[....] Starting enhanced syslogd: rsyslogd[ 11.709452] audit: type=1400 audit(1513095289.608:4): avc: denied { syslog } for pid=3168 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-2,10.128.15.202' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.162741] ================================================================== [ 35.163831] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x2702/0x3470 at addr ffff8801c9500c98 [ 35.164971] Read of size 2048 by task syzkaller822709/3335 [ 35.165713] CPU: 0 PID: 3335 Comm: syzkaller822709 Not tainted 4.9.68-gfb66dc2 #107 [ 35.166730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.167947] ffff8801d1ae7748 ffffffff81d90889 ffff8801da001280 ffff8801c9500c80 [ 35.169073] ffff8801c9500e80 ffffed00392a01d0 ffff8801c9500c98 ffff8801d1ae7770 [ 35.170199] ffffffff8153a44c ffffed00392a01d0 ffff8801da001280 0000000000000000 [ 35.171327] Call Trace: [ 35.171684] [] dump_stack+0xc1/0x128 [ 35.172393] [] kasan_object_err+0x1c/0x70 [ 35.173156] [] kasan_report.part.1+0x21c/0x500 [ 35.174020] [] ? pfkey_add+0x2702/0x3470 [ 35.174771] [] ? kasan_unpoison_shadow+0x35/0x50 [ 35.175612] [] kasan_report+0x21/0x30 [ 35.176329] [] check_memory_region+0x137/0x190 [ 35.177163] [] memcpy+0x23/0x50 [ 35.177815] [] pfkey_add+0x2702/0x3470 [ 35.178544] [] ? pfkey_delete+0x360/0x360 [ 35.179307] [] ? pfkey_seq_stop+0x80/0x80 [ 35.180070] [] ? __skb_clone+0x24a/0x7d0 [ 35.180823] [] ? pfkey_delete+0x360/0x360 [ 35.181584] [] pfkey_process+0x61e/0x730 [ 35.182338] [] ? pfkey_send_new_mapping+0x11b0/0x11b0 [ 35.183247] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 35.190048] [] pfkey_sendmsg+0x3a9/0x760 [ 35.195720] [] ? pfkey_spdget+0x820/0x820 [ 35.201480] [] sock_sendmsg+0xca/0x110 [ 35.206981] [] ___sys_sendmsg+0x6d1/0x7e0 [ 35.212743] [] ? copy_msghdr_from_user+0x550/0x550 [ 35.219285] [] ? __lru_cache_add+0x187/0x250 [ 35.225304] [] ? do_huge_pmd_anonymous_page+0xb05/0x10d0 [ 35.232367] [] ? _raw_spin_unlock+0x2c/0x50 [ 35.238301] [] ? do_huge_pmd_anonymous_page+0x2d4/0x10d0 [ 35.245365] [] ? handle_mm_fault+0x6ee/0x2530 [ 35.251471] [] ? __lock_is_held+0xa1/0xf0 [ 35.257232] [] ? __pmd_alloc+0x410/0x410 [ 35.262907] [] ? __fget_light+0x158/0x1e0 [ 35.268666] [] ? __fdget+0x18/0x20 [ 35.273819] [] __sys_sendmsg+0xd6/0x190 [ 35.279407] [] ? SyS_shutdown+0x1b0/0x1b0 [ 35.285165] [] ? __do_page_fault+0x5ec/0xd40 [ 35.291184] [] ? __do_page_fault+0x3bd/0xd40 [ 35.297202] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 35.304003] [] SyS_sendmsg+0x2d/0x50 [ 35.309337] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 35.315880] Object at ffff8801c9500c80, in cache kmalloc-512 size: 512 [ 35.322505] Allocated: [ 35.324965] PID = 3335 [ 35.327427] save_stack_trace+0x16/0x20 [ 35.331362] save_stack+0x43/0xd0 [ 35.334777] kasan_kmalloc+0xad/0xe0 [ 35.338456] kasan_slab_alloc+0x12/0x20 [ 35.342397] __kmalloc_track_caller+0xda/0x2b0 [ 35.346942] __kmalloc_reserve.isra.37+0x33/0xc0 [ 35.351658] __alloc_skb+0x119/0x600 [ 35.355341] pfkey_sendmsg+0x135/0x760 [ 35.359190] sock_sendmsg+0xca/0x110 [ 35.362865] ___sys_sendmsg+0x6d1/0x7e0 [ 35.366801] __sys_sendmsg+0xd6/0x190 [ 35.370563] SyS_sendmsg+0x2d/0x50 [ 35.374068] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 35.378782] Freed: [ 35.380897] PID = 0 [ 35.383093] (stack is not available) [ 35.386767] Memory state around the buggy address: [ 35.391658] ffff8801c9500d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.398980] ffff8801c9500e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.406303] >ffff8801c9500e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [