[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.94' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 71.733054][ T8432] ================================================================== [ 71.741383][ T8432] BUG: KASAN: slab-out-of-bounds in sk_psock_get+0x123/0x410 [ 71.748851][ T8432] Read of size 4 at addr ffff8880200c02b8 by task syz-executor960/8432 [ 71.757076][ T8432] [ 71.759389][ T8432] CPU: 0 PID: 8432 Comm: syz-executor960 Not tainted 5.14.0-rc6-syzkaller #0 [ 71.768246][ T8432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 71.778342][ T8432] Call Trace: [ 71.782081][ T8432] dump_stack_lvl+0xcd/0x134 [ 71.786684][ T8432] print_address_description.constprop.0.cold+0x6c/0x309 [ 71.793697][ T8432] ? sk_psock_get+0x123/0x410 [ 71.798366][ T8432] ? sk_psock_get+0x123/0x410 [ 71.803034][ T8432] kasan_report.cold+0x83/0xdf [ 71.807876][ T8432] ? sk_psock_get+0x123/0x410 [ 71.812646][ T8432] kasan_check_range+0x13d/0x180 [ 71.817572][ T8432] sk_psock_get+0x123/0x410 [ 71.822064][ T8432] ? tls_encrypt_done+0x560/0x560 [ 71.827073][ T8432] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 71.833050][ T8432] ? aa_profile_af_perm+0x2e0/0x2e0 [ 71.838244][ T8432] tls_sw_recvmsg+0x19e/0x1670 [ 71.843010][ T8432] ? __lock_acquire+0x162f/0x54a0 [ 71.848044][ T8432] ? decrypt_skb+0xc0/0xc0 [ 71.852450][ T8432] ? aa_sk_perm+0x311/0xab0 [ 71.856966][ T8432] inet_recvmsg+0x11b/0x5e0 [ 71.861470][ T8432] ? inet_sendpage+0x140/0x140 [ 71.866334][ T8432] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.872564][ T8432] ? security_socket_recvmsg+0x8f/0xc0 [ 71.878055][ T8432] ? inet_sendpage+0x140/0x140 [ 71.882822][ T8432] ____sys_recvmsg+0x2c4/0x600 [ 71.887580][ T8432] ? kernel_recvmsg+0x160/0x160 [ 71.892478][ T8432] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.898727][ T8432] ? __import_iovec+0x2b5/0x580 [ 71.903581][ T8432] ? import_iovec+0x10c/0x150 [ 71.908249][ T8432] ___sys_recvmsg+0x127/0x200 [ 71.912917][ T8432] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 71.918534][ T8432] ? mark_lock+0xef/0x17b0 [ 71.922937][ T8432] ? lock_chain_count+0x20/0x20 [ 71.927790][ T8432] ? lockdep_hardirqs_on+0x79/0x100 [ 71.932975][ T8432] ? kcm_ioctl+0xee6/0x1180 [ 71.937463][ T8432] ? __local_bh_enable_ip+0xa0/0x120 [ 71.942747][ T8432] ? kcm_ioctl+0xb5/0x1180 [ 71.947162][ T8432] ? tomoyo_path_number_perm+0x24e/0x590 [ 71.952779][ T8432] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 71.959013][ T8432] ? __fget_light+0x215/0x280 [ 71.963676][ T8432] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 71.969914][ T8432] do_recvmmsg+0x24d/0x6d0 [ 71.974318][ T8432] ? ___sys_recvmsg+0x200/0x200 [ 71.979161][ T8432] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 71.985144][ T8432] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 71.991151][ T8432] ? __context_tracking_exit+0xb8/0xe0 [ 71.996607][ T8432] ? lock_downgrade+0x6e0/0x6e0 [ 72.001447][ T8432] ? lock_downgrade+0x6e0/0x6e0 [ 72.006294][ T8432] __x64_sys_recvmmsg+0x20b/0x260 [ 72.011311][ T8432] ? __do_sys_socketcall+0x590/0x590 [ 72.016597][ T8432] ? syscall_enter_from_user_mode+0x21/0x70 [ 72.022491][ T8432] do_syscall_64+0x35/0xb0 [ 72.026899][ T8432] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.032785][ T8432] RIP: 0033:0x43f4f9 [ 72.036680][ T8432] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 72.056274][ T8432] RSP: 002b:00007ffd9822c838 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 72.064676][ T8432] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f4f9 [ 72.072659][ T8432] RDX: 000000000000000a RSI: 00000000200030c0 RDI: 0000000000000005 [ 72.080614][ T8432] RBP: 00000000004034e0 R08: 0000000000000000 R09: 0000000000400488 [ 72.088573][ T8432] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000403570 [ 72.096527][ T8432] R13: 0000000000000000 R14: 00000000004ad018 R15: 0000000000400488 [ 72.104491][ T8432] [ 72.106798][ T8432] Allocated by task 8432: [ 72.111101][ T8432] kasan_save_stack+0x1b/0x40 [ 72.115764][ T8432] __kasan_slab_alloc+0x84/0xa0 [ 72.120606][ T8432] kmem_cache_alloc+0x285/0x4a0 [ 72.125437][ T8432] kcm_ioctl+0x7f1/0x1180 [ 72.129747][ T8432] sock_do_ioctl+0xcc/0x210 [ 72.134232][ T8432] sock_ioctl+0x2f1/0x640 [ 72.138552][ T8432] __x64_sys_ioctl+0x193/0x200 [ 72.143297][ T8432] do_syscall_64+0x35/0xb0 [ 72.147693][ T8432] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.153587][ T8432] [ 72.155891][ T8432] Last potentially related work creation: [ 72.161579][ T8432] kasan_save_stack+0x1b/0x40 [ 72.166241][ T8432] kasan_record_aux_stack+0xe5/0x110 [ 72.171521][ T8432] insert_work+0x48/0x370 [ 72.175845][ T8432] __queue_work+0x5c1/0xed0 [ 72.180341][ T8432] queue_work_on+0xee/0x110 [ 72.184826][ T8432] kcm_ioctl+0xede/0x1180 [ 72.189136][ T8432] sock_do_ioctl+0xcc/0x210 [ 72.193619][ T8432] sock_ioctl+0x2f1/0x640 [ 72.197926][ T8432] __x64_sys_ioctl+0x193/0x200 [ 72.202681][ T8432] do_syscall_64+0x35/0xb0 [ 72.207078][ T8432] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.212954][ T8432] [ 72.215258][ T8432] The buggy address belongs to the object at ffff8880200c0000 [ 72.215258][ T8432] which belongs to the cache kcm_psock_cache of size 568 [ 72.229632][ T8432] The buggy address is located 128 bytes to the right of [ 72.229632][ T8432] 568-byte region [ffff8880200c0000, ffff8880200c0238) [ 72.243561][ T8432] The buggy address belongs to the page: [ 72.249350][ T8432] page:ffffea0000803000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x200c0 [ 72.259608][ T8432] head:ffffea0000803000 order:2 compound_mapcount:0 compound_pincount:0 [ 72.267928][ T8432] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 72.275896][ T8432] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff8880286053c0 [ 72.284476][ T8432] raw: 0000000000000000 0000000080170017 00000001ffffffff 0000000000000000 [ 72.293037][ T8432] page dumped because: kasan: bad access detected [ 72.299431][ T8432] page_owner tracks the page as allocated [ 72.305135][ T8432] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8432, ts 71732846064, free_ts 71589402650 [ 72.324229][ T8432] get_page_from_freelist+0xa72/0x2f80 [ 72.329686][ T8432] __alloc_pages+0x1b2/0x500 [ 72.334258][ T8432] alloc_pages+0x18c/0x2a0 [ 72.338655][ T8432] allocate_slab+0x32e/0x4b0 [ 72.343228][ T8432] ___slab_alloc+0x473/0x7b0 [ 72.347801][ T8432] __slab_alloc.constprop.0+0xa7/0xf0 [ 72.353155][ T8432] kmem_cache_alloc+0x3e1/0x4a0 [ 72.357986][ T8432] kcm_ioctl+0x7f1/0x1180 [ 72.362299][ T8432] sock_do_ioctl+0xcc/0x210 [ 72.366782][ T8432] sock_ioctl+0x2f1/0x640 [ 72.371093][ T8432] __x64_sys_ioctl+0x193/0x200 [ 72.375840][ T8432] do_syscall_64+0x35/0xb0 [ 72.380246][ T8432] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.386133][ T8432] page last free stack trace: [ 72.390789][ T8432] free_pcp_prepare+0x2c5/0x780 [ 72.395628][ T8432] free_unref_page+0x19/0x690 [ 72.400295][ T8432] __put_page+0xf9/0x3f0 [ 72.404518][ T8432] skb_release_data+0x49d/0x790 [ 72.409360][ T8432] consume_skb+0xc2/0x160 [ 72.413671][ T8432] unix_stream_read_generic+0x1a56/0x2140 [ 72.419374][ T8432] unix_stream_recvmsg+0xb1/0xf0 [ 72.424292][ T8432] sock_read_iter+0x33c/0x470 [ 72.428951][ T8432] new_sync_read+0x5b7/0x6e0 [ 72.433529][ T8432] vfs_read+0x35c/0x570 [ 72.437666][ T8432] ksys_read+0x1ee/0x250 [ 72.441889][ T8432] do_syscall_64+0x35/0xb0 [ 72.446302][ T8432] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.452181][ T8432] [ 72.454485][ T8432] Memory state around the buggy address: [ 72.460103][ T8432] ffff8880200c0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 72.468144][ T8432] ffff8880200c0200: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 72.476182][ T8432] >ffff8880200c0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.484220][ T8432] ^ [ 72.490088][ T8432] ffff8880200c0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.498127][ T8432] ffff8880200c0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.506162][ T8432] ================================================================== [ 72.514196][ T8432] Disabling lock debugging due to kernel taint [ 72.520655][ T8432] Kernel panic - not syncing: panic_on_warn set ... [ 72.527287][ T8432] CPU: 1 PID: 8432 Comm: syz-executor960 Tainted: G B 5.14.0-rc6-syzkaller #0 [ 72.537433][ T8432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.547478][ T8432] Call Trace: [ 72.550742][ T8432] dump_stack_lvl+0xcd/0x134 [ 72.555329][ T8432] panic+0x306/0x73d [ 72.559217][ T8432] ? __warn_printk+0xf3/0xf3 [ 72.563798][ T8432] ? preempt_schedule_common+0x59/0xc0 [ 72.569248][ T8432] ? sk_psock_get+0x123/0x410 [ 72.573918][ T8432] ? preempt_schedule_thunk+0x16/0x18 [ 72.579282][ T8432] ? trace_hardirqs_on+0x38/0x1c0 [ 72.584294][ T8432] ? trace_hardirqs_on+0x51/0x1c0 [ 72.589307][ T8432] ? sk_psock_get+0x123/0x410 [ 72.593972][ T8432] ? sk_psock_get+0x123/0x410 [ 72.598638][ T8432] end_report.cold+0x5a/0x5a [ 72.603219][ T8432] kasan_report.cold+0x71/0xdf [ 72.607975][ T8432] ? sk_psock_get+0x123/0x410 [ 72.612642][ T8432] kasan_check_range+0x13d/0x180 [ 72.617571][ T8432] sk_psock_get+0x123/0x410 [ 72.622067][ T8432] ? tls_encrypt_done+0x560/0x560 [ 72.627080][ T8432] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.633050][ T8432] ? aa_profile_af_perm+0x2e0/0x2e0 [ 72.638242][ T8432] tls_sw_recvmsg+0x19e/0x1670 [ 72.643000][ T8432] ? __lock_acquire+0x162f/0x54a0 [ 72.648016][ T8432] ? decrypt_skb+0xc0/0xc0 [ 72.652436][ T8432] ? aa_sk_perm+0x311/0xab0 [ 72.656944][ T8432] inet_recvmsg+0x11b/0x5e0 [ 72.661438][ T8432] ? inet_sendpage+0x140/0x140 [ 72.666201][ T8432] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.672451][ T8432] ? security_socket_recvmsg+0x8f/0xc0 [ 72.677904][ T8432] ? inet_sendpage+0x140/0x140 [ 72.682658][ T8432] ____sys_recvmsg+0x2c4/0x600 [ 72.687415][ T8432] ? kernel_recvmsg+0x160/0x160 [ 72.692264][ T8432] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.698496][ T8432] ? __import_iovec+0x2b5/0x580 [ 72.703339][ T8432] ? import_iovec+0x10c/0x150 [ 72.708003][ T8432] ___sys_recvmsg+0x127/0x200 [ 72.712672][ T8432] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 72.718310][ T8432] ? mark_lock+0xef/0x17b0 [ 72.722717][ T8432] ? lock_chain_count+0x20/0x20 [ 72.727568][ T8432] ? lockdep_hardirqs_on+0x79/0x100 [ 72.732758][ T8432] ? kcm_ioctl+0xee6/0x1180 [ 72.737252][ T8432] ? __local_bh_enable_ip+0xa0/0x120 [ 72.742549][ T8432] ? kcm_ioctl+0xb5/0x1180 [ 72.746954][ T8432] ? tomoyo_path_number_perm+0x24e/0x590 [ 72.752579][ T8432] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.758810][ T8432] ? __fget_light+0x215/0x280 [ 72.763478][ T8432] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.769708][ T8432] do_recvmmsg+0x24d/0x6d0 [ 72.774125][ T8432] ? ___sys_recvmsg+0x200/0x200 [ 72.779332][ T8432] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.785301][ T8432] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.791272][ T8432] ? __context_tracking_exit+0xb8/0xe0 [ 72.796734][ T8432] ? lock_downgrade+0x6e0/0x6e0 [ 72.801584][ T8432] ? lock_downgrade+0x6e0/0x6e0 [ 72.806431][ T8432] __x64_sys_recvmmsg+0x20b/0x260 [ 72.811450][ T8432] ? __do_sys_socketcall+0x590/0x590 [ 72.816724][ T8432] ? syscall_enter_from_user_mode+0x21/0x70 [ 72.822608][ T8432] do_syscall_64+0x35/0xb0 [ 72.827021][ T8432] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.832917][ T8432] RIP: 0033:0x43f4f9 [ 72.836798][ T8432] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 72.856485][ T8432] RSP: 002b:00007ffd9822c838 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 72.864881][ T8432] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f4f9 [ 72.872836][ T8432] RDX: 000000000000000a RSI: 00000000200030c0 RDI: 0000000000000005 [ 72.880791][ T8432] RBP: 00000000004034e0 R08: 0000000000000000 R09: 0000000000400488 [ 72.888748][ T8432] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000403570 [ 72.896713][ T8432] R13: 0000000000000000 R14: 00000000004ad018 R15: 0000000000400488 [ 72.904746][ T8432] Kernel Offset: disabled [ 72.909064][ T8432] Rebooting in 86400 seconds..