INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-7,10.128.0.13' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   32.282765] ==================================================================
[   32.283933] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x303d/0x3170
[   32.284976] Read of size 4 at addr ffff8801d0677af8 by task syzkaller287742/3002
[   32.286091] 
[   32.286342] CPU: 0 PID: 3002 Comm: syzkaller287742 Not tainted 4.13.0-rc4+ #32
[   32.287304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.288606] Call Trace:
[   32.288982]  dump_stack+0x194/0x257
[   32.289494]  ? arch_local_irq_restore+0x53/0x53
[   32.290179]  ? show_regs_print_info+0x65/0x65
[   32.290781]  ? lock_release+0xa40/0xa40
[   32.291401]  ? xfrm_state_find+0x303d/0x3170
[   32.292072]  print_address_description+0x73/0x250
[   32.292746]  ? xfrm_state_find+0x303d/0x3170
[   32.293429]  kasan_report+0x24e/0x340
[   32.294123]  __asan_report_load4_noabort+0x14/0x20
[   32.294892]  xfrm_state_find+0x303d/0x3170
[   32.295494]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   32.296598]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   32.297440]  ? find_held_lock+0x35/0x1d0
[   32.298121]  ? depot_save_stack+0x3b5/0x490
[   32.298887]  ? lock_downgrade+0x990/0x990
[   32.299478]  ? update_stack_state+0x700/0x700
[   32.300137]  ? do_raw_spin_trylock+0x190/0x190
[   32.300875]  ? __lock_acquire+0x6ef/0x3dc0
[   32.301468]  ? check_noncircular+0x20/0x20
[   32.302084]  ? trace_hardirqs_on+0xd/0x10
[   32.302640]  ? depot_save_stack+0x3b5/0x490
[   32.304986]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   32.310151]  ? kasan_kmalloc+0xad/0xe0
[   32.314003]  ? kasan_slab_alloc+0x12/0x20
[   32.318119]  ? find_held_lock+0x35/0x1d0
[   32.322152]  ? rt_add_uncached_list+0x1b7/0x240
[   32.326788]  ? lock_downgrade+0x990/0x990
[   32.330912]  xfrm_tmpl_resolve+0x309/0xbf0
[   32.335135]  ? __xfrm_dst_lookup+0x120/0x120
[   32.339508]  ? rt_add_uncached_list+0x1b7/0x240
[   32.344144]  ? ip_rt_bug+0x20/0x20
[   32.347649]  ? dst_init+0x4d9/0x6a0
[   32.351246]  ? check_noncircular+0x20/0x20
[   32.355447]  ? rt_set_nexthop.constprop.57+0x41d/0xfe0
[   32.360700]  xfrm_resolve_and_create_bundle+0x102/0x2080
[   32.366120]  ? rt_dst_alloc+0x40d/0x540
[   32.370078]  ? __xfrm_decode_session+0x100/0x100
[   32.374798]  ? xfrm_sk_policy_lookup+0x2a6/0x3d0
[   32.379522]  ? lock_downgrade+0x990/0x990
[   32.383645]  ? lock_release+0xa40/0xa40
[   32.387603]  ? refcount_inc_not_zero+0xfe/0x180
[   32.392251]  ? xfrm_selector_match+0x3b/0xe00
[   32.396718]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   32.401445]  ? xfrm_selector_match+0xe00/0xe00
[   32.406002]  xfrm_lookup+0xd39/0x11c0
[   32.409771]  ? xfrm_lookup+0xd39/0x11c0
[   32.413717]  ? xfrm_sk_policy_lookup+0x3d0/0x3d0
[   32.418441]  ? lock_release+0xa40/0xa40
[   32.422402]  ? kasan_check_write+0x14/0x20
[   32.426608]  ? ip_route_output_key_hash+0x252/0x370
[   32.431598]  ? ip_route_output_key_hash_rcu+0x2bb0/0x2bb0
[   32.437121]  xfrm_lookup_route+0x39/0x1a0
[   32.441240]  ip_route_output_flow+0x7c/0xa0
[   32.445530]  raw_sendmsg+0xc4b/0x38b0
[   32.449312]  ? raw_setsockopt+0xd0/0xd0
[   32.453265]  ? get_mem_cgroup_from_mm+0x49b/0x710
[   32.458089]  ? check_noncircular+0x20/0x20
[   32.462298]  ? unlock_page_memcg+0x130/0x130
[   32.466692]  ? lru_cache_add_file+0x20/0x20
[   32.470989]  ? check_noncircular+0x20/0x20
[   32.475190]  ? __mem_cgroup_threshold+0x8f0/0x8f0
[   32.480031]  ? find_held_lock+0x35/0x1d0
[   32.484068]  ? find_held_lock+0x35/0x1d0
[   32.488103]  ? __might_fault+0x110/0x1d0
[   32.492130]  ? sock_has_perm+0x29c/0x400
[   32.496171]  ? lock_downgrade+0x990/0x990
[   32.500288]  ? selinux_tun_dev_create+0xc0/0xc0
[   32.504944]  ? lock_release+0xa40/0xa40
[   32.508888]  ? check_same_owner+0x320/0x320
[   32.513183]  ? __check_object_size+0x25d/0x4f0
[   32.517745]  inet_sendmsg+0x11f/0x5e0
[   32.521524]  ? __might_sleep+0x95/0x190
[   32.525469]  ? inet_recvmsg+0x5f0/0x5f0
[   32.529410]  ? selinux_socket_sendmsg+0x36/0x40
[   32.534048]  ? security_socket_sendmsg+0x89/0xb0
[   32.538770]  ? inet_recvmsg+0x5f0/0x5f0
[   32.542714]  sock_sendmsg+0xca/0x110
[   32.546404]  SYSC_sendto+0x352/0x5a0
[   32.550105]  ? SYSC_connect+0x470/0x470
[   32.554055]  ? find_held_lock+0x35/0x1d0
[   32.558094]  ? lock_downgrade+0x990/0x990
[   32.562218]  ? handle_mm_fault+0x4e3/0x940
[   32.566419]  ? down_read_trylock+0xdb/0x170
[   32.570731]  ? entry_SYSCALL_64_fastpath+0x5/0xbe
[   32.575542]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   32.580530]  SyS_sendto+0x40/0x50
[   32.583958]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   32.588694] RIP: 0033:0x43ff19
[   32.591853] RSP: 002b:00007ffdbdcd6728 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   32.599542] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ff19
[   32.606780] RDX: 0000000000000002 RSI: 0000000020fdbfc0 RDI: 0000000000000003
[   32.614019] RBP: 0000000000000086 R08: 0000000020fdbff0 R09: 0000000000000010
[   32.621264] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401880
[   32.628501] R13: 0000000000401910 R14: 0000000000000000 R15: 0000000000000000
[   32.635755] 
[   32.637349] The buggy address belongs to the page:
[   32.642246] page:ffffea0007419dc0 count:0 mapcount:0 mapping:          (null) index:0x0
[   32.650363] flags: 0x200000000000000()
[   32.654219] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff
[   32.662068] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   32.669915] page dumped because: kasan: bad access detected
[   32.675592] 
[   32.677187] Memory state around the buggy address:
[   32.682084]  ffff8801d0677980: f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 f2
[   32.689411]  ffff8801d0677a00: f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00
[   32.696751] >ffff8801d0677a80: 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2
[   32.704097]                                                                 ^
[   32.711341]  ffff8801d0677b00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2
[   32.718672]  ffff8801d0677b80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1
[   32.725999] ==================================================================
[   32.733350] Disabling lock debugging due to kernel taint
[   32.738820] Kernel panic - not syncing: panic_on_warn set ...
[   32.738820] 
[   32.746164] CPU: 0 PID: 3002 Comm: syzkaller287742 Tainted: G    B           4.13.0-rc4+ #32
[   32.754703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   32.764022] Call Trace:
[   32.766578]  dump_stack+0x194/0x257
[   32.770173]  ? arch_local_irq_restore+0x53/0x53
[   32.774815]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   32.779539]  ? xfrm_state_find+0x3030/0x3170
[   32.783916]  panic+0x1e4/0x417
[   32.787075]  ? __warn+0x1d9/0x1d9
[   32.790501]  ? xfrm_state_find+0x303d/0x3170
[   32.794876]  kasan_end_report+0x50/0x50
[   32.798817]  kasan_report+0x137/0x340
[   32.802586]  __asan_report_load4_noabort+0x14/0x20
[   32.807484]  xfrm_state_find+0x303d/0x3170
[   32.811685]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   32.816847]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   32.821923]  ? find_held_lock+0x35/0x1d0
[   32.825975]  ? depot_save_stack+0x3b5/0x490
[   32.830264]  ? lock_downgrade+0x990/0x990
[   32.834376]  ? update_stack_state+0x700/0x700
[   32.838841]  ? do_raw_spin_trylock+0x190/0x190
[   32.843393]  ? __lock_acquire+0x6ef/0x3dc0
[   32.847595]  ? check_noncircular+0x20/0x20
[   32.851795]  ? trace_hardirqs_on+0xd/0x10
[   32.855913]  ? depot_save_stack+0x3b5/0x490
[   32.860206]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   32.865363]  ? kasan_kmalloc+0xad/0xe0
[   32.869216]  ? kasan_slab_alloc+0x12/0x20
[   32.873333]  ? find_held_lock+0x35/0x1d0
[   32.877363]  ? rt_add_uncached_list+0x1b7/0x240
[   32.881999]  ? lock_downgrade+0x990/0x990
[   32.886118]  xfrm_tmpl_resolve+0x309/0xbf0
[   32.890326]  ? __xfrm_dst_lookup+0x120/0x120
[   32.894701]  ? rt_add_uncached_list+0x1b7/0x240
[   32.899337]  ? ip_rt_bug+0x20/0x20
[   32.902846]  ? dst_init+0x4d9/0x6a0
[   32.906442]  ? check_noncircular+0x20/0x20
[   32.910644]  ? rt_set_nexthop.constprop.57+0x41d/0xfe0
[   32.915902]  xfrm_resolve_and_create_bundle+0x102/0x2080
[   32.921345]  ? rt_dst_alloc+0x40d/0x540
[   32.925290]  ? __xfrm_decode_session+0x100/0x100
[   32.930010]  ? xfrm_sk_policy_lookup+0x2a6/0x3d0
[   32.934731]  ? lock_downgrade+0x990/0x990
[   32.938851]  ? lock_release+0xa40/0xa40
[   32.942794]  ? refcount_inc_not_zero+0xfe/0x180
[   32.947434]  ? xfrm_selector_match+0x3b/0xe00
[   32.951896]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   32.956622]  ? xfrm_selector_match+0xe00/0xe00
[   32.961175]  xfrm_lookup+0xd39/0x11c0
[   32.964957]  ? xfrm_lookup+0xd39/0x11c0
[   32.968899]  ? xfrm_sk_policy_lookup+0x3d0/0x3d0
[   32.973626]  ? lock_release+0xa40/0xa40
[   32.977575]  ? kasan_check_write+0x14/0x20
[   32.981777]  ? ip_route_output_key_hash+0x252/0x370
[   32.986759]  ? ip_route_output_key_hash_rcu+0x2bb0/0x2bb0
[   32.992269]  xfrm_lookup_route+0x39/0x1a0
[   32.996386]  ip_route_output_flow+0x7c/0xa0
[   33.000673]  raw_sendmsg+0xc4b/0x38b0
[   33.004444]  ? raw_setsockopt+0xd0/0xd0
[   33.008386]  ? get_mem_cgroup_from_mm+0x49b/0x710
[   33.013202]  ? check_noncircular+0x20/0x20
[   33.017401]  ? unlock_page_memcg+0x130/0x130
[   33.021792]  ? lru_cache_add_file+0x20/0x20
[   33.026102]  ? check_noncircular+0x20/0x20
[   33.030307]  ? __mem_cgroup_threshold+0x8f0/0x8f0
[   33.035128]  ? find_held_lock+0x35/0x1d0
[   33.039166]  ? find_held_lock+0x35/0x1d0
[   33.043208]  ? __might_fault+0x110/0x1d0
[   33.047264]  ? sock_has_perm+0x29c/0x400
[   33.051290]  ? lock_downgrade+0x990/0x990
[   33.055406]  ? selinux_tun_dev_create+0xc0/0xc0
[   33.060050]  ? lock_release+0xa40/0xa40
[   33.064000]  ? check_same_owner+0x320/0x320
[   33.068289]  ? __check_object_size+0x25d/0x4f0
[   33.072845]  inet_sendmsg+0x11f/0x5e0
[   33.076617]  ? __might_sleep+0x95/0x190
[   33.080561]  ? inet_recvmsg+0x5f0/0x5f0
[   33.084504]  ? selinux_socket_sendmsg+0x36/0x40
[   33.089142]  ? security_socket_sendmsg+0x89/0xb0
[   33.093870]  ? inet_recvmsg+0x5f0/0x5f0
[   33.097815]  sock_sendmsg+0xca/0x110
[   33.101504]  SYSC_sendto+0x352/0x5a0
[   33.105194]  ? SYSC_connect+0x470/0x470
[   33.109308]  ? find_held_lock+0x35/0x1d0
[   33.113343]  ? lock_downgrade+0x990/0x990
[   33.117470]  ? handle_mm_fault+0x4e3/0x940
[   33.121674]  ? down_read_trylock+0xdb/0x170
[   33.125977]  ? entry_SYSCALL_64_fastpath+0x5/0xbe
[   33.130796]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   33.135785]  SyS_sendto+0x40/0x50
[   33.139210]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   33.143931] RIP: 0033:0x43ff19
[   33.147096] RSP: 002b:00007ffdbdcd6728 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   33.154778] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000043ff19
[   33.162024] RDX: 0000000000000002 RSI: 0000000020fdbfc0 RDI: 0000000000000003
[   33.169268] RBP: 0000000000000086 R08: 0000000020fdbff0 R09: 0000000000000010
[   33.176511] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401880
[   33.183747] R13: 0000000000401910 R14: 0000000000000000 R15: 0000000000000000
[   33.191363] Dumping ftrace buffer:
[   33.194878]    (ftrace buffer empty)
[   33.198553] Kernel Offset: disabled
[   33.202146] Rebooting in 86400 seconds..