INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-5,10.128.15.220' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   40.243610] ==================================================================
[   40.251061] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x305b/0x3190
[   40.258228] Read of size 4 at addr ffff8801ce6b7af8 by task syzkaller792083/2982
[   40.265731] 
[   40.267337] CPU: 0 PID: 2982 Comm: syzkaller792083 Not tainted 4.13.0-mm1+ #5
[   40.274582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.283921] Call Trace:
[   40.286489]  dump_stack+0x194/0x257
[   40.290092]  ? arch_local_irq_restore+0x53/0x53
[   40.294735]  ? show_regs_print_info+0x65/0x65
[   40.299208]  ? lock_release+0xd70/0xd70
[   40.303159]  ? xfrm_state_find+0x305b/0x3190
[   40.307545]  print_address_description+0x73/0x250
[   40.312374]  ? xfrm_state_find+0x305b/0x3190
[   40.316758]  kasan_report+0x24e/0x340
[   40.320535]  __asan_report_load4_noabort+0x14/0x20
[   40.325439]  xfrm_state_find+0x305b/0x3190
[   40.329646]  ? unwind_get_return_address+0x61/0xa0
[   40.334551]  ? __save_stack_trace+0x61/0xd0
[   40.338862]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   40.343943]  ? copy_trace+0x1d0/0x1d0
[   40.347734]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   40.352904]  ? check_noncircular+0x20/0x20
[   40.357115]  ? lock_downgrade+0x990/0x990
[   40.361235]  ? unwind_dump+0x4c0/0x4c0
[   40.365103]  ? find_held_lock+0x39/0x1d0
[   40.369146]  ? __lock_acquire+0x732/0x4620
[   40.373354]  ? find_held_lock+0x39/0x1d0
[   40.377407]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   40.382572]  ? depot_save_stack+0x1c2/0x490
[   40.386875]  ? do_raw_spin_trylock+0x190/0x190
[   40.391431]  ? check_noncircular+0x20/0x20
[   40.395650]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   40.399874]  ? __xfrm_decode_session+0x100/0x100
[   40.404612]  ? lock_downgrade+0x990/0x990
[   40.408733]  ? inet_sendmsg+0x11f/0x5e0
[   40.412681]  ? sock_sendmsg+0xca/0x110
[   40.416540]  ? SYSC_sendto+0x358/0x5a0
[   40.420404]  ? check_noncircular+0x20/0x20
[   40.424613]  ? rt_add_uncached_list+0xa2/0x240
[   40.429167]  ? check_noncircular+0x20/0x20
[   40.433382]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   40.438804]  ? kasan_unpoison_shadow+0x35/0x50
[   40.443365]  ? __local_bh_enable_ip+0x9d/0x160
[   40.447944]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   40.452328]  ? lock_downgrade+0x990/0x990
[   40.456455]  ? dst_init+0x4d9/0x6a0
[   40.460063]  ? xfrm_selector_match+0xe00/0xe00
[   40.464618]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   40.469786]  ? lock_release+0xd70/0xd70
[   40.473738]  ? refcount_inc_not_zero+0xfe/0x180
[   40.478386]  ? xfrm_selector_match+0x3b/0xe00
[   40.482860]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   40.487594]  ? xfrm_selector_match+0xe00/0xe00
[   40.492675]  ? check_noncircular+0x20/0x20
[   40.497497]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   40.502933]  xfrm_lookup+0xf0a/0x2540
[   40.506712]  ? xfrm_lookup+0xf0a/0x2540
[   40.510663]  ? ip_route_input_noref+0x1e0/0x1e0
[   40.515313]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   40.521699]  ? find_held_lock+0x39/0x1d0
[   40.525745]  ? lock_downgrade+0x990/0x990
[   40.529876]  ? ip_route_output_key_hash+0x1a6/0x370
[   40.534873]  ? lock_release+0xd70/0xd70
[   40.538832]  ? kasan_check_write+0x14/0x20
[   40.543054]  ? ip_route_output_key_hash+0x252/0x370
[   40.548043]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   40.553564]  xfrm_lookup_route+0x39/0x1a0
[   40.557688]  ip_route_output_flow+0x7c/0xa0
[   40.561989]  raw_sendmsg+0xc4f/0x38c0
[   40.565783]  ? raw_setsockopt+0xd0/0xd0
[   40.569736]  ? lock_downgrade+0x990/0x990
[   40.573864]  ? lru_cache_add_active_or_unevictable+0x20e/0x540
[   40.579810]  ? add_page_to_unevictable_list+0x730/0x730
[   40.585148]  ? do_raw_spin_trylock+0x190/0x190
[   40.589708]  ? do_raw_spin_trylock+0x190/0x190
[   40.594287]  ? lock_downgrade+0x990/0x990
[   40.598419]  ? __might_fault+0xe0/0x1d0
[   40.602372]  ? sock_has_perm+0x29c/0x400
[   40.606408]  ? selinux_tun_dev_create+0xc0/0xc0
[   40.611048]  ? lock_release+0xd70/0xd70
[   40.614994]  ? check_same_owner+0x320/0x320
[   40.619289]  ? __check_object_size+0x25d/0x4f0
[   40.623849]  inet_sendmsg+0x11f/0x5e0
[   40.627641]  ? __might_sleep+0x95/0x190
[   40.631591]  ? inet_recvmsg+0x5f0/0x5f0
[   40.635541]  ? selinux_socket_sendmsg+0x36/0x40
[   40.640183]  ? security_socket_sendmsg+0x89/0xb0
[   40.644911]  ? inet_recvmsg+0x5f0/0x5f0
[   40.648862]  sock_sendmsg+0xca/0x110
[   40.652552]  SYSC_sendto+0x358/0x5a0
[   40.656244]  ? SYSC_connect+0x480/0x480
[   40.660188]  ? __handle_mm_fault+0x39c0/0x39c0
[   40.664751]  ? up_read+0x1a/0x40
[   40.668092]  ? __do_page_fault+0x35b/0xb60
[   40.672314]  ? __do_page_fault+0xb60/0xb60
[   40.676527]  ? SyS_setsockopt+0x215/0x360
[   40.680654]  ? lockdep_sys_exit+0x47/0xf0
[   40.684775]  ? entry_SYSCALL_64_fastpath+0x5/0xbe
[   40.689594]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.694586]  SyS_sendto+0x40/0x50
[   40.698021]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   40.702764] RIP: 0033:0x440069
[   40.705926] RSP: 002b:00007ffc2381b248 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   40.713610] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440069
[   40.720854] RDX: 0000000000000040 RSI: 0000000020fdbfc0 RDI: 0000000000000003
[   40.728096] RBP: 0000000000000082 R08: 0000000020fdbff0 R09: 0000000000000010
[   40.735338] R10: 0000000000000080 R11: 0000000000000217 R12: 00000000004019d0
[   40.742581] R13: 0000000000401a60 R14: 0000000000000000 R15: 0000000000000000
[   40.749844] 
[   40.751446] The buggy address belongs to the page:
[   40.756351] page:ffffea000739adc0 count:0 mapcount:0 mapping:          (null) index:0x0
[   40.764475] flags: 0x200000000000000()
[   40.768340] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff
[   40.776197] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   40.784049] page dumped because: kasan: bad access detected
[   40.789728] 
[   40.791326] Memory state around the buggy address:
[   40.796226]  ffff8801ce6b7980: f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 f2
[   40.803555]  ffff8801ce6b7a00: f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00
[   40.810884] >ffff8801ce6b7a80: 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2
[   40.818214]                                                                 ^
[   40.825457]  ffff8801ce6b7b00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2
[   40.832787]  ffff8801ce6b7b80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1
[   40.840116] ==================================================================
[   40.847444] Disabling lock debugging due to kernel taint
[   40.852914] Kernel panic - not syncing: panic_on_warn set ...
[   40.852914] 
[   40.860248] CPU: 0 PID: 2982 Comm: syzkaller792083 Tainted: G    B           4.13.0-mm1+ #5
[   40.868701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.878021] Call Trace:
[   40.880578]  dump_stack+0x194/0x257
[   40.884173]  ? arch_local_irq_restore+0x53/0x53
[   40.888809]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   40.893533]  ? xfrm_state_find+0x2fb0/0x3190
[   40.897910]  panic+0x1e4/0x417
[   40.901069]  ? __warn+0x1d9/0x1d9
[   40.904497]  ? xfrm_state_find+0x305b/0x3190
[   40.908870]  kasan_end_report+0x50/0x50
[   40.912811]  kasan_report+0x137/0x340
[   40.916580]  __asan_report_load4_noabort+0x14/0x20
[   40.921479]  xfrm_state_find+0x305b/0x3190
[   40.925682]  ? unwind_get_return_address+0x61/0xa0
[   40.930580]  ? __save_stack_trace+0x61/0xd0
[   40.934878]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   40.939952]  ? copy_trace+0x1d0/0x1d0
[   40.943722]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   40.948877]  ? check_noncircular+0x20/0x20
[   40.953079]  ? lock_downgrade+0x990/0x990
[   40.957189]  ? unwind_dump+0x4c0/0x4c0
[   40.961045]  ? find_held_lock+0x39/0x1d0
[   40.965084]  ? __lock_acquire+0x732/0x4620
[   40.969300]  ? find_held_lock+0x39/0x1d0
[   40.973338]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   40.978506]  ? depot_save_stack+0x1c2/0x490
[   40.982799]  ? do_raw_spin_trylock+0x190/0x190
[   40.987351]  ? check_noncircular+0x20/0x20
[   40.991562]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   40.995772]  ? __xfrm_decode_session+0x100/0x100
[   41.000500]  ? lock_downgrade+0x990/0x990
[   41.004616]  ? inet_sendmsg+0x11f/0x5e0
[   41.008557]  ? sock_sendmsg+0xca/0x110
[   41.012410]  ? SYSC_sendto+0x358/0x5a0
[   41.016272]  ? check_noncircular+0x20/0x20
[   41.020473]  ? rt_add_uncached_list+0xa2/0x240
[   41.025022]  ? check_noncircular+0x20/0x20
[   41.029231]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   41.034648]  ? kasan_unpoison_shadow+0x35/0x50
[   41.039198]  ? __local_bh_enable_ip+0x9d/0x160
[   41.043753]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   41.048129]  ? lock_downgrade+0x990/0x990
[   41.052244]  ? dst_init+0x4d9/0x6a0
[   41.055842]  ? xfrm_selector_match+0xe00/0xe00
[   41.060399]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   41.065559]  ? lock_release+0xd70/0xd70
[   41.069506]  ? refcount_inc_not_zero+0xfe/0x180
[   41.074146]  ? xfrm_selector_match+0x3b/0xe00
[   41.078607]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   41.083334]  ? xfrm_selector_match+0xe00/0xe00
[   41.087886]  ? check_noncircular+0x20/0x20
[   41.092087]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   41.097505]  xfrm_lookup+0xf0a/0x2540
[   41.101275]  ? xfrm_lookup+0xf0a/0x2540
[   41.105216]  ? ip_route_input_noref+0x1e0/0x1e0
[   41.109853]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   41.116229]  ? find_held_lock+0x39/0x1d0
[   41.120263]  ? lock_downgrade+0x990/0x990
[   41.124382]  ? ip_route_output_key_hash+0x1a6/0x370
[   41.129369]  ? lock_release+0xd70/0xd70
[   41.133317]  ? kasan_check_write+0x14/0x20
[   41.137522]  ? ip_route_output_key_hash+0x252/0x370
[   41.142506]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   41.148014]  xfrm_lookup_route+0x39/0x1a0
[   41.152128]  ip_route_output_flow+0x7c/0xa0
[   41.156420]  raw_sendmsg+0xc4f/0x38c0
[   41.160199]  ? raw_setsockopt+0xd0/0xd0
[   41.164143]  ? lock_downgrade+0x990/0x990
[   41.168262]  ? lru_cache_add_active_or_unevictable+0x20e/0x540
[   41.174202]  ? add_page_to_unevictable_list+0x730/0x730
[   41.179536]  ? do_raw_spin_trylock+0x190/0x190
[   41.184088]  ? do_raw_spin_trylock+0x190/0x190
[   41.188649]  ? lock_downgrade+0x990/0x990
[   41.192780]  ? __might_fault+0xe0/0x1d0
[   41.196723]  ? sock_has_perm+0x29c/0x400
[   41.200752]  ? selinux_tun_dev_create+0xc0/0xc0
[   41.205390]  ? lock_release+0xd70/0xd70
[   41.209332]  ? check_same_owner+0x320/0x320
[   41.213621]  ? __check_object_size+0x25d/0x4f0
[   41.218174]  inet_sendmsg+0x11f/0x5e0
[   41.221939]  ? __might_sleep+0x95/0x190
[   41.225879]  ? inet_recvmsg+0x5f0/0x5f0
[   41.229820]  ? selinux_socket_sendmsg+0x36/0x40
[   41.234454]  ? security_socket_sendmsg+0x89/0xb0
[   41.239186]  ? inet_recvmsg+0x5f0/0x5f0
[   41.243130]  sock_sendmsg+0xca/0x110