INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-3,10.128.0.28' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   20.900744] ==================================================================
[   20.908161] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x305b/0x3190
[   20.915324] Read of size 4 at addr ffff8801cebe7af8 by task syzkaller138344/2979
[   20.922838] 
[   20.924445] CPU: 1 PID: 2979 Comm: syzkaller138344 Not tainted 4.13.0-mm1+ #5
[   20.931702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   20.941036] Call Trace:
[   20.943602]  dump_stack+0x194/0x257
[   20.947210]  ? arch_local_irq_restore+0x53/0x53
[   20.951858]  ? show_regs_print_info+0x65/0x65
[   20.956336]  ? lock_release+0xd70/0xd70
[   20.960290]  ? xfrm_state_find+0x305b/0x3190
[   20.964673]  print_address_description+0x73/0x250
[   20.969486]  ? xfrm_state_find+0x305b/0x3190
[   20.973884]  kasan_report+0x24e/0x340
[   20.977688]  __asan_report_load4_noabort+0x14/0x20
[   20.982621]  xfrm_state_find+0x305b/0x3190
[   20.986841]  ? unwind_get_return_address+0x61/0xa0
[   20.991765]  ? __save_stack_trace+0x61/0xd0
[   20.996081]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   21.001165]  ? copy_trace+0x1d0/0x1d0
[   21.004946]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   21.010106]  ? check_noncircular+0x20/0x20
[   21.014322]  ? lock_downgrade+0x990/0x990
[   21.018528]  ? unwind_dump+0x4c0/0x4c0
[   21.022393]  ? find_held_lock+0x39/0x1d0
[   21.026438]  ? __lock_acquire+0x732/0x4620
[   21.030648]  ? find_held_lock+0x39/0x1d0
[   21.034987]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   21.040161]  ? depot_save_stack+0x1c2/0x490
[   21.044470]  ? do_raw_spin_trylock+0x190/0x190
[   21.049037]  ? check_noncircular+0x20/0x20
[   21.053259]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   21.057500]  ? __xfrm_decode_session+0x100/0x100
[   21.062244]  ? lock_downgrade+0x990/0x990
[   21.066367]  ? inet_sendmsg+0x11f/0x5e0
[   21.070316]  ? sock_sendmsg+0xca/0x110
[   21.074176]  ? SYSC_sendto+0x358/0x5a0
[   21.078044]  ? check_noncircular+0x20/0x20
[   21.082252]  ? rt_add_uncached_list+0xa2/0x240
[   21.086808]  ? check_noncircular+0x20/0x20
[   21.091041]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   21.096474]  ? kasan_unpoison_shadow+0x35/0x50
[   21.101042]  ? __local_bh_enable_ip+0x9d/0x160
[   21.105609]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   21.109996]  ? lock_downgrade+0x990/0x990
[   21.114122]  ? dst_init+0x4d9/0x6a0
[   21.117728]  ? xfrm_selector_match+0xe00/0xe00
[   21.122289]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   21.127462]  ? lock_release+0xd70/0xd70
[   21.131413]  ? refcount_inc_not_zero+0xfe/0x180
[   21.136063]  ? xfrm_selector_match+0x3b/0xe00
[   21.140541]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   21.145273]  ? xfrm_selector_match+0xe00/0xe00
[   21.149829]  ? check_noncircular+0x20/0x20
[   21.154038]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   21.159473]  xfrm_lookup+0xf0a/0x2540
[   21.163247]  ? xfrm_lookup+0xf0a/0x2540
[   21.167206]  ? ip_route_input_noref+0x1e0/0x1e0
[   21.171857]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   21.178250]  ? find_held_lock+0x39/0x1d0
[   21.182300]  ? lock_downgrade+0x990/0x990
[   21.186431]  ? ip_route_output_key_hash+0x1a6/0x370
[   21.191422]  ? find_held_lock+0x39/0x1d0
[   21.195545]  ? lock_release+0xd70/0xd70
[   21.199501]  ? lock_downgrade+0x990/0x990
[   21.203633]  ? ip_route_output_key_hash+0x252/0x370
[   21.208623]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   21.214134]  ? lock_release+0xd70/0xd70
[   21.218093]  xfrm_lookup_route+0x39/0x1a0
[   21.222216]  ip_route_output_flow+0x7c/0xa0
[   21.226514]  raw_sendmsg+0xc4f/0x38c0
[   21.230304]  ? raw_setsockopt+0xd0/0xd0
[   21.234266]  ? lock_downgrade+0x990/0x990
[   21.238396]  ? lru_cache_add_active_or_unevictable+0x20e/0x540
[   21.244345]  ? add_page_to_unevictable_list+0x730/0x730
[   21.249695]  ? do_raw_spin_trylock+0x190/0x190
[   21.254256]  ? do_raw_spin_trylock+0x190/0x190
[   21.258834]  ? lock_downgrade+0x990/0x990
[   21.262968]  ? __might_fault+0xe0/0x1d0
[   21.266918]  ? sock_has_perm+0x29c/0x400
[   21.270955]  ? selinux_tun_dev_create+0xc0/0xc0
[   21.275608]  ? lock_release+0xd70/0xd70
[   21.279555]  ? check_same_owner+0x320/0x320
[   21.284113]  ? __check_object_size+0x25d/0x4f0
[   21.288674]  inet_sendmsg+0x11f/0x5e0
[   21.292447]  ? __might_sleep+0x95/0x190
[   21.296394]  ? inet_recvmsg+0x5f0/0x5f0
[   21.300350]  ? selinux_socket_sendmsg+0x36/0x40
[   21.304990]  ? security_socket_sendmsg+0x89/0xb0
[   21.309718]  ? inet_recvmsg+0x5f0/0x5f0
[   21.313682]  sock_sendmsg+0xca/0x110
[   21.317374]  SYSC_sendto+0x358/0x5a0
[   21.321070]  ? SYSC_connect+0x480/0x480
[   21.325024]  ? __handle_mm_fault+0x39c0/0x39c0
[   21.329598]  ? up_read+0x1a/0x40
[   21.332940]  ? __do_page_fault+0x35b/0xb60
[   21.337161]  ? __do_page_fault+0xb60/0xb60
[   21.341378]  ? SyS_setsockopt+0x215/0x360
[   21.345504]  ? lockdep_sys_exit+0x47/0xf0
[   21.349628]  ? entry_SYSCALL_64_fastpath+0x5/0xbe
[   21.354455]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   21.359450]  SyS_sendto+0x40/0x50
[   21.362881]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   21.367609] RIP: 0033:0x43ff09
[   21.370772] RSP: 002b:00007ffc51e0cbb8 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   21.378453] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff09
[   21.385700] RDX: 0000000000000000 RSI: 0000000020fdbfc0 RDI: 0000000000000003
[   21.392948] RBP: 0000000000000082 R08: 0000000020fdbff0 R09: 0000000000000010
[   21.400191] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401870
[   21.407436] R13: 0000000000401900 R14: 0000000000000000 R15: 0000000000000000
[   21.414699] 
[   21.416308] The buggy address belongs to the page:
[   21.421212] page:ffffea00073af9c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   21.429328] flags: 0x200000000000000()
[   21.433187] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff
[   21.441047] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   21.448903] page dumped because: kasan: bad access detected
[   21.454580] 
[   21.456185] Memory state around the buggy address:
[   21.461084]  ffff8801cebe7980: f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 f2
[   21.468414]  ffff8801cebe7a00: f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00
[   21.475745] >ffff8801cebe7a80: 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2
[   21.483077]                                                                 ^
[   21.490325]  ffff8801cebe7b00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2
[   21.497674]  ffff8801cebe7b80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1
[   21.505004] ==================================================================
[   21.512343] Disabling lock debugging due to kernel taint
[   21.517947] Kernel panic - not syncing: panic_on_warn set ...
[   21.517947] 
[   21.525292] CPU: 1 PID: 2979 Comm: syzkaller138344 Tainted: G    B           4.13.0-mm1+ #5
[   21.533836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   21.543156] Call Trace:
[   21.545720]  dump_stack+0x194/0x257
[   21.549316]  ? arch_local_irq_restore+0x53/0x53
[   21.553951]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   21.558682]  ? xfrm_state_find+0x2fb0/0x3190
[   21.563057]  panic+0x1e4/0x417
[   21.566221]  ? __warn+0x1d9/0x1d9
[   21.569647]  ? xfrm_state_find+0x305b/0x3190
[   21.574027]  kasan_end_report+0x50/0x50
[   21.577971]  kasan_report+0x137/0x340
[   21.581743]  __asan_report_load4_noabort+0x14/0x20
[   21.586645]  xfrm_state_find+0x305b/0x3190
[   21.590847]  ? unwind_get_return_address+0x61/0xa0
[   21.595747]  ? __save_stack_trace+0x61/0xd0
[   21.600042]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   21.605113]  ? copy_trace+0x1d0/0x1d0
[   21.608884]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   21.614042]  ? check_noncircular+0x20/0x20
[   21.618243]  ? lock_downgrade+0x990/0x990
[   21.622374]  ? unwind_dump+0x4c0/0x4c0
[   21.626243]  ? find_held_lock+0x39/0x1d0
[   21.630272]  ? __lock_acquire+0x732/0x4620
[   21.634471]  ? find_held_lock+0x39/0x1d0
[   21.638507]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   21.643667]  ? depot_save_stack+0x1c2/0x490
[   21.647971]  ? do_raw_spin_trylock+0x190/0x190
[   21.652518]  ? check_noncircular+0x20/0x20
[   21.656723]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   21.660934]  ? __xfrm_decode_session+0x100/0x100
[   21.665681]  ? lock_downgrade+0x990/0x990
[   21.669799]  ? inet_sendmsg+0x11f/0x5e0
[   21.673757]  ? sock_sendmsg+0xca/0x110
[   21.677622]  ? SYSC_sendto+0x358/0x5a0
[   21.681484]  ? check_noncircular+0x20/0x20
[   21.685685]  ? rt_add_uncached_list+0xa2/0x240
[   21.690235]  ? check_noncircular+0x20/0x20
[   21.694445]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   21.699867]  ? kasan_unpoison_shadow+0x35/0x50
[   21.704427]  ? __local_bh_enable_ip+0x9d/0x160
[   21.709005]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   21.713387]  ? lock_downgrade+0x990/0x990
[   21.717503]  ? dst_init+0x4d9/0x6a0
[   21.721117]  ? xfrm_selector_match+0xe00/0xe00
[   21.725685]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   21.730848]  ? lock_release+0xd70/0xd70
[   21.734790]  ? refcount_inc_not_zero+0xfe/0x180
[   21.739434]  ? xfrm_selector_match+0x3b/0xe00
[   21.743904]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   21.748626]  ? xfrm_selector_match+0xe00/0xe00
[   21.753174]  ? check_noncircular+0x20/0x20
[   21.757374]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   21.762793]  xfrm_lookup+0xf0a/0x2540
[   21.766559]  ? xfrm_lookup+0xf0a/0x2540
[   21.770503]  ? ip_route_input_noref+0x1e0/0x1e0
[   21.775141]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   21.781514]  ? find_held_lock+0x39/0x1d0
[   21.785553]  ? lock_downgrade+0x990/0x990
[   21.789672]  ? ip_route_output_key_hash+0x1a6/0x370
[   21.794657]  ? find_held_lock+0x39/0x1d0
[   21.798687]  ? lock_release+0xd70/0xd70
[   21.802637]  ? lock_downgrade+0x990/0x990
[   21.806761]  ? ip_route_output_key_hash+0x252/0x370
[   21.811745]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   21.817247]  ? lock_release+0xd70/0xd70
[   21.821193]  xfrm_lookup_route+0x39/0x1a0
[   21.825309]  ip_route_output_flow+0x7c/0xa0
[   21.829602]  raw_sendmsg+0xc4f/0x38c0
[   21.833376]  ? raw_setsockopt+0xd0/0xd0
[   21.837316]  ? lock_downgrade+0x990/0x990
[   21.841445]  ? lru_cache_add_active_or_unevictable+0x20e/0x540
[   21.847382]  ? add_page_to_unevictable_list+0x730/0x730
[   21.852713]  ? do_raw_spin_trylock+0x190/0x190
[   21.857262]  ? do_raw_spin_trylock+0x190/0x190
[   21.861822]  ? lock_downgrade+0x990/0x990
[   21.865940]  ? __might_fault+0xe0/0x1d0
[   21.869886]  ? sock_has_perm+0x29c/0x400
[   21.873913]  ? selinux_tun_dev_create+0xc0/0xc0
[   21.878545]  ? lock_release+0xd70/0xd70
[   21.882485]  ? check_same_owner+0x320/0x320
[   21.886775]  ? __check_object_size+0x25d/0x4f0
[   21.891337]  inet_sendmsg+0x11f/0x5e0
[   21.895103]  ? __might_sleep+0x95/0x190
[   21.899041]  ? inet_recvmsg+0x5f0/0x5f0