INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.63' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   48.325642] ==================================================================
[   48.333108] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x275e/0x3210
[   48.339676] Read of size 8192 at addr ffff8801b8372cc0 by task syzkaller868462/4430
[   48.347476] 
[   48.349090] CPU: 0 PID: 4430 Comm: syzkaller868462 Not tainted 4.16.0+ #2
[   48.356001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   48.365335] Call Trace:
[   48.367909]  dump_stack+0x1b9/0x294
[   48.371553]  ? dump_stack_print_info.cold.2+0x52/0x52
[   48.376730]  ? printk+0x9e/0xba
[   48.379994]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   48.384751]  ? kasan_check_write+0x14/0x20
[   48.388984]  print_address_description+0x6c/0x20b
[   48.393811]  ? pfkey_add+0x275e/0x3210
[   48.397680]  kasan_report.cold.7+0xac/0x2f5
[   48.401986]  check_memory_region+0x13e/0x1b0
[   48.406375]  memcpy+0x23/0x50
[   48.409474]  pfkey_add+0x275e/0x3210
[   48.413174]  ? pfkey_acquire+0x270/0x270
[   48.417226]  ? iov_iter_advance+0x2e4/0x14c0
[   48.421725]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   48.426894]  ? pfkey_acquire+0x270/0x270
[   48.430935]  pfkey_process+0x7cc/0x8a0
[   48.434805]  ? pfkey_send_new_mapping+0x1260/0x1260
[   48.439814]  pfkey_sendmsg+0x5f4/0x1050
[   48.443775]  ? _copy_from_user+0xdf/0x150
[   48.447906]  ? pfkey_spdget+0xb10/0xb10
[   48.451861]  ? security_socket_sendmsg+0x94/0xc0
[   48.456595]  ? pfkey_spdget+0xb10/0xb10
[   48.460550]  sock_sendmsg+0xd5/0x120
[   48.464244]  ___sys_sendmsg+0x805/0x940
[   48.468196]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   48.473716]  ? copy_msghdr_from_user+0x560/0x560
[   48.478459]  ? vm_insert_mixed_mkwrite+0x40/0x40
[   48.483196]  ? graph_lock+0x170/0x170
[   48.486976]  ? graph_lock+0x170/0x170
[   48.490759]  ? find_held_lock+0x36/0x1c0
[   48.494813]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   48.500333]  ? __fget_light+0x2ef/0x430
[   48.504301]  ? fget_raw+0x20/0x20
[   48.507746]  ? find_held_lock+0x36/0x1c0
[   48.511804]  ? lock_downgrade+0x8e0/0x8e0
[   48.515937]  ? handle_mm_fault+0x8c0/0xc70
[   48.520167]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   48.525688]  ? sockfd_lookup_light+0xc5/0x160
[   48.530167]  __sys_sendmsg+0x115/0x270
[   48.534042]  ? SyS_shutdown+0x30/0x30
[   48.537829]  ? __do_page_fault+0x441/0xe40
[   48.542046]  ? fd_install+0x4d/0x60
[   48.545665]  SyS_sendmsg+0x29/0x30
[   48.549192]  ? __sys_sendmsg+0x270/0x270
[   48.553234]  do_syscall_64+0x29e/0x9d0
[   48.557099]  ? vmalloc_sync_all+0x30/0x30
[   48.561229]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   48.566051]  ? syscall_return_slowpath+0x5c0/0x5c0
[   48.570962]  ? syscall_return_slowpath+0x30f/0x5c0
[   48.575887]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   48.581409]  ? retint_user+0x18/0x18
[   48.585112]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   48.589944]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   48.595116] RIP: 0033:0x43fd19
[   48.598290] RSP: 002b:00007ffe7805a4b8 EFLAGS: 00000213 ORIG_RAX: 000000000000002e
[   48.605980] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd19
[   48.613239] RDX: 0000000000000000 RSI: 0000000020196fe4 RDI: 0000000000000003
[   48.621526] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   48.628779] R10: 00000000004002c8 R11: 0000000000000213 R12: 0000000000401640
[   48.636044] R13: 00000000004016d0 R14: 0000000000000000 R15: 0000000000000000
[   48.643300] 
[   48.644909] Allocated by task 4430:
[   48.648521]  save_stack+0x43/0xd0
[   48.651951]  kasan_kmalloc+0xc4/0xe0
[   48.655642]  __kmalloc_node_track_caller+0x47/0x70
[   48.660551]  __kmalloc_reserve.isra.38+0x3a/0xe0
[   48.665294]  __alloc_skb+0x14d/0x780
[   48.668987]  pfkey_sendmsg+0x250/0x1050
[   48.672940]  sock_sendmsg+0xd5/0x120
[   48.676629]  ___sys_sendmsg+0x805/0x940
[   48.680582]  __sys_sendmsg+0x115/0x270
[   48.684448]  SyS_sendmsg+0x29/0x30
[   48.687965]  do_syscall_64+0x29e/0x9d0
[   48.691843]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   48.697009] 
[   48.698614] Freed by task 0:
[   48.701612] (stack is not available)
[   48.705298] 
[   48.706906] The buggy address belongs to the object at ffff8801b8372c80
[   48.706906]  which belongs to the cache kmalloc-512 of size 512
[   48.719541] The buggy address is located 64 bytes inside of
[   48.719541]  512-byte region [ffff8801b8372c80, ffff8801b8372e80)
[   48.731302] The buggy address belongs to the page:
[   48.736211] page:ffffea0006e0dc80 count:1 mapcount:0 mapping:ffff8801b8372000 index:0x0
[   48.744338] flags: 0x2fffc0000000100(slab)
[   48.748554] raw: 02fffc0000000100 ffff8801b8372000 0000000000000000 0000000100000006
[   48.756415] raw: ffffea0006e1a8e0 ffff8801dac01748 ffff8801dac00940 0000000000000000
[   48.764273] page dumped because: kasan: bad access detected
[   48.769954] 
[   48.771557] Memory state around the buggy address:
[   48.776462]  ffff8801b8372d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   48.783892]  ffff8801b8372e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   48.791233] >ffff8801b8372e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   48.798568]                    ^
[   48.801915]  ffff8801b8372f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   48.809260]  ffff8801b8372f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   48.816594] ==================================================================
[   48.823928] Disabling lock debugging due to kernel taint
[   48.829454] Kernel panic - not syncing: panic_on_warn set ...
[   48.829454] 
[   48.836808] CPU: 0 PID: 4430 Comm: syzkaller868462 Tainted: G    B             4.16.0+ #2
[   48.845101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   48.854437] Call Trace:
[   48.857012]  dump_stack+0x1b9/0x294
[   48.860619]  ? dump_stack_print_info.cold.2+0x52/0x52
[   48.865796]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   48.870794]  ? pfkey_add+0x2660/0x3210
[   48.874666]  panic+0x22f/0x4de
[   48.877837]  ? add_taint.cold.5+0x16/0x16
[   48.881963]  ? do_raw_spin_unlock+0x9e/0x2e0
[   48.886352]  ? do_raw_spin_unlock+0x9e/0x2e0
[   48.890744]  ? pfkey_add+0x275e/0x3210
[   48.894627]  kasan_end_report+0x47/0x4f
[   48.898579]  kasan_report.cold.7+0xc9/0x2f5
[   48.902878]  check_memory_region+0x13e/0x1b0
[   48.907262]  memcpy+0x23/0x50
[   48.910343]  pfkey_add+0x275e/0x3210
[   48.914034]  ? pfkey_acquire+0x270/0x270
[   48.918082]  ? iov_iter_advance+0x2e4/0x14c0
[   48.922473]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   48.927638]  ? pfkey_acquire+0x270/0x270
[   48.931678]  pfkey_process+0x7cc/0x8a0
[   48.935543]  ? pfkey_send_new_mapping+0x1260/0x1260
[   48.940556]  pfkey_sendmsg+0x5f4/0x1050
[   48.944510]  ? _copy_from_user+0xdf/0x150
[   48.948637]  ? pfkey_spdget+0xb10/0xb10
[   48.952594]  ? security_socket_sendmsg+0x94/0xc0
[   48.957339]  ? pfkey_spdget+0xb10/0xb10
[   48.961298]  sock_sendmsg+0xd5/0x120
[   48.965000]  ___sys_sendmsg+0x805/0x940
[   48.968955]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   48.974471]  ? copy_msghdr_from_user+0x560/0x560
[   48.979222]  ? vm_insert_mixed_mkwrite+0x40/0x40
[   48.983961]  ? graph_lock+0x170/0x170
[   48.987736]  ? graph_lock+0x170/0x170
[   48.991512]  ? find_held_lock+0x36/0x1c0
[   48.995553]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   49.001069]  ? __fget_light+0x2ef/0x430
[   49.005021]  ? fget_raw+0x20/0x20
[   49.008465]  ? find_held_lock+0x36/0x1c0
[   49.012503]  ? lock_downgrade+0x8e0/0x8e0
[   49.016630]  ? handle_mm_fault+0x8c0/0xc70
[   49.020846]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   49.026361]  ? sockfd_lookup_light+0xc5/0x160
[   49.030836]  __sys_sendmsg+0x115/0x270
[   49.034701]  ? SyS_shutdown+0x30/0x30
[   49.038484]  ? __do_page_fault+0x441/0xe40
[   49.042701]  ? fd_install+0x4d/0x60
[   49.046309]  SyS_sendmsg+0x29/0x30
[   49.049831]  ? __sys_sendmsg+0x270/0x270
[   49.053889]  do_syscall_64+0x29e/0x9d0
[   49.057758]  ? vmalloc_sync_all+0x30/0x30
[   49.061886]  ? syscall_slow_exit_work+0x4f0/0x4f0
[   49.066709]  ? syscall_return_slowpath+0x5c0/0x5c0
[   49.071617]  ? syscall_return_slowpath+0x30f/0x5c0
[   49.076537]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   49.082060]  ? retint_user+0x18/0x18
[   49.085752]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   49.090573]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   49.095741] RIP: 0033:0x43fd19
[   49.098907] RSP: 002b:00007ffe7805a4b8 EFLAGS: 00000213 ORIG_RAX: 000000000000002e
[   49.106593] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd19
[   49.113842] RDX: 0000000000000000 RSI: 0000000020196fe4 RDI: 0000000000000003
[   49.121096] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   49.128341] R10: 00000000004002c8 R11: 0000000000000213 R12: 0000000000401640
[   49.135588] R13: 00000000004016d0 R14: 0000000000000000 R15: 0000000000000000
[   49.143251] Dumping ftrace buffer:
[   49.146776]    (ftrace buffer empty)
[   49.150469] Kernel Offset: disabled
[   49.154075] Rebooting in 86400 seconds..