INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   30.610411] ==================================================================
[   30.617857] BUG: KASAN: slab-out-of-bounds in pfkey_add+0x272d/0x3210
[   30.624414] Read of size 8192 at addr ffff8801b34925c0 by task syzkaller440049/4471
[   30.632181] 
[   30.633791] CPU: 0 PID: 4471 Comm: syzkaller440049 Not tainted 4.16.0+ #3
[   30.640694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.650026] Call Trace:
[   30.652599]  dump_stack+0x1b9/0x294
[   30.656246]  ? dump_stack_print_info.cold.2+0x52/0x52
[   30.661415]  ? printk+0x9e/0xba
[   30.664678]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   30.669417]  ? kasan_check_write+0x14/0x20
[   30.673639]  print_address_description+0x6c/0x20b
[   30.678466]  ? pfkey_add+0x272d/0x3210
[   30.682334]  kasan_report.cold.7+0x242/0x2fe
[   30.686727]  check_memory_region+0x13e/0x1b0
[   30.691118]  memcpy+0x23/0x50
[   30.694204]  pfkey_add+0x272d/0x3210
[   30.697902]  ? pfkey_acquire+0x270/0x270
[   30.701939]  ? iov_iter_advance+0x2e4/0x14c0
[   30.706330]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   30.711496]  ? pfkey_acquire+0x270/0x270
[   30.715536]  pfkey_process+0x7cc/0x8a0
[   30.719403]  ? pfkey_send_new_mapping+0x1260/0x1260
[   30.724410]  pfkey_sendmsg+0x5f4/0x1050
[   30.728371]  ? _copy_from_user+0xdf/0x150
[   30.732498]  ? pfkey_spdget+0xb10/0xb10
[   30.736456]  ? security_socket_sendmsg+0x94/0xc0
[   30.741191]  ? pfkey_spdget+0xb10/0xb10
[   30.745144]  sock_sendmsg+0xd5/0x120
[   30.748839]  ___sys_sendmsg+0x805/0x940
[   30.752794]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   30.758311]  ? copy_msghdr_from_user+0x560/0x560
[   30.763053]  ? vm_insert_mixed_mkwrite+0x40/0x40
[   30.767788]  ? graph_lock+0x170/0x170
[   30.771565]  ? graph_lock+0x170/0x170
[   30.775341]  ? find_held_lock+0x36/0x1c0
[   30.779385]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   30.784907]  ? __fget_light+0x2ef/0x430
[   30.788863]  ? fget_raw+0x20/0x20
[   30.792311]  ? find_held_lock+0x36/0x1c0
[   30.796356]  ? lock_downgrade+0x8e0/0x8e0
[   30.800485]  ? handle_mm_fault+0x8c0/0xc70
[   30.804707]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   30.810225]  ? sockfd_lookup_light+0xc5/0x160
[   30.814697]  __sys_sendmsg+0x115/0x270
[   30.818564]  ? SyS_shutdown+0x30/0x30
[   30.822351]  ? __do_page_fault+0x441/0xe40
[   30.826572]  ? fd_install+0x4d/0x60
[   30.830186]  SyS_sendmsg+0x29/0x30
[   30.833705]  ? __sys_sendmsg+0x270/0x270
[   30.837745]  do_syscall_64+0x29e/0x9d0
[   30.841610]  ? vmalloc_sync_all+0x30/0x30
[   30.845737]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.850472]  ? syscall_return_slowpath+0x5c0/0x5c0
[   30.855378]  ? syscall_return_slowpath+0x30f/0x5c0
[   30.860286]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   30.865801]  ? retint_user+0x18/0x18
[   30.869494]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.874318]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   30.879485] RIP: 0033:0x43fd19
[   30.882652] RSP: 002b:00007ffeef8e7678 EFLAGS: 00000213 ORIG_RAX: 000000000000002e
[   30.890339] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd19
[   30.897585] RDX: 0000000000000000 RSI: 0000000020196fe4 RDI: 0000000000000003
[   30.904833] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   30.912090] R10: 00000000004002c8 R11: 0000000000000213 R12: 0000000000401640
[   30.919336] R13: 00000000004016d0 R14: 0000000000000000 R15: 0000000000000000
[   30.926586] 
[   30.928190] Allocated by task 4471:
[   30.931801]  save_stack+0x43/0xd0
[   30.935229]  kasan_kmalloc+0xc4/0xe0
[   30.938921]  __kmalloc_node_track_caller+0x47/0x70
[   30.943827]  __kmalloc_reserve.isra.38+0x3a/0xe0
[   30.948557]  __alloc_skb+0x14d/0x780
[   30.952252]  pfkey_sendmsg+0x250/0x1050
[   30.956203]  sock_sendmsg+0xd5/0x120
[   30.959895]  ___sys_sendmsg+0x805/0x940
[   30.963850]  __sys_sendmsg+0x115/0x270
[   30.967721]  SyS_sendmsg+0x29/0x30
[   30.971243]  do_syscall_64+0x29e/0x9d0
[   30.975110]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   30.980271] 
[   30.981873] Freed by task 0:
[   30.984866] (stack is not available)
[   30.988550] 
[   30.990156] The buggy address belongs to the object at ffff8801b3492580
[   30.990156]  which belongs to the cache kmalloc-512 of size 512
[   31.002792] The buggy address is located 64 bytes inside of
[   31.002792]  512-byte region [ffff8801b3492580, ffff8801b3492780)
[   31.014553] The buggy address belongs to the page:
[   31.019459] page:ffffea0006cd2480 count:1 mapcount:0 mapping:ffff8801b3492080 index:0x0
[   31.027591] flags: 0x2fffc0000000100(slab)
[   31.031806] raw: 02fffc0000000100 ffff8801b3492080 0000000000000000 0000000100000006
[   31.039664] raw: ffffea00073d9be0 ffff8801dac01748 ffff8801dac00940 0000000000000000
[   31.047516] page dumped because: kasan: bad access detected
[   31.053198] 
[   31.054802] Memory state around the buggy address:
[   31.059707]  ffff8801b3492680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.067047]  ffff8801b3492700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.074384] >ffff8801b3492780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.081716]                    ^
[   31.085057]  ffff8801b3492800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   31.092390]  ffff8801b3492880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   31.099724] ==================================================================
[   31.107065] Disabling lock debugging due to kernel taint
[   31.112587] Kernel panic - not syncing: panic_on_warn set ...
[   31.112587] 
[   31.119949] CPU: 0 PID: 4471 Comm: syzkaller440049 Tainted: G    B             4.16.0+ #3
[   31.128237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.137562] Call Trace:
[   31.140128]  dump_stack+0x1b9/0x294
[   31.143733]  ? dump_stack_print_info.cold.2+0x52/0x52
[   31.148901]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.153637]  ? pfkey_add+0x2640/0x3210
[   31.157517]  panic+0x22f/0x4de
[   31.160690]  ? add_taint.cold.5+0x16/0x16
[   31.164817]  ? do_raw_spin_unlock+0x9e/0x2e0
[   31.169214]  ? do_raw_spin_unlock+0x9e/0x2e0
[   31.173599]  ? pfkey_add+0x272d/0x3210
[   31.177462]  kasan_end_report+0x47/0x4f
[   31.181412]  kasan_report.cold.7+0x76/0x2fe
[   31.185726]  check_memory_region+0x13e/0x1b0
[   31.190110]  memcpy+0x23/0x50
[   31.193192]  pfkey_add+0x272d/0x3210
[   31.196884]  ? pfkey_acquire+0x270/0x270
[   31.200922]  ? iov_iter_advance+0x2e4/0x14c0
[   31.205313]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   31.210482]  ? pfkey_acquire+0x270/0x270
[   31.214525]  pfkey_process+0x7cc/0x8a0
[   31.218390]  ? pfkey_send_new_mapping+0x1260/0x1260
[   31.223390]  pfkey_sendmsg+0x5f4/0x1050
[   31.227343]  ? _copy_from_user+0xdf/0x150
[   31.231476]  ? pfkey_spdget+0xb10/0xb10
[   31.235432]  ? security_socket_sendmsg+0x94/0xc0
[   31.240170]  ? pfkey_spdget+0xb10/0xb10
[   31.244136]  sock_sendmsg+0xd5/0x120
[   31.247827]  ___sys_sendmsg+0x805/0x940
[   31.251786]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.257321]  ? copy_msghdr_from_user+0x560/0x560
[   31.262056]  ? vm_insert_mixed_mkwrite+0x40/0x40
[   31.266798]  ? graph_lock+0x170/0x170
[   31.270572]  ? graph_lock+0x170/0x170
[   31.274349]  ? find_held_lock+0x36/0x1c0
[   31.278387]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.283912]  ? __fget_light+0x2ef/0x430
[   31.287907]  ? fget_raw+0x20/0x20
[   31.291334]  ? find_held_lock+0x36/0x1c0
[   31.295372]  ? lock_downgrade+0x8e0/0x8e0
[   31.299497]  ? handle_mm_fault+0x8c0/0xc70
[   31.303714]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   31.309229]  ? sockfd_lookup_light+0xc5/0x160
[   31.313701]  __sys_sendmsg+0x115/0x270
[   31.317566]  ? SyS_shutdown+0x30/0x30
[   31.321344]  ? __do_page_fault+0x441/0xe40
[   31.325554]  ? fd_install+0x4d/0x60
[   31.329163]  SyS_sendmsg+0x29/0x30
[   31.332677]  ? __sys_sendmsg+0x270/0x270
[   31.336714]  do_syscall_64+0x29e/0x9d0
[   31.340579]  ? vmalloc_sync_all+0x30/0x30
[   31.344710]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.349444]  ? syscall_return_slowpath+0x5c0/0x5c0
[   31.354350]  ? syscall_return_slowpath+0x30f/0x5c0
[   31.359258]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   31.364780]  ? retint_user+0x18/0x18
[   31.368477]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   31.373298]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   31.378462] RIP: 0033:0x43fd19
[   31.381628] RSP: 002b:00007ffeef8e7678 EFLAGS: 00000213 ORIG_RAX: 000000000000002e
[   31.389312] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd19
[   31.396558] RDX: 0000000000000000 RSI: 0000000020196fe4 RDI: 0000000000000003
[   31.403804] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   31.411052] R10: 00000000004002c8 R11: 0000000000000213 R12: 0000000000401640
[   31.418298] R13: 00000000004016d0 R14: 0000000000000000 R15: 0000000000000000
[   31.426030] Dumping ftrace buffer:
[   31.429547]    (ftrace buffer empty)
[   31.433232] Kernel Offset: disabled
[   31.436844] Rebooting in 86400 seconds..