[ 41.334507][ T23] audit: type=1800 audit(1575224661.224:25): pid=7975 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 41.353664][ T23] audit: type=1800 audit(1575224661.224:26): pid=7975 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 41.410109][ T23] audit: type=1800 audit(1575224661.234:27): pid=7975 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 41.442744][ T23] audit: type=1800 audit(1575224661.234:28): pid=7975 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.216' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 49.993295][ T23] kauditd_printk_skb: 2 callbacks suppressed [ 49.993304][ T23] audit: type=1800 audit(1575224669.884:31): pid=8129 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor324" name="file0" dev="sda1" ino=16484 res=0 [ 50.020205][ T23] audit: type=1804 audit(1575224669.884:32): pid=8129 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor324" name="/root/file0" dev="sda1" ino=16484 res=1 [ 50.134637][ T23] audit: type=1804 audit(1575224670.024:33): pid=8129 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor324" name="/root/file0" dev="sda1" ino=16484 res=1 [ 50.143200][ T8130] ================================================================== [ 50.154593][ T23] audit: type=1804 audit(1575224670.034:34): pid=8130 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor324" name="/root/file0" dev="sda1" ino=16484 res=1 [ 50.161917][ T8130] BUG: KASAN: slab-out-of-bounds in iov_iter_alignment+0x6a1/0x7b0 [ 50.161926][ T8130] Read of size 4 at addr ffff8880a34b2f44 by task syz-executor324/8130 [ 50.161935][ T8130] [ 50.201205][ T8130] CPU: 0 PID: 8130 Comm: syz-executor324 Not tainted 5.4.0-syzkaller #0 [ 50.209519][ T8130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.219556][ T8130] Call Trace: [ 50.223391][ T8130] dump_stack+0x1fb/0x318 [ 50.228420][ T8130] print_address_description+0x75/0x5c0 [ 50.234427][ T8130] ? vprintk_func+0x158/0x170 [ 50.239158][ T8130] ? printk+0x62/0x8d [ 50.243181][ T8130] ? vprintk_emit+0x2d4/0x3a0 [ 50.247866][ T8130] __kasan_report+0x14b/0x1c0 [ 50.252539][ T8130] ? iov_iter_alignment+0x6a1/0x7b0 [ 50.257900][ T8130] kasan_report+0x26/0x50 [ 50.262361][ T8130] __asan_report_load4_noabort+0x14/0x20 [ 50.268257][ T8130] iov_iter_alignment+0x6a1/0x7b0 [ 50.273959][ T8130] iomap_dio_bio_actor+0x1a7/0x11e0 [ 50.279448][ T8130] ? ext4_set_iomap+0x529/0x760 [ 50.284857][ T8130] iomap_dio_actor+0x2b4/0x4a0 [ 50.289638][ T8130] ? rcu_read_lock_sched_held+0x10b/0x170 [ 50.295514][ T8130] iomap_apply+0x370/0x490 [ 50.299935][ T8130] iomap_dio_rw+0x8ad/0x1010 [ 50.304798][ T8130] ? iomap_dio_rw+0x1010/0x1010 [ 50.310235][ T8130] ext4_file_write_iter+0x15a4/0x1f50 [ 50.315745][ T8130] do_iter_readv_writev+0x651/0x8e0 [ 50.321092][ T8130] do_iter_write+0x180/0x590 [ 50.325843][ T8130] ? __kasan_check_read+0x11/0x20 [ 50.330892][ T8130] ? splice_from_pipe_next+0x43d/0x4d0 [ 50.336367][ T8130] vfs_iter_write+0x7c/0xa0 [ 50.341046][ T8130] iter_file_splice_write+0x703/0xe40 [ 50.346459][ T8130] ? splice_from_pipe+0x180/0x180 [ 50.351678][ T8130] direct_splice_actor+0xf7/0x130 [ 50.356727][ T8130] splice_direct_to_actor+0x4d2/0xb90 [ 50.362303][ T8130] ? do_splice_direct+0x330/0x330 [ 50.368037][ T8130] do_splice_direct+0x200/0x330 [ 50.374282][ T8130] ? security_file_permission+0xe0/0x350 [ 50.380067][ T8130] do_sendfile+0x7e4/0xfd0 [ 50.384965][ T8130] __x64_sys_sendfile64+0x176/0x1b0 [ 50.392313][ T8130] do_syscall_64+0xf7/0x1c0 [ 50.396838][ T8130] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.404366][ T8130] RIP: 0033:0x4467a9 [ 50.408680][ T8130] Code: e8 5c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 50.428511][ T8130] RSP: 002b:00007f2c47965da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 50.437323][ T8130] RAX: ffffffffffffffda RBX: 00000000006dbc58 RCX: 00000000004467a9 [ 50.446461][ T8130] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000006 [ 50.454578][ T8130] RBP: 00000000006dbc50 R08: 0000000000000000 R09: 0000000000000000 [ 50.463595][ T8130] R10: 0000000000010000 R11: 0000000000000246 R12: 00000000006dbc5c [ 50.473259][ T8130] R13: 0000000020000800 R14: 00000000004ae6c8 R15: 20c49ba5e353f7cf [ 50.481250][ T8130] [ 50.483718][ T8130] Allocated by task 8130: [ 50.488430][ T8130] __kasan_kmalloc+0x11c/0x1b0 [ 50.493473][ T8130] kasan_kmalloc+0x9/0x10 [ 50.497939][ T8130] __kmalloc+0x254/0x340 [ 50.502525][ T8130] kmalloc_array+0x32/0x60 [ 50.507073][ T8130] iter_file_splice_write+0x15f/0xe40 [ 50.512439][ T8130] direct_splice_actor+0xf7/0x130 [ 50.517572][ T8130] splice_direct_to_actor+0x4d2/0xb90 [ 50.523591][ T8130] do_splice_direct+0x200/0x330 [ 50.530187][ T8130] do_sendfile+0x7e4/0xfd0 [ 50.534904][ T8130] __x64_sys_sendfile64+0x176/0x1b0 [ 50.540375][ T8130] do_syscall_64+0xf7/0x1c0 [ 50.544882][ T8130] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.550890][ T8130] [ 50.553310][ T8130] Freed by task 4124: [ 50.557690][ T8130] __kasan_slab_free+0x12a/0x1e0 [ 50.562940][ T8130] kasan_slab_free+0xe/0x10 [ 50.567449][ T8130] kfree+0x115/0x200 [ 50.571802][ T8130] smack_d_instantiate+0x7bb/0xd70 [ 50.577015][ T8130] security_d_instantiate+0xa5/0x100 [ 50.582443][ T8130] d_instantiate+0x55/0x90 [ 50.587237][ T8130] shmem_mknod+0x178/0x1c0 [ 50.591951][ T8130] shmem_create+0x2b/0x40 [ 50.596500][ T8130] path_openat+0x2236/0x44a0 [ 50.601277][ T8130] do_filp_open+0x192/0x3d0 [ 50.605786][ T8130] do_sys_open+0x29f/0x560 [ 50.610777][ T8130] __x64_sys_open+0x87/0x90 [ 50.615287][ T8130] do_syscall_64+0xf7/0x1c0 [ 50.619964][ T8130] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 50.625935][ T8130] [ 50.628336][ T8130] The buggy address belongs to the object at ffff8880a34b2e00 [ 50.628336][ T8130] which belongs to the cache kmalloc-256 of size 256 [ 50.643345][ T8130] The buggy address is located 68 bytes to the right of [ 50.643345][ T8130] 256-byte region [ffff8880a34b2e00, ffff8880a34b2f00) [ 50.659197][ T8130] The buggy address belongs to the page: [ 50.665934][ T8130] page:ffffea00028d2c80 refcount:1 mapcount:0 mapping:ffff8880aa4008c0 index:0x0 [ 50.677148][ T8130] raw: 00fffe0000000200 ffffea00028d2dc8 ffffea0002897dc8 ffff8880aa4008c0 [ 50.686746][ T8130] raw: 0000000000000000 ffff8880a34b2000 0000000100000008 0000000000000000 [ 50.696113][ T8130] page dumped because: kasan: bad access detected [ 50.703674][ T8130] [ 50.707609][ T8130] Memory state around the buggy address: [ 50.713336][ T8130] ffff8880a34b2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.729519][ T8130] ffff8880a34b2e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.741833][ T8130] >ffff8880a34b2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.751102][ T8130] ^ [ 50.758247][ T8130] ffff8880a34b2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 50.766483][ T8130] ffff8880a34b3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 50.780257][ T8130] ================================================================== [ 50.791609][ T8130] Disabling lock debugging due to kernel taint [ 50.804081][ T8130] Kernel panic - not syncing: panic_on_warn set ... [ 50.815815][ T8130] CPU: 0 PID: 8130 Comm: syz-executor324 Tainted: G B 5.4.0-syzkaller #0 [ 50.828540][ T8130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 50.841797][ T8130] Call Trace: [ 50.845807][ T8130] dump_stack+0x1fb/0x318 [ 50.851926][ T8130] panic+0x264/0x7a9 [ 50.857477][ T8130] ? __kasan_report+0x195/0x1c0 [ 50.863245][ T8130] ? trace_hardirqs_on+0x34/0x80 [ 50.869235][ T8130] ? __kasan_report+0x195/0x1c0 [ 50.874973][ T8130] __kasan_report+0x1bb/0x1c0 [ 50.880458][ T8130] ? iov_iter_alignment+0x6a1/0x7b0 [ 50.890073][ T8130] kasan_report+0x26/0x50 [ 50.897509][ T8130] __asan_report_load4_noabort+0x14/0x20 [ 50.904128][ T8130] iov_iter_alignment+0x6a1/0x7b0 [ 50.910768][ T8130] iomap_dio_bio_actor+0x1a7/0x11e0 [ 50.916835][ T8130] ? ext4_set_iomap+0x529/0x760 [ 50.922332][ T8130] iomap_dio_actor+0x2b4/0x4a0 [ 50.927546][ T8130] ? rcu_read_lock_sched_held+0x10b/0x170 [ 50.935141][ T8130] iomap_apply+0x370/0x490 [ 50.942828][ T8130] iomap_dio_rw+0x8ad/0x1010 [ 50.949908][ T8130] ? iomap_dio_rw+0x1010/0x1010 [ 50.957635][ T8130] ext4_file_write_iter+0x15a4/0x1f50 [ 50.966398][ T8130] do_iter_readv_writev+0x651/0x8e0 [ 50.974077][ T8130] do_iter_write+0x180/0x590 [ 50.980337][ T8130] ? __kasan_check_read+0x11/0x20 [ 50.987578][ T8130] ? splice_from_pipe_next+0x43d/0x4d0 [ 50.994920][ T8130] vfs_iter_write+0x7c/0xa0 [ 51.002400][ T8130] iter_file_splice_write+0x703/0xe40 [ 51.009288][ T8130] ? splice_from_pipe+0x180/0x180 [ 51.015091][ T8130] direct_splice_actor+0xf7/0x130 [ 51.022431][ T8130] splice_direct_to_actor+0x4d2/0xb90 [ 51.031485][ T8130] ? do_splice_direct+0x330/0x330 [ 51.036857][ T8130] do_splice_direct+0x200/0x330 [ 51.042488][ T8130] ? security_file_permission+0xe0/0x350 [ 51.049277][ T8130] do_sendfile+0x7e4/0xfd0 [ 51.054368][ T8130] __x64_sys_sendfile64+0x176/0x1b0 [ 51.060481][ T8130] do_syscall_64+0xf7/0x1c0 [ 51.065969][ T8130] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.073758][ T8130] RIP: 0033:0x4467a9 [ 51.080907][ T8130] Code: e8 5c b3 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 51.104720][ T8130] RSP: 002b:00007f2c47965da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 51.114006][ T8130] RAX: ffffffffffffffda RBX: 00000000006dbc58 RCX: 00000000004467a9 [ 51.122147][ T8130] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000006 [ 51.131172][ T8130] RBP: 00000000006dbc50 R08: 0000000000000000 R09: 0000000000000000 [ 51.139985][ T8130] R10: 0000000000010000 R11: 0000000000000246 R12: 00000000006dbc5c [ 51.148458][ T8130] R13: 0000000020000800 R14: 00000000004ae6c8 R15: 20c49ba5e353f7cf [ 51.159136][ T8130] Kernel Offset: disabled [ 51.165328][ T8130] Rebooting in 86400 seconds..