INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-next-kasan-gce-0,10.128.15.193' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   60.207952] ==================================================================
[   60.215376] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x305b/0x3190
[   60.222535] Read of size 4 at addr ffff8801ccd5faf8 by task syzkaller509891/3041
[   60.230043] 
[   60.231661] CPU: 0 PID: 3041 Comm: syzkaller509891 Not tainted 4.13.0-rc6-next-20170825+ #9
[   60.240119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.249530] Call Trace:
[   60.252092]  dump_stack+0x194/0x257
[   60.255695]  ? arch_local_irq_restore+0x53/0x53
[   60.260339]  ? show_regs_print_info+0x65/0x65
[   60.264825]  ? lock_release+0xd70/0xd70
[   60.268774]  ? xfrm_state_find+0x305b/0x3190
[   60.273157]  print_address_description+0x73/0x250
[   60.277981]  ? xfrm_state_find+0x305b/0x3190
[   60.282364]  kasan_report+0x24e/0x340
[   60.286138]  __asan_report_load4_noabort+0x14/0x20
[   60.291039]  xfrm_state_find+0x305b/0x3190
[   60.295247]  ? __unwind_start+0x169/0x330
[   60.299402]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   60.304477]  ? save_stack_trace+0x16/0x20
[   60.308598]  ? __lock_acquire+0x20f4/0x4620
[   60.312909]  ? copy_trace+0x1d0/0x1d0
[   60.316702]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   60.321864]  ? check_noncircular+0x20/0x20
[   60.326073]  ? lock_downgrade+0x990/0x990
[   60.330212]  ? __lock_acquire+0x732/0x4620
[   60.334435]  ? find_held_lock+0x39/0x1d0
[   60.338488]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   60.343658]  ? depot_save_stack+0x1c2/0x490
[   60.347968]  ? do_raw_spin_trylock+0x190/0x190
[   60.352543]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   60.356768]  ? __xfrm_decode_session+0x100/0x100
[   60.361670]  ? find_held_lock+0x39/0x1d0
[   60.365713]  ? check_noncircular+0x20/0x20
[   60.369939]  ? sock_sendmsg+0xca/0x110
[   60.373804]  ? SYSC_sendto+0x358/0x5a0
[   60.377672]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   60.383125]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   60.387516]  ? lock_downgrade+0x990/0x990
[   60.391642]  ? rt_add_uncached_list+0x1b7/0x240
[   60.396289]  ? xfrm_selector_match+0xe00/0xe00
[   60.400866]  ? lock_release+0xd70/0xd70
[   60.404820]  ? refcount_inc_not_zero+0xfe/0x180
[   60.409468]  ? xfrm_selector_match+0x3b/0xe00
[   60.413945]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   60.418695]  ? xfrm_selector_match+0xe00/0xe00
[   60.423261]  xfrm_lookup+0xefb/0x2540
[   60.427043]  ? xfrm_lookup+0xefb/0x2540
[   60.431005]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   60.437394]  ? find_held_lock+0x39/0x1d0
[   60.441441]  ? lock_downgrade+0x990/0x990
[   60.445672]  ? ip_route_output_key_hash+0x1a6/0x370
[   60.450663]  ? find_held_lock+0x39/0x1d0
[   60.454702]  ? lock_release+0xd70/0xd70
[   60.458654]  ? lock_downgrade+0x990/0x990
[   60.462789]  ? ip_route_output_key_hash+0x252/0x370
[   60.467788]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   60.473323]  ? lock_release+0xd70/0xd70
[   60.477290]  xfrm_lookup_route+0x39/0x1a0
[   60.481421]  ip_route_output_flow+0x7c/0xa0
[   60.485721]  raw_sendmsg+0xc4b/0x38b0
[   60.489505]  ? pagevec_move_tail+0x40/0x100
[   60.493811]  ? raw_setsockopt+0xd0/0xd0
[   60.497760]  ? lock_page_memcg+0x3b0/0x3b0
[   60.501974]  ? __lock_is_held+0xbc/0x140
[   60.506029]  ? lru_cache_add+0x1c7/0x3a0
[   60.510067]  ? lru_cache_add_file+0x20/0x20
[   60.514380]  ? find_held_lock+0x39/0x1d0
[   60.518437]  ? lock_downgrade+0x990/0x990
[   60.522557]  ? __handle_mm_fault+0x2780/0x39c0
[   60.527132]  ? __might_fault+0xe0/0x1d0
[   60.531087]  ? sock_has_perm+0x29c/0x400
[   60.535134]  ? selinux_tun_dev_create+0xc0/0xc0
[   60.539788]  ? lock_release+0xd70/0xd70
[   60.543745]  ? check_same_owner+0x320/0x320
[   60.548061]  ? __check_object_size+0x25d/0x4f0
[   60.552810]  inet_sendmsg+0x11f/0x5e0
[   60.556586]  ? __might_sleep+0x95/0x190
[   60.560797]  ? inet_recvmsg+0x5f0/0x5f0
[   60.564757]  ? selinux_socket_sendmsg+0x36/0x40
[   60.569401]  ? security_socket_sendmsg+0x89/0xb0
[   60.574139]  ? inet_recvmsg+0x5f0/0x5f0
[   60.578093]  sock_sendmsg+0xca/0x110
[   60.581879]  SYSC_sendto+0x358/0x5a0
[   60.585586]  ? SYSC_connect+0x480/0x480
[   60.589555]  ? lock_downgrade+0x990/0x990
[   60.593700]  ? handle_mm_fault+0x4a2/0x860
[   60.597909]  ? down_read_trylock+0xdb/0x170
[   60.602225]  ? entry_SYSCALL_64_fastpath+0x5/0xbe
[   60.607055]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   60.612224]  SyS_sendto+0x40/0x50
[   60.615660]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   60.620397] RIP: 0033:0x43ff79
[   60.623568] RSP: 002b:00007fffb7ce3fd8 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   60.631259] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff79
[   60.638506] RDX: 0000000000000000 RSI: 0000000020fdbfc0 RDI: 0000000000000003
[   60.646045] RBP: 0000000000000086 R08: 0000000020fdbff0 R09: 0000000000000010
[   60.653294] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004018e0
[   60.660535] R13: 0000000000401970 R14: 0000000000000000 R15: 0000000000000000
[   60.667796] 
[   60.669396] The buggy address belongs to the page:
[   60.674833] page:ffffea00073357c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   60.682961] flags: 0x200000000000000()
[   60.686822] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff
[   60.694676] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   60.702538] page dumped because: kasan: bad access detected
[   60.708225] 
[   60.709824] Memory state around the buggy address:
[   60.714724]  ffff8801ccd5f980: f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 f2
[   60.722056]  ffff8801ccd5fa00: f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00
[   60.729396] >ffff8801ccd5fa80: 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2
[   60.736734]                                                                 ^
[   60.744084]  ffff8801ccd5fb00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2
[   60.751418]  ffff8801ccd5fb80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1
[   60.758834] ==================================================================
[   60.766167] Disabling lock debugging due to kernel taint
[   60.771644] Kernel panic - not syncing: panic_on_warn set ...
[   60.771644] 
[   60.778991] CPU: 0 PID: 3041 Comm: syzkaller509891 Tainted: G    B           4.13.0-rc6-next-20170825+ #9
[   60.788671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.797990] Call Trace:
[   60.800549]  dump_stack+0x194/0x257
[   60.804146]  ? arch_local_irq_restore+0x53/0x53
[   60.808783]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   60.813525]  ? xfrm_state_find+0x2fa0/0x3190
[   60.817911]  panic+0x1e4/0x41c
[   60.821081]  ? refcount_error_report+0x214/0x214
[   60.825816]  ? xfrm_state_find+0x305b/0x3190
[   60.830190]  kasan_end_report+0x50/0x50
[   60.834135]  kasan_report+0x137/0x340
[   60.837909]  __asan_report_load4_noabort+0x14/0x20
[   60.842831]  xfrm_state_find+0x305b/0x3190
[   60.847043]  ? __unwind_start+0x169/0x330
[   60.851166]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   60.856235]  ? save_stack_trace+0x16/0x20
[   60.860358]  ? __lock_acquire+0x20f4/0x4620
[   60.864663]  ? copy_trace+0x1d0/0x1d0
[   60.868440]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   60.873595]  ? check_noncircular+0x20/0x20
[   60.877803]  ? lock_downgrade+0x990/0x990
[   60.881930]  ? __lock_acquire+0x732/0x4620
[   60.886142]  ? find_held_lock+0x39/0x1d0
[   60.890187]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   60.895352]  ? depot_save_stack+0x1c2/0x490
[   60.899644]  ? do_raw_spin_trylock+0x190/0x190
[   60.904196]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   60.908413]  ? __xfrm_decode_session+0x100/0x100
[   60.913144]  ? find_held_lock+0x39/0x1d0
[   60.917177]  ? check_noncircular+0x20/0x20
[   60.921386]  ? sock_sendmsg+0xca/0x110
[   60.925239]  ? SYSC_sendto+0x358/0x5a0
[   60.929107]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   60.934547]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   60.938930]  ? lock_downgrade+0x990/0x990
[   60.943044]  ? rt_add_uncached_list+0x1b7/0x240
[   60.947690]  ? xfrm_selector_match+0xe00/0xe00
[   60.952241]  ? lock_release+0xd70/0xd70
[   60.956187]  ? refcount_inc_not_zero+0xfe/0x180
[   60.960833]  ? xfrm_selector_match+0x3b/0xe00
[   60.965299]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   60.970029]  ? xfrm_selector_match+0xe00/0xe00
[   60.974584]  xfrm_lookup+0xefb/0x2540
[   60.978357]  ? xfrm_lookup+0xefb/0x2540
[   60.982304]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   60.988687]  ? find_held_lock+0x39/0x1d0
[   60.992727]  ? lock_downgrade+0x990/0x990
[   60.996867]  ? ip_route_output_key_hash+0x1a6/0x370
[   61.001851]  ? find_held_lock+0x39/0x1d0
[   61.005881]  ? lock_release+0xd70/0xd70
[   61.009822]  ? lock_downgrade+0x990/0x990
[   61.013941]  ? ip_route_output_key_hash+0x252/0x370
[   61.018929]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   61.024432]  ? lock_release+0xd70/0xd70
[   61.028374]  xfrm_lookup_route+0x39/0x1a0
[   61.032491]  ip_route_output_flow+0x7c/0xa0
[   61.036789]  raw_sendmsg+0xc4b/0x38b0
[   61.040571]  ? pagevec_move_tail+0x40/0x100
[   61.044894]  ? raw_setsockopt+0xd0/0xd0
[   61.048929]  ? lock_page_memcg+0x3b0/0x3b0
[   61.053132]  ? __lock_is_held+0xbc/0x140
[   61.057161]  ? lru_cache_add+0x1c7/0x3a0
[   61.061189]  ? lru_cache_add_file+0x20/0x20
[   61.065483]  ? find_held_lock+0x39/0x1d0
[   61.069528]  ? lock_downgrade+0x990/0x990
[   61.073654]  ? __handle_mm_fault+0x2780/0x39c0
[   61.078214]  ? __might_fault+0xe0/0x1d0
[   61.082166]  ? sock_has_perm+0x29c/0x400
[   61.086209]  ? selinux_tun_dev_create+0xc0/0xc0
[   61.090843]  ? lock_release+0xd70/0xd70
[   61.094789]  ? check_same_owner+0x320/0x320
[   61.099077]  ? __check_object_size+0x25d/0x4f0
[   61.103637]  inet_sendmsg+0x11f/0x5e0
[   61.107405]  ? __might_sleep+0x95/0x190
[   61.111352]  ? inet_recvmsg+0x5f0/0x5f0
[   61.115317]  ? selinux_socket_sendmsg+0x36/0x40
[   61.119953]  ? security_socket_sendmsg+0x89/0xb0
[   61.124677]  ? inet_recvmsg+0x5f0/0x5f0
[   61.128628]  sock_sendmsg+0xca/0x110
[   61.132316]  SYSC_sendto+0x358/0x5a0
[   61.136007]  ? SYSC_connect+0x480/0x480
[   61.139951]  ? lock_downgrade+0x990/0x990
[   61.144077]  ? handle_mm_fault+0x4a2/0x860
[   61.148280]  ? down_read_trylock+0xdb/0x170
[   61.152586]  ? entry_SYSCALL_64_fastpath+0x5/0xbe
[   61.157397]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   61.162641]  SyS_sendto+0x40/0x50
[   61.166071]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   61.170789] RIP: 0033:0x43ff79
[   61.173944] RSP: 002b:00007fffb7ce3fd8 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   61.181618] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff79
[   61.188852] RDX: 0000000000000000 RSI: 0000000020fdbfc0 RDI: 0000000000000003
[   61.196097] RBP: 0000000000000086 R08: 0000000020fdbff0 R09: 0000000000000010
[   61.203333] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004018e0