INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-4,10.128.0.55' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   41.564750] ==================================================================
[   41.572181] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x305b/0x3190
[   41.579341] Read of size 4 at addr ffff8801ce96faf8 by task syzkaller164192/2983
[   41.586842] 
[   41.588445] CPU: 1 PID: 2983 Comm: syzkaller164192 Not tainted 4.14.0-rc2+ #106
[   41.595859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.605183] Call Trace:
[   41.607745]  dump_stack+0x194/0x257
[   41.611346]  ? arch_local_irq_restore+0x53/0x53
[   41.615991]  ? show_regs_print_info+0x65/0x65
[   41.620462]  ? lock_release+0xd70/0xd70
[   41.624408]  ? xfrm_state_find+0x305b/0x3190
[   41.628790]  print_address_description+0x73/0x250
[   41.633601]  ? xfrm_state_find+0x305b/0x3190
[   41.637983]  kasan_report+0x25b/0x340
[   41.641759]  __asan_report_load4_noabort+0x14/0x20
[   41.646657]  xfrm_state_find+0x305b/0x3190
[   41.650862]  ? unwind_get_return_address+0x61/0xa0
[   41.655766]  ? __save_stack_trace+0x61/0xd0
[   41.660079]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   41.665159]  ? copy_trace+0x1d0/0x1d0
[   41.668942]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   41.674099]  ? check_noncircular+0x20/0x20
[   41.678303]  ? lock_downgrade+0x990/0x990
[   41.682431]  ? find_held_lock+0x39/0x1d0
[   41.686476]  ? __lock_acquire+0x732/0x4620
[   41.690679]  ? find_held_lock+0x39/0x1d0
[   41.694727]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   41.699891]  ? depot_save_stack+0x1c2/0x490
[   41.704193]  ? do_raw_spin_trylock+0x190/0x190
[   41.708748]  ? check_noncircular+0x20/0x20
[   41.712955]  ? kernel_text_address+0x102/0x140
[   41.717515]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   41.721742]  ? __xfrm_decode_session+0x100/0x100
[   41.726474]  ? lock_downgrade+0x990/0x990
[   41.730591]  ? inet_sendmsg+0x11f/0x5e0
[   41.734535]  ? sock_sendmsg+0xca/0x110
[   41.738391]  ? SYSC_sendto+0x358/0x5a0
[   41.742251]  ? check_noncircular+0x20/0x20
[   41.746459]  ? rt_add_uncached_list+0xa2/0x240
[   41.751013]  ? check_noncircular+0x20/0x20
[   41.755216]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   41.760205]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   41.765629]  ? kmem_cache_alloc+0x4a2/0x760
[   41.769923]  ? __local_bh_enable_ip+0x9d/0x160
[   41.774491]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   41.778875]  ? lock_downgrade+0x990/0x990
[   41.782994]  ? dst_init+0x4d9/0x6a0
[   41.786602]  ? xfrm_selector_match+0xe00/0xe00
[   41.791163]  ? lock_release+0xd70/0xd70
[   41.795114]  ? refcount_inc_not_zero+0xfe/0x180
[   41.799760]  ? xfrm_selector_match+0x3b/0xe00
[   41.804229]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   41.808960]  ? xfrm_selector_match+0xe00/0xe00
[   41.813516]  ? check_noncircular+0x20/0x20
[   41.817719]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   41.823144]  xfrm_lookup+0xf0a/0x2540
[   41.826913]  ? xfrm_lookup+0xf0a/0x2540
[   41.830860]  ? ip_route_input_noref+0x1e0/0x1e0
[   41.835505]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   41.841884]  ? find_held_lock+0x39/0x1d0
[   41.845931]  ? lock_downgrade+0x990/0x990
[   41.850050]  ? check_noncircular+0x20/0x20
[   41.854260]  ? ip_route_output_key_hash+0x1a6/0x370
[   41.859246]  ? find_held_lock+0x39/0x1d0
[   41.863285]  ? lock_release+0xd70/0xd70
[   41.867237]  ? lock_downgrade+0x990/0x990
[   41.871373]  ? ip_route_output_key_hash+0x252/0x370
[   41.876362]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   41.881868]  ? lock_release+0xd70/0xd70
[   41.885823]  xfrm_lookup_route+0x39/0x1a0
[   41.889950]  ip_route_output_flow+0x7c/0xa0
[   41.894247]  udp_sendmsg+0x19b8/0x2cd0
[   41.898110]  ? ip_reply_glue_bits+0xb0/0xb0
[   41.902415]  ? udp_lib_get_port+0x1c00/0x1c00
[   41.906886]  ? ip4_datagram_connect+0x50/0x50
[   41.911358]  ? do_raw_spin_trylock+0x190/0x190
[   41.915913]  ? lock_acquire+0x1d5/0x580
[   41.919861]  ? inet_autobind+0x1f/0x180
[   41.923805]  ? __local_bh_enable_ip+0x9d/0x160
[   41.928361]  ? release_sock+0x1d4/0x2a0
[   41.932304]  ? trace_hardirqs_on+0xd/0x10
[   41.936426]  ? release_sock+0x1d4/0x2a0
[   41.940374]  ? __release_sock+0x360/0x360
[   41.944499]  ? udp_v4_get_port+0x132/0x180
[   41.948714]  inet_sendmsg+0x11f/0x5e0
[   41.952486]  ? __might_sleep+0x95/0x190
[   41.956432]  ? inet_recvmsg+0x5f0/0x5f0
[   41.960382]  ? selinux_socket_sendmsg+0x36/0x40
[   41.965022]  ? security_socket_sendmsg+0x89/0xb0
[   41.969749]  ? inet_recvmsg+0x5f0/0x5f0
[   41.973698]  sock_sendmsg+0xca/0x110
[   41.977388]  SYSC_sendto+0x358/0x5a0
[   41.981093]  ? SYSC_connect+0x480/0x480
[   41.985520]  ? __handle_mm_fault+0x39c0/0x39c0
[   41.990088]  ? up_read+0x1a/0x40
[   41.993426]  ? __do_page_fault+0x35b/0xb60
[   41.997646]  ? __do_page_fault+0xb60/0xb60
[   42.001856]  ? SyS_setsockopt+0x215/0x360
[   42.005981]  ? lockdep_sys_exit+0x47/0xf0
[   42.010101]  ? entry_SYSCALL_64_fastpath+0x5/0xbe
[   42.014916]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   42.019910]  SyS_sendto+0x40/0x50
[   42.023341]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   42.028067] RIP: 0033:0x43fee9
[   42.031227] RSP: 002b:00007ffc82880578 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   42.038910] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fee9
[   42.046150] RDX: 0000000000000000 RSI: 000000002010affe RDI: 0000000000000003
[   42.053389] RBP: 0000000000000086 R08: 00000000202f9000 R09: 0000000000000010
[   42.060630] R10: 000000002004487c R11: 0000000000000217 R12: 0000000000401850
[   42.067871] R13: 00000000004018e0 R14: 0000000000000000 R15: 0000000000000000
[   42.075130] 
[   42.076727] The buggy address belongs to the page:
[   42.081624] page:ffffea00073a5bc0 count:0 mapcount:0 mapping:          (null) index:0x0
[   42.089740] flags: 0x200000000000000()
[   42.093598] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff
[   42.101451] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   42.109303] page dumped because: kasan: bad access detected
[   42.114991] 
[   42.116588] Memory state around the buggy address:
[   42.121486]  ffff8801ce96f980: 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 f2 f2 f2 f2
[   42.128814]  ffff8801ce96fa00: 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2
[   42.136141] >ffff8801ce96fa80: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00 f2
[   42.143467]                                                                 ^
[   42.150708]  ffff8801ce96fb00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2
[   42.158045]  ffff8801ce96fb80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1
[   42.165373] ==================================================================
[   42.172698] Disabling lock debugging due to kernel taint
[   42.178192] Kernel panic - not syncing: panic_on_warn set ...
[   42.178192] 
[   42.185523] CPU: 1 PID: 2983 Comm: syzkaller164192 Tainted: G    B           4.14.0-rc2+ #106
[   42.194146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.203463] Call Trace:
[   42.206016]  dump_stack+0x194/0x257
[   42.209610]  ? arch_local_irq_restore+0x53/0x53
[   42.214246]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   42.218969]  ? xfrm_state_find+0x2fc0/0x3190
[   42.223344]  panic+0x1e4/0x417
[   42.226501]  ? __warn+0x1d9/0x1d9
[   42.229928]  ? xfrm_state_find+0x305b/0x3190
[   42.234300]  kasan_end_report+0x50/0x50
[   42.238240]  kasan_report+0x144/0x340
[   42.242010]  __asan_report_load4_noabort+0x14/0x20
[   42.246907]  xfrm_state_find+0x305b/0x3190
[   42.251110]  ? unwind_get_return_address+0x61/0xa0
[   42.256006]  ? __save_stack_trace+0x61/0xd0
[   42.260302]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   42.265374]  ? copy_trace+0x1d0/0x1d0
[   42.269145]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   42.274298]  ? check_noncircular+0x20/0x20
[   42.278495]  ? lock_downgrade+0x990/0x990
[   42.282613]  ? find_held_lock+0x39/0x1d0
[   42.286644]  ? __lock_acquire+0x732/0x4620
[   42.290843]  ? find_held_lock+0x39/0x1d0
[   42.294881]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   42.300038]  ? depot_save_stack+0x1c2/0x490
[   42.304329]  ? do_raw_spin_trylock+0x190/0x190
[   42.308878]  ? check_noncircular+0x20/0x20
[   42.313079]  ? kernel_text_address+0x102/0x140
[   42.317630]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   42.321850]  ? __xfrm_decode_session+0x100/0x100
[   42.326574]  ? lock_downgrade+0x990/0x990
[   42.330686]  ? inet_sendmsg+0x11f/0x5e0
[   42.334712]  ? sock_sendmsg+0xca/0x110
[   42.338564]  ? SYSC_sendto+0x358/0x5a0
[   42.342417]  ? check_noncircular+0x20/0x20
[   42.346618]  ? rt_add_uncached_list+0xa2/0x240
[   42.351164]  ? check_noncircular+0x20/0x20
[   42.355362]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   42.360346]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   42.365763]  ? kmem_cache_alloc+0x4a2/0x760
[   42.370052]  ? __local_bh_enable_ip+0x9d/0x160
[   42.374605]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   42.378992]  ? lock_downgrade+0x990/0x990
[   42.383107]  ? dst_init+0x4d9/0x6a0
[   42.386701]  ? xfrm_selector_match+0xe00/0xe00
[   42.391251]  ? lock_release+0xd70/0xd70
[   42.395192]  ? refcount_inc_not_zero+0xfe/0x180
[   42.399830]  ? xfrm_selector_match+0x3b/0xe00
[   42.404292]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   42.409014]  ? xfrm_selector_match+0xe00/0xe00
[   42.413561]  ? check_noncircular+0x20/0x20
[   42.417763]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   42.423181]  xfrm_lookup+0xf0a/0x2540
[   42.426947]  ? xfrm_lookup+0xf0a/0x2540
[   42.430888]  ? ip_route_input_noref+0x1e0/0x1e0
[   42.435524]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   42.441897]  ? find_held_lock+0x39/0x1d0
[   42.445937]  ? lock_downgrade+0x990/0x990
[   42.450049]  ? check_noncircular+0x20/0x20
[   42.454251]  ? ip_route_output_key_hash+0x1a6/0x370
[   42.459232]  ? find_held_lock+0x39/0x1d0
[   42.463258]  ? lock_release+0xd70/0xd70
[   42.467199]  ? lock_downgrade+0x990/0x990
[   42.471317]  ? ip_route_output_key_hash+0x252/0x370
[   42.476299]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   42.481800]  ? lock_release+0xd70/0xd70
[   42.485743]  xfrm_lookup_route+0x39/0x1a0
[   42.489860]  ip_route_output_flow+0x7c/0xa0
[   42.494148]  udp_sendmsg+0x19b8/0x2cd0
[   42.498004]  ? ip_reply_glue_bits+0xb0/0xb0
[   42.502296]  ? udp_lib_get_port+0x1c00/0x1c00
[   42.506758]  ? ip4_datagram_connect+0x50/0x50
[   42.511225]  ? do_raw_spin_trylock+0x190/0x190
[   42.515775]  ? lock_acquire+0x1d5/0x580
[   42.519715]  ? inet_autobind+0x1f/0x180
[   42.523655]  ? __local_bh_enable_ip+0x9d/0x160
[   42.528203]  ? release_sock+0x1d4/0x2a0
[   42.532144]  ? trace_hardirqs_on+0xd/0x10
[   42.536259]  ? release_sock+0x1d4/0x2a0
[   42.540197]  ? __release_sock+0x360/0x360
[   42.544312]  ? udp_v4_get_port+0x132/0x180
[   42.548517]  inet_sendmsg+0x11f/0x5e0
[   42.552284]  ? __might_sleep+0x95/0x190
[   42.556223]  ? inet_recvmsg+0x5f0/0x5f0
[   42.560165]  ? selinux_socket_sendmsg+0x36/0x40