INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-net-kasan-gce-2,10.128.15.207' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   41.987131] ==================================================================
[   41.994566] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x305b/0x3190
[   42.001726] Read of size 4 at addr ffff8801ce7bfaf8 by task syzkaller090618/2984
[   42.009230] 
[   42.010833] CPU: 1 PID: 2984 Comm: syzkaller090618 Not tainted 4.14.0-rc1+ #59
[   42.018165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.027491] Call Trace:
[   42.030054]  dump_stack+0x194/0x257
[   42.033656]  ? arch_local_irq_restore+0x53/0x53
[   42.038299]  ? show_regs_print_info+0x65/0x65
[   42.042771]  ? lock_release+0xd70/0xd70
[   42.046722]  ? xfrm_state_find+0x305b/0x3190
[   42.051115]  print_address_description+0x73/0x250
[   42.055929]  ? xfrm_state_find+0x305b/0x3190
[   42.060312]  kasan_report+0x24e/0x340
[   42.064089]  __asan_report_load4_noabort+0x14/0x20
[   42.068991]  xfrm_state_find+0x305b/0x3190
[   42.073199]  ? unwind_get_return_address+0x61/0xa0
[   42.078122]  ? __save_stack_trace+0x61/0xd0
[   42.082438]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   42.087518]  ? copy_trace+0x1d0/0x1d0
[   42.091303]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   42.096465]  ? check_noncircular+0x20/0x20
[   42.100674]  ? lock_downgrade+0x990/0x990
[   42.104793]  ? lock_pin_lock+0x370/0x370
[   42.108843]  ? find_held_lock+0x39/0x1d0
[   42.112885]  ? __lock_acquire+0x732/0x4620
[   42.117093]  ? find_held_lock+0x39/0x1d0
[   42.121167]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   42.127040]  ? depot_save_stack+0x1c2/0x490
[   42.131353]  ? do_raw_spin_trylock+0x190/0x190
[   42.135918]  ? check_noncircular+0x20/0x20
[   42.140138]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   42.144364]  ? __xfrm_decode_session+0x100/0x100
[   42.149101]  ? lock_downgrade+0x990/0x990
[   42.153234]  ? inet_sendmsg+0x11f/0x5e0
[   42.157184]  ? sock_sendmsg+0xca/0x110
[   42.161044]  ? SYSC_sendto+0x358/0x5a0
[   42.164906]  ? check_noncircular+0x20/0x20
[   42.169116]  ? rt_add_uncached_list+0xa2/0x240
[   42.173677]  ? check_noncircular+0x20/0x20
[   42.177886]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   42.182882]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   42.188304]  ? unwind_dump+0x4c0/0x4c0
[   42.192162]  ? SYSC_sendto+0x358/0x5a0
[   42.196023]  ? __local_bh_enable_ip+0x9d/0x160
[   42.200589]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   42.204973]  ? lock_downgrade+0x990/0x990
[   42.209095]  ? dst_init+0x4d9/0x6a0
[   42.212698]  ? xfrm_selector_match+0xe00/0xe00
[   42.217253]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   42.222413]  ? __lock_acquire+0x20fd/0x4620
[   42.226710]  ? lock_release+0xd70/0xd70
[   42.230661]  ? refcount_inc_not_zero+0xfe/0x180
[   42.235307]  ? xfrm_selector_match+0x3b/0xe00
[   42.239778]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   42.244513]  ? xfrm_selector_match+0xe00/0xe00
[   42.249068]  ? check_noncircular+0x20/0x20
[   42.253272]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   42.258697]  xfrm_lookup+0xf0a/0x2540
[   42.262468]  ? xfrm_lookup+0xf0a/0x2540
[   42.266417]  ? ip_route_input_noref+0x1e0/0x1e0
[   42.271067]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   42.277447]  ? find_held_lock+0x39/0x1d0
[   42.281492]  ? lock_downgrade+0x990/0x990
[   42.285614]  ? check_noncircular+0x20/0x20
[   42.289826]  ? ip_route_output_key_hash+0x1a6/0x370
[   42.294811]  ? find_held_lock+0x39/0x1d0
[   42.298848]  ? lock_release+0xd70/0xd70
[   42.302797]  ? lock_downgrade+0x990/0x990
[   42.306929]  ? ip_route_output_key_hash+0x252/0x370
[   42.311919]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   42.317440]  ? lock_release+0xd70/0xd70
[   42.321417]  xfrm_lookup_route+0x39/0x1a0
[   42.325545]  ip_route_output_flow+0x7c/0xa0
[   42.329844]  udp_sendmsg+0x19b8/0x2cd0
[   42.333710]  ? ip_reply_glue_bits+0xb0/0xb0
[   42.338016]  ? udp_lib_get_port+0x1c00/0x1c00
[   42.342486]  ? ip4_datagram_connect+0x50/0x50
[   42.346961]  ? do_raw_spin_trylock+0x190/0x190
[   42.351518]  ? lock_acquire+0x1d5/0x580
[   42.355463]  ? inet_autobind+0x1f/0x180
[   42.359410]  ? __local_bh_enable_ip+0x9d/0x160
[   42.363968]  ? release_sock+0x1d4/0x2a0
[   42.367913]  ? trace_hardirqs_on+0xd/0x10
[   42.372036]  ? release_sock+0x1d4/0x2a0
[   42.375984]  ? __release_sock+0x360/0x360
[   42.380118]  ? udp_v4_get_port+0x132/0x180
[   42.384333]  inet_sendmsg+0x11f/0x5e0
[   42.388105]  ? __might_sleep+0x95/0x190
[   42.392065]  ? inet_recvmsg+0x5f0/0x5f0
[   42.396017]  ? selinux_socket_sendmsg+0x36/0x40
[   42.400668]  ? security_socket_sendmsg+0x89/0xb0
[   42.405395]  ? inet_recvmsg+0x5f0/0x5f0
[   42.409342]  sock_sendmsg+0xca/0x110
[   42.413030]  SYSC_sendto+0x358/0x5a0
[   42.416719]  ? SYSC_connect+0x480/0x480
[   42.420665]  ? __handle_mm_fault+0x39c0/0x39c0
[   42.425226]  ? up_read+0x1a/0x40
[   42.428567]  ? __do_page_fault+0x35b/0xb60
[   42.432787]  ? __do_page_fault+0xb60/0xb60
[   42.436998]  ? SyS_setsockopt+0x215/0x360
[   42.441126]  ? lockdep_sys_exit+0x47/0xf0
[   42.445248]  ? entry_SYSCALL_64_fastpath+0x5/0xbe
[   42.450066]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   42.455068]  SyS_sendto+0x40/0x50
[   42.458497]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   42.463224] RIP: 0033:0x43fee9
[   42.466385] RSP: 002b:00007fffd646d408 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   42.474066] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fee9
[   42.481308] RDX: 0000000000000000 RSI: 000000002010affe RDI: 0000000000000003
[   42.488550] RBP: 0000000000000082 R08: 00000000202f9000 R09: 0000000000000010
[   42.495791] R10: 000000002004487c R11: 0000000000000217 R12: 0000000000401850
[   42.503043] R13: 00000000004018e0 R14: 0000000000000000 R15: 0000000000000000
[   42.510315] 
[   42.511914] The buggy address belongs to the page:
[   42.516815] page:ffffea000739efc0 count:0 mapcount:0 mapping:          (null) index:0x0
[   42.524931] flags: 0x200000000000000()
[   42.528790] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff
[   42.536640] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   42.544486] page dumped because: kasan: bad access detected
[   42.550165] 
[   42.551767] Memory state around the buggy address:
[   42.556665]  ffff8801ce7bf980: 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 f2 f2 f2 f2
[   42.563993]  ffff8801ce7bfa00: 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2
[   42.571321] >ffff8801ce7bfa80: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00 f2
[   42.578649]                                                                 ^
[   42.585890]  ffff8801ce7bfb00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2
[   42.593218]  ffff8801ce7bfb80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1
[   42.600545] ==================================================================
[   42.607872] Disabling lock debugging due to kernel taint
[   42.613505] Kernel panic - not syncing: panic_on_warn set ...
[   42.613505] 
[   42.620842] CPU: 1 PID: 2984 Comm: syzkaller090618 Tainted: G    B           4.14.0-rc1+ #59
[   42.629381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.638700] Call Trace:
[   42.641258]  dump_stack+0x194/0x257
[   42.644853]  ? arch_local_irq_restore+0x53/0x53
[   42.649492]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   42.654213]  ? xfrm_state_find+0x3000/0x3190
[   42.658589]  panic+0x1e4/0x417
[   42.661747]  ? __warn+0x1d9/0x1d9
[   42.665172]  ? xfrm_state_find+0x305b/0x3190
[   42.669545]  kasan_end_report+0x50/0x50
[   42.673484]  kasan_report+0x137/0x340
[   42.677253]  __asan_report_load4_noabort+0x14/0x20
[   42.682146]  xfrm_state_find+0x305b/0x3190
[   42.686346]  ? unwind_get_return_address+0x61/0xa0
[   42.691240]  ? __save_stack_trace+0x61/0xd0
[   42.695536]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   42.700606]  ? copy_trace+0x1d0/0x1d0
[   42.704375]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   42.709528]  ? check_noncircular+0x20/0x20
[   42.713729]  ? lock_downgrade+0x990/0x990
[   42.717840]  ? lock_pin_lock+0x370/0x370
[   42.721869]  ? find_held_lock+0x39/0x1d0
[   42.725900]  ? __lock_acquire+0x732/0x4620
[   42.730100]  ? find_held_lock+0x39/0x1d0
[   42.734137]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   42.739294]  ? depot_save_stack+0x1c2/0x490
[   42.743586]  ? do_raw_spin_trylock+0x190/0x190
[   42.748136]  ? check_noncircular+0x20/0x20
[   42.752339]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   42.756549]  ? __xfrm_decode_session+0x100/0x100
[   42.761273]  ? lock_downgrade+0x990/0x990
[   42.765385]  ? inet_sendmsg+0x11f/0x5e0
[   42.769326]  ? sock_sendmsg+0xca/0x110
[   42.773178]  ? SYSC_sendto+0x358/0x5a0
[   42.777033]  ? check_noncircular+0x20/0x20
[   42.781233]  ? rt_add_uncached_list+0xa2/0x240
[   42.785791]  ? check_noncircular+0x20/0x20
[   42.789989]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   42.794973]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   42.800387]  ? unwind_dump+0x4c0/0x4c0
[   42.804241]  ? SYSC_sendto+0x358/0x5a0
[   42.808094]  ? __local_bh_enable_ip+0x9d/0x160
[   42.812647]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   42.817022]  ? lock_downgrade+0x990/0x990
[   42.821137]  ? dst_init+0x4d9/0x6a0
[   42.824735]  ? xfrm_selector_match+0xe00/0xe00
[   42.829283]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   42.834440]  ? __lock_acquire+0x20fd/0x4620
[   42.838730]  ? lock_release+0xd70/0xd70
[   42.842671]  ? refcount_inc_not_zero+0xfe/0x180
[   42.847310]  ? xfrm_selector_match+0x3b/0xe00
[   42.851775]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   42.856498]  ? xfrm_selector_match+0xe00/0xe00
[   42.861046]  ? check_noncircular+0x20/0x20
[   42.865246]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   42.870662]  xfrm_lookup+0xf0a/0x2540
[   42.874428]  ? xfrm_lookup+0xf0a/0x2540
[   42.878368]  ? ip_route_input_noref+0x1e0/0x1e0
[   42.883005]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   42.889375]  ? find_held_lock+0x39/0x1d0
[   42.893406]  ? lock_downgrade+0x990/0x990
[   42.897519]  ? check_noncircular+0x20/0x20
[   42.901724]  ? ip_route_output_key_hash+0x1a6/0x370
[   42.906706]  ? find_held_lock+0x39/0x1d0
[   42.910735]  ? lock_release+0xd70/0xd70
[   42.914676]  ? lock_downgrade+0x990/0x990
[   42.918802]  ? ip_route_output_key_hash+0x252/0x370
[   42.923784]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   42.929285]  ? lock_release+0xd70/0xd70
[   42.933229]  xfrm_lookup_route+0x39/0x1a0
[   42.937342]  ip_route_output_flow+0x7c/0xa0
[   42.941632]  udp_sendmsg+0x19b8/0x2cd0
[   42.945496]  ? ip_reply_glue_bits+0xb0/0xb0
[   42.949795]  ? udp_lib_get_port+0x1c00/0x1c00
[   42.954257]  ? ip4_datagram_connect+0x50/0x50
[   42.958720]  ? do_raw_spin_trylock+0x190/0x190
[   42.963267]  ? lock_acquire+0x1d5/0x580
[   42.967207]  ? inet_autobind+0x1f/0x180
[   42.971154]  ? __local_bh_enable_ip+0x9d/0x160
[   42.975705]  ? release_sock+0x1d4/0x2a0
[   42.979645]  ? trace_hardirqs_on+0xd/0x10
[   42.983760]  ? release_sock+0x1d4/0x2a0