[....] Starting enhanced syslogd: rsyslogd[   11.877882] audit: type=1400 audit(1513249518.163:4): avc:  denied  { syslog } for  pid=3164 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-android-49-kasan-gce-3,10.128.0.18' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   19.589681] ==================================================================
[   19.597063] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x153e/0x3470 at addr ffff8801ccc2db98
[   19.605776] Read of size 8192 by task syzkaller936692/3313
[   19.611363] CPU: 1 PID: 3313 Comm: syzkaller936692 Not tainted 4.9.69-g3f1d77c #108
[   19.619117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   19.628436]  ffff8801ccf17748 ffffffff81d90a29 ffff8801da001280 ffff8801ccc2db80
[   19.636387]  ffff8801ccc2dd80 ffffed0039985bb0 ffff8801ccc2db98 ffff8801ccf17770
[   19.644341]  ffffffff8153a45c ffffed0039985bb0 ffff8801da001280 0000000000000000
[   19.652296] Call Trace:
[   19.654849]  [<ffffffff81d90a29>] dump_stack+0xc1/0x128
[   19.660182]  [<ffffffff8153a45c>] kasan_object_err+0x1c/0x70
[   19.665944]  [<ffffffff8153a71c>] kasan_report.part.1+0x21c/0x500
[   19.672138]  [<ffffffff81535e5d>] ? __kmalloc+0x19d/0x310
[   19.677643]  [<ffffffff8356c1ee>] ? pfkey_add+0x153e/0x3470
[   19.683319]  [<ffffffff81284d03>] ? rcu_read_lock_sched_held+0x103/0x120
[   19.690125]  [<ffffffff8153ace1>] kasan_report+0x21/0x30
[   19.695545]  [<ffffffff81539627>] check_memory_region+0x137/0x190
[   19.701739]  [<ffffffff81539b23>] memcpy+0x23/0x50
[   19.706640]  [<ffffffff8356c1ee>] pfkey_add+0x153e/0x3470
[   19.712141]  [<ffffffff8356acb0>] ? pfkey_delete+0x360/0x360
[   19.717909]  [<ffffffff83562020>] ? pfkey_seq_stop+0x80/0x80
[   19.723670]  [<ffffffff82eea81a>] ? __skb_clone+0x24a/0x7d0
[   19.729349]  [<ffffffff8356acb0>] ? pfkey_delete+0x360/0x360
[   19.735110]  [<ffffffff8356470e>] pfkey_process+0x61e/0x730
[   19.740783]  [<ffffffff835640f0>] ? pfkey_send_new_mapping+0x11b0/0x11b0
[   19.747587]  [<ffffffff81238c4b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   19.754391]  [<ffffffff83565fb9>] pfkey_sendmsg+0x3a9/0x760
[   19.760065]  [<ffffffff83565c10>] ? pfkey_spdget+0x820/0x820
[   19.765828]  [<ffffffff82ecfb9a>] sock_sendmsg+0xca/0x110
[   19.771330]  [<ffffffff82ed1791>] ___sys_sendmsg+0x6d1/0x7e0
[   19.777093]  [<ffffffff82ed10c0>] ? copy_msghdr_from_user+0x550/0x550
[   19.783636]  [<ffffffff81462e77>] ? __lru_cache_add+0x187/0x250
[   19.789657]  [<ffffffff81545cb5>] ? do_huge_pmd_anonymous_page+0xb05/0x10d0
[   19.796721]  [<ffffffff838aa23c>] ? _raw_spin_unlock+0x2c/0x50
[   19.802655]  [<ffffffff81545484>] ? do_huge_pmd_anonymous_page+0x2d4/0x10d0
[   19.809726]  [<ffffffff814cbe9e>] ? handle_mm_fault+0x6ee/0x2530
[   19.815835]  [<ffffffff81232151>] ? __lock_is_held+0xa1/0xf0
[   19.821594]  [<ffffffff814cb7b0>] ? __pmd_alloc+0x410/0x410
[   19.827276]  [<ffffffff815cd978>] ? __fget_light+0x158/0x1e0
[   19.833035]  [<ffffffff815cda18>] ? __fdget+0x18/0x20
[   19.838189]  [<ffffffff82ed37c6>] __sys_sendmsg+0xd6/0x190
[   19.843776]  [<ffffffff82ed36f0>] ? SyS_shutdown+0x1b0/0x1b0
[   19.849539]  [<ffffffff810dd47c>] ? __do_page_fault+0x5ec/0xd40
[   19.855561]  [<ffffffff810dd24d>] ? __do_page_fault+0x3bd/0xd40
[   19.861582]  [<ffffffff81238c4b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   19.868386]  [<ffffffff82ed38ad>] SyS_sendmsg+0x2d/0x50
[   19.873717]  [<ffffffff838aab05>] entry_SYSCALL_64_fastpath+0x23/0xc6
[   19.880261] Object at ffff8801ccc2db80, in cache kmalloc-512 size: 512
[   19.886887] Allocated:
[   19.889346] PID = 3313
[   19.891810]  save_stack_trace+0x16/0x20
[   19.895748]  save_stack+0x43/0xd0
[   19.899164]  kasan_kmalloc+0xad/0xe0
[   19.902839]  kasan_slab_alloc+0x12/0x20
[   19.906777]  __kmalloc_track_caller+0xda/0x2b0
[   19.911322]  __kmalloc_reserve.isra.37+0x33/0xc0
[   19.916045]  __alloc_skb+0x119/0x600
[   19.919722]  pfkey_sendmsg+0x135/0x760
[   19.923570]  sock_sendmsg+0xca/0x110
[   19.927265]  ___sys_sendmsg+0x6d1/0x7e0
[   19.931203]  __sys_sendmsg+0xd6/0x190
[   19.934979]  SyS_sendmsg+0x2d/0x50
[   19.938483]  entry_SYSCALL_64_fastpath+0x23/0xc6
[   19.943199] Freed:
[   19.945311] PID = 0
[   19.947508] (stack is not available)
[   19.951180] Memory state around the buggy address:
[   19.956078]  ffff8801ccc2dc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.963405]  ffff8801ccc2dd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.970728] >ffff8801ccc2dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.978050]                    ^
[   19.981380]  ffff8801ccc2de00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.988702]  ffff8801ccc2de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.996021] ==================================================================
[   20.003342] Disabling lock debugging due to kernel taint