[ OK ] Started Daily apt upgrade and clean activities. [ OK ] Reached target Timers. Starting OpenBSD Secure Shell server... [ OK ] Started Regular background program processing daemon. Starting getty on tty2-tty6 if dbus and logind are not available... [ OK ] Started System Logging Service. [ OK ] Started Permit User Sessions. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Found device /dev/ttyS0. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.15.195' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 58.646499][ T29] audit: type=1400 audit(1590009113.421:8): avc: denied { execmem } for pid=7209 comm="syz-executor869" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 58.648585][ T7209] ================================================================== [ 58.675163][ T7209] BUG: KASAN: slab-out-of-bounds in fl6_update_dst+0x2bb/0x2c0 [ 58.682678][ T7209] Read of size 16 at addr ffff8880a8a78a58 by task syz-executor869/7209 [ 58.691036][ T7209] [ 58.693344][ T7209] CPU: 0 PID: 7209 Comm: syz-executor869 Not tainted 5.7.0-rc6-syzkaller #0 [ 58.702020][ T7209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.712137][ T7209] Call Trace: [ 58.715408][ T7209] dump_stack+0x188/0x20d [ 58.719755][ T7209] print_address_description.constprop.0.cold+0xd3/0x413 [ 58.726755][ T7209] ? lock_acquire+0x1f2/0x8f0 [ 58.731407][ T7209] ? vprintk_func+0x81/0x17e [ 58.735974][ T7209] ? fl6_update_dst+0x2bb/0x2c0 [ 58.740808][ T7209] __kasan_report.cold+0x20/0x38 [ 58.745720][ T7209] ? fl6_update_dst+0x2bb/0x2c0 [ 58.750544][ T7209] ? fl6_update_dst+0x2bb/0x2c0 [ 58.755367][ T7209] kasan_report+0x33/0x50 [ 58.759688][ T7209] fl6_update_dst+0x2bb/0x2c0 [ 58.764340][ T7209] sctp_v6_get_dst+0x5e7/0x1c30 [ 58.769176][ T7209] ? sctp_v6_copy_addrlist+0x650/0x650 [ 58.774619][ T7209] ? _raw_spin_lock_irqsave+0x94/0xbf [ 58.779963][ T7209] ? trace_hardirqs_on+0x55/0x220 [ 58.784968][ T7209] ? memset+0x20/0x40 [ 58.788940][ T7209] ? sctp_transport_route+0x125/0x350 [ 58.794284][ T7209] sctp_transport_route+0x125/0x350 [ 58.799469][ T7209] sctp_assoc_add_peer+0x5a0/0x1030 [ 58.804643][ T7209] sctp_connect_new_asoc+0x19b/0x580 [ 58.809901][ T7209] ? security_sctp_bind_connect+0x8e/0xc0 [ 58.815594][ T7209] sctp_sendmsg+0x1396/0x1f30 [ 58.820246][ T7209] ? __sctp_setsockopt_connectx+0x180/0x180 [ 58.826127][ T7209] ? __might_fault+0x190/0x1d0 [ 58.830871][ T7209] ? sock_has_perm+0x1ec/0x280 [ 58.835640][ T7209] ? tomoyo_socket_sendmsg_permission+0x130/0x38e [ 58.842029][ T7209] ? import_iovec+0x236/0x3d0 [ 58.846692][ T7209] inet_sendmsg+0x99/0xe0 [ 58.851059][ T7209] ? inet_send_prepare+0x4d0/0x4d0 [ 58.856191][ T7209] sock_sendmsg+0xcf/0x120 [ 58.860639][ T7209] ____sys_sendmsg+0x308/0x7e0 [ 58.865416][ T7209] ? kernel_sendmsg+0x50/0x50 [ 58.870077][ T7209] ___sys_sendmsg+0x100/0x170 [ 58.874749][ T7209] ? __mod_lruvec_state+0x131/0x2f0 [ 58.879948][ T7209] ? sendmsg_copy_msghdr+0x70/0x70 [ 58.885051][ T7209] ? lock_downgrade+0x840/0x840 [ 58.889889][ T7209] ? pagevec_lru_move_fn+0x20a/0x290 [ 58.895157][ T7209] ? sctp_setsockopt+0x146/0x7090 [ 58.900253][ T7209] ? __fget_light+0x1ab/0x270 [ 58.904920][ T7209] __sys_sendmmsg+0x195/0x480 [ 58.909573][ T7209] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 58.914590][ T7209] ? __sys_setsockopt+0x2eb/0x480 [ 58.919600][ T7209] ? sock_create_kern+0x40/0x40 [ 58.924425][ T7209] ? up_read+0x1ab/0x750 [ 58.928732][ T7209] ? handle_mm_fault+0x29e/0x660 [ 58.933644][ T7209] __x64_sys_sendmmsg+0x99/0x100 [ 58.938572][ T7209] do_syscall_64+0xf6/0x7d0 [ 58.943064][ T7209] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.949018][ T7209] RIP: 0033:0x440309 [ 58.952906][ T7209] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.972490][ T7209] RSP: 002b:00007fff457778c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 58.980896][ T7209] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309 [ 58.988890][ T7209] RDX: 0000000000000001 RSI: 0000000020000140 RDI: 0000000000000003 [ 58.996839][ T7209] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 59.004786][ T7209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90 [ 59.012882][ T7209] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000 [ 59.020838][ T7209] [ 59.023154][ T7209] Allocated by task 7209: [ 59.027472][ T7209] save_stack+0x1b/0x40 [ 59.031618][ T7209] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 59.037231][ T7209] __kmalloc+0x161/0x7a0 [ 59.041448][ T7209] sock_kmalloc+0xb5/0x100 [ 59.045885][ T7209] ipv6_renew_options+0x274/0x940 [ 59.050931][ T7209] do_ipv6_setsockopt.isra.0+0x2eaf/0x42f0 [ 59.056743][ T7209] ipv6_setsockopt+0xfb/0x180 [ 59.061408][ T7209] sctp_setsockopt+0x13e/0x7090 [ 59.066373][ T7209] __sys_setsockopt+0x248/0x480 [ 59.071200][ T7209] __x64_sys_setsockopt+0xba/0x150 [ 59.076303][ T7209] do_syscall_64+0xf6/0x7d0 [ 59.080784][ T7209] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.086642][ T7209] [ 59.088958][ T7209] Freed by task 5232: [ 59.092924][ T7209] save_stack+0x1b/0x40 [ 59.097049][ T7209] __kasan_slab_free+0xf7/0x140 [ 59.101880][ T7209] kfree+0x109/0x2b0 [ 59.105758][ T7209] tomoyo_path_perm+0x236/0x400 [ 59.110579][ T7209] security_inode_getattr+0xeb/0x150 [ 59.115957][ T7209] vfs_getattr+0x22/0x60 [ 59.120177][ T7209] vfs_statx_fd+0x6a/0xb0 [ 59.124478][ T7209] __do_sys_newfstat+0x8b/0x100 [ 59.129315][ T7209] do_syscall_64+0xf6/0x7d0 [ 59.133808][ T7209] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.139677][ T7209] [ 59.141994][ T7209] The buggy address belongs to the object at ffff8880a8a78a00 [ 59.141994][ T7209] which belongs to the cache kmalloc-96 of size 96 [ 59.155865][ T7209] The buggy address is located 88 bytes inside of [ 59.155865][ T7209] 96-byte region [ffff8880a8a78a00, ffff8880a8a78a60) [ 59.168939][ T7209] The buggy address belongs to the page: [ 59.174562][ T7209] page:ffffea0002a29e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a8a78e80 [ 59.184952][ T7209] flags: 0xfffe0000000200(slab) [ 59.189854][ T7209] raw: 00fffe0000000200 ffffea00027821c8 ffff8880aa001440 ffff8880aa000540 [ 59.198415][ T7209] raw: ffff8880a8a78e80 ffff8880a8a78000 000000010000001b 0000000000000000 [ 59.206989][ T7209] page dumped because: kasan: bad access detected [ 59.214020][ T7209] [ 59.216335][ T7209] Memory state around the buggy address: [ 59.221940][ T7209] ffff8880a8a78900: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 59.229987][ T7209] ffff8880a8a78980: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 59.238021][ T7209] >ffff8880a8a78a00: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 59.246054][ T7209] ^ [ 59.252969][ T7209] ffff8880a8a78a80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 59.261033][ T7209] ffff8880a8a78b00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 59.269096][ T7209] ================================================================== [ 59.277930][ T7209] Kernel panic - not syncing: panic_on_warn set ... [ 59.284527][ T7209] CPU: 0 PID: 7209 Comm: syz-executor869 Tainted: G B 5.7.0-rc6-syzkaller #0 [ 59.294579][ T7209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.304629][ T7209] Call Trace: [ 59.307921][ T7209] dump_stack+0x188/0x20d [ 59.312251][ T7209] panic+0x2e3/0x75c [ 59.316147][ T7209] ? add_taint.cold+0x16/0x16 [ 59.320836][ T7209] ? preempt_schedule_common+0x5e/0xc0 [ 59.326286][ T7209] ? fl6_update_dst+0x2bb/0x2c0 [ 59.331124][ T7209] ? preempt_schedule_thunk+0x16/0x18 [ 59.336642][ T7209] ? trace_hardirqs_on+0x55/0x220 [ 59.341658][ T7209] ? fl6_update_dst+0x2bb/0x2c0 [ 59.346513][ T7209] end_report+0x4d/0x53 [ 59.350652][ T7209] __kasan_report.cold+0xd/0x38 [ 59.355480][ T7209] ? fl6_update_dst+0x2bb/0x2c0 [ 59.360314][ T7209] ? fl6_update_dst+0x2bb/0x2c0 [ 59.365148][ T7209] kasan_report+0x33/0x50 [ 59.369472][ T7209] fl6_update_dst+0x2bb/0x2c0 [ 59.374139][ T7209] sctp_v6_get_dst+0x5e7/0x1c30 [ 59.378983][ T7209] ? sctp_v6_copy_addrlist+0x650/0x650 [ 59.384426][ T7209] ? _raw_spin_lock_irqsave+0x94/0xbf [ 59.389786][ T7209] ? trace_hardirqs_on+0x55/0x220 [ 59.394781][ T7209] ? memset+0x20/0x40 [ 59.398741][ T7209] ? sctp_transport_route+0x125/0x350 [ 59.404085][ T7209] sctp_transport_route+0x125/0x350 [ 59.409257][ T7209] sctp_assoc_add_peer+0x5a0/0x1030 [ 59.414433][ T7209] sctp_connect_new_asoc+0x19b/0x580 [ 59.419703][ T7209] ? security_sctp_bind_connect+0x8e/0xc0 [ 59.425570][ T7209] sctp_sendmsg+0x1396/0x1f30 [ 59.430326][ T7209] ? __sctp_setsockopt_connectx+0x180/0x180 [ 59.436213][ T7209] ? __might_fault+0x190/0x1d0 [ 59.440954][ T7209] ? sock_has_perm+0x1ec/0x280 [ 59.445695][ T7209] ? tomoyo_socket_sendmsg_permission+0x130/0x38e [ 59.452086][ T7209] ? import_iovec+0x236/0x3d0 [ 59.456738][ T7209] inet_sendmsg+0x99/0xe0 [ 59.461043][ T7209] ? inet_send_prepare+0x4d0/0x4d0 [ 59.466142][ T7209] sock_sendmsg+0xcf/0x120 [ 59.470535][ T7209] ____sys_sendmsg+0x308/0x7e0 [ 59.475274][ T7209] ? kernel_sendmsg+0x50/0x50 [ 59.479939][ T7209] ___sys_sendmsg+0x100/0x170 [ 59.487130][ T7209] ? __mod_lruvec_state+0x131/0x2f0 [ 59.492302][ T7209] ? sendmsg_copy_msghdr+0x70/0x70 [ 59.497407][ T7209] ? lock_downgrade+0x840/0x840 [ 59.502231][ T7209] ? pagevec_lru_move_fn+0x20a/0x290 [ 59.507494][ T7209] ? sctp_setsockopt+0x146/0x7090 [ 59.512509][ T7209] ? __fget_light+0x1ab/0x270 [ 59.517176][ T7209] __sys_sendmmsg+0x195/0x480 [ 59.521835][ T7209] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 59.526852][ T7209] ? __sys_setsockopt+0x2eb/0x480 [ 59.531848][ T7209] ? sock_create_kern+0x40/0x40 [ 59.536680][ T7209] ? up_read+0x1ab/0x750 [ 59.540905][ T7209] ? handle_mm_fault+0x29e/0x660 [ 59.545978][ T7209] __x64_sys_sendmmsg+0x99/0x100 [ 59.550900][ T7209] do_syscall_64+0xf6/0x7d0 [ 59.555404][ T7209] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.561298][ T7209] RIP: 0033:0x440309 [ 59.565237][ T7209] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.584912][ T7209] RSP: 002b:00007fff457778c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 59.593304][ T7209] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440309 [ 59.601258][ T7209] RDX: 0000000000000001 RSI: 0000000020000140 RDI: 0000000000000003 [ 59.609369][ T7209] RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 [ 59.617318][ T7209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b90 [ 59.625263][ T7209] R13: 0000000000401c20 R14: 0000000000000000 R15: 0000000000000000 [ 59.633894][ T7209] Kernel Offset: disabled [ 59.638228][ T7209] Rebooting in 86400 seconds..