[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   74.254520][   T27] audit: type=1800 audit(1583909692.020:25): pid=9221 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   74.288806][   T27] audit: type=1800 audit(1583909692.030:26): pid=9221 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   74.312202][   T27] audit: type=1800 audit(1583909692.030:27): pid=9221 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   84.346039][ T9375] IPVS: ftp: loaded support on port[0] = 21
[   84.381469][ T9375] ==================================================================
[   84.391125][ T9375] BUG: KASAN: slab-out-of-bounds in tcindex_set_parms+0x17fd/0x1a00
[   84.402630][ T9375] Write of size 16 at addr ffff8880a12743b8 by task syz-executor099/9375
[   84.412249][ T9375] 
[   84.415153][ T9375] CPU: 1 PID: 9375 Comm: syz-executor099 Not tainted 5.6.0-rc3-syzkaller #0
[   84.424762][ T9375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   84.435551][ T9375] Call Trace:
[   84.439043][ T9375]  dump_stack+0x188/0x20d
[   84.444010][ T9375]  ? tcindex_set_parms+0x17fd/0x1a00
[   84.449924][ T9375]  ? tcindex_set_parms+0x17fd/0x1a00
[   84.455339][ T9375]  print_address_description.constprop.0.cold+0xd3/0x315
[   84.462385][ T9375]  ? tcindex_set_parms+0x17fd/0x1a00
[   84.467873][ T9375]  ? tcindex_set_parms+0x17fd/0x1a00
[   84.473148][ T9375]  __kasan_report.cold+0x1a/0x32
[   84.478396][ T9375]  ? tcindex_set_parms+0x17fd/0x1a00
[   84.484194][ T9375]  kasan_report+0xe/0x20
[   84.488639][ T9375]  tcindex_set_parms+0x17fd/0x1a00
[   84.493763][ T9375]  ? tcindex_alloc_perfect_hash+0x320/0x320
[   84.499918][ T9375]  ? mark_held_locks+0xe0/0xe0
[   84.504951][ T9375]  ? nla_memcpy+0xa0/0xa0
[   84.510039][ T9375]  ? tcindex_change+0x203/0x2e0
[   84.515792][ T9375]  tcindex_change+0x203/0x2e0
[   84.521117][ T9375]  ? tcindex_set_parms+0x1a00/0x1a00
[   84.526972][ T9375]  tc_new_tfilter+0xa59/0x20b0
[   84.532142][ T9375]  ? tcindex_set_parms+0x1a00/0x1a00
[   84.540145][ T9375]  ? tc_del_tfilter+0x1430/0x1430
[   84.546456][ T9375]  ? __lock_acquire+0x80b/0x3ca0
[   84.552699][ T9375]  ? apparmor_capable+0x454/0x8a0
[   84.557914][ T9375]  ? rcu_read_lock_held+0x9c/0xb0
[   84.563236][ T9375]  ? tc_del_tfilter+0x1430/0x1430
[   84.568704][ T9375]  rtnetlink_rcv_msg+0x810/0xad0
[   84.575045][ T9375]  ? rtnl_bridge_getlink+0x880/0x880
[   84.581985][ T9375]  ? mark_held_locks+0xe0/0xe0
[   84.586838][ T9375]  ? netlink_deliver_tap+0x146/0xb50
[   84.593525][ T9375]  netlink_rcv_skb+0x15a/0x410
[   84.598464][ T9375]  ? rtnl_bridge_getlink+0x880/0x880
[   84.603924][ T9375]  ? netlink_ack+0xa80/0xa80
[   84.608604][ T9375]  netlink_unicast+0x537/0x740
[   84.613544][ T9375]  ? netlink_attachskb+0x810/0x810
[   84.619157][ T9375]  ? _copy_from_iter_full+0x25c/0x870
[   84.626042][ T9375]  ? __phys_addr_symbol+0x2c/0x70
[   84.631236][ T9375]  ? __check_object_size+0x171/0x437
[   84.637385][ T9375]  netlink_sendmsg+0x882/0xe10
[   84.644356][ T9375]  ? aa_af_perm+0x260/0x260
[   84.649251][ T9375]  ? netlink_unicast+0x740/0x740
[   84.654461][ T9375]  ? netlink_unicast+0x740/0x740
[   84.659878][ T9375]  sock_sendmsg+0xcf/0x120
[   84.668057][ T9375]  ____sys_sendmsg+0x6b9/0x7d0
[   84.673564][ T9375]  ? kernel_sendmsg+0x50/0x50
[   84.678666][ T9375]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   84.684488][ T9375]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   84.690717][ T9375]  ___sys_sendmsg+0x100/0x170
[   84.695502][ T9375]  ? sendmsg_copy_msghdr+0x70/0x70
[   84.700697][ T9375]  ? lock_downgrade+0x7f0/0x7f0
[   84.706617][ T9375]  ? lock_acquire+0x197/0x420
[   84.711404][ T9375]  ? __might_fault+0xef/0x1d0
[   84.716121][ T9375]  ? __might_fault+0x190/0x1d0
[   84.720965][ T9375]  ? _copy_to_user+0x107/0x150
[   84.725760][ T9375]  ? move_addr_to_user+0xb3/0x200
[   84.730876][ T9375]  ? __fget_light+0x1a5/0x270
[   84.735735][ T9375]  __sys_sendmsg+0xec/0x1b0
[   84.740694][ T9375]  ? __sys_sendmsg_sock+0xb0/0xb0
[   84.746285][ T9375]  ? mark_held_locks+0x9f/0xe0
[   84.751084][ T9375]  ? trace_hardirqs_off_caller+0x55/0x230
[   84.758223][ T9375]  ? do_syscall_64+0x21/0x790
[   84.763116][ T9375]  do_syscall_64+0xf6/0x790
[   84.768005][ T9375]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   84.775070][ T9375] RIP: 0033:0x440eb9
[   84.778955][ T9375] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   84.803738][ T9375] RSP: 002b:00007ffd030b42a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   84.812576][ T9375] RAX: ffffffffffffffda RBX: 00000000004a2690 RCX: 0000000000440eb9
[   84.821147][ T9375] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[   84.829675][ T9375] RBP: 00000000004a2690 R08: 0000000120080522 R09: 0000000120080522
[   84.837729][ T9375] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004023c0
[   84.846279][ T9375] R13: 0000000000402450 R14: 0000000000000000 R15: 0000000000000000
[   84.854645][ T9375] 
[   84.856994][ T9375] Allocated by task 9375:
[   84.861719][ T9375]  save_stack+0x1b/0x80
[   84.865986][ T9375]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   84.871740][ T9375]  kmem_cache_alloc_trace+0x153/0x7d0
[   84.877154][ T9375]  tcindex_set_parms+0x1f1/0x1a00
[   84.882344][ T9375]  tcindex_change+0x203/0x2e0
[   84.887115][ T9375]  tc_new_tfilter+0xa59/0x20b0
[   84.891870][ T9375]  rtnetlink_rcv_msg+0x810/0xad0
[   84.896923][ T9375]  netlink_rcv_skb+0x15a/0x410
[   84.901678][ T9375]  netlink_unicast+0x537/0x740
[   84.906767][ T9375]  netlink_sendmsg+0x882/0xe10
[   84.911853][ T9375]  sock_sendmsg+0xcf/0x120
[   84.916260][ T9375]  ____sys_sendmsg+0x6b9/0x7d0
[   84.921390][ T9375]  ___sys_sendmsg+0x100/0x170
[   84.926297][ T9375]  __sys_sendmsg+0xec/0x1b0
[   84.931168][ T9375]  do_syscall_64+0xf6/0x790
[   84.936084][ T9375]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   84.941966][ T9375] 
[   84.944285][ T9375] Freed by task 2677:
[   84.948442][ T9375]  save_stack+0x1b/0x80
[   84.952592][ T9375]  __kasan_slab_free+0xf7/0x140
[   84.957435][ T9375]  kfree+0x109/0x2b0
[   84.961368][ T9375]  umh_complete+0x81/0x90
[   84.965716][ T9375]  call_usermodehelper_exec_async+0x459/0x710
[   84.971769][ T9375]  ret_from_fork+0x24/0x30
[   84.976201][ T9375] 
[   84.978572][ T9375] The buggy address belongs to the object at ffff8880a1274300
[   84.978572][ T9375]  which belongs to the cache kmalloc-192 of size 192
[   84.993133][ T9375] The buggy address is located 184 bytes inside of
[   84.993133][ T9375]  192-byte region [ffff8880a1274300, ffff8880a12743c0)
[   85.006442][ T9375] The buggy address belongs to the page:
[   85.012331][ T9375] page:ffffea0002849d00 refcount:1 mapcount:0 mapping:ffff8880aa000000 index:0x0
[   85.021767][ T9375] flags: 0xfffe0000000200(slab)
[   85.026655][ T9375] raw: 00fffe0000000200 ffffea000287c788 ffff8880aa001148 ffff8880aa000000
[   85.035234][ T9375] raw: 0000000000000000 ffff8880a1274000 0000000100000010 0000000000000000
[   85.044091][ T9375] page dumped because: kasan: bad access detected
[   85.050529][ T9375] 
[   85.052843][ T9375] Memory state around the buggy address:
[   85.058463][ T9375]  ffff8880a1274280: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   85.066730][ T9375]  ffff8880a1274300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   85.074999][ T9375] >ffff8880a1274380: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   85.083060][ T9375]                                         ^
[   85.088984][ T9375]  ffff8880a1274400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   85.097037][ T9375]  ffff8880a1274480: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   85.105198][ T9375] ==================================================================
[   85.113245][ T9375] Disabling lock debugging due to kernel taint
[   85.119837][ T9375] Kernel panic - not syncing: panic_on_warn set ...
[   85.126429][ T9375] CPU: 1 PID: 9375 Comm: syz-executor099 Tainted: G    B             5.6.0-rc3-syzkaller #0
[   85.136595][ T9375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.146812][ T9375] Call Trace:
[   85.150095][ T9375]  dump_stack+0x188/0x20d
[   85.154420][ T9375]  panic+0x2e3/0x75c
[   85.158302][ T9375]  ? add_taint.cold+0x16/0x16
[   85.162984][ T9375]  ? preempt_schedule_common+0x5e/0xc0
[   85.168430][ T9375]  ? tcindex_set_parms+0x17fd/0x1a00
[   85.173814][ T9375]  ? ___preempt_schedule+0x16/0x18
[   85.178915][ T9375]  ? trace_hardirqs_on+0x55/0x220
[   85.183928][ T9375]  ? tcindex_set_parms+0x17fd/0x1a00
[   85.189216][ T9375]  end_report+0x43/0x49
[   85.193362][ T9375]  ? tcindex_set_parms+0x17fd/0x1a00
[   85.198782][ T9375]  __kasan_report.cold+0xd/0x32
[   85.203659][ T9375]  ? tcindex_set_parms+0x17fd/0x1a00
[   85.209150][ T9375]  kasan_report+0xe/0x20
[   85.213395][ T9375]  tcindex_set_parms+0x17fd/0x1a00
[   85.218852][ T9375]  ? tcindex_alloc_perfect_hash+0x320/0x320
[   85.224975][ T9375]  ? mark_held_locks+0xe0/0xe0
[   85.229787][ T9375]  ? nla_memcpy+0xa0/0xa0
[   85.234107][ T9375]  ? tcindex_change+0x203/0x2e0
[   85.238945][ T9375]  tcindex_change+0x203/0x2e0
[   85.243706][ T9375]  ? tcindex_set_parms+0x1a00/0x1a00
[   85.248989][ T9375]  tc_new_tfilter+0xa59/0x20b0
[   85.253739][ T9375]  ? tcindex_set_parms+0x1a00/0x1a00
[   85.259285][ T9375]  ? tc_del_tfilter+0x1430/0x1430
[   85.264300][ T9375]  ? __lock_acquire+0x80b/0x3ca0
[   85.269243][ T9375]  ? apparmor_capable+0x454/0x8a0
[   85.274565][ T9375]  ? rcu_read_lock_held+0x9c/0xb0
[   85.279714][ T9375]  ? tc_del_tfilter+0x1430/0x1430
[   85.284782][ T9375]  rtnetlink_rcv_msg+0x810/0xad0
[   85.289849][ T9375]  ? rtnl_bridge_getlink+0x880/0x880
[   85.295332][ T9375]  ? mark_held_locks+0xe0/0xe0
[   85.300089][ T9375]  ? netlink_deliver_tap+0x146/0xb50
[   85.305478][ T9375]  netlink_rcv_skb+0x15a/0x410
[   85.310284][ T9375]  ? rtnl_bridge_getlink+0x880/0x880
[   85.315558][ T9375]  ? netlink_ack+0xa80/0xa80
[   85.320141][ T9375]  netlink_unicast+0x537/0x740
[   85.324897][ T9375]  ? netlink_attachskb+0x810/0x810
[   85.330046][ T9375]  ? _copy_from_iter_full+0x25c/0x870
[   85.335445][ T9375]  ? __phys_addr_symbol+0x2c/0x70
[   85.340532][ T9375]  ? __check_object_size+0x171/0x437
[   85.345827][ T9375]  netlink_sendmsg+0x882/0xe10
[   85.350638][ T9375]  ? aa_af_perm+0x260/0x260
[   85.355129][ T9375]  ? netlink_unicast+0x740/0x740
[   85.360071][ T9375]  ? netlink_unicast+0x740/0x740
[   85.365094][ T9375]  sock_sendmsg+0xcf/0x120
[   85.369507][ T9375]  ____sys_sendmsg+0x6b9/0x7d0
[   85.374266][ T9375]  ? kernel_sendmsg+0x50/0x50
[   85.378936][ T9375]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   85.384506][ T9375]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   85.390481][ T9375]  ___sys_sendmsg+0x100/0x170
[   85.395150][ T9375]  ? sendmsg_copy_msghdr+0x70/0x70
[   85.400255][ T9375]  ? lock_downgrade+0x7f0/0x7f0
[   85.405094][ T9375]  ? lock_acquire+0x197/0x420
[   85.409758][ T9375]  ? __might_fault+0xef/0x1d0
[   85.414423][ T9375]  ? __might_fault+0x190/0x1d0
[   85.419172][ T9375]  ? _copy_to_user+0x107/0x150
[   85.423926][ T9375]  ? move_addr_to_user+0xb3/0x200
[   85.428939][ T9375]  ? __fget_light+0x1a5/0x270
[   85.433603][ T9375]  __sys_sendmsg+0xec/0x1b0
[   85.438092][ T9375]  ? __sys_sendmsg_sock+0xb0/0xb0
[   85.443159][ T9375]  ? mark_held_locks+0x9f/0xe0
[   85.447914][ T9375]  ? trace_hardirqs_off_caller+0x55/0x230
[   85.453926][ T9375]  ? do_syscall_64+0x21/0x790
[   85.458738][ T9375]  do_syscall_64+0xf6/0x790
[   85.463414][ T9375]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   85.469514][ T9375] RIP: 0033:0x440eb9
[   85.473514][ T9375] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   85.493879][ T9375] RSP: 002b:00007ffd030b42a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   85.502319][ T9375] RAX: ffffffffffffffda RBX: 00000000004a2690 RCX: 0000000000440eb9
[   85.510387][ T9375] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[   85.518528][ T9375] RBP: 00000000004a2690 R08: 0000000120080522 R09: 0000000120080522
[   85.526746][ T9375] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004023c0
[   85.534784][ T9375] R13: 0000000000402450 R14: 0000000000000000 R15: 0000000000000000
[   85.544586][ T9375] Kernel Offset: disabled
[   85.548921][ T9375] Rebooting in 86400 seconds..