[....] Starting enhanced syslogd: rsyslogd[   11.467183] audit: type=1400 audit(1513087121.318:4): avc:  denied  { syslog } for  pid=3164 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-android-49-kasan-gce-4,10.128.15.216' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   34.900377] ==================================================================
[   34.901516] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x153e/0x3470 at addr ffff8801ca664518
[   34.902672] Read of size 8192 by task syzkaller921419/3331
[   34.903419] CPU: 0 PID: 3331 Comm: syzkaller921419 Not tainted 4.9.68-gfb66dc2 #107
[   34.904440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.905678]  ffff8801c9baf748 ffffffff81d90889 ffff8801da001280 ffff8801ca664500
[   34.906845]  ffff8801ca664700 ffffed00394cc8e0 ffff8801ca664518 ffff8801c9baf770
[   34.908008]  ffffffff8153a44c ffffed00394cc8e0 ffff8801da001280 0000000000000000
[   34.909187] Call Trace:
[   34.909547]  [<ffffffff81d90889>] dump_stack+0xc1/0x128
[   34.910260]  [<ffffffff8153a44c>] kasan_object_err+0x1c/0x70
[   34.911040]  [<ffffffff8153a70c>] kasan_report.part.1+0x21c/0x500
[   34.911861]  [<ffffffff81535e4d>] ? __kmalloc+0x19d/0x310
[   34.912591]  [<ffffffff8356c0ce>] ? pfkey_add+0x153e/0x3470
[   34.913347]  [<ffffffff81284cf3>] ? rcu_read_lock_sched_held+0x103/0x120
[   34.914244]  [<ffffffff8153acd1>] kasan_report+0x21/0x30
[   34.914980]  [<ffffffff81539617>] check_memory_region+0x137/0x190
[   34.915797]  [<ffffffff81539b13>] memcpy+0x23/0x50
[   34.916449]  [<ffffffff8356c0ce>] pfkey_add+0x153e/0x3470
[   34.917181]  [<ffffffff8356ab90>] ? pfkey_delete+0x360/0x360
[   34.917964]  [<ffffffff83561f00>] ? pfkey_seq_stop+0x80/0x80
[   34.918754]  [<ffffffff82eea81a>] ? __skb_clone+0x24a/0x7d0
[   34.919526]  [<ffffffff8356ab90>] ? pfkey_delete+0x360/0x360
[   34.920326]  [<ffffffff835645ee>] pfkey_process+0x61e/0x730
[   34.925044]  [<ffffffff83563fd0>] ? pfkey_send_new_mapping+0x11b0/0x11b0
[   34.931859]  [<ffffffff81238c3b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   34.938672]  [<ffffffff83565e99>] pfkey_sendmsg+0x3a9/0x760
[   34.944352]  [<ffffffff83565af0>] ? pfkey_spdget+0x820/0x820
[   34.950119]  [<ffffffff82ecfb9a>] sock_sendmsg+0xca/0x110
[   34.955627]  [<ffffffff82ed1791>] ___sys_sendmsg+0x6d1/0x7e0
[   34.961394]  [<ffffffff82ed10c0>] ? copy_msghdr_from_user+0x550/0x550
[   34.967940]  [<ffffffff81462e67>] ? __lru_cache_add+0x187/0x250
[   34.973966]  [<ffffffff81465569>] ? lru_cache_add+0xd9/0x1e0
[   34.979734]  [<ffffffff814cc2b2>] ? handle_mm_fault+0xb12/0x2530
[   34.985846]  [<ffffffff838aa11c>] ? _raw_spin_unlock+0x2c/0x50
[   34.991786]  [<ffffffff814cbe8e>] ? handle_mm_fault+0x6ee/0x2530
[   34.998767]  [<ffffffff81232141>] ? __lock_is_held+0xa1/0xf0
[   35.004533]  [<ffffffff814cb7a0>] ? __pmd_alloc+0x410/0x410
[   35.010212]  [<ffffffff815cd8b8>] ? __fget_light+0x158/0x1e0
[   35.015977]  [<ffffffff815cd958>] ? __fdget+0x18/0x20
[   35.021147]  [<ffffffff82ed37c6>] __sys_sendmsg+0xd6/0x190
[   35.026791]  [<ffffffff82ed36f0>] ? SyS_shutdown+0x1b0/0x1b0
[   35.032833]  [<ffffffff810dd47c>] ? __do_page_fault+0x5ec/0xd40
[   35.038862]  [<ffffffff810dd24d>] ? __do_page_fault+0x3bd/0xd40
[   35.044894]  [<ffffffff81238c3b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   35.051699]  [<ffffffff82ed38ad>] SyS_sendmsg+0x2d/0x50
[   35.057036]  [<ffffffff838aa9c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
[   35.063587] Object at ffff8801ca664500, in cache kmalloc-512 size: 512
[   35.070217] Allocated:
[   35.072680] PID = 3331
[   35.075155]  save_stack_trace+0x16/0x20
[   35.079096]  save_stack+0x43/0xd0
[   35.082514]  kasan_kmalloc+0xad/0xe0
[   35.086193]  kasan_slab_alloc+0x12/0x20
[   35.090132]  __kmalloc_track_caller+0xda/0x2b0
[   35.094684]  __kmalloc_reserve.isra.37+0x33/0xc0
[   35.099404]  __alloc_skb+0x119/0x600
[   35.103094]  pfkey_sendmsg+0x135/0x760
[   35.106953]  sock_sendmsg+0xca/0x110
[   35.110636]  ___sys_sendmsg+0x6d1/0x7e0
[   35.114578]  __sys_sendmsg+0xd6/0x190
[   35.118344]  SyS_sendmsg+0x2d/0x50
[   35.121854]  entry_SYSCALL_64_fastpath+0x23/0xc6
[   35.126572] Freed:
[   35.128687] PID = 0
[   35.130892] (stack is not available)
[   35.134922] Memory state around the buggy address:
[   35.141742]  ffff8801ca664600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.149066]  ffff8801ca664680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   35.156391] >ffff8801ca664700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.163716]                    ^
[   35.167048]  ffff8801ca664780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.174373]  ffff8801ca664800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.181696] ==================================================================
[   35.189106] Disabling lock debugging due to kernel taint