[....] Starting enhanced syslogd: rsyslogd[ 9.576856] audit: type=1400 audit(1512921358.931:4): avc: denied { syslog } for pid=3163 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added 'ci-android-49-kasan-gce-386-1,10.128.15.202' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 29.008211] ==================================================================
[ 29.009442] BUG: KASAN: slab-out-of-bounds in pfkey_compile_policy+0x8e6/0xd40 at addr ffff8801cf1ef158
[ 29.010728] Read of size 1280 by task syzkaller254444/3327
[ 29.011589] CPU: 1 PID: 3327 Comm: syzkaller254444 Not tainted 4.9.67-gf26d3c7 #2
[ 29.012653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 29.014037] ffff8801cb7677d8 ffffffff81d906e9 ffff8801da0013c0 ffff8801cf1ef140
[ 29.015238] ffff8801cf1ef240 ffffed0039e3de40 ffff8801cf1ef158 ffff8801cb767800
[ 29.016367] ffffffff8153a2cc ffffed0039e3de40 ffff8801da0013c0 0000000000000000
[ 29.017498] Call Trace:
[ 29.017855] [<ffffffff81d906e9>] dump_stack+0xc1/0x128
[ 29.018602] [<ffffffff8153a2cc>] kasan_object_err+0x1c/0x70
[ 29.019389] [<ffffffff8153a58c>] kasan_report.part.1+0x21c/0x500
[ 29.020281] [<ffffffff83574016>] ? pfkey_compile_policy+0x8e6/0xd40
[ 29.021136] [<ffffffff815396c5>] ? kasan_unpoison_shadow+0x35/0x50
[ 29.022027] [<ffffffff8153ab51>] kasan_report+0x21/0x30
[ 29.022750] [<ffffffff81539497>] check_memory_region+0x137/0x190
[ 29.023589] [<ffffffff81539993>] memcpy+0x23/0x50
[ 29.024271] [<ffffffff83574016>] pfkey_compile_policy+0x8e6/0xd40
[ 29.025105] [<ffffffff833ccfbe>] xfrm_user_policy+0x2fe/0x530
[ 29.025913] [<ffffffff833cceda>] ? xfrm_user_policy+0x21a/0x530
[ 29.026722] [<ffffffff833cccc0>] ? xfrm_replay_timer_handler+0x320/0x320
[ 29.027634] [<ffffffff8114f1df>] ? ns_capable_common+0xcf/0x160
[ 29.029076] [<ffffffff83207417>] do_ip_setsockopt.isra.12+0x1977/0x2960
[ 29.035884] [<ffffffff83205aa0>] ? ip_ra_control+0x440/0x440
[ 29.041737] [<ffffffff81239a99>] ? __lock_acquire+0x629/0x3640
[ 29.047764] [<ffffffff814624f5>] ? release_pages+0x595/0x930
[ 29.053626] [<ffffffff81df751b>] ? check_preemption_disabled+0x3b/0x200
[ 29.060439] [<ffffffff81bd75cb>] ? avc_has_perm+0x28b/0x4f0
[ 29.066202] [<ffffffff81bd763d>] ? avc_has_perm+0x2fd/0x4f0
[ 29.071966] [<ffffffff81bd73f0>] ? avc_has_perm+0xb0/0x4f0
[ 29.077644] [<ffffffff81bd7340>] ? avc_has_perm_noaudit+0x450/0x450
[ 29.084103] [<ffffffff81df751b>] ? check_preemption_disabled+0x3b/0x200
[ 29.090919] [<ffffffff81bf2db2>] ? sock_has_perm+0x1c2/0x3e0
[ 29.096770] [<ffffffff81bf2e82>] ? sock_has_perm+0x292/0x3e0
[ 29.102620] [<ffffffff81bf2c8f>] ? sock_has_perm+0x9f/0x3e0
[ 29.108385] [<ffffffff81bf2bf0>] ? selinux_file_send_sigiotask+0x310/0x310
[ 29.115453] [<ffffffff832084ff>] compat_ip_setsockopt+0x4f/0xf0
[ 29.121566] [<ffffffff83211e65>] inet_csk_compat_setsockopt+0x95/0x120
[ 29.128291] [<ffffffff832084b0>] ? ip_setsockopt+0xb0/0xb0
[ 29.133970] [<ffffffff832281fd>] compat_tcp_setsockopt+0x3d/0x70
[ 29.140173] [<ffffffff82ed5352>] compat_sock_common_setsockopt+0xb2/0x140
[ 29.147152] [<ffffffff832281c0>] ? tcp_setsockopt+0xd0/0xd0
[ 29.152916] [<ffffffff82fd4989>] compat_SyS_setsockopt+0x149/0x290
[ 29.159288] [<ffffffff82ed52a0>] ? sock_common_setsockopt+0xd0/0xd0
[ 29.165745] [<ffffffff82fd4840>] ? scm_detach_fds_compat+0x3c0/0x3c0
[ 29.172290] [<ffffffff81006d9f>] ? do_fast_syscall_32+0xcf/0x890
[ 29.178489] [<ffffffff82fd4840>] ? scm_detach_fds_compat+0x3c0/0x3c0
[ 29.185033] [<ffffffff81006fc7>] do_fast_syscall_32+0x2f7/0x890
[ 29.191146] [<ffffffff81003036>] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 29.197787] [<ffffffff838aafe1>] entry_SYSENTER_compat+0x51/0x60
[ 29.204001] Object at ffff8801cf1ef140, in cache kmalloc-256 size: 256
[ 29.210631] Allocated:
[ 29.213092] PID = 3327
[ 29.215571] save_stack_trace+0x16/0x20
[ 29.219520] save_stack+0x43/0xd0
[ 29.222938] kasan_kmalloc+0xad/0xe0
[ 29.226625] __kmalloc+0x11d/0x310
[ 29.230130] xfrm_user_policy+0xc1/0x530
[ 29.234164] do_ip_setsockopt.isra.12+0x1977/0x2960
[ 29.239145] compat_ip_setsockopt+0x4f/0xf0
[ 29.243432] inet_csk_compat_setsockopt+0x95/0x120
[ 29.248327] compat_tcp_setsockopt+0x3d/0x70
[ 29.252700] compat_sock_common_setsockopt+0xb2/0x140
[ 29.257855] compat_SyS_setsockopt+0x149/0x290
[ 29.262400] do_fast_syscall_32+0x2f7/0x890
[ 29.266685] entry_SYSENTER_compat+0x51/0x60
[ 29.271063] Freed:
[ 29.273181] PID = 2996
[ 29.275644] save_stack_trace+0x16/0x20
[ 29.279596] save_stack+0x43/0xd0
[ 29.283013] kasan_slab_free+0x73/0xc0
[ 29.286863] kfree+0xf0/0x2f0
[ 29.289944] free_bprm+0x19d/0x200
[ 29.293460] do_execveat_common.isra.37+0x17df/0x1f10
[ 29.298612] SyS_execve+0x42/0x50
[ 29.302030] do_syscall_64+0x197/0x490
[ 29.305882] return_from_SYSCALL_64+0x0/0x7a
[ 29.310260] Memory state around the buggy address:
[ 29.315155] ffff8801cf1ef100: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 29.322488] ffff8801cf1ef180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 29.329813] >ffff8801cf1ef200: 02 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 29.337135] ^
[ 29.340473] ffff8801cf1ef280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 29.347797] ffff8801cf1ef300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 29.355120] ======================================