[ 43.933501][ T26] audit: type=1800 audit(1575260305.213:29): pid=8028 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.124' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 55.675632][ T8180] ================================================================== [ 55.684029][ T8180] BUG: KASAN: slab-out-of-bounds in pipe_write+0x579/0x1130 [ 55.691399][ T8180] Write of size 8 at addr ffff88809d60fc28 by task syz-executor553/8180 [ 55.699711][ T8180] [ 55.702023][ T8180] CPU: 1 PID: 8180 Comm: syz-executor553 Not tainted 5.4.0-syzkaller #0 [ 55.710332][ T8180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.720379][ T8180] Call Trace: [ 55.723663][ T8180] dump_stack+0x1fb/0x318 [ 55.727972][ T8180] print_address_description+0x75/0x5c0 [ 55.733493][ T8180] ? vprintk_default+0x28/0x30 [ 55.738233][ T8180] ? vprintk_func+0x158/0x170 [ 55.742892][ T8180] ? printk+0x62/0x8d [ 55.746946][ T8180] __kasan_report+0x14b/0x1c0 [ 55.751639][ T8180] ? lockdep_hardirqs_on+0x2f1/0x7d0 [ 55.756963][ T8180] ? pipe_write+0x579/0x1130 [ 55.761568][ T8180] kasan_report+0x26/0x50 [ 55.765928][ T8180] __asan_report_store8_noabort+0x17/0x20 [ 55.771854][ T8180] pipe_write+0x579/0x1130 [ 55.776292][ T8180] __vfs_write+0x5a1/0x740 [ 55.780701][ T8180] vfs_write+0x275/0x590 [ 55.784928][ T8180] ksys_write+0x117/0x220 [ 55.789237][ T8180] __x64_sys_write+0x7b/0x90 [ 55.793818][ T8180] do_syscall_64+0xf7/0x1c0 [ 55.798301][ T8180] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.804168][ T8180] RIP: 0033:0x445879 [ 55.808039][ T8180] Code: e8 ec bc 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 11 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.827617][ T8180] RSP: 002b:00007fb3dea9edb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 55.836003][ T8180] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445879 [ 55.844460][ T8180] RDX: 00000000fffffef3 RSI: 00000000200001c0 RDI: 0000000000000004 [ 55.852431][ T8180] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000 [ 55.861072][ T8180] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac2c [ 55.869052][ T8180] R13: 00007ffe63472c0f R14: 00007fb3dea9f9c0 R15: 0000000000000000 [ 55.877009][ T8180] [ 55.879313][ T8180] Allocated by task 8182: [ 55.883710][ T8180] __kasan_kmalloc+0x11c/0x1b0 [ 55.888447][ T8180] kasan_kmalloc+0x9/0x10 [ 55.892778][ T8180] __kmalloc+0x254/0x340 [ 55.896999][ T8180] kcalloc+0x36/0x60 [ 55.900866][ T8180] pipe_fcntl+0x413/0x810 [ 55.905170][ T8180] do_fcntl+0x56d/0x1180 [ 55.909404][ T8180] __se_sys_fcntl+0xde/0x1b0 [ 55.913968][ T8180] __x64_sys_fcntl+0x7b/0x90 [ 55.918555][ T8180] do_syscall_64+0xf7/0x1c0 [ 55.923046][ T8180] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 55.928910][ T8180] [ 55.931218][ T8180] Freed by task 0: [ 55.934911][ T8180] (stack is not available) [ 55.939310][ T8180] [ 55.941638][ T8180] The buggy address belongs to the object at ffff88809d60fc00 [ 55.941638][ T8180] which belongs to the cache kmalloc-64 of size 64 [ 55.956135][ T8180] The buggy address is located 40 bytes inside of [ 55.956135][ T8180] 64-byte region [ffff88809d60fc00, ffff88809d60fc40) [ 55.969210][ T8180] The buggy address belongs to the page: [ 55.974942][ T8180] page:ffffea00027583c0 refcount:1 mapcount:0 mapping:ffff8880aa400380 index:0x0 [ 55.984048][ T8180] raw: 00fffe0000000200 ffffea00025bb608 ffff8880aa401348 ffff8880aa400380 [ 55.992608][ T8180] raw: 0000000000000000 ffff88809d60f000 0000000100000020 0000000000000000 [ 56.001768][ T8180] page dumped because: kasan: bad access detected [ 56.008166][ T8180] [ 56.010489][ T8180] Memory state around the buggy address: [ 56.016106][ T8180] ffff88809d60fb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.024250][ T8180] ffff88809d60fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.032294][ T8180] >ffff88809d60fc00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 56.041295][ T8180] ^ [ 56.046674][ T8180] ffff88809d60fc80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 56.054730][ T8180] ffff88809d60fd00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 56.062785][ T8180] ================================================================== [ 56.070827][ T8180] Disabling lock debugging due to kernel taint [ 56.078069][ T8180] Kernel panic - not syncing: panic_on_warn set ... [ 56.085622][ T8180] CPU: 1 PID: 8180 Comm: syz-executor553 Tainted: G B 5.4.0-syzkaller #0 [ 56.095320][ T8180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.105371][ T8180] Call Trace: [ 56.108643][ T8180] dump_stack+0x1fb/0x318 [ 56.112951][ T8180] panic+0x264/0x7a9 [ 56.116831][ T8180] ? __kasan_report+0x195/0x1c0 [ 56.121668][ T8180] ? trace_hardirqs_on+0x34/0x80 [ 56.126581][ T8180] ? __kasan_report+0x195/0x1c0 [ 56.131424][ T8180] __kasan_report+0x1bb/0x1c0 [ 56.136242][ T8180] ? lockdep_hardirqs_on+0x2f1/0x7d0 [ 56.141523][ T8180] ? pipe_write+0x579/0x1130 [ 56.146094][ T8180] kasan_report+0x26/0x50 [ 56.150409][ T8180] __asan_report_store8_noabort+0x17/0x20 [ 56.156115][ T8180] pipe_write+0x579/0x1130 [ 56.160514][ T8180] __vfs_write+0x5a1/0x740 [ 56.165463][ T8180] vfs_write+0x275/0x590 [ 56.170044][ T8180] ksys_write+0x117/0x220 [ 56.174367][ T8180] __x64_sys_write+0x7b/0x90 [ 56.178946][ T8180] do_syscall_64+0xf7/0x1c0 [ 56.183442][ T8180] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.189334][ T8180] RIP: 0033:0x445879 [ 56.193206][ T8180] Code: e8 ec bc 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 11 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.212809][ T8180] RSP: 002b:00007fb3dea9edb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 56.221203][ T8180] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445879 [ 56.229153][ T8180] RDX: 00000000fffffef3 RSI: 00000000200001c0 RDI: 0000000000000004 [ 56.237185][ T8180] RBP: 00000000006dac20 R08: 0000000000000000 R09: 0000000000000000 [ 56.245999][ T8180] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac2c [ 56.253964][ T8180] R13: 00007ffe63472c0f R14: 00007fb3dea9f9c0 R15: 0000000000000000 [ 56.263365][ T8180] Kernel Offset: disabled [ 56.267714][ T8180] Rebooting in 86400 seconds..