INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.2' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   23.781636] ==================================================================
[   23.789074] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x30de/0x3210
[   23.796240] Read of size 4 at addr ffff8801ace0f480 by task syzkaller020676/4430
[   23.803743] 
[   23.805349] CPU: 0 PID: 4430 Comm: syzkaller020676 Not tainted 4.16.0-rc7+ #374
[   23.812765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.822093] Call Trace:
[   23.824657]  dump_stack+0x194/0x24d
[   23.828262]  ? arch_local_irq_restore+0x53/0x53
[   23.832904]  ? show_regs_print_info+0x18/0x18
[   23.837387]  ? lock_release+0xa40/0xa40
[   23.841337]  ? xfrm_state_find+0x30de/0x3210
[   23.845721]  print_address_description+0x73/0x250
[   23.850541]  ? xfrm_state_find+0x30de/0x3210
[   23.854920]  kasan_report+0x23c/0x360
[   23.858695]  __asan_report_load4_noabort+0x14/0x20
[   23.863596]  xfrm_state_find+0x30de/0x3210
[   23.867811]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   23.872890]  ? print_irqtrace_events+0x270/0x270
[   23.877625]  ? print_irqtrace_events+0x270/0x270
[   23.882355]  ? get_page_from_freelist+0x3423/0x52d0
[   23.887342]  ? lock_downgrade+0x980/0x980
[   23.891461]  ? set_pageblock_migratetype+0x40/0x40
[   23.896363]  ? __update_load_avg_se.isra.31+0x56a/0x7c0
[   23.901701]  ? mark_held_locks+0xaf/0x100
[   23.905829]  ? get_page_from_freelist+0xa80/0x52d0
[   23.910734]  ? kernel_poison_pages+0xce/0x1f0
[   23.915203]  ? kasan_unpoison_shadow+0x35/0x50
[   23.919758]  ? print_irqtrace_events+0x270/0x270
[   23.924487]  ? get_page_from_freelist+0x2d7f/0x52d0
[   23.929475]  ? get_page_from_freelist+0x2deb/0x52d0
[   23.934473]  ? print_irqtrace_events+0x270/0x270
[   23.939202]  ? __lock_acquire+0x664/0x3e00
[   23.943410]  ? print_irqtrace_events+0x270/0x270
[   23.948146]  xfrm_tmpl_resolve+0x2ee/0xc40
[   23.952358]  ? __xfrm_decode_session+0x110/0x110
[   23.957084]  ? __lock_is_held+0xb6/0x140
[   23.961124]  ? rcu_read_lock_sched_held+0x108/0x120
[   23.966109]  ? fib_table_lookup+0xa04/0x1ba0
[   23.970495]  xfrm_resolve_and_create_bundle+0x184/0x28d0
[   23.975918]  ? call_fib_entry_notifiers+0x4f0/0x4f0
[   23.980904]  ? trace_hardirqs_off+0x10/0x10
[   23.985205]  ? xfrm_tmpl_resolve+0xc40/0xc40
[   23.989592]  ? __lock_is_held+0xb6/0x140
[   23.993625]  ? find_held_lock+0x35/0x1d0
[   23.997659]  ? xfrm_sk_policy_lookup+0x34c/0x4e0
[   24.002388]  ? lock_downgrade+0x980/0x980
[   24.006507]  ? lock_release+0xa40/0xa40
[   24.010454]  ? refcount_inc_not_zero+0xfe/0x180
[   24.015097]  ? security_xfrm_policy_lookup+0x92/0xc0
[   24.020175]  ? xfrm_sk_policy_lookup+0x375/0x4e0
[   24.024903]  ? xfrm_selector_match+0xe00/0xe00
[   24.029459]  xfrm_lookup+0xfcb/0x25c0
[   24.033230]  ? xfrm_lookup+0xfcb/0x25c0
[   24.037178]  ? print_lockdep_cache.isra.32+0x109/0x109
[   24.042438]  ? trace_hardirqs_off+0x10/0x10
[   24.046731]  ? xfrm_policy_lookup+0x70/0x70
[   24.051035]  ? find_held_lock+0x35/0x1d0
[   24.055074]  ? ip_route_output_key_hash+0x229/0x370
[   24.060062]  ? lock_downgrade+0x980/0x980
[   24.064184]  ? is_bpf_text_address+0x7b/0x120
[   24.068651]  ? lock_release+0xa40/0xa40
[   24.072600]  ? find_held_lock+0x35/0x1d0
[   24.076638]  ? ip_route_output_key_hash+0x252/0x370
[   24.081624]  ? ip_route_output_key_hash_rcu+0x2f00/0x2f00
[   24.087133]  ? lock_release+0xa40/0xa40
[   24.091081]  xfrm_lookup_route+0x39/0x1a0
[   24.095203]  ip_route_output_flow+0x7c/0xa0
[   24.099499]  udp_sendmsg+0x19bd/0x2f70
[   24.103359]  ? ip_reply_glue_bits+0xb0/0xb0
[   24.107652]  ? kasan_poison_object_data+0x10/0x40
[   24.112468]  ? udp4_lib_lookup2+0x310/0x310
[   24.116765]  ? debug_check_no_obj_freed+0x3da/0xf1f
[   24.121755]  ? xfrm_sk_policy_insert+0x358/0x580
[   24.126483]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   24.131474]  ? free_obj_work+0x690/0x690
[   24.135518]  ? trace_hardirqs_off+0x10/0x10
[   24.139812]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   24.144973]  ? reacquire_held_locks+0x1f9/0x3e0
[   24.149614]  ? reacquire_held_locks+0x1f9/0x3e0
[   24.154254]  ? find_held_lock+0x35/0x1d0
[   24.158291]  udpv6_sendmsg+0x757/0x3400
[   24.162240]  ? lock_downgrade+0x980/0x980
[   24.166360]  ? lock_downgrade+0x980/0x980
[   24.170482]  ? km_migrate+0x340/0x340
[   24.174256]  ? udpv6_setsockopt+0x80/0x80
[   24.178378]  ? release_sock+0x1d4/0x2a0
[   24.182325]  ? trace_hardirqs_on+0xd/0x10
[   24.186442]  ? __local_bh_enable_ip+0x121/0x230
[   24.191086]  ? trace_hardirqs_off+0x10/0x10
[   24.195386]  ? _raw_spin_unlock_bh+0x30/0x40
[   24.199775]  ? release_sock+0x1d4/0x2a0
[   24.203721]  ? __release_sock+0x360/0x360
[   24.207840]  ? ns_capable_common+0xcf/0x160
[   24.212134]  ? find_held_lock+0x35/0x1d0
[   24.216181]  ? __might_fault+0x110/0x1d0
[   24.220216]  ? lock_downgrade+0x980/0x980
[   24.224339]  ? rw_copy_check_uvector+0x1be/0x280
[   24.229066]  ? lock_downgrade+0x980/0x980
[   24.233186]  ? import_iovec+0x238/0x430
[   24.237136]  ? dup_iter+0x260/0x260
[   24.240737]  inet_sendmsg+0x11f/0x5e0
[   24.244512]  ? inet_sendmsg+0x11f/0x5e0
[   24.248459]  ? copy_msghdr_from_user+0x3a6/0x590
[   24.253185]  ? inet_create+0xf50/0xf50
[   24.257047]  ? SYSC_sendto+0x5c0/0x5c0
[   24.260912]  ? security_socket_sendmsg+0x89/0xb0
[   24.265638]  ? inet_create+0xf50/0xf50
[   24.269499]  sock_sendmsg+0xca/0x110
[   24.273184]  ___sys_sendmsg+0x767/0x8b0
[   24.277131]  ? copy_msghdr_from_user+0x590/0x590
[   24.281858]  ? lock_release+0xa40/0xa40
[   24.285804]  ? __local_bh_enable_ip+0x121/0x230
[   24.290445]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   24.295441]  ? release_sock+0x1d4/0x2a0
[   24.299387]  ? trace_hardirqs_on+0xd/0x10
[   24.303508]  ? __local_bh_enable_ip+0x121/0x230
[   24.308148]  ? __fget_light+0x2b2/0x3c0
[   24.312093]  ? fget_raw+0x20/0x20
[   24.315517]  ? release_sock+0x1d4/0x2a0
[   24.319465]  ? ip6_datagram_release_cb+0x520/0x520
[   24.324364]  ? __release_sock+0x360/0x360
[   24.328482]  ? lock_sock_nested+0x91/0x110
[   24.332699]  ? trace_hardirqs_on+0xd/0x10
[   24.336818]  ? __local_bh_enable_ip+0x121/0x230
[   24.341460]  ? __fget_light+0x2b2/0x3c0
[   24.345408]  ? ip6_datagram_connect+0x3a/0x50
[   24.349876]  __sys_sendmsg+0xe5/0x210
[   24.353648]  ? __sys_sendmsg+0xe5/0x210
[   24.357595]  ? SyS_shutdown+0x290/0x290
[   24.361542]  ? sock_common_setsockopt+0x95/0xd0
[   24.366192]  ? SyS_setsockopt+0x215/0x360
[   24.370317]  ? move_addr_to_kernel+0x60/0x60
[   24.374697]  SyS_sendmsg+0x2d/0x50
[   24.378207]  ? __sys_sendmsg+0x210/0x210
[   24.382241]  do_syscall_64+0x281/0x940
[   24.386099]  ? vmalloc_sync_all+0x30/0x30
[   24.390218]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   24.394949]  ? syscall_return_slowpath+0x550/0x550
[   24.399849]  ? syscall_return_slowpath+0x2ac/0x550
[   24.404748]  ? prepare_exit_to_usermode+0x350/0x350
[   24.409739]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   24.415075]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   24.419890]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   24.425055] RIP: 0033:0x440139
[   24.428216] RSP: 002b:00007ffd346a4db8 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
[   24.435904] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440139
[   24.443146] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000003
[   24.450388] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   24.457627] R10: 00000000000000e8 R11: 0000000000000217 R12: 0000000000401a60
[   24.464870] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000
[   24.472116] 
[   24.473718] The buggy address belongs to the page:
[   24.478619] page:ffffea0006b383c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   24.486730] flags: 0x2fffc0000000000()
[   24.490589] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   24.498439] raw: 0000000000000000 ffffea0006b30101 0000000000000000 0000000000000000
[   24.506288] page dumped because: kasan: bad access detected
[   24.511977] 
[   24.513576] Memory state around the buggy address:
[   24.518475]  ffff8801ace0f380: f2 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2
[   24.525803]  ffff8801ace0f400: f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00
[   24.533132] >ffff8801ace0f480: f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2
[   24.540465]                    ^
[   24.543800]  ffff8801ace0f500: f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.551130]  ffff8801ace0f580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[   24.558456] ==================================================================
[   24.565781] Disabling lock debugging due to kernel taint
[   24.571230] Kernel panic - not syncing: panic_on_warn set ...
[   24.571230] 
[   24.578575] CPU: 0 PID: 4430 Comm: syzkaller020676 Tainted: G    B            4.16.0-rc7+ #374
[   24.587298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.596620] Call Trace:
[   24.599186]  dump_stack+0x194/0x24d
[   24.602783]  ? arch_local_irq_restore+0x53/0x53
[   24.607424]  ? kasan_end_report+0x32/0x50
[   24.611542]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   24.616267]  ? vsnprintf+0x1ed/0x1900
[   24.620039]  ? xfrm_state_find+0x2ff0/0x3210
[   24.624416]  panic+0x1e4/0x41c
[   24.627577]  ? refcount_error_report+0x214/0x214
[   24.632306]  ? add_taint+0x1c/0x50
[   24.635813]  ? add_taint+0x1c/0x50
[   24.639321]  ? xfrm_state_find+0x30de/0x3210
[   24.643700]  kasan_end_report+0x50/0x50
[   24.647650]  kasan_report+0x149/0x360
[   24.651422]  __asan_report_load4_noabort+0x14/0x20
[   24.656321]  xfrm_state_find+0x30de/0x3210
[   24.660653]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   24.665726]  ? print_irqtrace_events+0x270/0x270
[   24.670450]  ? print_irqtrace_events+0x270/0x270
[   24.675180]  ? get_page_from_freelist+0x3423/0x52d0
[   24.680167]  ? lock_downgrade+0x980/0x980
[   24.684293]  ? set_pageblock_migratetype+0x40/0x40
[   24.689193]  ? __update_load_avg_se.isra.31+0x56a/0x7c0
[   24.694529]  ? mark_held_locks+0xaf/0x100
[   24.698659]  ? get_page_from_freelist+0xa80/0x52d0
[   24.703560]  ? kernel_poison_pages+0xce/0x1f0
[   24.708030]  ? kasan_unpoison_shadow+0x35/0x50
[   24.712586]  ? print_irqtrace_events+0x270/0x270
[   24.717313]  ? get_page_from_freelist+0x2d7f/0x52d0
[   24.722305]  ? get_page_from_freelist+0x2deb/0x52d0
[   24.727300]  ? print_irqtrace_events+0x270/0x270
[   24.732033]  ? __lock_acquire+0x664/0x3e00
[   24.736241]  ? print_irqtrace_events+0x270/0x270
[   24.740972]  xfrm_tmpl_resolve+0x2ee/0xc40
[   24.745180]  ? __xfrm_decode_session+0x110/0x110
[   24.749902]  ? __lock_is_held+0xb6/0x140
[   24.753934]  ? rcu_read_lock_sched_held+0x108/0x120
[   24.758925]  ? fib_table_lookup+0xa04/0x1ba0
[   24.763312]  xfrm_resolve_and_create_bundle+0x184/0x28d0
[   24.768731]  ? call_fib_entry_notifiers+0x4f0/0x4f0
[   24.773717]  ? trace_hardirqs_off+0x10/0x10
[   24.778011]  ? xfrm_tmpl_resolve+0xc40/0xc40
[   24.782396]  ? __lock_is_held+0xb6/0x140
[   24.786426]  ? find_held_lock+0x35/0x1d0
[   24.790456]  ? xfrm_sk_policy_lookup+0x34c/0x4e0
[   24.795181]  ? lock_downgrade+0x980/0x980
[   24.799303]  ? lock_release+0xa40/0xa40
[   24.803247]  ? refcount_inc_not_zero+0xfe/0x180
[   24.807888]  ? security_xfrm_policy_lookup+0x92/0xc0
[   24.812964]  ? xfrm_sk_policy_lookup+0x375/0x4e0
[   24.817690]  ? xfrm_selector_match+0xe00/0xe00
[   24.822244]  xfrm_lookup+0xfcb/0x25c0
[   24.826020]  ? xfrm_lookup+0xfcb/0x25c0
[   24.829969]  ? print_lockdep_cache.isra.32+0x109/0x109
[   24.835217]  ? trace_hardirqs_off+0x10/0x10
[   24.839519]  ? xfrm_policy_lookup+0x70/0x70
[   24.843812]  ? find_held_lock+0x35/0x1d0
[   24.847847]  ? ip_route_output_key_hash+0x229/0x370
[   24.852834]  ? lock_downgrade+0x980/0x980
[   24.856952]  ? is_bpf_text_address+0x7b/0x120
[   24.861416]  ? lock_release+0xa40/0xa40
[   24.865361]  ? find_held_lock+0x35/0x1d0
[   24.869396]  ? ip_route_output_key_hash+0x252/0x370
[   24.874382]  ? ip_route_output_key_hash_rcu+0x2f00/0x2f00
[   24.879886]  ? lock_release+0xa40/0xa40
[   24.883837]  xfrm_lookup_route+0x39/0x1a0
[   24.887956]  ip_route_output_flow+0x7c/0xa0
[   24.892249]  udp_sendmsg+0x19bd/0x2f70
[   24.896106]  ? ip_reply_glue_bits+0xb0/0xb0
[   24.900406]  ? kasan_poison_object_data+0x10/0x40
[   24.905225]  ? udp4_lib_lookup2+0x310/0x310
[   24.909514]  ? debug_check_no_obj_freed+0x3da/0xf1f
[   24.914502]  ? xfrm_sk_policy_insert+0x358/0x580
[   24.919230]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   24.924215]  ? free_obj_work+0x690/0x690
[   24.928251]  ? trace_hardirqs_off+0x10/0x10
[   24.932546]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   24.937703]  ? reacquire_held_locks+0x1f9/0x3e0
[   24.942341]  ? reacquire_held_locks+0x1f9/0x3e0
[   24.946978]  ? find_held_lock+0x35/0x1d0
[   24.951016]  udpv6_sendmsg+0x757/0x3400
[   24.954973]  ? lock_downgrade+0x980/0x980
[   24.959089]  ? lock_downgrade+0x980/0x980
[   24.963207]  ? km_migrate+0x340/0x340
[   24.966977]  ? udpv6_setsockopt+0x80/0x80
[   24.971096]  ? release_sock+0x1d4/0x2a0
[   24.975042]  ? trace_hardirqs_on+0xd/0x10
[   24.979168]  ? __local_bh_enable_ip+0x121/0x230
[   24.983806]  ? trace_hardirqs_off+0x10/0x10
[   24.988097]  ? _raw_spin_unlock_bh+0x30/0x40
[   24.992476]  ? release_sock+0x1d4/0x2a0
[   24.996422]  ? __release_sock+0x360/0x360
[   25.000538]  ? ns_capable_common+0xcf/0x160
[   25.004828]  ? find_held_lock+0x35/0x1d0
[   25.008859]  ? __might_fault+0x110/0x1d0
[   25.012891]  ? lock_downgrade+0x980/0x980
[   25.017013]  ? rw_copy_check_uvector+0x1be/0x280
[   25.021742]  ? lock_downgrade+0x980/0x980
[   25.025863]  ? import_iovec+0x238/0x430
[   25.029806]  ? dup_iter+0x260/0x260
[   25.033404]  inet_sendmsg+0x11f/0x5e0
[   25.037172]  ? inet_sendmsg+0x11f/0x5e0
[   25.041116]  ? copy_msghdr_from_user+0x3a6/0x590
[   25.045841]  ? inet_create+0xf50/0xf50
[   25.049696]  ? SYSC_sendto+0x5c0/0x5c0
[   25.053555]  ? security_socket_sendmsg+0x89/0xb0
[   25.058301]  ? inet_create+0xf50/0xf50
[   25.062160]  sock_sendmsg+0xca/0x110
[   25.065843]  ___sys_sendmsg+0x767/0x8b0
[   25.069787]  ? copy_msghdr_from_user+0x590/0x590
[   25.074512]  ? lock_release+0xa40/0xa40
[   25.078456]  ? __local_bh_enable_ip+0x121/0x230
[   25.083096]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   25.088081]  ? release_sock+0x1d4/0x2a0
[   25.092030]  ? trace_hardirqs_on+0xd/0x10
[   25.096147]  ? __local_bh_enable_ip+0x121/0x230
[   25.100784]  ? __fget_light+0x2b2/0x3c0
[   25.104728]  ? fget_raw+0x20/0x20
[   25.108149]  ? release_sock+0x1d4/0x2a0
[   25.112094]  ? ip6_datagram_release_cb+0x520/0x520
[   25.116993]  ? __release_sock+0x360/0x360
[   25.121117]  ? lock_sock_nested+0x91/0x110
[   25.125323]  ? trace_hardirqs_on+0xd/0x10
[   25.129443]  ? __local_bh_enable_ip+0x121/0x230
[   25.134091]  ? __fget_light+0x2b2/0x3c0
[   25.138039]  ? ip6_datagram_connect+0x3a/0x50
[   25.142506]  __sys_sendmsg+0xe5/0x210
[   25.146286]  ? __sys_sendmsg+0xe5/0x210
[   25.150230]  ? SyS_shutdown+0x290/0x290
[   25.154175]  ? sock_common_setsockopt+0x95/0xd0
[   25.158815]  ? SyS_setsockopt+0x215/0x360
[   25.162935]  ? move_addr_to_kernel+0x60/0x60
[   25.167316]  SyS_sendmsg+0x2d/0x50
[   25.170823]  ? __sys_sendmsg+0x210/0x210
[   25.174856]  do_syscall_64+0x281/0x940
[   25.178713]  ? vmalloc_sync_all+0x30/0x30
[   25.182830]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.187558]  ? syscall_return_slowpath+0x550/0x550
[   25.192457]  ? syscall_return_slowpath+0x2ac/0x550
[   25.197365]  ? prepare_exit_to_usermode+0x350/0x350
[   25.202351]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   25.207685]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   25.212498]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   25.217663] RIP: 0033:0x440139
[   25.220823] RSP: 002b:00007ffd346a4db8 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
[   25.228524] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440139
[   25.235782] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000003
[   25.243028] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   25.250269] R10: 00000000000000e8 R11: 0000000000000217 R12: 0000000000401a60
[   25.257536] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000
[   25.265236] Dumping ftrace buffer:
[   25.268752]    (ftrace buffer empty)
[   25.272431] Kernel Offset: disabled
[   25.276026] Rebooting in 86400 seconds..