Pseudo-terminal will not be allocated because stdin is not a terminal. Warning: Permanently added 'ci-android-49-kasan-gce-1,10.128.0.3' (ECDSA) to the list of known hosts. Warning: Permanently added '[ssh-serialport.googleapis.com]:9600,[216.239.38.127]:9600' (RSA) to the list of known hosts. executing program serialport: Connected to syzkaller.us-central1-c.ci-android-49-kasan-gce-1 port 1 (session ID: d0804c7ccd03c949a07896d3bf6a0930cdb2acdb7f45b64700bf8ecb42bb0b01, active connections: 1). [ 27.788531] [] ? ns_capable_common+0xcf/0x160 [ 27.794649] [] do_ip_setsockopt.isra.11+0x193e/0x28f0 [ 27.801463] [] ? mark_held_locks+0xaf/0x100 [ 27.807406] [] ? ip_ra_control+0x440/0x440 [ 27.813531] [] ? kasan_unpoison_shadow+0x35/0x50 [ 27.819910] [] ? preempt_count_add+0x7d/0x170 [ 27.826030] [] ? __lock_is_held+0xa1/0xf0 [ 27.831801] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.838786] [] ? __alloc_pages_slowpath+0x1e90/0x1e90 [ 27.845685] [] ? __lru_cache_add+0x187/0x250 [ 27.851714] [] ? __this_cpu_preempt_check+0x1c/0x20 [ 27.858450] [] ? handle_mm_fault+0xad1/0x2400 [ 27.864571] [] ? _raw_spin_unlock+0x2c/0x50 [ 27.870514] [] ? handle_mm_fault+0x6e6/0x2400 [ 27.876736] [] ip_setsockopt+0x3a/0xb0 [ 27.882246] [] tcp_setsockopt+0x82/0xd0 [ 27.887844] [] ? __fget_light+0x158/0x1e0 [ 27.893635] [] sock_common_setsockopt+0x95/0xd0 [ 27.899924] [] SyS_setsockopt+0x158/0x240 [ 27.905696] [] ? __do_page_fault+0x510/0xbd0 [ 27.911826] [] ? SyS_recv+0x40/0x40 [ 27.917077] [] ? entry_SYSCALL_64_fastpath+0x5/0xc6 [ 27.923713] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 27.930528] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.937081] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 27.943630] Memory state around the buggy address: [ 27.948534] ffff8801d1178b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.956104] ffff8801d1178c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.963434] >ffff8801d1178c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.970765] ^ [ 27.975836] ffff8801d1178d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.983166] ffff8801d1178d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.990582] ================================================================== [ 27.997914] Disabling lock debugging due to kernel taint [ 28.003486] ================================================================== [ 28.010834] BUG: KASAN: use-after-free in parse_ipsecrequests+0xc73/0xd00 at addr ffff8801d1178cb4 [ 28.020169] Read of size 2 by task syzkaller090727/3351 [ 28.025511] page:ffffea0007445e00 count:0 mapcount:-127 mapping: (null) index:0x0 [ 28.034004] flags: 0x200000000000000() [ 28.037869] page dumped because: kasan: bad access detected [ 28.043554] CPU: 1 PID: 3351 Comm: syzkaller090727 Tainted: G B 4.9.39-g5b07c2d #4 [ 28.052357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.061681] ffff8801c9e0f7b0 ffffffff81eacd59 ffffed003a22f196 0000000000000002 [ 28.069672] 0000000000000000 ffffed003a22f196 ffff8801d1178cb4 ffff8801c9e0f830 [ 28.077666] ffffffff81547141 0000000000000010 ffff880100000000 ffffffff8358b4b3 [ 28.085653] Call Trace: [ 28.088221] [] dump_stack+0xc1/0x128 [ 28.093556] [] kasan_report.part.1+0x4a1/0x4e0 [ 28.099762] [] ? parse_ipsecrequests+0xc73/0xd00 [ 28.106143] [] __asan_report_load_n_noabort+0x24/0x30 [ 28.112955] [] parse_ipsecrequests+0xc73/0xd00 [ 28.119157] [] ? __lock_is_held+0xa1/0xf0 [ 28.124927] [] ? pfkey_dump_sp+0x50/0x50 [ 28.130878] [] ? init_timer_key+0x128/0x350 [ 28.136995] [] pfkey_compile_policy+0xa20/0xd40 [ 28.143292] [] xfrm_user_policy+0x222/0x370 [ 28.149234] [] ? xfrm_user_policy+0x135/0x370 [ 28.155349] [] ? xfrm_alloc_spi+0xa10/0xa10 [ 28.161295] [] ? ns_capable_common+0xcf/0x160 [ 28.167413] [] do_ip_setsockopt.isra.11+0x193e/0x28f0 [ 28.174232] [] ? mark_held_locks+0xaf/0x100 [ 28.180177] [] ? ip_ra_control+0x440/0x440 [ 28.186042] [] ? kasan_unpoison_shadow+0x35/0x50 [ 28.192425] [] ? preempt_count_add+0x7d/0x170 [ 28.198544] [] ? __lock_is_held+0xa1/0xf0 [ 28.204365] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.211359] [] ? __alloc_pages_slowpath+0x1e90/0x1e90 [ 28.218179] [] ? __lru_cache_add+0x187/0x250 [ 28.224212] [] ? __this_cpu_preempt_check+0x1c/0x20 [ 28.230854] [] ? handle_mm_fault+0xad1/0x2400 [ 28.236972] [] ? _raw_spin_unlock+0x2c/0x50 [ 28.242921] [] ? handle_mm_fault+0x6e6/0x2400 [ 28.249039] [] ip_setsockopt+0x3a/0xb0 [ 28.254556] [] tcp_setsockopt+0x82/0xd0 [ 28.260152] [] ? __fget_light+0x158/0x1e0 [ 28.266186] [] sock_common_setsockopt+0x95/0xd0 [ 28.272488] [] SyS_setsockopt+0x158/0x240 [ 28.278272] [] ? __do_page_fault+0x510/0xbd0 [ 28.284409] [] ? SyS_recv+0x40/0x40 [ 28.289760] [] ? entry_SYSCALL_64_fastpath+0x5/0xc6 [ 28.296408] [] ? trace_hardirqs_on_caller+0x38b/0x590 [ 28.303234] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.309882] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 28.316433] Memory state around the buggy address: [ 28.321333] ffff8801d1178b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.328668] ffff8801d1178c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.336001] >ffff8801d1178c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.343343] ^ executing program [ 28.348497] ffff8801d1178d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.355829] ffff8801d1178d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.363157] ================================================================== [ 28.370955] ================================================================== [ 28.378310] BUG: KASAN: use-after-free in parse_ipsecrequests+0xc7d/0xd00 at addr ffff8801d1178db6 [ 28.387380] Read of size 1 by task syzkaller090727/3351 [ 28.392720] page:ffffea0007445e00 count:0 mapcount:-127 mapping: (null) index:0x0 [ 28.401226] flags: 0x200000000000000() [ 28.405084] page dumped because: kasan: bad access detected [ 28.410766] CPU: 1 PID: 3351 Comm: syzkaller090727 Tainted: G B 4.9.39-g5b07c2d #4 [ 28.419572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.429336] ffff8801c9e0f7b0 ffffffff81eacd59 ffffed003a22f1b6 0000000000000001 [ 28.437337] 0000000000000000 ffffed003a22f1b6 ffff8801d1178db6 ffff8801c9e0f830 [ 28.445326] ffffffff81547141 ffffffffffffffff 000000400000000e ffffffff8358b4bd [ 28.453335] Call Trace: [ 28.456157] [] dump_stack+0xc1/0x128 [ 28.461760] [] kasan_report.part.1+0x4a1/0x4e0 [ 28.468028] [] ? parse_ipsecrequests+0xc7d/0xd00 [ 28.474408] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.481393] [] ? save_stack+0x43/0xd0 [ 28.486827] [] ? kasan_slab_free+0x73/0xc0 [ 28.492704] [] ? kmem_cache_free+0xb2/0x2e0 [ 28.498695] [] __asan_report_load1_noabort+0x29/0x30 [ 28.505427] [] parse_ipsecrequests+0xc7d/0xd00 [ 28.511737] [] ? kasan_kmalloc+0x40/0xe0 [ 28.517418] [] ? pfkey_dump_sp+0x50/0x50 [ 28.523101] [] ? init_timer_key+0x128/0x350 [ 28.529042] [] pfkey_compile_policy+0xa20/0xd40 [ 28.535333] [] xfrm_user_policy+0x222/0x370 [ 28.541287] [] ? xfrm_user_policy+0x135/0x370 [ 28.547402] [] ? xfrm_alloc_spi+0xa10/0xa10 [ 28.553349] [] ? ns_capable_common+0xcf/0x160 [ 28.559465] [] do_ip_setsockopt.isra.11+0x193e/0x28f0 [ 28.566275] [] ? ip_ra_control+0x440/0x440 [ 28.572135] [] ? kasan_unpoison_shadow+0x35/0x50 [ 28.578512] [] ? preempt_count_add+0x7d/0x170 [ 28.584638] [] ? get_page_from_freelist+0x1305/0x1e50 [ 28.591543] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.598911] [] ? __alloc_pages_slowpath+0x1e90/0x1e90 [ 28.605728] [] ? check_preemption_disabled+0x3b/0x200 [ 28.612540] [] ? __lru_cache_add+0x187/0x250 [ 28.618569] [] ? __this_cpu_preempt_check+0x1c/0x20 [ 28.625292] [] ? lru_cache_add+0xd9/0x1e0 [ 28.631064] [] ? handle_mm_fault+0xad1/0x2400 [ 28.637181] [] ? _raw_spin_unlock+0x2c/0x50 [ 28.643300] [] ? handle_mm_fault+0x6e6/0x2400 [ 28.649420] [] ip_setsockopt+0x3a/0xb0 [ 28.654937] [] tcp_setsockopt+0x82/0xd0 [ 28.660533] [] ? __fget_light+0x158/0x1e0 [ 28.666305] [] sock_common_setsockopt+0x95/0xd0 [ 28.672599] [] SyS_setsockopt+0x158/0x240 [ 28.678476] [] ? __do_page_fault+0x510/0xbd0 [ 28.684506] [] ? SyS_recv+0x40/0x40 [ 28.689763] [] ? up_read+0x1a/0x40 [ 28.694927] [] ? __do_page_fault+0x33f/0xbd0 [ 28.701052] [] ? debug_locks_off+0x86/0xa0 [ 28.706906] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.713582] [] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 28.720132] Memory state around the buggy address: [ 28.725046] ffff8801d1178c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.732384] ffff8801d1178d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.739891] >ffff8801d1178d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.747229] ^ [ 28.752140] ffff8801d1178e00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.759469] ffff8801d1178e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.766885] ================================================================== [ 28.774418] ================================================================== [ 28.781772] BUG: KASAN: use-after-free in parse_ipsecrequests+0xc73/0xd00 at addr ffff8801d1178db4 [ 28.790845] Read of size 2 by task syzkaller090727/3351 [ 28.796529] page:ffffea0007445e00 count:0 mapcount:-127 mapping: (null) index:0x0 [ 28.805021] flags: 0x200000000000000() [ 28.808875] page dumped because: kasan: bad access detected [ 28.814559] CPU: 1 PID: 3351 Comm: syzkaller090727 Tainted: G B 4.9.39-g5b07c2d #4 [ 28.823363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.832690] ffff8801c9e0f7b0 ffffffff81eacd59 ffffed003a22f1b6 0000000000000002 [ 28.840675] 0000000000000000 ffffed003a22f1b6 ffff8801d1178db4 ffff8801c9e0f830 [ 28.848667] ffffffff81547141 0000000000000010 0000004000000000 ffffffff8358b4b3 [ 28.856669] Call Trace: [ 28.859232] [] dump_stack+0xc1/0x128 [ 28.864568] [] kasan_report.part.1+0x4a1/0x4e0 [ 28.870771] [] ? parse_ipsecrequests+0xc73/0xd00 [ 28.877162] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.884234] [] __asan_report_load_n_noabort+0x24/0x30 [ 28.891043] [] parse_ipsecrequests+0xc73/0xd00 [ 28.897246] [] ? kasan_kmalloc+0x40/0xe0 [ 28.902927] [] ? pfkey_dump_sp+0x50/0x50 [ 28.908608] [] ? init_timer_key+0x128/0x350 [ 28.914553] [] pfkey_compile_policy+0xa20/0xd40 [ 28.920842] [] xfrm_user_policy+0x222/0x370 [ 28.926874] [] ? xfrm_user_policy+0x135/0x370 [ 28.932998] [] ? xfrm_alloc_spi+0xa10/0xa10 [ 28.938943] [] ? ns_capable_common+0xcf/0x160 [ 28.945058] [] do_ip_setsockopt.isra.11+0x193e/0x28f0 [ 28.951870] [] ? ip_ra_control+0x440/0x440 [ 28.957724] [] ? kasan_unpoison_shadow+0x35/0x50 [ 28.964100] [] ? preempt_count_add+0x7d/0x170 [ 28.970215] [] ? get_page_from_freelist+0x1305/0x1e50 [ 28.977028] [] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.984016] [] ? __alloc_pages_slowpath+0x1e90/0x1e90 [ 28.990825] [] ? check_preemption_disabled+0x3b/0x200