[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.3' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 55.798525][ T7029] ================================================================== [ 55.806690][ T7029] BUG: KASAN: slab-out-of-bounds in fl6_update_dst+0x2bb/0x2c0 [ 55.814203][ T7029] Read of size 16 at addr ffff8880937c1258 by task syz-executor184/7029 [ 55.822521][ T7029] [ 55.824827][ T7029] CPU: 0 PID: 7029 Comm: syz-executor184 Not tainted 5.7.0-rc4-syzkaller #0 [ 55.833464][ T7029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.843488][ T7029] Call Trace: [ 55.846749][ T7029] dump_stack+0x188/0x20d [ 55.851055][ T7029] print_address_description.constprop.0.cold+0xd3/0x315 [ 55.858046][ T7029] ? fl6_update_dst+0x2bb/0x2c0 [ 55.862867][ T7029] __kasan_report.cold+0x35/0x4d [ 55.867811][ T7029] ? fl6_update_dst+0x2bb/0x2c0 [ 55.872634][ T7029] ? fl6_update_dst+0x2bb/0x2c0 [ 55.877452][ T7029] kasan_report+0x33/0x50 [ 55.881756][ T7029] fl6_update_dst+0x2bb/0x2c0 [ 55.886405][ T7029] sctp_v6_get_dst+0x5e7/0x1c30 [ 55.891229][ T7029] ? _get_random_bytes+0x183/0x420 [ 55.896343][ T7029] ? sctp_v6_copy_addrlist+0x650/0x650 [ 55.901773][ T7029] ? mark_held_locks+0x9f/0xe0 [ 55.906509][ T7029] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 55.912287][ T7029] ? memset+0x20/0x40 [ 55.916254][ T7029] ? sctp_transport_route+0x125/0x350 [ 55.921596][ T7029] sctp_transport_route+0x125/0x350 [ 55.926768][ T7029] sctp_assoc_add_peer+0x5a0/0x1030 [ 55.931964][ T7029] sctp_connect_new_asoc+0x19b/0x580 [ 55.937237][ T7029] ? security_sctp_bind_connect+0x8e/0xc0 [ 55.942929][ T7029] sctp_sendmsg+0x1396/0x1f30 [ 55.947575][ T7029] ? __might_fault+0x11f/0x1d0 [ 55.952317][ T7029] ? __sctp_setsockopt_connectx+0x180/0x180 [ 55.958190][ T7029] ? aa_af_perm+0x260/0x260 [ 55.962692][ T7029] ? import_iovec+0x236/0x3d0 [ 55.967342][ T7029] inet_sendmsg+0x99/0xe0 [ 55.971646][ T7029] ? inet_send_prepare+0x4d0/0x4d0 [ 55.976727][ T7029] sock_sendmsg+0xcf/0x120 [ 55.981129][ T7029] ____sys_sendmsg+0x308/0x7e0 [ 55.985866][ T7029] ? kernel_sendmsg+0x50/0x50 [ 55.990514][ T7029] ? lockdep_hardirqs_on+0x463/0x620 [ 55.995772][ T7029] ? mark_lock+0x12b/0xf10 [ 56.000164][ T7029] ___sys_sendmsg+0x100/0x170 [ 56.004888][ T7029] ? sendmsg_copy_msghdr+0x70/0x70 [ 56.009979][ T7029] ? mark_lock+0x12b/0xf10 [ 56.014378][ T7029] ? do_huge_pmd_anonymous_page+0xb9c/0x1990 [ 56.020333][ T7029] ? print_usage_bug+0x240/0x240 [ 56.025249][ T7029] ? lock_downgrade+0x840/0x840 [ 56.030083][ T7029] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.035615][ T7029] ? sctp_setsockopt+0x146/0x7090 [ 56.040615][ T7029] ? __fget_light+0x1ab/0x270 [ 56.045267][ T7029] __sys_sendmmsg+0x195/0x480 [ 56.049920][ T7029] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 56.054934][ T7029] ? aa_af_perm+0x260/0x260 [ 56.059419][ T7029] ? __sys_setsockopt+0x2eb/0x480 [ 56.064422][ T7029] ? sock_create_kern+0x40/0x40 [ 56.069243][ T7029] ? up_read+0x1ab/0x750 [ 56.073461][ T7029] ? handle_mm_fault+0x29e/0x660 [ 56.078377][ T7029] __x64_sys_sendmmsg+0x99/0x100 [ 56.083285][ T7029] ? lockdep_hardirqs_on+0x463/0x620 [ 56.088542][ T7029] do_syscall_64+0xf6/0x7d0 [ 56.100746][ T7029] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 56.106610][ T7029] RIP: 0033:0x440309 [ 56.110491][ T7029] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.130066][ T7029] RSP: 002b:00007fffd69d01b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 56.138449][ T7029] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309 [ 56.146391][ T7029] RDX: 0000000000000001 RSI: 0000000020000140 RDI: 0000000000000003 [ 56.154334][ T7029] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 56.162278][ T7029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90 [ 56.170219][ T7029] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000 [ 56.178171][ T7029] [ 56.180471][ T7029] Allocated by task 7029: [ 56.184771][ T7029] save_stack+0x1b/0x40 [ 56.188906][ T7029] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 56.194507][ T7029] __kmalloc+0x161/0x7a0 [ 56.198746][ T7029] sock_kmalloc+0xb5/0x100 [ 56.203134][ T7029] ipv6_renew_options+0x274/0x940 [ 56.208130][ T7029] do_ipv6_setsockopt.isra.0+0x2eaf/0x42f0 [ 56.213904][ T7029] ipv6_setsockopt+0xfb/0x180 [ 56.218550][ T7029] sctp_setsockopt+0x13e/0x7090 [ 56.223371][ T7029] __sys_setsockopt+0x248/0x480 [ 56.228190][ T7029] __x64_sys_setsockopt+0xba/0x150 [ 56.233273][ T7029] do_syscall_64+0xf6/0x7d0 [ 56.237747][ T7029] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 56.243616][ T7029] [ 56.245912][ T7029] Freed by task 5049: [ 56.249862][ T7029] save_stack+0x1b/0x40 [ 56.253988][ T7029] __kasan_slab_free+0xf7/0x140 [ 56.258806][ T7029] kfree+0x109/0x2b0 [ 56.262671][ T7029] tomoyo_path_perm+0x236/0x400 [ 56.267491][ T7029] security_inode_getattr+0xeb/0x150 [ 56.272742][ T7029] vfs_getattr+0x22/0x60 [ 56.276950][ T7029] vfs_statx_fd+0x6a/0xb0 [ 56.281263][ T7029] __do_sys_newfstat+0x8b/0x100 [ 56.286081][ T7029] do_syscall_64+0xf6/0x7d0 [ 56.290553][ T7029] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 56.296409][ T7029] [ 56.298711][ T7029] The buggy address belongs to the object at ffff8880937c1200 [ 56.298711][ T7029] which belongs to the cache kmalloc-96 of size 96 [ 56.312556][ T7029] The buggy address is located 88 bytes inside of [ 56.312556][ T7029] 96-byte region [ffff8880937c1200, ffff8880937c1260) [ 56.325636][ T7029] The buggy address belongs to the page: [ 56.331248][ T7029] page:ffffea00024df040 refcount:1 mapcount:0 mapping:00000000d119b653 index:0xffff8880937c1400 [ 56.341633][ T7029] flags: 0xfffe0000000200(slab) [ 56.346455][ T7029] raw: 00fffe0000000200 ffffea00025ab248 ffffea00024b5388 ffff8880aa000540 [ 56.355008][ T7029] raw: ffff8880937c1400 ffff8880937c1000 0000000100000019 0000000000000000 [ 56.363556][ T7029] page dumped because: kasan: bad access detected [ 56.369933][ T7029] [ 56.372234][ T7029] Memory state around the buggy address: [ 56.377843][ T7029] ffff8880937c1100: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 56.385875][ T7029] ffff8880937c1180: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 56.393908][ T7029] >ffff8880937c1200: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 56.401936][ T7029] ^ [ 56.408850][ T7029] ffff8880937c1280: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 56.416881][ T7029] ffff8880937c1300: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 56.424910][ T7029] ================================================================== [ 56.432947][ T7029] Disabling lock debugging due to kernel taint [ 56.451022][ T7029] Kernel panic - not syncing: panic_on_warn set ... [ 56.457607][ T7029] CPU: 0 PID: 7029 Comm: syz-executor184 Tainted: G B 5.7.0-rc4-syzkaller #0 [ 56.467642][ T7029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.477663][ T7029] Call Trace: [ 56.480967][ T7029] dump_stack+0x188/0x20d [ 56.485271][ T7029] panic+0x2e3/0x75c [ 56.489135][ T7029] ? add_taint.cold+0x16/0x16 [ 56.493784][ T7029] ? preempt_schedule_common+0x5e/0xc0 [ 56.499246][ T7029] ? fl6_update_dst+0x2bb/0x2c0 [ 56.504067][ T7029] ? preempt_schedule_thunk+0x16/0x18 [ 56.509406][ T7029] ? trace_hardirqs_on+0x55/0x220 [ 56.514400][ T7029] ? fl6_update_dst+0x2bb/0x2c0 [ 56.519238][ T7029] end_report+0x4d/0x53 [ 56.523363][ T7029] __kasan_report.cold+0xd/0x4d [ 56.528180][ T7029] ? fl6_update_dst+0x2bb/0x2c0 [ 56.533001][ T7029] ? fl6_update_dst+0x2bb/0x2c0 [ 56.537818][ T7029] kasan_report+0x33/0x50 [ 56.542143][ T7029] fl6_update_dst+0x2bb/0x2c0 [ 56.546805][ T7029] sctp_v6_get_dst+0x5e7/0x1c30 [ 56.551718][ T7029] ? _get_random_bytes+0x183/0x420 [ 56.556803][ T7029] ? sctp_v6_copy_addrlist+0x650/0x650 [ 56.562233][ T7029] ? mark_held_locks+0x9f/0xe0 [ 56.566965][ T7029] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 56.572741][ T7029] ? memset+0x20/0x40 [ 56.576698][ T7029] ? sctp_transport_route+0x125/0x350 [ 56.582039][ T7029] sctp_transport_route+0x125/0x350 [ 56.587208][ T7029] sctp_assoc_add_peer+0x5a0/0x1030 [ 56.592398][ T7029] sctp_connect_new_asoc+0x19b/0x580 [ 56.597653][ T7029] ? security_sctp_bind_connect+0x8e/0xc0 [ 56.603359][ T7029] sctp_sendmsg+0x1396/0x1f30 [ 56.608006][ T7029] ? __might_fault+0x11f/0x1d0 [ 56.612741][ T7029] ? __sctp_setsockopt_connectx+0x180/0x180 [ 56.618605][ T7029] ? aa_af_perm+0x260/0x260 [ 56.623082][ T7029] ? import_iovec+0x236/0x3d0 [ 56.627730][ T7029] inet_sendmsg+0x99/0xe0 [ 56.632028][ T7029] ? inet_send_prepare+0x4d0/0x4d0 [ 56.637107][ T7029] sock_sendmsg+0xcf/0x120 [ 56.641493][ T7029] ____sys_sendmsg+0x308/0x7e0 [ 56.646265][ T7029] ? kernel_sendmsg+0x50/0x50 [ 56.650911][ T7029] ? lockdep_hardirqs_on+0x463/0x620 [ 56.656167][ T7029] ? mark_lock+0x12b/0xf10 [ 56.660598][ T7029] ___sys_sendmsg+0x100/0x170 [ 56.665268][ T7029] ? sendmsg_copy_msghdr+0x70/0x70 [ 56.670345][ T7029] ? mark_lock+0x12b/0xf10 [ 56.674733][ T7029] ? do_huge_pmd_anonymous_page+0xb9c/0x1990 [ 56.680682][ T7029] ? print_usage_bug+0x240/0x240 [ 56.685621][ T7029] ? lock_downgrade+0x840/0x840 [ 56.690476][ T7029] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.695993][ T7029] ? sctp_setsockopt+0x146/0x7090 [ 56.701024][ T7029] ? __fget_light+0x1ab/0x270 [ 56.705672][ T7029] __sys_sendmmsg+0x195/0x480 [ 56.710321][ T7029] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 56.715316][ T7029] ? aa_af_perm+0x260/0x260 [ 56.719825][ T7029] ? __sys_setsockopt+0x2eb/0x480 [ 56.724821][ T7029] ? sock_create_kern+0x40/0x40 [ 56.729675][ T7029] ? up_read+0x1ab/0x750 [ 56.733891][ T7029] ? handle_mm_fault+0x29e/0x660 [ 56.738802][ T7029] __x64_sys_sendmmsg+0x99/0x100 [ 56.743709][ T7029] ? lockdep_hardirqs_on+0x463/0x620 [ 56.748985][ T7029] do_syscall_64+0xf6/0x7d0 [ 56.753460][ T7029] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 56.759320][ T7029] RIP: 0033:0x440309 [ 56.763197][ T7029] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.782780][ T7029] RSP: 002b:00007fffd69d01b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 56.791282][ T7029] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309 [ 56.799236][ T7029] RDX: 0000000000000001 RSI: 0000000020000140 RDI: 0000000000000003 [ 56.807179][ T7029] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 56.815118][ T7029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90 [ 56.823060][ T7029] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000 [ 56.832172][ T7029] Kernel Offset: disabled [ 56.836483][ T7029] Rebooting in 86400 seconds..