Warning: Permanently added '10.128.0.111' (ECDSA) to the list of known hosts. executing program [ 50.922650] ================================================================== [ 50.930093] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x396a/0x3f00 [ 50.937294] Read of size 4 at addr ffff888086a8f3d0 by task syz-executor051/8180 [ 50.944804] [ 50.946422] CPU: 0 PID: 8180 Comm: syz-executor051 Not tainted 4.20.0+ #4 [ 50.953328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.962664] Call Trace: [ 50.965241] dump_stack+0x1db/0x2d0 [ 50.968857] ? dump_stack_print_info.cold+0x20/0x20 [ 50.973862] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 50.979388] ? check_preemption_disabled+0x48/0x290 [ 50.984392] ? xfrm_state_find+0x396a/0x3f00 [ 50.988790] print_address_description.cold+0x7c/0x20d [ 50.994053] ? xfrm_state_find+0x396a/0x3f00 [ 50.998447] ? xfrm_state_find+0x396a/0x3f00 [ 51.002856] kasan_report.cold+0x1b/0x40 [ 51.006907] ? xfrm_state_find+0x396a/0x3f00 [ 51.011306] __asan_report_load4_noabort+0x14/0x20 [ 51.016224] xfrm_state_find+0x396a/0x3f00 [ 51.020447] ? kasan_check_read+0x11/0x20 [ 51.024581] ? mark_lock+0xb26/0x1cd0 [ 51.028377] ? xfrm_state_afinfo_get_rcu+0x1b0/0x1b0 [ 51.033521] ? kasan_check_read+0x11/0x20 [ 51.037664] ? __lock_acquire+0x2514/0x4a30 [ 51.041982] ? mark_held_locks+0x100/0x100 [ 51.046217] ? trace_hardirqs_off_caller+0x300/0x300 [ 51.051304] ? do_raw_spin_trylock+0x270/0x270 [ 51.055877] ? print_usage_bug+0xd0/0xd0 [ 51.059929] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 51.065020] ? depot_save_stack+0x1de/0x460 [ 51.069331] xfrm_tmpl_resolve+0x385/0xe00 [ 51.073564] ? __xfrm_decode_session+0x140/0x140 [ 51.078303] ? _raw_spin_unlock_bh+0x31/0x40 [ 51.082696] ? trace_hardirqs_off_caller+0x300/0x300 [ 51.087798] ? do_raw_spin_unlock+0xa0/0x330 [ 51.092217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.097757] ? check_preemption_disabled+0x48/0x290 [ 51.102774] ? do_raw_spin_trylock+0x270/0x270 [ 51.107345] ? rt_add_uncached_list+0x1f0/0x2c0 [ 51.111999] ? add_lock_to_list.isra.0+0x450/0x450 [ 51.116915] xfrm_resolve_and_create_bundle+0x145/0x27f0 [ 51.122363] ? rt_add_uncached_list+0x1f0/0x2c0 [ 51.127019] ? xfrm_sk_policy_lookup+0x4ca/0x660 [ 51.131756] ? find_held_lock+0x35/0x120 [ 51.135805] ? xfrm_sk_policy_lookup+0x4ca/0x660 [ 51.140549] ? xfrm_migrate+0x1a30/0x1a30 [ 51.144683] ? lock_downgrade+0x910/0x910 [ 51.148818] ? kasan_check_read+0x11/0x20 [ 51.152949] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 51.158218] ? rcu_read_unlock_special+0x380/0x380 [ 51.163135] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.168680] ? xfrm_sk_policy_lookup+0x4f1/0x660 [ 51.173439] ? xfrm_selector_match+0xfc0/0xfc0 [ 51.178009] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 51.183013] xfrm_lookup_with_ifid+0x340/0x2a90 [ 51.187667] ? xfrm_lookup_with_ifid+0x340/0x2a90 [ 51.192498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.198024] ? xfrm_policy_lookup+0x90/0x90 [ 51.202338] ? rcu_read_unlock_special+0x380/0x380 [ 51.207254] ? udp_sendmsg+0x8f0/0x3a40 [ 51.211221] ? ip_route_output_key_hash+0x2b9/0x400 [ 51.216225] ? ip_route_output_key_hash_rcu+0x3470/0x3470 [ 51.221754] xfrm_lookup_route+0x3b/0x1f0 [ 51.225886] ip_route_output_flow+0xad/0xc0 [ 51.230206] udp_sendmsg+0x24cb/0x3a40 [ 51.234084] ? ip_reply_glue_bits+0xc0/0xc0 [ 51.238400] ? udp4_lib_lookup_skb+0x440/0x440 [ 51.242982] ? add_lock_to_list.isra.0+0x450/0x450 [ 51.247901] ? __lock_acquire+0x572/0x4a30 [ 51.252125] ? mark_held_locks+0x100/0x100 [ 51.256350] ? lockdep_hardirqs_on+0x415/0x5d0 [ 51.260933] ? mark_held_locks+0x100/0x100 [ 51.265151] ? __local_bh_enable_ip+0x15a/0x270 [ 51.269819] ? lockdep_hardirqs_on+0x415/0x5d0 [ 51.274393] udpv6_sendmsg+0x1843/0x3550 [ 51.278442] ? udpv6_sendmsg+0x1843/0x3550 [ 51.282665] ? check_preemption_disabled+0x48/0x290 [ 51.287665] ? do_raw_spin_trylock+0x270/0x270 [ 51.292240] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 51.297506] ? release_sock+0x1e8/0x2b0 [ 51.301463] ? find_held_lock+0x35/0x120 [ 51.305523] ? release_sock+0x1e8/0x2b0 [ 51.309498] ? __local_bh_enable_ip+0x15a/0x270 [ 51.314152] ? __local_bh_enable_ip+0x15a/0x270 [ 51.318809] ? lockdep_hardirqs_on+0x415/0x5d0 [ 51.323377] ? trace_hardirqs_on+0xbd/0x310 [ 51.327687] ? _raw_spin_unlock_bh+0x31/0x40 [ 51.332092] ? trace_hardirqs_off_caller+0x300/0x300 [ 51.337185] ? do_raw_spin_unlock+0xa0/0x330 [ 51.341589] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.347115] ? check_preemption_disabled+0x48/0x290 [ 51.352123] ? do_raw_spin_trylock+0x270/0x270 [ 51.356694] ? release_sock+0x1e8/0x2b0 [ 51.360658] ? __local_bh_enable_ip+0x15a/0x270 [ 51.365313] ? _raw_spin_unlock_bh+0x31/0x40 [ 51.369714] ? release_sock+0x1e8/0x2b0 [ 51.373696] ? __release_sock+0x3a0/0x3a0 [ 51.377837] ? udp_v6_get_port+0x276/0x670 [ 51.382060] inet_sendmsg+0x1af/0x740 [ 51.385846] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 51.391108] ? inet_sendmsg+0x1af/0x740 [ 51.395070] ? ipip_gro_receive+0x100/0x100 [ 51.399375] ? smack_socket_sendmsg+0xb1/0x1a0 [ 51.403945] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.409482] ? security_socket_sendmsg+0x93/0xc0 [ 51.414223] ? ipip_gro_receive+0x100/0x100 [ 51.418532] sock_sendmsg+0xdd/0x130 [ 51.422231] ___sys_sendmsg+0x409/0x910 [ 51.426205] ? copy_msghdr_from_user+0x570/0x570 [ 51.430947] ? __thp_get_unmapped_area+0x190/0x190 [ 51.435874] ? mark_held_locks+0x100/0x100 [ 51.440108] ? mark_held_locks+0x100/0x100 [ 51.444340] ? __mutex_init+0x1f6/0x2a0 [ 51.448301] ? pud_val+0x85/0x100 [ 51.451742] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.457273] ? __fdget+0x1b/0x20 [ 51.460624] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 51.466143] ? sockfd_lookup_light+0xc2/0x160 [ 51.470623] __sys_sendmmsg+0x246/0x6f0 [ 51.474585] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 51.478900] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 51.484169] ? sock_common_setsockopt+0x9a/0xe0 [ 51.488835] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.494375] ? __sys_setsockopt+0x242/0x3a0 [ 51.498685] ? do_syscall_64+0x8c/0x800 [ 51.502646] ? do_syscall_64+0x8c/0x800 [ 51.506605] ? trace_hardirqs_on+0xbd/0x310 [ 51.510907] ? __ia32_sys_fallocate+0xf0/0xf0 [ 51.515385] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.520754] ? trace_hardirqs_off_caller+0x300/0x300 [ 51.525844] __x64_sys_sendmmsg+0x9d/0x100 [ 51.530065] do_syscall_64+0x1a3/0x800 [ 51.533943] ? syscall_return_slowpath+0x5f0/0x5f0 [ 51.538858] ? prepare_exit_to_usermode+0x232/0x3b0 [ 51.543860] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.548695] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.553870] RIP: 0033:0x440349 [ 51.557047] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 51.575941] RSP: 002b:00007ffc962a81d8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 51.583646] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440349 [ 51.590913] RDX: 0000000000000001 RSI: 0000000020000a80 RDI: 0000000000000003 [ 51.598166] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 51.605423] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401bd0 [ 51.612673] R13: 0000000000401c60 R14: 0000000000000000 R15: 0000000000000000 [ 51.619933] [ 51.621540] The buggy address belongs to the page: [ 51.626450] page:ffffea00021aa3c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 51.634570] flags: 0x1fffc0000000000() [ 51.638441] raw: 01fffc0000000000 ffffea00021aa3c8 ffffea00021aa3c8 0000000000000000 [ 51.646322] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 51.654197] page dumped because: kasan: bad access detected [ 51.659887] [ 51.661493] Memory state around the buggy address: [ 51.666655] ffff888086a8f280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 51.673992] ffff888086a8f300: f1 f1 f1 f1 00 00 00 f2 f2 f2 00 00 00 00 00 f2 [ 51.681333] >ffff888086a8f380: f2 f2 f2 f2 00 00 00 00 00 00 f2 f2 f2 f2 00 00 [ 51.688672] ^ [ 51.694624] ffff888086a8f400: 00 00 00 00 f2 f2 f2 f2 00 00 f8 f2 f2 f2 00 00 [ 51.701966] ffff888086a8f480: 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 [ 51.709315] ================================================================== [ 51.716652] Disabling lock debugging due to kernel taint [ 51.722727] Kernel panic - not syncing: panic_on_warn set ... [ 51.728619] CPU: 0 PID: 8180 Comm: syz-executor051 Tainted: G B 4.20.0+ #4 [ 51.736915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.746246] Call Trace: [ 51.748818] dump_stack+0x1db/0x2d0 [ 51.752433] ? dump_stack_print_info.cold+0x20/0x20 [ 51.757436] panic+0x2cb/0x589 [ 51.760610] ? add_taint.cold+0x16/0x16 [ 51.764565] ? xfrm_state_find+0x396a/0x3f00 [ 51.768960] ? preempt_schedule+0x4b/0x60 [ 51.773089] ? ___preempt_schedule+0x16/0x18 [ 51.777479] ? trace_hardirqs_on+0xb4/0x310 [ 51.781782] ? xfrm_state_find+0x396a/0x3f00 [ 51.786176] end_report+0x47/0x4f [ 51.789621] ? xfrm_state_find+0x396a/0x3f00 [ 51.794010] kasan_report.cold+0xe/0x40 [ 51.797967] ? xfrm_state_find+0x396a/0x3f00 [ 51.802359] __asan_report_load4_noabort+0x14/0x20 [ 51.807272] xfrm_state_find+0x396a/0x3f00 [ 51.811489] ? kasan_check_read+0x11/0x20 [ 51.815631] ? mark_lock+0xb26/0x1cd0 [ 51.819432] ? xfrm_state_afinfo_get_rcu+0x1b0/0x1b0 [ 51.824517] ? kasan_check_read+0x11/0x20 [ 51.828663] ? __lock_acquire+0x2514/0x4a30 [ 51.832974] ? mark_held_locks+0x100/0x100 [ 51.837197] ? trace_hardirqs_off_caller+0x300/0x300 [ 51.842287] ? do_raw_spin_trylock+0x270/0x270 [ 51.846859] ? print_usage_bug+0xd0/0xd0 [ 51.850903] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 51.855997] ? depot_save_stack+0x1de/0x460 [ 51.860310] xfrm_tmpl_resolve+0x385/0xe00 [ 51.864536] ? __xfrm_decode_session+0x140/0x140 [ 51.869274] ? _raw_spin_unlock_bh+0x31/0x40 [ 51.873665] ? trace_hardirqs_off_caller+0x300/0x300 [ 51.878752] ? do_raw_spin_unlock+0xa0/0x330 [ 51.883145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.888667] ? check_preemption_disabled+0x48/0x290 [ 51.893663] ? do_raw_spin_trylock+0x270/0x270 [ 51.898230] ? rt_add_uncached_list+0x1f0/0x2c0 [ 51.902879] ? add_lock_to_list.isra.0+0x450/0x450 [ 51.907796] xfrm_resolve_and_create_bundle+0x145/0x27f0 [ 51.913231] ? rt_add_uncached_list+0x1f0/0x2c0 [ 51.917883] ? xfrm_sk_policy_lookup+0x4ca/0x660 [ 51.922617] ? find_held_lock+0x35/0x120 [ 51.926661] ? xfrm_sk_policy_lookup+0x4ca/0x660 [ 51.931401] ? xfrm_migrate+0x1a30/0x1a30 [ 51.935529] ? lock_downgrade+0x910/0x910 [ 51.939661] ? kasan_check_read+0x11/0x20 [ 51.943791] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 51.949051] ? rcu_read_unlock_special+0x380/0x380 [ 51.953966] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.959503] ? xfrm_sk_policy_lookup+0x4f1/0x660 [ 51.964241] ? xfrm_selector_match+0xfc0/0xfc0 [ 51.968810] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 51.973812] xfrm_lookup_with_ifid+0x340/0x2a90 [ 51.978476] ? xfrm_lookup_with_ifid+0x340/0x2a90 [ 51.983329] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.988854] ? xfrm_policy_lookup+0x90/0x90 [ 51.993156] ? rcu_read_unlock_special+0x380/0x380 [ 51.998083] ? udp_sendmsg+0x8f0/0x3a40 [ 52.002041] ? ip_route_output_key_hash+0x2b9/0x400 [ 52.007042] ? ip_route_output_key_hash_rcu+0x3470/0x3470 [ 52.012581] xfrm_lookup_route+0x3b/0x1f0 [ 52.016715] ip_route_output_flow+0xad/0xc0 [ 52.021023] udp_sendmsg+0x24cb/0x3a40 [ 52.024892] ? ip_reply_glue_bits+0xc0/0xc0 [ 52.029209] ? udp4_lib_lookup_skb+0x440/0x440 [ 52.033775] ? add_lock_to_list.isra.0+0x450/0x450 [ 52.038689] ? __lock_acquire+0x572/0x4a30 [ 52.042910] ? mark_held_locks+0x100/0x100 [ 52.047124] ? lockdep_hardirqs_on+0x415/0x5d0 [ 52.051692] ? mark_held_locks+0x100/0x100 [ 52.055909] ? __local_bh_enable_ip+0x15a/0x270 [ 52.060566] ? lockdep_hardirqs_on+0x415/0x5d0 [ 52.065132] udpv6_sendmsg+0x1843/0x3550 [ 52.069179] ? udpv6_sendmsg+0x1843/0x3550 [ 52.073408] ? check_preemption_disabled+0x48/0x290 [ 52.078406] ? do_raw_spin_trylock+0x270/0x270 [ 52.082974] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 52.088235] ? release_sock+0x1e8/0x2b0 [ 52.092198] ? find_held_lock+0x35/0x120 [ 52.096248] ? release_sock+0x1e8/0x2b0 [ 52.100217] ? __local_bh_enable_ip+0x15a/0x270 [ 52.104866] ? __local_bh_enable_ip+0x15a/0x270 [ 52.109514] ? lockdep_hardirqs_on+0x415/0x5d0 [ 52.114091] ? trace_hardirqs_on+0xbd/0x310 [ 52.118409] ? _raw_spin_unlock_bh+0x31/0x40 [ 52.122799] ? trace_hardirqs_off_caller+0x300/0x300 [ 52.127883] ? do_raw_spin_unlock+0xa0/0x330 [ 52.132274] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.137793] ? check_preemption_disabled+0x48/0x290 [ 52.142787] ? do_raw_spin_trylock+0x270/0x270 [ 52.147354] ? release_sock+0x1e8/0x2b0 [ 52.151340] ? __local_bh_enable_ip+0x15a/0x270 [ 52.156004] ? _raw_spin_unlock_bh+0x31/0x40 [ 52.160422] ? release_sock+0x1e8/0x2b0 [ 52.164380] ? __release_sock+0x3a0/0x3a0 [ 52.168517] ? udp_v6_get_port+0x276/0x670 [ 52.172738] inet_sendmsg+0x1af/0x740 [ 52.176523] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 52.181795] ? inet_sendmsg+0x1af/0x740 [ 52.185752] ? ipip_gro_receive+0x100/0x100 [ 52.190059] ? smack_socket_sendmsg+0xb1/0x1a0 [ 52.194625] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.200144] ? security_socket_sendmsg+0x93/0xc0 [ 52.204880] ? ipip_gro_receive+0x100/0x100 [ 52.209184] sock_sendmsg+0xdd/0x130 [ 52.212892] ___sys_sendmsg+0x409/0x910 [ 52.216850] ? copy_msghdr_from_user+0x570/0x570 [ 52.221601] ? __thp_get_unmapped_area+0x190/0x190 [ 52.226511] ? mark_held_locks+0x100/0x100 [ 52.230726] ? mark_held_locks+0x100/0x100 [ 52.234944] ? __mutex_init+0x1f6/0x2a0 [ 52.238901] ? pud_val+0x85/0x100 [ 52.242338] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.247876] ? __fdget+0x1b/0x20 [ 52.251240] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 52.256760] ? sockfd_lookup_light+0xc2/0x160 [ 52.261235] __sys_sendmmsg+0x246/0x6f0 [ 52.265203] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 52.269510] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 52.274770] ? sock_common_setsockopt+0x9a/0xe0 [ 52.279426] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.284943] ? __sys_setsockopt+0x242/0x3a0 [ 52.289249] ? do_syscall_64+0x8c/0x800 [ 52.293210] ? do_syscall_64+0x8c/0x800 [ 52.297225] ? trace_hardirqs_on+0xbd/0x310 [ 52.301527] ? __ia32_sys_fallocate+0xf0/0xf0 [ 52.306006] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.311349] ? trace_hardirqs_off_caller+0x300/0x300 [ 52.316438] __x64_sys_sendmmsg+0x9d/0x100 [ 52.320658] do_syscall_64+0x1a3/0x800 [ 52.324542] ? syscall_return_slowpath+0x5f0/0x5f0 [ 52.329459] ? prepare_exit_to_usermode+0x232/0x3b0 [ 52.334462] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.339292] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.344463] RIP: 0033:0x440349 [ 52.347638] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 52.366529] RSP: 002b:00007ffc962a81d8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 52.374219] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440349 [ 52.381471] RDX: 0000000000000001 RSI: 0000000020000a80 RDI: 0000000000000003 [ 52.388722] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 52.395998] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401bd0 [ 52.403251] R13: 0000000000401c60 R14: 0000000000000000 R15: 0000000000000000 [ 52.411407] Kernel Offset: disabled [ 52.415028] Rebooting in 86400 seconds..