INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-9,10.128.0.3' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.667535] ================================================================== [ 40.674925] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x305b/0x3190 [ 40.682082] Read of size 4 at addr ffff8801ce7c74e0 by task syzkaller899874/2981 [ 40.689584] [ 40.691184] CPU: 1 PID: 2981 Comm: syzkaller899874 Not tainted 4.13.0-mm1+ #7 [ 40.698422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.707749] Call Trace: [ 40.710314] dump_stack+0x194/0x257 [ 40.713920] ? arch_local_irq_restore+0x53/0x53 [ 40.718559] ? show_regs_print_info+0x65/0x65 [ 40.723046] ? lock_release+0xd70/0xd70 [ 40.726991] ? xfrm_state_find+0x305b/0x3190 [ 40.731374] print_address_description+0x73/0x250 [ 40.736193] ? xfrm_state_find+0x305b/0x3190 [ 40.740579] kasan_report+0x24e/0x340 [ 40.744353] __asan_report_load4_noabort+0x14/0x20 [ 40.749254] xfrm_state_find+0x305b/0x3190 [ 40.753463] ? __save_stack_trace+0x61/0xd0 [ 40.757776] ? xfrm_state_afinfo_get_rcu+0x160/0x160 [ 40.762855] ? copy_trace+0x1d0/0x1d0 [ 40.766635] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 40.771793] ? check_noncircular+0x20/0x20 [ 40.776005] ? lock_downgrade+0x990/0x990 [ 40.780124] ? save_stack_trace+0x16/0x20 [ 40.784245] ? __lock_acquire+0x20fd/0x4620 [ 40.788540] ? find_held_lock+0x39/0x1d0 [ 40.792582] ? __lock_acquire+0x732/0x4620 [ 40.796788] ? find_held_lock+0x39/0x1d0 [ 40.800850] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 40.806013] ? depot_save_stack+0x1c2/0x490 [ 40.810311] ? do_raw_spin_trylock+0x190/0x190 [ 40.814871] ? check_noncircular+0x20/0x20 [ 40.819090] xfrm_tmpl_resolve+0x2fb/0xbd0 [ 40.823313] ? __xfrm_decode_session+0x100/0x100 [ 40.828047] ? lock_downgrade+0x990/0x990 [ 40.832166] ? udpv6_sendmsg+0x743/0x3380 [ 40.836285] ? inet_sendmsg+0x11f/0x5e0 [ 40.840226] ? sock_sendmsg+0xca/0x110 [ 40.844085] ? check_noncircular+0x20/0x20 [ 40.848292] ? rt_add_uncached_list+0xa2/0x240 [ 40.852842] ? check_noncircular+0x20/0x20 [ 40.857051] xfrm_resolve_and_create_bundle+0x186/0x24b0 [ 40.862492] ? xfrm_tmpl_resolve+0xbd0/0xbd0 [ 40.866872] ? lock_downgrade+0x990/0x990 [ 40.871076] ? dst_init+0x4d9/0x6a0 [ 40.874678] ? xfrm_selector_match+0xe00/0xe00 [ 40.879232] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 40.884402] ? lock_release+0xd70/0xd70 [ 40.888356] ? refcount_inc_not_zero+0xfe/0x180 [ 40.893003] ? xfrm_selector_match+0x3b/0xe00 [ 40.897473] ? xfrm_sk_policy_lookup+0x2cf/0x3d0 [ 40.902209] ? xfrm_selector_match+0xe00/0xe00 [ 40.906770] ? check_noncircular+0x20/0x20 [ 40.910976] ? ip_route_output_key_hash_rcu+0x604/0x2c20 [ 40.916400] xfrm_lookup+0xf0a/0x2540 [ 40.920170] ? xfrm_lookup+0xf0a/0x2540 [ 40.924114] ? ip_route_input_noref+0x1e0/0x1e0 [ 40.928764] ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0 [ 40.935155] ? find_held_lock+0x39/0x1d0 [ 40.939213] ? lock_downgrade+0x990/0x990 [ 40.943339] ? ip_route_output_key_hash+0x1a6/0x370 [ 40.948325] ? find_held_lock+0x39/0x1d0 [ 40.952361] ? lock_release+0xd70/0xd70 [ 40.956311] ? lock_downgrade+0x990/0x990 [ 40.960442] ? ip_route_output_key_hash+0x252/0x370 [ 40.965430] ? ip_route_output_key_hash_rcu+0x2c20/0x2c20 [ 40.970935] ? lock_release+0xd70/0xd70 [ 40.974888] xfrm_lookup_route+0x39/0x1a0 [ 40.979009] ip_route_output_flow+0x7c/0xa0 [ 40.983306] udp_sendmsg+0x1958/0x2c70 [ 40.987167] ? ip_reply_glue_bits+0xb0/0xb0 [ 40.991466] ? udp4_seq_show+0x7d0/0x7d0 [ 40.995502] ? lock_downgrade+0x990/0x990 [ 40.999621] ? __local_bh_enable_ip+0x9d/0x160 [ 41.004181] ? udp_lib_get_port+0xc34/0x1c00 [ 41.008585] ? check_noncircular+0x20/0x20 [ 41.012794] ? udp_lib_get_port+0x793/0x1c00 [ 41.017172] ? trace_hardirqs_on+0xd/0x10 [ 41.021292] ? __local_bh_enable_ip+0x9d/0x160 [ 41.025846] ? check_noncircular+0x20/0x20 [ 41.030059] udpv6_sendmsg+0x743/0x3380 [ 41.034020] ? udpv6_setsockopt+0x80/0x80 [ 41.038151] ? lock_downgrade+0x990/0x990 [ 41.042272] ? lock_downgrade+0x990/0x990 [ 41.046399] ? lock_release+0xd70/0xd70 [ 41.050363] ? __local_bh_enable_ip+0x9d/0x160 [ 41.054920] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 41.059908] ? release_sock+0x1d4/0x2a0 [ 41.063851] ? trace_hardirqs_on+0xd/0x10 [ 41.067969] ? __local_bh_enable_ip+0x9d/0x160 [ 41.072525] ? _raw_spin_unlock_bh+0x30/0x40 [ 41.076905] ? release_sock+0x1d4/0x2a0 [ 41.080851] ? __release_sock+0x360/0x360 [ 41.084967] ? udp6_portaddr_hash+0x146/0x2f0 [ 41.089437] ? udp_v6_get_port+0x9c/0xc0 [ 41.093476] inet_sendmsg+0x11f/0x5e0 [ 41.097247] ? inet_sendmsg+0x11f/0x5e0 [ 41.101196] ? inet_recvmsg+0x5f0/0x5f0 [ 41.105145] ? selinux_socket_sendmsg+0x36/0x40 [ 41.109782] ? security_socket_sendmsg+0x89/0xb0 [ 41.114507] ? inet_recvmsg+0x5f0/0x5f0 [ 41.118454] sock_sendmsg+0xca/0x110 [ 41.122138] ___sys_sendmsg+0x322/0x8a0 [ 41.126087] ? copy_msghdr_from_user+0x590/0x590 [ 41.130811] ? __handle_mm_fault+0x587/0x39c0 [ 41.135282] ? __pmd_alloc+0x4e0/0x4e0 [ 41.139156] ? fget_raw+0x20/0x20 [ 41.142589] ? lock_downgrade+0x990/0x990 [ 41.146716] ? __fdget+0x18/0x20 [ 41.150058] __sys_sendmmsg+0x1e6/0x5f0 [ 41.154004] ? __sys_sendmmsg+0x1e6/0x5f0 [ 41.158134] ? SyS_sendmsg+0x50/0x50 [ 41.161821] ? up_read+0x1a/0x40 [ 41.165163] ? __do_page_fault+0x35b/0xb60 [ 41.169386] ? __do_page_fault+0xb60/0xb60 [ 41.173596] ? SyS_setsockopt+0x215/0x360 [ 41.177722] ? lockdep_sys_exit+0x47/0xf0 [ 41.181847] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 41.186840] SyS_sendmmsg+0x35/0x60 [ 41.190442] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 41.195164] RIP: 0033:0x440099 [ 41.198325] RSP: 002b:00007ffe8f184948 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 [ 41.206006] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440099 [ 41.213246] RDX: 0000000000000001 RSI: 0000000020498000 RDI: 0000000000000003 [ 41.220486] RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000 [ 41.227724] R10: 0000000000040004 R11: 0000000000000217 R12: 0000000000401a00 [ 41.234964] R13: 0000000000401a90 R14: 0000000000000000 R15: 0000000000000000 [ 41.242222] [ 41.243816] The buggy address belongs to the page: [ 41.248720] page:ffffea000739f1c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 41.256830] flags: 0x200000000000000() [ 41.260688] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff [ 41.268538] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 [ 41.276382] page dumped because: kasan: bad access detected [ 41.282057] [ 41.283660] Memory state around the buggy address: [ 41.288557] ffff8801ce7c7380: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 [ 41.295885] ffff8801ce7c7400: f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 00 00 [ 41.303215] >ffff8801ce7c7480: 00 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2 f2 [ 41.310545] ^ [ 41.317007] ffff8801ce7c7500: f2 00 00 00 00 00 00 00 00 00 f2 f2 f2 f3 f3 f3 [ 41.324336] ffff8801ce7c7580: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.331674] ================================================================== [ 41.339000] Disabling lock debugging due to kernel taint [ 41.344464] Kernel panic - not syncing: panic_on_warn set ... [ 41.344464] [ 41.351797] CPU: 1 PID: 2981 Comm: syzkaller899874 Tainted: G B 4.13.0-mm1+ #7 [ 41.360249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.369566] Call Trace: [ 41.372387] dump_stack+0x194/0x257 [ 41.375989] ? arch_local_irq_restore+0x53/0x53 [ 41.380623] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 41.385349] ? xfrm_state_find+0x2fe0/0x3190 [ 41.389725] panic+0x1e4/0x417 [ 41.392881] ? __warn+0x1d9/0x1d9 [ 41.396304] ? xfrm_state_find+0x305b/0x3190 [ 41.400675] kasan_end_report+0x50/0x50 [ 41.404616] kasan_report+0x137/0x340 [ 41.408381] __asan_report_load4_noabort+0x14/0x20 [ 41.413275] xfrm_state_find+0x305b/0x3190 [ 41.417473] ? __save_stack_trace+0x61/0xd0 [ 41.421765] ? xfrm_state_afinfo_get_rcu+0x160/0x160 [ 41.426838] ? copy_trace+0x1d0/0x1d0 [ 41.430609] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 41.435764] ? check_noncircular+0x20/0x20 [ 41.439962] ? lock_downgrade+0x990/0x990 [ 41.444074] ? save_stack_trace+0x16/0x20 [ 41.448184] ? __lock_acquire+0x20fd/0x4620 [ 41.452472] ? find_held_lock+0x39/0x1d0 [ 41.456503] ? __lock_acquire+0x732/0x4620 [ 41.460698] ? find_held_lock+0x39/0x1d0 [ 41.464732] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 41.469887] ? depot_save_stack+0x1c2/0x490 [ 41.474179] ? do_raw_spin_trylock+0x190/0x190 [ 41.478724] ? check_noncircular+0x20/0x20 [ 41.482928] xfrm_tmpl_resolve+0x2fb/0xbd0 [ 41.487137] ? __xfrm_decode_session+0x100/0x100 [ 41.491860] ? lock_downgrade+0x990/0x990 [ 41.495971] ? udpv6_sendmsg+0x743/0x3380 [ 41.500089] ? inet_sendmsg+0x11f/0x5e0 [ 41.504026] ? sock_sendmsg+0xca/0x110 [ 41.507879] ? check_noncircular+0x20/0x20 [ 41.512078] ? rt_add_uncached_list+0xa2/0x240 [ 41.516631] ? check_noncircular+0x20/0x20 [ 41.520840] xfrm_resolve_and_create_bundle+0x186/0x24b0 [ 41.526270] ? xfrm_tmpl_resolve+0xbd0/0xbd0 [ 41.530645] ? lock_downgrade+0x990/0x990 [ 41.534756] ? dst_init+0x4d9/0x6a0 [ 41.538353] ? xfrm_selector_match+0xe00/0xe00 [ 41.542905] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 41.548059] ? lock_release+0xd70/0xd70 [ 41.552000] ? refcount_inc_not_zero+0xfe/0x180 [ 41.556644] ? xfrm_selector_match+0x3b/0xe00 [ 41.561103] ? xfrm_sk_policy_lookup+0x2cf/0x3d0 [ 41.565826] ? xfrm_selector_match+0xe00/0xe00 [ 41.570371] ? check_noncircular+0x20/0x20 [ 41.574570] ? ip_route_output_key_hash_rcu+0x604/0x2c20 [ 41.579993] xfrm_lookup+0xf0a/0x2540 [ 41.583756] ? xfrm_lookup+0xf0a/0x2540 [ 41.587697] ? ip_route_input_noref+0x1e0/0x1e0 [ 41.592342] ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0 [ 41.598713] ? find_held_lock+0x39/0x1d0 [ 41.602744] ? lock_downgrade+0x990/0x990 [ 41.606860] ? ip_route_output_key_hash+0x1a6/0x370 [ 41.611839] ? find_held_lock+0x39/0x1d0 [ 41.615865] ? lock_release+0xd70/0xd70 [ 41.619804] ? lock_downgrade+0x990/0x990 [ 41.623920] ? ip_route_output_key_hash+0x252/0x370 [ 41.628901] ? ip_route_output_key_hash_rcu+0x2c20/0x2c20 [ 41.634410] ? lock_release+0xd70/0xd70 [ 41.638368] xfrm_lookup_route+0x39/0x1a0 [ 41.642484] ip_route_output_flow+0x7c/0xa0 [ 41.646783] udp_sendmsg+0x1958/0x2c70 [ 41.650646] ? ip_reply_glue_bits+0xb0/0xb0 [ 41.654939] ? udp4_seq_show+0x7d0/0x7d0 [ 41.659030] ? lock_downgrade+0x990/0x990 [ 41.663141] ? __local_bh_enable_ip+0x9d/0x160 [ 41.667694] ? udp_lib_get_port+0xc34/0x1c00