[ 57.135131][ T26] audit: type=1800 audit(1575259206.769:25): pid=8811 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 57.180708][ T26] audit: type=1800 audit(1575259206.769:26): pid=8811 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 57.205638][ T26] audit: type=1800 audit(1575259206.769:27): pid=8811 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 57.711785][ T8878] sshd (8878) used greatest stack depth: 22888 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.148' (ECDSA) to the list of known hosts. syzkaller login: [ 67.363625][ T8966] IPVS: ftp: loaded support on port[0] = 21 [ 67.421567][ T8966] chnl_net:caif_netlink_parms(): no params data found [ 67.450590][ T8966] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.458145][ T8966] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.466356][ T8966] device bridge_slave_0 entered promiscuous mode [ 67.474359][ T8966] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.481606][ T8966] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.489364][ T8966] device bridge_slave_1 entered promiscuous mode [ 67.507711][ T8966] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.518408][ T8966] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.539215][ T8966] team0: Port device team_slave_0 added [ 67.546960][ T8966] team0: Port device team_slave_1 added [ 67.608236][ T8966] device hsr_slave_0 entered promiscuous mode [ 67.645870][ T8966] device hsr_slave_1 entered promiscuous mode [ 67.709493][ T8966] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 67.778058][ T8966] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 67.818081][ T8966] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 67.858166][ T8966] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 67.904832][ T8966] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.912003][ T8966] bridge0: port 2(bridge_slave_1) entered forwarding state [ 67.919798][ T8966] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.928267][ T8966] bridge0: port 1(bridge_slave_0) entered forwarding state [ 67.963535][ T8966] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.978129][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.988757][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.007485][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.016344][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 68.029786][ T8966] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.040694][ T1098] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.049994][ T1098] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.057103][ T1098] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.068498][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.077189][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.084230][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.103319][ T1098] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.111960][ T1098] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 68.123065][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 68.137539][ T8970] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 68.146071][ T8970] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 68.157229][ T8966] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready executing program [ 68.172417][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 68.180660][ T2952] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 68.191635][ T8966] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.296641][ T8972] ================================================================== [ 68.304850][ T8972] BUG: KASAN: slab-out-of-bounds in pipe_write+0xe30/0x1000 [ 68.312114][ T8972] Write of size 8 at addr ffff8880a8f879a8 by task syz-executor173/8972 [ 68.320414][ T8972] [ 68.322740][ T8972] CPU: 0 PID: 8972 Comm: syz-executor173 Not tainted 5.4.0-syzkaller #0 [ 68.331046][ T8972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.341086][ T8972] Call Trace: [ 68.344363][ T8972] dump_stack+0x197/0x210 [ 68.348671][ T8972] ? pipe_write+0xe30/0x1000 [ 68.353256][ T8972] print_address_description.constprop.0.cold+0xd4/0x30b [ 68.360268][ T8972] ? pipe_write+0xe30/0x1000 [ 68.364838][ T8972] ? pipe_write+0xe30/0x1000 [ 68.369404][ T8972] __kasan_report.cold+0x1b/0x41 [ 68.374318][ T8972] ? pipe_write+0xe30/0x1000 [ 68.378893][ T8972] kasan_report+0x12/0x20 [ 68.383201][ T8972] __asan_report_store8_noabort+0x17/0x20 [ 68.388906][ T8972] pipe_write+0xe30/0x1000 [ 68.393311][ T8972] new_sync_write+0x4d3/0x770 [ 68.397971][ T8972] ? new_sync_read+0x800/0x800 [ 68.403769][ T8972] ? __fget+0x37f/0x550 [ 68.407927][ T8972] ? apparmor_file_permission+0x25/0x30 [ 68.413545][ T8972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 68.419771][ T8972] ? security_file_permission+0x8f/0x380 [ 68.425389][ T8972] __vfs_write+0xe1/0x110 [ 68.429712][ T8972] vfs_write+0x268/0x5d0 [ 68.433930][ T8972] ksys_write+0x220/0x290 [ 68.438239][ T8972] ? __ia32_sys_read+0xb0/0xb0 [ 68.443087][ T8972] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 68.448530][ T8972] ? do_fast_syscall_32+0xd1/0xe16 [ 68.453616][ T8972] ? entry_SYSENTER_compat+0x70/0x7f [ 68.458879][ T8972] ? do_fast_syscall_32+0xd1/0xe16 [ 68.463971][ T8972] __ia32_sys_write+0x71/0xb0 [ 68.468632][ T8972] do_fast_syscall_32+0x27b/0xe16 [ 68.473647][ T8972] entry_SYSENTER_compat+0x70/0x7f [ 68.478736][ T8972] RIP: 0023:0xf7f39a39 [ 68.482783][ T8972] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 68.502366][ T8972] RSP: 002b:00000000f7f351fc EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 68.510758][ T8972] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200001c0 [ 68.518711][ T8972] RDX: 00000000fffffef3 RSI: 0000000000000000 RDI: 0000000000000000 [ 68.528577][ T8972] RBP: 00000000003d0f00 R08: 0000000000000000 R09: 0000000000000000 [ 68.536540][ T8972] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 68.544501][ T8972] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 68.552470][ T8972] [ 68.554777][ T8972] Allocated by task 8974: [ 68.559087][ T8972] save_stack+0x23/0x90 [ 68.563219][ T8972] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 68.568842][ T8972] kasan_kmalloc+0x9/0x10 [ 68.573152][ T8972] __kmalloc+0x163/0x770 [ 68.577378][ T8972] pipe_fcntl+0x3f7/0x8e0 [ 68.581694][ T8972] do_fcntl+0x255/0x1030 [ 68.585922][ T8972] do_compat_fcntl64+0x387/0x540 [ 68.590851][ T8972] __ia32_compat_sys_fcntl64+0x73/0xb0 [ 68.596306][ T8972] do_fast_syscall_32+0x27b/0xe16 [ 68.601328][ T8972] entry_SYSENTER_compat+0x70/0x7f [ 68.606411][ T8972] [ 68.608719][ T8972] Freed by task 0: [ 68.612597][ T8972] (stack is not available) [ 68.616984][ T8972] [ 68.619294][ T8972] The buggy address belongs to the object at ffff8880a8f87980 [ 68.619294][ T8972] which belongs to the cache kmalloc-64 of size 64 [ 68.633150][ T8972] The buggy address is located 40 bytes inside of [ 68.633150][ T8972] 64-byte region [ffff8880a8f87980, ffff8880a8f879c0) [ 68.646231][ T8972] The buggy address belongs to the page: [ 68.651845][ T8972] page:ffffea0002a3e1c0 refcount:1 mapcount:0 mapping:ffff8880aa400380 index:0x0 [ 68.660929][ T8972] raw: 00fffe0000000200 ffffea00029d4a08 ffffea00023f1d08 ffff8880aa400380 [ 68.669492][ T8972] raw: 0000000000000000 ffff8880a8f87000 0000000100000020 0000000000000000 [ 68.678047][ T8972] page dumped because: kasan: bad access detected [ 68.684439][ T8972] [ 68.686748][ T8972] Memory state around the buggy address: [ 68.692360][ T8972] ffff8880a8f87880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.700398][ T8972] ffff8880a8f87900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 68.708465][ T8972] >ffff8880a8f87980: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 68.716513][ T8972] ^ [ 68.721872][ T8972] ffff8880a8f87a00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 68.730456][ T8972] ffff8880a8f87a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 68.738494][ T8972] ================================================================== [ 68.746562][ T8972] Disabling lock debugging due to kernel taint [ 68.755317][ T8972] Kernel panic - not syncing: panic_on_warn set ... [ 68.761941][ T8972] CPU: 0 PID: 8972 Comm: syz-executor173 Tainted: G B 5.4.0-syzkaller #0 [ 68.771625][ T8972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.781738][ T8972] Call Trace: [ 68.785016][ T8972] dump_stack+0x197/0x210 [ 68.789324][ T8972] panic+0x2e3/0x75c [ 68.793214][ T8972] ? add_taint.cold+0x16/0x16 [ 68.797881][ T8972] ? pipe_write+0xe30/0x1000 [ 68.802551][ T8972] ? preempt_schedule+0x4b/0x60 [ 68.807378][ T8972] ? ___preempt_schedule+0x16/0x18 [ 68.812464][ T8972] ? trace_hardirqs_on+0x5e/0x240 [ 68.817461][ T8972] ? pipe_write+0xe30/0x1000 [ 68.822024][ T8972] end_report+0x47/0x4f [ 68.826174][ T8972] ? pipe_write+0xe30/0x1000 [ 68.830745][ T8972] __kasan_report.cold+0xe/0x41 [ 68.835580][ T8972] ? pipe_write+0xe30/0x1000 [ 68.840152][ T8972] kasan_report+0x12/0x20 [ 68.844456][ T8972] __asan_report_store8_noabort+0x17/0x20 [ 68.850148][ T8972] pipe_write+0xe30/0x1000 [ 68.854541][ T8972] new_sync_write+0x4d3/0x770 [ 68.859192][ T8972] ? new_sync_read+0x800/0x800 [ 68.863928][ T8972] ? __fget+0x37f/0x550 [ 68.868074][ T8972] ? apparmor_file_permission+0x25/0x30 [ 68.873603][ T8972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 68.879817][ T8972] ? security_file_permission+0x8f/0x380 [ 68.885433][ T8972] __vfs_write+0xe1/0x110 [ 68.889750][ T8972] vfs_write+0x268/0x5d0 [ 68.893965][ T8972] ksys_write+0x220/0x290 [ 68.898268][ T8972] ? __ia32_sys_read+0xb0/0xb0 [ 68.903005][ T8972] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 68.908444][ T8972] ? do_fast_syscall_32+0xd1/0xe16 [ 68.913534][ T8972] ? entry_SYSENTER_compat+0x70/0x7f [ 68.918792][ T8972] ? do_fast_syscall_32+0xd1/0xe16 [ 68.923879][ T8972] __ia32_sys_write+0x71/0xb0 [ 68.928539][ T8972] do_fast_syscall_32+0x27b/0xe16 [ 68.933546][ T8972] entry_SYSENTER_compat+0x70/0x7f [ 68.938630][ T8972] RIP: 0023:0xf7f39a39 [ 68.942672][ T8972] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 68.964254][ T8972] RSP: 002b:00000000f7f351fc EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 68.972648][ T8972] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200001c0 [ 68.980604][ T8972] RDX: 00000000fffffef3 RSI: 0000000000000000 RDI: 0000000000000000 [ 68.988577][ T8972] RBP: 00000000003d0f00 R08: 0000000000000000 R09: 0000000000000000 [ 68.996543][ T8972] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 69.004510][ T8972] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 69.013905][ T8972] Kernel Offset: disabled [ 69.018239][ T8972] Rebooting in 86400 seconds..