INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-0,10.128.15.206' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   53.838134] ==================================================================
[   53.845557] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x305b/0x3190
[   53.852716] Read of size 4 at addr ffff8801d076faf8 by task syzkaller634614/2987
[   53.860219] 
[   53.861826] CPU: 1 PID: 2987 Comm: syzkaller634614 Not tainted 4.13.0-mm1+ #5
[   53.869072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.878714] Call Trace:
[   53.881281]  dump_stack+0x194/0x257
[   53.884883]  ? arch_local_irq_restore+0x53/0x53
[   53.889523]  ? show_regs_print_info+0x65/0x65
[   53.893994]  ? lock_release+0xd70/0xd70
[   53.897944]  ? xfrm_state_find+0x305b/0x3190
[   53.902325]  print_address_description+0x73/0x250
[   53.907141]  ? xfrm_state_find+0x305b/0x3190
[   53.911523]  kasan_report+0x24e/0x340
[   53.915301]  __asan_report_load4_noabort+0x14/0x20
[   53.920200]  xfrm_state_find+0x305b/0x3190
[   53.924409]  ? unwind_get_return_address+0x61/0xa0
[   53.929313]  ? __save_stack_trace+0x61/0xd0
[   53.933625]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   53.938705]  ? copy_trace+0x1d0/0x1d0
[   53.942488]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   53.947646]  ? check_noncircular+0x20/0x20
[   53.951859]  ? lock_downgrade+0x990/0x990
[   53.955982]  ? unwind_dump+0x4c0/0x4c0
[   53.959853]  ? find_held_lock+0x39/0x1d0
[   53.963898]  ? __lock_acquire+0x732/0x4620
[   53.968107]  ? find_held_lock+0x39/0x1d0
[   53.972160]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   53.977333]  ? depot_save_stack+0x1c2/0x490
[   53.981663]  ? do_raw_spin_trylock+0x190/0x190
[   53.986219]  ? check_noncircular+0x20/0x20
[   53.990437]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   53.994662]  ? __xfrm_decode_session+0x100/0x100
[   53.999398]  ? lock_downgrade+0x990/0x990
[   54.003527]  ? inet_sendmsg+0x11f/0x5e0
[   54.007476]  ? sock_sendmsg+0xca/0x110
[   54.011336]  ? SYSC_sendto+0x358/0x5a0
[   54.015198]  ? check_noncircular+0x20/0x20
[   54.019406]  ? rt_add_uncached_list+0xa2/0x240
[   54.023961]  ? check_noncircular+0x20/0x20
[   54.028177]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   54.033605]  ? do_raw_spin_trylock+0x190/0x190
[   54.038159]  ? __local_bh_enable_ip+0x9d/0x160
[   54.042727]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   54.047113]  ? lock_downgrade+0x990/0x990
[   54.051238]  ? dst_init+0x4d9/0x6a0
[   54.054849]  ? xfrm_selector_match+0xe00/0xe00
[   54.059405]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   54.064571]  ? lock_release+0xd70/0xd70
[   54.068527]  ? refcount_inc_not_zero+0xfe/0x180
[   54.073176]  ? xfrm_selector_match+0x3b/0xe00
[   54.077649]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   54.082384]  ? xfrm_selector_match+0xe00/0xe00
[   54.086945]  ? check_noncircular+0x20/0x20
[   54.091155]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   54.096582]  xfrm_lookup+0xf0a/0x2540
[   54.100355]  ? xfrm_lookup+0xf0a/0x2540
[   54.104305]  ? ip_route_input_noref+0x1e0/0x1e0
[   54.108961]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   54.115347]  ? find_held_lock+0x39/0x1d0
[   54.119394]  ? lock_downgrade+0x990/0x990
[   54.123524]  ? ip_route_output_key_hash+0x1a6/0x370
[   54.128513]  ? find_held_lock+0x39/0x1d0
[   54.132552]  ? lock_release+0xd70/0xd70
[   54.136507]  ? lock_downgrade+0x990/0x990
[   54.140641]  ? ip_route_output_key_hash+0x252/0x370
[   54.145632]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   54.151141]  ? lock_release+0xd70/0xd70
[   54.155098]  xfrm_lookup_route+0x39/0x1a0
[   54.159224]  ip_route_output_flow+0x7c/0xa0
[   54.163521]  raw_sendmsg+0xc4f/0x38c0
[   54.167319]  ? raw_setsockopt+0xd0/0xd0
[   54.171274]  ? lock_downgrade+0x990/0x990
[   54.175402]  ? lru_cache_add_active_or_unevictable+0x20e/0x540
[   54.181349]  ? add_page_to_unevictable_list+0x730/0x730
[   54.186687]  ? do_raw_spin_trylock+0x190/0x190
[   54.191247]  ? do_raw_spin_trylock+0x190/0x190
[   54.195822]  ? lock_downgrade+0x990/0x990
[   54.199951]  ? __might_fault+0xe0/0x1d0
[   54.203901]  ? sock_has_perm+0x29c/0x400
[   54.207937]  ? selinux_tun_dev_create+0xc0/0xc0
[   54.212578]  ? lock_release+0xd70/0xd70
[   54.216527]  ? check_same_owner+0x320/0x320
[   54.220824]  ? __check_object_size+0x25d/0x4f0
[   54.225388]  inet_sendmsg+0x11f/0x5e0
[   54.229161]  ? __might_sleep+0x95/0x190
[   54.233106]  ? inet_recvmsg+0x5f0/0x5f0
[   54.237056]  ? selinux_socket_sendmsg+0x36/0x40
[   54.241699]  ? security_socket_sendmsg+0x89/0xb0
[   54.246427]  ? inet_recvmsg+0x5f0/0x5f0
[   54.250377]  sock_sendmsg+0xca/0x110
[   54.254069]  SYSC_sendto+0x358/0x5a0
[   54.257762]  ? SYSC_connect+0x480/0x480
[   54.261709]  ? __handle_mm_fault+0x39c0/0x39c0
[   54.266275]  ? up_read+0x1a/0x40
[   54.269615]  ? __do_page_fault+0x35b/0xb60
[   54.273835]  ? __do_page_fault+0xb60/0xb60
[   54.278051]  ? SyS_setsockopt+0x215/0x360
[   54.282179]  ? lockdep_sys_exit+0x47/0xf0
[   54.286306]  ? entry_SYSCALL_64_fastpath+0x5/0xbe
[   54.291125]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   54.296116]  SyS_sendto+0x40/0x50
[   54.299547]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   54.304272] RIP: 0033:0x43ff69
[   54.307433] RSP: 002b:00007ffef9e0bc68 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   54.315117] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff69
[   54.322362] RDX: 0000000000000000 RSI: 0000000020fdbfc0 RDI: 0000000000000003
[   54.329693] RBP: 0000000000000082 R08: 0000000020fdbff0 R09: 0000000000000010
[   54.336933] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004018d0
[   54.344174] R13: 0000000000401960 R14: 0000000000000000 R15: 0000000000000000
[   54.351435] 
[   54.353034] The buggy address belongs to the page:
[   54.357940] page:ffffea000741dbc0 count:0 mapcount:0 mapping:          (null) index:0x0
[   54.366057] flags: 0x200000000000000()
[   54.369914] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff
[   54.377771] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   54.385626] page dumped because: kasan: bad access detected
[   54.391305] 
[   54.392903] Memory state around the buggy address:
[   54.397801]  ffff8801d076f980: f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 f2
[   54.405135]  ffff8801d076fa00: f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00
[   54.412468] >ffff8801d076fa80: 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2
[   54.419799]                                                                 ^
[   54.427040]  ffff8801d076fb00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2
[   54.434372]  ffff8801d076fb80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1
[   54.441700] ==================================================================
[   54.449029] Disabling lock debugging due to kernel taint
[   54.454538] Kernel panic - not syncing: panic_on_warn set ...
[   54.454538] 
[   54.461874] CPU: 1 PID: 2987 Comm: syzkaller634614 Tainted: G    B           4.13.0-mm1+ #5
[   54.470329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.479650] Call Trace:
[   54.482213]  dump_stack+0x194/0x257
[   54.485810]  ? arch_local_irq_restore+0x53/0x53
[   54.490455]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   54.495181]  ? xfrm_state_find+0x2fb0/0x3190
[   54.499575]  panic+0x1e4/0x417
[   54.502734]  ? __warn+0x1d9/0x1d9
[   54.506162]  ? xfrm_state_find+0x305b/0x3190
[   54.510540]  kasan_end_report+0x50/0x50
[   54.514492]  kasan_report+0x137/0x340
[   54.518261]  __asan_report_load4_noabort+0x14/0x20
[   54.523154]  xfrm_state_find+0x305b/0x3190
[   54.527355]  ? unwind_get_return_address+0x61/0xa0
[   54.532252]  ? __save_stack_trace+0x61/0xd0
[   54.536545]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   54.541619]  ? copy_trace+0x1d0/0x1d0
[   54.545393]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   54.550548]  ? check_noncircular+0x20/0x20
[   54.554752]  ? lock_downgrade+0x990/0x990
[   54.558865]  ? unwind_dump+0x4c0/0x4c0
[   54.562720]  ? find_held_lock+0x39/0x1d0
[   54.566751]  ? __lock_acquire+0x732/0x4620
[   54.570949]  ? find_held_lock+0x39/0x1d0
[   54.574985]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   54.580145]  ? depot_save_stack+0x1c2/0x490
[   54.584436]  ? do_raw_spin_trylock+0x190/0x190
[   54.588984]  ? check_noncircular+0x20/0x20
[   54.593193]  xfrm_tmpl_resolve+0x2fb/0xbd0
[   54.597407]  ? __xfrm_decode_session+0x100/0x100
[   54.602133]  ? lock_downgrade+0x990/0x990
[   54.606247]  ? inet_sendmsg+0x11f/0x5e0
[   54.610187]  ? sock_sendmsg+0xca/0x110
[   54.614039]  ? SYSC_sendto+0x358/0x5a0
[   54.617892]  ? check_noncircular+0x20/0x20
[   54.622094]  ? rt_add_uncached_list+0xa2/0x240
[   54.626640]  ? check_noncircular+0x20/0x20
[   54.630842]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   54.636259]  ? do_raw_spin_trylock+0x190/0x190
[   54.640810]  ? __local_bh_enable_ip+0x9d/0x160
[   54.645366]  ? xfrm_tmpl_resolve+0xbd0/0xbd0
[   54.649742]  ? lock_downgrade+0x990/0x990
[   54.653854]  ? dst_init+0x4d9/0x6a0
[   54.657450]  ? xfrm_selector_match+0xe00/0xe00
[   54.661997]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   54.667156]  ? lock_release+0xd70/0xd70
[   54.671098]  ? refcount_inc_not_zero+0xfe/0x180
[   54.675735]  ? xfrm_selector_match+0x3b/0xe00
[   54.680198]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   54.684921]  ? xfrm_selector_match+0xe00/0xe00
[   54.689482]  ? check_noncircular+0x20/0x20
[   54.693693]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   54.699113]  xfrm_lookup+0xf0a/0x2540
[   54.702880]  ? xfrm_lookup+0xf0a/0x2540
[   54.706818]  ? ip_route_input_noref+0x1e0/0x1e0
[   54.711453]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   54.717831]  ? find_held_lock+0x39/0x1d0
[   54.721866]  ? lock_downgrade+0x990/0x990
[   54.725985]  ? ip_route_output_key_hash+0x1a6/0x370
[   54.730965]  ? find_held_lock+0x39/0x1d0
[   54.734994]  ? lock_release+0xd70/0xd70
[   54.738935]  ? lock_downgrade+0x990/0x990
[   54.743062]  ? ip_route_output_key_hash+0x252/0x370
[   54.748045]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   54.753545]  ? lock_release+0xd70/0xd70
[   54.757487]  xfrm_lookup_route+0x39/0x1a0
[   54.761602]  ip_route_output_flow+0x7c/0xa0
[   54.765893]  raw_sendmsg+0xc4f/0x38c0
[   54.769666]  ? raw_setsockopt+0xd0/0xd0
[   54.773606]  ? lock_downgrade+0x990/0x990
[   54.777727]  ? lru_cache_add_active_or_unevictable+0x20e/0x540
[   54.783666]  ? add_page_to_unevictable_list+0x730/0x730
[   54.788997]  ? do_raw_spin_trylock+0x190/0x190
[   54.793545]  ? do_raw_spin_trylock+0x190/0x190
[   54.798105]  ? lock_downgrade+0x990/0x990
[   54.802222]  ? __might_fault+0xe0/0x1d0
[   54.806164]  ? sock_has_perm+0x29c/0x400
[   54.810191]  ? selinux_tun_dev_create+0xc0/0xc0
[   54.814822]  ? lock_release+0xd70/0xd70
[   54.818765]  ? check_same_owner+0x320/0x320
[   54.823052]  ? __check_object_size+0x25d/0x4f0
[   54.827603]  inet_sendmsg+0x11f/0x5e0
[   54.831369]  ? __might_sleep+0x95/0x190
[   54.835310]  ? inet_recvmsg+0x5f0/0x5f0