INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-next-kasan-gce-5,10.128.0.37' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 44.973591] ================================================================== [ 44.981099] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x305b/0x3190 [ 44.988254] Read of size 4 at addr ffff8801ce6d74e0 by task syzkaller246001/2984 [ 44.995763] [ 44.997362] CPU: 1 PID: 2984 Comm: syzkaller246001 Not tainted 4.13.0-next-20170905+ #15 [ 45.005556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.014877] Call Trace: [ 45.017434] dump_stack+0x194/0x257 [ 45.021033] ? arch_local_irq_restore+0x53/0x53 [ 45.025675] ? show_regs_print_info+0x65/0x65 [ 45.030143] ? lock_release+0xd70/0xd70 [ 45.034086] ? xfrm_state_find+0x305b/0x3190 [ 45.038467] print_address_description+0x73/0x250 [ 45.043280] ? xfrm_state_find+0x305b/0x3190 [ 45.047662] kasan_report+0x24e/0x340 [ 45.051438] __asan_report_load4_noabort+0x14/0x20 [ 45.056334] xfrm_state_find+0x305b/0x3190 [ 45.060537] ? __save_stack_trace+0x61/0xd0 [ 45.064860] ? xfrm_state_afinfo_get_rcu+0x160/0x160 [ 45.069938] ? copy_trace+0x1d0/0x1d0 [ 45.073721] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 45.078892] ? check_noncircular+0x20/0x20 [ 45.083113] ? lock_downgrade+0x990/0x990 [ 45.087230] ? save_stack_trace+0x16/0x20 [ 45.091346] ? __lock_acquire+0x20fd/0x4620 [ 45.095640] ? find_held_lock+0x39/0x1d0 [ 45.099682] ? __lock_acquire+0x732/0x4620 [ 45.103901] ? find_held_lock+0x39/0x1d0 [ 45.107948] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 45.113111] ? depot_save_stack+0x1c2/0x490 [ 45.117411] ? do_raw_spin_trylock+0x190/0x190 [ 45.121979] ? check_noncircular+0x20/0x20 [ 45.126197] xfrm_tmpl_resolve+0x2fb/0xbd0 [ 45.130419] ? __xfrm_decode_session+0x100/0x100 [ 45.135152] ? lock_downgrade+0x990/0x990 [ 45.139269] ? udpv6_sendmsg+0x743/0x3380 [ 45.143383] ? inet_sendmsg+0x11f/0x5e0 [ 45.147323] ? sock_sendmsg+0xca/0x110 [ 45.151204] ? check_noncircular+0x20/0x20 [ 45.155408] ? rt_add_uncached_list+0xa2/0x240 [ 45.159958] ? check_noncircular+0x20/0x20 [ 45.164181] xfrm_resolve_and_create_bundle+0x186/0x24b0 [ 45.169619] ? xfrm_tmpl_resolve+0xbd0/0xbd0 [ 45.173997] ? lock_downgrade+0x990/0x990 [ 45.178129] ? dst_init+0x4d9/0x6a0 [ 45.181735] ? xfrm_selector_match+0xe00/0xe00 [ 45.186288] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 45.191451] ? lock_release+0xd70/0xd70 [ 45.195397] ? refcount_inc_not_zero+0xfe/0x180 [ 45.200041] ? xfrm_selector_match+0x3b/0xe00 [ 45.204527] ? xfrm_sk_policy_lookup+0x2cf/0x3d0 [ 45.209283] ? xfrm_selector_match+0xe00/0xe00 [ 45.213836] ? check_noncircular+0x20/0x20 [ 45.218040] ? ip_route_output_key_hash_rcu+0x604/0x2c20 [ 45.223467] xfrm_lookup+0xf0a/0x2540 [ 45.227234] ? xfrm_lookup+0xf0a/0x2540 [ 45.231180] ? ip_route_input_noref+0x1e0/0x1e0 [ 45.235825] ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0 [ 45.242235] ? find_held_lock+0x39/0x1d0 [ 45.246279] ? lock_downgrade+0x990/0x990 [ 45.250404] ? ip_route_output_key_hash+0x1a6/0x370 [ 45.255391] ? find_held_lock+0x39/0x1d0 [ 45.259424] ? lock_release+0xd70/0xd70 [ 45.263387] ? lock_downgrade+0x990/0x990 [ 45.267530] ? ip_route_output_key_hash+0x252/0x370 [ 45.272520] ? ip_route_output_key_hash_rcu+0x2c20/0x2c20 [ 45.278026] ? lock_release+0xd70/0xd70 [ 45.281979] xfrm_lookup_route+0x39/0x1a0 [ 45.286103] ip_route_output_flow+0x7c/0xa0 [ 45.290395] udp_sendmsg+0x1958/0x2c70 [ 45.294255] ? ip_reply_glue_bits+0xb0/0xb0 [ 45.298553] ? udp4_seq_show+0x7d0/0x7d0 [ 45.302581] ? lock_downgrade+0x990/0x990 [ 45.306701] ? __local_bh_enable_ip+0x9d/0x160 [ 45.311255] ? udp_lib_get_port+0xc34/0x1c00 [ 45.315647] ? check_noncircular+0x20/0x20 [ 45.319853] ? udp_lib_get_port+0x793/0x1c00 [ 45.324232] ? trace_hardirqs_on+0xd/0x10 [ 45.328363] ? __local_bh_enable_ip+0x9d/0x160 [ 45.332919] ? check_noncircular+0x20/0x20 [ 45.337129] udpv6_sendmsg+0x743/0x3380 [ 45.341102] ? udpv6_setsockopt+0x80/0x80 [ 45.345250] ? lock_downgrade+0x990/0x990 [ 45.349369] ? lock_downgrade+0x990/0x990 [ 45.353487] ? lock_release+0xd70/0xd70 [ 45.357453] ? __local_bh_enable_ip+0x9d/0x160 [ 45.362014] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 45.367018] ? release_sock+0x1d4/0x2a0 [ 45.370960] ? trace_hardirqs_on+0xd/0x10 [ 45.375076] ? __local_bh_enable_ip+0x9d/0x160 [ 45.379630] ? _raw_spin_unlock_bh+0x30/0x40 [ 45.384008] ? release_sock+0x1d4/0x2a0 [ 45.387949] ? __release_sock+0x360/0x360 [ 45.392065] ? udp6_portaddr_hash+0x146/0x2f0 [ 45.396534] ? udp_v6_get_port+0x9c/0xc0 [ 45.400572] inet_sendmsg+0x11f/0x5e0 [ 45.404352] ? inet_sendmsg+0x11f/0x5e0 [ 45.408296] ? inet_recvmsg+0x5f0/0x5f0 [ 45.412290] ? selinux_socket_sendmsg+0x36/0x40 [ 45.416930] ? security_socket_sendmsg+0x89/0xb0 [ 45.421667] ? inet_recvmsg+0x5f0/0x5f0 [ 45.425615] sock_sendmsg+0xca/0x110 [ 45.429314] ___sys_sendmsg+0x322/0x8a0 [ 45.433263] ? copy_msghdr_from_user+0x590/0x590 [ 45.437991] ? __handle_mm_fault+0x587/0x39c0 [ 45.442465] ? __pmd_alloc+0x4e0/0x4e0 [ 45.446348] ? fget_raw+0x20/0x20 [ 45.449785] ? lock_downgrade+0x990/0x990 [ 45.453914] ? __fdget+0x18/0x20 [ 45.457255] __sys_sendmmsg+0x1e6/0x5f0 [ 45.461202] ? __sys_sendmmsg+0x1e6/0x5f0 [ 45.465337] ? SyS_sendmsg+0x50/0x50 [ 45.469025] ? up_read+0x1a/0x40 [ 45.472363] ? __do_page_fault+0x35b/0xb60 [ 45.476630] ? __do_page_fault+0xb60/0xb60 [ 45.480849] ? SyS_setsockopt+0x215/0x360 [ 45.484984] ? lockdep_sys_exit+0x47/0xf0 [ 45.489105] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 45.494105] SyS_sendmmsg+0x35/0x60 [ 45.497707] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 45.502442] RIP: 0033:0x440099 [ 45.505601] RSP: 002b:00007ffd9e03e3e8 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 45.513280] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440099 [ 45.520523] RDX: 0000000000000001 RSI: 0000000020498000 RDI: 0000000000000003 [ 45.527781] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 [ 45.535056] R10: 0000000000040004 R11: 0000000000000217 R12: 0000000000401a00 [ 45.542301] R13: 0000000000401a90 R14: 0000000000000000 R15: 0000000000000000 [ 45.549564] [ 45.551159] The buggy address belongs to the page: [ 45.556060] page:ffffea000739b5c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 45.564185] flags: 0x200000000000000() [ 45.568049] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff [ 45.575897] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 [ 45.583746] page dumped because: kasan: bad access detected [ 45.589422] [ 45.591017] Memory state around the buggy address: [ 45.595913] ffff8801ce6d7380: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 [ 45.603252] ffff8801ce6d7400: f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 00 00 [ 45.610591] >ffff8801ce6d7480: 00 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2 f2 [ 45.617932] ^ [ 45.624390] ffff8801ce6d7500: f2 00 00 00 00 00 00 00 00 00 f2 f2 f2 f3 f3 f3 [ 45.631724] ffff8801ce6d7580: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.639052] ================================================================== [ 45.646376] Disabling lock debugging due to kernel taint [ 45.651840] Kernel panic - not syncing: panic_on_warn set ... [ 45.651840] [ 45.659178] CPU: 1 PID: 2984 Comm: syzkaller246001 Tainted: G B 4.13.0-next-20170905+ #15 [ 45.668597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.677913] Call Trace: [ 45.680474] dump_stack+0x194/0x257 [ 45.684065] ? arch_local_irq_restore+0x53/0x53 [ 45.688701] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 45.693424] ? xfrm_state_find+0x2fc0/0x3190 [ 45.697795] panic+0x1e4/0x417 [ 45.700949] ? __warn+0x1d9/0x1d9 [ 45.704379] ? xfrm_state_find+0x305b/0x3190 [ 45.708758] kasan_end_report+0x50/0x50 [ 45.712702] kasan_report+0x137/0x340 [ 45.716473] __asan_report_load4_noabort+0x14/0x20 [ 45.721372] xfrm_state_find+0x305b/0x3190 [ 45.725577] ? __save_stack_trace+0x61/0xd0 [ 45.729875] ? xfrm_state_afinfo_get_rcu+0x160/0x160 [ 45.734948] ? copy_trace+0x1d0/0x1d0 [ 45.738719] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 45.743876] ? check_noncircular+0x20/0x20 [ 45.748082] ? lock_downgrade+0x990/0x990 [ 45.752194] ? save_stack_trace+0x16/0x20 [ 45.756307] ? __lock_acquire+0x20fd/0x4620 [ 45.760607] ? find_held_lock+0x39/0x1d0 [ 45.764635] ? __lock_acquire+0x732/0x4620 [ 45.768834] ? find_held_lock+0x39/0x1d0 [ 45.772868] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 45.778052] ? depot_save_stack+0x1c2/0x490 [ 45.782358] ? do_raw_spin_trylock+0x190/0x190 [ 45.786927] ? check_noncircular+0x20/0x20 [ 45.791130] xfrm_tmpl_resolve+0x2fb/0xbd0 [ 45.795347] ? __xfrm_decode_session+0x100/0x100 [ 45.800623] ? lock_downgrade+0x990/0x990 [ 45.804738] ? udpv6_sendmsg+0x743/0x3380 [ 45.808869] ? inet_sendmsg+0x11f/0x5e0 [ 45.812807] ? sock_sendmsg+0xca/0x110 [ 45.816660] ? check_noncircular+0x20/0x20 [ 45.820860] ? rt_add_uncached_list+0xa2/0x240 [ 45.825404] ? check_noncircular+0x20/0x20 [ 45.829632] xfrm_resolve_and_create_bundle+0x186/0x24b0 [ 45.835057] ? xfrm_tmpl_resolve+0xbd0/0xbd0 [ 45.839430] ? lock_downgrade+0x990/0x990 [ 45.843540] ? dst_init+0x4d9/0x6a0 [ 45.847137] ? xfrm_selector_match+0xe00/0xe00 [ 45.851685] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 45.856844] ? lock_release+0xd70/0xd70 [ 45.860787] ? refcount_inc_not_zero+0xfe/0x180 [ 45.865421] ? xfrm_selector_match+0x3b/0xe00 [ 45.869882] ? xfrm_sk_policy_lookup+0x2cf/0x3d0 [ 45.874605] ? xfrm_selector_match+0xe00/0xe00 [ 45.879164] ? check_noncircular+0x20/0x20 [ 45.883364] ? ip_route_output_key_hash_rcu+0x604/0x2c20 [ 45.888780] xfrm_lookup+0xf0a/0x2540 [ 45.892542] ? xfrm_lookup+0xf0a/0x2540 [ 45.896481] ? ip_route_input_noref+0x1e0/0x1e0 [ 45.901117] ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0 [ 45.907492] ? find_held_lock+0x39/0x1d0 [ 45.911522] ? lock_downgrade+0x990/0x990 [ 45.915643] ? ip_route_output_key_hash+0x1a6/0x370 [ 45.920625] ? find_held_lock+0x39/0x1d0 [ 45.924654] ? lock_release+0xd70/0xd70 [ 45.928596] ? lock_downgrade+0x990/0x990 [ 45.932717] ? ip_route_output_key_hash+0x252/0x370 [ 45.937699] ? ip_route_output_key_hash_rcu+0x2c20/0x2c20 [ 45.943197] ? lock_release+0xd70/0xd70 [ 45.947138] xfrm_lookup_route+0x39/0x1a0 [ 45.951261] ip_route_output_flow+0x7c/0xa0 [ 45.955551] udp_sendmsg+0x1958/0x2c70 [ 45.959405] ? ip_reply_glue_bits+0xb0/0xb0 [ 45.963694] ? udp4_seq_show+0x7d0/0x7d0 [ 45.967717] ? lock_downgrade+0x990/0x990 [ 45.971828] ? __local_bh_enable_ip+0x9d/0x160