Warning: Permanently added '10.128.0.188' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 71.066765][ T6814] ================================================================== [ 71.075075][ T6814] BUG: KASAN: slab-out-of-bounds in __xfrm6_tunnel_spi_lookup+0x3a9/0x3b0 [ 71.083705][ T6814] Read of size 8 at addr ffff8882188db3f0 by task syz-executor963/6814 [ 71.091977][ T6814] CPU: 0 PID: 6814 Comm: syz-executor963 Not tainted 5.8.0-rc4-next-20200713-syzkaller #0 [ 71.101897][ T6814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.111978][ T6814] Call Trace: [ 71.115294][ T6814] dump_stack+0x18f/0x20d [ 71.119654][ T6814] ? __xfrm6_tunnel_spi_lookup+0x3a9/0x3b0 [ 71.125488][ T6814] ? __xfrm6_tunnel_spi_lookup+0x3a9/0x3b0 [ 71.131325][ T6814] print_address_description.constprop.0.cold+0xae/0x497 [ 71.138380][ T6814] ? __xfrm6_tunnel_spi_lookup+0x142/0x3b0 [ 71.144210][ T6814] ? lockdep_hardirqs_off+0x66/0xa0 [ 71.149434][ T6814] ? vprintk_func+0x97/0x1a6 [ 71.154068][ T6814] ? __xfrm6_tunnel_spi_lookup+0x3a9/0x3b0 [ 71.159916][ T6814] ? __xfrm6_tunnel_spi_lookup+0x3a9/0x3b0 [ 71.166281][ T6814] kasan_report.cold+0x1f/0x37 [ 71.171310][ T6814] ? __xfrm6_tunnel_spi_lookup+0x3a9/0x3b0 [ 71.177248][ T6814] __xfrm6_tunnel_spi_lookup+0x3a9/0x3b0 [ 71.182938][ T6814] xfrm6_tunnel_spi_lookup+0x8a/0x1d0 [ 71.188441][ T6814] xfrmi6_rcv_tunnel+0xb9/0x100 [ 71.193347][ T6814] tunnel46_rcv+0xef/0x2b0 [ 71.197940][ T6814] ip6_protocol_deliver_rcu+0x2e8/0x1670 [ 71.203619][ T6814] ip6_input_finish+0x7f/0x160 [ 71.208541][ T6814] ip6_input+0x9c/0xd0 [ 71.212628][ T6814] ip6_mc_input+0x411/0xea0 [ 71.217150][ T6814] ? ip6_input+0xd0/0xd0 [ 71.221412][ T6814] ? lock_is_held_type+0xb0/0xe0 [ 71.226430][ T6814] ipv6_rcv+0x28e/0x3c0 [ 71.230602][ T6814] ? ip6_rcv_core+0x1bb0/0x1bb0 [ 71.235799][ T6814] __netif_receive_skb_one_core+0x114/0x180 [ 71.241711][ T6814] ? __netif_receive_skb_core+0x3690/0x3690 [ 71.247638][ T6814] ? lockdep_hardirqs_on+0x6a/0xe0 [ 71.252754][ T6814] ? read_seqcount_begin.constprop.0+0x139/0x1f0 [ 71.259989][ T6814] ? ktime_get_with_offset+0x130/0x1a0 [ 71.265453][ T6814] __netif_receive_skb+0x27/0x1c0 [ 71.270488][ T6814] netif_receive_skb+0x159/0x990 [ 71.275693][ T6814] ? __netif_receive_skb+0x1c0/0x1c0 [ 71.280994][ T6814] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 71.286984][ T6814] tun_rx_batched.isra.0+0x460/0x720 [ 71.292294][ T6814] ? tun_get_user+0x197f/0x35b0 [ 71.297570][ T6814] ? tun_sock_write_space+0x1d0/0x1d0 [ 71.302932][ T6814] ? lock_release+0x8d0/0x8d0 [ 71.307722][ T6814] ? lock_downgrade+0x820/0x820 [ 71.312692][ T6814] ? __local_bh_enable_ip+0x159/0x250 [ 71.318593][ T6814] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 71.324693][ T6814] ? tun_get_user+0x231f/0x35b0 [ 71.329741][ T6814] ? trace_hardirqs_on+0x5f/0x220 [ 71.334915][ T6814] tun_get_user+0x23b2/0x35b0 [ 71.339614][ T6814] ? lock_acquire+0x1f1/0xad0 [ 71.344296][ T6814] ? tun_build_skb+0xf30/0xf30 [ 71.349125][ T6814] ? aa_file_perm+0x5e2/0x1100 [ 71.353930][ T6814] ? netdev_name_node_lookup_rcu+0x108/0x150 [ 71.359913][ T6814] tun_chr_write_iter+0xba/0x151 [ 71.364986][ T6814] new_sync_write+0x422/0x650 [ 71.370633][ T6814] ? new_sync_read+0x6e0/0x6e0 [ 71.375410][ T6814] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 71.381329][ T6814] ? apparmor_file_permission+0x26e/0x4e0 [ 71.387059][ T6814] vfs_write+0x59d/0x6b0 [ 71.391407][ T6814] ksys_write+0x12d/0x250 [ 71.395832][ T6814] ? __ia32_sys_read+0xb0/0xb0 [ 71.400599][ T6814] ? lock_is_held_type+0xb0/0xe0 [ 71.405652][ T6814] ? do_syscall_64+0x1c/0xe0 [ 71.411260][ T6814] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 71.417308][ T6814] do_syscall_64+0x60/0xe0 [ 71.421860][ T6814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 71.427790][ T6814] RIP: 0033:0x440629 [ 71.431675][ T6814] Code: Bad RIP value. [ 71.435739][ T6814] RSP: 002b:00007ffda24ebe88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 71.445445][ T6814] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440629 [ 71.453457][ T6814] RDX: 000000000000007e RSI: 0000000020002240 RDI: 0000000000000003 [ 71.461464][ T6814] RBP: 0000000000000000 R08: 0000000000007dbc R09: 0000000000401e30 [ 71.469434][ T6814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401e30 [ 71.477401][ T6814] R13: 0000000000401ec0 R14: 0000000000000000 R15: 0000000000000000 [ 71.485394][ T6814] Allocated by task 1: [ 71.489488][ T6814] kasan_save_stack+0x1b/0x40 [ 71.494207][ T6814] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 71.499837][ T6814] __kmalloc+0x1a8/0x320 [ 71.504074][ T6814] ops_init+0xfb/0x470 [ 71.508141][ T6814] register_pernet_operations+0x35a/0x850 [ 71.513860][ T6814] register_pernet_device+0x26/0x70 [ 71.519056][ T6814] ila_init+0x13/0x8e [ 71.523035][ T6814] do_one_initcall+0x10a/0x7b0 [ 71.527811][ T6814] kernel_init_freeable+0x4f4/0x5a3 [ 71.533026][ T6814] kernel_init+0xd/0x1c0 [ 71.537289][ T6814] ret_from_fork+0x1f/0x30 [ 71.541727][ T6814] The buggy address belongs to the object at ffff8882188db000 [ 71.541727][ T6814] which belongs to the cache kmalloc-512 of size 512 [ 71.555787][ T6814] The buggy address is located 496 bytes to the right of [ 71.555787][ T6814] 512-byte region [ffff8882188db000, ffff8882188db200) [ 71.569576][ T6814] The buggy address belongs to the page: [ 71.575211][ T6814] page:000000001b61a709 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8882188db400 pfn:0x2188db [ 71.587342][ T6814] flags: 0x57ffe0000000200(slab) [ 71.592290][ T6814] raw: 057ffe0000000200 ffffea000854d648 ffffea00085361c8 ffff8880aa000600 [ 71.600905][ T6814] raw: ffff8882188db400 ffff8882188db000 0000000100000001 0000000000000000 [ 71.609625][ T6814] page dumped because: kasan: bad access detected [ 71.616079][ T6814] Memory state around the buggy address: [ 71.621834][ T6814] ffff8882188db280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.629903][ T6814] ffff8882188db300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.637986][ T6814] >ffff8882188db380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.646058][ T6814] ^ [ 71.653835][ T6814] ffff8882188db400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.661900][ T6814] ffff8882188db480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.669960][ T6814] ================================================================== [ 71.678044][ T6814] Disabling lock debugging due to kernel taint [ 71.684337][ T6814] Kernel panic - not syncing: panic_on_warn set ... [ 71.690962][ T6814] CPU: 0 PID: 6814 Comm: syz-executor963 Tainted: G B 5.8.0-rc4-next-20200713-syzkaller #0 [ 71.703117][ T6814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.714143][ T6814] Call Trace: [ 71.717561][ T6814] dump_stack+0x18f/0x20d [ 71.721912][ T6814] ? __xfrm6_tunnel_spi_lookup+0x2e0/0x3b0 [ 71.727753][ T6814] panic+0x2e3/0x75c [ 71.731743][ T6814] ? __warn_printk+0xf3/0xf3 [ 71.736351][ T6814] ? __xfrm6_tunnel_spi_lookup+0x3a9/0x3b0 [ 71.742256][ T6814] ? trace_hardirqs_on+0x55/0x220 [ 71.748508][ T6814] ? __xfrm6_tunnel_spi_lookup+0x3a9/0x3b0 [ 71.754431][ T6814] ? __xfrm6_tunnel_spi_lookup+0x3a9/0x3b0 [ 71.760247][ T6814] end_report+0x4d/0x53 [ 71.764408][ T6814] kasan_report.cold+0xd/0x37 [ 71.769102][ T6814] ? __xfrm6_tunnel_spi_lookup+0x3a9/0x3b0 [ 71.774929][ T6814] __xfrm6_tunnel_spi_lookup+0x3a9/0x3b0 [ 71.780619][ T6814] xfrm6_tunnel_spi_lookup+0x8a/0x1d0 [ 71.786027][ T6814] xfrmi6_rcv_tunnel+0xb9/0x100 [ 71.791010][ T6814] tunnel46_rcv+0xef/0x2b0 [ 71.795569][ T6814] ip6_protocol_deliver_rcu+0x2e8/0x1670 [ 71.802101][ T6814] ip6_input_finish+0x7f/0x160 [ 71.806880][ T6814] ip6_input+0x9c/0xd0 [ 71.810964][ T6814] ip6_mc_input+0x411/0xea0 [ 71.816157][ T6814] ? ip6_input+0xd0/0xd0 [ 71.820403][ T6814] ? lock_is_held_type+0xb0/0xe0 [ 71.825330][ T6814] ipv6_rcv+0x28e/0x3c0 [ 71.829493][ T6814] ? ip6_rcv_core+0x1bb0/0x1bb0 [ 71.834353][ T6814] __netif_receive_skb_one_core+0x114/0x180 [ 71.840256][ T6814] ? __netif_receive_skb_core+0x3690/0x3690 [ 71.846173][ T6814] ? lockdep_hardirqs_on+0x6a/0xe0 [ 71.851314][ T6814] ? read_seqcount_begin.constprop.0+0x139/0x1f0 [ 71.857656][ T6814] ? ktime_get_with_offset+0x130/0x1a0 [ 71.863165][ T6814] __netif_receive_skb+0x27/0x1c0 [ 71.868269][ T6814] netif_receive_skb+0x159/0x990 [ 71.873203][ T6814] ? __netif_receive_skb+0x1c0/0x1c0 [ 71.878474][ T6814] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 71.884499][ T6814] tun_rx_batched.isra.0+0x460/0x720 [ 71.889776][ T6814] ? tun_get_user+0x197f/0x35b0 [ 71.894617][ T6814] ? tun_sock_write_space+0x1d0/0x1d0 [ 71.900113][ T6814] ? lock_release+0x8d0/0x8d0 [ 71.904792][ T6814] ? lock_downgrade+0x820/0x820 [ 71.909691][ T6814] ? __local_bh_enable_ip+0x159/0x250 [ 71.915074][ T6814] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 71.921061][ T6814] ? tun_get_user+0x231f/0x35b0 [ 71.925922][ T6814] ? trace_hardirqs_on+0x5f/0x220 [ 71.930977][ T6814] tun_get_user+0x23b2/0x35b0 [ 71.935684][ T6814] ? lock_acquire+0x1f1/0xad0 [ 71.940503][ T6814] ? tun_build_skb+0xf30/0xf30 [ 71.945323][ T6814] ? aa_file_perm+0x5e2/0x1100 [ 71.950120][ T6814] ? netdev_name_node_lookup_rcu+0x108/0x150 [ 71.956135][ T6814] tun_chr_write_iter+0xba/0x151 [ 71.961852][ T6814] new_sync_write+0x422/0x650 [ 71.966516][ T6814] ? new_sync_read+0x6e0/0x6e0 [ 71.971497][ T6814] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 71.977490][ T6814] ? apparmor_file_permission+0x26e/0x4e0 [ 71.983218][ T6814] vfs_write+0x59d/0x6b0 [ 71.987450][ T6814] ksys_write+0x12d/0x250 [ 71.991799][ T6814] ? __ia32_sys_read+0xb0/0xb0 [ 71.996678][ T6814] ? lock_is_held_type+0xb0/0xe0 [ 72.001659][ T6814] ? do_syscall_64+0x1c/0xe0 [ 72.006258][ T6814] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 72.012512][ T6814] do_syscall_64+0x60/0xe0 [ 72.016937][ T6814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.022820][ T6814] RIP: 0033:0x440629 [ 72.026708][ T6814] Code: Bad RIP value. [ 72.031108][ T6814] RSP: 002b:00007ffda24ebe88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 72.039522][ T6814] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000440629 [ 72.047553][ T6814] RDX: 000000000000007e RSI: 0000000020002240 RDI: 0000000000000003 [ 72.055628][ T6814] RBP: 0000000000000000 R08: 0000000000007dbc R09: 0000000000401e30 [ 72.063925][ T6814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401e30 [ 72.072101][ T6814] R13: 0000000000401ec0 R14: 0000000000000000 R15: 0000000000000000 [ 72.081382][ T6814] Kernel Offset: disabled [ 72.085730][ T6814] Rebooting in 86400 seconds..