Warning: Permanently added '10.128.0.239' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 84.641886][ T9690] IPVS: ftp: loaded support on port[0] = 21 [ 84.671010][ T9690] ================================================================== [ 84.679206][ T9690] BUG: KASAN: slab-out-of-bounds in tcindex_set_parms+0x17fd/0x1a00 [ 84.687181][ T9690] Write of size 16 at addr ffff8880a87195b8 by task syz-executor405/9690 [ 84.695578][ T9690] [ 84.697901][ T9690] CPU: 0 PID: 9690 Comm: syz-executor405 Not tainted 5.6.0-rc5-syzkaller #0 [ 84.706564][ T9690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 84.716609][ T9690] Call Trace: [ 84.719900][ T9690] dump_stack+0x188/0x20d [ 84.724223][ T9690] ? tcindex_set_parms+0x17fd/0x1a00 [ 84.729494][ T9690] ? tcindex_set_parms+0x17fd/0x1a00 [ 84.735292][ T9690] print_address_description.constprop.0.cold+0xd3/0x315 [ 84.742305][ T9690] ? tcindex_set_parms+0x17fd/0x1a00 [ 84.747593][ T9690] ? tcindex_set_parms+0x17fd/0x1a00 [ 84.752878][ T9690] __kasan_report.cold+0x1a/0x32 [ 84.757829][ T9690] ? tcindex_set_parms+0x17fd/0x1a00 [ 84.763105][ T9690] kasan_report+0xe/0x20 [ 84.767332][ T9690] tcindex_set_parms+0x17fd/0x1a00 [ 84.772445][ T9690] ? tcindex_alloc_perfect_hash+0x320/0x320 [ 84.778342][ T9690] ? mark_held_locks+0xe0/0xe0 [ 84.783120][ T9690] ? nla_memcpy+0xa0/0xa0 [ 84.787460][ T9690] ? tcindex_change+0x203/0x2e0 [ 84.792293][ T9690] tcindex_change+0x203/0x2e0 [ 84.796971][ T9690] ? tcindex_set_parms+0x1a00/0x1a00 [ 84.802268][ T9690] tc_new_tfilter+0xa59/0x20b0 [ 84.807033][ T9690] ? tcindex_set_parms+0x1a00/0x1a00 [ 84.812314][ T9690] ? tc_del_tfilter+0x1430/0x1430 [ 84.817331][ T9690] ? __lock_acquire+0x80b/0x3ca0 [ 84.822257][ T9690] ? apparmor_capable+0x454/0x8a0 [ 84.827289][ T9690] ? rcu_read_lock_held+0x9c/0xb0 [ 84.832317][ T9690] ? tc_del_tfilter+0x1430/0x1430 [ 84.837331][ T9690] rtnetlink_rcv_msg+0x810/0xad0 [ 84.842257][ T9690] ? rtnl_bridge_getlink+0x880/0x880 [ 84.847532][ T9690] ? mark_held_locks+0xe0/0xe0 [ 84.852279][ T9690] ? netlink_deliver_tap+0x146/0xb50 [ 84.857560][ T9690] netlink_rcv_skb+0x15a/0x410 [ 84.862327][ T9690] ? rtnl_bridge_getlink+0x880/0x880 [ 84.867602][ T9690] ? netlink_ack+0xa80/0xa80 [ 84.872202][ T9690] netlink_unicast+0x537/0x740 [ 84.876958][ T9690] ? netlink_attachskb+0x810/0x810 [ 84.882065][ T9690] ? _copy_from_iter_full+0x25c/0x870 [ 84.887425][ T9690] ? __phys_addr_symbol+0x2c/0x70 [ 84.892444][ T9690] ? __check_object_size+0x171/0x437 [ 84.897725][ T9690] netlink_sendmsg+0x882/0xe10 [ 84.902488][ T9690] ? aa_af_perm+0x260/0x260 [ 84.906981][ T9690] ? netlink_unicast+0x740/0x740 [ 84.911912][ T9690] ? netlink_unicast+0x740/0x740 [ 84.916869][ T9690] sock_sendmsg+0xcf/0x120 [ 84.921281][ T9690] ____sys_sendmsg+0x6b9/0x7d0 [ 84.926029][ T9690] ? kernel_sendmsg+0x50/0x50 [ 84.930698][ T9690] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 84.936243][ T9690] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 84.942227][ T9690] ___sys_sendmsg+0x100/0x170 [ 84.946904][ T9690] ? sendmsg_copy_msghdr+0x70/0x70 [ 84.952044][ T9690] ? lock_downgrade+0x7f0/0x7f0 [ 84.956909][ T9690] ? lock_acquire+0x197/0x420 [ 84.961580][ T9690] ? __might_fault+0xef/0x1d0 [ 84.966345][ T9690] ? __might_fault+0x190/0x1d0 [ 84.971103][ T9690] ? _copy_to_user+0x107/0x150 [ 84.975851][ T9690] ? move_addr_to_user+0xb3/0x200 [ 84.980858][ T9690] ? __fget_light+0x1a5/0x270 [ 84.985523][ T9690] __sys_sendmsg+0xec/0x1b0 [ 84.990010][ T9690] ? __sys_sendmsg_sock+0xb0/0xb0 [ 84.995018][ T9690] ? mark_held_locks+0x9f/0xe0 [ 84.999787][ T9690] ? trace_hardirqs_off_caller+0x55/0x230 [ 85.005491][ T9690] ? do_fast_syscall_32+0xcc/0xe8f [ 85.010611][ T9690] do_fast_syscall_32+0x270/0xe8f [ 85.015646][ T9690] entry_SYSENTER_compat+0x70/0x7f [ 85.020760][ T9690] [ 85.023073][ T9690] Allocated by task 9690: [ 85.027440][ T9690] save_stack+0x1b/0x80 [ 85.031607][ T9690] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 85.037243][ T9690] kmem_cache_alloc_trace+0x153/0x7d0 [ 85.042622][ T9690] tcindex_set_parms+0x1f1/0x1a00 [ 85.047635][ T9690] tcindex_change+0x203/0x2e0 [ 85.052304][ T9690] tc_new_tfilter+0xa59/0x20b0 [ 85.057054][ T9690] rtnetlink_rcv_msg+0x810/0xad0 [ 85.062004][ T9690] netlink_rcv_skb+0x15a/0x410 [ 85.066745][ T9690] netlink_unicast+0x537/0x740 [ 85.071487][ T9690] netlink_sendmsg+0x882/0xe10 [ 85.076229][ T9690] sock_sendmsg+0xcf/0x120 [ 85.080622][ T9690] ____sys_sendmsg+0x6b9/0x7d0 [ 85.085365][ T9690] ___sys_sendmsg+0x100/0x170 [ 85.090018][ T9690] __sys_sendmsg+0xec/0x1b0 [ 85.094497][ T9690] do_fast_syscall_32+0x270/0xe8f [ 85.099503][ T9690] entry_SYSENTER_compat+0x70/0x7f [ 85.104588][ T9690] [ 85.106913][ T9690] Freed by task 877: [ 85.110801][ T9690] save_stack+0x1b/0x80 [ 85.114944][ T9690] __kasan_slab_free+0xf7/0x140 [ 85.119773][ T9690] kfree+0x109/0x2b0 [ 85.123643][ T9690] umh_complete+0x81/0x90 [ 85.127951][ T9690] call_usermodehelper_exec_async+0x459/0x710 [ 85.134003][ T9690] ret_from_fork+0x24/0x30 [ 85.138402][ T9690] [ 85.140710][ T9690] The buggy address belongs to the object at ffff8880a8719500 [ 85.140710][ T9690] which belongs to the cache kmalloc-192 of size 192 [ 85.154802][ T9690] The buggy address is located 184 bytes inside of [ 85.154802][ T9690] 192-byte region [ffff8880a8719500, ffff8880a87195c0) [ 85.168065][ T9690] The buggy address belongs to the page: [ 85.173689][ T9690] page:ffffea0002a1c640 refcount:1 mapcount:0 mapping:ffff8880aa000000 index:0x0 [ 85.182810][ T9690] flags: 0xfffe0000000200(slab) [ 85.187675][ T9690] raw: 00fffe0000000200 ffffea00029f9a48 ffffea00029e0388 ffff8880aa000000 [ 85.196246][ T9690] raw: 0000000000000000 ffff8880a8719000 0000000100000010 0000000000000000 [ 85.204818][ T9690] page dumped because: kasan: bad access detected [ 85.211214][ T9690] [ 85.213536][ T9690] Memory state around the buggy address: [ 85.219162][ T9690] ffff8880a8719480: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 85.227209][ T9690] ffff8880a8719500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.235255][ T9690] >ffff8880a8719580: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 85.243306][ T9690] ^ [ 85.249192][ T9690] ffff8880a8719600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.257261][ T9690] ffff8880a8719680: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 85.265347][ T9690] ================================================================== [ 85.273431][ T9690] Disabling lock debugging due to kernel taint [ 85.280246][ T9690] Kernel panic - not syncing: panic_on_warn set ... [ 85.286863][ T9690] CPU: 0 PID: 9690 Comm: syz-executor405 Tainted: G B 5.6.0-rc5-syzkaller #0 [ 85.297091][ T9690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 85.307189][ T9690] Call Trace: [ 85.310480][ T9690] dump_stack+0x188/0x20d [ 85.314803][ T9690] panic+0x2e3/0x75c [ 85.318720][ T9690] ? add_taint.cold+0x16/0x16 [ 85.323409][ T9690] ? retint_kernel+0x2b/0x2b [ 85.328006][ T9690] ? trace_hardirqs_on+0x55/0x220 [ 85.333022][ T9690] ? tcindex_set_parms+0x17fd/0x1a00 [ 85.338305][ T9690] end_report+0x43/0x49 [ 85.342455][ T9690] ? tcindex_set_parms+0x17fd/0x1a00 [ 85.347728][ T9690] __kasan_report.cold+0xd/0x32 [ 85.352564][ T9690] ? tcindex_set_parms+0x17fd/0x1a00 [ 85.357842][ T9690] kasan_report+0xe/0x20 [ 85.362068][ T9690] tcindex_set_parms+0x17fd/0x1a00 [ 85.367170][ T9690] ? tcindex_alloc_perfect_hash+0x320/0x320 [ 85.373044][ T9690] ? mark_held_locks+0xe0/0xe0 [ 85.377796][ T9690] ? nla_memcpy+0xa0/0xa0 [ 85.382127][ T9690] ? tcindex_change+0x203/0x2e0 [ 85.386961][ T9690] tcindex_change+0x203/0x2e0 [ 85.391636][ T9690] ? tcindex_set_parms+0x1a00/0x1a00 [ 85.396914][ T9690] tc_new_tfilter+0xa59/0x20b0 [ 85.401664][ T9690] ? tcindex_set_parms+0x1a00/0x1a00 [ 85.406943][ T9690] ? tc_del_tfilter+0x1430/0x1430 [ 85.412036][ T9690] ? __lock_acquire+0x80b/0x3ca0 [ 85.416973][ T9690] ? apparmor_capable+0x454/0x8a0 [ 85.421986][ T9690] ? rcu_read_lock_held+0x9c/0xb0 [ 85.426998][ T9690] ? tc_del_tfilter+0x1430/0x1430 [ 85.432038][ T9690] rtnetlink_rcv_msg+0x810/0xad0 [ 85.436958][ T9690] ? rtnl_bridge_getlink+0x880/0x880 [ 85.442241][ T9690] ? mark_held_locks+0xe0/0xe0 [ 85.447010][ T9690] ? netlink_deliver_tap+0x146/0xb50 [ 85.452275][ T9690] netlink_rcv_skb+0x15a/0x410 [ 85.457044][ T9690] ? rtnl_bridge_getlink+0x880/0x880 [ 85.462324][ T9690] ? netlink_ack+0xa80/0xa80 [ 85.466904][ T9690] netlink_unicast+0x537/0x740 [ 85.471655][ T9690] ? netlink_attachskb+0x810/0x810 [ 85.476746][ T9690] ? _copy_from_iter_full+0x25c/0x870 [ 85.482099][ T9690] ? __phys_addr_symbol+0x2c/0x70 [ 85.487102][ T9690] ? __check_object_size+0x171/0x437 [ 85.492390][ T9690] netlink_sendmsg+0x882/0xe10 [ 85.497144][ T9690] ? aa_af_perm+0x260/0x260 [ 85.501646][ T9690] ? netlink_unicast+0x740/0x740 [ 85.506568][ T9690] ? netlink_unicast+0x740/0x740 [ 85.511489][ T9690] sock_sendmsg+0xcf/0x120 [ 85.515904][ T9690] ____sys_sendmsg+0x6b9/0x7d0 [ 85.520661][ T9690] ? kernel_sendmsg+0x50/0x50 [ 85.525336][ T9690] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 85.530871][ T9690] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 85.536851][ T9690] ___sys_sendmsg+0x100/0x170 [ 85.541526][ T9690] ? sendmsg_copy_msghdr+0x70/0x70 [ 85.546672][ T9690] ? lock_downgrade+0x7f0/0x7f0 [ 85.551524][ T9690] ? lock_acquire+0x197/0x420 [ 85.556226][ T9690] ? __might_fault+0xef/0x1d0 [ 85.560890][ T9690] ? __might_fault+0x190/0x1d0 [ 85.565632][ T9690] ? _copy_to_user+0x107/0x150 [ 85.570402][ T9690] ? move_addr_to_user+0xb3/0x200 [ 85.575408][ T9690] ? __fget_light+0x1a5/0x270 [ 85.580076][ T9690] __sys_sendmsg+0xec/0x1b0 [ 85.585694][ T9690] ? __sys_sendmsg_sock+0xb0/0xb0 [ 85.590739][ T9690] ? mark_held_locks+0x9f/0xe0 [ 85.595527][ T9690] ? trace_hardirqs_off_caller+0x55/0x230 [ 85.601238][ T9690] ? do_fast_syscall_32+0xcc/0xe8f [ 85.606351][ T9690] do_fast_syscall_32+0x270/0xe8f [ 85.611369][ T9690] entry_SYSENTER_compat+0x70/0x7f [ 85.617555][ T9690] Kernel Offset: disabled [ 85.621876][ T9690] Rebooting in 86400 seconds..