serialport: Connected to syzkaller.us-central1-c.ci-android-49-kasan-gce-8 port 1 (session ID: 89d6a4bafe33b692fba339942a9d2a33d506c5913e51f70c48ac46eccfcac698, active connections: 1).
INIT: Entering runlevel: 2
[�[36minfo�[39;49m] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added 'ci-android-49-kasan-gce-8,10.128.0.34' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
executing program
syzkaller login: [ 33.149399] ==================================================================
[ 33.150619] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x2453/0x2830 at addr ffff8801db207580
[ 33.152042] Read of size 4 by task syzkaller976512/3276
[ 33.152780] page:ffffea00076c81c0 count:1 mapcount:0 mapping: (null) index:0x0
[ 33.153877] flags: 0x8000000000000400(reserved)
[ 33.154584] page dumped because: kasan: bad access detected
[ 33.155366] CPU: 0 PID: 3276 Comm: syzkaller976512 Not tainted 4.9.40-g7b2727c #16
[ 33.156376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 33.157609] ffff8801db206c68 ffffffff81d8f109 ffffed003b640eb0 0000000000000004
[ 33.158787] 0000000000000000 ffffed003b640eb0 ffff8801db207580 ffff8801db206cf0
[ 33.159963] ffffffff81539883 0000000000000000 0000000000000002 ffffffff833ca953
[ 33.161126] Call Trace:
[ 33.161478] <IRQ> [ 33.161771] [<ffffffff81d8f109>] dump_stack+0xc1/0x128
[ 33.162525] [<ffffffff81539883>] kasan_report.part.1+0x4c3/0x500
[ 33.163486] [<ffffffff833ca953>] ? xfrm_state_find+0x2453/0x2830
[ 33.164425] [<ffffffff833c875a>] ? xfrm_state_find+0x25a/0x2830
[ 33.165242] [<ffffffff81539949>] __asan_report_load4_noabort+0x29/0x30
[ 33.166146] [<ffffffff833ca953>] xfrm_state_find+0x2453/0x2830
[ 33.166979] [<ffffffff833c875a>] ? xfrm_state_find+0x25a/0x2830
[ 33.167792] [<ffffffff8105aad7>] ? get_stack_info+0x37/0x130
[ 33.168648] [<ffffffff833c8500>] ? xfrm_unregister_mode+0x200/0x200
[ 33.170328] [<ffffffff810d6d56>] ? unwind_next_frame+0x86/0xe0
[ 33.176355] [<ffffffff81238c20>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 33.183341] [<ffffffff8107c4ad>] ? __save_stack_trace+0x7d/0xf0
[ 33.189557] [<ffffffff81e3e172>] ? depot_save_stack+0x122/0x4a0
[ 33.196025] [<ffffffff82edf69c>] ? kfree_skbmem+0x7c/0xf0
[ 33.201613] [<ffffffff81538663>] ? save_stack+0xa3/0xd0
[ 33.207027] [<ffffffff833afd28>] xfrm_tmpl_resolve+0x298/0xa90
[ 33.213053] [<ffffffff833afa90>] ? xfrm_policy_get_afinfo+0x1e0/0x1e0
[ 33.219698] [<ffffffff81e3e401>] ? depot_save_stack+0x3b1/0x4a0
[ 33.225809] [<ffffffff81538663>] ? save_stack+0xa3/0xd0
[ 33.231226] [<ffffffff8107c536>] ? save_stack_trace+0x16/0x20
[ 33.237159] [<ffffffff81538603>] ? save_stack+0x43/0xd0
[ 33.242574] [<ffffffff8153888d>] ? kasan_kmalloc+0xad/0xe0
[ 33.248262] [<ffffffff81538e62>] ? kasan_slab_alloc+0x12/0x20
[ 33.254203] [<ffffffff8153466a>] ? kmem_cache_alloc+0xba/0x290
[ 33.260233] [<ffffffff82f4f66f>] ? dst_alloc+0x11f/0x1a0
[ 33.265821] [<ffffffff831c6578>] ? rt_dst_alloc+0x78/0x430
[ 33.271507] [<ffffffff831cf8fe>] ? __ip_route_output_key_hash+0xa4e/0x23e0
[ 33.278573] [<ffffffff831d1d29>] ? ip_route_output_flow+0x29/0xa0
[ 33.284945] [<ffffffff8320f738>] ? inet_csk_route_req+0x5d8/0x9a0
[ 33.291227] [<ffffffff83284b83>] ? tcp_v4_send_synack+0x203/0x290
[ 33.297509] [<ffffffff83258881>] ? tcp_rtx_synack+0x121/0x1a0
[ 33.303544] [<ffffffff833b06f7>] xfrm_resolve_and_create_bundle+0xd7/0x1d50
[ 33.310693] [<ffffffff82f2e5bb>] ? __netif_receive_skb+0x5b/0x1c0
[ 33.317782] [<ffffffff82f2e8f4>] ? process_backlog+0x1d4/0x690
[ 33.323979] [<ffffffff82f349e6>] ? net_rx_action+0x396/0xe00
[ 33.329829] [<ffffffff838a555d>] ? __do_softirq+0x22d/0x964
[ 33.335595] [<ffffffff838a36ec>] ? do_softirq_own_stack+0x1c/0x30
[ 33.341877] [<ffffffff81145e99>] ? do_softirq.part.16+0x99/0xb0
[ 33.347987] [<ffffffff81147688>] ? do_softirq+0x18/0x20
[ 33.353401] [<ffffffff82f31f00>] ? netif_rx_ni+0x140/0x320
[ 33.359079] [<ffffffff8270a855>] ? tun_get_user+0xac5/0x2080
[ 33.364929] [<ffffffff8270c025>] ? tun_chr_write_iter+0xd5/0x190
[ 33.371126] [<ffffffff8156eda9>] ? SyS_write+0xd9/0x1b0
[ 33.376545] [<ffffffff82edf6f7>] ? kfree_skbmem+0xd7/0xf0
[ 33.382139] [<ffffffff833b0620>] ? __xfrm_decode_session+0x100/0x100
[ 33.388684] [<ffffffff833b31b0>] ? xfrm_selector_match+0xe40/0xe40
[ 33.395055] [<ffffffff833b33c8>] ? xfrm_sk_policy_lookup+0x218/0x390
[ 33.401602] [<ffffffff833b33ef>] ? xfrm_sk_policy_lookup+0x23f/0x390
[ 33.408142] [<ffffffff833b31b0>] ? xfrm_selector_match+0xe40/0xe40
[ 33.414518] [<ffffffff833b410b>] ? xfrm_expand_policies+0x25b/0x5b0
[ 33.420980] [<ffffffff833b5f88>] xfrm_lookup+0x978/0xc00
[ 33.426484] [<ffffffff833b5610>] ? xfrm_bundle_lookup+0x11b0/0x11b0
[ 33.432941] [<ffffffff831c8b00>] ? rt_set_nexthop.constprop.53+0x500/0xf90
[ 33.440005] [<ffffffff831cf695>] ? __ip_route_output_key_hash+0x7e5/0x23e0
[ 33.447075] [<ffffffff831cf6bc>] ? __ip_route_output_key_hash+0x80c/0x23e0
[ 33.454144] [<ffffffff831cfb44>] ? __ip_route_output_key_hash+0xc94/0x23e0
[ 33.461292] [<ffffffff831ceeb0>] ? ip_rt_update_pmtu+0x8b0/0x8b0
[ 33.467485] [<ffffffff833b7109>] xfrm_lookup_route+0x39/0x1a0
[ 33.473441] [<ffffffff831d1d7f>] ip_route_output_flow+0x7f/0xa0
[ 33.479808] [<ffffffff8320f738>] inet_csk_route_req+0x5d8/0x9a0
[ 33.485919] [<ffffffff83284b83>] tcp_v4_send_synack+0x203/0x290
[ 33.492032] [<ffffffff81145f1a>] ? __local_bh_enable_ip+0x6a/0xd0
[ 33.498324] [<ffffffff83284980>] ? tcp_v4_send_check+0x90/0x90
[ 33.504349] [<ffffffff81dc4523>] ? prandom_u32_state+0x13/0x180
[ 33.510464] [<ffffffff83258881>] tcp_rtx_synack+0x121/0x1a0
[ 33.516224] [<ffffffff83258760>] ? tcp_rtx_synack.part.33+0x1d0/0x1d0
[ 33.522867] [<ffffffff81238c20>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 33.529847] [<ffffffff83184b2e>] ? ip_vs_in.part.29.constprop.37+0x12e/0x1b40
[ 33.537171] [<ffffffff8337861d>] ? ipt_do_table+0xc0d/0x16d0
[ 33.543017] [<ffffffff812385fd>] ? trace_hardirqs_on+0xd/0x10
[ 33.548958] [<ffffffff81145f1a>] ? __local_bh_enable_ip+0x6a/0xd0
[ 33.555246] [<ffffffff8320d024>] inet_rtx_syn_ack+0x64/0xd0
[ 33.561007] [<ffffffff8328b1f6>] tcp_check_req+0x926/0x11e0
[ 33.566773] [<ffffffff8328a8d0>] ? tcp_timewait_state_process+0xeb0/0xeb0
[ 33.573752] [<ffffffff8327b355>] ? tcp_v4_inbound_md5_hash+0x155/0x510
[ 33.580468] [<ffffffff81238c20>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 33.587443] [<ffffffff81df620b>] ? check_preemption_disabled+0x3b/0x200
[ 33.594243] [<ffffffff8328688e>] tcp_v4_rcv+0x14de/0x29c0
[ 33.599831] [<ffffffff832a6da3>] ? raw_local_deliver+0x1b3/0xaf0
[ 33.606027] [<ffffffff8335f3e4>] ? ipv4_confirm+0x2e4/0x3f0
[ 33.611792] [<ffffffff831df7b5>] ip_local_deliver_finish+0x285/0xa80
[ 33.618335] [<ffffffff831df659>] ? ip_local_deliver_finish+0x129/0xa80
[ 33.625051] [<ffffffff831e07fa>] ip_local_deliver+0x30a/0x4d0
[ 33.630986] [<ffffffff831e069b>] ? ip_local_deliver+0x1ab/0x4d0
[ 33.637093] [<ffffffff831e04f0>] ? ip_call_ra_chain+0x540/0x540
[ 33.643203] [<ffffffff831df530>] ? ip_rcv_finish+0x1900/0x1900
[ 33.649224] [<ffffffff83284c5f>] ? tcp_v4_early_demux+0x4f/0x7a0
[ 33.655417] [<ffffffff831de34b>] ip_rcv_finish+0x71b/0x1900
[ 33.661178] [<ffffffff831e140a>] ? ip_rcv+0xa4a/0x1620
[ 33.666607] [<ffffffff831e1582>] ip_rcv+0xbc2/0x1620
[ 33.671758] [<ffffffff831e140a>] ? ip_rcv+0xa4a/0x1620
[ 33.677087] [<ffffffff831e09c0>] ? ip_local_deliver+0x4d0/0x4d0
[ 33.683193] [<ffffffff831ddc30>] ? inet_del_offload+0x40/0x40
[ 33.689127] [<ffffffff8107c536>] ? save_stack_trace+0x16/0x20
[ 33.695063] [<ffffffff81df620b>] ? check_preemption_disabled+0x3b/0x200
[ 33.701866] [<ffffffff81538ee3>] ? kasan_slab_free+0x73/0xc0
[ 33.707717] [<ffffffff831e09c0>] ? ip_local_deliver+0x4d0/0x4d0
[ 33.713832] [<ffffffff82f2c5b3>] __netif_receive_skb_core+0xa33/0x29e0
[ 33.720549] [<ffffffff81238c20>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 33.727533] [<ffffffff81238c20>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 33.734518] [<ffffffff84a62200>] ? copy_bootdata+0x42/0xb5
[ 33.740191] [<ffffffff82f2bb80>] ? netif_wake_subqueue+0x210/0x210
[ 33.746560] [<ffffffff84a623df>] ? x86_64_start_kernel+0x140/0x163
[ 33.752930] [<ffffffff81238c20>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[ 33.759909] [<ffffffff81205820>] ? find_busiest_group+0x1300/0x1300
[ 33.766366] [<ffffffff82f2e89c>] ? process_backlog+0x17c/0x690
[ 33.772395] [<ffffffff82f2e5bb>] __netif_receive_skb+0x5b/0x1c0
[ 33.778504] [<ffffffff82f2e8f4>] process_backlog+0x1d4/0x690
[ 33.784352] [<ffffffff82f2e89c>] ? process_backlog+0x17c/0x690
[ 33.790723] [<ffffffff81538ef9>] ? kasan_slab_free+0x89/0xc0
[ 33.796576] [<ffffffff82f349e6>] net_rx_action+0x396/0xe00
[ 33.802248] [<ffffffff82f34650>] ? sk_busy_loop+0xca0/0xca0
[ 33.808015] [<ffffffff81df620b>] ? check_preemption_disabled+0x3b/0x200
[ 33.814819] [<ffffffff81df620b>] ? check_preemption_disabled+0x3b/0x200
[ 33.821621] [<ffffffff811456a2>] ? __local_bh_enable+0x32/0x60
[ 33.827643] [<ffffffff838a555d>] __do_softirq+0x22d/0x964
[ 33.833232] [<ffffffff8128d015>] ? rcu_eqs_enter_common.constprop.77+0xe5/0x1c0
[ 33.840731] [<ffffffff838a36ec>] do_softirq_own_stack+0x1c/0x30
[ 33.846846] <EOI> [ 33.848874] [<ffffffff81145e99>] do_softirq.part.16+0x99/0xb0
[ 33.854827] [<ffffffff81147688>] do_softirq+0x18/0x20
[ 33.860066] [<ffffffff82f31f00>] netif_rx_ni+0x140/0x320
[ 33.865742] [<ffffffff8270a855>] tun_get_user+0xac5/0x2080
[ 33.871416] [<ffffffff82709d90>] ? tun_chr_ioctl+0x40/0x40
[ 33.877091] [<ffffffff82704960>] ? tun_net_uninit+0x20/0x20
[ 33.882851] [<ffffffff82704a8a>] ? __tun_get+0x12a/0x230
[ 33.888358] [<ffffffff8270c025>] tun_chr_write_iter+0xd5/0x190
[ 33.894381] [<ffffffff8156763f>] __vfs_write+0x4bf/0x680
[ 33.899895] [<ffffffff81567180>] ? default_llseek+0x290/0x290
[ 33.905834] [<ffffffff81bd6d19>] ? avc_policy_seqno+0x9/0x20
[ 33.911681] [<ffffffff81be76b2>] ? selinux_file_permission+0x82/0x460
[ 33.918312] [<ffffffff8156ad45>] ? rw_verify_area+0xe5/0x2b0
[ 33.924161] [<ffffffff8156b3b0>] vfs_write+0x170/0x4e0
[ 33.929488] [<ffffffff8156eda9>] SyS_write+0xd9/0x1b0
[ 33.934731] [<ffffffff8156ecd0>] ? SyS_read+0x1b0/0x1b0
[ 33.940151] [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 33.946696] [<ffffffff838a26c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
[ 33.953237] Memory state around the buggy address:
[ 33.958128] ffff8801db207480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 33.965456] ffff8801db207500: 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00
[ 33.972778] >ffff8801db207580: f2 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[ 33.980096] ^
[ 33.983424] ffff8801db207600: 00 00 00 00 00 00 00 00 00 00 f2 f2 00 00 00 00
[ 33.990746] ffff8801db207680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 33.998073] ==================================================================
[ 34.005452] ==================================================================
[ 34.012787] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0xc9b/0x2830 at addr ffff8801db207580
[ 34.022022] Read of size 4 by task syzkaller976512/3276
[ 34.027351] page:ffffea00076c81c0 count:1 mapcount:0 mapping: (null) index:0x0
[ 34.035565] flags: 0x8000000000000400(reserved)
[ 34.040195] page dumped because: kasan: bad access detected
[ 34.045870] CPU: 0 PID: 3276 Comm: syzkaller976512 Tainted: G B 4.9.40-g7b2727c #16
[ 34.054757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 34.064166] ffff8801db206c68 ffffffff81d8f109 ffffed003b640eb0 0000000000000004
[ 34.072109] 0000000000000000 ffffed003b640eb0 ffff8801db207580 ffff8801db206cf0
[ 34.080050] ffffffff81539883 0000000000000010 0000000000000000 ffffffff833c919b
[ 34.088021] Call Trace:
[ 34.090568] <IRQ> [ 34.092613] [<ffffffff81d8f109>] dump_stack+0xc1/0x128
[ 34.097967] [<ffffffff81539883>] kasan_report.part.1+0x4c3/0x500
[ 34.104163] [<ffffffff833c919b>] ? xfrm_state_find+0xc9b/0x2830
[ 34.110274] [<ffffffff81539949>] __asan_report_load4_noabort+0x29/0x30
[ 34.116993] [<ffffffff833c919b>] xfrm_state_find+0xc9b/0x2830
[ 34.123016] [<ffffffff833c875a>] ? xfrm_state_find+0x25a/0x2830
[ 34.129130] [<ffffffff8105aad7>] ? get_stack_info+0x37/0x130
[ 34.134979] [<ffffffff833c8500>] ? xfrm_unregister_mode+0x200/0x200
[ 34.141435] [<ffffffff810d6d56>] ? unwind_next_frame+0x86/0xe0