Warning: Permanently added '10.128.0.15' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 97.221352][ T9874] IPVS: ftp: loaded support on port[0] = 21 [ 97.257998][ T9875] ================================================================== [ 97.266212][ T9875] BUG: KASAN: use-after-free in ethnl_update_bitset32.part.0+0x8db/0x1820 [ 97.274723][ T9875] Read of size 4 at addr ffff8880a8adf43c by task syz-executor290/9875 [ 97.282934][ T9875] [ 97.285248][ T9875] CPU: 1 PID: 9875 Comm: syz-executor290 Not tainted 5.6.0-rc2-syzkaller #0 [ 97.293898][ T9875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 97.303935][ T9875] Call Trace: [ 97.307225][ T9875] dump_stack+0x197/0x210 [ 97.311555][ T9875] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 97.318256][ T9875] print_address_description.constprop.0.cold+0xd4/0x30b [ 97.325281][ T9875] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 97.331547][ T9875] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 97.337688][ T9875] __kasan_report.cold+0x1b/0x32 [ 97.342613][ T9875] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 97.348763][ T9875] kasan_report+0x12/0x20 [ 97.353102][ T9875] __asan_report_load4_noabort+0x14/0x20 [ 97.358745][ T9875] ethnl_update_bitset32.part.0+0x8db/0x1820 [ 97.364753][ T9875] ? __mutex_lock+0x458/0x13c0 [ 97.369498][ T9875] ? lock_downgrade+0x920/0x920 [ 97.374353][ T9875] ? ethnl_bitmap32_clear+0x390/0x390 [ 97.379747][ T9875] ? mutex_trylock+0x2d0/0x2d0 [ 97.384500][ T9875] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 97.390727][ T9875] ? ethnl_default_notify+0x6b0/0x6b0 [ 97.396092][ T9875] ethnl_update_bitset+0x4d/0x67 [ 97.401034][ T9875] ethnl_set_linkmodes+0x461/0xc30 [ 97.406128][ T9875] ? __kasan_check_read+0x11/0x20 [ 97.411168][ T9875] ? linkmodes_prepare_data+0x2a0/0x2a0 [ 97.416883][ T9875] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.423104][ T9875] ? kernel_text_address+0xe9/0x110 [ 97.428287][ T9875] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 97.433728][ T9875] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.439952][ T9875] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.446171][ T9875] ? security_capable+0x95/0xc0 [ 97.451012][ T9875] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.457232][ T9875] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x300 [ 97.463545][ T9875] genl_rcv_msg+0x67d/0xea0 [ 97.468027][ T9875] ? genl_rcv_msg+0x67d/0xea0 [ 97.472702][ T9875] ? genl_family_rcv_msg_attrs_parse+0x300/0x300 [ 97.479014][ T9875] ? __kasan_check_read+0x11/0x20 [ 97.484031][ T9875] ? __lock_acquire+0x8a0/0x4a00 [ 97.488998][ T9875] ? find_held_lock+0x35/0x130 [ 97.493752][ T9875] netlink_rcv_skb+0x177/0x450 [ 97.498499][ T9875] ? genl_family_rcv_msg_attrs_parse+0x300/0x300 [ 97.504821][ T9875] ? netlink_ack+0xb50/0xb50 [ 97.509407][ T9875] ? __kasan_check_write+0x14/0x20 [ 97.514505][ T9875] ? netlink_deliver_tap+0x248/0xbf0 [ 97.519808][ T9875] genl_rcv+0x29/0x40 [ 97.523784][ T9875] netlink_unicast+0x59e/0x7e0 [ 97.528548][ T9875] ? netlink_attachskb+0x870/0x870 [ 97.533731][ T9875] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 97.539442][ T9875] ? __check_object_size+0x3d/0x437 [ 97.544647][ T9875] netlink_sendmsg+0x91c/0xea0 [ 97.549411][ T9875] ? netlink_unicast+0x7e0/0x7e0 [ 97.554337][ T9875] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 97.559867][ T9875] ? apparmor_socket_sendmsg+0x2a/0x30 [ 97.565309][ T9875] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.571529][ T9875] ? security_socket_sendmsg+0x8d/0xc0 [ 97.576972][ T9875] ? netlink_unicast+0x7e0/0x7e0 [ 97.581896][ T9875] sock_sendmsg+0xd7/0x130 [ 97.586299][ T9875] ____sys_sendmsg+0x753/0x880 [ 97.591049][ T9875] ? kernel_sendmsg+0x50/0x50 [ 97.595813][ T9875] ? debug_object_active_state+0x28a/0x350 [ 97.601606][ T9875] ? find_held_lock+0x35/0x130 [ 97.606365][ T9875] ___sys_sendmsg+0x100/0x170 [ 97.611033][ T9875] ? sendmsg_copy_msghdr+0x70/0x70 [ 97.616141][ T9875] ? lockdep_hardirqs_on+0x421/0x5e0 [ 97.621422][ T9875] ? __kasan_check_read+0x11/0x20 [ 97.626427][ T9875] ? mark_lock+0xc2/0x1220 [ 97.630837][ T9875] ? __kasan_check_read+0x11/0x20 [ 97.635844][ T9875] ? __lock_acquire+0x16f2/0x4a00 [ 97.640851][ T9875] ? debug_object_deactivate+0x320/0x320 [ 97.646463][ T9875] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 97.652824][ T9875] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 97.659061][ T9875] ? __fget_light+0x1ad/0x270 [ 97.663732][ T9875] ? __fdget+0x1b/0x20 [ 97.667786][ T9875] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 97.674014][ T9875] __sys_sendmsg+0x105/0x1d0 [ 97.678586][ T9875] ? __sys_sendmsg_sock+0xc0/0xc0 [ 97.683590][ T9875] ? lockdep_hardirqs_on+0x421/0x5e0 [ 97.688913][ T9875] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 97.694358][ T9875] ? do_syscall_64+0x26/0x790 [ 97.699018][ T9875] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.705098][ T9875] ? do_syscall_64+0x26/0x790 [ 97.709785][ T9875] __x64_sys_sendmsg+0x78/0xb0 [ 97.714538][ T9875] do_syscall_64+0xfa/0x790 [ 97.719044][ T9875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.725002][ T9875] RIP: 0033:0x445b39 [ 97.728879][ T9875] Code: e8 ac cb 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab cc fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 97.748676][ T9875] RSP: 002b:00007fff3694a5d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 97.757075][ T9875] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000445b39 [ 97.765027][ T9875] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 97.772977][ T9875] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000bb1414ac [ 97.780928][ T9875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 97.788880][ T9875] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 97.796851][ T9875] [ 97.799161][ T9875] Allocated by task 9724: [ 97.803474][ T9875] save_stack+0x23/0x90 [ 97.808172][ T9875] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 97.813786][ T9875] kasan_slab_alloc+0xf/0x20 [ 97.818372][ T9875] kmem_cache_alloc+0x121/0x710 [ 97.823205][ T9875] __alloc_file+0x27/0x340 [ 97.827598][ T9875] alloc_empty_file+0x72/0x170 [ 97.832341][ T9875] path_openat+0xef/0x3490 [ 97.836736][ T9875] do_filp_open+0x192/0x260 [ 97.841216][ T9875] do_sys_openat2+0x5eb/0x7e0 [ 97.845868][ T9875] do_sys_open+0xf2/0x180 [ 97.850174][ T9875] __x64_sys_open+0x7e/0xc0 [ 97.854680][ T9875] do_syscall_64+0xfa/0x790 [ 97.859180][ T9875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 97.865050][ T9875] [ 97.867376][ T9875] Freed by task 0: [ 97.871081][ T9875] save_stack+0x23/0x90 [ 97.875237][ T9875] __kasan_slab_free+0x102/0x150 [ 97.880159][ T9875] kasan_slab_free+0xe/0x10 [ 97.884642][ T9875] kmem_cache_free+0x86/0x320 [ 97.889298][ T9875] file_free_rcu+0x98/0xe0 [ 97.893698][ T9875] rcu_core+0x5e1/0x1390 [ 97.897921][ T9875] rcu_core_si+0x9/0x10 [ 97.902060][ T9875] __do_softirq+0x262/0x98c [ 97.906580][ T9875] [ 97.908890][ T9875] The buggy address belongs to the object at ffff8880a8adf300 [ 97.908890][ T9875] which belongs to the cache filp of size 456 [ 97.922317][ T9875] The buggy address is located 316 bytes inside of [ 97.922317][ T9875] 456-byte region [ffff8880a8adf300, ffff8880a8adf4c8) [ 97.935567][ T9875] The buggy address belongs to the page: [ 97.941184][ T9875] page:ffffea0002a2b7c0 refcount:1 mapcount:0 mapping:ffff8880aa5f88c0 index:0xffff8880a8adfa80 [ 97.951583][ T9875] flags: 0xfffe0000000200(slab) [ 97.956418][ T9875] raw: 00fffe0000000200 ffffea00028884c8 ffffea000299ec88 ffff8880aa5f88c0 [ 97.964998][ T9875] raw: ffff8880a8adfa80 ffff8880a8adf080 0000000100000005 0000000000000000 [ 97.973557][ T9875] page dumped because: kasan: bad access detected [ 97.979943][ T9875] [ 97.982247][ T9875] Memory state around the buggy address: [ 97.987864][ T9875] ffff8880a8adf300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 97.995905][ T9875] ffff8880a8adf380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 98.003944][ T9875] >ffff8880a8adf400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 98.011994][ T9875] ^ [ 98.017872][ T9875] ffff8880a8adf480: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 98.025911][ T9875] ffff8880a8adf500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.033949][ T9875] ================================================================== [ 98.041992][ T9875] Disabling lock debugging due to kernel taint [ 98.049155][ T9875] Kernel panic - not syncing: panic_on_warn set ... [ 98.055794][ T9875] CPU: 1 PID: 9875 Comm: syz-executor290 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 98.065871][ T9875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 98.075912][ T9875] Call Trace: [ 98.079212][ T9875] dump_stack+0x197/0x210 [ 98.083539][ T9875] panic+0x2e3/0x75c [ 98.087428][ T9875] ? add_taint.cold+0x16/0x16 [ 98.092087][ T9875] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 98.098216][ T9875] ? preempt_schedule+0x4b/0x60 [ 98.103059][ T9875] ? ___preempt_schedule+0x16/0x18 [ 98.108163][ T9875] ? trace_hardirqs_on+0x5e/0x240 [ 98.113176][ T9875] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 98.119353][ T9875] end_report+0x47/0x4f [ 98.123489][ T9875] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 98.129621][ T9875] __kasan_report.cold+0xe/0x32 [ 98.134470][ T9875] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 98.140657][ T9875] kasan_report+0x12/0x20 [ 98.144983][ T9875] __asan_report_load4_noabort+0x14/0x20 [ 98.150731][ T9875] ethnl_update_bitset32.part.0+0x8db/0x1820 [ 98.156691][ T9875] ? __mutex_lock+0x458/0x13c0 [ 98.161475][ T9875] ? lock_downgrade+0x920/0x920 [ 98.166310][ T9875] ? ethnl_bitmap32_clear+0x390/0x390 [ 98.171666][ T9875] ? mutex_trylock+0x2d0/0x2d0 [ 98.176421][ T9875] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 98.182648][ T9875] ? ethnl_default_notify+0x6b0/0x6b0 [ 98.188072][ T9875] ethnl_update_bitset+0x4d/0x67 [ 98.193798][ T9875] ethnl_set_linkmodes+0x461/0xc30 [ 98.198912][ T9875] ? __kasan_check_read+0x11/0x20 [ 98.203917][ T9875] ? linkmodes_prepare_data+0x2a0/0x2a0 [ 98.209442][ T9875] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.215666][ T9875] ? kernel_text_address+0xe9/0x110 [ 98.220845][ T9875] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 98.226379][ T9875] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.232604][ T9875] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.238844][ T9875] ? security_capable+0x95/0xc0 [ 98.243686][ T9875] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.249905][ T9875] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x300 [ 98.256212][ T9875] genl_rcv_msg+0x67d/0xea0 [ 98.260699][ T9875] ? genl_rcv_msg+0x67d/0xea0 [ 98.265362][ T9875] ? genl_family_rcv_msg_attrs_parse+0x300/0x300 [ 98.271672][ T9875] ? __kasan_check_read+0x11/0x20 [ 98.276678][ T9875] ? __lock_acquire+0x8a0/0x4a00 [ 98.281627][ T9875] ? find_held_lock+0x35/0x130 [ 98.286373][ T9875] netlink_rcv_skb+0x177/0x450 [ 98.291131][ T9875] ? genl_family_rcv_msg_attrs_parse+0x300/0x300 [ 98.297438][ T9875] ? netlink_ack+0xb50/0xb50 [ 98.302022][ T9875] ? __kasan_check_write+0x14/0x20 [ 98.307115][ T9875] ? netlink_deliver_tap+0x248/0xbf0 [ 98.312394][ T9875] genl_rcv+0x29/0x40 [ 98.316364][ T9875] netlink_unicast+0x59e/0x7e0 [ 98.321108][ T9875] ? netlink_attachskb+0x870/0x870 [ 98.326214][ T9875] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 98.331931][ T9875] ? __check_object_size+0x3d/0x437 [ 98.337125][ T9875] netlink_sendmsg+0x91c/0xea0 [ 98.341871][ T9875] ? netlink_unicast+0x7e0/0x7e0 [ 98.346786][ T9875] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 98.352313][ T9875] ? apparmor_socket_sendmsg+0x2a/0x30 [ 98.357837][ T9875] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.364053][ T9875] ? security_socket_sendmsg+0x8d/0xc0 [ 98.369488][ T9875] ? netlink_unicast+0x7e0/0x7e0 [ 98.374404][ T9875] sock_sendmsg+0xd7/0x130 [ 98.378799][ T9875] ____sys_sendmsg+0x753/0x880 [ 98.383542][ T9875] ? kernel_sendmsg+0x50/0x50 [ 98.388249][ T9875] ? debug_object_active_state+0x28a/0x350 [ 98.394045][ T9875] ? find_held_lock+0x35/0x130 [ 98.398794][ T9875] ___sys_sendmsg+0x100/0x170 [ 98.403452][ T9875] ? sendmsg_copy_msghdr+0x70/0x70 [ 98.408581][ T9875] ? lockdep_hardirqs_on+0x421/0x5e0 [ 98.414194][ T9875] ? __kasan_check_read+0x11/0x20 [ 98.419194][ T9875] ? mark_lock+0xc2/0x1220 [ 98.423595][ T9875] ? __kasan_check_read+0x11/0x20 [ 98.428609][ T9875] ? __lock_acquire+0x16f2/0x4a00 [ 98.433622][ T9875] ? debug_object_deactivate+0x320/0x320 [ 98.439245][ T9875] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 98.445381][ T9875] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 98.451599][ T9875] ? __fget_light+0x1ad/0x270 [ 98.456264][ T9875] ? __fdget+0x1b/0x20 [ 98.460333][ T9875] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 98.466594][ T9875] __sys_sendmsg+0x105/0x1d0 [ 98.471188][ T9875] ? __sys_sendmsg_sock+0xc0/0xc0 [ 98.476193][ T9875] ? lockdep_hardirqs_on+0x421/0x5e0 [ 98.481508][ T9875] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 98.486978][ T9875] ? do_syscall_64+0x26/0x790 [ 98.491672][ T9875] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.497717][ T9875] ? do_syscall_64+0x26/0x790 [ 98.502376][ T9875] __x64_sys_sendmsg+0x78/0xb0 [ 98.507136][ T9875] do_syscall_64+0xfa/0x790 [ 98.511619][ T9875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 98.517488][ T9875] RIP: 0033:0x445b39 [ 98.521361][ T9875] Code: e8 ac cb 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab cc fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 98.541552][ T9875] RSP: 002b:00007fff3694a5d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 98.549942][ T9875] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000445b39 [ 98.557892][ T9875] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 98.565845][ T9875] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000bb1414ac [ 98.573965][ T9875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 98.581912][ T9875] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 98.590939][ T9875] Kernel Offset: disabled [ 98.595257][ T9875] Rebooting in 86400 seconds..