INIT: Entering runlevel: 2

[info] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-386-4,10.128.0.14' (ECDSA) to the list of known hosts.
2017/11/22 16:19:27 parsed 1 programs
2017/11/22 16:19:27 executed programs: 0
syzkaller login: [   27.011443] ==================================================================
[   27.012609] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x30fc/0x3230
[   27.013554] Read of size 4 at addr ffff8801ccd2f960 by task syz-executor0/3054
[   27.014517] 
[   27.014751] CPU: 0 PID: 3054 Comm: syz-executor0 Not tainted 4.14.0+ #100
[   27.015661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.016882] Call Trace:
[   27.017243]  dump_stack+0x194/0x257
[   27.017736]  ? arch_local_irq_restore+0x53/0x53
[   27.018384]  ? show_regs_print_info+0x65/0x65
[   27.018990]  ? lock_release+0xda0/0xda0
[   27.019524]  ? xfrm_state_find+0x30fc/0x3230
[   27.020117]  print_address_description+0x73/0x250
[   27.020761]  ? xfrm_state_find+0x30fc/0x3230
[   27.021351]  kasan_report+0x25b/0x340
[   27.021865]  __asan_report_load4_noabort+0x14/0x20
[   27.022521]  xfrm_state_find+0x30fc/0x3230
[   27.023112]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   27.023788]  ? print_usage_bug+0x3f0/0x3f0
[   27.024357]  ? find_held_lock+0x39/0x1d0
[   27.024911]  ? check_noncircular+0x20/0x20
[   27.025490]  ? lock_downgrade+0x980/0x980
[   27.026052]  ? __lock_acquire+0x2727/0x47f0
[   27.026645]  ? find_held_lock+0x39/0x1d0
[   27.027206]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   27.027896]  ? print_usage_bug+0x3f0/0x3f0
[   27.028464]  ? lock_downgrade+0x980/0x980
[   27.029023]  ? depot_save_stack+0x1c2/0x490
[   27.029606]  ? lock_release+0xda0/0xda0
[   27.030146]  ? is_bpf_text_address+0xa4/0x120
[   27.030749]  ? __lock_acquire+0x6e9/0x47f0
[   27.031314]  ? check_noncircular+0x20/0x20
[   27.031882]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   27.036870]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   27.041086]  ? __xfrm_decode_session+0x110/0x110
[   27.045817]  ? lock_downgrade+0x980/0x980
[   27.049946]  ? rt_add_uncached_list+0xa2/0x240
[   27.054493]  ? check_noncircular+0x20/0x20
[   27.058699]  ? check_noncircular+0x20/0x20
[   27.062900]  ? __pagevec_lru_add_fn+0x783/0xf40
[   27.067539]  xfrm_resolve_and_create_bundle+0x11b/0x2600
[   27.072957]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   27.077940]  ? trace_hardirqs_on+0xd/0x10
[   27.082055]  ? __local_bh_enable_ip+0x121/0x230
[   27.086695]  ? _raw_spin_unlock_bh+0x30/0x40
[   27.091075]  ? find_held_lock+0x39/0x1d0
[   27.095108]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   27.099490]  ? lock_downgrade+0x980/0x980
[   27.103606]  ? xfrm_selector_match+0xe00/0xe00
[   27.108157]  ? rt_cache_route+0x300/0x300
[   27.112274]  ? lock_release+0xda0/0xda0
[   27.116222]  ? refcount_inc_not_zero+0xfe/0x180
[   27.120864]  ? selinux_xfrm_policy_lookup+0xac/0xd0
[   27.125849]  ? security_xfrm_policy_lookup+0x92/0xc0
[   27.130926]  ? xfrm_sk_policy_lookup+0x334/0x490
[   27.135654]  ? xfrm_selector_match+0xe00/0xe00
[   27.140204]  ? check_noncircular+0x20/0x20
[   27.144412]  xfrm_lookup+0x1574/0x23f0
[   27.148265]  ? xfrm_lookup+0x1574/0x23f0
[   27.152304]  ? xfrm_policy_lookup_bytype.constprop.47+0x960/0x960
[   27.158504]  ? find_held_lock+0x39/0x1d0
[   27.162541]  ? lock_downgrade+0x980/0x980
[   27.166660]  ? ip_route_output_key_hash+0x1a6/0x370
[   27.171644]  ? lru_cache_add+0x1c7/0x3a0
[   27.175689]  ? get_mem_cgroup_from_mm+0x710/0x710
[   27.180523]  ? lock_release+0xda0/0xda0
[   27.184489]  ? lock_downgrade+0x980/0x980
[   27.188617]  ? ip_route_output_key_hash+0x252/0x370
[   27.193605]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   27.199108]  ? lock_release+0xda0/0xda0
[   27.203067]  xfrm_lookup_route+0x39/0x1a0
[   27.207189]  ip_route_output_flow+0x7c/0xa0
[   27.211480]  raw_sendmsg+0xc4f/0x3920
[   27.215262]  ? raw_setsockopt+0xd0/0xd0
[   27.219208]  ? get_futex_key+0x1d50/0x1d50
[   27.223409]  ? __lock_acquire+0x6e9/0x47f0
[   27.227609]  ? __lock_acquire+0x6e9/0x47f0
[   27.231816]  ? find_held_lock+0x39/0x1d0
[   27.235858]  ? do_futex+0x85b/0x2280
[   27.239546]  ? find_held_lock+0x39/0x1d0
[   27.243592]  ? __might_fault+0xe0/0x1d0
[   27.247536]  ? sock_has_perm+0x29c/0x400
[   27.251568]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   27.256898]  ? lock_release+0xda0/0xda0
[   27.260838]  ? trace_event_raw_event_sched_switch+0x8a0/0x8a0
[   27.266690]  ? __check_object_size+0x25d/0x4f0
[   27.271248]  inet_sendmsg+0x11f/0x5e0
[   27.275015]  ? __might_sleep+0x95/0x190
[   27.278957]  ? inet_recvmsg+0x5f0/0x5f0
[   27.282902]  ? selinux_socket_sendmsg+0x36/0x40
[   27.287538]  ? security_socket_sendmsg+0x89/0xb0
[   27.292260]  ? inet_recvmsg+0x5f0/0x5f0
[   27.296204]  sock_sendmsg+0xca/0x110
[   27.299887]  SYSC_sendto+0x358/0x5a0
[   27.303572]  ? SYSC_connect+0x480/0x480
[   27.307520]  ? lock_downgrade+0x980/0x980
[   27.311667]  ? compat_SyS_get_robust_list+0x300/0x300
[   27.316829]  ? __do_page_fault+0x3d6/0xc90
[   27.321040]  SyS_sendto+0x40/0x50
[   27.324463]  ? SyS_getpeername+0x30/0x30
[   27.328495]  do_fast_syscall_32+0x3ee/0xf9d
[   27.332802]  ? do_int80_syscall_32+0x9d0/0x9d0
[   27.337351]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   27.342079]  ? lockdep_sys_exit+0x47/0xf0
[   27.346197]  ? syscall_return_slowpath+0x2ad/0x550
[   27.351099]  ? sysret32_from_system_call+0x5/0x3b
[   27.355916]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.360735]  entry_SYSENTER_compat+0x51/0x60
[   27.365114] RIP: 0023:0xf7f4ec79
[   27.368446] RSP: 002b:00000000ffd6dbfc EFLAGS: 00000296 ORIG_RAX: 0000000000000171
[   27.376124] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020098000
[   27.383360] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000020c24000
[   27.390608] RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000
[   27.397846] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   27.405085] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   27.412344] 
[   27.413943] The buggy address belongs to the page:
[   27.418841] page:ffffea0007334bc0 count:0 mapcount:0 mapping:          (null) index:0x0
[   27.426949] flags: 0x2fffc0000000000()
[   27.430809] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   27.438657] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   27.446504] page dumped because: kasan: bad access detected
[   27.452179] 
[   27.453772] Memory state around the buggy address:
[   27.458667]  ffff8801ccd2f800: f2 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 f2 f2 f2 f2
[   27.465993]  ffff8801ccd2f880: f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 f2
[   27.473317] >ffff8801ccd2f900: f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2 f2
[   27.480648]                                                        ^
[   27.487124]  ffff8801ccd2f980: f2 00 00 00 00 00 00 00 00 00 f2 f2 f2 f3 f3 f3
[   27.494450]  ffff8801ccd2fa00: f3 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00
[   27.501775] ==================================================================
[   27.509102] Disabling lock debugging due to kernel taint
[   27.514586] Kernel panic - not syncing: panic_on_warn set ...
[   27.514586] 
[   27.521933] CPU: 0 PID: 3054 Comm: syz-executor0 Tainted: G    B            4.14.0+ #100
[   27.530162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.539493] Call Trace:
[   27.542059]  dump_stack+0x194/0x257
[   27.545655]  ? arch_local_irq_restore+0x53/0x53
[   27.550294]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   27.555017]  ? vsnprintf+0x1ed/0x1900
[   27.558796]  ? xfrm_state_find+0x30a0/0x3230
[   27.563172]  panic+0x1e4/0x41c
[   27.566333]  ? refcount_error_report+0x214/0x214
[   27.571055]  ? add_taint+0x1c/0x50
[   27.574559]  ? add_taint+0x1c/0x50
[   27.578065]  ? xfrm_state_find+0x30fc/0x3230
[   27.582440]  kasan_end_report+0x50/0x50
[   27.586380]  kasan_report+0x144/0x340
[   27.590148]  __asan_report_load4_noabort+0x14/0x20
[   27.595043]  xfrm_state_find+0x30fc/0x3230
[   27.599255]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   27.604325]  ? print_usage_bug+0x3f0/0x3f0
[   27.608527]  ? find_held_lock+0x39/0x1d0
[   27.612560]  ? check_noncircular+0x20/0x20
[   27.616759]  ? lock_downgrade+0x980/0x980
[   27.620877]  ? __lock_acquire+0x2727/0x47f0
[   27.625161]  ? find_held_lock+0x39/0x1d0
[   27.629201]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   27.634359]  ? print_usage_bug+0x3f0/0x3f0
[   27.638559]  ? lock_downgrade+0x980/0x980
[   27.642677]  ? depot_save_stack+0x1c2/0x490
[   27.646966]  ? lock_release+0xda0/0xda0
[   27.650912]  ? is_bpf_text_address+0xa4/0x120
[   27.655374]  ? __lock_acquire+0x6e9/0x47f0
[   27.659574]  ? check_noncircular+0x20/0x20
[   27.663775]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   27.668760]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   27.672966]  ? __xfrm_decode_session+0x110/0x110
[   27.677690]  ? lock_downgrade+0x980/0x980
[   27.681805]  ? rt_add_uncached_list+0xa2/0x240
[   27.686352]  ? check_noncircular+0x20/0x20
[   27.690552]  ? check_noncircular+0x20/0x20
[   27.694753]  ? __pagevec_lru_add_fn+0x783/0xf40
[   27.699390]  xfrm_resolve_and_create_bundle+0x11b/0x2600
[   27.704806]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   27.709786]  ? trace_hardirqs_on+0xd/0x10
[   27.713899]  ? __local_bh_enable_ip+0x121/0x230
[   27.718533]  ? _raw_spin_unlock_bh+0x30/0x40
[   27.722907]  ? find_held_lock+0x39/0x1d0
[   27.726934]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   27.731309]  ? lock_downgrade+0x980/0x980
[   27.735422]  ? xfrm_selector_match+0xe00/0xe00
[   27.739972]  ? rt_cache_route+0x300/0x300
[   27.744086]  ? lock_release+0xda0/0xda0
[   27.748031]  ? refcount_inc_not_zero+0xfe/0x180
[   27.752667]  ? selinux_xfrm_policy_lookup+0xac/0xd0
[   27.757651]  ? security_xfrm_policy_lookup+0x92/0xc0
[   27.762724]  ? xfrm_sk_policy_lookup+0x334/0x490
[   27.767448]  ? xfrm_selector_match+0xe00/0xe00
[   27.771994]  ? check_noncircular+0x20/0x20
[   27.776197]  xfrm_lookup+0x1574/0x23f0
[   27.780050]  ? xfrm_lookup+0x1574/0x23f0
[   27.784080]  ? xfrm_policy_lookup_bytype.constprop.47+0x960/0x960
[   27.790278]  ? find_held_lock+0x39/0x1d0
[   27.794308]  ? lock_downgrade+0x980/0x980
[   27.798421]  ? ip_route_output_key_hash+0x1a6/0x370
[   27.803403]  ? lru_cache_add+0x1c7/0x3a0
[   27.807430]  ? get_mem_cgroup_from_mm+0x710/0x710
[   27.812239]  ? lock_release+0xda0/0xda0
[   27.816184]  ? lock_downgrade+0x980/0x980
[   27.820297]  ? ip_route_output_key_hash+0x252/0x370
[   27.825281]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   27.830781]  ? lock_release+0xda0/0xda0
[   27.834724]  xfrm_lookup_route+0x39/0x1a0
[   27.838839]  ip_route_output_flow+0x7c/0xa0
[   27.843128]  raw_sendmsg+0xc4f/0x3920
[   27.846901]  ? raw_setsockopt+0xd0/0xd0
[   27.850848]  ? get_futex_key+0x1d50/0x1d50
[   27.855050]  ? __lock_acquire+0x6e9/0x47f0
[   27.859247]  ? __lock_acquire+0x6e9/0x47f0
[   27.863448]  ? find_held_lock+0x39/0x1d0
[   27.867481]  ? do_futex+0x85b/0x2280
[   27.871164]  ? find_held_lock+0x39/0x1d0
[   27.875195]  ? __might_fault+0xe0/0x1d0
[   27.879138]  ? sock_has_perm+0x29c/0x400
[   27.883169]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   27.888497]  ? lock_release+0xda0/0xda0
[   27.892439]  ? trace_event_raw_event_sched_switch+0x8a0/0x8a0
[   27.898288]  ? __check_object_size+0x25d/0x4f0
[   27.902837]  inet_sendmsg+0x11f/0x5e0
[   27.906601]  ? __might_sleep+0x95/0x190
[   27.910539]  ? inet_recvmsg+0x5f0/0x5f0
[   27.914478]  ? selinux_socket_sendmsg+0x36/0x40
[   27.919112]  ? security_socket_sendmsg+0x89/0xb0
[   27.923832]  ? inet_recvmsg+0x5f0/0x5f0
[   27.927774]  sock_sendmsg+0xca/0x110
[   27.931454]  SYSC_sendto+0x358/0x5a0
[   27.935134]  ? SYSC_connect+0x480/0x480
[   27.939080]  ? lock_downgrade+0x980/0x980
[   27.943210]  ? compat_SyS_get_robust_list+0x300/0x300
[   27.948368]  ? __do_page_fault+0x3d6/0xc90
[   27.952572]  SyS_sendto+0x40/0x50
[   27.955992]  ? SyS_getpeername+0x30/0x30
[   27.960021]  do_fast_syscall_32+0x3ee/0xf9d
[   27.964311]  ? do_int80_syscall_32+0x9d0/0x9d0
[   27.968857]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   27.973580]  ? lockdep_sys_exit+0x47/0xf0
[   27.977701]  ? syscall_return_slowpath+0x2ad/0x550
[   27.982599]  ? sysret32_from_system_call+0x5/0x3b
[   27.987407]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.992217]  entry_SYSENTER_compat+0x51/0x60
[   27.996589] RIP: 0023:0xf7f4ec79
[   27.999919] RSP: 002b:00000000ffd6dbfc EFLAGS: 00000296 ORIG_RAX: 0000000000000171
[   28.007593] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000020098000
[   28.014830] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000020c24000
[   28.022066] RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000
[   28.029302] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   28.036536] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   28.043821] Dumping ftrace buffer:
[   28.047329]    (ftrace buffer empty)
[   28.051008] Kernel Offset: disabled
[   28.054603] Rebooting in 86400 seconds..