Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.39' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 73.719075][ T9121] ================================================================== [ 73.727281][ T9121] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x3ba2/0x5490 [ 73.734991][ T9121] Read of size 8 at addr ffff88809b0165c0 by task syz-executor793/9121 [ 73.743239][ T9121] [ 73.745587][ T9121] CPU: 0 PID: 9121 Comm: syz-executor793 Not tainted 5.2.0-rc1+ #20 [ 73.753764][ T9121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.764121][ T9121] Call Trace: [ 73.767821][ T9121] dump_stack+0x172/0x1f0 [ 73.775833][ T9121] ? __lock_acquire+0x3ba2/0x5490 [ 73.780855][ T9121] print_address_description.cold+0x7c/0x20d [ 73.786832][ T9121] ? __lock_acquire+0x3ba2/0x5490 [ 73.791872][ T9121] ? __lock_acquire+0x3ba2/0x5490 [ 73.796893][ T9121] __kasan_report.cold+0x1b/0x40 [ 73.801825][ T9121] ? __lock_acquire+0x3ba2/0x5490 [ 73.806837][ T9121] kasan_report+0x12/0x20 [ 73.811259][ T9121] __asan_report_load8_noabort+0x14/0x20 [ 73.817057][ T9121] __lock_acquire+0x3ba2/0x5490 [ 73.821901][ T9121] ? sock_diag_rcv+0x2b/0x40 [ 73.826498][ T9121] ? netlink_unicast+0x531/0x710 [ 73.831449][ T9121] ? netlink_sendmsg+0x8ae/0xd70 [ 73.836482][ T9121] ? sock_sendmsg+0xd7/0x130 [ 73.841081][ T9121] ? ___sys_sendmsg+0x803/0x920 [ 73.845941][ T9121] ? __sys_sendmsg+0x105/0x1d0 [ 73.850693][ T9121] ? __x64_sys_sendmsg+0x78/0xb0 [ 73.855647][ T9121] ? do_syscall_64+0xfd/0x680 [ 73.860312][ T9121] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 73.866373][ T9121] ? mark_held_locks+0xf0/0xf0 [ 73.871149][ T9121] ? mark_held_locks+0xf0/0xf0 [ 73.875930][ T9121] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 73.881551][ T9121] ? find_held_lock+0x35/0x130 [ 73.886295][ T9121] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 73.891913][ T9121] lock_acquire+0x16f/0x3f0 [ 73.896490][ T9121] ? rhashtable_walk_enter+0xf9/0x390 [ 73.901858][ T9121] _raw_spin_lock+0x2f/0x40 [ 73.906563][ T9121] ? rhashtable_walk_enter+0xf9/0x390 [ 73.911925][ T9121] rhashtable_walk_enter+0xf9/0x390 [ 73.917114][ T9121] __tipc_dump_start+0x1fa/0x3c0 [ 73.922039][ T9121] tipc_dump_start+0x70/0x90 [ 73.926622][ T9121] __netlink_dump_start+0x4f8/0x7d0 [ 73.931814][ T9121] ? __tipc_dump_start+0x3c0/0x3c0 [ 73.936936][ T9121] tipc_sock_diag_handler_dump+0x1d9/0x270 [ 73.942728][ T9121] ? __tipc_diag_gen_cookie+0x90/0x90 [ 73.948084][ T9121] ? sock_diag_rcv+0x1c/0x40 [ 73.952659][ T9121] ? __tipc_dump_start+0x3c0/0x3c0 [ 73.957775][ T9121] ? tipc_unregister_sysctl+0x20/0x20 [ 73.963138][ T9121] ? tipc_ioctl+0x2e0/0x2e0 [ 73.968004][ T9121] sock_diag_rcv_msg+0x319/0x410 [ 73.972963][ T9121] netlink_rcv_skb+0x177/0x450 [ 73.977716][ T9121] ? sock_diag_bind+0x80/0x80 [ 73.982407][ T9121] ? netlink_ack+0xb50/0xb50 [ 73.987011][ T9121] ? kasan_check_read+0x11/0x20 [ 73.991852][ T9121] ? netlink_deliver_tap+0x254/0xbf0 [ 73.997149][ T9121] sock_diag_rcv+0x2b/0x40 [ 74.001581][ T9121] netlink_unicast+0x531/0x710 [ 74.006447][ T9121] ? netlink_attachskb+0x770/0x770 [ 74.011548][ T9121] ? _copy_from_iter_full+0x25d/0x8c0 [ 74.016915][ T9121] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 74.022627][ T9121] ? __check_object_size+0x3d/0x42f [ 74.027815][ T9121] netlink_sendmsg+0x8ae/0xd70 [ 74.032570][ T9121] ? netlink_unicast+0x710/0x710 [ 74.037509][ T9121] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 74.043071][ T9121] ? apparmor_socket_sendmsg+0x2a/0x30 [ 74.048648][ T9121] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 74.054887][ T9121] ? security_socket_sendmsg+0x8d/0xc0 [ 74.060335][ T9121] ? netlink_unicast+0x710/0x710 [ 74.065259][ T9121] sock_sendmsg+0xd7/0x130 [ 74.069694][ T9121] ___sys_sendmsg+0x803/0x920 [ 74.074366][ T9121] ? copy_msghdr_from_user+0x430/0x430 [ 74.079827][ T9121] ? prep_transhuge_page+0xa0/0xa0 [ 74.084960][ T9121] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 74.091197][ T9121] ? __handle_mm_fault+0x7cb/0x3eb0 [ 74.096388][ T9121] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 74.102631][ T9121] ? __fget_light+0x1a9/0x230 [ 74.107303][ T9121] ? __fdget+0x1b/0x20 [ 74.111361][ T9121] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 74.117594][ T9121] __sys_sendmsg+0x105/0x1d0 [ 74.122180][ T9121] ? __ia32_sys_shutdown+0x80/0x80 [ 74.127289][ T9121] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 74.132738][ T9121] ? do_syscall_64+0x26/0x680 [ 74.137426][ T9121] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 74.143505][ T9121] ? do_syscall_64+0x26/0x680 [ 74.148176][ T9121] __x64_sys_sendmsg+0x78/0xb0 [ 74.152933][ T9121] do_syscall_64+0xfd/0x680 [ 74.157437][ T9121] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 74.163315][ T9121] RIP: 0033:0x440209 [ 74.167213][ T9121] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 74.186809][ T9121] RSP: 002b:00007fff1c76bd78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 74.195233][ T9121] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440209 [ 74.203218][ T9121] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 74.211190][ T9121] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 74.219153][ T9121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a90 [ 74.227138][ T9121] R13: 0000000000401b20 R14: 0000000000000000 R15: 0000000000000000 [ 74.235113][ T9121] [ 74.237436][ T9121] Allocated by task 1: [ 74.241498][ T9121] save_stack+0x23/0x90 [ 74.245956][ T9121] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 74.251592][ T9121] kasan_kmalloc+0x9/0x10 [ 74.255931][ T9121] kmem_cache_alloc_node_trace+0x153/0x720 [ 74.261726][ T9121] init_cache_node+0x3e/0x110 [ 74.266394][ T9121] setup_kmem_cache_node+0x65/0x410 [ 74.271585][ T9121] __do_tune_cpucache+0x161/0x220 [ 74.276619][ T9121] do_tune_cpucache+0x25/0xd0 [ 74.281285][ T9121] enable_cpucache+0x3e/0xd0 [ 74.285867][ T9121] setup_cpu_cache+0xd4/0x1e0 [ 74.290540][ T9121] __kmem_cache_create+0x1c6/0x280 [ 74.295653][ T9121] create_cache+0xd4/0x200 [ 74.300076][ T9121] kmem_cache_create_usercopy+0x1a5/0x260 [ 74.305797][ T9121] kmem_cache_create+0x11/0x20 [ 74.310582][ T9121] ip6_route_init+0x37/0x3bd [ 74.315157][ T9121] inet6_init+0x2f0/0x6e1 [ 74.319477][ T9121] do_one_initcall+0x107/0x7ba [ 74.324226][ T9121] kernel_init_freeable+0x4d4/0x5c3 [ 74.329435][ T9121] kernel_init+0x12/0x1c5 [ 74.333750][ T9121] ret_from_fork+0x24/0x30 [ 74.338143][ T9121] [ 74.340459][ T9121] Freed by task 0: [ 74.344152][ T9121] (stack is not available) [ 74.348544][ T9121] [ 74.350860][ T9121] The buggy address belongs to the object at ffff88809b016500 [ 74.350860][ T9121] which belongs to the cache kmalloc-192 of size 192 [ 74.364925][ T9121] The buggy address is located 0 bytes to the right of [ 74.364925][ T9121] 192-byte region [ffff88809b016500, ffff88809b0165c0) [ 74.378526][ T9121] The buggy address belongs to the page: [ 74.384151][ T9121] page:ffffea00026c0580 refcount:1 mapcount:0 mapping:ffff8880aa400040 index:0x0 [ 74.393243][ T9121] flags: 0x1fffc0000000200(slab) [ 74.398287][ T9121] raw: 01fffc0000000200 ffffea00026e78c8 ffffea00026b5208 ffff8880aa400040 [ 74.406888][ T9121] raw: 0000000000000000 ffff88809b016000 0000000100000010 0000000000000000 [ 74.415455][ T9121] page dumped because: kasan: bad access detected [ 74.421852][ T9121] [ 74.424162][ T9121] Memory state around the buggy address: [ 74.429781][ T9121] ffff88809b016480: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 74.437833][ T9121] ffff88809b016500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.445887][ T9121] >ffff88809b016580: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 74.455188][ T9121] ^ [ 74.461335][ T9121] ffff88809b016600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.469385][ T9121] ffff88809b016680: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 74.477430][ T9121] ================================================================== [ 74.485477][ T9121] Disabling lock debugging due to kernel taint [ 74.491656][ T9121] Kernel panic - not syncing: panic_on_warn set ... [ 74.498601][ T9121] CPU: 0 PID: 9121 Comm: syz-executor793 Tainted: G B 5.2.0-rc1+ #20 [ 74.508165][ T9121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 74.518217][ T9121] Call Trace: [ 74.521501][ T9121] dump_stack+0x172/0x1f0 [ 74.526292][ T9121] panic+0x2cb/0x744 [ 74.530177][ T9121] ? __warn_printk+0xf3/0xf3 [ 74.534852][ T9121] ? lock_downgrade+0x880/0x880 [ 74.539782][ T9121] ? __lock_acquire+0x3ba2/0x5490 [ 74.544791][ T9121] ? trace_hardirqs_off+0x62/0x220 [ 74.549882][ T9121] ? trace_hardirqs_off+0x59/0x220 [ 74.554983][ T9121] ? __lock_acquire+0x3ba2/0x5490 [ 74.559995][ T9121] end_report+0x47/0x4f [ 74.564142][ T9121] ? __lock_acquire+0x3ba2/0x5490 [ 74.569148][ T9121] __kasan_report.cold+0xe/0x40 [ 74.573986][ T9121] ? __lock_acquire+0x3ba2/0x5490 [ 74.579006][ T9121] kasan_report+0x12/0x20 [ 74.583324][ T9121] __asan_report_load8_noabort+0x14/0x20 [ 74.588946][ T9121] __lock_acquire+0x3ba2/0x5490 [ 74.593781][ T9121] ? sock_diag_rcv+0x2b/0x40 [ 74.598354][ T9121] ? netlink_unicast+0x531/0x710 [ 74.603278][ T9121] ? netlink_sendmsg+0x8ae/0xd70 [ 74.608199][ T9121] ? sock_sendmsg+0xd7/0x130 [ 74.612774][ T9121] ? ___sys_sendmsg+0x803/0x920 [ 74.617633][ T9121] ? __sys_sendmsg+0x105/0x1d0 [ 74.622406][ T9121] ? __x64_sys_sendmsg+0x78/0xb0 [ 74.627353][ T9121] ? do_syscall_64+0xfd/0x680 [ 74.632019][ T9121] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 74.638084][ T9121] ? mark_held_locks+0xf0/0xf0 [ 74.642841][ T9121] ? mark_held_locks+0xf0/0xf0 [ 74.647628][ T9121] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 74.653385][ T9121] ? find_held_lock+0x35/0x130 [ 74.658145][ T9121] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 74.663769][ T9121] lock_acquire+0x16f/0x3f0 [ 74.668259][ T9121] ? rhashtable_walk_enter+0xf9/0x390 [ 74.673630][ T9121] _raw_spin_lock+0x2f/0x40 [ 74.678148][ T9121] ? rhashtable_walk_enter+0xf9/0x390 [ 74.683515][ T9121] rhashtable_walk_enter+0xf9/0x390 [ 74.688712][ T9121] __tipc_dump_start+0x1fa/0x3c0 [ 74.693655][ T9121] tipc_dump_start+0x70/0x90 [ 74.698250][ T9121] __netlink_dump_start+0x4f8/0x7d0 [ 74.703442][ T9121] ? __tipc_dump_start+0x3c0/0x3c0 [ 74.708547][ T9121] tipc_sock_diag_handler_dump+0x1d9/0x270 [ 74.714349][ T9121] ? __tipc_diag_gen_cookie+0x90/0x90 [ 74.719709][ T9121] ? sock_diag_rcv+0x1c/0x40 [ 74.724382][ T9121] ? __tipc_dump_start+0x3c0/0x3c0 [ 74.729568][ T9121] ? tipc_unregister_sysctl+0x20/0x20 [ 74.734927][ T9121] ? tipc_ioctl+0x2e0/0x2e0 [ 74.739634][ T9121] sock_diag_rcv_msg+0x319/0x410 [ 74.744661][ T9121] netlink_rcv_skb+0x177/0x450 [ 74.749439][ T9121] ? sock_diag_bind+0x80/0x80 [ 74.754131][ T9121] ? netlink_ack+0xb50/0xb50 [ 74.758736][ T9121] ? kasan_check_read+0x11/0x20 [ 74.763578][ T9121] ? netlink_deliver_tap+0x254/0xbf0 [ 74.768879][ T9121] sock_diag_rcv+0x2b/0x40 [ 74.773286][ T9121] netlink_unicast+0x531/0x710 [ 74.778057][ T9121] ? netlink_attachskb+0x770/0x770 [ 74.783163][ T9121] ? _copy_from_iter_full+0x25d/0x8c0 [ 74.788519][ T9121] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 74.794222][ T9121] ? __check_object_size+0x3d/0x42f [ 74.799428][ T9121] netlink_sendmsg+0x8ae/0xd70 [ 74.804184][ T9121] ? netlink_unicast+0x710/0x710 [ 74.809135][ T9121] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 74.814731][ T9121] ? apparmor_socket_sendmsg+0x2a/0x30 [ 74.820188][ T9121] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 74.826548][ T9121] ? security_socket_sendmsg+0x8d/0xc0 [ 74.831993][ T9121] ? netlink_unicast+0x710/0x710 [ 74.836912][ T9121] sock_sendmsg+0xd7/0x130 [ 74.841315][ T9121] ___sys_sendmsg+0x803/0x920 [ 74.845978][ T9121] ? copy_msghdr_from_user+0x430/0x430 [ 74.851427][ T9121] ? prep_transhuge_page+0xa0/0xa0 [ 74.856548][ T9121] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 74.862777][ T9121] ? __handle_mm_fault+0x7cb/0x3eb0 [ 74.867968][ T9121] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 74.874193][ T9121] ? __fget_light+0x1a9/0x230 [ 74.878856][ T9121] ? __fdget+0x1b/0x20 [ 74.882912][ T9121] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 74.889227][ T9121] __sys_sendmsg+0x105/0x1d0 [ 74.893834][ T9121] ? __ia32_sys_shutdown+0x80/0x80 [ 74.898935][ T9121] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 74.904525][ T9121] ? do_syscall_64+0x26/0x680 [ 74.909196][ T9121] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 74.915253][ T9121] ? do_syscall_64+0x26/0x680 [ 74.919924][ T9121] __x64_sys_sendmsg+0x78/0xb0 [ 74.924987][ T9121] do_syscall_64+0xfd/0x680 [ 74.929492][ T9121] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 74.935376][ T9121] RIP: 0033:0x440209 [ 74.939259][ T9121] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 74.958857][ T9121] RSP: 002b:00007fff1c76bd78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 74.967258][ T9121] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440209 [ 74.975223][ T9121] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 74.983185][ T9121] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 74.991166][ T9121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a90 [ 74.999126][ T9121] R13: 0000000000401b20 R14: 0000000000000000 R15: 0000000000000000 [ 75.008505][ T9121] Kernel Offset: disabled [ 75.012843][ T9121] Rebooting in 86400 seconds..