INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-android-49-kasan-gce-5,10.128.15.239' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 30.148336] ================================================================== [ 30.149410] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x2453/0x2830 at addr ffff8801d8fb78b0 [ 30.150631] Read of size 4 by task syzkaller591653/3261 [ 30.151341] page:ffffea000763edc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 30.152437] flags: 0x8000000000000000() [ 30.152967] page dumped because: kasan: bad access detected [ 30.153721] CPU: 1 PID: 3261 Comm: syzkaller591653 Not tainted 4.9.67-gf26d3c7 #106 [ 30.154748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 30.155985] ffff8801d8fb6ef8 ffffffff81d906e9 ffffed003b1f6f16 0000000000000004 [ 30.157109] 0000000000000000 ffffed003b1f6f16 ffff8801d8fb78b0 ffff8801d8fb6f80 [ 30.158238] ffffffff8153a833 0000000000000000 0000000000000002 ffffffff833d0943 [ 30.159363] Call Trace: [ 30.159716] [] dump_stack+0xc1/0x128 [ 30.160428] [] kasan_report.part.1+0x4c3/0x500 [ 30.161251] [] ? xfrm_state_find+0x2453/0x2830 [ 30.162073] [] ? check_preemption_disabled+0x3b/0x200 [ 30.162972] [] ? xfrm_state_find+0x25a/0x2830 [ 30.163810] [] __asan_report_load4_noabort+0x29/0x30 [ 30.164708] [] xfrm_state_find+0x2453/0x2830 [ 30.165505] [] ? xfrm_state_find+0x25a/0x2830 [ 30.166316] [] ? xfrm_unregister_mode+0x200/0x200 [ 30.167183] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 30.168118] [] ? check_usage_forwards+0x310/0x310 [ 30.168972] [] xfrm_tmpl_resolve+0x298/0xa90 [ 30.174995] [] ? __xfrm_decode_session+0x100/0x100 [ 30.181537] [] ? __lock_acquire+0x629/0x3640 [ 30.187567] [] ? save_stack+0xa3/0xd0 [ 30.192992] [] xfrm_resolve_and_create_bundle+0xd7/0x1d90 [ 30.200142] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 30.207728] [] ? xfrm_tmpl_resolve+0xa90/0xa90 [ 30.213927] [] ? check_preemption_disabled+0x3b/0x200 [ 30.220732] [] ? xfrm_sk_policy_lookup+0x200/0x370 [ 30.227278] [] ? xfrm_sk_policy_lookup+0x227/0x370 [ 30.233823] [] ? xfrm_selector_match+0xe40/0xe40 [ 30.240190] [] ? xfrm_expand_policies+0x25b/0x5b0 [ 30.246645] [] xfrm_lookup+0x984/0xbf0 [ 30.252146] [] ? xfrm_bundle_lookup+0x11b0/0x11b0 [ 30.258602] [] ? __ip_route_output_key_hash+0x7e5/0x23e0 [ 30.265667] [] ? __ip_route_output_key_hash+0x80c/0x23e0 [ 30.272733] [] ? __ip_route_output_key_hash+0x16a/0x23e0 [ 30.279797] [] ? save_stack_trace+0x16/0x20 [ 30.285733] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 30.291931] [] xfrm_lookup_route+0x39/0x1a0 [ 30.297866] [] ip_route_output_flow+0x7f/0xa0 [ 30.303989] [] udp_sendmsg+0xe36/0x1c10 [ 30.309576] [] ? udp_sendmsg+0x1232/0x1c10 [ 30.315423] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 30.321530] [] ? udp_lib_get_port+0x1830/0x1830 [ 30.327815] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 30.334099] [] udpv6_sendmsg+0x588/0x2540 [ 30.339862] [] ? trace_hardirqs_on+0xd/0x10 [ 30.345799] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 30.352085] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 30.358284] [] ? udp_v6_rehash+0xa0/0xa0 [ 30.363961] [] ? udp_seq_next+0x80/0x80 [ 30.369548] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 30.376526] [] ? release_sock+0x20/0x1c0 [ 30.382203] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 30.388487] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 30.395294] [] ? release