[....] Starting enhanced syslogd: rsyslogd[ 10.544510] audit: type=1400 audit(1513793772.222:5): avc: denied { syslog } for pid=2988 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 13.240363] audit: type=1400 audit(1513793774.918:6): avc: denied { map } for pid=3127 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-kasan-gce-2,10.128.0.30' (ECDSA) to the list of known hosts. executing program [ 19.416256] audit: type=1400 audit(1513793781.094:7): avc: denied { map } for pid=3141 comm="syzkaller377124" path="/root/syzkaller377124977" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 19.421092] ================================================================== [ 19.421110] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x259e/0x3270 [ 19.421116] Read of size 6144 at addr ffff8801cee1f058 by task syzkaller377124/3141 [ 19.421118] [ 19.421126] CPU: 1 PID: 3141 Comm: syzkaller377124 Not tainted 4.15.0-rc4+ #230 [ 19.421129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.421132] Call Trace: [ 19.421142] dump_stack+0x194/0x257 [ 19.421155] ? arch_local_irq_restore+0x53/0x53 [ 19.421165] ? show_regs_print_info+0x18/0x18 [ 19.421171] ? __lock_is_held+0xb6/0x140 [ 19.421187] ? pfkey_add+0x259e/0x3270 [ 19.421198] print_address_description+0x73/0x250 [ 19.421206] ? pfkey_add+0x259e/0x3270 [ 19.421215] kasan_report+0x25b/0x340 [ 19.421229] check_memory_region+0x137/0x190 [ 19.421238] memcpy+0x23/0x50 [ 19.421248] pfkey_add+0x259e/0x3270 [ 19.421272] ? set_ipsecrequest+0x310/0x310 [ 19.421283] ? lock_release+0xa40/0xa40 [ 19.421292] ? set_ipsecrequest+0x310/0x310 [ 19.421304] pfkey_process+0x60b/0x720 [ 19.421325] ? pfkey_send_new_mapping+0x11b0/0x11b0 [ 19.421330] ? kasan_check_write+0x14/0x20 [ 19.421368] ? dup_iter+0x252/0x260 [ 19.421387] pfkey_sendmsg+0x4d6/0x9f0 [ 19.421401] ? pfkey_spdget+0xb00/0xb00 [ 19.421415] ? selinux_socket_sendmsg+0x36/0x40 [ 19.421424] ? security_socket_sendmsg+0x89/0xb0 [ 19.421432] ? pfkey_spdget+0xb00/0xb00 [ 19.421445] sock_sendmsg+0xca/0x110 [ 19.421456] ___sys_sendmsg+0x767/0x8b0 [ 19.421471] ? copy_msghdr_from_user+0x590/0x590 [ 19.421493] ? __do_page_fault+0x5f7/0xc90 [ 19.421503] ? lock_downgrade+0x980/0x980 [ 19.421522] ? __fget_light+0x297/0x380 [ 19.421532] ? fget_raw+0x20/0x20 [ 19.421543] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 19.421549] ? vmacache_find+0x5f/0x280 [ 19.421568] ? up_read+0x1a/0x40 [ 19.421576] ? __do_page_fault+0x3d6/0xc90 [ 19.421583] ? get_unused_fd_flags+0x190/0x190 [ 19.421601] ? __fdget+0x18/0x20 [ 19.421617] __sys_sendmsg+0xe5/0x210 [ 19.421622] ? __sys_sendmsg+0xe5/0x210 [ 19.421632] ? SyS_shutdown+0x290/0x290 [ 19.421643] ? __do_page_fault+0xc90/0xc90 [ 19.421657] ? fd_install+0x4d/0x60 [ 19.421682] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 19.421699] SyS_sendmsg+0x2d/0x50 [ 19.421710] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.421716] RIP: 0033:0x43fea9 [ 19.421720] RSP: 002b:00007ffea9156688 EFLAGS: 00000203 ORIG_RAX: 000000000000002e [ 19.421727] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043fea9 [ 19.421731] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003 [ 19.421735] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 19.421739] R10: 0000000000000000 R11: 0000000000000203 R12: 0000000000401810 [ 19.421743] R13: 00000000004018a0 R14: 0000000000000000 R15: 0000000000000000 [ 19.421770] [ 19.421773] Allocated by task 3141: [ 19.421779] save_stack+0x43/0xd0 [ 19.421784] kasan_kmalloc+0xad/0xe0 [ 19.421791] __kmalloc_node_track_caller+0x47/0x70 [ 19.421797] __kmalloc_reserve.isra.41+0x41/0xd0 [ 19.421803] __alloc_skb+0x13b/0x780 [ 19.421808] pfkey_sendmsg+0x20f/0x9f0 [ 19.421813] sock_sendmsg+0xca/0x110 [ 19.421817] ___sys_sendmsg+0x767/0x8b0 [ 19.421822] __sys_sendmsg+0xe5/0x210 [ 19.421827] SyS_sendmsg+0x2d/0x50 [ 19.421832] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.421834] [ 19.421837] Freed by task 1605: [ 19.421842] save_stack+0x43/0xd0 [ 19.421847] kasan_slab_free+0x71/0xc0 [ 19.421852] kfree+0xd6/0x260 [ 19.421858] skb_free_head+0x74/0xb0 [ 19.421862] skb_release_data+0x58c/0x790 [ 19.421868] skb_release_all+0x4a/0x60 [ 19.421874] consume_skb+0x153/0x490 [ 19.421879] skb_free_datagram+0x1a/0xe0 [ 19.421886] netlink_recvmsg+0x5c6/0x1300 [ 19.421891] sock_recvmsg+0xc9/0x110 [ 19.421896] ___sys_recvmsg+0x2a4/0x640 [ 19.421901] __sys_recvmsg+0xe2/0x210 [ 19.421906] SyS_recvmsg+0x2d/0x50 [ 19.421911] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.421913] [ 19.421917] The buggy address belongs to the object at ffff8801cee1f040 [ 19.421917] which belongs to the cache kmalloc-512 of size 512 [ 19.421923] The buggy address is located 24 bytes inside of [ 19.421923] 512-byte region [ffff8801cee1f040, ffff8801cee1f240) [ 19.421925] The buggy address belongs to the page: [ 19.421931] page:00000000523b2f7a count:1 mapcount:0 mapping:0000000046b5c69c index:0xffff8801cee1fcc0 [ 19.421938] flags: 0x2fffc0000000100(slab) [ 19.421946] raw: 02fffc0000000100 ffff8801cee1f040 ffff8801cee1fcc0 0000000100000003 [ 19.421954] raw: ffffea00073bde60 ffffea00073ceaa0 ffff8801db000940 0000000000000000 [ 19.421956] page dumped because: kasan: bad access detected [ 19.421958] [ 19.421960] Memory state around the buggy address: [ 19.421966] ffff8801cee1f100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.421970] ffff8801cee1f180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.421975] >ffff8801cee1f200: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 19.421978] ^ [ 19.421983] ffff8801cee1f280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 19.421987] ffff8801cee1f300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.421990] ================================================================== [ 19.421992] Disabling lock debugging due to kernel taint [ 19.421995] Kernel panic - not syncing: panic_on_warn set ... [ 19.421995] [ 19.422004] CPU: 1 PID: 3141 Comm: syzkaller377124 Tainted: G B 4.15.0-rc4+ #230 [ 19.422007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.422009] Call Trace: [ 19.422015] dump_stack+0x194/0x257 [ 19.422023] ? arch_local_irq_restore+0x53/0x53 [ 19.422029] ? kasan_end_report+0x32/0x50 [ 19.422036] ? lock_downgrade+0x980/0x980 [ 19.422043] ? vsnprintf+0x1ed/0x1900 [ 19.422050] ? pfkey_add+0x2500/0x3270 [ 19.422057] panic+0x1e4/0x41c [ 19.422063] ? refcount_error_report+0x214/0x214 [ 19.422073] ? add_taint+0x40/0x50 [ 19.422079] ? add_taint+0x1c/0x50 [ 19.422087] ? pfkey_add+0x259e/0x3270 [ 19.422093] kasan_end_report+0x50/0x50 [ 19.422099] kasan_report+0x144/0x340 [ 19.422109] check_memory_region+0x137/0x190 [ 19.422115] memcpy+0x23/0x50 [ 19.422123] pfkey_add+0x259e/0x3270 [ 19.422137] ? set_ipsecrequest+0x310/0x310 [ 19.422145] ? lock_release+0xa40/0xa40 [ 19.422152] ? set_ipsecrequest+0x310/0x310 [ 19.422160] pfkey_process+0x60b/0x720 [ 19.422172] ? pfkey_send_new_mapping+0x11b0/0x11b0 [ 19.422177] ? kasan_check_write+0x14/0x20 [ 19.422197] ? dup_iter+0x252/0x260 [ 19.422209] pfkey_sendmsg+0x4d6/0x9f0 [ 19.422218] ? pfkey_spdget+0xb00/0xb00 [ 19.422228] ? selinux_socket_sendmsg+0x36/0x40 [ 19.422235] ? security_socket_sendmsg+0x89/0xb0 [ 19.422241] ? pfkey_spdget+0xb00/0xb00 [ 19.422249] sock_sendmsg+0xca/0x110 [ 19.422257] ___sys_sendmsg+0x767/0x8b0 [ 19.422267] ? copy_msghdr_from_user+0x590/0x590 [ 19.422279] ? __do_page_fault+0x5f7/0xc90 [ 19.422286] ? lock_downgrade+0x980/0x980 [ 19.422297] ? __fget_light+0x297/0x380 [ 19.422305] ? fget_raw+0x20/0x20 [ 19.422315] ? __handle_mm_fault+0x3ce0/0x3ce0 [ 19.422321] ? vmacache_find+0x5f/0x280 [ 19.422332] ? up_read+0x1a/0x40 [ 19.422339] ? __do_page_fault+0x3d6/0xc90 [ 19.422345] ? get_unused_fd_flags+0x190/0x190 [ 19.422357] ? __fdget+0x18/0x20 [ 19.422367] __sys_sendmsg+0xe5/0x210 [ 19.422372] ? __sys_sendmsg+0xe5/0x210 [ 19.422379] ? SyS_shutdown+0x290/0x290 [ 19.422387] ? __do_page_fault+0xc90/0xc90 [ 19.422397] ? fd_install+0x4d/0x60 [ 19.422412] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 19.422422] SyS_sendmsg+0x2d/0x50 [ 19.422430] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 19.422434] RIP: 0033:0x43fea9 [ 19.422437] RSP: 002b:00007ffea9156688 EFLAGS: 00000203 ORIG_RAX: 000000000000002e [ 19.422443] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043fea9 [ 19.422447] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003 [ 19.422450] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 19.422454] R10: 0000000000000000 R11: 0000000000000203 R12: 0000000000401810 [ 19.422457] R13: 00000000004018a0 R14: 0000000000000000 R15: 0000000000000000 [ 19.442584] Dumping ftrace buffer: [ 19.442587] (ftrace buffer empty) [ 19.442589] Kernel Offset: disabled [ 20.226700] Rebooting in 86400 seconds..