[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 54.663085][ T26] audit: type=1800 audit(1573372453.835:25): pid=8664 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 54.683227][ T26] audit: type=1800 audit(1573372453.845:26): pid=8664 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 54.725413][ T26] audit: type=1800 audit(1573372453.845:27): pid=8664 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.135' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 62.697398][ T8819] FAULT_INJECTION: forcing a failure. [ 62.697398][ T8819] name failslab, interval 1, probability 0, space 0, times 1 [ 62.710374][ T8819] CPU: 1 PID: 8819 Comm: syz-executor452 Not tainted 5.4.0-rc6-next-20191108 #0 [ 62.719571][ T8819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.729631][ T8819] Call Trace: [ 62.732932][ T8819] dump_stack+0x197/0x210 [ 62.737291][ T8819] should_fail.cold+0xa/0x15 [ 62.741882][ T8819] ? fault_create_debugfs_attr+0x180/0x180 [ 62.747670][ T8819] ? ___might_sleep+0x163/0x2c0 [ 62.752503][ T8819] __should_failslab+0x121/0x190 [ 62.757418][ T8819] should_failslab+0x9/0x14 [ 62.761924][ T8819] __kmalloc+0x2e0/0x770 [ 62.766148][ T8819] ? __io_uring_register+0x128b/0x3120 [ 62.771584][ T8819] __io_uring_register+0x128b/0x3120 [ 62.776858][ T8819] ? rcu_read_lock_any_held+0xcd/0xf0 [ 62.782209][ T8819] ? io_uring_setup+0x1c60/0x1c60 [ 62.787213][ T8819] ? __sb_end_write+0x115/0x1a0 [ 62.792040][ T8819] ? vfs_write+0x160/0x5d0 [ 62.796466][ T8819] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 62.802719][ T8819] __x64_sys_io_uring_register+0x1a1/0x570 [ 62.808667][ T8819] ? lockdep_hardirqs_on+0x421/0x5e0 [ 62.813946][ T8819] do_syscall_64+0xfa/0x760 [ 62.818444][ T8819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.824328][ T8819] RIP: 0033:0x440609 [ 62.828217][ T8819] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.847798][ T8819] RSP: 002b:00007ffd5b976008 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 62.856188][ T8819] RAX: ffffffffffffffda RBX: 00007ffd5b976010 RCX: 0000000000440609 [ 62.864139][ T8819] RDX: 0000000020000080 RSI: 0000000000000002 RDI: 0000000000000003 [ 62.872088][ T8819] RBP: 0000000000000005 R08: 0000000000000001 R09: 00007ffd5b970032 [ 62.880052][ T8819] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000401ef0 [ 62.888018][ T8819] R13: 0000000000401f80 R14: 0000000000000000 R15: 0000000000000000 [ 62.987954][ T8819] ================================================================== [ 62.996124][ T8819] BUG: KASAN: double-free or invalid-free in io_sqe_files_unregister+0x20b/0x300 [ 63.005206][ T8819] [ 63.007522][ T8819] CPU: 1 PID: 8819 Comm: syz-executor452 Not tainted 5.4.0-rc6-next-20191108 #0 [ 63.016512][ T8819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.026547][ T8819] Call Trace: [ 63.029828][ T8819] dump_stack+0x197/0x210 [ 63.034142][ T8819] print_address_description.constprop.0.cold+0xd4/0x30b [ 63.041148][ T8819] ? io_sqe_files_unregister+0x20b/0x300 [ 63.046776][ T8819] kasan_report_invalid_free+0x65/0xa0 [ 63.052236][ T8819] ? io_sqe_files_unregister+0x20b/0x300 [ 63.057867][ T8819] __kasan_slab_free+0x13a/0x150 [ 63.062784][ T8819] ? io_sqe_files_unregister+0x20b/0x300 [ 63.068414][ T8819] kasan_slab_free+0xe/0x10 [ 63.072918][ T8819] kfree+0x10a/0x2c0 [ 63.076843][ T8819] io_sqe_files_unregister+0x20b/0x300 [ 63.082321][ T8819] ? __mmdrop+0x239/0x320 [ 63.086647][ T8819] io_ring_ctx_wait_and_kill+0x348/0x700 [ 63.092268][ T8819] io_uring_release+0x42/0x50 [ 63.096932][ T8819] __fput+0x2ff/0x890 [ 63.101065][ T8819] ? io_ring_ctx_wait_and_kill+0x700/0x700 [ 63.106887][ T8819] ____fput+0x16/0x20 [ 63.110864][ T8819] task_work_run+0x145/0x1c0 [ 63.115455][ T8819] do_exit+0x904/0x2e60 [ 63.119596][ T8819] ? io_uring_setup+0x1c60/0x1c60 [ 63.124607][ T8819] ? mm_update_next_owner+0x640/0x640 [ 63.129961][ T8819] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.135485][ T8819] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 63.140921][ T8819] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 63.146358][ T8819] do_group_exit+0x135/0x360 [ 63.150926][ T8819] __x64_sys_exit_group+0x44/0x50 [ 63.155927][ T8819] do_syscall_64+0xfa/0x760 [ 63.160425][ T8819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.166348][ T8819] RIP: 0033:0x43f2c8 [ 63.170237][ T8819] Code: 31 b8 c5 f7 ff ff 48 8b 5c 24 28 48 8b 6c 24 30 4c 8b 64 24 38 4c 8b 6c 24 40 4c 8b 74 24 48 4c 8b 7c 24 50 48 83 c4 58 c3 66 <0f> 1f 84 00 00 00 00 00 48 8d 35 59 ca 00 00 0f b6 d2 48 89 fb 48 [ 63.189829][ T8819] RSP: 002b:00007ffd5b976008 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 63.198222][ T8819] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f2c8 [ 63.206175][ T8819] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 63.214122][ T8819] RBP: 00000000004bf0a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 63.222073][ T8819] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 63.230023][ T8819] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 63.237982][ T8819] [ 63.240302][ T8819] Allocated by task 8819: [ 63.244616][ T8819] save_stack+0x23/0x90 [ 63.248768][ T8819] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 63.254451][ T8819] kasan_kmalloc+0x9/0x10 [ 63.258763][ T8819] __kmalloc+0x163/0x770 [ 63.262990][ T8819] __io_uring_register+0x11d4/0x3120 [ 63.268255][ T8819] __x64_sys_io_uring_register+0x1a1/0x570 [ 63.274038][ T8819] do_syscall_64+0xfa/0x760 [ 63.278539][ T8819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.284410][ T8819] [ 63.286712][ T8819] Freed by task 8819: [ 63.290672][ T8819] save_stack+0x23/0x90 [ 63.294818][ T8819] __kasan_slab_free+0x102/0x150 [ 63.299735][ T8819] kasan_slab_free+0xe/0x10 [ 63.304214][ T8819] kfree+0x10a/0x2c0 [ 63.308088][ T8819] __io_uring_register+0x13a7/0x3120 [ 63.313346][ T8819] __x64_sys_io_uring_register+0x1a1/0x570 [ 63.319135][ T8819] do_syscall_64+0xfa/0x760 [ 63.323625][ T8819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.329497][ T8819] [ 63.331805][ T8819] The buggy address belongs to the object at ffff8880a7619140 [ 63.331805][ T8819] which belongs to the cache kmalloc-32 of size 32 [ 63.345661][ T8819] The buggy address is located 0 bytes inside of [ 63.345661][ T8819] 32-byte region [ffff8880a7619140, ffff8880a7619160) [ 63.358660][ T8819] The buggy address belongs to the page: [ 63.364289][ T8819] page:ffffea00029d8640 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a7619fc1 [ 63.375641][ T8819] flags: 0x1fffc0000000200(slab) [ 63.380569][ T8819] raw: 01fffc0000000200 ffffea00025b2488 ffffea0002975c88 ffff8880aa4001c0 [ 63.389148][ T8819] raw: ffff8880a7619fc1 ffff8880a7619000 0000000100000024 0000000000000000 [ 63.397703][ T8819] page dumped because: kasan: bad access detected [ 63.404087][ T8819] [ 63.406414][ T8819] Memory state around the buggy address: [ 63.412032][ T8819] ffff8880a7619000: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 63.420085][ T8819] ffff8880a7619080: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 63.428234][ T8819] >ffff8880a7619100: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 63.436267][ T8819] ^ [ 63.442408][ T8819] ffff8880a7619180: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 63.450455][ T8819] ffff8880a7619200: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 63.458502][ T8819] ================================================================== [ 63.466570][ T8819] Disabling lock debugging due to kernel taint [ 63.472696][ T8819] Kernel panic - not syncing: panic_on_warn set ... [ 63.479259][ T8819] CPU: 1 PID: 8819 Comm: syz-executor452 Tainted: G B 5.4.0-rc6-next-20191108 #0 [ 63.490938][ T8819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.500969][ T8819] Call Trace: [ 63.504241][ T8819] dump_stack+0x197/0x210 [ 63.508548][ T8819] panic+0x2e3/0x75c [ 63.512415][ T8819] ? add_taint.cold+0x16/0x16 [ 63.517071][ T8819] ? io_sqe_files_unregister+0x20b/0x300 [ 63.522692][ T8819] ? trace_hardirqs_off+0x62/0x240 [ 63.527778][ T8819] ? trace_hardirqs_off+0x59/0x240 [ 63.532866][ T8819] ? io_sqe_files_unregister+0x20b/0x300 [ 63.538477][ T8819] end_report+0x47/0x4f [ 63.542613][ T8819] kasan_report_invalid_free+0x82/0xa0 [ 63.548052][ T8819] ? io_sqe_files_unregister+0x20b/0x300 [ 63.553662][ T8819] __kasan_slab_free+0x13a/0x150 [ 63.558575][ T8819] ? io_sqe_files_unregister+0x20b/0x300 [ 63.564181][ T8819] kasan_slab_free+0xe/0x10 [ 63.568684][ T8819] kfree+0x10a/0x2c0 [ 63.572555][ T8819] io_sqe_files_unregister+0x20b/0x300 [ 63.577993][ T8819] ? __mmdrop+0x239/0x320 [ 63.582298][ T8819] io_ring_ctx_wait_and_kill+0x348/0x700 [ 63.587905][ T8819] io_uring_release+0x42/0x50 [ 63.592572][ T8819] __fput+0x2ff/0x890 [ 63.596550][ T8819] ? io_ring_ctx_wait_and_kill+0x700/0x700 [ 63.602331][ T8819] ____fput+0x16/0x20 [ 63.606287][ T8819] task_work_run+0x145/0x1c0 [ 63.610854][ T8819] do_exit+0x904/0x2e60 [ 63.614984][ T8819] ? io_uring_setup+0x1c60/0x1c60 [ 63.619998][ T8819] ? mm_update_next_owner+0x640/0x640 [ 63.625345][ T8819] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.630901][ T8819] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 63.636366][ T8819] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 63.641800][ T8819] do_group_exit+0x135/0x360 [ 63.646365][ T8819] __x64_sys_exit_group+0x44/0x50 [ 63.651380][ T8819] do_syscall_64+0xfa/0x760 [ 63.655874][ T8819] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.661743][ T8819] RIP: 0033:0x43f2c8 [ 63.665623][ T8819] Code: 31 b8 c5 f7 ff ff 48 8b 5c 24 28 48 8b 6c 24 30 4c 8b 64 24 38 4c 8b 6c 24 40 4c 8b 74 24 48 4c 8b 7c 24 50 48 83 c4 58 c3 66 <0f> 1f 84 00 00 00 00 00 48 8d 35 59 ca 00 00 0f b6 d2 48 89 fb 48 [ 63.685214][ T8819] RSP: 002b:00007ffd5b976008 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 63.693799][ T8819] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f2c8 [ 63.701761][ T8819] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 63.709724][ T8819] RBP: 00000000004bf0a8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 63.717672][ T8819] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 63.725618][ T8819] R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000 [ 63.735184][ T8819] Kernel Offset: disabled [ 63.739514][ T8819] Rebooting in 86400 seconds..