INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.19' (ECDSA) to the list of known hosts.
2018/04/05 16:56:08 parsed 1 programs
2018/04/05 16:56:08 executed programs: 0
syzkaller login: [   27.980929] IPVS: ftp: loaded support on port[0] = 21
[   28.024620] ==================================================================
[   28.032085] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x259e/0x3270
[   28.038638] Read of size 2081 at addr ffff8801aec02a58 by task syz-executor0/4476
[   28.046226] 
[   28.047827] CPU: 0 PID: 4476 Comm: syz-executor0 Not tainted 4.16.0+ #288
[   28.054719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.064047] Call Trace:
[   28.066610]  dump_stack+0x1a7/0x27d
[   28.070210]  ? arch_local_irq_restore+0x53/0x53
[   28.074851]  ? show_regs_print_info+0x18/0x18
[   28.079317]  ? __lock_is_held+0xb6/0x140
[   28.083353]  ? kasan_check_write+0x14/0x20
[   28.087561]  ? pfkey_add+0x259e/0x3270
[   28.091424]  print_address_description+0x73/0x250
[   28.096239]  ? pfkey_add+0x259e/0x3270
[   28.100096]  kasan_report+0x23c/0x360
[   28.103869]  check_memory_region+0x137/0x190
[   28.108252]  memcpy+0x23/0x50
[   28.111332]  pfkey_add+0x259e/0x3270
[   28.115029]  ? set_ipsecrequest+0x310/0x310
[   28.119327]  ? lock_release+0xa40/0xa40
[   28.123272]  ? set_ipsecrequest+0x310/0x310
[   28.127563]  pfkey_process+0x67e/0x740
[   28.131431]  ? pfkey_send_new_mapping+0x11e0/0x11e0
[   28.136417]  ? kasan_check_write+0x14/0x20
[   28.140634]  pfkey_sendmsg+0x4dc/0xa00
[   28.144493]  ? pfkey_spdget+0xb00/0xb00
[   28.148441]  ? get_compat_msghdr+0x38e/0x570
[   28.152823]  ? compat_mc_getsockopt+0x8e0/0x8e0
[   28.157466]  ? security_socket_sendmsg+0x89/0xb0
[   28.162194]  ? pfkey_spdget+0xb00/0xb00
[   28.166148]  sock_sendmsg+0xca/0x110
[   28.169836]  ___sys_sendmsg+0x767/0x8b0
[   28.173784]  ? copy_msghdr_from_user+0x590/0x590
[   28.178526]  ? __handle_mm_fault+0x625/0x38e0
[   28.182995]  ? __pmd_alloc+0x4f0/0x4f0
[   28.186863]  ? trace_hardirqs_off+0x10/0x10
[   28.191159]  ? kasan_check_read+0x11/0x20
[   28.195281]  ? __fget_light+0x2bc/0x400
[   28.199231]  ? fget_raw+0x20/0x20
[   28.202657]  ? handle_mm_fault+0x35b/0xb20
[   28.206865]  ? find_held_lock+0x35/0x1d0
[   28.210908]  ? __fdget+0x18/0x20
[   28.214247]  __sys_sendmsg+0x105/0x250
[   28.218117]  ? __sys_sendmsg+0x105/0x250
[   28.222158]  ? SyS_shutdown+0x30/0x30
[   28.225936]  ? compat_SyS_futex+0x288/0x380
[   28.230237]  compat_SyS_sendmsg+0x2c/0x40
[   28.234620]  ? compat_SyS_getsockopt+0x50/0x50
[   28.239176]  do_fast_syscall_32+0x3ec/0xf9f
[   28.243470]  ? do_int80_syscall_32+0x9c0/0x9c0
[   28.248032]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.252764]  ? syscall_return_slowpath+0x2ac/0x550
[   28.257665]  ? prepare_exit_to_usermode+0x350/0x350
[   28.262655]  ? sysret32_from_system_call+0x5/0x3c
[   28.267472]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   28.272288]  entry_SYSENTER_compat+0x70/0x7f
[   28.276668] RIP: 0023:0xf7f12c99
[   28.280002] RSP: 002b:00000000ffd78bec EFLAGS: 00000286 ORIG_RAX: 0000000000000172
[   28.287696] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020f56000
[   28.294954] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   28.302194] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   28.309434] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   28.316678] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   28.323926] 
[   28.325528] Allocated by task 4476:
[   28.329129]  save_stack+0x43/0xd0
[   28.332551]  kasan_kmalloc+0xad/0xe0
[   28.336236]  __kmalloc_node_track_caller+0x47/0x70
[   28.341136]  __kmalloc_reserve.isra.39+0x41/0xd0
[   28.345866]  __alloc_skb+0x12a/0x760
[   28.349552]  pfkey_sendmsg+0x20f/0xa00
[   28.353411]  sock_sendmsg+0xca/0x110
[   28.357098]  ___sys_sendmsg+0x767/0x8b0
[   28.361046]  __sys_sendmsg+0x105/0x250
[   28.364904]  compat_SyS_sendmsg+0x2c/0x40
[   28.369029]  do_fast_syscall_32+0x3ec/0xf9f
[   28.373333]  entry_SYSENTER_compat+0x70/0x7f
[   28.377709] 
[   28.379307] Freed by task 0:
[   28.382292] (stack is not available)
[   28.385971] 
[   28.387571] The buggy address belongs to the object at ffff8801aec02a40
[   28.387571]  which belongs to the cache kmalloc-512 of size 512
[   28.400199] The buggy address is located 24 bytes inside of
[   28.400199]  512-byte region [ffff8801aec02a40, ffff8801aec02c40)
[   28.411957] The buggy address belongs to the page:
[   28.416861] page:ffffea0006bb0080 count:1 mapcount:0 mapping:ffff8801aec02040 index:0x0
[   28.424974] flags: 0x2fffc0000000100(slab)
[   28.429179] raw: 02fffc0000000100 ffff8801aec02040 0000000000000000 0000000100000006
[   28.437037] raw: ffffea0006b5cfe0 ffffea0006a6cd20 ffff8801dac00940 0000000000000000
[   28.444902] page dumped because: kasan: bad access detected
[   28.450581] 
[   28.452179] Memory state around the buggy address:
[   28.457078]  ffff8801aec02b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.464408]  ffff8801aec02b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   28.471735] >ffff8801aec02c00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   28.479063]                                            ^
[   28.484487]  ffff8801aec02c80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   28.491815]  ffff8801aec02d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   28.499144] ==================================================================
[   28.506471] Disabling lock debugging due to kernel taint
[   28.511977] Kernel panic - not syncing: panic_on_warn set ...
[   28.511977] 
[   28.519324] CPU: 0 PID: 4476 Comm: syz-executor0 Tainted: G    B            4.16.0+ #288
[   28.527520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.536847] Call Trace:
[   28.539412]  dump_stack+0x1a7/0x27d
[   28.543013]  ? arch_local_irq_restore+0x53/0x53
[   28.547658]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.552392]  ? vsnprintf+0x1ed/0x1900
[   28.556175]  ? pfkey_add+0x2560/0x3270
[   28.560044]  panic+0x1f8/0x42c
[   28.563211]  ? refcount_error_report+0x214/0x214
[   28.567943]  ? do_raw_spin_unlock+0x9e/0x310
[   28.572323]  ? do_raw_spin_unlock+0x9e/0x310
[   28.576709]  ? pfkey_add+0x259e/0x3270
[   28.580568]  kasan_end_report+0x50/0x50
[   28.584513]  kasan_report+0x149/0x360
[   28.588284]  check_memory_region+0x137/0x190
[   28.592665]  memcpy+0x23/0x50
[   28.595743]  pfkey_add+0x259e/0x3270
[   28.599432]  ? set_ipsecrequest+0x310/0x310
[   28.603725]  ? lock_release+0xa40/0xa40
[   28.607669]  ? set_ipsecrequest+0x310/0x310
[   28.611961]  pfkey_process+0x67e/0x740
[   28.615823]  ? pfkey_send_new_mapping+0x11e0/0x11e0
[   28.620813]  ? kasan_check_write+0x14/0x20
[   28.625032]  pfkey_sendmsg+0x4dc/0xa00
[   28.628896]  ? pfkey_spdget+0xb00/0xb00
[   28.632844]  ? get_compat_msghdr+0x38e/0x570
[   28.637229]  ? compat_mc_getsockopt+0x8e0/0x8e0
[   28.641870]  ? security_socket_sendmsg+0x89/0xb0
[   28.646595]  ? pfkey_spdget+0xb00/0xb00
[   28.650541]  sock_sendmsg+0xca/0x110
[   28.654233]  ___sys_sendmsg+0x767/0x8b0
[   28.658187]  ? copy_msghdr_from_user+0x590/0x590
[   28.662920]  ? __handle_mm_fault+0x625/0x38e0
[   28.667386]  ? __pmd_alloc+0x4f0/0x4f0
[   28.671245]  ? trace_hardirqs_off+0x10/0x10
[   28.675538]  ? kasan_check_read+0x11/0x20
[   28.679656]  ? __fget_light+0x2bc/0x400
[   28.683601]  ? fget_raw+0x20/0x20
[   28.687032]  ? handle_mm_fault+0x35b/0xb20
[   28.691245]  ? find_held_lock+0x35/0x1d0
[   28.695278]  ? __fdget+0x18/0x20
[   28.698617]  __sys_sendmsg+0x105/0x250
[   28.702477]  ? __sys_sendmsg+0x105/0x250
[   28.706511]  ? SyS_shutdown+0x30/0x30
[   28.710295]  ? compat_SyS_futex+0x288/0x380
[   28.714590]  compat_SyS_sendmsg+0x2c/0x40
[   28.718707]  ? compat_SyS_getsockopt+0x50/0x50
[   28.723260]  do_fast_syscall_32+0x3ec/0xf9f
[   28.727554]  ? do_int80_syscall_32+0x9c0/0x9c0
[   28.732105]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   28.736834]  ? syscall_return_slowpath+0x2ac/0x550
[   28.741742]  ? prepare_exit_to_usermode+0x350/0x350
[   28.746732]  ? sysret32_from_system_call+0x5/0x3c
[   28.751546]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   28.756360]  entry_SYSENTER_compat+0x70/0x7f
[   28.760738] RIP: 0023:0xf7f12c99
[   28.764070] RSP: 002b:00000000ffd78bec EFLAGS: 00000286 ORIG_RAX: 0000000000000172
[   28.771747] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020f56000
[   28.778987] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   28.786229] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   28.793471] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   28.800712] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   28.808443] Dumping ftrace buffer:
[   28.811956]    (ftrace buffer empty)
[   28.815635] Kernel Offset: disabled
[   28.819232] Rebooting in 86400 seconds..