================================================================== BUG: KASAN: wild-memory-access in skb_copy_bits+0x408/0x780 net/core/skbuff.c:2441 Read of size 2 at addr 6b30f42a6e2ee404 by task syz-executor.3/4870 CPU: 0 PID: 4870 Comm: syz-executor.3 Not tainted 6.0.0-rc4-syzkaller-00859-g9f8f1933dce5 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 kasan_report+0xb1/0x1e0 mm/kasan/report.c:495 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0x13d/0x180 mm/kasan/generic.c:189 memcpy+0x20/0x60 mm/kasan/shadow.c:65 skb_copy_bits+0x408/0x780 net/core/skbuff.c:2441 __skb_header_pointer include/linux/skbuff.h:3987 [inline] skb_header_pointer include/linux/skbuff.h:3996 [inline] ipv6_skip_exthdr+0x437/0x520 net/ipv6/exthdrs_core.c:85 ipv6_get_l4proto net/netfilter/nf_conntrack_core.c:394 [inline] get_l4proto+0x325/0x500 net/netfilter/nf_conntrack_core.c:417 nf_ct_get_tuplepr+0x8b/0x110 net/netfilter/nf_conntrack_core.c:433 nf_conntrack_inet_error+0x1a8/0x710 net/netfilter/nf_conntrack_proto_icmp.c:124 nf_conntrack_icmpv6_error+0x327/0x540 net/netfilter/nf_conntrack_proto_icmpv6.c:169 nf_conntrack_handle_icmp net/netfilter/nf_conntrack_core.c:1899 [inline] nf_conntrack_in.cold+0x123/0x17b net/netfilter/nf_conntrack_core.c:1994 nf_hook_entry_hookfn include/linux/netfilter.h:142 [inline] nf_hook_slow+0xc5/0x1f0 net/netfilter/core.c:614 nf_hook include/linux/netfilter.h:257 [inline] __ip6_local_out+0x3e3/0x880 net/ipv6/output_core.c:149 ip6_local_out+0x26/0x1a0 net/ipv6/output_core.c:159 ip6_send_skb+0xb7/0x340 net/ipv6/ip6_output.c:1966 ip6_push_pending_frames+0xdd/0x100 net/ipv6/ip6_output.c:1986 icmpv6_push_pending_frames+0x2af/0x490 net/ipv6/icmp.c:303 ping_v6_sendmsg+0xc44/0x1190 net/ipv6/ping.c:175 inet_sendmsg+0x99/0xe0 net/ipv4/af_inet.c:819 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:734 ____sys_sendmsg+0x6eb/0x810 net/socket.c:2482 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536 __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f2eac889279 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f2ead932168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f2eac99bf80 RCX: 00007f2eac889279 RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 RBP: 00007f2eac8e32e9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffdd409119f R14: 00007f2ead932300 R15: 0000000000022000 ==================================================================