INIT: Entering runlevel: 2
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-next-kasan-gce-6,10.128.15.199' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   50.328351] ==================================================================
[   50.335749] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x305b/0x3190
[   50.342904] Read of size 4 at addr ffff8801d0377af8 by task syzkaller124001/2982
[   50.350404] 
[   50.352008] CPU: 1 PID: 2982 Comm: syzkaller124001 Not tainted 4.14.0-rc2-next-20170928+ #31
[   50.360556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.369882] Call Trace:
[   50.372453]  dump_stack+0x194/0x257
[   50.376054]  ? arch_local_irq_restore+0x53/0x53
[   50.380697]  ? show_regs_print_info+0x65/0x65
[   50.385169]  ? lock_release+0xd70/0xd70
[   50.389116]  ? xfrm_state_find+0x305b/0x3190
[   50.393499]  print_address_description+0x73/0x250
[   50.398312]  ? xfrm_state_find+0x305b/0x3190
[   50.402693]  kasan_report+0x25b/0x340
[   50.406470]  __asan_report_load4_noabort+0x14/0x20
[   50.411369]  xfrm_state_find+0x305b/0x3190
[   50.415574]  ? unwind_get_return_address+0x61/0xa0
[   50.420479]  ? __save_stack_trace+0x61/0xd0
[   50.424791]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   50.429872]  ? copy_trace+0x1d0/0x1d0
[   50.433650]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   50.438807]  ? check_noncircular+0x20/0x20
[   50.443009]  ? lock_downgrade+0x990/0x990
[   50.447135]  ? find_held_lock+0x39/0x1d0
[   50.451177]  ? __lock_acquire+0x732/0x4620
[   50.455380]  ? find_held_lock+0x39/0x1d0
[   50.459428]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   50.464591]  ? depot_save_stack+0x1c2/0x490
[   50.468889]  ? do_raw_spin_trylock+0x190/0x190
[   50.473441]  ? check_noncircular+0x20/0x20
[   50.477646]  ? kernel_text_address+0x102/0x140
[   50.482203]  xfrm_tmpl_resolve+0x309/0xc00
[   50.486431]  ? __xfrm_decode_session+0x100/0x100
[   50.491165]  ? lock_downgrade+0x990/0x990
[   50.495283]  ? inet_sendmsg+0x11f/0x5e0
[   50.499229]  ? sock_sendmsg+0xca/0x110
[   50.503085]  ? SYSC_sendto+0x358/0x5a0
[   50.506944]  ? check_noncircular+0x20/0x20
[   50.511152]  ? rt_add_uncached_list+0xa2/0x240
[   50.515705]  ? check_noncircular+0x20/0x20
[   50.519909]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   50.524900]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   50.530320]  ? unwind_dump+0x4c0/0x4c0
[   50.534189]  ? SYSC_sendto+0x358/0x5a0
[   50.538049]  ? __local_bh_enable_ip+0x9d/0x160
[   50.542615]  ? xfrm_tmpl_resolve+0xc00/0xc00
[   50.546995]  ? lock_downgrade+0x990/0x990
[   50.551113]  ? dst_init+0x4d9/0x6a0
[   50.554715]  ? xfrm_selector_match+0xe00/0xe00
[   50.559267]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   50.564424]  ? __lock_acquire+0x20fd/0x4620
[   50.568718]  ? lock_release+0xd70/0xd70
[   50.572668]  ? refcount_inc_not_zero+0xfe/0x180
[   50.577311]  ? xfrm_selector_match+0x3b/0xe00
[   50.581786]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   50.586518]  ? xfrm_selector_match+0xe00/0xe00
[   50.591074]  ? check_noncircular+0x20/0x20
[   50.595279]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   50.600704]  xfrm_lookup+0xf0a/0x2540
[   50.604472]  ? xfrm_lookup+0xf0a/0x2540
[   50.608422]  ? ip_route_input_noref+0x1e0/0x1e0
[   50.613065]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   50.619443]  ? find_held_lock+0x39/0x1d0
[   50.623485]  ? lock_downgrade+0x990/0x990
[   50.627603]  ? check_noncircular+0x20/0x20
[   50.631812]  ? ip_route_output_key_hash+0x1a6/0x370
[   50.636796]  ? find_held_lock+0x39/0x1d0
[   50.640833]  ? lock_release+0xd70/0xd70
[   50.644782]  ? lock_downgrade+0x990/0x990
[   50.648915]  ? ip_route_output_key_hash+0x252/0x370
[   50.653906]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   50.659415]  ? lock_release+0xd70/0xd70
[   50.663368]  xfrm_lookup_route+0x39/0x1a0
[   50.667490]  ip_route_output_flow+0x7c/0xa0
[   50.671785]  udp_sendmsg+0x19b8/0x2cd0
[   50.675649]  ? ip_reply_glue_bits+0xb0/0xb0
[   50.679949]  ? udp_lib_get_port+0x1c00/0x1c00
[   50.684417]  ? ip4_datagram_connect+0x50/0x50
[   50.688882]  ? check_noncircular+0x20/0x20
[   50.693090]  ? do_raw_spin_trylock+0x190/0x190
[   50.697645]  ? lock_acquire+0x1d5/0x580
[   50.702174]  ? inet_autobind+0x1f/0x180
[   50.706121]  ? __local_bh_enable_ip+0x9d/0x160
[   50.710679]  ? release_sock+0x1d4/0x2a0
[   50.714622]  ? trace_hardirqs_on+0xd/0x10
[   50.718746]  ? release_sock+0x1d4/0x2a0
[   50.722694]  ? __release_sock+0x360/0x360
[   50.726817]  ? udp_v4_get_port+0x132/0x180
[   50.731032]  inet_sendmsg+0x11f/0x5e0
[   50.734803]  ? __might_sleep+0x95/0x190
[   50.738749]  ? inet_recvmsg+0x5f0/0x5f0
[   50.742697]  ? selinux_socket_sendmsg+0x36/0x40
[   50.747338]  ? security_socket_sendmsg+0x89/0xb0
[   50.752063]  ? inet_recvmsg+0x5f0/0x5f0
[   50.756009]  sock_sendmsg+0xca/0x110
[   50.759698]  SYSC_sendto+0x358/0x5a0
[   50.763386]  ? SYSC_connect+0x480/0x480
[   50.767344]  ? mm_fault_error+0x2c0/0x2c0
[   50.771468]  ? ip_setsockopt+0x6f/0xb0
[   50.775340]  ? __do_page_fault+0xd60/0xd60
[   50.779549]  ? SyS_setsockopt+0x215/0x360
[   50.783673]  ? lockdep_sys_exit+0x47/0xf0
[   50.787793]  ? entry_SYSCALL_64_fastpath+0x5/0xbe
[   50.792610]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   50.797600]  SyS_sendto+0x40/0x50
[   50.801031]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   50.805756] RIP: 0033:0x43fee9
[   50.808917] RSP: 002b:00007ffca1bb87d8 EFLAGS: 00000217 ORIG_RAX: 000000000000002c
[   50.816596] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fee9
[   50.823837] RDX: 0000000000000000 RSI: 000000002010affe RDI: 0000000000000003
[   50.831076] RBP: 0000000000000086 R08: 00000000202f9000 R09: 0000000000000010
[   50.838321] R10: 000000002004487c R11: 0000000000000217 R12: 0000000000401850
[   50.845562] R13: 00000000004018e0 R14: 0000000000000000 R15: 0000000000000000
[   50.852816] 
[   50.854411] The buggy address belongs to the page:
[   50.859314] page:ffffea000740ddc0 count:0 mapcount:0 mapping:          (null) index:0x0
[   50.867426] flags: 0x200000000000000()
[   50.871282] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff
[   50.879132] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000
[   50.886979] page dumped because: kasan: bad access detected
[   50.892657] 
[   50.894253] Memory state around the buggy address:
[   50.899151]  ffff8801d0377980: 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 f2 f2 f2 f2
[   50.906478]  ffff8801d0377a00: 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2
[   50.913807] >ffff8801d0377a80: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00 f2
[   50.921137]                                                                 ^
[   50.928380]  ffff8801d0377b00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2
[   50.935707]  ffff8801d0377b80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1
[   50.943033] ==================================================================
[   50.950356] Disabling lock debugging due to kernel taint
[   50.955951] Kernel panic - not syncing: panic_on_warn set ...
[   50.955951] 
[   50.963290] CPU: 1 PID: 2982 Comm: syzkaller124001 Tainted: G    B           4.14.0-rc2-next-20170928+ #31
[   50.973047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   50.982366] Call Trace:
[   50.984929]  dump_stack+0x194/0x257
[   50.988522]  ? arch_local_irq_restore+0x53/0x53
[   50.993157]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   50.997879]  ? xfrm_state_find+0x2fa0/0x3190
[   51.002251]  panic+0x1e4/0x417
[   51.005406]  ? __warn+0x1d9/0x1d9
[   51.008828]  ? xfrm_state_find+0x305b/0x3190
[   51.013201]  kasan_end_report+0x50/0x50
[   51.017137]  kasan_report+0x144/0x340
[   51.020905]  __asan_report_load4_noabort+0x14/0x20
[   51.025795]  xfrm_state_find+0x305b/0x3190
[   51.029993]  ? unwind_get_return_address+0x61/0xa0
[   51.034885]  ? __save_stack_trace+0x61/0xd0
[   51.039178]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
[   51.044250]  ? copy_trace+0x1d0/0x1d0
[   51.048018]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   51.053172]  ? check_noncircular+0x20/0x20
[   51.057376]  ? lock_downgrade+0x990/0x990
[   51.061491]  ? find_held_lock+0x39/0x1d0
[   51.065522]  ? __lock_acquire+0x732/0x4620
[   51.069721]  ? find_held_lock+0x39/0x1d0
[   51.073756]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   51.078911]  ? depot_save_stack+0x1c2/0x490
[   51.083202]  ? do_raw_spin_trylock+0x190/0x190
[   51.087751]  ? check_noncircular+0x20/0x20
[   51.091949]  ? kernel_text_address+0x102/0x140
[   51.096497]  xfrm_tmpl_resolve+0x309/0xc00
[   51.100702]  ? __xfrm_decode_session+0x100/0x100
[   51.105427]  ? lock_downgrade+0x990/0x990
[   51.109539]  ? inet_sendmsg+0x11f/0x5e0
[   51.113476]  ? sock_sendmsg+0xca/0x110
[   51.117326]  ? SYSC_sendto+0x358/0x5a0
[   51.121179]  ? check_noncircular+0x20/0x20
[   51.125378]  ? rt_add_uncached_list+0xa2/0x240
[   51.129924]  ? check_noncircular+0x20/0x20
[   51.134123]  ? unwind_next_frame.part.6+0x1ae/0xc70
[   51.139104]  xfrm_resolve_and_create_bundle+0x186/0x24b0
[   51.144520]  ? unwind_dump+0x4c0/0x4c0
[   51.148370]  ? SYSC_sendto+0x358/0x5a0
[   51.152221]  ? __local_bh_enable_ip+0x9d/0x160
[   51.156772]  ? xfrm_tmpl_resolve+0xc00/0xc00
[   51.161143]  ? lock_downgrade+0x990/0x990
[   51.165256]  ? dst_init+0x4d9/0x6a0
[   51.168847]  ? xfrm_selector_match+0xe00/0xe00
[   51.173394]  ? debug_check_no_locks_freed+0x3d0/0x3d0
[   51.178547]  ? __lock_acquire+0x20fd/0x4620
[   51.182831]  ? lock_release+0xd70/0xd70
[   51.186771]  ? refcount_inc_not_zero+0xfe/0x180
[   51.191408]  ? xfrm_selector_match+0x3b/0xe00
[   51.195870]  ? xfrm_sk_policy_lookup+0x2cf/0x3d0
[   51.200593]  ? xfrm_selector_match+0xe00/0xe00
[   51.205142]  ? check_noncircular+0x20/0x20
[   51.209342]  ? ip_route_output_key_hash_rcu+0x604/0x2c20
[   51.214759]  xfrm_lookup+0xf0a/0x2540
[   51.218522]  ? xfrm_lookup+0xf0a/0x2540
[   51.222462]  ? ip_route_input_noref+0x1e0/0x1e0
[   51.227099]  ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0
[   51.233468]  ? find_held_lock+0x39/0x1d0
[   51.237499]  ? lock_downgrade+0x990/0x990
[   51.241610]  ? check_noncircular+0x20/0x20
[   51.245812]  ? ip_route_output_key_hash+0x1a6/0x370
[   51.250800]  ? find_held_lock+0x39/0x1d0
[   51.254827]  ? lock_release+0xd70/0xd70
[   51.258767]  ? lock_downgrade+0x990/0x990
[   51.262884]  ? ip_route_output_key_hash+0x252/0x370
[   51.267872]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
[   51.273372]  ? lock_release+0xd70/0xd70
[   51.277314]  xfrm_lookup_route+0x39/0x1a0
[   51.281428]  ip_route_output_flow+0x7c/0xa0
[   51.285715]  udp_sendmsg+0x19b8/0x2cd0
[   51.289567]  ? ip_reply_glue_bits+0xb0/0xb0
[   51.293856]  ? udp_lib_get_port+0x1c00/0x1c00
[   51.298315]  ? ip4_datagram_connect+0x50/0x50
[   51.302773]  ? check_noncircular+0x20/0x20
[   51.306976]  ? do_raw_spin_trylock+0x190/0x190
[   51.311526]  ? lock_acquire+0x1d5/0x580
[   51.315467]  ? inet_autobind+0x1f/0x180
[   51.319407]  ? __local_bh_enable_ip+0x9d/0x160
[   51.323955]  ? release_sock+0x1d4/0x2a0
[   51.327892]  ? trace_hardirqs_on+0xd/0x10