[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   64.135508][   T27] audit: type=1800 audit(1558233991.372:25): pid=8718 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   64.179822][   T27] audit: type=1800 audit(1558233991.382:26): pid=8718 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   64.236212][   T27] audit: type=1800 audit(1558233991.382:27): pid=8718 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.25' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   75.175922][ T8874] ==================================================================
[   75.184026][ T8874] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x3ba2/0x5490
[   75.191721][ T8874] Read of size 8 at addr ffff88809b6bdcc0 by task syz-executor397/8874
[   75.199925][ T8874] 
[   75.202231][ T8874] CPU: 0 PID: 8874 Comm: syz-executor397 Not tainted 5.1.0+ #19
[   75.209827][ T8874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   75.219856][ T8874] Call Trace:
[   75.223125][ T8874]  dump_stack+0x172/0x1f0
[   75.227443][ T8874]  ? __lock_acquire+0x3ba2/0x5490
[   75.232441][ T8874]  print_address_description.cold+0x7c/0x20d
[   75.238389][ T8874]  ? __lock_acquire+0x3ba2/0x5490
[   75.243383][ T8874]  ? __lock_acquire+0x3ba2/0x5490
[   75.248384][ T8874]  __kasan_report.cold+0x1b/0x40
[   75.253298][ T8874]  ? __lock_acquire+0x3ba2/0x5490
[   75.258323][ T8874]  kasan_report+0x12/0x20
[   75.262659][ T8874]  __asan_report_load8_noabort+0x14/0x20
[   75.268265][ T8874]  __lock_acquire+0x3ba2/0x5490
[   75.273095][ T8874]  ? sock_diag_rcv+0x2b/0x40
[   75.277660][ T8874]  ? netlink_unicast+0x531/0x710
[   75.282569][ T8874]  ? netlink_sendmsg+0x8ae/0xd70
[   75.287481][ T8874]  ? sock_sendmsg+0xd7/0x130
[   75.292050][ T8874]  ? ___sys_sendmsg+0x803/0x920
[   75.296877][ T8874]  ? __sys_sendmsg+0x105/0x1d0
[   75.301628][ T8874]  ? __x64_sys_sendmsg+0x78/0xb0
[   75.306546][ T8874]  ? do_syscall_64+0xfd/0x680
[   75.311204][ T8874]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   75.317252][ T8874]  ? mark_held_locks+0xf0/0xf0
[   75.322016][ T8874]  ? mark_held_locks+0xf0/0xf0
[   75.326759][ T8874]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   75.332369][ T8874]  ? find_held_lock+0x35/0x130
[   75.337108][ T8874]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   75.342725][ T8874]  lock_acquire+0x16f/0x3f0
[   75.347210][ T8874]  ? rhashtable_walk_enter+0xf9/0x390
[   75.352563][ T8874]  _raw_spin_lock+0x2f/0x40
[   75.357043][ T8874]  ? rhashtable_walk_enter+0xf9/0x390
[   75.362402][ T8874]  rhashtable_walk_enter+0xf9/0x390
[   75.367580][ T8874]  __tipc_dump_start+0x1fa/0x3c0
[   75.372503][ T8874]  tipc_dump_start+0x70/0x90
[   75.377069][ T8874]  __netlink_dump_start+0x4f8/0x7d0
[   75.382245][ T8874]  ? __tipc_dump_start+0x3c0/0x3c0
[   75.387330][ T8874]  tipc_sock_diag_handler_dump+0x1d9/0x270
[   75.393139][ T8874]  ? __tipc_diag_gen_cookie+0x90/0x90
[   75.398488][ T8874]  ? sock_diag_rcv+0x1c/0x40
[   75.403055][ T8874]  ? __tipc_dump_start+0x3c0/0x3c0
[   75.408142][ T8874]  ? tipc_unregister_sysctl+0x20/0x20
[   75.413488][ T8874]  ? tipc_ioctl+0x2e0/0x2e0
[   75.417973][ T8874]  sock_diag_rcv_msg+0x319/0x410
[   75.422890][ T8874]  netlink_rcv_skb+0x177/0x450
[   75.427638][ T8874]  ? sock_diag_bind+0x80/0x80
[   75.432291][ T8874]  ? netlink_ack+0xb50/0xb50
[   75.436856][ T8874]  ? kasan_check_read+0x11/0x20
[   75.441681][ T8874]  ? netlink_deliver_tap+0x254/0xbf0
[   75.446941][ T8874]  sock_diag_rcv+0x2b/0x40
[   75.451347][ T8874]  netlink_unicast+0x531/0x710
[   75.456088][ T8874]  ? netlink_attachskb+0x770/0x770
[   75.461175][ T8874]  ? _copy_from_iter_full+0x25d/0x8c0
[   75.466525][ T8874]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   75.472240][ T8874]  ? __check_object_size+0x3d/0x42f
[   75.477416][ T8874]  netlink_sendmsg+0x8ae/0xd70
[   75.482169][ T8874]  ? netlink_unicast+0x710/0x710
[   75.487093][ T8874]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   75.492624][ T8874]  ? apparmor_socket_sendmsg+0x2a/0x30
[   75.498090][ T8874]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   75.504308][ T8874]  ? security_socket_sendmsg+0x8d/0xc0
[   75.509743][ T8874]  ? netlink_unicast+0x710/0x710
[   75.514657][ T8874]  sock_sendmsg+0xd7/0x130
[   75.519051][ T8874]  ___sys_sendmsg+0x803/0x920
[   75.523705][ T8874]  ? copy_msghdr_from_user+0x430/0x430
[   75.529154][ T8874]  ? prep_transhuge_page+0xa0/0xa0
[   75.534266][ T8874]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   75.540494][ T8874]  ? __handle_mm_fault+0x7cb/0x3eb0
[   75.545676][ T8874]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   75.551892][ T8874]  ? __fget_light+0x1a9/0x230
[   75.556543][ T8874]  ? __fdget+0x1b/0x20
[   75.560588][ T8874]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   75.566807][ T8874]  __sys_sendmsg+0x105/0x1d0
[   75.571391][ T8874]  ? __ia32_sys_shutdown+0x80/0x80
[   75.576492][ T8874]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   75.581929][ T8874]  ? do_syscall_64+0x26/0x680
[   75.586582][ T8874]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   75.592633][ T8874]  ? do_syscall_64+0x26/0x680
[   75.597300][ T8874]  __x64_sys_sendmsg+0x78/0xb0
[   75.602055][ T8874]  do_syscall_64+0xfd/0x680
[   75.606538][ T8874]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   75.612404][ T8874] RIP: 0033:0x4402c9
[   75.616276][ T8874] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   75.635856][ T8874] RSP: 002b:00007fff0c07a2b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   75.644278][ T8874] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9
[   75.652224][ T8874] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[   75.660167][ T8874] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   75.668122][ T8874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b50
[   75.676072][ T8874] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000
[   75.684020][ T8874] 
[   75.686318][ T8874] Allocated by task 8865:
[   75.690644][ T8874]  save_stack+0x23/0x90
[   75.694795][ T8874]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   75.700400][ T8874]  kasan_slab_alloc+0xf/0x20
[   75.704963][ T8874]  kmem_cache_alloc+0x11a/0x6f0
[   75.709787][ T8874]  skb_clone+0x154/0x3d0
[   75.714010][ T8874]  packet_rcv_spkt+0x48b/0x5c0
[   75.718746][ T8874]  __netif_receive_skb_core+0xdb7/0x3060
[   75.724350][ T8874]  __netif_receive_skb_one_core+0xa8/0x1a0
[   75.730128][ T8874]  __netif_receive_skb+0x2c/0x1d0
[   75.735126][ T8874]  netif_receive_skb_internal+0x117/0x5c0
[   75.740818][ T8874]  napi_gro_receive+0x52d/0x740
[   75.745640][ T8874]  receive_buf+0xf8a/0x57c0
[   75.750140][ T8874]  virtnet_poll+0x5f8/0xe82
[   75.754632][ T8874]  net_rx_action+0x4f5/0x1070
[   75.759291][ T8874]  __do_softirq+0x25c/0x94c
[   75.763769][ T8874] 
[   75.766083][ T8874] Freed by task 8865:
[   75.770046][ T8874]  save_stack+0x23/0x90
[   75.774177][ T8874]  __kasan_slab_free+0x102/0x150
[   75.779094][ T8874]  kasan_slab_free+0xe/0x10
[   75.783578][ T8874]  kmem_cache_free+0x86/0x260
[   75.788260][ T8874]  kfree_skbmem+0xc5/0x150
[   75.792654][ T8874]  kfree_skb+0xf0/0x390
[   75.796786][ T8874]  packet_rcv_spkt+0xe6/0x5c0
[   75.801444][ T8874]  __netif_receive_skb_core+0xdb7/0x3060
[   75.807049][ T8874]  __netif_receive_skb_one_core+0xa8/0x1a0
[   75.812845][ T8874]  __netif_receive_skb+0x2c/0x1d0
[   75.817850][ T8874]  netif_receive_skb_internal+0x117/0x5c0
[   75.823551][ T8874]  napi_gro_receive+0x52d/0x740
[   75.828385][ T8874]  receive_buf+0xf8a/0x57c0
[   75.832868][ T8874]  virtnet_poll+0x5f8/0xe82
[   75.837349][ T8874]  net_rx_action+0x4f5/0x1070
[   75.842003][ T8874]  __do_softirq+0x25c/0x94c
[   75.846476][ T8874] 
[   75.848784][ T8874] The buggy address belongs to the object at ffff88809b6bdbc0
[   75.848784][ T8874]  which belongs to the cache skbuff_head_cache of size 224
[   75.863366][ T8874] The buggy address is located 32 bytes to the right of
[   75.863366][ T8874]  224-byte region [ffff88809b6bdbc0, ffff88809b6bdca0)
[   75.877062][ T8874] The buggy address belongs to the page:
[   75.882691][ T8874] page:ffffea00026daf40 count:1 mapcount:0 mapping:ffff8880a99a0b00 index:0x0
[   75.891517][ T8874] flags: 0x1fffc0000000200(slab)
[   75.896436][ T8874] raw: 01fffc0000000200 ffffea00026b77c8 ffffea00027b73c8 ffff8880a99a0b00
[   75.905002][ T8874] raw: 0000000000000000 ffff88809b6bd080 000000010000000c 0000000000000000
[   75.913564][ T8874] page dumped because: kasan: bad access detected
[   75.919950][ T8874] 
[   75.922251][ T8874] Memory state around the buggy address:
[   75.927857][ T8874]  ffff88809b6bdb80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   75.935896][ T8874]  ffff88809b6bdc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   75.943938][ T8874] >ffff88809b6bdc80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   75.951993][ T8874]                                            ^
[   75.958122][ T8874]  ffff88809b6bdd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   75.966189][ T8874]  ffff88809b6bdd80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   75.974223][ T8874] ==================================================================
[   75.982254][ T8874] Disabling lock debugging due to kernel taint
[   75.988382][ T8874] Kernel panic - not syncing: panic_on_warn set ...
[   75.994956][ T8874] CPU: 0 PID: 8874 Comm: syz-executor397 Tainted: G    B             5.1.0+ #19
[   76.003951][ T8874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   76.013989][ T8874] Call Trace:
[   76.017264][ T8874]  dump_stack+0x172/0x1f0
[   76.021578][ T8874]  panic+0x2cb/0x646
[   76.025454][ T8874]  ? __warn_printk+0xf3/0xf3
[   76.030040][ T8874]  ? lock_downgrade+0x880/0x880
[   76.034883][ T8874]  ? __lock_acquire+0x3ba2/0x5490
[   76.039889][ T8874]  ? trace_hardirqs_off+0x62/0x220
[   76.044974][ T8874]  ? trace_hardirqs_off+0x59/0x220
[   76.050063][ T8874]  ? __lock_acquire+0x3ba2/0x5490
[   76.055068][ T8874]  end_report+0x47/0x4f
[   76.059201][ T8874]  ? __lock_acquire+0x3ba2/0x5490
[   76.064209][ T8874]  __kasan_report.cold+0xe/0x40
[   76.069056][ T8874]  ? __lock_acquire+0x3ba2/0x5490
[   76.074064][ T8874]  kasan_report+0x12/0x20
[   76.078368][ T8874]  __asan_report_load8_noabort+0x14/0x20
[   76.083988][ T8874]  __lock_acquire+0x3ba2/0x5490
[   76.088817][ T8874]  ? sock_diag_rcv+0x2b/0x40
[   76.093386][ T8874]  ? netlink_unicast+0x531/0x710
[   76.098295][ T8874]  ? netlink_sendmsg+0x8ae/0xd70
[   76.103208][ T8874]  ? sock_sendmsg+0xd7/0x130
[   76.107772][ T8874]  ? ___sys_sendmsg+0x803/0x920
[   76.112599][ T8874]  ? __sys_sendmsg+0x105/0x1d0
[   76.117345][ T8874]  ? __x64_sys_sendmsg+0x78/0xb0
[   76.122256][ T8874]  ? do_syscall_64+0xfd/0x680
[   76.126911][ T8874]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.132969][ T8874]  ? mark_held_locks+0xf0/0xf0
[   76.137724][ T8874]  ? mark_held_locks+0xf0/0xf0
[   76.142465][ T8874]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   76.148093][ T8874]  ? find_held_lock+0x35/0x130
[   76.152830][ T8874]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   76.158437][ T8874]  lock_acquire+0x16f/0x3f0
[   76.162918][ T8874]  ? rhashtable_walk_enter+0xf9/0x390
[   76.168323][ T8874]  _raw_spin_lock+0x2f/0x40
[   76.172819][ T8874]  ? rhashtable_walk_enter+0xf9/0x390
[   76.178178][ T8874]  rhashtable_walk_enter+0xf9/0x390
[   76.183353][ T8874]  __tipc_dump_start+0x1fa/0x3c0
[   76.188263][ T8874]  tipc_dump_start+0x70/0x90
[   76.192830][ T8874]  __netlink_dump_start+0x4f8/0x7d0
[   76.198004][ T8874]  ? __tipc_dump_start+0x3c0/0x3c0
[   76.203095][ T8874]  tipc_sock_diag_handler_dump+0x1d9/0x270
[   76.208877][ T8874]  ? __tipc_diag_gen_cookie+0x90/0x90
[   76.214229][ T8874]  ? sock_diag_rcv+0x1c/0x40
[   76.218797][ T8874]  ? __tipc_dump_start+0x3c0/0x3c0
[   76.223883][ T8874]  ? tipc_unregister_sysctl+0x20/0x20
[   76.229230][ T8874]  ? tipc_ioctl+0x2e0/0x2e0
[   76.233719][ T8874]  sock_diag_rcv_msg+0x319/0x410
[   76.238637][ T8874]  netlink_rcv_skb+0x177/0x450
[   76.243388][ T8874]  ? sock_diag_bind+0x80/0x80
[   76.248050][ T8874]  ? netlink_ack+0xb50/0xb50
[   76.252630][ T8874]  ? kasan_check_read+0x11/0x20
[   76.257461][ T8874]  ? netlink_deliver_tap+0x254/0xbf0
[   76.262731][ T8874]  sock_diag_rcv+0x2b/0x40
[   76.267126][ T8874]  netlink_unicast+0x531/0x710
[   76.271872][ T8874]  ? netlink_attachskb+0x770/0x770
[   76.276958][ T8874]  ? _copy_from_iter_full+0x25d/0x8c0
[   76.282304][ T8874]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   76.287997][ T8874]  ? __check_object_size+0x3d/0x42f
[   76.293172][ T8874]  netlink_sendmsg+0x8ae/0xd70
[   76.297913][ T8874]  ? netlink_unicast+0x710/0x710
[   76.302825][ T8874]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   76.308347][ T8874]  ? apparmor_socket_sendmsg+0x2a/0x30
[   76.313806][ T8874]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.320033][ T8874]  ? security_socket_sendmsg+0x8d/0xc0
[   76.325473][ T8874]  ? netlink_unicast+0x710/0x710
[   76.330394][ T8874]  sock_sendmsg+0xd7/0x130
[   76.334789][ T8874]  ___sys_sendmsg+0x803/0x920
[   76.339448][ T8874]  ? copy_msghdr_from_user+0x430/0x430
[   76.344892][ T8874]  ? prep_transhuge_page+0xa0/0xa0
[   76.349989][ T8874]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.356235][ T8874]  ? __handle_mm_fault+0x7cb/0x3eb0
[   76.361435][ T8874]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   76.367658][ T8874]  ? __fget_light+0x1a9/0x230
[   76.372316][ T8874]  ? __fdget+0x1b/0x20
[   76.376369][ T8874]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   76.382591][ T8874]  __sys_sendmsg+0x105/0x1d0
[   76.387167][ T8874]  ? __ia32_sys_shutdown+0x80/0x80
[   76.392261][ T8874]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   76.397701][ T8874]  ? do_syscall_64+0x26/0x680
[   76.402357][ T8874]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.408400][ T8874]  ? do_syscall_64+0x26/0x680
[   76.413055][ T8874]  __x64_sys_sendmsg+0x78/0xb0
[   76.417802][ T8874]  do_syscall_64+0xfd/0x680
[   76.422284][ T8874]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   76.428151][ T8874] RIP: 0033:0x4402c9
[   76.432029][ T8874] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   76.451635][ T8874] RSP: 002b:00007fff0c07a2b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   76.460043][ T8874] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004402c9
[   76.467992][ T8874] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[   76.475937][ T8874] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   76.483883][ T8874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401b50
[   76.491829][ T8874] R13: 0000000000401be0 R14: 0000000000000000 R15: 0000000000000000
[   76.500737][ T8874] Kernel Offset: disabled
[   76.505054][ T8874] Rebooting in 86400 seconds..