l2tp_ppp: sess 4/0: set debug=cf10464f l2tp_ppp: sess 4/0: set flags=0 ================================================================== BUG: KASAN: stack-out-of-bounds in __read_once_size include/linux/compiler.h:188 [inline] BUG: KASAN: stack-out-of-bounds in update_stack_state+0x5d9/0x670 arch/x86/kernel/unwind_frame.c:270 Read of size 8 at addr ffff88018cc87360 by task syz-executor2/4940 CPU: 0 PID: 4940 Comm: syz-executor2 Not tainted 4.17.0-rc5+ #84 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 __read_once_size include/linux/compiler.h:188 [inline] update_stack_state+0x5d9/0x670 arch/x86/kernel/unwind_frame.c:270 unwind_next_frame.part.7+0x1a9/0x9c0 arch/x86/kernel/unwind_frame.c:329 unwind_next_frame+0x3e/0x50 arch/x86/kernel/unwind_frame.c:287 __save_stack_trace+0x6e/0xd0 arch/x86/kernel/stacktrace.c:44 save_stack_trace+0x1a/0x20 arch/x86/kernel/stacktrace.c:60 save_trace+0xe0/0x290 kernel/locking/lockdep.c:404 check_prev_add kernel/locking/lockdep.c:1911 [inline] check_prevs_add kernel/locking/lockdep.c:1976 [inline] validate_chain kernel/locking/lockdep.c:2417 [inline] __lock_acquire+0x3ada/0x5140 kernel/locking/lockdep.c:3431 lock_acquire+0x1dc/0x520 kernel/locking/lockdep.c:3920 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144 vprintk_emit+0x189/0xdd0 kernel/printk/printk.c:1848 vprintk_default+0x28/0x30 kernel/printk/printk.c:1947 vprintk_func+0x7a/0xe7 kernel/printk/printk_safe.c:379 printk+0x9e/0xba kernel/printk/printk.c:1980 kasan_die_handler.cold.22+0x11/0x30 arch/x86/mm/kasan_init_64.c:253 notifier_call_chain+0x178/0x380 kernel/notifier.c:93 __atomic_notifier_call_chain kernel/notifier.c:183 [inline] atomic_notifier_call_chain+0x98/0x190 kernel/notifier.c:193 notify_die+0x1a3/0x2b0 kernel/notifier.c:549 do_general_protection+0x248/0x2f0 arch/x86/kernel/traps.c:558 general_protection+0x1e/0x30 arch/x86/entry/entry_64.S:1159 RIP: 0010:msr_write_intercepted arch/x86/kvm/vmx.c:2132 [inline] RIP: 0010:vmx_vcpu_run+0xa2f/0x25f0 arch/x86/kvm/vmx.c:9871 RSP: 0018:ffff88018cc87410 EFLAGS: 00010806 RAX: dffffc0000000000 RBX: 0000000010000000 RCX: ffffc90007503000 RDX: 1bffff8000000000 RSI: ffffffff811f779c RDI: 0000000000000005 RBP: ffff88018cc876c0 R08: ffff8801cb5f6240 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 The buggy address belongs to the page: page:ffffea00063321c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0x2fffc0000000000() raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff raw: 0000000000000000 ffff880190e70101 0000000000000000 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88018cc87200: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88018cc87280: 00 00 f1 f1 f1 f1 00 00 00 00 f3 f3 f3 f3 00 00 >ffff88018cc87300: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 ^ ffff88018cc87380: f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 ffff88018cc87400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================