[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 55.983805][ T26] audit: type=1800 audit(1558413235.960:25): pid=8385 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 56.018883][ T26] audit: type=1800 audit(1558413235.960:26): pid=8385 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 56.063536][ T26] audit: type=1800 audit(1558413235.960:27): pid=8385 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.182' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 64.050845][ T8538] ================================================================== [ 64.058940][ T8538] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x3ba2/0x5490 [ 64.066630][ T8538] Read of size 8 at addr ffff88809b04fdc0 by task syz-executor358/8538 [ 64.074835][ T8538] [ 64.077149][ T8538] CPU: 0 PID: 8538 Comm: syz-executor358 Not tainted 5.2.0-rc1+ #1 [ 64.085008][ T8538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.095037][ T8538] Call Trace: [ 64.098305][ T8538] dump_stack+0x172/0x1f0 [ 64.102623][ T8538] ? __lock_acquire+0x3ba2/0x5490 [ 64.107627][ T8538] print_address_description.cold+0x7c/0x20d [ 64.113580][ T8538] ? __lock_acquire+0x3ba2/0x5490 [ 64.118575][ T8538] ? __lock_acquire+0x3ba2/0x5490 [ 64.123575][ T8538] __kasan_report.cold+0x1b/0x40 [ 64.128501][ T8538] ? __lock_acquire+0x3ba2/0x5490 [ 64.133501][ T8538] kasan_report+0x12/0x20 [ 64.137806][ T8538] __asan_report_load8_noabort+0x14/0x20 [ 64.143414][ T8538] __lock_acquire+0x3ba2/0x5490 [ 64.148239][ T8538] ? sock_diag_rcv+0x2b/0x40 [ 64.152808][ T8538] ? netlink_unicast+0x531/0x710 [ 64.157733][ T8538] ? netlink_sendmsg+0x8ae/0xd70 [ 64.162644][ T8538] ? sock_sendmsg+0xd7/0x130 [ 64.167204][ T8538] ? ___sys_sendmsg+0x803/0x920 [ 64.172034][ T8538] ? __sys_sendmsg+0x105/0x1d0 [ 64.176797][ T8538] ? __x64_sys_sendmsg+0x78/0xb0 [ 64.181719][ T8538] ? do_syscall_64+0xfd/0x680 [ 64.186371][ T8538] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.192412][ T8538] ? mark_held_locks+0xf0/0xf0 [ 64.197148][ T8538] ? mark_held_locks+0xf0/0xf0 [ 64.201889][ T8538] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 64.207497][ T8538] ? find_held_lock+0x35/0x130 [ 64.212235][ T8538] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 64.217861][ T8538] lock_acquire+0x16f/0x3f0 [ 64.222360][ T8538] ? rhashtable_walk_enter+0xf9/0x390 [ 64.227711][ T8538] _raw_spin_lock+0x2f/0x40 [ 64.232192][ T8538] ? rhashtable_walk_enter+0xf9/0x390 [ 64.237544][ T8538] rhashtable_walk_enter+0xf9/0x390 [ 64.242720][ T8538] __tipc_dump_start+0x1fa/0x3c0 [ 64.247649][ T8538] tipc_dump_start+0x70/0x90 [ 64.252217][ T8538] __netlink_dump_start+0x4f8/0x7d0 [ 64.257417][ T8538] ? __tipc_dump_start+0x3c0/0x3c0 [ 64.262518][ T8538] tipc_sock_diag_handler_dump+0x1d9/0x270 [ 64.268319][ T8538] ? __tipc_diag_gen_cookie+0x90/0x90 [ 64.273668][ T8538] ? sock_diag_rcv+0x1c/0x40 [ 64.278229][ T8538] ? __tipc_dump_start+0x3c0/0x3c0 [ 64.283325][ T8538] ? tipc_unregister_sysctl+0x20/0x20 [ 64.288679][ T8538] ? tipc_ioctl+0x2e0/0x2e0 [ 64.293157][ T8538] sock_diag_rcv_msg+0x319/0x410 [ 64.298083][ T8538] netlink_rcv_skb+0x177/0x450 [ 64.302821][ T8538] ? sock_diag_bind+0x80/0x80 [ 64.307473][ T8538] ? netlink_ack+0xb50/0xb50 [ 64.312042][ T8538] ? kasan_check_read+0x11/0x20 [ 64.316871][ T8538] ? netlink_deliver_tap+0x254/0xbf0 [ 64.322131][ T8538] sock_diag_rcv+0x2b/0x40 [ 64.326526][ T8538] netlink_unicast+0x531/0x710 [ 64.331266][ T8538] ? netlink_attachskb+0x770/0x770 [ 64.336364][ T8538] ? _copy_from_iter_full+0x25d/0x8c0 [ 64.341713][ T8538] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 64.347412][ T8538] ? __check_object_size+0x3d/0x42f [ 64.352596][ T8538] netlink_sendmsg+0x8ae/0xd70 [ 64.357353][ T8538] ? netlink_unicast+0x710/0x710 [ 64.362267][ T8538] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 64.367794][ T8538] ? apparmor_socket_sendmsg+0x2a/0x30 [ 64.373247][ T8538] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 64.379465][ T8538] ? security_socket_sendmsg+0x8d/0xc0 [ 64.384899][ T8538] ? netlink_unicast+0x710/0x710 [ 64.389811][ T8538] sock_sendmsg+0xd7/0x130 [ 64.394206][ T8538] ___sys_sendmsg+0x803/0x920 [ 64.398856][ T8538] ? copy_msghdr_from_user+0x430/0x430 [ 64.404305][ T8538] ? prep_transhuge_page+0xa0/0xa0 [ 64.409395][ T8538] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 64.415621][ T8538] ? __handle_mm_fault+0x7cb/0x3eb0 [ 64.420811][ T8538] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 64.427056][ T8538] ? __fget_light+0x1a9/0x230 [ 64.431722][ T8538] ? __fdget+0x1b/0x20 [ 64.435770][ T8538] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 64.441992][ T8538] __sys_sendmsg+0x105/0x1d0 [ 64.446564][ T8538] ? __ia32_sys_shutdown+0x80/0x80 [ 64.451654][ T8538] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 64.457085][ T8538] ? do_syscall_64+0x26/0x680 [ 64.461738][ T8538] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.467779][ T8538] ? do_syscall_64+0x26/0x680 [ 64.472433][ T8538] __x64_sys_sendmsg+0x78/0xb0 [ 64.477172][ T8538] do_syscall_64+0xfd/0x680 [ 64.481648][ T8538] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.487537][ T8538] RIP: 0033:0x440219 [ 64.491413][ T8538] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 64.510991][ T8538] RSP: 002b:00007ffdfccef2a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 64.519372][ T8538] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219 [ 64.527317][ T8538] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 64.535281][ T8538] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 64.543236][ T8538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0 [ 64.551178][ T8538] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000 [ 64.559126][ T8538] [ 64.561452][ T8538] Allocated by task 1: [ 64.565520][ T8538] save_stack+0x23/0x90 [ 64.569651][ T8538] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 64.575257][ T8538] kasan_slab_alloc+0xf/0x20 [ 64.579828][ T8538] kmem_cache_alloc+0x11a/0x6f0 [ 64.584650][ T8538] __kernfs_new_node+0xf0/0x6c0 [ 64.589471][ T8538] kernfs_new_node+0x96/0x120 [ 64.594120][ T8538] __kernfs_create_file+0x51/0x340 [ 64.599203][ T8538] sysfs_add_file_mode_ns+0x222/0x560 [ 64.604546][ T8538] internal_create_group+0x359/0xc40 [ 64.609801][ T8538] sysfs_create_groups+0x9b/0x141 [ 64.614800][ T8538] device_add+0x80f/0x17a0 [ 64.619191][ T8538] netdev_register_kobject+0x183/0x3b0 [ 64.624629][ T8538] register_netdevice+0x875/0xff0 [ 64.629797][ T8538] register_netdev+0x30/0x50 [ 64.634387][ T8538] vti6_init_net+0x518/0x820 [ 64.639507][ T8538] ops_init+0xb3/0x410 [ 64.643571][ T8538] register_pernet_operations+0x382/0x7f0 [ 64.649274][ T8538] register_pernet_device+0x2a/0x80 [ 64.654540][ T8538] vti6_tunnel_init+0x19/0x176 [ 64.659292][ T8538] do_one_initcall+0x107/0x7ba [ 64.664031][ T8538] kernel_init_freeable+0x4d4/0x5c3 [ 64.669205][ T8538] kernel_init+0x12/0x1c5 [ 64.673508][ T8538] ret_from_fork+0x24/0x30 [ 64.677890][ T8538] [ 64.680191][ T8538] Freed by task 0: [ 64.683880][ T8538] (stack is not available) [ 64.688271][ T8538] [ 64.690582][ T8538] The buggy address belongs to the object at ffff88809b04fd20 [ 64.690582][ T8538] which belongs to the cache kernfs_node_cache of size 160 [ 64.705129][ T8538] The buggy address is located 0 bytes to the right of [ 64.705129][ T8538] 160-byte region [ffff88809b04fd20, ffff88809b04fdc0) [ 64.718812][ T8538] The buggy address belongs to the page: [ 64.724419][ T8538] page:ffffea00026c13c0 refcount:1 mapcount:0 mapping:ffff88821bc48500 index:0xffff88809b04ffee [ 64.734799][ T8538] flags: 0x1fffc0000000200(slab) [ 64.739711][ T8538] raw: 01fffc0000000200 ffffea00026c0108 ffffea00026c1408 ffff88821bc48500 [ 64.748284][ T8538] raw: ffff88809b04ffee ffff88809b04f000 0000000100000012 0000000000000000 [ 64.756835][ T8538] page dumped because: kasan: bad access detected [ 64.763217][ T8538] [ 64.765515][ T8538] Memory state around the buggy address: [ 64.771132][ T8538] ffff88809b04fc80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 64.779168][ T8538] ffff88809b04fd00: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.787201][ T8538] >ffff88809b04fd80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 64.795260][ T8538] ^ [ 64.801399][ T8538] ffff88809b04fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.809430][ T8538] ffff88809b04fe80: 00 00 00 00 fc fc fc fc fc fc fc fc 00 00 00 00 [ 64.817459][ T8538] ================================================================== [ 64.825497][ T8538] Disabling lock debugging due to kernel taint [ 64.831622][ T8538] Kernel panic - not syncing: panic_on_warn set ... [ 64.838204][ T8538] CPU: 0 PID: 8538 Comm: syz-executor358 Tainted: G B 5.2.0-rc1+ #1 [ 64.847470][ T8538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.857510][ T8538] Call Trace: [ 64.860779][ T8538] dump_stack+0x172/0x1f0 [ 64.865090][ T8538] panic+0x2cb/0x744 [ 64.868977][ T8538] ? __warn_printk+0xf3/0xf3 [ 64.873545][ T8538] ? lock_downgrade+0x880/0x880 [ 64.878367][ T8538] ? __lock_acquire+0x3ba2/0x5490 [ 64.883364][ T8538] ? trace_hardirqs_off+0x62/0x220 [ 64.888446][ T8538] ? trace_hardirqs_off+0x59/0x220 [ 64.893530][ T8538] ? __lock_acquire+0x3ba2/0x5490 [ 64.898531][ T8538] end_report+0x47/0x4f [ 64.902661][ T8538] ? __lock_acquire+0x3ba2/0x5490 [ 64.907659][ T8538] __kasan_report.cold+0xe/0x40 [ 64.913356][ T8538] ? __lock_acquire+0x3ba2/0x5490 [ 64.918357][ T8538] kasan_report+0x12/0x20 [ 64.922662][ T8538] __asan_report_load8_noabort+0x14/0x20 [ 64.928275][ T8538] __lock_acquire+0x3ba2/0x5490 [ 64.933100][ T8538] ? sock_diag_rcv+0x2b/0x40 [ 64.937680][ T8538] ? netlink_unicast+0x531/0x710 [ 64.942595][ T8538] ? netlink_sendmsg+0x8ae/0xd70 [ 64.947505][ T8538] ? sock_sendmsg+0xd7/0x130 [ 64.952091][ T8538] ? ___sys_sendmsg+0x803/0x920 [ 64.956924][ T8538] ? __sys_sendmsg+0x105/0x1d0 [ 64.961661][ T8538] ? __x64_sys_sendmsg+0x78/0xb0 [ 64.966576][ T8538] ? do_syscall_64+0xfd/0x680 [ 64.971225][ T8538] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 64.977295][ T8538] ? mark_held_locks+0xf0/0xf0 [ 64.982033][ T8538] ? mark_held_locks+0xf0/0xf0 [ 64.986777][ T8538] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 64.992383][ T8538] ? find_held_lock+0x35/0x130 [ 64.997119][ T8538] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 65.002727][ T8538] lock_acquire+0x16f/0x3f0 [ 65.007207][ T8538] ? rhashtable_walk_enter+0xf9/0x390 [ 65.012563][ T8538] _raw_spin_lock+0x2f/0x40 [ 65.017042][ T8538] ? rhashtable_walk_enter+0xf9/0x390 [ 65.022387][ T8538] rhashtable_walk_enter+0xf9/0x390 [ 65.027560][ T8538] __tipc_dump_start+0x1fa/0x3c0 [ 65.032473][ T8538] tipc_dump_start+0x70/0x90 [ 65.037044][ T8538] __netlink_dump_start+0x4f8/0x7d0 [ 65.042231][ T8538] ? __tipc_dump_start+0x3c0/0x3c0 [ 65.047329][ T8538] tipc_sock_diag_handler_dump+0x1d9/0x270 [ 65.053110][ T8538] ? __tipc_diag_gen_cookie+0x90/0x90 [ 65.058455][ T8538] ? sock_diag_rcv+0x1c/0x40 [ 65.063031][ T8538] ? __tipc_dump_start+0x3c0/0x3c0 [ 65.068128][ T8538] ? tipc_unregister_sysctl+0x20/0x20 [ 65.073493][ T8538] ? tipc_ioctl+0x2e0/0x2e0 [ 65.077974][ T8538] sock_diag_rcv_msg+0x319/0x410 [ 65.082887][ T8538] netlink_rcv_skb+0x177/0x450 [ 65.087625][ T8538] ? sock_diag_bind+0x80/0x80 [ 65.092275][ T8538] ? netlink_ack+0xb50/0xb50 [ 65.096842][ T8538] ? kasan_check_read+0x11/0x20 [ 65.101754][ T8538] ? netlink_deliver_tap+0x254/0xbf0 [ 65.107013][ T8538] sock_diag_rcv+0x2b/0x40 [ 65.111428][ T8538] netlink_unicast+0x531/0x710 [ 65.116212][ T8538] ? netlink_attachskb+0x770/0x770 [ 65.121312][ T8538] ? _copy_from_iter_full+0x25d/0x8c0 [ 65.126659][ T8538] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 65.132439][ T8538] ? __check_object_size+0x3d/0x42f [ 65.137609][ T8538] netlink_sendmsg+0x8ae/0xd70 [ 65.142348][ T8538] ? netlink_unicast+0x710/0x710 [ 65.147260][ T8538] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 65.152780][ T8538] ? apparmor_socket_sendmsg+0x2a/0x30 [ 65.158211][ T8538] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 65.164437][ T8538] ? security_socket_sendmsg+0x8d/0xc0 [ 65.169880][ T8538] ? netlink_unicast+0x710/0x710 [ 65.174793][ T8538] sock_sendmsg+0xd7/0x130 [ 65.179181][ T8538] ___sys_sendmsg+0x803/0x920 [ 65.183834][ T8538] ? copy_msghdr_from_user+0x430/0x430 [ 65.189268][ T8538] ? prep_transhuge_page+0xa0/0xa0 [ 65.194354][ T8538] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 65.204508][ T8538] ? __handle_mm_fault+0x7cb/0x3eb0 [ 65.209788][ T8538] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 65.216004][ T8538] ? __fget_light+0x1a9/0x230 [ 65.220657][ T8538] ? __fdget+0x1b/0x20 [ 65.224700][ T8538] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 65.230919][ T8538] __sys_sendmsg+0x105/0x1d0 [ 65.235503][ T8538] ? __ia32_sys_shutdown+0x80/0x80 [ 65.240595][ T8538] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 65.246140][ T8538] ? do_syscall_64+0x26/0x680 [ 65.250790][ T8538] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 65.256829][ T8538] ? do_syscall_64+0x26/0x680 [ 65.262306][ T8538] __x64_sys_sendmsg+0x78/0xb0 [ 65.267067][ T8538] do_syscall_64+0xfd/0x680 [ 65.271546][ T8538] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 65.277411][ T8538] RIP: 0033:0x440219 [ 65.281280][ T8538] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 65.300873][ T8538] RSP: 002b:00007ffdfccef2a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 65.309258][ T8538] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219 [ 65.317210][ T8538] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 65.325162][ T8538] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 65.333106][ T8538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0 [ 65.341053][ T8538] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000 [ 65.354229][ T8538] Kernel Offset: disabled [ 65.358562][ T8538] Rebooting in 86400 seconds..