[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   63.698946][   T24] audit: type=1800 audit(1558382052.335:25): pid=9007 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   63.740775][   T24] audit: type=1800 audit(1558382052.335:26): pid=9007 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   63.777050][   T24] audit: type=1800 audit(1558382052.335:27): pid=9007 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.121' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   74.155489][ T9158] IPVS: ftp: loaded support on port[0] = 21
[   74.190124][ T9158] ==================================================================
[   74.200475][ T9158] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x3ba2/0x5490
[   74.213349][ T9158] Read of size 8 at addr ffff888094c1d040 by task syz-executor354/9158
[   74.223449][ T9158] 
[   74.227072][ T9158] CPU: 0 PID: 9158 Comm: syz-executor354 Not tainted 5.1.0+ #1
[   74.236607][ T9158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   74.247344][ T9158] Call Trace:
[   74.251223][ T9158]  dump_stack+0x172/0x1f0
[   74.256090][ T9158]  ? __lock_acquire+0x3ba2/0x5490
[   74.262268][ T9158]  print_address_description.cold+0x7c/0x20d
[   74.268690][ T9158]  ? __lock_acquire+0x3ba2/0x5490
[   74.274501][ T9158]  ? __lock_acquire+0x3ba2/0x5490
[   74.280835][ T9158]  __kasan_report.cold+0x1b/0x40
[   74.286375][ T9158]  ? __lock_acquire+0x3ba2/0x5490
[   74.291611][ T9158]  kasan_report+0x12/0x20
[   74.296487][ T9158]  __asan_report_load8_noabort+0x14/0x20
[   74.303255][ T9158]  __lock_acquire+0x3ba2/0x5490
[   74.308596][ T9158]  ? sock_diag_rcv+0x2b/0x40
[   74.314040][ T9158]  ? netlink_unicast+0x531/0x710
[   74.319601][ T9158]  ? netlink_sendmsg+0x8ae/0xd70
[   74.325328][ T9158]  ? sock_sendmsg+0xd7/0x130
[   74.330781][ T9158]  ? ___sys_sendmsg+0x803/0x920
[   74.337436][ T9158]  ? __sys_sendmsg+0x105/0x1d0
[   74.343133][ T9158]  ? __x64_sys_sendmsg+0x78/0xb0
[   74.349938][ T9158]  ? do_syscall_64+0xfd/0x680
[   74.355667][ T9158]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   74.363177][ T9158]  ? mark_held_locks+0xf0/0xf0
[   74.370771][ T9158]  ? mark_held_locks+0xf0/0xf0
[   74.378246][ T9158]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   74.388562][ T9158]  ? find_held_lock+0x35/0x130
[   74.396548][ T9158]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   74.404519][ T9158]  lock_acquire+0x16f/0x3f0
[   74.410894][ T9158]  ? rhashtable_walk_enter+0xf9/0x390
[   74.419308][ T9158]  _raw_spin_lock+0x2f/0x40
[   74.427542][ T9158]  ? rhashtable_walk_enter+0xf9/0x390
[   74.436530][ T9158]  rhashtable_walk_enter+0xf9/0x390
[   74.443709][ T9158]  __tipc_dump_start+0x1fa/0x3c0
[   74.450791][ T9158]  tipc_dump_start+0x70/0x90
[   74.456411][ T9158]  __netlink_dump_start+0x4f8/0x7d0
[   74.462152][ T9158]  ? __tipc_dump_start+0x3c0/0x3c0
[   74.467507][ T9158]  tipc_sock_diag_handler_dump+0x1d9/0x270
[   74.474239][ T9158]  ? __tipc_diag_gen_cookie+0x90/0x90
[   74.480823][ T9158]  ? sock_diag_rcv+0x1c/0x40
[   74.485901][ T9158]  ? __tipc_dump_start+0x3c0/0x3c0
[   74.491492][ T9158]  ? tipc_unregister_sysctl+0x20/0x20
[   74.498024][ T9158]  ? tipc_ioctl+0x2e0/0x2e0
[   74.503373][ T9158]  sock_diag_rcv_msg+0x319/0x410
[   74.516577][ T9158]  netlink_rcv_skb+0x177/0x450
[   74.522961][ T9158]  ? sock_diag_bind+0x80/0x80
[   74.528011][ T9158]  ? netlink_ack+0xb50/0xb50
[   74.532702][ T9158]  ? kasan_check_read+0x11/0x20
[   74.538695][ T9158]  ? netlink_deliver_tap+0x254/0xbf0
[   74.546476][ T9158]  sock_diag_rcv+0x2b/0x40
[   74.551972][ T9158]  netlink_unicast+0x531/0x710
[   74.556986][ T9158]  ? netlink_attachskb+0x770/0x770
[   74.562105][ T9158]  ? _copy_from_iter_full+0x25d/0x8c0
[   74.568003][ T9158]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   74.574403][ T9158]  ? __check_object_size+0x3d/0x42f
[   74.580490][ T9158]  netlink_sendmsg+0x8ae/0xd70
[   74.585643][ T9158]  ? netlink_unicast+0x710/0x710
[   74.591144][ T9158]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   74.597555][ T9158]  ? apparmor_socket_sendmsg+0x2a/0x30
[   74.603589][ T9158]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   74.610437][ T9158]  ? security_socket_sendmsg+0x8d/0xc0
[   74.618638][ T9158]  ? netlink_unicast+0x710/0x710
[   74.624698][ T9158]  sock_sendmsg+0xd7/0x130
[   74.629372][ T9158]  ___sys_sendmsg+0x803/0x920
[   74.634845][ T9158]  ? copy_msghdr_from_user+0x430/0x430
[   74.642620][ T9158]  ? prep_transhuge_page+0xa0/0xa0
[   74.648396][ T9158]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   74.656499][ T9158]  ? __handle_mm_fault+0x7cb/0x3eb0
[   74.662147][ T9158]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   74.669525][ T9158]  ? __fget_light+0x1a9/0x230
[   74.674936][ T9158]  ? __fdget+0x1b/0x20
[   74.683362][ T9158]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   74.694173][ T9158]  __sys_sendmsg+0x105/0x1d0
[   74.700971][ T9158]  ? __ia32_sys_shutdown+0x80/0x80
[   74.709216][ T9158]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   74.715799][ T9158]  ? do_syscall_64+0x26/0x680
[   74.721517][ T9158]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   74.729190][ T9158]  ? do_syscall_64+0x26/0x680
[   74.735010][ T9158]  __x64_sys_sendmsg+0x78/0xb0
[   74.740179][ T9158]  do_syscall_64+0xfd/0x680
[   74.745321][ T9158]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   74.751553][ T9158] RIP: 0033:0x4409c9
[   74.756385][ T9158] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   74.778092][ T9158] RSP: 002b:00007ffc3b8e61c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   74.788597][ T9158] RAX: ffffffffffffffda RBX: 00000000004a21d0 RCX: 00000000004409c9
[   74.799124][ T9158] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[   74.807113][ T9158] RBP: 00000000006cb018 R08: 0000000000000100 R09: 0000000000000100
[   74.815167][ T9158] R10: 0000000000000015 R11: 0000000000000246 R12: 0000000000401f10
[   74.823585][ T9158] R13: 0000000000401fa0 R14: 0000000000000000 R15: 0000000000000000
[   74.832025][ T9158] 
[   74.835703][ T9158] Allocated by task 5084:
[   74.840472][ T9158]  save_stack+0x23/0x90
[   74.844915][ T9158]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   74.851132][ T9158]  kasan_kmalloc+0x9/0x10
[   74.855804][ T9158]  __kmalloc+0x15c/0x740
[   74.861742][ T9158]  tomoyo_get_name+0x23e/0x490
[   74.866508][ T9158]  tomoyo_parse_name_union+0xc3/0x170
[   74.871928][ T9158]  tomoyo_write_file+0x4b1/0x750
[   74.878074][ T9158]  tomoyo_write_domain2+0x111/0x1d0
[   74.884000][ T9158]  tomoyo_supervisor+0xc0b/0xef0
[   74.889895][ T9158]  tomoyo_path_permission+0x263/0x360
[   74.895847][ T9158]  tomoyo_path_perm+0x31d/0x430
[   74.901550][ T9158]  tomoyo_inode_getattr+0x1d/0x30
[   74.906636][ T9158]  security_inode_getattr+0xf2/0x150
[   74.912134][ T9158]  vfs_getattr+0x25/0x70
[   74.916781][ T9158]  vfs_statx_fd+0x71/0xc0
[   74.921718][ T9158]  __do_sys_newfstat+0x9b/0x120
[   74.926785][ T9158]  __x64_sys_newfstat+0x54/0x80
[   74.932260][ T9158]  do_syscall_64+0xfd/0x680
[   74.936962][ T9158]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   74.943196][ T9158] 
[   74.946049][ T9158] Freed by task 3932:
[   74.950532][ T9158]  save_stack+0x23/0x90
[   74.955304][ T9158]  __kasan_slab_free+0x102/0x150
[   74.960950][ T9158]  kasan_slab_free+0xe/0x10
[   74.966179][ T9158]  kfree+0xcf/0x220
[   74.970390][ T9158]  tomoyo_check_open_permission+0x19e/0x3f0
[   74.977649][ T9158]  tomoyo_file_open+0xa9/0xd0
[   74.983724][ T9158]  security_file_open+0x71/0x300
[   74.990167][ T9158]  do_dentry_open+0x373/0x1250
[   74.995183][ T9158]  vfs_open+0xa0/0xd0
[   74.999402][ T9158]  path_openat+0x10e9/0x46d0
[   75.004133][ T9158]  do_filp_open+0x1a1/0x280
[   75.008636][ T9158]  do_sys_open+0x3fe/0x5d0
[   75.013794][ T9158]  __x64_sys_open+0x7e/0xc0
[   75.019246][ T9158]  do_syscall_64+0xfd/0x680
[   75.025031][ T9158]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   75.031212][ T9158] 
[   75.033709][ T9158] The buggy address belongs to the object at ffff888094c1d000
[   75.033709][ T9158]  which belongs to the cache kmalloc-64 of size 64
[   75.048246][ T9158] The buggy address is located 0 bytes to the right of
[   75.048246][ T9158]  64-byte region [ffff888094c1d000, ffff888094c1d040)
[   75.063013][ T9158] The buggy address belongs to the page:
[   75.068907][ T9158] page:ffffea0002530740 count:1 mapcount:0 mapping:ffff8880aa400340 index:0x0
[   75.078007][ T9158] flags: 0x1fffc0000000200(slab)
[   75.083128][ T9158] raw: 01fffc0000000200 ffffea0002511508 ffffea0002a2cdc8 ffff8880aa400340
[   75.092346][ T9158] raw: 0000000000000000 ffff888094c1d000 0000000100000020 0000000000000000
[   75.102351][ T9158] page dumped because: kasan: bad access detected
[   75.109609][ T9158] 
[   75.112734][ T9158] Memory state around the buggy address:
[   75.119290][ T9158]  ffff888094c1cf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[   75.128847][ T9158]  ffff888094c1cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   75.137841][ T9158] >ffff888094c1d000: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   75.147049][ T9158]                                            ^
[   75.154749][ T9158]  ffff888094c1d080: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   75.164374][ T9158]  ffff888094c1d100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   75.174227][ T9158] ==================================================================
[   75.184253][ T9158] Disabling lock debugging due to kernel taint
[   75.191286][ T9158] Kernel panic - not syncing: panic_on_warn set ...
[   75.200796][ T9158] CPU: 0 PID: 9158 Comm: syz-executor354 Tainted: G    B             5.1.0+ #1
[   75.210541][ T9158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   75.222681][ T9158] Call Trace:
[   75.226112][ T9158]  dump_stack+0x172/0x1f0
[   75.230940][ T9158]  panic+0x2cb/0x646
[   75.235331][ T9158]  ? __warn_printk+0xf3/0xf3
[   75.243973][ T9158]  ? lock_downgrade+0x880/0x880
[   75.251653][ T9158]  ? __lock_acquire+0x3ba2/0x5490
[   75.258686][ T9158]  ? trace_hardirqs_off+0x62/0x220
[   75.265006][ T9158]  ? trace_hardirqs_off+0x59/0x220
[   75.270408][ T9158]  ? __lock_acquire+0x3ba2/0x5490
[   75.276416][ T9158]  end_report+0x47/0x4f
[   75.283766][ T9158]  ? __lock_acquire+0x3ba2/0x5490
[   75.290043][ T9158]  __kasan_report.cold+0xe/0x40
[   75.295946][ T9158]  ? __lock_acquire+0x3ba2/0x5490
[   75.301382][ T9158]  kasan_report+0x12/0x20
[   75.306547][ T9158]  __asan_report_load8_noabort+0x14/0x20
[   75.312935][ T9158]  __lock_acquire+0x3ba2/0x5490
[   75.319129][ T9158]  ? sock_diag_rcv+0x2b/0x40
[   75.323837][ T9158]  ? netlink_unicast+0x531/0x710
[   75.328922][ T9158]  ? netlink_sendmsg+0x8ae/0xd70
[   75.333900][ T9158]  ? sock_sendmsg+0xd7/0x130
[   75.338775][ T9158]  ? ___sys_sendmsg+0x803/0x920
[   75.344045][ T9158]  ? __sys_sendmsg+0x105/0x1d0
[   75.348917][ T9158]  ? __x64_sys_sendmsg+0x78/0xb0
[   75.354117][ T9158]  ? do_syscall_64+0xfd/0x680
[   75.358976][ T9158]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   75.365365][ T9158]  ? mark_held_locks+0xf0/0xf0
[   75.370351][ T9158]  ? mark_held_locks+0xf0/0xf0
[   75.375356][ T9158]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   75.382131][ T9158]  ? find_held_lock+0x35/0x130
[   75.387303][ T9158]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   75.393965][ T9158]  lock_acquire+0x16f/0x3f0
[   75.399486][ T9158]  ? rhashtable_walk_enter+0xf9/0x390
[   75.405591][ T9158]  _raw_spin_lock+0x2f/0x40
[   75.410455][ T9158]  ? rhashtable_walk_enter+0xf9/0x390
[   75.416534][ T9158]  rhashtable_walk_enter+0xf9/0x390
[   75.422475][ T9158]  __tipc_dump_start+0x1fa/0x3c0
[   75.428244][ T9158]  tipc_dump_start+0x70/0x90
[   75.433169][ T9158]  __netlink_dump_start+0x4f8/0x7d0
[   75.439018][ T9158]  ? __tipc_dump_start+0x3c0/0x3c0
[   75.444623][ T9158]  tipc_sock_diag_handler_dump+0x1d9/0x270
[   75.451084][ T9158]  ? __tipc_diag_gen_cookie+0x90/0x90
[   75.457523][ T9158]  ? sock_diag_rcv+0x1c/0x40
[   75.462722][ T9158]  ? __tipc_dump_start+0x3c0/0x3c0
[   75.468651][ T9158]  ? tipc_unregister_sysctl+0x20/0x20
[   75.474614][ T9158]  ? tipc_ioctl+0x2e0/0x2e0
[   75.479810][ T9158]  sock_diag_rcv_msg+0x319/0x410
[   75.485900][ T9158]  netlink_rcv_skb+0x177/0x450
[   75.492353][ T9158]  ? sock_diag_bind+0x80/0x80
[   75.497452][ T9158]  ? netlink_ack+0xb50/0xb50
[   75.503701][ T9158]  ? kasan_check_read+0x11/0x20
[   75.509015][ T9158]  ? netlink_deliver_tap+0x254/0xbf0
[   75.515337][ T9158]  sock_diag_rcv+0x2b/0x40
[   75.520515][ T9158]  netlink_unicast+0x531/0x710
[   75.525955][ T9158]  ? netlink_attachskb+0x770/0x770
[   75.532849][ T9158]  ? _copy_from_iter_full+0x25d/0x8c0
[   75.538606][ T9158]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   75.544844][ T9158]  ? __check_object_size+0x3d/0x42f
[   75.550346][ T9158]  netlink_sendmsg+0x8ae/0xd70
[   75.555424][ T9158]  ? netlink_unicast+0x710/0x710
[   75.560952][ T9158]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   75.567451][ T9158]  ? apparmor_socket_sendmsg+0x2a/0x30
[   75.573832][ T9158]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   75.587248][ T9158]  ? security_socket_sendmsg+0x8d/0xc0
[   75.593662][ T9158]  ? netlink_unicast+0x710/0x710
[   75.598988][ T9158]  sock_sendmsg+0xd7/0x130
[   75.603982][ T9158]  ___sys_sendmsg+0x803/0x920
[   75.609529][ T9158]  ? copy_msghdr_from_user+0x430/0x430
[   75.615109][ T9158]  ? prep_transhuge_page+0xa0/0xa0
[   75.620432][ T9158]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   75.627343][ T9158]  ? __handle_mm_fault+0x7cb/0x3eb0
[   75.632935][ T9158]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   75.639483][ T9158]  ? __fget_light+0x1a9/0x230
[   75.644222][ T9158]  ? __fdget+0x1b/0x20
[   75.649140][ T9158]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   75.655786][ T9158]  __sys_sendmsg+0x105/0x1d0
[   75.660552][ T9158]  ? __ia32_sys_shutdown+0x80/0x80
[   75.665681][ T9158]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   75.671468][ T9158]  ? do_syscall_64+0x26/0x680
[   75.676561][ T9158]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   75.683910][ T9158]  ? do_syscall_64+0x26/0x680
[   75.689301][ T9158]  __x64_sys_sendmsg+0x78/0xb0
[   75.694624][ T9158]  do_syscall_64+0xfd/0x680
[   75.699312][ T9158]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   75.705566][ T9158] RIP: 0033:0x4409c9
[   75.709953][ T9158] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   75.730042][ T9158] RSP: 002b:00007ffc3b8e61c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   75.739153][ T9158] RAX: ffffffffffffffda RBX: 00000000004a21d0 RCX: 00000000004409c9
[   75.747986][ T9158] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[   75.756207][ T9158] RBP: 00000000006cb018 R08: 0000000000000100 R09: 0000000000000100
[   75.764563][ T9158] R10: 0000000000000015 R11: 0000000000000246 R12: 0000000000401f10
[   75.773458][ T9158] R13: 0000000000401fa0 R14: 0000000000000000 R15: 0000000000000000
[   75.784232][ T9158] Kernel Offset: disabled
[   75.789171][ T9158] Rebooting in 86400 seconds..