INIT: Entering runlevel: 2 [[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-5,10.128.0.2' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.596135] ================================================================== [ 33.597302] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x2453/0x2830 at addr ffff8801d561f8b0 [ 33.598533] Read of size 4 by task syzkaller238687/3239 [ 33.599242] page:ffffea00075587c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 33.600345] flags: 0x8000000000000000() [ 33.600900] page dumped because: kasan: bad access detected [ 33.601655] CPU: 1 PID: 3239 Comm: syzkaller238687 Not tainted 4.9.57-g9eaaf14 #69 [ 33.602663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 33.603894] ffff8801d561eef8 ffffffff81d91689 ffffed003aac3f16 0000000000000004 [ 33.605027] 0000000000000000 ffffed003aac3f16 ffff8801d561f8b0 ffff8801d561ef80 [ 33.606159] ffffffff8153cb03 0000000000000000 0000000000000002 ffffffff833d1e43 [ 33.607305] Call Trace: [ 33.607662] [] dump_stack+0xc1/0x128 [ 33.608375] [] kasan_report.part.1+0x4c3/0x500 [ 33.609218] [] ? xfrm_state_find+0x2453/0x2830 [ 33.610067] [] ? xfrm_state_find+0x25a/0x2830 [ 33.610878] [] __asan_report_load4_noabort+0x29/0x30 [ 33.611765] [] xfrm_state_find+0x2453/0x2830 [ 33.612618] [] ? xfrm_state_find+0x25a/0x2830 [ 33.613447] [] ? xfrm_unregister_mode+0x200/0x200 [ 33.614325] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 33.615261] [] ? update_stack_state.constprop.5+0xca/0x150 [ 33.616215] [] xfrm_tmpl_resolve+0x298/0xa90 [ 33.622124] [] ? __xfrm_decode_session+0x100/0x100 [ 33.628670] [] ? depot_save_stack+0x3b1/0x4a0 [ 33.634782] [] ? save_stack+0xa3/0xd0 [ 33.640199] [] ? save_stack_trace+0x16/0x20 [ 33.646133] [] ? save_stack+0x43/0xd0 [ 33.651551] [] ? kasan_kmalloc+0xad/0xe0 [ 33.657224] [] ? kasan_slab_alloc+0x12/0x20 [ 33.663160] [] ? kmem_cache_alloc+0xba/0x290 [ 33.669185] [] ? dst_alloc+0x11f/0x1a0 [ 33.674690] [] ? rt_dst_alloc+0x78/0x430 [ 33.680367] [] ? __ip_route_output_key_hash+0xa4e/0x23e0 [ 33.687431] [] ? ip_route_output_flow+0x29/0xa0 [ 33.693716] [] ? udp_sendmsg+0xe36/0x1c10 [ 33.699478] [] ? udpv6_sendmsg+0x588/0x2540 [ 33.705418] [] ? inet_sendmsg+0x2bc/0x4c0 [ 33.711180] [] xfrm_resolve_and_create_bundle+0xd7/0x1d90 [ 33.718333] [] ? unwind_next_frame+0x86/0xe0 [ 33.724363] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 33.731340] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 33.738318] [] ? xfrm_tmpl_resolve+0xa90/0xa90 [ 33.744517] [] ? xfrm_selector_match+0xe40/0xe40 [ 33.750887] [] ? xfrm_sk_policy_lookup+0x200/0x370 [ 33.757435] [] ? xfrm_sk_policy_lookup+0x227/0x370 [ 33.763979] [] ? xfrm_selector_match+0xe40/0xe40 [ 33.770348] [] ? xfrm_expand_policies+0x25b/0x5b0 [ 33.776807] [] xfrm_lookup+0x984/0xbf0 [ 33.782313] [] ? xfrm_bundle_lookup+0x11b0/0x11b0 [ 33.788772] [] ? rt_set_nexthop.constprop.54+0x500/0xf90 [ 33.795853] [] ? __ip_route_output_key_hash+0x7e5/0x23e0 [ 33.802931] [] ? __ip_route_output_key_hash+0x80c/0x23e0 [ 33.809996] [] ? __ip_route_output_key_hash+0x16a/0x23e0 [ 33.817064] [] ? save_stack_trace+0x16/0x20 [ 33.823001] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 33.829200] [] xfrm_lookup_route+0x39/0x1a0 [ 33.835137] [] ip_route_output_flow+0x7f/0xa0 [ 33.841249] [] udp_sendmsg+0xe36/0x1c10 [ 33.846840] [] ? udp_sendmsg+0x1232/0x1c10 [ 33.852691] [] ? kasan_unpoison_shadow+0x35/0x50 [ 33.859066] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 33.865178] [] ? udp_lib_get_port+0x18a0/0x18a0 [ 33.871464] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 33.878444] [] ? xfrm_user_policy+0x10e/0x390 [ 33.884557] [] ? update_stack_state.constprop.5+0xca/0x150 [ 33.891799] [] ? sock_i_uid+0x20/0xb0 [ 33.897214] [] ? sock_i_uid+0x8d/0xb0 [ 33.902631] [] udpv6_sendmsg+0x588/0x2540 [ 33.908395] [] ? trace_hardirqs_on+0xd/0x10 [ 33.914333] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 33.920617] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 33.926815] [] ? udp_lib_get_port+0x685/0x18a0 [ 33.933012] [] ? udp_v6_rehash+0xa0/0xa0 [ 33.938687] [] ? udp_seq_next+0x80/0x80 [ 33.944274] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 33.951255] [] ? sock_has_perm+0x1c2/0x3e0 [ 33.957109] [] ? ip6_datagram_release_cb+0x87/0x470 [ 33.963743] [] ? release_sock+0x20/0x1c0 [ 33.969418] [] ? ip6_datagram_release_cb+0x2b1/0x470 [ 33.976136] [] ? release_sock+0x14c/0x1c0 [ 33.981913] [] ? trace_hardirqs_on+0xd/0x10 [ 33.987849] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 33.994136] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 34.000331] [] ? release_sock+0x14c/0x1c0 [ 34.006097] [] inet_sendmsg+0x2bc/0x4c0 [ 34.011688] [] ? inet_sendmsg+0x73/0x4c0 [ 34.017363] [] ? inet_recvmsg+0x4c0/0x4c0 [ 34.023126] [] sock_sendmsg+0xca/0x110 [ 34.028628] [] SYSC_sendto+0x2c8/0x340 [ 34.034133] [] ? SYSC_connect+0x310/0x310 [ 34.039898] [] ? __pmd_alloc+0x410/0x410 [ 34.045577] [] ? selinux_netlbl_sock_rcv_skb+0x470/0x470 [ 34.052643] [] ? __do_page_fault+0x61a/0xd70 [ 34.058666] [] ? __do_page_fault+0x3c6/0xd70 [ 34.064691] [] ? SyS_setsockopt+0x17f/0x250 [ 34.070625] [] ? mm_fault_error+0x2c0/0x2c0 [ 34.076563] [] SyS_sendto+0x40/0x50 [ 34.081806] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 34.088367] Memory state around the buggy address: [ 34.093264] ffff8801d561f780: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 [ 34.100590] ffff8801d561f800: f2 f2 f2 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 [ 34.107916] >ffff8801d561f880: 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00 [ 34.115238] ^ [ 34.120131] ffff8801d561f900: 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00 00 00 [ 34.127458] ffff8801d561f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.134781] ================================================================== [ 34.142221] ================================================================== [ 34.149559] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0xc9b/0x2830 at addr ffff8801d561f8b0 [ 34.158796] Read of size 4 by task syzkaller238687/3239 [ 34.166040] page:ffffea00075587c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 34.174258] flags: 0x8000000000000000() [ 34.178197] page dumped because: kasan: bad access detected [ 34.183875] CPU: 1 PID: 3239 Comm: syzkaller238687 Tainted: G B 4.9.57-g9eaaf14 #69 [ 34.192760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.202082] ffff8801d561eef8 ffffffff81d91689 ffffed003aac3f16 0000000000000004 [ 34.210031] 0000000000000000 ffffed003aac3f16 ffff8801d561f8b0 ffff8801d561ef80 [ 34.217978] ffffffff8153cb03 0000000000000010 0000000000000000 ffffffff833d068b [ 34.225932] Call Trace: [ 34.228486] [] dump_stack+0xc1/0x128 [ 34.233819] [] kasan_report.part.1+0x4c3/0x500 [ 34.240016] [] ? xfrm_state_find+0xc9b/0x2830 [ 34.246126] [] __asan_report_load4_noabort+0x29/0x30 [ 34.252843] [] xfrm_state_find+0xc9b/0x2830 [ 34.258777] [] ? xfrm_state_find+0x25a/0x2830 [ 34.264888] [] ? xfrm_unregister_mode+0x200/0x200 [ 34.271348] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 34.278329] [] ? update_stack_state.constprop.5+0xca/0x150 [ 34.285569] [] xfrm_tmpl_resolve+0x298/0xa90 [ 34.291680] [] ? __xfrm_decode_session+0x100/0x100 [ 34.298224] [] ? depot_save_stack+0x3b1/0x4a0 [ 34.304335] [] ? save_stack+0xa3/0xd0 [ 34.309836] [] ? save_stack_trace+0x16/0x20 [ 34.315773] [] ? save_stack+0x43/0xd0 [ 34.321187] [] ? kasan_kmalloc+0xad/0xe0 [ 34.326862] [] ? kasan_slab_alloc+0x12/0x20 [ 34.332796] [] ? kmem_cache_alloc+0xba/0x290 [ 34.338818] [] ? dst_alloc+0x11f/0x1a0 [ 34.344325] [] ? rt_dst_alloc+0x78/0x430 [ 34.349999] [] ? __ip_route_output_key_hash+0xa4e/0x23e0 [ 34.357065] [] ? ip_route_output_flow+0x29/0xa0 [ 34.363349] [] ? udp_sendmsg+0xe36/0x1c10 [ 34.369110] [] ? udpv6_sendmsg+0x588/0x2540 [ 34.375048] [] ? inet_sendmsg+0x2bc/0x4c0 [ 34.380811] [] xfrm_resolve_and_create_bundle+0xd7/0x1d90 [ 34.387976] [] ? unwind_next_frame+0x86/0xe0 [ 34.394001] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 34.400979] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 34.407958] [] ? xfrm_tmpl_resolve+0xa90/0xa90 [ 34.414155] [] ? xfrm_selector_match+0xe40/0xe40 [ 34.420528] [] ? xfrm_sk_policy_lookup+0x200/0x370 [ 34.427082] [] ? xfrm_sk_policy_lookup+0x227/0x370 [ 34.433625] [] ? xfrm_selector_match+0xe40/0xe40 [ 34.439995] [] ? xfrm_expand_policies+0x25b/0x5b0 [ 34.446451] [] xfrm_lookup+0x984/0xbf0 [ 34.451952] [] ? xfrm_bundle_lookup+0x11b0/0x11b0 [ 34.458410] [] ? rt_set_nexthop.constprop.54+0x500/0xf90 [ 34.465481] [] ? __ip_route_output_key_hash+0x7e5/0x23e0 [ 34.472550] [] ? __ip_route_output_key_hash+0x80c/0x23e0 [ 34.479616] [] ? __ip_route_output_key_hash+0x16a/0x23e0 [ 34.486682] [] ? save_stack_trace+0x16/0x20 [ 34.492620] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 34.498816] [] xfrm_lookup_route+0x39/0x1a0 [ 34.504755] [] ip_route_output_flow+0x7f/0xa0 [ 34.510866] [] udp_sendmsg+0xe36/0x1c10 [ 34.516457] [] ? udp_sendmsg+0x1232/0x1c10 [ 34.522310] [] ? kasan_unpoison_shadow+0x35/0x50 [ 34.528681] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 34.534792] [] ? udp_lib_get_port+0x18a0/0x18a0 [ 34.541078] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 34.548060] [] ? xfrm_user_policy+0x10e/0x390 [ 34.554179] [] ? update_stack_state.constprop.5+0xca/0x150 [ 34.561420] [] ? sock_i_uid+0x20/0xb0 [ 34.566835] [] ? sock_i_uid+0x8d/0xb0 [ 34.572250] [] udpv6_sendmsg+0x588/0x2540 [ 34.578030] [] ? trace_hardirqs_on+0xd/0x10 [ 34.583968] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 34.590256] [] ? _raw_spin_unlock_bh+0x30/0x40