[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   63.720449][   T26] audit: type=1800 audit(1558391078.645:25): pid=8806 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   63.761303][   T26] audit: type=1800 audit(1558391078.655:26): pid=8806 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   63.802405][   T26] audit: type=1800 audit(1558391078.655:27): pid=8806 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.86' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   85.623751][ T8959] ==================================================================
[   85.632200][ T8959] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x3ba2/0x5490
[   85.640048][ T8959] Read of size 8 at addr ffff88809b8512c0 by task syz-executor304/8959
[   85.648397][ T8959] 
[   85.650881][ T8959] CPU: 0 PID: 8959 Comm: syz-executor304 Not tainted 5.2.0-rc1+ #20
[   85.659069][ T8959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   85.669643][ T8959] Call Trace:
[   85.672993][ T8959]  dump_stack+0x172/0x1f0
[   85.677475][ T8959]  ? __lock_acquire+0x3ba2/0x5490
[   85.682507][ T8959]  print_address_description.cold+0x7c/0x20d
[   85.689334][ T8959]  ? __lock_acquire+0x3ba2/0x5490
[   85.694360][ T8959]  ? __lock_acquire+0x3ba2/0x5490
[   85.699443][ T8959]  __kasan_report.cold+0x1b/0x40
[   85.704676][ T8959]  ? __lock_acquire+0x3ba2/0x5490
[   85.709894][ T8959]  kasan_report+0x12/0x20
[   85.714522][ T8959]  __asan_report_load8_noabort+0x14/0x20
[   85.721420][ T8959]  __lock_acquire+0x3ba2/0x5490
[   85.726376][ T8959]  ? sock_diag_rcv+0x2b/0x40
[   85.731259][ T8959]  ? netlink_unicast+0x531/0x710
[   85.736763][ T8959]  ? netlink_sendmsg+0x8ae/0xd70
[   85.741708][ T8959]  ? sock_sendmsg+0xd7/0x130
[   85.746403][ T8959]  ? ___sys_sendmsg+0x803/0x920
[   85.751439][ T8959]  ? __sys_sendmsg+0x105/0x1d0
[   85.756269][ T8959]  ? __x64_sys_sendmsg+0x78/0xb0
[   85.761298][ T8959]  ? do_syscall_64+0xfd/0x680
[   85.766345][ T8959]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   85.772574][ T8959]  ? mark_held_locks+0xf0/0xf0
[   85.777485][ T8959]  ? mark_held_locks+0xf0/0xf0
[   85.782446][ T8959]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   85.789041][ T8959]  ? find_held_lock+0x35/0x130
[   85.793979][ T8959]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   85.799738][ T8959]  lock_acquire+0x16f/0x3f0
[   85.804426][ T8959]  ? rhashtable_walk_enter+0xf9/0x390
[   85.809838][ T8959]  _raw_spin_lock+0x2f/0x40
[   85.814388][ T8959]  ? rhashtable_walk_enter+0xf9/0x390
[   85.819758][ T8959]  rhashtable_walk_enter+0xf9/0x390
[   85.824952][ T8959]  __tipc_dump_start+0x1fa/0x3c0
[   85.830051][ T8959]  tipc_dump_start+0x70/0x90
[   85.834639][ T8959]  __netlink_dump_start+0x4f8/0x7d0
[   85.839932][ T8959]  ? __tipc_dump_start+0x3c0/0x3c0
[   85.845039][ T8959]  tipc_sock_diag_handler_dump+0x1d9/0x270
[   85.851076][ T8959]  ? __tipc_diag_gen_cookie+0x90/0x90
[   85.856612][ T8959]  ? sock_diag_rcv+0x1c/0x40
[   85.861198][ T8959]  ? __tipc_dump_start+0x3c0/0x3c0
[   85.866503][ T8959]  ? tipc_unregister_sysctl+0x20/0x20
[   85.871932][ T8959]  ? tipc_ioctl+0x2e0/0x2e0
[   85.876446][ T8959]  sock_diag_rcv_msg+0x319/0x410
[   85.881455][ T8959]  netlink_rcv_skb+0x177/0x450
[   85.887373][ T8959]  ? sock_diag_bind+0x80/0x80
[   85.892418][ T8959]  ? netlink_ack+0xb50/0xb50
[   85.897005][ T8959]  ? kasan_check_read+0x11/0x20
[   85.901851][ T8959]  ? netlink_deliver_tap+0x254/0xbf0
[   85.907126][ T8959]  sock_diag_rcv+0x2b/0x40
[   85.911541][ T8959]  netlink_unicast+0x531/0x710
[   85.916671][ T8959]  ? netlink_attachskb+0x770/0x770
[   85.921908][ T8959]  ? _copy_from_iter_full+0x25d/0x8c0
[   85.927283][ T8959]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   85.933002][ T8959]  ? __check_object_size+0x3d/0x42f
[   85.938263][ T8959]  netlink_sendmsg+0x8ae/0xd70
[   85.943037][ T8959]  ? netlink_unicast+0x710/0x710
[   85.947980][ T8959]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   85.953545][ T8959]  ? apparmor_socket_sendmsg+0x2a/0x30
[   85.959185][ T8959]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   85.965423][ T8959]  ? security_socket_sendmsg+0x8d/0xc0
[   85.970879][ T8959]  ? netlink_unicast+0x710/0x710
[   85.975910][ T8959]  sock_sendmsg+0xd7/0x130
[   85.980421][ T8959]  ___sys_sendmsg+0x803/0x920
[   85.985108][ T8959]  ? copy_msghdr_from_user+0x430/0x430
[   85.990661][ T8959]  ? prep_transhuge_page+0xa0/0xa0
[   85.995836][ T8959]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.002401][ T8959]  ? __handle_mm_fault+0x7cb/0x3eb0
[   86.008131][ T8959]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.014373][ T8959]  ? __fget_light+0x1a9/0x230
[   86.019043][ T8959]  ? __fdget+0x1b/0x20
[   86.023277][ T8959]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   86.029576][ T8959]  __sys_sendmsg+0x105/0x1d0
[   86.034230][ T8959]  ? __ia32_sys_shutdown+0x80/0x80
[   86.039357][ T8959]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   86.044818][ T8959]  ? do_syscall_64+0x26/0x680
[   86.049558][ T8959]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.055630][ T8959]  ? do_syscall_64+0x26/0x680
[   86.060412][ T8959]  __x64_sys_sendmsg+0x78/0xb0
[   86.065559][ T8959]  do_syscall_64+0xfd/0x680
[   86.070087][ T8959]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.075980][ T8959] RIP: 0033:0x440219
[   86.079979][ T8959] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   86.100727][ T8959] RSP: 002b:00007ffc499b1f48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   86.109229][ T8959] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219
[   86.117205][ T8959] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[   86.125302][ T8959] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   86.133306][ T8959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0
[   86.141401][ T8959] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000
[   86.149731][ T8959] 
[   86.152053][ T8959] Allocated by task 5854:
[   86.156658][ T8959]  save_stack+0x23/0x90
[   86.161351][ T8959]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   86.167176][ T8959]  kasan_kmalloc+0x9/0x10
[   86.171760][ T8959]  __kmalloc+0x15c/0x740
[   86.175987][ T8959]  tomoyo_get_name+0x23e/0x490
[   86.180740][ T8959]  tomoyo_parse_name_union+0xc3/0x170
[   86.186644][ T8959]  tomoyo_write_file+0x4b1/0x750
[   86.191712][ T8959]  tomoyo_write_domain2+0x111/0x1d0
[   86.196966][ T8959]  tomoyo_supervisor+0xc0b/0xef0
[   86.201941][ T8959]  tomoyo_path_permission+0x263/0x360
[   86.207751][ T8959]  tomoyo_path_perm+0x31d/0x430
[   86.212595][ T8959]  tomoyo_inode_getattr+0x1d/0x30
[   86.217631][ T8959]  security_inode_getattr+0xf2/0x150
[   86.223034][ T8959]  vfs_getattr+0x25/0x70
[   86.227271][ T8959]  vfs_statx_fd+0x71/0xc0
[   86.231589][ T8959]  __do_sys_newfstat+0x9b/0x120
[   86.236439][ T8959]  __x64_sys_newfstat+0x54/0x80
[   86.241754][ T8959]  do_syscall_64+0xfd/0x680
[   86.246332][ T8959]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.252202][ T8959] 
[   86.254547][ T8959] Freed by task 4910:
[   86.258568][ T8959]  save_stack+0x23/0x90
[   86.263013][ T8959]  __kasan_slab_free+0x102/0x150
[   86.267944][ T8959]  kasan_slab_free+0xe/0x10
[   86.272442][ T8959]  kfree+0xcf/0x220
[   86.276254][ T8959]  tomoyo_path_perm+0x24e/0x430
[   86.281131][ T8959]  tomoyo_inode_getattr+0x1d/0x30
[   86.286198][ T8959]  security_inode_getattr+0xf2/0x150
[   86.291561][ T8959]  vfs_getattr+0x25/0x70
[   86.295792][ T8959]  vfs_statx_fd+0x71/0xc0
[   86.300111][ T8959]  __do_sys_newfstat+0x9b/0x120
[   86.305082][ T8959]  __x64_sys_newfstat+0x54/0x80
[   86.310109][ T8959]  do_syscall_64+0xfd/0x680
[   86.314704][ T8959]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.321030][ T8959] 
[   86.323402][ T8959] The buggy address belongs to the object at ffff88809b851280
[   86.323402][ T8959]  which belongs to the cache kmalloc-64 of size 64
[   86.337838][ T8959] The buggy address is located 0 bytes to the right of
[   86.337838][ T8959]  64-byte region [ffff88809b851280, ffff88809b8512c0)
[   86.352208][ T8959] The buggy address belongs to the page:
[   86.359023][ T8959] page:ffffea00026e1440 refcount:1 mapcount:0 mapping:ffff8880aa400340 index:0x0
[   86.368432][ T8959] flags: 0x1fffc0000000200(slab)
[   86.373367][ T8959] raw: 01fffc0000000200 ffffea00026d69c8 ffffea00026bb348 ffff8880aa400340
[   86.382166][ T8959] raw: 0000000000000000 ffff88809b851000 0000000100000020 0000000000000000
[   86.391098][ T8959] page dumped because: kasan: bad access detected
[   86.398337][ T8959] 
[   86.400653][ T8959] Memory state around the buggy address:
[   86.407171][ T8959]  ffff88809b851180: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   86.416739][ T8959]  ffff88809b851200: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   86.426023][ T8959] >ffff88809b851280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   86.434628][ T8959]                                            ^
[   86.440773][ T8959]  ffff88809b851300: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   86.448917][ T8959]  ffff88809b851380: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   86.457088][ T8959] ==================================================================
[   86.466145][ T8959] Disabling lock debugging due to kernel taint
[   86.472452][ T8959] Kernel panic - not syncing: panic_on_warn set ...
[   86.479168][ T8959] CPU: 0 PID: 8959 Comm: syz-executor304 Tainted: G    B             5.2.0-rc1+ #20
[   86.488522][ T8959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   86.498730][ T8959] Call Trace:
[   86.502026][ T8959]  dump_stack+0x172/0x1f0
[   86.506545][ T8959]  panic+0x2cb/0x744
[   86.510656][ T8959]  ? __warn_printk+0xf3/0xf3
[   86.515325][ T8959]  ? lock_downgrade+0x880/0x880
[   86.520160][ T8959]  ? __lock_acquire+0x3ba2/0x5490
[   86.525244][ T8959]  ? trace_hardirqs_off+0x62/0x220
[   86.530349][ T8959]  ? trace_hardirqs_off+0x59/0x220
[   86.535539][ T8959]  ? __lock_acquire+0x3ba2/0x5490
[   86.540654][ T8959]  end_report+0x47/0x4f
[   86.544800][ T8959]  ? __lock_acquire+0x3ba2/0x5490
[   86.549813][ T8959]  __kasan_report.cold+0xe/0x40
[   86.554659][ T8959]  ? __lock_acquire+0x3ba2/0x5490
[   86.559901][ T8959]  kasan_report+0x12/0x20
[   86.564809][ T8959]  __asan_report_load8_noabort+0x14/0x20
[   86.570629][ T8959]  __lock_acquire+0x3ba2/0x5490
[   86.575564][ T8959]  ? sock_diag_rcv+0x2b/0x40
[   86.580434][ T8959]  ? netlink_unicast+0x531/0x710
[   86.585953][ T8959]  ? netlink_sendmsg+0x8ae/0xd70
[   86.591208][ T8959]  ? sock_sendmsg+0xd7/0x130
[   86.595825][ T8959]  ? ___sys_sendmsg+0x803/0x920
[   86.602058][ T8959]  ? __sys_sendmsg+0x105/0x1d0
[   86.606842][ T8959]  ? __x64_sys_sendmsg+0x78/0xb0
[   86.611984][ T8959]  ? do_syscall_64+0xfd/0x680
[   86.616985][ T8959]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.623601][ T8959]  ? mark_held_locks+0xf0/0xf0
[   86.637261][ T8959]  ? mark_held_locks+0xf0/0xf0
[   86.642762][ T8959]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   86.648404][ T8959]  ? find_held_lock+0x35/0x130
[   86.653227][ T8959]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   86.658884][ T8959]  lock_acquire+0x16f/0x3f0
[   86.663392][ T8959]  ? rhashtable_walk_enter+0xf9/0x390
[   86.669280][ T8959]  _raw_spin_lock+0x2f/0x40
[   86.673783][ T8959]  ? rhashtable_walk_enter+0xf9/0x390
[   86.679840][ T8959]  rhashtable_walk_enter+0xf9/0x390
[   86.685088][ T8959]  __tipc_dump_start+0x1fa/0x3c0
[   86.690800][ T8959]  tipc_dump_start+0x70/0x90
[   86.695409][ T8959]  __netlink_dump_start+0x4f8/0x7d0
[   86.700600][ T8959]  ? __tipc_dump_start+0x3c0/0x3c0
[   86.706257][ T8959]  tipc_sock_diag_handler_dump+0x1d9/0x270
[   86.712382][ T8959]  ? __tipc_diag_gen_cookie+0x90/0x90
[   86.717778][ T8959]  ? sock_diag_rcv+0x1c/0x40
[   86.722538][ T8959]  ? __tipc_dump_start+0x3c0/0x3c0
[   86.728114][ T8959]  ? tipc_unregister_sysctl+0x20/0x20
[   86.733778][ T8959]  ? tipc_ioctl+0x2e0/0x2e0
[   86.738753][ T8959]  sock_diag_rcv_msg+0x319/0x410
[   86.743880][ T8959]  netlink_rcv_skb+0x177/0x450
[   86.749688][ T8959]  ? sock_diag_bind+0x80/0x80
[   86.754416][ T8959]  ? netlink_ack+0xb50/0xb50
[   86.759556][ T8959]  ? kasan_check_read+0x11/0x20
[   86.764419][ T8959]  ? netlink_deliver_tap+0x254/0xbf0
[   86.769743][ T8959]  sock_diag_rcv+0x2b/0x40
[   86.774577][ T8959]  netlink_unicast+0x531/0x710
[   86.779461][ T8959]  ? netlink_attachskb+0x770/0x770
[   86.784644][ T8959]  ? _copy_from_iter_full+0x25d/0x8c0
[   86.790787][ T8959]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   86.796888][ T8959]  ? __check_object_size+0x3d/0x42f
[   86.803105][ T8959]  netlink_sendmsg+0x8ae/0xd70
[   86.808137][ T8959]  ? netlink_unicast+0x710/0x710
[   86.813080][ T8959]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   86.819245][ T8959]  ? apparmor_socket_sendmsg+0x2a/0x30
[   86.825411][ T8959]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.831900][ T8959]  ? security_socket_sendmsg+0x8d/0xc0
[   86.837381][ T8959]  ? netlink_unicast+0x710/0x710
[   86.842463][ T8959]  sock_sendmsg+0xd7/0x130
[   86.847198][ T8959]  ___sys_sendmsg+0x803/0x920
[   86.852025][ T8959]  ? copy_msghdr_from_user+0x430/0x430
[   86.857765][ T8959]  ? prep_transhuge_page+0xa0/0xa0
[   86.863085][ T8959]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.869440][ T8959]  ? __handle_mm_fault+0x7cb/0x3eb0
[   86.874949][ T8959]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   86.881249][ T8959]  ? __fget_light+0x1a9/0x230
[   86.886297][ T8959]  ? __fdget+0x1b/0x20
[   86.890380][ T8959]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   86.896724][ T8959]  __sys_sendmsg+0x105/0x1d0
[   86.901328][ T8959]  ? __ia32_sys_shutdown+0x80/0x80
[   86.906590][ T8959]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   86.912285][ T8959]  ? do_syscall_64+0x26/0x680
[   86.917006][ T8959]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.923261][ T8959]  ? do_syscall_64+0x26/0x680
[   86.927980][ T8959]  __x64_sys_sendmsg+0x78/0xb0
[   86.932837][ T8959]  do_syscall_64+0xfd/0x680
[   86.937347][ T8959]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   86.943355][ T8959] RIP: 0033:0x440219
[   86.947327][ T8959] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   86.967197][ T8959] RSP: 002b:00007ffc499b1f48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   86.975623][ T8959] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219
[   86.983800][ T8959] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[   86.991774][ T8959] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   86.999897][ T8959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0
[   87.008314][ T8959] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000
[   87.017790][ T8959] Kernel Offset: disabled
[   87.022131][ T8959] Rebooting in 86400 seconds..