usercopy: kernel memory exposure attempt detected from ffff8801c84120fd (kmalloc-8192) (337 bytes) ------------[ cut here ]------------ kernel BUG at mm/usercopy.c:72! kauditd_printk_skb: 272 callbacks suppressed audit: type=1400 audit(1543158249.090:94887): avc: denied { search } for pid=30824 comm="syz-executor2" name="/" dev="sysfs" ino=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:netcontrol_device_t:s0 tclass=dir permissive=1 invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI Modules linked in: CPU: 1 PID: 23445 Comm: syz-executor3 Not tainted 4.14.83+ #9 task: ffff88019dba2f00 task.stack: ffff8801a6b90000 RIP: 0010:report_usercopy mm/usercopy.c:64 [inline] RIP: 0010:__check_object_size+0x311/0x3a2 mm/usercopy.c:264 RSP: 0018:ffff8801a6b97b58 EFLAGS: 00010282 RAX: 0000000000000062 RBX: 0000000000000151 RCX: 0000000000015715 RDX: 0000000000000000 RSI: ffffc90001f06000 RDI: ffffffffaa5d23e0 RBP: ffff8801c84120fd R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffa8abfea0 R13: 0000000000000001 R14: ffffffffa8abfe60 R15: ffffea0007210400 FS: 00007fe6876ef700(0000) GS:ffff8801dbb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020001000 CR3: 000000019f470005 CR4: 00000000001606a0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 Call Trace: check_object_size include/linux/thread_info.h:108 [inline] check_copy_size include/linux/thread_info.h:139 [inline] copy_to_user include/linux/uaccess.h:154 [inline] bpf_test_finish.isra.0+0xba/0x190 net/bpf/test_run.c:59 bpf_prog_test_run_skb+0x4d0/0x8c0 net/bpf/test_run.c:144 bpf_prog_test_run kernel/bpf/syscall.c:1343 [inline] SYSC_bpf kernel/bpf/syscall.c:1615 [inline] SyS_bpf+0x79d/0x3700 kernel/bpf/syscall.c:1560 do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x457569 RSP: 002b:00007fe6876eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 RDX: 0000000000000028 RSI: 0000000020000180 RDI: 000000000000000a RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe6876ef6d4 R13: 00000000004bd952 R14: 00000000004ccbf0 R15: 00000000ffffffff Code: fe ab a8 4c 0f 45 e2 e8 ce d3 db ff 48 8b 04 24 49 89 d9 48 89 e9 4c 89 f2 4c 89 e6 48 c7 c7 e0 fe ab a8 49 89 c0 e8 ba 15 cd ff <0f> 0b 4c 89 ff e8 35 cf fd ff e9 09 fe ff ff 4c 89 ff e8 28 cf RIP: report_usercopy mm/usercopy.c:64 [inline] RSP: ffff8801a6b97b58 RIP: __check_object_size+0x311/0x3a2 mm/usercopy.c:264 RSP: ffff8801a6b97b58 audit: type=1400 audit(1543158249.140:94888): avc: denied { search } for pid=30824 comm="syz-executor2" name="/" dev="sysfs" ino=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:netcontrol_device_t:s0 tclass=dir permissive=1 audit: type=1400 audit(1543158249.160:94889): avc: denied { prog_load } for pid=23446 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1543158249.170:94891): avc: denied { prog_run } for pid=23446 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1543158249.170:94890): avc: denied { search } for pid=30824 comm="syz-executor2" name="/" dev="sysfs" ino=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:netcontrol_device_t:s0 tclass=dir permissive=1 audit: type=1400 audit(1543158249.180:94892): avc: denied { prog_load } for pid=23446 comm="syz-executor4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1543158249.190:94893): avc: denied { search } for pid=30824 comm="syz-executor2" name="/" dev="sysfs" ino=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:netcontrol_device_t:s0 tclass=dir permissive=1 audit: type=1400 audit(1543158249.530:94894): avc: denied { search } for pid=23455 comm="syz-executor2" name="/" dev="sysfs" ino=1 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:netcontrol_device_t:s0 tclass=dir permissive=1 audit: type=1400 audit(1543158249.580:94895): avc: denied { map_create } for pid=23455 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 audit: type=1400 audit(1543158249.590:94896): avc: denied { map_read map_write } for pid=23455 comm="syz-executor2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 usercopy: kernel memory exposure attempt detected from ffff8801ab4620fd (kmalloc-8192) (337 bytes) ------------[ cut here ]------------ kernel BUG at mm/usercopy.c:72! ---[ end trace eed04f72d8792702 ]--- invalid opcode: 0000 [#2] PREEMPT SMP KASAN NOPTI Modules linked in: CPU: 0 PID: 23443 Comm: syz-executor3 Tainted: G D 4.14.83+ #9