[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 64.904452][ T27] audit: type=1800 audit(1585529544.484:25): pid=9462 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 64.938782][ T27] audit: type=1800 audit(1585529544.484:26): pid=9462 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 64.976611][ T27] audit: type=1800 audit(1585529544.484:27): pid=9462 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.43' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 75.872966][ T9615] IPVS: ftp: loaded support on port[0] = 21 [ 75.907220][ T9615] ================================================================== [ 75.915886][ T9615] BUG: KASAN: slab-out-of-bounds in tcindex_set_parms+0x17fd/0x1a00 [ 75.923861][ T9615] Write of size 16 at addr ffff8880a1f218b8 by task syz-executor556/9615 [ 75.932865][ T9615] [ 75.935187][ T9615] CPU: 1 PID: 9615 Comm: syz-executor556 Not tainted 5.6.0-rc3-next-20200228-syzkaller #0 [ 75.945184][ T9615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.955880][ T9615] Call Trace: [ 75.959358][ T9615] dump_stack+0x188/0x20d [ 75.964204][ T9615] ? tcindex_set_parms+0x17fd/0x1a00 [ 75.969873][ T9615] ? tcindex_set_parms+0x17fd/0x1a00 [ 75.975293][ T9615] print_address_description.constprop.0.cold+0xd3/0x315 [ 75.982733][ T9615] ? tcindex_set_parms+0x17fd/0x1a00 [ 75.988529][ T9615] ? tcindex_set_parms+0x17fd/0x1a00 [ 75.994460][ T9615] __kasan_report.cold+0x1a/0x32 [ 76.000016][ T9615] ? tcindex_set_parms+0x17fd/0x1a00 [ 76.006131][ T9615] kasan_report+0xe/0x20 [ 76.010508][ T9615] tcindex_set_parms+0x17fd/0x1a00 [ 76.016763][ T9615] ? tcindex_alloc_perfect_hash+0x320/0x320 [ 76.023573][ T9615] ? mark_held_locks+0xe0/0xe0 [ 76.029084][ T9615] ? nla_memcpy+0xa0/0xa0 [ 76.033719][ T9615] ? tcindex_change+0x203/0x2e0 [ 76.038692][ T9615] tcindex_change+0x203/0x2e0 [ 76.043852][ T9615] ? tcindex_set_parms+0x1a00/0x1a00 [ 76.049709][ T9615] tc_new_tfilter+0xa59/0x20b0 [ 76.054611][ T9615] ? tcindex_set_parms+0x1a00/0x1a00 [ 76.059909][ T9615] ? is_bpf_image_address+0x1cb/0x280 [ 76.065644][ T9615] ? tc_del_tfilter+0x1430/0x1430 [ 76.071000][ T9615] ? apparmor_capable+0x49c/0x8a0 [ 76.076261][ T9615] ? mark_lock+0xbc/0x1220 [ 76.080985][ T9615] ? rcu_read_lock_held+0x9c/0xb0 [ 76.086140][ T9615] ? tc_del_tfilter+0x1430/0x1430 [ 76.091171][ T9615] rtnetlink_rcv_msg+0x810/0xad0 [ 76.096325][ T9615] ? rtnl_bridge_getlink+0x880/0x880 [ 76.101618][ T9615] ? mark_held_locks+0xe0/0xe0 [ 76.106531][ T9615] ? netlink_deliver_tap+0x146/0xb50 [ 76.112591][ T9615] netlink_rcv_skb+0x15a/0x410 [ 76.117500][ T9615] ? rtnl_bridge_getlink+0x880/0x880 [ 76.123044][ T9615] ? netlink_ack+0xa80/0xa80 [ 76.127665][ T9615] netlink_unicast+0x537/0x740 [ 76.132909][ T9615] ? netlink_attachskb+0x810/0x810 [ 76.138396][ T9615] ? _copy_from_iter_full+0x25c/0x870 [ 76.144034][ T9615] ? __phys_addr_symbol+0x2c/0x70 [ 76.149413][ T9615] ? __check_object_size+0x171/0x437 [ 76.154958][ T9615] netlink_sendmsg+0x882/0xe10 [ 76.159838][ T9615] ? aa_af_perm+0x260/0x260 [ 76.164402][ T9615] ? netlink_unicast+0x740/0x740 [ 76.169662][ T9615] ? netlink_unicast+0x740/0x740 [ 76.174744][ T9615] sock_sendmsg+0xcf/0x120 [ 76.179380][ T9615] ____sys_sendmsg+0x6b9/0x7d0 [ 76.184291][ T9615] ? kernel_sendmsg+0x50/0x50 [ 76.189359][ T9615] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 76.195056][ T9615] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 76.201056][ T9615] ___sys_sendmsg+0x100/0x170 [ 76.205858][ T9615] ? sendmsg_copy_msghdr+0x70/0x70 [ 76.211278][ T9615] ? lock_downgrade+0x7f0/0x7f0 [ 76.216334][ T9615] ? lock_acquire+0x197/0x420 [ 76.221114][ T9615] ? __might_fault+0xef/0x1d0 [ 76.225944][ T9615] ? __might_fault+0x190/0x1d0 [ 76.230856][ T9615] ? _copy_to_user+0x107/0x150 [ 76.235629][ T9615] ? move_addr_to_user+0xb3/0x200 [ 76.241111][ T9615] ? __fget_light+0x1a5/0x270 [ 76.247502][ T9615] __sys_sendmsg+0xec/0x1b0 [ 76.253079][ T9615] ? __sys_sendmsg_sock+0xb0/0xb0 [ 76.258517][ T9615] ? trace_hardirqs_off_caller+0x55/0x230 [ 76.264832][ T9615] ? do_syscall_64+0x21/0x790 [ 76.269980][ T9615] do_syscall_64+0xf6/0x790 [ 76.275065][ T9615] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.281521][ T9615] RIP: 0033:0x440e79 [ 76.285417][ T9615] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 76.305368][ T9615] RSP: 002b:00007ffee1348588 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.313875][ T9615] RAX: ffffffffffffffda RBX: 00000000004a2650 RCX: 0000000000440e79 [ 76.322290][ T9615] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 76.330383][ T9615] RBP: 00007ffee1348590 R08: 0000000120080522 R09: 0000000120080522 [ 76.338689][ T9615] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004a2650 [ 76.346788][ T9615] R13: 0000000000402410 R14: 0000000000000000 R15: 0000000000000000 [ 76.354998][ T9615] [ 76.357406][ T9615] Allocated by task 1: [ 76.361468][ T9615] save_stack+0x1b/0x40 [ 76.365992][ T9615] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 76.371952][ T9615] kmem_cache_alloc_node_trace+0x161/0x790 [ 76.378087][ T9615] blk_mq_init_tags+0x6a/0x2b0 [ 76.383049][ T9615] blk_mq_alloc_rq_map+0x81/0x200 [ 76.388825][ T9615] blk_mq_init_sched+0x20a/0x740 [ 76.394123][ T9615] elevator_init_mq+0x1f1/0x410 [ 76.398973][ T9615] __device_add_disk+0x97c/0x1150 [ 76.404095][ T9615] loop_add+0x60b/0x8a0 [ 76.408402][ T9615] loop_init+0x1ef/0x24a [ 76.412648][ T9615] do_one_initcall+0x10a/0x7d0 [ 76.417488][ T9615] kernel_init_freeable+0x501/0x5ae [ 76.422929][ T9615] kernel_init+0xd/0x1bb [ 76.427165][ T9615] ret_from_fork+0x24/0x30 [ 76.431563][ T9615] [ 76.433882][ T9615] Freed by task 0: [ 76.438019][ T9615] (stack is not available) [ 76.442836][ T9615] [ 76.445161][ T9615] The buggy address belongs to the object at ffff8880a1f21800 [ 76.445161][ T9615] which belongs to the cache kmalloc-192 of size 192 [ 76.460114][ T9615] The buggy address is located 184 bytes inside of [ 76.460114][ T9615] 192-byte region [ffff8880a1f21800, ffff8880a1f218c0) [ 76.473415][ T9615] The buggy address belongs to the page: [ 76.479056][ T9615] page:ffffea000287c840 refcount:1 mapcount:0 mapping:00000000ee2ecaf3 index:0x0 [ 76.488315][ T9615] flags: 0xfffe0000000200(slab) [ 76.493159][ T9615] raw: 00fffe0000000200 ffffea0002888488 ffffea0002861308 ffff8880aa000000 [ 76.501820][ T9615] raw: 0000000000000000 ffff8880a1f21000 0000000100000010 0000000000000000 [ 76.510388][ T9615] page dumped because: kasan: bad access detected [ 76.516814][ T9615] [ 76.519253][ T9615] Memory state around the buggy address: [ 76.524929][ T9615] ffff8880a1f21780: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.533187][ T9615] ffff8880a1f21800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.541381][ T9615] >ffff8880a1f21880: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 76.550246][ T9615] ^ [ 76.556425][ T9615] ffff8880a1f21900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.565051][ T9615] ffff8880a1f21980: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.573260][ T9615] ================================================================== [ 76.581399][ T9615] Disabling lock debugging due to kernel taint [ 76.588316][ T9615] Kernel panic - not syncing: panic_on_warn set ... [ 76.595056][ T9615] CPU: 1 PID: 9615 Comm: syz-executor556 Tainted: G B 5.6.0-rc3-next-20200228-syzkaller #0 [ 76.607073][ T9615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.617319][ T9615] Call Trace: [ 76.620761][ T9615] dump_stack+0x188/0x20d [ 76.625138][ T9615] panic+0x2e3/0x75c [ 76.629267][ T9615] ? add_taint.cold+0x16/0x16 [ 76.634142][ T9615] ? preempt_schedule_common+0x5e/0xc0 [ 76.639866][ T9615] ? tcindex_set_parms+0x17fd/0x1a00 [ 76.645379][ T9615] ? ___preempt_schedule+0x16/0x18 [ 76.650591][ T9615] ? trace_hardirqs_on+0x55/0x220 [ 76.655777][ T9615] ? tcindex_set_parms+0x17fd/0x1a00 [ 76.661301][ T9615] end_report+0x43/0x49 [ 76.665489][ T9615] ? tcindex_set_parms+0x17fd/0x1a00 [ 76.670851][ T9615] __kasan_report.cold+0xd/0x32 [ 76.675835][ T9615] ? tcindex_set_parms+0x17fd/0x1a00 [ 76.681208][ T9615] kasan_report+0xe/0x20 [ 76.685482][ T9615] tcindex_set_parms+0x17fd/0x1a00 [ 76.690590][ T9615] ? tcindex_alloc_perfect_hash+0x320/0x320 [ 76.696473][ T9615] ? mark_held_locks+0xe0/0xe0 [ 76.702278][ T9615] ? nla_memcpy+0xa0/0xa0 [ 76.706607][ T9615] ? tcindex_change+0x203/0x2e0 [ 76.711498][ T9615] tcindex_change+0x203/0x2e0 [ 76.716168][ T9615] ? tcindex_set_parms+0x1a00/0x1a00 [ 76.721552][ T9615] tc_new_tfilter+0xa59/0x20b0 [ 76.726553][ T9615] ? tcindex_set_parms+0x1a00/0x1a00 [ 76.733205][ T9615] ? is_bpf_image_address+0x1cb/0x280 [ 76.739224][ T9615] ? tc_del_tfilter+0x1430/0x1430 [ 76.744699][ T9615] ? apparmor_capable+0x49c/0x8a0 [ 76.750338][ T9615] ? mark_lock+0xbc/0x1220 [ 76.755353][ T9615] ? rcu_read_lock_held+0x9c/0xb0 [ 76.761412][ T9615] ? tc_del_tfilter+0x1430/0x1430 [ 76.768601][ T9615] rtnetlink_rcv_msg+0x810/0xad0 [ 76.773630][ T9615] ? rtnl_bridge_getlink+0x880/0x880 [ 76.780291][ T9615] ? mark_held_locks+0xe0/0xe0 [ 76.785493][ T9615] ? netlink_deliver_tap+0x146/0xb50 [ 76.790960][ T9615] netlink_rcv_skb+0x15a/0x410 [ 76.795977][ T9615] ? rtnl_bridge_getlink+0x880/0x880 [ 76.801563][ T9615] ? netlink_ack+0xa80/0xa80 [ 76.806154][ T9615] netlink_unicast+0x537/0x740 [ 76.812118][ T9615] ? netlink_attachskb+0x810/0x810 [ 76.817550][ T9615] ? _copy_from_iter_full+0x25c/0x870 [ 76.823232][ T9615] ? __phys_addr_symbol+0x2c/0x70 [ 76.828457][ T9615] ? __check_object_size+0x171/0x437 [ 76.834282][ T9615] netlink_sendmsg+0x882/0xe10 [ 76.839073][ T9615] ? aa_af_perm+0x260/0x260 [ 76.843844][ T9615] ? netlink_unicast+0x740/0x740 [ 76.848905][ T9615] ? netlink_unicast+0x740/0x740 [ 76.854118][ T9615] sock_sendmsg+0xcf/0x120 [ 76.858728][ T9615] ____sys_sendmsg+0x6b9/0x7d0 [ 76.863915][ T9615] ? kernel_sendmsg+0x50/0x50 [ 76.868598][ T9615] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 76.874494][ T9615] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 76.880495][ T9615] ___sys_sendmsg+0x100/0x170 [ 76.885341][ T9615] ? sendmsg_copy_msghdr+0x70/0x70 [ 76.890686][ T9615] ? lock_downgrade+0x7f0/0x7f0 [ 76.895695][ T9615] ? lock_acquire+0x197/0x420 [ 76.900478][ T9615] ? __might_fault+0xef/0x1d0 [ 76.905706][ T9615] ? __might_fault+0x190/0x1d0 [ 76.910467][ T9615] ? _copy_to_user+0x107/0x150 [ 76.915462][ T9615] ? move_addr_to_user+0xb3/0x200 [ 76.920485][ T9615] ? __fget_light+0x1a5/0x270 [ 76.925438][ T9615] __sys_sendmsg+0xec/0x1b0 [ 76.930367][ T9615] ? __sys_sendmsg_sock+0xb0/0xb0 [ 76.935499][ T9615] ? trace_hardirqs_off_caller+0x55/0x230 [ 76.941536][ T9615] ? do_syscall_64+0x21/0x790 [ 76.946255][ T9615] do_syscall_64+0xf6/0x790 [ 76.950867][ T9615] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 76.957115][ T9615] RIP: 0033:0x440e79 [ 76.961256][ T9615] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 76.981360][ T9615] RSP: 002b:00007ffee1348588 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 76.989959][ T9615] RAX: ffffffffffffffda RBX: 00000000004a2650 RCX: 0000000000440e79 [ 77.000789][ T9615] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 77.009128][ T9615] RBP: 00007ffee1348590 R08: 0000000120080522 R09: 0000000120080522 [ 77.017307][ T9615] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004a2650 [ 77.025757][ T9615] R13: 0000000000402410 R14: 0000000000000000 R15: 0000000000000000 [ 77.036595][ T9615] Kernel Offset: disabled [ 77.041140][ T9615] Rebooting in 86400 seconds..