Warning: Permanently added '10.128.0.48' (ECDSA) to the list of known hosts. executing program [ 60.850573] audit: type=1400 audit(1584252826.901:36): avc: denied { map } for pid=8198 comm="syz-executor803" path="/root/syz-executor803261605" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 60.875709] IPVS: ftp: loaded support on port[0] = 21 [ 60.909204] ================================================================== [ 60.916767] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x34ac/0x49c0 [ 60.923766] Read of size 8 at addr ffff8882160a56f0 by task syz-executor803/8199 [ 60.931279] [ 60.932892] CPU: 1 PID: 8199 Comm: syz-executor803 Not tainted 4.19.109-syzkaller #0 [ 60.940764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.950115] Call Trace: [ 60.952697] dump_stack+0x188/0x20d [ 60.956315] ? __lock_acquire+0x34ac/0x49c0 [ 60.960622] print_address_description.cold+0x7c/0x212 [ 60.965896] ? __lock_acquire+0x34ac/0x49c0 [ 60.970245] kasan_report.cold+0x88/0x2b9 [ 60.974383] __lock_acquire+0x34ac/0x49c0 [ 60.978540] ? unwind_next_frame+0xd01/0x18a0 [ 60.983021] ? __save_stack_trace+0x59/0xf0 [ 60.987326] ? noop_count+0x40/0x40 [ 60.990934] ? mark_held_locks+0xf0/0xf0 [ 60.994984] ? mark_held_locks+0xf0/0xf0 [ 60.999027] ? unwind_next_frame+0xd01/0x18a0 [ 61.003515] ? __bfs+0x24/0x570 [ 61.006783] ? noop_count+0x40/0x40 [ 61.010402] ? check_preemption_disabled+0x41/0x280 [ 61.015411] ? check_usage_forwards+0x340/0x340 [ 61.020080] ? check_usage_backwards+0x115/0x340 [ 61.024866] ? kernel_text_address+0x6e/0xe0 [ 61.029312] ? print_shortest_lock_dependencies+0x80/0x80 [ 61.034837] ? unwind_get_return_address+0x5a/0xa0 [ 61.039750] ? xt_find_match+0xa1/0x270 [ 61.043705] lock_acquire+0x170/0x400 [ 61.047491] ? xt_find_match+0xa1/0x270 [ 61.051464] ? xt_find_match+0xa1/0x270 [ 61.055426] __mutex_lock+0xf7/0x1300 [ 61.059225] ? xt_find_match+0xa1/0x270 [ 61.063187] ? xt_find_match+0xa1/0x270 [ 61.067147] ? __lock_acquire+0x23a3/0x49c0 [ 61.071455] ? netlink_sendmsg+0x80b/0xcd0 [ 61.075689] ? mutex_trylock+0x1a0/0x1a0 [ 61.079747] ? do_syscall_64+0xf9/0x620 [ 61.083713] ? mark_held_locks+0xf0/0xf0 [ 61.087806] ? save_stack+0x89/0xa0 [ 61.091450] ? xt_find_match+0xa1/0x270 [ 61.095441] xt_find_match+0xa1/0x270 [ 61.099275] xt_request_find_match+0x88/0x110 [ 61.103757] em_ipt_change+0x1c8/0x45e [ 61.107637] ? em_ipt_dump+0x3d0/0x3d0 [ 61.111509] ? do_raw_read_unlock+0x3b/0x70 [ 61.115826] ? _raw_read_unlock+0x29/0x40 [ 61.119962] ? em_ipt_dump+0x3d0/0x3d0 [ 61.123842] tcf_em_tree_validate+0x990/0xf48 [ 61.128330] ? tcf_em_tree_destroy+0x50/0x50 [ 61.132724] ? nla_parse+0x1f3/0x2f0 [ 61.136424] flow_change+0x408/0x1ca0 [ 61.140222] ? flow_dump+0x960/0x960 [ 61.143941] ? flow_dump+0x960/0x960 [ 61.147663] tc_new_tfilter+0xa6b/0x1450 [ 61.151729] ? tc_del_tfilter+0xd40/0xd40 [ 61.155870] ? __mutex_lock+0x3cd/0x1300 [ 61.159919] ? selinux_ipv4_output+0x50/0x50 [ 61.164333] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 61.168836] ? tc_del_tfilter+0xd40/0xd40 [ 61.172987] rtnetlink_rcv_msg+0x453/0xaf0 [ 61.177234] ? rtnetlink_put_metrics+0x520/0x520 [ 61.181981] ? find_held_lock+0x2d/0x110 [ 61.186040] netlink_rcv_skb+0x160/0x410 [ 61.190102] ? rtnetlink_put_metrics+0x520/0x520 [ 61.194846] ? netlink_ack+0xa60/0xa60 [ 61.198721] netlink_unicast+0x4d7/0x6a0 [ 61.202780] ? netlink_attachskb+0x710/0x710 [ 61.207173] netlink_sendmsg+0x80b/0xcd0 [ 61.211220] ? netlink_unicast+0x6a0/0x6a0 [ 61.215452] ? move_addr_to_kernel.part.0+0x110/0x110 [ 61.220630] ? netlink_unicast+0x6a0/0x6a0 [ 61.224859] sock_sendmsg+0xcf/0x120 [ 61.228556] ___sys_sendmsg+0x803/0x920 [ 61.232525] ? copy_msghdr_from_user+0x410/0x410 [ 61.237280] ? find_held_lock+0x2d/0x110 [ 61.241327] ? __might_fault+0x11f/0x1d0 [ 61.245392] ? lock_downgrade+0x740/0x740 [ 61.249551] ? __might_fault+0x192/0x1d0 [ 61.253611] ? _copy_to_user+0xb8/0x100 [ 61.257575] ? move_addr_to_user+0xa8/0x1e0 [ 61.261881] ? __fget_light+0x1a2/0x230 [ 61.265841] __sys_sendmsg+0xec/0x1b0 [ 61.269638] ? __ia32_sys_shutdown+0x70/0x70 [ 61.274047] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 61.278805] ? trace_hardirqs_off_caller+0x55/0x210 [ 61.283815] ? do_syscall_64+0x21/0x620 [ 61.287780] do_syscall_64+0xf9/0x620 [ 61.291572] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.296751] RIP: 0033:0x440e29 [ 61.299926] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.318848] RSP: 002b:00007ffd8748abf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 61.326548] RAX: ffffffffffffffda RBX: 00000000004a2610 RCX: 0000000000440e29 [ 61.333817] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 61.341075] RBP: 00007ffd8748ac00 R08: 0000000120080522 R09: 0000000120080522 [ 61.348349] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004a2610 [ 61.355620] R13: 00000000004023c0 R14: 0000000000000000 R15: 0000000000000000 [ 61.362922] [ 61.364534] Allocated by task 1: [ 61.367898] kasan_kmalloc+0xbf/0xe0 [ 61.371629] kmem_cache_alloc_trace+0x14d/0x7a0 [ 61.376291] xt_init+0x128/0x2a9 [ 61.379644] do_one_initcall+0xf1/0x734 [ 61.383604] kernel_init_freeable+0x4c9/0x5bb [ 61.388083] kernel_init+0xd/0x1c0 [ 61.391605] ret_from_fork+0x24/0x30 [ 61.395322] [ 61.396935] Freed by task 0: [ 61.399939] (stack is not available) [ 61.403628] [ 61.405238] The buggy address belongs to the object at ffff8882160a44c0 [ 61.405238] which belongs to the cache kmalloc-4096 of size 4096 [ 61.418083] The buggy address is located 560 bytes to the right of [ 61.418083] 4096-byte region [ffff8882160a44c0, ffff8882160a54c0) [ 61.430553] The buggy address belongs to the page: [ 61.435468] page:ffffea0008582900 count:1 mapcount:0 mapping:ffff88812c3dcdc0 index:0x0 compound_mapcount: 0 [ 61.445436] flags: 0x57ffe0000008100(slab|head) [ 61.450093] raw: 057ffe0000008100 ffffea0008582888 ffffea0008582a08 ffff88812c3dcdc0 [ 61.457963] raw: 0000000000000000 ffff8882160a44c0 0000000100000001 0000000000000000 [ 61.465824] page dumped because: kasan: bad access detected [ 61.471514] [ 61.473120] Memory state around the buggy address: [ 61.478067] ffff8882160a5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.485416] ffff8882160a5600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.492854] >ffff8882160a5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.500199] ^ [ 61.507200] ffff8882160a5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.514548] ffff8882160a5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.521893] ================================================================== [ 61.529243] Disabling lock debugging due to kernel taint [ 61.534707] Kernel panic - not syncing: panic_on_warn set ... [ 61.534707] [ 61.542073] CPU: 1 PID: 8199 Comm: syz-executor803 Tainted: G B 4.19.109-syzkaller #0 [ 61.551329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.560687] Call Trace: [ 61.563280] dump_stack+0x188/0x20d [ 61.566891] panic+0x26a/0x50e [ 61.570071] ? __warn_printk+0xf3/0xf3 [ 61.573959] ? lock_downgrade+0x740/0x740 [ 61.578103] ? print_shadow_for_address+0xb8/0x114 [ 61.583017] ? trace_hardirqs_off+0x50/0x200 [ 61.587415] ? __lock_acquire+0x34ac/0x49c0 [ 61.591730] kasan_end_report+0x43/0x49 [ 61.595691] kasan_report.cold+0xa4/0x2b9 [ 61.599833] __lock_acquire+0x34ac/0x49c0 [ 61.603974] ? unwind_next_frame+0xd01/0x18a0 [ 61.608458] ? __save_stack_trace+0x59/0xf0 [ 61.612766] ? noop_count+0x40/0x40 [ 61.616392] ? mark_held_locks+0xf0/0xf0 [ 61.620452] ? mark_held_locks+0xf0/0xf0 [ 61.624769] ? unwind_next_frame+0xd01/0x18a0 [ 61.629278] ? __bfs+0x24/0x570 [ 61.632551] ? noop_count+0x40/0x40 [ 61.636185] ? check_preemption_disabled+0x41/0x280 [ 61.641213] ? check_usage_forwards+0x340/0x340 [ 61.645898] ? check_usage_backwards+0x115/0x340 [ 61.650649] ? kernel_text_address+0x6e/0xe0 [ 61.655153] ? print_shortest_lock_dependencies+0x80/0x80 [ 61.660685] ? unwind_get_return_address+0x5a/0xa0 [ 61.665609] ? xt_find_match+0xa1/0x270 [ 61.669568] lock_acquire+0x170/0x400 [ 61.673352] ? xt_find_match+0xa1/0x270 [ 61.677310] ? xt_find_match+0xa1/0x270 [ 61.681266] __mutex_lock+0xf7/0x1300 [ 61.685046] ? xt_find_match+0xa1/0x270 [ 61.689002] ? xt_find_match+0xa1/0x270 [ 61.692960] ? __lock_acquire+0x23a3/0x49c0 [ 61.697266] ? netlink_sendmsg+0x80b/0xcd0 [ 61.701484] ? mutex_trylock+0x1a0/0x1a0 [ 61.705524] ? do_syscall_64+0xf9/0x620 [ 61.709481] ? mark_held_locks+0xf0/0xf0 [ 61.713551] ? save_stack+0x89/0xa0 [ 61.717185] ? xt_find_match+0xa1/0x270 [ 61.721144] xt_find_match+0xa1/0x270 [ 61.724927] xt_request_find_match+0x88/0x110 [ 61.729401] em_ipt_change+0x1c8/0x45e [ 61.733269] ? em_ipt_dump+0x3d0/0x3d0 [ 61.737140] ? do_raw_read_unlock+0x3b/0x70 [ 61.741441] ? _raw_read_unlock+0x29/0x40 [ 61.745574] ? em_ipt_dump+0x3d0/0x3d0 [ 61.749441] tcf_em_tree_validate+0x990/0xf48 [ 61.753925] ? tcf_em_tree_destroy+0x50/0x50 [ 61.758320] ? nla_parse+0x1f3/0x2f0 [ 61.762026] flow_change+0x408/0x1ca0 [ 61.765816] ? flow_dump+0x960/0x960 [ 61.769510] ? flow_dump+0x960/0x960 [ 61.773239] tc_new_tfilter+0xa6b/0x1450 [ 61.777291] ? tc_del_tfilter+0xd40/0xd40 [ 61.781424] ? __mutex_lock+0x3cd/0x1300 [ 61.785473] ? selinux_ipv4_output+0x50/0x50 [ 61.789869] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 61.794267] ? tc_del_tfilter+0xd40/0xd40 [ 61.798399] rtnetlink_rcv_msg+0x453/0xaf0 [ 61.802626] ? rtnetlink_put_metrics+0x520/0x520 [ 61.807382] ? find_held_lock+0x2d/0x110 [ 61.811427] netlink_rcv_skb+0x160/0x410 [ 61.815474] ? rtnetlink_put_metrics+0x520/0x520 [ 61.820213] ? netlink_ack+0xa60/0xa60 [ 61.824085] netlink_unicast+0x4d7/0x6a0 [ 61.828140] ? netlink_attachskb+0x710/0x710 [ 61.832534] netlink_sendmsg+0x80b/0xcd0 [ 61.836580] ? netlink_unicast+0x6a0/0x6a0 [ 61.840816] ? move_addr_to_kernel.part.0+0x110/0x110 [ 61.846002] ? netlink_unicast+0x6a0/0x6a0 [ 61.850238] sock_sendmsg+0xcf/0x120 [ 61.853932] ___sys_sendmsg+0x803/0x920 [ 61.857889] ? copy_msghdr_from_user+0x410/0x410 [ 61.862639] ? find_held_lock+0x2d/0x110 [ 61.866697] ? __might_fault+0x11f/0x1d0 [ 61.870738] ? lock_downgrade+0x740/0x740 [ 61.874884] ? __might_fault+0x192/0x1d0 [ 61.878927] ? _copy_to_user+0xb8/0x100 [ 61.882885] ? move_addr_to_user+0xa8/0x1e0 [ 61.887184] ? __fget_light+0x1a2/0x230 [ 61.891155] __sys_sendmsg+0xec/0x1b0 [ 61.894940] ? __ia32_sys_shutdown+0x70/0x70 [ 61.899345] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 61.904085] ? trace_hardirqs_off_caller+0x55/0x210 [ 61.909085] ? do_syscall_64+0x21/0x620 [ 61.913059] do_syscall_64+0xf9/0x620 [ 61.916845] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.922017] RIP: 0033:0x440e29 [ 61.925290] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.944206] RSP: 002b:00007ffd8748abf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 61.951905] RAX: ffffffffffffffda RBX: 00000000004a2610 RCX: 0000000000440e29 [ 61.959209] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 61.966468] RBP: 00007ffd8748ac00 R08: 0000000120080522 R09: 0000000120080522 [ 61.973721] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004a2610 [ 61.980972] R13: 00000000004023c0 R14: 0000000000000000 R15: 0000000000000000 [ 61.989301] Kernel Offset: disabled [ 61.992928] Rebooting in 86400 seconds..