[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   53.947241][   T27] audit: type=1800 audit(1558384674.043:25): pid=8484 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   53.991247][   T27] audit: type=1800 audit(1558384674.043:26): pid=8484 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   54.016044][   T27] audit: type=1800 audit(1558384674.043:27): pid=8484 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.62' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   64.211664][ T8637] ==================================================================
[   64.219806][ T8637] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x3ba2/0x5490
[   64.227495][ T8637] Read of size 8 at addr ffff88821663ca40 by task syz-executor951/8637
[   64.235726][ T8637] 
[   64.238035][ T8637] CPU: 0 PID: 8637 Comm: syz-executor951 Not tainted 5.2.0-rc1+ #1
[   64.245892][ T8637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.255920][ T8637] Call Trace:
[   64.259181][ T8637]  dump_stack+0x172/0x1f0
[   64.263483][ T8637]  ? __lock_acquire+0x3ba2/0x5490
[   64.268484][ T8637]  print_address_description.cold+0x7c/0x20d
[   64.274447][ T8637]  ? __lock_acquire+0x3ba2/0x5490
[   64.279465][ T8637]  ? __lock_acquire+0x3ba2/0x5490
[   64.284474][ T8637]  __kasan_report.cold+0x1b/0x40
[   64.289392][ T8637]  ? __lock_acquire+0x3ba2/0x5490
[   64.294386][ T8637]  kasan_report+0x12/0x20
[   64.298686][ T8637]  __asan_report_load8_noabort+0x14/0x20
[   64.304288][ T8637]  __lock_acquire+0x3ba2/0x5490
[   64.309124][ T8637]  ? sock_diag_rcv+0x2b/0x40
[   64.313686][ T8637]  ? netlink_unicast+0x531/0x710
[   64.318590][ T8637]  ? netlink_sendmsg+0x8ae/0xd70
[   64.323516][ T8637]  ? sock_sendmsg+0xd7/0x130
[   64.328071][ T8637]  ? ___sys_sendmsg+0x803/0x920
[   64.332889][ T8637]  ? __sys_sendmsg+0x105/0x1d0
[   64.337657][ T8637]  ? __x64_sys_sendmsg+0x78/0xb0
[   64.342572][ T8637]  ? do_syscall_64+0xfd/0x680
[   64.347218][ T8637]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   64.353279][ T8637]  ? mark_held_locks+0xf0/0xf0
[   64.358020][ T8637]  ? mark_held_locks+0xf0/0xf0
[   64.362753][ T8637]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   64.368353][ T8637]  ? find_held_lock+0x35/0x130
[   64.373086][ T8637]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   64.378699][ T8637]  lock_acquire+0x16f/0x3f0
[   64.383192][ T8637]  ? rhashtable_walk_enter+0xf9/0x390
[   64.388531][ T8637]  _raw_spin_lock+0x2f/0x40
[   64.393002][ T8637]  ? rhashtable_walk_enter+0xf9/0x390
[   64.398352][ T8637]  rhashtable_walk_enter+0xf9/0x390
[   64.403522][ T8637]  __tipc_dump_start+0x1fa/0x3c0
[   64.408452][ T8637]  tipc_dump_start+0x70/0x90
[   64.413074][ T8637]  __netlink_dump_start+0x4f8/0x7d0
[   64.418245][ T8637]  ? __tipc_dump_start+0x3c0/0x3c0
[   64.423342][ T8637]  tipc_sock_diag_handler_dump+0x1d9/0x270
[   64.429124][ T8637]  ? __tipc_diag_gen_cookie+0x90/0x90
[   64.434483][ T8637]  ? sock_diag_rcv+0x1c/0x40
[   64.439040][ T8637]  ? __tipc_dump_start+0x3c0/0x3c0
[   64.444122][ T8637]  ? tipc_unregister_sysctl+0x20/0x20
[   64.449472][ T8637]  ? tipc_ioctl+0x2e0/0x2e0
[   64.453959][ T8637]  sock_diag_rcv_msg+0x319/0x410
[   64.458891][ T8637]  netlink_rcv_skb+0x177/0x450
[   64.463651][ T8637]  ? sock_diag_bind+0x80/0x80
[   64.468323][ T8637]  ? netlink_ack+0xb50/0xb50
[   64.472882][ T8637]  ? kasan_check_read+0x11/0x20
[   64.477702][ T8637]  ? netlink_deliver_tap+0x254/0xbf0
[   64.482955][ T8637]  sock_diag_rcv+0x2b/0x40
[   64.487342][ T8637]  netlink_unicast+0x531/0x710
[   64.492080][ T8637]  ? netlink_attachskb+0x770/0x770
[   64.497161][ T8637]  ? _copy_from_iter_full+0x25d/0x8c0
[   64.502505][ T8637]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   64.508203][ T8637]  ? __check_object_size+0x3d/0x42f
[   64.513372][ T8637]  netlink_sendmsg+0x8ae/0xd70
[   64.518142][ T8637]  ? netlink_unicast+0x710/0x710
[   64.523071][ T8637]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   64.528584][ T8637]  ? apparmor_socket_sendmsg+0x2a/0x30
[   64.534010][ T8637]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   64.540218][ T8637]  ? security_socket_sendmsg+0x8d/0xc0
[   64.545659][ T8637]  ? netlink_unicast+0x710/0x710
[   64.550572][ T8637]  sock_sendmsg+0xd7/0x130
[   64.554960][ T8637]  ___sys_sendmsg+0x803/0x920
[   64.559605][ T8637]  ? copy_msghdr_from_user+0x430/0x430
[   64.565045][ T8637]  ? prep_transhuge_page+0xa0/0xa0
[   64.570131][ T8637]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   64.576343][ T8637]  ? __handle_mm_fault+0x7cb/0x3eb0
[   64.581512][ T8637]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   64.587717][ T8637]  ? __fget_light+0x1a9/0x230
[   64.592361][ T8637]  ? __fdget+0x1b/0x20
[   64.596396][ T8637]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   64.602604][ T8637]  __sys_sendmsg+0x105/0x1d0
[   64.607173][ T8637]  ? __ia32_sys_shutdown+0x80/0x80
[   64.612277][ T8637]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   64.617711][ T8637]  ? do_syscall_64+0x26/0x680
[   64.622356][ T8637]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   64.628467][ T8637]  ? do_syscall_64+0x26/0x680
[   64.633136][ T8637]  __x64_sys_sendmsg+0x78/0xb0
[   64.637896][ T8637]  do_syscall_64+0xfd/0x680
[   64.642374][ T8637]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   64.648234][ T8637] RIP: 0033:0x440219
[   64.652115][ T8637] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   64.671691][ T8637] RSP: 002b:00007ffc460af1a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   64.680069][ T8637] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219
[   64.688015][ T8637] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[   64.695958][ T8637] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   64.703905][ T8637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0
[   64.711851][ T8637] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000
[   64.719814][ T8637] 
[   64.722144][ T8637] Allocated by task 1:
[   64.726232][ T8637]  save_stack+0x23/0x90
[   64.730365][ T8637]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   64.735986][ T8637]  kasan_slab_alloc+0xf/0x20
[   64.740549][ T8637]  kmem_cache_alloc+0x11a/0x6f0
[   64.745410][ T8637]  __kernfs_new_node+0xf0/0x6c0
[   64.750234][ T8637]  kernfs_new_node+0x96/0x120
[   64.754885][ T8637]  __kernfs_create_file+0x51/0x340
[   64.759968][ T8637]  sysfs_add_file_mode_ns+0x222/0x560
[   64.765332][ T8637]  internal_create_group+0x359/0xc40
[   64.770594][ T8637]  sysfs_create_groups+0x9b/0x141
[   64.775613][ T8637]  device_add+0x1353/0x17a0
[   64.780133][ T8637]  netdev_register_kobject+0x183/0x3b0
[   64.785583][ T8637]  register_netdevice+0x875/0xff0
[   64.790583][ T8637]  register_netdev+0x30/0x50
[   64.795147][ T8637]  nr_proto_init+0x274/0x65f
[   64.799708][ T8637]  do_one_initcall+0x107/0x7ba
[   64.804459][ T8637]  kernel_init_freeable+0x4d4/0x5c3
[   64.809628][ T8637]  kernel_init+0x12/0x1c5
[   64.813930][ T8637]  ret_from_fork+0x24/0x30
[   64.818309][ T8637] 
[   64.820613][ T8637] Freed by task 0:
[   64.824305][ T8637] (stack is not available)
[   64.828701][ T8637] 
[   64.831016][ T8637] The buggy address belongs to the object at ffff88821663c9a0
[   64.831016][ T8637]  which belongs to the cache kernfs_node_cache of size 160
[   64.845564][ T8637] The buggy address is located 0 bytes to the right of
[   64.845564][ T8637]  160-byte region [ffff88821663c9a0, ffff88821663ca40)
[   64.859150][ T8637] The buggy address belongs to the page:
[   64.864758][ T8637] page:ffffea0008598f00 refcount:1 mapcount:0 mapping:ffff88821bc48500 index:0xffff88821663cfee
[   64.875153][ T8637] flags: 0x6fffc0000000200(slab)
[   64.880091][ T8637] raw: 06fffc0000000200 ffffea0008598e88 ffffea0008598f48 ffff88821bc48500
[   64.888647][ T8637] raw: ffff88821663cfee ffff88821663c000 0000000100000012 0000000000000000
[   64.897244][ T8637] page dumped because: kasan: bad access detected
[   64.903638][ T8637] 
[   64.905960][ T8637] Memory state around the buggy address:
[   64.911567][ T8637]  ffff88821663c900: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   64.919602][ T8637]  ffff88821663c980: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00
[   64.927636][ T8637] >ffff88821663ca00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   64.935672][ T8637]                                            ^
[   64.941809][ T8637]  ffff88821663ca80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.949844][ T8637]  ffff88821663cb00: 00 00 00 00 fc fc fc fc fc fc fc fc 00 00 00 00
[   64.957895][ T8637] ==================================================================
[   64.965925][ T8637] Disabling lock debugging due to kernel taint
[   64.972074][ T8637] Kernel panic - not syncing: panic_on_warn set ...
[   64.978649][ T8637] CPU: 0 PID: 8637 Comm: syz-executor951 Tainted: G    B             5.2.0-rc1+ #1
[   64.987893][ T8637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.997918][ T8637] Call Trace:
[   65.001198][ T8637]  dump_stack+0x172/0x1f0
[   65.005526][ T8637]  panic+0x2cb/0x744
[   65.009395][ T8637]  ? __warn_printk+0xf3/0xf3
[   65.013955][ T8637]  ? lock_downgrade+0x880/0x880
[   65.018777][ T8637]  ? __lock_acquire+0x3ba2/0x5490
[   65.023785][ T8637]  ? trace_hardirqs_off+0x62/0x220
[   65.028865][ T8637]  ? trace_hardirqs_off+0x59/0x220
[   65.033948][ T8637]  ? __lock_acquire+0x3ba2/0x5490
[   65.038943][ T8637]  end_report+0x47/0x4f
[   65.043075][ T8637]  ? __lock_acquire+0x3ba2/0x5490
[   65.048081][ T8637]  __kasan_report.cold+0xe/0x40
[   65.052903][ T8637]  ? __lock_acquire+0x3ba2/0x5490
[   65.057899][ T8637]  kasan_report+0x12/0x20
[   65.062217][ T8637]  __asan_report_load8_noabort+0x14/0x20
[   65.067819][ T8637]  __lock_acquire+0x3ba2/0x5490
[   65.072660][ T8637]  ? sock_diag_rcv+0x2b/0x40
[   65.077238][ T8637]  ? netlink_unicast+0x531/0x710
[   65.082150][ T8637]  ? netlink_sendmsg+0x8ae/0xd70
[   65.087063][ T8637]  ? sock_sendmsg+0xd7/0x130
[   65.091625][ T8637]  ? ___sys_sendmsg+0x803/0x920
[   65.096473][ T8637]  ? __sys_sendmsg+0x105/0x1d0
[   65.101217][ T8637]  ? __x64_sys_sendmsg+0x78/0xb0
[   65.106147][ T8637]  ? do_syscall_64+0xfd/0x680
[   65.110798][ T8637]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   65.116839][ T8637]  ? mark_held_locks+0xf0/0xf0
[   65.121589][ T8637]  ? mark_held_locks+0xf0/0xf0
[   65.126342][ T8637]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   65.131955][ T8637]  ? find_held_lock+0x35/0x130
[   65.136688][ T8637]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   65.142291][ T8637]  lock_acquire+0x16f/0x3f0
[   65.146771][ T8637]  ? rhashtable_walk_enter+0xf9/0x390
[   65.152112][ T8637]  _raw_spin_lock+0x2f/0x40
[   65.156592][ T8637]  ? rhashtable_walk_enter+0xf9/0x390
[   65.161944][ T8637]  rhashtable_walk_enter+0xf9/0x390
[   65.167165][ T8637]  __tipc_dump_start+0x1fa/0x3c0
[   65.172086][ T8637]  tipc_dump_start+0x70/0x90
[   65.176647][ T8637]  __netlink_dump_start+0x4f8/0x7d0
[   65.181828][ T8637]  ? __tipc_dump_start+0x3c0/0x3c0
[   65.186910][ T8637]  tipc_sock_diag_handler_dump+0x1d9/0x270
[   65.192684][ T8637]  ? __tipc_diag_gen_cookie+0x90/0x90
[   65.198040][ T8637]  ? sock_diag_rcv+0x1c/0x40
[   65.202621][ T8637]  ? __tipc_dump_start+0x3c0/0x3c0
[   65.207695][ T8637]  ? tipc_unregister_sysctl+0x20/0x20
[   65.213034][ T8637]  ? tipc_ioctl+0x2e0/0x2e0
[   65.217504][ T8637]  sock_diag_rcv_msg+0x319/0x410
[   65.222427][ T8637]  netlink_rcv_skb+0x177/0x450
[   65.227163][ T8637]  ? sock_diag_bind+0x80/0x80
[   65.231809][ T8637]  ? netlink_ack+0xb50/0xb50
[   65.236368][ T8637]  ? kasan_check_read+0x11/0x20
[   65.241198][ T8637]  ? netlink_deliver_tap+0x254/0xbf0
[   65.246468][ T8637]  sock_diag_rcv+0x2b/0x40
[   65.250851][ T8637]  netlink_unicast+0x531/0x710
[   65.255594][ T8637]  ? netlink_attachskb+0x770/0x770
[   65.260670][ T8637]  ? _copy_from_iter_full+0x25d/0x8c0
[   65.266021][ T8637]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   65.271718][ T8637]  ? __check_object_size+0x3d/0x42f
[   65.276884][ T8637]  netlink_sendmsg+0x8ae/0xd70
[   65.281627][ T8637]  ? netlink_unicast+0x710/0x710
[   65.286534][ T8637]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   65.292085][ T8637]  ? apparmor_socket_sendmsg+0x2a/0x30
[   65.297520][ T8637]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.303744][ T8637]  ? security_socket_sendmsg+0x8d/0xc0
[   65.309189][ T8637]  ? netlink_unicast+0x710/0x710
[   65.314093][ T8637]  sock_sendmsg+0xd7/0x130
[   65.318477][ T8637]  ___sys_sendmsg+0x803/0x920
[   65.323124][ T8637]  ? copy_msghdr_from_user+0x430/0x430
[   65.328568][ T8637]  ? prep_transhuge_page+0xa0/0xa0
[   65.333648][ T8637]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.339869][ T8637]  ? __handle_mm_fault+0x7cb/0x3eb0
[   65.345067][ T8637]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.351285][ T8637]  ? __fget_light+0x1a9/0x230
[   65.355947][ T8637]  ? __fdget+0x1b/0x20
[   65.359999][ T8637]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   65.366207][ T8637]  __sys_sendmsg+0x105/0x1d0
[   65.370776][ T8637]  ? __ia32_sys_shutdown+0x80/0x80
[   65.375859][ T8637]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   65.381290][ T8637]  ? do_syscall_64+0x26/0x680
[   65.385968][ T8637]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   65.392005][ T8637]  ? do_syscall_64+0x26/0x680
[   65.396648][ T8637]  __x64_sys_sendmsg+0x78/0xb0
[   65.401380][ T8637]  do_syscall_64+0xfd/0x680
[   65.405874][ T8637]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   65.411734][ T8637] RIP: 0033:0x440219
[   65.415604][ T8637] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   65.435174][ T8637] RSP: 002b:00007ffc460af1a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   65.443551][ T8637] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219
[   65.451506][ T8637] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[   65.459454][ T8637] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   65.467414][ T8637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0
[   65.475353][ T8637] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000
[   65.484302][ T8637] Kernel Offset: disabled
[   65.488617][ T8637] Rebooting in 86400 seconds..