[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   58.533160][   T26] audit: type=1800 audit(1558387741.951:25): pid=8708 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   58.555795][   T26] audit: type=1800 audit(1558387741.961:26): pid=8708 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   58.623881][   T26] audit: type=1800 audit(1558387741.961:27): pid=8708 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   69.616432][ T8860] ==================================================================
[   69.624536][ T8860] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x3ba2/0x5490
[   69.632333][ T8860] Read of size 8 at addr ffff8882166b2340 by task syz-executor441/8860
[   69.640542][ T8860] 
[   69.642856][ T8860] CPU: 0 PID: 8860 Comm: syz-executor441 Not tainted 5.2.0-rc1+ #1
[   69.650723][ T8860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.660849][ T8860] Call Trace:
[   69.664125][ T8860]  dump_stack+0x172/0x1f0
[   69.668429][ T8860]  ? __lock_acquire+0x3ba2/0x5490
[   69.673450][ T8860]  print_address_description.cold+0x7c/0x20d
[   69.679427][ T8860]  ? __lock_acquire+0x3ba2/0x5490
[   69.684692][ T8860]  ? __lock_acquire+0x3ba2/0x5490
[   69.689701][ T8860]  __kasan_report.cold+0x1b/0x40
[   69.694651][ T8860]  ? __lock_acquire+0x3ba2/0x5490
[   69.699671][ T8860]  kasan_report+0x12/0x20
[   69.704011][ T8860]  __asan_report_load8_noabort+0x14/0x20
[   69.709623][ T8860]  __lock_acquire+0x3ba2/0x5490
[   69.714452][ T8860]  ? sock_diag_rcv+0x2b/0x40
[   69.719045][ T8860]  ? netlink_unicast+0x531/0x710
[   69.723959][ T8860]  ? netlink_sendmsg+0x8ae/0xd70
[   69.728874][ T8860]  ? sock_sendmsg+0xd7/0x130
[   69.733440][ T8860]  ? ___sys_sendmsg+0x803/0x920
[   69.738266][ T8860]  ? __sys_sendmsg+0x105/0x1d0
[   69.743011][ T8860]  ? __x64_sys_sendmsg+0x78/0xb0
[   69.747925][ T8860]  ? do_syscall_64+0xfd/0x680
[   69.752582][ T8860]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   69.758647][ T8860]  ? mark_held_locks+0xf0/0xf0
[   69.763394][ T8860]  ? mark_held_locks+0xf0/0xf0
[   69.768138][ T8860]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   69.773751][ T8860]  ? find_held_lock+0x35/0x130
[   69.778510][ T8860]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   69.784121][ T8860]  lock_acquire+0x16f/0x3f0
[   69.788604][ T8860]  ? rhashtable_walk_enter+0xf9/0x390
[   69.793956][ T8860]  _raw_spin_lock+0x2f/0x40
[   69.798439][ T8860]  ? rhashtable_walk_enter+0xf9/0x390
[   69.803799][ T8860]  rhashtable_walk_enter+0xf9/0x390
[   69.809166][ T8860]  __tipc_dump_start+0x1fa/0x3c0
[   69.814082][ T8860]  tipc_dump_start+0x70/0x90
[   69.818653][ T8860]  __netlink_dump_start+0x4f8/0x7d0
[   69.823845][ T8860]  ? __tipc_dump_start+0x3c0/0x3c0
[   69.828960][ T8860]  tipc_sock_diag_handler_dump+0x1d9/0x270
[   69.834781][ T8860]  ? __tipc_diag_gen_cookie+0x90/0x90
[   69.840149][ T8860]  ? sock_diag_rcv+0x1c/0x40
[   69.844725][ T8860]  ? __tipc_dump_start+0x3c0/0x3c0
[   69.849812][ T8860]  ? tipc_unregister_sysctl+0x20/0x20
[   69.855159][ T8860]  ? tipc_ioctl+0x2e0/0x2e0
[   69.859651][ T8860]  sock_diag_rcv_msg+0x319/0x410
[   69.864575][ T8860]  netlink_rcv_skb+0x177/0x450
[   69.869317][ T8860]  ? sock_diag_bind+0x80/0x80
[   69.874002][ T8860]  ? netlink_ack+0xb50/0xb50
[   69.878570][ T8860]  ? kasan_check_read+0x11/0x20
[   69.883397][ T8860]  ? netlink_deliver_tap+0x254/0xbf0
[   69.888666][ T8860]  sock_diag_rcv+0x2b/0x40
[   69.893062][ T8860]  netlink_unicast+0x531/0x710
[   69.897807][ T8860]  ? netlink_attachskb+0x770/0x770
[   69.902921][ T8860]  ? _copy_from_iter_full+0x25d/0x8c0
[   69.908286][ T8860]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   69.914006][ T8860]  ? __check_object_size+0x3d/0x42f
[   69.919199][ T8860]  netlink_sendmsg+0x8ae/0xd70
[   69.923946][ T8860]  ? netlink_unicast+0x710/0x710
[   69.928950][ T8860]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   69.934481][ T8860]  ? apparmor_socket_sendmsg+0x2a/0x30
[   69.939918][ T8860]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   69.946134][ T8860]  ? security_socket_sendmsg+0x8d/0xc0
[   69.951569][ T8860]  ? netlink_unicast+0x710/0x710
[   69.956480][ T8860]  sock_sendmsg+0xd7/0x130
[   69.960877][ T8860]  ___sys_sendmsg+0x803/0x920
[   69.965535][ T8860]  ? copy_msghdr_from_user+0x430/0x430
[   69.970974][ T8860]  ? prep_transhuge_page+0xa0/0xa0
[   69.976074][ T8860]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   69.982309][ T8860]  ? __handle_mm_fault+0x7cb/0x3eb0
[   69.987492][ T8860]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   69.993707][ T8860]  ? __fget_light+0x1a9/0x230
[   69.998369][ T8860]  ? __fdget+0x1b/0x20
[   70.002413][ T8860]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   70.008647][ T8860]  __sys_sendmsg+0x105/0x1d0
[   70.013218][ T8860]  ? __ia32_sys_shutdown+0x80/0x80
[   70.018326][ T8860]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   70.023780][ T8860]  ? do_syscall_64+0x26/0x680
[   70.028444][ T8860]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.034506][ T8860]  ? do_syscall_64+0x26/0x680
[   70.039176][ T8860]  __x64_sys_sendmsg+0x78/0xb0
[   70.043928][ T8860]  do_syscall_64+0xfd/0x680
[   70.048409][ T8860]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.054277][ T8860] RIP: 0033:0x440219
[   70.058149][ T8860] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   70.077735][ T8860] RSP: 002b:00007ffd85b09f88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   70.086126][ T8860] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219
[   70.094101][ T8860] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[   70.102051][ T8860] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   70.110090][ T8860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0
[   70.118042][ T8860] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000
[   70.125996][ T8860] 
[   70.128302][ T8860] Allocated by task 1:
[   70.132351][ T8860]  save_stack+0x23/0x90
[   70.136484][ T8860]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   70.142091][ T8860]  kasan_slab_alloc+0xf/0x20
[   70.146656][ T8860]  kmem_cache_alloc+0x11a/0x6f0
[   70.151482][ T8860]  __kernfs_new_node+0xf0/0x6c0
[   70.156322][ T8860]  kernfs_new_node+0x96/0x120
[   70.160974][ T8860]  __kernfs_create_file+0x51/0x340
[   70.166080][ T8860]  sysfs_add_file_mode_ns+0x222/0x560
[   70.171427][ T8860]  internal_create_group+0x359/0xc40
[   70.176700][ T8860]  sysfs_create_groups+0x9b/0x141
[   70.181737][ T8860]  device_add+0x1353/0x17a0
[   70.186222][ T8860]  netdev_register_kobject+0x183/0x3b0
[   70.191672][ T8860]  register_netdevice+0x875/0xff0
[   70.196688][ T8860]  register_netdev+0x30/0x50
[   70.201273][ T8860]  rose_proto_init+0x30d/0x61e
[   70.206018][ T8860]  do_one_initcall+0x107/0x7ba
[   70.210783][ T8860]  kernel_init_freeable+0x4d4/0x5c3
[   70.215971][ T8860]  kernel_init+0x12/0x1c5
[   70.220292][ T8860]  ret_from_fork+0x24/0x30
[   70.224686][ T8860] 
[   70.226997][ T8860] Freed by task 0:
[   70.230883][ T8860] (stack is not available)
[   70.235270][ T8860] 
[   70.237576][ T8860] The buggy address belongs to the object at ffff8882166b22a0
[   70.237576][ T8860]  which belongs to the cache kernfs_node_cache of size 160
[   70.252141][ T8860] The buggy address is located 0 bytes to the right of
[   70.252141][ T8860]  160-byte region [ffff8882166b22a0, ffff8882166b2340)
[   70.265755][ T8860] The buggy address belongs to the page:
[   70.271370][ T8860] page:ffffea000859ac80 refcount:1 mapcount:0 mapping:ffff88821bc48500 index:0xffff8882166b2fee
[   70.281783][ T8860] flags: 0x6fffc0000000200(slab)
[   70.286707][ T8860] raw: 06fffc0000000200 ffffea000859ac08 ffffea000859ad08 ffff88821bc48500
[   70.295375][ T8860] raw: ffff8882166b2fee ffff8882166b2000 0000000100000012 0000000000000000
[   70.303935][ T8860] page dumped because: kasan: bad access detected
[   70.310325][ T8860] 
[   70.312625][ T8860] Memory state around the buggy address:
[   70.318231][ T8860]  ffff8882166b2200: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   70.326278][ T8860]  ffff8882166b2280: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00
[   70.334326][ T8860] >ffff8882166b2300: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   70.342379][ T8860]                                            ^
[   70.348615][ T8860]  ffff8882166b2380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   70.357266][ T8860]  ffff8882166b2400: 00 00 00 00 fc fc fc fc fc fc fc fc 00 00 00 00
[   70.365306][ T8860] ==================================================================
[   70.373455][ T8860] Disabling lock debugging due to kernel taint
[   70.379598][ T8860] Kernel panic - not syncing: panic_on_warn set ...
[   70.386186][ T8860] CPU: 0 PID: 8860 Comm: syz-executor441 Tainted: G    B             5.2.0-rc1+ #1
[   70.395456][ T8860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.405511][ T8860] Call Trace:
[   70.408845][ T8860]  dump_stack+0x172/0x1f0
[   70.413164][ T8860]  panic+0x2cb/0x744
[   70.417129][ T8860]  ? __warn_printk+0xf3/0xf3
[   70.421697][ T8860]  ? lock_downgrade+0x880/0x880
[   70.426536][ T8860]  ? __lock_acquire+0x3ba2/0x5490
[   70.431541][ T8860]  ? trace_hardirqs_off+0x62/0x220
[   70.436649][ T8860]  ? trace_hardirqs_off+0x59/0x220
[   70.441765][ T8860]  ? __lock_acquire+0x3ba2/0x5490
[   70.446885][ T8860]  end_report+0x47/0x4f
[   70.451033][ T8860]  ? __lock_acquire+0x3ba2/0x5490
[   70.456036][ T8860]  __kasan_report.cold+0xe/0x40
[   70.460878][ T8860]  ? __lock_acquire+0x3ba2/0x5490
[   70.465882][ T8860]  kasan_report+0x12/0x20
[   70.470186][ T8860]  __asan_report_load8_noabort+0x14/0x20
[   70.475803][ T8860]  __lock_acquire+0x3ba2/0x5490
[   70.480649][ T8860]  ? sock_diag_rcv+0x2b/0x40
[   70.485248][ T8860]  ? netlink_unicast+0x531/0x710
[   70.490163][ T8860]  ? netlink_sendmsg+0x8ae/0xd70
[   70.495096][ T8860]  ? sock_sendmsg+0xd7/0x130
[   70.499682][ T8860]  ? ___sys_sendmsg+0x803/0x920
[   70.504510][ T8860]  ? __sys_sendmsg+0x105/0x1d0
[   70.509253][ T8860]  ? __x64_sys_sendmsg+0x78/0xb0
[   70.514172][ T8860]  ? do_syscall_64+0xfd/0x680
[   70.518834][ T8860]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.524889][ T8860]  ? mark_held_locks+0xf0/0xf0
[   70.529660][ T8860]  ? mark_held_locks+0xf0/0xf0
[   70.534420][ T8860]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   70.540042][ T8860]  ? find_held_lock+0x35/0x130
[   70.544809][ T8860]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   70.550424][ T8860]  lock_acquire+0x16f/0x3f0
[   70.554909][ T8860]  ? rhashtable_walk_enter+0xf9/0x390
[   70.561963][ T8860]  _raw_spin_lock+0x2f/0x40
[   70.566505][ T8860]  ? rhashtable_walk_enter+0xf9/0x390
[   70.571867][ T8860]  rhashtable_walk_enter+0xf9/0x390
[   70.577060][ T8860]  __tipc_dump_start+0x1fa/0x3c0
[   70.581984][ T8860]  tipc_dump_start+0x70/0x90
[   70.586568][ T8860]  __netlink_dump_start+0x4f8/0x7d0
[   70.591754][ T8860]  ? __tipc_dump_start+0x3c0/0x3c0
[   70.596844][ T8860]  tipc_sock_diag_handler_dump+0x1d9/0x270
[   70.602643][ T8860]  ? __tipc_diag_gen_cookie+0x90/0x90
[   70.608004][ T8860]  ? sock_diag_rcv+0x1c/0x40
[   70.612572][ T8860]  ? __tipc_dump_start+0x3c0/0x3c0
[   70.617656][ T8860]  ? tipc_unregister_sysctl+0x20/0x20
[   70.623010][ T8860]  ? tipc_ioctl+0x2e0/0x2e0
[   70.627582][ T8860]  sock_diag_rcv_msg+0x319/0x410
[   70.632500][ T8860]  netlink_rcv_skb+0x177/0x450
[   70.637256][ T8860]  ? sock_diag_bind+0x80/0x80
[   70.641913][ T8860]  ? netlink_ack+0xb50/0xb50
[   70.646494][ T8860]  ? kasan_check_read+0x11/0x20
[   70.651340][ T8860]  ? netlink_deliver_tap+0x254/0xbf0
[   70.656603][ T8860]  sock_diag_rcv+0x2b/0x40
[   70.661003][ T8860]  netlink_unicast+0x531/0x710
[   70.665747][ T8860]  ? netlink_attachskb+0x770/0x770
[   70.670848][ T8860]  ? _copy_from_iter_full+0x25d/0x8c0
[   70.676334][ T8860]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   70.682138][ T8860]  ? __check_object_size+0x3d/0x42f
[   70.687335][ T8860]  netlink_sendmsg+0x8ae/0xd70
[   70.692082][ T8860]  ? netlink_unicast+0x710/0x710
[   70.697089][ T8860]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   70.702627][ T8860]  ? apparmor_socket_sendmsg+0x2a/0x30
[   70.708076][ T8860]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.714551][ T8860]  ? security_socket_sendmsg+0x8d/0xc0
[   70.719993][ T8860]  ? netlink_unicast+0x710/0x710
[   70.724914][ T8860]  sock_sendmsg+0xd7/0x130
[   70.729306][ T8860]  ___sys_sendmsg+0x803/0x920
[   70.734053][ T8860]  ? copy_msghdr_from_user+0x430/0x430
[   70.739502][ T8860]  ? prep_transhuge_page+0xa0/0xa0
[   70.744751][ T8860]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.750986][ T8860]  ? __handle_mm_fault+0x7cb/0x3eb0
[   70.756168][ T8860]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.762382][ T8860]  ? __fget_light+0x1a9/0x230
[   70.767047][ T8860]  ? __fdget+0x1b/0x20
[   70.771288][ T8860]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   70.777608][ T8860]  __sys_sendmsg+0x105/0x1d0
[   70.782198][ T8860]  ? __ia32_sys_shutdown+0x80/0x80
[   70.787296][ T8860]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   70.792738][ T8860]  ? do_syscall_64+0x26/0x680
[   70.797394][ T8860]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.803447][ T8860]  ? do_syscall_64+0x26/0x680
[   70.808107][ T8860]  __x64_sys_sendmsg+0x78/0xb0
[   70.812851][ T8860]  do_syscall_64+0xfd/0x680
[   70.817338][ T8860]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.823221][ T8860] RIP: 0033:0x440219
[   70.827094][ T8860] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   70.846681][ T8860] RSP: 002b:00007ffd85b09f88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   70.855077][ T8860] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219
[   70.863029][ T8860] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[   70.870991][ T8860] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   70.878949][ T8860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0
[   70.886900][ T8860] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000
[   70.896014][ T8860] Kernel Offset: disabled
[   70.900333][ T8860] Rebooting in 86400 seconds..