• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1TITLE: KASAN: stack-out-of-bounds Read in xfrm_selector_match
2
3[  396.956335] ==================================================================
4[  396.963769] BUG: KASAN: stack-out-of-bounds in memcmp+0xe3/0x160
5[  396.969914] Read of size 1 at addr ffff8801c19175d0 by task syz-executor6/18562
6[  396.977522]
7[  396.979147] CPU: 0 PID: 18562 Comm: syz-executor6 Not tainted 4.15.0-rc5+ #172
8[  396.986497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
9[  396.995841] Call Trace:
10[  396.998428]  dump_stack+0x194/0x257
11[  397.002054]  ? arch_local_irq_restore+0x53/0x53
122018/01/02 18:20:06 executing program 3:
13mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
14ioctl$DRM_IOCTL_AGP_FREE(0xffffffffffffffff, 0x40206435, &(0x7f0000002000)={0x0, 0x0, 0x0, 0x11f})
15mmap(&(0x7f000000a000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
16mmap(&(0x7f000000a000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
17r0 = bpf$PROG_LOAD(0x5, &(0x7f0000003000-0x48)={0xb, 0x11, &(0x7f000000a000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, [@ldst={0x1, 0x3, 0x1, 0xf, 0x9, 0xfffffff8, 0xfffffffffffffff0}, @ldst={0x3, 0x3, 0x6, 0x5, 0x7, 0xfffffffc, 0x0}, @map={0x18, 0x6, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, @alu={0x0, 0x0, 0xd, 0xe, 0x5, 0x80, 0xfffffffffffffffc}, @generic={0x1, 0x4, 0x1000, 0xc444}, @initr0={0x18, 0x0, 0x0, 0x0, 0x17cc9c48, 0x0, 0x0, 0x0, 0x2}, @alu={0x4, 0x9, 0xd, 0xa, 0x8, 0x10, 0xfffffffffffffffc}], {0x95, 0x0, 0x0, 0x0}}, &(0x7f000000b000-0xa)='syzkaller\x00', 0x0, 0xec, &(0x7f0000005000-0xec)=""/236, 0x0, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x48)
18r1 = socket(0x5, 0x0, 0x8001)
19mmap(&(0x7f000000b000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
20getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000005000)=@assoc_id=<r2=>0x0, &(0x7f000000b000)=0x4)
21getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000002000)={r2, @in6={{0xa, 0x1, 0x1, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1}, 0x5}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x5, 0x8}, &(0x7f0000007000)=0x98)
22bpf$OBJ_PIN_PROG(0x6, &(0x7f0000008000)={&(0x7f0000008000)='./file0\x00', r0}, 0xc)
23bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x5, &(0x7f0000002000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9}, [@jmp={0x4, 0x0, 0x3, 0x5, 0x0, 0x0, 0xfffffffffffffff8}], {0x95, 0x0, 0x0, 0x0}}, &(0x7f0000004000-0xa)='syzkaller\x00', 0x3, 0xc3, &(0x7f0000386000)=""/195, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x48)
242018/01/02 18:20:06 executing program 2:
25mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
26socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f00001b1000)={0x0, <r0=>0x0})
27accept(r0, &(0x7f000003b000)=@nfc={0x0, 0x0, 0x0, 0x0}, &(0x7f0000b24000-0x4)=0x10)
28r1 = socket(0x1f, 0x2, 0x400000000000c)
29write(r1, &(0x7f0000731000-0x90)="1f0000000206ffdde200f49ff60f0000000200000900018005ffffe5000051", 0x1f)
302018/01/02 18:20:06 executing program 0:
31mmap(&(0x7f0000000000/0xaf6000)=nil, 0xaf6000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
32socketpair$inet(0x2, 0x5, 0x8, &(0x7f00001c6000)={0x0, <r0=>0x0})
33mmap(&(0x7f0000af6000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
34getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000a9c000-0x6)={<r1=>0x0, 0x80000001}, &(0x7f0000af6000)=0x6)
35mmap(&(0x7f0000af6000/0x1000)=nil, 0x1000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
36getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000281000)=@assoc_value={r1, 0x7}, &(0x7f0000af6000)=0x8)
37r2 = socket$alg(0x26, 0x5, 0x0)
38bind$alg(r2, &(0x7f0000001000)={0x26, 'hash\x00', 0x80000000002, 0x0, 'michael_mic\x00'}, 0x58)
39setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000af2000)="8be3000000010000", 0x8)
40r3 = accept$alg(r2, 0x0, 0x0)
41sendmsg$alg(r3, &(0x7f0000276000-0x38)={0x0, 0x0, &(0x7f0000738000-0x30)=[{&(0x7f0000592000-0x1b)="7be46a321d3b4acad0ed11080957", 0x2}], 0x1, &(0x7f0000211000)=[], 0x0, 0x0}, 0x0)
422018/01/02 18:20:06 executing program 1:
43mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
44r0 = socket$alg(0x26, 0x5, 0x0)
45bind$alg(r0, &(0x7f0000660000-0x58)={0x26, 'aead\x00', 0x4, 0x0, 'gcm(aes)\x00'}, 0x58)
46setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000a2c000-0x10)="0a0775b0d5e383e5b3b60ced5c54dbb7", 0x10)
47r1 = accept$alg(r0, 0x0, 0x0)
48r2 = epoll_create(0x7)
49epoll_pwait(r2, &(0x7f00007cf000)=[{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}], 0x7, 0xe67, &(0x7f0000a56000-0x8)={0x3}, 0x8)
50sendmsg$alg(r1, &(0x7f0000913000-0x38)={0x0, 0x0, &(0x7f000078f000-0x30)=[{&(0x7f000086a000-0x1000)="5216eee325f6251ccf391f3bf5e545ba5168bc129c8930595ff0b417d0f2f65ae96616dad58cc195eb900d7fef58483296fdd14f58a574e252f118bdbc0c2c93ad61f447f963a18d92ba8fef602d3950e93d15c32afecc60dceea83ca340f33724723b4dee52f78c3ef46669ee7b8a3895d2bd7231842c7e1d495d11b8ff448ae5c5949bcbf7004a8c9355c4f26e0c73085f5277deec7b6ac3eca10a826cb7975fec8349f5376084a4d7ad57fb36df257d85735150223103ff8dc1c5829c7ab9b11ff5ab9c2711b21569d4224f9e8cf9b01dd7352acab0c3521011f454760c00dd76ce319330a81b4b5af18ea2a0a417462c338efc4322a9174cfd1288ab2d10d52cc1c2b295aea5d3c24d5dae8e77e81efc75a1a6b7701dd03e2ec304ceed79c4e777aa5365b7fcbb5394ceee2675f5af0c653301681441961cb1d7260623136ecef4826e38aabbccfafa3be7addf875675f4c3b2874b71eebd0825d10a9bfb1957aa769b83540495d5386155921fa34a87a92bd4c37d32659a5601f227ae0526de7f4ae9e564ed5ec336f23c20d54aa83fe3b6ed894f171f711be31ef88c1b0b80c4e9a90069a77e49e8c60fc56f1ce6474706ecde9b016114d0734508cb5ee4a0a8ee519aaf1d71bba892e653ee910ab598bb325ae72fae836ff68610f2ae46b107b115f33e4715497fde885aecfaa3481673406bc23bf52a3e8aa9fe225415a7d506aafa72e53376772875d22054303d7dbc123d640a3f99bdbf21e6d16b18eb26c85d07191f2a2ef188422101be989f8678f622bbb3e0ac646542e530188b7abd8f608c678f7e48515f34fdd94bc5079a1be2fa5ebffe3a5a59b476a4329e455819b9d7a31aab0ef9fe0b17c5ed63d66a4700ccddb4f549ec08534bec080a61617fb7965968c3721945593a5a4403f72ed7ef5ec7b7df7781f2ff68b383ab9c87dd1a8f17e2d1ae617c10574976592043eee77560469626858c0602fc948e22943559e46adaf6c87dbeeed0416130a213da727d18cd66cecc60912bded3579f5163b233a473c2034761659383fa0e9828e59e915e0233b654024a3ff24ce727920baaa0ef6713a28239c08924a0d988f82529dbfd7172f53cfac5f08bd27426e919e323f07a7314bb0c5dade08189ef2151930dca6b2f3b2346ff4f21df3567d019a99f3d060dd23a0706e6fc7744bf09b9d283367edc7c5ad90b610eaf7886c94cb090a032814c9809e72c5fc32f13e7fed02af57358d9d2fdccf89189d4db81bdacb8c899078918db2fc8419c146f9563e8ccd7f08575493f4c7d4dc812f7799c109a1993b1d9b268a0dfef09f89f6039646501069fd9d33387ac5263ce0397df723c7af51cce88db1e26a5461b384d68f9d616cf744dc970e69dd56740b0edfdbfd76b76919dc10880677586133a563eed024ac3e5dee6655af2af8e7bd381d1e50739dd4b1c7c64c7ba5cd9932e2e7ee946a2517be315c7428ce70941827749bfd9f96e2c1b87234eb38295870ce21b74ca529efde30b421c505c263291a13745d155dfb5af1aaca1eb49c5284bdb10856bda32314b5ce405283b111e1ac5b3b4456869f553a4d0ab2cb63fecf542dc8a149adfcb3f0bbaf0b89877af56dc4406ea491fa24a62141fceb72a285b5377df686ba9456bef5ac05fe1cd17d1fef6ef4f5b5539d6d47d3d26c912cfad125c976e5918ce0c3267df45118e4e51b819110780ac1498d8df4b4c99b639384b98ab50f06f3f08d7db270b2eafa77db805fe533fda418e9223ab40e1d85f6e87dd5b868f4aee128fc17134ea20239a1870cd04e41c71475af7bca36808afbfc16947464ed003d0a88366c34feafb2763876254209919f9a1049783ed18ab545ceac7d8a6603df97c184e2c86d935d870954f183e15a2444470d5a04b6bbf5b763fc8a3d388960ab165ec933731edba5785b075d3edd5b3841d6e2ac9159a1640ee8fb1b7db5f314d69c136fe2a66d60f26ff7a8e0ef3874b6867d03a2167d0a76f52d156795bc590616341adec92f974fc171d6f787b8072f541bdd6268c208bd17925ce37d194b0dfde4cd5419999f9c3ec37a0db6466151a933e0840a2364f8944077bd986e696a4d8dcd66e91bbf6f85074e9f7f958e307a468a7431e3ce0a0d1d644c44f8bcedfa0f909f4d0d80b977775194123a07b30a0613ee3c083d47cd6cf0a83f6457ae1a30f06360c479f34a5c13c6a9f8cabc7a90b096b2349905d5d792395e6e26a88a26deb2dc899521bc2334f38fdff01fc80c3b399148b175d9799dc24f388a99e62842ec63e412d5c4702801ea5126e791f486dca5f1b3941cc53c64ed1eb7ac6a956330a97126000c78920e3f6e6549b1c43cc863748f284f052198cf1fec968b8c4f76db30807ec41a7b10b297572314cad07d6386d09f968f150a0c4d864781e7ccff44051d44016e18fc38b76655b0b958cc237db7584d787176c1a702006d22bb6b8977e7a56748d261d23e8fbb5728f07fec9e533d561bb1d2e63e8b2a4668536be151d32d0ef2d2b7d9b23080c06690cd8a1e335a206d18de84d56075a75b2ef8d34789de584577b1f1cce24c62d3dc5406f57df4b8495317c737668d3d2d8bab1e8db4e8eb19d546524790515c983464a9c5077ada2517d3d4a8dc072316ae4d6342cfce5617bb54d6c4d806642cb8cde8600aa74a395d284ef4d96d43c6e3368f2c2a29c95edecdf4873f0124a976edf5ff3fd28d96ee95edd72fea3c8a31c025ea7dd419c2f67bcd0366f9e09032fb7c82948d09014304716dbda5ec583def4908ff3ba6f3bdf255349f6d3a2e7916a0b814063f2cebdeef5d8df269209c0f298470175ff66960bf366d888d70d4d1e883eedcc28ca0782e3b4495ef7207c99f83ee24af3d03499afd6ddf3623dabc2dea1eeabf5bd65fd114b03e758dbaba5729ba721d9a7acf24e63709a997ef391c38402e1ecff310106b373fca203ac57fb65502fbf6d8d2ad4567d0c3b791bd9eec97b2065f562a3f0f259a60ed2781723a7e8ee23bc93a1dec6bd61d46f4ea45a08a8d2b46cffab92e72e24764902982525355036dfff71109b143fe046d956b282200016b982d2c2b2fb928036c43779b10fbf5b29a6e65ddf6f7f667b3d308d760474db78535a447ad5d12237ca6ef8f5868fd21033d55a8554faa6324e3d10cad1bf0d358ab110ce109f29d6f2297c6c8207ed12b2b4d44a74fc6a5e90f73a8acbf2c719f28709bccf914dce7a0026902b2e74d9d630f855e5950cfef6b40701384a3c4371f872134efc703132ec13b2e1058d8580f07477a70e7ce59de281e71f7ea9f013c7626f6943c650368a0f3dda776f131c55e90168e58caa02763c2e3bb2ebdc9cf01386fbe492713831f6209a6a4d9172fdc7f9fe5f0f1bab19fa5849eec0b0a4e0f7e5203314c3fd821df7ed2d2a308c1c7ab7ad5c613c8971f00570b9e6685b72e8786ee7189bf7c2310111d19d6a1ea64bc7c8c416c6806087f05fb111d967f1731e52a1e94a52715c8a5b66f091c6c0a8c5e1179daf16506ea36a2925a5952323f05a9069d99b4100b26666acf914d32400e15a3797b6521d79945b75d6708f26d3ed3c9f8661ef9f17cc68222fd5c3bd795bd8957d86432a6e60bc43a421ec0bd3b3aa19eaf28744fabba7861c68c54268e7f1e4029b3e6e5416d3d34b7375c9539d39183dd7362a835d1ee53ffb062d3bf84050146ebec9fd0a02417795ff09336060060844fab41f782e8220764bc6f07a5e223e3416d2e5cc8f27b38e8449cae0573abbc01db4a27a23966da3f3446880bab10754c0061fd9da2c5b3193cfedb450600e9484d741342f2773932fc96585aa603475e68cac2176c6ff0d0f99a46dd7968edea4076fdf826da47a45b73080261138efac79055d10d3ef3d59a7d6e958619f473b76a4f4a1092416a6be38303ad743304dc321b37c1f2fccd6861f936190fbce2f042c39ef841cbcce6e965253b8dcb7ee65a48ca7e17689193e934b7d1060eb7e38b1fe33cd777a7b7260cd59dd6828025115bac9dc11cd7993520810c8d72c18aaf05b03e685ff48bf3d500898a83412c0f5762437d8c705c3fdcd450fcb15944ff52c7edc18a78e55efc86c5efdbd4bfced69b471f419e85f15edea8f542b48c9b4eb5a15a8a302fbf0d85d3cd89d4105d3202414a9340562aeab460be79264fee19748ed49b01b9438d340fa6384d0b312f3200cc464a6b6c54a171c98656b0626176f0739fdd40898047df242a8d9fc515e9f331285722bd86494e90eba0ca466338740600cb71154334b94ea113840e65dda096497fe1e2d1f48d6cf06614ed5f251e73dd6189e4ee4a928115c561f64de4ac8eb0d2fecc0383c9e0a4d1479c10b7c38a73631df20aae82d26b15a22a3da23d8629b9e6bccf0373378a928b5b87c67c3f1e4f17a75ac3fa87e2949913e4bd1da5715251cac7aef8ff997d42a8c5e98540c9c857f1ed563c2950e3f03afb17023fd05b361089ae25750850245b895f0d1d9b95b514607d1ed2b92999ce088bfa5891d6c56992af19a140ec8c562f2066410b062415beffc5b79a65b6208e4d8bf8349ba4ef598d9493e5e39f02b40764082102b9730236c5650af3851d3b63e2296bd469fe8ef3e39b35f5c7b7774f50dd705cadaab92159b3ecec12c7d415fe372f3dba4c5a49359286fe9797516854d9c946164a4d7807d4bb5920e704bb950f44c70bd0c267b3807b564c6fee74cef4331c4606ce649748db6c71ad6d1de6c7501dd08c8780b88756227fe1744e348ef085ad69c07c87b63c56d4a69359b968fc86a110dd73d3b77ad2e76ca2dd0ed962583bc6e0032cc46e8fd78b6343f0edd26da18ca9ce5c3ae1447f001e37ee89e7877142f62774a7f53d717ff8172029e524dad5957cfa819433c8af8e46e45a4d1ddaaa6a1c299cf26cfbd3b8729df2b16735f0ea1fec7700ef5508f87c0f067119ea91761f6d706895a265ae0b16a5a6b7040841bb3c0819879ec3c2ecbe6c699b93777462c17d7f564309c9b899e41dd677886f29dfd2da3cda3c3c62fa8948d881478069ef6ddf922fb6d962249b2424a26aebcf418e2b7bcb925df53f24ec95508c18a18bde0e0b2b5259e1b5e75b55c9cc400d0572f995a2d4d5d123f782d12313c130cf69aada30e5cf14e48dfed2787f6e5dd9781c514423cba1cd96da867b9f6b7004e97cdcd925415f6bcfac61244f4ab9f3c1a5a61be83336ce7440f05fbc3b3c90c750837ebcb24bbe0833ce443046695eff4a8098f94674563e690ccc25a99ff4ed262d57ad6c9bec65acaee8a249631bb31a3515b1cd3db367bb0959135716493d6af12a502ffabbef51b73a643f9b8475c08cf13bb4ab18b23b5bcb6485508df531b355974fbd3550433ef536169e041259fbac723a200994ea41ec367824d17a48905d5879b86b2f24edc7dac5250dd5416e94e3be3d7a559ddd97b4a1b1244c81a088f6f6402e9b094683df800c3cc1c3d5b2a2a1aabf2633f90072eda9c0e26f0c5d86fac40843253d2d8d5cf6c356583271924e13feadc4152cb5f7662284c14d3848ef50b1126dd6574e071ef0704fc93cc79a10439edbf277e2b3d1f2cf3e1753790629fe2e82118ce73cf3b3e6e9c064e2faf6caae9dd13814a", 0xfaa}, {&(0x7f00000a0000-0x2f)="ed4e3110c91e5e96fedb93dd410744be3b4bc88269cce08425179ac1816ef7c6b3b8edcfcbb816faccd7cab2f39489", 0x2f}], 0x2, &(0x7f0000e9e000-0x18)=[], 0x0, 0x40000}, 0x0)
51recvmsg(r1, &(0x7f0000b2e000-0x38)={&(0x7f00007ec000-0x6)=@hci={0x0, 0x0, 0x0}, 0x6, &(0x7f0000f75000)=[{&(0x7f000074b000)=""/149, 0x95}, {&(0x7f0000f12000-0x1000)=""/4096, 0x1000}], 0x2, &(0x7f0000ec7000)=""/107, 0x6b, 0x0}, 0x0)
52[  397.006717]  ? show_regs_print_info+0x18/0x18
53[  397.011223]  ? find_held_lock+0x35/0x1d0
54[  397.015282]  ? memcmp+0xe3/0x160
55[  397.018669]  print_address_description+0x73/0x250
56[  397.023536]  ? memcmp+0xe3/0x160
57[  397.026901]  kasan_report+0x25b/0x340
58[  397.030702]  __asan_report_load1_noabort+0x14/0x20
59[  397.035630]  memcmp+0xe3/0x160
60[  397.038832]  xfrm_selector_match+0x1bc/0xe00
61[  397.043255]  xfrm_state_look_at.constprop.30+0x113/0x360
62[  397.048721]  xfrm_state_find+0x1595/0x3210
63[  397.052994]  ? xfrm_state_afinfo_get_rcu+0x160/0x160
64[  397.058105]  ? ipv6_get_saddr_eval+0xee0/0xee0
65[  397.062693]  ? __lock_is_held+0xb6/0x140
66[  397.066770]  ? check_noncircular+0x20/0x20
67[  397.071013]  ? cleanup_prefix_route+0x1e0/0x1e0
68[  397.075685]  ? check_noncircular+0x20/0x20
69[  397.079920]  ? lock_downgrade+0x980/0x980
70[  397.084080]  ? lock_acquire+0x1d5/0x580
71[  397.088057]  ? lock_acquire+0x1d5/0x580
72[  397.092062]  ? find_held_lock+0x35/0x1d0
73[  397.096135]  ? xfrm_tmpl_resolve+0x598/0xc40
74[  397.100628]  ? lock_downgrade+0x980/0x980
75[  397.104784]  ? rcu_read_lock_held+0xa9/0xc0
76[  397.109101]  ? xfrm_policy_get_afinfo+0x13d/0x290
77[  397.113948]  ? xfrm6_get_saddr+0xd6/0x110
78[  397.118098]  xfrm_tmpl_resolve+0x2ee/0xc40
79[  397.122338]  ? __xfrm_decode_session+0x110/0x110
80[  397.127077]  ? save_stack+0xa3/0xd0
81[  397.130687]  ? save_stack+0x43/0xd0
82[  397.134292]  ? find_held_lock+0x35/0x1d0
83[  397.138345]  ? rt_add_uncached_list+0x1b7/0x240
84[  397.143002]  xfrm_resolve_and_create_bundle+0x184/0x28d0
85[  397.148438]  ? lock_release+0xa40/0xa40
86[  397.152391]  ? __local_bh_enable_ip+0x121/0x230
87[  397.157044]  ? check_noncircular+0x20/0x20
88[  397.161268]  ? trace_hardirqs_on_caller+0x421/0x5c0
89[  397.166275]  ? trace_hardirqs_on+0xd/0x10
90[  397.170398]  ? _raw_spin_unlock_bh+0x30/0x40
91[  397.174788]  ? xfrm_tmpl_resolve+0xc40/0xc40
92[  397.179167]  ? ip_rt_bug+0x20/0x20
93[  397.182701]  ? find_held_lock+0x35/0x1d0
94[  397.188320]  ? xfrm_sk_policy_lookup+0x34c/0x4e0
95[  397.193055]  ? lock_downgrade+0x980/0x980
96[  397.197186]  ? lock_release+0xa40/0xa40
97[  397.201139]  ? refcount_inc_not_zero+0xfe/0x180
98[  397.205784]  ? selinux_xfrm_policy_lookup+0xac/0xd0
99[  397.210774]  ? security_xfrm_policy_lookup+0x92/0xc0
100[  397.215863]  ? xfrm_sk_policy_lookup+0x375/0x4e0
101[  397.220610]  ? xfrm_selector_match+0xe00/0xe00
102[  397.225168]  ? print_irqtrace_events+0x270/0x270
103[  397.229902]  xfrm_lookup+0x15b2/0x24f0
104[  397.233759]  ? xfrm_lookup+0x15b2/0x24f0
105[  397.237799]  ? xfrm_policy_lookup+0x70/0x70
106[  397.242106]  ? find_held_lock+0x35/0x1d0
107[  397.246152]  ? ip_route_output_key_hash+0x229/0x370
108[  397.251146]  ? lock_downgrade+0x980/0x980
109[  397.255265]  ? lock_release+0xa40/0xa40
110[  397.259213]  ? find_held_lock+0x35/0x1d0
111[  397.263259]  ? ip_route_output_key_hash+0x252/0x370
112[  397.268247]  ? ip_route_output_key_hash_rcu+0x2c20/0x2c20
113[  397.273753]  ? lock_release+0xa40/0xa40
114[  397.277705]  xfrm_lookup_route+0x39/0x1a0
115[  397.281832]  ip_route_output_flow+0x7c/0xa0
116[  397.286128]  udp_sendmsg+0x19d3/0x2ce0
117[  397.290002]  ? ip_reply_glue_bits+0xb0/0xb0
118[  397.294312]  ? udp_lib_get_port+0x1b30/0x1b30
119[  397.298785]  ? debug_check_no_locks_freed+0x3c0/0x3c0
120[  397.303945]  ? debug_check_no_locks_freed+0x3c0/0x3c0
121[  397.309112]  ? print_irqtrace_events+0x270/0x270
122[  397.313853]  ? lock_downgrade+0x980/0x980
123[  397.317986]  ? mark_held_locks+0xaf/0x100
124[  397.322111]  ? refcount_inc_not_zero+0xfe/0x180
125[  397.326750]  ? __local_bh_enable_ip+0x121/0x230
126[  397.331389]  ? trace_hardirqs_on_caller+0x421/0x5c0
127[  397.336376]  ? udp_lib_get_port+0x785/0x1b30
128[  397.340752]  ? trace_hardirqs_on+0xd/0x10
129[  397.344868]  ? check_noncircular+0x20/0x20
130[  397.349079]  udpv6_sendmsg+0x757/0x3400
131[  397.353037]  ? check_noncircular+0x20/0x20
132[  397.357248]  ? udpv6_setsockopt+0x80/0x80
133[  397.361378]  ? reacquire_held_locks+0x1f9/0x3e0
134[  397.366021]  ? reacquire_held_locks+0x1f9/0x3e0
135[  397.370671]  ? find_held_lock+0x35/0x1d0
136[  397.374709]  ? release_sock+0x1d4/0x2a0
137[  397.378655]  ? lock_downgrade+0x980/0x980
138[  397.382780]  ? __local_bh_enable_ip+0x121/0x230
139[  397.387422]  ? trace_hardirqs_on_caller+0x421/0x5c0
140[  397.392406]  ? release_sock+0x1d4/0x2a0
141[  397.396348]  ? trace_hardirqs_on+0xd/0x10
142[  397.400464]  ? __local_bh_enable_ip+0x121/0x230
143[  397.405104]  ? _raw_spin_unlock_bh+0x30/0x40
144[  397.409486]  ? release_sock+0x1d4/0x2a0
145[  397.413431]  ? __release_sock+0x360/0x360
146[  397.417552]  ? udp_v6_get_port+0x355/0x600
147[  397.421876]  inet_sendmsg+0x11f/0x5e0
148[  397.425649]  ? inet_sendmsg+0x11f/0x5e0
149[  397.429593]  ? copy_msghdr_from_user+0x3a6/0x590
150[  397.434320]  ? inet_recvmsg+0x5f0/0x5f0
151[  397.438354]  ? selinux_socket_sendmsg+0x36/0x40
152[  397.442995]  ? security_socket_sendmsg+0x89/0xb0
153[  397.447727]  ? inet_recvmsg+0x5f0/0x5f0
154[  397.451683]  sock_sendmsg+0xca/0x110
155[  397.455376]  ___sys_sendmsg+0x767/0x8b0
156[  397.459325]  ? copy_msghdr_from_user+0x590/0x590
157[  397.464064]  ? lock_downgrade+0x980/0x980
158[  397.468199]  ? __fget_light+0x297/0x380
159[  397.472148]  ? fget_raw+0x20/0x20
160[  397.475576]  ? schedule+0xf5/0x430
161[  397.479117]  ? selinux_secmark_relabel_packet+0xc0/0xc0
162[  397.484456]  ? selinux_netlbl_socket_setsockopt+0x10c/0x460
163[  397.490148]  ? __fdget+0x18/0x20
164[  397.493499]  __sys_sendmsg+0xe5/0x210
165[  397.497269]  ? __sys_sendmsg+0xe5/0x210
166[  397.501217]  ? SyS_shutdown+0x290/0x290
167[  397.505197]  ? trace_hardirqs_on_caller+0x421/0x5c0
168[  397.510189]  SyS_sendmsg+0x2d/0x50
169[  397.513704]  entry_SYSCALL_64_fastpath+0x23/0x9a
170[  397.518429] RIP: 0033:0x452ac9
171[  397.521586] RSP: 002b:00007f6372138c58 EFLAGS: 00000212 ORIG_RAX: 000000000000002e
172[  397.529262] RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452ac9
173[  397.536500] RDX: 0000000000000000 RSI: 00000000201f1000 RDI: 0000000000000013
174[  397.543739] RBP: 00000000000004a8 R08: 0000000000000000 R09: 0000000000000000
175[  397.550977] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006f5060
176[  397.558219] R13: 00000000ffffffff R14: 00007f63721396d4 R15: 0000000000000000
177[  397.565479]
178[  397.567080] The buggy address belongs to the page:
179[  397.571984] page:00000000f9ea28ea count:0 mapcount:0 mapping:          (null) index:0x0
180[  397.580103] flags: 0x2fffc0000000000()
181[  397.583964] raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff
182[  397.591816] raw: 0000000000000000 dead000000000200 0000000000000000 0000000000000000
183[  397.599662] page dumped because: kasan: bad access detected
184[  397.605344]
185[  397.606950] Memory state around the buggy address:
186[  397.611854]  ffff8801c1917480: f1 f1 f1 04 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2
187[  397.619191]  ffff8801c1917500: f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 f2
188[  397.626530] >ffff8801c1917580: f2 f2 f2 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 00
189[  397.633861]                                                  ^
190[  397.639801]  ffff8801c1917600: 00 00 00 00 00 00 00 00 f2 f2 f2 00 00 00 00 00
191[  397.647132]  ffff8801c1917680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
192[  397.654459] ==================================================================
193