[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 36.116359] audit: type=1800 audit(1538922099.730:25): pid=5656 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[ 36.152673] audit: type=1800 audit(1538922099.730:26): pid=5656 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 36.180024] audit: type=1800 audit(1538922099.740:27): pid=5656 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.10.40' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 65.850804] FAULT_INJECTION: forcing a failure.
[ 65.850804] name failslab, interval 1, probability 0, space 0, times 1
[ 65.862174] CPU: 0 PID: 5808 Comm: syz-executor549 Not tainted 4.19.0-rc6+ #132
[ 65.869612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 65.878949] Call Trace:
[ 65.881538] dump_stack+0x1c4/0x2b4
[ 65.885156] ? dump_stack_print_info.cold.2+0x52/0x52
[ 65.890405] should_fail.cold.4+0xa/0x17
[ 65.894462] ? fault_create_debugfs_attr+0x1f0/0x1f0
[ 65.899550] ? mm_fault_error+0x380/0x380
[ 65.903690] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 65.909263] ? tcp_leave_memory_pressure+0x2a/0x110
[ 65.914284] ? vmalloc_sync_all+0x30/0x30
[ 65.918420] ? retint_kernel+0x2d/0x2d
[ 65.922295] ? trace_hardirqs_on_caller+0xc0/0x310
[ 65.927211] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 65.932039] ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 65.936786] ? trace_hardirqs_off+0x310/0x310
[ 65.941272] ? alloc_pages_current+0x114/0x210
[ 65.945844] ? fs_reclaim_acquire+0x20/0x20
[ 65.950155] ? lock_downgrade+0x900/0x900
[ 65.954288] ? __might_fault+0x12b/0x1e0
[ 65.958334] ? ___might_sleep+0x1ed/0x300
[ 65.962478] ? arch_local_save_flags+0x40/0x40
[ 65.967053] ? arch_local_save_flags+0x40/0x40
[ 65.971636] __should_failslab+0x124/0x180
[ 65.975866] should_failslab+0x9/0x14
[ 65.979659] __kmalloc+0x2d4/0x760
[ 65.983190] ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 65.988191] ? _copy_from_iter+0x39d/0x1090
[ 65.992563] ? tls_push_record+0x107/0x1480
[ 65.996880] ? usercopy_warn+0x110/0x110
[ 66.000930] tls_push_record+0x107/0x1480
[ 66.005067] ? _copy_from_iter_nocache+0x1050/0x1050
[ 66.010162] tls_sw_sendmsg+0xe4b/0x1310
[ 66.014214] ? decrypt_skb_update+0x6a0/0x6a0
[ 66.018690] ? aa_sk_perm+0x218/0x8b0
[ 66.022473] ? aa_af_perm+0x5a0/0x5a0
[ 66.026259] ? usercopy_warn+0x110/0x110
[ 66.030315] inet_sendmsg+0x1a1/0x690
[ 66.034107] ? ipip_gro_receive+0x100/0x100
[ 66.038415] ? apparmor_socket_sendmsg+0x29/0x30
[ 66.043207] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 66.048803] ? security_socket_sendmsg+0x94/0xc0
[ 66.053553] ? ipip_gro_receive+0x100/0x100
[ 66.057861] sock_sendmsg+0xd5/0x120
[ 66.061564] __sys_sendto+0x3d7/0x670
[ 66.065368] ? __ia32_sys_getpeername+0xb0/0xb0
[ 66.070030] ? lock_downgrade+0x900/0x900
[ 66.074167] ? lock_release+0x970/0x970
[ 66.078177] ? check_preemption_disabled+0x48/0x200
[ 66.083187] ? fsnotify_first_mark+0x350/0x350
[ 66.087756] ? __fsnotify_parent+0xcc/0x420
[ 66.092071] ? fsnotify+0x12f0/0x12f0
[ 66.095861] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 66.101391] ? __sb_end_write+0xd9/0x110
[ 66.105446] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 66.110970] ? ksys_write+0x1ae/0x260
[ 66.114757] ? trace_hardirqs_on+0xbd/0x310
[ 66.119056] ? __ia32_sys_read+0xb0/0xb0
[ 66.123105] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 66.128454] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 66.133891] __x64_sys_sendto+0xe1/0x1a0
[ 66.138092] do_syscall_64+0x1b9/0x820
[ 66.142204] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 66.147608] ? syscall_return_slowpath+0x5e0/0x5e0
[ 66.152521] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 66.157345] ? trace_hardirqs_on_caller+0x310/0x310
[ 66.162342] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 66.167346] ? prepare_exit_to_usermode+0x291/0x3b0
[ 66.172348] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 66.177175] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 66.182347] RIP: 0033:0x4406d9
[ 66.185534] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[ 66.204462] RSP: 002b:00007ffdf407a728 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[ 66.212159] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004406d9
[ 66.219416] RDX: 00000000fffffdef RSI: 00000000200005c0 RDI: 0000000000000003
[ 66.226670] RBP: 00000000006cb018 R08: 0000000020000000 R09: 000000000000001c
[ 66.233930] R10: 0000000000000040 R11: 0000000000000212 R12: 0000000000000004
[ 66.241190] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000
[ 66.250184] ==================================================================
[ 66.257551] BUG: KASAN: use-after-free in tls_push_record+0x10b9/0x1480
[ 66.264300] Write of size 1 at addr ffff8801bbd98000 by task syz-executor549/5808
[ 66.271908]
[ 66.273532] CPU: 0 PID: 5808 Comm: syz-executor549 Not tainted 4.19.0-rc6+ #132
[ 66.280962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 66.290305] Call Trace:
[ 66.292896] dump_stack+0x1c4/0x2b4
[ 66.296514] ? dump_stack_print_info.cold.2+0x52/0x52
[ 66.301688] ? printk+0xa7/0xcf
[ 66.304951] ? kmsg_dump_rewind_nolock+0xe4/0xe4
[ 66.309700] print_address_description.cold.8+0x9/0x1ff
[ 66.315049] kasan_report.cold.9+0x242/0x309
[ 66.319448] ? tls_push_record+0x10b9/0x1480
[ 66.323849] __asan_report_store1_noabort+0x17/0x20
[ 66.328855] tls_push_record+0x10b9/0x1480
[ 66.333079] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 66.338609] ? lock_sock_nested+0x9a/0x120
[ 66.342831] tls_sw_push_pending_record+0x22/0x30
[ 66.347662] tls_sk_proto_close+0x69c/0xbb0
[ 66.351971] ? lock_acquire+0x1ed/0x520
[ 66.355985] ? tcp_check_oom+0x530/0x530
[ 66.360034] ? tls_write_space+0x390/0x390
[ 66.364250] ? arch_local_save_flags+0x40/0x40
[ 66.368819] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 66.374564] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 66.380094] ? ipv6_sock_ac_close+0x34f/0x470
[ 66.384575] ? ipv6_sock_mc_close+0x162/0x1d0
[ 66.389056] ? ip_mc_drop_socket+0x20b/0x270
[ 66.393449] ? down_write+0x8a/0x130
[ 66.397149] inet_release+0x104/0x1f0
[ 66.400933] inet6_release+0x50/0x70
[ 66.404636] __sock_release+0xd7/0x250
[ 66.408510] ? __sock_release+0x250/0x250
[ 66.412642] sock_close+0x19/0x20
[ 66.416078] __fput+0x385/0xa30
[ 66.419346] ? get_max_files+0x20/0x20
[ 66.423221] ? trace_hardirqs_on+0xbd/0x310
[ 66.427528] ? kasan_check_read+0x11/0x20
[ 66.431665] ? ___might_sleep+0x1ed/0x300
[ 66.435800] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 66.441238] ? arch_local_save_flags+0x40/0x40
[ 66.445809] ? kasan_check_write+0x14/0x20
[ 66.450032] ? do_raw_spin_lock+0xc1/0x200
[ 66.454253] ____fput+0x15/0x20
[ 66.457525] task_work_run+0x1e8/0x2a0
[ 66.461403] ? task_work_cancel+0x240/0x240
[ 66.465797] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 66.471334] ? switch_task_namespaces+0x9d/0xd0
[ 66.475990] do_exit+0x1ad7/0x2610
[ 66.479520] ? mm_update_next_owner+0x990/0x990
[ 66.484191] ? release_sock+0x1ec/0x2c0
[ 66.488156] ? __release_sock+0x3a0/0x3a0
[ 66.492309] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 66.497842] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 66.503483] ? tls_sw_sendmsg+0xcfd/0x1310
[ 66.507719] ? decrypt_skb_update+0x6a0/0x6a0
[ 66.512203] ? aa_sk_perm+0x218/0x8b0
[ 66.515999] ? aa_af_perm+0x5a0/0x5a0
[ 66.519785] ? usercopy_warn+0x110/0x110
[ 66.523833] ? inet_sendmsg+0x1a8/0x690
[ 66.527798] ? ipip_gro_receive+0x100/0x100
[ 66.532155] ? apparmor_socket_sendmsg+0x29/0x30
[ 66.536908] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 66.542444] ? security_socket_sendmsg+0x94/0xc0
[ 66.547187] ? ipip_gro_receive+0x100/0x100
[ 66.551509] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 66.557090] ? sock_sendmsg+0x5a/0x120
[ 66.561017] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 66.566652] ? __sys_sendto+0x475/0x670
[ 66.570616] ? __ia32_sys_getpeername+0xb0/0xb0
[ 66.575325] ? lock_downgrade+0x900/0x900
[ 66.579464] ? lock_release+0x970/0x970
[ 66.583430] ? check_preemption_disabled+0x48/0x200
[ 66.588441] ? fsnotify_first_mark+0x350/0x350
[ 66.593009] ? __fsnotify_parent+0xcc/0x420
[ 66.597314] ? fsnotify+0x12f0/0x12f0
[ 66.601107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 66.606632] ? __sb_end_write+0xd9/0x110
[ 66.610786] do_group_exit+0x177/0x440
[ 66.614663] ? trace_hardirqs_on+0xbd/0x310
[ 66.618973] ? __ia32_sys_exit+0x50/0x50
[ 66.623029] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 66.628518] __x64_sys_exit_group+0x3e/0x50
[ 66.632831] do_syscall_64+0x1b9/0x820
[ 66.636707] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 66.642061] ? syscall_return_slowpath+0x5e0/0x5e0
[ 66.646979] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 66.651816] ? trace_hardirqs_on_caller+0x310/0x310
[ 66.656822] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 66.661841] ? prepare_exit_to_usermode+0x291/0x3b0
[ 66.666849] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 66.671730] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 66.676906] RIP: 0033:0x43f398
[ 66.680089] Code: Bad RIP value.
[ 66.683441] RSP: 002b:00007ffdf407a748 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 66.691184] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f398
[ 66.698446] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 66.705919] RBP: 00000000004bf108 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 66.713176] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000001
[ 66.720433] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000
[ 66.727696]
[ 66.729303] The buggy address belongs to the page:
[ 66.734219] page:ffffea0006ef6600 count:0 mapcount:-128 mapping:0000000000000000 index:0x0
[ 66.742604] flags: 0x2fffc0000000000()
[ 66.746478] raw: 02fffc0000000000 ffffea0006ff6608 ffff88021fffaef8 0000000000000000
[ 66.754402] raw: 0000000000000000 0000000000000003 00000000ffffff7f 0000000000000000
[ 66.762331] page dumped because: kasan: bad access detected
[ 66.768063]
[ 66.769679] Memory state around the buggy address:
[ 66.774589] ffff8801bbd97f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 66.782028] ffff8801bbd97f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 66.789372] >ffff8801bbd98000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 66.796756] ^
[ 66.800107] ffff8801bbd98080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 66.807447] ffff8801bbd98100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 66.814835] ==================================================================
[ 66.822633] Kernel panic - not syncing: panic_on_warn set ...
[ 66.822633]
[ 66.829996] CPU: 0 PID: 5808 Comm: syz-executor549 Tainted: G B 4.19.0-rc6+ #132
[ 66.838991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 66.848388] Call Trace:
[ 66.850970] dump_stack+0x1c4/0x2b4
[ 66.854584] ? dump_stack_print_info.cold.2+0x52/0x52
[ 66.859768] panic+0x238/0x4e7
[ 66.862991] ? add_taint.cold.5+0x16/0x16
[ 66.867136] ? preempt_schedule+0x4d/0x60
[ 66.871275] ? ___preempt_schedule+0x16/0x18
[ 66.875707] ? trace_hardirqs_on+0xb4/0x310
[ 66.880024] kasan_end_report+0x47/0x4f
[ 66.883976] kasan_report.cold.9+0x76/0x309
[ 66.888385] ? tls_push_record+0x10b9/0x1480
[ 66.892791] __asan_report_store1_noabort+0x17/0x20
[ 66.897801] tls_push_record+0x10b9/0x1480
[ 66.902128] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 66.907657] ? lock_sock_nested+0x9a/0x120
[ 66.911984] tls_sw_push_pending_record+0x22/0x30
[ 66.916813] tls_sk_proto_close+0x69c/0xbb0
[ 66.921119] ? lock_acquire+0x1ed/0x520
[ 66.925080] ? tcp_check_oom+0x530/0x530
[ 66.929135] ? tls_write_space+0x390/0x390
[ 66.933456] ? arch_local_save_flags+0x40/0x40
[ 66.938029] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 66.943466] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 66.949087] ? ipv6_sock_ac_close+0x34f/0x470
[ 66.953566] ? ipv6_sock_mc_close+0x162/0x1d0
[ 66.958041] ? ip_mc_drop_socket+0x20b/0x270
[ 66.962431] ? down_write+0x8a/0x130
[ 66.966134] inet_release+0x104/0x1f0
[ 66.969919] inet6_release+0x50/0x70
[ 66.973615] __sock_release+0xd7/0x250
[ 66.977483] ? __sock_release+0x250/0x250
[ 66.981618] sock_close+0x19/0x20
[ 66.985058] __fput+0x385/0xa30
[ 66.988320] ? get_max_files+0x20/0x20
[ 66.992193] ? trace_hardirqs_on+0xbd/0x310
[ 66.996501] ? kasan_check_read+0x11/0x20
[ 67.000718] ? ___might_sleep+0x1ed/0x300
[ 67.004911] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 67.010372] ? arch_local_save_flags+0x40/0x40
[ 67.014945] ? kasan_check_write+0x14/0x20
[ 67.019162] ? do_raw_spin_lock+0xc1/0x200
[ 67.023449] ____fput+0x15/0x20
[ 67.026723] task_work_run+0x1e8/0x2a0
[ 67.030598] ? task_work_cancel+0x240/0x240
[ 67.034910] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 67.040434] ? switch_task_namespaces+0x9d/0xd0
[ 67.045092] do_exit+0x1ad7/0x2610
[ 67.048635] ? mm_update_next_owner+0x990/0x990
[ 67.053295] ? release_sock+0x1ec/0x2c0
[ 67.057260] ? __release_sock+0x3a0/0x3a0
[ 67.061414] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 67.066937] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 67.072458] ? tls_sw_sendmsg+0xcfd/0x1310
[ 67.076690] ? decrypt_skb_update+0x6a0/0x6a0
[ 67.081169] ? aa_sk_perm+0x218/0x8b0
[ 67.084957] ? aa_af_perm+0x5a0/0x5a0
[ 67.088741] ? usercopy_warn+0x110/0x110
[ 67.092786] ? inet_sendmsg+0x1a8/0x690
[ 67.096745] ? ipip_gro_receive+0x100/0x100
[ 67.101190] ? apparmor_socket_sendmsg+0x29/0x30
[ 67.105953] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 67.111616] ? security_socket_sendmsg+0x94/0xc0
[ 67.116378] ? ipip_gro_receive+0x100/0x100
[ 67.120691] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 67.126214] ? sock_sendmsg+0x5a/0x120
[ 67.130113] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 67.135746] ? __sys_sendto+0x475/0x670
[ 67.139711] ? __ia32_sys_getpeername+0xb0/0xb0
[ 67.144363] ? lock_downgrade+0x900/0x900
[ 67.148500] ? lock_release+0x970/0x970
[ 67.152461] ? check_preemption_disabled+0x48/0x200
[ 67.157465] ? fsnotify_first_mark+0x350/0x350
[ 67.162135] ? __fsnotify_parent+0xcc/0x420
[ 67.166444] ? fsnotify+0x12f0/0x12f0
[ 67.170234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 67.175772] ? __sb_end_write+0xd9/0x110
[ 67.179832] do_group_exit+0x177/0x440
[ 67.183706] ? trace_hardirqs_on+0xbd/0x310
[ 67.188009] ? __ia32_sys_exit+0x50/0x50
[ 67.192063] ? __bpf_trace_preemptirq_template+0x30/0x30
[ 67.197510] __x64_sys_exit_group+0x3e/0x50
[ 67.201826] do_syscall_64+0x1b9/0x820
[ 67.205815] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 67.211185] ? syscall_return_slowpath+0x5e0/0x5e0
[ 67.216212] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 67.221057] ? trace_hardirqs_on_caller+0x310/0x310
[ 67.226168] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 67.231186] ? prepare_exit_to_usermode+0x291/0x3b0
[ 67.236299] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 67.241143] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 67.246390] RIP: 0033:0x43f398
[ 67.249584] Code: Bad RIP value.
[ 67.252935] RSP: 002b:00007ffdf407a748 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 67.260744] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f398
[ 67.268070] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[ 67.275345] RBP: 00000000004bf108 R08: 00000000000000e7 R09: ffffffffffffffd0
[ 67.282622] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000001
[ 67.289918] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000
[ 67.298187] Kernel Offset: disabled
[ 67.301880] Rebooting in 86400 seconds..