Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.159' (ECDSA) to the list of known hosts. syzkaller login: [ 66.837239][ T6874] FAULT_INJECTION: forcing a failure. [ 66.837239][ T6874] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 66.851483][ T6874] CPU: 0 PID: 6874 Comm: syz-executor941 Not tainted 5.9.0-rc8-syzkaller #0 [ 66.860183][ T6874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.870656][ T6874] Call Trace: [ 66.874087][ T6874] dump_stack+0x198/0x1fd [ 66.878930][ T6874] should_fail.cold+0x5/0x14 [ 66.883624][ T6874] __alloc_pages_nodemask+0x183/0x790 [ 66.889973][ T6874] ? __alloc_pages_slowpath.constprop.0+0x28c0/0x28c0 [ 66.896984][ T6874] ? lock_is_held_type+0xbb/0xf0 [ 66.901959][ T6874] ? fs_reclaim_release+0x90/0xd0 [ 66.907889][ T6874] cache_grow_begin+0x71/0x4a0 [ 66.912759][ T6874] cache_alloc_refill+0x27f/0x380 [ 66.917802][ T6874] ? lockdep_hardirqs_off+0x96/0xd0 [ 66.923018][ T6874] kmem_cache_alloc+0x383/0x3f0 [ 66.927885][ T6874] ? lockdep_hardirqs_on_prepare+0x354/0x530 [ 66.933889][ T6874] getname_flags.part.0+0x50/0x4f0 [ 66.939028][ T6874] ? debug_object_active_state+0x260/0x350 [ 66.944837][ T6874] getname+0x8e/0xd0 [ 66.949027][ T6874] do_sys_openat2+0xf5/0x420 [ 66.953634][ T6874] ? build_open_flags+0x650/0x650 [ 66.958764][ T6874] ? blkcg_maybe_throttle_current+0x617/0xf00 [ 66.964852][ T6874] ? check_preemption_disabled+0x50/0x130 [ 66.970601][ T6874] ? call_rcu+0x383/0x7c0 [ 66.974963][ T6874] ? lock_is_held_type+0xbb/0xf0 [ 66.979947][ T6874] __x64_sys_open+0x119/0x1c0 [ 66.984771][ T6874] ? do_sys_open+0x140/0x140 [ 66.989578][ T6874] ? lock_is_held_type+0xbb/0xf0 [ 66.994608][ T6874] ? syscall_enter_from_user_mode+0x1d/0x60 [ 67.001869][ T6874] ? check_preemption_disabled+0x50/0x130 [ 67.007673][ T6874] ? syscall_enter_from_user_mode+0x1d/0x60 [ 67.013846][ T6874] do_syscall_64+0x2d/0x70 [ 67.018367][ T6874] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.024844][ T6874] RIP: 0033:0x400ea0 [ 67.028843][ T6874] Code: 01 f0 ff ff 0f 83 20 0b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d ed 0e 2d 00 00 75 14 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 f4 0a 00 00 c3 48 83 ec 08 e8 5a 00 00 00 [ 67.048617][ T6874] RSP: 002b:00007fffe0995758 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 67.057049][ T6874] RAX: ffffffffffffffda RBX: 00007fffe0995781 RCX: 0000000000400ea0 [ 67.065030][ T6874] RDX: 00007fffe0995786 RSI: 0000000000080001 RDI: 00000000004a1a88 [ 67.073113][ T6874] RBP: 00007fffe0995780 R08: 0000000000000000 R09: 0000000000000001 executing program [ 67.081093][ T6874] R10: 0000000000000032 R11: 0000000000000246 R12: 00000000004a1a88 [ 67.089526][ T6874] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 67.104599][ T6874] FAULT_INJECTION: forcing a failure. [ 67.104599][ T6874] name failslab, interval 1, probability 0, space 0, times 1 [ 67.120755][ T6874] CPU: 0 PID: 6874 Comm: syz-executor941 Not tainted 5.9.0-rc8-syzkaller #0 [ 67.131720][ T6874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.141791][ T6874] Call Trace: [ 67.145108][ T6874] dump_stack+0x198/0x1fd [ 67.154909][ T6874] should_fail.cold+0x5/0x14 [ 67.160467][ T6874] should_failslab+0x5/0xf [ 67.169196][ T6874] slab_pre_alloc_hook.constprop.0+0xf4/0x1f0 [ 67.175357][ T6874] kmem_cache_alloc_node_trace+0x55/0x430 [ 67.181098][ T6874] ? __crypto_alg_lookup+0x26d/0x2d0 [ 67.187652][ T6874] __kmalloc_node+0x38/0x60 [ 67.192200][ T6874] crypto_create_tfm_node+0x7f/0x320 [ 67.197583][ T6874] crypto_alloc_tfm_node+0x107/0x260 [ 67.202901][ T6874] sctp_auth_init_hmacs+0x1d9/0x3b0 [ 67.208159][ T6874] sctp_auth_init+0x8a/0x4a0 [ 67.212798][ T6874] sctp_setsockopt+0x477e/0x97f0 [ 67.217744][ T6874] ? aa_sk_perm+0x316/0xaa0 [ 67.222267][ T6874] ? __sctp_setsockopt_connectx+0x140/0x140 [ 67.228347][ T6874] ? aa_af_perm+0x230/0x230 [ 67.232864][ T6874] ? vfs_write+0x397/0x730 [ 67.237327][ T6874] ? sock_common_setsockopt+0x2b/0x100 [ 67.242800][ T6874] __sys_setsockopt+0x2db/0x610 [ 67.247667][ T6874] ? sock_common_recvmsg+0x1a0/0x1a0 [ 67.252968][ T6874] ? __ia32_sys_recv+0x100/0x100 [ 67.258196][ T6874] ? __sb_end_write+0xec/0x1b0 [ 67.262971][ T6874] ? vfs_write+0x1b0/0x730 [ 67.267418][ T6874] ? lock_is_held_type+0xbb/0xf0 [ 67.272545][ T6874] ? syscall_enter_from_user_mode+0x1d/0x60 [ 67.278747][ T6874] __x64_sys_setsockopt+0xba/0x150 [ 67.283861][ T6874] ? syscall_enter_from_user_mode+0x1d/0x60 [ 67.289770][ T6874] do_syscall_64+0x2d/0x70 [ 67.294267][ T6874] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.300171][ T6874] RIP: 0033:0x4405b9 [ 67.304086][ T6874] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 67.324372][ T6874] RSP: 002b:00007fffe0995c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 67.333134][ T6874] RAX: ffffffffffffffda RBX: 00000000004a1bf8 RCX: 00000000004405b9 [ 67.342040][ T6874] RDX: 0000000000000081 RSI: 0000000000000084 RDI: 0000000000000004 [ 67.350379][ T6874] RBP: 00000000006cb018 R08: 0000000000000008 R09: 00000000004002c8 [ 67.358595][ T6874] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000401e20 [ 67.379385][ T6874] R13: 0000000000401eb0 R14: 0000000000000000 R15: 0000000000000000 [ 67.392278][ T6874] ================================================================== [ 67.400592][ T6874] BUG: KASAN: use-after-free in sctp_auth_free+0x17e/0x1d0 [ 67.407813][ T6874] Read of size 8 at addr ffff8880a8ff52c0 by task syz-executor941/6874 [ 67.424019][ T6874] [ 67.426379][ T6874] CPU: 0 PID: 6874 Comm: syz-executor941 Not tainted 5.9.0-rc8-syzkaller #0 [ 67.435355][ T6874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.445938][ T6874] Call Trace: [ 67.449603][ T6874] dump_stack+0x198/0x1fd [ 67.454242][ T6874] ? sctp_auth_free+0x17e/0x1d0 [ 67.459303][ T6874] ? sctp_auth_free+0x17e/0x1d0 [ 67.466233][ T6874] print_address_description.constprop.0.cold+0xae/0x497 [ 67.474961][ T6874] ? sctp_auth_free+0x17e/0x1d0 [ 67.480653][ T6874] ? lockdep_hardirqs_off+0x96/0xd0 [ 67.486874][ T6874] ? vprintk_func+0x95/0x1d4 [ 67.491924][ T6874] ? sctp_auth_free+0x17e/0x1d0 [ 67.497839][ T6874] ? sctp_auth_free+0x17e/0x1d0 [ 67.503065][ T6874] kasan_report.cold+0x1f/0x37 [ 67.508526][ T6874] ? sctp_auth_free+0x60/0x1d0 [ 67.514730][ T6874] ? sctp_auth_free+0x17e/0x1d0 [ 67.520212][ T6874] sctp_auth_free+0x17e/0x1d0 [ 67.526426][ T6874] sctp_endpoint_destroy+0x95/0x240 [ 67.532553][ T6874] sctp_endpoint_free+0xd6/0x110 [ 67.538296][ T6874] sctp_destroy_sock+0x9c/0x3c0 [ 67.544472][ T6874] ? sctp_destroy_sock+0x3c0/0x3c0 [ 67.551493][ T6874] sctp_v6_destroy_sock+0x11/0x20 [ 67.557881][ T6874] sk_common_release+0x64/0x390 [ 67.565886][ T6874] sctp_close+0x4ce/0x8b0 [ 67.576902][ T6874] ? lock_release+0x8f0/0x8f0 [ 67.582394][ T6874] ? _raw_spin_unlock_irqrestore+0x6f/0x90 [ 67.590181][ T6874] ? sctp_set_owner_w+0x4d0/0x4d0 [ 67.595387][ T6874] ? lock_is_held_type+0xbb/0xf0 [ 67.601033][ T6874] ? ip_mc_drop_socket+0x16/0x260 [ 67.606433][ T6874] inet_release+0x12e/0x280 [ 67.611009][ T6874] inet6_release+0x4c/0x70 [ 67.616463][ T6874] __sock_release+0xcd/0x280 [ 67.622120][ T6874] sock_close+0x18/0x20 [ 67.626499][ T6874] __fput+0x285/0x920 [ 67.630765][ T6874] ? __sock_release+0x280/0x280 [ 67.635641][ T6874] task_work_run+0xdd/0x190 [ 67.640168][ T6874] do_exit+0xb7d/0x29f0 [ 67.645759][ T6874] ? sock_common_recvmsg+0x1a0/0x1a0 [ 67.651160][ T6874] ? mm_update_next_owner+0x7a0/0x7a0 [ 67.656618][ T6874] ? __sb_end_write+0xec/0x1b0 [ 67.661781][ T6874] ? vfs_write+0x1b0/0x730 [ 67.666218][ T6874] ? lock_is_held_type+0xbb/0xf0 [ 67.671255][ T6874] do_group_exit+0x125/0x310 [ 67.676411][ T6874] __x64_sys_exit_group+0x3a/0x50 [ 67.681970][ T6874] do_syscall_64+0x2d/0x70 [ 67.686641][ T6874] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.692813][ T6874] RIP: 0033:0x43f278 [ 67.697022][ T6874] Code: Bad RIP value. [ 67.701266][ T6874] RSP: 002b:00007fffe0995c38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 67.709984][ T6874] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f278 [ 67.718564][ T6874] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 67.728837][ T6874] RBP: 00000000004bf068 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 67.738052][ T6874] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 67.746355][ T6874] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 67.755205][ T6874] [ 67.758368][ T6874] Allocated by task 6874: [ 67.763091][ T6874] kasan_save_stack+0x1b/0x40 [ 67.768325][ T6874] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 67.774785][ T6874] kmem_cache_alloc_trace+0x174/0x300 [ 67.780187][ T6874] sctp_auth_init_hmacs+0xdb/0x3b0 [ 67.785327][ T6874] sctp_auth_init+0x8a/0x4a0 [ 67.790218][ T6874] sctp_setsockopt+0x477e/0x97f0 [ 67.795553][ T6874] __sys_setsockopt+0x2db/0x610 [ 67.800665][ T6874] __x64_sys_setsockopt+0xba/0x150 [ 67.805818][ T6874] do_syscall_64+0x2d/0x70 [ 67.811683][ T6874] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.817968][ T6874] [ 67.821005][ T6874] Freed by task 6874: [ 67.824987][ T6874] kasan_save_stack+0x1b/0x40 [ 67.830093][ T6874] kasan_set_track+0x1c/0x30 [ 67.835475][ T6874] kasan_set_free_info+0x1b/0x30 [ 67.841841][ T6874] __kasan_slab_free+0xd8/0x120 [ 67.847833][ T6874] kfree+0x10e/0x2b0 [ 67.851903][ T6874] sctp_auth_init_hmacs+0x2b7/0x3b0 [ 67.857354][ T6874] sctp_auth_init+0x8a/0x4a0 [ 67.862065][ T6874] sctp_setsockopt+0x477e/0x97f0 [ 67.867013][ T6874] __sys_setsockopt+0x2db/0x610 [ 67.872044][ T6874] __x64_sys_setsockopt+0xba/0x150 [ 67.877598][ T6874] do_syscall_64+0x2d/0x70 [ 67.882621][ T6874] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.888528][ T6874] [ 67.890912][ T6874] The buggy address belongs to the object at ffff8880a8ff52c0 [ 67.890912][ T6874] which belongs to the cache kmalloc-32 of size 32 [ 67.905590][ T6874] The buggy address is located 0 bytes inside of [ 67.905590][ T6874] 32-byte region [ffff8880a8ff52c0, ffff8880a8ff52e0) [ 67.918631][ T6874] The buggy address belongs to the page: [ 67.924284][ T6874] page:00000000f7133596 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a8ff5fc1 pfn:0xa8ff5 [ 67.935969][ T6874] flags: 0xfffe0000000200(slab) [ 67.940923][ T6874] raw: 00fffe0000000200 ffffea0002861548 ffffea0002872f08 ffff8880aa040100 [ 67.950275][ T6874] raw: ffff8880a8ff5fc1 ffff8880a8ff5000 000000010000003f 0000000000000000 [ 67.959018][ T6874] page dumped because: kasan: bad access detected [ 67.965708][ T6874] [ 67.968020][ T6874] Memory state around the buggy address: [ 67.973749][ T6874] ffff8880a8ff5180: 06 fc fc fc fc fc fc fc fa fb fb fb fc fc fc fc [ 67.981951][ T6874] ffff8880a8ff5200: 00 06 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 67.990202][ T6874] >ffff8880a8ff5280: 00 05 fc fc fc fc fc fc fa fb fb fb fc fc fc fc [ 67.998260][ T6874] ^ [ 68.004446][ T6874] ffff8880a8ff5300: 00 00 00 06 fc fc fc fc fb fb fb fb fc fc fc fc [ 68.013391][ T6874] ffff8880a8ff5380: 00 00 06 fc fc fc fc fc fb fb fb fb fc fc fc fc [ 68.023338][ T6874] ================================================================== [ 68.031872][ T6874] Disabling lock debugging due to kernel taint [ 68.038602][ T6874] Kernel panic - not syncing: panic_on_warn set ... [ 68.045282][ T6874] CPU: 0 PID: 6874 Comm: syz-executor941 Tainted: G B 5.9.0-rc8-syzkaller #0 [ 68.057352][ T6874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.067413][ T6874] Call Trace: [ 68.070715][ T6874] dump_stack+0x198/0x1fd [ 68.075046][ T6874] ? sctp_auth_free+0x160/0x1d0 [ 68.079897][ T6874] panic+0x382/0x7fb [ 68.083780][ T6874] ? __warn_printk+0xf3/0xf3 [ 68.088358][ T6874] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 68.094487][ T6874] ? trace_hardirqs_on+0x55/0x220 [ 68.099489][ T6874] ? sctp_auth_free+0x17e/0x1d0 [ 68.104331][ T6874] ? sctp_auth_free+0x17e/0x1d0 [ 68.109166][ T6874] end_report+0x4d/0x53 [ 68.113312][ T6874] kasan_report.cold+0xd/0x37 [ 68.117967][ T6874] ? sctp_auth_free+0x60/0x1d0 [ 68.122712][ T6874] ? sctp_auth_free+0x17e/0x1d0 [ 68.127554][ T6874] sctp_auth_free+0x17e/0x1d0 [ 68.132255][ T6874] sctp_endpoint_destroy+0x95/0x240 [ 68.137442][ T6874] sctp_endpoint_free+0xd6/0x110 [ 68.142364][ T6874] sctp_destroy_sock+0x9c/0x3c0 [ 68.147198][ T6874] ? sctp_destroy_sock+0x3c0/0x3c0 [ 68.152321][ T6874] sctp_v6_destroy_sock+0x11/0x20 [ 68.157349][ T6874] sk_common_release+0x64/0x390 [ 68.162268][ T6874] sctp_close+0x4ce/0x8b0 [ 68.166584][ T6874] ? lock_release+0x8f0/0x8f0 [ 68.171279][ T6874] ? _raw_spin_unlock_irqrestore+0x6f/0x90 [ 68.177252][ T6874] ? sctp_set_owner_w+0x4d0/0x4d0 [ 68.182879][ T6874] ? lock_is_held_type+0xbb/0xf0 [ 68.187807][ T6874] ? ip_mc_drop_socket+0x16/0x260 [ 68.192821][ T6874] inet_release+0x12e/0x280 [ 68.197312][ T6874] inet6_release+0x4c/0x70 [ 68.201711][ T6874] __sock_release+0xcd/0x280 [ 68.206278][ T6874] sock_close+0x18/0x20 [ 68.210406][ T6874] __fput+0x285/0x920 [ 68.214379][ T6874] ? __sock_release+0x280/0x280 [ 68.219476][ T6874] task_work_run+0xdd/0x190 [ 68.223981][ T6874] do_exit+0xb7d/0x29f0 [ 68.228148][ T6874] ? sock_common_recvmsg+0x1a0/0x1a0 [ 68.234047][ T6874] ? mm_update_next_owner+0x7a0/0x7a0 [ 68.239404][ T6874] ? __sb_end_write+0xec/0x1b0 [ 68.244153][ T6874] ? vfs_write+0x1b0/0x730 [ 68.248558][ T6874] ? lock_is_held_type+0xbb/0xf0 [ 68.253473][ T6874] do_group_exit+0x125/0x310 [ 68.258047][ T6874] __x64_sys_exit_group+0x3a/0x50 [ 68.263055][ T6874] do_syscall_64+0x2d/0x70 [ 68.267450][ T6874] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.273944][ T6874] RIP: 0033:0x43f278 [ 68.277845][ T6874] Code: Bad RIP value. [ 68.281917][ T6874] RSP: 002b:00007fffe0995c38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 68.290316][ T6874] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f278 [ 68.304969][ T6874] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 68.312987][ T6874] RBP: 00000000004bf068 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 68.320982][ T6874] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 68.328956][ T6874] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 68.338028][ T6874] Kernel Offset: disabled [ 68.342360][ T6874] Rebooting in 86400 seconds..