INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-kasan-gce-0,10.128.15.226' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   18.537391] ==================================================================
[   18.538503] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x30fc/0x3230
[   18.539446] Read of size 4 at addr ffff8801ccc6faf8 by task syzkaller766000/3043
[   18.540447] 
[   18.540680] CPU: 1 PID: 3043 Comm: syzkaller766000 Not tainted 4.14.0+ #190
[   18.541610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   18.542831] Call Trace:
[   18.543192]  dump_stack+0x194/0x257
[   18.543684]  ? arch_local_irq_restore+0x53/0x53
[   18.544307]  ? show_regs_print_info+0x65/0x65
[   18.544912]  ? lock_release+0xda0/0xda0
[   18.545444]  ? xfrm_state_find+0x30fc/0x3230
[   18.546041]  print_address_description+0x73/0x250
[   18.546683]  ? xfrm_state_find+0x30fc/0x3230
[   18.547273]  kasan_report+0x25b/0x340
[   18.547788]  __asan_report_load4_noabort+0x14/0x20
[   18.548445]  xfrm_state_find+0x30fc/0x3230
[   18.549046]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   18.549742]  ? check_noncircular+0x20/0x20
[   18.550308]  ? find_held_lock+0x39/0x1d0
[   18.550880]  ? check_noncircular+0x20/0x20
[   18.551446]  ? lock_downgrade+0x980/0x980
[   18.552028]  ? __free_insn_slot+0x5c0/0x5c0
[   18.552616]  ? __lock_acquire+0x2727/0x47f0
[   18.553194]  ? find_held_lock+0x39/0x1d0
[   18.553754]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   18.554445]  ? print_usage_bug+0x3f0/0x3f0
[   18.555020]  ? lock_downgrade+0x980/0x980
[   18.555582]  ? depot_save_stack+0x1c2/0x490
[   18.556168]  ? lock_release+0xda0/0xda0
[   18.556703]  ? is_bpf_text_address+0xa4/0x120
[   18.557305]  ? __lock_acquire+0x6e9/0x47f0
[   18.560314]  ? check_noncircular+0x20/0x20
[   18.564516]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   18.569504]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   18.573721]  ? __xfrm_decode_session+0x110/0x110
[   18.578453]  ? lock_downgrade+0x980/0x980
[   18.582572]  ? rt_add_uncached_list+0xa2/0x240
[   18.587128]  ? check_noncircular+0x20/0x20
[   18.591341]  ? check_noncircular+0x20/0x20
[   18.595550]  xfrm_resolve_and_create_bundle+0x11b/0x2600
[   18.600970]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   18.606043]  ? rt_add_uncached_list+0x1b7/0x240
[   18.610689]  ? __local_bh_enable_ip+0x121/0x230
[   18.615327]  ? _raw_spin_unlock_bh+0x30/0x40
[   18.619705]  ? find_held_lock+0x39/0x1d0
[   18.623735]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   18.628119]  ? lock_downgrade+0x980/0x980
[   18.632235]  ? xfrm_selector_match+0xe00/0xe00
[   18.636786]  ? rt_cache_route+0x300/0x300
[   18.640904]  ? lock_release+0xda0/0xda0
[   18.644851]  ? refcount_inc_not_zero+0xfe/0x180
[   18.649493]  ? selinux_xfrm_policy_lookup+0xac/0xd0
[   18.654480]  ? security_xfrm_policy_lookup+0x92/0xc0
[   18.659556]  ? xfrm_sk_policy_lookup+0x334/0x490
[   18.664286]  ? xfrm_selector_match+0xe00/0xe00
[   18.668836]  ? check_noncircular+0x20/0x20
[   18.673046]  xfrm_lookup+0x1574/0x23f0
[   18.676902]  ? xfrm_lookup+0x1574/0x23f0
[   18.680931]  ? __mem_cgroup_threshold+0x8f0/0x8f0
[   18.685747]  ? xfrm_policy_lookup_bytype.constprop.47+0x960/0x960
[   18.692104]  ? find_held_lock+0x39/0x1d0
[   18.696352]  ? lock_downgrade+0x980/0x980
[   18.700475]  ? ip_route_output_key_hash+0x1a6/0x370
[   18.705474]  ? lock_release+0xda0/0xda0
[   18.709430]  ? lock_downgrade+0x980/0x980
[   18.713555]  ? ip_route_output_key_hash+0x252/0x370
[   18.718548]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   18.724066]  ? lock_release+0xda0/0xda0
[   18.728036]  xfrm_lookup_route+0x39/0x1a0
[   18.732167]  ip_route_output_flow+0x7c/0xa0
[   18.736460]  raw_sendmsg+0xc4f/0x3920
[   18.740238]  ? debug_check_no_locks_freed+0x3c0/0x3d0
[   18.745402]  ? raw_setsockopt+0xd0/0xd0
[   18.749347]  ? do_ip_setsockopt.isra.12+0x2a9/0x3200
[   18.754423]  ? alloc_file+0x26/0x3a0
[   18.758108]  ? sock_alloc_file+0x1fd/0x550
[   18.762310]  ? sock_map_fd+0x34/0x70
[   18.765992]  ? entry_SYSCALL_64_fastpath+0x1f/0x96
[   18.770891]  ? find_held_lock+0x39/0x1d0
[   18.774932]  ? check_noncircular+0x20/0x20
[   18.779151]  ? find_held_lock+0x39/0x1d0
[   18.783197]  ? __might_fault+0xe0/0x1d0
[   18.787142]  ? sock_has_perm+0x29c/0x400
[   18.791175]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   18.796505]  ? lock_release+0xda0/0xda0
[   18.800446]  ? trace_event_raw_event_sched_switch+0x8a0/0x8a0
[   18.806298]  ? __check_object_size+0x25d/0x4f0
[   18.810852]  inet_sendmsg+0x11f/0x5e0
[   18.814617]  ? __might_sleep+0x95/0x190
[   18.818558]  ? inet_recvmsg+0x5f0/0x5f0
[   18.822502]  ? selinux_socket_sendmsg+0x36/0x40
[   18.827158]  ? security_socket_sendmsg+0x89/0xb0
[   18.831880]  ? inet_recvmsg+0x5f0/0x5f0
[   18.835822]  sock_sendmsg+0xca/0x110
[   18.839506]  SYSC_sendto+0x358/0x5a0
[   18.843193]  ? SYSC_connect+0x480/0x480
[   18.847138]  ? __do_page_fault+0x3d6/0xc90
[   18.851351]  ? mm_fault_error+0x2c0/0x2c0
[   18.855470]  ? ip_setsockopt+0x6f/0xb0
[   18.859334]  ? __do_page_fault+0xc90/0xc90
[   18.863540]  ? SyS_setsockopt+0x215/0x360
[   18.867660]  ? lockdep_sys_exit+0x47/0xf0
[   18.871772]  ? entry_SYSCALL_64_fastpath+0x5/0x96
[   18.876581]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   18.881565]  SyS_sendto+0x40/0x50
[   18.884990]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   18.889711] RIP: 0033:0x43ff09
[   18.892877] RSP: 002b:00007fffba8d08a8 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   18.900552] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff09
[   18.907794] RDX: 0000000000000000 RSI: 0000000020098000 RDI: 0000000000000003
[   18.915031] RBP: 0000000000000086 R08: 0000000020c24000 R09: 0000000000000010
[   18.922268] R10: fffffffffffffffe R11: 0000000000000217 R12: 0000000000401870
[   18.929507] R13: 0000000000401900 R14: 0000000000000000 R15: 0000000000000000
[   18.936763] 
[   18.938358] The buggy address belongs to the page:
[   18.943268] page:ffffea0007331bc0 count:0 mapcount:0 mapping:          (null) index:0x0
[   18.951388] flags: 0x2fffc0000000000()
[   18.955253] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
[   18.963102] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   18.970946] page dumped because: kasan: bad access detected
[   18.976618] 
[   18.978213] Memory state around the buggy address:
[   18.983107]  ffff8801ccc6f980: f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 f2
[   18.990431]  ffff8801ccc6fa00: f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00
[   18.997754] >ffff8801ccc6fa80: 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2
[   19.005077]                                                                 ^
[   19.012313]  ffff8801ccc6fb00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2
[   19.019637]  ffff8801ccc6fb80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1
[   19.026959] ==================================================================
[   19.034291] Disabling lock debugging due to kernel taint
[   19.039807] Kernel panic - not syncing: panic_on_warn set ...
[   19.039807] 
[   19.047143] CPU: 1 PID: 3043 Comm: syzkaller766000 Tainted: G    B            4.14.0+ #190
[   19.055506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   19.064824] Call Trace:
[   19.067381]  dump_stack+0x194/0x257
[   19.070974]  ? arch_local_irq_restore+0x53/0x53
[   19.075609]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   19.080331]  ? vsnprintf+0x1ed/0x1900
[   19.084098]  ? xfrm_state_find+0x30a0/0x3230
[   19.088471]  panic+0x1e4/0x41c
[   19.091628]  ? refcount_error_report+0x214/0x214
[   19.096349]  ? add_taint+0x1c/0x50
[   19.099853]  ? add_taint+0x1c/0x50
[   19.103358]  ? xfrm_state_find+0x30fc/0x3230
[   19.107734]  kasan_end_report+0x50/0x50
[   19.111673]  kasan_report+0x144/0x340
[   19.115439]  __asan_report_load4_noabort+0x14/0x20
[   19.120332]  xfrm_state_find+0x30fc/0x3230
[   19.124541]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   19.129610]  ? check_noncircular+0x20/0x20
[   19.133823]  ? find_held_lock+0x39/0x1d0
[   19.137854]  ? check_noncircular+0x20/0x20
[   19.142057]  ? lock_downgrade+0x980/0x980
[   19.146175]  ? __free_insn_slot+0x5c0/0x5c0
[   19.150462]  ? __lock_acquire+0x2727/0x47f0
[   19.154747]  ? find_held_lock+0x39/0x1d0
[   19.158780]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   19.163934]  ? print_usage_bug+0x3f0/0x3f0
[   19.168134]  ? lock_downgrade+0x980/0x980
[   19.172251]  ? depot_save_stack+0x1c2/0x490
[   19.176550]  ? lock_release+0xda0/0xda0
[   19.180496]  ? is_bpf_text_address+0xa4/0x120
[   19.184956]  ? __lock_acquire+0x6e9/0x47f0
[   19.189155]  ? check_noncircular+0x20/0x20
[   19.193354]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   19.198348]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   19.202556]  ? __xfrm_decode_session+0x110/0x110
[   19.207278]  ? lock_downgrade+0x980/0x980
[   19.211391]  ? rt_add_uncached_list+0xa2/0x240
[   19.215937]  ? check_noncircular+0x20/0x20
[   19.220138]  ? check_noncircular+0x20/0x20
[   19.224341]  xfrm_resolve_and_create_bundle+0x11b/0x2600
[   19.229756]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   19.234735]  ? rt_add_uncached_list+0x1b7/0x240
[   19.239369]  ? __local_bh_enable_ip+0x121/0x230
[   19.244004]  ? _raw_spin_unlock_bh+0x30/0x40
[   19.248377]  ? find_held_lock+0x39/0x1d0
[   19.252402]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   19.256777]  ? lock_downgrade+0x980/0x980
[   19.260888]  ? xfrm_selector_match+0xe00/0xe00
[   19.265435]  ? rt_cache_route+0x300/0x300
[   19.269549]  ? lock_release+0xda0/0xda0
[   19.273494]  ? refcount_inc_not_zero+0xfe/0x180
[   19.278139]  ? selinux_xfrm_policy_lookup+0xac/0xd0
[   19.283126]  ? security_xfrm_policy_lookup+0x92/0xc0
[   19.288196]  ? xfrm_sk_policy_lookup+0x334/0x490
[   19.292919]  ? xfrm_selector_match+0xe00/0xe00
[   19.297464]  ? check_noncircular+0x20/0x20
[   19.301671]  xfrm_lookup+0x1574/0x23f0
[   19.305528]  ? xfrm_lookup+0x1574/0x23f0
[   19.309555]  ? __mem_cgroup_threshold+0x8f0/0x8f0
[   19.314367]  ? xfrm_policy_lookup_bytype.constprop.47+0x960/0x960
[   19.320562]  ? find_held_lock+0x39/0x1d0
[   19.324590]  ? lock_downgrade+0x980/0x980
[   19.328701]  ? ip_route_output_key_hash+0x1a6/0x370
[   19.333683]  ? lock_release+0xda0/0xda0
[   19.337627]  ? lock_downgrade+0x980/0x980
[   19.341740]  ? ip_route_output_key_hash+0x252/0x370
[   19.346731]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   19.352237]  ? lock_release+0xda0/0xda0
[   19.356183]  xfrm_lookup_route+0x39/0x1a0
[   19.360298]  ip_route_output_flow+0x7c/0xa0
[   19.364596]  raw_sendmsg+0xc4f/0x3920
[   19.368364]  ? debug_check_no_locks_freed+0x3c0/0x3d0
[   19.373520]  ? raw_setsockopt+0xd0/0xd0
[   19.377461]  ? do_ip_setsockopt.isra.12+0x2a9/0x3200
[   19.382541]  ? alloc_file+0x26/0x3a0
[   19.386223]  ? sock_alloc_file+0x1fd/0x550
[   19.390419]  ? sock_map_fd+0x34/0x70
[   19.394100]  ? entry_SYSCALL_64_fastpath+0x1f/0x96
[   19.398996]  ? find_held_lock+0x39/0x1d0
[   19.403020]  ? check_noncircular+0x20/0x20
[   19.407230]  ? find_held_lock+0x39/0x1d0
[   19.411266]  ? __might_fault+0xe0/0x1d0
[   19.415215]  ? sock_has_perm+0x29c/0x400
[   19.419243]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   19.424569]  ? lock_release+0xda0/0xda0
[   19.428509]  ? trace_event_raw_event_sched_switch+0x8a0/0x8a0
[   19.434361]  ? __check_object_size+0x25d/0x4f0
[   19.438910]  inet_sendmsg+0x11f/0x5e0
[   19.442675]  ? __might_sleep+0x95/0x190
[   19.446614]  ? inet_recvmsg+0x5f0/0x5f0
[   19.450555]  ? selinux_socket_sendmsg+0x36/0x40
[   19.455190]  ? security_socket_sendmsg+0x89/0xb0
[   19.459908]  ? inet_recvmsg+0x5f0/0x5f0
[   19.463847]  sock_sendmsg+0xca/0x110
[   19.467525]  SYSC_sendto+0x358/0x5a0
[   19.471208]  ? SYSC_connect+0x480/0x480
[   19.475150]  ? __do_page_fault+0x3d6/0xc90
[   19.479353]  ? mm_fault_error+0x2c0/0x2c0
[   19.483468]  ? ip_setsockopt+0x6f/0xb0
[   19.487324]  ? __do_page_fault+0xc90/0xc90
[   19.491526]  ? SyS_setsockopt+0x215/0x360
[   19.495641]  ? lockdep_sys_exit+0x47/0xf0
[   19.499762]  ? entry_SYSCALL_64_fastpath+0x5/0x96
[   19.504576]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   19.509561]  SyS_sendto+0x40/0x50
[   19.512990]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   19.517723] RIP: 0033:0x43ff09
[   19.520880] RSP: 002b:00007fffba8d08a8 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   19.528552] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff09
[   19.535789] RDX: 0000000000000000 RSI: 0000000020098000 RDI: 0000000000000003
[   19.543027] RBP: 0000000000000086 R08: 0000000020c24000 R09: 0000000000000010
[   19.550264] R10: fffffffffffffffe R11: 0000000000000217 R12: 0000000000401870
[   19.557498] R13: 0000000000401900 R14: 0000000000000000 R15: 0000000000000000
[   19.564783] Dumping ftrace buffer:
[   19.568290]    (ftrace buffer empty)
[   19.571967] Kernel Offset: disabled
[   19.575564] Rebooting in 86400 seconds..