Pseudo-terminal will not be allocated because stdin is not a terminal. Warning: Permanently added 'ci-android-49-kasan-gce-1,10.128.0.3' (ECDSA) to the list of known hosts. Warning: Permanently added '[ssh-serialport.googleapis.com]:9600,[216.239.38.127]:9600' (RSA) to the list of known hosts. executing program serialport: Connected to syzkaller.us-central1-c.ci-android-49-kasan-gce-1 port 1 (session ID: d0804c7ccd03c949a07896d3bf6a0930cdb2acdb7f45b64700bf8ecb42bb0b01, active connections: 1). [ 27.788531] [<ffffffff8115352f>] ? ns_capable_common+0xcf/0x160 [ 27.794649] [<ffffffff8323f79e>] do_ip_setsockopt.isra.11+0x193e/0x28f0 [ 27.801463] [<ffffffff812373ff>] ? mark_held_locks+0xaf/0x100 [ 27.807406] [<ffffffff8323de60>] ? ip_ra_control+0x440/0x440 [ 27.813531] [<ffffffff81545ff5>] ? kasan_unpoison_shadow+0x35/0x50 [ 27.819910] [<ffffffff811bbe4d>] ? preempt_count_add+0x7d/0x170 [ 27.826030] [<ffffffff81230da1>] ? __lock_is_held+0xa1/0xf0 [ 27.831801] [<ffffffff81237fb0>] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 27.838786] [<ffffffff8144cfe0>] ? __alloc_pages_slowpath+0x1e90/0x1e90 [ 27.845685] [<ffffffff8145f6c7>] ? __lru_cache_add+0x187/0x250 [ 27.851714] [<ffffffff81f136bc>] ? __this_cpu_preempt_check+0x1c/0x20 [ 27.858450] [<ffffffff814c9fd1>] ? handle_mm_fault+0xad1/0x2400 [ 27.864571] [<ffffffff83964ffc>] ? _raw_spin_unlock+0x2c/0x50 [ 27.870514] [<ffffffff814c9be6>] ? handle_mm_fault+0x6e6/0x2400 [ 27.876736] [<ffffffff8324078a>] ip_setsockopt+0x3a/0xb0 [ 27.882246] [<ffffffff832601b2>] tcp_setsockopt+0x82/0xd0 [ 27.887844] [<ffffffff815d7218>] ? __fget_light+0x158/0x1e0 [ 27.893635] [<ffffffff82f01f55>] sock_common_setsockopt+0x95/0xd0 [ 27.899924] [<ffffffff82efefa8>] SyS_setsockopt+0x158/0x240 [ 27.905696] [<ffffffff810e1ee0>] ? __do_page_fault+0x510/0xbd0 [ 27.911826] [<ffffffff82efee50>] ? SyS_recv+0x40/0x40 [ 27.917077] [<ffffffff839658a7>] ? entry_SYSCALL_64_fastpath+0x5/0xc6 [ 27.923713] [<ffffffff812377db>] ? trace_hardirqs_on_caller+0x38b/0x590 [ 27.930528] [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 27.937081] [<ffffffff839658c5>] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 27.943630] Memory state around the buggy address: [ 27.948534] ffff8801d1178b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.956104] ffff8801d1178c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.963434] >ffff8801d1178c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.970765] ^ [ 27.975836] ffff8801d1178d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.983166] ffff8801d1178d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 27.990582] ================================================================== [ 27.997914] Disabling lock debugging due to kernel taint [ 28.003486] ================================================================== [ 28.010834] BUG: KASAN: use-after-free in parse_ipsecrequests+0xc73/0xd00 at addr ffff8801d1178cb4 [ 28.020169] Read of size 2 by task syzkaller090727/3351 [ 28.025511] page:ffffea0007445e00 count:0 mapcount:-127 mapping: (null) index:0x0 [ 28.034004] flags: 0x200000000000000() [ 28.037869] page dumped because: kasan: bad access detected [ 28.043554] CPU: 1 PID: 3351 Comm: syzkaller090727 Tainted: G B 4.9.39-g5b07c2d #4 [ 28.052357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.061681] ffff8801c9e0f7b0 ffffffff81eacd59 ffffed003a22f196 0000000000000002 [ 28.069672] 0000000000000000 ffffed003a22f196 ffff8801d1178cb4 ffff8801c9e0f830 [ 28.077666] ffffffff81547141 0000000000000010 ffff880100000000 ffffffff8358b4b3 [ 28.085653] Call Trace: [ 28.088221] [<ffffffff81eacd59>] dump_stack+0xc1/0x128 [ 28.093556] [<ffffffff81547141>] kasan_report.part.1+0x4a1/0x4e0 [ 28.099762] [<ffffffff8358b4b3>] ? parse_ipsecrequests+0xc73/0xd00 [ 28.106143] [<ffffffff81547384>] __asan_report_load_n_noabort+0x24/0x30 [ 28.112955] [<ffffffff8358b4b3>] parse_ipsecrequests+0xc73/0xd00 [ 28.119157] [<ffffffff81230da1>] ? __lock_is_held+0xa1/0xf0 [ 28.124927] [<ffffffff8358a840>] ? pfkey_dump_sp+0x50/0x50 [ 28.130878] [<ffffffff812a3f58>] ? init_timer_key+0x128/0x350 [ 28.136995] [<ffffffff835a4890>] pfkey_compile_policy+0xa20/0xd40 [ 28.143292] [<ffffffff83402532>] xfrm_user_policy+0x222/0x370 [ 28.149234] [<ffffffff83402445>] ? xfrm_user_policy+0x135/0x370 [ 28.155349] [<ffffffff83402310>] ? xfrm_alloc_spi+0xa10/0xa10 [ 28.161295] [<ffffffff8115352f>] ? ns_capable_common+0xcf/0x160 [ 28.167413] [<ffffffff8323f79e>] do_ip_setsockopt.isra.11+0x193e/0x28f0 [ 28.174232] [<ffffffff812373ff>] ? mark_held_locks+0xaf/0x100 [ 28.180177] [<ffffffff8323de60>] ? ip_ra_control+0x440/0x440 [ 28.186042] [<ffffffff81545ff5>] ? kasan_unpoison_shadow+0x35/0x50 [ 28.192425] [<ffffffff811bbe4d>] ? preempt_count_add+0x7d/0x170 [ 28.198544] [<ffffffff81230da1>] ? __lock_is_held+0xa1/0xf0 [ 28.204365] [<ffffffff81237fb0>] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.211359] [<ffffffff8144cfe0>] ? __alloc_pages_slowpath+0x1e90/0x1e90 [ 28.218179] [<ffffffff8145f6c7>] ? __lru_cache_add+0x187/0x250 [ 28.224212] [<ffffffff81f136bc>] ? __this_cpu_preempt_check+0x1c/0x20 [ 28.230854] [<ffffffff814c9fd1>] ? handle_mm_fault+0xad1/0x2400 [ 28.236972] [<ffffffff83964ffc>] ? _raw_spin_unlock+0x2c/0x50 [ 28.242921] [<ffffffff814c9be6>] ? handle_mm_fault+0x6e6/0x2400 [ 28.249039] [<ffffffff8324078a>] ip_setsockopt+0x3a/0xb0 [ 28.254556] [<ffffffff832601b2>] tcp_setsockopt+0x82/0xd0 [ 28.260152] [<ffffffff815d7218>] ? __fget_light+0x158/0x1e0 [ 28.266186] [<ffffffff82f01f55>] sock_common_setsockopt+0x95/0xd0 [ 28.272488] [<ffffffff82efefa8>] SyS_setsockopt+0x158/0x240 [ 28.278272] [<ffffffff810e1ee0>] ? __do_page_fault+0x510/0xbd0 [ 28.284409] [<ffffffff82efee50>] ? SyS_recv+0x40/0x40 [ 28.289760] [<ffffffff839658a7>] ? entry_SYSCALL_64_fastpath+0x5/0xc6 [ 28.296408] [<ffffffff812377db>] ? trace_hardirqs_on_caller+0x38b/0x590 [ 28.303234] [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.309882] [<ffffffff839658c5>] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 28.316433] Memory state around the buggy address: [ 28.321333] ffff8801d1178b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.328668] ffff8801d1178c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.336001] >ffff8801d1178c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.343343] ^ executing program [ 28.348497] ffff8801d1178d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.355829] ffff8801d1178d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.363157] ================================================================== [ 28.370955] ================================================================== [ 28.378310] BUG: KASAN: use-after-free in parse_ipsecrequests+0xc7d/0xd00 at addr ffff8801d1178db6 [ 28.387380] Read of size 1 by task syzkaller090727/3351 [ 28.392720] page:ffffea0007445e00 count:0 mapcount:-127 mapping: (null) index:0x0 [ 28.401226] flags: 0x200000000000000() [ 28.405084] page dumped because: kasan: bad access detected [ 28.410766] CPU: 1 PID: 3351 Comm: syzkaller090727 Tainted: G B 4.9.39-g5b07c2d #4 [ 28.419572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.429336] ffff8801c9e0f7b0 ffffffff81eacd59 ffffed003a22f1b6 0000000000000001 [ 28.437337] 0000000000000000 ffffed003a22f1b6 ffff8801d1178db6 ffff8801c9e0f830 [ 28.445326] ffffffff81547141 ffffffffffffffff 000000400000000e ffffffff8358b4bd [ 28.453335] Call Trace: [ 28.456157] [<ffffffff81eacd59>] dump_stack+0xc1/0x128 [ 28.461760] [<ffffffff81547141>] kasan_report.part.1+0x4a1/0x4e0 [ 28.468028] [<ffffffff8358b4bd>] ? parse_ipsecrequests+0xc7d/0xd00 [ 28.474408] [<ffffffff81237fb0>] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.481393] [<ffffffff81545ee3>] ? save_stack+0x43/0xd0 [ 28.486827] [<ffffffff815467c3>] ? kasan_slab_free+0x73/0xc0 [ 28.492704] [<ffffffff815420f2>] ? kmem_cache_free+0xb2/0x2e0 [ 28.498695] [<ffffffff815471a9>] __asan_report_load1_noabort+0x29/0x30 [ 28.505427] [<ffffffff8358b4bd>] parse_ipsecrequests+0xc7d/0xd00 [ 28.511737] [<ffffffff81546100>] ? kasan_kmalloc+0x40/0xe0 [ 28.517418] [<ffffffff8358a840>] ? pfkey_dump_sp+0x50/0x50 [ 28.523101] [<ffffffff812a3f58>] ? init_timer_key+0x128/0x350 [ 28.529042] [<ffffffff835a4890>] pfkey_compile_policy+0xa20/0xd40 [ 28.535333] [<ffffffff83402532>] xfrm_user_policy+0x222/0x370 [ 28.541287] [<ffffffff83402445>] ? xfrm_user_policy+0x135/0x370 [ 28.547402] [<ffffffff83402310>] ? xfrm_alloc_spi+0xa10/0xa10 [ 28.553349] [<ffffffff8115352f>] ? ns_capable_common+0xcf/0x160 [ 28.559465] [<ffffffff8323f79e>] do_ip_setsockopt.isra.11+0x193e/0x28f0 [ 28.566275] [<ffffffff8323de60>] ? ip_ra_control+0x440/0x440 [ 28.572135] [<ffffffff81545ff5>] ? kasan_unpoison_shadow+0x35/0x50 [ 28.578512] [<ffffffff811bbe4d>] ? preempt_count_add+0x7d/0x170 [ 28.584638] [<ffffffff81449ca5>] ? get_page_from_freelist+0x1305/0x1e50 [ 28.591543] [<ffffffff81237fb0>] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.598911] [<ffffffff8144cfe0>] ? __alloc_pages_slowpath+0x1e90/0x1e90 [ 28.605728] [<ffffffff81f134bb>] ? check_preemption_disabled+0x3b/0x200 [ 28.612540] [<ffffffff8145f6c7>] ? __lru_cache_add+0x187/0x250 [ 28.618569] [<ffffffff81f136bc>] ? __this_cpu_preempt_check+0x1c/0x20 [ 28.625292] [<ffffffff81461dc9>] ? lru_cache_add+0xd9/0x1e0 [ 28.631064] [<ffffffff814c9fd1>] ? handle_mm_fault+0xad1/0x2400 [ 28.637181] [<ffffffff83964ffc>] ? _raw_spin_unlock+0x2c/0x50 [ 28.643300] [<ffffffff814c9be6>] ? handle_mm_fault+0x6e6/0x2400 [ 28.649420] [<ffffffff8324078a>] ip_setsockopt+0x3a/0xb0 [ 28.654937] [<ffffffff832601b2>] tcp_setsockopt+0x82/0xd0 [ 28.660533] [<ffffffff815d7218>] ? __fget_light+0x158/0x1e0 [ 28.666305] [<ffffffff82f01f55>] sock_common_setsockopt+0x95/0xd0 [ 28.672599] [<ffffffff82efefa8>] SyS_setsockopt+0x158/0x240 [ 28.678476] [<ffffffff810e1ee0>] ? __do_page_fault+0x510/0xbd0 [ 28.684506] [<ffffffff82efee50>] ? SyS_recv+0x40/0x40 [ 28.689763] [<ffffffff8122cdea>] ? up_read+0x1a/0x40 [ 28.694927] [<ffffffff810e1d0f>] ? __do_page_fault+0x33f/0xbd0 [ 28.701052] [<ffffffff81ee1bc6>] ? debug_locks_off+0x86/0xa0 [ 28.706906] [<ffffffff8100301a>] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.713582] [<ffffffff839658c5>] entry_SYSCALL_64_fastpath+0x23/0xc6 [ 28.720132] Memory state around the buggy address: [ 28.725046] ffff8801d1178c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.732384] ffff8801d1178d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.739891] >ffff8801d1178d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.747229] ^ [ 28.752140] ffff8801d1178e00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.759469] ffff8801d1178e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 28.766885] ================================================================== [ 28.774418] ================================================================== [ 28.781772] BUG: KASAN: use-after-free in parse_ipsecrequests+0xc73/0xd00 at addr ffff8801d1178db4 [ 28.790845] Read of size 2 by task syzkaller090727/3351 [ 28.796529] page:ffffea0007445e00 count:0 mapcount:-127 mapping: (null) index:0x0 [ 28.805021] flags: 0x200000000000000() [ 28.808875] page dumped because: kasan: bad access detected [ 28.814559] CPU: 1 PID: 3351 Comm: syzkaller090727 Tainted: G B 4.9.39-g5b07c2d #4 [ 28.823363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.832690] ffff8801c9e0f7b0 ffffffff81eacd59 ffffed003a22f1b6 0000000000000002 [ 28.840675] 0000000000000000 ffffed003a22f1b6 ffff8801d1178db4 ffff8801c9e0f830 [ 28.848667] ffffffff81547141 0000000000000010 0000004000000000 ffffffff8358b4b3 [ 28.856669] Call Trace: [ 28.859232] [<ffffffff81eacd59>] dump_stack+0xc1/0x128 [ 28.864568] [<ffffffff81547141>] kasan_report.part.1+0x4a1/0x4e0 [ 28.870771] [<ffffffff8358b4b3>] ? parse_ipsecrequests+0xc73/0xd00 [ 28.877162] [<ffffffff81237fb0>] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.884234] [<ffffffff81547384>] __asan_report_load_n_noabort+0x24/0x30 [ 28.891043] [<ffffffff8358b4b3>] parse_ipsecrequests+0xc73/0xd00 [ 28.897246] [<ffffffff81546100>] ? kasan_kmalloc+0x40/0xe0 [ 28.902927] [<ffffffff8358a840>] ? pfkey_dump_sp+0x50/0x50 [ 28.908608] [<ffffffff812a3f58>] ? init_timer_key+0x128/0x350 [ 28.914553] [<ffffffff835a4890>] pfkey_compile_policy+0xa20/0xd40 [ 28.920842] [<ffffffff83402532>] xfrm_user_policy+0x222/0x370 [ 28.926874] [<ffffffff83402445>] ? xfrm_user_policy+0x135/0x370 [ 28.932998] [<ffffffff83402310>] ? xfrm_alloc_spi+0xa10/0xa10 [ 28.938943] [<ffffffff8115352f>] ? ns_capable_common+0xcf/0x160 [ 28.945058] [<ffffffff8323f79e>] do_ip_setsockopt.isra.11+0x193e/0x28f0 [ 28.951870] [<ffffffff8323de60>] ? ip_ra_control+0x440/0x440 [ 28.957724] [<ffffffff81545ff5>] ? kasan_unpoison_shadow+0x35/0x50 [ 28.964100] [<ffffffff811bbe4d>] ? preempt_count_add+0x7d/0x170 [ 28.970215] [<ffffffff81449ca5>] ? get_page_from_freelist+0x1305/0x1e50 [ 28.977028] [<ffffffff81237fb0>] ? debug_check_no_locks_freed+0x2c0/0x2c0 [ 28.984016] [<ffffffff8144cfe0>] ? __alloc_pages_slowpath+0x1e90/0x1e90 [ 28.990825] [<ffffffff81f134bb>] ? check_preemption_disabled+0x3b/0x200