[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[  101.081726][   T26] audit: type=1800 audit(1579642446.192:25): pid=9677 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[  101.101864][   T26] audit: type=1800 audit(1579642446.202:26): pid=9677 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[  101.140795][   T26] audit: type=1800 audit(1579642446.202:27): pid=9677 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.203' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [  117.119237][ T9830] IPVS: ftp: loaded support on port[0] = 21
[  117.148975][ T9830] ==================================================================
[  117.157309][ T9830] BUG: KASAN: slab-out-of-bounds in __nla_put_nohdr+0x46/0x50
[  117.164766][ T9830] Read of size 12 at addr ffff8880a76235c0 by task syz-executor141/9830
[  117.173091][ T9830] 
[  117.175427][ T9830] CPU: 1 PID: 9830 Comm: syz-executor141 Not tainted 5.5.0-rc7-syzkaller #0
[  117.184163][ T9830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  117.194261][ T9830] Call Trace:
[  117.197709][ T9830]  dump_stack+0x197/0x210
[  117.202042][ T9830]  ? __nla_put_nohdr+0x46/0x50
[  117.206809][ T9830]  print_address_description.constprop.0.cold+0xd4/0x30b
[  117.213914][ T9830]  ? __nla_put_nohdr+0x46/0x50
[  117.218687][ T9830]  ? __nla_put_nohdr+0x46/0x50
[  117.223562][ T9830]  __kasan_report.cold+0x1b/0x41
[  117.228498][ T9830]  ? __nla_put_nohdr+0x46/0x50
[  117.233257][ T9830]  kasan_report+0x12/0x20
[  117.237669][ T9830]  check_memory_region+0x134/0x1a0
[  117.242888][ T9830]  memcpy+0x24/0x50
[  117.246797][ T9830]  __nla_put_nohdr+0x46/0x50
[  117.251440][ T9830]  nla_put_nohdr+0xf9/0x140
[  117.255943][ T9830]  tcf_em_tree_dump+0x67e/0x960
[  117.260859][ T9830]  ? tcf_em_lookup+0x150/0x150
[  117.265629][ T9830]  ? __nla_put_64bit+0x37/0x40
[  117.270446][ T9830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  117.276750][ T9830]  ? tcf_exts_dump+0xa2/0x5a0
[  117.281434][ T9830]  basic_dump+0x379/0x690
[  117.285901][ T9830]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  117.291889][ T9830]  ? basic_bind_class+0xb0/0xb0
[  117.296736][ T9830]  ? memcpy+0x46/0x50
[  117.300861][ T9830]  ? nla_put+0x110/0x150
[  117.305093][ T9830]  ? basic_bind_class+0xb0/0xb0
[  117.309944][ T9830]  tcf_fill_node+0x58b/0x970
[  117.314590][ T9830]  ? tcf_get_next_chain+0x50/0x50
[  117.319668][ T9830]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[  117.325202][ T9830]  ? basic_init+0x1f0/0x1f0
[  117.329709][ T9830]  tfilter_notify+0x134/0x290
[  117.334426][ T9830]  tc_new_tfilter+0xc18/0x2590
[  117.339224][ T9830]  ? basic_init+0x1f0/0x1f0
[  117.343717][ T9830]  ? tc_del_tfilter+0x1560/0x1560
[  117.348743][ T9830]  ? __kasan_check_read+0x11/0x20
[  117.353766][ T9830]  ? __lock_acquire+0x8a0/0x4a00
[  117.358692][ T9830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  117.365064][ T9830]  ? rtnetlink_rcv_msg+0x7e3/0xaf0
[  117.370174][ T9830]  ? find_held_lock+0x35/0x130
[  117.374950][ T9830]  ? rcu_read_lock_held_common+0x130/0x130
[  117.380762][ T9830]  ? tc_del_tfilter+0x1560/0x1560
[  117.385895][ T9830]  ? __kasan_check_read+0x11/0x20
[  117.390925][ T9830]  ? tc_del_tfilter+0x1560/0x1560
[  117.395945][ T9830]  rtnetlink_rcv_msg+0x824/0xaf0
[  117.400964][ T9830]  ? rtnl_bridge_getlink+0x910/0x910
[  117.406248][ T9830]  ? lock_downgrade+0x920/0x920
[  117.411101][ T9830]  ? netlink_deliver_tap+0x228/0xbe0
[  117.416383][ T9830]  ? find_held_lock+0x35/0x130
[  117.421164][ T9830]  netlink_rcv_skb+0x177/0x450
[  117.425974][ T9830]  ? rtnl_bridge_getlink+0x910/0x910
[  117.431267][ T9830]  ? netlink_ack+0xb50/0xb50
[  117.435857][ T9830]  ? __kasan_check_read+0x11/0x20
[  117.440874][ T9830]  ? netlink_deliver_tap+0x24a/0xbe0
[  117.446159][ T9830]  rtnetlink_rcv+0x1d/0x30
[  117.450579][ T9830]  netlink_unicast+0x58c/0x7d0
[  117.455358][ T9830]  ? netlink_attachskb+0x870/0x870
[  117.460520][ T9830]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  117.466353][ T9830]  ? __check_object_size+0x3d/0x437
[  117.471557][ T9830]  netlink_sendmsg+0x91c/0xea0
[  117.476338][ T9830]  ? netlink_unicast+0x7d0/0x7d0
[  117.481367][ T9830]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  117.486917][ T9830]  ? apparmor_socket_sendmsg+0x2a/0x30
[  117.492421][ T9830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  117.498677][ T9830]  ? security_socket_sendmsg+0x8d/0xc0
[  117.504137][ T9830]  ? netlink_unicast+0x7d0/0x7d0
[  117.509140][ T9830]  sock_sendmsg+0xd7/0x130
[  117.513565][ T9830]  ____sys_sendmsg+0x753/0x880
[  117.518326][ T9830]  ? kernel_sendmsg+0x50/0x50
[  117.523164][ T9830]  ? rcu_read_lock_sched_held+0x9c/0xd0
[  117.528713][ T9830]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  117.534687][ T9830]  ? __lock_acquire+0x16f2/0x4a00
[  117.539878][ T9830]  ___sys_sendmsg+0x100/0x170
[  117.544672][ T9830]  ? sendmsg_copy_msghdr+0x70/0x70
[  117.549787][ T9830]  ? lock_downgrade+0x920/0x920
[  117.554775][ T9830]  ? __kasan_check_read+0x11/0x20
[  117.559798][ T9830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  117.566037][ T9830]  ? __fget_light+0x1a9/0x230
[  117.570716][ T9830]  ? __fdget+0x1b/0x20
[  117.574780][ T9830]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  117.581067][ T9830]  __sys_sendmsg+0x105/0x1d0
[  117.585662][ T9830]  ? __sys_sendmsg_sock+0xc0/0xc0
[  117.590830][ T9830]  ? down_read_non_owner+0x490/0x490
[  117.596121][ T9830]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  117.601585][ T9830]  ? do_syscall_64+0x26/0x790
[  117.606256][ T9830]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  117.612317][ T9830]  ? do_syscall_64+0x26/0x790
[  117.617095][ T9830]  __x64_sys_sendmsg+0x78/0xb0
[  117.622127][ T9830]  do_syscall_64+0xfa/0x790
[  117.626637][ T9830]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  117.632529][ T9830] RIP: 0033:0x440dd9
[  117.636445][ T9830] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  117.656097][ T9830] RSP: 002b:00007ffcf40c80b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  117.664504][ T9830] RAX: ffffffffffffffda RBX: 00000000004a25b0 RCX: 0000000000440dd9
[  117.672477][ T9830] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[  117.680458][ T9830] RBP: 00000000006cc018 R08: 0000000120080522 R09: 0000000120080522
[  117.688430][ T9830] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004022e0
[  117.696403][ T9830] R13: 0000000000402370 R14: 0000000000000000 R15: 0000000000000000
[  117.704376][ T9830] 
[  117.706707][ T9830] Allocated by task 9830:
[  117.711145][ T9830]  save_stack+0x23/0x90
[  117.715295][ T9830]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  117.720923][ T9830]  kasan_kmalloc+0x9/0x10
[  117.725253][ T9830]  __kmalloc_track_caller+0x15f/0x760
[  117.730628][ T9830]  kmemdup+0x27/0x60
[  117.734520][ T9830]  em_nbyte_change+0xd6/0x150
[  117.739201][ T9830]  tcf_em_tree_validate+0x9b5/0xf3c
[  117.744390][ T9830]  basic_change+0x513/0x14a0
[  117.748965][ T9830]  tc_new_tfilter+0xbbd/0x2590
[  117.753833][ T9830]  rtnetlink_rcv_msg+0x824/0xaf0
[  117.758767][ T9830]  netlink_rcv_skb+0x177/0x450
[  117.763526][ T9830]  rtnetlink_rcv+0x1d/0x30
[  117.767929][ T9830]  netlink_unicast+0x58c/0x7d0
[  117.772684][ T9830]  netlink_sendmsg+0x91c/0xea0
[  117.777447][ T9830]  sock_sendmsg+0xd7/0x130
[  117.781922][ T9830]  ____sys_sendmsg+0x753/0x880
[  117.786737][ T9830]  ___sys_sendmsg+0x100/0x170
[  117.791414][ T9830]  __sys_sendmsg+0x105/0x1d0
[  117.796007][ T9830]  __x64_sys_sendmsg+0x78/0xb0
[  117.800771][ T9830]  do_syscall_64+0xfa/0x790
[  117.805274][ T9830]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  117.811193][ T9830] 
[  117.813514][ T9830] Freed by task 9557:
[  117.817489][ T9830]  save_stack+0x23/0x90
[  117.821743][ T9830]  __kasan_slab_free+0x102/0x150
[  117.826695][ T9830]  kasan_slab_free+0xe/0x10
[  117.831197][ T9830]  kfree+0x10a/0x2c0
[  117.835086][ T9830]  tomoyo_check_open_permission+0x19e/0x3e0
[  117.840977][ T9830]  tomoyo_file_open+0xa9/0xd0
[  117.845806][ T9830]  security_file_open+0x71/0x300
[  117.850964][ T9830]  do_dentry_open+0x37a/0x1380
[  117.855777][ T9830]  vfs_open+0xa0/0xd0
[  117.859755][ T9830]  path_openat+0x118b/0x3180
[  117.864441][ T9830]  do_filp_open+0x1a1/0x280
[  117.869037][ T9830]  do_sys_open+0x3fe/0x5d0
[  117.873552][ T9830]  __x64_sys_open+0x7e/0xc0
[  117.878050][ T9830]  do_syscall_64+0xfa/0x790
[  117.882540][ T9830]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  117.888420][ T9830] 
[  117.890863][ T9830] The buggy address belongs to the object at ffff8880a76235c0
[  117.890863][ T9830]  which belongs to the cache kmalloc-32 of size 32
[  117.904783][ T9830] The buggy address is located 0 bytes inside of
[  117.904783][ T9830]  32-byte region [ffff8880a76235c0, ffff8880a76235e0)
[  117.917906][ T9830] The buggy address belongs to the page:
[  117.923538][ T9830] page:ffffea00029d88c0 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a7623fc1
[  117.934184][ T9830] raw: 00fffe0000000200 ffffea00029cb2c8 ffffea0002921dc8 ffff8880aa4001c0
[  117.942915][ T9830] raw: ffff8880a7623fc1 ffff8880a7623000 000000010000002e 0000000000000000
[  117.951505][ T9830] page dumped because: kasan: bad access detected
[  117.957964][ T9830] 
[  117.960279][ T9830] Memory state around the buggy address:
[  117.965928][ T9830]  ffff8880a7623480: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  117.973986][ T9830]  ffff8880a7623500: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  117.982100][ T9830] >ffff8880a7623580: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc
[  117.990161][ T9830]                                            ^
[  117.996428][ T9830]  ffff8880a7623600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  118.004976][ T9830]  ffff8880a7623680: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[  118.013032][ T9830] ==================================================================
[  118.021192][ T9830] Disabling lock debugging due to kernel taint
[  118.029135][ T9830] Kernel panic - not syncing: panic_on_warn set ...
[  118.035958][ T9830] CPU: 0 PID: 9830 Comm: syz-executor141 Tainted: G    B             5.5.0-rc7-syzkaller #0
[  118.046495][ T9830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  118.056550][ T9830] Call Trace:
[  118.059837][ T9830]  dump_stack+0x197/0x210
[  118.064267][ T9830]  panic+0x2e3/0x75c
[  118.068220][ T9830]  ? add_taint.cold+0x16/0x16
[  118.072920][ T9830]  ? __nla_put_nohdr+0x46/0x50
[  118.077793][ T9830]  ? preempt_schedule+0x4b/0x60
[  118.082631][ T9830]  ? ___preempt_schedule+0x16/0x18
[  118.087873][ T9830]  ? trace_hardirqs_on+0x5e/0x240
[  118.092893][ T9830]  ? __nla_put_nohdr+0x46/0x50
[  118.097657][ T9830]  end_report+0x47/0x4f
[  118.101835][ T9830]  ? __nla_put_nohdr+0x46/0x50
[  118.106627][ T9830]  __kasan_report.cold+0xe/0x41
[  118.111593][ T9830]  ? __nla_put_nohdr+0x46/0x50
[  118.116428][ T9830]  kasan_report+0x12/0x20
[  118.120759][ T9830]  check_memory_region+0x134/0x1a0
[  118.125868][ T9830]  memcpy+0x24/0x50
[  118.129773][ T9830]  __nla_put_nohdr+0x46/0x50
[  118.134361][ T9830]  nla_put_nohdr+0xf9/0x140
[  118.139142][ T9830]  tcf_em_tree_dump+0x67e/0x960
[  118.143996][ T9830]  ? tcf_em_lookup+0x150/0x150
[  118.148813][ T9830]  ? __nla_put_64bit+0x37/0x40
[  118.153586][ T9830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  118.159859][ T9830]  ? tcf_exts_dump+0xa2/0x5a0
[  118.164544][ T9830]  basic_dump+0x379/0x690
[  118.169035][ T9830]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  118.175219][ T9830]  ? basic_bind_class+0xb0/0xb0
[  118.180069][ T9830]  ? memcpy+0x46/0x50
[  118.184807][ T9830]  ? nla_put+0x110/0x150
[  118.189059][ T9830]  ? basic_bind_class+0xb0/0xb0
[  118.193910][ T9830]  tcf_fill_node+0x58b/0x970
[  118.198542][ T9830]  ? tcf_get_next_chain+0x50/0x50
[  118.203609][ T9830]  ? __kmalloc_reserve.isra.0+0xf0/0xf0
[  118.209260][ T9830]  ? basic_init+0x1f0/0x1f0
[  118.213764][ T9830]  tfilter_notify+0x134/0x290
[  118.218437][ T9830]  tc_new_tfilter+0xc18/0x2590
[  118.223197][ T9830]  ? basic_init+0x1f0/0x1f0
[  118.227716][ T9830]  ? tc_del_tfilter+0x1560/0x1560
[  118.232737][ T9830]  ? __kasan_check_read+0x11/0x20
[  118.237928][ T9830]  ? __lock_acquire+0x8a0/0x4a00
[  118.242859][ T9830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  118.249103][ T9830]  ? rtnetlink_rcv_msg+0x7e3/0xaf0
[  118.254415][ T9830]  ? find_held_lock+0x35/0x130
[  118.259193][ T9830]  ? rcu_read_lock_held_common+0x130/0x130
[  118.265155][ T9830]  ? tc_del_tfilter+0x1560/0x1560
[  118.270292][ T9830]  ? __kasan_check_read+0x11/0x20
[  118.275314][ T9830]  ? tc_del_tfilter+0x1560/0x1560
[  118.280450][ T9830]  rtnetlink_rcv_msg+0x824/0xaf0
[  118.285385][ T9830]  ? rtnl_bridge_getlink+0x910/0x910
[  118.290663][ T9830]  ? lock_downgrade+0x920/0x920
[  118.295508][ T9830]  ? netlink_deliver_tap+0x228/0xbe0
[  118.300922][ T9830]  ? find_held_lock+0x35/0x130
[  118.305687][ T9830]  netlink_rcv_skb+0x177/0x450
[  118.310525][ T9830]  ? rtnl_bridge_getlink+0x910/0x910
[  118.315957][ T9830]  ? netlink_ack+0xb50/0xb50
[  118.320563][ T9830]  ? __kasan_check_read+0x11/0x20
[  118.325613][ T9830]  ? netlink_deliver_tap+0x24a/0xbe0
[  118.330929][ T9830]  rtnetlink_rcv+0x1d/0x30
[  118.335341][ T9830]  netlink_unicast+0x58c/0x7d0
[  118.340222][ T9830]  ? netlink_attachskb+0x870/0x870
[  118.345325][ T9830]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[  118.351102][ T9830]  ? __check_object_size+0x3d/0x437
[  118.356299][ T9830]  netlink_sendmsg+0x91c/0xea0
[  118.361214][ T9830]  ? netlink_unicast+0x7d0/0x7d0
[  118.366526][ T9830]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  118.372209][ T9830]  ? apparmor_socket_sendmsg+0x2a/0x30
[  118.377663][ T9830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  118.384018][ T9830]  ? security_socket_sendmsg+0x8d/0xc0
[  118.389486][ T9830]  ? netlink_unicast+0x7d0/0x7d0
[  118.394562][ T9830]  sock_sendmsg+0xd7/0x130
[  118.398972][ T9830]  ____sys_sendmsg+0x753/0x880
[  118.403768][ T9830]  ? kernel_sendmsg+0x50/0x50
[  118.408484][ T9830]  ? rcu_read_lock_sched_held+0x9c/0xd0
[  118.414026][ T9830]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  118.420019][ T9830]  ? __lock_acquire+0x16f2/0x4a00
[  118.425069][ T9830]  ___sys_sendmsg+0x100/0x170
[  118.429817][ T9830]  ? sendmsg_copy_msghdr+0x70/0x70
[  118.434936][ T9830]  ? lock_downgrade+0x920/0x920
[  118.439786][ T9830]  ? __kasan_check_read+0x11/0x20
[  118.444820][ T9830]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  118.451153][ T9830]  ? __fget_light+0x1a9/0x230
[  118.455824][ T9830]  ? __fdget+0x1b/0x20
[  118.459953][ T9830]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  118.466241][ T9830]  __sys_sendmsg+0x105/0x1d0
[  118.470825][ T9830]  ? __sys_sendmsg_sock+0xc0/0xc0
[  118.475969][ T9830]  ? down_read_non_owner+0x490/0x490
[  118.481247][ T9830]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  118.486699][ T9830]  ? do_syscall_64+0x26/0x790
[  118.491524][ T9830]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  118.497701][ T9830]  ? do_syscall_64+0x26/0x790
[  118.502362][ T9830]  __x64_sys_sendmsg+0x78/0xb0
[  118.507134][ T9830]  do_syscall_64+0xfa/0x790
[  118.511626][ T9830]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  118.517511][ T9830] RIP: 0033:0x440dd9
[  118.521396][ T9830] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  118.540989][ T9830] RSP: 002b:00007ffcf40c80b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  118.549565][ T9830] RAX: ffffffffffffffda RBX: 00000000004a25b0 RCX: 0000000000440dd9
[  118.557531][ T9830] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[  118.565571][ T9830] RBP: 00000000006cc018 R08: 0000000120080522 R09: 0000000120080522
[  118.573538][ T9830] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004022e0
[  118.581675][ T9830] R13: 0000000000402370 R14: 0000000000000000 R15: 0000000000000000
[  118.591189][ T9830] Kernel Offset: disabled
[  118.595583][ T9830] Rebooting in 86400 seconds..