INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-net-kasan-gce-2,10.128.15.207' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.987131] ================================================================== [ 41.994566] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x305b/0x3190 [ 42.001726] Read of size 4 at addr ffff8801ce7bfaf8 by task syzkaller090618/2984 [ 42.009230] [ 42.010833] CPU: 1 PID: 2984 Comm: syzkaller090618 Not tainted 4.14.0-rc1+ #59 [ 42.018165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.027491] Call Trace: [ 42.030054] dump_stack+0x194/0x257 [ 42.033656] ? arch_local_irq_restore+0x53/0x53 [ 42.038299] ? show_regs_print_info+0x65/0x65 [ 42.042771] ? lock_release+0xd70/0xd70 [ 42.046722] ? xfrm_state_find+0x305b/0x3190 [ 42.051115] print_address_description+0x73/0x250 [ 42.055929] ? xfrm_state_find+0x305b/0x3190 [ 42.060312] kasan_report+0x24e/0x340 [ 42.064089] __asan_report_load4_noabort+0x14/0x20 [ 42.068991] xfrm_state_find+0x305b/0x3190 [ 42.073199] ? unwind_get_return_address+0x61/0xa0 [ 42.078122] ? __save_stack_trace+0x61/0xd0 [ 42.082438] ? xfrm_state_afinfo_get_rcu+0x160/0x160 [ 42.087518] ? copy_trace+0x1d0/0x1d0 [ 42.091303] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 42.096465] ? check_noncircular+0x20/0x20 [ 42.100674] ? lock_downgrade+0x990/0x990 [ 42.104793] ? lock_pin_lock+0x370/0x370 [ 42.108843] ? find_held_lock+0x39/0x1d0 [ 42.112885] ? __lock_acquire+0x732/0x4620 [ 42.117093] ? find_held_lock+0x39/0x1d0 [ 42.121167] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 42.127040] ? depot_save_stack+0x1c2/0x490 [ 42.131353] ? do_raw_spin_trylock+0x190/0x190 [ 42.135918] ? check_noncircular+0x20/0x20 [ 42.140138] xfrm_tmpl_resolve+0x2fb/0xbd0 [ 42.144364] ? __xfrm_decode_session+0x100/0x100 [ 42.149101] ? lock_downgrade+0x990/0x990 [ 42.153234] ? inet_sendmsg+0x11f/0x5e0 [ 42.157184] ? sock_sendmsg+0xca/0x110 [ 42.161044] ? SYSC_sendto+0x358/0x5a0 [ 42.164906] ? check_noncircular+0x20/0x20 [ 42.169116] ? rt_add_uncached_list+0xa2/0x240 [ 42.173677] ? check_noncircular+0x20/0x20 [ 42.177886] ? unwind_next_frame.part.6+0x1ae/0xc70 [ 42.182882] xfrm_resolve_and_create_bundle+0x186/0x24b0 [ 42.188304] ? unwind_dump+0x4c0/0x4c0 [ 42.192162] ? SYSC_sendto+0x358/0x5a0 [ 42.196023] ? __local_bh_enable_ip+0x9d/0x160 [ 42.200589] ? xfrm_tmpl_resolve+0xbd0/0xbd0 [ 42.204973] ? lock_downgrade+0x990/0x990 [ 42.209095] ? dst_init+0x4d9/0x6a0 [ 42.212698] ? xfrm_selector_match+0xe00/0xe00 [ 42.217253] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 42.222413] ? __lock_acquire+0x20fd/0x4620 [ 42.226710] ? lock_release+0xd70/0xd70 [ 42.230661] ? refcount_inc_not_zero+0xfe/0x180 [ 42.235307] ? xfrm_selector_match+0x3b/0xe00 [ 42.239778] ? xfrm_sk_policy_lookup+0x2cf/0x3d0 [ 42.244513] ? xfrm_selector_match+0xe00/0xe00 [ 42.249068] ? check_noncircular+0x20/0x20 [ 42.253272] ? ip_route_output_key_hash_rcu+0x604/0x2c20 [ 42.258697] xfrm_lookup+0xf0a/0x2540 [ 42.262468] ? xfrm_lookup+0xf0a/0x2540 [ 42.266417] ? ip_route_input_noref+0x1e0/0x1e0 [ 42.271067] ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0 [ 42.277447] ? find_held_lock+0x39/0x1d0 [ 42.281492] ? lock_downgrade+0x990/0x990 [ 42.285614] ? check_noncircular+0x20/0x20 [ 42.289826] ? ip_route_output_key_hash+0x1a6/0x370 [ 42.294811] ? find_held_lock+0x39/0x1d0 [ 42.298848] ? lock_release+0xd70/0xd70 [ 42.302797] ? lock_downgrade+0x990/0x990 [ 42.306929] ? ip_route_output_key_hash+0x252/0x370 [ 42.311919] ? ip_route_output_key_hash_rcu+0x2c20/0x2c20 [ 42.317440] ? lock_release+0xd70/0xd70 [ 42.321417] xfrm_lookup_route+0x39/0x1a0 [ 42.325545] ip_route_output_flow+0x7c/0xa0 [ 42.329844] udp_sendmsg+0x19b8/0x2cd0 [ 42.333710] ? ip_reply_glue_bits+0xb0/0xb0 [ 42.338016] ? udp_lib_get_port+0x1c00/0x1c00 [ 42.342486] ? ip4_datagram_connect+0x50/0x50 [ 42.346961] ? do_raw_spin_trylock+0x190/0x190 [ 42.351518] ? lock_acquire+0x1d5/0x580 [ 42.355463] ? inet_autobind+0x1f/0x180 [ 42.359410] ? __local_bh_enable_ip+0x9d/0x160 [ 42.363968] ? release_sock+0x1d4/0x2a0 [ 42.367913] ? trace_hardirqs_on+0xd/0x10 [ 42.372036] ? release_sock+0x1d4/0x2a0 [ 42.375984] ? __release_sock+0x360/0x360 [ 42.380118] ? udp_v4_get_port+0x132/0x180 [ 42.384333] inet_sendmsg+0x11f/0x5e0 [ 42.388105] ? __might_sleep+0x95/0x190 [ 42.392065] ? inet_recvmsg+0x5f0/0x5f0 [ 42.396017] ? selinux_socket_sendmsg+0x36/0x40 [ 42.400668] ? security_socket_sendmsg+0x89/0xb0 [ 42.405395] ? inet_recvmsg+0x5f0/0x5f0 [ 42.409342] sock_sendmsg+0xca/0x110 [ 42.413030] SYSC_sendto+0x358/0x5a0 [ 42.416719] ? SYSC_connect+0x480/0x480 [ 42.420665] ? __handle_mm_fault+0x39c0/0x39c0 [ 42.425226] ? up_read+0x1a/0x40 [ 42.428567] ? __do_page_fault+0x35b/0xb60 [ 42.432787] ? __do_page_fault+0xb60/0xb60 [ 42.436998] ? SyS_setsockopt+0x215/0x360 [ 42.441126] ? lockdep_sys_exit+0x47/0xf0 [ 42.445248] ? entry_SYSCALL_64_fastpath+0x5/0xbe [ 42.450066] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 42.455068] SyS_sendto+0x40/0x50 [ 42.458497] entry_SYSCALL_64_fastpath+0x1f/0xbe [ 42.463224] RIP: 0033:0x43fee9 [ 42.466385] RSP: 002b:00007fffd646d408 EFLAGS: 00000217 ORIG_RAX: 000000000000002c [ 42.474066] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fee9 [ 42.481308] RDX: 0000000000000000 RSI: 000000002010affe RDI: 0000000000000003 [ 42.488550] RBP: 0000000000000082 R08: 00000000202f9000 R09: 0000000000000010 [ 42.495791] R10: 000000002004487c R11: 0000000000000217 R12: 0000000000401850 [ 42.503043] R13: 00000000004018e0 R14: 0000000000000000 R15: 0000000000000000 [ 42.510315] [ 42.511914] The buggy address belongs to the page: [ 42.516815] page:ffffea000739efc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 42.524931] flags: 0x200000000000000() [ 42.528790] raw: 0200000000000000 0000000000000000 0000000000000000 00000000ffffffff [ 42.536640] raw: 0000000000000000 0000000100000001 0000000000000000 0000000000000000 [ 42.544486] page dumped because: kasan: bad access detected [ 42.550165] [ 42.551767] Memory state around the buggy address: [ 42.556665] ffff8801ce7bf980: 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2 f2 f2 f2 f2 [ 42.563993] ffff8801ce7bfa00: 00 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 [ 42.571321] >ffff8801ce7bfa80: 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 [ 42.578649] ^ [ 42.585890] ffff8801ce7bfb00: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2 [ 42.593218] ffff8801ce7bfb80: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 f1 f1 [ 42.600545] ================================================================== [ 42.607872] Disabling lock debugging due to kernel taint [ 42.613505] Kernel panic - not syncing: panic_on_warn set ... [ 42.613505] [ 42.620842] CPU: 1 PID: 2984 Comm: syzkaller090618 Tainted: G B 4.14.0-rc1+ #59 [ 42.629381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.638700] Call Trace: [ 42.641258] dump_stack+0x194/0x257 [ 42.644853] ? arch_local_irq_restore+0x53/0x53 [ 42.649492] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 42.654213] ? xfrm_state_find+0x3000/0x3190 [ 42.658589] panic+0x1e4/0x417 [ 42.661747] ? __warn+0x1d9/0x1d9 [ 42.665172] ? xfrm_state_find+0x305b/0x3190 [ 42.669545] kasan_end_report+0x50/0x50 [ 42.673484] kasan_report+0x137/0x340 [ 42.677253] __asan_report_load4_noabort+0x14/0x20 [ 42.682146] xfrm_state_find+0x305b/0x3190 [ 42.686346] ? unwind_get_return_address+0x61/0xa0 [ 42.691240] ? __save_stack_trace+0x61/0xd0 [ 42.695536] ? xfrm_state_afinfo_get_rcu+0x160/0x160 [ 42.700606] ? copy_trace+0x1d0/0x1d0 [ 42.704375] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 42.709528] ? check_noncircular+0x20/0x20 [ 42.713729] ? lock_downgrade+0x990/0x990 [ 42.717840] ? lock_pin_lock+0x370/0x370 [ 42.721869] ? find_held_lock+0x39/0x1d0 [ 42.725900] ? __lock_acquire+0x732/0x4620 [ 42.730100] ? find_held_lock+0x39/0x1d0 [ 42.734137] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 42.739294] ? depot_save_stack+0x1c2/0x490 [ 42.743586] ? do_raw_spin_trylock+0x190/0x190 [ 42.748136] ? check_noncircular+0x20/0x20 [ 42.752339] xfrm_tmpl_resolve+0x2fb/0xbd0 [ 42.756549] ? __xfrm_decode_session+0x100/0x100 [ 42.761273] ? lock_downgrade+0x990/0x990 [ 42.765385] ? inet_sendmsg+0x11f/0x5e0 [ 42.769326] ? sock_sendmsg+0xca/0x110 [ 42.773178] ? SYSC_sendto+0x358/0x5a0 [ 42.777033] ? check_noncircular+0x20/0x20 [ 42.781233] ? rt_add_uncached_list+0xa2/0x240 [ 42.785791] ? check_noncircular+0x20/0x20 [ 42.789989] ? unwind_next_frame.part.6+0x1ae/0xc70 [ 42.794973] xfrm_resolve_and_create_bundle+0x186/0x24b0 [ 42.800387] ? unwind_dump+0x4c0/0x4c0 [ 42.804241] ? SYSC_sendto+0x358/0x5a0 [ 42.808094] ? __local_bh_enable_ip+0x9d/0x160 [ 42.812647] ? xfrm_tmpl_resolve+0xbd0/0xbd0 [ 42.817022] ? lock_downgrade+0x990/0x990 [ 42.821137] ? dst_init+0x4d9/0x6a0 [ 42.824735] ? xfrm_selector_match+0xe00/0xe00 [ 42.829283] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 42.834440] ? __lock_acquire+0x20fd/0x4620 [ 42.838730] ? lock_release+0xd70/0xd70 [ 42.842671] ? refcount_inc_not_zero+0xfe/0x180 [ 42.847310] ? xfrm_selector_match+0x3b/0xe00 [ 42.851775] ? xfrm_sk_policy_lookup+0x2cf/0x3d0 [ 42.856498] ? xfrm_selector_match+0xe00/0xe00 [ 42.861046] ? check_noncircular+0x20/0x20 [ 42.865246] ? ip_route_output_key_hash_rcu+0x604/0x2c20 [ 42.870662] xfrm_lookup+0xf0a/0x2540 [ 42.874428] ? xfrm_lookup+0xf0a/0x2540 [ 42.878368] ? ip_route_input_noref+0x1e0/0x1e0 [ 42.883005] ? xfrm_policy_lookup_bytype.constprop.49+0x16f0/0x16f0 [ 42.889375] ? find_held_lock+0x39/0x1d0 [ 42.893406] ? lock_downgrade+0x990/0x990 [ 42.897519] ? check_noncircular+0x20/0x20 [ 42.901724] ? ip_route_output_key_hash+0x1a6/0x370 [ 42.906706] ? find_held_lock+0x39/0x1d0 [ 42.910735] ? lock_release+0xd70/0xd70 [ 42.914676] ? lock_downgrade+0x990/0x990 [ 42.918802] ? ip_route_output_key_hash+0x252/0x370 [ 42.923784] ? ip_route_output_key_hash_rcu+0x2c20/0x2c20 [ 42.929285] ? lock_release+0xd70/0xd70 [ 42.933229] xfrm_lookup_route+0x39/0x1a0 [ 42.937342] ip_route_output_flow+0x7c/0xa0 [ 42.941632] udp_sendmsg+0x19b8/0x2cd0 [ 42.945496] ? ip_reply_glue_bits+0xb0/0xb0 [ 42.949795] ? udp_lib_get_port+0x1c00/0x1c00 [ 42.954257] ? ip4_datagram_connect+0x50/0x50 [ 42.958720] ? do_raw_spin_trylock+0x190/0x190 [ 42.963267] ? lock_acquire+0x1d5/0x580 [ 42.967207] ? inet_autobind+0x1f/0x180 [ 42.971154] ? __local_bh_enable_ip+0x9d/0x160 [ 42.975705] ? release_sock+0x1d4/0x2a0 [ 42.979645] ? trace_hardirqs_on+0xd/0x10 [ 42.983760] ? release_sock+0x1d4/0x2a0