Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. executing program [ 54.964338] audit: type=1400 audit(1546412134.760:36): avc: denied { map } for pid=8209 comm="syz-executor753" path="/root/syz-executor753487859" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 54.968526] ================================================================== [ 54.998052] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x396a/0x3f00 [ 55.005391] Read of size 4 at addr ffff888096def3d0 by task syz-executor753/8209 [ 55.013047] [ 55.014763] CPU: 0 PID: 8209 Comm: syz-executor753 Not tainted 4.20.0+ #4 [ 55.021667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.031003] Call Trace: [ 55.033797] dump_stack+0x1db/0x2d0 [ 55.037652] ? dump_stack_print_info.cold+0x20/0x20 [ 55.042652] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.048283] ? check_preemption_disabled+0x48/0x290 [ 55.053392] ? xfrm_state_find+0x396a/0x3f00 [ 55.057788] print_address_description.cold+0x7c/0x20d [ 55.063180] ? xfrm_state_find+0x396a/0x3f00 [ 55.067590] ? xfrm_state_find+0x396a/0x3f00 [ 55.071981] kasan_report.cold+0x1b/0x40 [ 55.076041] ? xfrm_state_find+0x396a/0x3f00 [ 55.080448] __asan_report_load4_noabort+0x14/0x20 [ 55.085351] xfrm_state_find+0x396a/0x3f00 [ 55.089586] ? xfrm_state_afinfo_get_rcu+0x1b0/0x1b0 [ 55.094832] ? kasan_check_read+0x11/0x20 [ 55.098977] ? __lock_acquire+0x2514/0x4a30 [ 55.103296] ? mark_held_locks+0x100/0x100 [ 55.107617] ? trace_hardirqs_off_caller+0x300/0x300 [ 55.112703] ? do_raw_spin_trylock+0x270/0x270 [ 55.117311] ? print_usage_bug+0xd0/0xd0 [ 55.121369] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 55.126457] ? depot_save_stack+0x1de/0x460 [ 55.130787] xfrm_tmpl_resolve+0x385/0xe00 [ 55.135237] ? __xfrm_decode_session+0x140/0x140 [ 55.139978] ? _raw_spin_unlock_bh+0x31/0x40 [ 55.144465] ? trace_hardirqs_off_caller+0x300/0x300 [ 55.149549] ? do_raw_spin_unlock+0xa0/0x330 [ 55.153935] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.159549] ? check_preemption_disabled+0x48/0x290 [ 55.164544] ? do_raw_spin_trylock+0x270/0x270 [ 55.169140] ? rt_add_uncached_list+0x1f0/0x2c0 [ 55.173828] ? add_lock_to_list.isra.0+0x450/0x450 [ 55.178868] xfrm_resolve_and_create_bundle+0x145/0x27f0 [ 55.184476] ? rt_add_uncached_list+0x1f0/0x2c0 [ 55.189136] ? xfrm_sk_policy_lookup+0x4ca/0x660 [ 55.193882] ? find_held_lock+0x35/0x120 [ 55.198126] ? xfrm_sk_policy_lookup+0x4ca/0x660 [ 55.202885] ? xfrm_migrate+0x1a30/0x1a30 [ 55.207018] ? lock_downgrade+0x910/0x910 [ 55.211150] ? kasan_check_read+0x11/0x20 [ 55.215280] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 55.220579] ? rcu_read_unlock_special+0x380/0x380 [ 55.225496] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.231164] ? xfrm_sk_policy_lookup+0x4f1/0x660 [ 55.236032] ? xfrm_selector_match+0xfc0/0xfc0 [ 55.240629] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 55.245726] xfrm_lookup_with_ifid+0x340/0x2a90 [ 55.250396] ? xfrm_lookup_with_ifid+0x340/0x2a90 [ 55.255224] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.260781] ? xfrm_policy_lookup+0x90/0x90 [ 55.265084] ? rcu_read_unlock_special+0x380/0x380 [ 55.269997] ? udp_sendmsg+0x8f0/0x3a40 [ 55.273961] ? ip_route_output_key_hash+0x2b9/0x400 [ 55.278958] ? ip_route_output_key_hash_rcu+0x3470/0x3470 [ 55.284578] xfrm_lookup_route+0x3b/0x1f0 [ 55.288717] ip_route_output_flow+0xad/0xc0 [ 55.293023] udp_sendmsg+0x24cb/0x3a40 [ 55.296909] ? ip_reply_glue_bits+0xc0/0xc0 [ 55.301216] ? udp4_lib_lookup_skb+0x440/0x440 [ 55.305788] ? add_lock_to_list.isra.0+0x450/0x450 [ 55.310700] ? mark_held_locks+0x100/0x100 [ 55.314929] ? __lock_acquire+0x572/0x4a30 [ 55.319244] ? mark_held_locks+0x100/0x100 [ 55.323589] ? lockdep_hardirqs_on+0x415/0x5d0 [ 55.328162] ? mark_held_locks+0x100/0x100 [ 55.332404] ? __local_bh_enable_ip+0x15a/0x270 [ 55.337056] ? lockdep_hardirqs_on+0x415/0x5d0 [ 55.341623] udpv6_sendmsg+0x1843/0x3550 [ 55.345675] ? udpv6_sendmsg+0x1843/0x3550 [ 55.349912] ? check_preemption_disabled+0x48/0x290 [ 55.354954] ? do_raw_spin_trylock+0x270/0x270 [ 55.359525] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 55.364920] ? release_sock+0x1e8/0x2b0 [ 55.368882] ? find_held_lock+0x35/0x120 [ 55.372960] ? release_sock+0x1e8/0x2b0 [ 55.377030] ? __local_bh_enable_ip+0x15a/0x270 [ 55.381679] ? __local_bh_enable_ip+0x15a/0x270 [ 55.386328] ? lockdep_hardirqs_on+0x415/0x5d0 [ 55.390953] ? trace_hardirqs_on+0xbd/0x310 [ 55.395264] ? _raw_spin_unlock_bh+0x31/0x40 [ 55.399657] ? trace_hardirqs_off_caller+0x300/0x300 [ 55.404744] ? do_raw_spin_unlock+0xa0/0x330 [ 55.409195] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.414750] ? check_preemption_disabled+0x48/0x290 [ 55.419749] ? do_raw_spin_trylock+0x270/0x270 [ 55.424341] ? release_sock+0x1e8/0x2b0 [ 55.428401] ? __local_bh_enable_ip+0x15a/0x270 [ 55.433070] ? _raw_spin_unlock_bh+0x31/0x40 [ 55.437462] ? release_sock+0x1e8/0x2b0 [ 55.441417] ? __release_sock+0x3a0/0x3a0 [ 55.445547] ? udp_v6_get_port+0x276/0x670 [ 55.449766] inet_sendmsg+0x1af/0x740 [ 55.453576] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 55.458834] ? inet_sendmsg+0x1af/0x740 [ 55.462892] ? ipip_gro_receive+0x100/0x100 [ 55.467222] ? selinux_socket_sendmsg+0x36/0x40 [ 55.471871] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.477388] ? security_socket_sendmsg+0x93/0xc0 [ 55.482122] ? ipip_gro_receive+0x100/0x100 [ 55.486537] sock_sendmsg+0xdd/0x130 [ 55.490278] ___sys_sendmsg+0x409/0x910 [ 55.494233] ? copy_msghdr_from_user+0x570/0x570 [ 55.498973] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.504488] ? avc_has_perm+0x55c/0x7e0 [ 55.508520] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.514051] ? __fdget+0x1b/0x20 [ 55.517401] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 55.523035] ? sockfd_lookup_light+0xc2/0x160 [ 55.527535] __sys_sendmmsg+0x246/0x6f0 [ 55.531606] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 55.536033] ? sock_common_setsockopt+0x9a/0xe0 [ 55.540686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.546327] ? __sys_setsockopt+0x242/0x3a0 [ 55.550719] ? do_syscall_64+0x8c/0x800 [ 55.554718] ? do_syscall_64+0x8c/0x800 [ 55.558682] ? trace_hardirqs_on+0xbd/0x310 [ 55.562991] ? __ia32_sys_fallocate+0xf0/0xf0 [ 55.567465] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.572811] ? trace_hardirqs_off_caller+0x300/0x300 [ 55.577982] __x64_sys_sendmmsg+0x9d/0x100 [ 55.582204] do_syscall_64+0x1a3/0x800 [ 55.586091] ? syscall_return_slowpath+0x5f0/0x5f0 [ 55.591012] ? prepare_exit_to_usermode+0x232/0x3b0 [ 55.596032] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 55.600867] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.606041] RIP: 0033:0x440349 [ 55.609235] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.628121] RSP: 002b:00007ffd9cac43d8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 55.635879] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440349 [ 55.643148] RDX: 0000000000000001 RSI: 0000000020000a80 RDI: 0000000000000003 [ 55.650455] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 55.657820] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401bd0 [ 55.665097] R13: 0000000000401c60 R14: 0000000000000000 R15: 0000000000000000 [ 55.672544] [ 55.674153] The buggy address belongs to the page: [ 55.679060] page:ffffea00025b7bc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 55.687309] flags: 0x1fffc0000000000() [ 55.691179] raw: 01fffc0000000000 0000000000000000 ffffffff025b0101 0000000000000000 [ 55.699044] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 55.706913] page dumped because: kasan: bad access detected [ 55.712597] [ 55.714201] Memory state around the buggy address: [ 55.719126] ffff888096def280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.726470] ffff888096def300: f1 f1 f1 f1 00 00 00 f2 f2 f2 00 00 00 00 00 f2 [ 55.733811] >ffff888096def380: f2 f2 f2 f2 00 00 00 00 00 00 f2 f2 f2 f2 00 00 [ 55.741163] ^ [ 55.747242] ffff888096def400: 00 00 00 00 f2 f2 f2 f2 00 00 f8 f2 f2 f2 00 00 [ 55.754581] ffff888096def480: 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 [ 55.761918] ================================================================== [ 55.769385] Disabling lock debugging due to kernel taint [ 55.775609] Kernel panic - not syncing: panic_on_warn set ... [ 55.781543] CPU: 0 PID: 8209 Comm: syz-executor753 Tainted: G B 4.20.0+ #4 [ 55.789839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.799174] Call Trace: [ 55.801748] dump_stack+0x1db/0x2d0 [ 55.805364] ? dump_stack_print_info.cold+0x20/0x20 [ 55.810364] panic+0x2cb/0x589 [ 55.813554] ? add_taint.cold+0x16/0x16 [ 55.817511] ? xfrm_state_find+0x396a/0x3f00 [ 55.821901] ? preempt_schedule+0x4b/0x60 [ 55.826060] ? ___preempt_schedule+0x16/0x18 [ 55.830449] ? trace_hardirqs_on+0xb4/0x310 [ 55.834863] ? xfrm_state_find+0x396a/0x3f00 [ 55.839324] end_report+0x47/0x4f [ 55.842763] ? xfrm_state_find+0x396a/0x3f00 [ 55.847153] kasan_report.cold+0xe/0x40 [ 55.851108] ? xfrm_state_find+0x396a/0x3f00 [ 55.855502] __asan_report_load4_noabort+0x14/0x20 [ 55.860415] xfrm_state_find+0x396a/0x3f00 [ 55.864715] ? xfrm_state_afinfo_get_rcu+0x1b0/0x1b0 [ 55.869809] ? kasan_check_read+0x11/0x20 [ 55.873939] ? __lock_acquire+0x2514/0x4a30 [ 55.878420] ? mark_held_locks+0x100/0x100 [ 55.882642] ? trace_hardirqs_off_caller+0x300/0x300 [ 55.887742] ? do_raw_spin_trylock+0x270/0x270 [ 55.892307] ? print_usage_bug+0xd0/0xd0 [ 55.896354] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 55.901443] ? depot_save_stack+0x1de/0x460 [ 55.905766] xfrm_tmpl_resolve+0x385/0xe00 [ 55.910000] ? __xfrm_decode_session+0x140/0x140 [ 55.914750] ? _raw_spin_unlock_bh+0x31/0x40 [ 55.919240] ? trace_hardirqs_off_caller+0x300/0x300 [ 55.924326] ? do_raw_spin_unlock+0xa0/0x330 [ 55.928726] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 55.934335] ? check_preemption_disabled+0x48/0x290 [ 55.939342] ? do_raw_spin_trylock+0x270/0x270 [ 55.943909] ? rt_add_uncached_list+0x1f0/0x2c0 [ 55.948561] ? add_lock_to_list.isra.0+0x450/0x450 [ 55.953474] xfrm_resolve_and_create_bundle+0x145/0x27f0 [ 55.958939] ? rt_add_uncached_list+0x1f0/0x2c0 [ 55.963598] ? xfrm_sk_policy_lookup+0x4ca/0x660 [ 55.968341] ? find_held_lock+0x35/0x120 [ 55.972384] ? xfrm_sk_policy_lookup+0x4ca/0x660 [ 55.977125] ? xfrm_migrate+0x1a30/0x1a30 [ 55.981255] ? lock_downgrade+0x910/0x910 [ 55.985466] ? kasan_check_read+0x11/0x20 [ 55.989613] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 55.995052] ? rcu_read_unlock_special+0x380/0x380 [ 55.999970] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.005527] ? xfrm_sk_policy_lookup+0x4f1/0x660 [ 56.010270] ? xfrm_selector_match+0xfc0/0xfc0 [ 56.014838] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 56.019841] xfrm_lookup_with_ifid+0x340/0x2a90 [ 56.024493] ? xfrm_lookup_with_ifid+0x340/0x2a90 [ 56.029321] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.034842] ? xfrm_policy_lookup+0x90/0x90 [ 56.039147] ? rcu_read_unlock_special+0x380/0x380 [ 56.044063] ? udp_sendmsg+0x8f0/0x3a40 [ 56.048022] ? ip_route_output_key_hash+0x2b9/0x400 [ 56.053019] ? ip_route_output_key_hash_rcu+0x3470/0x3470 [ 56.058542] xfrm_lookup_route+0x3b/0x1f0 [ 56.062674] ip_route_output_flow+0xad/0xc0 [ 56.066984] udp_sendmsg+0x24cb/0x3a40 [ 56.070857] ? ip_reply_glue_bits+0xc0/0xc0 [ 56.075186] ? udp4_lib_lookup_skb+0x440/0x440 [ 56.079756] ? add_lock_to_list.isra.0+0x450/0x450 [ 56.084744] ? mark_held_locks+0x100/0x100 [ 56.089063] ? __lock_acquire+0x572/0x4a30 [ 56.093293] ? mark_held_locks+0x100/0x100 [ 56.097515] ? lockdep_hardirqs_on+0x415/0x5d0 [ 56.102084] ? mark_held_locks+0x100/0x100 [ 56.106303] ? __local_bh_enable_ip+0x15a/0x270 [ 56.111026] ? lockdep_hardirqs_on+0x415/0x5d0 [ 56.115597] udpv6_sendmsg+0x1843/0x3550 [ 56.119642] ? udpv6_sendmsg+0x1843/0x3550 [ 56.123932] ? check_preemption_disabled+0x48/0x290 [ 56.128935] ? do_raw_spin_trylock+0x270/0x270 [ 56.133502] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 56.138772] ? release_sock+0x1e8/0x2b0 [ 56.142741] ? find_held_lock+0x35/0x120 [ 56.146786] ? release_sock+0x1e8/0x2b0 [ 56.150740] ? __local_bh_enable_ip+0x15a/0x270 [ 56.155389] ? __local_bh_enable_ip+0x15a/0x270 [ 56.160038] ? lockdep_hardirqs_on+0x415/0x5d0 [ 56.164602] ? trace_hardirqs_on+0xbd/0x310 [ 56.168910] ? _raw_spin_unlock_bh+0x31/0x40 [ 56.173300] ? trace_hardirqs_off_caller+0x300/0x300 [ 56.178386] ? do_raw_spin_unlock+0xa0/0x330 [ 56.182778] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.188298] ? check_preemption_disabled+0x48/0x290 [ 56.193410] ? do_raw_spin_trylock+0x270/0x270 [ 56.197977] ? release_sock+0x1e8/0x2b0 [ 56.202015] ? __local_bh_enable_ip+0x15a/0x270 [ 56.206675] ? _raw_spin_unlock_bh+0x31/0x40 [ 56.211067] ? release_sock+0x1e8/0x2b0 [ 56.215036] ? __release_sock+0x3a0/0x3a0 [ 56.219236] ? udp_v6_get_port+0x276/0x670 [ 56.223467] inet_sendmsg+0x1af/0x740 [ 56.227254] ? udp6_unicast_rcv_skb.isra.0+0x2f0/0x2f0 [ 56.232515] ? inet_sendmsg+0x1af/0x740 [ 56.236474] ? ipip_gro_receive+0x100/0x100 [ 56.240778] ? selinux_socket_sendmsg+0x36/0x40 [ 56.245457] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.250976] ? security_socket_sendmsg+0x93/0xc0 [ 56.255727] ? ipip_gro_receive+0x100/0x100 [ 56.260046] sock_sendmsg+0xdd/0x130 [ 56.263739] ___sys_sendmsg+0x409/0x910 [ 56.267696] ? copy_msghdr_from_user+0x570/0x570 [ 56.272442] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.277960] ? avc_has_perm+0x55c/0x7e0 [ 56.281922] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.287450] ? __fdget+0x1b/0x20 [ 56.290796] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 56.296315] ? sockfd_lookup_light+0xc2/0x160 [ 56.300792] __sys_sendmmsg+0x246/0x6f0 [ 56.304748] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 56.309058] ? sock_common_setsockopt+0x9a/0xe0 [ 56.313717] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.319234] ? __sys_setsockopt+0x242/0x3a0 [ 56.323599] ? do_syscall_64+0x8c/0x800 [ 56.327592] ? do_syscall_64+0x8c/0x800 [ 56.331546] ? trace_hardirqs_on+0xbd/0x310 [ 56.335942] ? __ia32_sys_fallocate+0xf0/0xf0 [ 56.340529] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.345883] ? trace_hardirqs_off_caller+0x300/0x300 [ 56.351039] __x64_sys_sendmmsg+0x9d/0x100 [ 56.355268] do_syscall_64+0x1a3/0x800 [ 56.359245] ? syscall_return_slowpath+0x5f0/0x5f0 [ 56.364158] ? prepare_exit_to_usermode+0x232/0x3b0 [ 56.369202] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.374052] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.379361] RIP: 0033:0x440349 [ 56.382603] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.401493] RSP: 002b:00007ffd9cac43d8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 56.409199] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440349 [ 56.416449] RDX: 0000000000000001 RSI: 0000000020000a80 RDI: 0000000000000003 [ 56.423703] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 56.430963] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401bd0 [ 56.438335] R13: 0000000000401c60 R14: 0000000000000000 R15: 0000000000000000 [ 56.446536] Kernel Offset: disabled [ 56.450228] Rebooting in 86400 seconds..