[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   66.614424][   T26] audit: type=1800 audit(1558055850.816:25): pid=8946 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   66.659179][   T26] audit: type=1800 audit(1558055850.826:26): pid=8946 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   66.699428][   T26] audit: type=1800 audit(1558055850.826:27): pid=8946 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.131' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   76.910572][ T9101] ==================================================================
[   76.918687][ T9101] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x3ba2/0x5490
[   76.926510][ T9101] Read of size 8 at addr ffff888216654a40 by task syz-executor183/9101
[   76.934760][ T9101] 
[   76.937083][ T9101] CPU: 0 PID: 9101 Comm: syz-executor183 Not tainted 5.1.0+ #17
[   76.944707][ T9101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   76.954846][ T9101] Call Trace:
[   76.958149][ T9101]  dump_stack+0x172/0x1f0
[   76.962479][ T9101]  ? __lock_acquire+0x3ba2/0x5490
[   76.967501][ T9101]  print_address_description.cold+0x7c/0x20d
[   76.973482][ T9101]  ? __lock_acquire+0x3ba2/0x5490
[   76.978612][ T9101]  ? __lock_acquire+0x3ba2/0x5490
[   76.983640][ T9101]  __kasan_report.cold+0x1b/0x40
[   76.988580][ T9101]  ? __lock_acquire+0x3ba2/0x5490
[   76.993621][ T9101]  kasan_report+0x12/0x20
[   76.997973][ T9101]  __asan_report_load8_noabort+0x14/0x20
[   77.003606][ T9101]  __lock_acquire+0x3ba2/0x5490
[   77.008453][ T9101]  ? sock_diag_rcv+0x2b/0x40
[   77.013310][ T9101]  ? netlink_unicast+0x536/0x720
[   77.018250][ T9101]  ? netlink_sendmsg+0x8ae/0xd70
[   77.023190][ T9101]  ? sock_sendmsg+0x12e/0x170
[   77.027872][ T9101]  ? ___sys_sendmsg+0x81d/0x960
[   77.032719][ T9101]  ? __sys_sendmsg+0x105/0x1d0
[   77.037477][ T9101]  ? __x64_sys_sendmsg+0x78/0xb0
[   77.042422][ T9101]  ? do_syscall_64+0x103/0x680
[   77.047181][ T9101]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   77.053268][ T9101]  ? mark_held_locks+0xf0/0xf0
[   77.058049][ T9101]  ? mark_held_locks+0xf0/0xf0
[   77.062810][ T9101]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   77.068474][ T9101]  ? find_held_lock+0x35/0x130
[   77.073242][ T9101]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   77.078872][ T9101]  lock_acquire+0x16f/0x3f0
[   77.083371][ T9101]  ? rhashtable_walk_enter+0xf9/0x390
[   77.088741][ T9101]  _raw_spin_lock+0x2f/0x40
[   77.093267][ T9101]  ? rhashtable_walk_enter+0xf9/0x390
[   77.098644][ T9101]  rhashtable_walk_enter+0xf9/0x390
[   77.103858][ T9101]  __tipc_dump_start+0x1fa/0x3c0
[   77.108794][ T9101]  tipc_dump_start+0x70/0x90
[   77.113382][ T9101]  __netlink_dump_start+0x4fb/0x7e0
[   77.118579][ T9101]  ? __tipc_dump_start+0x3c0/0x3c0
[   77.123696][ T9101]  tipc_sock_diag_handler_dump+0x1d9/0x270
[   77.129556][ T9101]  ? __tipc_diag_gen_cookie+0x90/0x90
[   77.134949][ T9101]  ? sock_diag_rcv+0x1c/0x40
[   77.139544][ T9101]  ? __tipc_dump_start+0x3c0/0x3c0
[   77.144652][ T9101]  ? tipc_unregister_sysctl+0x20/0x20
[   77.150018][ T9101]  ? tipc_ioctl+0x2e0/0x2e0
[   77.154540][ T9101]  sock_diag_rcv_msg+0x322/0x410
[   77.159479][ T9101]  netlink_rcv_skb+0x17a/0x460
[   77.164239][ T9101]  ? sock_diag_bind+0x80/0x80
[   77.168917][ T9101]  ? netlink_ack+0xb50/0xb50
[   77.173522][ T9101]  ? kasan_check_read+0x11/0x20
[   77.181314][ T9101]  ? netlink_deliver_tap+0x254/0xc00
[   77.186623][ T9101]  sock_diag_rcv+0x2b/0x40
[   77.191052][ T9101]  netlink_unicast+0x536/0x720
[   77.195826][ T9101]  ? netlink_attachskb+0x770/0x770
[   77.200938][ T9101]  ? _copy_from_iter_full+0x25d/0x8c0
[   77.206316][ T9101]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   77.212039][ T9101]  ? __check_object_size+0x3d/0x42f
[   77.217249][ T9101]  netlink_sendmsg+0x8ae/0xd70
[   77.222016][ T9101]  ? netlink_unicast+0x720/0x720
[   77.226949][ T9101]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   77.232504][ T9101]  ? apparmor_socket_sendmsg+0x2a/0x30
[   77.237963][ T9101]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   77.244209][ T9101]  ? security_socket_sendmsg+0x93/0xc0
[   77.249694][ T9101]  ? netlink_unicast+0x720/0x720
[   77.254630][ T9101]  sock_sendmsg+0x12e/0x170
[   77.259129][ T9101]  ___sys_sendmsg+0x81d/0x960
[   77.263815][ T9101]  ? copy_msghdr_from_user+0x430/0x430
[   77.269306][ T9101]  ? prep_transhuge_page+0xa0/0xa0
[   77.274426][ T9101]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   77.280678][ T9101]  ? __handle_mm_fault+0x7cd/0x3ec0
[   77.285876][ T9101]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   77.292113][ T9101]  ? __fget_light+0x1a9/0x230
[   77.296790][ T9101]  ? __fdget+0x1b/0x20
[   77.300867][ T9101]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   77.307123][ T9101]  __sys_sendmsg+0x105/0x1d0
[   77.311725][ T9101]  ? __ia32_sys_shutdown+0x80/0x80
[   77.316833][ T9101]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   77.322284][ T9101]  ? do_syscall_64+0x26/0x680
[   77.326969][ T9101]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   77.333055][ T9101]  ? do_syscall_64+0x26/0x680
[   77.337734][ T9101]  __x64_sys_sendmsg+0x78/0xb0
[   77.351519][ T9101]  do_syscall_64+0x103/0x680
[   77.356115][ T9101]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   77.362023][ T9101] RIP: 0033:0x4401f9
[   77.365928][ T9101] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   77.385531][ T9101] RSP: 002b:00007ffd53076658 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   77.393964][ T9101] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401f9
[   77.401932][ T9101] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[   77.409914][ T9101] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   77.417882][ T9101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a80
[   77.425876][ T9101] R13: 0000000000401b10 R14: 0000000000000000 R15: 0000000000000000
[   77.433849][ T9101] 
[   77.436176][ T9101] Allocated by task 1:
[   77.440234][ T9101]  save_stack+0x23/0x90
[   77.444374][ T9101]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   77.449991][ T9101]  kasan_slab_alloc+0xf/0x20
[   77.454573][ T9101]  kmem_cache_alloc+0x11a/0x6f0
[   77.459420][ T9101]  __kernfs_new_node+0xf0/0x6c0
[   77.464307][ T9101]  kernfs_new_node+0x96/0x120
[   77.468994][ T9101]  __kernfs_create_file+0x51/0x340
[   77.474113][ T9101]  sysfs_add_file_mode_ns+0x222/0x560
[   77.479478][ T9101]  internal_create_group+0x35b/0xc40
[   77.484755][ T9101]  sysfs_create_groups+0x9b/0x141
[   77.489771][ T9101]  device_add+0x1356/0x17a0
[   77.494267][ T9101]  netdev_register_kobject+0x183/0x3b0
[   77.499724][ T9101]  register_netdevice+0x878/0xff0
[   77.505937][ T9101]  register_netdev+0x30/0x50
[   77.510529][ T9101]  nr_proto_init+0x274/0x65f
[   77.515113][ T9101]  do_one_initcall+0x109/0x7ca
[   77.519903][ T9101]  kernel_init_freeable+0x4da/0x5c9
[   77.525109][ T9101]  kernel_init+0x12/0x1c5
[   77.529444][ T9101]  ret_from_fork+0x3a/0x50
[   77.533861][ T9101] 
[   77.536182][ T9101] Freed by task 0:
[   77.539881][ T9101] (stack is not available)
[   77.544284][ T9101] 
[   77.546614][ T9101] The buggy address belongs to the object at ffff8882166549a0
[   77.546614][ T9101]  which belongs to the cache kernfs_node_cache of size 160
[   77.561199][ T9101] The buggy address is located 0 bytes to the right of
[   77.561199][ T9101]  160-byte region [ffff8882166549a0, ffff888216654a40)
[   77.574812][ T9101] The buggy address belongs to the page:
[   77.580444][ T9101] page:ffffea0008599500 count:1 mapcount:0 mapping:ffff88821bc45500 index:0xffff888216654fee
[   77.590589][ T9101] flags: 0x6fffc0000000200(slab)
[   77.595518][ T9101] raw: 06fffc0000000200 ffffea0008599488 ffffea0008599548 ffff88821bc45500
[   77.604095][ T9101] raw: ffff888216654fee ffff888216654000 0000000100000012 0000000000000000
[   77.612667][ T9101] page dumped because: kasan: bad access detected
[   77.619070][ T9101] 
[   77.621389][ T9101] Memory state around the buggy address:
[   77.627019][ T9101]  ffff888216654900: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   77.635079][ T9101]  ffff888216654980: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00
[   77.643139][ T9101] >ffff888216654a00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   77.651192][ T9101]                                            ^
[   77.657346][ T9101]  ffff888216654a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   77.665396][ T9101]  ffff888216654b00: 00 00 00 00 fc fc fc fc fc fc fc fc 00 00 00 00
[   77.673448][ T9101] ==================================================================
[   77.681509][ T9101] Disabling lock debugging due to kernel taint
[   77.687674][ T9101] Kernel panic - not syncing: panic_on_warn set ...
[   77.694261][ T9101] CPU: 0 PID: 9101 Comm: syz-executor183 Tainted: G    B             5.1.0+ #17
[   77.703298][ T9101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   77.713368][ T9101] Call Trace:
[   77.716698][ T9101]  dump_stack+0x172/0x1f0
[   77.721027][ T9101]  panic+0x2cb/0x65c
[   77.724918][ T9101]  ? __warn_printk+0xf3/0xf3
[   77.729504][ T9101]  ? lock_downgrade+0x880/0x880
[   77.734363][ T9101]  ? __lock_acquire+0x3ba2/0x5490
[   77.739392][ T9101]  ? trace_hardirqs_off+0x62/0x220
[   77.744521][ T9101]  ? trace_hardirqs_off+0x59/0x220
[   77.749626][ T9101]  ? __lock_acquire+0x3ba2/0x5490
[   77.754639][ T9101]  end_report+0x47/0x4f
[   77.758798][ T9101]  ? __lock_acquire+0x3ba2/0x5490
[   77.763831][ T9101]  __kasan_report.cold+0xe/0x40
[   77.768736][ T9101]  ? __lock_acquire+0x3ba2/0x5490
[   77.774220][ T9101]  kasan_report+0x12/0x20
[   77.778546][ T9101]  __asan_report_load8_noabort+0x14/0x20
[   77.784201][ T9101]  __lock_acquire+0x3ba2/0x5490
[   77.789055][ T9101]  ? sock_diag_rcv+0x2b/0x40
[   77.793647][ T9101]  ? netlink_unicast+0x536/0x720
[   77.798576][ T9101]  ? netlink_sendmsg+0x8ae/0xd70
[   77.803514][ T9101]  ? sock_sendmsg+0x12e/0x170
[   77.808184][ T9101]  ? ___sys_sendmsg+0x81d/0x960
[   77.813032][ T9101]  ? __sys_sendmsg+0x105/0x1d0
[   77.817790][ T9101]  ? __x64_sys_sendmsg+0x78/0xb0
[   77.822722][ T9101]  ? do_syscall_64+0x103/0x680
[   77.827488][ T9101]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   77.833558][ T9101]  ? mark_held_locks+0xf0/0xf0
[   77.838336][ T9101]  ? mark_held_locks+0xf0/0xf0
[   77.843093][ T9101]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   77.848721][ T9101]  ? find_held_lock+0x35/0x130
[   77.853503][ T9101]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   77.859139][ T9101]  lock_acquire+0x16f/0x3f0
[   77.863634][ T9101]  ? rhashtable_walk_enter+0xf9/0x390
[   77.869032][ T9101]  _raw_spin_lock+0x2f/0x40
[   77.873544][ T9101]  ? rhashtable_walk_enter+0xf9/0x390
[   77.878919][ T9101]  rhashtable_walk_enter+0xf9/0x390
[   77.884133][ T9101]  __tipc_dump_start+0x1fa/0x3c0
[   77.889077][ T9101]  tipc_dump_start+0x70/0x90
[   77.893686][ T9101]  __netlink_dump_start+0x4fb/0x7e0
[   77.898896][ T9101]  ? __tipc_dump_start+0x3c0/0x3c0
[   77.904014][ T9101]  tipc_sock_diag_handler_dump+0x1d9/0x270
[   77.909833][ T9101]  ? __tipc_diag_gen_cookie+0x90/0x90
[   77.915232][ T9101]  ? sock_diag_rcv+0x1c/0x40
[   77.919816][ T9101]  ? __tipc_dump_start+0x3c0/0x3c0
[   77.924923][ T9101]  ? tipc_unregister_sysctl+0x20/0x20
[   77.930298][ T9101]  ? tipc_ioctl+0x2e0/0x2e0
[   77.934823][ T9101]  sock_diag_rcv_msg+0x322/0x410
[   77.939758][ T9101]  netlink_rcv_skb+0x17a/0x460
[   77.944520][ T9101]  ? sock_diag_bind+0x80/0x80
[   77.949194][ T9101]  ? netlink_ack+0xb50/0xb50
[   77.953795][ T9101]  ? kasan_check_read+0x11/0x20
[   77.958651][ T9101]  ? netlink_deliver_tap+0x254/0xc00
[   77.963939][ T9101]  sock_diag_rcv+0x2b/0x40
[   77.968341][ T9101]  netlink_unicast+0x536/0x720
[   77.973094][ T9101]  ? netlink_attachskb+0x770/0x770
[   77.978192][ T9101]  ? _copy_from_iter_full+0x25d/0x8c0
[   77.983557][ T9101]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   77.989299][ T9101]  ? __check_object_size+0x3d/0x42f
[   77.994507][ T9101]  netlink_sendmsg+0x8ae/0xd70
[   77.999267][ T9101]  ? netlink_unicast+0x720/0x720
[   78.004203][ T9101]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   78.009756][ T9101]  ? apparmor_socket_sendmsg+0x2a/0x30
[   78.015228][ T9101]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.021472][ T9101]  ? security_socket_sendmsg+0x93/0xc0
[   78.026926][ T9101]  ? netlink_unicast+0x720/0x720
[   78.031872][ T9101]  sock_sendmsg+0x12e/0x170
[   78.036373][ T9101]  ___sys_sendmsg+0x81d/0x960
[   78.041041][ T9101]  ? copy_msghdr_from_user+0x430/0x430
[   78.046516][ T9101]  ? prep_transhuge_page+0xa0/0xa0
[   78.051633][ T9101]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.057866][ T9101]  ? __handle_mm_fault+0x7cd/0x3ec0
[   78.063085][ T9101]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.069332][ T9101]  ? __fget_light+0x1a9/0x230
[   78.074018][ T9101]  ? __fdget+0x1b/0x20
[   78.078084][ T9101]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   78.084328][ T9101]  __sys_sendmsg+0x105/0x1d0
[   78.088927][ T9101]  ? __ia32_sys_shutdown+0x80/0x80
[   78.094057][ T9101]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   78.099545][ T9101]  ? do_syscall_64+0x26/0x680
[   78.104229][ T9101]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   78.110305][ T9101]  ? do_syscall_64+0x26/0x680
[   78.114983][ T9101]  __x64_sys_sendmsg+0x78/0xb0
[   78.119744][ T9101]  do_syscall_64+0x103/0x680
[   78.124346][ T9101]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   78.130239][ T9101] RIP: 0033:0x4401f9
[   78.134152][ T9101] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   78.153754][ T9101] RSP: 002b:00007ffd53076658 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   78.162162][ T9101] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401f9
[   78.170128][ T9101] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[   78.178094][ T9101] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   78.186062][ T9101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a80
[   78.194031][ T9101] R13: 0000000000401b10 R14: 0000000000000000 R15: 0000000000000000
[   78.203175][ T9101] Kernel Offset: disabled
[   78.207609][ T9101] Rebooting in 86400 seconds..