INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added 'ci-android-49-kasan-gce-2,10.128.0.31' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 52.199437] ==================================================================
[ 52.200494] BUG: KASAN: slab-out-of-bounds in pfkey_compile_policy+0x8e6/0xd40 at addr ffff8801cd0f3798
[ 52.201757] Read of size 1280 by task syzkaller256823/3255
[ 52.202494] CPU: 0 PID: 3255 Comm: syzkaller256823 Not tainted 4.9.41-g72a8dae #22
[ 52.203499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 52.204718] ffff8801c71cf830 ffffffff81d92609 ffff8801da0013c0 ffff8801cd0f3780
[ 52.205833] ffff8801cd0f3880 ffffed0039a1e708 ffff8801cd0f3798 ffff8801c71cf858
[ 52.207053] ffffffff8153c1bc ffffed0039a1e708 ffff8801da0013c0 0000000000000000
[ 52.208281] Call Trace:
[ 52.208631] [<ffffffff81d92609>] dump_stack+0xc1/0x128
[ 52.209338] [<ffffffff8153c1bc>] kasan_object_err+0x1c/0x70
[ 52.210174] [<ffffffff8153c47c>] kasan_report.part.1+0x21c/0x500
[ 52.211050] [<ffffffff8153b5b5>] ? kasan_unpoison_shadow+0x35/0x50
[ 52.211923] [<ffffffff8356fa06>] ? pfkey_compile_policy+0x8e6/0xd40
[ 52.212819] [<ffffffff8153b5b5>] ? kasan_unpoison_shadow+0x35/0x50
[ 52.213655] [<ffffffff8153b5b5>] ? kasan_unpoison_shadow+0x35/0x50
[ 52.214493] [<ffffffff8153ca40>] kasan_report+0x20/0x30
[ 52.215287] [<ffffffff8153b387>] check_memory_region+0x137/0x190
[ 52.216137] [<ffffffff8153b883>] memcpy+0x23/0x50
[ 52.216836] [<ffffffff8356fa06>] pfkey_compile_policy+0x8e6/0xd40
[ 52.217681] [<ffffffff833cac94>] xfrm_user_policy+0x244/0x390
[ 52.218542] [<ffffffff833caba7>] ? xfrm_user_policy+0x157/0x390
[ 52.219394] [<ffffffff833caa50>] ? xfrm_alloc_spi+0xa10/0xa10
[ 52.224518] [<ffffffff81151c9f>] ? ns_capable_common+0xcf/0x160
[ 52.230624] [<ffffffff83205ad7>] do_ip_setsockopt.isra.11+0x1977/0x2960
[ 52.237421] [<ffffffff83204160>] ? ip_ra_control+0x440/0x440
[ 52.243280] [<ffffffff81df970b>] ? check_preemption_disabled+0x3b/0x200
[ 52.250081] [<ffffffff8153b5b5>] ? kasan_unpoison_shadow+0x35/0x50
[ 52.256446] [<ffffffff81463ff5>] ? release_pages+0x595/0x930
[ 52.262298] [<ffffffff81df990c>] ? __this_cpu_preempt_check+0x1c/0x20
[ 52.268926] [<ffffffff8123ba40>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 52.275899] [<ffffffff8146360e>] ? __pagevec_lru_add_fn+0x35e/0x7b0
[ 52.282359] [<ffffffff8146450f>] ? pagevec_lru_move_fn+0x17f/0x1f0
[ 52.288727] [<ffffffff814632b0>] ? put_pages_list+0x150/0x150
[ 52.294661] [<ffffffff81bf518f>] ? sock_has_perm+0x9f/0x3e0
[ 52.300423] [<ffffffff81bf52b2>] ? sock_has_perm+0x1c2/0x3e0
[ 52.306292] [<ffffffff81bf5382>] ? sock_has_perm+0x292/0x3e0
[ 52.312136] [<ffffffff81bf518f>] ? sock_has_perm+0x9f/0x3e0
[ 52.317899] [<ffffffff81bf50f0>] ? selinux_file_send_sigiotask+0x310/0x310
[ 52.324980] [<ffffffff81c37ea6>] ? selinux_netlbl_socket_setsockopt+0x116/0x340
[ 52.332477] [<ffffffff81c37d90>] ? selinux_netlbl_sock_rcv_skb+0x470/0x470
[ 52.339549] [<ffffffff814cdace>] ? handle_mm_fault+0x6ee/0x2510
[ 52.345655] [<ffffffff83206afa>] ip_setsockopt+0x3a/0xb0
[ 52.351152] [<ffffffff83226792>] tcp_setsockopt+0x82/0xd0
[ 52.356737] [<ffffffff82ed1245>] sock_common_setsockopt+0x95/0xd0
[ 52.363065] [<ffffffff82ece1e0>] SyS_setsockopt+0x160/0x250
[ 52.368827] [<ffffffff810e0230>] ? __do_page_fault+0x510/0xbd0
[ 52.374849] [<ffffffff82ece080>] ? SyS_recv+0x40/0x40
[ 52.380088] [<ffffffff812306ca>] ? up_read+0x1a/0x40
[ 52.385239] [<ffffffff810e005f>] ? __do_page_fault+0x33f/0xbd0
[ 52.391259] [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 52.397803] [<ffffffff838a5985>] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 52.404346] Object at ffff8801cd0f3780, in cache kmalloc-256 size: 256
[ 52.410971] Allocated:
[ 52.413431] PID = 3255
[ 52.415896] save_stack_trace+0x16/0x20
[ 52.419832] save_stack+0x43/0xd0
[ 52.423248] kasan_kmalloc+0xad/0xe0
[ 52.426925] __kmalloc+0x11d/0x310
[ 52.430432] xfrm_user_policy+0xa9/0x390
[ 52.434457] do_ip_setsockopt.isra.11+0x1977/0x2960
[ 52.439445] ip_setsockopt+0x3a/0xb0
[ 52.443124] tcp_setsockopt+0x82/0xd0
[ 52.446891] sock_common_setsockopt+0x95/0xd0
[ 52.451349] SyS_setsockopt+0x160/0x250
[ 52.455290] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 52.460004] Freed:
[ 52.462115] PID = 0
[ 52.464312] (stack is not available)
[ 52.467985] Memory state around the buggy address:
[ 52.472888] ffff8801cd0f3700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 52.480210] ffff8801cd0f3780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 52.487532] >ffff8801cd0f3800: 00 00 00 00 00 00 00 00 02 fc fc fc fc fc fc fc
[ 52.494853] ^
[ 52