Warning: Permanently added '10.128.0.85' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 81.761231][ T9230] IPVS: ftp: loaded support on port[0] = 21 [ 81.791929][ T9230] ================================================================== [ 81.800242][ T9230] BUG: KASAN: slab-out-of-bounds in nla_put_nohdr+0x100/0x180 [ 81.807726][ T9230] Read of size 12 at addr ffff888095542c40 by task syz-executor859/9230 [ 81.816048][ T9230] [ 81.818441][ T9230] CPU: 0 PID: 9230 Comm: syz-executor859 Not tainted 5.5.0-rc7-syzkaller #0 [ 81.827120][ T9230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.837182][ T9230] Call Trace: [ 81.840475][ T9230] dump_stack+0x1fb/0x318 [ 81.844878][ T9230] print_address_description+0x74/0x5c0 [ 81.850615][ T9230] ? vprintk_default+0x28/0x30 [ 81.855366][ T9230] ? vprintk_func+0x158/0x170 [ 81.860135][ T9230] ? printk+0x62/0x8d [ 81.864761][ T9230] __kasan_report+0x149/0x1c0 [ 81.869788][ T9230] ? nla_put_nohdr+0x100/0x180 [ 81.874878][ T9230] kasan_report+0x26/0x50 [ 81.879544][ T9230] check_memory_region+0x2b6/0x2f0 [ 81.884895][ T9230] ? nla_put_nohdr+0x100/0x180 [ 81.889800][ T9230] memcpy+0x28/0x60 [ 81.893611][ T9230] nla_put_nohdr+0x100/0x180 [ 81.898216][ T9230] tcf_em_tree_dump+0x4c6/0x940 [ 81.903085][ T9230] basic_dump+0x44e/0x690 [ 81.907435][ T9230] ? basic_bind_class+0xb0/0xb0 [ 81.912288][ T9230] tcf_fill_node+0x4f5/0x8a0 [ 81.916895][ T9230] tc_new_tfilter+0x1b73/0x2f70 [ 81.921799][ T9230] ? tcf_tunnel_encap_put_tunnel+0x20/0x20 [ 81.927616][ T9230] rtnetlink_rcv_msg+0x8fb/0xd40 [ 81.932584][ T9230] ? rcu_lock_release+0x9/0x30 [ 81.937641][ T9230] netlink_rcv_skb+0x19e/0x3e0 [ 81.944895][ T9230] ? rtnetlink_bind+0x80/0x80 [ 81.949576][ T9230] rtnetlink_rcv+0x1c/0x20 [ 81.954200][ T9230] netlink_unicast+0x767/0x920 [ 81.959306][ T9230] netlink_sendmsg+0xa2c/0xd50 [ 81.964201][ T9230] ? netlink_getsockopt+0x9f0/0x9f0 [ 81.969647][ T9230] ____sys_sendmsg+0x4f7/0x7f0 [ 81.974435][ T9230] __sys_sendmsg+0x1ed/0x290 [ 81.979480][ T9230] ? check_preemption_disabled+0xb4/0x260 [ 81.985656][ T9230] ? debug_smp_processor_id+0x9/0x20 [ 81.991039][ T9230] ? __kasan_check_write+0x14/0x20 [ 81.996557][ T9230] ? __fpregs_load_activate+0x194/0x220 [ 82.002256][ T9230] ? switch_fpu_return+0xe/0x10 [ 82.007422][ T9230] ? prepare_exit_to_usermode+0x221/0x5b0 [ 82.013162][ T9230] ? check_preemption_disabled+0xb4/0x260 [ 82.019935][ T9230] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 82.025651][ T9230] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 82.031248][ T9230] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 82.037160][ T9230] ? do_syscall_64+0x1d/0x1c0 [ 82.041849][ T9230] __x64_sys_sendmsg+0x7f/0x90 [ 82.046737][ T9230] do_syscall_64+0xf7/0x1c0 [ 82.051955][ T9230] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.058063][ T9230] RIP: 0033:0x440dd9 [ 82.061971][ T9230] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 82.081848][ T9230] RSP: 002b:00007fff09724008 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 82.090259][ T9230] RAX: ffffffffffffffda RBX: 00000000004a25b0 RCX: 0000000000440dd9 [ 82.098245][ T9230] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 82.106581][ T9230] RBP: 00000000006cc018 R08: 0000000120080522 R09: 0000000120080522 [ 82.115704][ T9230] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004022e0 [ 82.123695][ T9230] R13: 0000000000402370 R14: 0000000000000000 R15: 0000000000000000 [ 82.131682][ T9230] [ 82.134014][ T9230] Allocated by task 9230: [ 82.138349][ T9230] __kasan_kmalloc+0x118/0x1c0 [ 82.143239][ T9230] kasan_kmalloc+0x9/0x10 [ 82.148024][ T9230] __kmalloc_track_caller+0x253/0x340 [ 82.153518][ T9230] kmemdup+0x24/0x50 [ 82.157417][ T9230] em_nbyte_change+0xb7/0x120 [ 82.162189][ T9230] tcf_em_tree_validate+0x6b2/0x1020 [ 82.167568][ T9230] basic_change+0x5c8/0x1280 [ 82.172161][ T9230] tc_new_tfilter+0x1490/0x2f70 [ 82.176997][ T9230] rtnetlink_rcv_msg+0x8fb/0xd40 [ 82.181957][ T9230] netlink_rcv_skb+0x19e/0x3e0 [ 82.186736][ T9230] rtnetlink_rcv+0x1c/0x20 [ 82.191145][ T9230] netlink_unicast+0x767/0x920 [ 82.196012][ T9230] netlink_sendmsg+0xa2c/0xd50 [ 82.200779][ T9230] ____sys_sendmsg+0x4f7/0x7f0 [ 82.205543][ T9230] __sys_sendmsg+0x1ed/0x290 [ 82.210116][ T9230] __x64_sys_sendmsg+0x7f/0x90 [ 82.214899][ T9230] do_syscall_64+0xf7/0x1c0 [ 82.219416][ T9230] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.225300][ T9230] [ 82.228332][ T9230] Freed by task 8926: [ 82.232315][ T9230] __kasan_slab_free+0x12e/0x1e0 [ 82.237256][ T9230] kasan_slab_free+0xe/0x10 [ 82.242090][ T9230] kfree+0x10d/0x220 [ 82.246085][ T9230] tomoyo_check_open_permission+0x79c/0x9d0 [ 82.252154][ T9230] tomoyo_file_open+0x141/0x190 [ 82.257025][ T9230] security_file_open+0x50/0x2e0 [ 82.261968][ T9230] do_dentry_open+0x351/0x10c0 [ 82.266732][ T9230] vfs_open+0x73/0x80 [ 82.270701][ T9230] path_openat+0x1367/0x4250 [ 82.275314][ T9230] do_filp_open+0x192/0x3d0 [ 82.280047][ T9230] do_sys_open+0x29f/0x560 [ 82.284676][ T9230] __x64_sys_open+0x87/0x90 [ 82.289171][ T9230] do_syscall_64+0xf7/0x1c0 [ 82.293952][ T9230] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.299842][ T9230] [ 82.302248][ T9230] The buggy address belongs to the object at ffff888095542c40 [ 82.302248][ T9230] which belongs to the cache kmalloc-32 of size 32 [ 82.316222][ T9230] The buggy address is located 0 bytes inside of [ 82.316222][ T9230] 32-byte region [ffff888095542c40, ffff888095542c60) [ 82.329424][ T9230] The buggy address belongs to the page: [ 82.335308][ T9230] page:ffffea0002555080 refcount:1 mapcount:0 mapping:ffff8880aa8001c0 index:0xffff888095542fc1 [ 82.346181][ T9230] raw: 00fffe0000000200 ffffea00029f8708 ffffea00029c1a48 ffff8880aa8001c0 [ 82.355009][ T9230] raw: ffff888095542fc1 ffff888095542000 000000010000003f 0000000000000000 [ 82.365284][ T9230] page dumped because: kasan: bad access detected [ 82.371699][ T9230] [ 82.374024][ T9230] Memory state around the buggy address: [ 82.379672][ T9230] ffff888095542b00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 82.387961][ T9230] ffff888095542b80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 82.396286][ T9230] >ffff888095542c00: 00 00 01 fc fc fc fc fc 04 fc fc fc fc fc fc fc [ 82.404379][ T9230] ^ [ 82.410614][ T9230] ffff888095542c80: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc [ 82.418693][ T9230] ffff888095542d00: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc [ 82.426754][ T9230] ================================================================== [ 82.434822][ T9230] Disabling lock debugging due to kernel taint [ 82.441515][ T9230] Kernel panic - not syncing: panic_on_warn set ... [ 82.448144][ T9230] CPU: 0 PID: 9230 Comm: syz-executor859 Tainted: G B 5.5.0-rc7-syzkaller #0 [ 82.458249][ T9230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.468345][ T9230] Call Trace: [ 82.471665][ T9230] dump_stack+0x1fb/0x318 [ 82.475981][ T9230] panic+0x264/0x7a9 [ 82.479920][ T9230] ? __kasan_report+0x193/0x1c0 [ 82.484772][ T9230] ? trace_hardirqs_on+0x34/0x80 [ 82.489908][ T9230] ? __kasan_report+0x193/0x1c0 [ 82.494762][ T9230] __kasan_report+0x1b9/0x1c0 [ 82.499485][ T9230] ? nla_put_nohdr+0x100/0x180 [ 82.504248][ T9230] kasan_report+0x26/0x50 [ 82.508591][ T9230] check_memory_region+0x2b6/0x2f0 [ 82.513757][ T9230] ? nla_put_nohdr+0x100/0x180 [ 82.518884][ T9230] memcpy+0x28/0x60 [ 82.525501][ T9230] nla_put_nohdr+0x100/0x180 [ 82.530105][ T9230] tcf_em_tree_dump+0x4c6/0x940 [ 82.534978][ T9230] basic_dump+0x44e/0x690 [ 82.539396][ T9230] ? basic_bind_class+0xb0/0xb0 [ 82.544356][ T9230] tcf_fill_node+0x4f5/0x8a0 [ 82.549434][ T9230] tc_new_tfilter+0x1b73/0x2f70 [ 82.554325][ T9230] ? tcf_tunnel_encap_put_tunnel+0x20/0x20 [ 82.560137][ T9230] rtnetlink_rcv_msg+0x8fb/0xd40 [ 82.565172][ T9230] ? rcu_lock_release+0x9/0x30 [ 82.569960][ T9230] netlink_rcv_skb+0x19e/0x3e0 [ 82.574720][ T9230] ? rtnetlink_bind+0x80/0x80 [ 82.579569][ T9230] rtnetlink_rcv+0x1c/0x20 [ 82.584101][ T9230] netlink_unicast+0x767/0x920 [ 82.588996][ T9230] netlink_sendmsg+0xa2c/0xd50 [ 82.593840][ T9230] ? netlink_getsockopt+0x9f0/0x9f0 [ 82.599095][ T9230] ____sys_sendmsg+0x4f7/0x7f0 [ 82.604094][ T9230] __sys_sendmsg+0x1ed/0x290 [ 82.608824][ T9230] ? check_preemption_disabled+0xb4/0x260 [ 82.614551][ T9230] ? debug_smp_processor_id+0x9/0x20 [ 82.619835][ T9230] ? __kasan_check_write+0x14/0x20 [ 82.624944][ T9230] ? __fpregs_load_activate+0x194/0x220 [ 82.630603][ T9230] ? switch_fpu_return+0xe/0x10 [ 82.635464][ T9230] ? prepare_exit_to_usermode+0x221/0x5b0 [ 82.641224][ T9230] ? check_preemption_disabled+0xb4/0x260 [ 82.647007][ T9230] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 82.652885][ T9230] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 82.658335][ T9230] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 82.664053][ T9230] ? do_syscall_64+0x1d/0x1c0 [ 82.668809][ T9230] __x64_sys_sendmsg+0x7f/0x90 [ 82.673688][ T9230] do_syscall_64+0xf7/0x1c0 [ 82.678193][ T9230] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.684559][ T9230] RIP: 0033:0x440dd9 [ 82.688456][ T9230] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 82.708555][ T9230] RSP: 002b:00007fff09724008 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 82.717189][ T9230] RAX: ffffffffffffffda RBX: 00000000004a25b0 RCX: 0000000000440dd9 [ 82.728831][ T9230] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 82.736847][ T9230] RBP: 00000000006cc018 R08: 0000000120080522 R09: 0000000120080522 [ 82.744834][ T9230] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004022e0 [ 82.752901][ T9230] R13: 0000000000402370 R14: 0000000000000000 R15: 0000000000000000 [ 82.762448][ T9230] Kernel Offset: disabled [ 82.766808][ T9230] Rebooting in 86400 seconds..