INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-8,10.128.0.47' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 49.593335] ================================================================== [ 49.594459] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x2453/0x2830 at addr ffff8801c803f8b0 [ 49.595698] Read of size 4 by task syzkaller549651/3249 [ 49.596408] page:ffffea0007200fc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 49.597507] flags: 0x8000000000000000() [ 49.598035] page dumped because: kasan: bad access detected [ 49.598845] CPU: 1 PID: 3249 Comm: syzkaller549651 Not tainted 4.9.58-g27155df #71 [ 49.599851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.601073] ffff8801c803eef8 ffffffff81d91149 ffffed0039007f16 0000000000000004 [ 49.602206] 0000000000000000 ffffed0039007f16 ffff8801c803f8b0 ffff8801c803ef80 [ 49.603365] ffffffff8153c583 0000000000000000 0000000000000002 ffffffff833d1e43 [ 49.604494] Call Trace: [ 49.604850] [] dump_stack+0xc1/0x128 [ 49.605561] [] kasan_report.part.1+0x4c3/0x500 [ 49.606392] [] ? xfrm_state_find+0x2453/0x2830 [ 49.607228] [] ? xfrm_state_find+0x25a/0x2830 [ 49.608095] [] __asan_report_load4_noabort+0x29/0x30 [ 49.608981] [] xfrm_state_find+0x2453/0x2830 [ 49.609779] [] ? xfrm_state_find+0x25a/0x2830 [ 49.610587] [] ? xfrm_unregister_mode+0x200/0x200 [ 49.611444] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 49.612383] [] ? update_stack_state.constprop.5+0xca/0x150 [ 49.613335] [] xfrm_tmpl_resolve+0x298/0xa90 [ 49.618629] [] ? __xfrm_decode_session+0x100/0x100 [ 49.625179] [] ? depot_save_stack+0x3b1/0x4a0 [ 49.631288] [] ? save_stack+0xa3/0xd0 [ 49.636704] [] ? save_stack_trace+0x16/0x20 [ 49.642640] [] ? save_stack+0x43/0xd0 [ 49.648055] [] ? kasan_kmalloc+0xad/0xe0 [ 49.653730] [] ? kasan_slab_alloc+0x12/0x20 [ 49.659668] [] ? kmem_cache_alloc+0xba/0x290 [ 49.665694] [] ? dst_alloc+0x11f/0x1a0 [ 49.671197] [] ? rt_dst_alloc+0x78/0x430 [ 49.676871] [] ? __ip_route_output_key_hash+0xa4e/0x23e0 [ 49.683934] [] ? ip_route_output_flow+0x29/0xa0 [ 49.690218] [] ? udp_sendmsg+0xe36/0x1c10 [ 49.695978] [] ? udpv6_sendmsg+0x588/0x2540 [ 49.701915] [] ? inet_sendmsg+0x2bc/0x4c0 [ 49.707678] [] xfrm_resolve_and_create_bundle+0xd7/0x1d90 [ 49.714829] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 49.721806] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 49.728784] [] ? xfrm_tmpl_resolve+0xa90/0xa90 [ 49.734981] [] ? xfrm_selector_match+0xe40/0xe40 [ 49.741350] [] ? xfrm_sk_policy_lookup+0x200/0x370 [ 49.747893] [] ? xfrm_sk_policy_lookup+0x227/0x370 [ 49.754437] [] ? xfrm_selector_match+0xe40/0xe40 [ 49.760807] [] ? xfrm_expand_policies+0x25b/0x5b0 [ 49.767267] [] xfrm_lookup+0x984/0xbf0 [ 49.772772] [] ? xfrm_bundle_lookup+0x11b0/0x11b0 [ 49.779460] [] ? rt_set_nexthop.constprop.54+0x500/0xf90 [ 49.786530] [] ? __ip_route_output_key_hash+0x7e5/0x23e0 [ 49.793595] [] ? __ip_route_output_key_hash+0x80c/0x23e0 [ 49.800661] [] ? __ip_route_output_key_hash+0x16a/0x23e0 [ 49.807732] [] ? save_stack_trace+0x16/0x20 [ 49.813672] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 49.819878] [] xfrm_lookup_route+0x39/0x1a0 [ 49.825822] [] ip_route_output_flow+0x7f/0xa0 [ 49.831936] [] udp_sendmsg+0xe36/0x1c10 [ 49.837529] [] ? udp_sendmsg+0x1232/0x1c10 [ 49.843385] [] ? kasan_unpoison_shadow+0x35/0x50 [ 49.849764] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 49.855875] [] ? udp_lib_get_port+0x18a0/0x18a0 [ 49.862164] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 49.869142] [] ? sock_i_uid+0x20/0xb0 [ 49.874557] [] ? sock_i_uid+0x8d/0xb0 [ 49.879974] [] udpv6_sendmsg+0x588/0x2540 [ 49.885740] [] ? trace_hardirqs_on+0xd/0x10 [ 49.891681] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 49.897967] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 49.904162] [] ? udp_lib_get_port+0x685/0x18a0 [ 49.910356] [] ? udp_v6_rehash+0xa0/0xa0 [ 49.916032] [] ? udp_seq_next+0x80/0x80 [ 49.921622] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 49.928602] [] ? sock_has_perm+0x1c2/0x3e0 [ 49.934451] [] ? ip6_datagram_release_cb+0x87/0x470 [ 49.941079] [] ? release_sock+0x20/0x1c0 [ 49.946754] [] ? ip6_datagram_release_cb+0x2b1/0x470 [ 49.953470] [] ? release_sock+0x14c/0x1c0 [ 49.959232] [] ? trace_hardirqs_on+0xd/0x10 [ 49.965168] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 49.971451] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 49.977647] [] ? release_sock+0x14c/0x1c0 [ 49.983410] [] inet_sendmsg+0x2bc/0x4c0 [ 49.988997] [] ? inet_sendmsg+0x73/0x4c0 [ 49.994675] [] ? inet_recvmsg+0x4c0/0x4c0 [ 50.000437] [] sock_sendmsg+0xca/0x110 [ 50.005939] [] SYSC_sendto+0x2c8/0x340 [ 50.011439] [] ? SYSC_connect+0x310/0x310 [ 50.017205] [] ? __pmd_alloc+0x410/0x410 [ 50.022883] [] ? selinux_netlbl_sock_rcv_skb+0x470/0x470 [ 50.029948] [] ? __do_page_fault+0x61a/0xd70 [ 50.035970] [] ? up_read+0x1a/0x40 [ 50.041123] [] ? __do_page_fault+0x3c6/0xd70 [ 50.047146] [] ? SyS_setsockopt+0x17f/0x250 [ 50.053082] [] ? mm_fault_error+0x2c0/0x2c0 [ 50.059016] [] SyS_sendto+0x40/0x50 [ 50.064259] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 50.070801] Memory state around the buggy address: [ 50.075694] ffff8801c803f780: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 [ 50.083016] ffff8801c803f800: f2 f2 f2 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 [ 50.090336] >ffff8801c803f880: 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00 [ 50.097656] ^ [ 50.102550] ffff8801c803f900: 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00 00 00 [ 50.109875] ffff8801c803f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.117196] ================================================================== [ 50.124881] ================================================================== [ 50.132221] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0xc9b/0x2830 at addr ffff8801c803f8b0 [ 50.141455] Read of size 4 by task syzkaller549651/3249 [ 50.146785] page:ffffea0007200fc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 50.155003] flags: 0x8000000000000000() [ 50.158938] page dumped because: kasan: bad access detected [ 50.164619] CPU: 1 PID: 3249 Comm: syzkaller549651 Tainted: G B 4.9.58-g27155df #71 [ 50.173504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.182824] ffff8801c803eef8 ffffffff81d91149 ffffed0039007f16 0000000000000004 [ 50.190769] 0000000000000000 ffffed0039007f16 ffff8801c803f8b0 ffff8801c803ef80 [ 50.198718] ffffffff8153c583 0000000000000010 0000000000000000 ffffffff833d068b [ 50.206676] Call Trace: [ 50.209232] [] dump_stack+0xc1/0x128 [ 50.214564] [] kasan_report.part.1+0x4c3/0x500 [ 50.220762] [] ? xfrm_state_find+0xc9b/0x2830 [ 50.226874] [] __asan_report_load4_noabort+0x29/0x30 [ 50.233590] [] xfrm_state_find+0xc9b/0x2830 [ 50.239526] [] ? xfrm_state_find+0x25a/0x2830 [ 50.245638] [] ? xfrm_unregister_mode+0x200/0x200 [ 50.252095] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 50.259072] [] ? update_stack_state.constprop.5+0xca/0x150 [ 50.266313] [] xfrm_tmpl_resolve+0x298/0xa90 [ 50.272333] [] ? __xfrm_decode_session+0x100/0x100 [ 50.278877] [] ? depot_save_stack+0x3b1/0x4a0 [ 50.284985] [] ? save_stack+0xa3/0xd0 [ 50.290398] [] ? save_stack_trace+0x16/0x20 [ 50.296330] [] ? save_stack+0x43/0xd0 [ 50.301742] [] ? kasan_kmalloc+0xad/0xe0 [ 50.307416] [] ? kasan_slab_alloc+0x12/0x20 [ 50.313351] [] ? kmem_cache_alloc+0xba/0x290 [ 50.319376] [] ? dst_alloc+0x11f/0x1a0 [ 50.324881] [] ? rt_dst_alloc+0x78/0x430 [ 50.330555] [] ? __ip_route_output_key_hash+0xa4e/0x23e0 [ 50.337619] [] ? ip_route_output_flow+0x29/0xa0 [ 50.343906] [] ? udp_sendmsg+0xe36/0x1c10 [ 50.349674] [] ? udpv6_sendmsg+0x588/0x2540 [ 50.355614] [] ? inet_sendmsg+0x2bc/0x4c0 [ 50.361376] [] xfrm_resolve_and_create_bundle+0xd7/0x1d90 [ 50.368530] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 50.375510] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 50.382488] [] ? xfrm_tmpl_resolve+0xa90/0xa90 [ 50.388683] [] ? xfrm_selector_match+0xe40/0xe40 [ 50.395055] [] ? xfrm_sk_policy_lookup+0x200/0x370 [ 50.401600] [] ? xfrm_sk_policy_lookup+0x227/0x370 [ 50.408148] [] ? xfrm_selector_match+0xe40/0xe40 [ 50.414520] [] ? xfrm_expand_policies+0x25b/0x5b0 [ 50.420978] [] xfrm_lookup+0x984/0xbf0 [ 50.426480] [] ? xfrm_bundle_lookup+0x11b0/0x11b0 [ 50.432936] [] ? rt_set_nexthop.constprop.54+0x500/0xf90 [ 50.440001] [] ? __ip_route_output_key_hash+0x7e5/0x23e0 [ 50.447063] [] ? __ip_route_output_key_hash+0x80c/0x23e0 [ 50.454125] [] ? __ip_route_output_key_hash+0x16a/0x23e0 [ 50.461188] [] ? save_stack_trace+0x16/0x20 [ 50.467124] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 50.473320] [] xfrm_lookup_route+0x39/0x1a0 [ 50.479254] [] ip_route_output_flow+0x7f/0xa0 [ 50.485365] [] udp_sendmsg+0xe36/0x1c10 [ 50.490953] [] ? udp_sendmsg+0x1232/0x1c10 [ 50.496801] [] ? kasan_unpoison_shadow+0x35/0x50 [ 50.503172] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 50.509279] [] ? udp_lib_get_port+0x18a0/0x18a0 [ 50.515561] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 50.522540] [] ? sock_i_uid+0x20/0xb0 [ 50.527955] [] ? sock_i_uid+0x8d/0xb0 [ 50.533369] [] udpv6_sendmsg+0x588/0x2540 [ 50.539131] [] ? trace_hardirqs_on+0xd/0x10 [ 50.545068] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 50.551353] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 50.557551] [] ? udp_lib_get_port+0x685/0x18a0 [ 50.563745] [] ? udp_v6_rehash+0xa0/0xa0 [ 50.569418] [] ? udp_seq_next+0x80/0x80 [ 50.575005] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 50.581980] [] ? sock_has_perm+0x1c2/0x3e0 [ 50.587829] [] ? ip6_datagram_release_cb+0x87/0x470