INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-6,10.128.15.228' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   17.995647] ==================================================================
[   17.996750] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x30fc/0x3230
[   17.997695] Read of size 4 at addr ffff8801cc63faf8 by task syzkaller011879/3045
[   17.998685] 
[   17.998917] CPU: 0 PID: 3045 Comm: syzkaller011879 Not tainted 4.14.0-mm1+ #25
[   17.999900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   18.001118] Call Trace:
[   18.001475]  dump_stack+0x194/0x257
[   18.001968]  ? arch_local_irq_restore+0x53/0x53
[   18.002591]  ? show_regs_print_info+0x65/0x65
[   18.003198]  ? lock_release+0xda0/0xda0
[   18.003731]  ? xfrm_state_find+0x30fc/0x3230
[   18.004322]  print_address_description+0x73/0x250
[   18.004965]  ? xfrm_state_find+0x30fc/0x3230
[   18.005592]  kasan_report+0x25b/0x340
[   18.006123]  __asan_report_load4_noabort+0x14/0x20
[   18.006777]  xfrm_state_find+0x30fc/0x3230
[   18.007362]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   18.008046]  ? check_noncircular+0x20/0x20
[   18.008613]  ? find_held_lock+0x39/0x1d0
[   18.009170]  ? check_noncircular+0x20/0x20
[   18.009735]  ? __free_insn_slot+0x5c0/0x5c0
[   18.010316]  ? __lock_acquire+0x2727/0x47f0
[   18.010908]  ? find_held_lock+0x39/0x1d0
[   18.011469]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   18.012159]  ? print_usage_bug+0x3f0/0x3f0
[   18.012727]  ? lock_downgrade+0x980/0x980
[   18.013284]  ? depot_save_stack+0x22e/0x460
[   18.013861]  ? rcutorture_record_progress+0x10/0x10
[   18.014534]  ? lock_release+0xda0/0xda0
[   18.015069]  ? is_bpf_text_address+0xa4/0x120
[   18.015674]  ? __lock_acquire+0x6e9/0x47f0
[   18.019445]  ? check_noncircular+0x20/0x20
[   18.023649]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   18.028749]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   18.032968]  ? __xfrm_decode_session+0x110/0x110
[   18.037699]  ? lock_downgrade+0x980/0x980
[   18.041815]  ? rt_add_uncached_list+0xa2/0x240
[   18.046365]  ? check_noncircular+0x20/0x20
[   18.050570]  ? check_noncircular+0x20/0x20
[   18.054778]  xfrm_resolve_and_create_bundle+0x11b/0x2600
[   18.060198]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   18.065187]  ? rt_add_uncached_list+0x1b7/0x240
[   18.069828]  ? __local_bh_enable_ip+0x121/0x230
[   18.074467]  ? _raw_spin_unlock_bh+0x30/0x40
[   18.078846]  ? find_held_lock+0x39/0x1d0
[   18.082874]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   18.087273]  ? lock_downgrade+0x980/0x980
[   18.091388]  ? xfrm_selector_match+0xe00/0xe00
[   18.095937]  ? rt_cache_route+0x300/0x300
[   18.100057]  ? lock_release+0xda0/0xda0
[   18.103999]  ? refcount_inc_not_zero+0xfe/0x180
[   18.108644]  ? selinux_xfrm_policy_lookup+0xac/0xd0
[   18.113630]  ? security_xfrm_policy_lookup+0x92/0xc0
[   18.118704]  ? xfrm_sk_policy_lookup+0x334/0x490
[   18.123431]  ? xfrm_selector_match+0xe00/0xe00
[   18.127980]  ? check_noncircular+0x20/0x20
[   18.132187]  xfrm_lookup+0x1574/0x23f0
[   18.136044]  ? xfrm_lookup+0x1574/0x23f0
[   18.140073]  ? __mem_cgroup_threshold+0x8f0/0x8f0
[   18.144893]  ? xfrm_policy_lookup_bytype.constprop.47+0x960/0x960
[   18.151093]  ? find_held_lock+0x39/0x1d0
[   18.155134]  ? lock_downgrade+0x980/0x980
[   18.159249]  ? ip_route_output_key_hash+0x1a6/0x370
[   18.164243]  ? lock_release+0xda0/0xda0
[   18.168195]  ? lock_downgrade+0x980/0x980
[   18.172314]  ? ip_route_output_key_hash+0x252/0x370
[   18.177297]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   18.182797]  ? lock_release+0xda0/0xda0
[   18.186748]  xfrm_lookup_route+0x39/0x1a0
[   18.190865]  ip_route_output_flow+0x7c/0xa0
[   18.195158]  raw_sendmsg+0xc4f/0x3920
[   18.198930]  ? debug_check_no_locks_freed+0x2e0/0x3d0
[   18.204097]  ? raw_setsockopt+0xd0/0xd0
[   18.208043]  ? do_ip_setsockopt.isra.12+0x2a9/0x3200
[   18.213116]  ? alloc_file+0x26/0x3a0
[   18.216796]  ? sock_alloc_file+0x1fd/0x550
[   18.220995]  ? sock_map_fd+0x34/0x70
[   18.224680]  ? entry_SYSCALL_64_fastpath+0x1f/0x96
[   18.229577]  ? find_held_lock+0x39/0x1d0
[   18.233609]  ? check_noncircular+0x20/0x20
[   18.237829]  ? find_held_lock+0x39/0x1d0
[   18.241869]  ? __might_fault+0xe0/0x1d0
[   18.245814]  ? sock_has_perm+0x29c/0x400
[   18.249847]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   18.255176]  ? lock_release+0xda0/0xda0
[   18.259115]  ? trace_event_raw_event_sched_switch+0x8a0/0x8a0
[   18.264966]  ? __check_object_size+0x25d/0x4f0
[   18.269521]  inet_sendmsg+0x11f/0x5e0
[   18.273287]  ? __might_sleep+0x95/0x190
[   18.277226]  ? inet_recvmsg+0x5f0/0x5f0
[   18.281171]  ? selinux_socket_sendmsg+0x36/0x40
[   18.286052]  ? security_socket_sendmsg+0x89/0xb0
[   18.290776]  ? inet_recvmsg+0x5f0/0x5f0
[   18.294720]  sock_sendmsg+0xca/0x110
[   18.298402]  SYSC_sendto+0x358/0x5a0
[   18.302086]  ? SYSC_connect+0x480/0x480
[   18.306034]  ? __do_page_fault+0x3d6/0xc90
[   18.310247]  ? mm_fault_error+0x2c0/0x2c0
[   18.314366]  ? ip_setsockopt+0x6f/0xb0
[   18.318230]  ? __do_page_fault+0xc90/0xc90
[   18.322435]  ? SyS_setsockopt+0x215/0x360
[   18.326556]  ? lockdep_sys_exit+0x47/0xf0
[   18.330673]  ? entry_SYSCALL_64_fastpath+0x5/0x96
[   18.335484]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   18.340469]  SyS_sendto+0x40/0x50
[   18.343894]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   18.348615] RIP: 0033:0x43ff09
[   18.351771] RSP: 002b:00007ffcb17a6108 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   18.359445] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff09
[   18.366681] RDX: 0000000000000000 RSI: 0000000020098000 RDI: 0000000000000003
[   18.373916] RBP: 0000000000000086 R08: 0000000020c24000 R09: 0000000000000010
[   18.381153] R10: fffffffffffffffe R11: 0000000000000217 R12: 0000000000401870
[   18.388389] R13: 0000000000401900 R14: 0000000000000000 R15: 0000000000000000
[   18.395647] 
[   18.397239] The buggy address belongs to the page:
[   18.402133] page:ffffea0007318fc0 count:0 mapcount:0 mapping:          (null) index:0x0
[   18.410241] flags: 0x2fffc0000000000()
[   18.414097] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   18.421944] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   18.429788] page dumped because: kasan: bad access detected
[   18.435463] 
[   18.437057] Memory state around the buggy address:
[   18.441951]  ffff8801cc63f980: f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 f2
[   18.449274]  ffff8801cc63fa00: f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00
[   18.456597] >ffff8801cc63fa80: 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2
[   18.463919]                                                                 ^
[   18.471162]  ffff8801cc63fb00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2
[   18.478485]  ffff8801cc63fb80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1
[   18.485808] ==================================================================
[   18.493130] Disabling lock debugging due to kernel taint
[   18.498785] Kernel panic - not syncing: panic_on_warn set ...
[   18.498785] 
[   18.506126] CPU: 0 PID: 3045 Comm: syzkaller011879 Tainted: G    B            4.14.0-mm1+ #25
[   18.514750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   18.524066] Call Trace:
[   18.526619]  dump_stack+0x194/0x257
[   18.530214]  ? arch_local_irq_restore+0x53/0x53
[   18.534847]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   18.539587]  ? vsnprintf+0x1ed/0x1900
[   18.543365]  ? xfrm_state_find+0x30e0/0x3230
[   18.547740]  panic+0x1e4/0x41c
[   18.550908]  ? refcount_error_report+0x214/0x214
[   18.555641]  ? add_taint+0x1c/0x50
[   18.559152]  ? add_taint+0x1c/0x50
[   18.562662]  ? xfrm_state_find+0x30fc/0x3230
[   18.567043]  kasan_end_report+0x50/0x50
[   18.570989]  kasan_report+0x144/0x340
[   18.574757]  __asan_report_load4_noabort+0x14/0x20
[   18.579668]  xfrm_state_find+0x30fc/0x3230
[   18.583891]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   18.588969]  ? check_noncircular+0x20/0x20
[   18.593173]  ? find_held_lock+0x39/0x1d0
[   18.597208]  ? check_noncircular+0x20/0x20
[   18.601408]  ? __free_insn_slot+0x5c0/0x5c0
[   18.605702]  ? __lock_acquire+0x2727/0x47f0
[   18.609994]  ? find_held_lock+0x39/0x1d0
[   18.614033]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   18.619196]  ? print_usage_bug+0x3f0/0x3f0
[   18.623396]  ? lock_downgrade+0x980/0x980
[   18.627513]  ? depot_save_stack+0x22e/0x460
[   18.631811]  ? rcutorture_record_progress+0x10/0x10
[   18.636801]  ? lock_release+0xda0/0xda0
[   18.640745]  ? is_bpf_text_address+0xa4/0x120
[   18.645210]  ? __lock_acquire+0x6e9/0x47f0
[   18.649412]  ? check_noncircular+0x20/0x20
[   18.653621]  ? _raw_spin_unlock_irqrestore+0x31/0xba
[   18.658709]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   18.662937]  ? __xfrm_decode_session+0x110/0x110
[   18.667670]  ? lock_downgrade+0x980/0x980
[   18.671798]  ? rt_add_uncached_list+0xa2/0x240
[   18.676350]  ? check_noncircular+0x20/0x20
[   18.680552]  ? check_noncircular+0x20/0x20
[   18.684764]  xfrm_resolve_and_create_bundle+0x11b/0x2600
[   18.690189]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   18.695171]  ? rt_add_uncached_list+0x1b7/0x240
[   18.699814]  ? __local_bh_enable_ip+0x121/0x230
[   18.704450]  ? _raw_spin_unlock_bh+0x30/0x40
[   18.708835]  ? find_held_lock+0x39/0x1d0
[   18.712873]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   18.717256]  ? lock_downgrade+0x980/0x980
[   18.721372]  ? xfrm_selector_match+0xe00/0xe00
[   18.725921]  ? rt_cache_route+0x300/0x300
[   18.730040]  ? lock_release+0xda0/0xda0
[   18.733988]  ? refcount_inc_not_zero+0xfe/0x180
[   18.738631]  ? selinux_xfrm_policy_lookup+0xac/0xd0
[   18.743621]  ? security_xfrm_policy_lookup+0x92/0xc0
[   18.748698]  ? xfrm_sk_policy_lookup+0x334/0x490
[   18.753432]  ? xfrm_selector_match+0xe00/0xe00
[   18.757987]  ? check_noncircular+0x20/0x20
[   18.762191]  xfrm_lookup+0x1574/0x23f0
[   18.766041]  ? xfrm_lookup+0x1574/0x23f0
[   18.770068]  ? __mem_cgroup_threshold+0x8f0/0x8f0
[   18.774880]  ? xfrm_policy_lookup_bytype.constprop.47+0x960/0x960
[   18.781074]  ? find_held_lock+0x39/0x1d0
[   18.785103]  ? lock_downgrade+0x980/0x980
[   18.789219]  ? ip_route_output_key_hash+0x1a6/0x370
[   18.794204]  ? lock_release+0xda0/0xda0
[   18.798147]  ? lock_downgrade+0x980/0x980
[   18.802259]  ? ip_route_output_key_hash+0x252/0x370
[   18.807240]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   18.812739]  ? lock_release+0xda0/0xda0
[   18.816681]  xfrm_lookup_route+0x39/0x1a0
[   18.820794]  ip_route_output_flow+0x7c/0xa0
[   18.825083]  raw_sendmsg+0xc4f/0x3920
[   18.828853]  ? debug_check_no_locks_freed+0x2e0/0x3d0
[   18.834013]  ? raw_setsockopt+0xd0/0xd0
[   18.837954]  ? do_ip_setsockopt.isra.12+0x2a9/0x3200
[   18.843024]  ? alloc_file+0x26/0x3a0
[   18.846700]  ? sock_alloc_file+0x1fd/0x550
[   18.850896]  ? sock_map_fd+0x34/0x70
[   18.854576]  ? entry_SYSCALL_64_fastpath+0x1f/0x96
[   18.859468]  ? find_held_lock+0x39/0x1d0
[   18.863492]  ? check_noncircular+0x20/0x20
[   18.867698]  ? find_held_lock+0x39/0x1d0
[   18.871733]  ? __might_fault+0xe0/0x1d0
[   18.875683]  ? sock_has_perm+0x29c/0x400
[   18.879712]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   18.885039]  ? lock_release+0xda0/0xda0
[   18.888979]  ? trace_event_raw_event_sched_switch+0x8a0/0x8a0
[   18.894824]  ? __check_object_size+0x25d/0x4f0
[   18.899372]  inet_sendmsg+0x11f/0x5e0
[   18.903135]  ? __might_sleep+0x95/0x190
[   18.907074]  ? inet_recvmsg+0x5f0/0x5f0
[   18.911014]  ? selinux_socket_sendmsg+0x36/0x40
[   18.915652]  ? security_socket_sendmsg+0x89/0xb0
[   18.920369]  ? inet_recvmsg+0x5f0/0x5f0
[   18.924306]  sock_sendmsg+0xca/0x110
[   18.927982]  SYSC_sendto+0x358/0x5a0
[   18.931661]  ? SYSC_connect+0x480/0x480
[   18.935602]  ? __do_page_fault+0x3d6/0xc90
[   18.939825]  ? mm_fault_error+0x2c0/0x2c0
[   18.943944]  ? ip_setsockopt+0x6f/0xb0
[   18.947801]  ? __do_page_fault+0xc90/0xc90
[   18.952005]  ? SyS_setsockopt+0x215/0x360
[   18.956126]  ? lockdep_sys_exit+0x47/0xf0
[   18.960326]  ? entry_SYSCALL_64_fastpath+0x5/0x96
[   18.965133]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   18.970114]  SyS_sendto+0x40/0x50
[   18.973533]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   18.978251] RIP: 0033:0x43ff09
[   18.981407] RSP: 002b:00007ffcb17a6108 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   18.989078] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff09
[   18.996312] RDX: 0000000000000000 RSI: 0000000020098000 RDI: 0000000000000003
[   19.003549] RBP: 0000000000000086 R08: 0000000020c24000 R09: 0000000000000010
[   19.010784] R10: fffffffffffffffe R11: 0000000000000217 R12: 0000000000401870
[   19.018017] R13: 0000000000401900 R14: 0000000000000000 R15: 0000000000000000
[   19.025293] Dumping ftrace buffer:
[   19.028797]    (ftrace buffer empty)
[   19.032473] Kernel Offset: disabled
[   19.036065] Rebooting in 86400 seconds..