Warning: Permanently added '10.128.0.16' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 77.633563][ T9705] IPVS: ftp: loaded support on port[0] = 21 [ 77.664785][ T9705] ================================================================== [ 77.672979][ T9705] BUG: KASAN: slab-out-of-bounds in tcindex_set_parms+0x17fd/0x1a00 [ 77.680933][ T9705] Write of size 16 at addr ffff8880a219e6b8 by task syz-executor508/9705 [ 77.689363][ T9705] [ 77.691674][ T9705] CPU: 1 PID: 9705 Comm: syz-executor508 Not tainted 5.6.0-rc3-syzkaller #0 [ 77.700318][ T9705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.710361][ T9705] Call Trace: [ 77.713784][ T9705] dump_stack+0x188/0x20d [ 77.718107][ T9705] ? tcindex_set_parms+0x17fd/0x1a00 [ 77.723381][ T9705] ? tcindex_set_parms+0x17fd/0x1a00 [ 77.728995][ T9705] print_address_description.constprop.0.cold+0xd3/0x315 [ 77.736137][ T9705] ? tcindex_set_parms+0x17fd/0x1a00 [ 77.741484][ T9705] ? tcindex_set_parms+0x17fd/0x1a00 [ 77.746775][ T9705] __kasan_report.cold+0x1a/0x32 [ 77.751717][ T9705] ? tcindex_set_parms+0x17fd/0x1a00 [ 77.756994][ T9705] kasan_report+0xe/0x20 [ 77.761234][ T9705] tcindex_set_parms+0x17fd/0x1a00 [ 77.766382][ T9705] ? tcindex_alloc_perfect_hash+0x320/0x320 [ 77.772270][ T9705] ? mark_held_locks+0xe0/0xe0 [ 77.777036][ T9705] ? nla_memcpy+0xa0/0xa0 [ 77.781356][ T9705] ? tcindex_change+0x203/0x2e0 [ 77.786188][ T9705] tcindex_change+0x203/0x2e0 [ 77.790852][ T9705] ? tcindex_set_parms+0x1a00/0x1a00 [ 77.796140][ T9705] tc_new_tfilter+0xa59/0x20b0 [ 77.800897][ T9705] ? tcindex_set_parms+0x1a00/0x1a00 [ 77.806170][ T9705] ? tc_del_tfilter+0x1430/0x1430 [ 77.811209][ T9705] ? __lock_acquire+0x80b/0x3ca0 [ 77.816555][ T9705] ? apparmor_capable+0x454/0x8a0 [ 77.821582][ T9705] ? rcu_read_lock_held+0x9c/0xb0 [ 77.826797][ T9705] ? tc_del_tfilter+0x1430/0x1430 [ 77.831921][ T9705] rtnetlink_rcv_msg+0x810/0xad0 [ 77.836848][ T9705] ? rtnl_bridge_getlink+0x870/0x870 [ 77.842121][ T9705] ? mark_held_locks+0xe0/0xe0 [ 77.846867][ T9705] ? netlink_deliver_tap+0x146/0xb50 [ 77.852137][ T9705] netlink_rcv_skb+0x15a/0x410 [ 77.856881][ T9705] ? rtnl_bridge_getlink+0x870/0x870 [ 77.862266][ T9705] ? netlink_ack+0xa80/0xa80 [ 77.866880][ T9705] netlink_unicast+0x537/0x740 [ 77.871647][ T9705] ? netlink_attachskb+0x810/0x810 [ 77.876745][ T9705] ? _copy_from_iter_full+0x25c/0x870 [ 77.882105][ T9705] ? __phys_addr_symbol+0x2c/0x70 [ 77.888152][ T9705] ? __check_object_size+0x171/0x437 [ 77.893435][ T9705] netlink_sendmsg+0x882/0xe10 [ 77.898182][ T9705] ? aa_af_perm+0x260/0x260 [ 77.902672][ T9705] ? netlink_unicast+0x740/0x740 [ 77.907612][ T9705] ? netlink_unicast+0x740/0x740 [ 77.912530][ T9705] sock_sendmsg+0xcf/0x120 [ 77.916975][ T9705] ____sys_sendmsg+0x6b9/0x7d0 [ 77.921739][ T9705] ? kernel_sendmsg+0x50/0x50 [ 77.926638][ T9705] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 77.934341][ T9705] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 77.940340][ T9705] ___sys_sendmsg+0x100/0x170 [ 77.945011][ T9705] ? sendmsg_copy_msghdr+0x70/0x70 [ 77.950834][ T9705] ? lock_downgrade+0x7f0/0x7f0 [ 77.955859][ T9705] ? lock_acquire+0x197/0x420 [ 77.961467][ T9705] ? __might_fault+0xef/0x1d0 [ 77.966169][ T9705] ? __might_fault+0x190/0x1d0 [ 77.973012][ T9705] ? _copy_to_user+0x107/0x150 [ 77.980092][ T9705] ? move_addr_to_user+0xb3/0x200 [ 77.985390][ T9705] ? __fget_light+0x1a5/0x270 [ 77.990175][ T9705] __sys_sendmsg+0xec/0x1b0 [ 77.995067][ T9705] ? __sys_sendmsg_sock+0xb0/0xb0 [ 78.001017][ T9705] ? mark_held_locks+0x9f/0xe0 [ 78.007432][ T9705] ? trace_hardirqs_off_caller+0x55/0x230 [ 78.016282][ T9705] ? do_syscall_64+0x21/0x790 [ 78.021389][ T9705] do_syscall_64+0xf6/0x790 [ 78.025883][ T9705] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 78.031770][ T9705] RIP: 0033:0x440eb9 [ 78.035874][ T9705] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 78.055560][ T9705] RSP: 002b:00007ffef61bf118 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 78.065526][ T9705] RAX: ffffffffffffffda RBX: 00000000004a2690 RCX: 0000000000440eb9 [ 78.073567][ T9705] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 78.082719][ T9705] RBP: 00000000004a2690 R08: 0000000120080522 R09: 0000000120080522 [ 78.091659][ T9705] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004023c0 [ 78.100101][ T9705] R13: 0000000000402450 R14: 0000000000000000 R15: 0000000000000000 [ 78.110636][ T9705] [ 78.112994][ T9705] Allocated by task 9705: [ 78.117399][ T9705] save_stack+0x1b/0x80 [ 78.121898][ T9705] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 78.127888][ T9705] kmem_cache_alloc_trace+0x153/0x7d0 [ 78.136202][ T9705] tcindex_set_parms+0x1f1/0x1a00 [ 78.141231][ T9705] tcindex_change+0x203/0x2e0 [ 78.146005][ T9705] tc_new_tfilter+0xa59/0x20b0 [ 78.150760][ T9705] rtnetlink_rcv_msg+0x810/0xad0 [ 78.156937][ T9705] netlink_rcv_skb+0x15a/0x410 [ 78.162654][ T9705] netlink_unicast+0x537/0x740 [ 78.169676][ T9705] netlink_sendmsg+0x882/0xe10 [ 78.177345][ T9705] sock_sendmsg+0xcf/0x120 [ 78.182909][ T9705] ____sys_sendmsg+0x6b9/0x7d0 [ 78.190812][ T9705] ___sys_sendmsg+0x100/0x170 [ 78.195497][ T9705] __sys_sendmsg+0xec/0x1b0 [ 78.200002][ T9705] do_syscall_64+0xf6/0x790 [ 78.204516][ T9705] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 78.211000][ T9705] [ 78.213326][ T9705] Freed by task 2501: [ 78.217311][ T9705] save_stack+0x1b/0x80 [ 78.221466][ T9705] __kasan_slab_free+0xf7/0x140 [ 78.226860][ T9705] kfree+0x109/0x2b0 [ 78.234137][ T9705] umh_complete+0x81/0x90 [ 78.242731][ T9705] call_usermodehelper_exec_async+0x459/0x710 [ 78.248796][ T9705] ret_from_fork+0x24/0x30 [ 78.253189][ T9705] [ 78.255499][ T9705] The buggy address belongs to the object at ffff8880a219e600 [ 78.255499][ T9705] which belongs to the cache kmalloc-192 of size 192 [ 78.269656][ T9705] The buggy address is located 184 bytes inside of [ 78.269656][ T9705] 192-byte region [ffff8880a219e600, ffff8880a219e6c0) [ 78.291168][ T9705] The buggy address belongs to the page: [ 78.296802][ T9705] page:ffffea0002886780 refcount:1 mapcount:0 mapping:ffff8880aa000000 index:0xffff8880a219ef00 [ 78.307208][ T9705] flags: 0xfffe0000000200(slab) [ 78.312072][ T9705] raw: 00fffe0000000200 ffffea0002882b88 ffff8880aa001138 ffff8880aa000000 [ 78.326576][ T9705] raw: ffff8880a219ef00 ffff8880a219e000 000000010000000b 0000000000000000 [ 78.335200][ T9705] page dumped because: kasan: bad access detected [ 78.341618][ T9705] [ 78.346308][ T9705] Memory state around the buggy address: [ 78.354192][ T9705] ffff8880a219e580: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.368374][ T9705] ffff8880a219e600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 78.376507][ T9705] >ffff8880a219e680: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 78.384547][ T9705] ^ [ 78.390413][ T9705] ffff8880a219e700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 78.398453][ T9705] ffff8880a219e780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 78.406499][ T9705] ================================================================== [ 78.416387][ T9705] Disabling lock debugging due to kernel taint [ 78.423192][ T9705] Kernel panic - not syncing: panic_on_warn set ... [ 78.429851][ T9705] CPU: 1 PID: 9705 Comm: syz-executor508 Tainted: G B 5.6.0-rc3-syzkaller #0 [ 78.439895][ T9705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.451290][ T9705] Call Trace: [ 78.454604][ T9705] dump_stack+0x188/0x20d [ 78.458925][ T9705] panic+0x2e3/0x75c [ 78.462797][ T9705] ? add_taint.cold+0x16/0x16 [ 78.467452][ T9705] ? preempt_schedule_common+0x5e/0xc0 [ 78.472975][ T9705] ? tcindex_set_parms+0x17fd/0x1a00 [ 78.478329][ T9705] ? ___preempt_schedule+0x16/0x18 [ 78.483425][ T9705] ? trace_hardirqs_on+0x55/0x220 [ 78.488436][ T9705] ? tcindex_set_parms+0x17fd/0x1a00 [ 78.493708][ T9705] end_report+0x43/0x49 [ 78.497860][ T9705] ? tcindex_set_parms+0x17fd/0x1a00 [ 78.503119][ T9705] __kasan_report.cold+0xd/0x32 [ 78.507958][ T9705] ? tcindex_set_parms+0x17fd/0x1a00 [ 78.513222][ T9705] kasan_report+0xe/0x20 [ 78.517439][ T9705] tcindex_set_parms+0x17fd/0x1a00 [ 78.522529][ T9705] ? tcindex_alloc_perfect_hash+0x320/0x320 [ 78.528427][ T9705] ? mark_held_locks+0xe0/0xe0 [ 78.533353][ T9705] ? nla_memcpy+0xa0/0xa0 [ 78.537665][ T9705] ? tcindex_change+0x203/0x2e0 [ 78.542487][ T9705] tcindex_change+0x203/0x2e0 [ 78.547143][ T9705] ? tcindex_set_parms+0x1a00/0x1a00 [ 78.552408][ T9705] tc_new_tfilter+0xa59/0x20b0 [ 78.557335][ T9705] ? tcindex_set_parms+0x1a00/0x1a00 [ 78.562600][ T9705] ? tc_del_tfilter+0x1430/0x1430 [ 78.567614][ T9705] ? __lock_acquire+0x80b/0x3ca0 [ 78.572540][ T9705] ? apparmor_capable+0x454/0x8a0 [ 78.577546][ T9705] ? rcu_read_lock_held+0x9c/0xb0 [ 78.582552][ T9705] ? tc_del_tfilter+0x1430/0x1430 [ 78.587582][ T9705] rtnetlink_rcv_msg+0x810/0xad0 [ 78.592496][ T9705] ? rtnl_bridge_getlink+0x870/0x870 [ 78.597760][ T9705] ? mark_held_locks+0xe0/0xe0 [ 78.602498][ T9705] ? netlink_deliver_tap+0x146/0xb50 [ 78.607904][ T9705] netlink_rcv_skb+0x15a/0x410 [ 78.612659][ T9705] ? rtnl_bridge_getlink+0x870/0x870 [ 78.617936][ T9705] ? netlink_ack+0xa80/0xa80 [ 78.622515][ T9705] netlink_unicast+0x537/0x740 [ 78.627299][ T9705] ? netlink_attachskb+0x810/0x810 [ 78.632425][ T9705] ? _copy_from_iter_full+0x25c/0x870 [ 78.637797][ T9705] ? __phys_addr_symbol+0x2c/0x70 [ 78.642801][ T9705] ? __check_object_size+0x171/0x437 [ 78.648087][ T9705] netlink_sendmsg+0x882/0xe10 [ 78.653513][ T9705] ? aa_af_perm+0x260/0x260 [ 78.658440][ T9705] ? netlink_unicast+0x740/0x740 [ 78.663362][ T9705] ? netlink_unicast+0x740/0x740 [ 78.668277][ T9705] sock_sendmsg+0xcf/0x120 [ 78.672679][ T9705] ____sys_sendmsg+0x6b9/0x7d0 [ 78.677733][ T9705] ? kernel_sendmsg+0x50/0x50 [ 78.682424][ T9705] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 78.687953][ T9705] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 78.693919][ T9705] ___sys_sendmsg+0x100/0x170 [ 78.698619][ T9705] ? sendmsg_copy_msghdr+0x70/0x70 [ 78.703760][ T9705] ? lock_downgrade+0x7f0/0x7f0 [ 78.708596][ T9705] ? lock_acquire+0x197/0x420 [ 78.713249][ T9705] ? __might_fault+0xef/0x1d0 [ 78.717963][ T9705] ? __might_fault+0x190/0x1d0 [ 78.722704][ T9705] ? _copy_to_user+0x107/0x150 [ 78.727445][ T9705] ? move_addr_to_user+0xb3/0x200 [ 78.732487][ T9705] ? __fget_light+0x1a5/0x270 [ 78.737154][ T9705] __sys_sendmsg+0xec/0x1b0 [ 78.741636][ T9705] ? __sys_sendmsg_sock+0xb0/0xb0 [ 78.746646][ T9705] ? mark_held_locks+0x9f/0xe0 [ 78.751392][ T9705] ? trace_hardirqs_off_caller+0x55/0x230 [ 78.757201][ T9705] ? do_syscall_64+0x21/0x790 [ 78.761868][ T9705] do_syscall_64+0xf6/0x790 [ 78.766374][ T9705] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 78.772326][ T9705] RIP: 0033:0x440eb9 [ 78.776205][ T9705] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 78.795782][ T9705] RSP: 002b:00007ffef61bf118 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 78.804187][ T9705] RAX: ffffffffffffffda RBX: 00000000004a2690 RCX: 0000000000440eb9 [ 78.812147][ T9705] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 78.820142][ T9705] RBP: 00000000004a2690 R08: 0000000120080522 R09: 0000000120080522 [ 78.828231][ T9705] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004023c0 [ 78.836202][ T9705] R13: 0000000000402450 R14: 0000000000000000 R15: 0000000000000000 [ 78.845520][ T9705] Kernel Offset: disabled [ 78.849857][ T9705] Rebooting in 86400 seconds..