[....] Starting enhanced syslogd: rsyslogd[ 10.477803] audit: type=1400 audit(1513924571.324:4): avc: denied { syslog } for pid=3175 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added 'ci-android-49-kasan-gce-386-1,10.128.0.50' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 19.903419] ==================================================================
[ 19.904590] BUG: KASAN: slab-out-of-bounds in pfkey_compile_policy+0x8e6/0xd40
[ 19.905571] Read of size 1280 at addr ffff8801ca354658 by task syzkaller883765/3324
[ 19.906604]
[ 19.906836] CPU: 0 PID: 3324 Comm: syzkaller883765 Not tainted 4.9.71-g2506378 #9
[ 19.907830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 19.909058] ffff8801c927f818 ffffffff81d922b9 ffffea000728d500 ffff8801ca354658
[ 19.910189] 0000000000000000 ffff8801ca354700 ffff8801c89b2200 ffff8801c927f850
[ 19.911346] ffffffff8153bab3 ffff8801ca354658 0000000000000500 0000000000000000
[ 19.912492] Call Trace:
[ 19.912849] [<ffffffff81d922b9>] dump_stack+0xc1/0x128
[ 19.913559] [<ffffffff8153bab3>] print_address_description+0x73/0x280
[ 19.914486] [<ffffffff8153bfd5>] kasan_report+0x275/0x360
[ 19.915226] [<ffffffff83579c16>] ? pfkey_compile_policy+0x8e6/0xd40
[ 19.916090] [<ffffffff8153a9e7>] check_memory_region+0x137/0x190
[ 19.916919] [<ffffffff8153af23>] memcpy+0x23/0x50
[ 19.917586] [<ffffffff83579c16>] pfkey_compile_policy+0x8e6/0xd40
[ 19.918417] [<ffffffff833d2ece>] xfrm_user_policy+0x2fe/0x530
[ 19.919203] [<ffffffff833d2dea>] ? xfrm_user_policy+0x21a/0x530
[ 19.920028] [<ffffffff833d2bd0>] ? xfrm_replay_timer_handler+0x320/0x320
[ 19.920941] [<ffffffff8114f20f>] ? ns_capable_common+0xcf/0x160
[ 19.921752] [<ffffffff8320d577>] do_ip_setsockopt.isra.12+0x1977/0x2960
[ 19.922662] [<ffffffff8320bc00>] ? ip_ra_control+0x440/0x440
[ 19.923449] [<ffffffff8123a649>] ? __lock_acquire+0x629/0x3640
[ 19.924247] [<ffffffff81463965>] ? release_pages+0x595/0x930
[ 19.930693] [<ffffffff81df90fb>] ? check_preemption_disabled+0x3b/0x200
[ 19.937501] [<ffffffff81bd906b>] ? avc_has_perm+0x28b/0x4f0
[ 19.943262] [<ffffffff81bd90dd>] ? avc_has_perm+0x2fd/0x4f0
[ 19.949025] [<ffffffff81bd8e90>] ? avc_has_perm+0xb0/0x4f0
[ 19.954700] [<ffffffff81bd8de0>] ? avc_has_perm_noaudit+0x450/0x450
[ 19.961159] [<ffffffff81df90fb>] ? check_preemption_disabled+0x3b/0x200
[ 19.967965] [<ffffffff81bf4852>] ? sock_has_perm+0x1c2/0x3e0
[ 19.973823] [<ffffffff81bf4922>] ? sock_has_perm+0x292/0x3e0
[ 19.979677] [<ffffffff81bf472f>] ? sock_has_perm+0x9f/0x3e0
[ 19.985437] [<ffffffff81bf4690>] ? selinux_file_send_sigiotask+0x310/0x310
[ 19.992505] [<ffffffff8320e65f>] compat_ip_setsockopt+0x4f/0xf0
[ 19.998614] [<ffffffff83217be5>] inet_csk_compat_setsockopt+0x95/0x120
[ 20.005330] [<ffffffff8320e610>] ? ip_setsockopt+0xb0/0xb0
[ 20.011006] [<ffffffff8322df7d>] compat_tcp_setsockopt+0x3d/0x70
[ 20.017205] [<ffffffff82edb362>] compat_sock_common_setsockopt+0xb2/0x140
[ 20.024188] [<ffffffff8322df40>] ? tcp_setsockopt+0xd0/0xd0
[ 20.029957] [<ffffffff82fda9f9>] compat_SyS_setsockopt+0x149/0x290
[ 20.036325] [<ffffffff82edb2b0>] ? sock_common_setsockopt+0xd0/0xd0
[ 20.042784] [<ffffffff82fda8b0>] ? scm_detach_fds_compat+0x3c0/0x3c0
[ 20.049339] [<ffffffff81006d9f>] ? do_fast_syscall_32+0xcf/0x890
[ 20.055541] [<ffffffff82fda8b0>] ? scm_detach_fds_compat+0x3c0/0x3c0
[ 20.062084] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[ 20.068200] [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 20.074842] [<ffffffff838b05e1>] entry_SYSENTER_compat+0x51/0x60
[ 20.081042]
[ 20.082637] Allocated by task 3324:
[ 20.086228] save_stack_trace+0x16/0x20
[ 20.090167] save_stack+0x43/0xd0
[ 20.093584] kasan_kmalloc+0xad/0xe0
[ 20.097261] __kmalloc+0x11d/0x310
[ 20.100766] xfrm_user_policy+0xc1/0x530
[ 20.104788] do_ip_setsockopt.isra.12+0x1977/0x2960
[ 20.109767] compat_ip_setsockopt+0x4f/0xf0
[ 20.114050] inet_csk_compat_setsockopt+0x95/0x120
[ 20.118949] compat_tcp_setsockopt+0x3d/0x70
[ 20.123321] compat_sock_common_setsockopt+0xb2/0x140
[ 20.128474] compat_SyS_setsockopt+0x149/0x290
[ 20.133032] do_fast_syscall_32+0x2f7/0x890
[ 20.137316] entry_SYSENTER_compat+0x51/0x60
[ 20.141684]
[ 20.143277] Freed by task 1798:
[ 20.146520] save_stack_trace+0x16/0x20
[ 20.150461] save_stack+0x43/0xd0
[ 20.153877] kasan_slab_free+0x72/0xc0
[ 20.157731] kfree+0x103/0x300
[ 20.160888] seq_release+0x59/0x70
[ 20.164392] kernfs_fop_release+0xcb/0x140
[ 20.168588] __fput+0x28c/0x6e0
[ 20.171830] ____fput+0x15/0x20
[ 20.175077] task_work_run+0x115/0x190
[ 20.178925] exit_to_usermode_loop+0xfc/0x120
[ 20.183386] syscall_return_slowpath+0x1a0/0x1e0
[ 20.188105] entry_SYSCALL_64_fastpath+0xc4/0xc6
[ 20.192826]
[ 20.194417] The buggy address belongs to the object at ffff8801ca354640
[ 20.194417] which belongs to the cache kmalloc-256 of size 256
[ 20.207036] The buggy address is located 24 bytes inside of
[ 20.207036] 256-byte region [ffff8801ca354640, ffff8801ca354740)
[ 20.218784] The buggy address belongs to the page:
[ 20.223687] page:ffffea000728d500 count:1 mapcount:0 mapping: (null) index:0xffff8801ca354dc0
[ 20.233215] flags: 0x8000000000000080(slab)
[ 20.237499] page dumped because: kasan: bad access detected
[ 20.243169]
[ 20.244759] Memory state around the buggy address:
[ 20.249657] ffff8801ca354600: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 20.256978] ffff8801ca354680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 20.264305] >ffff8801ca354700: 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 20.271625] ^
[ 20.274954] ffff8801ca354780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 20.282275] ffff8801ca354800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 20.289593] ==================================================================
[ 20.296918] Disabling lock debugging due to kernel taint
[ 20.302601] Kernel panic - not syncing: panic_on_warn set ...
[ 20.302601]
[ 20.309948] CPU: 0 PID: 3324 Comm: syzkaller883765 Tainted: G B 4.9.71-g2506378 #9
[ 20.318747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 20.328078] ffff8801c927f770 ffffffff81d922b9 ffffffff84194b3f ffff8801c927f848
[ 20.336021] 0000000000000000 ffff8801ca354700 ffff8801c89b2200 ffff8801c927f838
[ 20.343966] ffffffff8142d741 0000000041b58ab3 ffffffff84188580 ffffffff8142d585
[ 20.351910] Call Trace:
[ 20.354475] [<ffffffff81d922b9>] dump_stack+0xc1/0x128
[ 20.359805] [<ffffffff8142d741>] panic+0x1bc/0x3a8
[ 20.364797] [<ffffffff8142d585>] ? percpu_up_read_preempt_enable.constprop.53+0xd7/0xd7
[ 20.373002] [<ffffffff8389fdd5>] ? preempt_schedule+0x25/0x30
[ 20.378939] [<ffffffff81003066>] ? ___preempt_schedule+0x16/0x18
[ 20.385136] [<ffffffff8153ba20>] kasan_end_report+0x50/0x50
[ 20.390902] [<ffffffff8153bec7>] kasan_report+0x167/0x360
[ 20.396493] [<ffffffff83579c16>] ? pfkey_compile_policy+0x8e6/0xd40
[ 20.402949] [<ffffffff8153a9e7>] check_memory_region+0x137/0x190
[ 20.409144] [<ffffffff8153af23>] memcpy+0x23/0x50
[ 20.414038] [<ffffffff83579c16>] pfkey_compile_policy+0x8e6/0xd40
[ 20.420321] [<ffffffff833d2ece>] xfrm_user_policy+0x2fe/0x530
[ 20.426255] [<ffffffff833d2dea>] ? xfrm_user_policy+0x21a/0x530
[ 20.432365] [<ffffffff833d2bd0>] ? xfrm_replay_timer_handler+0x320/0x320
[ 20.439257] [<ffffffff8114f20f>] ? ns_capable_common+0xcf/0x160
[ 20.445367] [<ffffffff8320d577>] do_ip_setsockopt.isra.12+0x1977/0x2960
[ 20.452169] [<ffffffff8320bc00>] ? ip_ra_control+0x440/0x440
[ 20.458017] [<ffffffff8123a649>] ? __lock_acquire+0x629/0x3640
[ 20.464041] [<ffffffff81463965>] ? release_pages+0x595/0x930
[ 20.469899] [<ffffffff81df90fb>] ? check_preemption_disabled+0x3b/0x200
[ 20.476716] [<ffffffff81bd906b>] ? avc_has_perm+0x28b/0x4f0
[ 20.482478] [<ffffffff81bd90dd>] ? avc_has_perm+0x2fd/0x4f0
[ 20.488238] [<ffffffff81bd8e90>] ? avc_has_perm+0xb0/0x4f0
[ 20.493915] [<ffffffff81bd8de0>] ? avc_has_perm_noaudit+0x450/0x450
[ 20.500373] [<ffffffff81df90fb>] ? check_preemption_disabled+0x3b/0x200
[ 20.507174] [<ffffffff81bf4852>] ? sock_has_perm+0x1c2/0x3e0
[ 20.513025] [<ffffffff81bf4922>] ? sock_has_perm+0x292/0x3e0
[ 20.518873] [<ffffffff81bf472f>] ? sock_has_perm+0x9f/0x3e0
[ 20.524641] [<ffffffff81bf4690>] ? selinux_file_send_sigiotask+0x310/0x310
[ 20.531714] [<ffffffff8320e65f>] compat_ip_setsockopt+0x4f/0xf0
[ 20.537822] [<ffffffff83217be5>] inet_csk_compat_setsockopt+0x95/0x120
[ 20.544538] [<ffffffff8320e610>] ? ip_setsockopt+0xb0/0xb0
[ 20.550219] [<ffffffff8322df7d>] compat_tcp_setsockopt+0x3d/0x70
[ 20.556413] [<ffffffff82edb362>] compat_sock_common_setsockopt+0xb2/0x140
[ 20.563391] [<ffffffff8322df40>] ? tcp_setsockopt+0xd0/0xd0
[ 20.569154] [<ffffffff82fda9f9>] compat_SyS_setsockopt+0x149/0x290
[ 20.575522] [<ffffffff82edb2b0>] ? sock_common_setsockopt+0xd0/0xd0
[ 20.582073] [<ffffffff82fda8b0>] ? scm_detach_fds_compat+0x3c0/0x3c0
[ 20.588618] [<ffffffff81006d9f>] ? do_fast_syscall_32+0xcf/0x890
[ 20.594822] [<ffffffff82fda8b0>] ? scm_detach_fds_compat+0x3c0/0x3c0
[ 20.601364] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[ 20.607471] [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 20.614101] [<ffffffff838b05e1>] entry_SYSENTER_compat+0x51/0x60
[ 20.620738] Dumping ftrace buffer:
[ 20.624248] (ftrace buffer empty)
[ 20.627923] Kernel Offset: disabled
[ 20.631515] Rebooting in 86400 seconds..