[ 37.885345][ T26] audit: type=1800 audit(1553460723.412:25): pid=7726 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 37.913052][ T26] audit: type=1800 audit(1553460723.412:26): pid=7726 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 37.947951][ T26] audit: type=1800 audit(1553460723.412:27): pid=7726 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 37.972800][ T26] audit: type=1800 audit(1553460723.412:28): pid=7726 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 46.322703][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 46.322719][ T26] audit: type=1326 audit(1553460731.852:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7880 comm="syz-executor977" exe="/root/syz-executor977085809" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4467a9 code=0x0 executing program executing program executing program [ 46.355537][ T26] audit: type=1326 audit(1553460731.892:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7890 comm="syz-executor977" exe="/root/syz-executor977085809" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4467a9 code=0x0 [ 46.379338][ T26] audit: type=1326 audit(1553460731.892:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7886 comm="syz-executor977" exe="/root/syz-executor977085809" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4467a9 code=0x0 executing program executing program executing program [ 46.408621][ T26] audit: type=1326 audit(1553460731.892:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7888 comm="syz-executor977" exe="/root/syz-executor977085809" sig=31 arch=c000003e syscall=202 compat=0 ip=0x4467a9 code=0x0 [ 46.436798][ T7896] ================================================================== [ 46.444920][ T7896] BUG: KASAN: use-after-free in __lock_acquire+0x2d5e/0x3fb0 [ 46.452296][ T7896] Read of size 8 at addr ffff8880a7e68580 by task syz-executor977/7896 [ 46.460611][ T7896] [ 46.462950][ T7896] CPU: 1 PID: 7896 Comm: syz-executor977 Not tainted 5.1.0-rc1-next-20190322 #9 [ 46.471961][ T7896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.482012][ T7896] Call Trace: [ 46.485428][ T7896] dump_stack+0x172/0x1f0 [ 46.489765][ T7896] ? __lock_acquire+0x2d5e/0x3fb0 [ 46.494804][ T7896] print_address_description.cold+0x7c/0x20d [ 46.500804][ T7896] ? __lock_acquire+0x2d5e/0x3fb0 [ 46.505832][ T7896] ? __lock_acquire+0x2d5e/0x3fb0 [ 46.510865][ T7896] kasan_report.cold+0x1b/0x40 [ 46.515633][ T7896] ? __lock_acquire+0x2d5e/0x3fb0 [ 46.520660][ T7896] __asan_report_load8_noabort+0x14/0x20 [ 46.526301][ T7896] __lock_acquire+0x2d5e/0x3fb0 [ 46.531160][ T7896] ? futex_wait_setup+0x390/0x390 [ 46.536219][ T7896] ? find_held_lock+0x35/0x130 [ 46.540987][ T7896] ? mark_held_locks+0xf0/0xf0 [ 46.545753][ T7896] ? futex_wake+0x179/0x4d0 [ 46.550264][ T7896] lock_acquire+0x16f/0x3f0 [ 46.554772][ T7896] ? seccomp_notify_release+0x62/0x280 [ 46.560229][ T7896] ? seccomp_notify_release+0x62/0x280 [ 46.565685][ T7896] __mutex_lock+0xf7/0x1310 [ 46.570192][ T7896] ? seccomp_notify_release+0x62/0x280 [ 46.575649][ T7896] ? find_held_lock+0x35/0x130 [ 46.580421][ T7896] ? seccomp_notify_release+0x62/0x280 [ 46.585880][ T7896] ? mutex_trylock+0x1e0/0x1e0 [ 46.590659][ T7896] ? __lock_acquire+0x548/0x3fb0 [ 46.595605][ T7896] ? vfs_lock_file+0xf0/0xf0 [ 46.600200][ T7896] ? __lock_acquire+0x548/0x3fb0 [ 46.605138][ T7896] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 46.611467][ T7896] ? fsnotify+0x811/0xbc0 [ 46.615804][ T7896] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 46.622057][ T7896] ? locks_remove_file+0x305/0x4a0 [ 46.627187][ T7896] ? get_nth_filter.part.0+0x1d0/0x1d0 [ 46.632656][ T7896] mutex_lock_nested+0x16/0x20 [ 46.637600][ T7896] ? mutex_lock_nested+0x16/0x20 [ 46.642541][ T7896] seccomp_notify_release+0x62/0x280 [ 46.648005][ T7896] ? ima_file_free+0xc9/0x4a0 [ 46.652710][ T7896] ? get_nth_filter.part.0+0x1d0/0x1d0 [ 46.658185][ T7896] __fput+0x2e5/0x8d0 [ 46.662179][ T7896] ____fput+0x16/0x20 [ 46.666162][ T7896] task_work_run+0x14a/0x1c0 [ 46.670766][ T7896] exit_to_usermode_loop+0x273/0x2c0 [ 46.676056][ T7896] do_syscall_64+0x52d/0x610 [ 46.680656][ T7896] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.686550][ T7896] RIP: 0033:0x405621 [ 46.690447][ T7896] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 46.710051][ T7896] RSP: 002b:00007ffe7ca68640 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 46.718466][ T7896] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000405621 [ 46.726443][ T7896] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000003 [ 46.734429][ T7896] RBP: 0000000000000064 R08: 00007f3d3d8d3700 R09: 0000000000000000 [ 46.742415][ T7896] R10: 00007ffe7ca68650 R11: 0000000000000293 R12: 00000000006dbc30 [ 46.750394][ T7896] R13: 0000000000000002 R14: 00000000006dbc3c R15: 000000000000002d [ 46.758380][ T7896] [ 46.760720][ T7896] Allocated by task 7905: [ 46.765066][ T7896] save_stack+0x45/0xd0 [ 46.769238][ T7896] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 46.774879][ T7896] kasan_kmalloc+0x9/0x10 [ 46.779215][ T7896] kmem_cache_alloc_trace+0x151/0x760 [ 46.784590][ T7896] do_seccomp+0x743/0x2250 [ 46.789005][ T7896] __x64_sys_seccomp+0x73/0xb0 [ 46.793772][ T7896] do_syscall_64+0x103/0x610 [ 46.798371][ T7896] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.804254][ T7896] [ 46.806587][ T7896] Freed by task 7905: [ 46.810586][ T7896] save_stack+0x45/0xd0 [ 46.814775][ T7896] __kasan_slab_free+0x102/0x150 [ 46.819719][ T7896] kasan_slab_free+0xe/0x10 [ 46.824227][ T7896] kfree+0xcf/0x230 [ 46.828038][ T7896] do_seccomp+0xb00/0x2250 [ 46.832455][ T7896] __x64_sys_seccomp+0x73/0xb0 [ 46.837218][ T7896] do_syscall_64+0x103/0x610 [ 46.841805][ T7896] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 46.847676][ T7896] [ 46.849993][ T7896] The buggy address belongs to the object at ffff8880a7e68500 [ 46.849993][ T7896] which belongs to the cache kmalloc-192 of size 192 [ 46.864047][ T7896] The buggy address is located 128 bytes inside of [ 46.864047][ T7896] 192-byte region [ffff8880a7e68500, ffff8880a7e685c0) [ 46.877314][ T7896] The buggy address belongs to the page: [ 46.882960][ T7896] page:ffffea00029f9a00 count:1 mapcount:0 mapping:ffff88812c3f0040 index:0x0 [ 46.891814][ T7896] flags: 0x1fffc0000000200(slab) [ 46.896767][ T7896] raw: 01fffc0000000200 ffffea00029f6b48 ffffea00029f8d88 ffff88812c3f0040 [ 46.905363][ T7896] raw: 0000000000000000 ffff8880a7e68000 0000000100000010 0000000000000000 [ 46.913947][ T7896] page dumped because: kasan: bad access detected [ 46.920354][ T7896] [ 46.922673][ T7896] Memory state around the buggy address: [ 46.928300][ T7896] ffff8880a7e68480: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 46.936363][ T7896] ffff8880a7e68500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.944433][ T7896] >ffff8880a7e68580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 46.952499][ T7896] ^ [ 46.956566][ T7896] ffff8880a7e68600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.964622][ T7896] ffff8880a7e68680: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.972670][ T7896] ================================================================== [ 46.980723][ T7896] Disabling lock debugging due to kernel taint [ 46.986867][ T7896] Kernel panic - not syncing: panic_on_warn set ... [ 46.993469][ T7896] CPU: 1 PID: 7896 Comm: syz-executor977 Tainted: G B 5.1.0-rc1-next-20190322 #9 [ 47.003873][ T7896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.013935][ T7896] Call Trace: [ 47.017243][ T7896] dump_stack+0x172/0x1f0 [ 47.021583][ T7896] panic+0x2cb/0x65c [ 47.025482][ T7896] ? __warn_printk+0xf3/0xf3 [ 47.030072][ T7896] ? lock_downgrade+0x880/0x880 [ 47.034919][ T7896] ? __lock_acquire+0x2d5e/0x3fb0 [ 47.039943][ T7896] ? trace_hardirqs_off+0x62/0x220 [ 47.045052][ T7896] ? trace_hardirqs_off+0x59/0x220 [ 47.050167][ T7896] ? __lock_acquire+0x2d5e/0x3fb0 [ 47.055203][ T7896] end_report+0x47/0x4f [ 47.059361][ T7896] ? __lock_acquire+0x2d5e/0x3fb0 [ 47.064395][ T7896] kasan_report.cold+0xe/0x40 [ 47.069085][ T7896] ? __lock_acquire+0x2d5e/0x3fb0 [ 47.074111][ T7896] __asan_report_load8_noabort+0x14/0x20 [ 47.079743][ T7896] __lock_acquire+0x2d5e/0x3fb0 [ 47.084602][ T7896] ? futex_wait_setup+0x390/0x390 [ 47.089628][ T7896] ? find_held_lock+0x35/0x130 [ 47.094399][ T7896] ? mark_held_locks+0xf0/0xf0 [ 47.099183][ T7896] ? futex_wake+0x179/0x4d0 [ 47.103697][ T7896] lock_acquire+0x16f/0x3f0 [ 47.108210][ T7896] ? seccomp_notify_release+0x62/0x280 [ 47.113676][ T7896] ? seccomp_notify_release+0x62/0x280 [ 47.119138][ T7896] __mutex_lock+0xf7/0x1310 [ 47.123653][ T7896] ? seccomp_notify_release+0x62/0x280 [ 47.129109][ T7896] ? find_held_lock+0x35/0x130 [ 47.133871][ T7896] ? seccomp_notify_release+0x62/0x280 [ 47.139339][ T7896] ? mutex_trylock+0x1e0/0x1e0 [ 47.144124][ T7896] ? __lock_acquire+0x548/0x3fb0 [ 47.149074][ T7896] ? vfs_lock_file+0xf0/0xf0 [ 47.153671][ T7896] ? __lock_acquire+0x548/0x3fb0 [ 47.158618][ T7896] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 47.164872][ T7896] ? fsnotify+0x811/0xbc0 [ 47.169730][ T7896] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 47.176009][ T7896] ? locks_remove_file+0x305/0x4a0 [ 47.181139][ T7896] ? get_nth_filter.part.0+0x1d0/0x1d0 [ 47.186700][ T7896] mutex_lock_nested+0x16/0x20 [ 47.191487][ T7896] ? mutex_lock_nested+0x16/0x20 [ 47.196455][ T7896] seccomp_notify_release+0x62/0x280 [ 47.201759][ T7896] ? ima_file_free+0xc9/0x4a0 [ 47.206472][ T7896] ? get_nth_filter.part.0+0x1d0/0x1d0 [ 47.211943][ T7896] __fput+0x2e5/0x8d0 [ 47.215951][ T7896] ____fput+0x16/0x20 [ 47.219937][ T7896] task_work_run+0x14a/0x1c0 [ 47.224548][ T7896] exit_to_usermode_loop+0x273/0x2c0 [ 47.234549][ T7896] do_syscall_64+0x52d/0x610 [ 47.239169][ T7896] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 47.245097][ T7896] RIP: 0033:0x405621 [ 47.249001][ T7896] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 47.268613][ T7896] RSP: 002b:00007ffe7ca68640 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 47.277548][ T7896] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000405621 [ 47.285523][ T7896] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000003 [ 47.293514][ T7896] RBP: 0000000000000064 R08: 00007f3d3d8d3700 R09: 0000000000000000 [ 47.301492][ T7896] R10: 00007ffe7ca68650 R11: 0000000000000293 R12: 00000000006dbc30 [ 47.309471][ T7896] R13: 0000000000000002 R14: 00000000006dbc3c R15: 000000000000002d [ 47.318186][ T7896] Kernel Offset: disabled [ 47.322528][ T7896] Rebooting in 86400 seconds..