[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 71.694121][ T8418] ================================================================== [ 71.702485][ T8418] BUG: KASAN: slab-out-of-bounds in eth_header_parse_protocol+0xdc/0xe0 [ 71.710839][ T8418] Read of size 2 at addr ffff88801bb1700b by task syz-executor787/8418 [ 71.719070][ T8418] [ 71.721388][ T8418] CPU: 0 PID: 8418 Comm: syz-executor787 Not tainted 5.12.0-rc2-syzkaller #0 [ 71.730151][ T8418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.740199][ T8418] Call Trace: [ 71.743499][ T8418] dump_stack+0x141/0x1d7 [ 71.747881][ T8418] ? eth_header_parse_protocol+0xdc/0xe0 [ 71.753531][ T8418] print_address_description.constprop.0.cold+0x5b/0x2f8 [ 71.760545][ T8418] ? llc_sysctl_exit+0x60/0x60 [ 71.765297][ T8418] ? eth_header_parse_protocol+0xdc/0xe0 [ 71.770920][ T8418] ? eth_header_parse_protocol+0xdc/0xe0 [ 71.776551][ T8418] kasan_report.cold+0x7c/0xd8 [ 71.781325][ T8418] ? eth_header_parse_protocol+0xdc/0xe0 [ 71.786958][ T8418] ? llc_sysctl_exit+0x60/0x60 [ 71.791711][ T8418] eth_header_parse_protocol+0xdc/0xe0 [ 71.797158][ T8418] virtio_net_hdr_to_skb.constprop.0+0x99d/0xcd0 [ 71.803478][ T8418] ? tpacket_destruct_skb+0x860/0x860 [ 71.808843][ T8418] packet_sendmsg+0x2325/0x52b0 [ 71.813685][ T8418] ? lockdep_hardirqs_on_prepare+0x3a0/0x400 [ 71.819664][ T8418] ? aa_sk_perm+0x31b/0xab0 [ 71.824158][ T8418] ? packet_cached_dev_get+0x250/0x250 [ 71.829617][ T8418] ? aa_af_perm+0x230/0x230 [ 71.834136][ T8418] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.840367][ T8418] ? packet_cached_dev_get+0x250/0x250 [ 71.845816][ T8418] sock_sendmsg+0xcf/0x120 [ 71.850224][ T8418] sock_write_iter+0x289/0x3c0 [ 71.854980][ T8418] ? sock_sendmsg+0x120/0x120 [ 71.859673][ T8418] ? aa_path_link+0x2f0/0x2f0 [ 71.864338][ T8418] ? lock_downgrade+0x6e0/0x6e0 [ 71.869175][ T8418] ? rwlock_bug.part.0+0x90/0x90 [ 71.874113][ T8418] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.880359][ T8418] new_sync_write+0x426/0x650 [ 71.885025][ T8418] ? new_sync_read+0x6e0/0x6e0 [ 71.889775][ T8418] ? packet_do_bind+0x454/0xc00 [ 71.894615][ T8418] ? packet_do_bind+0x454/0xc00 [ 71.899461][ T8418] ? apparmor_file_permission+0x26e/0x4e0 [ 71.905171][ T8418] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.911492][ T8418] vfs_write+0x796/0xa30 [ 71.915729][ T8418] ksys_write+0x1ee/0x250 [ 71.920045][ T8418] ? __ia32_sys_read+0xb0/0xb0 [ 71.924865][ T8418] ? syscall_enter_from_user_mode+0x1d/0x50 [ 71.930780][ T8418] do_syscall_64+0x2d/0x70 [ 71.935194][ T8418] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 71.941084][ T8418] RIP: 0033:0x43fbf9 [ 71.944996][ T8418] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 71.964591][ T8418] RSP: 002b:00007ffde00e55b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 71.972999][ T8418] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043fbf9 [ 71.980987][ T8418] RDX: 000000000000054a RSI: 0000000020000200 RDI: 0000000000000003 [ 71.988964][ T8418] RBP: 0000000000000000 R08: 00007ffde00e5758 R09: 00007ffde00e5758 [ 71.996926][ T8418] R10: 00007ffde00e5758 R11: 0000000000000246 R12: 0000000000403480 [ 72.004887][ T8418] R13: 431bde82d7b634db R14: 00000000004ad018 R15: 0000000000400488 [ 72.012859][ T8418] [ 72.015168][ T8418] Allocated by task 1: [ 72.019217][ T8418] kasan_save_stack+0x1b/0x40 [ 72.023885][ T8418] __kasan_kmalloc+0x99/0xc0 [ 72.028466][ T8418] tomoyo_realpath_from_path+0xc3/0x620 [ 72.034015][ T8418] tomoyo_path_perm+0x21b/0x400 [ 72.038867][ T8418] security_inode_getattr+0xcf/0x140 [ 72.044242][ T8418] vfs_statx+0x164/0x390 [ 72.048473][ T8418] __do_sys_newlstat+0x91/0x110 [ 72.053308][ T8418] do_syscall_64+0x2d/0x70 [ 72.057728][ T8418] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.063794][ T8418] [ 72.066103][ T8418] Freed by task 1: [ 72.069829][ T8418] kasan_save_stack+0x1b/0x40 [ 72.074494][ T8418] kasan_set_track+0x1c/0x30 [ 72.079083][ T8418] kasan_set_free_info+0x20/0x30 [ 72.084005][ T8418] __kasan_slab_free+0xf5/0x130 [ 72.088838][ T8418] slab_free_freelist_hook+0x92/0x210 [ 72.094196][ T8418] kfree+0xe5/0x7f0 [ 72.097988][ T8418] tomoyo_realpath_from_path+0x191/0x620 [ 72.103611][ T8418] tomoyo_path_perm+0x21b/0x400 [ 72.108465][ T8418] security_inode_getattr+0xcf/0x140 [ 72.113736][ T8418] vfs_statx+0x164/0x390 [ 72.117970][ T8418] __do_sys_newlstat+0x91/0x110 [ 72.122808][ T8418] do_syscall_64+0x2d/0x70 [ 72.127216][ T8418] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.133092][ T8418] [ 72.135398][ T8418] The buggy address belongs to the object at ffff88801bb16000 [ 72.135398][ T8418] which belongs to the cache kmalloc-4k of size 4096 [ 72.149431][ T8418] The buggy address is located 11 bytes to the right of [ 72.149431][ T8418] 4096-byte region [ffff88801bb16000, ffff88801bb17000) [ 72.163227][ T8418] The buggy address belongs to the page: [ 72.168838][ T8418] page:00000000c5182ec6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1bb10 [ 72.178972][ T8418] head:00000000c5182ec6 order:3 compound_mapcount:0 compound_pincount:0 [ 72.187281][ T8418] flags: 0xfff00000010200(slab|head) [ 72.192583][ T8418] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010842140 [ 72.201149][ T8418] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 72.209712][ T8418] page dumped because: kasan: bad access detected [ 72.216102][ T8418] [ 72.218436][ T8418] Memory state around the buggy address: [ 72.224921][ T8418] ffff88801bb16f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.232967][ T8418] ffff88801bb16f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.241011][ T8418] >ffff88801bb17000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.249055][ T8418] ^ [ 72.253367][ T8418] ffff88801bb17080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.261433][ T8418] ffff88801bb17100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.269473][ T8418] ================================================================== [ 72.277511][ T8418] Disabling lock debugging due to kernel taint [ 72.284131][ T8418] Kernel panic - not syncing: panic_on_warn set ... [ 72.290722][ T8418] CPU: 0 PID: 8418 Comm: syz-executor787 Tainted: G B 5.12.0-rc2-syzkaller #0 [ 72.300887][ T8418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.310941][ T8418] Call Trace: [ 72.314223][ T8418] dump_stack+0x141/0x1d7 [ 72.318538][ T8418] panic+0x306/0x73d [ 72.322416][ T8418] ? __warn_printk+0xf3/0xf3 [ 72.326989][ T8418] ? preempt_schedule_common+0x59/0xc0 [ 72.332431][ T8418] ? llc_sysctl_exit+0x60/0x60 [ 72.337208][ T8418] ? eth_header_parse_protocol+0xdc/0xe0 [ 72.342821][ T8418] ? preempt_schedule_thunk+0x16/0x18 [ 72.348175][ T8418] ? trace_hardirqs_on+0x38/0x1c0 [ 72.353186][ T8418] ? trace_hardirqs_on+0x51/0x1c0 [ 72.358197][ T8418] ? llc_sysctl_exit+0x60/0x60 [ 72.362948][ T8418] ? eth_header_parse_protocol+0xdc/0xe0 [ 72.368571][ T8418] ? eth_header_parse_protocol+0xdc/0xe0 [ 72.374225][ T8418] end_report.cold+0x5a/0x5a [ 72.378826][ T8418] kasan_report.cold+0x6a/0xd8 [ 72.383602][ T8418] ? eth_header_parse_protocol+0xdc/0xe0 [ 72.389254][ T8418] ? llc_sysctl_exit+0x60/0x60 [ 72.394030][ T8418] eth_header_parse_protocol+0xdc/0xe0 [ 72.399507][ T8418] virtio_net_hdr_to_skb.constprop.0+0x99d/0xcd0 [ 72.405853][ T8418] ? tpacket_destruct_skb+0x860/0x860 [ 72.411241][ T8418] packet_sendmsg+0x2325/0x52b0 [ 72.416116][ T8418] ? lockdep_hardirqs_on_prepare+0x3a0/0x400 [ 72.422124][ T8418] ? aa_sk_perm+0x31b/0xab0 [ 72.426645][ T8418] ? packet_cached_dev_get+0x250/0x250 [ 72.432119][ T8418] ? aa_af_perm+0x230/0x230 [ 72.436630][ T8418] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.442863][ T8418] ? packet_cached_dev_get+0x250/0x250 [ 72.448307][ T8418] sock_sendmsg+0xcf/0x120 [ 72.452706][ T8418] sock_write_iter+0x289/0x3c0 [ 72.457451][ T8418] ? sock_sendmsg+0x120/0x120 [ 72.462124][ T8418] ? aa_path_link+0x2f0/0x2f0 [ 72.466799][ T8418] ? lock_downgrade+0x6e0/0x6e0 [ 72.471634][ T8418] ? rwlock_bug.part.0+0x90/0x90 [ 72.476572][ T8418] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.482798][ T8418] new_sync_write+0x426/0x650 [ 72.487472][ T8418] ? new_sync_read+0x6e0/0x6e0 [ 72.492225][ T8418] ? packet_do_bind+0x454/0xc00 [ 72.497061][ T8418] ? packet_do_bind+0x454/0xc00 [ 72.501895][ T8418] ? apparmor_file_permission+0x26e/0x4e0 [ 72.507601][ T8418] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.513830][ T8418] vfs_write+0x796/0xa30 [ 72.518068][ T8418] ksys_write+0x1ee/0x250 [ 72.522389][ T8418] ? __ia32_sys_read+0xb0/0xb0 [ 72.527159][ T8418] ? syscall_enter_from_user_mode+0x1d/0x50 [ 72.533043][ T8418] do_syscall_64+0x2d/0x70 [ 72.537448][ T8418] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.543328][ T8418] RIP: 0033:0x43fbf9 [ 72.547209][ T8418] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 72.566860][ T8418] RSP: 002b:00007ffde00e55b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 72.575260][ T8418] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043fbf9 [ 72.583217][ T8418] RDX: 000000000000054a RSI: 0000000020000200 RDI: 0000000000000003 [ 72.591196][ T8418] RBP: 0000000000000000 R08: 00007ffde00e5758 R09: 00007ffde00e5758 [ 72.599150][ T8418] R10: 00007ffde00e5758 R11: 0000000000000246 R12: 0000000000403480 [ 72.607116][ T8418] R13: 431bde82d7b634db R14: 00000000004ad018 R15: 0000000000400488 [ 72.615698][ T8418] Kernel Offset: disabled [ 72.620010][ T8418] Rebooting in 86400 seconds..