INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.60' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   31.449292] ==================================================================
[   31.456702] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x30de/0x3210
[   31.463859] Read of size 4 at addr ffff8801ae7ff480 by task syzkaller122003/4444
[   31.471358] 
[   31.472961] CPU: 1 PID: 4444 Comm: syzkaller122003 Not tainted 4.16.0-rc6+ #290
[   31.480374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.489697] Call Trace:
[   31.492263]  dump_stack+0x194/0x24d
[   31.495863]  ? arch_local_irq_restore+0x53/0x53
[   31.500503]  ? show_regs_print_info+0x18/0x18
[   31.504968]  ? lock_release+0xa40/0xa40
[   31.508912]  ? xfrm_state_find+0x30de/0x3210
[   31.513294]  print_address_description+0x73/0x250
[   31.518108]  ? xfrm_state_find+0x30de/0x3210
[   31.522485]  kasan_report+0x23c/0x360
[   31.526269]  __asan_report_load4_noabort+0x14/0x20
[   31.531169]  xfrm_state_find+0x30de/0x3210
[   31.535375]  ? kernel_poison_pages+0xce/0x1f0
[   31.539840]  ? kasan_unpoison_shadow+0x35/0x50
[   31.544397]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   31.549478]  ? print_irqtrace_events+0x270/0x270
[   31.554207]  ? print_irqtrace_events+0x270/0x270
[   31.558956]  ? __isolate_free_page+0x8a0/0x8a0
[   31.563511]  ? __update_load_avg_se.isra.31+0x56a/0x7c0
[   31.568846]  ? mark_held_locks+0xaf/0x100
[   31.572965]  ? get_page_from_freelist+0xa80/0x52d0
[   31.577877]  ? kernel_poison_pages+0xce/0x1f0
[   31.582344]  ? kasan_unpoison_shadow+0x35/0x50
[   31.586896]  ? print_irqtrace_events+0x270/0x270
[   31.591622]  ? get_page_from_freelist+0x2d7f/0x52d0
[   31.596609]  ? get_page_from_freelist+0x2deb/0x52d0
[   31.601600]  ? print_irqtrace_events+0x270/0x270
[   31.606324]  ? __lock_acquire+0x664/0x3e00
[   31.610528]  ? print_irqtrace_events+0x270/0x270
[   31.615261]  xfrm_tmpl_resolve+0x2ee/0xc40
[   31.619474]  ? __xfrm_decode_session+0x110/0x110
[   31.624199]  ? __lock_is_held+0xb6/0x140
[   31.628235]  ? rcu_read_lock_sched_held+0x108/0x120
[   31.633224]  ? fib_table_lookup+0xa04/0x1ba0
[   31.637604]  xfrm_resolve_and_create_bundle+0x184/0x28d0
[   31.643025]  ? call_fib_entry_notifiers+0x4f0/0x4f0
[   31.648011]  ? trace_hardirqs_off+0x10/0x10
[   31.652304]  ? xfrm_tmpl_resolve+0xc40/0xc40
[   31.656682]  ? __lock_is_held+0xb6/0x140
[   31.660713]  ? find_held_lock+0x35/0x1d0
[   31.664747]  ? xfrm_sk_policy_lookup+0x34c/0x4e0
[   31.669474]  ? lock_downgrade+0x980/0x980
[   31.673594]  ? lock_release+0xa40/0xa40
[   31.677539]  ? refcount_inc_not_zero+0xfe/0x180
[   31.682182]  ? security_xfrm_policy_lookup+0x92/0xc0
[   31.687254]  ? xfrm_sk_policy_lookup+0x375/0x4e0
[   31.691980]  ? xfrm_selector_match+0xe00/0xe00
[   31.696535]  xfrm_lookup+0xfcb/0x25c0
[   31.700301]  ? xfrm_lookup+0xfcb/0x25c0
[   31.704244]  ? print_lockdep_cache.isra.32+0x109/0x109
[   31.709488]  ? trace_hardirqs_off+0x10/0x10
[   31.713780]  ? xfrm_policy_lookup+0x70/0x70
[   31.718075]  ? find_held_lock+0x35/0x1d0
[   31.722109]  ? ip_route_output_key_hash+0x229/0x370
[   31.727093]  ? lock_downgrade+0x980/0x980
[   31.731208]  ? is_bpf_text_address+0x7b/0x120
[   31.735671]  ? lock_release+0xa40/0xa40
[   31.739614]  ? find_held_lock+0x35/0x1d0
[   31.743648]  ? ip_route_output_key_hash+0x252/0x370
[   31.748631]  ? ip_route_output_key_hash_rcu+0x2fe0/0x2fe0
[   31.754135]  ? lock_release+0xa40/0xa40
[   31.758082]  xfrm_lookup_route+0x39/0x1a0
[   31.762200]  ip_route_output_flow+0x7c/0xa0
[   31.766492]  udp_sendmsg+0x19bd/0x2f70
[   31.770349]  ? ip_reply_glue_bits+0xb0/0xb0
[   31.774639]  ? kasan_slab_alloc+0x10/0x20
[   31.778758]  ? udp4_lib_lookup2+0x310/0x310
[   31.783051]  ? debug_check_no_obj_freed+0x3da/0xf1f
[   31.788038]  ? xfrm_sk_policy_insert+0x358/0x580
[   31.792764]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.797762]  ? free_obj_work+0x690/0x690
[   31.801793]  ? trace_hardirqs_off+0x10/0x10
[   31.806088]  ? tcf_bpf_init+0x139e/0x13c0
[   31.810205]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   31.815364]  ? reacquire_held_locks+0x1f9/0x3e0
[   31.820000]  ? reacquire_held_locks+0x1f9/0x3e0
[   31.824638]  ? find_held_lock+0x35/0x1d0
[   31.828683]  udpv6_sendmsg+0x757/0x3400
[   31.832625]  ? lock_downgrade+0x980/0x980
[   31.836743]  ? lock_downgrade+0x980/0x980
[   31.840873]  ? km_migrate+0x340/0x340
[   31.844645]  ? udpv6_setsockopt+0x80/0x80
[   31.848763]  ? release_sock+0x1d4/0x2a0
[   31.852706]  ? trace_hardirqs_on+0xd/0x10
[   31.856823]  ? __local_bh_enable_ip+0x121/0x230
[   31.861471]  ? trace_hardirqs_off+0x10/0x10
[   31.865763]  ? _raw_spin_unlock_bh+0x30/0x40
[   31.870152]  ? release_sock+0x1d4/0x2a0
[   31.874189]  ? __release_sock+0x360/0x360
[   31.878307]  ? ns_capable_common+0xcf/0x160
[   31.882598]  ? find_held_lock+0x35/0x1d0
[   31.886631]  ? __might_fault+0x110/0x1d0
[   31.890661]  ? lock_downgrade+0x980/0x980
[   31.895127]  ? rw_copy_check_uvector+0x1be/0x280
[   31.899850]  ? lock_downgrade+0x980/0x980
[   31.903968]  ? import_iovec+0x238/0x430
[   31.907911]  ? dup_iter+0x260/0x260
[   31.911508]  inet_sendmsg+0x11f/0x5e0
[   31.915278]  ? inet_sendmsg+0x11f/0x5e0
[   31.919221]  ? copy_msghdr_from_user+0x3a6/0x590
[   31.923946]  ? inet_create+0xf50/0xf50
[   31.927800]  ? SYSC_sendto+0x5c0/0x5c0
[   31.931658]  ? security_socket_sendmsg+0x89/0xb0
[   31.936380]  ? inet_create+0xf50/0xf50
[   31.940235]  sock_sendmsg+0xca/0x110
[   31.943920]  ___sys_sendmsg+0x767/0x8b0
[   31.947865]  ? copy_msghdr_from_user+0x590/0x590
[   31.952590]  ? lock_release+0xa40/0xa40
[   31.956533]  ? __local_bh_enable_ip+0x121/0x230
[   31.961169]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   31.966156]  ? release_sock+0x1d4/0x2a0
[   31.970103]  ? trace_hardirqs_on+0xd/0x10
[   31.974221]  ? __local_bh_enable_ip+0x121/0x230
[   31.978858]  ? __fget_light+0x2b2/0x3c0
[   31.982800]  ? fget_raw+0x20/0x20
[   31.986221]  ? release_sock+0x1d4/0x2a0
[   31.990164]  ? ip6_datagram_release_cb+0x520/0x520
[   31.995074]  ? __release_sock+0x360/0x360
[   31.999189]  ? lock_sock_nested+0x91/0x110
[   32.003391]  ? trace_hardirqs_on+0xd/0x10
[   32.007507]  ? __local_bh_enable_ip+0x121/0x230
[   32.012145]  ? __fget_light+0x2b2/0x3c0
[   32.016093]  ? ip6_datagram_connect+0x3a/0x50
[   32.020561]  __sys_sendmsg+0xe5/0x210
[   32.024331]  ? __sys_sendmsg+0xe5/0x210
[   32.028274]  ? SyS_shutdown+0x290/0x290
[   32.032218]  ? sock_common_setsockopt+0x95/0xd0
[   32.036859]  ? SyS_setsockopt+0x215/0x360
[   32.040988]  ? move_addr_to_kernel+0x60/0x60
[   32.045367]  SyS_sendmsg+0x2d/0x50
[   32.048881]  ? __sys_sendmsg+0x210/0x210
[   32.052910]  do_syscall_64+0x281/0x940
[   32.056767]  ? vmalloc_sync_all+0x30/0x30
[   32.060887]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   32.066395]  ? syscall_return_slowpath+0x550/0x550
[   32.071296]  ? syscall_return_slowpath+0x2ac/0x550
[   32.076200]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   32.081532]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   32.086344]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   32.091500] RIP: 0033:0x440139
[   32.094657] RSP: 002b:00007ffd33a65558 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
[   32.102336] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440139
[   32.109575] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000003
[   32.116814] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   32.124055] R10: 00000000000000e8 R11: 0000000000000217 R12: 0000000000401a60
[   32.131296] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000
[   32.138547] 
[   32.140145] The buggy address belongs to the page:
[   32.145045] page:ffffea0006b9ffc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   32.153156] flags: 0x2fffc0000000000()
[   32.157012] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   32.164861] raw: 0000000000000000 ffffea0006b90101 0000000000000000 0000000000000000
[   32.172709] page dumped because: kasan: bad access detected
[   32.178385] 
[   32.179980] Memory state around the buggy address:
[   32.184874]  ffff8801ae7ff380: f2 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2
[   32.192198]  ffff8801ae7ff400: f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00
[   32.199523] >ffff8801ae7ff480: f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2
[   32.207081]                    ^
[   32.210415]  ffff8801ae7ff500: f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.217741]  ffff8801ae7ff580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[   32.225066] ==================================================================
[   32.232391] Disabling lock debugging due to kernel taint
[   32.237843] Kernel panic - not syncing: panic_on_warn set ...
[   32.237843] 
[   32.245177] CPU: 1 PID: 4444 Comm: syzkaller122003 Tainted: G    B            4.16.0-rc6+ #290
[   32.253893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.263217] Call Trace:
[   32.265777]  dump_stack+0x194/0x24d
[   32.269374]  ? arch_local_irq_restore+0x53/0x53
[   32.274011]  ? kasan_end_report+0x32/0x50
[   32.278128]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   32.282848]  ? vsnprintf+0x1ed/0x1900
[   32.286618]  ? xfrm_state_find+0x3000/0x3210
[   32.291001]  panic+0x1e4/0x41c
[   32.294165]  ? refcount_error_report+0x214/0x214
[   32.298888]  ? add_taint+0x1c/0x50
[   32.302402]  ? add_taint+0x1c/0x50
[   32.305909]  ? xfrm_state_find+0x30de/0x3210
[   32.310284]  kasan_end_report+0x50/0x50
[   32.314228]  kasan_report+0x149/0x360
[   32.318000]  __asan_report_load4_noabort+0x14/0x20
[   32.322896]  xfrm_state_find+0x30de/0x3210
[   32.327099]  ? kernel_poison_pages+0xce/0x1f0
[   32.331561]  ? kasan_unpoison_shadow+0x35/0x50
[   32.336114]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   32.341184]  ? print_irqtrace_events+0x270/0x270
[   32.345905]  ? print_irqtrace_events+0x270/0x270
[   32.350629]  ? __isolate_free_page+0x8a0/0x8a0
[   32.355177]  ? __update_load_avg_se.isra.31+0x56a/0x7c0
[   32.360507]  ? mark_held_locks+0xaf/0x100
[   32.364622]  ? get_page_from_freelist+0xa80/0x52d0
[   32.369518]  ? kernel_poison_pages+0xce/0x1f0
[   32.373983]  ? kasan_unpoison_shadow+0x35/0x50
[   32.378533]  ? print_irqtrace_events+0x270/0x270
[   32.383253]  ? get_page_from_freelist+0x2d7f/0x52d0
[   32.388237]  ? get_page_from_freelist+0x2deb/0x52d0
[   32.393226]  ? print_irqtrace_events+0x270/0x270
[   32.397947]  ? __lock_acquire+0x664/0x3e00
[   32.402148]  ? print_irqtrace_events+0x270/0x270
[   32.406871]  xfrm_tmpl_resolve+0x2ee/0xc40
[   32.411077]  ? __xfrm_decode_session+0x110/0x110
[   32.415805]  ? __lock_is_held+0xb6/0x140
[   32.419850]  ? rcu_read_lock_sched_held+0x108/0x120
[   32.424844]  ? fib_table_lookup+0xa04/0x1ba0
[   32.429226]  xfrm_resolve_and_create_bundle+0x184/0x28d0
[   32.434644]  ? call_fib_entry_notifiers+0x4f0/0x4f0
[   32.439630]  ? trace_hardirqs_off+0x10/0x10
[   32.443920]  ? xfrm_tmpl_resolve+0xc40/0xc40
[   32.448295]  ? __lock_is_held+0xb6/0x140
[   32.452323]  ? find_held_lock+0x35/0x1d0
[   32.456349]  ? xfrm_sk_policy_lookup+0x34c/0x4e0
[   32.461072]  ? lock_downgrade+0x980/0x980
[   32.465188]  ? lock_release+0xa40/0xa40
[   32.469132]  ? refcount_inc_not_zero+0xfe/0x180
[   32.473769]  ? security_xfrm_policy_lookup+0x92/0xc0
[   32.478839]  ? xfrm_sk_policy_lookup+0x375/0x4e0
[   32.483561]  ? xfrm_selector_match+0xe00/0xe00
[   32.488111]  xfrm_lookup+0xfcb/0x25c0
[   32.491878]  ? xfrm_lookup+0xfcb/0x25c0
[   32.495819]  ? print_lockdep_cache.isra.32+0x109/0x109
[   32.501061]  ? trace_hardirqs_off+0x10/0x10
[   32.505350]  ? xfrm_policy_lookup+0x70/0x70
[   32.509638]  ? find_held_lock+0x35/0x1d0
[   32.513676]  ? ip_route_output_key_hash+0x229/0x370
[   32.518661]  ? lock_downgrade+0x980/0x980
[   32.522776]  ? is_bpf_text_address+0x7b/0x120
[   32.527237]  ? lock_release+0xa40/0xa40
[   32.531175]  ? find_held_lock+0x35/0x1d0
[   32.535203]  ? ip_route_output_key_hash+0x252/0x370
[   32.540195]  ? ip_route_output_key_hash_rcu+0x2fe0/0x2fe0
[   32.545701]  ? lock_release+0xa40/0xa40
[   32.549645]  xfrm_lookup_route+0x39/0x1a0
[   32.553757]  ip_route_output_flow+0x7c/0xa0
[   32.558047]  udp_sendmsg+0x19bd/0x2f70
[   32.561902]  ? ip_reply_glue_bits+0xb0/0xb0
[   32.566191]  ? kasan_slab_alloc+0x10/0x20
[   32.570311]  ? udp4_lib_lookup2+0x310/0x310
[   32.574601]  ? debug_check_no_obj_freed+0x3da/0xf1f
[   32.579582]  ? xfrm_sk_policy_insert+0x358/0x580
[   32.584304]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   32.589287]  ? free_obj_work+0x690/0x690
[   32.593314]  ? trace_hardirqs_off+0x10/0x10
[   32.597604]  ? tcf_bpf_init+0x139e/0x13c0
[   32.601717]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   32.606873]  ? reacquire_held_locks+0x1f9/0x3e0
[   32.611507]  ? reacquire_held_locks+0x1f9/0x3e0
[   32.616143]  ? find_held_lock+0x35/0x1d0
[   32.620173]  udpv6_sendmsg+0x757/0x3400
[   32.624113]  ? lock_downgrade+0x980/0x980
[   32.628229]  ? lock_downgrade+0x980/0x980
[   32.632343]  ? km_migrate+0x340/0x340
[   32.636114]  ? udpv6_setsockopt+0x80/0x80
[   32.640229]  ? release_sock+0x1d4/0x2a0
[   32.644169]  ? trace_hardirqs_on+0xd/0x10
[   32.648287]  ? __local_bh_enable_ip+0x121/0x230
[   32.652920]  ? trace_hardirqs_off+0x10/0x10
[   32.657212]  ? _raw_spin_unlock_bh+0x30/0x40
[   32.661586]  ? release_sock+0x1d4/0x2a0
[   32.665525]  ? __release_sock+0x360/0x360
[   32.669642]  ? ns_capable_common+0xcf/0x160
[   32.673933]  ? find_held_lock+0x35/0x1d0
[   32.677962]  ? __might_fault+0x110/0x1d0
[   32.681994]  ? lock_downgrade+0x980/0x980
[   32.686108]  ? rw_copy_check_uvector+0x1be/0x280
[   32.690828]  ? lock_downgrade+0x980/0x980
[   32.694945]  ? import_iovec+0x238/0x430
[   32.698886]  ? dup_iter+0x260/0x260
[   32.702479]  inet_sendmsg+0x11f/0x5e0
[   32.706246]  ? inet_sendmsg+0x11f/0x5e0
[   32.710188]  ? copy_msghdr_from_user+0x3a6/0x590
[   32.714916]  ? inet_create+0xf50/0xf50
[   32.718769]  ? SYSC_sendto+0x5c0/0x5c0
[   32.722625]  ? security_socket_sendmsg+0x89/0xb0
[   32.727346]  ? inet_create+0xf50/0xf50
[   32.731203]  sock_sendmsg+0xca/0x110
[   32.734887]  ___sys_sendmsg+0x767/0x8b0
[   32.738829]  ? copy_msghdr_from_user+0x590/0x590
[   32.743555]  ? lock_release+0xa40/0xa40
[   32.747498]  ? __local_bh_enable_ip+0x121/0x230
[   32.752133]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   32.757117]  ? release_sock+0x1d4/0x2a0
[   32.761057]  ? trace_hardirqs_on+0xd/0x10
[   32.765172]  ? __local_bh_enable_ip+0x121/0x230
[   32.769814]  ? __fget_light+0x2b2/0x3c0
[   32.773757]  ? fget_raw+0x20/0x20
[   32.777177]  ? release_sock+0x1d4/0x2a0
[   32.781120]  ? ip6_datagram_release_cb+0x520/0x520
[   32.786015]  ? __release_sock+0x360/0x360
[   32.790130]  ? lock_sock_nested+0x91/0x110
[   32.794333]  ? trace_hardirqs_on+0xd/0x10
[   32.798447]  ? __local_bh_enable_ip+0x121/0x230
[   32.803083]  ? __fget_light+0x2b2/0x3c0
[   32.807028]  ? ip6_datagram_connect+0x3a/0x50
[   32.811491]  __sys_sendmsg+0xe5/0x210
[   32.815263]  ? __sys_sendmsg+0xe5/0x210
[   32.819203]  ? SyS_shutdown+0x290/0x290
[   32.823146]  ? sock_common_setsockopt+0x95/0xd0
[   32.827781]  ? SyS_setsockopt+0x215/0x360
[   32.831900]  ? move_addr_to_kernel+0x60/0x60
[   32.836277]  SyS_sendmsg+0x2d/0x50
[   32.839784]  ? __sys_sendmsg+0x210/0x210
[   32.843812]  do_syscall_64+0x281/0x940
[   32.847667]  ? vmalloc_sync_all+0x30/0x30
[   32.851781]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   32.857287]  ? syscall_return_slowpath+0x550/0x550
[   32.862187]  ? syscall_return_slowpath+0x2ac/0x550
[   32.867087]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   32.872416]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   32.877225]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   32.882382] RIP: 0033:0x440139
[   32.885541] RSP: 002b:00007ffd33a65558 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
[   32.893214] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440139
[   32.900451] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000003
[   32.907687] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   32.914925] R10: 00000000000000e8 R11: 0000000000000217 R12: 0000000000401a60
[   32.922183] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000
[   32.929763] Dumping ftrace buffer:
[   32.933271]    (ftrace buffer empty)
[   32.936953] Kernel Offset: disabled
[   32.940548] Rebooting in 86400 seconds..