Warning: Permanently added '10.128.0.207' (ECDSA) to the list of known hosts. executing program [ 54.766928] audit: type=1400 audit(1583913938.595:36): avc: denied { map } for pid=7966 comm="syz-executor066" path="/root/syz-executor066597159" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 54.784898] IPVS: ftp: loaded support on port[0] = 21 [ 54.825932] ================================================================== [ 54.833389] BUG: KASAN: slab-out-of-bounds in tcindex_set_parms+0x17d0/0x19d0 [ 54.840650] Write of size 16 at addr ffff8880a54778b8 by task syz-executor066/7967 [ 54.848348] [ 54.849981] CPU: 0 PID: 7967 Comm: syz-executor066 Not tainted 4.19.108-syzkaller #0 [ 54.857951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.867301] Call Trace: [ 54.869915] dump_stack+0x188/0x20d [ 54.873529] ? tcindex_set_parms+0x17d0/0x19d0 [ 54.878108] print_address_description.cold+0x7c/0x212 [ 54.883583] ? tcindex_set_parms+0x17d0/0x19d0 [ 54.888671] kasan_report.cold+0x88/0x2b9 [ 54.892815] tcindex_set_parms+0x17d0/0x19d0 [ 54.897209] ? avc_has_perm_noaudit+0x316/0x520 [ 54.901872] ? tcindex_alloc_perfect_hash+0x350/0x350 [ 54.907056] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 54.912231] ? validate_nla+0x328/0x800 [ 54.916281] ? tcindex_change+0x200/0x2d3 [ 54.920409] tcindex_change+0x200/0x2d3 [ 54.924367] ? tcindex_set_parms+0x19d0/0x19d0 [ 54.928938] ? tcindex_set_parms+0x19d0/0x19d0 [ 54.933500] tc_new_tfilter+0xa6b/0x1450 [ 54.937552] ? tc_del_tfilter+0xd40/0xd40 [ 54.941683] ? __mutex_lock+0x3cd/0x1300 [ 54.945738] ? selinux_ipv4_output+0x50/0x50 [ 54.950129] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 54.954531] ? tc_del_tfilter+0xd40/0xd40 [ 54.958665] rtnetlink_rcv_msg+0x453/0xaf0 [ 54.962883] ? rtnetlink_put_metrics+0x520/0x520 [ 54.967621] ? find_held_lock+0x2d/0x110 [ 54.971666] netlink_rcv_skb+0x160/0x410 [ 54.975713] ? rtnetlink_put_metrics+0x520/0x520 [ 54.980454] ? netlink_ack+0xa60/0xa60 [ 54.984332] netlink_unicast+0x4d7/0x6a0 [ 54.988386] ? netlink_attachskb+0x710/0x710 [ 54.992782] netlink_sendmsg+0x80b/0xcd0 [ 54.996833] ? netlink_unicast+0x6a0/0x6a0 [ 55.001050] ? move_addr_to_kernel.part.0+0x110/0x110 [ 55.006229] ? netlink_unicast+0x6a0/0x6a0 [ 55.010458] sock_sendmsg+0xcf/0x120 [ 55.014154] ___sys_sendmsg+0x803/0x920 [ 55.018114] ? copy_msghdr_from_user+0x410/0x410 [ 55.022855] ? find_held_lock+0x2d/0x110 [ 55.026908] ? __might_fault+0x11f/0x1d0 [ 55.030953] ? lock_downgrade+0x740/0x740 [ 55.035095] ? __might_fault+0x192/0x1d0 [ 55.039152] ? _copy_to_user+0xb8/0x100 [ 55.043114] ? move_addr_to_user+0xa8/0x1e0 [ 55.047417] ? __fget_light+0x1a2/0x230 [ 55.051377] __sys_sendmsg+0xec/0x1b0 [ 55.055176] ? __ia32_sys_shutdown+0x70/0x70 [ 55.059574] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 55.064307] ? trace_hardirqs_off_caller+0x55/0x210 [ 55.069305] ? do_syscall_64+0x21/0x620 [ 55.073281] do_syscall_64+0xf9/0x620 [ 55.077093] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.082270] RIP: 0033:0x440eb9 [ 55.085446] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.104347] RSP: 002b:00007ffe0f5cf728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 55.112049] RAX: ffffffffffffffda RBX: 00000000004a2690 RCX: 0000000000440eb9 [ 55.119310] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 55.126560] RBP: 00000000004a2690 R08: 0000000120080522 R09: 0000000120080522 [ 55.133812] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004023c0 [ 55.141062] R13: 0000000000402450 R14: 0000000000000000 R15: 0000000000000000 [ 55.148320] [ 55.149950] Allocated by task 1524: [ 55.154973] kasan_kmalloc+0xbf/0xe0 [ 55.158693] kmem_cache_alloc_trace+0x14d/0x7a0 [ 55.163349] kthread+0x96/0x420 [ 55.166610] ret_from_fork+0x24/0x30 [ 55.170301] [ 55.171914] Freed by task 0: [ 55.174918] (stack is not available) [ 55.178614] [ 55.180227] The buggy address belongs to the object at ffff8880a5477800 [ 55.180227] which belongs to the cache kmalloc-192 of size 192 [ 55.192877] The buggy address is located 184 bytes inside of [ 55.192877] 192-byte region [ffff8880a5477800, ffff8880a54778c0) [ 55.204741] The buggy address belongs to the page: [ 55.209659] page:ffffea0002951dc0 count:1 mapcount:0 mapping:ffff88812c3dc040 index:0x0 [ 55.217787] flags: 0xfffe0000000100(slab) [ 55.221922] raw: 00fffe0000000100 ffffea000296f948 ffffea00029a9008 ffff88812c3dc040 [ 55.229784] raw: 0000000000000000 ffff8880a5477000 0000000100000010 0000000000000000 [ 55.237641] page dumped because: kasan: bad access detected [ 55.243330] [ 55.244948] Memory state around the buggy address: [ 55.249861] ffff8880a5477780: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.257291] ffff8880a5477800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.264645] >ffff8880a5477880: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 55.271995] ^ [ 55.277432] ffff8880a5477900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.284777] ffff8880a5477980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 55.292132] ================================================================== [ 55.299491] Disabling lock debugging due to kernel taint [ 55.305436] Kernel panic - not syncing: panic_on_warn set ... [ 55.305436] [ 55.312803] CPU: 0 PID: 7967 Comm: syz-executor066 Tainted: G B 4.19.108-syzkaller #0 [ 55.322054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.331386] Call Trace: [ 55.333961] dump_stack+0x188/0x20d [ 55.337572] panic+0x26a/0x50e [ 55.340744] ? __warn_printk+0xf3/0xf3 [ 55.344610] ? preempt_schedule_common+0x4a/0xc0 [ 55.349345] ? tcindex_set_parms+0x17d0/0x19d0 [ 55.353927] ? ___preempt_schedule+0x16/0x18 [ 55.358329] ? trace_hardirqs_on+0x55/0x210 [ 55.362647] ? tcindex_set_parms+0x17d0/0x19d0 [ 55.367220] kasan_end_report+0x43/0x49 [ 55.371178] kasan_report.cold+0xa4/0x2b9 [ 55.375334] tcindex_set_parms+0x17d0/0x19d0 [ 55.379728] ? avc_has_perm_noaudit+0x316/0x520 [ 55.384385] ? tcindex_alloc_perfect_hash+0x350/0x350 [ 55.389575] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 55.394753] ? validate_nla+0x328/0x800 [ 55.398711] ? tcindex_change+0x200/0x2d3 [ 55.402837] tcindex_change+0x200/0x2d3 [ 55.406808] ? tcindex_set_parms+0x19d0/0x19d0 [ 55.411374] ? tcindex_set_parms+0x19d0/0x19d0 [ 55.415946] tc_new_tfilter+0xa6b/0x1450 [ 55.419990] ? tc_del_tfilter+0xd40/0xd40 [ 55.424126] ? __mutex_lock+0x3cd/0x1300 [ 55.428170] ? selinux_ipv4_output+0x50/0x50 [ 55.432559] ? rtnetlink_rcv_msg+0x3fe/0xaf0 [ 55.436954] ? tc_del_tfilter+0xd40/0xd40 [ 55.441083] rtnetlink_rcv_msg+0x453/0xaf0 [ 55.445311] ? rtnetlink_put_metrics+0x520/0x520 [ 55.450049] ? find_held_lock+0x2d/0x110 [ 55.454092] netlink_rcv_skb+0x160/0x410 [ 55.458159] ? rtnetlink_put_metrics+0x520/0x520 [ 55.462916] ? netlink_ack+0xa60/0xa60 [ 55.466800] netlink_unicast+0x4d7/0x6a0 [ 55.470848] ? netlink_attachskb+0x710/0x710 [ 55.475242] netlink_sendmsg+0x80b/0xcd0 [ 55.479289] ? netlink_unicast+0x6a0/0x6a0 [ 55.483517] ? move_addr_to_kernel.part.0+0x110/0x110 [ 55.488696] ? netlink_unicast+0x6a0/0x6a0 [ 55.492917] sock_sendmsg+0xcf/0x120 [ 55.496619] ___sys_sendmsg+0x803/0x920 [ 55.500578] ? copy_msghdr_from_user+0x410/0x410 [ 55.505319] ? find_held_lock+0x2d/0x110 [ 55.509368] ? __might_fault+0x11f/0x1d0 [ 55.513413] ? lock_downgrade+0x740/0x740 [ 55.517548] ? __might_fault+0x192/0x1d0 [ 55.521592] ? _copy_to_user+0xb8/0x100 [ 55.525556] ? move_addr_to_user+0xa8/0x1e0 [ 55.529860] ? __fget_light+0x1a2/0x230 [ 55.534121] __sys_sendmsg+0xec/0x1b0 [ 55.537957] ? __ia32_sys_shutdown+0x70/0x70 [ 55.542359] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 55.547102] ? trace_hardirqs_off_caller+0x55/0x210 [ 55.552100] ? do_syscall_64+0x21/0x620 [ 55.556060] do_syscall_64+0xf9/0x620 [ 55.559844] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.565069] RIP: 0033:0x440eb9 [ 55.568242] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.588087] RSP: 002b:00007ffe0f5cf728 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 55.595777] RAX: ffffffffffffffda RBX: 00000000004a2690 RCX: 0000000000440eb9 [ 55.603025] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 55.610275] RBP: 00000000004a2690 R08: 0000000120080522 R09: 0000000120080522 [ 55.617534] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004023c0 [ 55.624809] R13: 0000000000402450 R14: 0000000000000000 R15: 0000000000000000 [ 55.633432] Kernel Offset: disabled [ 55.637066] Rebooting in 86400 seconds..