Warning: Permanently added '10.128.0.166' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 75.990352][ T9648] IPVS: ftp: loaded support on port[0] = 21 [ 76.032322][ T9648] ================================================================== [ 76.040502][ T9648] BUG: KASAN: slab-out-of-bounds in tcindex_set_parms+0x17fd/0x1a00 [ 76.048480][ T9648] Write of size 16 at addr ffff8880a41c35b8 by task syz-executor420/9648 [ 76.056958][ T9648] [ 76.059409][ T9648] CPU: 1 PID: 9648 Comm: syz-executor420 Not tainted 5.6.0-rc5-syzkaller #0 [ 76.068180][ T9648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.097178][ T9648] Call Trace: [ 76.100470][ T9648] dump_stack+0x188/0x20d [ 76.104966][ T9648] ? tcindex_set_parms+0x17fd/0x1a00 [ 76.110751][ T9648] ? tcindex_set_parms+0x17fd/0x1a00 [ 76.116130][ T9648] print_address_description.constprop.0.cold+0xd3/0x315 [ 76.123306][ T9648] ? tcindex_set_parms+0x17fd/0x1a00 [ 76.128668][ T9648] ? tcindex_set_parms+0x17fd/0x1a00 [ 76.133929][ T9648] __kasan_report.cold+0x1a/0x32 [ 76.138851][ T9648] ? tcindex_set_parms+0x17fd/0x1a00 [ 76.144129][ T9648] kasan_report+0xe/0x20 [ 76.148423][ T9648] tcindex_set_parms+0x17fd/0x1a00 [ 76.154676][ T9648] ? tcindex_alloc_perfect_hash+0x320/0x320 [ 76.161507][ T9648] ? mark_held_locks+0xe0/0xe0 [ 76.166274][ T9648] ? nla_memcpy+0xa0/0xa0 [ 76.170710][ T9648] ? tcindex_change+0x203/0x2e0 [ 76.175546][ T9648] tcindex_change+0x203/0x2e0 [ 76.180666][ T9648] ? tcindex_set_parms+0x1a00/0x1a00 [ 76.186056][ T9648] tc_new_tfilter+0xa59/0x20b0 [ 76.190914][ T9648] ? tcindex_set_parms+0x1a00/0x1a00 [ 76.196370][ T9648] ? tc_del_tfilter+0x1430/0x1430 [ 76.210675][ T9648] ? __lock_acquire+0x80b/0x3ca0 [ 76.215599][ T9648] ? apparmor_capable+0x454/0x8a0 [ 76.220646][ T9648] ? rcu_read_lock_held+0x9c/0xb0 [ 76.225675][ T9648] ? tc_del_tfilter+0x1430/0x1430 [ 76.231046][ T9648] rtnetlink_rcv_msg+0x810/0xad0 [ 76.236095][ T9648] ? rtnl_bridge_getlink+0x880/0x880 [ 76.243401][ T9648] ? mark_held_locks+0xe0/0xe0 [ 76.248236][ T9648] ? netlink_deliver_tap+0x146/0xb50 [ 76.253531][ T9648] netlink_rcv_skb+0x15a/0x410 [ 76.258497][ T9648] ? rtnl_bridge_getlink+0x880/0x880 [ 76.263899][ T9648] ? netlink_ack+0xa80/0xa80 [ 76.269359][ T9648] netlink_unicast+0x537/0x740 [ 76.274471][ T9648] ? netlink_attachskb+0x810/0x810 [ 76.279757][ T9648] ? _copy_from_iter_full+0x25c/0x870 [ 76.285115][ T9648] ? __phys_addr_symbol+0x2c/0x70 [ 76.290140][ T9648] ? __check_object_size+0x171/0x437 [ 76.295428][ T9648] netlink_sendmsg+0x882/0xe10 [ 76.300185][ T9648] ? aa_af_perm+0x260/0x260 [ 76.304672][ T9648] ? netlink_unicast+0x740/0x740 [ 76.310283][ T9648] ? netlink_unicast+0x740/0x740 [ 76.315259][ T9648] sock_sendmsg+0xcf/0x120 [ 76.319661][ T9648] ____sys_sendmsg+0x6b9/0x7d0 [ 76.324567][ T9648] ? kernel_sendmsg+0x50/0x50 [ 76.329419][ T9648] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 76.334954][ T9648] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 76.340932][ T9648] ___sys_sendmsg+0x100/0x170 [ 76.345597][ T9648] ? sendmsg_copy_msghdr+0x70/0x70 [ 76.351194][ T9648] ? lock_downgrade+0x7f0/0x7f0 [ 76.356058][ T9648] ? lock_acquire+0x197/0x420 [ 76.360982][ T9648] ? __might_fault+0xef/0x1d0 [ 76.365648][ T9648] ? __might_fault+0x190/0x1d0 [ 76.370395][ T9648] ? _copy_to_user+0x107/0x150 [ 76.375143][ T9648] ? move_addr_to_user+0xb3/0x200 [ 76.380326][ T9648] ? __fget_light+0x1a5/0x270 [ 76.385137][ T9648] __sys_sendmsg+0xec/0x1b0 [ 76.389703][ T9648] ? __sys_sendmsg_sock+0xb0/0xb0 [ 76.395497][ T9648] ? mark_held_locks+0x9f/0xe0 [ 76.400277][ T9648] ? trace_hardirqs_off_caller+0x55/0x230 [ 76.405983][ T9648] ? do_syscall_64+0x21/0x7d0 [ 76.410648][ T9648] do_syscall_64+0xf6/0x7d0 [ 76.415137][ T9648] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.421019][ T9648] RIP: 0033:0x441759 [ 76.424902][ T9648] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 76.444576][ T9648] RSP: 002b:00007fff529220e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.452968][ T9648] RAX: ffffffffffffffda RBX: 00007fff52922100 RCX: 0000000000441759 [ 76.460926][ T9648] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 76.468898][ T9648] RBP: 0000000000000003 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 76.476872][ T9648] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000000 [ 76.484842][ T9648] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 76.492807][ T9648] [ 76.495128][ T9648] Allocated by task 2852: [ 76.499442][ T9648] save_stack+0x1b/0x80 [ 76.503578][ T9648] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 76.509203][ T9648] kvmalloc_node+0x61/0xf0 [ 76.513599][ T9648] bucket_table_alloc+0x8b/0x480 [ 76.518547][ T9648] rhashtable_rehash_alloc+0x6b/0x110 [ 76.523931][ T9648] rht_deferred_worker+0x18d/0x1c80 [ 76.529120][ T9648] process_one_work+0x94b/0x1690 [ 76.534062][ T9648] worker_thread+0x96/0xe20 [ 76.539249][ T9648] kthread+0x357/0x430 [ 76.543408][ T9648] ret_from_fork+0x24/0x30 [ 76.547814][ T9648] [ 76.550145][ T9648] Freed by task 1861: [ 76.554192][ T9648] save_stack+0x1b/0x80 [ 76.558341][ T9648] __kasan_slab_free+0xf7/0x140 [ 76.563192][ T9648] kfree+0x109/0x2b0 [ 76.567210][ T9648] umh_complete+0x81/0x90 [ 76.571707][ T9648] call_usermodehelper_exec_async+0x459/0x710 [ 76.577937][ T9648] ret_from_fork+0x24/0x30 [ 76.582539][ T9648] [ 76.584858][ T9648] The buggy address belongs to the object at ffff8880a41c3500 [ 76.584858][ T9648] which belongs to the cache kmalloc-192 of size 192 [ 76.598903][ T9648] The buggy address is located 184 bytes inside of [ 76.598903][ T9648] 192-byte region [ffff8880a41c3500, ffff8880a41c35c0) [ 76.612160][ T9648] The buggy address belongs to the page: [ 76.617790][ T9648] page:ffffea00029070c0 refcount:1 mapcount:0 mapping:ffff8880aa000000 index:0x0 [ 76.626874][ T9648] flags: 0xfffe0000000200(slab) [ 76.631767][ T9648] raw: 00fffe0000000200 ffffea000292e1c8 ffffea0002906f48 ffff8880aa000000 [ 76.640605][ T9648] raw: 0000000000000000 ffff8880a41c3000 0000000100000010 0000000000000000 [ 76.649350][ T9648] page dumped because: kasan: bad access detected [ 76.655770][ T9648] [ 76.658097][ T9648] Memory state around the buggy address: [ 76.663728][ T9648] ffff8880a41c3480: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.671778][ T9648] ffff8880a41c3500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.679898][ T9648] >ffff8880a41c3580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 76.688361][ T9648] ^ [ 76.695099][ T9648] ffff8880a41c3600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.703512][ T9648] ffff8880a41c3680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 76.711887][ T9648] ================================================================== [ 76.719947][ T9648] Disabling lock debugging due to kernel taint [ 76.727920][ T9648] Kernel panic - not syncing: panic_on_warn set ... [ 76.734655][ T9648] CPU: 1 PID: 9648 Comm: syz-executor420 Tainted: G B 5.6.0-rc5-syzkaller #0 [ 76.745672][ T9648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.755910][ T9648] Call Trace: [ 76.759305][ T9648] dump_stack+0x188/0x20d [ 76.763666][ T9648] panic+0x2e3/0x75c [ 76.767630][ T9648] ? add_taint.cold+0x16/0x16 [ 76.772302][ T9648] ? preempt_schedule_common+0x5e/0xc0 [ 76.777840][ T9648] ? tcindex_set_parms+0x17fd/0x1a00 [ 76.783129][ T9648] ? ___preempt_schedule+0x16/0x18 [ 76.788232][ T9648] ? trace_hardirqs_on+0x55/0x220 [ 76.793322][ T9648] ? tcindex_set_parms+0x17fd/0x1a00 [ 76.798761][ T9648] end_report+0x43/0x49 [ 76.802936][ T9648] ? tcindex_set_parms+0x17fd/0x1a00 [ 76.808301][ T9648] __kasan_report.cold+0xd/0x32 [ 76.813133][ T9648] ? tcindex_set_parms+0x17fd/0x1a00 [ 76.818445][ T9648] kasan_report+0xe/0x20 [ 76.822692][ T9648] tcindex_set_parms+0x17fd/0x1a00 [ 76.827806][ T9648] ? tcindex_alloc_perfect_hash+0x320/0x320 [ 76.833697][ T9648] ? mark_held_locks+0xe0/0xe0 [ 76.838448][ T9648] ? nla_memcpy+0xa0/0xa0 [ 76.842856][ T9648] ? tcindex_change+0x203/0x2e0 [ 76.847696][ T9648] tcindex_change+0x203/0x2e0 [ 76.852353][ T9648] ? tcindex_set_parms+0x1a00/0x1a00 [ 76.857766][ T9648] tc_new_tfilter+0xa59/0x20b0 [ 76.862594][ T9648] ? tcindex_set_parms+0x1a00/0x1a00 [ 76.867886][ T9648] ? tc_del_tfilter+0x1430/0x1430 [ 76.873551][ T9648] ? __lock_acquire+0x80b/0x3ca0 [ 76.878489][ T9648] ? apparmor_capable+0x454/0x8a0 [ 76.883515][ T9648] ? rcu_read_lock_held+0x9c/0xb0 [ 76.888548][ T9648] ? tc_del_tfilter+0x1430/0x1430 [ 76.893551][ T9648] rtnetlink_rcv_msg+0x810/0xad0 [ 76.898469][ T9648] ? rtnl_bridge_getlink+0x880/0x880 [ 76.903734][ T9648] ? mark_held_locks+0xe0/0xe0 [ 76.908490][ T9648] ? netlink_deliver_tap+0x146/0xb50 [ 76.914296][ T9648] netlink_rcv_skb+0x15a/0x410 [ 76.919148][ T9648] ? rtnl_bridge_getlink+0x880/0x880 [ 76.924413][ T9648] ? netlink_ack+0xa80/0xa80 [ 76.928988][ T9648] netlink_unicast+0x537/0x740 [ 76.933762][ T9648] ? netlink_attachskb+0x810/0x810 [ 76.939670][ T9648] ? _copy_from_iter_full+0x25c/0x870 [ 76.945243][ T9648] ? __phys_addr_symbol+0x2c/0x70 [ 76.950430][ T9648] ? __check_object_size+0x171/0x437 [ 76.955784][ T9648] netlink_sendmsg+0x882/0xe10 [ 76.960622][ T9648] ? aa_af_perm+0x260/0x260 [ 76.965208][ T9648] ? netlink_unicast+0x740/0x740 [ 76.970429][ T9648] ? netlink_unicast+0x740/0x740 [ 76.975366][ T9648] sock_sendmsg+0xcf/0x120 [ 76.979894][ T9648] ____sys_sendmsg+0x6b9/0x7d0 [ 76.984654][ T9648] ? kernel_sendmsg+0x50/0x50 [ 76.989405][ T9648] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 76.995207][ T9648] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 77.001421][ T9648] ___sys_sendmsg+0x100/0x170 [ 77.006145][ T9648] ? sendmsg_copy_msghdr+0x70/0x70 [ 77.011459][ T9648] ? lock_downgrade+0x7f0/0x7f0 [ 77.016321][ T9648] ? lock_acquire+0x197/0x420 [ 77.020994][ T9648] ? __might_fault+0xef/0x1d0 [ 77.025663][ T9648] ? __might_fault+0x190/0x1d0 [ 77.030419][ T9648] ? _copy_to_user+0x107/0x150 [ 77.035196][ T9648] ? move_addr_to_user+0xb3/0x200 [ 77.040204][ T9648] ? __fget_light+0x1a5/0x270 [ 77.044863][ T9648] __sys_sendmsg+0xec/0x1b0 [ 77.049346][ T9648] ? __sys_sendmsg_sock+0xb0/0xb0 [ 77.054346][ T9648] ? mark_held_locks+0x9f/0xe0 [ 77.059097][ T9648] ? trace_hardirqs_off_caller+0x55/0x230 [ 77.064817][ T9648] ? do_syscall_64+0x21/0x7d0 [ 77.069537][ T9648] do_syscall_64+0xf6/0x7d0 [ 77.074023][ T9648] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 77.079904][ T9648] RIP: 0033:0x441759 [ 77.083780][ T9648] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 6b 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 77.107005][ T9648] RSP: 002b:00007fff529220e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 77.115506][ T9648] RAX: ffffffffffffffda RBX: 00007fff52922100 RCX: 0000000000441759 [ 77.126437][ T9648] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 77.135181][ T9648] RBP: 0000000000000003 R08: 00000000bb1414ac R09: 00000000bb1414ac [ 77.144198][ T9648] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000000 [ 77.153205][ T9648] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 77.163357][ T9648] Kernel Offset: disabled [ 77.168139][ T9648] Rebooting in 86400 seconds..