[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 78.630722][ T27] audit: type=1800 audit(1579612370.613:25): pid=9353 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[ 78.663319][ T27] audit: type=1800 audit(1579612370.613:26): pid=9353 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 78.704318][ T27] audit: type=1800 audit(1579612370.613:27): pid=9353 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.10.48' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 103.338169][ T9507] IPVS: ftp: loaded support on port[0] = 21
[ 103.368046][ T9507] ==================================================================
[ 103.376509][ T9507] BUG: KASAN: slab-out-of-bounds in __nla_put_nohdr+0x46/0x50
[ 103.384085][ T9507] Read of size 12 at addr ffff888096ff0780 by task syz-executor696/9507
[ 103.392477][ T9507]
[ 103.394931][ T9507] CPU: 0 PID: 9507 Comm: syz-executor696 Not tainted 5.5.0-rc6-syzkaller #0
[ 103.403642][ T9507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 103.413684][ T9507] Call Trace:
[ 103.416971][ T9507] dump_stack+0x197/0x210
[ 103.421356][ T9507] ? __nla_put_nohdr+0x46/0x50
[ 103.426142][ T9507] print_address_description.constprop.0.cold+0xd4/0x30b
[ 103.433159][ T9507] ? __nla_put_nohdr+0x46/0x50
[ 103.437920][ T9507] ? __nla_put_nohdr+0x46/0x50
[ 103.442672][ T9507] __kasan_report.cold+0x1b/0x41
[ 103.447599][ T9507] ? __nla_put_nohdr+0x46/0x50
[ 103.452354][ T9507] kasan_report+0x12/0x20
[ 103.456679][ T9507] check_memory_region+0x134/0x1a0
[ 103.461777][ T9507] memcpy+0x24/0x50
[ 103.465585][ T9507] __nla_put_nohdr+0x46/0x50
[ 103.470162][ T9507] nla_put_nohdr+0xf9/0x140
[ 103.474667][ T9507] tcf_em_tree_dump+0x67e/0x960
[ 103.479524][ T9507] ? tcf_em_lookup+0x150/0x150
[ 103.484392][ T9507] ? __nla_put_64bit+0x37/0x40
[ 103.489168][ T9507] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 103.495526][ T9507] ? tcf_exts_dump+0xa2/0x5a0
[ 103.500229][ T9507] basic_dump+0x379/0x690
[ 103.504803][ T9507] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 103.511032][ T9507] ? basic_bind_class+0xb0/0xb0
[ 103.516158][ T9507] ? memcpy+0x46/0x50
[ 103.520616][ T9507] ? nla_put+0x110/0x150
[ 103.524854][ T9507] ? basic_bind_class+0xb0/0xb0
[ 103.529699][ T9507] tcf_fill_node+0x58b/0x970
[ 103.534286][ T9507] ? tcf_get_next_chain+0x50/0x50
[ 103.539308][ T9507] ? __kmalloc_reserve.isra.0+0xf0/0xf0
[ 103.544847][ T9507] ? basic_init+0x1f0/0x1f0
[ 103.549362][ T9507] tfilter_notify+0x134/0x290
[ 103.554055][ T9507] tc_new_tfilter+0xc18/0x2590
[ 103.558818][ T9507] ? basic_init+0x1f0/0x1f0
[ 103.563315][ T9507] ? tc_del_tfilter+0x1560/0x1560
[ 103.568393][ T9507] ? __kasan_check_read+0x11/0x20
[ 103.573407][ T9507] ? __lock_acquire+0x8a0/0x4a00
[ 103.578367][ T9507] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 103.584607][ T9507] ? rtnetlink_rcv_msg+0x7e3/0xaf0
[ 103.589708][ T9507] ? find_held_lock+0x35/0x130
[ 103.594509][ T9507] ? rcu_read_lock_held_common+0x130/0x130
[ 103.600305][ T9507] ? tc_del_tfilter+0x1560/0x1560
[ 103.605356][ T9507] ? __kasan_check_read+0x11/0x20
[ 103.610456][ T9507] ? tc_del_tfilter+0x1560/0x1560
[ 103.615481][ T9507] rtnetlink_rcv_msg+0x824/0xaf0
[ 103.620406][ T9507] ? rtnl_bridge_getlink+0x910/0x910
[ 103.625682][ T9507] ? lock_downgrade+0x920/0x920
[ 103.630728][ T9507] ? netlink_deliver_tap+0x228/0xbe0
[ 103.636011][ T9507] ? find_held_lock+0x35/0x130
[ 103.640773][ T9507] netlink_rcv_skb+0x177/0x450
[ 103.645535][ T9507] ? rtnl_bridge_getlink+0x910/0x910
[ 103.650846][ T9507] ? netlink_ack+0xb50/0xb50
[ 103.655440][ T9507] ? __kasan_check_read+0x11/0x20
[ 103.660516][ T9507] ? netlink_deliver_tap+0x24a/0xbe0
[ 103.665798][ T9507] rtnetlink_rcv+0x1d/0x30
[ 103.670214][ T9507] netlink_unicast+0x58c/0x7d0
[ 103.674969][ T9507] ? netlink_attachskb+0x870/0x870
[ 103.680070][ T9507] ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 103.685780][ T9507] ? __check_object_size+0x3d/0x437
[ 103.691013][ T9507] netlink_sendmsg+0x91c/0xea0
[ 103.695839][ T9507] ? netlink_unicast+0x7d0/0x7d0
[ 103.700776][ T9507] ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 103.706327][ T9507] ? apparmor_socket_sendmsg+0x2a/0x30
[ 103.711781][ T9507] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 103.718015][ T9507] ? security_socket_sendmsg+0x8d/0xc0
[ 103.723573][ T9507] ? netlink_unicast+0x7d0/0x7d0
[ 103.728686][ T9507] sock_sendmsg+0xd7/0x130
[ 103.733095][ T9507] ____sys_sendmsg+0x753/0x880
[ 103.737852][ T9507] ? kernel_sendmsg+0x50/0x50
[ 103.742539][ T9507] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 103.748070][ T9507] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 103.754052][ T9507] ? __lock_acquire+0x16f2/0x4a00
[ 103.759078][ T9507] ___sys_sendmsg+0x100/0x170
[ 103.763747][ T9507] ? sendmsg_copy_msghdr+0x70/0x70
[ 103.768847][ T9507] ? lock_downgrade+0x920/0x920
[ 103.773747][ T9507] ? __kasan_check_read+0x11/0x20
[ 103.778763][ T9507] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 103.785030][ T9507] ? __fget_light+0x1a9/0x230
[ 103.789697][ T9507] ? __fdget+0x1b/0x20
[ 103.793895][ T9507] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 103.800313][ T9507] __sys_sendmsg+0x105/0x1d0
[ 103.805322][ T9507] ? __sys_sendmsg_sock+0xc0/0xc0
[ 103.810346][ T9507] ? down_read_non_owner+0x490/0x490
[ 103.815716][ T9507] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 103.821257][ T9507] ? do_syscall_64+0x26/0x790
[ 103.825924][ T9507] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 103.831999][ T9507] ? do_syscall_64+0x26/0x790
[ 103.836673][ T9507] __x64_sys_sendmsg+0x78/0xb0
[ 103.841585][ T9507] do_syscall_64+0xfa/0x790
[ 103.846131][ T9507] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 103.852134][ T9507] RIP: 0033:0x440dd9
[ 103.856026][ T9507] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 103.875853][ T9507] RSP: 002b:00007ffd12f770f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 103.884478][ T9507] RAX: ffffffffffffffda RBX: 00000000004a25b0 RCX: 0000000000440dd9
[ 103.892446][ T9507] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[ 103.900558][ T9507] RBP: 00000000006cc018 R08: 0000000120080522 R09: 0000000120080522
[ 103.908776][ T9507] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004022e0
[ 103.916790][ T9507] R13: 0000000000402370 R14: 0000000000000000 R15: 0000000000000000
[ 103.924790][ T9507]
[ 103.927155][ T9507] Allocated by task 9507:
[ 103.931484][ T9507] save_stack+0x23/0x90
[ 103.935675][ T9507] __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 103.941295][ T9507] kasan_kmalloc+0x9/0x10
[ 103.945614][ T9507] __kmalloc_track_caller+0x15f/0x760
[ 103.951023][ T9507] kmemdup+0x27/0x60
[ 103.954911][ T9507] em_nbyte_change+0xd6/0x150
[ 103.959661][ T9507] tcf_em_tree_validate+0x9b5/0xf3c
[ 103.964896][ T9507] basic_change+0x513/0x14a0
[ 103.969472][ T9507] tc_new_tfilter+0xbbd/0x2590
[ 103.974225][ T9507] rtnetlink_rcv_msg+0x824/0xaf0
[ 103.979321][ T9507] netlink_rcv_skb+0x177/0x450
[ 103.984072][ T9507] rtnetlink_rcv+0x1d/0x30
[ 103.988479][ T9507] netlink_unicast+0x58c/0x7d0
[ 103.993234][ T9507] netlink_sendmsg+0x91c/0xea0
[ 103.998088][ T9507] sock_sendmsg+0xd7/0x130
[ 104.002640][ T9507] ____sys_sendmsg+0x753/0x880
[ 104.007398][ T9507] ___sys_sendmsg+0x100/0x170
[ 104.012187][ T9507] __sys_sendmsg+0x105/0x1d0
[ 104.017733][ T9507] __x64_sys_sendmsg+0x78/0xb0
[ 104.022842][ T9507] do_syscall_64+0xfa/0x790
[ 104.027360][ T9507] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 104.033243][ T9507]
[ 104.035662][ T9507] Freed by task 4365:
[ 104.039638][ T9507] save_stack+0x23/0x90
[ 104.043785][ T9507] __kasan_slab_free+0x102/0x150
[ 104.048711][ T9507] kasan_slab_free+0xe/0x10
[ 104.053207][ T9507] kfree+0x10a/0x2c0
[ 104.057110][ T9507] tomoyo_check_open_permission+0x19e/0x3e0
[ 104.063000][ T9507] tomoyo_file_open+0xa9/0xd0
[ 104.067720][ T9507] security_file_open+0x71/0x300
[ 104.072744][ T9507] do_dentry_open+0x37a/0x1380
[ 104.077528][ T9507] vfs_open+0xa0/0xd0
[ 104.081499][ T9507] path_openat+0x118b/0x3180
[ 104.086083][ T9507] do_filp_open+0x1a1/0x280
[ 104.090572][ T9507] do_sys_open+0x3fe/0x5d0
[ 104.094975][ T9507] __x64_sys_open+0x7e/0xc0
[ 104.100047][ T9507] do_syscall_64+0xfa/0x790
[ 104.104550][ T9507] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 104.110697][ T9507]
[ 104.113021][ T9507] The buggy address belongs to the object at ffff888096ff0780
[ 104.113021][ T9507] which belongs to the cache kmalloc-32 of size 32
[ 104.126905][ T9507] The buggy address is located 0 bytes inside of
[ 104.126905][ T9507] 32-byte region [ffff888096ff0780, ffff888096ff07a0)
[ 104.140125][ T9507] The buggy address belongs to the page:
[ 104.145821][ T9507] page:ffffea00025bfc00 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff888096ff0fc1
[ 104.156386][ T9507] raw: 00fffe0000000200 ffffea000253ec08 ffff8880aa401238 ffff8880aa4001c0
[ 104.164964][ T9507] raw: ffff888096ff0fc1 ffff888096ff0000 0000000100000030 0000000000000000
[ 104.173535][ T9507] page dumped because: kasan: bad access detected
[ 104.179962][ T9507]
[ 104.182277][ T9507] Memory state around the buggy address:
[ 104.187935][ T9507] ffff888096ff0680: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[ 104.196168][ T9507] ffff888096ff0700: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[ 104.204335][ T9507] >ffff888096ff0780: 04 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc
[ 104.212434][ T9507] ^
[ 104.216503][ T9507] ffff888096ff0800: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[ 104.224558][ T9507] ffff888096ff0880: 00 00 00 00 fc fc fc fc 00 00 fc fc fc fc fc fc
[ 104.232661][ T9507] ==================================================================
[ 104.240720][ T9507] Disabling lock debugging due to kernel taint
[ 104.247812][ T9507] Kernel panic - not syncing: panic_on_warn set ...
[ 104.254421][ T9507] CPU: 0 PID: 9507 Comm: syz-executor696 Tainted: G B 5.5.0-rc6-syzkaller #0
[ 104.264554][ T9507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 104.274739][ T9507] Call Trace:
[ 104.278020][ T9507] dump_stack+0x197/0x210
[ 104.282471][ T9507] panic+0x2e3/0x75c
[ 104.286366][ T9507] ? add_taint.cold+0x16/0x16
[ 104.291089][ T9507] ? __nla_put_nohdr+0x46/0x50
[ 104.295901][ T9507] ? preempt_schedule+0x4b/0x60
[ 104.300738][ T9507] ? ___preempt_schedule+0x16/0x18
[ 104.305871][ T9507] ? trace_hardirqs_on+0x5e/0x240
[ 104.311064][ T9507] ? __nla_put_nohdr+0x46/0x50
[ 104.315905][ T9507] end_report+0x47/0x4f
[ 104.320045][ T9507] ? __nla_put_nohdr+0x46/0x50
[ 104.324798][ T9507] __kasan_report.cold+0xe/0x41
[ 104.329670][ T9507] ? __nla_put_nohdr+0x46/0x50
[ 104.334430][ T9507] kasan_report+0x12/0x20
[ 104.338753][ T9507] check_memory_region+0x134/0x1a0
[ 104.343856][ T9507] memcpy+0x24/0x50
[ 104.347657][ T9507] __nla_put_nohdr+0x46/0x50
[ 104.352362][ T9507] nla_put_nohdr+0xf9/0x140
[ 104.356990][ T9507] tcf_em_tree_dump+0x67e/0x960
[ 104.362189][ T9507] ? tcf_em_lookup+0x150/0x150
[ 104.366955][ T9507] ? __nla_put_64bit+0x37/0x40
[ 104.371709][ T9507] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 104.377939][ T9507] ? tcf_exts_dump+0xa2/0x5a0
[ 104.382615][ T9507] basic_dump+0x379/0x690
[ 104.387061][ T9507] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 104.393034][ T9507] ? basic_bind_class+0xb0/0xb0
[ 104.397965][ T9507] ? memcpy+0x46/0x50
[ 104.401941][ T9507] ? nla_put+0x110/0x150
[ 104.406183][ T9507] ? basic_bind_class+0xb0/0xb0
[ 104.411122][ T9507] tcf_fill_node+0x58b/0x970
[ 104.415702][ T9507] ? tcf_get_next_chain+0x50/0x50
[ 104.420713][ T9507] ? __kmalloc_reserve.isra.0+0xf0/0xf0
[ 104.426245][ T9507] ? basic_init+0x1f0/0x1f0
[ 104.430740][ T9507] tfilter_notify+0x134/0x290
[ 104.435409][ T9507] tc_new_tfilter+0xc18/0x2590
[ 104.440316][ T9507] ? basic_init+0x1f0/0x1f0
[ 104.444809][ T9507] ? tc_del_tfilter+0x1560/0x1560
[ 104.449826][ T9507] ? __kasan_check_read+0x11/0x20
[ 104.455089][ T9507] ? __lock_acquire+0x8a0/0x4a00
[ 104.460014][ T9507] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 104.466245][ T9507] ? rtnetlink_rcv_msg+0x7e3/0xaf0
[ 104.471466][ T9507] ? find_held_lock+0x35/0x130
[ 104.476221][ T9507] ? rcu_read_lock_held_common+0x130/0x130
[ 104.482215][ T9507] ? tc_del_tfilter+0x1560/0x1560
[ 104.487484][ T9507] ? __kasan_check_read+0x11/0x20
[ 104.492514][ T9507] ? tc_del_tfilter+0x1560/0x1560
[ 104.497542][ T9507] rtnetlink_rcv_msg+0x824/0xaf0
[ 104.502476][ T9507] ? rtnl_bridge_getlink+0x910/0x910
[ 104.507928][ T9507] ? lock_downgrade+0x920/0x920
[ 104.512778][ T9507] ? netlink_deliver_tap+0x228/0xbe0
[ 104.518057][ T9507] ? find_held_lock+0x35/0x130
[ 104.523106][ T9507] netlink_rcv_skb+0x177/0x450
[ 104.527993][ T9507] ? rtnl_bridge_getlink+0x910/0x910
[ 104.533278][ T9507] ? netlink_ack+0xb50/0xb50
[ 104.537873][ T9507] ? __kasan_check_read+0x11/0x20
[ 104.543183][ T9507] ? netlink_deliver_tap+0x24a/0xbe0
[ 104.548625][ T9507] rtnetlink_rcv+0x1d/0x30
[ 104.553033][ T9507] netlink_unicast+0x58c/0x7d0
[ 104.557800][ T9507] ? netlink_attachskb+0x870/0x870
[ 104.563164][ T9507] ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 104.568885][ T9507] ? __check_object_size+0x3d/0x437
[ 104.574077][ T9507] netlink_sendmsg+0x91c/0xea0
[ 104.579017][ T9507] ? netlink_unicast+0x7d0/0x7d0
[ 104.584132][ T9507] ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 104.589671][ T9507] ? apparmor_socket_sendmsg+0x2a/0x30
[ 104.595447][ T9507] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 104.601759][ T9507] ? security_socket_sendmsg+0x8d/0xc0
[ 104.607614][ T9507] ? netlink_unicast+0x7d0/0x7d0
[ 104.612553][ T9507] sock_sendmsg+0xd7/0x130
[ 104.616963][ T9507] ____sys_sendmsg+0x753/0x880
[ 104.621934][ T9507] ? kernel_sendmsg+0x50/0x50
[ 104.626604][ T9507] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 104.632175][ T9507] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 104.638274][ T9507] ? __lock_acquire+0x16f2/0x4a00
[ 104.643677][ T9507] ___sys_sendmsg+0x100/0x170
[ 104.648373][ T9507] ? sendmsg_copy_msghdr+0x70/0x70
[ 104.653478][ T9507] ? lock_downgrade+0x920/0x920
[ 104.658321][ T9507] ? __kasan_check_read+0x11/0x20
[ 104.663495][ T9507] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 104.670000][ T9507] ? __fget_light+0x1a9/0x230
[ 104.674665][ T9507] ? __fdget+0x1b/0x20
[ 104.678734][ T9507] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 104.684976][ T9507] __sys_sendmsg+0x105/0x1d0
[ 104.689634][ T9507] ? __sys_sendmsg_sock+0xc0/0xc0
[ 104.694763][ T9507] ? down_read_non_owner+0x490/0x490
[ 104.700052][ T9507] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 104.705795][ T9507] ? do_syscall_64+0x26/0x790
[ 104.710665][ T9507] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 104.716843][ T9507] ? do_syscall_64+0x26/0x790
[ 104.721668][ T9507] __x64_sys_sendmsg+0x78/0xb0
[ 104.726586][ T9507] do_syscall_64+0xfa/0x790
[ 104.731082][ T9507] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 104.737117][ T9507] RIP: 0033:0x440dd9
[ 104.741015][ T9507] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 104.761385][ T9507] RSP: 002b:00007ffd12f770f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 104.769906][ T9507] RAX: ffffffffffffffda RBX: 00000000004a25b0 RCX: 0000000000440dd9
[ 104.777936][ T9507] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[ 104.786049][ T9507] RBP: 00000000006cc018 R08: 0000000120080522 R09: 0000000120080522
[ 104.794015][ T9507] R10: 0000000120080522 R11: 0000000000000246 R12: 00000000004022e0
[ 104.802131][ T9507] R13: 0000000000402370 R14: 0000000000000000 R15: 0000000000000000
[ 104.812089][ T9507] Kernel Offset: disabled
[ 104.816436][ T9507] Rebooting in 86400 seconds..