[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.30' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 72.410125][ T8452] ================================================================== [ 72.418278][ T8452] BUG: KASAN: slab-out-of-bounds in sk_psock_get+0x123/0x410 [ 72.425683][ T8452] Read of size 4 at addr ffff888011d9c2b8 by task syz-executor654/8452 [ 72.433901][ T8452] [ 72.436206][ T8452] CPU: 0 PID: 8452 Comm: syz-executor654 Not tainted 5.14.0-rc6-syzkaller #0 [ 72.445051][ T8452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.455204][ T8452] Call Trace: [ 72.458478][ T8452] dump_stack_lvl+0xcd/0x134 [ 72.463064][ T8452] print_address_description.constprop.0.cold+0x6c/0x309 [ 72.470094][ T8452] ? sk_psock_get+0x123/0x410 [ 72.474761][ T8452] ? sk_psock_get+0x123/0x410 [ 72.479423][ T8452] kasan_report.cold+0x83/0xdf [ 72.484179][ T8452] ? sk_psock_get+0x123/0x410 [ 72.488843][ T8452] kasan_check_range+0x13d/0x180 [ 72.493792][ T8452] sk_psock_get+0x123/0x410 [ 72.498299][ T8452] ? tls_encrypt_done+0x560/0x560 [ 72.503308][ T8452] ? lock_chain_count+0x20/0x20 [ 72.508142][ T8452] ? aa_profile_af_perm+0x2e0/0x2e0 [ 72.513326][ T8452] tls_sw_recvmsg+0x19e/0x1670 [ 72.518088][ T8452] ? __lock_acquire+0x162f/0x54a0 [ 72.523116][ T8452] ? decrypt_skb+0xc0/0xc0 [ 72.527536][ T8452] ? aa_sk_perm+0x311/0xab0 [ 72.532034][ T8452] inet_recvmsg+0x11b/0x5e0 [ 72.536540][ T8452] ? inet_sendpage+0x140/0x140 [ 72.541293][ T8452] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.547608][ T8452] ? security_socket_recvmsg+0x8f/0xc0 [ 72.553067][ T8452] ? inet_sendpage+0x140/0x140 [ 72.557821][ T8452] ____sys_recvmsg+0x2c4/0x600 [ 72.562598][ T8452] ? move_addr_to_kernel.part.0+0x110/0x110 [ 72.568476][ T8452] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.574700][ T8452] ? __import_iovec+0x2b5/0x580 [ 72.579546][ T8452] ? import_iovec+0x10c/0x150 [ 72.584234][ T8452] ___sys_recvmsg+0x127/0x200 [ 72.588917][ T8452] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 72.594557][ T8452] ? mark_lock+0xef/0x17b0 [ 72.598963][ T8452] ? lock_downgrade+0x6e0/0x6e0 [ 72.603798][ T8452] ? lock_chain_count+0x20/0x20 [ 72.608636][ T8452] ? __local_bh_enable_ip+0xa0/0x120 [ 72.613915][ T8452] ? lockdep_hardirqs_on+0x79/0x100 [ 72.619120][ T8452] ? kcm_ioctl+0xee6/0x1180 [ 72.623609][ T8452] ? __local_bh_enable_ip+0xa0/0x120 [ 72.628892][ T8452] ? kcm_ioctl+0xb5/0x1180 [ 72.633320][ T8452] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 72.639553][ T8452] ? __fget_light+0x215/0x280 [ 72.644224][ T8452] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 72.650542][ T8452] do_recvmmsg+0x24d/0x6d0 [ 72.654950][ T8452] ? ___sys_recvmsg+0x200/0x200 [ 72.659798][ T8452] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.665787][ T8452] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 72.671768][ T8452] ? __context_tracking_exit+0xb8/0xe0 [ 72.677229][ T8452] ? lock_downgrade+0x6e0/0x6e0 [ 72.682066][ T8452] ? lock_downgrade+0x6e0/0x6e0 [ 72.686905][ T8452] __x64_sys_recvmmsg+0x20b/0x260 [ 72.691924][ T8452] ? __do_sys_socketcall+0x590/0x590 [ 72.697198][ T8452] ? syscall_enter_from_user_mode+0x21/0x70 [ 72.703082][ T8452] do_syscall_64+0x35/0xb0 [ 72.707484][ T8452] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.713365][ T8452] RIP: 0033:0x43f4f9 [ 72.717245][ T8452] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 72.736834][ T8452] RSP: 002b:00007ffd2e991cd8 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 72.745232][ T8452] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f4f9 [ 72.753184][ T8452] RDX: 000000000000000a RSI: 00000000200030c0 RDI: 0000000000000005 [ 72.761234][ T8452] RBP: 00000000004034e0 R08: 0000000000000000 R09: 0000000000400488 [ 72.769194][ T8452] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000403570 [ 72.777151][ T8452] R13: 0000000000000000 R14: 00000000004ad018 R15: 0000000000400488 [ 72.785154][ T8452] [ 72.787462][ T8452] Allocated by task 8452: [ 72.791775][ T8452] kasan_save_stack+0x1b/0x40 [ 72.796447][ T8452] __kasan_slab_alloc+0x84/0xa0 [ 72.801301][ T8452] kmem_cache_alloc+0x285/0x4a0 [ 72.806136][ T8452] kcm_ioctl+0x7f1/0x1180 [ 72.810457][ T8452] sock_do_ioctl+0xcb/0x2d0 [ 72.814942][ T8452] sock_ioctl+0x477/0x6a0 [ 72.819253][ T8452] __x64_sys_ioctl+0x193/0x200 [ 72.823999][ T8452] do_syscall_64+0x35/0xb0 [ 72.828405][ T8452] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.834287][ T8452] [ 72.836590][ T8452] Last potentially related work creation: [ 72.842284][ T8452] kasan_save_stack+0x1b/0x40 [ 72.846951][ T8452] kasan_record_aux_stack+0xe5/0x110 [ 72.852223][ T8452] insert_work+0x48/0x370 [ 72.856539][ T8452] __queue_work+0x5c1/0xed0 [ 72.861028][ T8452] queue_work_on+0xee/0x110 [ 72.865524][ T8452] kcm_ioctl+0xede/0x1180 [ 72.869852][ T8452] sock_do_ioctl+0xcb/0x2d0 [ 72.874334][ T8452] sock_ioctl+0x477/0x6a0 [ 72.878644][ T8452] __x64_sys_ioctl+0x193/0x200 [ 72.883389][ T8452] do_syscall_64+0x35/0xb0 [ 72.887865][ T8452] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 72.893788][ T8452] [ 72.896107][ T8452] The buggy address belongs to the object at ffff888011d9c000 [ 72.896107][ T8452] which belongs to the cache kcm_psock_cache of size 568 [ 72.910486][ T8452] The buggy address is located 128 bytes to the right of [ 72.910486][ T8452] 568-byte region [ffff888011d9c000, ffff888011d9c238) [ 72.924279][ T8452] The buggy address belongs to the page: [ 72.929887][ T8452] page:ffffea0000476700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d9c [ 72.940040][ T8452] head:ffffea0000476700 order:2 compound_mapcount:0 compound_pincount:0 [ 72.948352][ T8452] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 72.956327][ T8452] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff8881478543c0 [ 72.964898][ T8452] raw: 0000000000000000 0000000080170017 00000001ffffffff 0000000000000000 [ 72.973473][ T8452] page dumped because: kasan: bad access detected [ 72.980122][ T8452] page_owner tracks the page as allocated [ 72.985817][ T8452] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8452, ts 72409999814, free_ts 72272935271 [ 73.005162][ T8452] get_page_from_freelist+0xa72/0x2f80 [ 73.010615][ T8452] __alloc_pages+0x1b2/0x500 [ 73.015281][ T8452] alloc_pages+0x18c/0x2a0 [ 73.019703][ T8452] allocate_slab+0x32e/0x4b0 [ 73.024276][ T8452] ___slab_alloc+0x4ba/0x820 [ 73.028850][ T8452] __slab_alloc.constprop.0+0xa7/0xf0 [ 73.034221][ T8452] kmem_cache_alloc+0x3e1/0x4a0 [ 73.039063][ T8452] kcm_ioctl+0x7f1/0x1180 [ 73.043380][ T8452] sock_do_ioctl+0xcb/0x2d0 [ 73.047866][ T8452] sock_ioctl+0x477/0x6a0 [ 73.052192][ T8452] __x64_sys_ioctl+0x193/0x200 [ 73.056952][ T8452] do_syscall_64+0x35/0xb0 [ 73.061351][ T8452] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.067228][ T8452] page last free stack trace: [ 73.071876][ T8452] free_pcp_prepare+0x2c5/0x780 [ 73.076711][ T8452] free_unref_page+0x19/0x690 [ 73.081372][ T8452] __put_page+0xf9/0x3f0 [ 73.085610][ T8452] skb_release_data+0x49d/0x790 [ 73.090442][ T8452] consume_skb+0xc2/0x160 [ 73.094842][ T8452] unix_stream_read_generic+0x15a2/0x19e0 [ 73.100559][ T8452] unix_stream_recvmsg+0xb1/0xf0 [ 73.105490][ T8452] sock_read_iter+0x33c/0x470 [ 73.110173][ T8452] new_sync_read+0x5b7/0x6e0 [ 73.114760][ T8452] vfs_read+0x35c/0x570 [ 73.118914][ T8452] ksys_read+0x1ee/0x250 [ 73.123158][ T8452] do_syscall_64+0x35/0xb0 [ 73.127604][ T8452] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.133497][ T8452] [ 73.135808][ T8452] Memory state around the buggy address: [ 73.141414][ T8452] ffff888011d9c180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 73.149482][ T8452] ffff888011d9c200: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 73.157534][ T8452] >ffff888011d9c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.165577][ T8452] ^ [ 73.171462][ T8452] ffff888011d9c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.179507][ T8452] ffff888011d9c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.187545][ T8452] ================================================================== [ 73.195580][ T8452] Disabling lock debugging due to kernel taint [ 73.203960][ T8452] Kernel panic - not syncing: panic_on_warn set ... [ 73.210553][ T8452] CPU: 0 PID: 8452 Comm: syz-executor654 Tainted: G B 5.14.0-rc6-syzkaller #0 [ 73.220786][ T8452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.230831][ T8452] Call Trace: [ 73.234109][ T8452] dump_stack_lvl+0xcd/0x134 [ 73.238717][ T8452] panic+0x306/0x73d [ 73.242610][ T8452] ? __warn_printk+0xf3/0xf3 [ 73.247196][ T8452] ? preempt_schedule_common+0x59/0xc0 [ 73.252667][ T8452] ? sk_psock_get+0x123/0x410 [ 73.257350][ T8452] ? preempt_schedule_thunk+0x16/0x18 [ 73.262732][ T8452] ? trace_hardirqs_on+0x38/0x1c0 [ 73.267762][ T8452] ? trace_hardirqs_on+0x51/0x1c0 [ 73.272801][ T8452] ? sk_psock_get+0x123/0x410 [ 73.277474][ T8452] ? sk_psock_get+0x123/0x410 [ 73.282145][ T8452] end_report.cold+0x5a/0x5a [ 73.286755][ T8452] kasan_report.cold+0x71/0xdf [ 73.291523][ T8452] ? sk_psock_get+0x123/0x410 [ 73.296209][ T8452] kasan_check_range+0x13d/0x180 [ 73.301152][ T8452] sk_psock_get+0x123/0x410 [ 73.305649][ T8452] ? tls_encrypt_done+0x560/0x560 [ 73.310682][ T8452] ? lock_chain_count+0x20/0x20 [ 73.315524][ T8452] ? aa_profile_af_perm+0x2e0/0x2e0 [ 73.320718][ T8452] tls_sw_recvmsg+0x19e/0x1670 [ 73.325482][ T8452] ? __lock_acquire+0x162f/0x54a0 [ 73.330506][ T8452] ? decrypt_skb+0xc0/0xc0 [ 73.334929][ T8452] ? aa_sk_perm+0x311/0xab0 [ 73.339428][ T8452] inet_recvmsg+0x11b/0x5e0 [ 73.343928][ T8452] ? inet_sendpage+0x140/0x140 [ 73.348687][ T8452] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.354922][ T8452] ? security_socket_recvmsg+0x8f/0xc0 [ 73.360381][ T8452] ? inet_sendpage+0x140/0x140 [ 73.365156][ T8452] ____sys_recvmsg+0x2c4/0x600 [ 73.370006][ T8452] ? move_addr_to_kernel.part.0+0x110/0x110 [ 73.375896][ T8452] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.382159][ T8452] ? __import_iovec+0x2b5/0x580 [ 73.387011][ T8452] ? import_iovec+0x10c/0x150 [ 73.391688][ T8452] ___sys_recvmsg+0x127/0x200 [ 73.396359][ T8452] ? __copy_msghdr_from_user+0x4b0/0x4b0 [ 73.401985][ T8452] ? mark_lock+0xef/0x17b0 [ 73.406408][ T8452] ? lock_downgrade+0x6e0/0x6e0 [ 73.411340][ T8452] ? lock_chain_count+0x20/0x20 [ 73.416180][ T8452] ? __local_bh_enable_ip+0xa0/0x120 [ 73.421466][ T8452] ? lockdep_hardirqs_on+0x79/0x100 [ 73.426676][ T8452] ? kcm_ioctl+0xee6/0x1180 [ 73.431176][ T8452] ? __local_bh_enable_ip+0xa0/0x120 [ 73.436462][ T8452] ? kcm_ioctl+0xb5/0x1180 [ 73.440876][ T8452] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 73.447203][ T8452] ? __fget_light+0x215/0x280 [ 73.451892][ T8452] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 73.458237][ T8452] do_recvmmsg+0x24d/0x6d0 [ 73.462649][ T8452] ? ___sys_recvmsg+0x200/0x200 [ 73.467493][ T8452] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 73.473470][ T8452] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 73.479450][ T8452] ? __context_tracking_exit+0xb8/0xe0 [ 73.484909][ T8452] ? lock_downgrade+0x6e0/0x6e0 [ 73.489755][ T8452] ? lock_downgrade+0x6e0/0x6e0 [ 73.494600][ T8452] __x64_sys_recvmmsg+0x20b/0x260 [ 73.499623][ T8452] ? __do_sys_socketcall+0x590/0x590 [ 73.504913][ T8452] ? syscall_enter_from_user_mode+0x21/0x70 [ 73.510823][ T8452] do_syscall_64+0x35/0xb0 [ 73.515235][ T8452] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 73.521556][ T8452] RIP: 0033:0x43f4f9 [ 73.525453][ T8452] Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 73.545235][ T8452] RSP: 002b:00007ffd2e991cd8 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 73.553642][ T8452] RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f4f9 [ 73.561616][ T8452] RDX: 000000000000000a RSI: 00000000200030c0 RDI: 0000000000000005 [ 73.569575][ T8452] RBP: 00000000004034e0 R08: 0000000000000000 R09: 0000000000400488 [ 73.577536][ T8452] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000403570 [ 73.585588][ T8452] R13: 0000000000000000 R14: 00000000004ad018 R15: 0000000000400488 [ 73.595017][ T8452] Kernel Offset: disabled [ 73.599330][ T8452] Rebooting in 86400 seconds..