Warning: Permanently added '10.128.1.19' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 81.883284][ T9426] IPVS: ftp: loaded support on port[0] = 21 [ 81.919844][ T9427] ================================================================== [ 81.928073][ T9427] BUG: KASAN: use-after-free in ethnl_update_bitset32.part.0+0x8db/0x1820 [ 81.936549][ T9427] Read of size 4 at addr ffff8880a959ec3c by task syz-executor678/9427 [ 81.944758][ T9427] [ 81.947071][ T9427] CPU: 1 PID: 9427 Comm: syz-executor678 Not tainted 5.6.0-rc2-syzkaller #0 [ 81.955710][ T9427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.965737][ T9427] Call Trace: [ 81.969001][ T9427] dump_stack+0x197/0x210 [ 81.973321][ T9427] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 81.979481][ T9427] print_address_description.constprop.0.cold+0xd4/0x30b [ 81.986488][ T9427] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 81.992622][ T9427] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 81.998855][ T9427] __kasan_report.cold+0x1b/0x32 [ 82.003796][ T9427] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 82.009943][ T9427] kasan_report+0x12/0x20 [ 82.014386][ T9427] __asan_report_load4_noabort+0x14/0x20 [ 82.020007][ T9427] ethnl_update_bitset32.part.0+0x8db/0x1820 [ 82.025968][ T9427] ? __mutex_lock+0x458/0x13c0 [ 82.030730][ T9427] ? lock_downgrade+0x920/0x920 [ 82.035697][ T9427] ? ethnl_bitmap32_clear+0x390/0x390 [ 82.041056][ T9427] ? mutex_trylock+0x2d0/0x2d0 [ 82.045817][ T9427] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 82.052044][ T9427] ? ethnl_default_notify+0x6b0/0x6b0 [ 82.057398][ T9427] ethnl_update_bitset+0x4d/0x67 [ 82.062327][ T9427] ethnl_set_linkmodes+0x461/0xc30 [ 82.067415][ T9427] ? __kasan_check_read+0x11/0x20 [ 82.072424][ T9427] ? linkmodes_prepare_data+0x2a0/0x2a0 [ 82.077951][ T9427] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.084174][ T9427] ? kernel_text_address+0xe9/0x110 [ 82.089363][ T9427] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 82.094936][ T9427] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.101161][ T9427] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.107377][ T9427] ? security_capable+0x95/0xc0 [ 82.112244][ T9427] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.118462][ T9427] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x300 [ 82.124781][ T9427] genl_rcv_msg+0x67d/0xea0 [ 82.129273][ T9427] ? genl_rcv_msg+0x67d/0xea0 [ 82.133954][ T9427] ? genl_family_rcv_msg_attrs_parse+0x300/0x300 [ 82.140279][ T9427] ? __kasan_check_read+0x11/0x20 [ 82.145289][ T9427] ? __lock_acquire+0x8a0/0x4a00 [ 82.150212][ T9427] ? find_held_lock+0x35/0x130 [ 82.154960][ T9427] netlink_rcv_skb+0x177/0x450 [ 82.159699][ T9427] ? genl_family_rcv_msg_attrs_parse+0x300/0x300 [ 82.165999][ T9427] ? netlink_ack+0xb50/0xb50 [ 82.170563][ T9427] ? __kasan_check_write+0x14/0x20 [ 82.175659][ T9427] ? netlink_deliver_tap+0x248/0xbf0 [ 82.180924][ T9427] genl_rcv+0x29/0x40 [ 82.184898][ T9427] netlink_unicast+0x59e/0x7e0 [ 82.189655][ T9427] ? netlink_attachskb+0x870/0x870 [ 82.194746][ T9427] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 82.200445][ T9427] ? __check_object_size+0x3d/0x437 [ 82.205635][ T9427] netlink_sendmsg+0x91c/0xea0 [ 82.210389][ T9427] ? netlink_unicast+0x7e0/0x7e0 [ 82.215299][ T9427] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 82.220913][ T9427] ? apparmor_socket_sendmsg+0x2a/0x30 [ 82.226350][ T9427] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.232566][ T9427] ? security_socket_sendmsg+0x8d/0xc0 [ 82.238001][ T9427] ? netlink_unicast+0x7e0/0x7e0 [ 82.242928][ T9427] sock_sendmsg+0xd7/0x130 [ 82.247336][ T9427] ____sys_sendmsg+0x753/0x880 [ 82.252087][ T9427] ? kernel_sendmsg+0x50/0x50 [ 82.256748][ T9427] ? debug_object_active_state+0x28a/0x350 [ 82.262534][ T9427] ? find_held_lock+0x35/0x130 [ 82.267300][ T9427] ___sys_sendmsg+0x100/0x170 [ 82.272113][ T9427] ? sendmsg_copy_msghdr+0x70/0x70 [ 82.277204][ T9427] ? lockdep_hardirqs_on+0x421/0x5e0 [ 82.282510][ T9427] ? __kasan_check_read+0x11/0x20 [ 82.287517][ T9427] ? mark_lock+0xc2/0x1220 [ 82.291925][ T9427] ? __kasan_check_read+0x11/0x20 [ 82.296930][ T9427] ? __lock_acquire+0x16f2/0x4a00 [ 82.301934][ T9427] ? debug_object_deactivate+0x320/0x320 [ 82.307543][ T9427] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 82.313696][ T9427] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.319911][ T9427] ? __fget_light+0x1ad/0x270 [ 82.324566][ T9427] ? __fdget+0x1b/0x20 [ 82.328611][ T9427] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 82.334844][ T9427] __sys_sendmsg+0x105/0x1d0 [ 82.339413][ T9427] ? __sys_sendmsg_sock+0xc0/0xc0 [ 82.344414][ T9427] ? lockdep_hardirqs_on+0x421/0x5e0 [ 82.349684][ T9427] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 82.355126][ T9427] ? do_syscall_64+0x26/0x790 [ 82.359782][ T9427] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.365823][ T9427] ? do_syscall_64+0x26/0x790 [ 82.370485][ T9427] __x64_sys_sendmsg+0x78/0xb0 [ 82.375229][ T9427] do_syscall_64+0xfa/0x790 [ 82.379713][ T9427] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.385596][ T9427] RIP: 0033:0x445b39 [ 82.389471][ T9427] Code: e8 ac cb 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab cc fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 82.409055][ T9427] RSP: 002b:00007ffccda0bad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 82.417494][ T9427] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000445b39 [ 82.425455][ T9427] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 82.433422][ T9427] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000bb1414ac [ 82.441380][ T9427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 82.449344][ T9427] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 82.457356][ T9427] [ 82.459665][ T9427] Allocated by task 9364: [ 82.463983][ T9427] save_stack+0x23/0x90 [ 82.468133][ T9427] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 82.473750][ T9427] kasan_kmalloc+0x9/0x10 [ 82.478072][ T9427] __kmalloc+0x163/0x770 [ 82.482297][ T9427] tomoyo_realpath_from_path+0xc5/0x660 [ 82.487817][ T9427] tomoyo_path_number_perm+0x1dd/0x520 [ 82.493264][ T9427] tomoyo_file_ioctl+0x23/0x30 [ 82.503066][ T9427] security_file_ioctl+0x77/0xc0 [ 82.507988][ T9427] ksys_ioctl+0x56/0x180 [ 82.512214][ T9427] __x64_sys_ioctl+0x73/0xb0 [ 82.516789][ T9427] do_syscall_64+0xfa/0x790 [ 82.521355][ T9427] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.527217][ T9427] [ 82.529521][ T9427] Freed by task 9364: [ 82.533504][ T9427] save_stack+0x23/0x90 [ 82.537636][ T9427] __kasan_slab_free+0x102/0x150 [ 82.542667][ T9427] kasan_slab_free+0xe/0x10 [ 82.547246][ T9427] kfree+0x10a/0x2c0 [ 82.551122][ T9427] tomoyo_realpath_from_path+0x1a7/0x660 [ 82.556731][ T9427] tomoyo_path_number_perm+0x1dd/0x520 [ 82.562248][ T9427] tomoyo_file_ioctl+0x23/0x30 [ 82.566998][ T9427] security_file_ioctl+0x77/0xc0 [ 82.571930][ T9427] ksys_ioctl+0x56/0x180 [ 82.576158][ T9427] __x64_sys_ioctl+0x73/0xb0 [ 82.580856][ T9427] do_syscall_64+0xfa/0x790 [ 82.585334][ T9427] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.591192][ T9427] [ 82.593503][ T9427] The buggy address belongs to the object at ffff8880a959e000 [ 82.593503][ T9427] which belongs to the cache kmalloc-4k of size 4096 [ 82.607615][ T9427] The buggy address is located 3132 bytes inside of [ 82.607615][ T9427] 4096-byte region [ffff8880a959e000, ffff8880a959f000) [ 82.621029][ T9427] The buggy address belongs to the page: [ 82.626641][ T9427] page:ffffea0002a56780 refcount:1 mapcount:0 mapping:ffff8880aa402000 index:0x0 compound_mapcount: 0 [ 82.637541][ T9427] flags: 0xfffe0000010200(slab|head) [ 82.642801][ T9427] raw: 00fffe0000010200 ffffea0002654c88 ffffea000240de08 ffff8880aa402000 [ 82.651371][ T9427] raw: 0000000000000000 ffff8880a959e000 0000000100000001 0000000000000000 [ 82.659925][ T9427] page dumped because: kasan: bad access detected [ 82.666306][ T9427] [ 82.668627][ T9427] Memory state around the buggy address: [ 82.674231][ T9427] ffff8880a959eb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.682279][ T9427] ffff8880a959eb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.690316][ T9427] >ffff8880a959ec00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.698351][ T9427] ^ [ 82.704217][ T9427] ffff8880a959ec80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.712252][ T9427] ffff8880a959ed00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.720287][ T9427] ================================================================== [ 82.728333][ T9427] Disabling lock debugging due to kernel taint [ 82.735464][ T9427] Kernel panic - not syncing: panic_on_warn set ... [ 82.742060][ T9427] CPU: 1 PID: 9427 Comm: syz-executor678 Tainted: G B 5.6.0-rc2-syzkaller #0 [ 82.752087][ T9427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.762110][ T9427] Call Trace: [ 82.765378][ T9427] dump_stack+0x197/0x210 [ 82.769685][ T9427] panic+0x2e3/0x75c [ 82.773556][ T9427] ? add_taint.cold+0x16/0x16 [ 82.778208][ T9427] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 82.784345][ T9427] ? preempt_schedule+0x4b/0x60 [ 82.789178][ T9427] ? ___preempt_schedule+0x16/0x18 [ 82.794379][ T9427] ? trace_hardirqs_on+0x5e/0x240 [ 82.799378][ T9427] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 82.805505][ T9427] end_report+0x47/0x4f [ 82.809633][ T9427] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 82.815771][ T9427] __kasan_report.cold+0xe/0x32 [ 82.820597][ T9427] ? ethnl_update_bitset32.part.0+0x8db/0x1820 [ 82.826737][ T9427] kasan_report+0x12/0x20 [ 82.831043][ T9427] __asan_report_load4_noabort+0x14/0x20 [ 82.836661][ T9427] ethnl_update_bitset32.part.0+0x8db/0x1820 [ 82.842623][ T9427] ? __mutex_lock+0x458/0x13c0 [ 82.847362][ T9427] ? lock_downgrade+0x920/0x920 [ 82.852188][ T9427] ? ethnl_bitmap32_clear+0x390/0x390 [ 82.857545][ T9427] ? mutex_trylock+0x2d0/0x2d0 [ 82.862299][ T9427] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 82.868530][ T9427] ? ethnl_default_notify+0x6b0/0x6b0 [ 82.874000][ T9427] ethnl_update_bitset+0x4d/0x67 [ 82.878915][ T9427] ethnl_set_linkmodes+0x461/0xc30 [ 82.884001][ T9427] ? __kasan_check_read+0x11/0x20 [ 82.889031][ T9427] ? linkmodes_prepare_data+0x2a0/0x2a0 [ 82.894563][ T9427] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.900790][ T9427] ? kernel_text_address+0xe9/0x110 [ 82.905964][ T9427] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 82.911402][ T9427] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.917623][ T9427] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.923838][ T9427] ? security_capable+0x95/0xc0 [ 82.928665][ T9427] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 82.934896][ T9427] ? genl_family_rcv_msg_attrs_parse+0x1c6/0x300 [ 82.941209][ T9427] genl_rcv_msg+0x67d/0xea0 [ 82.945688][ T9427] ? genl_rcv_msg+0x67d/0xea0 [ 82.950344][ T9427] ? genl_family_rcv_msg_attrs_parse+0x300/0x300 [ 82.956656][ T9427] ? __kasan_check_read+0x11/0x20 [ 82.961659][ T9427] ? __lock_acquire+0x8a0/0x4a00 [ 82.966574][ T9427] ? find_held_lock+0x35/0x130 [ 82.971315][ T9427] netlink_rcv_skb+0x177/0x450 [ 82.976052][ T9427] ? genl_family_rcv_msg_attrs_parse+0x300/0x300 [ 82.982353][ T9427] ? netlink_ack+0xb50/0xb50 [ 82.986916][ T9427] ? __kasan_check_write+0x14/0x20 [ 82.992001][ T9427] ? netlink_deliver_tap+0x248/0xbf0 [ 82.997261][ T9427] genl_rcv+0x29/0x40 [ 83.001228][ T9427] netlink_unicast+0x59e/0x7e0 [ 83.005971][ T9427] ? netlink_attachskb+0x870/0x870 [ 83.011056][ T9427] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 83.016749][ T9427] ? __check_object_size+0x3d/0x437 [ 83.021924][ T9427] netlink_sendmsg+0x91c/0xea0 [ 83.026661][ T9427] ? netlink_unicast+0x7e0/0x7e0 [ 83.031618][ T9427] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 83.037159][ T9427] ? apparmor_socket_sendmsg+0x2a/0x30 [ 83.042597][ T9427] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.048815][ T9427] ? security_socket_sendmsg+0x8d/0xc0 [ 83.054249][ T9427] ? netlink_unicast+0x7e0/0x7e0 [ 83.059163][ T9427] sock_sendmsg+0xd7/0x130 [ 83.063557][ T9427] ____sys_sendmsg+0x753/0x880 [ 83.068309][ T9427] ? kernel_sendmsg+0x50/0x50 [ 83.072988][ T9427] ? debug_object_active_state+0x28a/0x350 [ 83.078769][ T9427] ? find_held_lock+0x35/0x130 [ 83.083509][ T9427] ___sys_sendmsg+0x100/0x170 [ 83.088234][ T9427] ? sendmsg_copy_msghdr+0x70/0x70 [ 83.093505][ T9427] ? lockdep_hardirqs_on+0x421/0x5e0 [ 83.098804][ T9427] ? __kasan_check_read+0x11/0x20 [ 83.103809][ T9427] ? mark_lock+0xc2/0x1220 [ 83.108207][ T9427] ? __kasan_check_read+0x11/0x20 [ 83.113205][ T9427] ? __lock_acquire+0x16f2/0x4a00 [ 83.118203][ T9427] ? debug_object_deactivate+0x320/0x320 [ 83.123820][ T9427] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 83.129976][ T9427] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 83.136192][ T9427] ? __fget_light+0x1ad/0x270 [ 83.140847][ T9427] ? __fdget+0x1b/0x20 [ 83.144889][ T9427] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 83.151106][ T9427] __sys_sendmsg+0x105/0x1d0 [ 83.155711][ T9427] ? __sys_sendmsg_sock+0xc0/0xc0 [ 83.160710][ T9427] ? lockdep_hardirqs_on+0x421/0x5e0 [ 83.165976][ T9427] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 83.171444][ T9427] ? do_syscall_64+0x26/0x790 [ 83.176095][ T9427] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.182133][ T9427] ? do_syscall_64+0x26/0x790 [ 83.186784][ T9427] __x64_sys_sendmsg+0x78/0xb0 [ 83.191523][ T9427] do_syscall_64+0xfa/0x790 [ 83.196011][ T9427] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 83.201936][ T9427] RIP: 0033:0x445b39 [ 83.205810][ T9427] Code: e8 ac cb 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab cc fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 83.225414][ T9427] RSP: 002b:00007ffccda0bad8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.233802][ T9427] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000445b39 [ 83.241751][ T9427] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 83.249693][ T9427] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000bb1414ac [ 83.257684][ T9427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 83.265626][ T9427] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 83.274948][ T9427] Kernel Offset: disabled [ 83.279282][ T9427] Rebooting in 86400 seconds..