[   34.655109][   T26] audit: type=1800 audit(1553461161.570:27): pid=7405 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   34.655135][   T26] audit: type=1800 audit(1553461161.570:28): pid=7405 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   35.365636][   T26] audit: type=1800 audit(1553461162.320:29): pid=7405 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   35.386084][   T26] audit: type=1800 audit(1553461162.330:30): pid=7405 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.32' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   44.947861][   T26] audit: type=1326 audit(1553461171.910:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7560 comm="syz-executor164" exe="/root/syz-executor164018563" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4467a9 code=0x0
[   44.974790][   T26] audit: type=1326 audit(1553461171.940:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7566 comm="syz-executor164" exe="/root/syz-executor164018563" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4467a9 code=0x0
executing program
executing program
executing program
executing program
executing program
[   44.997588][   T26] audit: type=1326 audit(1553461171.940:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7567 comm="syz-executor164" exe="/root/syz-executor164018563" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4467a9 code=0x0
[   45.033621][   T26] audit: type=1326 audit(1553461171.940:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7568 comm="syz-executor164" exe="/root/syz-executor164018563" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4467a9 code=0x0
[   45.057200][   T26] audit: type=1326 audit(1553461171.940:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7569 comm="syz-executor164" exe="/root/syz-executor164018563" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4467a9 code=0x0
executing program
executing program
executing program
executing program
executing program
[   45.084673][   T26] audit: type=1326 audit(1553461171.960:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7560 comm="syz-executor164" exe="/root/syz-executor164018563" sig=31 arch=c000003e syscall=3 compat=0 ip=0x405621 code=0x0
[   45.114840][   T26] audit: type=1326 audit(1553461171.990:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7566 comm="syz-executor164" exe="/root/syz-executor164018563" sig=31 arch=c000003e syscall=3 compat=0 ip=0x405621 code=0x0
[   45.139931][ T7581] ==================================================================
[   45.148005][ T7581] BUG: KASAN: use-after-free in __lock_acquire+0x2d5e/0x3fb0
[   45.155363][ T7581] Read of size 8 at addr ffff8880a8514280 by task syz-executor164/7581
[   45.163575][ T7581] 
[   45.165898][ T7581] CPU: 0 PID: 7581 Comm: syz-executor164 Not tainted 5.1.0-rc1+ #35
[   45.173853][ T7581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.183890][ T7581] Call Trace:
[   45.187175][ T7581]  dump_stack+0x172/0x1f0
[   45.191495][ T7581]  ? __lock_acquire+0x2d5e/0x3fb0
[   45.196513][ T7581]  print_address_description.cold+0x7c/0x20d
[   45.202481][ T7581]  ? __lock_acquire+0x2d5e/0x3fb0
[   45.207498][ T7581]  ? __lock_acquire+0x2d5e/0x3fb0
[   45.212527][ T7581]  kasan_report.cold+0x1b/0x40
[   45.217287][ T7581]  ? __lock_acquire+0x2d5e/0x3fb0
[   45.222316][ T7581]  __asan_report_load8_noabort+0x14/0x20
[   45.227934][ T7581]  __lock_acquire+0x2d5e/0x3fb0
[   45.232771][ T7581]  ? _raw_spin_unlock_irq+0x28/0x90
[   45.237957][ T7581]  ? finish_task_switch+0x146/0x780
[   45.243139][ T7581]  ? _raw_spin_unlock_irq+0x28/0x90
[   45.248330][ T7581]  ? lockdep_hardirqs_on+0x418/0x5d0
[   45.253602][ T7581]  ? mark_held_locks+0xf0/0xf0
[   45.258350][ T7581]  ? __lock_acquire+0x548/0x3fb0
[   45.263284][ T7581]  ? __lock_acquire+0x548/0x3fb0
[   45.268213][ T7581]  lock_acquire+0x16f/0x3f0
[   45.272709][ T7581]  ? seccomp_notify_release+0x62/0x280
[   45.278160][ T7581]  ? seccomp_notify_release+0x62/0x280
[   45.283625][ T7581]  __mutex_lock+0xf7/0x1310
[   45.288135][ T7581]  ? seccomp_notify_release+0x62/0x280
[   45.293584][ T7581]  ? kasan_check_write+0x14/0x20
[   45.298510][ T7581]  ? seccomp_notify_release+0x62/0x280
[   45.303972][ T7581]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   45.309766][ T7581]  ? __free_object+0xe2/0x1f0
[   45.314433][ T7581]  ? mutex_trylock+0x1e0/0x1e0
[   45.319187][ T7581]  ? __lock_acquire+0x548/0x3fb0
[   45.324112][ T7581]  ? vfs_lock_file+0xf0/0xf0
[   45.328688][ T7581]  ? __lock_acquire+0x548/0x3fb0
[   45.333616][ T7581]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   45.339845][ T7581]  ? fsnotify+0x811/0xbc0
[   45.344167][ T7581]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   45.350399][ T7581]  ? locks_remove_file+0x305/0x4a0
[   45.355498][ T7581]  ? get_nth_filter.part.0+0x1d0/0x1d0
[   45.360947][ T7581]  mutex_lock_nested+0x16/0x20
[   45.365702][ T7581]  ? mutex_lock_nested+0x16/0x20
[   45.370804][ T7581]  seccomp_notify_release+0x62/0x280
[   45.376082][ T7581]  ? ima_file_free+0xc9/0x4a0
[   45.380750][ T7581]  ? get_nth_filter.part.0+0x1d0/0x1d0
[   45.386200][ T7581]  __fput+0x2e5/0x8d0
[   45.390183][ T7581]  ____fput+0x16/0x20
[   45.394155][ T7581]  task_work_run+0x14a/0x1c0
[   45.398740][ T7581]  exit_to_usermode_loop+0x273/0x2c0
[   45.404014][ T7581]  do_syscall_64+0x52d/0x610
[   45.408597][ T7581]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.414472][ T7581] RIP: 0033:0x405621
[   45.418357][ T7581] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[   45.437947][ T7581] RSP: 002b:00007ffc73460950 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   45.446346][ T7581] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000405621
[   45.454308][ T7581] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   45.462279][ T7581] RBP: 0000000000000064 R08: 00007fef2c407700 R09: 0000000000000000
[   45.470261][ T7581] R10: 00007ffc73460960 R11: 0000000000000293 R12: 00000000006dbc30
[   45.478230][ T7581] R13: 0000000000000002 R14: 00000000006dbc3c R15: 000000000000002d
[   45.486194][ T7581] 
[   45.488507][ T7581] Allocated by task 7588:
[   45.492844][ T7581]  save_stack+0x45/0xd0
[   45.496990][ T7581]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[   45.502615][ T7581]  kasan_kmalloc+0x9/0x10
[   45.506943][ T7581]  kmem_cache_alloc_trace+0x151/0x760
[   45.512317][ T7581]  do_seccomp+0x743/0x2250
[   45.516721][ T7581]  __x64_sys_seccomp+0x73/0xb0
[   45.521476][ T7581]  do_syscall_64+0x103/0x610
[   45.526055][ T7581]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.531947][ T7581] 
[   45.534264][ T7581] Freed by task 7588:
[   45.538372][ T7581]  save_stack+0x45/0xd0
[   45.542544][ T7581]  __kasan_slab_free+0x102/0x150
[   45.547484][ T7581]  kasan_slab_free+0xe/0x10
[   45.551978][ T7581]  kfree+0xcf/0x230
[   45.555780][ T7581]  do_seccomp+0xb00/0x2250
[   45.560204][ T7581]  __x64_sys_seccomp+0x73/0xb0
[   45.564960][ T7581]  do_syscall_64+0x103/0x610
[   45.569547][ T7581]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.575417][ T7581] 
[   45.577734][ T7581] The buggy address belongs to the object at ffff8880a8514200
[   45.577734][ T7581]  which belongs to the cache kmalloc-192 of size 192
[   45.591784][ T7581] The buggy address is located 128 bytes inside of
[   45.591784][ T7581]  192-byte region [ffff8880a8514200, ffff8880a85142c0)
[   45.605045][ T7581] The buggy address belongs to the page:
[   45.610675][ T7581] page:ffffea0002a14500 count:1 mapcount:0 mapping:ffff88812c3f0040 index:0x0
[   45.619537][ T7581] flags: 0x1fffc0000000200(slab)
[   45.624469][ T7581] raw: 01fffc0000000200 ffffea00026bf2c8 ffffea0002a2dd48 ffff88812c3f0040
[   45.633042][ T7581] raw: 0000000000000000 ffff8880a8514000 0000000100000010 0000000000000000
[   45.641606][ T7581] page dumped because: kasan: bad access detected
[   45.648494][ T7581] 
[   45.650817][ T7581] Memory state around the buggy address:
[   45.656464][ T7581]  ffff8880a8514180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   45.664510][ T7581]  ffff8880a8514200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   45.672559][ T7581] >ffff8880a8514280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   45.680602][ T7581]                    ^
[   45.684653][ T7581]  ffff8880a8514300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   45.692703][ T7581]  ffff8880a8514380: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   45.700744][ T7581] ==================================================================
[   45.708783][ T7581] Disabling lock debugging due to kernel taint
[   45.714920][ T7581] Kernel panic - not syncing: panic_on_warn set ...
[   45.721502][ T7581] CPU: 0 PID: 7581 Comm: syz-executor164 Tainted: G    B             5.1.0-rc1+ #35
[   45.730847][ T7581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.740884][ T7581] Call Trace:
[   45.744171][ T7581]  dump_stack+0x172/0x1f0
[   45.748491][ T7581]  panic+0x2cb/0x65c
[   45.752380][ T7581]  ? __warn_printk+0xf3/0xf3
[   45.756960][ T7581]  ? lock_downgrade+0x880/0x880
[   45.761796][ T7581]  ? __lock_acquire+0x2d5e/0x3fb0
[   45.766808][ T7581]  ? trace_hardirqs_off+0x62/0x220
[   45.771908][ T7581]  ? trace_hardirqs_off+0x59/0x220
[   45.777006][ T7581]  ? __lock_acquire+0x2d5e/0x3fb0
[   45.782034][ T7581]  end_report+0x47/0x4f
[   45.786179][ T7581]  ? __lock_acquire+0x2d5e/0x3fb0
[   45.791186][ T7581]  kasan_report.cold+0xe/0x40
[   45.795855][ T7581]  ? __lock_acquire+0x2d5e/0x3fb0
[   45.800869][ T7581]  __asan_report_load8_noabort+0x14/0x20
[   45.806486][ T7581]  __lock_acquire+0x2d5e/0x3fb0
[   45.811334][ T7581]  ? _raw_spin_unlock_irq+0x28/0x90
[   45.816518][ T7581]  ? finish_task_switch+0x146/0x780
[   45.821720][ T7581]  ? _raw_spin_unlock_irq+0x28/0x90
[   45.826906][ T7581]  ? lockdep_hardirqs_on+0x418/0x5d0
[   45.832177][ T7581]  ? mark_held_locks+0xf0/0xf0
[   45.836931][ T7581]  ? __lock_acquire+0x548/0x3fb0
[   45.841859][ T7581]  ? __lock_acquire+0x548/0x3fb0
[   45.846805][ T7581]  lock_acquire+0x16f/0x3f0
[   45.851309][ T7581]  ? seccomp_notify_release+0x62/0x280
[   45.856758][ T7581]  ? seccomp_notify_release+0x62/0x280
[   45.862208][ T7581]  __mutex_lock+0xf7/0x1310
[   45.866702][ T7581]  ? seccomp_notify_release+0x62/0x280
[   45.872147][ T7581]  ? kasan_check_write+0x14/0x20
[   45.877071][ T7581]  ? seccomp_notify_release+0x62/0x280
[   45.882516][ T7581]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   45.888317][ T7581]  ? __free_object+0xe2/0x1f0
[   45.892986][ T7581]  ? mutex_trylock+0x1e0/0x1e0
[   45.897739][ T7581]  ? __lock_acquire+0x548/0x3fb0
[   45.902672][ T7581]  ? vfs_lock_file+0xf0/0xf0
[   45.907259][ T7581]  ? __lock_acquire+0x548/0x3fb0
[   45.912195][ T7581]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   45.918426][ T7581]  ? fsnotify+0x811/0xbc0
[   45.922746][ T7581]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   45.928974][ T7581]  ? locks_remove_file+0x305/0x4a0
[   45.934075][ T7581]  ? get_nth_filter.part.0+0x1d0/0x1d0
[   45.939523][ T7581]  mutex_lock_nested+0x16/0x20
[   45.944281][ T7581]  ? mutex_lock_nested+0x16/0x20
[   45.949215][ T7581]  seccomp_notify_release+0x62/0x280
[   45.954491][ T7581]  ? ima_file_free+0xc9/0x4a0
[   45.959157][ T7581]  ? get_nth_filter.part.0+0x1d0/0x1d0
[   45.964603][ T7581]  __fput+0x2e5/0x8d0
[   45.968574][ T7581]  ____fput+0x16/0x20
[   45.972541][ T7581]  task_work_run+0x14a/0x1c0
[   45.977123][ T7581]  exit_to_usermode_loop+0x273/0x2c0
[   45.982402][ T7581]  do_syscall_64+0x52d/0x610
[   45.986981][ T7581]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.992856][ T7581] RIP: 0033:0x405621
[   45.996739][ T7581] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[   46.016333][ T7581] RSP: 002b:00007ffc73460950 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   46.024744][ T7581] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000405621
[   46.032699][ T7581] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   46.040655][ T7581] RBP: 0000000000000064 R08: 00007fef2c407700 R09: 0000000000000000
[   46.048628][ T7581] R10: 00007ffc73460960 R11: 0000000000000293 R12: 00000000006dbc30
[   46.056588][ T7581] R13: 0000000000000002 R14: 00000000006dbc3c R15: 000000000000002d
[   46.065301][ T7581] Kernel Offset: disabled
[   46.076939][ T7581] Rebooting in 86400 seconds..