[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 59.169070][ T23] audit: type=1800 audit(1575285670.593:25): pid=8868 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 59.193426][ T23] audit: type=1800 audit(1575285670.593:26): pid=8868 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 59.224683][ T23] audit: type=1800 audit(1575285670.603:27): pid=8868 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.217' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 80.990229][ T9021] ================================================================== [ 80.998605][ T9021] BUG: KASAN: slab-out-of-bounds in pipe_write+0xe30/0x1000 [ 81.005868][ T9021] Write of size 8 at addr ffff88809790eaa8 by task syz-executor479/9021 [ 81.014170][ T9021] [ 81.016498][ T9021] CPU: 0 PID: 9021 Comm: syz-executor479 Not tainted 5.4.0-syzkaller #0 [ 81.024797][ T9021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.034831][ T9021] Call Trace: [ 81.038104][ T9021] dump_stack+0x197/0x210 [ 81.042413][ T9021] ? pipe_write+0xe30/0x1000 [ 81.046986][ T9021] print_address_description.constprop.0.cold+0xd4/0x30b [ 81.054109][ T9021] ? pipe_write+0xe30/0x1000 [ 81.058684][ T9021] ? pipe_write+0xe30/0x1000 [ 81.063273][ T9021] __kasan_report.cold+0x1b/0x41 [ 81.068206][ T9021] ? pipe_write+0xe30/0x1000 [ 81.072788][ T9021] kasan_report+0x12/0x20 [ 81.077104][ T9021] __asan_report_store8_noabort+0x17/0x20 [ 81.082824][ T9021] pipe_write+0xe30/0x1000 [ 81.087229][ T9021] new_sync_write+0x4d3/0x770 [ 81.091887][ T9021] ? new_sync_read+0x800/0x800 [ 81.096635][ T9021] ? __fget+0x37f/0x550 [ 81.100802][ T9021] ? apparmor_file_permission+0x25/0x30 [ 81.106350][ T9021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.112589][ T9021] ? security_file_permission+0x8f/0x380 [ 81.118219][ T9021] __vfs_write+0xe1/0x110 [ 81.122537][ T9021] vfs_write+0x268/0x5d0 [ 81.126776][ T9021] ksys_write+0x220/0x290 [ 81.131121][ T9021] ? __ia32_sys_read+0xb0/0xb0 [ 81.135878][ T9021] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 81.141331][ T9021] ? do_fast_syscall_32+0xd1/0xe16 [ 81.146419][ T9021] ? entry_SYSENTER_compat+0x70/0x7f [ 81.151688][ T9021] ? do_fast_syscall_32+0xd1/0xe16 [ 81.156797][ T9021] __ia32_sys_write+0x71/0xb0 [ 81.162238][ T9021] do_fast_syscall_32+0x27b/0xe16 [ 81.167244][ T9021] entry_SYSENTER_compat+0x70/0x7f [ 81.172333][ T9021] RIP: 0023:0xf7f17a39 [ 81.176390][ T9021] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 81.195980][ T9021] RSP: 002b:00000000f7f1312c EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 81.204394][ T9021] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200001c0 [ 81.212343][ T9021] RDX: 00000000fffffef3 RSI: 0000000000000000 RDI: 0000000000000000 [ 81.220305][ T9021] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 81.228253][ T9021] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 81.236203][ T9021] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 81.244171][ T9021] [ 81.246486][ T9021] Allocated by task 9023: [ 81.250806][ T9021] save_stack+0x23/0x90 [ 81.254939][ T9021] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 81.260546][ T9021] kasan_kmalloc+0x9/0x10 [ 81.264861][ T9021] __kmalloc+0x163/0x770 [ 81.269086][ T9021] pipe_fcntl+0x3f7/0x8e0 [ 81.273536][ T9021] do_fcntl+0x255/0x1030 [ 81.277759][ T9021] do_compat_fcntl64+0x387/0x540 [ 81.282682][ T9021] __ia32_compat_sys_fcntl64+0x73/0xb0 [ 81.288244][ T9021] do_fast_syscall_32+0x27b/0xe16 [ 81.293248][ T9021] entry_SYSENTER_compat+0x70/0x7f [ 81.298330][ T9021] [ 81.300641][ T9021] Freed by task 0: [ 81.304332][ T9021] (stack is not available) [ 81.308717][ T9021] [ 81.311023][ T9021] The buggy address belongs to the object at ffff88809790ea80 [ 81.311023][ T9021] which belongs to the cache kmalloc-64 of size 64 [ 81.324881][ T9021] The buggy address is located 40 bytes inside of [ 81.324881][ T9021] 64-byte region [ffff88809790ea80, ffff88809790eac0) [ 81.337952][ T9021] The buggy address belongs to the page: [ 81.343662][ T9021] page:ffffea00025e4380 refcount:1 mapcount:0 mapping:ffff8880aa400380 index:0x0 [ 81.352749][ T9021] raw: 00fffe0000000200 ffffea00029d0c48 ffff8880aa401348 ffff8880aa400380 [ 81.361326][ T9021] raw: 0000000000000000 ffff88809790e000 0000000100000020 0000000000000000 [ 81.369914][ T9021] page dumped because: kasan: bad access detected [ 81.376309][ T9021] [ 81.378613][ T9021] Memory state around the buggy address: [ 81.384221][ T9021] ffff88809790e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.392257][ T9021] ffff88809790ea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.400294][ T9021] >ffff88809790ea80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 81.408336][ T9021] ^ [ 81.413684][ T9021] ffff88809790eb00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 81.421721][ T9021] ffff88809790eb80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 81.429755][ T9021] ================================================================== [ 81.437791][ T9021] Disabling lock debugging due to kernel taint [ 81.444585][ T9021] Kernel panic - not syncing: panic_on_warn set ... [ 81.451179][ T9021] CPU: 0 PID: 9021 Comm: syz-executor479 Tainted: G B 5.4.0-syzkaller #0 [ 81.460864][ T9021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.470913][ T9021] Call Trace: [ 81.474185][ T9021] dump_stack+0x197/0x210 [ 81.478494][ T9021] panic+0x2e3/0x75c [ 81.482450][ T9021] ? add_taint.cold+0x16/0x16 [ 81.487103][ T9021] ? pipe_write+0xe30/0x1000 [ 81.491688][ T9021] ? preempt_schedule+0x4b/0x60 [ 81.496515][ T9021] ? ___preempt_schedule+0x16/0x18 [ 81.501601][ T9021] ? trace_hardirqs_on+0x5e/0x240 [ 81.506621][ T9021] ? pipe_write+0xe30/0x1000 [ 81.511185][ T9021] end_report+0x47/0x4f [ 81.515331][ T9021] ? pipe_write+0xe30/0x1000 [ 81.519907][ T9021] __kasan_report.cold+0xe/0x41 [ 81.524853][ T9021] ? pipe_write+0xe30/0x1000 [ 81.529430][ T9021] kasan_report+0x12/0x20 [ 81.533746][ T9021] __asan_report_store8_noabort+0x17/0x20 [ 81.539448][ T9021] pipe_write+0xe30/0x1000 [ 81.543848][ T9021] new_sync_write+0x4d3/0x770 [ 81.548501][ T9021] ? new_sync_read+0x800/0x800 [ 81.553252][ T9021] ? __fget+0x37f/0x550 [ 81.557402][ T9021] ? apparmor_file_permission+0x25/0x30 [ 81.562946][ T9021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.569200][ T9021] ? security_file_permission+0x8f/0x380 [ 81.574834][ T9021] __vfs_write+0xe1/0x110 [ 81.579144][ T9021] vfs_write+0x268/0x5d0 [ 81.583370][ T9021] ksys_write+0x220/0x290 [ 81.587689][ T9021] ? __ia32_sys_read+0xb0/0xb0 [ 81.592433][ T9021] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 81.597886][ T9021] ? do_fast_syscall_32+0xd1/0xe16 [ 81.602973][ T9021] ? entry_SYSENTER_compat+0x70/0x7f [ 81.608248][ T9021] ? do_fast_syscall_32+0xd1/0xe16 [ 81.613344][ T9021] __ia32_sys_write+0x71/0xb0 [ 81.618000][ T9021] do_fast_syscall_32+0x27b/0xe16 [ 81.623045][ T9021] entry_SYSENTER_compat+0x70/0x7f [ 81.628144][ T9021] RIP: 0023:0xf7f17a39 [ 81.632198][ T9021] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 81.652097][ T9021] RSP: 002b:00000000f7f1312c EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 81.660490][ T9021] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200001c0 [ 81.668444][ T9021] RDX: 00000000fffffef3 RSI: 0000000000000000 RDI: 0000000000000000 [ 81.676394][ T9021] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 81.684358][ T9021] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 81.692308][ T9021] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 81.701758][ T9021] Kernel Offset: disabled [ 81.706091][ T9021] Rebooting in 86400 seconds..