[ 58.943127][ T26] audit: type=1800 audit(1558411679.578:30): pid=8897 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 62.228636][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 62.228650][ T26] audit: type=1400 audit(1558411682.908:35): avc: denied { map } for pid=9075 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.80' (ECDSA) to the list of known hosts. [ 68.864832][ T26] audit: type=1400 audit(1558411689.548:36): avc: denied { map } for pid=9087 comm="syz-executor712" path="/root/syz-executor712634394" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 68.868019][ T9087] ================================================================== [ 68.900004][ T9087] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x3ba2/0x5490 executing program [ 68.907704][ T9087] Read of size 8 at addr ffff888216a97f40 by task syz-executor712/9087 [ 68.915919][ T9087] [ 68.918237][ T9087] CPU: 0 PID: 9087 Comm: syz-executor712 Not tainted 5.2.0-rc1+ #1 [ 68.926102][ T9087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.936138][ T9087] Call Trace: [ 68.939415][ T9087] dump_stack+0x172/0x1f0 [ 68.943851][ T9087] ? __lock_acquire+0x3ba2/0x5490 [ 68.948865][ T9087] print_address_description.cold+0x7c/0x20d [ 68.954830][ T9087] ? __lock_acquire+0x3ba2/0x5490 [ 68.959907][ T9087] ? __lock_acquire+0x3ba2/0x5490 [ 68.964918][ T9087] __kasan_report.cold+0x1b/0x40 [ 68.969917][ T9087] ? __lock_acquire+0x3ba2/0x5490 [ 68.974925][ T9087] kasan_report+0x12/0x20 [ 68.979238][ T9087] __asan_report_load8_noabort+0x14/0x20 [ 68.985029][ T9087] __lock_acquire+0x3ba2/0x5490 [ 68.989863][ T9087] ? sock_diag_rcv+0x2b/0x40 [ 68.994438][ T9087] ? netlink_unicast+0x531/0x710 [ 68.999353][ T9087] ? netlink_sendmsg+0x8ae/0xd70 [ 69.004270][ T9087] ? sock_sendmsg+0xd7/0x130 [ 69.008837][ T9087] ? ___sys_sendmsg+0x803/0x920 [ 69.013680][ T9087] ? __sys_sendmsg+0x105/0x1d0 [ 69.018424][ T9087] ? __x64_sys_sendmsg+0x78/0xb0 [ 69.023350][ T9087] ? do_syscall_64+0xfd/0x680 [ 69.028008][ T9087] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.034057][ T9087] ? mark_held_locks+0xf0/0xf0 [ 69.038843][ T9087] ? mark_held_locks+0xf0/0xf0 [ 69.043600][ T9087] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 69.049214][ T9087] ? find_held_lock+0x35/0x130 [ 69.053962][ T9087] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 69.059601][ T9087] lock_acquire+0x16f/0x3f0 [ 69.064092][ T9087] ? rhashtable_walk_enter+0xf9/0x390 [ 69.069445][ T9087] _raw_spin_lock+0x2f/0x40 [ 69.073939][ T9087] ? rhashtable_walk_enter+0xf9/0x390 [ 69.079295][ T9087] rhashtable_walk_enter+0xf9/0x390 [ 69.084479][ T9087] __tipc_dump_start+0x1fa/0x3c0 [ 69.089395][ T9087] tipc_dump_start+0x70/0x90 [ 69.093968][ T9087] __netlink_dump_start+0x4f8/0x7d0 [ 69.099148][ T9087] ? __tipc_dump_start+0x3c0/0x3c0 [ 69.104242][ T9087] tipc_sock_diag_handler_dump+0x1d9/0x270 [ 69.110164][ T9087] ? __tipc_diag_gen_cookie+0x90/0x90 [ 69.115519][ T9087] ? sock_diag_rcv+0x1c/0x40 [ 69.120123][ T9087] ? __tipc_dump_start+0x3c0/0x3c0 [ 69.125220][ T9087] ? tipc_unregister_sysctl+0x20/0x20 [ 69.130585][ T9087] ? tipc_ioctl+0x2e0/0x2e0 [ 69.135076][ T9087] sock_diag_rcv_msg+0x319/0x410 [ 69.139997][ T9087] netlink_rcv_skb+0x177/0x450 [ 69.144740][ T9087] ? sock_diag_bind+0x80/0x80 [ 69.149397][ T9087] ? netlink_ack+0xb50/0xb50 [ 69.153967][ T9087] ? kasan_check_read+0x11/0x20 [ 69.158801][ T9087] ? netlink_deliver_tap+0x254/0xbf0 [ 69.164069][ T9087] sock_diag_rcv+0x2b/0x40 [ 69.168534][ T9087] netlink_unicast+0x531/0x710 [ 69.173376][ T9087] ? netlink_attachskb+0x770/0x770 [ 69.178515][ T9087] ? _copy_from_iter_full+0x25d/0x8c0 [ 69.183897][ T9087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.190255][ T9087] netlink_sendmsg+0x8ae/0xd70 [ 69.195005][ T9087] ? netlink_unicast+0x710/0x710 [ 69.199926][ T9087] ? tomoyo_socket_sendmsg+0x26/0x30 [ 69.205197][ T9087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.211504][ T9087] ? security_socket_sendmsg+0x8d/0xc0 [ 69.216945][ T9087] ? netlink_unicast+0x710/0x710 [ 69.221863][ T9087] sock_sendmsg+0xd7/0x130 [ 69.226261][ T9087] ___sys_sendmsg+0x803/0x920 [ 69.230919][ T9087] ? copy_msghdr_from_user+0x430/0x430 [ 69.236361][ T9087] ? prep_transhuge_page+0xa0/0xa0 [ 69.241454][ T9087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.247677][ T9087] ? __handle_mm_fault+0x7cb/0x3eb0 [ 69.252859][ T9087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.259078][ T9087] ? __fget_light+0x1a9/0x230 [ 69.263735][ T9087] ? __fdget+0x1b/0x20 [ 69.267784][ T9087] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 69.274017][ T9087] __sys_sendmsg+0x105/0x1d0 [ 69.278599][ T9087] ? __ia32_sys_shutdown+0x80/0x80 [ 69.283695][ T9087] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 69.289135][ T9087] ? do_syscall_64+0x26/0x680 [ 69.293792][ T9087] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.299838][ T9087] ? do_syscall_64+0x26/0x680 [ 69.304499][ T9087] __x64_sys_sendmsg+0x78/0xb0 [ 69.309247][ T9087] do_syscall_64+0xfd/0x680 [ 69.313778][ T9087] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.319651][ T9087] RIP: 0033:0x440219 [ 69.323650][ T9087] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 69.343283][ T9087] RSP: 002b:00007ffe3729a808 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 69.351725][ T9087] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219 [ 69.359771][ T9087] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 69.367727][ T9087] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 69.375680][ T9087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0 [ 69.383661][ T9087] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000 [ 69.391616][ T9087] [ 69.393929][ T9087] Allocated by task 1: [ 69.397987][ T9087] save_stack+0x23/0x90 [ 69.402122][ T9087] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 69.407734][ T9087] kasan_slab_alloc+0xf/0x20 [ 69.412304][ T9087] kmem_cache_alloc+0x11a/0x6f0 [ 69.417232][ T9087] create_cache+0x3f/0x200 [ 69.421632][ T9087] kmem_cache_create_usercopy+0x1a5/0x260 [ 69.427417][ T9087] kmem_cache_create+0x11/0x20 [ 69.432230][ T9087] kcm_init+0x28/0x198 [ 69.436286][ T9087] do_one_initcall+0x107/0x7ba [ 69.441034][ T9087] kernel_init_freeable+0x4d4/0x5c3 [ 69.446216][ T9087] kernel_init+0x12/0x1c5 [ 69.450549][ T9087] ret_from_fork+0x24/0x30 [ 69.454982][ T9087] [ 69.457292][ T9087] Freed by task 0: [ 69.460985][ T9087] (stack is not available) [ 69.465373][ T9087] [ 69.467688][ T9087] The buggy address belongs to the object at ffff888216a97dc0 [ 69.467688][ T9087] which belongs to the cache kmem_cache of size 280 [ 69.481632][ T9087] The buggy address is located 104 bytes to the right of [ 69.481632][ T9087] 280-byte region [ffff888216a97dc0, ffff888216a97ed8) [ 69.495409][ T9087] The buggy address belongs to the page: [ 69.501056][ T9087] page:ffffea00085aa5c0 refcount:1 mapcount:0 mapping:ffffffff88c49420 index:0x0 [ 69.510188][ T9087] flags: 0x6fffc0000000200(slab) [ 69.515115][ T9087] raw: 06fffc0000000200 ffffea00085a1fc8 ffffea000859ac08 ffffffff88c49420 [ 69.523679][ T9087] raw: 0000000000000000 ffff888216a97040 000000010000000a 0000000000000000 [ 69.532238][ T9087] page dumped because: kasan: bad access detected [ 69.538638][ T9087] [ 69.541963][ T9087] Memory state around the buggy address: [ 69.547595][ T9087] ffff888216a97e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 69.555741][ T9087] ffff888216a97e80: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 69.563968][ T9087] >ffff888216a97f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.572018][ T9087] ^ [ 69.578153][ T9087] ffff888216a97f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 69.586215][ T9087] ffff888216a98000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 69.594252][ T9087] ================================================================== [ 69.602287][ T9087] Disabling lock debugging due to kernel taint [ 69.608420][ T9087] Kernel panic - not syncing: panic_on_warn set ... [ 69.614993][ T9087] CPU: 0 PID: 9087 Comm: syz-executor712 Tainted: G B 5.2.0-rc1+ #1 [ 69.624262][ T9087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.634298][ T9087] Call Trace: [ 69.637575][ T9087] dump_stack+0x172/0x1f0 [ 69.641891][ T9087] panic+0x2cb/0x744 [ 69.645779][ T9087] ? __warn_printk+0xf3/0xf3 [ 69.650358][ T9087] ? lock_downgrade+0x880/0x880 [ 69.655190][ T9087] ? __lock_acquire+0x3ba2/0x5490 [ 69.660198][ T9087] ? trace_hardirqs_off+0x62/0x220 [ 69.665291][ T9087] ? trace_hardirqs_off+0x59/0x220 [ 69.670424][ T9087] ? __lock_acquire+0x3ba2/0x5490 [ 69.675432][ T9087] end_report+0x47/0x4f [ 69.679574][ T9087] ? __lock_acquire+0x3ba2/0x5490 [ 69.684582][ T9087] __kasan_report.cold+0xe/0x40 [ 69.689477][ T9087] ? __lock_acquire+0x3ba2/0x5490 [ 69.694652][ T9087] kasan_report+0x12/0x20 [ 69.698969][ T9087] __asan_report_load8_noabort+0x14/0x20 [ 69.704582][ T9087] __lock_acquire+0x3ba2/0x5490 [ 69.709426][ T9087] ? sock_diag_rcv+0x2b/0x40 [ 69.714986][ T9087] ? netlink_unicast+0x531/0x710 [ 69.720044][ T9087] ? netlink_sendmsg+0x8ae/0xd70 [ 69.724968][ T9087] ? sock_sendmsg+0xd7/0x130 [ 69.729539][ T9087] ? ___sys_sendmsg+0x803/0x920 [ 69.734446][ T9087] ? __sys_sendmsg+0x105/0x1d0 [ 69.739191][ T9087] ? __x64_sys_sendmsg+0x78/0xb0 [ 69.744111][ T9087] ? do_syscall_64+0xfd/0x680 [ 69.748770][ T9087] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 69.754822][ T9087] ? mark_held_locks+0xf0/0xf0 [ 69.759567][ T9087] ? mark_held_locks+0xf0/0xf0 [ 69.764359][ T9087] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 69.769971][ T9087] ? find_held_lock+0x35/0x130 [ 69.774740][ T9087] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 69.780397][ T9087] lock_acquire+0x16f/0x3f0 [ 69.784884][ T9087] ? rhashtable_walk_enter+0xf9/0x390 [ 69.790235][ T9087] _raw_spin_lock+0x2f/0x40 [ 69.794724][ T9087] ? rhashtable_walk_enter+0xf9/0x390 [ 69.800119][ T9087] rhashtable_walk_enter+0xf9/0x390 [ 69.805303][ T9087] __tipc_dump_start+0x1fa/0x3c0 [ 69.810219][ T9087] tipc_dump_start+0x70/0x90 [ 69.814876][ T9087] __netlink_dump_start+0x4f8/0x7d0 [ 69.820055][ T9087] ? __tipc_dump_start+0x3c0/0x3c0 [ 69.825156][ T9087] tipc_sock_diag_handler_dump+0x1d9/0x270 [ 69.830946][ T9087] ? __tipc_diag_gen_cookie+0x90/0x90 [ 69.836296][ T9087] ? sock_diag_rcv+0x1c/0x40 [ 69.840866][ T9087] ? __tipc_dump_start+0x3c0/0x3c0 [ 69.845958][ T9087] ? tipc_unregister_sysctl+0x20/0x20 [ 69.851312][ T9087] ? tipc_ioctl+0x2e0/0x2e0 [ 69.855802][ T9087] sock_diag_rcv_msg+0x319/0x410 [ 69.860724][ T9087] netlink_rcv_skb+0x177/0x450 [ 69.865470][ T9087] ? sock_diag_bind+0x80/0x80 [ 69.870146][ T9087] ? netlink_ack+0xb50/0xb50 [ 69.874725][ T9087] ? kasan_check_read+0x11/0x20 [ 69.879559][ T9087] ? netlink_deliver_tap+0x254/0xbf0 [ 69.884920][ T9087] sock_diag_rcv+0x2b/0x40 [ 69.889418][ T9087] netlink_unicast+0x531/0x710 [ 69.894169][ T9087] ? netlink_attachskb+0x770/0x770 [ 69.899264][ T9087] ? _copy_from_iter_full+0x25d/0x8c0 [ 69.904617][ T9087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.910838][ T9087] netlink_sendmsg+0x8ae/0xd70 [ 69.915583][ T9087] ? netlink_unicast+0x710/0x710 [ 69.920644][ T9087] ? tomoyo_socket_sendmsg+0x26/0x30 [ 69.925956][ T9087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.932177][ T9087] ? security_socket_sendmsg+0x8d/0xc0 [ 69.937616][ T9087] ? netlink_unicast+0x710/0x710 [ 69.942537][ T9087] sock_sendmsg+0xd7/0x130 [ 69.946938][ T9087] ___sys_sendmsg+0x803/0x920 [ 69.951687][ T9087] ? copy_msghdr_from_user+0x430/0x430 [ 69.957171][ T9087] ? prep_transhuge_page+0xa0/0xa0 [ 69.962395][ T9087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.968622][ T9087] ? __handle_mm_fault+0x7cb/0x3eb0 [ 69.973805][ T9087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 69.980061][ T9087] ? __fget_light+0x1a9/0x230 [ 69.984747][ T9087] ? __fdget+0x1b/0x20 [ 69.988824][ T9087] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 69.995049][ T9087] __sys_sendmsg+0x105/0x1d0 [ 69.999687][ T9087] ? __ia32_sys_shutdown+0x80/0x80 [ 70.004826][ T9087] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 70.010266][ T9087] ? do_syscall_64+0x26/0x680 [ 70.014968][ T9087] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.021016][ T9087] ? do_syscall_64+0x26/0x680 [ 70.025702][ T9087] __x64_sys_sendmsg+0x78/0xb0 [ 70.030450][ T9087] do_syscall_64+0xfd/0x680 [ 70.034955][ T9087] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 70.040825][ T9087] RIP: 0033:0x440219 [ 70.044745][ T9087] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 70.064328][ T9087] RSP: 002b:00007ffe3729a808 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 70.072717][ T9087] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219 [ 70.080669][ T9087] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 70.088620][ T9087] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 70.096575][ T9087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401aa0 [ 70.104528][ T9087] R13: 0000000000401b30 R14: 0000000000000000 R15: 0000000000000000 [ 70.114127][ T9087] Kernel Offset: disabled [ 70.118486][ T9087] Rebooting in 86400 seconds..