syzbot

random: crng init done
==================================================================
BUG: KASAN: stack-out-of-bounds in memcmp+0x126/0x160 lib/string.c:768
Read of size 1 at addr ffff8801cf717ab0 by task syz-executor100/2048

CPU: 0 PID: 2048 Comm: syz-executor100 Not tainted 4.9.129+ #45
 ffff8801cf717388 ffffffff81b36939 ffffea00073dc5c0 ffff8801cf717ab0
 0000000000000000 ffff8801cf717ab0 ffff8801cf717a98 ffff8801cf7173c0
 ffffffff8150072d ffff8801cf717ab0 0000000000000001 0000000000000000
Call Trace:
 [<ffffffff81b36939>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81b36939>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff8150072d>] print_address_description+0x6c/0x234 mm/kasan/report.c:256
 [<ffffffff81500b37>] kasan_report_error mm/kasan/report.c:355 [inline]
 [<ffffffff81500b37>] kasan_report.cold.6+0x242/0x2fe mm/kasan/report.c:412
 [<ffffffff814f2ce4>] __asan_report_load1_noabort+0x14/0x20 mm/kasan/report.c:430
 [<ffffffff81b53436>] memcmp+0x126/0x160 lib/string.c:768
 [<ffffffff8262bcd0>] addr_match include/net/xfrm.h:833 [inline]
 [<ffffffff8262bcd0>] __xfrm6_selector_match net/xfrm/xfrm_policy.c:87 [inline]
 [<ffffffff8262bcd0>] xfrm_selector_match+0x6a0/0xe40 net/xfrm/xfrm_policy.c:101
 [<ffffffff8262c5b3>] xfrm_sk_policy_lookup+0x143/0x3c0 net/xfrm/xfrm_policy.c:1268
 [<ffffffff8262c9ed>] xfrm_lookup+0x1bd/0xb70 net/xfrm/xfrm_policy.c:2220
 [<ffffffff8262e239>] xfrm_lookup_route+0x39/0x140 net/xfrm/xfrm_policy.c:2354
 [<ffffffff8267f22b>] ip6_dst_lookup_flow+0x17b/0x210 net/ipv6/ip6_output.c:1098
 [<ffffffff826fc135>] rawv6_sendmsg+0x9b5/0x2810 net/ipv6/raw.c:900
 [<ffffffff82582973>] inet_sendmsg+0x203/0x4d0 net/ipv4/af_inet.c:770
 [<ffffffff8228d3ab>] sock_sendmsg_nosec net/socket.c:648 [inline]
 [<ffffffff8228d3ab>] sock_sendmsg+0xbb/0x110 net/socket.c:658
 [<ffffffff8228d623>] sock_write_iter+0x223/0x3b0 net/socket.c:856
 [<ffffffff815080b7>] new_sync_write fs/read_write.c:496 [inline]
 [<ffffffff815080b7>] __vfs_write+0x3d7/0x580 fs/read_write.c:509
 [<ffffffff8150a907>] vfs_write+0x187/0x520 fs/read_write.c:557
 [<ffffffff8150e739>] SYSC_write fs/read_write.c:604 [inline]
 [<ffffffff8150e739>] SyS_write+0xd9/0x1c0 fs/read_write.c:596
 [<ffffffff810056ef>] do_syscall_64+0x19f/0x550 arch/x86/entry/common.c:285
 [<ffffffff82802d13>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb

The buggy address belongs to the page:
page:ffffea00073dc5c0 count:0 mapcount:0 mapping:          (null) index:0x0
flags: 0x4000000000000000()
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff8801cf717980: 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 00 f2 f2
 ffff8801cf717a00: f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00
>ffff8801cf717a80: 00 00 00 00 00 00 f2 f2 00 00 00 00 00 00 00 00
                                     ^
 ffff8801cf717b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8801cf717b80: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00
==================================================================