[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   72.518256][   T27] audit: type=1800 audit(1583907228.435:25): pid=9521 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   72.550444][   T27] audit: type=1800 audit(1583907228.445:26): pid=9521 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   72.590446][   T27] audit: type=1800 audit(1583907228.445:27): pid=9521 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.143' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   83.081236][ T9674] IPVS: ftp: loaded support on port[0] = 21
[   83.113336][ T9674] ==================================================================
[   83.121515][ T9674] BUG: KASAN: slab-out-of-bounds in tcindex_set_parms+0x17fd/0x1a00
[   83.129487][ T9674] Write of size 16 at addr ffff8880a4662db8 by task syz-executor440/9674
[   83.137883][ T9674] 
[   83.140228][ T9674] CPU: 0 PID: 9674 Comm: syz-executor440 Not tainted 5.6.0-rc3-syzkaller #0
[   83.148893][ T9674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   83.159015][ T9674] Call Trace:
[   83.162313][ T9674]  dump_stack+0x188/0x20d
[   83.166626][ T9674]  ? tcindex_set_parms+0x17fd/0x1a00
[   83.171891][ T9674]  ? tcindex_set_parms+0x17fd/0x1a00
[   83.177156][ T9674]  print_address_description.constprop.0.cold+0xd3/0x315
[   83.184166][ T9674]  ? tcindex_set_parms+0x17fd/0x1a00
[   83.189437][ T9674]  ? tcindex_set_parms+0x17fd/0x1a00
[   83.194902][ T9674]  __kasan_report.cold+0x1a/0x32
[   83.199968][ T9674]  ? tcindex_set_parms+0x17fd/0x1a00
[   83.205242][ T9674]  kasan_report+0xe/0x20
[   83.209472][ T9674]  tcindex_set_parms+0x17fd/0x1a00
[   83.214627][ T9674]  ? tcindex_alloc_perfect_hash+0x320/0x320
[   83.220564][ T9674]  ? mark_held_locks+0xe0/0xe0
[   83.225419][ T9674]  ? nla_memcpy+0xa0/0xa0
[   83.229744][ T9674]  ? tcindex_change+0x203/0x2e0
[   83.234639][ T9674]  tcindex_change+0x203/0x2e0
[   83.239327][ T9674]  ? tcindex_set_parms+0x1a00/0x1a00
[   83.244616][ T9674]  tc_new_tfilter+0xa59/0x20b0
[   83.249366][ T9674]  ? tcindex_set_parms+0x1a00/0x1a00
[   83.254647][ T9674]  ? tc_del_tfilter+0x1430/0x1430
[   83.259653][ T9674]  ? __lock_acquire+0x80b/0x3ca0
[   83.264701][ T9674]  ? apparmor_capable+0x454/0x8a0
[   83.269722][ T9674]  ? rcu_read_lock_held+0x9c/0xb0
[   83.274735][ T9674]  ? tc_del_tfilter+0x1430/0x1430
[   83.279749][ T9674]  rtnetlink_rcv_msg+0x810/0xad0
[   83.285367][ T9674]  ? rtnl_bridge_getlink+0x880/0x880
[   83.290647][ T9674]  ? mark_held_locks+0xe0/0xe0
[   83.295390][ T9674]  ? netlink_deliver_tap+0x146/0xb50
[   83.300659][ T9674]  netlink_rcv_skb+0x15a/0x410
[   83.305406][ T9674]  ? rtnl_bridge_getlink+0x880/0x880
[   83.310673][ T9674]  ? netlink_ack+0xa80/0xa80
[   83.315267][ T9674]  netlink_unicast+0x537/0x740
[   83.320016][ T9674]  ? netlink_attachskb+0x810/0x810
[   83.325118][ T9674]  ? _copy_from_iter_full+0x25c/0x870
[   83.330481][ T9674]  ? __phys_addr_symbol+0x2c/0x70
[   83.335499][ T9674]  ? __check_object_size+0x171/0x437
[   83.340941][ T9674]  netlink_sendmsg+0x882/0xe10
[   83.345704][ T9674]  ? aa_af_perm+0x260/0x260
[   83.350189][ T9674]  ? netlink_unicast+0x740/0x740
[   83.355133][ T9674]  ? netlink_unicast+0x740/0x740
[   83.360077][ T9674]  sock_sendmsg+0xcf/0x120
[   83.364484][ T9674]  ____sys_sendmsg+0x6b9/0x7d0
[   83.369233][ T9674]  ? kernel_sendmsg+0x50/0x50
[   83.373909][ T9674]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   83.379461][ T9674]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   83.385446][ T9674]  ___sys_sendmsg+0x100/0x170
[   83.390110][ T9674]  ? sendmsg_copy_msghdr+0x70/0x70
[   83.395212][ T9674]  ? lock_downgrade+0x7f0/0x7f0
[   83.400054][ T9674]  ? lock_acquire+0x197/0x420
[   83.404731][ T9674]  ? __might_fault+0xef/0x1d0
[   83.409430][ T9674]  ? __might_fault+0x190/0x1d0
[   83.414186][ T9674]  ? _copy_to_user+0x107/0x150
[   83.418952][ T9674]  ? move_addr_to_user+0xb3/0x200
[   83.424050][ T9674]  ? __fget_light+0x1a5/0x270
[   83.428738][ T9674]  __sys_sendmsg+0xec/0x1b0
[   83.433243][ T9674]  ? __sys_sendmsg_sock+0xb0/0xb0
[   83.438343][ T9674]  ? mark_held_locks+0x9f/0xe0
[   83.443106][ T9674]  ? trace_hardirqs_off_caller+0x55/0x230
[   83.448832][ T9674]  ? do_syscall_64+0x21/0x790
[   83.453506][ T9674]  do_syscall_64+0xf6/0x790
[   83.457994][ T9674]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   83.463862][ T9674] RIP: 0033:0x440eb9
[   83.467743][ T9674] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   83.487342][ T9674] RSP: 002b:00007ffcc8088e18 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   83.495743][ T9674] RAX: ffffffffffffffda RBX: 00000000004a2690 RCX: 0000000000440eb9
[   83.503703][ T9674] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[   83.511670][ T9674] RBP: 00000000004a2690 R08: 0000000120080522 R09: 0000000120080522
[   83.519706][ T9674] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004023c0
[   83.527933][ T9674] R13: 0000000000402450 R14: 0000000000000000 R15: 0000000000000000
[   83.535907][ T9674] 
[   83.538230][ T9674] Allocated by task 9674:
[   83.542801][ T9674]  save_stack+0x1b/0x80
[   83.547314][ T9674]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   83.552936][ T9674]  kmem_cache_alloc_trace+0x153/0x7d0
[   83.558302][ T9674]  tcindex_set_parms+0x1f1/0x1a00
[   83.563315][ T9674]  tcindex_change+0x203/0x2e0
[   83.568003][ T9674]  tc_new_tfilter+0xa59/0x20b0
[   83.572762][ T9674]  rtnetlink_rcv_msg+0x810/0xad0
[   83.577830][ T9674]  netlink_rcv_skb+0x15a/0x410
[   83.582682][ T9674]  netlink_unicast+0x537/0x740
[   83.587607][ T9674]  netlink_sendmsg+0x882/0xe10
[   83.592349][ T9674]  sock_sendmsg+0xcf/0x120
[   83.596741][ T9674]  ____sys_sendmsg+0x6b9/0x7d0
[   83.601487][ T9674]  ___sys_sendmsg+0x100/0x170
[   83.606143][ T9674]  __sys_sendmsg+0xec/0x1b0
[   83.610722][ T9674]  do_syscall_64+0xf6/0x790
[   83.615201][ T9674]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   83.621071][ T9674] 
[   83.623377][ T9674] Freed by task 1868:
[   83.627351][ T9674]  save_stack+0x1b/0x80
[   83.631629][ T9674]  __kasan_slab_free+0xf7/0x140
[   83.636480][ T9674]  kfree+0x109/0x2b0
[   83.640451][ T9674]  umh_complete+0x81/0x90
[   83.644793][ T9674]  call_usermodehelper_exec_async+0x459/0x710
[   83.651021][ T9674]  ret_from_fork+0x24/0x30
[   83.655431][ T9674] 
[   83.657750][ T9674] The buggy address belongs to the object at ffff8880a4662d00
[   83.657750][ T9674]  which belongs to the cache kmalloc-192 of size 192
[   83.671893][ T9674] The buggy address is located 184 bytes inside of
[   83.671893][ T9674]  192-byte region [ffff8880a4662d00, ffff8880a4662dc0)
[   83.685155][ T9674] The buggy address belongs to the page:
[   83.690776][ T9674] page:ffffea0002919880 refcount:1 mapcount:0 mapping:ffff8880aa000000 index:0x0
[   83.699994][ T9674] flags: 0xfffe0000000200(slab)
[   83.704894][ T9674] raw: 00fffe0000000200 ffffea00029059c8 ffff8880aa001148 ffff8880aa000000
[   83.713471][ T9674] raw: 0000000000000000 ffff8880a4662000 0000000100000010 0000000000000000
[   83.722049][ T9674] page dumped because: kasan: bad access detected
[   83.728446][ T9674] 
[   83.730764][ T9674] Memory state around the buggy address:
[   83.736731][ T9674]  ffff8880a4662c80: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   83.744772][ T9674]  ffff8880a4662d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   83.752826][ T9674] >ffff8880a4662d80: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   83.761069][ T9674]                                         ^
[   83.766956][ T9674]  ffff8880a4662e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   83.775010][ T9674]  ffff8880a4662e80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   83.783063][ T9674] ==================================================================
[   83.791112][ T9674] Disabling lock debugging due to kernel taint
[   83.799175][ T9674] Kernel panic - not syncing: panic_on_warn set ...
[   83.806036][ T9674] CPU: 0 PID: 9674 Comm: syz-executor440 Tainted: G    B             5.6.0-rc3-syzkaller #0
[   83.816080][ T9674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   83.826125][ T9674] Call Trace:
[   83.829408][ T9674]  dump_stack+0x188/0x20d
[   83.833719][ T9674]  panic+0x2e3/0x75c
[   83.837597][ T9674]  ? add_taint.cold+0x16/0x16
[   83.842281][ T9674]  ? preempt_schedule_common+0x5e/0xc0
[   83.847727][ T9674]  ? tcindex_set_parms+0x17fd/0x1a00
[   83.853007][ T9674]  ? ___preempt_schedule+0x16/0x18
[   83.858100][ T9674]  ? trace_hardirqs_on+0x55/0x220
[   83.863113][ T9674]  ? tcindex_set_parms+0x17fd/0x1a00
[   83.868395][ T9674]  end_report+0x43/0x49
[   83.872699][ T9674]  ? tcindex_set_parms+0x17fd/0x1a00
[   83.877970][ T9674]  __kasan_report.cold+0xd/0x32
[   83.882841][ T9674]  ? tcindex_set_parms+0x17fd/0x1a00
[   83.888113][ T9674]  kasan_report+0xe/0x20
[   83.892355][ T9674]  tcindex_set_parms+0x17fd/0x1a00
[   83.897454][ T9674]  ? tcindex_alloc_perfect_hash+0x320/0x320
[   83.903327][ T9674]  ? mark_held_locks+0xe0/0xe0
[   83.908074][ T9674]  ? nla_memcpy+0xa0/0xa0
[   83.912382][ T9674]  ? tcindex_change+0x203/0x2e0
[   83.917294][ T9674]  tcindex_change+0x203/0x2e0
[   83.921954][ T9674]  ? tcindex_set_parms+0x1a00/0x1a00
[   83.927230][ T9674]  tc_new_tfilter+0xa59/0x20b0
[   83.931986][ T9674]  ? tcindex_set_parms+0x1a00/0x1a00
[   83.937404][ T9674]  ? tc_del_tfilter+0x1430/0x1430
[   83.942417][ T9674]  ? __lock_acquire+0x80b/0x3ca0
[   83.947346][ T9674]  ? apparmor_capable+0x454/0x8a0
[   83.952356][ T9674]  ? rcu_read_lock_held+0x9c/0xb0
[   83.957436][ T9674]  ? tc_del_tfilter+0x1430/0x1430
[   83.962527][ T9674]  rtnetlink_rcv_msg+0x810/0xad0
[   83.967503][ T9674]  ? rtnl_bridge_getlink+0x880/0x880
[   83.972788][ T9674]  ? mark_held_locks+0xe0/0xe0
[   83.977542][ T9674]  ? netlink_deliver_tap+0x146/0xb50
[   83.983164][ T9674]  netlink_rcv_skb+0x15a/0x410
[   83.987915][ T9674]  ? rtnl_bridge_getlink+0x880/0x880
[   83.993189][ T9674]  ? netlink_ack+0xa80/0xa80
[   83.997777][ T9674]  netlink_unicast+0x537/0x740
[   84.002519][ T9674]  ? netlink_attachskb+0x810/0x810
[   84.007616][ T9674]  ? _copy_from_iter_full+0x25c/0x870
[   84.012976][ T9674]  ? __phys_addr_symbol+0x2c/0x70
[   84.017988][ T9674]  ? __check_object_size+0x171/0x437
[   84.023267][ T9674]  netlink_sendmsg+0x882/0xe10
[   84.028046][ T9674]  ? aa_af_perm+0x260/0x260
[   84.032540][ T9674]  ? netlink_unicast+0x740/0x740
[   84.037485][ T9674]  ? netlink_unicast+0x740/0x740
[   84.042412][ T9674]  sock_sendmsg+0xcf/0x120
[   84.046803][ T9674]  ____sys_sendmsg+0x6b9/0x7d0
[   84.051542][ T9674]  ? kernel_sendmsg+0x50/0x50
[   84.056494][ T9674]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   84.062199][ T9674]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   84.068257][ T9674]  ___sys_sendmsg+0x100/0x170
[   84.072918][ T9674]  ? sendmsg_copy_msghdr+0x70/0x70
[   84.078013][ T9674]  ? lock_downgrade+0x7f0/0x7f0
[   84.082840][ T9674]  ? lock_acquire+0x197/0x420
[   84.087495][ T9674]  ? __might_fault+0xef/0x1d0
[   84.092159][ T9674]  ? __might_fault+0x190/0x1d0
[   84.096905][ T9674]  ? _copy_to_user+0x107/0x150
[   84.101652][ T9674]  ? move_addr_to_user+0xb3/0x200
[   84.106660][ T9674]  ? __fget_light+0x1a5/0x270
[   84.111490][ T9674]  __sys_sendmsg+0xec/0x1b0
[   84.115969][ T9674]  ? __sys_sendmsg_sock+0xb0/0xb0
[   84.120971][ T9674]  ? mark_held_locks+0x9f/0xe0
[   84.125747][ T9674]  ? trace_hardirqs_off_caller+0x55/0x230
[   84.131476][ T9674]  ? do_syscall_64+0x21/0x790
[   84.136148][ T9674]  do_syscall_64+0xf6/0x790
[   84.140645][ T9674]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   84.146524][ T9674] RIP: 0033:0x440eb9
[   84.150574][ T9674] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   84.170173][ T9674] RSP: 002b:00007ffcc8088e18 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   84.179205][ T9674] RAX: ffffffffffffffda RBX: 00000000004a2690 RCX: 0000000000440eb9
[   84.187167][ T9674] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[   84.195119][ T9674] RBP: 00000000004a2690 R08: 0000000120080522 R09: 0000000120080522
[   84.203141][ T9674] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004023c0
[   84.211106][ T9674] R13: 0000000000402450 R14: 0000000000000000 R15: 0000000000000000
[   84.220589][ T9674] Kernel Offset: disabled
[   84.224923][ T9674] Rebooting in 86400 seconds..