[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 58.679104][ T26] audit: type=1800 audit(1558473926.692:25): pid=8441 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 58.713931][ T26] audit: type=1800 audit(1558473926.702:26): pid=8441 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 58.734876][ T26] audit: type=1800 audit(1558473926.702:27): pid=8441 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.58' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 69.532976][ T8594] ================================================================== [ 69.541118][ T8594] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x3ba2/0x5490 [ 69.548813][ T8594] Read of size 8 at addr ffff88809b5d7540 by task syz-executor301/8594 [ 69.557016][ T8594] [ 69.559323][ T8594] CPU: 0 PID: 8594 Comm: syz-executor301 Not tainted 5.2.0-rc1+ #21 [ 69.567283][ T8594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.577665][ T8594] Call Trace: [ 69.580945][ T8594] dump_stack+0x172/0x1f0 [ 69.585274][ T8594] ? __lock_acquire+0x3ba2/0x5490 [ 69.590290][ T8594] print_address_description.cold+0x7c/0x20d [ 69.596244][ T8594] ? __lock_acquire+0x3ba2/0x5490 [ 69.601239][ T8594] ? __lock_acquire+0x3ba2/0x5490 [ 69.606235][ T8594] __kasan_report.cold+0x1b/0x40 [ 69.611145][ T8594] ? __lock_acquire+0x3ba2/0x5490 [ 69.616141][ T8594] kasan_report+0x12/0x20 [ 69.620443][ T8594] __asan_report_load8_noabort+0x14/0x20 [ 69.626045][ T8594] __lock_acquire+0x3ba2/0x5490 [ 69.630891][ T8594] ? sock_diag_rcv+0x2b/0x40 [ 69.635480][ T8594] ? netlink_unicast+0x531/0x710 [ 69.640390][ T8594] ? netlink_sendmsg+0x8ae/0xd70 [ 69.645315][ T8594] ? sock_sendmsg+0xd7/0x130 [ 69.649876][ T8594] ? ___sys_sendmsg+0x803/0x920 [ 69.654700][ T8594] ? __sys_sendmsg+0x105/0x1d0 [ 69.659452][ T8594] ? __x64_sys_sendmsg+0x78/0xb0 [ 69.664382][ T8594] ? do_syscall_64+0xfd/0x680 [ 69.669032][ T8594] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.675071][ T8594] ? mark_held_locks+0xf0/0xf0 [ 69.679826][ T8594] ? mark_held_locks+0xf0/0xf0 [ 69.684564][ T8594] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 69.690255][ T8594] ? find_held_lock+0x35/0x130 [ 69.694994][ T8594] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 69.700606][ T8594] lock_acquire+0x16f/0x3f0 [ 69.705086][ T8594] ? rhashtable_walk_enter+0xf9/0x390 [ 69.710448][ T8594] _raw_spin_lock+0x2f/0x40 [ 69.714931][ T8594] ? rhashtable_walk_enter+0xf9/0x390 [ 69.720277][ T8594] rhashtable_walk_enter+0xf9/0x390 [ 69.725456][ T8594] __tipc_dump_start+0x1fa/0x3c0 [ 69.730364][ T8594] tipc_dump_start+0x70/0x90 [ 69.734940][ T8594] __netlink_dump_start+0x4f8/0x7d0 [ 69.740116][ T8594] ? __tipc_dump_start+0x3c0/0x3c0 [ 69.745211][ T8594] tipc_sock_diag_handler_dump+0x1d9/0x270 [ 69.750992][ T8594] ? __tipc_diag_gen_cookie+0x90/0x90 [ 69.756335][ T8594] ? sock_diag_rcv+0x1c/0x40 [ 69.760893][ T8594] ? __tipc_dump_start+0x3c0/0x3c0 [ 69.765999][ T8594] ? tipc_unregister_sysctl+0x20/0x20 [ 69.771347][ T8594] ? tipc_ioctl+0x2e0/0x2e0 [ 69.775841][ T8594] sock_diag_rcv_msg+0x319/0x410 [ 69.780753][ T8594] netlink_rcv_skb+0x177/0x450 [ 69.785491][ T8594] ? sock_diag_bind+0x80/0x80 [ 69.790142][ T8594] ? netlink_ack+0xb50/0xb50 [ 69.794707][ T8594] ? kasan_check_read+0x11/0x20 [ 69.799553][ T8594] ? netlink_deliver_tap+0x254/0xbf0 [ 69.804809][ T8594] sock_diag_rcv+0x2b/0x40 [ 69.809198][ T8594] netlink_unicast+0x531/0x710 [ 69.813956][ T8594] ? netlink_attachskb+0x770/0x770 [ 69.819042][ T8594] ? _copy_from_iter_full+0x25d/0x8c0 [ 69.824407][ T8594] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 69.830100][ T8594] ? __check_object_size+0x3d/0x42f [ 69.835270][ T8594] netlink_sendmsg+0x8ae/0xd70 [ 69.840009][ T8594] ? netlink_unicast+0x710/0x710 [ 69.844927][ T8594] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 69.850451][ T8594] ? apparmor_socket_sendmsg+0x2a/0x30 [ 69.855884][ T8594] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.862105][ T8594] ? security_socket_sendmsg+0x8d/0xc0 [ 69.867538][ T8594] ? netlink_unicast+0x710/0x710 [ 69.872467][ T8594] sock_sendmsg+0xd7/0x130 [ 69.876856][ T8594] ___sys_sendmsg+0x803/0x920 [ 69.881505][ T8594] ? copy_msghdr_from_user+0x430/0x430 [ 69.886955][ T8594] ? prep_transhuge_page+0xa0/0xa0 [ 69.892044][ T8594] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.898255][ T8594] ? __handle_mm_fault+0x7cb/0x3eb0 [ 69.903429][ T8594] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.909638][ T8594] ? __fget_light+0x1a9/0x230 [ 69.914309][ T8594] ? __fdget+0x1b/0x20 [ 69.918353][ T8594] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 69.924570][ T8594] __sys_sendmsg+0x105/0x1d0 [ 69.929146][ T8594] ? __ia32_sys_shutdown+0x80/0x80 [ 69.934232][ T8594] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 69.939662][ T8594] ? do_syscall_64+0x26/0x680 [ 69.944317][ T8594] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.950356][ T8594] ? do_syscall_64+0x26/0x680 [ 69.955013][ T8594] __x64_sys_sendmsg+0x78/0xb0 [ 69.959751][ T8594] do_syscall_64+0xfd/0x680 [ 69.964227][ T8594] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.970091][ T8594] RIP: 0033:0x440219 [ 69.973979][ T8594] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.993556][ T8594] RSP: 002b:00007ffeaad1e8a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 70.001945][ T8594] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219 [ 70.009906][ T8594] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 70.017849][ T8594] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 70.025805][ T8594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0 [ 70.033757][ T8594] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000 [ 70.041703][ T8594] [ 70.044017][ T8594] Allocated by task 8286: [ 70.048320][ T8594] save_stack+0x23/0x90 [ 70.052445][ T8594] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 70.058049][ T8594] kasan_slab_alloc+0xf/0x20 [ 70.062624][ T8594] kmem_cache_alloc+0x11a/0x6f0 [ 70.067452][ T8594] __delayacct_tsk_init+0x20/0x80 [ 70.072466][ T8594] copy_process.part.0+0x4454/0x6790 [ 70.077722][ T8594] _do_fork+0x25d/0xfe0 [ 70.081850][ T8594] __x64_sys_clone+0xbf/0x150 [ 70.086510][ T8594] do_syscall_64+0xfd/0x680 [ 70.090987][ T8594] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.096852][ T8594] [ 70.099187][ T8594] Freed by task 16: [ 70.102972][ T8594] save_stack+0x23/0x90 [ 70.107098][ T8594] __kasan_slab_free+0x102/0x150 [ 70.112008][ T8594] kasan_slab_free+0xe/0x10 [ 70.116480][ T8594] kmem_cache_free+0x86/0x260 [ 70.121128][ T8594] __put_task_struct+0x156/0x4e0 [ 70.126034][ T8594] delayed_put_task_struct+0x1ea/0x340 [ 70.133203][ T8594] rcu_core+0xba5/0x1500 [ 70.140630][ T8594] __do_softirq+0x25c/0x94c [ 70.145116][ T8594] [ 70.147437][ T8594] The buggy address belongs to the object at ffff88809b5d74b0 [ 70.147437][ T8594] which belongs to the cache task_delay_info of size 136 [ 70.161817][ T8594] The buggy address is located 8 bytes to the right of [ 70.161817][ T8594] 136-byte region [ffff88809b5d74b0, ffff88809b5d7538) [ 70.175403][ T8594] The buggy address belongs to the page: [ 70.181008][ T8594] page:ffffea00026d75c0 refcount:1 mapcount:0 mapping:ffff88821bc48c80 index:0xffff88809b5d73e8 [ 70.191383][ T8594] flags: 0x1fffc0000000200(slab) [ 70.196390][ T8594] raw: 01fffc0000000200 ffffea0002a3c508 ffffea0002752f48 ffff88821bc48c80 [ 70.204966][ T8594] raw: ffff88809b5d73e8 ffff88809b5d7000 0000000100000011 0000000000000000 [ 70.213519][ T8594] page dumped because: kasan: bad access detected [ 70.219897][ T8594] [ 70.222193][ T8594] Memory state around the buggy address: [ 70.227794][ T8594] ffff88809b5d7400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 70.235824][ T8594] ffff88809b5d7480: fc fc fc fc fc fc fb fb fb fb fb fb fb fb fb fb [ 70.243855][ T8594] >ffff88809b5d7500: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fb [ 70.251894][ T8594] ^ [ 70.258026][ T8594] ffff88809b5d7580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.266075][ T8594] ffff88809b5d7600: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 70.274107][ T8594] ================================================================== [ 70.282137][ T8594] Disabling lock debugging due to kernel taint [ 70.288260][ T8594] Kernel panic - not syncing: panic_on_warn set ... [ 70.294819][ T8594] CPU: 0 PID: 8594 Comm: syz-executor301 Tainted: G B 5.2.0-rc1+ #21 [ 70.304411][ T8594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.314438][ T8594] Call Trace: [ 70.317706][ T8594] dump_stack+0x172/0x1f0 [ 70.322012][ T8594] panic+0x2cb/0x744 [ 70.325884][ T8594] ? __warn_printk+0xf3/0xf3 [ 70.330457][ T8594] ? lock_downgrade+0x880/0x880 [ 70.335280][ T8594] ? __lock_acquire+0x3ba2/0x5490 [ 70.340283][ T8594] ? trace_hardirqs_off+0x62/0x220 [ 70.345375][ T8594] ? trace_hardirqs_off+0x59/0x220 [ 70.350459][ T8594] ? __lock_acquire+0x3ba2/0x5490 [ 70.355456][ T8594] end_report+0x47/0x4f [ 70.359586][ T8594] ? __lock_acquire+0x3ba2/0x5490 [ 70.364580][ T8594] __kasan_report.cold+0xe/0x40 [ 70.369402][ T8594] ? __lock_acquire+0x3ba2/0x5490 [ 70.374402][ T8594] kasan_report+0x12/0x20 [ 70.378705][ T8594] __asan_report_load8_noabort+0x14/0x20 [ 70.384309][ T8594] __lock_acquire+0x3ba2/0x5490 [ 70.389158][ T8594] ? sock_diag_rcv+0x2b/0x40 [ 70.393724][ T8594] ? netlink_unicast+0x531/0x710 [ 70.398633][ T8594] ? netlink_sendmsg+0x8ae/0xd70 [ 70.403558][ T8594] ? sock_sendmsg+0xd7/0x130 [ 70.408120][ T8594] ? ___sys_sendmsg+0x803/0x920 [ 70.412945][ T8594] ? __sys_sendmsg+0x105/0x1d0 [ 70.417677][ T8594] ? __x64_sys_sendmsg+0x78/0xb0 [ 70.422590][ T8594] ? do_syscall_64+0xfd/0x680 [ 70.427239][ T8594] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.433294][ T8594] ? mark_held_locks+0xf0/0xf0 [ 70.438028][ T8594] ? mark_held_locks+0xf0/0xf0 [ 70.442769][ T8594] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 70.448371][ T8594] ? find_held_lock+0x35/0x130 [ 70.453106][ T8594] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 70.458713][ T8594] lock_acquire+0x16f/0x3f0 [ 70.463194][ T8594] ? rhashtable_walk_enter+0xf9/0x390 [ 70.468555][ T8594] _raw_spin_lock+0x2f/0x40 [ 70.473032][ T8594] ? rhashtable_walk_enter+0xf9/0x390 [ 70.478391][ T8594] rhashtable_walk_enter+0xf9/0x390 [ 70.483568][ T8594] __tipc_dump_start+0x1fa/0x3c0 [ 70.488492][ T8594] tipc_dump_start+0x70/0x90 [ 70.493058][ T8594] __netlink_dump_start+0x4f8/0x7d0 [ 70.498227][ T8594] ? __tipc_dump_start+0x3c0/0x3c0 [ 70.503310][ T8594] tipc_sock_diag_handler_dump+0x1d9/0x270 [ 70.509088][ T8594] ? __tipc_diag_gen_cookie+0x90/0x90 [ 70.514432][ T8594] ? sock_diag_rcv+0x1c/0x40 [ 70.519016][ T8594] ? __tipc_dump_start+0x3c0/0x3c0 [ 70.524100][ T8594] ? tipc_unregister_sysctl+0x20/0x20 [ 70.529445][ T8594] ? tipc_ioctl+0x2e0/0x2e0 [ 70.533925][ T8594] sock_diag_rcv_msg+0x319/0x410 [ 70.538847][ T8594] netlink_rcv_skb+0x177/0x450 [ 70.543590][ T8594] ? sock_diag_bind+0x80/0x80 [ 70.548242][ T8594] ? netlink_ack+0xb50/0xb50 [ 70.552805][ T8594] ? kasan_check_read+0x11/0x20 [ 70.557635][ T8594] ? netlink_deliver_tap+0x254/0xbf0 [ 70.562889][ T8594] sock_diag_rcv+0x2b/0x40 [ 70.567287][ T8594] netlink_unicast+0x531/0x710 [ 70.572022][ T8594] ? netlink_attachskb+0x770/0x770 [ 70.577106][ T8594] ? _copy_from_iter_full+0x25d/0x8c0 [ 70.582455][ T8594] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 70.588145][ T8594] ? __check_object_size+0x3d/0x42f [ 70.593330][ T8594] netlink_sendmsg+0x8ae/0xd70 [ 70.598065][ T8594] ? netlink_unicast+0x710/0x710 [ 70.602978][ T8594] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 70.608495][ T8594] ? apparmor_socket_sendmsg+0x2a/0x30 [ 70.613940][ T8594] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 70.620159][ T8594] ? security_socket_sendmsg+0x8d/0xc0 [ 70.625591][ T8594] ? netlink_unicast+0x710/0x710 [ 70.630506][ T8594] sock_sendmsg+0xd7/0x130 [ 70.634897][ T8594] ___sys_sendmsg+0x803/0x920 [ 70.639548][ T8594] ? copy_msghdr_from_user+0x430/0x430 [ 70.644984][ T8594] ? prep_transhuge_page+0xa0/0xa0 [ 70.650084][ T8594] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 70.656307][ T8594] ? __handle_mm_fault+0x7cb/0x3eb0 [ 70.661583][ T8594] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 70.667796][ T8594] ? __fget_light+0x1a9/0x230 [ 70.672477][ T8594] ? __fdget+0x1b/0x20 [ 70.676520][ T8594] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 70.682742][ T8594] __sys_sendmsg+0x105/0x1d0 [ 70.687333][ T8594] ? __ia32_sys_shutdown+0x80/0x80 [ 70.692433][ T8594] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 70.697889][ T8594] ? do_syscall_64+0x26/0x680 [ 70.702570][ T8594] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.708625][ T8594] ? do_syscall_64+0x26/0x680 [ 70.713295][ T8594] __x64_sys_sendmsg+0x78/0xb0 [ 70.718032][ T8594] do_syscall_64+0xfd/0x680 [ 70.722525][ T8594] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.728388][ T8594] RIP: 0033:0x440219 [ 70.732272][ T8594] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 70.751850][ T8594] RSP: 002b:00007ffeaad1e8a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 70.760247][ T8594] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219 [ 70.768196][ T8594] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 70.776138][ T8594] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 70.784088][ T8594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0 [ 70.792036][ T8594] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000 [ 70.801086][ T8594] Kernel Offset: disabled [ 70.805420][ T8594] Rebooting in 86400 seconds..