[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 59.101034][ T26] audit: type=1800 audit(1558390871.386:25): pid=8533 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 59.143394][ T26] audit: type=1800 audit(1558390871.396:26): pid=8533 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 59.186672][ T26] audit: type=1800 audit(1558390871.396:27): pid=8533 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 85.830012][ T8686] ================================================================== [ 85.838268][ T8686] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x3ba2/0x5490 [ 85.846028][ T8686] Read of size 8 at addr ffff88809b3aa3c0 by task syz-executor306/8686 [ 85.854358][ T8686] [ 85.856677][ T8686] CPU: 1 PID: 8686 Comm: syz-executor306 Not tainted 5.2.0-rc1+ #1 [ 85.864547][ T8686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 85.874590][ T8686] Call Trace: [ 85.877938][ T8686] dump_stack+0x172/0x1f0 [ 85.882355][ T8686] ? __lock_acquire+0x3ba2/0x5490 [ 85.887376][ T8686] print_address_description.cold+0x7c/0x20d [ 85.893362][ T8686] ? __lock_acquire+0x3ba2/0x5490 [ 85.898380][ T8686] ? __lock_acquire+0x3ba2/0x5490 [ 85.903403][ T8686] __kasan_report.cold+0x1b/0x40 [ 85.908329][ T8686] ? __lock_acquire+0x3ba2/0x5490 [ 85.913343][ T8686] kasan_report+0x12/0x20 [ 85.917713][ T8686] __asan_report_load8_noabort+0x14/0x20 [ 85.923503][ T8686] __lock_acquire+0x3ba2/0x5490 [ 85.928346][ T8686] ? sock_diag_rcv+0x2b/0x40 [ 85.933224][ T8686] ? netlink_unicast+0x531/0x710 [ 85.938298][ T8686] ? netlink_sendmsg+0x8ae/0xd70 [ 85.943233][ T8686] ? sock_sendmsg+0xd7/0x130 [ 85.947941][ T8686] ? ___sys_sendmsg+0x803/0x920 [ 85.952772][ T8686] ? __sys_sendmsg+0x105/0x1d0 [ 85.957782][ T8686] ? __x64_sys_sendmsg+0x78/0xb0 [ 85.962715][ T8686] ? do_syscall_64+0xfd/0x680 [ 85.967502][ T8686] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 85.973625][ T8686] ? mark_held_locks+0xf0/0xf0 [ 85.978372][ T8686] ? mark_held_locks+0xf0/0xf0 [ 85.983132][ T8686] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 85.989132][ T8686] ? find_held_lock+0x35/0x130 [ 85.993979][ T8686] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 85.999610][ T8686] lock_acquire+0x16f/0x3f0 [ 86.004098][ T8686] ? rhashtable_walk_enter+0xf9/0x390 [ 86.009473][ T8686] _raw_spin_lock+0x2f/0x40 [ 86.013973][ T8686] ? rhashtable_walk_enter+0xf9/0x390 [ 86.019712][ T8686] rhashtable_walk_enter+0xf9/0x390 [ 86.024964][ T8686] __tipc_dump_start+0x1fa/0x3c0 [ 86.029888][ T8686] tipc_dump_start+0x70/0x90 [ 86.034695][ T8686] __netlink_dump_start+0x4f8/0x7d0 [ 86.039882][ T8686] ? __tipc_dump_start+0x3c0/0x3c0 [ 86.045089][ T8686] tipc_sock_diag_handler_dump+0x1d9/0x270 [ 86.050964][ T8686] ? __tipc_diag_gen_cookie+0x90/0x90 [ 86.056496][ T8686] ? sock_diag_rcv+0x1c/0x40 [ 86.061386][ T8686] ? __tipc_dump_start+0x3c0/0x3c0 [ 86.066891][ T8686] ? tipc_unregister_sysctl+0x20/0x20 [ 86.072255][ T8686] ? tipc_ioctl+0x2e0/0x2e0 [ 86.076752][ T8686] sock_diag_rcv_msg+0x319/0x410 [ 86.081678][ T8686] netlink_rcv_skb+0x177/0x450 [ 86.086433][ T8686] ? sock_diag_bind+0x80/0x80 [ 86.091240][ T8686] ? netlink_ack+0xb50/0xb50 [ 86.095840][ T8686] ? kasan_check_read+0x11/0x20 [ 86.100693][ T8686] ? netlink_deliver_tap+0x254/0xbf0 [ 86.106029][ T8686] sock_diag_rcv+0x2b/0x40 [ 86.110566][ T8686] netlink_unicast+0x531/0x710 [ 86.115475][ T8686] ? netlink_attachskb+0x770/0x770 [ 86.120705][ T8686] ? _copy_from_iter_full+0x25d/0x8c0 [ 86.126069][ T8686] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 86.131779][ T8686] ? __check_object_size+0x3d/0x42f [ 86.136973][ T8686] netlink_sendmsg+0x8ae/0xd70 [ 86.141884][ T8686] ? netlink_unicast+0x710/0x710 [ 86.147035][ T8686] ? tomoyo_socket_sendmsg+0x26/0x30 [ 86.152326][ T8686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.158562][ T8686] ? security_socket_sendmsg+0x8d/0xc0 [ 86.164020][ T8686] ? netlink_unicast+0x710/0x710 [ 86.169033][ T8686] sock_sendmsg+0xd7/0x130 [ 86.173457][ T8686] ___sys_sendmsg+0x803/0x920 [ 86.178113][ T8686] ? copy_msghdr_from_user+0x430/0x430 [ 86.183555][ T8686] ? prep_transhuge_page+0xa0/0xa0 [ 86.188674][ T8686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.195341][ T8686] ? __handle_mm_fault+0x7cb/0x3eb0 [ 86.200620][ T8686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.206864][ T8686] ? __fget_light+0x1a9/0x230 [ 86.211671][ T8686] ? __fdget+0x1b/0x20 [ 86.215739][ T8686] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 86.222079][ T8686] __sys_sendmsg+0x105/0x1d0 [ 86.226679][ T8686] ? __ia32_sys_shutdown+0x80/0x80 [ 86.231792][ T8686] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 86.237262][ T8686] ? do_syscall_64+0x26/0x680 [ 86.241942][ T8686] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.248140][ T8686] ? do_syscall_64+0x26/0x680 [ 86.252937][ T8686] __x64_sys_sendmsg+0x78/0xb0 [ 86.257699][ T8686] do_syscall_64+0xfd/0x680 [ 86.262251][ T8686] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.268249][ T8686] RIP: 0033:0x4401f9 [ 86.272185][ T8686] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 86.291787][ T8686] RSP: 002b:00007ffe7d3f3f58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 86.300248][ T8686] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401f9 [ 86.308223][ T8686] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 86.316182][ T8686] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 86.324144][ T8686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a80 [ 86.332116][ T8686] R13: 0000000000401b10 R14: 0000000000000000 R15: 0000000000000000 [ 86.340087][ T8686] [ 86.342413][ T8686] Allocated by task 7213: [ 86.346748][ T8686] save_stack+0x23/0x90 [ 86.350883][ T8686] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 86.356593][ T8686] kasan_kmalloc+0x9/0x10 [ 86.360916][ T8686] __kmalloc+0x15c/0x740 [ 86.365153][ T8686] security_prepare_creds+0x11d/0x190 [ 86.370736][ T8686] prepare_creds+0x2f5/0x3f0 [ 86.375370][ T8686] do_faccessat+0xa2/0x7f0 [ 86.379775][ T8686] __x64_sys_access+0x59/0x80 [ 86.384452][ T8686] do_syscall_64+0xfd/0x680 [ 86.389112][ T8686] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.395087][ T8686] [ 86.397403][ T8686] Freed by task 7229: [ 86.401695][ T8686] save_stack+0x23/0x90 [ 86.405854][ T8686] __kasan_slab_free+0x102/0x150 [ 86.410782][ T8686] kasan_slab_free+0xe/0x10 [ 86.415273][ T8686] kfree+0xcf/0x220 [ 86.419075][ T8686] security_cred_free+0xa9/0x110 [ 86.424188][ T8686] put_cred_rcu+0x129/0x4b0 [ 86.428724][ T8686] rcu_core+0xba5/0x1500 [ 86.432986][ T8686] __do_softirq+0x25c/0x94c [ 86.437466][ T8686] [ 86.439780][ T8686] The buggy address belongs to the object at ffff88809b3aa300 [ 86.439780][ T8686] which belongs to the cache kmalloc-192 of size 192 [ 86.453922][ T8686] The buggy address is located 0 bytes to the right of [ 86.453922][ T8686] 192-byte region [ffff88809b3aa300, ffff88809b3aa3c0) [ 86.467524][ T8686] The buggy address belongs to the page: [ 86.473211][ T8686] page:ffffea00026cea80 refcount:1 mapcount:0 mapping:ffff8880aa400040 index:0xffff88809b3aa800 [ 86.483622][ T8686] flags: 0x1fffc0000000200(slab) [ 86.488546][ T8686] raw: 01fffc0000000200 ffffea00027b92c8 ffffea00026d3288 ffff8880aa400040 [ 86.497128][ T8686] raw: ffff88809b3aa800 ffff88809b3aa000 0000000100000009 0000000000000000 [ 86.505688][ T8686] page dumped because: kasan: bad access detected [ 86.512138][ T8686] [ 86.514461][ T8686] Memory state around the buggy address: [ 86.520168][ T8686] ffff88809b3aa280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 86.528222][ T8686] ffff88809b3aa300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.536269][ T8686] >ffff88809b3aa380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 86.544306][ T8686] ^ [ 86.550439][ T8686] ffff88809b3aa400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.558601][ T8686] ffff88809b3aa480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 86.566832][ T8686] ================================================================== [ 86.574894][ T8686] Disabling lock debugging due to kernel taint [ 86.581179][ T8686] Kernel panic - not syncing: panic_on_warn set ... [ 86.587765][ T8686] CPU: 1 PID: 8686 Comm: syz-executor306 Tainted: G B 5.2.0-rc1+ #1 [ 86.597080][ T8686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 86.607205][ T8686] Call Trace: [ 86.610501][ T8686] dump_stack+0x172/0x1f0 [ 86.614841][ T8686] panic+0x2cb/0x744 [ 86.618848][ T8686] ? __warn_printk+0xf3/0xf3 [ 86.623449][ T8686] ? lock_downgrade+0x880/0x880 [ 86.628304][ T8686] ? __lock_acquire+0x3ba2/0x5490 [ 86.633316][ T8686] ? trace_hardirqs_off+0x62/0x220 [ 86.638527][ T8686] ? trace_hardirqs_off+0x59/0x220 [ 86.643621][ T8686] ? __lock_acquire+0x3ba2/0x5490 [ 86.648849][ T8686] end_report+0x47/0x4f [ 86.653108][ T8686] ? __lock_acquire+0x3ba2/0x5490 [ 86.658125][ T8686] __kasan_report.cold+0xe/0x40 [ 86.663096][ T8686] ? __lock_acquire+0x3ba2/0x5490 [ 86.668140][ T8686] kasan_report+0x12/0x20 [ 86.672458][ T8686] __asan_report_load8_noabort+0x14/0x20 [ 86.678184][ T8686] __lock_acquire+0x3ba2/0x5490 [ 86.683041][ T8686] ? sock_diag_rcv+0x2b/0x40 [ 86.687739][ T8686] ? netlink_unicast+0x531/0x710 [ 86.692673][ T8686] ? netlink_sendmsg+0x8ae/0xd70 [ 86.697783][ T8686] ? sock_sendmsg+0xd7/0x130 [ 86.702380][ T8686] ? ___sys_sendmsg+0x803/0x920 [ 86.707239][ T8686] ? __sys_sendmsg+0x105/0x1d0 [ 86.711988][ T8686] ? __x64_sys_sendmsg+0x78/0xb0 [ 86.717029][ T8686] ? do_syscall_64+0xfd/0x680 [ 86.721710][ T8686] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 86.728631][ T8686] ? mark_held_locks+0xf0/0xf0 [ 86.733417][ T8686] ? mark_held_locks+0xf0/0xf0 [ 86.738167][ T8686] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 86.743910][ T8686] ? find_held_lock+0x35/0x130 [ 86.748671][ T8686] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 86.754425][ T8686] lock_acquire+0x16f/0x3f0 [ 86.759052][ T8686] ? rhashtable_walk_enter+0xf9/0x390 [ 86.764427][ T8686] _raw_spin_lock+0x2f/0x40 [ 86.768918][ T8686] ? rhashtable_walk_enter+0xf9/0x390 [ 86.774449][ T8686] rhashtable_walk_enter+0xf9/0x390 [ 86.779661][ T8686] __tipc_dump_start+0x1fa/0x3c0 [ 86.784589][ T8686] tipc_dump_start+0x70/0x90 [ 86.789497][ T8686] __netlink_dump_start+0x4f8/0x7d0 [ 86.794817][ T8686] ? __tipc_dump_start+0x3c0/0x3c0 [ 86.800145][ T8686] tipc_sock_diag_handler_dump+0x1d9/0x270 [ 86.805956][ T8686] ? __tipc_diag_gen_cookie+0x90/0x90 [ 86.811328][ T8686] ? sock_diag_rcv+0x1c/0x40 [ 86.815930][ T8686] ? __tipc_dump_start+0x3c0/0x3c0 [ 86.821038][ T8686] ? tipc_unregister_sysctl+0x20/0x20 [ 86.826462][ T8686] ? tipc_ioctl+0x2e0/0x2e0 [ 86.831187][ T8686] sock_diag_rcv_msg+0x319/0x410 [ 86.836121][ T8686] netlink_rcv_skb+0x177/0x450 [ 86.840876][ T8686] ? sock_diag_bind+0x80/0x80 [ 86.845542][ T8686] ? netlink_ack+0xb50/0xb50 [ 86.850207][ T8686] ? kasan_check_read+0x11/0x20 [ 86.855422][ T8686] ? netlink_deliver_tap+0x254/0xbf0 [ 86.860872][ T8686] sock_diag_rcv+0x2b/0x40 [ 86.865275][ T8686] netlink_unicast+0x531/0x710 [ 86.870019][ T8686] ? netlink_attachskb+0x770/0x770 [ 86.875124][ T8686] ? _copy_from_iter_full+0x25d/0x8c0 [ 86.880604][ T8686] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 86.886315][ T8686] ? __check_object_size+0x3d/0x42f [ 86.891507][ T8686] netlink_sendmsg+0x8ae/0xd70 [ 86.896258][ T8686] ? netlink_unicast+0x710/0x710 [ 86.901297][ T8686] ? tomoyo_socket_sendmsg+0x26/0x30 [ 86.906752][ T8686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.913060][ T8686] ? security_socket_sendmsg+0x8d/0xc0 [ 86.918519][ T8686] ? netlink_unicast+0x710/0x710 [ 86.923544][ T8686] sock_sendmsg+0xd7/0x130 [ 86.927955][ T8686] ___sys_sendmsg+0x803/0x920 [ 86.932612][ T8686] ? copy_msghdr_from_user+0x430/0x430 [ 86.938064][ T8686] ? prep_transhuge_page+0xa0/0xa0 [ 86.943173][ T8686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.949414][ T8686] ? __handle_mm_fault+0x7cb/0x3eb0 [ 86.954600][ T8686] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 86.960826][ T8686] ? __fget_light+0x1a9/0x230 [ 86.965696][ T8686] ? __fdget+0x1b/0x20 [ 86.969763][ T8686] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 86.975998][ T8686] __sys_sendmsg+0x105/0x1d0 [ 86.980584][ T8686] ? __ia32_sys_shutdown+0x80/0x80 [ 86.985706][ T8686] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 86.991273][ T8686] ? do_syscall_64+0x26/0x680 [ 86.996862][ T8686] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.003025][ T8686] ? do_syscall_64+0x26/0x680 [ 87.007962][ T8686] __x64_sys_sendmsg+0x78/0xb0 [ 87.012720][ T8686] do_syscall_64+0xfd/0x680 [ 87.017208][ T8686] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 87.023225][ T8686] RIP: 0033:0x4401f9 [ 87.027227][ T8686] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 87.046824][ T8686] RSP: 002b:00007ffe7d3f3f58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 87.055311][ T8686] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401f9 [ 87.063274][ T8686] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 87.071376][ T8686] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8 [ 87.079331][ T8686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a80 [ 87.087293][ T8686] R13: 0000000000401b10 R14: 0000000000000000 R15: 0000000000000000 [ 87.096508][ T8686] Kernel Offset: disabled [ 87.100946][ T8686] Rebooting in 86400 seconds..