INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-7,10.128.15.193' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   41.120414] ==================================================================
[   41.127852] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x305b/0x3190
[   41.135010] Read of size 4 at addr ffff8801c030faf8 by task syzkaller407861/2983
[   41.142520] 
[   41.144122] CPU: 0 PID: 2983 Comm: syzkaller407861 Not tainted 4.14.0-rc2-mm1+ #10
[   41.151796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.161122] Call Trace:
[   41.163687]  dump_stack+0x194/0x257
[   41.167294]  ? arch_local_irq_restore+0x53/0x53
[   41.171939]  ? show_regs_print_info+0x65/0x65
[   41.176412]  ? lock_release+0xd70/0xd70
[   41.180363]  ? xfrm_state_find+0x305b/0x3190
[   41.184746]  print_address_description+0x73/0x250
[   41.189561]  ? xfrm_state_find+0x305b/0x3190
[   41.193943]  kasan_report+0x25b/0x340
[   41.197719]  __asan_report_load4_noabort+0x14/0x20
[   41.202622]  xfrm_state_find+0x305b/0x3190
[   41.206830]  ? unwind_get_return_address+0x61/0xa0
[   41.211736]  ? __save_stack_trace+0x61/0xd0
[   41.216051]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   41.221131]  ? copy_trace+0x1d0/0x1d0
[   41.224911]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   41.230072]  ? check_noncircular+0x20/0x20
[   41.234276]  ? lock_downgrade+0x990/0x990
[   41.238405]  ? find_held_lock+0x39/0x1d0
[   41.242451]  ? __lock_acquire+0x732/0x4620
[   41.246654]  ? find_held_lock+0x39/0x1d0
[   41.250704]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   41.255866]  ? depot_save_stack+0x1c2/0x490
[   41.260167]  ? do_raw_spin_trylock+0x190/0x190
[   41.264722]  ? check_noncircular+0x20/0x20
[   41.268931]  ? kernel_text_address+0x102/0x140
[   41.273490]  xfrm_tmpl_resolve+0x309/0xc00
[   41.277713]  ? __xfrm_decode_session+0x100/0x100
[   41.282455]  ? lock_downgrade+0x990/0x990
[   41.286580]  ? inet_sendmsg+0x11f/0x5e0
[   41.290526]  ? sock_sendmsg+0xca/0x110
[   41.294382]  ? SYSC_sendto+0x358/0x5a0
[   41.298244]  ? check_noncircular+0x20/0x20
[   41.302452]  ? rt_add_uncached_list+0xa2/0x240
[   41.307004]  ? check_noncircular+0x20/0x20
[   41.311215]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   41.316641]  ? do_raw_spin_trylock+0x190/0x190
[   41.321195]  ? __local_bh_enable_ip+0x9d/0x160
[   41.325761]  ? xfrm_tmpl_resolve+0xc00/0xc00
[   41.330144]  ? lock_downgrade+0x990/0x990
[   41.334267]  ? dst_init+0x4d9/0x6a0
[   41.337870]  ? xfrm_selector_match+0xe00/0xe00
[   41.342422]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   41.347587]  ? lock_release+0xd70/0xd70
[   41.351535]  ? refcount_inc_not_zero+0xfe/0x180
[   41.356183]  ? xfrm_selector_match+0x3b/0xe00
[   41.360654]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   41.365383]  ? xfrm_selector_match+0xe00/0xe00
[   41.369937]  ? check_noncircular+0x20/0x20
[   41.374141]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   41.379567]  xfrm_lookup+0xf0a/0x2540
[   41.383337]  ? xfrm_lookup+0xf0a/0x2540
[   41.387283]  ? ip_route_input_noref+0x1e0/0x1e0
[   41.391933]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   41.398311]  ? find_held_lock+0x39/0x1d0
[   41.402354]  ? lock_downgrade+0x990/0x990
[   41.406475]  ? check_noncircular+0x20/0x20
[   41.410687]  ? ip_route_output_key_hash+0x1a6/0x370
[   41.415676]  ? find_held_lock+0x39/0x1d0
[   41.419714]  ? lock_release+0xd70/0xd70
[   41.423667]  ? lock_downgrade+0x990/0x990
[   41.427798]  ? ip_route_output_key_hash+0x252/0x370
[   41.432787]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   41.438293]  ? lock_release+0xd70/0xd70
[   41.442262]  xfrm_lookup_route+0x39/0x1a0
[   41.446389]  ip_route_output_flow+0x7c/0xa0
[   41.450682]  udp_sendmsg+0x19b8/0x2cd0
[   41.454543]  ? ip_reply_glue_bits+0xb0/0xb0
[   41.458845]  ? udp_lib_get_port+0x1c00/0x1c00
[   41.463318]  ? ip4_datagram_connect+0x50/0x50
[   41.467791]  ? check_noncircular+0x20/0x20
[   41.472003]  ? do_raw_spin_trylock+0x190/0x190
[   41.476556]  ? lock_acquire+0x1d5/0x580
[   41.480504]  ? inet_autobind+0x1f/0x180
[   41.484452]  ? __local_bh_enable_ip+0x9d/0x160
[   41.489011]  ? release_sock+0x1d4/0x2a0
[   41.492961]  ? trace_hardirqs_on+0xd/0x10
[   41.497083]  ? release_sock+0x1d4/0x2a0
[   41.501035]  ? __release_sock+0x360/0x360
[   41.505160]  ? udp_v4_get_port+0x132/0x180
[   41.509375]  inet_sendmsg+0x11f/0x5e0
[   41.513149]  ? __might_sleep+0x95/0x190
[   41.517096]  ? inet_recvmsg+0x5f0/0x5f0
[   41.521051]  ? selinux_socket_sendmsg+0x36/0x40
[   41.525693]  ? security_socket_sendmsg+0x89/0xb0
[   41.530422]  ? inet_recvmsg+0x5f0/0x5f0
[   41.534372]  sock_sendmsg+0xca/0x110
[   41.538061]  SYSC_sendto+0x358/0x5a0
[   41.541750]  ? SYSC_connect+0x480/0x480
[   41.545711]  ? mm_fault_error+0x2c0/0x2c0
[   41.549834]  ? ip_setsockopt+0x6f/0xb0
[   41.553704]  ? __do_page_fault+0xd60/0xd60
[   41.557922]  ? SyS_setsockopt+0x215/0x360
[   41.562046]  ? lockdep_sys_exit+0x47/0xf0
[   41.566165]  ? entry_SYSCALL_64_fastpath+0x5/0xbe
[   41.570980]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   41.575968]  SyS_sendto+0x40/0x50
[   41.579397]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   41.584121] RIP: 0033:0x43fee9
[   41.587282] RSP: 002b:00007ffc98e82be8 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   41.594975] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fee9
[   41.602215] RDX: 0000000000000000 RSI: 000000002010affe RDI: 0000000000000003
[   41.609639] RBP: 0000000000000086 R08: 00000000202f9000 R09: 0000000000000010
[   41.616882] R10: 000000002004487c R11: 0000000000000217 R12: 0000000000401850
[   41.624127] R13: 00000000004018e0 R14: 0000000000000000 R15: 0000000000000000
[   41.631386] 
[   41.632983] The buggy address belongs to the page:
[   41.637883] page:ffffea000700c3c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   41.645998] flags: 0x200000000000000()
[   41.649855] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff
[   41.657706] raw: 0000000000000000 ffffea000700c3e0 0000000000000000 0000000000000000
[   41.665554] page dumped because: kasan: bad access detected
[   41.671230] 
[   41.672826] Memory state around the buggy address:
[   41.677723]  ffff8801c030f980: 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 f2 f2 f2 f2
[   41.685050]  ffff8801c030fa00: 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2
[   41.692379] >ffff8801c030fa80: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00 f2
[   41.699707]                                                                 ^
[   41.706950]  ffff8801c030fb00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2
[   41.714280]  ffff8801c030fb80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1
[   41.721606] ==================================================================
[   41.728934] Disabling lock debugging due to kernel taint
[   41.734418] Kernel panic - not syncing: panic_on_warn set ...
[   41.734418] 
[   41.741749] CPU: 0 PID: 2983 Comm: syzkaller407861 Tainted: G    B           4.14.0-rc2-mm1+ #10
[   41.750633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.759965] Call Trace:
[   41.762526]  dump_stack+0x194/0x257
[   41.766125]  ? arch_local_irq_restore+0x53/0x53
[   41.770761]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   41.775495]  ? xfrm_state_find+0x2fa0/0x3190
[   41.779874]  panic+0x1e4/0x417
[   41.783034]  ? __warn+0x1d9/0x1d9
[   41.786459]  ? xfrm_state_find+0x305b/0x3190
[   41.790838]  kasan_end_report+0x50/0x50
[   41.794776]  kasan_report+0x144/0x340
[   41.798543]  __asan_report_load4_noabort+0x14/0x20
[   41.803436]  xfrm_state_find+0x305b/0x3190
[   41.807635]  ? unwind_get_return_address+0x61/0xa0
[   41.812532]  ? __save_stack_trace+0x61/0xd0
[   41.816826]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   41.821900]  ? copy_trace+0x1d0/0x1d0
[   41.825673]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   41.830826]  ? check_noncircular+0x20/0x20
[   41.835026]  ? lock_downgrade+0x990/0x990
[   41.839144]  ? find_held_lock+0x39/0x1d0
[   41.843175]  ? __lock_acquire+0x732/0x4620
[   41.847376]  ? find_held_lock+0x39/0x1d0
[   41.851412]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   41.856569]  ? depot_save_stack+0x1c2/0x490
[   41.860860]  ? do_raw_spin_trylock+0x190/0x190
[   41.865410]  ? check_noncircular+0x20/0x20
[   41.869607]  ? kernel_text_address+0x102/0x140
[   41.874157]  xfrm_tmpl_resolve+0x309/0xc00
[   41.878367]  ? __xfrm_decode_session+0x100/0x100
[   41.883093]  ? lock_downgrade+0x990/0x990
[   41.887207]  ? inet_sendmsg+0x11f/0x5e0
[   41.891150]  ? sock_sendmsg+0xca/0x110
[   41.895001]  ? SYSC_sendto+0x358/0x5a0
[   41.898853]  ? check_noncircular+0x20/0x20
[   41.903055]  ? rt_add_uncached_list+0xa2/0x240
[   41.907611]  ? check_noncircular+0x20/0x20
[   41.911813]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   41.917233]  ? do_raw_spin_trylock+0x190/0x190
[   41.921781]  ? __local_bh_enable_ip+0x9d/0x160
[   41.926334]  ? xfrm_tmpl_resolve+0xc00/0xc00
[   41.930708]  ? lock_downgrade+0x990/0x990
[   41.934821]  ? dst_init+0x4d9/0x6a0
[   41.938414]  ? xfrm_selector_match+0xe00/0xe00
[   41.942960]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   41.948119]  ? lock_release+0xd70/0xd70
[   41.952062]  ? refcount_inc_not_zero+0xfe/0x180
[   41.956699]  ? xfrm_selector_match+0x3b/0xe00
[   41.961163]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   41.965884]  ? xfrm_selector_match+0xe00/0xe00
[   41.970434]  ? check_noncircular+0x20/0x20
[   41.974634]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   41.980051]  xfrm_lookup+0xf0a/0x2540
[   41.983814]  ? xfrm_lookup+0xf0a/0x2540
[   41.987758]  ? ip_route_input_noref+0x1e0/0x1e0
[   41.992395]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   41.998767]  ? find_held_lock+0x39/0x1d0
[   42.002800]  ? lock_downgrade+0x990/0x990
[   42.006913]  ? check_noncircular+0x20/0x20
[   42.011116]  ? ip_route_output_key_hash+0x1a6/0x370
[   42.016096]  ? find_held_lock+0x39/0x1d0
[   42.020126]  ? lock_release+0xd70/0xd70
[   42.024070]  ? lock_downgrade+0x990/0x990
[   42.028189]  ? ip_route_output_key_hash+0x252/0x370
[   42.033171]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   42.038672]  ? lock_release+0xd70/0xd70
[   42.042617]  xfrm_lookup_route+0x39/0x1a0
[   42.046731]  ip_route_output_flow+0x7c/0xa0
[   42.051019]  udp_sendmsg+0x19b8/0x2cd0
[   42.054875]  ? ip_reply_glue_bits+0xb0/0xb0
[   42.059165]  ? udp_lib_get_port+0x1c00/0x1c00
[   42.063630]  ? ip4_datagram_connect+0x50/0x50
[   42.068089]  ? check_noncircular+0x20/0x20
[   42.072292]  ? do_raw_spin_trylock+0x190/0x190
[   42.076839]  ? lock_acquire+0x1d5/0x580
[   42.080780]  ? inet_autobind+0x1f/0x180
[   42.084720]  ? __local_bh_enable_ip+0x9d/0x160
[   42.089269]  ? release_sock+0x1d4/0x2a0
[   42.093208]  ? trace_hardirqs_on+0xd/0x10
[   42.097323]  ? release_sock+0x1d4/0x2a0
[   42.101263]  ? __release_sock+0x360/0x360
[   42.105378]  ? udp_v4_get_port+0x132/0x180
[   42.109580]  inet_sendmsg+0x11f/0x5e0
[   42.113351]  ? __might_sleep+0x95/0x190
[   42.117291]  ? inet_recvmsg+0x5f0/0x5f0