Created attachment 276529 [details] find this with enchanced syzkaller ================================================================== BUG: KASAN: stack-out-of-bounds in ipv6_addr_equal include/net/ipv6.h:508 [inline] BUG: KASAN: stack-out-of-bounds in __xfrm6_state_addr_check include/net/xfrm.h:1358 [inline] BUG: KASAN: stack-out-of-bounds in xfrm_state_addr_check include/net/xfrm.h:1375 [inline] BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x2693/0x2740 net/xfrm/xfrm_state.c:959 Read of size 4 at addr ffff880065d77b70 by task syz-executor1/10036 CPU: 0 PID: 10036 Comm: syz-executor1 Not tainted 4.17.0 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org 04/01/2014 Call Trace: The buggy address belongs to the page: page:ffffea0001975dc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0x100000000000000() raw: 0100000000000000 0000000000000000 ffffea0001975dc8 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff880065d77a00: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f4 f4 f4 f2 ffff880065d77a80: f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00 >ffff880065d77b00: f4 f4 f4 f2 f2 f2 f2 00 00 00 00 00 00 00 f4 f2 ^ ffff880065d77b80: f2 f2 f2 00 00 00 00 00 00 00 00 00 f4 f4 f4 f3 ffff880065d77c00: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 10036 Comm: syz-executor1 Tainted: G B 4.17.0 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org 04/01/2014 Call Trace: Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: disabled Rebooting in 86400 seconds..