Warning: Permanently added '10.128.0.3' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   96.939746][T10287] IPVS: ftp: loaded support on port[0] = 21
[   96.971483][T10287] ==================================================================
[   96.980425][T10287] BUG: KASAN: slab-out-of-bounds in __nla_put_nohdr+0x46/0x50
[   96.988063][T10287] Read of size 12 at addr ffff88809a4fac80 by task syz-executor220/10287
[   96.997070][T10287] 
[   96.999490][T10287] CPU: 0 PID: 10287 Comm: syz-executor220 Not tainted 5.5.0-rc6-syzkaller #0
[   97.009060][T10287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   97.019977][T10287] Call Trace:
[   97.023716][T10287]  dump_stack+0x197/0x210
[   97.028665][T10287]  ? __nla_put_nohdr+0x46/0x50
[   97.033737][T10287]  print_address_description.constprop.0.cold+0xd4/0x30b
[   97.041070][T10287]  ? __nla_put_nohdr+0x46/0x50
[   97.046093][T10287]  ? __nla_put_nohdr+0x46/0x50
[   97.051054][T10287]  __kasan_report.cold+0x1b/0x41
[   97.056529][T10287]  ? __nla_put_nohdr+0x46/0x50
[   97.061422][T10287]  kasan_report+0x12/0x20
[   97.065905][T10287]  check_memory_region+0x134/0x1a0
[   97.071792][T10287]  memcpy+0x24/0x50
[   97.075698][T10287]  __nla_put_nohdr+0x46/0x50
[   97.080417][T10287]  nla_put_nohdr+0xf9/0x140
[   97.085409][T10287]  tcf_em_tree_dump+0x67e/0x960
[   97.090447][T10287]  ? tcf_em_lookup+0x150/0x150
[   97.095688][T10287]  ? __nla_put_64bit+0x37/0x40
[   97.100604][T10287]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   97.107533][T10287]  ? tcf_exts_dump+0xa2/0x5a0
[   97.112393][T10287]  basic_dump+0x379/0x690
[   97.117357][T10287]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   97.123440][T10287]  ? basic_bind_class+0xb0/0xb0
[   97.128547][T10287]  ? memcpy+0x46/0x50
[   97.132877][T10287]  ? nla_put+0x110/0x150
[   97.137567][T10287]  ? basic_bind_class+0xb0/0xb0
[   97.142673][T10287]  tcf_fill_node+0x58b/0x970
[   97.147532][T10287]  ? tcf_get_next_chain+0x50/0x50
[   97.152836][T10287]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[   97.158563][T10287]  ? basic_init+0x1f0/0x1f0
[   97.163629][T10287]  tfilter_notify+0x134/0x290
[   97.168644][T10287]  tc_new_tfilter+0xc18/0x2590
[   97.173698][T10287]  ? basic_init+0x1f0/0x1f0
[   97.178421][T10287]  ? tc_del_tfilter+0x1560/0x1560
[   97.183625][T10287]  ? __kasan_check_read+0x11/0x20
[   97.189636][T10287]  ? __lock_acquire+0x8a0/0x4a00
[   97.194777][T10287]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   97.201549][T10287]  ? rtnetlink_rcv_msg+0x7e3/0xaf0
[   97.207036][T10287]  ? find_held_lock+0x35/0x130
[   97.212503][T10287]  ? rcu_read_lock_held_common+0x130/0x130
[   97.218519][T10287]  ? tc_del_tfilter+0x1560/0x1560
[   97.223724][T10287]  ? __kasan_check_read+0x11/0x20
[   97.228942][T10287]  ? tc_del_tfilter+0x1560/0x1560
[   97.234363][T10287]  rtnetlink_rcv_msg+0x824/0xaf0
[   97.239624][T10287]  ? rtnl_bridge_getlink+0x910/0x910
[   97.245165][T10287]  ? lock_downgrade+0x920/0x920
[   97.250368][T10287]  ? netlink_deliver_tap+0x228/0xbf0
[   97.255763][T10287]  ? find_held_lock+0x35/0x130
[   97.260631][T10287]  netlink_rcv_skb+0x177/0x450
[   97.265598][T10287]  ? rtnl_bridge_getlink+0x910/0x910
[   97.271368][T10287]  ? netlink_ack+0xb50/0xb50
[   97.276219][T10287]  ? __kasan_check_read+0x11/0x20
[   97.281792][T10287]  ? netlink_deliver_tap+0x24a/0xbf0
[   97.287500][T10287]  rtnetlink_rcv+0x1d/0x30
[   97.292339][T10287]  netlink_unicast+0x59e/0x7e0
[   97.297693][T10287]  ? netlink_attachskb+0x870/0x870
[   97.303195][T10287]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   97.309274][T10287]  ? __check_object_size+0x3d/0x437
[   97.314945][T10287]  netlink_sendmsg+0x91c/0xea0
[   97.320918][T10287]  ? netlink_unicast+0x7e0/0x7e0
[   97.325861][T10287]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   97.331911][T10287]  ? apparmor_socket_sendmsg+0x2a/0x30
[   97.337591][T10287]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   97.344133][T10287]  ? security_socket_sendmsg+0x8d/0xc0
[   97.349932][T10287]  ? netlink_unicast+0x7e0/0x7e0
[   97.354931][T10287]  sock_sendmsg+0xd7/0x130
[   97.359545][T10287]  ____sys_sendmsg+0x753/0x880
[   97.364639][T10287]  ? kernel_sendmsg+0x50/0x50
[   97.369328][T10287]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   97.375373][T10287]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   97.381483][T10287]  ? __lock_acquire+0x16f2/0x4a00
[   97.386979][T10287]  ___sys_sendmsg+0x100/0x170
[   97.391835][T10287]  ? sendmsg_copy_msghdr+0x70/0x70
[   97.397410][T10287]  ? lock_downgrade+0x920/0x920
[   97.402913][T10287]  ? __kasan_check_read+0x11/0x20
[   97.408133][T10287]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   97.416148][T10287]  ? __fget_light+0x1a9/0x230
[   97.421774][T10287]  ? __fdget+0x1b/0x20
[   97.426078][T10287]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   97.432629][T10287]  __sys_sendmsg+0x105/0x1d0
[   97.437420][T10287]  ? __sys_sendmsg_sock+0xc0/0xc0
[   97.442632][T10287]  ? down_read_non_owner+0x490/0x490
[   97.448537][T10287]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   97.454398][T10287]  ? do_syscall_64+0x26/0x790
[   97.459292][T10287]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   97.465809][T10287]  ? do_syscall_64+0x26/0x790
[   97.470724][T10287]  __x64_sys_sendmsg+0x78/0xb0
[   97.475769][T10287]  do_syscall_64+0xfa/0x790
[   97.480413][T10287]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   97.486573][T10287] RIP: 0033:0x440dd9
[   97.491809][T10287] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   97.513182][T10287] RSP: 002b:00007ffd3d4cf868 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   97.522277][T10287] RAX: ffffffffffffffda RBX: 00000000004a25b0 RCX: 0000000000440dd9
[   97.530302][T10287] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[   97.538614][T10287] RBP: 00000000006cc018 R08: 0000000120080522 R09: 0000000120080522
[   97.546596][T10287] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004022e0
[   97.555014][T10287] R13: 0000000000402370 R14: 0000000000000000 R15: 0000000000000000
[   97.564009][T10287] 
[   97.566468][T10287] Allocated by task 10287:
[   97.571311][T10287]  save_stack+0x23/0x90
[   97.575763][T10287]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   97.581495][T10287]  kasan_kmalloc+0x9/0x10
[   97.586092][T10287]  __kmalloc_track_caller+0x15f/0x760
[   97.591571][T10287]  kmemdup+0x27/0x60
[   97.595493][T10287]  em_nbyte_change+0xd6/0x150
[   97.600271][T10287]  tcf_em_tree_validate+0x9b5/0xf3c
[   97.605797][T10287]  basic_change+0x513/0x14a0
[   97.610551][T10287]  tc_new_tfilter+0xbbd/0x2590
[   97.615769][T10287]  rtnetlink_rcv_msg+0x824/0xaf0
[   97.620855][T10287]  netlink_rcv_skb+0x177/0x450
[   97.625852][T10287]  rtnetlink_rcv+0x1d/0x30
[   97.630550][T10287]  netlink_unicast+0x59e/0x7e0
[   97.635460][T10287]  netlink_sendmsg+0x91c/0xea0
[   97.640889][T10287]  sock_sendmsg+0xd7/0x130
[   97.645321][T10287]  ____sys_sendmsg+0x753/0x880
[   97.650553][T10287]  ___sys_sendmsg+0x100/0x170
[   97.655720][T10287]  __sys_sendmsg+0x105/0x1d0
[   97.660564][T10287]  __x64_sys_sendmsg+0x78/0xb0
[   97.665366][T10287]  do_syscall_64+0xfa/0x790
[   97.669879][T10287]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   97.675830][T10287] 
[   97.678363][T10287] Freed by task 10031:
[   97.683259][T10287]  save_stack+0x23/0x90
[   97.687584][T10287]  __kasan_slab_free+0x102/0x150
[   97.692716][T10287]  kasan_slab_free+0xe/0x10
[   97.697442][T10287]  kfree+0x10a/0x2c0
[   97.701629][T10287]  tomoyo_init_log+0x15a9/0x2070
[   97.706569][T10287]  tomoyo_supervisor+0x33f/0xef0
[   97.711647][T10287]  tomoyo_execute_permission+0x391/0x4a0
[   97.717628][T10287]  tomoyo_find_next_domain+0x348/0x1f6c
[   97.723587][T10287]  tomoyo_bprm_check_security+0x124/0x1a0
[   97.730003][T10287]  security_bprm_check+0x63/0xb0
[   97.735178][T10287]  search_binary_handler+0x71/0x570
[   97.740806][T10287]  __do_execve_file.isra.0+0x1329/0x22b0
[   97.746855][T10287]  __x64_sys_execve+0x8f/0xc0
[   97.751812][T10287]  do_syscall_64+0xfa/0x790
[   97.756460][T10287]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   97.762338][T10287] 
[   97.764744][T10287] The buggy address belongs to the object at ffff88809a4fac80
[   97.764744][T10287]  which belongs to the cache kmalloc-32 of size 32
[   97.779352][T10287] The buggy address is located 0 bytes inside of
[   97.779352][T10287]  32-byte region [ffff88809a4fac80, ffff88809a4faca0)
[   97.794335][T10287] The buggy address belongs to the page:
[   97.801145][T10287] page:ffffea0002693e80 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff88809a4fafc1
[   97.812056][T10287] raw: 00fffe0000000200 ffffea00026bc688 ffffea00026a7588 ffff8880aa4001c0
[   97.821058][T10287] raw: ffff88809a4fafc1 ffff88809a4fa000 0000000100000019 0000000000000000
[   97.830540][T10287] page dumped because: kasan: bad access detected
[   97.837423][T10287] 
[   97.839748][T10287] Memory state around the buggy address:
[   97.846607][T10287]  ffff88809a4fab80: 00 00 00 fc fc fc fc fc fb fb fb fb fc fc fc fc
[   97.856594][T10287]  ffff88809a4fac00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   97.865769][T10287] >ffff88809a4fac80: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[   97.875612][T10287]                    ^
[   97.880690][T10287]  ffff88809a4fad00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   97.889863][T10287]  ffff88809a4fad80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   97.898810][T10287] ==================================================================
[   97.908649][T10287] Disabling lock debugging due to kernel taint
[   97.919379][T10287] Kernel panic - not syncing: panic_on_warn set ...
[   97.928738][T10287] CPU: 0 PID: 10287 Comm: syz-executor220 Tainted: G    B             5.5.0-rc6-syzkaller #0
[   97.940550][T10287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   97.951610][T10287] Call Trace:
[   97.955411][T10287]  dump_stack+0x197/0x210
[   97.960088][T10287]  panic+0x2e3/0x75c
[   97.964580][T10287]  ? add_taint.cold+0x16/0x16
[   97.970052][T10287]  ? __nla_put_nohdr+0x46/0x50
[   97.975405][T10287]  ? preempt_schedule+0x4b/0x60
[   97.980717][T10287]  ? ___preempt_schedule+0x16/0x18
[   97.986456][T10287]  ? trace_hardirqs_on+0x5e/0x240
[   97.992706][T10287]  ? __nla_put_nohdr+0x46/0x50
[   97.998510][T10287]  end_report+0x47/0x4f
[   98.002923][T10287]  ? __nla_put_nohdr+0x46/0x50
[   98.008481][T10287]  __kasan_report.cold+0xe/0x41
[   98.013574][T10287]  ? __nla_put_nohdr+0x46/0x50
[   98.018668][T10287]  kasan_report+0x12/0x20
[   98.023724][T10287]  check_memory_region+0x134/0x1a0
[   98.029488][T10287]  memcpy+0x24/0x50
[   98.033553][T10287]  __nla_put_nohdr+0x46/0x50
[   98.039036][T10287]  nla_put_nohdr+0xf9/0x140
[   98.043570][T10287]  tcf_em_tree_dump+0x67e/0x960
[   98.049389][T10287]  ? tcf_em_lookup+0x150/0x150
[   98.054812][T10287]  ? __nla_put_64bit+0x37/0x40
[   98.060109][T10287]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.066485][T10287]  ? tcf_exts_dump+0xa2/0x5a0
[   98.071831][T10287]  basic_dump+0x379/0x690
[   98.076544][T10287]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   98.083903][T10287]  ? basic_bind_class+0xb0/0xb0
[   98.089251][T10287]  ? memcpy+0x46/0x50
[   98.093915][T10287]  ? nla_put+0x110/0x150
[   98.098687][T10287]  ? basic_bind_class+0xb0/0xb0
[   98.103898][T10287]  tcf_fill_node+0x58b/0x970
[   98.108790][T10287]  ? tcf_get_next_chain+0x50/0x50
[   98.114037][T10287]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[   98.120130][T10287]  ? basic_init+0x1f0/0x1f0
[   98.124771][T10287]  tfilter_notify+0x134/0x290
[   98.129748][T10287]  tc_new_tfilter+0xc18/0x2590
[   98.135440][T10287]  ? basic_init+0x1f0/0x1f0
[   98.139989][T10287]  ? tc_del_tfilter+0x1560/0x1560
[   98.145796][T10287]  ? __kasan_check_read+0x11/0x20
[   98.151343][T10287]  ? __lock_acquire+0x8a0/0x4a00
[   98.156738][T10287]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.164434][T10287]  ? rtnetlink_rcv_msg+0x7e3/0xaf0
[   98.169969][T10287]  ? find_held_lock+0x35/0x130
[   98.175304][T10287]  ? rcu_read_lock_held_common+0x130/0x130
[   98.183605][T10287]  ? tc_del_tfilter+0x1560/0x1560
[   98.189985][T10287]  ? __kasan_check_read+0x11/0x20
[   98.195795][T10287]  ? tc_del_tfilter+0x1560/0x1560
[   98.201036][T10287]  rtnetlink_rcv_msg+0x824/0xaf0
[   98.206341][T10287]  ? rtnl_bridge_getlink+0x910/0x910
[   98.212270][T10287]  ? lock_downgrade+0x920/0x920
[   98.218468][T10287]  ? netlink_deliver_tap+0x228/0xbf0
[   98.224187][T10287]  ? find_held_lock+0x35/0x130
[   98.229168][T10287]  netlink_rcv_skb+0x177/0x450
[   98.234371][T10287]  ? rtnl_bridge_getlink+0x910/0x910
[   98.240199][T10287]  ? netlink_ack+0xb50/0xb50
[   98.245392][T10287]  ? __kasan_check_read+0x11/0x20
[   98.250744][T10287]  ? netlink_deliver_tap+0x24a/0xbf0
[   98.256259][T10287]  rtnetlink_rcv+0x1d/0x30
[   98.261176][T10287]  netlink_unicast+0x59e/0x7e0
[   98.267303][T10287]  ? netlink_attachskb+0x870/0x870
[   98.273577][T10287]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   98.279820][T10287]  ? __check_object_size+0x3d/0x437
[   98.285907][T10287]  netlink_sendmsg+0x91c/0xea0
[   98.291309][T10287]  ? netlink_unicast+0x7e0/0x7e0
[   98.298042][T10287]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   98.305166][T10287]  ? apparmor_socket_sendmsg+0x2a/0x30
[   98.311676][T10287]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.318487][T10287]  ? security_socket_sendmsg+0x8d/0xc0
[   98.325168][T10287]  ? netlink_unicast+0x7e0/0x7e0
[   98.331670][T10287]  sock_sendmsg+0xd7/0x130
[   98.337722][T10287]  ____sys_sendmsg+0x753/0x880
[   98.343299][T10287]  ? kernel_sendmsg+0x50/0x50
[   98.348763][T10287]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   98.356526][T10287]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   98.364123][T10287]  ? __lock_acquire+0x16f2/0x4a00
[   98.370427][T10287]  ___sys_sendmsg+0x100/0x170
[   98.375453][T10287]  ? sendmsg_copy_msghdr+0x70/0x70
[   98.380902][T10287]  ? lock_downgrade+0x920/0x920
[   98.386465][T10287]  ? __kasan_check_read+0x11/0x20
[   98.391834][T10287]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   98.401428][T10287]  ? __fget_light+0x1a9/0x230
[   98.407324][T10287]  ? __fdget+0x1b/0x20
[   98.412130][T10287]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   98.419047][T10287]  __sys_sendmsg+0x105/0x1d0
[   98.423734][T10287]  ? __sys_sendmsg_sock+0xc0/0xc0
[   98.430130][T10287]  ? down_read_non_owner+0x490/0x490
[   98.435863][T10287]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   98.442199][T10287]  ? do_syscall_64+0x26/0x790
[   98.447274][T10287]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   98.454046][T10287]  ? do_syscall_64+0x26/0x790
[   98.459321][T10287]  __x64_sys_sendmsg+0x78/0xb0
[   98.464684][T10287]  do_syscall_64+0xfa/0x790
[   98.469776][T10287]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   98.476860][T10287] RIP: 0033:0x440dd9
[   98.480793][T10287] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   98.502812][T10287] RSP: 002b:00007ffd3d4cf868 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   98.512770][T10287] RAX: ffffffffffffffda RBX: 00000000004a25b0 RCX: 0000000000440dd9
[   98.522298][T10287] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[   98.531169][T10287] RBP: 00000000006cc018 R08: 0000000120080522 R09: 0000000120080522
[   98.540611][T10287] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004022e0
[   98.549280][T10287] R13: 0000000000402370 R14: 0000000000000000 R15: 0000000000000000
[   98.560287][T10287] Kernel Offset: disabled
[   98.564829][T10287] Rebooting in 86400 seconds..