Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts. executing program [ 66.077935][ T8394] ================================================================== [ 66.086148][ T8394] BUG: KASAN: slab-out-of-bounds in eth_header_parse_protocol+0xdc/0xe0 [ 66.094479][ T8394] Read of size 2 at addr ffff888014a5180b by task syz-executor174/8394 [ 66.102704][ T8394] [ 66.105025][ T8394] CPU: 0 PID: 8394 Comm: syz-executor174 Not tainted 5.12.0-rc4-syzkaller #0 [ 66.113785][ T8394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.123874][ T8394] Call Trace: [ 66.127188][ T8394] dump_stack+0x141/0x1d7 [ 66.131548][ T8394] ? eth_header_parse_protocol+0xdc/0xe0 [ 66.137178][ T8394] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 66.144211][ T8394] ? llc_sysctl_exit+0x60/0x60 [ 66.149001][ T8394] ? eth_header_parse_protocol+0xdc/0xe0 [ 66.154633][ T8394] ? eth_header_parse_protocol+0xdc/0xe0 [ 66.160259][ T8394] kasan_report.cold+0x7c/0xd8 [ 66.165042][ T8394] ? eth_header_parse_protocol+0xdc/0xe0 [ 66.170685][ T8394] ? llc_sysctl_exit+0x60/0x60 [ 66.175531][ T8394] eth_header_parse_protocol+0xdc/0xe0 [ 66.180987][ T8394] virtio_net_hdr_to_skb.constprop.0+0x99d/0xcd0 [ 66.187334][ T8394] ? tpacket_destruct_skb+0x860/0x860 [ 66.192706][ T8394] packet_sendmsg+0x233c/0x5300 [ 66.197560][ T8394] ? aa_sk_perm+0x31b/0xab0 [ 66.202082][ T8394] ? packet_create+0xac0/0xac0 [ 66.206866][ T8394] ? aa_af_perm+0x230/0x230 [ 66.211369][ T8394] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 66.217609][ T8394] ? packet_create+0xac0/0xac0 [ 66.222364][ T8394] sock_sendmsg+0xcf/0x120 [ 66.226776][ T8394] sock_no_sendpage+0xf3/0x130 [ 66.231532][ T8394] ? sk_page_frag_refill+0x1d0/0x1d0 [ 66.236830][ T8394] ? lock_release+0x720/0x720 [ 66.241504][ T8394] ? find_held_lock+0x2d/0x110 [ 66.246273][ T8394] kernel_sendpage.part.0+0x1ab/0x350 [ 66.251645][ T8394] sock_sendpage+0xe5/0x140 [ 66.256145][ T8394] ? __sock_recv_ts_and_drops+0x430/0x430 [ 66.261856][ T8394] pipe_to_sendpage+0x2ad/0x380 [ 66.266713][ T8394] ? propagate_umount+0x19f0/0x19f0 [ 66.271908][ T8394] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 66.278155][ T8394] ? splice_from_pipe_next.part.0+0x167/0x520 [ 66.284221][ T8394] __splice_from_pipe+0x43e/0x8a0 [ 66.289244][ T8394] ? propagate_umount+0x19f0/0x19f0 [ 66.294445][ T8394] generic_splice_sendpage+0xd4/0x140 [ 66.299812][ T8394] ? __do_sys_vmsplice+0x9d0/0x9d0 [ 66.304920][ T8394] ? security_file_permission+0x248/0x560 [ 66.310637][ T8394] ? __do_sys_vmsplice+0x9d0/0x9d0 [ 66.315759][ T8394] do_splice+0xb7e/0x1940 [ 66.320083][ T8394] ? find_held_lock+0x2d/0x110 [ 66.324873][ T8394] ? splice_file_to_pipe+0x120/0x120 [ 66.330165][ T8394] ? find_held_lock+0x2d/0x110 [ 66.334926][ T8394] __do_splice+0x134/0x250 [ 66.339338][ T8394] ? do_splice+0x1940/0x1940 [ 66.343926][ T8394] __x64_sys_splice+0x198/0x250 [ 66.348860][ T8394] do_syscall_64+0x2d/0x70 [ 66.353271][ T8394] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 66.359160][ T8394] RIP: 0033:0x445989 [ 66.363053][ T8394] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 66.382649][ T8394] RSP: 002b:00007fd17efb12f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 66.391056][ T8394] RAX: ffffffffffffffda RBX: 00000000004ca458 RCX: 0000000000445989 [ 66.399018][ T8394] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 66.406978][ T8394] RBP: 00000000004ca450 R08: 000000000004ffe0 R09: 0000000000000000 [ 66.414937][ T8394] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004ca45c [ 66.422897][ T8394] R13: 000000000049a074 R14: 6d32cc5e8ead0600 R15: 0000000000022000 [ 66.430959][ T8394] [ 66.433271][ T8394] Allocated by task 1: [ 66.437319][ T8394] kasan_save_stack+0x1b/0x40 [ 66.441990][ T8394] __kasan_kmalloc+0x99/0xc0 [ 66.446567][ T8394] tomoyo_realpath_from_path+0xc3/0x620 [ 66.452109][ T8394] tomoyo_path_perm+0x21b/0x400 [ 66.456958][ T8394] security_inode_getattr+0xcf/0x140 [ 66.462244][ T8394] vfs_statx+0x164/0x390 [ 66.466482][ T8394] __do_sys_newlstat+0x91/0x110 [ 66.471334][ T8394] do_syscall_64+0x2d/0x70 [ 66.475746][ T8394] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 66.481635][ T8394] [ 66.483944][ T8394] Freed by task 1: [ 66.487645][ T8394] kasan_save_stack+0x1b/0x40 [ 66.492343][ T8394] kasan_set_track+0x1c/0x30 [ 66.496931][ T8394] kasan_set_free_info+0x20/0x30 [ 66.501866][ T8394] __kasan_slab_free+0xf5/0x130 [ 66.506732][ T8394] slab_free_freelist_hook+0x92/0x210 [ 66.512187][ T8394] kfree+0xe5/0x7f0 [ 66.515990][ T8394] tomoyo_realpath_from_path+0x191/0x620 [ 66.521619][ T8394] tomoyo_path_perm+0x21b/0x400 [ 66.526467][ T8394] security_inode_getattr+0xcf/0x140 [ 66.531740][ T8394] vfs_statx+0x164/0x390 [ 66.535978][ T8394] __do_sys_newlstat+0x91/0x110 [ 66.540818][ T8394] do_syscall_64+0x2d/0x70 [ 66.545331][ T8394] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 66.551220][ T8394] [ 66.553529][ T8394] The buggy address belongs to the object at ffff888014a50000 [ 66.553529][ T8394] which belongs to the cache kmalloc-4k of size 4096 [ 66.567565][ T8394] The buggy address is located 2059 bytes to the right of [ 66.567565][ T8394] 4096-byte region [ffff888014a50000, ffff888014a51000) [ 66.581520][ T8394] The buggy address belongs to the page: [ 66.587132][ T8394] page:ffffea0000529400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a50 [ 66.597269][ T8394] head:ffffea0000529400 order:3 compound_mapcount:0 compound_pincount:0 [ 66.605581][ T8394] flags: 0xfff00000010200(slab|head) [ 66.610860][ T8394] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010842140 [ 66.619443][ T8394] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 66.628015][ T8394] page dumped because: kasan: bad access detected [ 66.634409][ T8394] [ 66.636722][ T8394] Memory state around the buggy address: [ 66.642345][ T8394] ffff888014a51700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.650401][ T8394] ffff888014a51780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.658467][ T8394] >ffff888014a51800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.666515][ T8394] ^ [ 66.670830][ T8394] ffff888014a51880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.678880][ T8394] ffff888014a51900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 66.686925][ T8394] ================================================================== [ 66.694970][ T8394] Disabling lock debugging due to kernel taint [ 66.704696][ T8394] Kernel panic - not syncing: panic_on_warn set ... [ 66.711301][ T8394] CPU: 0 PID: 8394 Comm: syz-executor174 Tainted: G B 5.12.0-rc4-syzkaller #0 [ 66.721553][ T8394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.731616][ T8394] Call Trace: [ 66.734896][ T8394] dump_stack+0x141/0x1d7 [ 66.739235][ T8394] panic+0x306/0x73d [ 66.743141][ T8394] ? __warn_printk+0xf3/0xf3 [ 66.747736][ T8394] ? preempt_schedule_common+0x59/0xc0 [ 66.753249][ T8394] ? llc_sysctl_exit+0x60/0x60 [ 66.758137][ T8394] ? eth_header_parse_protocol+0xdc/0xe0 [ 66.763891][ T8394] ? preempt_schedule_thunk+0x16/0x18 [ 66.769245][ T8394] ? trace_hardirqs_on+0x38/0x1c0 [ 66.774252][ T8394] ? trace_hardirqs_on+0x51/0x1c0 [ 66.779272][ T8394] ? llc_sysctl_exit+0x60/0x60 [ 66.784074][ T8394] ? eth_header_parse_protocol+0xdc/0xe0 [ 66.789686][ T8394] ? eth_header_parse_protocol+0xdc/0xe0 [ 66.795308][ T8394] end_report.cold+0x5a/0x5a [ 66.799925][ T8394] kasan_report.cold+0x6a/0xd8 [ 66.804680][ T8394] ? eth_header_parse_protocol+0xdc/0xe0 [ 66.810296][ T8394] ? llc_sysctl_exit+0x60/0x60 [ 66.815038][ T8394] eth_header_parse_protocol+0xdc/0xe0 [ 66.820477][ T8394] virtio_net_hdr_to_skb.constprop.0+0x99d/0xcd0 [ 66.826786][ T8394] ? tpacket_destruct_skb+0x860/0x860 [ 66.832137][ T8394] packet_sendmsg+0x233c/0x5300 [ 66.836968][ T8394] ? aa_sk_perm+0x31b/0xab0 [ 66.841452][ T8394] ? packet_create+0xac0/0xac0 [ 66.846193][ T8394] ? aa_af_perm+0x230/0x230 [ 66.850676][ T8394] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 66.856917][ T8394] ? packet_create+0xac0/0xac0 [ 66.861658][ T8394] sock_sendmsg+0xcf/0x120 [ 66.866059][ T8394] sock_no_sendpage+0xf3/0x130 [ 66.870801][ T8394] ? sk_page_frag_refill+0x1d0/0x1d0 [ 66.876066][ T8394] ? lock_release+0x720/0x720 [ 66.880722][ T8394] ? find_held_lock+0x2d/0x110 [ 66.885465][ T8394] kernel_sendpage.part.0+0x1ab/0x350 [ 66.890816][ T8394] sock_sendpage+0xe5/0x140 [ 66.895303][ T8394] ? __sock_recv_ts_and_drops+0x430/0x430 [ 66.901009][ T8394] pipe_to_sendpage+0x2ad/0x380 [ 66.905839][ T8394] ? propagate_umount+0x19f0/0x19f0 [ 66.911017][ T8394] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 66.917257][ T8394] ? splice_from_pipe_next.part.0+0x167/0x520 [ 66.923321][ T8394] __splice_from_pipe+0x43e/0x8a0 [ 66.928326][ T8394] ? propagate_umount+0x19f0/0x19f0 [ 66.933503][ T8394] generic_splice_sendpage+0xd4/0x140 [ 66.938855][ T8394] ? __do_sys_vmsplice+0x9d0/0x9d0 [ 66.943957][ T8394] ? security_file_permission+0x248/0x560 [ 66.949657][ T8394] ? __do_sys_vmsplice+0x9d0/0x9d0 [ 66.954756][ T8394] do_splice+0xb7e/0x1940 [ 66.959084][ T8394] ? find_held_lock+0x2d/0x110 [ 66.963825][ T8394] ? splice_file_to_pipe+0x120/0x120 [ 66.969089][ T8394] ? find_held_lock+0x2d/0x110 [ 66.973831][ T8394] __do_splice+0x134/0x250 [ 66.978226][ T8394] ? do_splice+0x1940/0x1940 [ 66.982795][ T8394] __x64_sys_splice+0x198/0x250 [ 66.987643][ T8394] do_syscall_64+0x2d/0x70 [ 66.992037][ T8394] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 66.997910][ T8394] RIP: 0033:0x445989 [ 67.001781][ T8394] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 67.021364][ T8394] RSP: 002b:00007fd17efb12f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 67.029754][ T8394] RAX: ffffffffffffffda RBX: 00000000004ca458 RCX: 0000000000445989 [ 67.037704][ T8394] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 67.045666][ T8394] RBP: 00000000004ca450 R08: 000000000004ffe0 R09: 0000000000000000 [ 67.053625][ T8394] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004ca45c [ 67.061577][ T8394] R13: 000000000049a074 R14: 6d32cc5e8ead0600 R15: 0000000000022000 [ 67.070118][ T8394] Kernel Offset: disabled [ 67.074465][ T8394] Rebooting in 86400 seconds..