Warning: Permanently added '10.128.0.177' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 81.909170][ T9322] ================================================================== [ 81.917477][ T9322] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x3ba2/0x5490 [ 81.928000][ T9322] Read of size 8 at addr ffff8882165ecdc0 by task syz-executor906/9322 [ 81.936219][ T9322] [ 81.938535][ T9322] CPU: 0 PID: 9322 Comm: syz-executor906 Not tainted 5.2.0-rc1+ #1 [ 81.946409][ T9322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.956559][ T9322] Call Trace: [ 81.959867][ T9322] dump_stack+0x172/0x1f0 [ 81.964187][ T9322] ? __lock_acquire+0x3ba2/0x5490 [ 81.969237][ T9322] print_address_description.cold+0x7c/0x20d [ 81.975220][ T9322] ? __lock_acquire+0x3ba2/0x5490 [ 81.980230][ T9322] ? __lock_acquire+0x3ba2/0x5490 [ 81.985235][ T9322] __kasan_report.cold+0x1b/0x40 [ 81.990164][ T9322] ? __lock_acquire+0x3ba2/0x5490 [ 81.995203][ T9322] kasan_report+0x12/0x20 [ 82.000000][ T9322] __asan_report_load8_noabort+0x14/0x20 [ 82.005643][ T9322] __lock_acquire+0x3ba2/0x5490 [ 82.010612][ T9322] ? sock_diag_rcv+0x2b/0x40 [ 82.015330][ T9322] ? netlink_unicast+0x531/0x710 [ 82.020278][ T9322] ? netlink_sendmsg+0x8ae/0xd70 [ 82.025224][ T9322] ? sock_sendmsg+0xd7/0x130 [ 82.029800][ T9322] ? ___sys_sendmsg+0x803/0x920 [ 82.034637][ T9322] ? __sys_sendmsg+0x105/0x1d0 [ 82.039397][ T9322] ? __x64_sys_sendmsg+0x78/0xb0 [ 82.044338][ T9322] ? do_syscall_64+0xfd/0x680 [ 82.049026][ T9322] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.055107][ T9322] ? mark_held_locks+0xf0/0xf0 [ 82.059859][ T9322] ? mark_held_locks+0xf0/0xf0 [ 82.064604][ T9322] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 82.070234][ T9322] ? find_held_lock+0x35/0x130 [ 82.074997][ T9322] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 82.080624][ T9322] lock_acquire+0x16f/0x3f0 [ 82.085296][ T9322] ? rhashtable_walk_enter+0xf9/0x390 [ 82.090678][ T9322] _raw_spin_lock+0x2f/0x40 [ 82.095181][ T9322] ? rhashtable_walk_enter+0xf9/0x390 [ 82.100543][ T9322] rhashtable_walk_enter+0xf9/0x390 [ 82.105756][ T9322] __tipc_dump_start+0x1fa/0x3c0 [ 82.110690][ T9322] tipc_dump_start+0x70/0x90 [ 82.115273][ T9322] __netlink_dump_start+0x4f8/0x7d0 [ 82.121475][ T9322] ? __tipc_dump_start+0x3c0/0x3c0 [ 82.126703][ T9322] tipc_sock_diag_handler_dump+0x1d9/0x270 [ 82.132541][ T9322] ? __tipc_diag_gen_cookie+0x90/0x90 [ 82.137916][ T9322] ? sock_diag_rcv+0x1c/0x40 [ 82.142521][ T9322] ? __tipc_dump_start+0x3c0/0x3c0 [ 82.147640][ T9322] ? tipc_unregister_sysctl+0x20/0x20 [ 82.153010][ T9322] ? tipc_ioctl+0x2e0/0x2e0 [ 82.157506][ T9322] sock_diag_rcv_msg+0x319/0x410 [ 82.162545][ T9322] netlink_rcv_skb+0x177/0x450 [ 82.167327][ T9322] ? sock_diag_bind+0x80/0x80 [ 82.172014][ T9322] ? netlink_ack+0xb50/0xb50 [ 82.176774][ T9322] ? kasan_check_read+0x11/0x20 [ 82.181634][ T9322] ? netlink_deliver_tap+0x254/0xbf0 [ 82.187010][ T9322] sock_diag_rcv+0x2b/0x40 [ 82.191583][ T9322] netlink_unicast+0x531/0x710 [ 82.205313][ T9322] ? netlink_attachskb+0x770/0x770 [ 82.210425][ T9322] ? _copy_from_iter_full+0x25d/0x8c0 [ 82.215803][ T9322] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 82.221534][ T9322] ? __check_object_size+0x3d/0x42f [ 82.227239][ T9322] netlink_sendmsg+0x8ae/0xd70 [ 82.232462][ T9322] ? netlink_unicast+0x710/0x710 [ 82.238639][ T9322] ? tomoyo_socket_sendmsg+0x26/0x30 [ 82.246461][ T9322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.252710][ T9322] ? security_socket_sendmsg+0x8d/0xc0 [ 82.259470][ T9322] ? netlink_unicast+0x710/0x710 [ 82.264515][ T9322] sock_sendmsg+0xd7/0x130 [ 82.268930][ T9322] ___sys_sendmsg+0x803/0x920 [ 82.273603][ T9322] ? copy_msghdr_from_user+0x430/0x430 [ 82.279058][ T9322] ? prep_transhuge_page+0xa0/0xa0 [ 82.284167][ T9322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.290433][ T9322] ? __handle_mm_fault+0x7cb/0x3eb0 [ 82.295625][ T9322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.301872][ T9322] ? __fget_light+0x1a9/0x230 [ 82.306559][ T9322] ? __fdget+0x1b/0x20 [ 82.310627][ T9322] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 82.316856][ T9322] __sys_sendmsg+0x105/0x1d0 [ 82.321433][ T9322] ? __ia32_sys_shutdown+0x80/0x80 [ 82.326531][ T9322] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 82.331995][ T9322] ? do_syscall_64+0x26/0x680 [ 82.336685][ T9322] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.342744][ T9322] ? do_syscall_64+0x26/0x680 [ 82.347406][ T9322] __x64_sys_sendmsg+0x78/0xb0 [ 82.352249][ T9322] do_syscall_64+0xfd/0x680 [ 82.356772][ T9322] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.362648][ T9322] RIP: 0033:0x440219 [ 82.366525][ T9322] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 82.386126][ T9322] RSP: 002b:00007ffe59b331e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 82.394611][ T9322] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219 [ 82.402567][ T9322] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 82.410607][ T9322] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 82.418565][ T9322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0 [ 82.426527][ T9322] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000 [ 82.434518][ T9322] [ 82.436854][ T9322] Allocated by task 1: [ 82.440963][ T9322] save_stack+0x23/0x90 [ 82.445140][ T9322] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 82.450756][ T9322] kasan_slab_alloc+0xf/0x20 [ 82.455329][ T9322] kmem_cache_alloc+0x11a/0x6f0 [ 82.460168][ T9322] __kernfs_new_node+0xf0/0x6c0 [ 82.464997][ T9322] kernfs_new_node+0x96/0x120 [ 82.469650][ T9322] kernfs_create_dir_ns+0x52/0x160 [ 82.474910][ T9322] sysfs_create_dir_ns+0x131/0x2a0 [ 82.480188][ T9322] kobject_add_internal.cold+0x116/0x662 [ 82.485800][ T9322] kset_register+0x2e/0x70 [ 82.490204][ T9322] kset_create_and_add+0x12f/0x1a0 [ 82.495313][ T9322] netdev_register_kobject+0x1c1/0x3b0 [ 82.500780][ T9322] register_netdevice+0x875/0xff0 [ 82.505868][ T9322] register_netdev+0x30/0x50 [ 82.510488][ T9322] vti6_init_net+0x518/0x820 [ 82.515068][ T9322] ops_init+0xb3/0x410 [ 82.519119][ T9322] register_pernet_operations+0x382/0x7f0 [ 82.524951][ T9322] register_pernet_device+0x2a/0x80 [ 82.530269][ T9322] vti6_tunnel_init+0x19/0x176 [ 82.535101][ T9322] do_one_initcall+0x107/0x7ba [ 82.539867][ T9322] kernel_init_freeable+0x4d4/0x5c3 [ 82.545050][ T9322] kernel_init+0x12/0x1c5 [ 82.549369][ T9322] ret_from_fork+0x24/0x30 [ 82.553783][ T9322] [ 82.556404][ T9322] Freed by task 0: [ 82.560101][ T9322] (stack is not available) [ 82.564525][ T9322] [ 82.566846][ T9322] The buggy address belongs to the object at ffff8882165ecd20 [ 82.566846][ T9322] which belongs to the cache kernfs_node_cache of size 160 [ 82.581408][ T9322] The buggy address is located 0 bytes to the right of [ 82.581408][ T9322] 160-byte region [ffff8882165ecd20, ffff8882165ecdc0) [ 82.595003][ T9322] The buggy address belongs to the page: [ 82.600616][ T9322] page:ffffea0008597b00 refcount:1 mapcount:0 mapping:ffff8880aa5967c0 index:0xffff8882165ecfee [ 82.611006][ T9322] flags: 0x6fffc0000000200(slab) [ 82.615949][ T9322] raw: 06fffc0000000200 ffffea0008591648 ffffea0008597b48 ffff8880aa5967c0 [ 82.624525][ T9322] raw: ffff8882165ecfee ffff8882165ec000 0000000100000012 0000000000000000 [ 82.633086][ T9322] page dumped because: kasan: bad access detected [ 82.639479][ T9322] [ 82.641788][ T9322] Memory state around the buggy address: [ 82.647454][ T9322] ffff8882165ecc80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 82.655512][ T9322] ffff8882165ecd00: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 [ 82.663586][ T9322] >ffff8882165ecd80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 82.671636][ T9322] ^ [ 82.677820][ T9322] ffff8882165ece00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 82.686168][ T9322] ffff8882165ece80: 00 00 00 00 fc fc fc fc fc fc fc fc 00 00 00 00 [ 82.694485][ T9322] ================================================================== [ 82.702534][ T9322] Disabling lock debugging due to kernel taint [ 82.708679][ T9322] Kernel panic - not syncing: panic_on_warn set ... [ 82.715261][ T9322] CPU: 0 PID: 9322 Comm: syz-executor906 Tainted: G B 5.2.0-rc1+ #1 [ 82.724522][ T9322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.734572][ T9322] Call Trace: [ 82.737862][ T9322] dump_stack+0x172/0x1f0 [ 82.742234][ T9322] panic+0x2cb/0x744 [ 82.746126][ T9322] ? __warn_printk+0xf3/0xf3 [ 82.750706][ T9322] ? lock_downgrade+0x880/0x880 [ 82.755539][ T9322] ? __lock_acquire+0x3ba2/0x5490 [ 82.760563][ T9322] ? trace_hardirqs_off+0x62/0x220 [ 82.765662][ T9322] ? trace_hardirqs_off+0x59/0x220 [ 82.770767][ T9322] ? __lock_acquire+0x3ba2/0x5490 [ 82.775799][ T9322] end_report+0x47/0x4f [ 82.779969][ T9322] ? __lock_acquire+0x3ba2/0x5490 [ 82.784997][ T9322] __kasan_report.cold+0xe/0x40 [ 82.789840][ T9322] ? __lock_acquire+0x3ba2/0x5490 [ 82.794844][ T9322] kasan_report+0x12/0x20 [ 82.799165][ T9322] __asan_report_load8_noabort+0x14/0x20 [ 82.804852][ T9322] __lock_acquire+0x3ba2/0x5490 [ 82.809696][ T9322] ? sock_diag_rcv+0x2b/0x40 [ 82.814273][ T9322] ? netlink_unicast+0x531/0x710 [ 82.819216][ T9322] ? netlink_sendmsg+0x8ae/0xd70 [ 82.824160][ T9322] ? sock_sendmsg+0xd7/0x130 [ 82.829225][ T9322] ? ___sys_sendmsg+0x803/0x920 [ 82.840447][ T9322] ? __sys_sendmsg+0x105/0x1d0 [ 82.845195][ T9322] ? __x64_sys_sendmsg+0x78/0xb0 [ 82.850116][ T9322] ? do_syscall_64+0xfd/0x680 [ 82.854771][ T9322] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.860846][ T9322] ? mark_held_locks+0xf0/0xf0 [ 82.865597][ T9322] ? mark_held_locks+0xf0/0xf0 [ 82.870359][ T9322] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 82.875978][ T9322] ? find_held_lock+0x35/0x130 [ 82.880728][ T9322] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 82.886456][ T9322] lock_acquire+0x16f/0x3f0 [ 82.890952][ T9322] ? rhashtable_walk_enter+0xf9/0x390 [ 82.896403][ T9322] _raw_spin_lock+0x2f/0x40 [ 82.900928][ T9322] ? rhashtable_walk_enter+0xf9/0x390 [ 82.906319][ T9322] rhashtable_walk_enter+0xf9/0x390 [ 82.911516][ T9322] __tipc_dump_start+0x1fa/0x3c0 [ 82.916443][ T9322] tipc_dump_start+0x70/0x90 [ 82.922567][ T9322] __netlink_dump_start+0x4f8/0x7d0 [ 82.927754][ T9322] ? __tipc_dump_start+0x3c0/0x3c0 [ 82.932884][ T9322] tipc_sock_diag_handler_dump+0x1d9/0x270 [ 82.938690][ T9322] ? __tipc_diag_gen_cookie+0x90/0x90 [ 82.944148][ T9322] ? sock_diag_rcv+0x1c/0x40 [ 82.948726][ T9322] ? __tipc_dump_start+0x3c0/0x3c0 [ 82.953879][ T9322] ? tipc_unregister_sysctl+0x20/0x20 [ 82.959252][ T9322] ? tipc_ioctl+0x2e0/0x2e0 [ 82.963757][ T9322] sock_diag_rcv_msg+0x319/0x410 [ 82.968680][ T9322] netlink_rcv_skb+0x177/0x450 [ 82.973434][ T9322] ? sock_diag_bind+0x80/0x80 [ 82.978094][ T9322] ? netlink_ack+0xb50/0xb50 [ 82.982694][ T9322] ? kasan_check_read+0x11/0x20 [ 82.987616][ T9322] ? netlink_deliver_tap+0x254/0xbf0 [ 82.992897][ T9322] sock_diag_rcv+0x2b/0x40 [ 82.997321][ T9322] netlink_unicast+0x531/0x710 [ 83.002083][ T9322] ? netlink_attachskb+0x770/0x770 [ 83.007188][ T9322] ? _copy_from_iter_full+0x25d/0x8c0 [ 83.012550][ T9322] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 83.018251][ T9322] ? __check_object_size+0x3d/0x42f [ 83.023433][ T9322] netlink_sendmsg+0x8ae/0xd70 [ 83.028180][ T9322] ? netlink_unicast+0x710/0x710 [ 83.033199][ T9322] ? tomoyo_socket_sendmsg+0x26/0x30 [ 83.038475][ T9322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.044725][ T9322] ? security_socket_sendmsg+0x8d/0xc0 [ 83.050470][ T9322] ? netlink_unicast+0x710/0x710 [ 83.055402][ T9322] sock_sendmsg+0xd7/0x130 [ 83.060149][ T9322] ___sys_sendmsg+0x803/0x920 [ 83.064859][ T9322] ? copy_msghdr_from_user+0x430/0x430 [ 83.070310][ T9322] ? prep_transhuge_page+0xa0/0xa0 [ 83.075576][ T9322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.081829][ T9322] ? __handle_mm_fault+0x7cb/0x3eb0 [ 83.087017][ T9322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.093241][ T9322] ? __fget_light+0x1a9/0x230 [ 83.097916][ T9322] ? __fdget+0x1b/0x20 [ 83.101994][ T9322] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 83.108263][ T9322] __sys_sendmsg+0x105/0x1d0 [ 83.112844][ T9322] ? __ia32_sys_shutdown+0x80/0x80 [ 83.117935][ T9322] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 83.123402][ T9322] ? do_syscall_64+0x26/0x680 [ 83.128067][ T9322] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.134125][ T9322] ? do_syscall_64+0x26/0x680 [ 83.138793][ T9322] __x64_sys_sendmsg+0x78/0xb0 [ 83.143637][ T9322] do_syscall_64+0xfd/0x680 [ 83.148133][ T9322] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.154201][ T9322] RIP: 0033:0x440219 [ 83.158082][ T9322] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 83.177782][ T9322] RSP: 002b:00007ffe59b331e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.186295][ T9322] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219 [ 83.194258][ T9322] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 83.203979][ T9322] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 83.212027][ T9322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0 [ 83.220002][ T9322] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000 [ 83.229307][ T9322] Kernel Offset: disabled [ 83.233642][ T9322] Rebooting in 86400 seconds..