[....] Starting enhanced syslogd: rsyslogd[ 12.801389] audit: type=1400 audit(1513323665.444:5): avc: denied { syslog } for pid=2993 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.829276] audit: type=1400 audit(1513323672.472:6): avc: denied { map } for pid=3134 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added 'ci-upstream-kasan-gce-1,10.128.0.39' (ECDSA) to the list of known hosts. executing program [ 26.122052] audit: type=1400 audit(1513323678.764:7): avc: denied { map } for pid=3148 comm="syzkaller040225" path="/root/syzkaller040225850" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 26.127098] ================================================================== [ 26.127118] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x1634/0x3270 [ 26.127125] Read of size 8192 at addr ffff8801c525d518 by task syzkaller040225/3148 [ 26.127129] [ 26.127139] CPU: 1 PID: 3148 Comm: syzkaller040225 Not tainted 4.15.0-rc3+ #221 [ 26.127144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.127149] Call Trace: [ 26.127160] dump_stack+0x194/0x257 [ 26.127175] ? arch_local_irq_restore+0x53/0x53 [ 26.127187] ? show_regs_print_info+0x18/0x18 [ 26.127195] ? __lock_is_held+0xbc/0x140 [ 26.127213] ? pfkey_add+0x1634/0x3270 [ 26.127227] print_address_description+0x73/0x250 [ 26.127236] ? pfkey_add+0x1634/0x3270 [ 26.127247] kasan_report+0x25b/0x340 [ 26.127263] check_memory_region+0x137/0x190 [ 26.127274] memcpy+0x23/0x50 [ 26.127287] pfkey_add+0x1634/0x3270 [ 26.127313] ? set_ipsecrequest+0x310/0x310 [ 26.127327] ? lock_release+0xda0/0xda0 [ 26.127338] ? set_ipsecrequest+0x310/0x310 [ 26.127351] pfkey_process+0x60b/0x720 [ 26.127370] ? pfkey_send_new_mapping+0x11b0/0x11b0 [ 26.127378] ? kasan_check_write+0x14/0x20 [ 26.127419] ? dup_iter+0x1e2/0x260 [ 26.127441] pfkey_sendmsg+0x4d6/0x9f0 [ 26.127457] ? pfkey_spdget+0xb00/0xb00 [ 26.127473] ? selinux_socket_sendmsg+0x36/0x40 [ 26.127483] ? security_socket_sendmsg+0x89/0xb0 [ 26.127493] ? pfkey_spdget+0xb00/0xb00 [ 26.127508] sock_sendmsg+0xca/0x110 [ 26.127522] ___sys_sendmsg+0x75b/0x8a0 [ 26.127540] ? copy_msghdr_from_user+0x590/0x590 [ 26.127552] ? lock_downgrade+0x980/0x980 [ 26.127589] ? fget_raw+0x20/0x20 [ 26.127600] ? __handle_mm_fault+0x3e20/0x3e20 [ 26.127609] ? vmacache_find+0x5f/0x280 [ 26.127634] ? up_read+0x1a/0x40 [ 26.127646] ? __do_page_fault+0x3d6/0xc90 [ 26.127654] ? get_unused_fd_flags+0x190/0x190 [ 26.127675] ? __fdget+0x18/0x20 [ 26.127694] __sys_sendmsg+0xe5/0x210 [ 26.127702] ? __sys_sendmsg+0xe5/0x210 [ 26.127715] ? SyS_shutdown+0x290/0x290 [ 26.127728] ? __do_page_fault+0xc90/0xc90 [ 26.127745] ? fd_install+0x4d/0x60 [ 26.127773] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.127792] SyS_sendmsg+0x2d/0x50 [ 26.127806] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 26.127814] RIP: 0033:0x43ff59 [ 26.127820] RSP: 002b:00007fffac87a988 EFLAGS: 00000203 ORIG_RAX: 000000000000002e [ 26.127832] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ff59 [ 26.127838] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003 [ 26.127843] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 26.127849] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018c0 [ 26.127855] R13: 0000000000401950 R14: 0000000000000000 R15: 0000000000000000 [ 26.127886] [ 26.127891] Allocated by task 3148: [ 26.127898] save_stack+0x43/0xd0 [ 26.127905] kasan_kmalloc+0xad/0xe0 [ 26.127915] __kmalloc_node_track_caller+0x47/0x70 [ 26.127923] __kmalloc_reserve.isra.41+0x41/0xd0 [ 26.127930] __alloc_skb+0x13b/0x780 [ 26.127937] pfkey_sendmsg+0x20f/0x9f0 [ 26.127945] sock_sendmsg+0xca/0x110 [ 26.127952] ___sys_sendmsg+0x75b/0x8a0 [ 26.127959] __sys_sendmsg+0xe5/0x210 [ 26.127967] SyS_sendmsg+0x2d/0x50 [ 26.127974] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 26.127978] [ 26.127983] Freed by task 1641: [ 26.127990] save_stack+0x43/0xd0 [ 26.127997] kasan_slab_free+0x71/0xc0 [ 26.128007] kfree+0xca/0x250 [ 26.128016] kernfs_fop_release+0x13f/0x180 [ 26.128023] __fput+0x333/0x7f0 [ 26.128030] ____fput+0x15/0x20 [ 26.128038] task_work_run+0x199/0x270 [ 26.128047] exit_to_usermode_loop+0x296/0x310 [ 26.128055] syscall_return_slowpath+0x490/0x550 [ 26.128062] entry_SYSCALL_64_fastpath+0x94/0x96 [ 26.128066] [ 26.128073] The buggy address belongs to the object at ffff8801c525d500 [ 26.128073] which belongs to the cache kmalloc-512 of size 512 [ 26.128080] The buggy address is located 24 bytes inside of [ 26.128080] 512-byte region [ffff8801c525d500, ffff8801c525d700) [ 26.128084] The buggy address belongs to the page: [ 26.128092] page:0000000008f55900 count:1 mapcount:0 mapping:000000009e07bce3 index:0x0 [ 26.128102] flags: 0x2fffc0000000100(slab) [ 26.128113] raw: 02fffc0000000100 ffff8801c525d000 0000000000000000 0000000100000006 [ 26.128123] raw: ffffea000713e2e0 ffffea000715a160 ffff8801db000940 0000000000000000 [ 26.128128] page dumped because: kasan: bad access detected [ 26.128131] [ 26.128135] Memory state around the buggy address: [ 26.128143] ffff8801c525d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.128150] ffff8801c525d680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.128157] >ffff8801c525d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.128161] ^ [ 26.128168] ffff8801c525d780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.128175] ffff8801c525d800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.128179] ================================================================== [ 26.128183] Disabling lock debugging due to kernel taint [ 26.128196] Kernel panic - not syncing: panic_on_warn set ... [ 26.128196] [ 26.128202] CPU: 1 PID: 3148 Comm: syzkaller040225 Tainted: G B 4.15.0-rc3+ #221 [ 26.128205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.128207] Call Trace: [ 26.128213] dump_stack+0x194/0x257 [ 26.128221] ? arch_local_irq_restore+0x53/0x53 [ 26.128228] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 26.128235] ? vsnprintf+0x1ed/0x1900 [ 26.128242] ? pfkey_add+0x15b0/0x3270 [ 26.128250] panic+0x1e4/0x41c [ 26.128256] ? refcount_error_report+0x214/0x214 [ 26.128265] ? add_taint+0x1c/0x50 [ 26.128272] ? add_taint+0x1c/0x50 [ 26.128279] ? pfkey_add+0x1634/0x3270 [ 26.128285] kasan_end_report+0x50/0x50 [ 26.128291] kasan_report+0x144/0x340 [ 26.128300] check_memory_region+0x137/0x190 [ 26.128306] memcpy+0x23/0x50 [ 26.128314] pfkey_add+0x1634/0x3270 [ 26.128327] ? set_ipsecrequest+0x310/0x310 [ 26.128336] ? lock_release+0xda0/0xda0 [ 26.128342] ? set_ipsecrequest+0x310/0x310 [ 26.128349] pfkey_process+0x60b/0x720 [ 26.128360] ? pfkey_send_new_mapping+0x11b0/0x11b0 [ 26.128365] ? kasan_check_write+0x14/0x20 [ 26.128385] ? dup_iter+0x1e2/0x260 [ 26.128397] pfkey_sendmsg+0x4d6/0x9f0 [ 26.128406] ? pfkey_spdget+0xb00/0xb00 [ 26.128415] ? selinux_socket_sendmsg+0x36/0x40 [ 26.128421] ? security_socket_sendmsg+0x89/0xb0 [ 26.128427] ? pfkey_spdget+0xb00/0xb00 [ 26.128435] sock_sendmsg+0xca/0x110 [ 26.128443] ___sys_sendmsg+0x75b/0x8a0 [ 26.128454] ? copy_msghdr_from_user+0x590/0x590 [ 26.128460] ? lock_downgrade+0x980/0x980 [ 26.128479] ? fget_raw+0x20/0x20 [ 26.128485] ? __handle_mm_fault+0x3e20/0x3e20 [ 26.128491] ? vmacache_find+0x5f/0x280 [ 26.128502] ? up_read+0x1a/0x40 [ 26.128508] ? __do_page_fault+0x3d6/0xc90 [ 26.128514] ? get_unused_fd_flags+0x190/0x190 [ 26.128526] ? __fdget+0x18/0x20 [ 26.128536] __sys_sendmsg+0xe5/0x210 [ 26.128542] ? __sys_sendmsg+0xe5/0x210 [ 26.128550] ? SyS_shutdown+0x290/0x290 [ 26.128557] ? __do_page_fault+0xc90/0xc90 [ 26.128567] ? fd_install+0x4d/0x60 [ 26.128581] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 26.128592] SyS_sendmsg+0x2d/0x50 [ 26.128600] entry_SYSCALL_64_fastpath+0x1f/0x96 [ 26.128604] RIP: 0033:0x43ff59 [ 26.128607] RSP: 002b:00007fffac87a988 EFLAGS: 00000203 ORIG_RAX: 000000000000002e [ 26.128613] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ff59 [ 26.128617] RDX: 0000000000000000 RSI: 00000000205f5000 RDI: 0000000000000003 [ 26.128620] RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000 [ 26.128623] R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004018c0 [ 26.128630] R13: 0000000000401950 R14: 0000000000000000 R15: 0000000000000000 [ 26.148879] Dumping ftrace buffer: [ 26.148882] (ftrace buffer empty) [ 26.148886] Kernel Offset: disabled [ 26.928906] Rebooting in 86400 seconds..