[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   58.127622][   T25] audit: type=1800 audit(1575263424.116:25): pid=8755 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   58.147435][   T25] audit: type=1800 audit(1575263424.116:26): pid=8755 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   58.173799][   T25] audit: type=1800 audit(1575263424.126:27): pid=8755 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.7' (ECDSA) to the list of known hosts.
syzkaller login: [   67.817855][ T8908] IPVS: ftp: loaded support on port[0] = 21
[   67.880084][ T8908] chnl_net:caif_netlink_parms(): no params data found
[   67.908520][ T8908] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.916025][ T8908] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.924428][ T8908] device bridge_slave_0 entered promiscuous mode
[   67.932304][ T8908] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.939452][ T8908] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.947617][ T8908] device bridge_slave_1 entered promiscuous mode
[   67.964316][ T8908] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   67.974696][ T8908] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   67.992537][ T8908] team0: Port device team_slave_0 added
[   68.000701][ T8908] team0: Port device team_slave_1 added
[   68.055297][ T8908] device hsr_slave_0 entered promiscuous mode
[   68.123161][ T8908] device hsr_slave_1 entered promiscuous mode
[   68.213867][ T8908] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   68.254860][ T8908] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   68.314805][ T8908] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   68.365579][ T8908] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   68.422184][ T8908] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.429358][ T8908] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.437049][ T8908] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.444235][ T8908] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.477969][ T8908] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.490707][   T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   68.510566][   T47] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.530102][   T47] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.538281][   T47] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   68.550291][ T8908] 8021q: adding VLAN 0 to HW filter on device team0
[   68.560103][ T2921] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   68.568722][ T2921] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.575815][ T2921] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.596251][ T8910] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   68.605328][ T8910] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.612368][ T8910] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.620495][ T8910] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   68.630514][ T8910] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   68.640318][   T47] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   68.650235][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   68.661131][ T8908] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   68.672594][ T8908] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
executing program
[   68.681229][ T2921] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   68.698975][ T8908] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.707978][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   68.715800][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   68.819288][ T8913] ==================================================================
[   68.827620][ T8913] BUG: KASAN: slab-out-of-bounds in pipe_write+0xe30/0x1000
[   68.834898][ T8913] Write of size 8 at addr ffff8880a019e828 by task syz-executor074/8913
[   68.843206][ T8913] 
[   68.845523][ T8913] CPU: 1 PID: 8913 Comm: syz-executor074 Not tainted 5.4.0-syzkaller #0
[   68.853824][ T8913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.863864][ T8913] Call Trace:
[   68.867143][ T8913]  dump_stack+0x197/0x210
[   68.871457][ T8913]  ? pipe_write+0xe30/0x1000
[   68.876035][ T8913]  print_address_description.constprop.0.cold+0xd4/0x30b
[   68.883048][ T8913]  ? pipe_write+0xe30/0x1000
[   68.887619][ T8913]  ? pipe_write+0xe30/0x1000
[   68.892194][ T8913]  __kasan_report.cold+0x1b/0x41
[   68.897114][ T8913]  ? pipe_write+0xd51/0x1000
[   68.901687][ T8913]  ? pipe_write+0xe30/0x1000
[   68.906260][ T8913]  kasan_report+0x12/0x20
[   68.910661][ T8913]  __asan_report_store8_noabort+0x17/0x20
[   68.916370][ T8913]  pipe_write+0xe30/0x1000
[   68.920777][ T8913]  new_sync_write+0x4d3/0x770
[   68.925437][ T8913]  ? new_sync_read+0x800/0x800
[   68.930190][ T8913]  ? __fget+0x37f/0x550
[   68.934332][ T8913]  ? apparmor_file_permission+0x25/0x30
[   68.939860][ T8913]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   68.946093][ T8913]  ? security_file_permission+0x8f/0x380
[   68.951707][ T8913]  __vfs_write+0xe1/0x110
[   68.956017][ T8913]  vfs_write+0x268/0x5d0
[   68.960255][ T8913]  ksys_write+0x220/0x290
[   68.964565][ T8913]  ? __ia32_sys_read+0xb0/0xb0
[   68.969310][ T8913]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   68.974757][ T8913]  ? do_fast_syscall_32+0xd1/0xe16
[   68.979852][ T8913]  ? entry_SYSENTER_compat+0x70/0x7f
[   68.985115][ T8913]  ? do_fast_syscall_32+0xd1/0xe16
[   68.990210][ T8913]  __ia32_sys_write+0x71/0xb0
[   68.994872][ T8913]  do_fast_syscall_32+0x27b/0xe16
[   68.999881][ T8913]  entry_SYSENTER_compat+0x70/0x7f
[   69.004982][ T8913] RIP: 0023:0xf7f08a39
[   69.009035][ T8913] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   69.028621][ T8913] RSP: 002b:00000000f7f0412c EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[   69.037014][ T8913] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200001c0
[   69.044965][ T8913] RDX: 00000000fffffef3 RSI: 0000000000000000 RDI: 0000000000000000
[   69.052919][ T8913] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   69.060868][ T8913] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   69.068818][ T8913] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   69.076789][ T8913] 
[   69.079098][ T8913] Allocated by task 8915:
[   69.083410][ T8913]  save_stack+0x23/0x90
[   69.087546][ T8913]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   69.093157][ T8913]  kasan_kmalloc+0x9/0x10
[   69.097470][ T8913]  __kmalloc+0x163/0x770
[   69.101691][ T8913]  pipe_fcntl+0x3f7/0x8e0
[   69.106001][ T8913]  do_fcntl+0x255/0x1030
[   69.110239][ T8913]  do_compat_fcntl64+0x387/0x540
[   69.115155][ T8913]  __ia32_compat_sys_fcntl64+0x73/0xb0
[   69.120596][ T8913]  do_fast_syscall_32+0x27b/0xe16
[   69.125598][ T8913]  entry_SYSENTER_compat+0x70/0x7f
[   69.130693][ T8913] 
[   69.133045][ T8913] Freed by task 8664:
[   69.137027][ T8913]  save_stack+0x23/0x90
[   69.141172][ T8913]  __kasan_slab_free+0x102/0x150
[   69.146155][ T8913]  kasan_slab_free+0xe/0x10
[   69.150648][ T8913]  kfree+0x10a/0x2c0
[   69.154527][ T8913]  tomoyo_path_perm+0x24e/0x430
[   69.159367][ T8913]  tomoyo_inode_getattr+0x1d/0x30
[   69.164379][ T8913]  security_inode_getattr+0xf2/0x150
[   69.169663][ T8913]  vfs_getattr+0x25/0x70
[   69.173892][ T8913]  vfs_statx_fd+0x71/0xc0
[   69.178207][ T8913]  __do_sys_newfstat+0x9b/0x120
[   69.183039][ T8913]  __x64_sys_newfstat+0x54/0x80
[   69.187891][ T8913]  do_syscall_64+0xfa/0x790
[   69.192382][ T8913]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   69.198248][ T8913] 
[   69.200561][ T8913] The buggy address belongs to the object at ffff8880a019e800
[   69.200561][ T8913]  which belongs to the cache kmalloc-64 of size 64
[   69.214422][ T8913] The buggy address is located 40 bytes inside of
[   69.214422][ T8913]  64-byte region [ffff8880a019e800, ffff8880a019e840)
[   69.227495][ T8913] The buggy address belongs to the page:
[   69.233110][ T8913] page:ffffea0002806780 refcount:1 mapcount:0 mapping:ffff8880aa400380 index:0x0
[   69.242199][ T8913] raw: 00fffe0000000200 ffffea00027e0f88 ffffea0002629bc8 ffff8880aa400380
[   69.250765][ T8913] raw: 0000000000000000 ffff8880a019e000 0000000100000020 0000000000000000
[   69.259324][ T8913] page dumped because: kasan: bad access detected
[   69.265709][ T8913] 
[   69.268013][ T8913] Memory state around the buggy address:
[   69.273628][ T8913]  ffff8880a019e700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   69.281680][ T8913]  ffff8880a019e780: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc
[   69.289726][ T8913] >ffff8880a019e800: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[   69.297777][ T8913]                                   ^
[   69.303136][ T8913]  ffff8880a019e880: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   69.311180][ T8913]  ffff8880a019e900: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   69.319217][ T8913] ==================================================================
[   69.327256][ T8913] Disabling lock debugging due to kernel taint
[   69.337792][ T8913] Kernel panic - not syncing: panic_on_warn set ...
[   69.344398][ T8913] CPU: 1 PID: 8913 Comm: syz-executor074 Tainted: G    B             5.4.0-syzkaller #0
[   69.354135][ T8913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.364161][ T8913] Call Trace:
[   69.367427][ T8913]  dump_stack+0x197/0x210
[   69.371734][ T8913]  panic+0x2e3/0x75c
[   69.375607][ T8913]  ? add_taint.cold+0x16/0x16
[   69.380257][ T8913]  ? pipe_write+0xe30/0x1000
[   69.384825][ T8913]  ? preempt_schedule+0x4b/0x60
[   69.389650][ T8913]  ? ___preempt_schedule+0x16/0x18
[   69.394737][ T8913]  ? trace_hardirqs_on+0x5e/0x240
[   69.399748][ T8913]  ? pipe_write+0xe30/0x1000
[   69.404316][ T8913]  end_report+0x47/0x4f
[   69.408446][ T8913]  ? pipe_write+0xe30/0x1000
[   69.413011][ T8913]  __kasan_report.cold+0xe/0x41
[   69.417837][ T8913]  ? pipe_write+0xd51/0x1000
[   69.422399][ T8913]  ? pipe_write+0xe30/0x1000
[   69.426973][ T8913]  kasan_report+0x12/0x20
[   69.431624][ T8913]  __asan_report_store8_noabort+0x17/0x20
[   69.437316][ T8913]  pipe_write+0xe30/0x1000
[   69.441710][ T8913]  new_sync_write+0x4d3/0x770
[   69.446359][ T8913]  ? new_sync_read+0x800/0x800
[   69.451097][ T8913]  ? __fget+0x37f/0x550
[   69.455230][ T8913]  ? apparmor_file_permission+0x25/0x30
[   69.460756][ T8913]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   69.466968][ T8913]  ? security_file_permission+0x8f/0x380
[   69.472580][ T8913]  __vfs_write+0xe1/0x110
[   69.477058][ T8913]  vfs_write+0x268/0x5d0
[   69.481271][ T8913]  ksys_write+0x220/0x290
[   69.485577][ T8913]  ? __ia32_sys_read+0xb0/0xb0
[   69.490318][ T8913]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   69.495750][ T8913]  ? do_fast_syscall_32+0xd1/0xe16
[   69.500832][ T8913]  ? entry_SYSENTER_compat+0x70/0x7f
[   69.506089][ T8913]  ? do_fast_syscall_32+0xd1/0xe16
[   69.511172][ T8913]  __ia32_sys_write+0x71/0xb0
[   69.515823][ T8913]  do_fast_syscall_32+0x27b/0xe16
[   69.520833][ T8913]  entry_SYSENTER_compat+0x70/0x7f
[   69.525916][ T8913] RIP: 0023:0xf7f08a39
[   69.529957][ T8913] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   69.549536][ T8913] RSP: 002b:00000000f7f0412c EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[   69.557941][ T8913] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200001c0
[   69.565898][ T8913] RDX: 00000000fffffef3 RSI: 0000000000000000 RDI: 0000000000000000
[   69.573842][ T8913] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   69.581793][ T8913] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   69.589736][ T8913] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   69.599135][ T8913] Kernel Offset: disabled
[   69.603458][ T8913] Rebooting in 86400 seconds..