INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-7,10.128.15.193' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.120414] ================================================================== [ 41.127852] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x305b/0x3190 [ 41.135010] Read of size 4 at addr ffff8801c030faf8 by task syzkaller407861/2983 [ 41.142520] [ 41.144122] CPU: 0 PID: 2983 Comm: syzkaller407861 Not tainted 4.14.0-rc2-mm1+ #10 [ 41.151796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.161122] Call Trace: [ 41.163687] dump_stack+0x194/0x257 [ 41.167294] ? arch_local_irq_restore+0x53/0x53 [ 41.171939] ? show_regs_print_info+0x65/0x65 [ 41.176412] ? lock_release+0xd70/0xd70 [ 41.180363] ? xfrm_state_find+0x305b/0x3190 [ 41.184746] print_address_description+0x73/0x250 [ 41.189561] ? xfrm_state_find+0x305b/0x3190 [ 41.193943] kasan_report+0x25b/0x340 [ 41.197719] __asan_report_load4_noabort+0x14/0x20 [ 41.202622] xfrm_state_find+0x305b/0x3190 [ 41.206830] ? unwind_get_return_address+0x61/0xa0 [ 41.211736] ? __save_stack_trace+0x61/0xd0 [ 41.216051] ? xfrm_state_afinfo_get_rcu+0x160/0x160 [ 41.221131] ? copy_trace+0x1d0/0x1d0 [ 41.224911] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 41.230072] ? check_noncircular+0x20/0x20 [ 41.234276] ? lock_downgrade+0x990/0x990 [ 41.238405] ? find_held_lock+0x39/0x1d0 [ 41.242451] ? __lock_acquire+0x732/0x4620 [ 41.246654] ? find_held_lock+0x39/0x1d0 [ 41.250704] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 41.255866] ? depot_save_stack+0x1c2/0x490 [ 41.260167] ? do_raw_spin_trylock+0x190/0x190 [ 41.264722] ? check_noncircular+0x20/0x20 [ 41.268931] ? kernel_text_address+0x102/0x140 [ 41.273490] xfrm_tmpl_resolve+0x309/0xc00 [ 41.277713] ? __xfrm_decode_session+0x100/0x100 [ 41.282455] ? lock_downgrade+0x990/0x990 [ 41.286580] ? inet_sendmsg+0x11f/0x5e0 [ 41.290526] ? sock_sendmsg+0xca/0x110 [ 41.294382] ? SYSC_sendto+0x358/0x5a0 [ 41.298244] ? check_noncircular+0x20/0x20 [ 41.302452] ? rt_add_uncached_list+0xa2/0x240 [ 41.307004] ? check_noncircular+0x20/0x20 [ 41.311215] xfrm_resolve_and_create_bundle+0x186/0x24b0 [ 41.316641] ? do_raw_spin_trylock+0x190/0x190 [ 41.321195] ? __local_bh_enable_ip+0x9d/0x160 [ 41.325761] ? xfrm_tmpl_resolve+0xc00/0xc00 [ 41.330144] ? lock_downgrade+0x990/0x990 [ 41.334267] ? dst_init+0x4d9/0x6a0 [ 41.337870] ? xfrm_selector_match+0xe00/0xe00 [ 41.342422] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 41.347587] ? lock_release+0xd70/0xd70 [ 41.351535] ? refcount_inc_not_zero+0xfe/0x180 [ 41.356183] ? xfrm_selector_match+0x3b/0xe00 [ 41.360654] ? xfrm_sk_policy_lookup+0x2cf/0x3d0 [ 41.365383] ? xfrm_selector_match+0xe00/0xe00 [ 41.369937] ? check_noncircular+0x20/0x20 [ 41.374141] ? ip_route_output_key_hash_rcu+0x604/0x2c20 [ 41.379567] xfrm_lookup+0xf0a/0x2540 [ 41.383337] ? xfrm_lookup+0xf0a/0x2540 [ 41.387283] ? ip_route_input_noref+0x1e0/0x1e0 [ 41.391933] ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0 [ 41.398311] ? find_held_lock+0x39/0x1d0 [ 41.402354] ? lock_downgrade+0x990/0x990 [ 41.406475] ? check_noncircular+0x20/0x20 [ 41.410687] ? ip_route_output_key_hash+0x1a6/0x370 [ 41.415676] ? find_held_lock+0x39/0x1d0 [ 41.419714] ? lock_release+0xd70/0xd70 [ 41.423667] ? lock_downgrade+0x990/0x990 [ 41.427798] ? ip_route_output_key_hash+0x252/0x370 [ 41.432787] ? ip_route_output_key_hash_rcu+0x2c20/0x2c20 [ 41.438293] ? lock_release+0xd70/0xd70 [ 41.442262] xfrm_lookup_route+0x39/0x1a0 [ 41.446389] ip_route_output_flow+0x7c/0xa0 [ 41.450682] udp_sendmsg+0x19b8/0x2cd0 [ 41.454543] ? ip_reply_glue_bits+0xb0/0xb0 [ 41.458845] ? udp_lib_get_port+0x1c00/0x1c00 [ 41.463318] ? ip4_datagram_connect+0x50/0x50 [ 41.467791] ? check_noncircular+0x20/0x20 [ 41.472003] ? do_raw_spin_trylock+0x190/0x190 [ 41.476556] ? lock_acquire+0x1d5/0x580 [ 41.480504] ? inet_autobind+0x1f/0x180 [ 41.484452] ? __local_bh_enable_ip+0x9d/0x160 [ 41.489011] ? release_sock+0x1d4/0x2a0 [ 41.492961] ? trace_hardirqs_on+0xd/0x10 [ 41.497083] ? release_sock+0x1d4/0x2a0 [ 41.501035] ? __release_sock+0x360/0x360 [ 41.505160] ? udp_v4_get_port+0x132/0x180 [ 41.509375] inet_sendmsg+0x11f/0x5e0 [ 41.513149] ? __might_sleep+0x95/0x190 [ 41.517096] ? inet_recvmsg+0x5f0/0x5f0 [ 41.521051] ? selinux_socket_sendmsg+0x36/0x40 [ 41.525693] ? security_socket_sendmsg+0x89/0xb0 [ 41.530422] ? inet_recvmsg+0x5f0/0x5f0 [ 41.534372] sock_sendmsg+0xca/0x110 [ 41.538061] SYSC_sendto+0x358/0x5a0 [ 41.541750] ? SYSC_connect+0x480/0x480 [ 41.545711] ? mm_fault_error+0x2c0/0x2c0 [ 41.549834] ? ip_setsockopt+0x6f/0xb0 [ 41.553704] ? __do_page_fault+0xd60/0xd60 [ 41.557922] ? SyS_setsockopt+0x215/0x360 [ 41.562046] ? lockdep_sys_exit+0x47/0xf0 [ 41.566165] ? entry_SYSCALL_64_fastpath+0x5/0xbe [ 41.570980] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 41.575968] SyS_sendto+0x40/0x50 [ 41.579397] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 41.584121] RIP: 0033:0x43fee9 [ 41.587282] RSP: 002b:00007ffc98e82be8 EFLAGS: 00000217 ORIG_RAX: 000000000000002c [ 41.594975] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fee9 [ 41.602215] RDX: 0000000000000000 RSI: 000000002010affe RDI: 0000000000000003 [ 41.609639] RBP: 0000000000000086 R08: 00000000202f9000 R09: 0000000000000010 [ 41.616882] R10: 000000002004487c R11: 0000000000000217 R12: 0000000000401850 [ 41.624127] R13: 00000000004018e0 R14: 0000000000000000 R15: 0000000000000000 [ 41.631386] [ 41.632983] The buggy address belongs to the page: [ 41.637883] page:ffffea000700c3c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 41.645998] flags: 0x200000000000000() [ 41.649855] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff [ 41.657706] raw: 0000000000000000 ffffea000700c3e0 0000000000000000 0000000000000000 [ 41.665554] page dumped because: kasan: bad access detected [ 41.671230] [ 41.672826] Memory state around the buggy address: [ 41.677723] ffff8801c030f980: 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 f2 f2 f2 f2 [ 41.685050] ffff8801c030fa00: 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 [ 41.692379] >ffff8801c030fa80: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 [ 41.699707] ^ [ 41.706950] ffff8801c030fb00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2 [ 41.714280] ffff8801c030fb80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1 [ 41.721606] ================================================================== [ 41.728934] Disabling lock debugging due to kernel taint [ 41.734418] Kernel panic - not syncing: panic_on_warn set ... [ 41.734418] [ 41.741749] CPU: 0 PID: 2983 Comm: syzkaller407861 Tainted: G B 4.14.0-rc2-mm1+ #10 [ 41.750633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.759965] Call Trace: [ 41.762526] dump_stack+0x194/0x257 [ 41.766125] ? arch_local_irq_restore+0x53/0x53 [ 41.770761] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 41.775495] ? xfrm_state_find+0x2fa0/0x3190 [ 41.779874] panic+0x1e4/0x417 [ 41.783034] ? __warn+0x1d9/0x1d9 [ 41.786459] ? xfrm_state_find+0x305b/0x3190 [ 41.790838] kasan_end_report+0x50/0x50 [ 41.794776] kasan_report+0x144/0x340 [ 41.798543] __asan_report_load4_noabort+0x14/0x20 [ 41.803436] xfrm_state_find+0x305b/0x3190 [ 41.807635] ? unwind_get_return_address+0x61/0xa0 [ 41.812532] ? __save_stack_trace+0x61/0xd0 [ 41.816826] ? xfrm_state_afinfo_get_rcu+0x160/0x160 [ 41.821900] ? copy_trace+0x1d0/0x1d0 [ 41.825673] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 41.830826] ? check_noncircular+0x20/0x20 [ 41.835026] ? lock_downgrade+0x990/0x990 [ 41.839144] ? find_held_lock+0x39/0x1d0 [ 41.843175] ? __lock_acquire+0x732/0x4620 [ 41.847376] ? find_held_lock+0x39/0x1d0 [ 41.851412] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 41.856569] ? depot_save_stack+0x1c2/0x490 [ 41.860860] ? do_raw_spin_trylock+0x190/0x190 [ 41.865410] ? check_noncircular+0x20/0x20 [ 41.869607] ? kernel_text_address+0x102/0x140 [ 41.874157] xfrm_tmpl_resolve+0x309/0xc00 [ 41.878367] ? __xfrm_decode_session+0x100/0x100 [ 41.883093] ? lock_downgrade+0x990/0x990 [ 41.887207] ? inet_sendmsg+0x11f/0x5e0 [ 41.891150] ? sock_sendmsg+0xca/0x110 [ 41.895001] ? SYSC_sendto+0x358/0x5a0 [ 41.898853] ? check_noncircular+0x20/0x20 [ 41.903055] ? rt_add_uncached_list+0xa2/0x240 [ 41.907611] ? check_noncircular+0x20/0x20 [ 41.911813] xfrm_resolve_and_create_bundle+0x186/0x24b0 [ 41.917233] ? do_raw_spin_trylock+0x190/0x190 [ 41.921781] ? __local_bh_enable_ip+0x9d/0x160 [ 41.926334] ? xfrm_tmpl_resolve+0xc00/0xc00 [ 41.930708] ? lock_downgrade+0x990/0x990 [ 41.934821] ? dst_init+0x4d9/0x6a0 [ 41.938414] ? xfrm_selector_match+0xe00/0xe00 [ 41.942960] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 41.948119] ? lock_release+0xd70/0xd70 [ 41.952062] ? refcount_inc_not_zero+0xfe/0x180 [ 41.956699] ? xfrm_selector_match+0x3b/0xe00 [ 41.961163] ? xfrm_sk_policy_lookup+0x2cf/0x3d0 [ 41.965884] ? xfrm_selector_match+0xe00/0xe00 [ 41.970434] ? check_noncircular+0x20/0x20 [ 41.974634] ? ip_route_output_key_hash_rcu+0x604/0x2c20 [ 41.980051] xfrm_lookup+0xf0a/0x2540 [ 41.983814] ? xfrm_lookup+0xf0a/0x2540 [ 41.987758] ? ip_route_input_noref+0x1e0/0x1e0 [ 41.992395] ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0 [ 41.998767] ? find_held_lock+0x39/0x1d0 [ 42.002800] ? lock_downgrade+0x990/0x990 [ 42.006913] ? check_noncircular+0x20/0x20 [ 42.011116] ? ip_route_output_key_hash+0x1a6/0x370 [ 42.016096] ? find_held_lock+0x39/0x1d0 [ 42.020126] ? lock_release+0xd70/0xd70 [ 42.024070] ? lock_downgrade+0x990/0x990 [ 42.028189] ? ip_route_output_key_hash+0x252/0x370 [ 42.033171] ? ip_route_output_key_hash_rcu+0x2c20/0x2c20 [ 42.038672] ? lock_release+0xd70/0xd70 [ 42.042617] xfrm_lookup_route+0x39/0x1a0 [ 42.046731] ip_route_output_flow+0x7c/0xa0 [ 42.051019] udp_sendmsg+0x19b8/0x2cd0 [ 42.054875] ? ip_reply_glue_bits+0xb0/0xb0 [ 42.059165] ? udp_lib_get_port+0x1c00/0x1c00 [ 42.063630] ? ip4_datagram_connect+0x50/0x50 [ 42.068089] ? check_noncircular+0x20/0x20 [ 42.072292] ? do_raw_spin_trylock+0x190/0x190 [ 42.076839] ? lock_acquire+0x1d5/0x580 [ 42.080780] ? inet_autobind+0x1f/0x180 [ 42.084720] ? __local_bh_enable_ip+0x9d/0x160 [ 42.089269] ? release_sock+0x1d4/0x2a0 [ 42.093208] ? trace_hardirqs_on+0xd/0x10 [ 42.097323] ? release_sock+0x1d4/0x2a0 [ 42.101263] ? __release_sock+0x360/0x360 [ 42.105378] ? udp_v4_get_port+0x132/0x180 [ 42.109580] inet_sendmsg+0x11f/0x5e0 [ 42.113351] ? __might_sleep+0x95/0x190 [ 42.117291] ? inet_recvmsg+0x5f0/0x5f0