INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-9,10.128.0.3' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   40.667535] ==================================================================
[   40.674925] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x305b/0x3190
[   40.682082] Read of size 4 at addr ffff8801ce7c74e0 by task syzkaller899874/2981
[   40.689584] 
[   40.691184] CPU: 1 PID: 2981 Comm: syzkaller899874 Not tainted 4.13.0-mm1+ #7
[   40.698422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.707749] Call Trace:
[   40.710314]  dump_stack+0x194/0x257
[   40.713920]  ? arch_local_irq_restore+0x53/0x53
[   40.718559]  ? show_regs_print_info+0x65/0x65
[   40.723046]  ? lock_release+0xd70/0xd70
[   40.726991]  ? xfrm_state_find+0x305b/0x3190
[   40.731374]  print_address_description+0x73/0x250
[   40.736193]  ? xfrm_state_find+0x305b/0x3190
[   40.740579]  kasan_report+0x24e/0x340
[   40.744353]  __asan_report_load4_noabort+0x14/0x20
[   40.749254]  xfrm_state_find+0x305b/0x3190
[   40.753463]  ? __save_stack_trace+0x61/0xd0
[   40.757776]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   40.762855]  ? copy_trace+0x1d0/0x1d0
[   40.766635]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   40.771793]  ? check_noncircular+0x20/0x20
[   40.776005]  ? lock_downgrade+0x990/0x990
[   40.780124]  ? save_stack_trace+0x16/0x20
[   40.784245]  ? __lock_acquire+0x20fd/0x4620
[   40.788540]  ? find_held_lock+0x39/0x1d0
[   40.792582]  ? __lock_acquire+0x732/0x4620
[   40.796788]  ? find_held_lock+0x39/0x1d0
[   40.800850]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   40.806013]  ? depot_save_stack+0x1c2/0x490
[   40.810311]  ? do_raw_spin_trylock+0x190/0x190
[   40.814871]  ? check_noncircular+0x20/0x20
[   40.819090]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   40.823313]  ? __xfrm_decode_session+0x100/0x100
[   40.828047]  ? lock_downgrade+0x990/0x990
[   40.832166]  ? udpv6_sendmsg+0x743/0x3380
[   40.836285]  ? inet_sendmsg+0x11f/0x5e0
[   40.840226]  ? sock_sendmsg+0xca/0x110
[   40.844085]  ? check_noncircular+0x20/0x20
[   40.848292]  ? rt_add_uncached_list+0xa2/0x240
[   40.852842]  ? check_noncircular+0x20/0x20
[   40.857051]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   40.862492]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   40.866872]  ? lock_downgrade+0x990/0x990
[   40.871076]  ? dst_init+0x4d9/0x6a0
[   40.874678]  ? xfrm_selector_match+0xe00/0xe00
[   40.879232]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   40.884402]  ? lock_release+0xd70/0xd70
[   40.888356]  ? refcount_inc_not_zero+0xfe/0x180
[   40.893003]  ? xfrm_selector_match+0x3b/0xe00
[   40.897473]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   40.902209]  ? xfrm_selector_match+0xe00/0xe00
[   40.906770]  ? check_noncircular+0x20/0x20
[   40.910976]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   40.916400]  xfrm_lookup+0xf0a/0x2540
[   40.920170]  ? xfrm_lookup+0xf0a/0x2540
[   40.924114]  ? ip_route_input_noref+0x1e0/0x1e0
[   40.928764]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   40.935155]  ? find_held_lock+0x39/0x1d0
[   40.939213]  ? lock_downgrade+0x990/0x990
[   40.943339]  ? ip_route_output_key_hash+0x1a6/0x370
[   40.948325]  ? find_held_lock+0x39/0x1d0
[   40.952361]  ? lock_release+0xd70/0xd70
[   40.956311]  ? lock_downgrade+0x990/0x990
[   40.960442]  ? ip_route_output_key_hash+0x252/0x370
[   40.965430]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   40.970935]  ? lock_release+0xd70/0xd70
[   40.974888]  xfrm_lookup_route+0x39/0x1a0
[   40.979009]  ip_route_output_flow+0x7c/0xa0
[   40.983306]  udp_sendmsg+0x1958/0x2c70
[   40.987167]  ? ip_reply_glue_bits+0xb0/0xb0
[   40.991466]  ? udp4_seq_show+0x7d0/0x7d0
[   40.995502]  ? lock_downgrade+0x990/0x990
[   40.999621]  ? __local_bh_enable_ip+0x9d/0x160
[   41.004181]  ? udp_lib_get_port+0xc34/0x1c00
[   41.008585]  ? check_noncircular+0x20/0x20
[   41.012794]  ? udp_lib_get_port+0x793/0x1c00
[   41.017172]  ? trace_hardirqs_on+0xd/0x10
[   41.021292]  ? __local_bh_enable_ip+0x9d/0x160
[   41.025846]  ? check_noncircular+0x20/0x20
[   41.030059]  udpv6_sendmsg+0x743/0x3380
[   41.034020]  ? udpv6_setsockopt+0x80/0x80
[   41.038151]  ? lock_downgrade+0x990/0x990
[   41.042272]  ? lock_downgrade+0x990/0x990
[   41.046399]  ? lock_release+0xd70/0xd70
[   41.050363]  ? __local_bh_enable_ip+0x9d/0x160
[   41.054920]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   41.059908]  ? release_sock+0x1d4/0x2a0
[   41.063851]  ? trace_hardirqs_on+0xd/0x10
[   41.067969]  ? __local_bh_enable_ip+0x9d/0x160
[   41.072525]  ? _raw_spin_unlock_bh+0x30/0x40
[   41.076905]  ? release_sock+0x1d4/0x2a0
[   41.080851]  ? __release_sock+0x360/0x360
[   41.084967]  ? udp6_portaddr_hash+0x146/0x2f0
[   41.089437]  ? udp_v6_get_port+0x9c/0xc0
[   41.093476]  inet_sendmsg+0x11f/0x5e0
[   41.097247]  ? inet_sendmsg+0x11f/0x5e0
[   41.101196]  ? inet_recvmsg+0x5f0/0x5f0
[   41.105145]  ? selinux_socket_sendmsg+0x36/0x40
[   41.109782]  ? security_socket_sendmsg+0x89/0xb0
[   41.114507]  ? inet_recvmsg+0x5f0/0x5f0
[   41.118454]  sock_sendmsg+0xca/0x110
[   41.122138]  ___sys_sendmsg+0x322/0x8a0
[   41.126087]  ? copy_msghdr_from_user+0x590/0x590
[   41.130811]  ? __handle_mm_fault+0x587/0x39c0
[   41.135282]  ? __pmd_alloc+0x4e0/0x4e0
[   41.139156]  ? fget_raw+0x20/0x20
[   41.142589]  ? lock_downgrade+0x990/0x990
[   41.146716]  ? __fdget+0x18/0x20
[   41.150058]  __sys_sendmmsg+0x1e6/0x5f0
[   41.154004]  ? __sys_sendmmsg+0x1e6/0x5f0
[   41.158134]  ? SyS_sendmsg+0x50/0x50
[   41.161821]  ? up_read+0x1a/0x40
[   41.165163]  ? __do_page_fault+0x35b/0xb60
[   41.169386]  ? __do_page_fault+0xb60/0xb60
[   41.173596]  ? SyS_setsockopt+0x215/0x360
[   41.177722]  ? lockdep_sys_exit+0x47/0xf0
[   41.181847]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   41.186840]  SyS_sendmmsg+0x35/0x60
[   41.190442]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   41.195164] RIP: 0033:0x440099
[   41.198325] RSP: 002b:00007ffe8f184948 EFLAGS: 00000217 ORIG_RAX: 0000000000000133
[   41.206006] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440099
[   41.213246] RDX: 0000000000000001 RSI: 0000000020498000 RDI: 0000000000000003
[   41.220486] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
[   41.227724] R10: 0000000000040004 R11: 0000000000000217 R12: 0000000000401a00
[   41.234964] R13: 0000000000401a90 R14: 0000000000000000 R15: 0000000000000000
[   41.242222] 
[   41.243816] The buggy address belongs to the page:
[   41.248720] page:ffffea000739f1c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   41.256830] flags: 0x200000000000000()
[   41.260688] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff
[   41.268538] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   41.276382] page dumped because: kasan: bad access detected
[   41.282057] 
[   41.283660] Memory state around the buggy address:
[   41.288557]  ffff8801ce7c7380: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2
[   41.295885]  ffff8801ce7c7400: f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 00 00
[   41.303215] >ffff8801ce7c7480: 00 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2 f2
[   41.310545]                                                        ^
[   41.317007]  ffff8801ce7c7500: f2 00 00 00 00 00 00 00 00 00 f2 f2 f2 f3 f3 f3
[   41.324336]  ffff8801ce7c7580: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.331674] ==================================================================
[   41.339000] Disabling lock debugging due to kernel taint
[   41.344464] Kernel panic - not syncing: panic_on_warn set ...
[   41.344464] 
[   41.351797] CPU: 1 PID: 2981 Comm: syzkaller899874 Tainted: G    B           4.13.0-mm1+ #7
[   41.360249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.369566] Call Trace:
[   41.372387]  dump_stack+0x194/0x257
[   41.375989]  ? arch_local_irq_restore+0x53/0x53
[   41.380623]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   41.385349]  ? xfrm_state_find+0x2fe0/0x3190
[   41.389725]  panic+0x1e4/0x417
[   41.392881]  ? __warn+0x1d9/0x1d9
[   41.396304]  ? xfrm_state_find+0x305b/0x3190
[   41.400675]  kasan_end_report+0x50/0x50
[   41.404616]  kasan_report+0x137/0x340
[   41.408381]  __asan_report_load4_noabort+0x14/0x20
[   41.413275]  xfrm_state_find+0x305b/0x3190
[   41.417473]  ? __save_stack_trace+0x61/0xd0
[   41.421765]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   41.426838]  ? copy_trace+0x1d0/0x1d0
[   41.430609]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   41.435764]  ? check_noncircular+0x20/0x20
[   41.439962]  ? lock_downgrade+0x990/0x990
[   41.444074]  ? save_stack_trace+0x16/0x20
[   41.448184]  ? __lock_acquire+0x20fd/0x4620
[   41.452472]  ? find_held_lock+0x39/0x1d0
[   41.456503]  ? __lock_acquire+0x732/0x4620
[   41.460698]  ? find_held_lock+0x39/0x1d0
[   41.464732]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   41.469887]  ? depot_save_stack+0x1c2/0x490
[   41.474179]  ? do_raw_spin_trylock+0x190/0x190
[   41.478724]  ? check_noncircular+0x20/0x20
[   41.482928]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   41.487137]  ? __xfrm_decode_session+0x100/0x100
[   41.491860]  ? lock_downgrade+0x990/0x990
[   41.495971]  ? udpv6_sendmsg+0x743/0x3380
[   41.500089]  ? inet_sendmsg+0x11f/0x5e0
[   41.504026]  ? sock_sendmsg+0xca/0x110
[   41.507879]  ? check_noncircular+0x20/0x20
[   41.512078]  ? rt_add_uncached_list+0xa2/0x240
[   41.516631]  ? check_noncircular+0x20/0x20
[   41.520840]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   41.526270]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   41.530645]  ? lock_downgrade+0x990/0x990
[   41.534756]  ? dst_init+0x4d9/0x6a0
[   41.538353]  ? xfrm_selector_match+0xe00/0xe00
[   41.542905]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   41.548059]  ? lock_release+0xd70/0xd70
[   41.552000]  ? refcount_inc_not_zero+0xfe/0x180
[   41.556644]  ? xfrm_selector_match+0x3b/0xe00
[   41.561103]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   41.565826]  ? xfrm_selector_match+0xe00/0xe00
[   41.570371]  ? check_noncircular+0x20/0x20
[   41.574570]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   41.579993]  xfrm_lookup+0xf0a/0x2540
[   41.583756]  ? xfrm_lookup+0xf0a/0x2540
[   41.587697]  ? ip_route_input_noref+0x1e0/0x1e0
[   41.592342]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   41.598713]  ? find_held_lock+0x39/0x1d0
[   41.602744]  ? lock_downgrade+0x990/0x990
[   41.606860]  ? ip_route_output_key_hash+0x1a6/0x370
[   41.611839]  ? find_held_lock+0x39/0x1d0
[   41.615865]  ? lock_release+0xd70/0xd70
[   41.619804]  ? lock_downgrade+0x990/0x990
[   41.623920]  ? ip_route_output_key_hash+0x252/0x370
[   41.628901]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   41.634410]  ? lock_release+0xd70/0xd70
[   41.638368]  xfrm_lookup_route+0x39/0x1a0
[   41.642484]  ip_route_output_flow+0x7c/0xa0
[   41.646783]  udp_sendmsg+0x1958/0x2c70
[   41.650646]  ? ip_reply_glue_bits+0xb0/0xb0
[   41.654939]  ? udp4_seq_show+0x7d0/0x7d0
[   41.659030]  ? lock_downgrade+0x990/0x990
[   41.663141]  ? __local_bh_enable_ip+0x9d/0x160
[   41.667694]  ? udp_lib_get_port+0xc34/0x1c00