[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[   59.749367][   T27] audit: type=1800 audit(1558483221.592:25): pid=8448 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   59.803827][   T27] audit: type=1800 audit(1558483221.592:26): pid=8448 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   59.845414][   T27] audit: type=1800 audit(1558483221.592:27): pid=8448 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.84' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   87.039320][ T8603] ==================================================================
[   87.047611][ T8603] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x3ba2/0x5490
[   87.055421][ T8603] Read of size 8 at addr ffff888216b720c0 by task syz-executor777/8603
[   87.063739][ T8603] 
[   87.066172][ T8603] CPU: 0 PID: 8603 Comm: syz-executor777 Not tainted 5.2.0-rc1+ #21
[   87.074255][ T8603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   87.084411][ T8603] Call Trace:
[   87.087798][ T8603]  dump_stack+0x172/0x1f0
[   87.092137][ T8603]  ? __lock_acquire+0x3ba2/0x5490
[   87.097269][ T8603]  print_address_description.cold+0x7c/0x20d
[   87.103246][ T8603]  ? __lock_acquire+0x3ba2/0x5490
[   87.108251][ T8603]  ? __lock_acquire+0x3ba2/0x5490
[   87.113362][ T8603]  __kasan_report.cold+0x1b/0x40
[   87.118320][ T8603]  ? __lock_acquire+0x3ba2/0x5490
[   87.123467][ T8603]  kasan_report+0x12/0x20
[   87.127808][ T8603]  __asan_report_load8_noabort+0x14/0x20
[   87.133900][ T8603]  __lock_acquire+0x3ba2/0x5490
[   87.138746][ T8603]  ? sock_diag_rcv+0x2b/0x40
[   87.143439][ T8603]  ? netlink_unicast+0x531/0x710
[   87.148368][ T8603]  ? netlink_sendmsg+0x8ae/0xd70
[   87.153293][ T8603]  ? sock_sendmsg+0xd7/0x130
[   87.157874][ T8603]  ? ___sys_sendmsg+0x803/0x920
[   87.162897][ T8603]  ? __sys_sendmsg+0x105/0x1d0
[   87.167649][ T8603]  ? __x64_sys_sendmsg+0x78/0xb0
[   87.172571][ T8603]  ? do_syscall_64+0xfd/0x680
[   87.177358][ T8603]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.183479][ T8603]  ? mark_held_locks+0xf0/0xf0
[   87.188249][ T8603]  ? mark_held_locks+0xf0/0xf0
[   87.193105][ T8603]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   87.198856][ T8603]  ? find_held_lock+0x35/0x130
[   87.203650][ T8603]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   87.209353][ T8603]  lock_acquire+0x16f/0x3f0
[   87.213873][ T8603]  ? rhashtable_walk_enter+0xf9/0x390
[   87.219245][ T8603]  _raw_spin_lock+0x2f/0x40
[   87.223730][ T8603]  ? rhashtable_walk_enter+0xf9/0x390
[   87.229823][ T8603]  rhashtable_walk_enter+0xf9/0x390
[   87.235031][ T8603]  __tipc_dump_start+0x1fa/0x3c0
[   87.240079][ T8603]  tipc_dump_start+0x70/0x90
[   87.244873][ T8603]  __netlink_dump_start+0x4f8/0x7d0
[   87.250339][ T8603]  ? __tipc_dump_start+0x3c0/0x3c0
[   87.255478][ T8603]  tipc_sock_diag_handler_dump+0x1d9/0x270
[   87.261298][ T8603]  ? __tipc_diag_gen_cookie+0x90/0x90
[   87.266929][ T8603]  ? sock_diag_rcv+0x1c/0x40
[   87.271513][ T8603]  ? __tipc_dump_start+0x3c0/0x3c0
[   87.276626][ T8603]  ? tipc_unregister_sysctl+0x20/0x20
[   87.282000][ T8603]  ? tipc_ioctl+0x2e0/0x2e0
[   87.286589][ T8603]  sock_diag_rcv_msg+0x319/0x410
[   87.297732][ T8603]  netlink_rcv_skb+0x177/0x450
[   87.303152][ T8603]  ? sock_diag_bind+0x80/0x80
[   87.307835][ T8603]  ? netlink_ack+0xb50/0xb50
[   87.312538][ T8603]  ? kasan_check_read+0x11/0x20
[   87.317402][ T8603]  ? netlink_deliver_tap+0x254/0xbf0
[   87.322680][ T8603]  sock_diag_rcv+0x2b/0x40
[   87.327104][ T8603]  netlink_unicast+0x531/0x710
[   87.331860][ T8603]  ? netlink_attachskb+0x770/0x770
[   87.336975][ T8603]  ? _copy_from_iter_full+0x25d/0x8c0
[   87.342363][ T8603]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   87.348093][ T8603]  ? __check_object_size+0x3d/0x42f
[   87.353282][ T8603]  netlink_sendmsg+0x8ae/0xd70
[   87.358144][ T8603]  ? netlink_unicast+0x710/0x710
[   87.363197][ T8603]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   87.368737][ T8603]  ? apparmor_socket_sendmsg+0x2a/0x30
[   87.374377][ T8603]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.380962][ T8603]  ? security_socket_sendmsg+0x8d/0xc0
[   87.386610][ T8603]  ? netlink_unicast+0x710/0x710
[   87.391824][ T8603]  sock_sendmsg+0xd7/0x130
[   87.396417][ T8603]  ___sys_sendmsg+0x803/0x920
[   87.402744][ T8603]  ? copy_msghdr_from_user+0x430/0x430
[   87.408416][ T8603]  ? prep_transhuge_page+0xa0/0xa0
[   87.413653][ T8603]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.419951][ T8603]  ? __handle_mm_fault+0x7cb/0x3eb0
[   87.425194][ T8603]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   87.432187][ T8603]  ? __fget_light+0x1a9/0x230
[   87.437060][ T8603]  ? __fdget+0x1b/0x20
[   87.441151][ T8603]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   87.447501][ T8603]  __sys_sendmsg+0x105/0x1d0
[   87.452189][ T8603]  ? __ia32_sys_shutdown+0x80/0x80
[   87.457319][ T8603]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   87.462886][ T8603]  ? do_syscall_64+0x26/0x680
[   87.467693][ T8603]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.474027][ T8603]  ? do_syscall_64+0x26/0x680
[   87.478719][ T8603]  __x64_sys_sendmsg+0x78/0xb0
[   87.483479][ T8603]  do_syscall_64+0xfd/0x680
[   87.488340][ T8603]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   87.494239][ T8603] RIP: 0033:0x4401f9
[   87.498262][ T8603] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   87.518168][ T8603] RSP: 002b:00007ffdb9395838 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   87.526594][ T8603] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401f9
[   87.535078][ T8603] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[   87.543054][ T8603] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   87.551022][ T8603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a80
[   87.559094][ T8603] R13: 0000000000401b10 R14: 0000000000000000 R15: 0000000000000000
[   87.567162][ T8603] 
[   87.569695][ T8603] Allocated by task 1:
[   87.573767][ T8603]  save_stack+0x23/0x90
[   87.578010][ T8603]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   87.583647][ T8603]  kasan_kmalloc+0x9/0x10
[   87.587962][ T8603]  kmem_cache_alloc_trace+0x151/0x750
[   87.593389][ T8603]  call_usermodehelper_setup+0x9b/0x320
[   87.599069][ T8603]  kobject_uevent_env+0xf88/0x101d
[   87.604292][ T8603]  kobject_uevent+0x20/0x26
[   87.608808][ T8603]  net_rx_queue_update_kobjects+0x132/0x470
[   87.614692][ T8603]  netdev_register_kobject+0x278/0x3b0
[   87.620306][ T8603]  register_netdevice+0x875/0xff0
[   87.625471][ T8603]  __ip_tunnel_create+0x36b/0x530
[   87.630507][ T8603]  ip_tunnel_init_net+0x375/0x9e0
[   87.635643][ T8603]  erspan_init_net+0x2a/0x30
[   87.640416][ T8603]  ops_init+0xb3/0x410
[   87.644476][ T8603]  register_pernet_operations+0x382/0x7f0
[   87.650204][ T8603]  register_pernet_device+0x2a/0x80
[   87.655978][ T8603]  ipgre_init+0x6f/0x1a4
[   87.660213][ T8603]  do_one_initcall+0x107/0x7ba
[   87.664966][ T8603]  kernel_init_freeable+0x4d4/0x5c3
[   87.670262][ T8603]  kernel_init+0x12/0x1c5
[   87.674584][ T8603]  ret_from_fork+0x24/0x30
[   87.678984][ T8603] 
[   87.681301][ T8603] Freed by task 3557:
[   87.685285][ T8603]  save_stack+0x23/0x90
[   87.689552][ T8603]  __kasan_slab_free+0x102/0x150
[   87.694595][ T8603]  kasan_slab_free+0xe/0x10
[   87.699218][ T8603]  kfree+0xcf/0x220
[   87.703029][ T8603]  umh_complete+0x8d/0xa0
[   87.707337][ T8603]  call_usermodehelper_exec_async+0x47a/0x740
[   87.713406][ T8603]  ret_from_fork+0x24/0x30
[   87.717898][ T8603] 
[   87.720211][ T8603] The buggy address belongs to the object at ffff888216b72000
[   87.720211][ T8603]  which belongs to the cache kmalloc-192 of size 192
[   87.734708][ T8603] The buggy address is located 0 bytes to the right of
[   87.734708][ T8603]  192-byte region [ffff888216b72000, ffff888216b720c0)
[   87.748536][ T8603] The buggy address belongs to the page:
[   87.754519][ T8603] page:ffffea00085adc80 refcount:1 mapcount:0 mapping:ffff8880aa400040 index:0xffff888216b72000
[   87.765104][ T8603] flags: 0x6fffc0000000200(slab)
[   87.770034][ T8603] raw: 06fffc0000000200 ffffea0008596bc8 ffffea00085ad848 ffff8880aa400040
[   87.778824][ T8603] raw: ffff888216b72000 ffff888216b72000 000000010000000c 0000000000000000
[   87.787680][ T8603] page dumped because: kasan: bad access detected
[   87.794226][ T8603] 
[   87.796546][ T8603] Memory state around the buggy address:
[   87.803362][ T8603]  ffff888216b71f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   87.814272][ T8603]  ffff888216b72000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.822454][ T8603] >ffff888216b72080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   87.831496][ T8603]                                            ^
[   87.838257][ T8603]  ffff888216b72100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.846635][ T8603]  ffff888216b72180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   87.858809][ T8603] ==================================================================
[   87.868162][ T8603] Disabling lock debugging due to kernel taint
[   87.876302][ T8603] Kernel panic - not syncing: panic_on_warn set ...
[   87.883294][ T8603] CPU: 0 PID: 8603 Comm: syz-executor777 Tainted: G    B             5.2.0-rc1+ #21
[   87.893803][ T8603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   87.908132][ T8603] Call Trace:
[   87.912394][ T8603]  dump_stack+0x172/0x1f0
[   87.919886][ T8603]  panic+0x2cb/0x744
[   87.924511][ T8603]  ? __warn_printk+0xf3/0xf3
[   87.931991][ T8603]  ? lock_downgrade+0x880/0x880
[   87.937193][ T8603]  ? __lock_acquire+0x3ba2/0x5490
[   87.945124][ T8603]  ? trace_hardirqs_off+0x62/0x220
[   87.953309][ T8603]  ? trace_hardirqs_off+0x59/0x220
[   87.960295][ T8603]  ? __lock_acquire+0x3ba2/0x5490
[   87.967134][ T8603]  end_report+0x47/0x4f
[   87.972505][ T8603]  ? __lock_acquire+0x3ba2/0x5490
[   87.977674][ T8603]  __kasan_report.cold+0xe/0x40
[   87.982903][ T8603]  ? __lock_acquire+0x3ba2/0x5490
[   87.988360][ T8603]  kasan_report+0x12/0x20
[   87.992892][ T8603]  __asan_report_load8_noabort+0x14/0x20
[   87.999475][ T8603]  __lock_acquire+0x3ba2/0x5490
[   88.005613][ T8603]  ? sock_diag_rcv+0x2b/0x40
[   88.010730][ T8603]  ? netlink_unicast+0x531/0x710
[   88.016106][ T8603]  ? netlink_sendmsg+0x8ae/0xd70
[   88.021050][ T8603]  ? sock_sendmsg+0xd7/0x130
[   88.027200][ T8603]  ? ___sys_sendmsg+0x803/0x920
[   88.040147][ T8603]  ? __sys_sendmsg+0x105/0x1d0
[   88.055811][ T8603]  ? __x64_sys_sendmsg+0x78/0xb0
[   88.061770][ T8603]  ? do_syscall_64+0xfd/0x680
[   88.067005][ T8603]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   88.075108][ T8603]  ? mark_held_locks+0xf0/0xf0
[   88.084701][ T8603]  ? mark_held_locks+0xf0/0xf0
[   88.090246][ T8603]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   88.102116][ T8603]  ? find_held_lock+0x35/0x130
[   88.108300][ T8603]  ? fs_reclaim_acquire.part.0+0x30/0x30
[   88.114984][ T8603]  lock_acquire+0x16f/0x3f0
[   88.119820][ T8603]  ? rhashtable_walk_enter+0xf9/0x390
[   88.128682][ T8603]  _raw_spin_lock+0x2f/0x40
[   88.133921][ T8603]  ? rhashtable_walk_enter+0xf9/0x390
[   88.141174][ T8603]  rhashtable_walk_enter+0xf9/0x390
[   88.147636][ T8603]  __tipc_dump_start+0x1fa/0x3c0
[   88.154862][ T8603]  tipc_dump_start+0x70/0x90
[   88.161935][ T8603]  __netlink_dump_start+0x4f8/0x7d0
[   88.169115][ T8603]  ? __tipc_dump_start+0x3c0/0x3c0
[   88.174802][ T8603]  tipc_sock_diag_handler_dump+0x1d9/0x270
[   88.180640][ T8603]  ? __tipc_diag_gen_cookie+0x90/0x90
[   88.188737][ T8603]  ? sock_diag_rcv+0x1c/0x40
[   88.194230][ T8603]  ? __tipc_dump_start+0x3c0/0x3c0
[   88.200842][ T8603]  ? tipc_unregister_sysctl+0x20/0x20
[   88.207534][ T8603]  ? tipc_ioctl+0x2e0/0x2e0
[   88.214379][ T8603]  sock_diag_rcv_msg+0x319/0x410
[   88.222319][ T8603]  netlink_rcv_skb+0x177/0x450
[   88.228861][ T8603]  ? sock_diag_bind+0x80/0x80
[   88.234069][ T8603]  ? netlink_ack+0xb50/0xb50
[   88.240515][ T8603]  ? kasan_check_read+0x11/0x20
[   88.246885][ T8603]  ? netlink_deliver_tap+0x254/0xbf0
[   88.252441][ T8603]  sock_diag_rcv+0x2b/0x40
[   88.257286][ T8603]  netlink_unicast+0x531/0x710
[   88.262256][ T8603]  ? netlink_attachskb+0x770/0x770
[   88.267604][ T8603]  ? _copy_from_iter_full+0x25d/0x8c0
[   88.273755][ T8603]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   88.282522][ T8603]  ? __check_object_size+0x3d/0x42f
[   88.288116][ T8603]  netlink_sendmsg+0x8ae/0xd70
[   88.294465][ T8603]  ? netlink_unicast+0x710/0x710
[   88.302559][ T8603]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   88.314241][ T8603]  ? apparmor_socket_sendmsg+0x2a/0x30
[   88.330553][ T8603]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.340776][ T8603]  ? security_socket_sendmsg+0x8d/0xc0
[   88.346824][ T8603]  ? netlink_unicast+0x710/0x710
[   88.351978][ T8603]  sock_sendmsg+0xd7/0x130
[   88.356477][ T8603]  ___sys_sendmsg+0x803/0x920
[   88.363311][ T8603]  ? copy_msghdr_from_user+0x430/0x430
[   88.371359][ T8603]  ? prep_transhuge_page+0xa0/0xa0
[   88.377340][ T8603]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.384729][ T8603]  ? __handle_mm_fault+0x7cb/0x3eb0
[   88.390253][ T8603]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   88.397613][ T8603]  ? __fget_light+0x1a9/0x230
[   88.403014][ T8603]  ? __fdget+0x1b/0x20
[   88.407718][ T8603]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   88.414466][ T8603]  __sys_sendmsg+0x105/0x1d0
[   88.422956][ T8603]  ? __ia32_sys_shutdown+0x80/0x80
[   88.430057][ T8603]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   88.437222][ T8603]  ? do_syscall_64+0x26/0x680
[   88.443757][ T8603]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   88.458992][ T8603]  ? do_syscall_64+0x26/0x680
[   88.475915][ T8603]  __x64_sys_sendmsg+0x78/0xb0
[   88.494337][ T8603]  do_syscall_64+0xfd/0x680
[   88.509257][ T8603]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   88.516107][ T8603] RIP: 0033:0x4401f9
[   88.525121][ T8603] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   88.561586][ T8603] RSP: 002b:00007ffdb9395838 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   88.574025][ T8603] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401f9
[   88.591326][ T8603] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[   88.605042][ T8603] RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
[   88.614244][ T8603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a80
[   88.622595][ T8603] R13: 0000000000401b10 R14: 0000000000000000 R15: 0000000000000000
[   88.631947][ T8603] Kernel Offset: disabled
[   88.636304][ T8603] Rebooting in 86400 seconds..