Warning: Permanently added '10.128.1.12' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 79.824672][ T9778] IPVS: ftp: loaded support on port[0] = 21 [ 79.855979][ T9778] ================================================================== [ 79.864162][ T9778] BUG: KASAN: slab-out-of-bounds in tcindex_set_parms+0x17fd/0x1a00 [ 79.872139][ T9778] Write of size 16 at addr ffff8880a472a1b8 by task syz-executor714/9778 [ 79.880546][ T9778] [ 79.882873][ T9778] CPU: 0 PID: 9778 Comm: syz-executor714 Not tainted 5.6.0-rc3-next-20200228-syzkaller #0 [ 79.892750][ T9778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.902792][ T9778] Call Trace: [ 79.906117][ T9778] dump_stack+0x188/0x20d [ 79.910430][ T9778] ? tcindex_set_parms+0x17fd/0x1a00 [ 79.915710][ T9778] ? tcindex_set_parms+0x17fd/0x1a00 [ 79.920979][ T9778] print_address_description.constprop.0.cold+0xd3/0x315 [ 79.927981][ T9778] ? tcindex_set_parms+0x17fd/0x1a00 [ 79.933260][ T9778] ? tcindex_set_parms+0x17fd/0x1a00 [ 79.938532][ T9778] __kasan_report.cold+0x1a/0x32 [ 79.943458][ T9778] ? tcindex_set_parms+0x17fd/0x1a00 [ 79.948727][ T9778] kasan_report+0xe/0x20 [ 79.952950][ T9778] tcindex_set_parms+0x17fd/0x1a00 [ 79.958061][ T9778] ? tcindex_alloc_perfect_hash+0x320/0x320 [ 79.963953][ T9778] ? mark_held_locks+0xe0/0xe0 [ 79.968724][ T9778] ? nla_memcpy+0xa0/0xa0 [ 79.973094][ T9778] ? tcindex_change+0x203/0x2e0 [ 79.977955][ T9778] tcindex_change+0x203/0x2e0 [ 79.982630][ T9778] ? tcindex_set_parms+0x1a00/0x1a00 [ 79.987933][ T9778] tc_new_tfilter+0xa59/0x20b0 [ 79.992693][ T9778] ? tcindex_set_parms+0x1a00/0x1a00 [ 79.997968][ T9778] ? is_bpf_image_address+0x1cb/0x280 [ 80.003322][ T9778] ? tc_del_tfilter+0x1430/0x1430 [ 80.008351][ T9778] ? apparmor_capable+0x49c/0x8a0 [ 80.013375][ T9778] ? mark_lock+0xbc/0x1220 [ 80.017795][ T9778] ? rcu_read_lock_held+0x9c/0xb0 [ 80.022835][ T9778] ? tc_del_tfilter+0x1430/0x1430 [ 80.027866][ T9778] rtnetlink_rcv_msg+0x810/0xad0 [ 80.032844][ T9778] ? rtnl_bridge_getlink+0x880/0x880 [ 80.038164][ T9778] ? mark_held_locks+0xe0/0xe0 [ 80.042924][ T9778] ? netlink_deliver_tap+0x146/0xb50 [ 80.048201][ T9778] netlink_rcv_skb+0x15a/0x410 [ 80.052965][ T9778] ? rtnl_bridge_getlink+0x880/0x880 [ 80.058235][ T9778] ? netlink_ack+0xa80/0xa80 [ 80.062818][ T9778] netlink_unicast+0x537/0x740 [ 80.067599][ T9778] ? netlink_attachskb+0x810/0x810 [ 80.072690][ T9778] ? _copy_from_iter_full+0x25c/0x870 [ 80.078059][ T9778] ? __phys_addr_symbol+0x2c/0x70 [ 80.083067][ T9778] ? __check_object_size+0x171/0x437 [ 80.088337][ T9778] netlink_sendmsg+0x882/0xe10 [ 80.093088][ T9778] ? aa_af_perm+0x260/0x260 [ 80.097576][ T9778] ? netlink_unicast+0x740/0x740 [ 80.105633][ T9778] ? netlink_unicast+0x740/0x740 [ 80.110556][ T9778] sock_sendmsg+0xcf/0x120 [ 80.114963][ T9778] ____sys_sendmsg+0x6b9/0x7d0 [ 80.119732][ T9778] ? kernel_sendmsg+0x50/0x50 [ 80.124415][ T9778] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 80.129947][ T9778] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 80.135920][ T9778] ___sys_sendmsg+0x100/0x170 [ 80.140586][ T9778] ? sendmsg_copy_msghdr+0x70/0x70 [ 80.145694][ T9778] ? lock_downgrade+0x7f0/0x7f0 [ 80.150703][ T9778] ? lock_acquire+0x197/0x420 [ 80.155360][ T9778] ? __might_fault+0xef/0x1d0 [ 80.160026][ T9778] ? __might_fault+0x190/0x1d0 [ 80.164783][ T9778] ? _copy_to_user+0x107/0x150 [ 80.169532][ T9778] ? move_addr_to_user+0xb3/0x200 [ 80.174549][ T9778] ? __fget_light+0x1a5/0x270 [ 80.179230][ T9778] __sys_sendmsg+0xec/0x1b0 [ 80.183718][ T9778] ? __sys_sendmsg_sock+0xb0/0xb0 [ 80.188735][ T9778] ? trace_hardirqs_off_caller+0x55/0x230 [ 80.194439][ T9778] ? do_syscall_64+0x21/0x790 [ 80.199102][ T9778] do_syscall_64+0xf6/0x790 [ 80.203606][ T9778] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 80.209479][ T9778] RIP: 0033:0x440e79 [ 80.213361][ T9778] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 80.232965][ T9778] RSP: 002b:00007ffdc9193c18 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 80.241528][ T9778] RAX: ffffffffffffffda RBX: 00000000004a2650 RCX: 0000000000440e79 [ 80.249488][ T9778] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 80.257446][ T9778] RBP: 00007ffdc9193c20 R08: 0000000120080522 R09: 0000000120080522 [ 80.265445][ T9778] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004a2650 [ 80.273407][ T9778] R13: 0000000000402410 R14: 0000000000000000 R15: 0000000000000000 [ 80.281421][ T9778] [ 80.283736][ T9778] Allocated by task 1: [ 80.287825][ T9778] save_stack+0x1b/0x40 [ 80.291971][ T9778] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 80.297586][ T9778] kmem_cache_alloc_node_trace+0x161/0x790 [ 80.303391][ T9778] init_cache_node+0x38/0x100 [ 80.308059][ T9778] setup_kmem_cache_node+0x67/0x3f0 [ 80.313244][ T9778] __do_tune_cpucache+0x161/0x210 [ 80.318257][ T9778] do_tune_cpucache+0x21/0xc0 [ 80.322920][ T9778] enable_cpucache+0x3a/0xd0 [ 80.327497][ T9778] __kmem_cache_create+0x1bc/0x250 [ 80.332593][ T9778] create_cache+0x108/0x1f0 [ 80.337089][ T9778] kmem_cache_create_usercopy+0x1ab/0x280 [ 80.342832][ T9778] kmem_cache_create+0xd/0x10 [ 80.347509][ T9778] dlm_memory_init+0x57/0x85 [ 80.352080][ T9778] init_dlm+0xc/0x102 [ 80.356042][ T9778] do_one_initcall+0x10a/0x7d0 [ 80.360786][ T9778] kernel_init_freeable+0x501/0x5ae [ 80.365973][ T9778] kernel_init+0xd/0x1bb [ 80.370206][ T9778] ret_from_fork+0x24/0x30 [ 80.374619][ T9778] [ 80.376927][ T9778] Freed by task 0: [ 80.380620][ T9778] (stack is not available) [ 80.385018][ T9778] [ 80.387327][ T9778] The buggy address belongs to the object at ffff8880a472a100 [ 80.387327][ T9778] which belongs to the cache kmalloc-192 of size 192 [ 80.401371][ T9778] The buggy address is located 184 bytes inside of [ 80.401371][ T9778] 192-byte region [ffff8880a472a100, ffff8880a472a1c0) [ 80.414622][ T9778] The buggy address belongs to the page: [ 80.420263][ T9778] page:ffffea000291ca80 refcount:1 mapcount:0 mapping:000000007269cf97 index:0x0 [ 80.429446][ T9778] flags: 0xfffe0000000200(slab) [ 80.434285][ T9778] raw: 00fffe0000000200 ffffea0002900c88 ffffea0002914148 ffff8880aa000000 [ 80.442860][ T9778] raw: 0000000000000000 ffff8880a472a000 0000000100000010 0000000000000000 [ 80.451430][ T9778] page dumped because: kasan: bad access detected [ 80.457821][ T9778] [ 80.460137][ T9778] Memory state around the buggy address: [ 80.465759][ T9778] ffff8880a472a080: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 80.473889][ T9778] ffff8880a472a100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 80.481928][ T9778] >ffff8880a472a180: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 80.489983][ T9778] ^ [ 80.496217][ T9778] ffff8880a472a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 80.504257][ T9778] ffff8880a472a280: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 80.512292][ T9778] ================================================================== [ 80.520332][ T9778] Disabling lock debugging due to kernel taint [ 80.526790][ T9778] Kernel panic - not syncing: panic_on_warn set ... [ 80.533387][ T9778] CPU: 0 PID: 9778 Comm: syz-executor714 Tainted: G B 5.6.0-rc3-next-20200228-syzkaller #0 [ 80.544662][ T9778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.554718][ T9778] Call Trace: [ 80.557994][ T9778] dump_stack+0x188/0x20d [ 80.562313][ T9778] panic+0x2e3/0x75c [ 80.566188][ T9778] ? add_taint.cold+0x16/0x16 [ 80.570845][ T9778] ? preempt_schedule_common+0x5e/0xc0 [ 80.576311][ T9778] ? tcindex_set_parms+0x17fd/0x1a00 [ 80.581589][ T9778] ? ___preempt_schedule+0x16/0x18 [ 80.586682][ T9778] ? trace_hardirqs_on+0x55/0x220 [ 80.591688][ T9778] ? tcindex_set_parms+0x17fd/0x1a00 [ 80.596981][ T9778] end_report+0x43/0x49 [ 80.601130][ T9778] ? tcindex_set_parms+0x17fd/0x1a00 [ 80.606418][ T9778] __kasan_report.cold+0xd/0x32 [ 80.611337][ T9778] ? tcindex_set_parms+0x17fd/0x1a00 [ 80.616693][ T9778] kasan_report+0xe/0x20 [ 80.620914][ T9778] tcindex_set_parms+0x17fd/0x1a00 [ 80.626008][ T9778] ? tcindex_alloc_perfect_hash+0x320/0x320 [ 80.631885][ T9778] ? mark_held_locks+0xe0/0xe0 [ 80.636637][ T9778] ? nla_memcpy+0xa0/0xa0 [ 80.640946][ T9778] ? tcindex_change+0x203/0x2e0 [ 80.645784][ T9778] tcindex_change+0x203/0x2e0 [ 80.650441][ T9778] ? tcindex_set_parms+0x1a00/0x1a00 [ 80.655733][ T9778] tc_new_tfilter+0xa59/0x20b0 [ 80.660480][ T9778] ? tcindex_set_parms+0x1a00/0x1a00 [ 80.665846][ T9778] ? is_bpf_image_address+0x1cb/0x280 [ 80.671198][ T9778] ? tc_del_tfilter+0x1430/0x1430 [ 80.676208][ T9778] ? apparmor_capable+0x49c/0x8a0 [ 80.681221][ T9778] ? mark_lock+0xbc/0x1220 [ 80.685622][ T9778] ? rcu_read_lock_held+0x9c/0xb0 [ 80.690626][ T9778] ? tc_del_tfilter+0x1430/0x1430 [ 80.695632][ T9778] rtnetlink_rcv_msg+0x810/0xad0 [ 80.700548][ T9778] ? rtnl_bridge_getlink+0x880/0x880 [ 80.705815][ T9778] ? mark_held_locks+0xe0/0xe0 [ 80.710554][ T9778] ? netlink_deliver_tap+0x146/0xb50 [ 80.715919][ T9778] netlink_rcv_skb+0x15a/0x410 [ 80.720661][ T9778] ? rtnl_bridge_getlink+0x880/0x880 [ 80.725925][ T9778] ? netlink_ack+0xa80/0xa80 [ 80.730507][ T9778] netlink_unicast+0x537/0x740 [ 80.735255][ T9778] ? netlink_attachskb+0x810/0x810 [ 80.740346][ T9778] ? _copy_from_iter_full+0x25c/0x870 [ 80.745711][ T9778] ? __phys_addr_symbol+0x2c/0x70 [ 80.750716][ T9778] ? __check_object_size+0x171/0x437 [ 80.755985][ T9778] netlink_sendmsg+0x882/0xe10 [ 80.760781][ T9778] ? aa_af_perm+0x260/0x260 [ 80.765285][ T9778] ? netlink_unicast+0x740/0x740 [ 80.770209][ T9778] ? netlink_unicast+0x740/0x740 [ 80.775129][ T9778] sock_sendmsg+0xcf/0x120 [ 80.779542][ T9778] ____sys_sendmsg+0x6b9/0x7d0 [ 80.784298][ T9778] ? kernel_sendmsg+0x50/0x50 [ 80.788967][ T9778] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 80.794503][ T9778] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 80.800474][ T9778] ___sys_sendmsg+0x100/0x170 [ 80.805176][ T9778] ? sendmsg_copy_msghdr+0x70/0x70 [ 80.810275][ T9778] ? lock_downgrade+0x7f0/0x7f0 [ 80.815105][ T9778] ? lock_acquire+0x197/0x420 [ 80.819772][ T9778] ? __might_fault+0xef/0x1d0 [ 80.824430][ T9778] ? __might_fault+0x190/0x1d0 [ 80.829174][ T9778] ? _copy_to_user+0x107/0x150 [ 80.834006][ T9778] ? move_addr_to_user+0xb3/0x200 [ 80.839009][ T9778] ? __fget_light+0x1a5/0x270 [ 80.843687][ T9778] __sys_sendmsg+0xec/0x1b0 [ 80.848175][ T9778] ? __sys_sendmsg_sock+0xb0/0xb0 [ 80.853188][ T9778] ? trace_hardirqs_off_caller+0x55/0x230 [ 80.858890][ T9778] ? do_syscall_64+0x21/0x790 [ 80.863559][ T9778] do_syscall_64+0xf6/0x790 [ 80.868044][ T9778] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 80.873912][ T9778] RIP: 0033:0x440e79 [ 80.877781][ T9778] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 80.897452][ T9778] RSP: 002b:00007ffdc9193c18 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 80.905842][ T9778] RAX: ffffffffffffffda RBX: 00000000004a2650 RCX: 0000000000440e79 [ 80.913791][ T9778] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 80.921737][ T9778] RBP: 00007ffdc9193c20 R08: 0000000120080522 R09: 0000000120080522 [ 80.929685][ T9778] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004a2650 [ 80.937632][ T9778] R13: 0000000000402410 R14: 0000000000000000 R15: 0000000000000000 [ 80.946711][ T9778] Kernel Offset: disabled [ 80.951119][ T9778] Rebooting in 86400 seconds..