Warning: Permanently added '10.128.0.151' (ECDSA) to the list of known hosts. executing program [ 60.227779] audit: type=1400 audit(1561123359.584:36): avc: denied { map } for pid=7867 comm="syz-executor780" path="/root/syz-executor780849519" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 60.268259] FAULT_INJECTION: forcing a failure. [ 60.268259] name failslab, interval 1, probability 0, space 0, times 1 [ 60.291567] CPU: 0 PID: 7867 Comm: syz-executor780 Not tainted 4.19.53+ #25 [ 60.298759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.308127] Call Trace: [ 60.310730] dump_stack+0x172/0x1f0 [ 60.314554] should_fail.cold+0xa/0x1b [ 60.318555] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 60.323768] ? lock_downgrade+0x810/0x810 [ 60.327910] ? ___might_sleep+0x163/0x280 [ 60.332060] __should_failslab+0x121/0x190 [ 60.336288] should_failslab+0x9/0x14 [ 60.340074] __kmalloc+0x2e2/0x750 [ 60.343609] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.349139] ? __sk_mem_schedule+0xac/0xe0 [ 60.353370] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 60.358901] ? tls_push_record+0x107/0x13a0 [ 60.363226] tls_push_record+0x107/0x13a0 [ 60.367372] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.372902] ? alloc_encrypted_sg+0xa8/0x110 [ 60.377450] tls_sw_sendpage+0x540/0xd40 [ 60.381508] ? tls_sw_sendmsg+0x1220/0x1220 [ 60.386154] ? pipe_lock+0x6e/0x80 [ 60.389694] ? tls_sw_sendmsg+0x1220/0x1220 [ 60.394064] inet_sendpage+0x168/0x630 [ 60.397958] kernel_sendpage+0x92/0xf0 [ 60.401834] ? inet_sendmsg+0x5d0/0x5d0 [ 60.405798] sock_sendpage+0x8b/0xc0 [ 60.409501] pipe_to_sendpage+0x296/0x360 [ 60.413776] ? kernel_sendpage+0xf0/0xf0 [ 60.417838] ? direct_splice_actor+0x190/0x190 [ 60.422417] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 60.427952] ? anon_pipe_buf_release+0x1c6/0x270 [ 60.432751] __splice_from_pipe+0x391/0x7d0 [ 60.437080] ? direct_splice_actor+0x190/0x190 [ 60.441681] ? direct_splice_actor+0x190/0x190 [ 60.446285] splice_from_pipe+0x108/0x170 [ 60.450527] ? splice_shrink_spd+0xd0/0xd0 [ 60.454851] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.460389] ? security_file_permission+0x89/0x230 [ 60.465316] generic_splice_sendpage+0x3c/0x50 [ 60.469889] ? splice_from_pipe+0x170/0x170 [ 60.474210] do_splice+0x642/0x12c0 [ 60.477833] ? __sb_end_write+0xd9/0x110 [ 60.481883] ? vfs_write+0x160/0x560 [ 60.485591] ? opipe_prep.part.0+0x2d0/0x2d0 [ 60.490100] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.495673] ? __fget_light+0x1a9/0x230 [ 60.499646] __x64_sys_splice+0x2c6/0x330 [ 60.503798] do_syscall_64+0xfd/0x620 [ 60.507659] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.512846] RIP: 0033:0x440719 [ 60.516035] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.534946] RSP: 002b:00007ffece804408 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 60.542654] RAX: ffffffffffffffda RBX: 00007ffece804420 RCX: 0000000000440719 [ 60.549930] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 60.557255] RBP: 0000000000000005 R08: 0000000100000300 R09: 0000000000000000 [ 60.564531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402000 [ 60.571804] R13: 0000000000402090 R14: 0000000000000000 R15: 0000000000000000 [ 60.644680] ================================================================== [ 60.652273] BUG: KASAN: slab-out-of-bounds in scatterwalk_copychunks+0x269/0x6a0 [ 60.659803] Read of size 4094 at addr ffff8880915da000 by task syz-executor780/7867 [ 60.667584] [ 60.669204] CPU: 0 PID: 7867 Comm: syz-executor780 Not tainted 4.19.53+ #25 [ 60.676287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.685731] Call Trace: [ 60.688407] dump_stack+0x172/0x1f0 [ 60.692106] ? scatterwalk_copychunks+0x269/0x6a0 [ 60.696951] print_address_description.cold+0x7c/0x20d [ 60.702608] ? scatterwalk_copychunks+0x269/0x6a0 [ 60.707454] kasan_report.cold+0x8c/0x2ba [ 60.711605] check_memory_region+0x123/0x190 [ 60.716005] memcpy+0x24/0x50 [ 60.719107] scatterwalk_copychunks+0x269/0x6a0 [ 60.723772] scatterwalk_map_and_copy+0x14d/0x1d0 [ 60.728608] ? scatterwalk_copychunks+0x6a0/0x6a0 [ 60.733534] ? rcu_read_lock_sched_held+0x110/0x130 [ 60.738553] ? __kmalloc+0x5e1/0x750 [ 60.742264] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 60.747420] ? gcmaes_encrypt.constprop.0+0x6c4/0xd90 [ 60.752612] gcmaes_encrypt.constprop.0+0x762/0xd90 [ 60.757664] ? save_stack+0x45/0xd0 [ 60.761280] ? kasan_kmalloc+0xce/0xf0 [ 60.765225] ? tls_push_record+0x107/0x13a0 [ 60.769544] ? generic_gcmaes_decrypt+0x160/0x160 [ 60.774372] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.779735] ? mark_held_locks+0x100/0x100 [ 60.783969] ? remove_wait_queue+0x10f/0x190 [ 60.788375] ? find_held_lock+0x35/0x130 [ 60.792429] ? fs_reclaim_acquire+0x20/0x20 [ 60.796750] ? __lock_is_held+0xb6/0x140 [ 60.800867] ? should_fail+0x14d/0x85c [ 60.804765] generic_gcmaes_encrypt+0x108/0x159 [ 60.809423] ? generic_gcmaes_encrypt+0x108/0x159 [ 60.814277] ? helper_rfc4106_encrypt+0x390/0x390 [ 60.819115] ? __kmalloc+0x5e1/0x750 [ 60.822821] gcmaes_wrapper_encrypt+0x15f/0x200 [ 60.827479] tls_push_record+0x9c0/0x13a0 [ 60.831679] tls_sw_sendpage+0x540/0xd40 [ 60.835744] ? tls_sw_sendmsg+0x1220/0x1220 [ 60.840173] ? pipe_lock+0x6e/0x80 [ 60.843752] ? tls_sw_sendmsg+0x1220/0x1220 [ 60.853553] inet_sendpage+0x168/0x630 [ 60.857431] kernel_sendpage+0x92/0xf0 [ 60.861301] ? inet_sendmsg+0x5d0/0x5d0 [ 60.865377] sock_sendpage+0x8b/0xc0 [ 60.869081] pipe_to_sendpage+0x296/0x360 [ 60.873223] ? kernel_sendpage+0xf0/0xf0 [ 60.877288] ? direct_splice_actor+0x190/0x190 [ 60.881867] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 60.887395] ? anon_pipe_buf_release+0x1c6/0x270 [ 60.892158] __splice_from_pipe+0x391/0x7d0 [ 60.896472] ? direct_splice_actor+0x190/0x190 [ 60.901049] ? direct_splice_actor+0x190/0x190 [ 60.905632] splice_from_pipe+0x108/0x170 [ 60.909777] ? splice_shrink_spd+0xd0/0xd0 [ 60.914098] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.919640] ? security_file_permission+0x89/0x230 [ 60.924569] generic_splice_sendpage+0x3c/0x50 [ 60.929150] ? splice_from_pipe+0x170/0x170 [ 60.933463] do_splice+0x642/0x12c0 [ 60.937080] ? __sb_end_write+0xd9/0x110 [ 60.941143] ? vfs_write+0x160/0x560 [ 60.944852] ? opipe_prep.part.0+0x2d0/0x2d0 [ 60.949253] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.954775] ? __fget_light+0x1a9/0x230 [ 60.958743] __x64_sys_splice+0x2c6/0x330 [ 60.962883] do_syscall_64+0xfd/0x620 [ 60.966682] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.971870] RIP: 0033:0x440719 [ 60.975065] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.993973] RSP: 002b:00007ffece804408 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 61.001674] RAX: ffffffffffffffda RBX: 00007ffece804420 RCX: 0000000000440719 [ 61.009076] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 61.016387] RBP: 0000000000000005 R08: 0000000100000300 R09: 0000000000000000 [ 61.023657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402000 [ 61.030974] R13: 0000000000402090 R14: 0000000000000000 R15: 0000000000000000 [ 61.038262] [ 61.039880] Allocated by task 6780: [ 61.043499] save_stack+0x45/0xd0 [ 61.046947] kasan_kmalloc+0xce/0xf0 [ 61.050654] kasan_slab_alloc+0xf/0x20 [ 61.054527] kmem_cache_alloc+0x12e/0x700 [ 61.058666] getname_flags+0xd6/0x5b0 [ 61.062564] getname+0x1a/0x20 [ 61.065820] do_sys_open+0x2c9/0x550 [ 61.069620] __x64_sys_open+0x7e/0xc0 [ 61.073413] do_syscall_64+0xfd/0x620 [ 61.077209] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.082388] [ 61.084010] Freed by task 6780: [ 61.087289] save_stack+0x45/0xd0 [ 61.090747] __kasan_slab_free+0x102/0x150 [ 61.094976] kasan_slab_free+0xe/0x10 [ 61.098771] kmem_cache_free+0x86/0x260 [ 61.102858] putname+0xef/0x130 [ 61.106132] do_sys_open+0x318/0x550 [ 61.109848] __x64_sys_open+0x7e/0xc0 [ 61.113645] do_syscall_64+0xfd/0x620 [ 61.117431] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.122600] [ 61.124227] The buggy address belongs to the object at ffff8880915daa00 [ 61.124227] which belongs to the cache names_cache of size 4096 [ 61.137068] The buggy address is located 2560 bytes to the left of [ 61.137068] 4096-byte region [ffff8880915daa00, ffff8880915dba00) [ 61.149557] The buggy address belongs to the page: [ 61.154480] page:ffffea0002457680 count:1 mapcount:0 mapping:ffff88821bc45b00 index:0x0 compound_mapcount: 0 [ 61.164489] flags: 0x1fffc0000008100(slab|head) [ 61.169165] raw: 01fffc0000008100 ffffea00023b7388 ffffea0002457808 ffff88821bc45b00 [ 61.177052] raw: 0000000000000000 ffff8880915daa00 0000000100000001 0000000000000000 [ 61.184935] page dumped because: kasan: bad access detected [ 61.190753] [ 61.192365] Memory state around the buggy address: [ 61.197282] ffff8880915d9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 61.204736] ffff8880915d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 61.212258] >ffff8880915da000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.219615] ^ [ 61.222974] ffff8880915da080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.230355] ffff8880915da100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.237713] ================================================================== [ 61.245065] Disabling lock debugging due to kernel taint [ 61.250718] Kernel panic - not syncing: panic_on_warn set ... [ 61.250718] [ 61.258106] CPU: 0 PID: 7867 Comm: syz-executor780 Tainted: G B 4.19.53+ #25 [ 61.266631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.276012] Call Trace: [ 61.278665] dump_stack+0x172/0x1f0 [ 61.282398] ? scatterwalk_copychunks+0x269/0x6a0 [ 61.287370] panic+0x263/0x507 [ 61.290553] ? __warn_printk+0xf3/0xf3 [ 61.294435] ? scatterwalk_copychunks+0x269/0x6a0 [ 61.299280] ? trace_hardirqs_on+0x5e/0x220 [ 61.303594] ? trace_hardirqs_on+0x5e/0x220 [ 61.307905] ? scatterwalk_copychunks+0x269/0x6a0 [ 61.312739] kasan_end_report+0x47/0x4f [ 61.316784] kasan_report.cold+0xa9/0x2ba [ 61.321039] check_memory_region+0x123/0x190 [ 61.325490] memcpy+0x24/0x50 [ 61.328654] scatterwalk_copychunks+0x269/0x6a0 [ 61.333319] scatterwalk_map_and_copy+0x14d/0x1d0 [ 61.338155] ? scatterwalk_copychunks+0x6a0/0x6a0 [ 61.342997] ? rcu_read_lock_sched_held+0x110/0x130 [ 61.348001] ? __kmalloc+0x5e1/0x750 [ 61.351806] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 61.356910] ? gcmaes_encrypt.constprop.0+0x6c4/0xd90 [ 61.362097] gcmaes_encrypt.constprop.0+0x762/0xd90 [ 61.367224] ? save_stack+0x45/0xd0 [ 61.370895] ? kasan_kmalloc+0xce/0xf0 [ 61.374781] ? tls_push_record+0x107/0x13a0 [ 61.379102] ? generic_gcmaes_decrypt+0x160/0x160 [ 61.383943] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.389514] ? mark_held_locks+0x100/0x100 [ 61.393742] ? remove_wait_queue+0x10f/0x190 [ 61.398144] ? find_held_lock+0x35/0x130 [ 61.402198] ? fs_reclaim_acquire+0x20/0x20 [ 61.406516] ? __lock_is_held+0xb6/0x140 [ 61.410567] ? should_fail+0x14d/0x85c [ 61.414501] generic_gcmaes_encrypt+0x108/0x159 [ 61.419176] ? generic_gcmaes_encrypt+0x108/0x159 [ 61.424014] ? helper_rfc4106_encrypt+0x390/0x390 [ 61.428931] ? __kmalloc+0x5e1/0x750 [ 61.432635] gcmaes_wrapper_encrypt+0x15f/0x200 [ 61.437411] tls_push_record+0x9c0/0x13a0 [ 61.441559] tls_sw_sendpage+0x540/0xd40 [ 61.445615] ? tls_sw_sendmsg+0x1220/0x1220 [ 61.449922] ? pipe_lock+0x6e/0x80 [ 61.453455] ? tls_sw_sendmsg+0x1220/0x1220 [ 61.457954] inet_sendpage+0x168/0x630 [ 61.461833] kernel_sendpage+0x92/0xf0 [ 61.465718] ? inet_sendmsg+0x5d0/0x5d0 [ 61.469693] sock_sendpage+0x8b/0xc0 [ 61.473399] pipe_to_sendpage+0x296/0x360 [ 61.477535] ? kernel_sendpage+0xf0/0xf0 [ 61.481581] ? direct_splice_actor+0x190/0x190 [ 61.486160] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 61.491811] ? anon_pipe_buf_release+0x1c6/0x270 [ 61.496566] __splice_from_pipe+0x391/0x7d0 [ 61.500889] ? direct_splice_actor+0x190/0x190 [ 61.505463] ? direct_splice_actor+0x190/0x190 [ 61.510139] splice_from_pipe+0x108/0x170 [ 61.514274] ? splice_shrink_spd+0xd0/0xd0 [ 61.518510] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.524042] ? security_file_permission+0x89/0x230 [ 61.528966] generic_splice_sendpage+0x3c/0x50 [ 61.533546] ? splice_from_pipe+0x170/0x170 [ 61.537862] do_splice+0x642/0x12c0 [ 61.541474] ? __sb_end_write+0xd9/0x110 [ 61.545515] ? vfs_write+0x160/0x560 [ 61.549328] ? opipe_prep.part.0+0x2d0/0x2d0 [ 61.553726] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.559255] ? __fget_light+0x1a9/0x230 [ 61.563218] __x64_sys_splice+0x2c6/0x330 [ 61.567489] do_syscall_64+0xfd/0x620 [ 61.571276] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.576457] RIP: 0033:0x440719 [ 61.579713] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.599115] RSP: 002b:00007ffece804408 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 61.606940] RAX: ffffffffffffffda RBX: 00007ffece804420 RCX: 0000000000440719 [ 61.614204] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 61.621461] RBP: 0000000000000005 R08: 0000000100000300 R09: 0000000000000000 [ 61.628715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402000 [ 61.636084] R13: 0000000000402090 R14: 0000000000000000 R15: 0000000000000000 [ 61.644539] Kernel Offset: disabled [ 61.648166] Rebooting in 86400 seconds..