[info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 9.175343] sshd (2902) used greatest stack depth: 14592 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-2,10.128.15.194' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.887360] ================================================================== [ 40.888496] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x303d/0x3170 [ 40.889463] Read of size 4 at addr ffff8801d26ef760 by task syzkaller519913/2990 [ 40.890515] [ 40.890749] CPU: 1 PID: 2990 Comm: syzkaller519913 Not tainted 4.14.0-rc5-mm1+ #19 [ 40.891757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.892988] Call Trace: [ 40.893372] dump_stack+0x194/0x257 [ 40.893865] ? arch_local_irq_restore+0x53/0x53 [ 40.894505] ? show_regs_print_info+0x65/0x65 [ 40.895111] ? lock_release+0xa40/0xa40 [ 40.895645] ? xfrm_state_find+0x303d/0x3170 [ 40.896248] print_address_description+0x73/0x250 [ 40.896893] ? xfrm_state_find+0x303d/0x3170 [ 40.897498] kasan_report+0x25b/0x340 [ 40.898123] __asan_report_load4_noabort+0x14/0x20 [ 40.898778] xfrm_state_find+0x303d/0x3170 [ 40.899376] ? xfrm_state_afinfo_get_rcu+0x160/0x160 [ 40.900071] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 40.900771] ? __is_insn_slot_addr+0x1fc/0x330 [ 40.901395] ? check_noncircular+0x20/0x20 [ 40.901962] ? lock_downgrade+0x990/0x990 [ 40.902530] ? __lock_acquire+0x6aa/0x3d50 [ 40.903101] ? is_bpf_text_address+0x7b/0x120 [ 40.903756] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 40.904464] ? depot_save_stack+0x3b5/0x490 [ 40.905042] ? lock_downgrade+0x990/0x990 [ 40.905601] ? do_raw_spin_trylock+0x190/0x190 [ 40.906235] ? is_bpf_text_address+0xa4/0x120 [ 40.906839] ? kernel_text_address+0x102/0x140 [ 40.907499] xfrm_tmpl_resolve+0x309/0xc00 [ 40.911729] ? __xfrm_decode_session+0x100/0x100 [ 40.916447] ? save_stack+0x43/0xd0 [ 40.920039] ? kasan_kmalloc+0xad/0xe0 [ 40.923891] ? kasan_slab_alloc+0x12/0x20 [ 40.928005] ? kmem_cache_alloc+0x12e/0x760 [ 40.932297] ? find_held_lock+0x35/0x1d0 [ 40.936334] ? rt_add_uncached_list+0x1b7/0x240 [ 40.940972] ? lock_downgrade+0x990/0x990 [ 40.945095] xfrm_resolve_and_create_bundle+0x186/0x24a0 [ 40.950516] ? do_raw_spin_trylock+0x190/0x190 [ 40.955071] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 40.960053] ? rt_add_uncached_list+0x1b7/0x240 [ 40.964695] ? _raw_spin_unlock_bh+0x30/0x40 [ 40.969079] ? xfrm_tmpl_resolve+0xc00/0xc00 [ 40.973469] ? find_held_lock+0x35/0x1d0 [ 40.977505] ? xfrm_sk_policy_lookup+0x2a6/0x3d0 [ 40.982227] ? lock_downgrade+0x990/0x990 [ 40.986344] ? lock_release+0xa40/0xa40 [ 40.990289] ? refcount_inc_not_zero+0xfe/0x180 [ 40.994929] ? xfrm_selector_match+0x3b/0xe00 [ 40.999398] ? xfrm_sk_policy_lookup+0x2cf/0x3d0 [ 41.004125] ? xfrm_selector_match+0xe00/0xe00 [ 41.008676] ? ip_route_output_key_hash_rcu+0x604/0x2c20 [ 41.014098] xfrm_lookup+0xf0a/0x2540 [ 41.017865] ? xfrm_lookup+0xf0a/0x2540 [ 41.021809] ? check_noncircular+0x20/0x20 [ 41.026017] ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0 [ 41.032393] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 41.037553] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 41.042540] ? find_held_lock+0x35/0x1d0 [ 41.046573] ? ip_route_output_key_hash+0x229/0x370 [ 41.051554] ? lock_downgrade+0x990/0x990 [ 41.055670] ? lock_release+0xa40/0xa40 [ 41.059614] ? find_held_lock+0x35/0x1d0 [ 41.063653] ? ip_route_output_key_hash+0x252/0x370 [ 41.068636] ? ip_route_output_key_hash_rcu+0x2c20/0x2c20 [ 41.074140] ? lock_release+0xa40/0xa40 [ 41.078089] xfrm_lookup_route+0x39/0x1a0 [ 41.082208] ip_route_output_flow+0x7c/0xa0 [ 41.086501] udp_sendmsg+0x19b8/0x2cd0 [ 41.090362] ? ip_reply_glue_bits+0xb0/0xb0 [ 41.094660] ? udp_lib_get_port+0x1c00/0x1c00 [ 41.099128] ? find_held_lock+0x35/0x1d0 [ 41.103162] ? udp_lib_get_port+0x793/0x1c00 [ 41.107537] ? lock_downgrade+0x990/0x990 [ 41.111665] ? __local_bh_enable_ip+0x9d/0x160 [ 41.116215] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 41.121197] ? udp_lib_get_port+0x793/0x1c00 [ 41.125570] ? trace_hardirqs_on+0xd/0x10 [ 41.129682] ? __local_bh_enable_ip+0x9d/0x160 [ 41.134232] ? check_noncircular+0x20/0x20 [ 41.138430] ? udp_lib_get_port+0x798/0x1c00 [ 41.142810] udpv6_sendmsg+0x743/0x3380 [ 41.146754] ? check_noncircular+0x20/0x20 [ 41.150967] ? udpv6_setsockopt+0x80/0x80 [ 41.155088] ? reacquire_held_locks+0x1fd/0x3d0 [ 41.159722] ? reacquire_held_locks+0x1fd/0x3d0 [ 41.164362] ? find_held_lock+0x35/0x1d0 [ 41.168399] ? release_sock+0x1d4/0x2a0 [ 41.172339] ? lock_downgrade+0x990/0x990 [ 41.176452] ? lock_downgrade+0x990/0x990 [ 41.180568] ? do_raw_spin_trylock+0x190/0x190 [ 41.185122] ? __local_bh_enable_ip+0x9d/0x160 [ 41.189672] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 41.194654] ? release_sock+0x1d4/0x2a0 [ 41.198594] ? trace_hardirqs_on+0xd/0x10 [ 41.202707] ? __local_bh_enable_ip+0x9d/0x160 [ 41.207258] ? _raw_spin_unlock_bh+0x30/0x40 [ 41.211631] ? release_sock+0x1d4/0x2a0 [ 41.215574] ? __release_sock+0x360/0x360 [ 41.219685] ? udp6_portaddr_hash+0x146/0x2f0 [ 41.224152] ? udp_v6_get_port+0x9c/0xc0 [ 41.228184] inet_sendmsg+0x11f/0x5e0 [ 41.231951] ? inet_sendmsg+0x11f/0x5e0 [ 41.235893] ? __might_sleep+0x95/0x190 [ 41.239836] ? inet_recvmsg+0x5f0/0x5f0 [ 41.243780] ? selinux_socket_sendmsg+0x36/0x40 [ 41.248414] ? security_socket_sendmsg+0x89/0xb0 [ 41.253135] ? inet_recvmsg+0x5f0/0x5f0 [ 41.257076] sock_sendmsg+0xca/0x110 [ 41.260757] SYSC_sendto+0x352/0x5a0 [ 41.264440] ? SYSC_connect+0x470/0x470 [ 41.268392] ? mm_fault_error+0x2c0/0x2c0 [ 41.272511] ? ipv6_setsockopt+0xa8/0x150 [ 41.276634] ? __do_page_fault+0xd60/0xd60 [ 41.280846] ? SyS_recv+0x40/0x40 [ 41.284268] ? entry_SYSCALL_64_fastpath+0x5/0xbe [ 41.289078] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 41.294064] SyS_sendto+0x40/0x50 [ 41.297486] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 41.302207] RIP: 0033:0x43ff99 [ 41.305364] RSP: 002b:00007ffd04276458 EFLAGS: 00000217 ORIG_RAX: 000000000000002c [ 41.313039] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff99 [ 41.320275] RDX: 0000000000000000 RSI: 0000000020a9f000 RDI: 0000000000000003 [ 41.327509] RBP: 0000000000000082 R08: 00000000204e3fe4 R09: 000000000000001c [ 41.334744] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401900 [ 41.341979] R13: 0000000000401990 R14: 0000000000000000 R15: 0000000000000000 [ 41.349233] [ 41.350827] The buggy address belongs to the page: [ 41.355721] page:ffffea000749bbc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 41.363828] flags: 0x200000000000000() [ 41.367683] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff [ 41.375528] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 [ 41.383371] page dumped because: kasan: bad access detected [ 41.389044] [ 41.390638] Memory state around the buggy address: [ 41.395532] ffff8801d26ef600: 00 f1 f1 f1 f1 04 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 [ 41.402856] ffff8801d26ef680: f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 00 00 [ 41.410182] >ffff8801d26ef700: 00 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2 f2 [ 41.417504] ^ [ 41.423960] ffff8801d26ef780: f2 00 00 00 00 00 00 00 00 00 f2 f2 f2 f3 f3 f3 [ 41.431281] ffff8801d26ef800: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.438602] ================================================================== [ 41.445924] Disabling lock debugging due to kernel taint [ 41.451405] Kernel panic - not syncing: panic_on_warn set ... [ 41.451405] [ 41.458735] CPU: 1 PID: 2990 Comm: syzkaller519913 Tainted: G B 4.14.0-rc5-mm1+ #19 [ 41.467708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.477028] Call Trace: [ 41.479589] dump_stack+0x194/0x257 [ 41.483182] ? arch_local_irq_restore+0x53/0x53 [ 41.487817] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 41.492540] ? vsnprintf+0x1ed/0x1900 [ 41.496310] ? xfrm_state_find+0x2f60/0x3170 [ 41.500686] panic+0x1e4/0x41c [ 41.503843] ? refcount_error_report+0x214/0x214 [ 41.508565] ? add_taint+0x1c/0x50 [ 41.512072] ? add_taint+0x1c/0x50 [ 41.515578] ? xfrm_state_find+0x303d/0x3170 [ 41.519952] kasan_end_report+0x50/0x50 [ 41.523890] kasan_report+0x144/0x340 [ 41.527667] __asan_report_load4_noabort+0x14/0x20 [ 41.532559] xfrm_state_find+0x303d/0x3170 [ 41.536768] ? xfrm_state_afinfo_get_rcu+0x160/0x160 [ 41.541843] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 41.547008] ? __is_insn_slot_addr+0x1fc/0x330 [ 41.551553] ? check_noncircular+0x20/0x20 [ 41.555750] ? lock_downgrade+0x990/0x990 [ 41.559867] ? __lock_acquire+0x6aa/0x3d50 [ 41.564070] ? is_bpf_text_address+0x7b/0x120 [ 41.568535] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 41.573692] ? depot_save_stack+0x3b5/0x490 [ 41.577980] ? lock_downgrade+0x990/0x990 [ 41.582100] ? do_raw_spin_trylock+0x190/0x190 [ 41.586647] ? is_bpf_text_address+0xa4/0x120 [ 41.591109] ? kernel_text_address+0x102/0x140 [ 41.595658] xfrm_tmpl_resolve+0x309/0xc00 [ 41.599865] ? __xfrm_decode_session+0x100/0x100 [ 41.604583] ? save_stack+0x43/0xd0 [ 41.608172] ? kasan_kmalloc+0xad/0xe0 [ 41.612021] ? kasan_slab_alloc+0x12/0x20 [ 41.616131] ? kmem_cache_alloc+0x12e/0x760 [ 41.620419] ? find_held_lock+0x35/0x1d0 [ 41.624449] ? rt_add_uncached_list+0x1b7/0x240 [ 41.629081] ? lock_downgrade+0x990/0x990 [ 41.633196] xfrm_resolve_and_create_bundle+0x186/0x24a0 [ 41.638609] ? do_raw_spin_trylock+0x190/0x190 [ 41.643156] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 41.648137] ? rt_add_uncached_list+0x1b7/0x240 [ 41.652774] ? _raw_spin_unlock_bh+0x30/0x40 [ 41.657147] ? xfrm_tmpl_resolve+0xc00/0xc00 [ 41.661520] ? find_held_lock+0x35/0x1d0 [ 41.665550] ? xfrm_sk_policy_lookup+0x2a6/0x3d0 [ 41.670270] ? lock_downgrade+0x990/0x990 [ 41.674380] ? lock_release+0xa40/0xa40 [ 41.678320] ? refcount_inc_not_zero+0xfe/0x180 [ 41.682954] ? xfrm_selector_match+0x3b/0xe00 [ 41.687417] ? xfrm_sk_policy_lookup+0x2cf/0x3d0 [ 41.692138] ? xfrm_selector_match+0xe00/0xe00 [ 41.696684] ? ip_route_output_key_hash_rcu+0x604/0x2c20 [ 41.702099] xfrm_lookup+0xf0a/0x2540 [ 41.705862] ? xfrm_lookup+0xf0a/0x2540 [ 41.709800] ? check_noncircular+0x20/0x20 [ 41.714005] ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0 [ 41.720374] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 41.725528] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 41.730511] ? find_held_lock+0x35/0x1d0 [ 41.734540] ? ip_route_output_key_hash+0x229/0x370 [ 41.739519] ? lock_downgrade+0x990/0x990 [ 41.743630] ? lock_release+0xa40/0xa40 [ 41.747570] ? find_held_lock+0x35/0x1d0 [ 41.751605] ? ip_route_output_key_hash+0x252/0x370 [ 41.756586] ? ip_route_output_key_hash_rcu+0x2c20/0x2c20 [ 41.762085] ? lock_release+0xa40/0xa40 [ 41.766027] xfrm_lookup_route+0x39/0x1a0 [ 41.770140] ip_route_output_flow+0x7c/0xa0 [ 41.774428] udp_sendmsg+0x19b8/0x2cd0 [ 41.778283] ? ip_reply_glue_bits+0xb0/0xb0 [ 41.782573] ? udp_lib_get_port+0x1c00/0x1c00 [ 41.787035] ? find_held_lock+0x35/0x1d0 [ 41.791069] ? udp_lib_get_port+0x793/0x1c00 [ 41.795439] ? lock_downgrade+0x990/0x990 [ 41.799555] ? __local_bh_enable_ip+0x9d/0x160 [ 41.804100] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 41.809079] ? udp_lib_get_port+0x793/0x1c00 [ 41.813450] ? trace_hardirqs_on+0xd/0x10 [ 41.817560] ? __local_bh_enable_ip+0x9d/0x160 [ 41.822106] ? check_noncircular+0x20/0x20 [ 41.826302] ? udp_lib_get_port+0x798/0x1c00 [ 41.830680] udpv6_sendmsg+0x743/0x3380 [ 41.834619] ? check_noncircular+0x20/0x20 [ 41.838823] ? udpv6_setsockopt+0x80/0x80 [ 41.842936] ? reacquire_held_locks+0x1fd/0x3d0 [ 41.847572] ? reacquire_held_locks+0x1fd/0x3d0 [ 41.852207] ? find_held_lock+0x35/0x1d0 [ 41.856237] ? release_sock+0x1d4/0x2a0 [ 41.860174] ? lock_downgrade+0x990/0x990 [ 41.864285] ? lock_downgrade+0x990/0x990 [ 41.868399] ? do_raw_spin_trylock+0x190/0x190 [ 41.872948] ? __local_bh_enable_ip+0x9d/0x160 [ 41.877494] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 41.882481] ? release_sock+0x1d4/0x2a0 [ 41.886417] ? trace_hardirqs_on+0xd/0x10