[ 37.030752][ T27] audit: type=1800 audit(1553579095.260:26): pid=7640 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 37.065765][ T27] audit: type=1800 audit(1553579095.260:27): pid=7640 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[ 37.086923][ T27] audit: type=1800 audit(1553579095.260:28): pid=7640 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 37.803998][ T27] audit: type=1800 audit(1553579096.060:29): pid=7640 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.15.219' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 46.351695][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
[ 46.411608][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
[ 46.474102][ T7795] ==================================================================
[ 46.482328][ T7795] BUG: KASAN: use-after-free in skb_release_data+0x11d/0x7a0
[ 46.489706][ T7795] Write of size 4 at addr ffff8880a95c27a0 by task syz-executor705/7795
[ 46.498016][ T7795]
[ 46.500357][ T7795] CPU: 0 PID: 7795 Comm: syz-executor705 Not tainted 5.0.0+ #108
[ 46.508052][ T7795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 46.518102][ T7795] Call Trace:
[ 46.521405][ T7795] dump_stack+0x172/0x1f0
[ 46.525722][ T7795] ? skb_release_data+0x11d/0x7a0
[ 46.530752][ T7795] ? inet_sock_destruct+0x10b/0x830
[ 46.535941][ T7795] print_address_description.cold+0x7c/0x20d
[ 46.542090][ T7795] ? skb_release_data+0x11d/0x7a0
[ 46.547118][ T7795] ? skb_release_data+0x11d/0x7a0
[ 46.552158][ T7795] ? inet_sock_destruct+0x10b/0x830
[ 46.557360][ T7795] kasan_report.cold+0x1b/0x40
[ 46.562147][ T7795] ? skb_release_data+0x11d/0x7a0
[ 46.567194][ T7795] check_memory_region+0x123/0x190
[ 46.572345][ T7795] kasan_check_write+0x14/0x20
[ 46.577293][ T7795] skb_release_data+0x11d/0x7a0
[ 46.582144][ T7795] ? sock_rfree+0x121/0x180
[ 46.586651][ T7795] ? inet_sock_destruct+0x10b/0x830
[ 46.591845][ T7795] skb_release_all+0x4d/0x60
[ 46.596441][ T7795] kfree_skb+0xe8/0x390
[ 46.600587][ T7795] inet_sock_destruct+0x10b/0x830
[ 46.605607][ T7795] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 46.611866][ T7795] ? ipip_gso_segment+0x100/0x100
[ 46.616881][ T7795] __sk_destruct+0x55/0x6d0
[ 46.621375][ T7795] sk_destruct+0x7b/0x90
[ 46.625621][ T7795] __sk_free+0xce/0x300
[ 46.629788][ T7795] sk_free+0x42/0x50
[ 46.633677][ T7795] sk_common_release+0x224/0x330
[ 46.638707][ T7795] rawv6_close+0x68/0x90
[ 46.642978][ T7795] inet_release+0x105/0x1f0
[ 46.647515][ T7795] inet6_release+0x53/0x80
[ 46.651931][ T7795] __sock_release+0xd3/0x2b0
[ 46.656524][ T7795] ? __sock_release+0x2b0/0x2b0
[ 46.661385][ T7795] sock_close+0x1b/0x30
[ 46.665647][ T7795] __fput+0x2e5/0x8d0
[ 46.669619][ T7795] ____fput+0x16/0x20
[ 46.673591][ T7795] task_work_run+0x14a/0x1c0
[ 46.678177][ T7795] do_exit+0x90a/0x2fa0
[ 46.682410][ T7795] ? get_signal+0x331/0x1d50
[ 46.687000][ T7795] ? mm_update_next_owner+0x640/0x640
[ 46.693540][ T7795] ? kasan_check_write+0x14/0x20
[ 46.698471][ T7795] ? _raw_spin_unlock_irq+0x28/0x90
[ 46.703655][ T7795] ? get_signal+0x331/0x1d50
[ 46.708228][ T7795] ? _raw_spin_unlock_irq+0x28/0x90
[ 46.713426][ T7795] do_group_exit+0x135/0x370
[ 46.718038][ T7795] get_signal+0x399/0x1d50
[ 46.722450][ T7795] ? fput+0x1b/0x20
[ 46.726247][ T7795] do_signal+0x87/0x1940
[ 46.730489][ T7795] ? setup_sigcontext+0x7d0/0x7d0
[ 46.735547][ T7795] ? exit_to_usermode_loop+0x43/0x2c0
[ 46.740932][ T7795] ? do_syscall_64+0x52d/0x610
[ 46.745695][ T7795] ? exit_to_usermode_loop+0x43/0x2c0
[ 46.751080][ T7795] ? lockdep_hardirqs_on+0x418/0x5d0
[ 46.756361][ T7795] ? trace_hardirqs_on+0x67/0x230
[ 46.761388][ T7795] exit_to_usermode_loop+0x244/0x2c0
[ 46.766695][ T7795] do_syscall_64+0x52d/0x610
[ 46.771300][ T7795] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 46.777190][ T7795] RIP: 0033:0x4459a9
[ 46.781263][ T7795] Code: Bad RIP value.
[ 46.785336][ T7795] RSP: 002b:00007f46bf5d7da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 46.793833][ T7795] RAX: fffffffffffffe00 RBX: 00000000006dac48 RCX: 00000000004459a9
[ 46.801817][ T7795] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dac48
[ 46.809798][ T7795] RBP: 00000000006dac40 R08: 0000000000000000 R09: 0000000000000000
[ 46.817788][ T7795] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac4c
[ 46.825773][ T7795] R13: 0000000000000000 R14: 0000000000000000 R15: 20c49ba5e353f7cf
[ 46.833777][ T7795]
[ 46.836105][ T7795] Allocated by task 7795:
[ 46.840456][ T7795] save_stack+0x45/0xd0
[ 46.844616][ T7795] __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 46.850247][ T7795] kasan_kmalloc+0x9/0x10
[ 46.854586][ T7795] __kmalloc_node_track_caller+0x4e/0x70
[ 46.860236][ T7795] __kmalloc_reserve.isra.0+0x40/0xf0
[ 46.865624][ T7795] __alloc_skb+0x10b/0x5e0
[ 46.870038][ T7795] sk_stream_alloc_skb+0x113/0xd10
[ 46.875152][ T7795] tcp_connect+0xfd8/0x4280
[ 46.879662][ T7795] tcp_v6_connect+0x150b/0x20a0
[ 46.884506][ T7795] __inet_stream_connect+0x83f/0xea0
[ 46.889778][ T7795] tcp_sendmsg_locked+0x2314/0x34d0
[ 46.894964][ T7795] tcp_sendmsg+0x30/0x50
[ 46.899204][ T7795] inet_sendmsg+0x147/0x5e0
[ 46.903695][ T7795] sock_sendmsg+0xdd/0x130
[ 46.908095][ T7795] __sys_sendto+0x262/0x380
[ 46.912601][ T7795] __x64_sys_sendto+0xe1/0x1a0
[ 46.917349][ T7795] do_syscall_64+0x103/0x610
[ 46.921950][ T7795] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 46.927831][ T7795]
[ 46.930157][ T7795] Freed by task 7795:
[ 46.934132][ T7795] save_stack+0x45/0xd0
[ 46.938302][ T7795] __kasan_slab_free+0x102/0x150
[ 46.943231][ T7795] kasan_slab_free+0xe/0x10
[ 46.947722][ T7795] kfree+0xcf/0x230
[ 46.951517][ T7795] skb_free_head+0x93/0xb0
[ 46.955931][ T7795] skb_release_data+0x576/0x7a0
[ 46.960763][ T7795] skb_release_all+0x4d/0x60
[ 46.965354][ T7795] kfree_skb+0xe8/0x390
[ 46.969532][ T7795] inet_sock_destruct+0x10b/0x830
[ 46.974654][ T7795] __sk_destruct+0x55/0x6d0
[ 46.979147][ T7795] sk_destruct+0x7b/0x90
[ 46.983374][ T7795] __sk_free+0xce/0x300
[ 46.987511][ T7795] sk_free+0x42/0x50
[ 46.991387][ T7795] sk_common_release+0x224/0x330
[ 46.996312][ T7795] rawv6_close+0x68/0x90
[ 47.000541][ T7795] inet_release+0x105/0x1f0
[ 47.005041][ T7795] inet6_release+0x53/0x80
[ 47.009453][ T7795] __sock_release+0xd3/0x2b0
[ 47.014203][ T7795] sock_close+0x1b/0x30
[ 47.018366][ T7795] __fput+0x2e5/0x8d0
[ 47.022346][ T7795] ____fput+0x16/0x20
[ 47.026315][ T7795] task_work_run+0x14a/0x1c0
[ 47.030902][ T7795] do_exit+0x90a/0x2fa0
[ 47.035064][ T7795] do_group_exit+0x135/0x370
[ 47.039728][ T7795] get_signal+0x399/0x1d50
[ 47.044158][ T7795] do_signal+0x87/0x1940
[ 47.048396][ T7795] exit_to_usermode_loop+0x244/0x2c0
[ 47.053691][ T7795] do_syscall_64+0x52d/0x610
[ 47.058289][ T7795] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 47.064176][ T7795]
[ 47.066514][ T7795] The buggy address belongs to the object at ffff8880a95c24c0
[ 47.066514][ T7795] which belongs to the cache kmalloc-1k of size 1024
[ 47.081551][ T7795] The buggy address is located 736 bytes inside of
[ 47.081551][ T7795] 1024-byte region [ffff8880a95c24c0, ffff8880a95c28c0)
[ 47.094931][ T7795] The buggy address belongs to the page:
[ 47.100582][ T7795] page:ffffea0002a57080 count:1 mapcount:0 mapping:ffff88812c3f0ac0 index:0x0 compound_mapcount: 0
[ 47.111252][ T7795] flags: 0x1fffc0000010200(slab|head)
[ 47.116638][ T7795] raw: 01fffc0000010200 ffffea00024cc108 ffffea0002a48a08 ffff88812c3f0ac0
[ 47.125239][ T7795] raw: 0000000000000000 ffff8880a95c2040 0000000100000007 0000000000000000
[ 47.133844][ T7795] page dumped because: kasan: bad access detected
[ 47.140247][ T7795]
[ 47.142581][ T7795] Memory state around the buggy address:
[ 47.148215][ T7795] ffff8880a95c2680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.156284][ T7795] ffff8880a95c2700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.164459][ T7795] >ffff8880a95c2780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.172513][ T7795] ^
[ 47.177622][ T7795] ffff8880a95c2800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 47.185760][ T7795] ffff8880a95c2880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 47.193814][ T7795] ==================================================================
[ 47.201863][ T7795] Disabling lock debugging due to kernel taint
[ 47.208195][ T7795] Kernel panic - not syncing: panic_on_warn set ...
[ 47.214795][ T7795] CPU: 0 PID: 7795 Comm: syz-executor705 Tainted: G B 5.0.0+ #108
[ 47.223880][ T7795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 47.233927][ T7795] Call Trace:
[ 47.237216][ T7795] dump_stack+0x172/0x1f0
[ 47.241540][ T7795] ? inet_sock_destruct+0x10b/0x830
[ 47.246808][ T7795] panic+0x2cb/0x65c
[ 47.250861][ T7795] ? __warn_printk+0xf3/0xf3
[ 47.255452][ T7795] ? skb_release_data+0x11d/0x7a0
[ 47.260746][ T7795] ? inet_sock_destruct+0x10b/0x830
[ 47.265951][ T7795] ? preempt_schedule+0x4b/0x60
[ 47.270912][ T7795] ? ___preempt_schedule+0x16/0x18
[ 47.276192][ T7795] ? trace_hardirqs_on+0x5e/0x230
[ 47.281226][ T7795] ? skb_release_data+0x11d/0x7a0
[ 47.286241][ T7795] ? inet_sock_destruct+0x10b/0x830
[ 47.291469][ T7795] end_report+0x47/0x4f
[ 47.295611][ T7795] ? skb_release_data+0x11d/0x7a0
[ 47.300637][ T7795] kasan_report.cold+0xe/0x40
[ 47.305304][ T7795] ? skb_release_data+0x11d/0x7a0
[ 47.310314][ T7795] check_memory_region+0x123/0x190
[ 47.315408][ T7795] kasan_check_write+0x14/0x20
[ 47.320251][ T7795] skb_release_data+0x11d/0x7a0
[ 47.325081][ T7795] ? sock_rfree+0x121/0x180
[ 47.329570][ T7795] ? inet_sock_destruct+0x10b/0x830
[ 47.334782][ T7795] skb_release_all+0x4d/0x60
[ 47.339361][ T7795] kfree_skb+0xe8/0x390
[ 47.343522][ T7795] inet_sock_destruct+0x10b/0x830
[ 47.348564][ T7795] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 47.354822][ T7795] ? ipip_gso_segment+0x100/0x100
[ 47.359852][ T7795] __sk_destruct+0x55/0x6d0
[ 47.364345][ T7795] sk_destruct+0x7b/0x90
[ 47.368572][ T7795] __sk_free+0xce/0x300
[ 47.372708][ T7795] sk_free+0x42/0x50
[ 47.376585][ T7795] sk_common_release+0x224/0x330
[ 47.381507][ T7795] rawv6_close+0x68/0x90
[ 47.385734][ T7795] inet_release+0x105/0x1f0
[ 47.390218][ T7795] inet6_release+0x53/0x80
[ 47.394612][ T7795] __sock_release+0xd3/0x2b0
[ 47.399197][ T7795] ? __sock_release+0x2b0/0x2b0
[ 47.404034][ T7795] sock_close+0x1b/0x30
[ 47.408175][ T7795] __fput+0x2e5/0x8d0
[ 47.412151][ T7795] ____fput+0x16/0x20
[ 47.416112][ T7795] task_work_run+0x14a/0x1c0
[ 47.420725][ T7795] do_exit+0x90a/0x2fa0
[ 47.424861][ T7795] ? get_signal+0x331/0x1d50
[ 47.429434][ T7795] ? mm_update_next_owner+0x640/0x640
[ 47.434791][ T7795] ? kasan_check_write+0x14/0x20
[ 47.439720][ T7795] ? _raw_spin_unlock_irq+0x28/0x90
[ 47.444933][ T7795] ? get_signal+0x331/0x1d50
[ 47.449516][ T7795] ? _raw_spin_unlock_irq+0x28/0x90
[ 47.454730][ T7795] do_group_exit+0x135/0x370
[ 47.459315][ T7795] get_signal+0x399/0x1d50
[ 47.463730][ T7795] ? fput+0x1b/0x20
[ 47.467571][ T7795] do_signal+0x87/0x1940
[ 47.472122][ T7795] ? setup_sigcontext+0x7d0/0x7d0
[ 47.477136][ T7795] ? exit_to_usermode_loop+0x43/0x2c0
[ 47.482491][ T7795] ? do_syscall_64+0x52d/0x610
[ 47.487234][ T7795] ? exit_to_usermode_loop+0x43/0x2c0
[ 47.492681][ T7795] ? lockdep_hardirqs_on+0x418/0x5d0
[ 47.498310][ T7795] ? trace_hardirqs_on+0x67/0x230
[ 47.503353][ T7795] exit_to_usermode_loop+0x244/0x2c0
[ 47.508919][ T7795] do_syscall_64+0x52d/0x610
[ 47.513520][ T7795] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 47.519393][ T7795] RIP: 0033:0x4459a9
[ 47.523333][ T7795] Code: Bad RIP value.
[ 47.527402][ T7795] RSP: 002b:00007f46bf5d7da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 47.536147][ T7795] RAX: fffffffffffffe00 RBX: 00000000006dac48 RCX: 00000000004459a9
[ 47.544279][ T7795] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dac48
[ 47.552250][ T7795] RBP: 00000000006dac40 R08: 0000000000000000 R09: 0000000000000000
[ 47.560230][ T7795] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac4c
[ 47.568216][ T7795] R13: 0000000000000000 R14: 0000000000000000 R15: 20c49ba5e353f7cf
[ 47.581618][ T7795] Kernel Offset: disabled
[ 47.585946][ T7795] Rebooting in 86400 seconds..