[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 71.387299][ T26] audit: type=1800 audit(1577203460.800:25): pid=9218 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[ 71.420682][ T26] audit: type=1800 audit(1577203460.810:26): pid=9218 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 71.461677][ T26] audit: type=1800 audit(1577203460.810:27): pid=9218 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 82.474600][ T9372] netlink: 2 bytes leftover after parsing attributes in process `syz-executor569'.
[ 82.510824][ C0] ==================================================================
[ 82.519232][ C0] BUG: KASAN: use-after-free in __alloc_skb+0x37b/0x5e0
[ 82.526705][ C0] Write of size 32 at addr ffff88819ef1b3c0 by task net.agent/9374
[ 82.534604][ C0]
[ 82.536953][ C0] CPU: 0 PID: 9374 Comm: net.agent Not tainted 5.5.0-rc2-next-20191220-syzkaller #0
[ 82.546322][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 82.556388][ C0] Call Trace:
[ 82.559679][ C0]
[ 82.562545][ C0] dump_stack+0x197/0x210
[ 82.566894][ C0] ? __alloc_skb+0x37b/0x5e0
[ 82.571507][ C0] print_address_description.constprop.0.cold+0xd4/0x30b
[ 82.578543][ C0] ? __alloc_skb+0x37b/0x5e0
[ 82.583181][ C0] ? __alloc_skb+0x37b/0x5e0
[ 82.587801][ C0] __kasan_report.cold+0x1b/0x41
[ 82.592760][ C0] ? __alloc_skb+0x37b/0x5e0
[ 82.598331][ C0] kasan_report+0x12/0x20
[ 82.602675][ C0] check_memory_region+0x134/0x1a0
[ 82.607804][ C0] memset+0x24/0x40
[ 82.611629][ C0] __alloc_skb+0x37b/0x5e0
[ 82.616060][ C0] ? __kmalloc_reserve.isra.0+0xf0/0xf0
[ 82.621969][ C0] ? print_circular_bug.isra.0+0x230/0x230
[ 82.627799][ C0] igmpv3_newpack+0x1b9/0x1110
[ 82.632603][ C0] ? ip_mc_join_group+0x30/0x30
[ 82.637474][ C0] ? __kasan_check_read+0x11/0x20
[ 82.642512][ C0] ? __lock_acquire+0x16f2/0x4a00
[ 82.647729][ C0] add_grhead.isra.0+0x235/0x300
[ 82.652682][ C0] add_grec+0x842/0x1230
[ 82.656942][ C0] ? do_raw_spin_lock+0x139/0x2f0
[ 82.661983][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 82.666929][ C0] ? add_grhead.isra.0+0x300/0x300
[ 82.672067][ C0] igmp_ifc_timer_expire+0x4af/0xab0
[ 82.677375][ C0] call_timer_fn+0x1ac/0x780
[ 82.681983][ C0] ? __ip_mc_dec_group+0x520/0x520
[ 82.687109][ C0] ? msleep_interruptible+0x150/0x150
[ 82.692500][ C0] ? run_timer_softirq+0x6b1/0x1790
[ 82.697721][ C0] ? trace_hardirqs_on+0x67/0x240
[ 82.702760][ C0] ? __ip_mc_dec_group+0x520/0x520
[ 82.707888][ C0] ? __ip_mc_dec_group+0x520/0x520
[ 82.713030][ C0] run_timer_softirq+0x6c3/0x1790
[ 82.718084][ C0] ? add_timer+0x940/0x940
[ 82.722515][ C0] ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 82.728713][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 82.734276][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 82.740275][ C0] ? trace_hardirqs_on+0x67/0x240
[ 82.745319][ C0] __do_softirq+0x262/0x98c
[ 82.749830][ C0] ? sched_clock_cpu+0x1b/0x1b0
[ 82.754708][ C0] irq_exit+0x19b/0x1e0
[ 82.758875][ C0] smp_apic_timer_interrupt+0x1a3/0x610
[ 82.764442][ C0] apic_timer_interrupt+0xf/0x20
[ 82.769415][ C0]
[ 82.772369][ C0] RIP: 0010:kernel_poison_pages+0x8/0x2b0
[ 82.778096][ C0] Code: cc cc 55 48 89 e5 e8 f7 c7 c2 ff 0f b6 05 c0 e8 ce 08 5d c3 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 <41> 55 49 89 fd 41 54 41 89 f4 53 89 d3 48 83 ec 10 e8 c2 c7 c2 ff
[ 82.798058][ C0] RSP: 0018:ffffc90001d87480 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 82.806486][ C0] RAX: ffffed1012a3d800 RBX: 0000000000000301 RCX: 0000000000000000
[ 82.814487][ C0] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffffea0002547b00
[ 82.822494][ C0] RBP: ffffc90001d87490 R08: 1ffffd40004a8f66 R09: ffffed1012a3d800
[ 82.830475][ C0] R10: fffff940004a8f66 R11: ffffea0002547b37 R12: ffffea0002547b00
[ 82.838458][ C0] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000400dc0
[ 82.846469][ C0] prep_new_page+0x11d/0x200
[ 82.851076][ C0] get_page_from_freelist+0x1741/0x42e0
[ 82.856647][ C0] ? __alloc_pages_nodemask+0x53d/0x910
[ 82.862226][ C0] ? __isolate_free_page+0x4c0/0x4c0
[ 82.867520][ C0] ? ___might_sleep+0x163/0x2c0
[ 82.872387][ C0] ? __might_sleep+0x95/0x190
[ 82.877079][ C0] __alloc_pages_nodemask+0x2d0/0x910
[ 82.882468][ C0] ? __pmd_alloc+0x377/0x460
[ 82.887076][ C0] ? __alloc_pages_slowpath+0x2900/0x2900
[ 82.892815][ C0] ? __pmd_alloc+0x377/0x460
[ 82.897423][ C0] ? lock_downgrade+0x920/0x920
[ 82.902289][ C0] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 82.908546][ C0] alloc_pages_current+0x107/0x210
[ 82.913682][ C0] pte_alloc_one+0x1b/0x1a0
[ 82.918202][ C0] __pte_alloc+0x20/0x310
[ 82.922549][ C0] copy_page_range+0x1629/0x20e0
[ 82.927527][ C0] ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 82.933093][ C0] ? validate_mm_rb+0xa3/0xc0
[ 82.937791][ C0] ? __vma_link_rb+0x5ad/0x770
[ 82.942568][ C0] ? anon_vma_fork+0xd4/0x4a0
[ 82.947261][ C0] dup_mm+0xa67/0x1430
[ 82.951355][ C0] ? vm_area_dup+0x170/0x170
[ 82.955963][ C0] ? debug_mutex_init+0x2d/0x60
[ 82.960830][ C0] copy_process+0x2ad6/0x7220
[ 82.965516][ C0] ? find_held_lock+0x35/0x130
[ 82.970294][ C0] ? debug_object_active_state+0x28a/0x350
[ 82.976132][ C0] ? __cleanup_sighand+0xc0/0xc0
[ 82.981082][ C0] ? __kasan_check_read+0x11/0x20
[ 82.986130][ C0] _do_fork+0x146/0x1090
[ 82.990383][ C0] ? copy_init_mm+0x20/0x20
[ 82.994978][ C0] ? find_held_lock+0x35/0x130
[ 82.999767][ C0] ? task_work_run+0x118/0x1c0
[ 83.004556][ C0] ? lock_downgrade+0x920/0x920
[ 83.009438][ C0] __x64_sys_clone+0x19a/0x260
[ 83.014226][ C0] ? __ia32_sys_vfork+0xd0/0xd0
[ 83.019106][ C0] ? lockdep_hardirqs_on+0x421/0x5e0
[ 83.025087][ C0] ? trace_hardirqs_on+0x67/0x240
[ 83.030100][ C0] do_syscall_64+0xfa/0x790
[ 83.034636][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 83.040528][ C0] RIP: 0033:0x7faaf07ddf46
[ 83.044946][ C0] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 14 25 10 00 00 00 31 d2 49 81 c2 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 31 01 00 00 85 c0 41 89 c4 0f 85 3b 01 00
[ 83.064595][ C0] RSP: 002b:00007ffc4d094490 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 83.073172][ C0] RAX: ffffffffffffffda RBX: 00007ffc4d094490 RCX: 00007faaf07ddf46
[ 83.081187][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 83.089186][ C0] RBP: 00007ffc4d0944d0 R08: 0000000000000000 R09: 000000000000249e
[ 83.097146][ C0] R10: 00007faaf0cd49d0 R11: 0000000000000246 R12: 0000000000000000
[ 83.105099][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 83.115065][ C0]
[ 83.117371][ C0] The buggy address belongs to the page:
[ 83.122998][ C0] page:ffffea00067bc6c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 83.132085][ C0] raw: 057ffe0000000000 ffffea00067bc6c8 ffffea00067bc6c8 0000000000000000
[ 83.140662][ C0] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 83.149220][ C0] page dumped because: kasan: bad access detected
[ 83.155796][ C0]
[ 83.158117][ C0] Memory state around the buggy address:
[ 83.163798][ C0] ffff88819ef1b280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 83.171941][ C0] ffff88819ef1b300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 83.180152][ C0] >ffff88819ef1b380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 83.188341][ C0] ^
[ 83.194522][ C0] ffff88819ef1b400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 83.202565][ C0] ffff88819ef1b480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 83.210602][ C0] ==================================================================
[ 83.218639][ C0] Disabling lock debugging due to kernel taint
[ 83.224812][ C0] Kernel panic - not syncing: panic_on_warn set ...
[ 83.231413][ C0] CPU: 0 PID: 9374 Comm: net.agent Tainted: G B 5.5.0-rc2-next-20191220-syzkaller #0
[ 83.242283][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 83.252313][ C0] Call Trace:
[ 83.255600][ C0]
[ 83.258444][ C0] dump_stack+0x197/0x210
[ 83.262764][ C0] panic+0x2e3/0x75c
[ 83.266644][ C0] ? add_taint.cold+0x16/0x16
[ 83.271327][ C0] ? retint_kernel+0x2b/0x2b
[ 83.275920][ C0] ? trace_hardirqs_on+0x5e/0x240
[ 83.280934][ C0] ? __alloc_skb+0x37b/0x5e0
[ 83.285511][ C0] end_report+0x47/0x4f
[ 83.289662][ C0] ? __alloc_skb+0x37b/0x5e0
[ 83.294248][ C0] __kasan_report.cold+0xe/0x41
[ 83.299088][ C0] ? __alloc_skb+0x37b/0x5e0
[ 83.303678][ C0] kasan_report+0x12/0x20
[ 83.308115][ C0] check_memory_region+0x134/0x1a0
[ 83.313223][ C0] memset+0x24/0x40
[ 83.317053][ C0] __alloc_skb+0x37b/0x5e0
[ 83.321461][ C0] ? __kmalloc_reserve.isra.0+0xf0/0xf0
[ 83.326992][ C0] ? print_circular_bug.isra.0+0x230/0x230
[ 83.332796][ C0] igmpv3_newpack+0x1b9/0x1110
[ 83.337556][ C0] ? ip_mc_join_group+0x30/0x30
[ 83.342392][ C0] ? __kasan_check_read+0x11/0x20
[ 83.347408][ C0] ? __lock_acquire+0x16f2/0x4a00
[ 83.352411][ C0] add_grhead.isra.0+0x235/0x300
[ 83.357447][ C0] add_grec+0x842/0x1230
[ 83.361671][ C0] ? do_raw_spin_lock+0x139/0x2f0
[ 83.366672][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 83.371588][ C0] ? add_grhead.isra.0+0x300/0x300
[ 83.377761][ C0] igmp_ifc_timer_expire+0x4af/0xab0
[ 83.383053][ C0] call_timer_fn+0x1ac/0x780
[ 83.387633][ C0] ? __ip_mc_dec_group+0x520/0x520
[ 83.392733][ C0] ? msleep_interruptible+0x150/0x150
[ 83.398082][ C0] ? run_timer_softirq+0x6b1/0x1790
[ 83.403262][ C0] ? trace_hardirqs_on+0x67/0x240
[ 83.408263][ C0] ? __ip_mc_dec_group+0x520/0x520
[ 83.413437][ C0] ? __ip_mc_dec_group+0x520/0x520
[ 83.418550][ C0] run_timer_softirq+0x6c3/0x1790
[ 83.423588][ C0] ? add_timer+0x940/0x940
[ 83.427996][ C0] ? rcu_lockdep_current_cpu_online+0xe3/0x130
[ 83.434291][ C0] ? rcu_read_lock_sched_held+0x9c/0xd0
[ 83.439862][ C0] ? rcu_read_lock_any_held.part.0+0x50/0x50
[ 83.445859][ C0] ? trace_hardirqs_on+0x67/0x240
[ 83.450891][ C0] __do_softirq+0x262/0x98c
[ 83.455392][ C0] ? sched_clock_cpu+0x1b/0x1b0
[ 83.460244][ C0] irq_exit+0x19b/0x1e0
[ 83.464409][ C0] smp_apic_timer_interrupt+0x1a3/0x610
[ 83.470297][ C0] apic_timer_interrupt+0xf/0x20
[ 83.475298][ C0]
[ 83.478218][ C0] RIP: 0010:kernel_poison_pages+0x8/0x2b0
[ 83.483918][ C0] Code: cc cc 55 48 89 e5 e8 f7 c7 c2 ff 0f b6 05 c0 e8 ce 08 5d c3 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 <41> 55 49 89 fd 41 54 41 89 f4 53 89 d3 48 83 ec 10 e8 c2 c7 c2 ff
[ 83.503850][ C0] RSP: 0018:ffffc90001d87480 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 83.512241][ C0] RAX: ffffed1012a3d800 RBX: 0000000000000301 RCX: 0000000000000000
[ 83.520189][ C0] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffffea0002547b00
[ 83.528312][ C0] RBP: ffffc90001d87490 R08: 1ffffd40004a8f66 R09: ffffed1012a3d800
[ 83.536272][ C0] R10: fffff940004a8f66 R11: ffffea0002547b37 R12: ffffea0002547b00
[ 83.544382][ C0] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000400dc0
[ 83.552354][ C0] prep_new_page+0x11d/0x200
[ 83.556971][ C0] get_page_from_freelist+0x1741/0x42e0
[ 83.562523][ C0] ? __alloc_pages_nodemask+0x53d/0x910
[ 83.568055][ C0] ? __isolate_free_page+0x4c0/0x4c0
[ 83.573405][ C0] ? ___might_sleep+0x163/0x2c0
[ 83.578230][ C0] ? __might_sleep+0x95/0x190
[ 83.582903][ C0] __alloc_pages_nodemask+0x2d0/0x910
[ 83.588267][ C0] ? __pmd_alloc+0x377/0x460
[ 83.592858][ C0] ? __alloc_pages_slowpath+0x2900/0x2900
[ 83.598563][ C0] ? __pmd_alloc+0x377/0x460
[ 83.603257][ C0] ? lock_downgrade+0x920/0x920
[ 83.608113][ C0] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 83.614361][ C0] alloc_pages_current+0x107/0x210
[ 83.619478][ C0] pte_alloc_one+0x1b/0x1a0
[ 83.623990][ C0] __pte_alloc+0x20/0x310
[ 83.628327][ C0] copy_page_range+0x1629/0x20e0
[ 83.633253][ C0] ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 83.638818][ C0] ? validate_mm_rb+0xa3/0xc0
[ 83.643501][ C0] ? __vma_link_rb+0x5ad/0x770
[ 83.648244][ C0] ? anon_vma_fork+0xd4/0x4a0
[ 83.652905][ C0] dup_mm+0xa67/0x1430
[ 83.656958][ C0] ? vm_area_dup+0x170/0x170
[ 83.661530][ C0] ? debug_mutex_init+0x2d/0x60
[ 83.666374][ C0] copy_process+0x2ad6/0x7220
[ 83.671028][ C0] ? find_held_lock+0x35/0x130
[ 83.675792][ C0] ? debug_object_active_state+0x28a/0x350
[ 83.681601][ C0] ? __cleanup_sighand+0xc0/0xc0
[ 83.686667][ C0] ? __kasan_check_read+0x11/0x20
[ 83.691705][ C0] _do_fork+0x146/0x1090
[ 83.696136][ C0] ? copy_init_mm+0x20/0x20
[ 83.700634][ C0] ? find_held_lock+0x35/0x130
[ 83.705394][ C0] ? task_work_run+0x118/0x1c0
[ 83.710136][ C0] ? lock_downgrade+0x920/0x920
[ 83.715167][ C0] __x64_sys_clone+0x19a/0x260
[ 83.719947][ C0] ? __ia32_sys_vfork+0xd0/0xd0
[ 83.724832][ C0] ? lockdep_hardirqs_on+0x421/0x5e0
[ 83.730117][ C0] ? trace_hardirqs_on+0x67/0x240
[ 83.735128][ C0] do_syscall_64+0xfa/0x790
[ 83.739613][ C0] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 83.745484][ C0] RIP: 0033:0x7faaf07ddf46
[ 83.749877][ C0] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 14 25 10 00 00 00 31 d2 49 81 c2 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 31 01 00 00 85 c0 41 89 c4 0f 85 3b 01 00
[ 83.769472][ C0] RSP: 002b:00007ffc4d094490 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 83.777862][ C0] RAX: ffffffffffffffda RBX: 00007ffc4d094490 RCX: 00007faaf07ddf46
[ 83.785900][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 83.793875][ C0] RBP: 00007ffc4d0944d0 R08: 0000000000000000 R09: 000000000000249e
[ 83.801846][ C0] R10: 00007faaf0cd49d0 R11: 0000000000000246 R12: 0000000000000000
[ 83.809844][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 83.819668][ C0] Kernel Offset: disabled
[ 83.824020][ C0] Rebooting in 86400 seconds..