[   24.563737]  default_idle+0xbf/0x460
[   24.567415]  ? __sched_text_end+0x4/0x4
[   24.571366]  ? tick_nohz_idle_enter+0xde/0x160
[   24.575915]  arch_cpu_idle+0xa/0x10
[   24.579509]  default_idle_call+0x36/0x90
[   24.583535]  do_idle+0x24e/0x3b0
[   24.586865]  ? complete+0x62/0x80
[   24.590282]  cpu_startup_entry+0x18/0x20
[   24.594306]  start_secondary+0x2ea/0x3f0
[   24.598332]  secondary_startup_64+0xa5/0xa5
Warning: Permanently added 'ci-upstream-net-kasan-gce-5,10.128.15.204' (ECDSA) to the list of known hosts.
executing program
[   30.643440] ==================================================================
[   30.650817] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x303d/0x3170
[   30.657972] Read of size 4 at addr ffff8801d1c47760 by task syzkaller782161/2991
[   30.665467] 
[   30.667064] CPU: 0 PID: 2991 Comm: syzkaller782161 Not tainted 4.14.0-rc5+ #90
[   30.674474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.683797] Call Trace:
[   30.686354]  dump_stack+0x194/0x257
[   30.689949]  ? arch_local_irq_restore+0x53/0x53
[   30.694583]  ? show_regs_print_info+0x65/0x65
[   30.699050]  ? lock_release+0xa40/0xa40
[   30.702992]  ? xfrm_state_find+0x303d/0x3170
[   30.707370]  print_address_description+0x73/0x250
[   30.712179]  ? xfrm_state_find+0x303d/0x3170
[   30.716554]  kasan_report+0x25b/0x340
[   30.720324]  __asan_report_load4_noabort+0x14/0x20
[   30.725216]  xfrm_state_find+0x303d/0x3170
[   30.729416]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   30.734572]  ? nohz_balance_exit_idle.part.85+0x70/0x70
[   30.739909]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   30.744975]  ? __update_load_avg_se.isra.22+0x3c6/0x550
[   30.750311]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   30.755468]  ? lock_acquire+0x1d5/0x580
[   30.759407]  ? lock_acquire+0x1d5/0x580
[   30.763348]  ? __is_insn_slot_addr+0x1fc/0x330
[   30.767898]  ? lock_downgrade+0x990/0x990
[   30.772015]  ? lock_release+0xa40/0xa40
[   30.775959]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   30.780689]  ? lock_acquire+0x1d5/0x580
[   30.784629]  ? lock_acquire+0x1d5/0x580
[   30.788569]  ? is_bpf_text_address+0x7b/0x120
[   30.793029]  ? lock_downgrade+0x990/0x990
[   30.797147]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   30.802300]  ? lock_acquire+0x1d5/0x580
[   30.806241]  ? depot_save_stack+0x3b5/0x490
[   30.810530]  ? lock_downgrade+0x990/0x990
[   30.814649]  ? do_raw_spin_trylock+0x190/0x190
[   30.819200]  ? is_bpf_text_address+0xa4/0x120
[   30.823660]  ? kernel_text_address+0x102/0x140
[   30.828211]  xfrm_tmpl_resolve+0x309/0xc00
[   30.832425]  ? __xfrm_decode_session+0x100/0x100
[   30.837149]  ? save_stack_trace+0x16/0x20
[   30.841263]  ? save_stack+0x43/0xd0
[   30.844855]  ? kasan_kmalloc+0xad/0xe0
[   30.848708]  ? kasan_slab_alloc+0x12/0x20
[   30.852823]  ? kmem_cache_alloc+0x12e/0x760
[   30.857113]  ? dst_alloc+0x11f/0x1a0
[   30.860798]  ? rt_dst_alloc+0xe9/0x540
[   30.864653]  ? ip_route_output_key_hash_rcu+0xa40/0x2c20
[   30.870068]  ? ip_route_output_key_hash+0x20b/0x370
[   30.875050]  ? ip_route_output_flow+0x26/0xa0
[   30.879510]  ? udp_sendmsg+0x19b8/0x2cd0
[   30.883538]  ? udpv6_sendmsg+0x743/0x3380
[   30.887655]  ? lock_acquire+0x1d5/0x580
[   30.891596]  ? lock_acquire+0x1d5/0x580
[   30.895538]  ? rt_add_uncached_list+0x1b7/0x240
[   30.900172]  ? lock_downgrade+0x990/0x990
[   30.904289]  xfrm_resolve_and_create_bundle+0x186/0x24a0
[   30.909710]  ? rt_add_uncached_list+0x1b7/0x240
[   30.914353]  ? _raw_spin_unlock_bh+0x30/0x40
[   30.918728]  ? xfrm_tmpl_resolve+0xc00/0xc00
[   30.923102]  ? ip_rt_bug+0x20/0x20
[   30.926612]  ? lock_acquire+0x1d5/0x580
[   30.930553]  ? xfrm_sk_policy_lookup+0x2a6/0x3d0
[   30.935274]  ? lock_downgrade+0x990/0x990
[   30.939389]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   30.944547]  ? lock_release+0xa40/0xa40
[   30.948485]  ? dst_alloc+0x14a/0x1a0
[   30.952167]  ? refcount_inc_not_zero+0xfe/0x180
[   30.956800]  ? refcount_add+0x60/0x60
[   30.960569]  ? xfrm_selector_match+0x3b/0xe00
[   30.965033]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   30.969759]  ? xfrm_selector_match+0xe00/0xe00
[   30.974309]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   30.979731]  xfrm_lookup+0xf0a/0x2540
[   30.983495]  ? xfrm_lookup+0xf0a/0x2540
[   30.987436]  ? ip_route_input_noref+0x1e0/0x1e0
[   30.992075]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   30.998448]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   31.003606]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   31.008766]  ? lock_acquire+0x1d5/0x580
[   31.012710]  ? lock_acquire+0x1d5/0x580
[   31.016653]  ? ip_route_output_key_hash+0x229/0x370
[   31.021635]  ? lock_downgrade+0x990/0x990
[   31.025750]  ? lock_release+0xa40/0xa40
[   31.029689]  ? lock_downgrade+0x990/0x990
[   31.033806]  ? lock_release+0xa40/0xa40
[   31.037748]  ? lock_acquire+0x1d5/0x580
[   31.041692]  ? ip_route_output_key_hash+0x252/0x370
[   31.046676]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   31.052180]  ? lock_release+0xa40/0xa40
[   31.056124]  ? lock_release+0xa40/0xa40
[   31.060079]  xfrm_lookup_route+0x39/0x1a0
[   31.064197]  ip_route_output_flow+0x7c/0xa0
[   31.068485]  udp_sendmsg+0x19b8/0x2cd0
[   31.072350]  ? ip_reply_glue_bits+0xb0/0xb0
[   31.076640]  ? udp_lib_get_port+0x1b30/0x1b30
[   31.081109]  ? lock_downgrade+0x990/0x990
[   31.085234]  ? lock_release+0xa40/0xa40
[   31.089193]  ? lock_downgrade+0x990/0x990
[   31.093313]  ? udp_lib_lport_inuse+0x2d0/0x480
[   31.097865]  ? refcount_inc_not_zero+0xfe/0x180
[   31.102500]  ? refcount_add+0x60/0x60
[   31.106268]  ? udp_lib_lport_inuse2+0x450/0x450
[   31.110903]  ? lru_cache_add_file+0x20/0x20
[   31.115190]  ? udp_lib_get_port+0x785/0x1b30
[   31.119565]  ? trace_hardirqs_on+0xd/0x10
[   31.123680]  ? __local_bh_enable_ip+0x9d/0x160
[   31.128229]  udpv6_sendmsg+0x743/0x3380
[   31.132175]  ? udpv6_setsockopt+0x80/0x80
[   31.136293]  ? lock_acquire+0x1d5/0x580
[   31.140231]  ? ip6_datagram_release_cb+0x34a/0x520
[   31.145126]  ? lock_downgrade+0x990/0x990
[   31.149243]  ? release_sock+0x1d4/0x2a0
[   31.153183]  ? lock_downgrade+0x990/0x990
[   31.157296]  ? lock_downgrade+0x990/0x990
[   31.161409]  ? do_raw_spin_trylock+0x190/0x190
[   31.165958]  ? ip6_datagram_release_cb+0xbf/0x520
[   31.170853]  ? ip6_datagram_dst_update+0x13d0/0x13d0
[   31.175924]  ? release_sock+0x1d4/0x2a0
[   31.179865]  ? trace_hardirqs_on+0xd/0x10
[   31.183979]  ? __local_bh_enable_ip+0x9d/0x160
[   31.188529]  ? _raw_spin_unlock_bh+0x30/0x40
[   31.192905]  ? release_sock+0x1d4/0x2a0
[   31.196844]  ? __release_sock+0x360/0x360
[   31.200956]  ? udp6_portaddr_hash+0x146/0x2f0
[   31.205419]  ? udp_v6_get_port+0x9c/0xc0
[   31.209448]  inet_sendmsg+0x11f/0x5e0
[   31.213213]  ? inet_sendmsg+0x11f/0x5e0
[   31.217155]  ? __might_sleep+0x95/0x190
[   31.221094]  ? inet_recvmsg+0x5f0/0x5f0
[   31.225034]  ? selinux_socket_sendmsg+0x36/0x40
[   31.229671]  ? security_socket_sendmsg+0x89/0xb0
[   31.234395]  ? inet_recvmsg+0x5f0/0x5f0
[   31.238337]  sock_sendmsg+0xca/0x110
[   31.242020]  SYSC_sendto+0x352/0x5a0
[   31.245702]  ? SYSC_connect+0x470/0x470
[   31.249648]  ? mm_fault_error+0x2c0/0x2c0
[   31.253764]  ? ipv6_setsockopt+0xa8/0x150
[   31.257883]  ? __do_page_fault+0xd60/0xd60
[   31.262086]  ? SyS_setsockopt+0x215/0x360
[   31.266203]  ? SyS_recv+0x40/0x40
[   31.269627]  ? prepare_exit_to_usermode+0x1a0/0x2d0
[   31.274608]  ? perf_trace_sys_enter+0xc20/0xc20
[   31.279243]  SyS_sendto+0x40/0x50
[   31.282665]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   31.287385] RIP: 0033:0x43fef9
[   31.290542] RSP: 002b:00007ffff00f0dc8 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   31.298218] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043fef9
[   31.305455] RDX: 0000000000000000 RSI: 0000000020efcf90 RDI: 0000000000000003
[   31.312691] RBP: 00000000006ca018 R08: 0000000020efc000 R09: 0000000000000010
[   31.319929] R10: 0000000000004090 R11: 0000000000000217 R12: 0000000000401860
[   31.327165] R13: 00000000004018f0 R14: 0000000000000000 R15: 0000000000000000
[   31.334407] 
[   31.335999] The buggy address belongs to the page:
[   31.340897] page:ffffea00074711c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   31.349001] flags: 0x200000000000000()
[   31.352855] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff
[   31.360701] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   31.368554] page dumped because: kasan: bad access detected
[   31.374225] 
[   31.375816] Memory state around the buggy address:
[   31.380713]  ffff8801d1c47600: 00 f1 f1 f1 f1 04 f2 f2 f2 f2 f2 f2 f2 00 f2 f2
[   31.388038]  ffff8801d1c47680: f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 00 00
[   31.395363] >ffff8801d1c47700: 00 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2 f2
[   31.402686]                                                        ^
[   31.409140]  ffff8801d1c47780: f2 00 00 00 00 00 00 00 00 00 f2 f2 f2 f3 f3 f3
[   31.416464]  ffff8801d1c47800: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.423789] ==================================================================
[   31.431188] Kernel panic - not syncing: panic_on_warn set ...
[   31.431188] 
[   31.438521] CPU: 0 PID: 2991 Comm: syzkaller782161 Tainted: G    B           4.14.0-rc5+ #90
[   31.447064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   31.456384] Call Trace:
[   31.458943]  dump_stack+0x194/0x257
[   31.462540]  ? arch_local_irq_restore+0x53/0x53
[   31.467176]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   31.471900]  ? xfrm_state_find+0x2f60/0x3170
[   31.476276]  panic+0x1e4/0x417
[   31.479435]  ? __warn+0x1d9/0x1d9
[   31.482859]  ? xfrm_state_find+0x303d/0x3170
[   31.487236]  kasan_end_report+0x50/0x50
[   31.491176]  kasan_report+0x144/0x340
[   31.494943]  __asan_report_load4_noabort+0x14/0x20
[   31.499838]  xfrm_state_find+0x303d/0x3170
[   31.504041]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   31.509196]  ? nohz_balance_exit_idle.part.85+0x70/0x70
[   31.514532]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   31.519599]  ? __update_load_avg_se.isra.22+0x3c6/0x550
[   31.524937]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   31.530097]  ? lock_acquire+0x1d5/0x580
[   31.534035]  ? lock_acquire+0x1d5/0x580
[   31.537977]  ? __is_insn_slot_addr+0x1fc/0x330
[   31.542523]  ? lock_downgrade+0x990/0x990
[   31.546637]  ? lock_release+0xa40/0xa40
[   31.550580]  ? bpf_prog_kallsyms_find+0xbd/0x440
[   31.555302]  ? lock_acquire+0x1d5/0x580
[   31.559241]  ? lock_acquire+0x1d5/0x580
[   31.563180]  ? is_bpf_text_address+0x7b/0x120
[   31.567639]  ? lock_downgrade+0x990/0x990
[   31.571758]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   31.576914]  ? lock_acquire+0x1d5/0x580
[   31.581308]  ? depot_save_stack+0x3b5/0x490
[   31.585607]  ? lock_downgrade+0x990/0x990
[   31.589723]  ? do_raw_spin_trylock+0x190/0x190
[   31.594272]  ? is_bpf_text_address+0xa4/0x120
[   31.598732]  ? kernel_text_address+0x102/0x140
[   31.603283]  xfrm_tmpl_resolve+0x309/0xc00
[   31.607493]  ? __xfrm_decode_session+0x100/0x100
[   31.612218]  ? save_stack_trace+0x16/0x20
[   31.616329]  ? save_stack+0x43/0xd0
[   31.619921]  ? kasan_kmalloc+0xad/0xe0
[   31.623774]  ? kasan_slab_alloc+0x12/0x20
[   31.627888]  ? kmem_cache_alloc+0x12e/0x760
[   31.632175]  ? dst_alloc+0x11f/0x1a0
[   31.635854]  ? rt_dst_alloc+0xe9/0x540
[   31.639709]  ? ip_route_output_key_hash_rcu+0xa40/0x2c20