INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.13' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   28.571747] ==================================================================
[   28.581249] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x30de/0x3210
[   28.588440] Read of size 4 at addr ffff8801b25ef480 by task syzkaller538986/4480
[   28.595968] 
[   28.597598] CPU: 0 PID: 4480 Comm: syzkaller538986 Not tainted 4.16.0-rc7+ #9
[   28.604863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.614219] Call Trace:
[   28.616809]  dump_stack+0x194/0x24d
[   28.620436]  ? arch_local_irq_restore+0x53/0x53
[   28.625311]  ? show_regs_print_info+0x18/0x18
[   28.631403]  ? lock_release+0xa40/0xa40
[   28.636414]  ? xfrm_state_find+0x30de/0x3210
[   28.640831]  print_address_description+0x73/0x250
[   28.646278]  ? xfrm_state_find+0x30de/0x3210
[   28.651133]  kasan_report+0x23c/0x360
[   28.655499]  __asan_report_load4_noabort+0x14/0x20
[   28.660420]  xfrm_state_find+0x30de/0x3210
[   28.664643]  ? trace_hardirqs_off+0x10/0x10
[   28.668950]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   28.674034]  ? print_irqtrace_events+0x270/0x270
[   28.678765]  ? print_irqtrace_events+0x270/0x270
[   28.683518]  ? get_page_from_freelist+0x3423/0x52d0
[   28.688532]  ? lock_downgrade+0x980/0x980
[   28.692691]  ? set_pageblock_migratetype+0x40/0x40
[   28.697640]  ? __update_load_avg_se.isra.31+0x56a/0x7c0
[   28.703011]  ? rb_erase_cached+0xf50/0x3540
[   28.707315]  ? mark_held_locks+0xaf/0x100
[   28.711458]  ? rb_next+0x140/0x140
[   28.715003]  ? print_irqtrace_events+0x270/0x270
[   28.719769]  ? get_page_from_freelist+0x2d7f/0x52d0
[   28.724803]  ? get_page_from_freelist+0x2deb/0x52d0
[   28.729851]  ? print_irqtrace_events+0x270/0x270
[   28.734622]  ? __lock_acquire+0x664/0x3e00
[   28.738863]  ? print_irqtrace_events+0x270/0x270
[   28.744586]  xfrm_tmpl_resolve+0x2ee/0xc40
[   28.748823]  ? __xfrm_decode_session+0x110/0x110
[   28.753561]  ? __lock_is_held+0xb6/0x140
[   28.757603]  ? rcu_read_lock_sched_held+0x108/0x120
[   28.762594]  ? fib_table_lookup+0xa04/0x1ba0
[   28.766979]  xfrm_resolve_and_create_bundle+0x184/0x28d0
[   28.772405]  ? call_fib_entry_notifiers+0x4f0/0x4f0
[   28.777400]  ? trace_hardirqs_off+0x10/0x10
[   28.781700]  ? xfrm_tmpl_resolve+0xc40/0xc40
[   28.786086]  ? __lock_is_held+0xb6/0x140
[   28.790122]  ? find_held_lock+0x35/0x1d0
[   28.794162]  ? xfrm_sk_policy_lookup+0x34c/0x4e0
[   28.798893]  ? lock_downgrade+0x980/0x980
[   28.803042]  ? lock_release+0xa40/0xa40
[   28.806996]  ? refcount_inc_not_zero+0xfe/0x180
[   28.811649]  ? security_xfrm_policy_lookup+0x92/0xc0
[   28.816732]  ? xfrm_sk_policy_lookup+0x375/0x4e0
[   28.821467]  ? xfrm_selector_match+0xe00/0xe00
[   28.826034]  xfrm_lookup+0xfcb/0x25c0
[   28.829810]  ? xfrm_lookup+0xfcb/0x25c0
[   28.833758]  ? print_lockdep_cache.isra.32+0x109/0x109
[   28.839029]  ? trace_hardirqs_off+0x10/0x10
[   28.843339]  ? xfrm_policy_lookup+0x70/0x70
[   28.847649]  ? find_held_lock+0x35/0x1d0
[   28.851698]  ? ip_route_output_key_hash+0x229/0x370
[   28.856691]  ? lock_downgrade+0x980/0x980
[   28.860812]  ? is_bpf_text_address+0x7b/0x120
[   28.865298]  ? lock_release+0xa40/0xa40
[   28.869258]  ? find_held_lock+0x35/0x1d0
[   28.873297]  ? ip_route_output_key_hash+0x252/0x370
[   28.878287]  ? ip_route_output_key_hash_rcu+0x2f00/0x2f00
[   28.883796]  ? lock_release+0xa40/0xa40
[   28.887747]  xfrm_lookup_route+0x39/0x1a0
[   28.891871]  ip_route_output_flow+0x7c/0xa0
[   28.896167]  udp_sendmsg+0x19bd/0x2f70
[   28.900037]  ? ip_reply_glue_bits+0xb0/0xb0
[   28.904334]  ? kasan_poison_object_data+0x10/0x40
[   28.909152]  ? udp4_lib_lookup2+0x310/0x310
[   28.913454]  ? debug_check_no_obj_freed+0x3da/0xf1f
[   28.918454]  ? xfrm_sk_policy_insert+0x358/0x580
[   28.923187]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   28.928998]  ? free_obj_work+0x690/0x690
[   28.933050]  ? trace_hardirqs_off+0x10/0x10
[   28.937355]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   28.942523]  ? reacquire_held_locks+0x1f9/0x3e0
[   28.947167]  ? reacquire_held_locks+0x1f9/0x3e0
[   28.951822]  ? find_held_lock+0x35/0x1d0
[   28.955860]  udpv6_sendmsg+0x757/0x3400
[   28.959808]  ? lock_downgrade+0x980/0x980
[   28.963927]  ? lock_downgrade+0x980/0x980
[   28.968049]  ? km_migrate+0x340/0x340
[   28.971826]  ? udpv6_setsockopt+0x80/0x80
[   28.975950]  ? release_sock+0x1d4/0x2a0
[   28.979898]  ? trace_hardirqs_on+0xd/0x10
[   28.984024]  ? __local_bh_enable_ip+0x121/0x230
[   28.988671]  ? trace_hardirqs_off+0x10/0x10
[   28.992966]  ? _raw_spin_unlock_bh+0x30/0x40
[   28.997349]  ? release_sock+0x1d4/0x2a0
[   29.001304]  ? __release_sock+0x360/0x360
[   29.005431]  ? ns_capable_common+0xcf/0x160
[   29.009731]  ? find_held_lock+0x35/0x1d0
[   29.013769]  ? __might_fault+0x110/0x1d0
[   29.017803]  ? lock_downgrade+0x980/0x980
[   29.021928]  ? rw_copy_check_uvector+0x1be/0x280
[   29.026656]  ? lock_downgrade+0x980/0x980
[   29.030778]  ? import_iovec+0x238/0x430
[   29.034728]  ? dup_iter+0x260/0x260
[   29.038333]  inet_sendmsg+0x11f/0x5e0
[   29.042105]  ? inet_sendmsg+0x11f/0x5e0
[   29.046053]  ? copy_msghdr_from_user+0x3a6/0x590
[   29.050780]  ? inet_create+0xf50/0xf50
[   29.054640]  ? SYSC_sendto+0x5c0/0x5c0
[   29.058511]  ? security_socket_sendmsg+0x89/0xb0
[   29.063251]  ? inet_create+0xf50/0xf50
[   29.067371]  sock_sendmsg+0xca/0x110
[   29.071058]  ___sys_sendmsg+0x767/0x8b0
[   29.075010]  ? copy_msghdr_from_user+0x590/0x590
[   29.079746]  ? lock_release+0xa40/0xa40
[   29.083695]  ? __local_bh_enable_ip+0x121/0x230
[   29.088340]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   29.093332]  ? release_sock+0x1d4/0x2a0
[   29.097294]  ? trace_hardirqs_on+0xd/0x10
[   29.101417]  ? __local_bh_enable_ip+0x121/0x230
[   29.106062]  ? __fget_light+0x2b2/0x3c0
[   29.110011]  ? fget_raw+0x20/0x20
[   29.113445]  ? release_sock+0x1d4/0x2a0
[   29.117392]  ? ip6_datagram_release_cb+0x520/0x520
[   29.122298]  ? __release_sock+0x360/0x360
[   29.126419]  ? lock_sock_nested+0x91/0x110
[   29.130631]  ? trace_hardirqs_on+0xd/0x10
[   29.134752]  ? __local_bh_enable_ip+0x121/0x230
[   29.139397]  ? __fget_light+0x2b2/0x3c0
[   29.143365]  ? ip6_datagram_connect+0x3a/0x50
[   29.147838]  __sys_sendmsg+0xe5/0x210
[   29.151614]  ? __sys_sendmsg+0xe5/0x210
[   29.155561]  ? SyS_shutdown+0x290/0x290
[   29.159511]  ? sock_common_setsockopt+0x95/0xd0
[   29.164155]  ? SyS_setsockopt+0x215/0x360
[   29.168282]  ? move_addr_to_kernel+0x60/0x60
[   29.172666]  SyS_sendmsg+0x2d/0x50
[   29.176181]  ? __sys_sendmsg+0x210/0x210
[   29.180220]  do_syscall_64+0x281/0x940
[   29.184086]  ? vmalloc_sync_all+0x30/0x30
[   29.188222]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   29.192957]  ? syscall_return_slowpath+0x550/0x550
[   29.197865]  ? syscall_return_slowpath+0x2ac/0x550
[   29.202779]  ? prepare_exit_to_usermode+0x350/0x350
[   29.207778]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   29.213131]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.217955]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   29.223118] RIP: 0033:0x440139
[   29.226280] RSP: 002b:00007fffa14c36e8 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
[   29.233964] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440139
[   29.241217] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000003
[   29.248461] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   29.255703] R10: 00000000000000e8 R11: 0000000000000217 R12: 0000000000401a60
[   29.262947] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000
[   29.270198] 
[   29.271797] The buggy address belongs to the page:
[   29.276700] page:ffffea0006c97bc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   29.284816] flags: 0x2fffc0000000000()
[   29.288679] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   29.296540] raw: 0000000000000000 ffffea0006c90101 0000000000000000 0000000000000000
[   29.304393] page dumped because: kasan: bad access detected
[   29.310080] 
[   29.311683] Memory state around the buggy address:
[   29.316587]  ffff8801b25ef380: f2 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2
[   29.323920]  ffff8801b25ef400: f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00
[   29.331256] >ffff8801b25ef480: f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2
[   29.338590]                    ^
[   29.341933]  ffff8801b25ef500: f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.349266]  ffff8801b25ef580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[   29.356597] ==================================================================
[   29.363926] Disabling lock debugging due to kernel taint
[   29.369387] Kernel panic - not syncing: panic_on_warn set ...
[   29.369387] 
[   29.376725] CPU: 0 PID: 4480 Comm: syzkaller538986 Tainted: G    B            4.16.0-rc7+ #9
[   29.385272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.394600] Call Trace:
[   29.397163]  dump_stack+0x194/0x24d
[   29.400761]  ? arch_local_irq_restore+0x53/0x53
[   29.405401]  ? kasan_end_report+0x32/0x50
[   29.409523]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   29.414250]  ? vsnprintf+0x1ed/0x1900
[   29.418031]  ? xfrm_state_find+0x2ff0/0x3210
[   29.422412]  panic+0x1e4/0x41c
[   29.425580]  ? refcount_error_report+0x214/0x214
[   29.430316]  ? add_taint+0x1c/0x50
[   29.433847]  ? add_taint+0x1c/0x50
[   29.437359]  ? xfrm_state_find+0x30de/0x3210
[   29.441738]  kasan_end_report+0x50/0x50
[   29.445683]  kasan_report+0x149/0x360
[   29.449454]  __asan_report_load4_noabort+0x14/0x20
[   29.454368]  xfrm_state_find+0x30de/0x3210
[   29.458575]  ? trace_hardirqs_off+0x10/0x10
[   29.462870]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   29.467955]  ? print_irqtrace_events+0x270/0x270
[   29.472682]  ? print_irqtrace_events+0x270/0x270
[   29.477414]  ? get_page_from_freelist+0x3423/0x52d0
[   29.482403]  ? lock_downgrade+0x980/0x980
[   29.486522]  ? set_pageblock_migratetype+0x40/0x40
[   29.491437]  ? __update_load_avg_se.isra.31+0x56a/0x7c0
[   29.496773]  ? rb_erase_cached+0xf50/0x3540
[   29.501080]  ? mark_held_locks+0xaf/0x100
[   29.505198]  ? rb_next+0x140/0x140
[   29.508709]  ? print_irqtrace_events+0x270/0x270
[   29.513450]  ? get_page_from_freelist+0x2d7f/0x52d0
[   29.518989]  ? get_page_from_freelist+0x2deb/0x52d0
[   29.524007]  ? print_irqtrace_events+0x270/0x270
[   29.528735]  ? __lock_acquire+0x664/0x3e00
[   29.532942]  ? print_irqtrace_events+0x270/0x270
[   29.537675]  xfrm_tmpl_resolve+0x2ee/0xc40
[   29.541887]  ? __xfrm_decode_session+0x110/0x110
[   29.546615]  ? __lock_is_held+0xb6/0x140
[   29.550651]  ? rcu_read_lock_sched_held+0x108/0x120
[   29.555654]  ? fib_table_lookup+0xa04/0x1ba0
[   29.560050]  xfrm_resolve_and_create_bundle+0x184/0x28d0
[   29.565474]  ? call_fib_entry_notifiers+0x4f0/0x4f0
[   29.570466]  ? trace_hardirqs_off+0x10/0x10
[   29.574762]  ? xfrm_tmpl_resolve+0xc40/0xc40
[   29.579144]  ? __lock_is_held+0xb6/0x140
[   29.583179]  ? find_held_lock+0x35/0x1d0
[   29.587215]  ? xfrm_sk_policy_lookup+0x34c/0x4e0
[   29.591945]  ? lock_downgrade+0x980/0x980
[   29.596075]  ? lock_release+0xa40/0xa40
[   29.600035]  ? refcount_inc_not_zero+0xfe/0x180
[   29.604686]  ? security_xfrm_policy_lookup+0x92/0xc0
[   29.609768]  ? xfrm_sk_policy_lookup+0x375/0x4e0
[   29.614501]  ? xfrm_selector_match+0xe00/0xe00
[   29.619057]  xfrm_lookup+0xfcb/0x25c0
[   29.622848]  ? xfrm_lookup+0xfcb/0x25c0
[   29.626800]  ? print_lockdep_cache.isra.32+0x109/0x109
[   29.632054]  ? trace_hardirqs_off+0x10/0x10
[   29.636349]  ? xfrm_policy_lookup+0x70/0x70
[   29.640643]  ? find_held_lock+0x35/0x1d0
[   29.644680]  ? ip_route_output_key_hash+0x229/0x370
[   29.649672]  ? lock_downgrade+0x980/0x980
[   29.653796]  ? is_bpf_text_address+0x7b/0x120
[   29.658294]  ? lock_release+0xa40/0xa40
[   29.662242]  ? find_held_lock+0x35/0x1d0
[   29.666287]  ? ip_route_output_key_hash+0x252/0x370
[   29.671278]  ? ip_route_output_key_hash_rcu+0x2f00/0x2f00
[   29.676787]  ? lock_release+0xa40/0xa40
[   29.680737]  xfrm_lookup_route+0x39/0x1a0
[   29.684858]  ip_route_output_flow+0x7c/0xa0
[   29.689154]  udp_sendmsg+0x19bd/0x2f70
[   29.693013]  ? ip_reply_glue_bits+0xb0/0xb0
[   29.697315]  ? kasan_poison_object_data+0x10/0x40
[   29.702142]  ? udp4_lib_lookup2+0x310/0x310
[   29.706447]  ? debug_check_no_obj_freed+0x3da/0xf1f
[   29.711436]  ? xfrm_sk_policy_insert+0x358/0x580
[   29.716167]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   29.721162]  ? free_obj_work+0x690/0x690
[   29.725193]  ? trace_hardirqs_off+0x10/0x10
[   29.729496]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   29.734659]  ? reacquire_held_locks+0x1f9/0x3e0
[   29.739306]  ? reacquire_held_locks+0x1f9/0x3e0
[   29.744042]  ? find_held_lock+0x35/0x1d0
[   29.748094]  udpv6_sendmsg+0x757/0x3400
[   29.752043]  ? lock_downgrade+0x980/0x980
[   29.756164]  ? lock_downgrade+0x980/0x980
[   29.760298]  ? km_migrate+0x340/0x340
[   29.764075]  ? udpv6_setsockopt+0x80/0x80
[   29.768197]  ? release_sock+0x1d4/0x2a0
[   29.772145]  ? trace_hardirqs_on+0xd/0x10
[   29.776282]  ? __local_bh_enable_ip+0x121/0x230
[   29.780968]  ? trace_hardirqs_off+0x10/0x10
[   29.785274]  ? _raw_spin_unlock_bh+0x30/0x40
[   29.789656]  ? release_sock+0x1d4/0x2a0
[   29.793614]  ? __release_sock+0x360/0x360
[   29.797739]  ? ns_capable_common+0xcf/0x160
[   29.802569]  ? find_held_lock+0x35/0x1d0
[   29.806608]  ? __might_fault+0x110/0x1d0
[   29.810640]  ? lock_downgrade+0x980/0x980
[   29.814773]  ? rw_copy_check_uvector+0x1be/0x280
[   29.819503]  ? lock_downgrade+0x980/0x980
[   29.823623]  ? import_iovec+0x238/0x430
[   29.827571]  ? dup_iter+0x260/0x260
[   29.831173]  inet_sendmsg+0x11f/0x5e0
[   29.834945]  ? inet_sendmsg+0x11f/0x5e0
[   29.838892]  ? copy_msghdr_from_user+0x3a6/0x590
[   29.843619]  ? inet_create+0xf50/0xf50
[   29.847485]  ? SYSC_sendto+0x5c0/0x5c0
[   29.851350]  ? security_socket_sendmsg+0x89/0xb0
[   29.856079]  ? inet_create+0xf50/0xf50
[   29.859946]  sock_sendmsg+0xca/0x110
[   29.863631]  ___sys_sendmsg+0x767/0x8b0
[   29.867578]  ? copy_msghdr_from_user+0x590/0x590
[   29.872319]  ? lock_release+0xa40/0xa40
[   29.876269]  ? __local_bh_enable_ip+0x121/0x230
[   29.880912]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   29.885902]  ? release_sock+0x1d4/0x2a0
[   29.889850]  ? trace_hardirqs_on+0xd/0x10
[   29.893971]  ? __local_bh_enable_ip+0x121/0x230
[   29.898616]  ? __fget_light+0x2b2/0x3c0
[   29.902563]  ? fget_raw+0x20/0x20
[   29.905988]  ? release_sock+0x1d4/0x2a0
[   29.909936]  ? ip6_datagram_release_cb+0x520/0x520
[   29.914837]  ? __release_sock+0x360/0x360
[   29.918959]  ? lock_sock_nested+0x91/0x110
[   29.923169]  ? trace_hardirqs_on+0xd/0x10
[   29.927293]  ? __local_bh_enable_ip+0x121/0x230
[   29.931945]  ? __fget_light+0x2b2/0x3c0
[   29.935897]  ? ip6_datagram_connect+0x3a/0x50
[   29.940369]  __sys_sendmsg+0xe5/0x210
[   29.944143]  ? __sys_sendmsg+0xe5/0x210
[   29.948099]  ? SyS_shutdown+0x290/0x290
[   29.952049]  ? sock_common_setsockopt+0x95/0xd0
[   29.956692]  ? SyS_setsockopt+0x215/0x360
[   29.960815]  ? move_addr_to_kernel+0x60/0x60
[   29.965201]  SyS_sendmsg+0x2d/0x50
[   29.968715]  ? __sys_sendmsg+0x210/0x210
[   29.972747]  do_syscall_64+0x281/0x940
[   29.976620]  ? vmalloc_sync_all+0x30/0x30
[   29.980742]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   29.985474]  ? syscall_return_slowpath+0x550/0x550
[   29.990379]  ? syscall_return_slowpath+0x2ac/0x550
[   29.995282]  ? prepare_exit_to_usermode+0x350/0x350
[   30.000274]  ? entry_SYSCALL_64_after_hwframe+0x52/0xb7
[   30.005612]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.010430]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   30.015590] RIP: 0033:0x440139
[   30.018751] RSP: 002b:00007fffa14c36e8 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
[   30.026435] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440139
[   30.033681] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000003
[   30.040926] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   30.048169] R10: 00000000000000e8 R11: 0000000000000217 R12: 0000000000401a60
[   30.055414] R13: 0000000000401af0 R14: 0000000000000000 R15: 0000000000000000
[   30.063092] Dumping ftrace buffer:
[   30.066611]    (ftrace buffer empty)
[   30.070307] Kernel Offset: disabled
[   30.073907] Rebooting in 86400 seconds..