[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 59.205669][ T25] audit: type=1800 audit(1575280732.311:25): pid=8770 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 59.227521][ T25] audit: type=1800 audit(1575280732.311:26): pid=8770 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 59.284144][ T25] audit: type=1800 audit(1575280732.311:27): pid=8770 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.225' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 69.177294][ T8923] ================================================================== [ 69.185517][ T8923] BUG: KASAN: slab-out-of-bounds in pipe_write+0xe30/0x1000 [ 69.192971][ T8923] Write of size 8 at addr ffff8880a3abf828 by task syz-executor359/8923 [ 69.201307][ T8923] [ 69.203626][ T8923] CPU: 0 PID: 8923 Comm: syz-executor359 Not tainted 5.4.0-syzkaller #0 [ 69.211944][ T8923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.222738][ T8923] Call Trace: [ 69.226021][ T8923] dump_stack+0x197/0x210 [ 69.230509][ T8923] ? pipe_write+0xe30/0x1000 [ 69.235185][ T8923] print_address_description.constprop.0.cold+0xd4/0x30b [ 69.242294][ T8923] ? pipe_write+0xe30/0x1000 [ 69.246864][ T8923] ? pipe_write+0xe30/0x1000 [ 69.251431][ T8923] __kasan_report.cold+0x1b/0x41 [ 69.256369][ T8923] ? pipe_write+0xe30/0x1000 [ 69.260941][ T8923] kasan_report+0x12/0x20 [ 69.265261][ T8923] __asan_report_store8_noabort+0x17/0x20 [ 69.270959][ T8923] pipe_write+0xe30/0x1000 [ 69.275374][ T8923] new_sync_write+0x4d3/0x770 [ 69.280049][ T8923] ? new_sync_read+0x800/0x800 [ 69.284829][ T8923] ? __fget+0x37f/0x550 [ 69.288977][ T8923] ? apparmor_file_permission+0x25/0x30 [ 69.294590][ T8923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.301179][ T8923] ? security_file_permission+0x8f/0x380 [ 69.306804][ T8923] __vfs_write+0xe1/0x110 [ 69.311120][ T8923] vfs_write+0x268/0x5d0 [ 69.315352][ T8923] ksys_write+0x220/0x290 [ 69.320011][ T8923] ? __ia32_sys_read+0xb0/0xb0 [ 69.324857][ T8923] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 69.330293][ T8923] ? do_syscall_64+0x26/0x790 [ 69.334948][ T8923] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.341188][ T8923] ? do_syscall_64+0x26/0x790 [ 69.345848][ T8923] __x64_sys_write+0x73/0xb0 [ 69.350439][ T8923] do_syscall_64+0xfa/0x790 [ 69.354936][ T8923] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.360819][ T8923] RIP: 0033:0x445a19 [ 69.364694][ T8923] Code: e8 dc bd 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 11 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.384469][ T8923] RSP: 002b:00007f643b040ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 69.393485][ T8923] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000445a19 [ 69.402045][ T8923] RDX: 00000000fffffef3 RSI: 00000000200001c0 RDI: 0000000000000004 [ 69.411990][ T8923] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 69.419941][ T8923] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 69.429214][ T8923] R13: 00007fff5fea880f R14: 00007f643b0419c0 R15: 20c49ba5e353f7cf [ 69.437273][ T8923] [ 69.439670][ T8923] Allocated by task 8925: [ 69.443997][ T8923] save_stack+0x23/0x90 [ 69.448312][ T8923] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 69.454006][ T8923] kasan_kmalloc+0x9/0x10 [ 69.458333][ T8923] __kmalloc+0x163/0x770 [ 69.462553][ T8923] pipe_fcntl+0x3f7/0x8e0 [ 69.466859][ T8923] do_fcntl+0x255/0x1030 [ 69.471077][ T8923] __x64_sys_fcntl+0x16d/0x1e0 [ 69.475819][ T8923] do_syscall_64+0xfa/0x790 [ 69.480316][ T8923] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.486190][ T8923] [ 69.488514][ T8923] Freed by task 0: [ 69.494829][ T8923] (stack is not available) [ 69.499314][ T8923] [ 69.501645][ T8923] The buggy address belongs to the object at ffff8880a3abf800 [ 69.501645][ T8923] which belongs to the cache kmalloc-64 of size 64 [ 69.517797][ T8923] The buggy address is located 40 bytes inside of [ 69.517797][ T8923] 64-byte region [ffff8880a3abf800, ffff8880a3abf840) [ 69.531880][ T8923] The buggy address belongs to the page: [ 69.537501][ T8923] page:ffffea00028eafc0 refcount:1 mapcount:0 mapping:ffff8880aa400380 index:0x0 [ 69.546599][ T8923] raw: 00fffe0000000200 ffffea00027e83c8 ffffea0002565b88 ffff8880aa400380 [ 69.555168][ T8923] raw: 0000000000000000 ffff8880a3abf000 0000000100000020 0000000000000000 [ 69.564175][ T8923] page dumped because: kasan: bad access detected [ 69.570570][ T8923] [ 69.572874][ T8923] Memory state around the buggy address: [ 69.579350][ T8923] ffff8880a3abf700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.587400][ T8923] ffff8880a3abf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.595446][ T8923] >ffff8880a3abf800: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 69.603480][ T8923] ^ [ 69.608824][ T8923] ffff8880a3abf880: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 69.616860][ T8923] ffff8880a3abf900: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 69.624904][ T8923] ================================================================== [ 69.632936][ T8923] Disabling lock debugging due to kernel taint [ 69.639891][ T8923] Kernel panic - not syncing: panic_on_warn set ... [ 69.646494][ T8923] CPU: 0 PID: 8923 Comm: syz-executor359 Tainted: G B 5.4.0-syzkaller #0 [ 69.656197][ T8923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.666231][ T8923] Call Trace: [ 69.669501][ T8923] dump_stack+0x197/0x210 [ 69.673808][ T8923] panic+0x2e3/0x75c [ 69.677677][ T8923] ? add_taint.cold+0x16/0x16 [ 69.682332][ T8923] ? pipe_write+0xe30/0x1000 [ 69.686902][ T8923] ? preempt_schedule+0x4b/0x60 [ 69.691746][ T8923] ? ___preempt_schedule+0x16/0x18 [ 69.696847][ T8923] ? trace_hardirqs_on+0x5e/0x240 [ 69.701846][ T8923] ? pipe_write+0xe30/0x1000 [ 69.706412][ T8923] end_report+0x47/0x4f [ 69.710544][ T8923] ? pipe_write+0xe30/0x1000 [ 69.715108][ T8923] __kasan_report.cold+0xe/0x41 [ 69.719939][ T8923] ? pipe_write+0xe30/0x1000 [ 69.724507][ T8923] kasan_report+0x12/0x20 [ 69.728813][ T8923] __asan_report_store8_noabort+0x17/0x20 [ 69.734505][ T8923] pipe_write+0xe30/0x1000 [ 69.738908][ T8923] new_sync_write+0x4d3/0x770 [ 69.743568][ T8923] ? new_sync_read+0x800/0x800 [ 69.748307][ T8923] ? __fget+0x37f/0x550 [ 69.752445][ T8923] ? apparmor_file_permission+0x25/0x30 [ 69.757967][ T8923] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.764185][ T8923] ? security_file_permission+0x8f/0x380 [ 69.769792][ T8923] __vfs_write+0xe1/0x110 [ 69.774104][ T8923] vfs_write+0x268/0x5d0 [ 69.778320][ T8923] ksys_write+0x220/0x290 [ 69.782623][ T8923] ? __ia32_sys_read+0xb0/0xb0 [ 69.787363][ T8923] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 69.792823][ T8923] ? do_syscall_64+0x26/0x790 [ 69.797485][ T8923] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.803540][ T8923] ? do_syscall_64+0x26/0x790 [ 69.808303][ T8923] __x64_sys_write+0x73/0xb0 [ 69.812874][ T8923] do_syscall_64+0xfa/0x790 [ 69.817354][ T8923] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.823222][ T8923] RIP: 0033:0x445a19 [ 69.827095][ T8923] Code: e8 dc bd 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 11 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.846673][ T8923] RSP: 002b:00007f643b040ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 69.855078][ T8923] RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000445a19 [ 69.863033][ T8923] RDX: 00000000fffffef3 RSI: 00000000200001c0 RDI: 0000000000000004 [ 69.870995][ T8923] RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000 [ 69.878955][ T8923] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c [ 69.886929][ T8923] R13: 00007fff5fea880f R14: 00007f643b0419c0 R15: 20c49ba5e353f7cf [ 69.896361][ T8923] Kernel Offset: disabled [ 69.900734][ T8923] Rebooting in 86400 seconds..