Warning: Permanently added '10.128.10.53' (ECDSA) to the list of known hosts. executing program [ 41.755460][ T7245] ================================================================== [ 41.763679][ T7245] BUG: KASAN: slab-out-of-bounds in fl6_update_dst+0x159/0x1a0 [ 41.771206][ T7245] Read of size 16 at addr ffff8880a7a8df58 by task syz-executor098/7245 [ 41.779495][ T7245] [ 41.781797][ T7245] CPU: 1 PID: 7245 Comm: syz-executor098 Not tainted 5.7.0-rc6-syzkaller #0 [ 41.790575][ T7245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.800610][ T7245] Call Trace: [ 41.803949][ T7245] dump_stack+0x1e9/0x30e [ 41.808261][ T7245] print_address_description+0x74/0x5c0 [ 41.813780][ T7245] ? printk+0x62/0x83 [ 41.817735][ T7245] ? vprintk_emit+0x339/0x3c0 [ 41.822386][ T7245] __kasan_report+0x103/0x1a0 [ 41.827038][ T7245] ? fl6_update_dst+0x159/0x1a0 [ 41.832041][ T7245] ? lock_acquire+0x169/0x480 [ 41.836685][ T7245] ? fl6_update_dst+0x159/0x1a0 [ 41.841512][ T7245] kasan_report+0x4d/0x80 [ 41.845834][ T7245] ? lock_acquire+0x169/0x480 [ 41.850499][ T7245] ? check_memory_region+0x2b5/0x2f0 [ 41.855750][ T7245] ? fl6_update_dst+0x159/0x1a0 [ 41.860577][ T7245] ? memcpy+0x25/0x60 [ 41.864535][ T7245] ? fl6_update_dst+0x159/0x1a0 [ 41.869394][ T7245] ? sctp_v6_get_dst+0x618/0x19c0 [ 41.874406][ T7245] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 41.880194][ T7245] ? sctp_transport_route+0x10b/0x2b0 [ 41.885540][ T7245] ? sctp_assoc_add_peer+0x5ab/0x1560 [ 41.890880][ T7245] ? sctp_connect_new_asoc+0x2a1/0x600 [ 41.896317][ T7245] ? sctp_sendmsg+0x1aa0/0x3620 [ 41.901139][ T7245] ? inet_sendmsg+0xfa/0x310 [ 41.905697][ T7245] ? inet_send_prepare+0x250/0x250 [ 41.910953][ T7245] ? ____sys_sendmsg+0x4f9/0x7c0 [ 41.915880][ T7245] ? import_iovec+0x12a/0x2c0 [ 41.920547][ T7245] ? __sys_sendmmsg+0x45b/0x690 [ 41.925370][ T7245] ? __this_cpu_preempt_check+0x9/0x20 [ 41.930903][ T7245] ? sctp_setsockopt+0x15a/0xe850 [ 41.935899][ T7245] ? handle_mm_fault+0x122a/0x2910 [ 41.941141][ T7245] ? trace_lock_release+0x137/0x1a0 [ 41.946665][ T7245] ? sock_common_setsockopt+0x2b/0xb0 [ 41.952447][ T7245] ? __sys_setsockopt+0x274/0x710 [ 41.957676][ T7245] ? check_preemption_disabled+0xb0/0x240 [ 41.965280][ T7245] ? debug_smp_processor_id+0x5/0x20 [ 41.970638][ T7245] ? trace_irq_disable_rcuidle+0x1f/0x1d0 [ 41.976435][ T7245] ? __x64_sys_sendmmsg+0x9c/0xb0 [ 41.981619][ T7245] ? do_syscall_64+0xf3/0x1b0 [ 41.986287][ T7245] ? entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 41.992359][ T7245] [ 41.994661][ T7245] Allocated by task 7245: [ 41.998997][ T7245] __kasan_kmalloc+0x114/0x160 [ 42.003732][ T7245] __kmalloc+0x24b/0x330 [ 42.007964][ T7245] sock_kmalloc+0x98/0x100 [ 42.012371][ T7245] ipv6_renew_options+0x27c/0xa70 [ 42.017379][ T7245] do_ipv6_setsockopt+0x244d/0x3a20 [ 42.022560][ T7245] ipv6_setsockopt+0x49/0x160 [ 42.027314][ T7245] sctp_setsockopt+0x15a/0xe850 [ 42.032171][ T7245] __sys_setsockopt+0x564/0x710 [ 42.037037][ T7245] __x64_sys_setsockopt+0xb1/0xc0 [ 42.042229][ T7245] do_syscall_64+0xf3/0x1b0 [ 42.046719][ T7245] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 42.052579][ T7245] [ 42.054893][ T7245] Freed by task 7152: [ 42.058933][ T7245] __kasan_slab_free+0x125/0x190 [ 42.063838][ T7245] kfree+0x10a/0x220 [ 42.067964][ T7245] ext4_ext_map_blocks+0x421f/0x6db0 [ 42.073275][ T7245] ext4_map_blocks+0x43b/0x1b00 [ 42.078096][ T7245] ext4_bread_batch+0xea/0x7c0 [ 42.082829][ T7245] __ext4_find_entry+0x68f/0x1730 [ 42.087845][ T7245] ext4_lookup+0x321/0xbe0 [ 42.092371][ T7245] path_openat+0x141b/0x38b0 [ 42.097052][ T7245] do_filp_open+0x191/0x3a0 [ 42.101550][ T7245] do_sys_openat2+0x463/0x770 [ 42.106847][ T7245] __x64_sys_open+0x1af/0x1e0 [ 42.111779][ T7245] do_syscall_64+0xf3/0x1b0 [ 42.117504][ T7245] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 42.123643][ T7245] [ 42.126226][ T7245] The buggy address belongs to the object at ffff8880a7a8df00 [ 42.126226][ T7245] which belongs to the cache kmalloc-96 of size 96 [ 42.140265][ T7245] The buggy address is located 88 bytes inside of [ 42.140265][ T7245] 96-byte region [ffff8880a7a8df00, ffff8880a7a8df60) [ 42.153589][ T7245] The buggy address belongs to the page: [ 42.159237][ T7245] page:ffffea00029ea340 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a7a8d080 [ 42.169643][ T7245] flags: 0xfffe0000000200(slab) [ 42.174488][ T7245] raw: 00fffe0000000200 ffffea00024e03c8 ffffea00026315c8 ffff8880aa400540 [ 42.183041][ T7245] raw: ffff8880a7a8d080 ffff8880a7a8d000 0000000100000012 0000000000000000 [ 42.191616][ T7245] page dumped because: kasan: bad access detected [ 42.199069][ T7245] [ 42.201370][ T7245] Memory state around the buggy address: [ 42.206991][ T7245] ffff8880a7a8de00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 42.215033][ T7245] ffff8880a7a8de80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 42.223305][ T7245] >ffff8880a7a8df00: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 42.231349][ T7245] ^ [ 42.239065][ T7245] ffff8880a7a8df80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 42.248026][ T7245] ffff8880a7a8e000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 42.256434][ T7245] ================================================================== [ 42.265688][ T7245] Kernel panic - not syncing: panic_on_warn set ... [ 42.273063][ T7245] CPU: 1 PID: 7245 Comm: syz-executor098 Tainted: G B 5.7.0-rc6-syzkaller #0 [ 42.284513][ T7245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.294830][ T7245] Call Trace: [ 42.298111][ T7245] dump_stack+0x1e9/0x30e [ 42.302681][ T7245] panic+0x264/0x7a0 [ 42.306741][ T7245] ? trace_hardirqs_on+0x30/0x70 [ 42.311856][ T7245] __kasan_report+0x191/0x1a0 [ 42.316683][ T7245] ? fl6_update_dst+0x159/0x1a0 [ 42.322134][ T7245] ? lock_acquire+0x169/0x480 [ 42.327067][ T7245] ? fl6_update_dst+0x159/0x1a0 [ 42.332004][ T7245] kasan_report+0x4d/0x80 [ 42.336403][ T7245] ? lock_acquire+0x169/0x480 [ 42.341333][ T7245] ? check_memory_region+0x2b5/0x2f0 [ 42.346810][ T7245] ? fl6_update_dst+0x159/0x1a0 [ 42.351822][ T7245] ? memcpy+0x25/0x60 [ 42.355804][ T7245] ? fl6_update_dst+0x159/0x1a0 [ 42.360647][ T7245] ? sctp_v6_get_dst+0x618/0x19c0 [ 42.365752][ T7245] ? _raw_spin_unlock_irqrestore+0x6f/0xd0 [ 42.371637][ T7245] ? sctp_transport_route+0x10b/0x2b0 [ 42.376998][ T7245] ? sctp_assoc_add_peer+0x5ab/0x1560 [ 42.382635][ T7245] ? sctp_connect_new_asoc+0x2a1/0x600 [ 42.388534][ T7245] ? sctp_sendmsg+0x1aa0/0x3620 [ 42.393366][ T7245] ? inet_sendmsg+0xfa/0x310 [ 42.397938][ T7245] ? inet_send_prepare+0x250/0x250 [ 42.403039][ T7245] ? ____sys_sendmsg+0x4f9/0x7c0 [ 42.407951][ T7245] ? import_iovec+0x12a/0x2c0 [ 42.412613][ T7245] ? __sys_sendmmsg+0x45b/0x690 [ 42.417888][ T7245] ? __this_cpu_preempt_check+0x9/0x20 [ 42.423357][ T7245] ? sctp_setsockopt+0x15a/0xe850 [ 42.428358][ T7245] ? handle_mm_fault+0x122a/0x2910 [ 42.433443][ T7245] ? trace_lock_release+0x137/0x1a0 [ 42.438675][ T7245] ? sock_common_setsockopt+0x2b/0xb0 [ 42.444121][ T7245] ? __sys_setsockopt+0x274/0x710 [ 42.449145][ T7245] ? check_preemption_disabled+0xb0/0x240 [ 42.454860][ T7245] ? debug_smp_processor_id+0x5/0x20 [ 42.460345][ T7245] ? trace_irq_disable_rcuidle+0x1f/0x1d0 [ 42.466238][ T7245] ? __x64_sys_sendmmsg+0x9c/0xb0 [ 42.471242][ T7245] ? do_syscall_64+0xf3/0x1b0 [ 42.475913][ T7245] ? entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 42.482682][ T7245] Kernel Offset: disabled [ 42.487003][ T7245] Rebooting in 86400 seconds..