INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-2,10.128.0.31' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 52.199437] ================================================================== [ 52.200494] BUG: KASAN: slab-out-of-bounds in pfkey_compile_policy+0x8e6/0xd40 at addr ffff8801cd0f3798 [ 52.201757] Read of size 1280 by task syzkaller256823/3255 [ 52.202494] CPU: 0 PID: 3255 Comm: syzkaller256823 Not tainted 4.9.41-g72a8dae #22 [ 52.203499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.204718] ffff8801c71cf830 ffffffff81d92609 ffff8801da0013c0 ffff8801cd0f3780 [ 52.205833] ffff8801cd0f3880 ffffed0039a1e708 ffff8801cd0f3798 ffff8801c71cf858 [ 52.207053] ffffffff8153c1bc ffffed0039a1e708 ffff8801da0013c0 0000000000000000 [ 52.208281] Call Trace: [ 52.208631] [] dump_stack+0xc1/0x128 [ 52.209338] [] kasan_object_err+0x1c/0x70 [ 52.210174] [] kasan_report.part.1+0x21c/0x500 [ 52.211050] [] ? kasan_unpoison_shadow+0x35/0x50 [ 52.211923] [] ? pfkey_compile_policy+0x8e6/0xd40 [ 52.212819] [] ? kasan_unpoison_shadow+0x35/0x50 [ 52.213655] [] ? kasan_unpoison_shadow+0x35/0x50 [ 52.214493] [] kasan_report+0x20/0x30 [ 52.215287] [] check_memory_region+0x137/0x190 [ 52.216137] [] memcpy+0x23/0x50 [ 52.216836] [] pfkey_compile_policy+0x8e6/0xd40 [ 52.217681] [] xfrm_user_policy+0x244/0x390 [ 52.218542] [] ? xfrm_user_policy+0x157/0x390 [ 52.219394] [] ? xfrm_alloc_spi+0xa10/0xa10 [ 52.224518] [] ? ns_capable_common+0xcf/0x160 [ 52.230624] [] do_ip_setsockopt.isra.11+0x1977/0x2960 [ 52.237421] [] ? ip_ra_control+0x440/0x440 [ 52.243280] [] ? check_preemption_disabled+0x3b/0x200 [ 52.250081] [] ? kasan_unpoison_shadow+0x35/0x50 [ 52.256446] [] ? release_pages+0x595/0x930 [ 52.262298] [] ? __this_cpu_preempt_check+0x1c/0x20 [ 52.268926] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 52.275899] [] ? __pagevec_lru_add_fn+0x35e/0x7b0 [ 52.282359] [] ? pagevec_lru_move_fn+0x17f/0x1f0 [ 52.288727] [] ? put_pages_list+0x150/0x150 [ 52.294661] [] ? sock_has_perm+0x9f/0x3e0 [ 52.300423] [] ? sock_has_perm+0x1c2/0x3e0 [ 52.306292] [] ? sock_has_perm+0x292/0x3e0 [ 52.312136] [] ? sock_has_perm+0x9f/0x3e0 [ 52.317899] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 52.324980] [] ? selinux_netlbl_socket_setsockopt+0x116/0x340 [ 52.332477] [] ? selinux_netlbl_sock_rcv_skb+0x470/0x470 [ 52.339549] [] ? handle_mm_fault+0x6ee/0x2510 [ 52.345655] [] ip_setsockopt+0x3a/0xb0 [ 52.351152] [] tcp_setsockopt+0x82/0xd0 [ 52.356737] [] sock_common_setsockopt+0x95/0xd0 [ 52.363065] [] SyS_setsockopt+0x160/0x250 [ 52.368827] [] ? __do_page_fault+0x510/0xbd0 [ 52.374849] [] ? SyS_recv+0x40/0x40 [ 52.380088] [] ? up_read+0x1a/0x40 [ 52.385239] [] ? __do_page_fault+0x33f/0xbd0 [ 52.391259] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 52.397803] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 52.404346] Object at ffff8801cd0f3780, in cache kmalloc-256 size: 256 [ 52.410971] Allocated: [ 52.413431] PID = 3255 [ 52.415896] save_stack_trace+0x16/0x20 [ 52.419832] save_stack+0x43/0xd0 [ 52.423248] kasan_kmalloc+0xad/0xe0 [ 52.426925] __kmalloc+0x11d/0x310 [ 52.430432] xfrm_user_policy+0xa9/0x390 [ 52.434457] do_ip_setsockopt.isra.11+0x1977/0x2960 [ 52.439445] ip_setsockopt+0x3a/0xb0 [ 52.443124] tcp_setsockopt+0x82/0xd0 [ 52.446891] sock_common_setsockopt+0x95/0xd0 [ 52.451349] SyS_setsockopt+0x160/0x250 [ 52.455290] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 52.460004] Freed: [ 52.462115] PID = 0 [ 52.464312] (stack is not available) [ 52.467985] Memory state around the buggy address: [ 52.472888] ffff8801cd0f3700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 52.480210] ffff8801cd0f3780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 52.487532] >ffff8801cd0f3800: 00 00 00 00 00 00 00 00 02 fc fc fc fc fc fc fc [ 52.494853] ^ [ 52