INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-5,10.128.0.2' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   29.941194] ==================================================================
[   29.948587] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x305b/0x3190
[   29.955745] Read of size 4 at addr ffff8801ceb9faf8 by task syzkaller849821/2984
[   29.963243] 
[   29.964847] CPU: 1 PID: 2984 Comm: syzkaller849821 Not tainted 4.13.0-mm1+ #7
[   29.972090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.981421] Call Trace:
[   29.983979]  dump_stack+0x194/0x257
[   29.987579]  ? arch_local_irq_restore+0x53/0x53
[   29.992217]  ? show_regs_print_info+0x65/0x65
[   29.996687]  ? lock_release+0xd70/0xd70
[   30.000633]  ? xfrm_state_find+0x305b/0x3190
[   30.005017]  print_address_description+0x73/0x250
[   30.009829]  ? xfrm_state_find+0x305b/0x3190
[   30.014212]  kasan_report+0x24e/0x340
[   30.017990]  __asan_report_load4_noabort+0x14/0x20
[   30.022890]  xfrm_state_find+0x305b/0x3190
[   30.027096]  ? print_usage_bug+0x480/0x480
[   30.031302]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   30.037176]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   30.042252]  ? print_usage_bug+0x480/0x480
[   30.046457]  ? print_usage_bug+0x480/0x480
[   30.050662]  ? lock_release+0xd70/0xd70
[   30.054606]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   30.060469]  ? is_bpf_text_address+0x7b/0x120
[   30.064936]  ? lock_downgrade+0x990/0x990
[   30.069077]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   30.074063]  ? unwind_dump+0x4c0/0x4c0
[   30.077927]  ? unwind_dump+0x4c0/0x4c0
[   30.081791]  ? __lock_acquire+0x732/0x4620
[   30.085998]  ? unwind_dump+0x4c0/0x4c0
[   30.089873]  ? __lock_acquire+0x732/0x4620
[   30.094076]  ? __unwind_start+0x169/0x330
[   30.098195]  ? unwind_get_return_address+0x61/0xa0
[   30.103098]  ? __lock_acquire+0x732/0x4620
[   30.107310]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   30.112468]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   30.118322]  ? sock_common_setsockopt+0x95/0xd0
[   30.122965]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   30.128128]  ? check_noncircular+0x20/0x20
[   30.132334]  ? check_noncircular+0x20/0x20
[   30.136541]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   30.141536]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   30.145761]  ? __xfrm_decode_session+0x100/0x100
[   30.150493]  ? rcu_read_lock_sched_held+0x108/0x120
[   30.155480]  ? fib_table_lookup+0xa07/0x1a30
[   30.159863]  ? check_noncircular+0x20/0x20
[   30.164080]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   30.169523]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   30.173906]  ? lock_downgrade+0x990/0x990
[   30.178033]  ? xfrm_selector_match+0xe00/0xe00
[   30.182585]  ? rcu_read_lock_held+0xa9/0xc0
[   30.186877]  ? find_exception+0x3aa/0x520
[   30.190995]  ? lock_release+0xd70/0xd70
[   30.194941]  ? refcount_inc_not_zero+0xfe/0x180
[   30.199589]  ? xfrm_selector_match+0x3b/0xe00
[   30.204056]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   30.208789]  ? xfrm_selector_match+0xe00/0xe00
[   30.213341]  ? check_noncircular+0x20/0x20
[   30.217548]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   30.222971]  xfrm_lookup+0xf0a/0x2540
[   30.226741]  ? xfrm_lookup+0xf0a/0x2540
[   30.230687]  ? ip_route_input_noref+0x1e0/0x1e0
[   30.235332]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   30.241712]  ? find_held_lock+0x39/0x1d0
[   30.245757]  ? lock_downgrade+0x990/0x990
[   30.249883]  ? ip_route_output_key_hash+0x1a6/0x370
[   30.254867]  ? find_held_lock+0x39/0x1d0
[   30.258903]  ? lock_release+0xd70/0xd70
[   30.262851]  ? lock_downgrade+0x990/0x990
[   30.266984]  ? ip_route_output_key_hash+0x252/0x370
[   30.271974]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   30.277480]  ? lock_release+0xd70/0xd70
[   30.281435]  xfrm_lookup_route+0x39/0x1a0
[   30.285560]  ip_route_output_flow+0x7c/0xa0
[   30.289860]  raw_sendmsg+0xc4f/0x38c0
[   30.293631]  ? release_sock+0x1d4/0x2a0
[   30.297575]  ? __release_sock+0x330/0x360
[   30.301703]  ? raw_setsockopt+0xd0/0xd0
[   30.305646]  ? do_ip_setsockopt.isra.12+0x2a9/0x31f0
[   30.310724]  ? alloc_file+0x26/0x3a0
[   30.314409]  ? sock_alloc_file+0x1fd/0x550
[   30.318613]  ? SyS_socket+0x125/0x200
[   30.322384]  ? entry_SYSCALL_64_fastpath+0x1f/0xbe
[   30.327293]  ? lock_downgrade+0x990/0x990
[   30.331415]  ? check_noncircular+0x20/0x20
[   30.335640]  ? lock_downgrade+0x990/0x990
[   30.339766]  ? __might_fault+0xe0/0x1d0
[   30.343715]  ? sock_has_perm+0x29c/0x400
[   30.347746]  ? selinux_tun_dev_create+0xc0/0xc0
[   30.352386]  ? lock_release+0xd70/0xd70
[   30.356332]  ? check_same_owner+0x320/0x320
[   30.360627]  ? __check_object_size+0x25d/0x4f0
[   30.365187]  inet_sendmsg+0x11f/0x5e0
[   30.368958]  ? __might_sleep+0x95/0x190
[   30.372902]  ? inet_recvmsg+0x5f0/0x5f0
[   30.376849]  ? selinux_socket_sendmsg+0x36/0x40
[   30.381486]  ? security_socket_sendmsg+0x89/0xb0
[   30.386212]  ? inet_recvmsg+0x5f0/0x5f0
[   30.390158]  sock_sendmsg+0xca/0x110
[   30.393846]  SYSC_sendto+0x358/0x5a0
[   30.397534]  ? SYSC_connect+0x480/0x480
[   30.401485]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
[   30.407178]  ? ip_setsockopt+0x6f/0xb0
[   30.411043]  ? sock_common_setsockopt+0x95/0xd0
[   30.415688]  ? SyS_setsockopt+0x215/0x360
[   30.419811]  ? SyS_recv+0x40/0x40
[   30.423235]  ? entry_SYSCALL_64_fastpath+0x5/0xbe
[   30.428048]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   30.433037]  SyS_sendto+0x40/0x50
[   30.436464]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   30.441186] RIP: 0033:0x4401a9
[   30.444345] RSP: 002b:00007ffcc50f6f98 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   30.452026] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00000000004401a9
[   30.459265] RDX: 0000000000000000 RSI: 000000002089b000 RDI: 0000000000000003
[   30.466504] RBP: 0000000000000082 R08: 000000002000e000 R09: 0000000000000010
[   30.473743] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401b10
[   30.480984] R13: 0000000000401ba0 R14: 0000000000000000 R15: 0000000000000000
[   30.488241] 
[   30.489838] The buggy address belongs to the page:
[   30.494733] page:ffffea00073ae7c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   30.502851] flags: 0x200000000000000()
[   30.506706] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff
[   30.514553] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   30.522399] page dumped because: kasan: bad access detected
[   30.528073] 
[   30.529667] Memory state around the buggy address:
[   30.534562]  ffff8801ceb9f980: f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 f2
[   30.541891]  ffff8801ceb9fa00: f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00
[   30.549217] >ffff8801ceb9fa80: 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2
[   30.556544]                                                                 ^
[   30.563787]  ffff8801ceb9fb00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2
[   30.571119]  ffff8801ceb9fb80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1
[   30.578442] ==================================================================
[   30.585765] Disabling lock debugging due to kernel taint
[   30.591255] Kernel panic - not syncing: panic_on_warn set ...
[   30.591255] 
[   30.598585] CPU: 1 PID: 2984 Comm: syzkaller849821 Tainted: G    B           4.13.0-mm1+ #7
[   30.607042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.616361] Call Trace:
[   30.618917]  dump_stack+0x194/0x257
[   30.622770]  ? arch_local_irq_restore+0x53/0x53
[   30.627406]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.632130]  ? xfrm_state_find+0x2fe0/0x3190
[   30.636502]  panic+0x1e4/0x417
[   30.639658]  ? __warn+0x1d9/0x1d9
[   30.643080]  ? xfrm_state_find+0x305b/0x3190
[   30.647453]  kasan_end_report+0x50/0x50
[   30.651392]  kasan_report+0x137/0x340
[   30.655158]  __asan_report_load4_noabort+0x14/0x20
[   30.660048]  xfrm_state_find+0x305b/0x3190
[   30.664559]  ? print_usage_bug+0x480/0x480
[   30.668759]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   30.674614]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   30.679678]  ? print_usage_bug+0x480/0x480
[   30.683874]  ? print_usage_bug+0x480/0x480
[   30.688069]  ? lock_release+0xd70/0xd70
[   30.692006]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   30.697851]  ? is_bpf_text_address+0x7b/0x120
[   30.702310]  ? lock_downgrade+0x990/0x990
[   30.706427]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   30.711405]  ? unwind_dump+0x4c0/0x4c0
[   30.715255]  ? unwind_dump+0x4c0/0x4c0
[   30.719105]  ? __lock_acquire+0x732/0x4620
[   30.723304]  ? unwind_dump+0x4c0/0x4c0
[   30.727159]  ? __lock_acquire+0x732/0x4620
[   30.731355]  ? __unwind_start+0x169/0x330
[   30.735465]  ? unwind_get_return_address+0x61/0xa0
[   30.740358]  ? __lock_acquire+0x732/0x4620
[   30.744557]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   30.749709]  ? __read_once_size_nocheck.constprop.8+0x10/0x10
[   30.755556]  ? sock_common_setsockopt+0x95/0xd0
[   30.760193]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   30.765346]  ? check_noncircular+0x20/0x20
[   30.769543]  ? check_noncircular+0x20/0x20
[   30.773742]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   30.778723]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   30.782928]  ? __xfrm_decode_session+0x100/0x100
[   30.787649]  ? rcu_read_lock_sched_held+0x108/0x120
[   30.792628]  ? fib_table_lookup+0xa07/0x1a30
[   30.797003]  ? check_noncircular+0x20/0x20
[   30.801206]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   30.806630]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   30.811001]  ? lock_downgrade+0x990/0x990
[   30.815118]  ? xfrm_selector_match+0xe00/0xe00
[   30.819661]  ? rcu_read_lock_held+0xa9/0xc0
[   30.823946]  ? find_exception+0x3aa/0x520
[   30.828058]  ? lock_release+0xd70/0xd70
[   30.831997]  ? refcount_inc_not_zero+0xfe/0x180
[   30.836631]  ? xfrm_selector_match+0x3b/0xe00
[   30.841089]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   30.845810]  ? xfrm_selector_match+0xe00/0xe00
[   30.850357]  ? check_noncircular+0x20/0x20
[   30.854553]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   30.859968]  xfrm_lookup+0xf0a/0x2540
[   30.863733]  ? xfrm_lookup+0xf0a/0x2540
[   30.867671]  ? ip_route_input_noref+0x1e0/0x1e0
[   30.872307]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   30.878675]  ? find_held_lock+0x39/0x1d0
[   30.882703]  ? lock_downgrade+0x990/0x990
[   30.886817]  ? ip_route_output_key_hash+0x1a6/0x370
[   30.891796]  ? find_held_lock+0x39/0x1d0
[   30.895821]  ? lock_release+0xd70/0xd70
[   30.899760]  ? lock_downgrade+0x990/0x990
[   30.903877]  ? ip_route_output_key_hash+0x252/0x370
[   30.908857]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   30.914357]  ? lock_release+0xd70/0xd70
[   30.918301]  xfrm_lookup_route+0x39/0x1a0
[   30.922413]  ip_route_output_flow+0x7c/0xa0
[   30.926699]  raw_sendmsg+0xc4f/0x38c0
[   30.930465]  ? release_sock+0x1d4/0x2a0
[   30.934405]  ? __release_sock+0x330/0x360
[   30.938519]  ? raw_setsockopt+0xd0/0xd0