================================================================== BUG: KASAN: slab-out-of-bounds in pfkey_msg2xfrm_state net/key/af_key.c:1227 [inline] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x145d/0x3220 net/key/af_key.c:1506 Read of size 8190 at addr ffff88019dabacc0 by task syz-executor4/26571 CPU: 0 PID: 26571 Comm: syz-executor4 Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 817cc22c6390c606 ffff8801d26ff6c0 ffffffff81e0ed0d ffffea000676ae80 ffff88019dabacc0 0000000000000000 ffff88019dabae80 ffff88019dabac80 ffff8801d26ff6f8 ffffffff81515946 ffff88019dabacc0 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] print_address_description+0x6c/0x216 mm/kasan/report.c:252 [] kasan_report_error mm/kasan/report.c:351 [inline] [] kasan_report.cold.7+0x175/0x2f7 mm/kasan/report.c:408 [] check_memory_region_inline mm/kasan/kasan.c:325 [inline] [] check_memory_region+0x14f/0x1b0 mm/kasan/kasan.c:332 [] memcpy+0x23/0x50 mm/kasan/kasan.c:367 [] pfkey_msg2xfrm_state net/key/af_key.c:1227 [inline] [] pfkey_add+0x145d/0x3220 net/key/af_key.c:1506 [] pfkey_process+0x671/0x740 net/key/af_key.c:2834 [] pfkey_sendmsg+0x346/0xae0 net/key/af_key.c:3678 [] sock_sendmsg_nosec net/socket.c:625 [inline] [] sock_sendmsg+0xcc/0x110 net/socket.c:635 [] ___sys_sendmsg+0x745/0x880 net/socket.c:1962 [] __sys_sendmsg+0xd6/0x190 net/socket.c:1996 [] C_SYSC_sendmsg net/compat.c:722 [inline] [] compat_SyS_sendmsg+0x2a/0x40 net/compat.c:720 [] do_syscall_32_irqs_on arch/x86/entry/common.c:392 [inline] [] do_fast_syscall_32+0x326/0x8b0 arch/x86/entry/common.c:459 [] sysenter_flags_fixed+0xd/0x17 Allocated by task 26571: [] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:63 [] save_stack+0x43/0xd0 mm/kasan/kasan.c:512 [] set_track mm/kasan/kasan.c:524 [inline] [] kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:616 [] kasan_krealloc+0x64/0x80 mm/kasan/kasan.c:654 [] ksize+0x8a/0xf0 mm/slub.c:3727 [] __alloc_skb+0x133/0x600 net/core/skbuff.c:237 [] alloc_skb include/linux/skbuff.h:815 [inline] [] pfkey_sendmsg+0xfe/0xae0 net/key/af_key.c:3665 [] sock_sendmsg_nosec net/socket.c:625 [inline] [] sock_sendmsg+0xcc/0x110 net/socket.c:635 [] ___sys_sendmsg+0x745/0x880 net/socket.c:1962 [] __sys_sendmsg+0xd6/0x190 net/socket.c:1996 [] C_SYSC_sendmsg net/compat.c:722 [inline] [] compat_SyS_sendmsg+0x2a/0x40 net/compat.c:720 [] do_syscall_32_irqs_on arch/x86/entry/common.c:392 [inline] [] do_fast_syscall_32+0x326/0x8b0 arch/x86/entry/common.c:459 [] sysenter_flags_fixed+0xd/0x17 Freed by task 0: (stack is not available) The buggy address belongs to the object at ffff88019dabac80 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 64 bytes inside of 512-byte region [ffff88019dabac80, ffff88019dabae80) The buggy address belongs to the page: swap_free: Bad swap file entry 207fffffffc1d54f BUG: Bad page map in process syz-executor3 pte:ffffffff83aa9ee0 pmd:1cfc40067 addr:000000002f221000 vm_flags:000000fb anon_vma: (null) mapping:ffff8801c8ee8bd8 index:1 file:syzkaller-shm978286033 fault:ext4_filemap_fault mmap:ext4_file_mmap readpage:ext4_readpage CPU: 1 PID: 3914 Comm: syz-executor3 Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 1025d9bb3245b8c4 ffff8800ba9d7940 ffffffff81e0ed0d 1ffff1001753af2f ffff8801d921a400 ffffffff816f7c60 ffffffff816d4fa0 ffffffff816c4f00 ffff8800ba9d7a00 ffffffff81514373 0000000000000001 Call Trace: [] __dump_stack lib/dump_stack.c:15 [inline] [] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [] print_bad_pte.cold.105+0x1d3/0x242 mm/memory.c:699 [] zap_pte_range mm/memory.c:1197 [inline] [] zap_pmd_range mm/memory.c:1262 [inline] [] zap_pud_range mm/memory.c:1283 [inline] [] unmap_page_range mm/memory.c:1307 [inline] [] unmap_single_vma+0xd9b/0x1250 mm/memory.c:1352 [] unmap_vmas+0x81/0xd0 mm/memory.c:1382 [] exit_mmap+0x1c9/0x3a0 mm/mmap.c:2926 [] __mmput kernel/fork.c:715 [inline] [] mmput+0xf8/0x2d0 kernel/fork.c:735 [] exit_mm kernel/exit.c:444 [inline] [] do_exit+0x8d8/0x26b0 kernel/exit.c:746 [] do_group_exit+0x111/0x330 kernel/exit.c:889 [] SYSC_exit_group kernel/exit.c:900 [inline] [] SyS_exit_group+0x1d/0x20 kernel/exit.c:898 [] do_syscall_32_irqs_on arch/x86/entry/common.c:392 [inline] [] do_fast_syscall_32+0x326/0x8b0 arch/x86/entry/common.c:459 [] sysenter_flags_fixed+0xd/0x17 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#2] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#3] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#4] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#5] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#6] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#7] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#8] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#9] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#10] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#11] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#12] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#13] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#14] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#15] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#16] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#17] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#18] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#19] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#20] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: -2129821342 Comm:  Not tainted 4.4.135-ge75204c #53 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 kasan: CONFIG_KASAN_INLINE enabled