Pseudo-terminal will not be allocated because stdin is not a terminal. Warning: Permanently added '[ssh-serialport.googleapis.com]:9600,[216.239.38.127]:9600' (RSA) to the list of known hosts. Warning: Permanently added 'ci-android-49-kasan-gce-2,10.128.0.12' (ECDSA) to the list of known hosts. executing program serialport: Connected to syzkaller.us-central1-c.ci-android-49-kasan-gce-2 port 1 (session ID: 317ef198af269f15d49701728db36f35486cf48bd53d725c0e4495bc18de2666, active connections: 1). [ 49.118322] [] ? xfrm_selector_match+0xe40/0xe40 [ 49.119162] [] xfrm_lookup+0x1ab/0xbf0 [ 49.119892] [] ? xfrm_bundle_lookup+0x1190/0x1190 [ 49.120746] [] ? __lock_is_held+0xa1/0xf0 [ 49.121509] [] ? check_preemption_disabled+0x3b/0x200 [ 49.124253] [] ? __ip_route_output_key_hash+0x7d0/0x23a0 [ 49.131319] [] ? __ip_route_output_key_hash+0x7f7/0x23a0 [ 49.138384] [] ? __ip_route_output_key_hash+0xc6c/0x23a0 [ 49.145449] [] ? ip_rt_update_pmtu+0x890/0x890 [ 49.151645] [] xfrm_lookup_route+0x39/0x1a0 [ 49.157579] [] ip_route_output_flow+0x7f/0xa0 [ 49.163686] [] udp_sendmsg+0xe15/0x1bf0 [ 49.169272] [] ? udp_sendmsg+0x1211/0x1bf0 [ 49.175118] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 49.181225] [] ? udp_lib_get_port+0x1880/0x1880 [ 49.187518] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 49.194505] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 49.201488] [] ? mark_held_locks+0xaf/0x100 [ 49.207429] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 49.213712] [] udpv6_sendmsg+0x55f/0x2360 [ 49.219473] [] ? udp_lib_get_port+0x66b/0x1880 [ 49.225667] [] ? trace_hardirqs_on+0xd/0x10 [ 49.231599] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 49.237882] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 49.244079] [] ? udp_v6_push_pending_frames+0x330/0x330 [ 49.251054] [] ? release_sock+0x20/0x1c0 [ 49.256726] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 49.263006] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 49.269814] [] ? release_sock+0x14c/0x1c0 [ 49.275577] [] ? trace_hardirqs_on+0xd/0x10 [ 49.281508] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 49.287786] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 49.293981] [] ? release_sock+0x14c/0x1c0 [ 49.299741] [] inet_sendmsg+0x2bc/0x4c0 [ 49.305324] [] ? inet_sendmsg+0x73/0x4c0 [ 49.310996] [] ? inet_recvmsg+0x4a0/0x4a0 [ 49.316755] [] sock_sendmsg+0xca/0x110 [ 49.322254] [] ___sys_sendmsg+0x2f4/0x820 [ 49.328012] [] ? copy_msghdr_from_user+0x510/0x510 [ 49.334551] [] ? __lock_is_held+0xa1/0xf0 [ 49.340311] [] ? __fget+0x228/0x3a0 [ 49.345547] [] ? __fget+0x47/0x3a0 [ 49.350695] [] ? __fget_light+0x188/0x1e0 [ 49.356453] [] ? __fdget+0x18/0x20 [ 49.361610] [] ? sockfd_lookup_light+0x118/0x160 [ 49.367983] [] __sys_sendmmsg+0x151/0x390 [ 49.373742] [] ? SyS_sendmsg+0x50/0x50 [ 49.379241] [] ? _raw_spin_unlock+0x2c/0x50 [ 49.385178] [] ? handle_mm_fault+0x6e6/0x2400 [ 49.391284] [] ? __pmd_alloc+0x410/0x410 [ 49.396959] [] ? __do_page_fault+0x510/0xbd0 [ 49.402980] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 49.409780] [] SyS_sendmmsg+0x35/0x60 [ 49.415191] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 49.421731] Memory state around the buggy address: [ 49.426623] ffff8801d6a17580: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 [ 49.433944] ffff8801d6a17600: f2 f2 f2 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 [ 49.441268] >ffff8801d6a17680: 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00 [ 49.448593] ^ executing program [ 49.453490] ffff8801d6a17700: 00 00 00 00 f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 [ 49.460809] ffff8801d6a17780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.468131] ================================================================== [ 49.475448] Disabling lock debugging due to kernel taint [ 49.541711] ================================================================== [ 49.549081] BUG: KASAN: stack-out-of-bounds in xfrm_selector_match+0x237/0xe40 at addr ffff8801d6a1f6b0 [ 49.558575] Read of size 4 by task syzkaller586008/3345 [ 49.563902] page:ffffea00075a87c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 49.572110] flags: 0x200000000000000() [ 49.575956] page dumped because: kasan: bad access detected [ 49.581629] CPU: 1 PID: 3345 Comm: syzkaller586008 Tainted: G B 4.9.39-g72a0c9f #6 [ 49.590424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.599746] ffff8801d6a1f200 ffffffff81eacd59 ffffed003ad43ed6 0000000000000004 [ 49.607689] 0000000000000000 ffffed003ad43ed6 ffff8801d6a1f6b0 ffff8801d6a1f280 [ 49.615642] ffffffff81547141 0000000000000000 0000000000000000 ffffffff833ed127 [ 49.623577] Call Trace: [ 49.626131] [] dump_stack+0xc1/0x128 [ 49.631459] [] kasan_report.part.1+0x4a1/0x4e0 [ 49.637656] [] ? xfrm_selector_match+0x237/0xe40 [ 49.644024] [] __asan_report_load4_noabort+0x29/0x30 [ 49.650739] [] xfrm_selector_match+0x237/0xe40 [ 49.656943] [] xfrm_sk_policy_lookup+0x113/0x390 [ 49.663312] [] ? xfrm_selector_match+0xe40/0xe40 [ 49.669679] [] xfrm_lookup+0x1ab/0xbf0 [ 49.675179] [] ? fib_table_lookup+0xac2/0x1570 [ 49.681370] [] ? xfrm_bundle_lookup+0x1190/0x1190 [ 49.687825] [] ? ipv4_neigh_lookup+0x6c0/0x6c0 [ 49.694019] [] ? __ip_route_output_key_hash+0x7d0/0x23a0 [ 49.701079] [] ? __ip_route_output_key_hash+0x7f7/0x23a0 [ 49.708141] [] ? __ip_route_output_key_hash+0xc6c/0x23a0 [ 49.715204] [] ? ip_rt_update_pmtu+0x890/0x890 [ 49.721399] [] xfrm_lookup_route+0x39/0x1a0 [ 49.727332] [] ip_route_output_flow+0x7f/0xa0 [ 49.733437] [] udp_sendmsg+0xe15/0x1bf0 [ 49.739023] [] ? udp_sendmsg+0x1211/0x1bf0 [ 49.744869] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 49.751000] [] ? udp_lib_get_port+0x1880/0x1880 [ 49.757293] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 49.764272] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 49.771251] [] ? sock_i_uid+0x20/0xb0 [ 49.776664] [] ? sock_i_uid+0x8d/0xb0 [ 49.782078] [] udpv6_sendmsg+0x55f/0x2360 [ 49.787840] [] ? udp_lib_get_port+0x66b/0x1880 [ 49.794277] [] ? trace_hardirqs_on+0xd/0x10 [ 49.800213] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 49.806493] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 49.812687] [] ? udp_lib_get_port+0x670/0x1880 [ 49.818882] [] ? udp_v6_push_pending_frames+0x330/0x330 [ 49.825866] [] ? udp_seq_next+0x80/0x80 [ 49.831457] [] ? __might_fault+0x18e/0x1d0 [ 49.837303] [] ? ip6_datagram_release_cb+0x87/0x470 [ 49.843930] [] ? release_sock+0x20/0x1c0 [ 49.849601] [] ? ip6_datagram_release_cb+0x2b1/0x470 [ 49.856316] [] ? release_sock+0x14c/0x1c0 [ 49.862079] [] ? trace_hardirqs_on+0xd/0x10 [ 49.868012] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 49.874291] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 49.880483] [] ? release_sock+0x14c/0x1c0 [ 49.886240] [] inet_sendmsg+0x2bc/0x4c0 [ 49.891823] [] ? inet_sendmsg+0x73/0x4c0 [ 49.897492] [] ? inet_recvmsg+0x4a0/0x4a0 [ 49.903250] [] sock_sendmsg+0xca/0x110 [ 49.908749] [] ___sys_sendmsg+0x2f4/0x820 [ 49.914508] [] ? copy_msghdr_from_user+0x510/0x510 [ 49.921047] [] ? get_page_from_freelist+0x1305/0x1e50 [ 49.927848] [] ? __fget+0x228/0x3a0 [ 49.933083] [] ? __fget+0x47/0x3a0 [ 49.938237] [] ? __fget_light+0x188/0x1e0 [ 49.943995] [] ? __fdget+0x18/0x20 [ 49.949145] [] ? sockfd_lookup_light+0x118/0x160 [ 49.955513] [] __sys_sendmmsg+0x151/0x390 [ 49.961271] [] ? SyS_sendmsg+0x50/0x50 [ 49.966771] [] ? _raw_spin_unlock+0x2c/0x50 [ 49.972706] [] ? handle_mm_fault+0x6e6/0x2400 [ 49.978818] [] ? __pmd_alloc+0x410/0x410 [ 49.984495] [] ? __do_page_fault+0x2a7/0xbd0 [ 49.990516] [] ? __do_page_fault+0x510/0xbd0 [ 49.996535] [] ? up_read+0x1a/0x40 [ 50.001688] [] ? __do_page_fault+0x33f/0xbd0 [ 50.007708] [] SyS_sendmmsg+0x35/0x60 [ 50.013124] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 50.019670] Memory state around the buggy address: [ 50.024560] ffff8801d6a1f580: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 [ 50.031878] ffff8801d6a1f600: f2 f2 f2 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 [ 50.039198] >ffff8801d6a1f680: 00 00 00 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00 [ 50.046521] ^ [ 50.051415] ffff8801d6a1f700: 00 00 00 00 f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 [ 50.058737] ffff8801d6a1f780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.066058] ================================================================== [ 50.073929] ================================================================== [ 50.081264] BUG: KASAN: stack-out-of-bounds in xfrm_selector_match+0xe05/0xe40 at addr ffff8801d6a1f6c4 [ 50.090755] Read of size 2 by task syzkaller586008/3345 [ 50.096080] page:ffffea00075a87c0 count:0 mapcount:0 mapping: (null) index:0x0 [ 50.104289] flags: 0x200000000000000() [ 50.108138] page dumped because: kasan: bad access detected [ 50.113812] CPU: 1 PID: 3345 Comm: syzkaller586008 Tainted: G B 4.9.39-g72a0c9f #6 [ 50.122609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.131925] ffff8801d6a1f200 ffffffff81eacd59 ffffed003ad43ed8 0000000000000002 [ 50.139861] 0000000000000000 ffffed003ad43ed8 ffff8801d6a1f6c4 ffff8801d6a1f280 [ 50.147798] ffffffff81547141 0000000000000010 0000000000000000 ffffffff833edcf5 [ 50.155729] Call Trace: [ 50.158280] [] dump_stack+0xc1/0x128 [ 50.163608] [] kasan_report.part.1+0x4a1/0x4e0 [ 50.169804] [] ? xfrm_selector_match+0xe05/0xe40 [ 50.176175] [] __asan_report_load2_noabort+0x29/0x30 [ 50.182898] [] xfrm_selector_match+0xe05/0xe40 [ 50.189094] [] xfrm_sk_policy_lookup+0x113/0x390 [ 50.195460] [] ? xfrm_selector_match+0xe40/0xe40 [ 50.201829] [] xfrm_lookup+0x1ab/0xbf0 [ 50.207329] [] ? fib_table_lookup+0xac2/0x1570 [ 50.213523] [] ? xfrm_bundle_lookup+0x1190/0x1190 [ 50.219978] [] ? ipv4_neigh_lookup+0x6c0/0x6c0 [ 50.226173] [] ? __ip_route_output_key_hash+0x7d0/0x23a0 [ 50.233234] [] ? __ip_route_output_key_hash+0x7f7/0x23a0 [ 50.240295] [] ? __ip_route_output_key_hash+0xc6c/0x23a0 [ 50.247355] [] ? ip_rt_update_pmtu+0x890/0x890 [ 50.253546] [] xfrm_lookup_route+0x39/0x1a0 [ 50.259479] [] ip_route_output_flow+0x7f/0xa0 [ 50.265585] [] udp_sendmsg+0xe15/0x1bf0 [ 50.271169] [] ? udp_sendmsg+0x1211/0x1bf0 [ 50.277012] [] ? ip_reply_glue_bits+0xb0/0xb0 [ 50.283116] [] ? udp_lib_get_port+0x1880/0x1880 [ 50.289395] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 50.296367] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 50.303342] [] ? sock_i_uid+0x20/0xb0 [ 50.308755] [] ? sock_i_uid+0x8d/0xb0 [ 50.314166] [] udpv6_sendmsg+0x55f/0x2360 [ 50.319923] [] ? udp_lib_get_port+0x66b/0x1880 [ 50.326117] [] ? trace_hardirqs_on+0xd/0x10 [ 50.332048] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 50.338327] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 50.344519] [] ? udp_lib_get_port+0x670/0x1880 [ 50.350714] [] ? udp_v6_push_pending_frames+0x330/0x330 [ 50.357686] [] ? udp_seq_next+0x80/0x80 [ 50.363273] [] ? __might_fault+0x18e/0x1d0 [ 50.369117] [] ? ip6_datagram_release_cb+0x87/0x470 [ 50.375744] [] ? release_sock+0x20/0x1c0 [ 50.381417] [] ? ip6_datagram_release_cb+0x2b1/0x470 [ 50.388128] [] ? release_sock+0x14c/0x1c0 [ 50.393886] [] ? trace_hardirqs_on+0xd/0x10 [ 50.399819] [] ? __local_bh_enable_ip+0x6a/0xd0 [ 50.406099] [] ? _raw_spin_unlock_bh+0x30/0x40 [ 50.412292] [] ? release_sock+0x14c/0x1c0 [ 50.418049] [] inet_sendmsg+0x2bc/0x4c0 [ 50.423635] [] ? inet_sendmsg+0x73/0x4c0 [ 50.429308] [] ? inet_recvmsg+0x4a0/0x4a0 [ 50.435073] [] sock_sendmsg+0xca/0x110 [ 50.440569] [] ___sys_sendmsg+0x2f4/0x820 [ 50.446327] [] ? copy_msghdr_from_user+0x510/0x510 [ 50.452865] [] ? get_page_from_freelist+0x1305/0x1e50 [ 50.459666] [] ? __fget+0x228/0x3a0 [ 50.464901] [] ? __fget+0x47/0x3a0 [ 50.470049] [] ? __fget_light+0x188/0x1e0 [ 50.475806] [] ? __fdget+0x18/0x20 [ 50.480957] [] ? sockfd_lookup_light+0x118/0x160 [ 50.487323] [] __sys_sendmmsg+0x151/0x390 [ 50.493082] [] ? SyS_sendmsg+0x50/0x50 [ 50.498580] [] ? _raw_spin_unlock+0x2c/0x50 [ 50.504516] [] ? handle_mm_fault+0x6e6/0x2400 [ 50.510625] [] ? __pmd_alloc+0x410/0x410 [ 50.516298] [] ? __do_page_fault+0x2a7/0xbd0 [ 50.522316] [] ? __do_page_fault+0x510/0xbd0 [ 50.528334] [] ? up_read+0x1a/0x40 [ 50.533491] [] ? __do_page_fault+0x33f/0xbd0 [ 50.539516] [] SyS_sendmmsg+0x35/0x60