[....] Starting enhanced syslogd: rsyslogd[ 11.500211] audit: type=1400 audit(1513399933.889:4): avc: denied { syslog } for pid=3161 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-386-4,10.128.0.54' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 22.352072] ================================================================== [ 22.353154] BUG: KASAN: slab-out-of-bounds in pfkey_compile_policy+0x8e6/0xd40 at addr ffff8801d56d3018 [ 22.354412] Read of size 1280 by task syzkaller694191/3323 [ 22.355154] CPU: 0 PID: 3323 Comm: syzkaller694191 Not tainted 4.9.69-g3f1d77c #4 [ 22.356148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 22.357381] ffff8801d5ca77d8 ffffffff81d90a29 ffff8801da0013c0 ffff8801d56d3000 [ 22.358527] ffff8801d56d3100 ffffed003aada618 ffff8801d56d3018 ffff8801d5ca7800 [ 22.359655] ffffffff8153a45c ffffed003aada618 ffff8801da0013c0 0000000000000000 [ 22.360799] Call Trace: [ 22.361168] [] dump_stack+0xc1/0x128 [ 22.361899] [] kasan_object_err+0x1c/0x70 [ 22.362692] [] kasan_report.part.1+0x21c/0x500 [ 22.363511] [] ? pfkey_compile_policy+0x8e6/0xd40 [ 22.364400] [] ? kasan_unpoison_shadow+0x35/0x50 [ 22.365241] [] kasan_report+0x21/0x30 [ 22.365969] [] check_memory_region+0x137/0x190 [ 22.366787] [] memcpy+0x23/0x50 [ 22.367438] [] pfkey_compile_policy+0x8e6/0xd40 [ 22.368281] [] xfrm_user_policy+0x2fe/0x530 [ 22.369078] [] ? xfrm_user_policy+0x21a/0x530 [ 22.369925] [] ? xfrm_replay_timer_handler+0x320/0x320 [ 22.370832] [] ? ns_capable_common+0xcf/0x160 [ 22.371641] [] do_ip_setsockopt.isra.12+0x1977/0x2960 [ 22.372549] [] ? ip_ra_control+0x440/0x440 [ 22.378397] [] ? __lock_acquire+0x629/0x3640 [ 22.384420] [] ? release_pages+0x595/0x930 [ 22.390268] [] ? check_preemption_disabled+0x3b/0x200 [ 22.397071] [] ? avc_has_perm+0x28b/0x4f0 [ 22.402833] [] ? avc_has_perm+0x2fd/0x4f0 [ 22.408592] [] ? avc_has_perm+0xb0/0x4f0 [ 22.414263] [] ? avc_has_perm_noaudit+0x450/0x450 [ 22.420722] [] ? check_preemption_disabled+0x3b/0x200 [ 22.427529] [] ? sock_has_perm+0x1c2/0x3e0 [ 22.433377] [] ? sock_has_perm+0x292/0x3e0 [ 22.439221] [] ? sock_has_perm+0x9f/0x3e0 [ 22.444983] [] ? selinux_file_send_sigiotask+0x310/0x310 [ 22.452045] [] compat_ip_setsockopt+0x4f/0xf0 [ 22.458151] [] inet_csk_compat_setsockopt+0x95/0x120 [ 22.464867] [] ? ip_setsockopt+0xb0/0xb0 [ 22.470539] [] compat_tcp_setsockopt+0x3d/0x70 [ 22.476735] [] compat_sock_common_setsockopt+0xb2/0x140 [ 22.483712] [] ? tcp_setsockopt+0xd0/0xd0 [ 22.489472] [] compat_SyS_setsockopt+0x149/0x290 [ 22.495843] [] ? sock_common_setsockopt+0xd0/0xd0 [ 22.502297] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 22.508838] [] ? do_fast_syscall_32+0xcf/0x890 [ 22.515032] [] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 22.521572] [] do_fast_syscall_32+0x2f7/0x890 [ 22.527679] [] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 22.534313] [] entry_SYSENTER_compat+0x51/0x60 [ 22.540505] Object at ffff8801d56d3000, in cache kmalloc-256 size: 256 [ 22.547130] Allocated: [ 22.549587] PID = 3323 [ 22.552048] save_stack_trace+0x16/0x20 [ 22.555986] save_stack+0x43/0xd0 [ 22.559401] kasan_kmalloc+0xad/0xe0 [ 22.563076] __kmalloc+0x11d/0x310 [ 22.566578] xfrm_user_policy+0xc1/0x530 [ 22.570600] do_ip_setsockopt.isra.12+0x1977/0x2960 [ 22.575579] compat_ip_setsockopt+0x4f/0xf0 [ 22.579863] inet_csk_compat_setsockopt+0x95/0x120 [ 22.584754] compat_tcp_setsockopt+0x3d/0x70 [ 22.589130] compat_sock_common_setsockopt+0xb2/0x140 [ 22.594283] compat_SyS_setsockopt+0x149/0x290 [ 22.598825] do_fast_syscall_32+0x2f7/0x890 [ 22.603107] entry_SYSENTER_compat+0x51/0x60 [ 22.607474] Freed: [ 22.609584] PID = 0 [ 22.611781] (stack is not available) [ 22.615456] Memory state around the buggy address: [ 22.620349] ffff8801d56d2f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 22.627670] ffff8801d56d3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 22.634989] >ffff8801d56d3080: 00 00 00 00 00 00 00 00 02 fc fc fc fc fc fc fc [ 22.642309] ^ [ 22.647719] ffff8801d56d3100: fc fc fc fc fc fc fc fc fc fc fc