Warning: Permanently added '10.128.0.250' (ECDSA) to the list of known hosts. executing program [* ] A start job is running for dev-ttyS0.device (8s / 1min 30s)[** ] A start job is running for dev-ttyS0.device (9s / 1min 30s)[*** ] A start job is running for dev-ttyS0.device (9s / 1min 30s)[ *** ] A start job is running for dev-ttyS0.device (10s / 1min 30s)[ *** ] A start job is running for dev-ttyS0.device (10s / 1min 30s)[ ***] A start job is running for dev-ttyS0.device (11s / 1min 30s)[ **] A start job is running for dev-ttyS0.device (12s / 1min 30s)[ 19.264383][ T22] audit: type=1400 audit(1616315205.693:8): avc: denied { execmem } for pid=352 comm="syz-executor468" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 19.317264][ T354] ================================================================== [ 19.325816][ T354] BUG: KASAN: use-after-free in eth_header_parse_protocol+0xad/0xd0 [ 19.334122][ T354] Read of size 2 at addr ffff8881e8d5600b by task syz-executor468/354 [ 19.342588][ T354] [ 19.345005][ T354] CPU: 0 PID: 354 Comm: syz-executor468 Not tainted 5.4.107-syzkaller-00750-g543ec4541c0e #0 [ 19.355673][ T354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.365985][ T354] Call Trace: [ 19.369387][ T354] dump_stack+0x1d8/0x24e [ 19.373846][ T354] ? gfp_pfmemalloc_allowed+0x120/0x120 [ 19.379413][ T354] ? show_regs_print_info+0x12/0x12 [ 19.384814][ T354] ? printk+0xcf/0x114 [ 19.389008][ T354] print_address_description+0x9b/0x650 [ 19.394544][ T354] ? devkmsg_release+0x11c/0x11c [ 19.399533][ T354] ? _copy_from_iter+0x84d/0xa80 [ 19.404471][ T354] ? memcpy+0x38/0x50 [ 19.408449][ T354] __kasan_report+0x182/0x260 [ 19.413132][ T354] ? eth_header_parse_protocol+0xad/0xd0 [ 19.418751][ T354] kasan_report+0x30/0x60 [ 19.423065][ T354] eth_header_parse_protocol+0xad/0xd0 [ 19.428507][ T354] ? eth_header_cache_update+0x30/0x30 [ 19.434068][ T354] virtio_net_hdr_to_skb+0x6de/0xd70 [ 19.439466][ T354] ? fanout_demux_bpf+0x230/0x230 [ 19.444482][ T354] ? skb_copy_datagram_from_iter+0x604/0x6b0 [ 19.450450][ T354] packet_sendmsg+0x483a/0x6780 [ 19.455647][ T354] ? memset+0x1f/0x40 [ 19.460011][ T354] ? selinux_socket_sendmsg+0x11f/0x340 [ 19.465681][ T354] ? selinux_socket_accept+0x5b0/0x5b0 [ 19.471125][ T354] ? compat_packet_setsockopt+0x160/0x160 [ 19.476831][ T354] ? security_socket_sendmsg+0x9d/0xb0 [ 19.482464][ T354] ? compat_packet_setsockopt+0x160/0x160 [ 19.488276][ T354] kernel_sendmsg+0xf5/0x130 [ 19.492930][ T354] sock_no_sendpage+0x143/0x1b0 [ 19.497770][ T354] ? __receive_sock+0xe0/0xe0 [ 19.502429][ T354] ? avc_has_perm_noaudit+0x37d/0x400 [ 19.507868][ T354] ? avc_has_perm_noaudit+0x30c/0x400 [ 19.513222][ T354] ? __receive_sock+0xe0/0xe0 [ 19.517881][ T354] sock_sendpage+0xd0/0x120 [ 19.522663][ T354] pipe_to_sendpage+0x23b/0x300 [ 19.527651][ T354] ? sock_fasync+0xf0/0xf0 [ 19.532188][ T354] ? generic_splice_sendpage+0x210/0x210 [ 19.537810][ T354] ? anon_pipe_buf_release+0x161/0x1c0 [ 19.543301][ T354] __splice_from_pipe+0x2d3/0x870 [ 19.548343][ T354] ? generic_splice_sendpage+0x210/0x210 [ 19.553963][ T354] generic_splice_sendpage+0x181/0x210 [ 19.559588][ T354] ? iter_file_splice_write+0xf20/0xf20 [ 19.565119][ T354] ? security_file_permission+0x128/0x300 [ 19.571033][ T354] ? iter_file_splice_write+0xf20/0xf20 [ 19.576623][ T354] __se_sys_splice+0x7a8/0x1b00 [ 19.581590][ T354] ? check_preemption_disabled+0x154/0x330 [ 19.587540][ T354] ? debug_smp_processor_id+0x20/0x20 [ 19.592941][ T354] ? __fpregs_load_activate+0x1d7/0x3c0 [ 19.598501][ T354] ? __x64_sys_splice+0xf0/0xf0 [ 19.603385][ T354] ? finish_task_switch+0x1b9/0x550 [ 19.608870][ T354] ? __x64_sys_splice+0x1d/0xf0 [ 19.613736][ T354] do_syscall_64+0xcb/0x1e0 [ 19.618221][ T354] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 19.624226][ T354] RIP: 0033:0x444da9 [ 19.628125][ T354] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 19.647833][ T354] RSP: 002b:00007f24d36742e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 19.656795][ T354] RAX: ffffffffffffffda RBX: 00000000004ca450 RCX: 0000000000444da9 [ 19.664881][ T354] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000004 [ 19.673361][ T354] RBP: 00000000004ca45c R08: 000000000004ffe0 R09: 0000000000000000 [ 19.681436][ T354] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000049a004 [ 19.689643][ T354] R13: 65732f636f72702f R14: 6d32cc5e8ead0600 R15: 00000000004ca458 [ 19.697692][ T354] [ 19.700046][ T354] The buggy address belongs to the page: [ 19.705841][ T354] page:ffffea0007a35580 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 19.715479][ T354] flags: 0x8000000000000000() [ 19.720142][ T354] raw: 8000000000000000 0000000000000000 ffffea0007a35588 0000000000000000 [ 19.728712][ T354] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 19.737282][ T354] page dumped because: kasan: bad access detected [ 19.743669][ T354] [ 19.745987][ T354] Memory state around the buggy address: [ 19.751601][ T354] ffff8881e8d55f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.759645][ T354] ffff8881e8d55f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.767687][ T354