Warning: Permanently added 'ci-android-49-kasan-gce-8,10.128.0.5' (ECDSA) to the list of known hosts. net.ipv6.conf.syz0.accept_dad = 0 net.ipv6.conf.syz0.router_solicitations = 0 serialport: Connected to syzkaller.us-central1-c.ci-android-49-kasan-gce-8 port 1 (session ID: 127a7e54799660970e6d90ea14f8b7e77b4e4b3dea257ad8c5981560c7f48d47, active connections: 1). executing program INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 26.498056] ================================================================== [ 26.499126] BUG: KASAN: stack-out-of-bounds in memcmp+0xe3/0x160 at addr ffff8801d0c1f8c0 [ 26.500288] Read of size 1 by task syzkaller788407/3239 [ 26.500993] page:ffffea00074307c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 26.502273] flags: 0x8000000000000000() [ 26.502797] page dumped because: kasan: bad access detected [ 26.503607] CPU: 1 PID: 3239 Comm: syzkaller788407 Not tainted 4.9.40-ged32335 #11 [ 26.504689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 26.506102] ffff8801d0c1f3d0 ffffffff81d8d829 ffffed003a183f18 0000000000000001 [ 26.507379] 0000000000000000 ffffed003a183f18 ffff8801d0c1f8c0 ffff8801d0c1f458 [ 26.508714] ffffffff81537fa3 ffff8801d0679fb0 ffffffff852fb640 ffffffff81dab5c3 [ 26.509980] Call Trace: [ 26.510357] [] dump_stack+0xc1/0x128 [ 26.511228] [] kasan_report.part.1+0x4c3/0x500 [ 26.512222] [] ? memcmp+0xe3/0x160 [ 26.513450] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 26.514531] [] __asan_report_load1_noabort+0x29/0x30 [ 26.515617] [] memcmp+0xe3/0x160 [ 26.516328] [] xfrm_selector_match+0x1c7/0xe40 [ 26.517295] [] xfrm_sk_policy_lookup+0x113/0x390 [ 26.518259] [] ? xfrm_selector_match+0xe40/0xe40 [ 26.524631] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 26.531462] [] xfrm_lookup+0x1b3/0xc00 [ 26.537179] [] ? xfrm_bundle_lookup+0x11b0/0x11b0 [ 26.543637] [] ? __ip_route_output_key_hash+0x7e5/0x23e0 [ 26.550705] [] ? __ip_route_output_key_hash+0x80c/0x23e0 [ 26.558310] [] ? __ip_route_output_key_hash+0xc94/0x23e0 [ 26.565377] [] ? ip_rt_update_pmtu+0x8b0/0x8b0 [ 26.571577] [] xfrm_lookup_route+0x39/0x1a0 [ 26.577594] [] ip_route_output_flow+0x7f/0xa0 [ 26.583711] [] udp_sendmsg+0xe36/0x1c10 [ 26.589467] [] ? udp_sendmsg+0x1232/0x1c10 [ 26.595319] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 26.601437] [] ? udp_lib_get_port+0x18a0/0x18a0 [ 26.608072] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 26.615051] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 26.621337] [] udpv6_sendmsg+0x588/0x2390 [ 26.627124] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 26.633441] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 26.639639] [] ? udp_v6_push_pending_frames+0x340/0x340 [ 26.646615] [] ? udp_seq_next+0x80/0x80 [ 26.652207] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 26.659297] [] ? release_sock+0x20/0x1c0 [ 26.665069] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 26.671384] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 26.678188] [] ? release_sock+0x14c/0x1c0 [ 26.684365] [] ? trace_hardirqs_on+0xd/0x10 [ 26.690517] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 26.696906] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 26.703103] [] ? release_sock+0x14c/0x1c0 [ 26.708972] [] inet_sendmsg+0x2bc/0x4c0 [ 26.714559] [] ? inet_sendmsg+0x73/0x4c0 [ 26.720248] [] ? inet_recvmsg+0x4c0/0x4c0 [ 26.727700] [] sock_sendmsg+0xca/0x110 [ 26.733671] [] SYSC_sendto+0x2c8/0x340 [ 26.739188] [] ? SYSC_connect+0x310/0x310 [ 26.744989] [] ? handle_mm_fault+0x6ee/0x2510 [ 26.751372] [] ? __do_page_fault+0x510/0xbd0 [ 26.757468] [] ? entry_SYSCALL_64_fastpath+0x5/0xc6 [ 26.764193] [] SyS_sendto+0x40/0x50 [ 26.769608] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 26.776543] Memory state around the buggy address: [ 26.781443] ffff8801d0c1f780: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 26.789096] ffff8801d0c1f800: f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 [ 26.796423] >ffff8801d0c1f880: f2 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 [ 26.803776] ^ [ 26.809190] ffff8801d0c1f900: 00 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00 [ 26.816531] ffff8801d0c1f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.823851] ================================================================== [ 26.831260] Disabling lock debugging due to kernel taint