Warning: Permanently added 'ci-upstream-kasan-gce-6,10.128.0.6' (ECDSA) to the list of known hosts.
executing program
serialport: Connected to syzkaller.us-central1-c.ci-upstream-kasan-gce-6 port 1 (session ID: afa158c397349fe7214f562bc40f51b06c32a3b8913fb18a9507529e938a1029, active connections: 1).
INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

executing program
syzkaller login: [   40.242689] ==================================================================
[   40.243782] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x303d/0x3170
[   40.244743] Read of size 4 at addr ffff8801d10776d0 by task syzkaller489310/2954
[   40.245726] 
[   40.245959] CPU: 1 PID: 2954 Comm: syzkaller489310 Not tainted 4.13.0-rc2+ #10
[   40.246923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.248188] Call Trace:
[   40.248544]  dump_stack+0x194/0x257
[   40.249037]  ? arch_local_irq_restore+0x53/0x53
[   40.249659]  ? show_regs_print_info+0x65/0x65
[   40.250260]  ? lock_release+0xa40/0xa40
[   40.250793]  ? xfrm_state_find+0x303d/0x3170
[   40.251385]  print_address_description+0x7f/0x260
[   40.252029]  ? xfrm_state_find+0x303d/0x3170
[   40.252617]  kasan_report+0x24e/0x340
[   40.253190]  __asan_report_load4_noabort+0x14/0x20
[   40.253846]  xfrm_state_find+0x303d/0x3170
[   40.254447]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   40.255142]  ? __lock_acquire+0x6ef/0x3dc0
[   40.256410]  ? check_noncircular+0x20/0x20
[   40.256974]  ? check_noncircular+0x20/0x20
[   40.257549]  ? __lock_acquire+0x6ef/0x3dc0
[   40.258171]  ? print_usage_bug+0x480/0x480
[   40.258788]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   40.259480]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.260145]  ? fib_table_lookup+0xa07/0x1a30
[   40.260748]  xfrm_tmpl_resolve+0x309/0xbf0
[   40.261344]  ? __xfrm_dst_lookup+0x120/0x120
[   40.261934]  ? __lock_is_held+0xb6/0x140
[   40.262485]  ? check_noncircular+0x20/0x20
[   40.264509]  ? check_noncircular+0x20/0x20
[   40.268716]  ? rcu_read_lock_held+0xa9/0xc0
[   40.273005]  ? find_exception+0x3aa/0x520
[   40.277126]  xfrm_resolve_and_create_bundle+0x102/0x2080
[   40.282545]  ? lock_downgrade+0x990/0x990
[   40.286665]  ? find_held_lock+0x35/0x1d0
[   40.290698]  ? __xfrm_decode_session+0x100/0x100
[   40.295417]  ? xfrm_sk_policy_lookup+0x2a6/0x3d0
[   40.300139]  ? lock_downgrade+0x990/0x990
[   40.304255]  ? lock_release+0xa40/0xa40
[   40.308199]  ? refcount_inc_not_zero+0xfe/0x180
[   40.312841]  ? xfrm_selector_match+0x3b/0xe00
[   40.317307]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   40.322033]  ? xfrm_selector_match+0xe00/0xe00
[   40.326590]  xfrm_lookup+0xd39/0x11c0
[   40.330357]  ? xfrm_lookup+0xd39/0x11c0
[   40.334321]  ? xfrm_sk_policy_lookup+0x3d0/0x3d0
[   40.339041]  ? lock_release+0xa40/0xa40
[   40.342984]  ? find_held_lock+0x35/0x1d0
[   40.347022]  ? ip_route_output_key_hash+0x252/0x370
[   40.352005]  ? ip_route_output_key_hash_rcu+0x2bb0/0x2bb0
[   40.357505]  ? lock_release+0xa40/0xa40
[   40.361451]  xfrm_lookup_route+0x39/0x1a0
[   40.365566]  ip_route_output_flow+0x7c/0xa0
[   40.369858]  udp_sendmsg+0x1958/0x2c70
[   40.373713]  ? ip_reply_glue_bits+0xb0/0xb0
[   40.378008]  ? udp_recvmsg+0x1260/0x1260
[   40.382049]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   40.387228]  udpv6_sendmsg+0x735/0x31a0
[   40.391178]  ? udpv6_destroy_sock+0xd0/0xd0
[   40.395478]  ? check_noncircular+0x20/0x20
[   40.399681]  ? check_noncircular+0x20/0x20
[   40.403896]  ? find_held_lock+0x35/0x1d0
[   40.407929]  ? avc_has_perm+0x35e/0x680
[   40.411869]  ? lock_downgrade+0x990/0x990
[   40.415979]  ? sock_has_perm+0x29c/0x400
[   40.420008]  ? selinux_tun_dev_create+0xc0/0xc0
[   40.424643]  ? lock_release+0xa40/0xa40
[   40.428589]  inet_sendmsg+0x11f/0x5e0
[   40.432351]  ? inet_sendmsg+0x11f/0x5e0
[   40.436298]  ? inet_recvmsg+0x5f0/0x5f0
[   40.440239]  ? selinux_socket_sendmsg+0x36/0x40
[   40.444872]  ? security_socket_sendmsg+0x89/0xb0
[   40.449595]  ? inet_recvmsg+0x5f0/0x5f0
[   40.453537]  sock_sendmsg+0xca/0x110
[   40.457217]  sock_write_iter+0x31a/0x5d0
[   40.461250]  ? sock_sendmsg+0x110/0x110
[   40.465200]  ? iov_iter_init+0xaf/0x1d0
[   40.469147]  __vfs_write+0x684/0x970
[   40.472832]  ? default_llseek+0x290/0x290
[   40.476946]  ? selinux_capset+0x100/0x100
[   40.481070]  ? selinux_file_permission+0x82/0x460
[   40.485886]  ? rw_verify_area+0xe5/0x2b0
[   40.489912]  ? __fdget_raw+0x20/0x20
[   40.493592]  vfs_write+0x189/0x510
[   40.497103]  SyS_write+0xef/0x220
[   40.500522]  ? SyS_read+0x220/0x220
[   40.504112]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   40.509098]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   40.513826]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   40.518546] RIP: 0033:0x445dd9
[   40.521702] RSP: 002b:00007f7ff19b5dc8 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   40.529375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000445dd9
[   40.536611] RDX: 0000000000000000 RSI: 0000000020013f1a RDI: 0000000000000007
[   40.543847] RBP: 0000000000000086 R08: 00007f7ff19b6700 R09: 00007f7ff19b6700
[   40.551082] R10: 00007f7ff19b6700 R11: 0000000000000293 R12: 0000000000000000
[   40.558318] R13: 00007ffd9145be2f R14: 00007f7ff19b69c0 R15: 0000000000000000
[   40.565570] 
[   40.567160] The buggy address belongs to the page:
[   40.572053] page:ffffea00065b9a08 count:0 mapcount:0 mapping:          (null) index:0x0
[   40.580157] flags: 0x200000000000000()
[   40.584010] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff
[   40.591855] raw: 0000000000000000 0000000100000001 0000000000000000
[   40.598221] page dumped because: kasan: bad access detected
[   40.603891] 
[   40.605482] Memory state around the buggy address:
[   40.610373]  ffff8801d1077580: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 f2
[   40.617695]  ffff8801d1077600: f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 f2
[   40.625018] >ffff8801d1077680: f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 00
[   40.632340]                                                  ^
[   40.638275]  ffff8801d1077700: 00 00 00 00 00 00 00 00 f2 f2 f2 f3 f3 f3 f3 00
[   40.645602]  ffff8801d1077780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   40.653010] ==================================================================
[   40.660332] Disabling lock debugging due to kernel taint
[   40.665803] Kernel panic - not syncing: panic_on_warn set ...
[   40.665803] 
[   40.673527] CPU: 1 PID: 2954 Comm: syzkaller489310 Tainted: G    B           4.13.0-rc2+ #10
[   40.682063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.691380] Call Trace:
[   40.693938]  dump_stack+0x194/0x257
[   40.697530]  ? arch_local_irq_restore+0x53/0x53
[   40.702164]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   40.706884]  ? note_gp_changes+0x23a/0x650
[   40.711085]  ? xfrm_state_find+0x2fa0/0x3170
[   40.715461]  panic+0x1e4/0x417
[   40.718616]  ? __warn+0x1d9/0x1d9
[   40.722040]  ? xfrm_state_find+0x303d/0x3170
[   40.726415]  kasan_end_report+0x50/0x50
[   40.730352]  kasan_report+0x137/0x340
[   40.734117]  __asan_report_load4_noabort+0x14/0x20
[   40.739008]  xfrm_state_find+0x303d/0x3170
executing program
[   40.743217]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   40.748299]  ? __lock_acquire+0x6ef/0x3dc0
[   40.752502]  ? check_noncircular+0x20/0x20
[   40.756698]  ? check_noncircular+0x20/0x20
[   40.760898]  ? __lock_acquire+0x6ef/0x3dc0
[   40.765099]  ? print_usage_bug+0x480/0x480
[   40.769303]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   40.774457]  ? rcu_read_lock_sched_held+0x108/0x120
[   40.779439]  ? fib_table_lookup+0xa07/0x1a30
[   40.783823]  xfrm_tmpl_resolve+0x309/0xbf0
[   40.788028]  ? __xfrm_dst_lookup+0x120/0x120
[   40.792401]  ? __lock_is_held+0xb6/0x140
[   40.796427]  ? check_noncircular+0x20/0x20
[   40.800626]  ? check_noncircular+0x20/0x20
[   40.804824]  ? rcu_read_lock_held+0xa9/0xc0
[   40.809107]  ? find_exception+0x3aa/0x520
[   40.813220]  xfrm_resolve_and_create_bundle+0x102/0x2080
[   40.818633]  ? lock_downgrade+0x990/0x990
[   40.822765]  ? find_held_lock+0x35/0x1d0
[   40.826790]  ? __xfrm_decode_session+0x100/0x100
[   40.831507]  ? xfrm_sk_policy_lookup+0x2a6/0x3d0
[   40.836225]  ? lock_downgrade+0x990/0x990
[   40.840336]  ? lock_release+0xa40/0xa40
[   40.844278]  ? refcount_inc_not_zero+0xfe/0x180
[   40.848910]  ? xfrm_selector_match+0x3b/0xe00
[   40.853368]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   40.858091]  ? xfrm_selector_match+0xe00/0xe00
[   40.862639]  xfrm_lookup+0xd39/0x11c0
[   40.866403]  ? xfrm_lookup+0xd39/0x11c0
[   40.870344]  ? xfrm_sk_policy_lookup+0x3d0/0x3d0
[   40.875059]  ? lock_release+0xa40/0xa40
[   40.879000]  ? find_held_lock+0x35/0x1d0
[   40.883028]  ? ip_route_output_key_hash+0x252/0x370
[   40.888008]  ? ip_route_output_key_hash_rcu+0x2bb0/0x2bb0
[   40.893505]  ? lock_release+0xa40/0xa40
[   40.897445]  xfrm_lookup_route+0x39/0x1a0
[   40.901554]  ip_route_output_flow+0x7c/0xa0
[   40.905837]  udp_sendmsg+0x1958/0x2c70
[   40.909689]  ? ip_reply_glue_bits+0xb0/0xb0
[   40.913977]  ? udp_recvmsg+0x1260/0x1260
[   40.918007]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   40.923172]  udpv6_sendmsg+0x735/0x31a0
[   40.927115]  ? udpv6_destroy_sock+0xd0/0xd0
[   40.931402]  ? check_noncircular+0x20/0x20
[   40.935602]  ? check_noncircular+0x20/0x20
[   40.939807]  ? find_held_lock+0x35/0x1d0
[   40.943834]  ? avc_has_perm+0x35e/0x680
[   40.947769]  ? lock_downgrade+0x990/0x990
[   40.951879]  ? sock_has_perm+0x29c/0x400
[   40.955902]  ? selinux_tun_dev_create+0xc0/0xc0
[   40.960531]  ? lock_release+0xa40/0xa40
[   40.964470]  inet_sendmsg+0x11f/0x5e0
[   40.968233]  ? inet_sendmsg+0x11f/0x5e0
[   40.972169]  ? inet_recvmsg+0x5f0/0x5f0
[   40.976107]  ? selinux_socket_sendmsg+0x36/0x40
[   40.980740]  ? security_socket_sendmsg+0x89/0xb0
[   40.985456]  ? inet_recvmsg+0x5f0/0x5f0
[   40.989393]  sock_sendmsg+0xca/0x110
[   40.993071]  sock_write_iter+0x31a/0x5d0
[   40.997093]  ? sock_sendmsg+0x110/0x110
[   41.001035]  ? iov_iter_init+0xaf/0x1d0
[   41.004973]  __vfs_write+0x684/0x970
[   41.008651]  ? default_llseek+0x290/0x290
[   41.012760]  ? selinux_capset+0x100/0x100
[   41.016875]  ? selinux_file_permission+0x82/0x460
[   41.021684]  ? rw_verify_area+0xe5/0x2b0
[   41.025709]  ? __fdget_raw+0x20/0x20
[   41.029387]  vfs_write+0x189/0x510
[   41.032889]  SyS_write+0xef/0x220
[   41.036312]  ? SyS_read+0x220/0x220
[   41.039901]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   41.044880]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   41.049603]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   41.054319] RIP: 0033:0x445dd9
[   41.057473] RSP: 002b:00007f7ff19b5dc8 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   41.065141] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000445dd9
[   41.072377] RDX: 0000000000000000 RSI: 0000000020013f1a RDI: 0000000000000007
[   41.079611] RBP: 0000000000000086 R08: 00007f7ff19b6700 R09: 00007f7ff19b6700
[   41.086843] R10: 00007f7ff19b6700 R11: 0000000000000293 R12: 0000000000000000
[   41.094075] R13: 00007ffd9145be2f R14: 00007f7ff19b69c0 R15: 0000000000000000
[   41.101349] Dumping ftrace buffer:
[   41.104853]    (ftrace buffer empty)
[   41.108526] Kernel Offset: disabled
[   41.112116] Rebooting in 86400 seconds..