INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-mmots-kasan-gce-4,10.128.0.35' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 43.336202] ================================================================== [ 43.337282] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x305b/0x3190 [ 43.338275] Read of size 4 at addr ffff8801ce4e7af8 by task syzkaller877548/2985 [ 43.339325] [ 43.339590] CPU: 1 PID: 2985 Comm: syzkaller877548 Not tainted 4.13.0-mm1+ #5 [ 43.340574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.341796] Call Trace: [ 43.342155] dump_stack+0x194/0x257 [ 43.342652] ? arch_local_irq_restore+0x53/0x53 [ 43.343277] ? show_regs_print_info+0x65/0x65 [ 43.343885] ? lock_release+0xd70/0xd70 [ 43.344424] ? xfrm_state_find+0x305b/0x3190 [ 43.345016] print_address_description+0x73/0x250 [ 43.345684] ? xfrm_state_find+0x305b/0x3190 [ 43.346292] kasan_report+0x24e/0x340 [ 43.346813] __asan_report_load4_noabort+0x14/0x20 [ 43.347472] xfrm_state_find+0x305b/0x3190 [ 43.348041] ? unwind_get_return_address+0x61/0xa0 [ 43.348701] ? __save_stack_trace+0x61/0xd0 [ 43.349303] ? xfrm_state_afinfo_get_rcu+0x160/0x160 [ 43.349992] ? copy_trace+0x1d0/0x1d0 [ 43.350516] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 43.351206] ? check_noncircular+0x20/0x20 [ 43.351778] ? lock_downgrade+0x990/0x990 [ 43.352346] ? find_held_lock+0x39/0x1d0 [ 43.352902] ? __lock_acquire+0x732/0x4620 [ 43.353473] ? find_held_lock+0x39/0x1d0 [ 43.354052] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 43.354769] ? depot_save_stack+0x1c2/0x490 [ 43.355369] ? do_raw_spin_trylock+0x190/0x190 [ 43.356003] ? check_noncircular+0x20/0x20 [ 43.358370] xfrm_tmpl_resolve+0x2fb/0xbd0 [ 43.362600] ? __xfrm_decode_session+0x100/0x100 [ 43.367333] ? lock_downgrade+0x990/0x990 [ 43.371450] ? inet_sendmsg+0x11f/0x5e0 [ 43.375395] ? sock_sendmsg+0xca/0x110 [ 43.379258] ? SYSC_sendto+0x358/0x5a0 [ 43.383121] ? check_noncircular+0x20/0x20 [ 43.387325] ? rt_add_uncached_list+0xa2/0x240 [ 43.391878] ? check_noncircular+0x20/0x20 [ 43.396097] xfrm_resolve_and_create_bundle+0x186/0x24b0 [ 43.401518] ? kmem_cache_alloc+0x4a2/0x760 [ 43.405814] ? __local_bh_enable_ip+0x9d/0x160 [ 43.410384] ? xfrm_tmpl_resolve+0xbd0/0xbd0 [ 43.414766] ? lock_downgrade+0x990/0x990 [ 43.418884] ? dst_init+0x4d9/0x6a0 [ 43.422491] ? xfrm_selector_match+0xe00/0xe00 [ 43.427056] ? lock_release+0xd70/0xd70 [ 43.431008] ? refcount_inc_not_zero+0xfe/0x180 [ 43.435658] ? xfrm_selector_match+0x3b/0xe00 [ 43.440130] ? xfrm_sk_policy_lookup+0x2cf/0x3d0 [ 43.444863] ? xfrm_selector_match+0xe00/0xe00 [ 43.449421] ? check_noncircular+0x20/0x20 [ 43.453625] ? ip_route_output_key_hash_rcu+0x604/0x2c20 [ 43.459052] xfrm_lookup+0xf0a/0x2540 [ 43.462822] ? xfrm_lookup+0xf0a/0x2540 [ 43.466769] ? ip_route_input_noref+0x1e0/0x1e0 [ 43.471413] ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0 [ 43.477792] ? find_held_lock+0x39/0x1d0 [ 43.481832] ? lock_downgrade+0x990/0x990 [ 43.485959] ? ip_route_output_key_hash+0x1a6/0x370 [ 43.490952] ? lock_release+0xd70/0xd70 [ 43.494908] ? kasan_check_write+0x14/0x20 [ 43.499120] ? ip_route_output_key_hash+0x252/0x370 [ 43.504107] ? ip_route_output_key_hash_rcu+0x2c20/0x2c20 [ 43.509621] xfrm_lookup_route+0x39/0x1a0 [ 43.513739] ip_route_output_flow+0x7c/0xa0 [ 43.518034] raw_sendmsg+0xc4f/0x38c0 [ 43.521823] ? raw_setsockopt+0xd0/0xd0 [ 43.525767] ? lock_downgrade+0x990/0x990 [ 43.529888] ? lru_cache_add_active_or_unevictable+0x20e/0x540 [ 43.535828] ? add_page_to_unevictable_list+0x730/0x730 [ 43.541163] ? do_raw_spin_trylock+0x190/0x190 [ 43.545719] ? do_raw_spin_trylock+0x190/0x190 [ 43.550290] ? lock_downgrade+0x990/0x990 [ 43.554414] ? __might_fault+0xe0/0x1d0 [ 43.558358] ? sock_has_perm+0x29c/0x400 [ 43.562394] ? selinux_tun_dev_create+0xc0/0xc0 [ 43.567033] ? lock_release+0xd70/0xd70 [ 43.570976] ? check_same_owner+0x320/0x320 [ 43.575266] ? __check_object_size+0x25d/0x4f0 [ 43.579822] inet_sendmsg+0x11f/0x5e0 [ 43.583591] ? __might_sleep+0x95/0x190 [ 43.587535] ? inet_recvmsg+0x5f0/0x5f0 [ 43.591481] ? selinux_socket_sendmsg+0x36/0x40 [ 43.596118] ? security_socket_sendmsg+0x89/0xb0 [ 43.600842] ? inet_recvmsg+0x5f0/0x5f0 [ 43.604789] sock_sendmsg+0xca/0x110 [ 43.608473] SYSC_sendto+0x358/0x5a0 [ 43.612160] ? SYSC_connect+0x480/0x480 [ 43.616112] ? __handle_mm_fault+0x39c0/0x39c0 [ 43.620671] ? up_read+0x1a/0x40 [ 43.624009] ? __do_page_fault+0x35b/0xb60 [ 43.628234] ? __do_page_fault+0xb60/0xb60 [ 43.632449] ? SyS_setsockopt+0x215/0x360 [ 43.636571] ? lockdep_sys_exit+0x47/0xf0 [ 43.640687] ? entry_SYSCALL_64_fastpath+0x5/0xbe [ 43.645502] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 43.650490] SyS_sendto+0x40/0x50 [ 43.653915] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 43.658637] RIP: 0033:0x43ff99 [ 43.661796] RSP: 002b:00007fffff5f99e8 EFLAGS: 00000217 ORIG_RAX: 000000000000002c [ 43.669474] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff99 [ 43.676711] RDX: 0000000000000040 RSI: 0000000020fdbfc0 RDI: 0000000000000003 [ 43.683948] RBP: 0000000000000082 R08: 0000000020fdbff0 R09: 0000000000000010 [ 43.691185] R10: 0000000000000080 R11: 0000000000000217 R12: 0000000000401900 [ 43.698423] R13: 0000000000401990 R14: 0000000000000000 R15: 0000000000000000 [ 43.705678] [ 43.707273] The buggy address belongs to the page: [ 43.712170] page:ffffea00073939c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 43.720282] flags: 0x200000000000000() [ 43.724137] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff [ 43.731986] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 [ 43.739833] page dumped because: kasan: bad access detected [ 43.745509] [ 43.747103] Memory state around the buggy address: [ 43.752000] ffff8801ce4e7980: f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 f2 [ 43.759325] ffff8801ce4e7a00: f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00 [ 43.766656] >ffff8801ce4e7a80: 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 [ 43.773984] ^ [ 43.781223] ffff8801ce4e7b00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2 [ 43.788550] ffff8801ce4e7b80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1 [ 43.795875] ================================================================== [ 43.803201] Disabling lock debugging due to kernel taint [ 43.808663] Kernel panic - not syncing: panic_on_warn set ... [ 43.808663] [ 43.815990] CPU: 1 PID: 2985 Comm: syzkaller877548 Tainted: G B 4.13.0-mm1+ #5 [ 43.824868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.834184] Call Trace: [ 43.837084] dump_stack+0x194/0x257 [ 43.840680] ? arch_local_irq_restore+0x53/0x53 [ 43.845315] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 43.850038] ? xfrm_state_find+0x2fb0/0x3190 [ 43.854413] panic+0x1e4/0x417 [ 43.857569] ? __warn+0x1d9/0x1d9 [ 43.860992] ? xfrm_state_find+0x305b/0x3190 [ 43.865370] kasan_end_report+0x50/0x50 [ 43.869306] kasan_report+0x137/0x340 [ 43.873072] __asan_report_load4_noabort+0x14/0x20 [ 43.877967] xfrm_state_find+0x305b/0x3190 [ 43.882164] ? unwind_get_return_address+0x61/0xa0 [ 43.887058] ? __save_stack_trace+0x61/0xd0 [ 43.891349] ? xfrm_state_afinfo_get_rcu+0x160/0x160 [ 43.896418] ? copy_trace+0x1d0/0x1d0 [ 43.900187] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 43.905344] ? check_noncircular+0x20/0x20 [ 43.909542] ? lock_downgrade+0x990/0x990 [ 43.913662] ? find_held_lock+0x39/0x1d0 [ 43.917691] ? __lock_acquire+0x732/0x4620 [ 43.921892] ? find_held_lock+0x39/0x1d0 [ 43.925926] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 43.931081] ? depot_save_stack+0x1c2/0x490 [ 43.935370] ? do_raw_spin_trylock+0x190/0x190 [ 43.939918] ? check_noncircular+0x20/0x20 [ 43.944121] xfrm_tmpl_resolve+0x2fb/0xbd0 [ 43.948329] ? __xfrm_decode_session+0x100/0x100 [ 43.953054] ? lock_downgrade+0x990/0x990 [ 43.957167] ? inet_sendmsg+0x11f/0x5e0 [ 43.961106] ? sock_sendmsg+0xca/0x110 [ 43.964954] ? SYSC_sendto+0x358/0x5a0 [ 43.968807] ? check_noncircular+0x20/0x20 [ 43.973005] ? rt_add_uncached_list+0xa2/0x240 [ 43.977551] ? check_noncircular+0x20/0x20 [ 43.981750] xfrm_resolve_and_create_bundle+0x186/0x24b0 [ 43.987166] ? kmem_cache_alloc+0x4a2/0x760 [ 43.991453] ? __local_bh_enable_ip+0x9d/0x160 [ 43.996005] ? xfrm_tmpl_resolve+0xbd0/0xbd0 [ 44.000379] ? lock_downgrade+0x990/0x990 [ 44.004489] ? dst_init+0x4d9/0x6a0 [ 44.008081] ? xfrm_selector_match+0xe00/0xe00 [ 44.012628] ? lock_release+0xd70/0xd70 [ 44.016566] ? refcount_inc_not_zero+0xfe/0x180 [ 44.021200] ? xfrm_selector_match+0x3b/0xe00 [ 44.025659] ? xfrm_sk_policy_lookup+0x2cf/0x3d0 [ 44.030380] ? xfrm_selector_match+0xe00/0xe00 [ 44.034927] ? check_noncircular+0x20/0x20 [ 44.039125] ? ip_route_output_key_hash_rcu+0x604/0x2c20 [ 44.044540] xfrm_lookup+0xf0a/0x2540 [ 44.048305] ? xfrm_lookup+0xf0a/0x2540 [ 44.052244] ? ip_route_input_noref+0x1e0/0x1e0 [ 44.056880] ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0 [ 44.063249] ? find_held_lock+0x39/0x1d0 [ 44.067278] ? lock_downgrade+0x990/0x990 [ 44.071392] ? ip_route_output_key_hash+0x1a6/0x370 [ 44.076373] ? lock_release+0xd70/0xd70 [ 44.080318] ? kasan_check_write+0x14/0x20 [ 44.084518] ? ip_route_output_key_hash+0x252/0x370 [ 44.089501] ? ip_route_output_key_hash_rcu+0x2c20/0x2c20 [ 44.095008] xfrm_lookup_route+0x39/0x1a0 [ 44.099122] ip_route_output_flow+0x7c/0xa0 [ 44.103408] raw_sendmsg+0xc4f/0x38c0 [ 44.107179] ? raw_setsockopt+0xd0/0xd0 [ 44.111117] ? lock_downgrade+0x990/0x990 [ 44.115230] ? lru_cache_add_active_or_unevictable+0x20e/0x540 [ 44.121162] ? add_page_to_unevictable_list+0x730/0x730 [ 44.126488] ? do_raw_spin_trylock+0x190/0x190 [ 44.131037] ? do_raw_spin_trylock+0x190/0x190 [ 44.135592] ? lock_downgrade+0x990/0x990 [ 44.139710] ? __might_fault+0xe0/0x1d0 [ 44.143647] ? sock_has_perm+0x29c/0x400 [ 44.147671] ? selinux_tun_dev_create+0xc0/0xc0 [ 44.152302] ? lock_release+0xd70/0xd70 [ 44.156243] ? check_same_owner+0x320/0x320 [ 44.160528] ? __check_object_size+0x25d/0x4f0 [ 44.165091] inet_sendmsg+0x11f/0x5e0 [ 44.168855] ? __might_sleep+0x95/0x190 [ 44.172790] ? inet_recvmsg+0x5f0/0x5f0 [ 44.176728] ? selinux_socket_sendmsg+0x36/0x40 [ 44.181360] ? security_socket_sendmsg+0x89/0xb0 [ 44.186077] ? inet_recvmsg+0x5f0/0x5f0 [ 44.190015] sock_sendmsg+0xca/0x110 [ 44.193695] SYSC_sendto+0x358/0x5a0 [ 44.197373] ? SYSC_connect+0x480/0x480 [ 44.201308] ? __handle_mm_fault+0x39c0/0x39c0 [ 44.205856] ? up_read+0x1a/0x40 [ 44.209185] ? __do_page_fault+0x35b/0xb60 [ 44.213387] ? __do_page_fault+0xb60/0xb60 [ 44.217587] ? SyS_setsockopt+0x215/0x360 [ 44.221701] ? lockdep_sys_exit+0x47/0xf0 [ 44.225811] ? entry_SYSCALL_64_fastpath+0x5/0xbe [ 44.230617] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 44.235595] SyS_sendto+0x40/0x50 [ 44.239012] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 44.243732] RIP: 0033:0x43ff99 [ 44.246885] RSP: 002b:00007fffff5f99e8 EFLAGS: 00000217 ORIG_RAX: 000000000000002c [ 44.254625] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043ff99 [ 44.261861] RDX: 0000000000000040 RSI: 0000000020fdbfc0 RDI: 0000000000000003 [ 44.269096] RBP: 0000000000000082 R08: 0000000020fdbff0 R09: 0000000000000010 [ 44.276329] R10: 0000000000000080 R11: 0000000000000217 R12: 0000000000401900 [ 44.283563] R13: 0000000000401990 R14: 0000000000000000 R15: 0000000000000000 [ 44.290842] Dumping ftrace buffer: [ 44.294346] (ftrace buffer empty) [ 44.298024] Kernel Offset: disabled [ 44.301623] Rebooting in 86400 seconds..