27.430854] kfree+0xca/0x250 [ 27.430861] kernfs_fop_release+0x13f/0x180 [ 27.430869] __fput+0x333/0x7f0 [ 27.430876] ____fput+0x15/0x20 [ 27.430885] task_work_run+0x199/0x270 [ 27.430894] exit_to_usermode_loop+0x275/0x2f0 [ 27.430902] syscall_return_slowpath+0x490/0x550 [ 27.430910] entry_SYSCALL_64_fastpath+0x94/0x96 [ 27.430914] [ 27.430921] The buggy address belongs to the object at ffff8801c4adf5c0 [ 27.430921] which belongs to the cache kmalloc-512 of size 512 [ 27.430928] The buggy address is located 24 bytes inside of [ 27.430928] 512-byte region [ffff8801c4adf5c0, ffff8801c4adf7c0) [ 27.430933] The buggy address belongs to the page: [ 27.430940] page:000000000c6fa9a4 count:1 mapcount:0 mapping:0000000053f9abe5 index:0x0 [ 27.430951] flags: 0x2fffc0000000100(slab) [ 27.430962] raw: 02fffc0000000100 ffff8801c4adf0c0 0000000000000000 0000000100000006 [ 27.430971] raw: ffffea0007120520 ffffea000715f820 ffff8801dac00940 0000000000000000 [ 27.430976] page dumped because: kasan: bad access detected [ 27.430980] [ 27.430984] Memory state around the buggy address: [ 27.430992] ffff8801c4adf680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.430999] ffff8801c4adf700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.431007] >ffff8801c4adf780: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 27.431012] ^ [ 27.431019] ffff8801c4adf800: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 27.431026] ffff8801c4adf880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.431030] ================================================================== [ 27.431034] Disabling lock debugging due to kernel taint [ 27.431054] Kernel panic - not syncing: panic_on_warn set ... [ 27.431054] [ 27.431060] CPU: 0 PID: 3148 Comm: syzkaller114896 Tainted: G B 4.15.0-rc2-mm1+ #39 [ 27.431064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 27.431065] Call Trace: [ 27.431072] dump_stack+0x194/0x257 [ 27.431080] ? arch_local_irq_restore+0x53/0x53 [ 27.431088] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.431097] ? vsnprintf+0x1ed/0x1900 [ 27.431104] ? pfkey_add+0x24f0/0x3270 [ 27.431111] panic+0x1e4/0x41c [ 27.431118] ? refcount_error_report+0x214/0x214 [ 27.431126] ? add_taint+0x1c/0x50 [ 27.431133] ? add_taint+0x1c/0x50 [ 27.431141] ? pfkey_add+0x25a1/0x3270 [ 27.431148] kasan_end_report+0x50/0x50 [ 27.431154] kasan_report+0x144/0x340 [ 27.431163] check_memory_region+0x137/0x190 [ 27.431169] memcpy+0x23/0x50 [ 27.431177] pfkey_add+0x25a1/0x3270 [ 27.431192] ? set_ipsecrequest+0x310/0x310 [ 27.431200] ? lock_release+0xda0/0xda0 [ 27.431207] ? set_ipsecrequest+0x310/0x310 [ 27.431215] pfkey_process+0x60b/0x720 [ 27.431226] ? pfkey_send_new_mapping+0x11b0/0x11b0 [ 27.431231] ? kasan_check_write+0x14/0x20 [ 27.431251] ? dup_iter+0x182/0x260 [ 27.431263] pfkey_sendmsg+0x4d6/0x9f0 [ 27.431277] ? pfkey_spdget+0xb00/0xb00 [ 27.431286] ? selinux_socket_sendmsg+0x36/0x40 [ 27.431293] ? security_socket_sendmsg+0x89/0xb0 [ 27.431300] ? pfkey_spdget+0xb00/0xb00 [ 27.431307] sock_sendmsg+0xca/0x110 [ 27.431315] ___sys_sendmsg+0x75b/0x8a0 [ 27.431325] ? copy_msghdr_from_user+0x590/0x590 [ 27.431332] ? lock_downgrade+0x980/0x980 [ 27.431351] ? fget_raw+0x20/0x20 [ 27.431357] ? __handle_mm_fault+0x3dd0/0x3dd0 [ 27.431363] ? vmacache_find+0x5f/0x280 [ 27.431374] ? up_read+0x1a/0x40 [ 27.431380] ? __do_page_fault+0x3d6/0xc90 [ 27.431386] ? get_unused_fd_flags+0x190/0x190 [ 27.431398] ? __fdget+0x18/0x20 [ 27.431408] __sys_sendmsg+0xe5/0x210 [ 27.431413] ? __sys_sendmsg+0xe5/0x210 [ 27.431421] ? SyS_shutdown+0x290/0x290 [ 27.431428] ? __do_page_fault+0xc90/0xc90 [ 27.431438] ? fd_install+0x4d/0x60 [ 27.431454] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 27.431464] SyS_sendmsg+0x2d/0x50 [ 27.431472] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 27.431476] RIP: 0033:0x43ff59 [ 27.431479] RSP: 002b:00007ffe6e10fad8 EFLAGS: 00000203 ORIG_RAX: 000000000000002e [ 27.431485] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff59 [ 27.431489] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003 [ 27.431492] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 27.431496] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018c0 [ 27.431499] R13: 0000000000401950 R14: 0000000000000000 R15: 0000000000000000 [ 27.450621] Dumping ftrace buffer: [ 27.450624] (ftrace buffer empty) [ 27.450627] Kernel Offset: disabled [ 28.200359] Rebooting in 86400 seconds..