[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
         Starting Load/Save RF Kill Switch Status...
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.217' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   64.880473][ T7035] ==================================================================
[   64.893552][ T7035] BUG: KASAN: slab-out-of-bounds in fl6_update_dst+0x2bb/0x2c0
[   64.906816][ T7035] Read of size 16 at addr ffff88809dc23258 by task syz-executor528/7035
[   64.919028][ T7035] 
[   64.921881][ T7035] CPU: 1 PID: 7035 Comm: syz-executor528 Not tainted 5.7.0-rc5-syzkaller #0
[   64.934314][ T7035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.949140][ T7035] Call Trace:
[   64.953838][ T7035]  dump_stack+0x188/0x20d
[   64.960092][ T7035]  print_address_description.constprop.0.cold+0xd3/0x315
[   64.970610][ T7035]  ? fl6_update_dst+0x2bb/0x2c0
[   64.980000][ T7035]  __kasan_report.cold+0x35/0x4d
[   64.989107][ T7035]  ? fl6_update_dst+0x2bb/0x2c0
[   64.995868][ T7035]  ? fl6_update_dst+0x2bb/0x2c0
[   65.001968][ T7035]  kasan_report+0x33/0x50
[   65.009130][ T7035]  fl6_update_dst+0x2bb/0x2c0
[   65.016377][ T7035]  sctp_v6_get_dst+0x5e7/0x1c30
[   65.022436][ T7035]  ? _get_random_bytes+0x183/0x420
[   65.029631][ T7035]  ? sctp_v6_copy_addrlist+0x650/0x650
[   65.036800][ T7035]  ? mark_held_locks+0x9f/0xe0
[   65.043744][ T7035]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   65.050586][ T7035]  ? memset+0x20/0x40
[   65.054706][ T7035]  ? sctp_transport_route+0x125/0x350
[   65.063021][ T7035]  sctp_transport_route+0x125/0x350
[   65.069646][ T7035]  sctp_assoc_add_peer+0x5a0/0x1030
[   65.075528][ T7035]  sctp_connect_new_asoc+0x19b/0x580
[   65.081979][ T7035]  ? security_sctp_bind_connect+0x8e/0xc0
[   65.089043][ T7035]  sctp_sendmsg+0x1396/0x1f30
[   65.095266][ T7035]  ? __might_fault+0x11f/0x1d0
[   65.101266][ T7035]  ? __sctp_setsockopt_connectx+0x180/0x180
[   65.108159][ T7035]  ? aa_af_perm+0x260/0x260
[   65.113129][ T7035]  ? import_iovec+0x236/0x3d0
[   65.120432][ T7035]  inet_sendmsg+0x99/0xe0
[   65.127235][ T7035]  ? inet_send_prepare+0x4d0/0x4d0
[   65.132632][ T7035]  sock_sendmsg+0xcf/0x120
[   65.137347][ T7035]  ____sys_sendmsg+0x308/0x7e0
[   65.145980][ T7035]  ? kernel_sendmsg+0x50/0x50
[   65.154751][ T7035]  ? lockdep_hardirqs_on+0x463/0x620
[   65.162420][ T7035]  ? mark_lock+0x12b/0xf10
[   65.169866][ T7035]  ___sys_sendmsg+0x100/0x170
[   65.175605][ T7035]  ? sendmsg_copy_msghdr+0x70/0x70
[   65.181918][ T7035]  ? mark_lock+0x12b/0xf10
[   65.190467][ T7035]  ? do_huge_pmd_anonymous_page+0xb9c/0x1990
[   65.201416][ T7035]  ? print_usage_bug+0x240/0x240
[   65.210622][ T7035]  ? lock_downgrade+0x840/0x840
[   65.217936][ T7035]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   65.227192][ T7035]  ? sctp_setsockopt+0x146/0x7090
[   65.235366][ T7035]  ? __fget_light+0x1ab/0x270
[   65.242068][ T7035]  __sys_sendmmsg+0x195/0x480
[   65.247986][ T7035]  ? __ia32_sys_sendmsg+0xb0/0xb0
[   65.253508][ T7035]  ? aa_af_perm+0x260/0x260
[   65.259803][ T7035]  ? __sys_setsockopt+0x2eb/0x480
[   65.266979][ T7035]  ? sock_create_kern+0x40/0x40
[   65.274457][ T7035]  ? up_read+0x1ab/0x750
[   65.281414][ T7035]  ? handle_mm_fault+0x29e/0x660
[   65.290413][ T7035]  __x64_sys_sendmmsg+0x99/0x100
[   65.298085][ T7035]  ? lockdep_hardirqs_on+0x463/0x620
[   65.304601][ T7035]  do_syscall_64+0xf6/0x7d0
[   65.311035][ T7035]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   65.320013][ T7035] RIP: 0033:0x440309
[   65.324376][ T7035] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   65.346817][ T7035] RSP: 002b:00007fff01fee1f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   65.356786][ T7035] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309
[   65.365189][ T7035] RDX: 0000000000000001 RSI: 0000000020000140 RDI: 0000000000000003
[   65.374156][ T7035] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   65.382247][ T7035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90
[   65.390750][ T7035] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000
[   65.399329][ T7035] 
[   65.402251][ T7035] Allocated by task 7035:
[   65.407645][ T7035]  save_stack+0x1b/0x40
[   65.412179][ T7035]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   65.419220][ T7035]  __kmalloc+0x161/0x7a0
[   65.423746][ T7035]  sock_kmalloc+0xb5/0x100
[   65.428156][ T7035]  ipv6_renew_options+0x274/0x940
[   65.433315][ T7035]  do_ipv6_setsockopt.isra.0+0x2eaf/0x42f0
[   65.439213][ T7035]  ipv6_setsockopt+0xfb/0x180
[   65.444724][ T7035]  sctp_setsockopt+0x13e/0x7090
[   65.450097][ T7035]  __sys_setsockopt+0x248/0x480
[   65.456632][ T7035]  __x64_sys_setsockopt+0xba/0x150
[   65.462095][ T7035]  do_syscall_64+0xf6/0x7d0
[   65.466978][ T7035]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   65.473749][ T7035] 
[   65.476776][ T7035] Freed by task 5138:
[   65.481604][ T7035]  save_stack+0x1b/0x40
[   65.485859][ T7035]  __kasan_slab_free+0xf7/0x140
[   65.491357][ T7035]  kfree+0x109/0x2b0
[   65.495687][ T7035]  tomoyo_path_perm+0x236/0x400
[   65.501494][ T7035]  security_inode_getattr+0xeb/0x150
[   65.507724][ T7035]  vfs_getattr+0x22/0x60
[   65.512063][ T7035]  vfs_statx_fd+0x6a/0xb0
[   65.516401][ T7035]  __do_sys_newfstat+0x8b/0x100
[   65.521721][ T7035]  do_syscall_64+0xf6/0x7d0
[   65.526989][ T7035]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   65.533080][ T7035] 
[   65.535404][ T7035] The buggy address belongs to the object at ffff88809dc23200
[   65.535404][ T7035]  which belongs to the cache kmalloc-96 of size 96
[   65.549705][ T7035] The buggy address is located 88 bytes inside of
[   65.549705][ T7035]  96-byte region [ffff88809dc23200, ffff88809dc23260)
[   65.563676][ T7035] The buggy address belongs to the page:
[   65.569430][ T7035] page:ffffea00027708c0 refcount:1 mapcount:0 mapping:0000000031b2e39e index:0xffff88809dc23080
[   65.579975][ T7035] flags: 0xfffe0000000200(slab)
[   65.586274][ T7035] raw: 00fffe0000000200 ffffea00027c7888 ffffea00027fc588 ffff8880aa000540
[   65.596024][ T7035] raw: ffff88809dc23080 ffff88809dc23000 000000010000001e 0000000000000000
[   65.604697][ T7035] page dumped because: kasan: bad access detected
[   65.611335][ T7035] 
[   65.613734][ T7035] Memory state around the buggy address:
[   65.619568][ T7035]  ffff88809dc23100: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   65.628192][ T7035]  ffff88809dc23180: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   65.637396][ T7035] >ffff88809dc23200: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[   65.646179][ T7035]                                                     ^
[   65.653120][ T7035]  ffff88809dc23280: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   65.661349][ T7035]  ffff88809dc23300: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   65.670577][ T7035] ==================================================================
[   65.682507][ T7035] Disabling lock debugging due to kernel taint
[   65.690787][ T7035] Kernel panic - not syncing: panic_on_warn set ...
[   65.698992][ T7035] CPU: 1 PID: 7035 Comm: syz-executor528 Tainted: G    B             5.7.0-rc5-syzkaller #0
[   65.709447][ T7035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.719848][ T7035] Call Trace:
[   65.723138][ T7035]  dump_stack+0x188/0x20d
[   65.727771][ T7035]  panic+0x2e3/0x75c
[   65.731677][ T7035]  ? add_taint.cold+0x16/0x16
[   65.737650][ T7035]  ? retint_kernel+0x2b/0x2b
[   65.742505][ T7035]  ? fl6_update_dst+0x2bb/0x2c0
[   65.748077][ T7035]  ? trace_hardirqs_on+0x55/0x220
[   65.753822][ T7035]  ? fl6_update_dst+0x2bb/0x2c0
[   65.758806][ T7035]  end_report+0x4d/0x53
[   65.763073][ T7035]  __kasan_report.cold+0xd/0x4d
[   65.768431][ T7035]  ? fl6_update_dst+0x2bb/0x2c0
[   65.774087][ T7035]  ? fl6_update_dst+0x2bb/0x2c0
[   65.780165][ T7035]  kasan_report+0x33/0x50
[   65.784776][ T7035]  fl6_update_dst+0x2bb/0x2c0
[   65.789909][ T7035]  sctp_v6_get_dst+0x5e7/0x1c30
[   65.795685][ T7035]  ? _get_random_bytes+0x183/0x420
[   65.801661][ T7035]  ? sctp_v6_copy_addrlist+0x650/0x650
[   65.809661][ T7035]  ? mark_held_locks+0x9f/0xe0
[   65.815208][ T7035]  ? _raw_spin_unlock_irqrestore+0x62/0xe0
[   65.821297][ T7035]  ? memset+0x20/0x40
[   65.825278][ T7035]  ? sctp_transport_route+0x125/0x350
[   65.832030][ T7035]  sctp_transport_route+0x125/0x350
[   65.837698][ T7035]  sctp_assoc_add_peer+0x5a0/0x1030
[   65.843515][ T7035]  sctp_connect_new_asoc+0x19b/0x580
[   65.849526][ T7035]  ? security_sctp_bind_connect+0x8e/0xc0
[   65.856504][ T7035]  sctp_sendmsg+0x1396/0x1f30
[   65.861356][ T7035]  ? __might_fault+0x11f/0x1d0
[   65.869218][ T7035]  ? __sctp_setsockopt_connectx+0x180/0x180
[   65.878970][ T7035]  ? aa_af_perm+0x260/0x260
[   65.885702][ T7035]  ? import_iovec+0x236/0x3d0
[   65.892341][ T7035]  inet_sendmsg+0x99/0xe0
[   65.896936][ T7035]  ? inet_send_prepare+0x4d0/0x4d0
[   65.902573][ T7035]  sock_sendmsg+0xcf/0x120
[   65.907739][ T7035]  ____sys_sendmsg+0x308/0x7e0
[   65.912521][ T7035]  ? kernel_sendmsg+0x50/0x50
[   65.917211][ T7035]  ? lockdep_hardirqs_on+0x463/0x620
[   65.922671][ T7035]  ? mark_lock+0x12b/0xf10
[   65.927974][ T7035]  ___sys_sendmsg+0x100/0x170
[   65.932936][ T7035]  ? sendmsg_copy_msghdr+0x70/0x70
[   65.938705][ T7035]  ? mark_lock+0x12b/0xf10
[   65.944430][ T7035]  ? do_huge_pmd_anonymous_page+0xb9c/0x1990
[   65.950986][ T7035]  ? print_usage_bug+0x240/0x240
[   65.956781][ T7035]  ? lock_downgrade+0x840/0x840
[   65.961621][ T7035]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   65.967174][ T7035]  ? sctp_setsockopt+0x146/0x7090
[   65.972392][ T7035]  ? __fget_light+0x1ab/0x270
[   65.977125][ T7035]  __sys_sendmmsg+0x195/0x480
[   65.981911][ T7035]  ? __ia32_sys_sendmsg+0xb0/0xb0
[   65.987714][ T7035]  ? aa_af_perm+0x260/0x260
[   65.992232][ T7035]  ? __sys_setsockopt+0x2eb/0x480
[   65.998082][ T7035]  ? sock_create_kern+0x40/0x40
[   66.003786][ T7035]  ? up_read+0x1ab/0x750
[   66.008393][ T7035]  ? handle_mm_fault+0x29e/0x660
[   66.013456][ T7035]  __x64_sys_sendmmsg+0x99/0x100
[   66.018400][ T7035]  ? lockdep_hardirqs_on+0x463/0x620
[   66.023795][ T7035]  do_syscall_64+0xf6/0x7d0
[   66.028309][ T7035]  entry_SYSCALL_64_after_hwframe+0x49/0xb3
[   66.034620][ T7035] RIP: 0033:0x440309
[   66.039380][ T7035] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   66.059530][ T7035] RSP: 002b:00007fff01fee1f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   66.067949][ T7035] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309
[   66.076006][ T7035] RDX: 0000000000000001 RSI: 0000000020000140 RDI: 0000000000000003
[   66.084163][ T7035] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
[   66.092315][ T7035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90
[   66.100368][ T7035] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000
[   66.109907][ T7035] Kernel Offset: disabled
[   66.114339][ T7035] Rebooting in 86400 seconds..