[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.97' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 65.048669][ T7030] ================================================================== [ 65.056992][ T7030] BUG: KASAN: slab-out-of-bounds in fl6_update_dst+0x2bb/0x2c0 [ 65.064716][ T7030] Read of size 16 at addr ffff88809f94c058 by task syz-executor759/7030 [ 65.073028][ T7030] [ 65.075348][ T7030] CPU: 1 PID: 7030 Comm: syz-executor759 Not tainted 5.7.0-rc5-syzkaller #0 [ 65.084228][ T7030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.094439][ T7030] Call Trace: [ 65.097736][ T7030] dump_stack+0x188/0x20d [ 65.102257][ T7030] print_address_description.constprop.0.cold+0xd3/0x315 [ 65.109425][ T7030] ? fl6_update_dst+0x2bb/0x2c0 [ 65.114262][ T7030] __kasan_report.cold+0x35/0x4d [ 65.119186][ T7030] ? fl6_update_dst+0x2bb/0x2c0 [ 65.124155][ T7030] ? fl6_update_dst+0x2bb/0x2c0 [ 65.128989][ T7030] kasan_report+0x33/0x50 [ 65.133305][ T7030] fl6_update_dst+0x2bb/0x2c0 [ 65.138011][ T7030] sctp_v6_get_dst+0x5e7/0x1c30 [ 65.142965][ T7030] ? _get_random_bytes+0x183/0x420 [ 65.148101][ T7030] ? sctp_v6_copy_addrlist+0x650/0x650 [ 65.153617][ T7030] ? mark_held_locks+0x9f/0xe0 [ 65.158383][ T7030] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 65.164175][ T7030] ? memset+0x20/0x40 [ 65.168185][ T7030] ? sctp_transport_route+0x125/0x350 [ 65.173686][ T7030] sctp_transport_route+0x125/0x350 [ 65.179006][ T7030] sctp_assoc_add_peer+0x5a0/0x1030 [ 65.184361][ T7030] sctp_connect_new_asoc+0x19b/0x580 [ 65.189767][ T7030] ? security_sctp_bind_connect+0x8e/0xc0 [ 65.195584][ T7030] sctp_sendmsg+0x1396/0x1f30 [ 65.200339][ T7030] ? __might_fault+0x11f/0x1d0 [ 65.205381][ T7030] ? __sctp_setsockopt_connectx+0x180/0x180 [ 65.211622][ T7030] ? aa_af_perm+0x260/0x260 [ 65.216142][ T7030] ? import_iovec+0x236/0x3d0 [ 65.220804][ T7030] inet_sendmsg+0x99/0xe0 [ 65.225130][ T7030] ? inet_send_prepare+0x4d0/0x4d0 [ 65.230256][ T7030] sock_sendmsg+0xcf/0x120 [ 65.234673][ T7030] ____sys_sendmsg+0x308/0x7e0 [ 65.239507][ T7030] ? kernel_sendmsg+0x50/0x50 [ 65.244204][ T7030] ? lockdep_hardirqs_on+0x463/0x620 [ 65.249536][ T7030] ? mark_lock+0x12b/0xf10 [ 65.254023][ T7030] ___sys_sendmsg+0x100/0x170 [ 65.258723][ T7030] ? sendmsg_copy_msghdr+0x70/0x70 [ 65.264008][ T7030] ? mark_lock+0x12b/0xf10 [ 65.268448][ T7030] ? do_huge_pmd_anonymous_page+0xb9c/0x1990 [ 65.274451][ T7030] ? print_usage_bug+0x240/0x240 [ 65.279432][ T7030] ? lock_downgrade+0x840/0x840 [ 65.284939][ T7030] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.290482][ T7030] ? sctp_setsockopt+0x146/0x7090 [ 65.295863][ T7030] ? __fget_light+0x1ab/0x270 [ 65.300533][ T7030] __sys_sendmmsg+0x195/0x480 [ 65.305357][ T7030] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 65.310373][ T7030] ? aa_af_perm+0x260/0x260 [ 65.314867][ T7030] ? __sys_setsockopt+0x2eb/0x480 [ 65.319867][ T7030] ? sock_create_kern+0x40/0x40 [ 65.324713][ T7030] ? up_read+0x1ab/0x750 [ 65.328975][ T7030] ? handle_mm_fault+0x29e/0x660 [ 65.333918][ T7030] __x64_sys_sendmmsg+0x99/0x100 [ 65.338843][ T7030] ? lockdep_hardirqs_on+0x463/0x620 [ 65.344122][ T7030] do_syscall_64+0xf6/0x7d0 [ 65.348621][ T7030] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 65.354495][ T7030] RIP: 0033:0x440309 [ 65.358380][ T7030] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 65.377977][ T7030] RSP: 002b:00007fff5a86b5e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 65.386371][ T7030] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309 [ 65.394341][ T7030] RDX: 0000000000000001 RSI: 0000000020000140 RDI: 0000000000000003 [ 65.402297][ T7030] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 65.410252][ T7030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90 [ 65.418207][ T7030] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000 [ 65.426172][ T7030] [ 65.428495][ T7030] Allocated by task 7030: [ 65.432818][ T7030] save_stack+0x1b/0x40 [ 65.436949][ T7030] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 65.442779][ T7030] __kmalloc+0x161/0x7a0 [ 65.447431][ T7030] sock_kmalloc+0xb5/0x100 [ 65.451869][ T7030] ipv6_renew_options+0x274/0x940 [ 65.457062][ T7030] do_ipv6_setsockopt.isra.0+0x2eaf/0x42f0 [ 65.462938][ T7030] ipv6_setsockopt+0xfb/0x180 [ 65.467636][ T7030] sctp_setsockopt+0x13e/0x7090 [ 65.472660][ T7030] __sys_setsockopt+0x248/0x480 [ 65.477572][ T7030] __x64_sys_setsockopt+0xba/0x150 [ 65.482835][ T7030] do_syscall_64+0xf6/0x7d0 [ 65.487415][ T7030] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 65.493407][ T7030] [ 65.495802][ T7030] Freed by task 1: [ 65.499535][ T7030] save_stack+0x1b/0x40 [ 65.503913][ T7030] __kasan_slab_free+0xf7/0x140 [ 65.508934][ T7030] kfree+0x109/0x2b0 [ 65.512841][ T7030] tomoyo_path_perm+0x236/0x400 [ 65.517693][ T7030] security_inode_getattr+0xeb/0x150 [ 65.522974][ T7030] vfs_getattr+0x22/0x60 [ 65.527485][ T7030] vfs_statx_fd+0x6a/0xb0 [ 65.531829][ T7030] __do_sys_newfstat+0x8b/0x100 [ 65.536698][ T7030] do_syscall_64+0xf6/0x7d0 [ 65.541206][ T7030] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 65.547180][ T7030] [ 65.549493][ T7030] The buggy address belongs to the object at ffff88809f94c000 [ 65.549493][ T7030] which belongs to the cache kmalloc-96 of size 96 [ 65.563369][ T7030] The buggy address is located 88 bytes inside of [ 65.563369][ T7030] 96-byte region [ffff88809f94c000, ffff88809f94c060) [ 65.576483][ T7030] The buggy address belongs to the page: [ 65.582205][ T7030] page:ffffea00027e5300 refcount:1 mapcount:0 mapping:000000007ba0e2fa index:0xffff88809f94ce80 [ 65.592589][ T7030] flags: 0xfffe0000000200(slab) [ 65.597435][ T7030] raw: 00fffe0000000200 ffffea00029c1448 ffffea0002675908 ffff8880aa000540 [ 65.606715][ T7030] raw: ffff88809f94ce80 ffff88809f94c000 000000010000000c 0000000000000000 [ 65.615328][ T7030] page dumped because: kasan: bad access detected [ 65.621780][ T7030] [ 65.624096][ T7030] Memory state around the buggy address: [ 65.629715][ T7030] ffff88809f94bf00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 65.637761][ T7030] ffff88809f94bf80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 65.645817][ T7030] >ffff88809f94c000: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 65.653853][ T7030] ^ [ 65.660763][ T7030] ffff88809f94c080: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 65.668798][ T7030] ffff88809f94c100: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 65.676831][ T7030] ================================================================== [ 65.684864][ T7030] Disabling lock debugging due to kernel taint [ 65.700278][ T7030] Kernel panic - not syncing: panic_on_warn set ... [ 65.706976][ T7030] CPU: 1 PID: 7030 Comm: syz-executor759 Tainted: G B 5.7.0-rc5-syzkaller #0 [ 65.717032][ T7030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.727088][ T7030] Call Trace: [ 65.730504][ T7030] dump_stack+0x188/0x20d [ 65.734847][ T7030] panic+0x2e3/0x75c [ 65.738979][ T7030] ? add_taint.cold+0x16/0x16 [ 65.743638][ T7030] ? preempt_schedule_common+0x5e/0xc0 [ 65.749343][ T7030] ? fl6_update_dst+0x2bb/0x2c0 [ 65.754524][ T7030] ? preempt_schedule_thunk+0x16/0x18 [ 65.760116][ T7030] ? trace_hardirqs_on+0x55/0x220 [ 65.765273][ T7030] ? fl6_update_dst+0x2bb/0x2c0 [ 65.770236][ T7030] end_report+0x4d/0x53 [ 65.774699][ T7030] __kasan_report.cold+0xd/0x4d [ 65.779735][ T7030] ? fl6_update_dst+0x2bb/0x2c0 [ 65.784761][ T7030] ? fl6_update_dst+0x2bb/0x2c0 [ 65.789861][ T7030] kasan_report+0x33/0x50 [ 65.794479][ T7030] fl6_update_dst+0x2bb/0x2c0 [ 65.799713][ T7030] sctp_v6_get_dst+0x5e7/0x1c30 [ 65.804570][ T7030] ? _get_random_bytes+0x183/0x420 [ 65.809710][ T7030] ? sctp_v6_copy_addrlist+0x650/0x650 [ 65.815216][ T7030] ? mark_held_locks+0x9f/0xe0 [ 65.820232][ T7030] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 65.826200][ T7030] ? memset+0x20/0x40 [ 65.830195][ T7030] ? sctp_transport_route+0x125/0x350 [ 65.835712][ T7030] sctp_transport_route+0x125/0x350 [ 65.841186][ T7030] sctp_assoc_add_peer+0x5a0/0x1030 [ 65.847361][ T7030] sctp_connect_new_asoc+0x19b/0x580 [ 65.852788][ T7030] ? security_sctp_bind_connect+0x8e/0xc0 [ 65.858544][ T7030] sctp_sendmsg+0x1396/0x1f30 [ 65.863203][ T7030] ? __might_fault+0x11f/0x1d0 [ 65.868422][ T7030] ? __sctp_setsockopt_connectx+0x180/0x180 [ 65.874305][ T7030] ? aa_af_perm+0x260/0x260 [ 65.878962][ T7030] ? import_iovec+0x236/0x3d0 [ 65.883781][ T7030] inet_sendmsg+0x99/0xe0 [ 65.888269][ T7030] ? inet_send_prepare+0x4d0/0x4d0 [ 65.893599][ T7030] sock_sendmsg+0xcf/0x120 [ 65.898020][ T7030] ____sys_sendmsg+0x308/0x7e0 [ 65.903148][ T7030] ? kernel_sendmsg+0x50/0x50 [ 65.907956][ T7030] ? lockdep_hardirqs_on+0x463/0x620 [ 65.913927][ T7030] ? mark_lock+0x12b/0xf10 [ 65.918354][ T7030] ___sys_sendmsg+0x100/0x170 [ 65.923122][ T7030] ? sendmsg_copy_msghdr+0x70/0x70 [ 65.928228][ T7030] ? mark_lock+0x12b/0xf10 [ 65.932681][ T7030] ? do_huge_pmd_anonymous_page+0xb9c/0x1990 [ 65.939111][ T7030] ? print_usage_bug+0x240/0x240 [ 65.944069][ T7030] ? lock_downgrade+0x840/0x840 [ 65.949027][ T7030] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.954700][ T7030] ? sctp_setsockopt+0x146/0x7090 [ 65.959938][ T7030] ? __fget_light+0x1ab/0x270 [ 65.964713][ T7030] __sys_sendmmsg+0x195/0x480 [ 65.969378][ T7030] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 65.974415][ T7030] ? aa_af_perm+0x260/0x260 [ 65.978906][ T7030] ? __sys_setsockopt+0x2eb/0x480 [ 65.983912][ T7030] ? sock_create_kern+0x40/0x40 [ 65.989083][ T7030] ? up_read+0x1ab/0x750 [ 65.993328][ T7030] ? handle_mm_fault+0x29e/0x660 [ 65.998245][ T7030] __x64_sys_sendmmsg+0x99/0x100 [ 66.003165][ T7030] ? lockdep_hardirqs_on+0x463/0x620 [ 66.008429][ T7030] do_syscall_64+0xf6/0x7d0 [ 66.012933][ T7030] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 66.018800][ T7030] RIP: 0033:0x440309 [ 66.022769][ T7030] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 66.044347][ T7030] RSP: 002b:00007fff5a86b5e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 66.053371][ T7030] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309 [ 66.061513][ T7030] RDX: 0000000000000001 RSI: 0000000020000140 RDI: 0000000000000003 [ 66.069823][ T7030] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 66.078450][ T7030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90 [ 66.086411][ T7030] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000 [ 66.096031][ T7030] Kernel Offset: disabled [ 66.100806][ T7030] Rebooting in 86400 seconds..