[   39.536709][   T26] audit: type=1800 audit(1553460804.590:25): pid=7797 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   39.562933][   T26] audit: type=1800 audit(1553460804.600:26): pid=7797 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   39.583361][   T26] audit: type=1800 audit(1553460804.600:27): pid=7797 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   39.618463][   T26] audit: type=1800 audit(1553460804.670:28): pid=7797 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.193' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   52.415101][   T26] kauditd_printk_skb: 2 callbacks suppressed
[   52.415115][   T26] audit: type=1326 audit(1553460817.470:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7962 comm="syz-executor309" exe="/root/syz-executor309831912" sig=31 arch=c000003e syscall=202 compat=0 ip=0x446ac9 code=0x0
executing program
executing program
executing program
executing program
[   52.445655][   T26] audit: type=1326 audit(1553460817.470:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7952 comm="syz-executor309" exe="/root/syz-executor309831912" sig=31 arch=c000003e syscall=202 compat=0 ip=0x446ac9 code=0x0
[   52.477007][ T7961] ==================================================================
[   52.485114][ T7961] BUG: KASAN: use-after-free in __lock_acquire+0x2d5e/0x3fb0
[   52.492511][ T7961] Read of size 8 at addr ffff8880a9beb780 by task syz-executor309/7961
[   52.500728][ T7961] 
[   52.503054][ T7961] CPU: 1 PID: 7961 Comm: syz-executor309 Not tainted 5.1.0-rc1+ #35
[   52.519182][ T7961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.529235][ T7961] Call Trace:
[   52.532525][ T7961]  dump_stack+0x172/0x1f0
[   52.536875][ T7961]  ? __lock_acquire+0x2d5e/0x3fb0
[   52.541898][ T7961]  print_address_description.cold+0x7c/0x20d
[   52.547887][ T7961]  ? __lock_acquire+0x2d5e/0x3fb0
[   52.552907][ T7961]  ? __lock_acquire+0x2d5e/0x3fb0
[   52.557922][ T7961]  kasan_report.cold+0x1b/0x40
[   52.562781][ T7961]  ? __lock_acquire+0x2d5e/0x3fb0
[   52.567814][ T7961]  __asan_report_load8_noabort+0x14/0x20
[   52.573445][ T7961]  __lock_acquire+0x2d5e/0x3fb0
[   52.578288][ T7961]  ? futex_wait_setup+0x390/0x390
[   52.583300][ T7961]  ? find_held_lock+0x35/0x130
[   52.588060][ T7961]  ? mark_held_locks+0xf0/0xf0
[   52.592819][ T7961]  ? futex_wake+0x179/0x4d0
[   52.597320][ T7961]  lock_acquire+0x16f/0x3f0
[   52.601815][ T7961]  ? seccomp_notify_release+0x62/0x280
[   52.607273][ T7961]  ? seccomp_notify_release+0x62/0x280
[   52.612730][ T7961]  __mutex_lock+0xf7/0x1310
[   52.617226][ T7961]  ? seccomp_notify_release+0x62/0x280
[   52.622761][ T7961]  ? find_held_lock+0x35/0x130
[   52.627512][ T7961]  ? seccomp_notify_release+0x62/0x280
[   52.633078][ T7961]  ? mutex_trylock+0x1e0/0x1e0
[   52.637975][ T7961]  ? __lock_acquire+0x548/0x3fb0
[   52.642909][ T7961]  ? vfs_lock_file+0xf0/0xf0
[   52.647508][ T7961]  ? __lock_acquire+0x548/0x3fb0
[   52.652447][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.658738][ T7961]  ? fsnotify+0x811/0xbc0
[   52.663074][ T7961]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   52.669309][ T7961]  ? locks_remove_file+0x305/0x4a0
[   52.674416][ T7961]  ? get_nth_filter.part.0+0x1d0/0x1d0
[   52.679864][ T7961]  mutex_lock_nested+0x16/0x20
[   52.684625][ T7961]  ? mutex_lock_nested+0x16/0x20
[   52.689572][ T7961]  seccomp_notify_release+0x62/0x280
[   52.694874][ T7961]  ? ima_file_free+0xc9/0x4a0
[   52.699547][ T7961]  ? get_nth_filter.part.0+0x1d0/0x1d0
[   52.704994][ T7961]  __fput+0x2e5/0x8d0
[   52.708967][ T7961]  ____fput+0x16/0x20
[   52.712944][ T7961]  task_work_run+0x14a/0x1c0
[   52.717540][ T7961]  exit_to_usermode_loop+0x273/0x2c0
[   52.722823][ T7961]  do_syscall_64+0x52d/0x610
[   52.727408][ T7961]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.733295][ T7961] RIP: 0033:0x405941
[   52.737297][ T7961] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[   52.756896][ T7961] RSP: 002b:00007ffc07c90560 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   52.765393][ T7961] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000405941
[   52.773361][ T7961] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000003
[   52.781327][ T7961] RBP: 000000000000cce0 R08: 00007fea00bd9700 R09: 0000000000000000
[   52.789323][ T7961] R10: 00007ffc07c90570 R11: 0000000000000293 R12: 0000000000000002
[   52.797293][ T7961] R13: 00000000006dbc3c R14: 000000000000002d R15: 00000000006dbc30
[   52.805348][ T7961] 
[   52.807668][ T7961] Allocated by task 7968:
[   52.811996][ T7961]  save_stack+0x45/0xd0
[   52.816150][ T7961]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   52.821782][ T7961]  kasan_kmalloc+0x9/0x10
[   52.826104][ T7961]  kmem_cache_alloc_trace+0x151/0x760
[   52.831466][ T7961]  do_seccomp+0x743/0x2250
[   52.835894][ T7961]  __x64_sys_seccomp+0x73/0xb0
[   52.840661][ T7961]  do_syscall_64+0x103/0x610
[   52.845247][ T7961]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.851143][ T7961] 
[   52.853457][ T7961] Freed by task 7968:
[   52.857430][ T7961]  save_stack+0x45/0xd0
[   52.861842][ T7961]  __kasan_slab_free+0x102/0x150
[   52.866779][ T7961]  kasan_slab_free+0xe/0x10
[   52.871279][ T7961]  kfree+0xcf/0x230
[   52.875074][ T7961]  do_seccomp+0xb00/0x2250
[   52.879478][ T7961]  __x64_sys_seccomp+0x73/0xb0
[   52.884230][ T7961]  do_syscall_64+0x103/0x610
[   52.888815][ T7961]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.894688][ T7961] 
[   52.897008][ T7961] The buggy address belongs to the object at ffff8880a9beb700
[   52.897008][ T7961]  which belongs to the cache kmalloc-192 of size 192
[   52.911052][ T7961] The buggy address is located 128 bytes inside of
[   52.911052][ T7961]  192-byte region [ffff8880a9beb700, ffff8880a9beb7c0)
[   52.924310][ T7961] The buggy address belongs to the page:
[   52.929935][ T7961] page:ffffea0002a6fac0 count:1 mapcount:0 mapping:ffff88812c3f0040 index:0x0
[   52.938771][ T7961] flags: 0x1fffc0000000200(slab)
[   52.943713][ T7961] raw: 01fffc0000000200 ffffea0002a69688 ffffea0002a51748 ffff88812c3f0040
[   52.952292][ T7961] raw: 0000000000000000 ffff8880a9beb000 0000000100000010 0000000000000000
[   52.960862][ T7961] page dumped because: kasan: bad access detected
[   52.967263][ T7961] 
[   52.969580][ T7961] Memory state around the buggy address:
[   52.975200][ T7961]  ffff8880a9beb680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   52.983247][ T7961]  ffff8880a9beb700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   52.991304][ T7961] >ffff8880a9beb780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   52.999353][ T7961]                    ^
[   53.003407][ T7961]  ffff8880a9beb800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.011460][ T7961]  ffff8880a9beb880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   53.019523][ T7961] ==================================================================
[   53.027568][ T7961] Disabling lock debugging due to kernel taint
[   53.033708][ T7961] Kernel panic - not syncing: panic_on_warn set ...
[   53.040300][ T7961] CPU: 1 PID: 7961 Comm: syz-executor309 Tainted: G    B             5.1.0-rc1+ #35
[   53.049658][ T7961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.059701][ T7961] Call Trace:
[   53.062991][ T7961]  dump_stack+0x172/0x1f0
[   53.067316][ T7961]  panic+0x2cb/0x65c
[   53.071210][ T7961]  ? __warn_printk+0xf3/0xf3
[   53.075789][ T7961]  ? lock_downgrade+0x880/0x880
[   53.080635][ T7961]  ? __lock_acquire+0x2d5e/0x3fb0
[   53.085662][ T7961]  ? trace_hardirqs_off+0x62/0x220
[   53.090763][ T7961]  ? trace_hardirqs_off+0x59/0x220
[   53.095886][ T7961]  ? __lock_acquire+0x2d5e/0x3fb0
[   53.100898][ T7961]  end_report+0x47/0x4f
[   53.105060][ T7961]  ? __lock_acquire+0x2d5e/0x3fb0
[   53.110075][ T7961]  kasan_report.cold+0xe/0x40
[   53.114740][ T7961]  ? __lock_acquire+0x2d5e/0x3fb0
[   53.119760][ T7961]  __asan_report_load8_noabort+0x14/0x20
[   53.125385][ T7961]  __lock_acquire+0x2d5e/0x3fb0
[   53.130231][ T7961]  ? futex_wait_setup+0x390/0x390
[   53.135261][ T7961]  ? find_held_lock+0x35/0x130
[   53.140020][ T7961]  ? mark_held_locks+0xf0/0xf0
[   53.144783][ T7961]  ? futex_wake+0x179/0x4d0
[   53.149299][ T7961]  lock_acquire+0x16f/0x3f0
[   53.153790][ T7961]  ? seccomp_notify_release+0x62/0x280
[   53.159244][ T7961]  ? seccomp_notify_release+0x62/0x280
[   53.164697][ T7961]  __mutex_lock+0xf7/0x1310
[   53.169195][ T7961]  ? seccomp_notify_release+0x62/0x280
[   53.174649][ T7961]  ? find_held_lock+0x35/0x130
[   53.179407][ T7961]  ? seccomp_notify_release+0x62/0x280
[   53.184859][ T7961]  ? mutex_trylock+0x1e0/0x1e0
[   53.189617][ T7961]  ? __lock_acquire+0x548/0x3fb0
[   53.194580][ T7961]  ? vfs_lock_file+0xf0/0xf0
[   53.199162][ T7961]  ? __lock_acquire+0x548/0x3fb0
[   53.204086][ T7961]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   53.210316][ T7961]  ? fsnotify+0x811/0xbc0
[   53.214645][ T7961]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   53.220886][ T7961]  ? locks_remove_file+0x305/0x4a0
[   53.225994][ T7961]  ? get_nth_filter.part.0+0x1d0/0x1d0
[   53.231459][ T7961]  mutex_lock_nested+0x16/0x20
[   53.236223][ T7961]  ? mutex_lock_nested+0x16/0x20
[   53.241162][ T7961]  seccomp_notify_release+0x62/0x280
[   53.246447][ T7961]  ? ima_file_free+0xc9/0x4a0
[   53.251118][ T7961]  ? get_nth_filter.part.0+0x1d0/0x1d0
[   53.256571][ T7961]  __fput+0x2e5/0x8d0
[   53.260550][ T7961]  ____fput+0x16/0x20
[   53.264527][ T7961]  task_work_run+0x14a/0x1c0
[   53.269120][ T7961]  exit_to_usermode_loop+0x273/0x2c0
[   53.274403][ T7961]  do_syscall_64+0x52d/0x610
[   53.278991][ T7961]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   53.284877][ T7961] RIP: 0033:0x405941
[   53.288765][ T7961] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[   53.308369][ T7961] RSP: 002b:00007ffc07c90560 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   53.316787][ T7961] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000405941
[   53.324781][ T7961] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000003
[   53.332758][ T7961] RBP: 000000000000cce0 R08: 00007fea00bd9700 R09: 0000000000000000
[   53.340728][ T7961] R10: 00007ffc07c90570 R11: 0000000000000293 R12: 0000000000000002
[   53.348692][ T7961] R13: 00000000006dbc3c R14: 000000000000002d R15: 00000000006dbc30
[   53.357412][ T7961] Kernel Offset: disabled
[   53.361774][ T7961] Rebooting in 86400 seconds..