INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-next-kasan-gce-5,10.128.0.37' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   44.973591] ==================================================================
[   44.981099] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x305b/0x3190
[   44.988254] Read of size 4 at addr ffff8801ce6d74e0 by task syzkaller246001/2984
[   44.995763] 
[   44.997362] CPU: 1 PID: 2984 Comm: syzkaller246001 Not tainted 4.13.0-next-20170905+ #15
[   45.005556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.014877] Call Trace:
[   45.017434]  dump_stack+0x194/0x257
[   45.021033]  ? arch_local_irq_restore+0x53/0x53
[   45.025675]  ? show_regs_print_info+0x65/0x65
[   45.030143]  ? lock_release+0xd70/0xd70
[   45.034086]  ? xfrm_state_find+0x305b/0x3190
[   45.038467]  print_address_description+0x73/0x250
[   45.043280]  ? xfrm_state_find+0x305b/0x3190
[   45.047662]  kasan_report+0x24e/0x340
[   45.051438]  __asan_report_load4_noabort+0x14/0x20
[   45.056334]  xfrm_state_find+0x305b/0x3190
[   45.060537]  ? __save_stack_trace+0x61/0xd0
[   45.064860]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   45.069938]  ? copy_trace+0x1d0/0x1d0
[   45.073721]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   45.078892]  ? check_noncircular+0x20/0x20
[   45.083113]  ? lock_downgrade+0x990/0x990
[   45.087230]  ? save_stack_trace+0x16/0x20
[   45.091346]  ? __lock_acquire+0x20fd/0x4620
[   45.095640]  ? find_held_lock+0x39/0x1d0
[   45.099682]  ? __lock_acquire+0x732/0x4620
[   45.103901]  ? find_held_lock+0x39/0x1d0
[   45.107948]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   45.113111]  ? depot_save_stack+0x1c2/0x490
[   45.117411]  ? do_raw_spin_trylock+0x190/0x190
[   45.121979]  ? check_noncircular+0x20/0x20
[   45.126197]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   45.130419]  ? __xfrm_decode_session+0x100/0x100
[   45.135152]  ? lock_downgrade+0x990/0x990
[   45.139269]  ? udpv6_sendmsg+0x743/0x3380
[   45.143383]  ? inet_sendmsg+0x11f/0x5e0
[   45.147323]  ? sock_sendmsg+0xca/0x110
[   45.151204]  ? check_noncircular+0x20/0x20
[   45.155408]  ? rt_add_uncached_list+0xa2/0x240
[   45.159958]  ? check_noncircular+0x20/0x20
[   45.164181]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   45.169619]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   45.173997]  ? lock_downgrade+0x990/0x990
[   45.178129]  ? dst_init+0x4d9/0x6a0
[   45.181735]  ? xfrm_selector_match+0xe00/0xe00
[   45.186288]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   45.191451]  ? lock_release+0xd70/0xd70
[   45.195397]  ? refcount_inc_not_zero+0xfe/0x180
[   45.200041]  ? xfrm_selector_match+0x3b/0xe00
[   45.204527]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   45.209283]  ? xfrm_selector_match+0xe00/0xe00
[   45.213836]  ? check_noncircular+0x20/0x20
[   45.218040]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   45.223467]  xfrm_lookup+0xf0a/0x2540
[   45.227234]  ? xfrm_lookup+0xf0a/0x2540
[   45.231180]  ? ip_route_input_noref+0x1e0/0x1e0
[   45.235825]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   45.242235]  ? find_held_lock+0x39/0x1d0
[   45.246279]  ? lock_downgrade+0x990/0x990
[   45.250404]  ? ip_route_output_key_hash+0x1a6/0x370
[   45.255391]  ? find_held_lock+0x39/0x1d0
[   45.259424]  ? lock_release+0xd70/0xd70
[   45.263387]  ? lock_downgrade+0x990/0x990
[   45.267530]  ? ip_route_output_key_hash+0x252/0x370
[   45.272520]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   45.278026]  ? lock_release+0xd70/0xd70
[   45.281979]  xfrm_lookup_route+0x39/0x1a0
[   45.286103]  ip_route_output_flow+0x7c/0xa0
[   45.290395]  udp_sendmsg+0x1958/0x2c70
[   45.294255]  ? ip_reply_glue_bits+0xb0/0xb0
[   45.298553]  ? udp4_seq_show+0x7d0/0x7d0
[   45.302581]  ? lock_downgrade+0x990/0x990
[   45.306701]  ? __local_bh_enable_ip+0x9d/0x160
[   45.311255]  ? udp_lib_get_port+0xc34/0x1c00
[   45.315647]  ? check_noncircular+0x20/0x20
[   45.319853]  ? udp_lib_get_port+0x793/0x1c00
[   45.324232]  ? trace_hardirqs_on+0xd/0x10
[   45.328363]  ? __local_bh_enable_ip+0x9d/0x160
[   45.332919]  ? check_noncircular+0x20/0x20
[   45.337129]  udpv6_sendmsg+0x743/0x3380
[   45.341102]  ? udpv6_setsockopt+0x80/0x80
[   45.345250]  ? lock_downgrade+0x990/0x990
[   45.349369]  ? lock_downgrade+0x990/0x990
[   45.353487]  ? lock_release+0xd70/0xd70
[   45.357453]  ? __local_bh_enable_ip+0x9d/0x160
[   45.362014]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   45.367018]  ? release_sock+0x1d4/0x2a0
[   45.370960]  ? trace_hardirqs_on+0xd/0x10
[   45.375076]  ? __local_bh_enable_ip+0x9d/0x160
[   45.379630]  ? _raw_spin_unlock_bh+0x30/0x40
[   45.384008]  ? release_sock+0x1d4/0x2a0
[   45.387949]  ? __release_sock+0x360/0x360
[   45.392065]  ? udp6_portaddr_hash+0x146/0x2f0
[   45.396534]  ? udp_v6_get_port+0x9c/0xc0
[   45.400572]  inet_sendmsg+0x11f/0x5e0
[   45.404352]  ? inet_sendmsg+0x11f/0x5e0
[   45.408296]  ? inet_recvmsg+0x5f0/0x5f0
[   45.412290]  ? selinux_socket_sendmsg+0x36/0x40
[   45.416930]  ? security_socket_sendmsg+0x89/0xb0
[   45.421667]  ? inet_recvmsg+0x5f0/0x5f0
[   45.425615]  sock_sendmsg+0xca/0x110
[   45.429314]  ___sys_sendmsg+0x322/0x8a0
[   45.433263]  ? copy_msghdr_from_user+0x590/0x590
[   45.437991]  ? __handle_mm_fault+0x587/0x39c0
[   45.442465]  ? __pmd_alloc+0x4e0/0x4e0
[   45.446348]  ? fget_raw+0x20/0x20
[   45.449785]  ? lock_downgrade+0x990/0x990
[   45.453914]  ? __fdget+0x18/0x20
[   45.457255]  __sys_sendmmsg+0x1e6/0x5f0
[   45.461202]  ? __sys_sendmmsg+0x1e6/0x5f0
[   45.465337]  ? SyS_sendmsg+0x50/0x50
[   45.469025]  ? up_read+0x1a/0x40
[   45.472363]  ? __do_page_fault+0x35b/0xb60
[   45.476630]  ? __do_page_fault+0xb60/0xb60
[   45.480849]  ? SyS_setsockopt+0x215/0x360
[   45.484984]  ? lockdep_sys_exit+0x47/0xf0
[   45.489105]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   45.494105]  SyS_sendmmsg+0x35/0x60
[   45.497707]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   45.502442] RIP: 0033:0x440099
[   45.505601] RSP: 002b:00007ffd9e03e3e8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133
[   45.513280] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440099
[   45.520523] RDX: 0000000000000001 RSI: 0000000020498000 RDI: 0000000000000003
[   45.527781] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
[   45.535056] R10: 0000000000040004 R11: 0000000000000217 R12: 0000000000401a00
[   45.542301] R13: 0000000000401a90 R14: 0000000000000000 R15: 0000000000000000
[   45.549564] 
[   45.551159] The buggy address belongs to the page:
[   45.556060] page:ffffea000739b5c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   45.564185] flags: 0x200000000000000()
[   45.568049] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff
[   45.575897] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   45.583746] page dumped because: kasan: bad access detected
[   45.589422] 
[   45.591017] Memory state around the buggy address:
[   45.595913]  ffff8801ce6d7380: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2
[   45.603252]  ffff8801ce6d7400: f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 00 00
[   45.610591] >ffff8801ce6d7480: 00 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2 f2
[   45.617932]                                                        ^
[   45.624390]  ffff8801ce6d7500: f2 00 00 00 00 00 00 00 00 00 f2 f2 f2 f3 f3 f3
[   45.631724]  ffff8801ce6d7580: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   45.639052] ==================================================================
[   45.646376] Disabling lock debugging due to kernel taint
[   45.651840] Kernel panic - not syncing: panic_on_warn set ...
[   45.651840] 
[   45.659178] CPU: 1 PID: 2984 Comm: syzkaller246001 Tainted: G    B           4.13.0-next-20170905+ #15
[   45.668597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.677913] Call Trace:
[   45.680474]  dump_stack+0x194/0x257
[   45.684065]  ? arch_local_irq_restore+0x53/0x53
[   45.688701]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   45.693424]  ? xfrm_state_find+0x2fc0/0x3190
[   45.697795]  panic+0x1e4/0x417
[   45.700949]  ? __warn+0x1d9/0x1d9
[   45.704379]  ? xfrm_state_find+0x305b/0x3190
[   45.708758]  kasan_end_report+0x50/0x50
[   45.712702]  kasan_report+0x137/0x340
[   45.716473]  __asan_report_load4_noabort+0x14/0x20
[   45.721372]  xfrm_state_find+0x305b/0x3190
[   45.725577]  ? __save_stack_trace+0x61/0xd0
[   45.729875]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   45.734948]  ? copy_trace+0x1d0/0x1d0
[   45.738719]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   45.743876]  ? check_noncircular+0x20/0x20
[   45.748082]  ? lock_downgrade+0x990/0x990
[   45.752194]  ? save_stack_trace+0x16/0x20
[   45.756307]  ? __lock_acquire+0x20fd/0x4620
[   45.760607]  ? find_held_lock+0x39/0x1d0
[   45.764635]  ? __lock_acquire+0x732/0x4620
[   45.768834]  ? find_held_lock+0x39/0x1d0
[   45.772868]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   45.778052]  ? depot_save_stack+0x1c2/0x490
[   45.782358]  ? do_raw_spin_trylock+0x190/0x190
[   45.786927]  ? check_noncircular+0x20/0x20
[   45.791130]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   45.795347]  ? __xfrm_decode_session+0x100/0x100
[   45.800623]  ? lock_downgrade+0x990/0x990
[   45.804738]  ? udpv6_sendmsg+0x743/0x3380
[   45.808869]  ? inet_sendmsg+0x11f/0x5e0
[   45.812807]  ? sock_sendmsg+0xca/0x110
[   45.816660]  ? check_noncircular+0x20/0x20
[   45.820860]  ? rt_add_uncached_list+0xa2/0x240
[   45.825404]  ? check_noncircular+0x20/0x20
[   45.829632]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   45.835057]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   45.839430]  ? lock_downgrade+0x990/0x990
[   45.843540]  ? dst_init+0x4d9/0x6a0
[   45.847137]  ? xfrm_selector_match+0xe00/0xe00
[   45.851685]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   45.856844]  ? lock_release+0xd70/0xd70
[   45.860787]  ? refcount_inc_not_zero+0xfe/0x180
[   45.865421]  ? xfrm_selector_match+0x3b/0xe00
[   45.869882]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   45.874605]  ? xfrm_selector_match+0xe00/0xe00
[   45.879164]  ? check_noncircular+0x20/0x20
[   45.883364]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   45.888780]  xfrm_lookup+0xf0a/0x2540
[   45.892542]  ? xfrm_lookup+0xf0a/0x2540
[   45.896481]  ? ip_route_input_noref+0x1e0/0x1e0
[   45.901117]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   45.907492]  ? find_held_lock+0x39/0x1d0
[   45.911522]  ? lock_downgrade+0x990/0x990
[   45.915643]  ? ip_route_output_key_hash+0x1a6/0x370
[   45.920625]  ? find_held_lock+0x39/0x1d0
[   45.924654]  ? lock_release+0xd70/0xd70
[   45.928596]  ? lock_downgrade+0x990/0x990
[   45.932717]  ? ip_route_output_key_hash+0x252/0x370
[   45.937699]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   45.943197]  ? lock_release+0xd70/0xd70
[   45.947138]  xfrm_lookup_route+0x39/0x1a0
[   45.951261]  ip_route_output_flow+0x7c/0xa0
[   45.955551]  udp_sendmsg+0x1958/0x2c70
[   45.959405]  ? ip_reply_glue_bits+0xb0/0xb0
[   45.963694]  ? udp4_seq_show+0x7d0/0x7d0
[   45.967717]  ? lock_downgrade+0x990/0x990
[   45.971828]  ? __local_bh_enable_ip+0x9d/0x160