[info] Using makefile-style concurrent boot in runlevel 2. [ 27.169564] audit: type=1800 audit(1543083633.042:21): pid=5866 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.959894] sshd (6005) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.10.55' (ECDSA) to the list of known hosts. executing program [ 39.672009] FAULT_INJECTION: forcing a failure. [ 39.672009] name failslab, interval 1, probability 0, space 0, times 1 [ 39.683691] CPU: 1 PID: 6021 Comm: syz-executor636 Not tainted 4.20.0-rc3+ #347 [ 39.691137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.700845] Call Trace: [ 39.703427] dump_stack+0x244/0x39d [ 39.707043] ? dump_stack_print_info.cold.1+0x20/0x20 [ 39.712229] should_fail.cold.4+0xa/0x17 [ 39.716283] ? find_held_lock+0x36/0x1c0 [ 39.720330] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 39.725462] ? depot_save_stack+0x292/0x470 [ 39.729912] ? lock_downgrade+0x900/0x900 [ 39.734051] ? zap_class+0x640/0x640 [ 39.737772] ? trace_hardirqs_off+0xb8/0x310 [ 39.742329] ? kasan_check_read+0x11/0x20 [ 39.746593] ? do_raw_spin_unlock+0xa7/0x330 [ 39.751104] ? find_held_lock+0x36/0x1c0 [ 39.755195] ? __lock_is_held+0xb5/0x140 [ 39.759242] ? save_stack+0x43/0xd0 [ 39.763007] ? perf_trace_sched_process_exec+0x860/0x860 [ 39.768525] ? print_usage_bug+0xc0/0xc0 [ 39.772591] ? __vfs_write+0x119/0x9f0 [ 39.776463] ? __x64_sys_write+0x73/0xb0 [ 39.780526] ? do_syscall_64+0x1b9/0x820 [ 39.784594] __should_failslab+0x124/0x180 [ 39.788935] should_failslab+0x9/0x14 [ 39.792733] kmem_cache_alloc_trace+0x2d7/0x750 [ 39.797427] snd_pcm_hw_param_near.constprop.34+0x164/0xb30 [ 39.803271] ? kfree+0x11e/0x230 [ 39.806749] ? _snd_pcm_hw_param_min+0x570/0x570 [ 39.811514] ? snd_pcm_oss_change_params_locked+0x2ca8/0x3c60 [ 39.817402] snd_pcm_oss_change_params_locked+0xc16/0x3c60 [ 39.823032] ? snd_pcm_hw_param_near.constprop.34+0xb30/0xb30 [ 39.828898] ? find_held_lock+0x36/0x1c0 [ 39.832944] ? lock_downgrade+0x900/0x900 [ 39.837073] ? check_preemption_disabled+0x48/0x280 [ 39.842077] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 39.847091] ? kasan_check_read+0x11/0x20 [ 39.851223] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 39.856483] ? rcu_softirq_qs+0x20/0x20 [ 39.860741] ? get_pid_task+0xd6/0x1a0 [ 39.864718] ? aa_path_link+0x5e0/0x5e0 [ 39.868691] ? kasan_check_read+0x11/0x20 [ 39.872825] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 39.878004] snd_pcm_oss_write+0x51e/0xa60 [ 39.882283] ? zap_class+0x640/0x640 [ 39.886007] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 39.890835] ? trace_hardirqs_off+0xb8/0x310 [ 39.895231] __vfs_write+0x119/0x9f0 [ 39.898924] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 39.903832] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 39.908664] ? kernel_read+0x120/0x120 [ 39.912570] ? apparmor_path_rmdir+0x30/0x30 [ 39.916968] ? apparmor_file_permission+0x24/0x30 [ 39.921924] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.927453] ? security_file_permission+0x1c2/0x220 [ 39.932468] ? rw_verify_area+0x118/0x360 [ 39.936602] vfs_write+0x1fc/0x560 [ 39.940126] ksys_write+0x101/0x260 [ 39.943883] ? __ia32_sys_read+0xb0/0xb0 [ 39.947934] ? trace_hardirqs_off_caller+0x310/0x310 [ 39.953029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 39.958575] __x64_sys_write+0x73/0xb0 [ 39.962450] do_syscall_64+0x1b9/0x820 [ 39.966436] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 39.971805] ? syscall_return_slowpath+0x5e0/0x5e0 [ 39.976833] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 39.981662] ? trace_hardirqs_on_caller+0x310/0x310 [ 39.986665] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 39.991672] ? prepare_exit_to_usermode+0x291/0x3b0 [ 39.996680] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.001744] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.006917] RIP: 0033:0x444119 [ 40.010091] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 40.028975] RSP: 002b:00007ffdf4510538 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 40.036771] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444119 [ 40.044139] RDX: 0000000056da83a0 RSI: 00000000200000c0 RDI: 0000000000000004 [ 40.051491] RBP: 00000000006cf018 R08: 0000000000000001 R09: 0000000000000037 [ 40.058808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 40.066323] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 [ 40.075048] ================================================================== [ 40.082488] BUG: KASAN: slab-out-of-bounds in default_write_copy_kernel+0xe1/0x140 [ 40.090310] Read of size 64 at addr ffff8881cee03c40 by task syz-executor636/6021 [ 40.097998] [ 40.099611] CPU: 1 PID: 6021 Comm: syz-executor636 Not tainted 4.20.0-rc3+ #347 [ 40.107042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.116475] Call Trace: [ 40.119042] dump_stack+0x244/0x39d [ 40.122653] ? dump_stack_print_info.cold.1+0x20/0x20 [ 40.127838] ? printk+0xa7/0xcf [ 40.131099] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 40.136247] print_address_description.cold.7+0x9/0x1ff [ 40.141657] kasan_report.cold.8+0x242/0x309 [ 40.146055] ? default_write_copy_kernel+0xe1/0x140 [ 40.151055] check_memory_region+0x13e/0x1b0 [ 40.155461] memcpy+0x23/0x50 [ 40.158556] default_write_copy_kernel+0xe1/0x140 [ 40.163387] ? __bpf_trace_applptr+0x40/0x40 [ 40.167779] interleaved_copy+0xd1/0x110 [ 40.171888] __snd_pcm_lib_xfer+0x115f/0x1f23 [ 40.176377] ? snd_pcm_hw_rule_noresample_func+0x120/0x120 [ 40.182000] ? __bpf_trace_applptr+0x40/0x40 [ 40.186400] ? pcm_lib_apply_appl_ptr+0x580/0x580 [ 40.191310] ? print_usage_bug+0xc0/0xc0 [ 40.195365] ? zap_class+0x640/0x640 [ 40.199078] ? zap_class+0x640/0x640 [ 40.202959] ? find_held_lock+0x36/0x1c0 [ 40.207007] ? zap_class+0x640/0x640 [ 40.210701] ? zap_class+0x640/0x640 [ 40.214409] ? memcpy+0x45/0x50 [ 40.217667] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 40.222678] ? linear_transfer+0x2bf/0xa30 [ 40.226959] snd_pcm_oss_write3+0xe9/0x220 [ 40.231327] io_playback_transfer+0x27d/0x310 [ 40.235830] ? perf_trace_sched_process_exec+0x860/0x860 [ 40.241370] snd_pcm_plug_write_transfer+0x374/0x490 [ 40.246566] ? snd_pcm_plug_client_channels_buf+0x450/0x450 [ 40.252255] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 40.257253] ? snd_pcm_plug_client_channels_buf+0x212/0x450 [ 40.263052] snd_pcm_oss_write2+0x25d/0x450 [ 40.267362] ? snd_pcm_oss_write3+0x220/0x220 [ 40.271845] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.277365] ? snd_pcm_oss_prepare+0x118/0x150 [ 40.282033] snd_pcm_oss_write+0x567/0xa60 [ 40.286251] ? zap_class+0x640/0x640 [ 40.290080] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 40.294906] ? trace_hardirqs_off+0xb8/0x310 [ 40.299396] __vfs_write+0x119/0x9f0 [ 40.303111] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 40.308026] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 40.312896] ? kernel_read+0x120/0x120 [ 40.316772] ? apparmor_path_rmdir+0x30/0x30 [ 40.321247] ? apparmor_file_permission+0x24/0x30 [ 40.326096] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.331636] ? security_file_permission+0x1c2/0x220 [ 40.336639] ? rw_verify_area+0x118/0x360 [ 40.340769] vfs_write+0x1fc/0x560 [ 40.344296] ksys_write+0x101/0x260 [ 40.347939] ? __ia32_sys_read+0xb0/0xb0 [ 40.351998] ? trace_hardirqs_off_caller+0x310/0x310 [ 40.357081] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.362745] __x64_sys_write+0x73/0xb0 [ 40.366643] do_syscall_64+0x1b9/0x820 [ 40.370543] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 40.376031] ? syscall_return_slowpath+0x5e0/0x5e0 [ 40.380983] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.385814] ? trace_hardirqs_on_caller+0x310/0x310 [ 40.390919] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 40.396076] ? prepare_exit_to_usermode+0x291/0x3b0 [ 40.401081] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 40.405911] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.411079] RIP: 0033:0x444119 [ 40.414255] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 40.433148] RSP: 002b:00007ffdf4510538 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 40.440928] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444119 [ 40.448364] RDX: 0000000056da83a0 RSI: 00000000200000c0 RDI: 0000000000000004 [ 40.455617] RBP: 00000000006cf018 R08: 0000000000000001 R09: 0000000000000037 [ 40.462867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 40.470331] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 [ 40.477984] [ 40.479591] Allocated by task 6021: [ 40.483314] save_stack+0x43/0xd0 [ 40.487144] kasan_kmalloc+0xc7/0xe0 [ 40.490855] __kmalloc_node+0x50/0x70 [ 40.494640] kvmalloc_node+0x65/0xf0 [ 40.498343] snd_pcm_plugin_alloc+0x577/0x770 [ 40.502833] snd_pcm_plug_alloc+0x218/0x340 [ 40.507153] snd_pcm_oss_change_params_locked+0x2209/0x3c60 [ 40.512846] snd_pcm_oss_make_ready_locked+0xbc/0x130 [ 40.518206] snd_pcm_oss_write+0x51e/0xa60 [ 40.522600] __vfs_write+0x119/0x9f0 [ 40.526300] vfs_write+0x1fc/0x560 [ 40.529824] ksys_write+0x101/0x260 [ 40.533451] __x64_sys_write+0x73/0xb0 [ 40.537354] do_syscall_64+0x1b9/0x820 [ 40.541220] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.546502] [ 40.548131] Freed by task 2446: [ 40.551413] save_stack+0x43/0xd0 [ 40.554845] __kasan_slab_free+0x102/0x150 [ 40.559058] kasan_slab_free+0xe/0x10 [ 40.563061] kfree+0xcf/0x230 [ 40.566156] blk_mq_hw_sysfs_release+0x42/0x60 [ 40.570720] kobject_put.cold.9+0x287/0x2e4 [ 40.575035] blk_mq_release+0xf2/0x210 [ 40.579014] __blk_release_queue+0x228/0x510 [ 40.583412] process_one_work+0xc90/0x1c40 [ 40.587632] worker_thread+0x17f/0x1390 [ 40.591597] kthread+0x35a/0x440 [ 40.594947] ret_from_fork+0x3a/0x50 [ 40.598696] [ 40.600328] The buggy address belongs to the object at ffff8881cee03c40 [ 40.600328] which belongs to the cache kmalloc-32 of size 32 [ 40.612924] The buggy address is located 0 bytes inside of [ 40.612924] 32-byte region [ffff8881cee03c40, ffff8881cee03c60) [ 40.624768] The buggy address belongs to the page: [ 40.629686] page:ffffea00073b80c0 count:1 mapcount:0 mapping:ffff8881da8001c0 index:0xffff8881cee03fc1 [ 40.639178] flags: 0x2fffc0000000200(slab) [ 40.643399] raw: 02fffc0000000200 ffffea0007433308 ffff8881da801248 ffff8881da8001c0 [ 40.651470] raw: ffff8881cee03fc1 ffff8881cee03000 000000010000003f 0000000000000000 [ 40.659432] page dumped because: kasan: bad access detected [ 40.665122] [ 40.666732] Memory state around the buggy address: [ 40.671646] ffff8881cee03b00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 40.678989] ffff8881cee03b80: fb fb fb fb fc fc fc fc 00 fc fc fc fc fc fc fc [ 40.686333] >ffff8881cee03c00: fb fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc [ 40.693820] ^ [ 40.700298] ffff8881cee03c80: 00 00 fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 40.707639] ffff8881cee03d00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 40.715185] ================================================================== [ 40.722689] Disabling lock debugging due to kernel taint [ 40.728401] Kernel panic - not syncing: panic_on_warn set ... [ 40.734296] CPU: 1 PID: 6021 Comm: syz-executor636 Tainted: G B 4.20.0-rc3+ #347 [ 40.743120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.752468] Call Trace: [ 40.755052] dump_stack+0x244/0x39d [ 40.758659] ? dump_stack_print_info.cold.1+0x20/0x20 [ 40.763838] panic+0x2ad/0x55c [ 40.767034] ? add_taint.cold.5+0x16/0x16 [ 40.771183] ? trace_hardirqs_on+0xb4/0x310 [ 40.775569] kasan_end_report+0x47/0x4f [ 40.779528] kasan_report.cold.8+0x76/0x309 [ 40.783834] ? default_write_copy_kernel+0xe1/0x140 [ 40.788902] check_memory_region+0x13e/0x1b0 [ 40.793309] memcpy+0x23/0x50 [ 40.796427] default_write_copy_kernel+0xe1/0x140 [ 40.801521] ? __bpf_trace_applptr+0x40/0x40 [ 40.806018] interleaved_copy+0xd1/0x110 [ 40.810077] __snd_pcm_lib_xfer+0x115f/0x1f23 [ 40.814563] ? snd_pcm_hw_rule_noresample_func+0x120/0x120 [ 40.820173] ? __bpf_trace_applptr+0x40/0x40 [ 40.824702] ? pcm_lib_apply_appl_ptr+0x580/0x580 [ 40.829531] ? print_usage_bug+0xc0/0xc0 [ 40.833711] ? zap_class+0x640/0x640 [ 40.837411] ? zap_class+0x640/0x640 [ 40.841107] ? find_held_lock+0x36/0x1c0 [ 40.845168] ? zap_class+0x640/0x640 [ 40.848864] ? zap_class+0x640/0x640 [ 40.852723] ? memcpy+0x45/0x50 [ 40.855986] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 40.860986] ? linear_transfer+0x2bf/0xa30 [ 40.865221] snd_pcm_oss_write3+0xe9/0x220 [ 40.869468] io_playback_transfer+0x27d/0x310 [ 40.874077] ? perf_trace_sched_process_exec+0x860/0x860 [ 40.879514] snd_pcm_plug_write_transfer+0x374/0x490 [ 40.884635] ? snd_pcm_plug_client_channels_buf+0x450/0x450 [ 40.890334] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 40.895343] ? snd_pcm_plug_client_channels_buf+0x212/0x450 [ 40.901047] snd_pcm_oss_write2+0x25d/0x450 [ 40.905361] ? snd_pcm_oss_write3+0x220/0x220 [ 40.909843] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.915370] ? snd_pcm_oss_prepare+0x118/0x150 [ 40.919950] snd_pcm_oss_write+0x567/0xa60 [ 40.924165] ? zap_class+0x640/0x640 [ 40.927859] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 40.932679] ? trace_hardirqs_off+0xb8/0x310 [ 40.937169] __vfs_write+0x119/0x9f0 [ 40.940865] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 40.945789] ? snd_pcm_oss_ioctl_compat+0x30/0x30 [ 40.950619] ? kernel_read+0x120/0x120 [ 40.954533] ? apparmor_path_rmdir+0x30/0x30 [ 40.958940] ? apparmor_file_permission+0x24/0x30 [ 40.963767] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 40.969429] ? security_file_permission+0x1c2/0x220 [ 40.974484] ? rw_verify_area+0x118/0x360 [ 40.978632] vfs_write+0x1fc/0x560 [ 40.982245] ksys_write+0x101/0x260 [ 40.985865] ? __ia32_sys_read+0xb0/0xb0 [ 40.989985] ? trace_hardirqs_off_caller+0x310/0x310 [ 40.995126] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.000666] __x64_sys_write+0x73/0xb0 [ 41.004554] do_syscall_64+0x1b9/0x820 [ 41.008525] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.013887] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.018797] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.023663] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.028716] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.033732] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.038728] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.043553] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.048897] RIP: 0033:0x444119 [ 41.052073] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 41.071011] RSP: 002b:00007ffdf4510538 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 41.078815] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444119 [ 41.086162] RDX: 0000000056da83a0 RSI: 00000000200000c0 RDI: 0000000000000004 [ 41.093420] RBP: 00000000006cf018 R08: 0000000000000001 R09: 0000000000000037 [ 41.101570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 41.108931] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 [ 41.117245] Kernel Offset: disabled [ 41.120872] Rebooting in 86400 seconds..