Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 72.921644][ T8409] ================================================================== [ 72.929873][ T8409] BUG: KASAN: use-after-free in eth_header_parse_protocol+0xdc/0xe0 [ 72.937896][ T8409] Read of size 2 at addr ffff88801ae0000b by task syz-executor596/8409 [ 72.946115][ T8409] [ 72.948434][ T8409] CPU: 0 PID: 8409 Comm: syz-executor596 Not tainted 5.12.0-rc2-syzkaller #0 [ 72.957176][ T8409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.967215][ T8409] Call Trace: [ 72.970479][ T8409] dump_stack+0x141/0x1d7 [ 72.974804][ T8409] ? eth_header_parse_protocol+0xdc/0xe0 [ 72.980426][ T8409] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 72.987437][ T8409] ? llc_sysctl_exit+0x60/0x60 [ 72.992209][ T8409] ? eth_header_parse_protocol+0xdc/0xe0 [ 72.997825][ T8409] ? eth_header_parse_protocol+0xdc/0xe0 [ 73.003442][ T8409] kasan_report.cold+0x7c/0xd8 [ 73.008194][ T8409] ? eth_header_parse_protocol+0xdc/0xe0 [ 73.013818][ T8409] ? llc_sysctl_exit+0x60/0x60 [ 73.018799][ T8409] eth_header_parse_protocol+0xdc/0xe0 [ 73.024294][ T8409] virtio_net_hdr_to_skb.constprop.0+0x99d/0xcd0 [ 73.030617][ T8409] ? tpacket_destruct_skb+0x860/0x860 [ 73.035989][ T8409] packet_sendmsg+0x2325/0x52b0 [ 73.040864][ T8409] ? aa_sk_perm+0x31b/0xab0 [ 73.046254][ T8409] ? packet_cached_dev_get+0x250/0x250 [ 73.051736][ T8409] ? aa_af_perm+0x230/0x230 [ 73.056231][ T8409] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.062464][ T8409] ? packet_cached_dev_get+0x250/0x250 [ 73.067915][ T8409] sock_sendmsg+0xcf/0x120 [ 73.072321][ T8409] sock_no_sendpage+0xf3/0x130 [ 73.077077][ T8409] ? sk_page_frag_refill+0x1d0/0x1d0 [ 73.082358][ T8409] ? lock_release+0x720/0x720 [ 73.087027][ T8409] ? find_held_lock+0x2d/0x110 [ 73.091786][ T8409] kernel_sendpage.part.0+0x1ab/0x350 [ 73.097154][ T8409] sock_sendpage+0xe5/0x140 [ 73.101659][ T8409] ? __sock_recv_ts_and_drops+0x430/0x430 [ 73.107379][ T8409] pipe_to_sendpage+0x2ad/0x380 [ 73.112221][ T8409] ? propagate_umount+0x1c20/0x1c20 [ 73.117403][ T8409] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.123630][ T8409] ? splice_from_pipe_next.part.0+0x167/0x520 [ 73.129686][ T8409] __splice_from_pipe+0x43e/0x8a0 [ 73.134712][ T8409] ? propagate_umount+0x1c20/0x1c20 [ 73.139899][ T8409] generic_splice_sendpage+0xd4/0x140 [ 73.145257][ T8409] ? __do_sys_vmsplice+0x9d0/0x9d0 [ 73.150354][ T8409] ? security_file_permission+0x248/0x560 [ 73.156073][ T8409] ? __do_sys_vmsplice+0x9d0/0x9d0 [ 73.161176][ T8409] do_splice+0xb7e/0x1940 [ 73.165537][ T8409] ? find_held_lock+0x2d/0x110 [ 73.170291][ T8409] ? splice_file_to_pipe+0x120/0x120 [ 73.175568][ T8409] __do_splice+0x134/0x250 [ 73.179986][ T8409] ? do_splice+0x1940/0x1940 [ 73.184589][ T8409] __x64_sys_splice+0x198/0x250 [ 73.189466][ T8409] do_syscall_64+0x2d/0x70 [ 73.193869][ T8409] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.199832][ T8409] RIP: 0033:0x44cc59 [ 73.203892][ T8409] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 73.223624][ T8409] RSP: 002b:00007f78690a22f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 73.232027][ T8409] RAX: ffffffffffffffda RBX: 00000000004cb4f8 RCX: 000000000044cc59 [ 73.239983][ T8409] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 73.247937][ T8409] RBP: 00000000004cb4f0 R08: 000000000004fee0 R09: 0000000000000000 [ 73.256034][ T8409] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004cb4fc [ 73.263992][ T8409] R13: 000000000049b004 R14: 6d32cc5e8ead0600 R15: 0000000000022000 [ 73.271977][ T8409] [ 73.274284][ T8409] Allocated by task 6417: [ 73.278592][ T8409] kasan_save_stack+0x1b/0x40 [ 73.283253][ T8409] __kasan_kmalloc+0x99/0xc0 [ 73.287822][ T8409] tomoyo_realpath_from_path+0xc3/0x620 [ 73.293351][ T8409] tomoyo_path_perm+0x21b/0x400 [ 73.298183][ T8409] security_inode_getattr+0xcf/0x140 [ 73.303452][ T8409] vfs_statx+0x164/0x390 [ 73.307675][ T8409] __do_sys_newlstat+0x91/0x110 [ 73.312504][ T8409] do_syscall_64+0x2d/0x70 [ 73.316904][ T8409] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.322793][ T8409] [ 73.325097][ T8409] Freed by task 6417: [ 73.329054][ T8409] kasan_save_stack+0x1b/0x40 [ 73.333711][ T8409] kasan_set_track+0x1c/0x30 [ 73.338282][ T8409] kasan_set_free_info+0x20/0x30 [ 73.343197][ T8409] __kasan_slab_free+0xf5/0x130 [ 73.348038][ T8409] slab_free_freelist_hook+0x92/0x210 [ 73.353406][ T8409] kfree+0xe5/0x7f0 [ 73.357200][ T8409] tomoyo_realpath_from_path+0x191/0x620 [ 73.362818][ T8409] tomoyo_path_perm+0x21b/0x400 [ 73.367655][ T8409] security_inode_getattr+0xcf/0x140 [ 73.372961][ T8409] vfs_statx+0x164/0x390 [ 73.377189][ T8409] __do_sys_newlstat+0x91/0x110 [ 73.382023][ T8409] do_syscall_64+0x2d/0x70 [ 73.386475][ T8409] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.392356][ T8409] [ 73.394729][ T8409] The buggy address belongs to the object at ffff88801ae00000 [ 73.394729][ T8409] which belongs to the cache kmalloc-4k of size 4096 [ 73.408778][ T8409] The buggy address is located 11 bytes inside of [ 73.408778][ T8409] 4096-byte region [ffff88801ae00000, ffff88801ae01000) [ 73.422142][ T8409] The buggy address belongs to the page: [ 73.427753][ T8409] page:000000003ac51b8c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ae00 [ 73.437929][ T8409] head:000000003ac51b8c order:3 compound_mapcount:0 compound_pincount:0 [ 73.446251][ T8409] flags: 0xfff00000010200(slab|head) [ 73.451527][ T8409] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010842140 [ 73.460094][ T8409] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 73.468657][ T8409] page dumped because: kasan: bad access detected [ 73.475048][ T8409] [ 73.477355][ T8409] Memory state around the buggy address: [ 73.483007][ T8409] ffff88801adfff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.491049][ T8409] ffff88801adfff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.499090][ T8409] >ffff88801ae00000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.507128][ T8409] ^ [ 73.511447][ T8409] ffff88801ae00080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.519500][ T8409] ffff88801ae00100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.527538][ T8409] ================================================================== [ 73.535575][ T8409] Disabling lock debugging due to kernel taint [ 73.542165][ T8409] Kernel panic - not syncing: panic_on_warn set ... [ 73.548743][ T8409] CPU: 0 PID: 8409 Comm: syz-executor596 Tainted: G B 5.12.0-rc2-syzkaller #0 [ 73.558902][ T8409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.568959][ T8409] Call Trace: [ 73.572221][ T8409] dump_stack+0x141/0x1d7 [ 73.576535][ T8409] panic+0x306/0x73d [ 73.580411][ T8409] ? __warn_printk+0xf3/0xf3 [ 73.584981][ T8409] ? preempt_schedule_common+0x59/0xc0 [ 73.590427][ T8409] ? llc_sysctl_exit+0x60/0x60 [ 73.595183][ T8409] ? eth_header_parse_protocol+0xdc/0xe0 [ 73.600797][ T8409] ? preempt_schedule_thunk+0x16/0x18 [ 73.606149][ T8409] ? trace_hardirqs_on+0x38/0x1c0 [ 73.611151][ T8409] ? trace_hardirqs_on+0x51/0x1c0 [ 73.616153][ T8409] ? llc_sysctl_exit+0x60/0x60 [ 73.620893][ T8409] ? eth_header_parse_protocol+0xdc/0xe0 [ 73.626504][ T8409] ? eth_header_parse_protocol+0xdc/0xe0 [ 73.632138][ T8409] end_report.cold+0x5a/0x5a [ 73.636708][ T8409] kasan_report.cold+0x6a/0xd8 [ 73.641454][ T8409] ? eth_header_parse_protocol+0xdc/0xe0 [ 73.647065][ T8409] ? llc_sysctl_exit+0x60/0x60 [ 73.651809][ T8409] eth_header_parse_protocol+0xdc/0xe0 [ 73.657247][ T8409] virtio_net_hdr_to_skb.constprop.0+0x99d/0xcd0 [ 73.663556][ T8409] ? tpacket_destruct_skb+0x860/0x860 [ 73.668928][ T8409] packet_sendmsg+0x2325/0x52b0 [ 73.673773][ T8409] ? aa_sk_perm+0x31b/0xab0 [ 73.678256][ T8409] ? packet_cached_dev_get+0x250/0x250 [ 73.683695][ T8409] ? aa_af_perm+0x230/0x230 [ 73.688177][ T8409] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.694399][ T8409] ? packet_cached_dev_get+0x250/0x250 [ 73.699843][ T8409] sock_sendmsg+0xcf/0x120 [ 73.704239][ T8409] sock_no_sendpage+0xf3/0x130 [ 73.708981][ T8409] ? sk_page_frag_refill+0x1d0/0x1d0 [ 73.714244][ T8409] ? lock_release+0x720/0x720 [ 73.718901][ T8409] ? find_held_lock+0x2d/0x110 [ 73.723672][ T8409] kernel_sendpage.part.0+0x1ab/0x350 [ 73.729024][ T8409] sock_sendpage+0xe5/0x140 [ 73.733502][ T8409] ? __sock_recv_ts_and_drops+0x430/0x430 [ 73.739200][ T8409] pipe_to_sendpage+0x2ad/0x380 [ 73.744032][ T8409] ? propagate_umount+0x1c20/0x1c20 [ 73.749208][ T8409] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.755429][ T8409] ? splice_from_pipe_next.part.0+0x167/0x520 [ 73.761487][ T8409] __splice_from_pipe+0x43e/0x8a0 [ 73.766491][ T8409] ? propagate_umount+0x1c20/0x1c20 [ 73.771669][ T8409] generic_splice_sendpage+0xd4/0x140 [ 73.777019][ T8409] ? __do_sys_vmsplice+0x9d0/0x9d0 [ 73.782110][ T8409] ? security_file_permission+0x248/0x560 [ 73.787811][ T8409] ? __do_sys_vmsplice+0x9d0/0x9d0 [ 73.792900][ T8409] do_splice+0xb7e/0x1940 [ 73.797209][ T8409] ? find_held_lock+0x2d/0x110 [ 73.801953][ T8409] ? splice_file_to_pipe+0x120/0x120 [ 73.807217][ T8409] __do_splice+0x134/0x250 [ 73.811614][ T8409] ? do_splice+0x1940/0x1940 [ 73.816184][ T8409] __x64_sys_splice+0x198/0x250 [ 73.821029][ T8409] do_syscall_64+0x2d/0x70 [ 73.825430][ T8409] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.831305][ T8409] RIP: 0033:0x44cc59 [ 73.835188][ T8409] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 73.854798][ T8409] RSP: 002b:00007f78690a22f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 73.863187][ T8409] RAX: ffffffffffffffda RBX: 00000000004cb4f8 RCX: 000000000044cc59 [ 73.871136][ T8409] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 73.879086][ T8409] RBP: 00000000004cb4f0 R08: 000000000004fee0 R09: 0000000000000000 [ 73.887035][ T8409] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004cb4fc [ 73.894998][ T8409] R13: 000000000049b004 R14: 6d32cc5e8ead0600 R15: 0000000000022000 [ 73.903616][ T8409] Kernel Offset: disabled [ 73.907928][ T8409] Rebooting in 86400 seconds..