[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   78.941156][   T27] audit: type=1800 audit(1583878472.758:25): pid=9440 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   78.961007][   T27] audit: type=1800 audit(1583878472.768:26): pid=9440 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   79.060381][   T27] audit: type=1800 audit(1583878472.878:27): pid=9440 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.100' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   90.109162][ T9595] IPVS: ftp: loaded support on port[0] = 21
[   90.141387][ T9595] ==================================================================
[   90.149639][ T9595] BUG: KASAN: slab-out-of-bounds in tcindex_set_parms+0x17fd/0x1a00
[   90.157602][ T9595] Write of size 16 at addr ffff8880a22fa4b8 by task syz-executor787/9595
[   90.165994][ T9595] 
[   90.168311][ T9595] CPU: 1 PID: 9595 Comm: syz-executor787 Not tainted 5.6.0-rc3-syzkaller #0
[   90.176962][ T9595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   90.187054][ T9595] Call Trace:
[   90.190337][ T9595]  dump_stack+0x188/0x20d
[   90.194656][ T9595]  ? tcindex_set_parms+0x17fd/0x1a00
[   90.199925][ T9595]  ? tcindex_set_parms+0x17fd/0x1a00
[   90.205198][ T9595]  print_address_description.constprop.0.cold+0xd3/0x315
[   90.212210][ T9595]  ? tcindex_set_parms+0x17fd/0x1a00
[   90.217504][ T9595]  ? tcindex_set_parms+0x17fd/0x1a00
[   90.222778][ T9595]  __kasan_report.cold+0x1a/0x32
[   90.227705][ T9595]  ? tcindex_set_parms+0x17fd/0x1a00
[   90.232978][ T9595]  kasan_report+0xe/0x20
[   90.237219][ T9595]  tcindex_set_parms+0x17fd/0x1a00
[   90.242328][ T9595]  ? tcindex_alloc_perfect_hash+0x320/0x320
[   90.248232][ T9595]  ? mark_held_locks+0xe0/0xe0
[   90.252999][ T9595]  ? nla_memcpy+0xa0/0xa0
[   90.257323][ T9595]  ? tcindex_change+0x203/0x2e0
[   90.262156][ T9595]  tcindex_change+0x203/0x2e0
[   90.266830][ T9595]  ? tcindex_set_parms+0x1a00/0x1a00
[   90.272143][ T9595]  tc_new_tfilter+0xa59/0x20b0
[   90.276902][ T9595]  ? tcindex_set_parms+0x1a00/0x1a00
[   90.282201][ T9595]  ? tc_del_tfilter+0x1430/0x1430
[   90.287251][ T9595]  ? __lock_acquire+0x80b/0x3ca0
[   90.292181][ T9595]  ? apparmor_capable+0x454/0x8a0
[   90.297210][ T9595]  ? rcu_read_lock_held+0x9c/0xb0
[   90.302229][ T9595]  ? tc_del_tfilter+0x1430/0x1430
[   90.307281][ T9595]  rtnetlink_rcv_msg+0x810/0xad0
[   90.312236][ T9595]  ? rtnl_bridge_getlink+0x870/0x870
[   90.317525][ T9595]  ? mark_held_locks+0xe0/0xe0
[   90.322276][ T9595]  ? netlink_deliver_tap+0x146/0xb50
[   90.327552][ T9595]  netlink_rcv_skb+0x15a/0x410
[   90.332308][ T9595]  ? rtnl_bridge_getlink+0x870/0x870
[   90.337603][ T9595]  ? netlink_ack+0xa80/0xa80
[   90.342255][ T9595]  netlink_unicast+0x537/0x740
[   90.347018][ T9595]  ? netlink_attachskb+0x810/0x810
[   90.352120][ T9595]  ? _copy_from_iter_full+0x25c/0x870
[   90.357490][ T9595]  ? __phys_addr_symbol+0x2c/0x70
[   90.362501][ T9595]  ? __check_object_size+0x171/0x437
[   90.367922][ T9595]  netlink_sendmsg+0x882/0xe10
[   90.372755][ T9595]  ? aa_af_perm+0x260/0x260
[   90.377390][ T9595]  ? netlink_unicast+0x740/0x740
[   90.382348][ T9595]  ? netlink_unicast+0x740/0x740
[   90.387399][ T9595]  sock_sendmsg+0xcf/0x120
[   90.391816][ T9595]  ____sys_sendmsg+0x6b9/0x7d0
[   90.396573][ T9595]  ? kernel_sendmsg+0x50/0x50
[   90.401300][ T9595]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   90.406838][ T9595]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   90.412821][ T9595]  ___sys_sendmsg+0x100/0x170
[   90.417626][ T9595]  ? sendmsg_copy_msghdr+0x70/0x70
[   90.422751][ T9595]  ? lock_downgrade+0x7f0/0x7f0
[   90.427595][ T9595]  ? lock_acquire+0x197/0x420
[   90.432285][ T9595]  ? __might_fault+0xef/0x1d0
[   90.437019][ T9595]  ? __might_fault+0x190/0x1d0
[   90.441787][ T9595]  ? _copy_to_user+0x107/0x150
[   90.446548][ T9595]  ? move_addr_to_user+0xb3/0x200
[   90.451561][ T9595]  ? __fget_light+0x1a5/0x270
[   90.456343][ T9595]  __sys_sendmsg+0xec/0x1b0
[   90.460837][ T9595]  ? __sys_sendmsg_sock+0xb0/0xb0
[   90.465847][ T9595]  ? mark_held_locks+0x9f/0xe0
[   90.470606][ T9595]  ? trace_hardirqs_off_caller+0x55/0x230
[   90.476333][ T9595]  ? do_syscall_64+0x21/0x790
[   90.481002][ T9595]  do_syscall_64+0xf6/0x790
[   90.485497][ T9595]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   90.491391][ T9595] RIP: 0033:0x440eb9
[   90.495276][ T9595] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   90.515394][ T9595] RSP: 002b:00007ffd55440238 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   90.523801][ T9595] RAX: ffffffffffffffda RBX: 00000000004a2690 RCX: 0000000000440eb9
[   90.531765][ T9595] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[   90.539737][ T9595] RBP: 00000000004a2690 R08: 0000000120080522 R09: 0000000120080522
[   90.547697][ T9595] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004023c0
[   90.555655][ T9595] R13: 0000000000402450 R14: 0000000000000000 R15: 0000000000000000
[   90.563624][ T9595] 
[   90.565942][ T9595] Allocated by task 9595:
[   90.570259][ T9595]  save_stack+0x1b/0x80
[   90.574398][ T9595]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   90.580061][ T9595]  kmem_cache_alloc_trace+0x153/0x7d0
[   90.585419][ T9595]  tcindex_set_parms+0x1f1/0x1a00
[   90.590428][ T9595]  tcindex_change+0x203/0x2e0
[   90.595090][ T9595]  tc_new_tfilter+0xa59/0x20b0
[   90.599856][ T9595]  rtnetlink_rcv_msg+0x810/0xad0
[   90.604820][ T9595]  netlink_rcv_skb+0x15a/0x410
[   90.609570][ T9595]  netlink_unicast+0x537/0x740
[   90.614419][ T9595]  netlink_sendmsg+0x882/0xe10
[   90.619166][ T9595]  sock_sendmsg+0xcf/0x120
[   90.623562][ T9595]  ____sys_sendmsg+0x6b9/0x7d0
[   90.628313][ T9595]  ___sys_sendmsg+0x100/0x170
[   90.633021][ T9595]  __sys_sendmsg+0xec/0x1b0
[   90.637513][ T9595]  do_syscall_64+0xf6/0x790
[   90.642003][ T9595]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   90.647873][ T9595] 
[   90.650185][ T9595] Freed by task 2566:
[   90.654270][ T9595]  save_stack+0x1b/0x80
[   90.658412][ T9595]  __kasan_slab_free+0xf7/0x140
[   90.663257][ T9595]  kfree+0x109/0x2b0
[   90.667154][ T9595]  umh_complete+0x81/0x90
[   90.671489][ T9595]  call_usermodehelper_exec_async+0x459/0x710
[   90.677549][ T9595]  ret_from_fork+0x24/0x30
[   90.681943][ T9595] 
[   90.684265][ T9595] The buggy address belongs to the object at ffff8880a22fa400
[   90.684265][ T9595]  which belongs to the cache kmalloc-192 of size 192
[   90.698306][ T9595] The buggy address is located 184 bytes inside of
[   90.698306][ T9595]  192-byte region [ffff8880a22fa400, ffff8880a22fa4c0)
[   90.711563][ T9595] The buggy address belongs to the page:
[   90.717356][ T9595] page:ffffea000288be80 refcount:1 mapcount:0 mapping:ffff8880aa000000 index:0xffff8880a22fae00
[   90.727760][ T9595] flags: 0xfffe0000000200(slab)
[   90.732597][ T9595] raw: 00fffe0000000200 ffffea0002865308 ffff8880aa001138 ffff8880aa000000
[   90.741167][ T9595] raw: ffff8880a22fae00 ffff8880a22fa000 0000000100000009 0000000000000000
[   90.749777][ T9595] page dumped because: kasan: bad access detected
[   90.756170][ T9595] 
[   90.758478][ T9595] Memory state around the buggy address:
[   90.764207][ T9595]  ffff8880a22fa380: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   90.772313][ T9595]  ffff8880a22fa400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   90.780490][ T9595] >ffff8880a22fa480: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   90.788591][ T9595]                                         ^
[   90.794572][ T9595]  ffff8880a22fa500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   90.802616][ T9595]  ffff8880a22fa580: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   90.810661][ T9595] ==================================================================
[   90.818705][ T9595] Disabling lock debugging due to kernel taint
[   90.825469][ T9595] Kernel panic - not syncing: panic_on_warn set ...
[   90.832190][ T9595] CPU: 1 PID: 9595 Comm: syz-executor787 Tainted: G    B             5.6.0-rc3-syzkaller #0
[   90.842274][ T9595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   90.852316][ T9595] Call Trace:
[   90.855609][ T9595]  dump_stack+0x188/0x20d
[   90.859925][ T9595]  panic+0x2e3/0x75c
[   90.863808][ T9595]  ? add_taint.cold+0x16/0x16
[   90.868478][ T9595]  ? preempt_schedule_common+0x5e/0xc0
[   90.873926][ T9595]  ? tcindex_set_parms+0x17fd/0x1a00
[   90.879204][ T9595]  ? ___preempt_schedule+0x16/0x18
[   90.884298][ T9595]  ? trace_hardirqs_on+0x55/0x220
[   90.889308][ T9595]  ? tcindex_set_parms+0x17fd/0x1a00
[   90.894577][ T9595]  end_report+0x43/0x49
[   90.898716][ T9595]  ? tcindex_set_parms+0x17fd/0x1a00
[   90.903992][ T9595]  __kasan_report.cold+0xd/0x32
[   90.908838][ T9595]  ? tcindex_set_parms+0x17fd/0x1a00
[   90.914118][ T9595]  kasan_report+0xe/0x20
[   90.918345][ T9595]  tcindex_set_parms+0x17fd/0x1a00
[   90.923443][ T9595]  ? tcindex_alloc_perfect_hash+0x320/0x320
[   90.929325][ T9595]  ? mark_held_locks+0xe0/0xe0
[   90.934082][ T9595]  ? nla_memcpy+0xa0/0xa0
[   90.938528][ T9595]  ? tcindex_change+0x203/0x2e0
[   90.943366][ T9595]  tcindex_change+0x203/0x2e0
[   90.948032][ T9595]  ? tcindex_set_parms+0x1a00/0x1a00
[   90.953311][ T9595]  tc_new_tfilter+0xa59/0x20b0
[   90.958067][ T9595]  ? tcindex_set_parms+0x1a00/0x1a00
[   90.963346][ T9595]  ? tc_del_tfilter+0x1430/0x1430
[   90.968359][ T9595]  ? __lock_acquire+0x80b/0x3ca0
[   90.973283][ T9595]  ? apparmor_capable+0x454/0x8a0
[   90.978297][ T9595]  ? rcu_read_lock_held+0x9c/0xb0
[   90.983439][ T9595]  ? tc_del_tfilter+0x1430/0x1430
[   90.988452][ T9595]  rtnetlink_rcv_msg+0x810/0xad0
[   90.993397][ T9595]  ? rtnl_bridge_getlink+0x870/0x870
[   90.998689][ T9595]  ? mark_held_locks+0xe0/0xe0
[   91.003442][ T9595]  ? netlink_deliver_tap+0x146/0xb50
[   91.008846][ T9595]  netlink_rcv_skb+0x15a/0x410
[   91.013598][ T9595]  ? rtnl_bridge_getlink+0x870/0x870
[   91.018868][ T9595]  ? netlink_ack+0xa80/0xa80
[   91.023449][ T9595]  netlink_unicast+0x537/0x740
[   91.028260][ T9595]  ? netlink_attachskb+0x810/0x810
[   91.033357][ T9595]  ? _copy_from_iter_full+0x25c/0x870
[   91.038717][ T9595]  ? __phys_addr_symbol+0x2c/0x70
[   91.043724][ T9595]  ? __check_object_size+0x171/0x437
[   91.049016][ T9595]  netlink_sendmsg+0x882/0xe10
[   91.053855][ T9595]  ? aa_af_perm+0x260/0x260
[   91.058382][ T9595]  ? netlink_unicast+0x740/0x740
[   91.063347][ T9595]  ? netlink_unicast+0x740/0x740
[   91.068276][ T9595]  sock_sendmsg+0xcf/0x120
[   91.072698][ T9595]  ____sys_sendmsg+0x6b9/0x7d0
[   91.077453][ T9595]  ? kernel_sendmsg+0x50/0x50
[   91.082116][ T9595]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   91.087653][ T9595]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   91.093623][ T9595]  ___sys_sendmsg+0x100/0x170
[   91.098287][ T9595]  ? sendmsg_copy_msghdr+0x70/0x70
[   91.103384][ T9595]  ? lock_downgrade+0x7f0/0x7f0
[   91.108306][ T9595]  ? lock_acquire+0x197/0x420
[   91.112987][ T9595]  ? __might_fault+0xef/0x1d0
[   91.117651][ T9595]  ? __might_fault+0x190/0x1d0
[   91.122399][ T9595]  ? _copy_to_user+0x107/0x150
[   91.127153][ T9595]  ? move_addr_to_user+0xb3/0x200
[   91.132160][ T9595]  ? __fget_light+0x1a5/0x270
[   91.136848][ T9595]  __sys_sendmsg+0xec/0x1b0
[   91.141353][ T9595]  ? __sys_sendmsg_sock+0xb0/0xb0
[   91.146379][ T9595]  ? mark_held_locks+0x9f/0xe0
[   91.151162][ T9595]  ? trace_hardirqs_off_caller+0x55/0x230
[   91.156870][ T9595]  ? do_syscall_64+0x21/0x790
[   91.161532][ T9595]  do_syscall_64+0xf6/0x790
[   91.166020][ T9595]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   91.171930][ T9595] RIP: 0033:0x440eb9
[   91.176005][ T9595] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   91.195824][ T9595] RSP: 002b:00007ffd55440238 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   91.204218][ T9595] RAX: ffffffffffffffda RBX: 00000000004a2690 RCX: 0000000000440eb9
[   91.212170][ T9595] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[   91.220124][ T9595] RBP: 00000000004a2690 R08: 0000000120080522 R09: 0000000120080522
[   91.228076][ T9595] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004023c0
[   91.236075][ T9595] R13: 0000000000402450 R14: 0000000000000000 R15: 0000000000000000
[   91.245310][ T9595] Kernel Offset: disabled
[   91.249641][ T9595] Rebooting in 86400 seconds..