[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   65.881560][   T26] audit: type=1800 audit(1558246247.431:25): pid=8823 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   65.911134][   T26] audit: type=1800 audit(1558246247.441:26): pid=8823 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   65.947689][   T26] audit: type=1800 audit(1558246247.441:27): pid=8823 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.54' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   76.291006][ T8979] ==================================================================
[   76.299092][ T8979] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x3ba2/0x5490
[   76.306782][ T8979] Read of size 8 at addr ffff88809b5dd740 by task syz-executor643/8979
[   76.314985][ T8979] 
[   76.317296][ T8979] CPU: 1 PID: 8979 Comm: syz-executor643 Not tainted 5.1.0+ #19
[   76.324899][ T8979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   76.334930][ T8979] Call Trace:
[   76.338202][ T8979]  dump_stack+0x172/0x1f0
[   76.342509][ T8979]  ? __lock_acquire+0x3ba2/0x5490
[   76.347515][ T8979]  print_address_description.cold+0x7c/0x20d
[   76.353476][ T8979]  ? __lock_acquire+0x3ba2/0x5490
[   76.358477][ T8979]  ? __lock_acquire+0x3ba2/0x5490
[   76.363476][ T8979]  __kasan_report.cold+0x1b/0x40
[   76.368393][ T8979]  ? __lock_acquire+0x3ba2/0x5490
[   76.373401][ T8979]  kasan_report+0x12/0x20
[   76.377715][ T8979]  __asan_report_load8_noabort+0x14/0x20
[   76.383327][ T8979]  __lock_acquire+0x3ba2/0x5490
[   76.388156][ T8979]  ? sock_diag_rcv+0x2b/0x40
[   76.392724][ T8979]  ? netlink_unicast+0x531/0x710
[   76.397635][ T8979]  ? netlink_sendmsg+0x8ae/0xd70
[   76.402551][ T8979]  ? sock_sendmsg+0xd7/0x130
[   76.407118][ T8979]  ? ___sys_sendmsg+0x803/0x920
[   76.411954][ T8979]  ? __sys_sendmsg+0x105/0x1d0
[   76.416690][ T8979]  ? __x64_sys_sendmsg+0x78/0xb0
[   76.421615][ T8979]  ? do_syscall_64+0xfd/0x680
[   76.426270][ T8979]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.432315][ T8979]  ? mark_held_locks+0xf0/0xf0
[   76.437060][ T8979]  ? mark_held_locks+0xf0/0xf0
[   76.441805][ T8979]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   76.447427][ T8979]  ? find_held_lock+0x35/0x130
[   76.452183][ T8979]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   76.457818][ T8979]  lock_acquire+0x16f/0x3f0
[   76.462333][ T8979]  ? rhashtable_walk_enter+0xf9/0x390
[   76.467699][ T8979]  _raw_spin_lock+0x2f/0x40
[   76.472184][ T8979]  ? rhashtable_walk_enter+0xf9/0x390
[   76.477553][ T8979]  rhashtable_walk_enter+0xf9/0x390
[   76.482749][ T8979]  __tipc_dump_start+0x1fa/0x3c0
[   76.487869][ T8979]  tipc_dump_start+0x70/0x90
[   76.492442][ T8979]  __netlink_dump_start+0x4f8/0x7d0
[   76.497622][ T8979]  ? __tipc_dump_start+0x3c0/0x3c0
[   76.502716][ T8979]  tipc_sock_diag_handler_dump+0x1d9/0x270
[   76.508590][ T8979]  ? __tipc_diag_gen_cookie+0x90/0x90
[   76.513941][ T8979]  ? sock_diag_rcv+0x1c/0x40
[   76.518510][ T8979]  ? __tipc_dump_start+0x3c0/0x3c0
[   76.523601][ T8979]  ? tipc_unregister_sysctl+0x20/0x20
[   76.528974][ T8979]  ? tipc_ioctl+0x2e0/0x2e0
[   76.533469][ T8979]  sock_diag_rcv_msg+0x319/0x410
[   76.538390][ T8979]  netlink_rcv_skb+0x177/0x450
[   76.543138][ T8979]  ? sock_diag_bind+0x80/0x80
[   76.547798][ T8979]  ? netlink_ack+0xb50/0xb50
[   76.552371][ T8979]  ? kasan_check_read+0x11/0x20
[   76.557200][ T8979]  ? netlink_deliver_tap+0x254/0xbf0
[   76.562470][ T8979]  sock_diag_rcv+0x2b/0x40
[   76.566868][ T8979]  netlink_unicast+0x531/0x710
[   76.571617][ T8979]  ? netlink_attachskb+0x770/0x770
[   76.576723][ T8979]  ? _copy_from_iter_full+0x25d/0x8c0
[   76.582073][ T8979]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   76.587776][ T8979]  ? __check_object_size+0x3d/0x42f
[   76.592951][ T8979]  netlink_sendmsg+0x8ae/0xd70
[   76.597731][ T8979]  ? netlink_unicast+0x710/0x710
[   76.602646][ T8979]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   76.608177][ T8979]  ? apparmor_socket_sendmsg+0x2a/0x30
[   76.613621][ T8979]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.619844][ T8979]  ? security_socket_sendmsg+0x8d/0xc0
[   76.625280][ T8979]  ? netlink_unicast+0x710/0x710
[   76.630197][ T8979]  sock_sendmsg+0xd7/0x130
[   76.634593][ T8979]  ___sys_sendmsg+0x803/0x920
[   76.639269][ T8979]  ? copy_msghdr_from_user+0x430/0x430
[   76.644711][ T8979]  ? prep_transhuge_page+0xa0/0xa0
[   76.649813][ T8979]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.656142][ T8979]  ? __handle_mm_fault+0x7cb/0x3eb0
[   76.661327][ T8979]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.667551][ T8979]  ? __fget_light+0x1a9/0x230
[   76.672208][ T8979]  ? __fdget+0x1b/0x20
[   76.676300][ T8979]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   76.682536][ T8979]  __sys_sendmsg+0x105/0x1d0
[   76.687109][ T8979]  ? __ia32_sys_shutdown+0x80/0x80
[   76.692227][ T8979]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   76.697668][ T8979]  ? do_syscall_64+0x26/0x680
[   76.702331][ T8979]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.708386][ T8979]  ? do_syscall_64+0x26/0x680
[   76.713064][ T8979]  __x64_sys_sendmsg+0x78/0xb0
[   76.717811][ T8979]  do_syscall_64+0xfd/0x680
[   76.722300][ T8979]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.728188][ T8979] RIP: 0033:0x4401f9
[   76.732070][ T8979] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   76.751684][ T8979] RSP: 002b:00007ffc06ca04c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   76.760082][ T8979] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401f9
[   76.768056][ T8979] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[   76.776028][ T8979] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   76.783998][ T8979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a80
[   76.791970][ T8979] R13: 0000000000401b10 R14: 0000000000000000 R15: 0000000000000000
[   76.799941][ T8979] 
[   76.802249][ T8979] Allocated by task 8957:
[   76.806558][ T8979]  save_stack+0x23/0x90
[   76.810711][ T8979]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   76.816323][ T8979]  kasan_kmalloc+0x9/0x10
[   76.820635][ T8979]  __kmalloc+0x15c/0x740
[   76.824883][ T8979]  load_elf_phdrs+0x142/0x1f0
[   76.829642][ T8979]  load_elf_binary+0x946/0x53f0
[   76.834561][ T8979]  search_binary_handler+0x179/0x570
[   76.839909][ T8979]  __do_execve_file.isra.0+0x1394/0x23a0
[   76.845512][ T8979]  __x64_sys_execve+0x8f/0xc0
[   76.850165][ T8979]  do_syscall_64+0xfd/0x680
[   76.854645][ T8979]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.860521][ T8979] 
[   76.862825][ T8979] Freed by task 8957:
[   76.866798][ T8979]  save_stack+0x23/0x90
[   76.870932][ T8979]  __kasan_slab_free+0x102/0x150
[   76.875844][ T8979]  kasan_slab_free+0xe/0x10
[   76.880325][ T8979]  kfree+0xcf/0x220
[   76.884110][ T8979]  load_elf_binary+0x24c8/0x53f0
[   76.889094][ T8979]  search_binary_handler+0x179/0x570
[   76.894370][ T8979]  __do_execve_file.isra.0+0x1394/0x23a0
[   76.900085][ T8979]  __x64_sys_execve+0x8f/0xc0
[   76.904782][ T8979]  do_syscall_64+0xfd/0x680
[   76.909265][ T8979]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.915126][ T8979] 
[   76.917459][ T8979] The buggy address belongs to the object at ffff88809b5dd540
[   76.917459][ T8979]  which belongs to the cache kmalloc-512 of size 512
[   76.931492][ T8979] The buggy address is located 0 bytes to the right of
[   76.931492][ T8979]  512-byte region [ffff88809b5dd540, ffff88809b5dd740)
[   76.945089][ T8979] The buggy address belongs to the page:
[   76.950708][ T8979] page:ffffea00026d7740 count:1 mapcount:0 mapping:ffff8880aa400940 index:0x0
[   76.959547][ T8979] flags: 0x1fffc0000000200(slab)
[   76.964474][ T8979] raw: 01fffc0000000200 ffffea00026ba908 ffffea00026d7888 ffff8880aa400940
[   76.973038][ T8979] raw: 0000000000000000 ffff88809b5dd040 0000000100000006 0000000000000000
[   76.981604][ T8979] page dumped because: kasan: bad access detected
[   76.988012][ T8979] 
[   76.990319][ T8979] Memory state around the buggy address:
[   76.995940][ T8979]  ffff88809b5dd600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   77.003983][ T8979]  ffff88809b5dd680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   77.012029][ T8979] >ffff88809b5dd700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   77.020068][ T8979]                                            ^
[   77.026226][ T8979]  ffff88809b5dd780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   77.034429][ T8979]  ffff88809b5dd800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   77.042472][ T8979] ==================================================================
[   77.050511][ T8979] Disabling lock debugging due to kernel taint
[   77.056636][ T8979] Kernel panic - not syncing: panic_on_warn set ...
[   77.063222][ T8979] CPU: 1 PID: 8979 Comm: syz-executor643 Tainted: G    B             5.1.0+ #19
[   77.072212][ T8979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   77.082261][ T8979] Call Trace:
[   77.085554][ T8979]  dump_stack+0x172/0x1f0
[   77.089891][ T8979]  panic+0x2cb/0x646
[   77.093781][ T8979]  ? __warn_printk+0xf3/0xf3
[   77.098354][ T8979]  ? lock_downgrade+0x880/0x880
[   77.103180][ T8979]  ? __lock_acquire+0x3ba2/0x5490
[   77.108183][ T8979]  ? trace_hardirqs_off+0x62/0x220
[   77.113268][ T8979]  ? trace_hardirqs_off+0x59/0x220
[   77.118358][ T8979]  ? __lock_acquire+0x3ba2/0x5490
[   77.123384][ T8979]  end_report+0x47/0x4f
[   77.127521][ T8979]  ? __lock_acquire+0x3ba2/0x5490
[   77.132522][ T8979]  __kasan_report.cold+0xe/0x40
[   77.137365][ T8979]  ? __lock_acquire+0x3ba2/0x5490
[   77.142470][ T8979]  kasan_report+0x12/0x20
[   77.146778][ T8979]  __asan_report_load8_noabort+0x14/0x20
[   77.152965][ T8979]  __lock_acquire+0x3ba2/0x5490
[   77.157801][ T8979]  ? sock_diag_rcv+0x2b/0x40
[   77.162372][ T8979]  ? netlink_unicast+0x531/0x710
[   77.167286][ T8979]  ? netlink_sendmsg+0x8ae/0xd70
[   77.172374][ T8979]  ? sock_sendmsg+0xd7/0x130
[   77.176958][ T8979]  ? ___sys_sendmsg+0x803/0x920
[   77.181788][ T8979]  ? __sys_sendmsg+0x105/0x1d0
[   77.186528][ T8979]  ? __x64_sys_sendmsg+0x78/0xb0
[   77.191464][ T8979]  ? do_syscall_64+0xfd/0x680
[   77.196121][ T8979]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   77.202171][ T8979]  ? mark_held_locks+0xf0/0xf0
[   77.212614][ T8979]  ? mark_held_locks+0xf0/0xf0
[   77.217457][ T8979]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   77.223074][ T8979]  ? find_held_lock+0x35/0x130
[   77.227816][ T8979]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   77.233429][ T8979]  lock_acquire+0x16f/0x3f0
[   77.237912][ T8979]  ? rhashtable_walk_enter+0xf9/0x390
[   77.243262][ T8979]  _raw_spin_lock+0x2f/0x40
[   77.247747][ T8979]  ? rhashtable_walk_enter+0xf9/0x390
[   77.253114][ T8979]  rhashtable_walk_enter+0xf9/0x390
[   77.258316][ T8979]  __tipc_dump_start+0x1fa/0x3c0
[   77.263243][ T8979]  tipc_dump_start+0x70/0x90
[   77.267813][ T8979]  __netlink_dump_start+0x4f8/0x7d0
[   77.273008][ T8979]  ? __tipc_dump_start+0x3c0/0x3c0
[   77.278130][ T8979]  tipc_sock_diag_handler_dump+0x1d9/0x270
[   77.283925][ T8979]  ? __tipc_diag_gen_cookie+0x90/0x90
[   77.289281][ T8979]  ? sock_diag_rcv+0x1c/0x40
[   77.293851][ T8979]  ? __tipc_dump_start+0x3c0/0x3c0
[   77.298940][ T8979]  ? tipc_unregister_sysctl+0x20/0x20
[   77.304395][ T8979]  ? tipc_ioctl+0x2e0/0x2e0
[   77.308882][ T8979]  sock_diag_rcv_msg+0x319/0x410
[   77.313925][ T8979]  netlink_rcv_skb+0x177/0x450
[   77.318671][ T8979]  ? sock_diag_bind+0x80/0x80
[   77.323330][ T8979]  ? netlink_ack+0xb50/0xb50
[   77.327903][ T8979]  ? kasan_check_read+0x11/0x20
[   77.332734][ T8979]  ? netlink_deliver_tap+0x254/0xbf0
[   77.338001][ T8979]  sock_diag_rcv+0x2b/0x40
[   77.342396][ T8979]  netlink_unicast+0x531/0x710
[   77.347161][ T8979]  ? netlink_attachskb+0x770/0x770
[   77.352256][ T8979]  ? _copy_from_iter_full+0x25d/0x8c0
[   77.357607][ T8979]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   77.363305][ T8979]  ? __check_object_size+0x3d/0x42f
[   77.368488][ T8979]  netlink_sendmsg+0x8ae/0xd70
[   77.373230][ T8979]  ? netlink_unicast+0x710/0x710
[   77.378146][ T8979]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   77.383684][ T8979]  ? apparmor_socket_sendmsg+0x2a/0x30
[   77.389120][ T8979]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   77.395352][ T8979]  ? security_socket_sendmsg+0x8d/0xc0
[   77.400806][ T8979]  ? netlink_unicast+0x710/0x710
[   77.405726][ T8979]  sock_sendmsg+0xd7/0x130
[   77.410125][ T8979]  ___sys_sendmsg+0x803/0x920
[   77.414803][ T8979]  ? copy_msghdr_from_user+0x430/0x430
[   77.420341][ T8979]  ? prep_transhuge_page+0xa0/0xa0
[   77.425440][ T8979]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   77.431658][ T8979]  ? __handle_mm_fault+0x7cb/0x3eb0
[   77.436855][ T8979]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   77.443139][ T8979]  ? __fget_light+0x1a9/0x230
[   77.447800][ T8979]  ? __fdget+0x1b/0x20
[   77.451849][ T8979]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   77.458065][ T8979]  __sys_sendmsg+0x105/0x1d0
[   77.462631][ T8979]  ? __ia32_sys_shutdown+0x80/0x80
[   77.467726][ T8979]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   77.473165][ T8979]  ? do_syscall_64+0x26/0x680
[   77.477856][ T8979]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   77.483905][ T8979]  ? do_syscall_64+0x26/0x680
[   77.488561][ T8979]  __x64_sys_sendmsg+0x78/0xb0
[   77.493301][ T8979]  do_syscall_64+0xfd/0x680
[   77.497791][ T8979]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   77.503658][ T8979] RIP: 0033:0x4401f9
[   77.507531][ T8979] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   77.527118][ T8979] RSP: 002b:00007ffc06ca04c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   77.535512][ T8979] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401f9
[   77.543483][ T8979] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[   77.551440][ T8979] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   77.559391][ T8979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a80
[   77.567343][ T8979] R13: 0000000000401b10 R14: 0000000000000000 R15: 0000000000000000
[   77.576285][ T8979] Kernel Offset: disabled
[   77.580659][ T8979] Rebooting in 86400 seconds..