Warning: Permanently added 'ci-android-49-kasan-gce-8,10.128.0.5' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
serialport: Connected to syzkaller.us-central1-c.ci-android-49-kasan-gce-8 port 1 (session ID: 127a7e54799660970e6d90ea14f8b7e77b4e4b3dea257ad8c5981560c7f48d47, active connections: 1).
executing program
INIT: Entering runlevel: 2

[info] Using makefile-style concurrent boot in runlevel 2.
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   26.498056] ==================================================================
[   26.499126] BUG: KASAN: stack-out-of-bounds in memcmp+0xe3/0x160 at addr ffff8801d0c1f8c0
[   26.500288] Read of size 1 by task syzkaller788407/3239
[   26.500993] page:ffffea00074307c0 count:0 mapcount:0 mapping:          (null) index:0x0
[   26.502273] flags: 0x8000000000000000()
[   26.502797] page dumped because: kasan: bad access detected
[   26.503607] CPU: 1 PID: 3239 Comm: syzkaller788407 Not tainted 4.9.40-ged32335 #11
[   26.504689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.506102]  ffff8801d0c1f3d0 ffffffff81d8d829 ffffed003a183f18 0000000000000001
[   26.507379]  0000000000000000 ffffed003a183f18 ffff8801d0c1f8c0 ffff8801d0c1f458
[   26.508714]  ffffffff81537fa3 ffff8801d0679fb0 ffffffff852fb640 ffffffff81dab5c3
[   26.509980] Call Trace:
[   26.510357]  [<ffffffff81d8d829>] dump_stack+0xc1/0x128
[   26.511228]  [<ffffffff81537fa3>] kasan_report.part.1+0x4c3/0x500
[   26.512222]  [<ffffffff81dab5c3>] ? memcmp+0xe3/0x160
[   26.513450]  [<ffffffff812373d0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   26.514531]  [<ffffffff81538009>] __asan_report_load1_noabort+0x29/0x30
[   26.515617]  [<ffffffff81dab5c3>] memcmp+0xe3/0x160
[   26.516328]  [<ffffffff833b0537>] xfrm_selector_match+0x1c7/0xe40
[   26.517295]  [<ffffffff833b12c3>] xfrm_sk_policy_lookup+0x113/0x390
[   26.518259]  [<ffffffff833b11b0>] ? xfrm_selector_match+0xe40/0xe40
[   26.524631]  [<ffffffff81236b9b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   26.531462]  [<ffffffff833b37c3>] xfrm_lookup+0x1b3/0xc00
[   26.537179]  [<ffffffff833b3610>] ? xfrm_bundle_lookup+0x11b0/0x11b0
[   26.543637]  [<ffffffff831cd695>] ? __ip_route_output_key_hash+0x7e5/0x23e0
[   26.550705]  [<ffffffff831cd6bc>] ? __ip_route_output_key_hash+0x80c/0x23e0
[   26.558310]  [<ffffffff831cdb44>] ? __ip_route_output_key_hash+0xc94/0x23e0
[   26.565377]  [<ffffffff831cceb0>] ? ip_rt_update_pmtu+0x8b0/0x8b0
[   26.571577]  [<ffffffff833b5109>] xfrm_lookup_route+0x39/0x1a0
[   26.577594]  [<ffffffff831cfd7f>] ip_route_output_flow+0x7f/0xa0
[   26.583711]  [<ffffffff832ac8a6>] udp_sendmsg+0xe36/0x1c10
[   26.589467]  [<ffffffff832acca2>] ? udp_sendmsg+0x1232/0x1c10
[   26.595319]  [<ffffffff831ed390>] ? ip_reply_glue_bits+0xb0/0xb0
[   26.601437]  [<ffffffff832aba70>] ? udp_lib_get_port+0x18a0/0x18a0
[   26.608072]  [<ffffffff812373d0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   26.615051]  [<ffffffff81145f1a>] ? __local_bh_enable_ip+0x6a/0xd0
[   26.621337]  [<ffffffff83479108>] udpv6_sendmsg+0x588/0x2390
[   26.627124]  [<ffffffff81145f1a>] ? __local_bh_enable_ip+0x6a/0xd0
[   26.633441]  [<ffffffff8389fe70>] ? _raw_spin_unlock_bh+0x30/0x40
[   26.639639]  [<ffffffff83478b80>] ? udp_v6_push_pending_frames+0x340/0x340
[   26.646615]  [<ffffffff832aa1d0>] ? udp_seq_next+0x80/0x80
[   26.652207]  [<ffffffff812373d0>] ? debug_check_no_locks_freed+0x2c0/0x2c0
[   26.659297]  [<ffffffff82ed38d0>] ? release_sock+0x20/0x1c0
[   26.665069]  [<ffffffff81145f1a>] ? __local_bh_enable_ip+0x6a/0xd0
[   26.671384]  [<ffffffff81236b9b>] ? trace_hardirqs_on_caller+0x38b/0x590
[   26.678188]  [<ffffffff82ed39fc>] ? release_sock+0x14c/0x1c0
[   26.684365]  [<ffffffff81236dad>] ? trace_hardirqs_on+0xd/0x10
[   26.690517]  [<ffffffff81145f1a>] ? __local_bh_enable_ip+0x6a/0xd0
[   26.696906]  [<ffffffff8389fe70>] ? _raw_spin_unlock_bh+0x30/0x40
[   26.703103]  [<ffffffff82ed39fc>] ? release_sock+0x14c/0x1c0
[   26.708972]  [<ffffffff832dfaac>] inet_sendmsg+0x2bc/0x4c0
[   26.714559]  [<ffffffff832df863>] ? inet_sendmsg+0x73/0x4c0
[   26.720248]  [<ffffffff832df7f0>] ? inet_recvmsg+0x4c0/0x4c0
[   26.727700]  [<ffffffff82ec5b9a>] sock_sendmsg+0xca/0x110
[   26.733671]  [<ffffffff82ec6af8>] SYSC_sendto+0x2c8/0x340
[   26.739188]  [<ffffffff82ec6830>] ? SYSC_connect+0x310/0x310
[   26.744989]  [<ffffffff814c934e>] ? handle_mm_fault+0x6ee/0x2510
[   26.751372]  [<ffffffff810e0230>] ? __do_page_fault+0x510/0xbd0
[   26.757468]  [<ffffffff838a06a7>] ? entry_SYSCALL_64_fastpath+0x5/0xc6
[   26.764193]  [<ffffffff82ec8fa0>] SyS_sendto+0x40/0x50
[   26.769608]  [<ffffffff838a06c5>] entry_SYSCALL_64_fastpath+0x23/0xc6
[   26.776543] Memory state around the buggy address:
[   26.781443]  ffff8801d0c1f780: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1
[   26.789096]  ffff8801d0c1f800: f1 00 f2 f2 f2 f2 f2 f2 f2 00 00 00 00 f2 f2 f2
[   26.796423] >ffff8801d0c1f880: f2 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00
[   26.803776]                                            ^
[   26.809190]  ffff8801d0c1f900: 00 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00
[   26.816531]  ffff8801d0c1f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.823851] ==================================================================
[   26.831260] Disabling lock debugging due to kernel taint