[ 37.766283][ T26] audit: type=1800 audit(1553460957.641:27): pid=7658 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 37.799124][ T26] audit: type=1800 audit(1553460957.651:28): pid=7658 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.582043][ T26] audit: type=1800 audit(1553460958.511:29): pid=7658 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 38.602945][ T26] audit: type=1800 audit(1553460958.521:30): pid=7658 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.27' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 49.037122][ T26] audit: type=1326 audit(1553460968.971:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7812 comm="syz-executor801" exe="/root/syz-executor801940221" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4467a9 code=0x0 [ 49.064882][ T26] audit: type=1326 audit(1553460968.991:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7824 comm="syz-executor801" exe="/root/syz-executor801940221" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4467a9 code=0x0 executing program executing program executing program executing program executing program [ 49.088904][ T26] audit: type=1326 audit(1553460968.991:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7819 comm="syz-executor801" exe="/root/syz-executor801940221" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4467a9 code=0x0 [ 49.116133][ T26] audit: type=1326 audit(1553460968.991:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7818 comm="syz-executor801" exe="/root/syz-executor801940221" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4467a9 code=0x0 executing program [ 49.143638][ T26] audit: type=1326 audit(1553460969.021:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7812 comm="syz-executor801" exe="/root/syz-executor801940221" sig=31 arch=c000003e syscall=3 compat=0 ip=0x405621 code=0x0 [ 49.167767][ T7828] ================================================================== [ 49.175858][ T7828] BUG: KASAN: use-after-free in __lock_acquire+0x2d5e/0x3fb0 [ 49.183213][ T7828] Read of size 8 at addr ffff8880a85fc480 by task syz-executor801/7828 [ 49.191426][ T7828] [ 49.193744][ T7828] CPU: 1 PID: 7828 Comm: syz-executor801 Not tainted 5.1.0-rc1+ #35 [ 49.201695][ T7828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.211754][ T7828] Call Trace: [ 49.215069][ T7828] dump_stack+0x172/0x1f0 [ 49.219391][ T7828] ? __lock_acquire+0x2d5e/0x3fb0 [ 49.224430][ T7828] print_address_description.cold+0x7c/0x20d [ 49.230400][ T7828] ? __lock_acquire+0x2d5e/0x3fb0 [ 49.235435][ T7828] ? __lock_acquire+0x2d5e/0x3fb0 [ 49.240472][ T7828] kasan_report.cold+0x1b/0x40 [ 49.245251][ T7828] ? __lock_acquire+0x2d5e/0x3fb0 [ 49.250265][ T7828] __asan_report_load8_noabort+0x14/0x20 [ 49.255888][ T7828] __lock_acquire+0x2d5e/0x3fb0 [ 49.260735][ T7828] ? futex_wait_setup+0x390/0x390 [ 49.265754][ T7828] ? find_held_lock+0x35/0x130 [ 49.270530][ T7828] ? mark_held_locks+0xf0/0xf0 [ 49.275291][ T7828] ? futex_wake+0x179/0x4d0 [ 49.279788][ T7828] lock_acquire+0x16f/0x3f0 [ 49.284283][ T7828] ? seccomp_notify_release+0x62/0x280 [ 49.289738][ T7828] ? seccomp_notify_release+0x62/0x280 [ 49.295225][ T7828] __mutex_lock+0xf7/0x1310 [ 49.299718][ T7828] ? seccomp_notify_release+0x62/0x280 [ 49.305163][ T7828] ? find_held_lock+0x35/0x130 [ 49.309920][ T7828] ? seccomp_notify_release+0x62/0x280 [ 49.315370][ T7828] ? mutex_trylock+0x1e0/0x1e0 [ 49.320121][ T7828] ? __lock_acquire+0x548/0x3fb0 [ 49.325059][ T7828] ? vfs_lock_file+0xf0/0xf0 [ 49.329644][ T7828] ? __lock_acquire+0x548/0x3fb0 [ 49.334574][ T7828] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.340806][ T7828] ? fsnotify+0x811/0xbc0 [ 49.345127][ T7828] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 49.351357][ T7828] ? locks_remove_file+0x305/0x4a0 [ 49.356459][ T7828] ? get_nth_filter.part.0+0x1d0/0x1d0 [ 49.361906][ T7828] mutex_lock_nested+0x16/0x20 [ 49.366665][ T7828] ? mutex_lock_nested+0x16/0x20 [ 49.371619][ T7828] seccomp_notify_release+0x62/0x280 [ 49.376893][ T7828] ? ima_file_free+0xc9/0x4a0 [ 49.381580][ T7828] ? get_nth_filter.part.0+0x1d0/0x1d0 [ 49.387046][ T7828] __fput+0x2e5/0x8d0 [ 49.391021][ T7828] ____fput+0x16/0x20 [ 49.394989][ T7828] task_work_run+0x14a/0x1c0 [ 49.399575][ T7828] exit_to_usermode_loop+0x273/0x2c0 [ 49.404872][ T7828] do_syscall_64+0x52d/0x610 [ 49.409444][ T7828] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.415319][ T7828] RIP: 0033:0x405621 [ 49.419201][ T7828] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 49.438795][ T7828] RSP: 002b:00007ffc6118fd30 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 49.447206][ T7828] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000405621 [ 49.455166][ T7828] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000003 [ 49.463122][ T7828] RBP: 0000000000000064 R08: 00007ffb2ddcc700 R09: 0000000000000000 [ 49.471081][ T7828] R10: 00007ffc6118fd40 R11: 0000000000000293 R12: 00000000006dbc30 [ 49.479041][ T7828] R13: 0000000000000002 R14: 00000000006dbc3c R15: 000000000000002d [ 49.487052][ T7828] [ 49.489412][ T7828] Allocated by task 7838: [ 49.493728][ T7828] save_stack+0x45/0xd0 [ 49.497876][ T7828] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 49.503496][ T7828] kasan_kmalloc+0x9/0x10 [ 49.507816][ T7828] kmem_cache_alloc_trace+0x151/0x760 [ 49.513171][ T7828] do_seccomp+0x743/0x2250 [ 49.517568][ T7828] __x64_sys_seccomp+0x73/0xb0 [ 49.522318][ T7828] do_syscall_64+0x103/0x610 [ 49.526910][ T7828] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.532787][ T7828] [ 49.535109][ T7828] Freed by task 7838: [ 49.539119][ T7828] save_stack+0x45/0xd0 [ 49.543284][ T7828] __kasan_slab_free+0x102/0x150 [ 49.548206][ T7828] kasan_slab_free+0xe/0x10 [ 49.552694][ T7828] kfree+0xcf/0x230 [ 49.556492][ T7828] do_seccomp+0xb00/0x2250 [ 49.560898][ T7828] __x64_sys_seccomp+0x73/0xb0 [ 49.565655][ T7828] do_syscall_64+0x103/0x610 [ 49.570237][ T7828] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.576107][ T7828] [ 49.578426][ T7828] The buggy address belongs to the object at ffff8880a85fc400 [ 49.578426][ T7828] which belongs to the cache kmalloc-192 of size 192 [ 49.592469][ T7828] The buggy address is located 128 bytes inside of [ 49.592469][ T7828] 192-byte region [ffff8880a85fc400, ffff8880a85fc4c0) [ 49.605721][ T7828] The buggy address belongs to the page: [ 49.611354][ T7828] page:ffffea0002a17f00 count:1 mapcount:0 mapping:ffff88812c3f0040 index:0xffff8880a85fcc00 [ 49.621539][ T7828] flags: 0x1fffc0000000200(slab) [ 49.626472][ T7828] raw: 01fffc0000000200 ffffea0002a17fc8 ffff88812c3f1138 ffff88812c3f0040 [ 49.635069][ T7828] raw: ffff8880a85fcc00 ffff8880a85fc000 0000000100000005 0000000000000000 [ 49.643640][ T7828] page dumped because: kasan: bad access detected [ 49.650040][ T7828] [ 49.652348][ T7828] Memory state around the buggy address: [ 49.658037][ T7828] ffff8880a85fc380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 49.666111][ T7828] ffff8880a85fc400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.674158][ T7828] >ffff8880a85fc480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 49.682207][ T7828] ^ [ 49.686277][ T7828] ffff8880a85fc500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.694343][ T7828] ffff8880a85fc580: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.702390][ T7828] ================================================================== [ 49.710436][ T7828] Disabling lock debugging due to kernel taint [ 49.716586][ T7828] Kernel panic - not syncing: panic_on_warn set ... [ 49.723164][ T7828] CPU: 1 PID: 7828 Comm: syz-executor801 Tainted: G B 5.1.0-rc1+ #35 [ 49.732514][ T7828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.742561][ T7828] Call Trace: [ 49.745841][ T7828] dump_stack+0x172/0x1f0 [ 49.750154][ T7828] panic+0x2cb/0x65c [ 49.754039][ T7828] ? __warn_printk+0xf3/0xf3 [ 49.758613][ T7828] ? lock_downgrade+0x880/0x880 [ 49.763461][ T7828] ? __lock_acquire+0x2d5e/0x3fb0 [ 49.768485][ T7828] ? trace_hardirqs_off+0x62/0x220 [ 49.773605][ T7828] ? trace_hardirqs_off+0x59/0x220 [ 49.778709][ T7828] ? __lock_acquire+0x2d5e/0x3fb0 [ 49.783719][ T7828] end_report+0x47/0x4f [ 49.787872][ T7828] ? __lock_acquire+0x2d5e/0x3fb0 [ 49.792885][ T7828] kasan_report.cold+0xe/0x40 [ 49.797549][ T7828] ? __lock_acquire+0x2d5e/0x3fb0 [ 49.802574][ T7828] __asan_report_load8_noabort+0x14/0x20 [ 49.808200][ T7828] __lock_acquire+0x2d5e/0x3fb0 [ 49.813044][ T7828] ? futex_wait_setup+0x390/0x390 [ 49.818058][ T7828] ? find_held_lock+0x35/0x130 [ 49.822819][ T7828] ? mark_held_locks+0xf0/0xf0 [ 49.827562][ T7828] ? futex_wake+0x179/0x4d0 [ 49.832052][ T7828] lock_acquire+0x16f/0x3f0 [ 49.836569][ T7828] ? seccomp_notify_release+0x62/0x280 [ 49.842028][ T7828] ? seccomp_notify_release+0x62/0x280 [ 49.847490][ T7828] __mutex_lock+0xf7/0x1310 [ 49.852003][ T7828] ? seccomp_notify_release+0x62/0x280 [ 49.857460][ T7828] ? find_held_lock+0x35/0x130 [ 49.862213][ T7828] ? seccomp_notify_release+0x62/0x280 [ 49.867702][ T7828] ? mutex_trylock+0x1e0/0x1e0 [ 49.872994][ T7828] ? __lock_acquire+0x548/0x3fb0 [ 49.877931][ T7828] ? vfs_lock_file+0xf0/0xf0 [ 49.882510][ T7828] ? __lock_acquire+0x548/0x3fb0 [ 49.887433][ T7828] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.893678][ T7828] ? fsnotify+0x811/0xbc0 [ 49.897992][ T7828] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 49.904222][ T7828] ? locks_remove_file+0x305/0x4a0 [ 49.909331][ T7828] ? get_nth_filter.part.0+0x1d0/0x1d0 [ 49.914776][ T7828] mutex_lock_nested+0x16/0x20 [ 49.919532][ T7828] ? mutex_lock_nested+0x16/0x20 [ 49.924455][ T7828] seccomp_notify_release+0x62/0x280 [ 49.929731][ T7828] ? ima_file_free+0xc9/0x4a0 [ 49.934400][ T7828] ? get_nth_filter.part.0+0x1d0/0x1d0 [ 49.939854][ T7828] __fput+0x2e5/0x8d0 [ 49.943825][ T7828] ____fput+0x16/0x20 [ 49.947797][ T7828] task_work_run+0x14a/0x1c0 [ 49.952383][ T7828] exit_to_usermode_loop+0x273/0x2c0 [ 49.957667][ T7828] do_syscall_64+0x52d/0x610 [ 49.962247][ T7828] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.968247][ T7828] RIP: 0033:0x405621 [ 49.972188][ T7828] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 49.991783][ T7828] RSP: 002b:00007ffc6118fd30 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 50.000175][ T7828] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000405621 [ 50.008126][ T7828] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000003 [ 50.016083][ T7828] RBP: 0000000000000064 R08: 00007ffb2ddcc700 R09: 0000000000000000 [ 50.024043][ T7828] R10: 00007ffc6118fd40 R11: 0000000000000293 R12: 00000000006dbc30 [ 50.032001][ T7828] R13: 0000000000000002 R14: 00000000006dbc3c R15: 000000000000002d [ 50.040718][ T7828] Kernel Offset: disabled [ 50.045044][ T7828] Rebooting in 86400 seconds..