[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   68.895091][   T27] audit: type=1800 audit(1576629776.151:25): pid=8944 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   68.927882][   T27] audit: type=1800 audit(1576629776.151:26): pid=8944 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   68.962439][   T27] audit: type=1800 audit(1576629776.151:27): pid=8944 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.121' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   77.658753][ T9097] ==================================================================
[   77.666946][ T9097] BUG: KASAN: slab-out-of-bounds in watch_queue_ioctl+0x15ed/0x16e0
[   77.674905][ T9097] Write of size 4 at addr ffff8880a9b31ddc by task syz-executor545/9097
[   77.683202][ T9097] 
[   77.685514][ T9097] CPU: 1 PID: 9097 Comm: syz-executor545 Not tainted 5.5.0-rc2-next-20191217-syzkaller #0
[   77.695375][ T9097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   77.705409][ T9097] Call Trace:
[   77.708684][ T9097]  dump_stack+0x197/0x210
[   77.713033][ T9097]  ? watch_queue_ioctl+0x15ed/0x16e0
[   77.718347][ T9097]  print_address_description.constprop.0.cold+0xd4/0x30b
[   77.725345][ T9097]  ? watch_queue_ioctl+0x15ed/0x16e0
[   77.730608][ T9097]  ? watch_queue_ioctl+0x15ed/0x16e0
[   77.735879][ T9097]  __kasan_report.cold+0x1b/0x41
[   77.740814][ T9097]  ? _copy_from_user+0x51/0x1a0
[   77.745651][ T9097]  ? watch_queue_ioctl+0x15ed/0x16e0
[   77.750916][ T9097]  kasan_report+0x12/0x20
[   77.755224][ T9097]  __asan_report_store4_noabort+0x17/0x20
[   77.760923][ T9097]  watch_queue_ioctl+0x15ed/0x16e0
[   77.766049][ T9097]  ? watch_queue_map_pages+0x620/0x620
[   77.771602][ T9097]  ? trace_hardirqs_on+0x67/0x240
[   77.776626][ T9097]  ? watch_queue_map_pages+0x620/0x620
[   77.782070][ T9097]  do_vfs_ioctl+0x977/0x14e0
[   77.786641][ T9097]  ? compat_ioctl_preallocate+0x220/0x220
[   77.792338][ T9097]  ? chown_common+0x5c0/0x5c0
[   77.796996][ T9097]  ? __kasan_check_write+0x14/0x20
[   77.802089][ T9097]  ? up_read+0x1cd/0x810
[   77.806325][ T9097]  ? tomoyo_file_ioctl+0x23/0x30
[   77.811243][ T9097]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   77.817460][ T9097]  ? security_file_ioctl+0x8d/0xc0
[   77.822551][ T9097]  ksys_ioctl+0xab/0xd0
[   77.826687][ T9097]  __x64_sys_ioctl+0x73/0xb0
[   77.831259][ T9097]  do_syscall_64+0xfa/0x790
[   77.835744][ T9097]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   77.841621][ T9097] RIP: 0033:0x4401e9
[   77.845496][ T9097] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   77.865091][ T9097] RSP: 002b:00007ffe295d2878 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   77.873489][ T9097] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401e9
[   77.881464][ T9097] RDX: 0000000020000240 RSI: 0000000000005761 RDI: 0000000000000003
[   77.889426][ T9097] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   77.897375][ T9097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a70
[   77.905334][ T9097] R13: 0000000000401b00 R14: 0000000000000000 R15: 0000000000000000
[   77.913306][ T9097] 
[   77.915610][ T9097] Allocated by task 9097:
[   77.919921][ T9097]  save_stack+0x23/0x90
[   77.924073][ T9097]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   77.929731][ T9097]  kasan_kmalloc+0x9/0x10
[   77.934081][ T9097]  __kmalloc+0x163/0x770
[   77.938308][ T9097]  watch_queue_ioctl+0xf57/0x16e0
[   77.943317][ T9097]  do_vfs_ioctl+0x977/0x14e0
[   77.947932][ T9097]  ksys_ioctl+0xab/0xd0
[   77.952072][ T9097]  __x64_sys_ioctl+0x73/0xb0
[   77.956650][ T9097]  do_syscall_64+0xfa/0x790
[   77.961158][ T9097]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   77.967040][ T9097] 
[   77.969347][ T9097] Freed by task 8821:
[   77.973307][ T9097]  save_stack+0x23/0x90
[   77.977497][ T9097]  __kasan_slab_free+0x102/0x150
[   77.982429][ T9097]  kasan_slab_free+0xe/0x10
[   77.987069][ T9097]  kfree+0x10a/0x2c0
[   77.991017][ T9097]  single_release+0x95/0xc0
[   77.995723][ T9097]  __fput+0x2ff/0x890
[   77.999696][ T9097]  ____fput+0x16/0x20
[   78.003672][ T9097]  task_work_run+0x145/0x1c0
[   78.008274][ T9097]  exit_to_usermode_loop+0x316/0x380
[   78.013554][ T9097]  do_syscall_64+0x676/0x790
[   78.018157][ T9097]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   78.024034][ T9097] 
[   78.026341][ T9097] The buggy address belongs to the object at ffff8880a9b31dc0
[   78.026341][ T9097]  which belongs to the cache kmalloc-32 of size 32
[   78.040198][ T9097] The buggy address is located 28 bytes inside of
[   78.040198][ T9097]  32-byte region [ffff8880a9b31dc0, ffff8880a9b31de0)
[   78.053267][ T9097] The buggy address belongs to the page:
[   78.058878][ T9097] page:ffffea0002a6cc40 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a9b31fc1
[   78.069275][ T9097] raw: 00fffe0000000200 ffffea00029efd48 ffffea0002a6d4c8 ffff8880aa4001c0
[   78.077887][ T9097] raw: ffff8880a9b31fc1 ffff8880a9b31000 000000010000003b 0000000000000000
[   78.086475][ T9097] page dumped because: kasan: bad access detected
[   78.092922][ T9097] 
[   78.095232][ T9097] Memory state around the buggy address:
[   78.100879][ T9097]  ffff8880a9b31c80: 00 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   78.108956][ T9097]  ffff8880a9b31d00: 00 03 fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   78.116995][ T9097] >ffff8880a9b31d80: 00 fc fc fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   78.125033][ T9097]                                                     ^
[   78.131953][ T9097]  ffff8880a9b31e00: 00 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   78.139991][ T9097]  ffff8880a9b31e80: 00 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[   78.148025][ T9097] ==================================================================
[   78.156112][ T9097] Disabling lock debugging due to kernel taint
[   78.163024][ T9097] Kernel panic - not syncing: panic_on_warn set ...
[   78.169642][ T9097] CPU: 1 PID: 9097 Comm: syz-executor545 Tainted: G    B             5.5.0-rc2-next-20191217-syzkaller #0
[   78.180944][ T9097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   78.190984][ T9097] Call Trace:
[   78.194258][ T9097]  dump_stack+0x197/0x210
[   78.198584][ T9097]  panic+0x2e3/0x75c
[   78.202464][ T9097]  ? add_taint.cold+0x16/0x16
[   78.207900][ T9097]  ? watch_queue_ioctl+0x15ed/0x16e0
[   78.213172][ T9097]  ? preempt_schedule+0x4b/0x60
[   78.218012][ T9097]  ? ___preempt_schedule+0x16/0x18
[   78.223108][ T9097]  ? trace_hardirqs_on+0x5e/0x240
[   78.228120][ T9097]  ? watch_queue_ioctl+0x15ed/0x16e0
[   78.233459][ T9097]  end_report+0x47/0x4f
[   78.237601][ T9097]  ? watch_queue_ioctl+0x15ed/0x16e0
[   78.242929][ T9097]  __kasan_report.cold+0xe/0x41
[   78.247782][ T9097]  ? _copy_from_user+0x51/0x1a0
[   78.252622][ T9097]  ? watch_queue_ioctl+0x15ed/0x16e0
[   78.257926][ T9097]  kasan_report+0x12/0x20
[   78.262230][ T9097]  __asan_report_store4_noabort+0x17/0x20
[   78.267923][ T9097]  watch_queue_ioctl+0x15ed/0x16e0
[   78.273013][ T9097]  ? watch_queue_map_pages+0x620/0x620
[   78.278454][ T9097]  ? trace_hardirqs_on+0x67/0x240
[   78.283456][ T9097]  ? watch_queue_map_pages+0x620/0x620
[   78.288903][ T9097]  do_vfs_ioctl+0x977/0x14e0
[   78.293469][ T9097]  ? compat_ioctl_preallocate+0x220/0x220
[   78.299165][ T9097]  ? chown_common+0x5c0/0x5c0
[   78.303843][ T9097]  ? __kasan_check_write+0x14/0x20
[   78.308930][ T9097]  ? up_read+0x1cd/0x810
[   78.313153][ T9097]  ? tomoyo_file_ioctl+0x23/0x30
[   78.318067][ T9097]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   78.324286][ T9097]  ? security_file_ioctl+0x8d/0xc0
[   78.329382][ T9097]  ksys_ioctl+0xab/0xd0
[   78.333511][ T9097]  __x64_sys_ioctl+0x73/0xb0
[   78.338091][ T9097]  do_syscall_64+0xfa/0x790
[   78.342583][ T9097]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   78.348460][ T9097] RIP: 0033:0x4401e9
[   78.352334][ T9097] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   78.371911][ T9097] RSP: 002b:00007ffe295d2878 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   78.380299][ T9097] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401e9
[   78.388248][ T9097] RDX: 0000000020000240 RSI: 0000000000005761 RDI: 0000000000000003
[   78.396196][ T9097] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   78.404145][ T9097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a70
[   78.412093][ T9097] R13: 0000000000401b00 R14: 0000000000000000 R15: 0000000000000000
[   78.421422][ T9097] Kernel Offset: disabled
[   78.425771][ T9097] Rebooting in 86400 seconds..