[....] Starting enhanced syslogd: rsyslogd[   36.361499] audit: type=1400 audit(1538914751.760:28): avc:  denied  { syslog } for  pid=5748 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.65' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz_tun.accept_dad = 0
net.ipv6.conf.syz_tun.router_solicitations = 0
syzkaller login: [   45.496066] kauditd_printk_skb: 7 callbacks suppressed
[   45.496081] audit: type=1400 audit(1538914760.890:36): avc:  denied  { map } for  pid=5904 comm="syz-executor206" path="/root/syz-executor206477142" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   45.504498] IPVS: ftp: loaded support on port[0] = 21
[   45.709212] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.716343] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.723563] device bridge_slave_0 entered promiscuous mode
[   45.737862] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.744244] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.751139] device bridge_slave_1 entered promiscuous mode
[   45.765837] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   45.780437] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   45.818203] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   45.834762] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   45.889321] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   45.896807] team0: Port device team_slave_0 added
[   45.910033] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   45.917026] team0: Port device team_slave_1 added
[   45.930570] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   45.947296] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   45.963232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   45.978383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   46.080185] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.086541] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.093163] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.099505] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   46.459207] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   46.465328] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.503399] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   46.541105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.548061] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   46.586997] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   46.593105] 8021q: adding VLAN 0 to HW filter on device team0
[   46.659927] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
executing program
[   46.796081] audit: type=1804 audit(1538914762.190:37): pid=6160 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor206" name="/root/bus" dev="sda1" ino=16482 res=1
[   47.062554] ==================================================================
[   47.070040] BUG: KASAN: use-after-free in tls_push_record+0x10b9/0x1480
[   47.076773] Write of size 1 at addr ffff8801c0b5aff2 by task syz-executor206/6161
[   47.084369] 
[   47.085983] CPU: 0 PID: 6161 Comm: syz-executor206 Not tainted 4.19.0-rc6+ #51
[   47.093319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.102652] Call Trace:
[   47.105226]  dump_stack+0x1c4/0x2b4
[   47.108834]  ? dump_stack_print_info.cold.2+0x52/0x52
[   47.114001]  ? printk+0xa7/0xcf
[   47.117261]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   47.122001]  print_address_description.cold.8+0x9/0x1ff
[   47.127346]  kasan_report.cold.9+0x242/0x309
[   47.131736]  ? tls_push_record+0x10b9/0x1480
[   47.136136]  __asan_report_store1_noabort+0x17/0x20
[   47.141132]  tls_push_record+0x10b9/0x1480
[   47.145349]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.150869]  ? lock_sock_nested+0x9a/0x120
[   47.155085]  tls_sw_push_pending_record+0x22/0x30
[   47.159906]  tls_sk_proto_close+0x69c/0xbb0
[   47.164210]  ? lock_acquire+0x1ed/0x520
[   47.168288]  ? tcp_check_oom+0x530/0x530
[   47.172330]  ? tls_write_space+0x390/0x390
[   47.176544]  ? arch_local_save_flags+0x40/0x40
[   47.181106]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.186623]  ? ipv6_sock_ac_close+0x34f/0x470
[   47.191102]  ? ipv6_sock_mc_close+0x162/0x1d0
[   47.195576]  ? ip_mc_drop_socket+0x20b/0x270
[   47.199971]  ? down_write+0x8a/0x130
[   47.203666]  inet_release+0x104/0x1f0
[   47.207468]  inet6_release+0x50/0x70
[   47.211167]  __sock_release+0xd7/0x250
[   47.215046]  ? __sock_release+0x250/0x250
[   47.219183]  sock_close+0x19/0x20
[   47.222734]  __fput+0x385/0xa30
[   47.225997]  ? get_max_files+0x20/0x20
[   47.229869]  ? do_raw_spin_lock+0xc1/0x200
[   47.234103]  ? ___might_sleep+0x1ed/0x300
[   47.238229]  ? arch_local_save_flags+0x40/0x40
[   47.242890]  ____fput+0x15/0x20
[   47.246150]  task_work_run+0x1e8/0x2a0
[   47.250025]  ? task_work_cancel+0x240/0x240
[   47.254328]  ? switch_task_namespaces+0xb8/0xd0
[   47.258979]  do_exit+0x1ad7/0x2610
[   47.262503]  ? mm_update_next_owner+0x990/0x990
[   47.267179]  ? ___might_sleep+0x1ed/0x300
[   47.271328]  ? arch_local_save_flags+0x40/0x40
[   47.275892]  ? do_raw_spin_unlock+0xa7/0x2f0
[   47.280281]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   47.284855]  ? lock_acquire+0x1ed/0x520
[   47.288807]  ? __might_sleep+0x95/0x190
[   47.292762]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.298281]  ? futex_wait_queue_me+0x55d/0x840
[   47.302847]  ? refill_pi_state_cache.part.9+0x320/0x320
[   47.308194]  ? futex_wait+0x309/0xa50
[   47.311991]  ? lock_downgrade+0x900/0x900
[   47.316117]  ? kasan_check_write+0x14/0x20
[   47.320344]  ? mark_held_locks+0x130/0x130
[   47.324557]  ? kasan_check_read+0x11/0x20
[   47.328685]  ? do_raw_spin_unlock+0xa7/0x2f0
[   47.333075]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   47.337641]  ? kasan_check_write+0x14/0x20
[   47.341858]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   47.347029]  ? drop_futex_key_refs.isra.15+0x6d/0xe0
[   47.352112]  ? futex_wait+0x5ec/0xa50
[   47.355896]  ? futex_wait_setup+0x3e0/0x3e0
[   47.360202]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   47.365372]  ? drop_futex_key_refs.isra.15+0x6d/0xe0
[   47.370454]  ? futex_wake+0x304/0x760
[   47.374269]  ? memset+0x31/0x40
[   47.377536]  ? __dequeue_signal+0xf9/0x7d0
[   47.381766]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   47.387301]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.392821]  ? get_signal+0x95b/0x1980
[   47.396692]  ? lock_downgrade+0x900/0x900
[   47.400828]  do_group_exit+0x177/0x440
[   47.404699]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   47.410131]  ? __ia32_sys_exit+0x50/0x50
[   47.414180]  ? kasan_check_write+0x14/0x20
[   47.418394]  ? do_raw_spin_lock+0xc1/0x200
[   47.422613]  get_signal+0x8b0/0x1980
[   47.426309]  ? ptrace_notify+0x130/0x130
[   47.430354]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.435875]  ? do_tcp_setsockopt.isra.40+0x202/0x2770
[   47.441045]  ? tcp_peek_len+0x2c0/0x2c0
[   47.445000]  ? release_sock+0x1ec/0x2c0
[   47.448953]  do_signal+0x9c/0x21e0
[   47.452475]  ? sock_has_perm+0x2bc/0x3e0
[   47.456519]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[   47.461861]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.467393]  ? setup_sigcontext+0x7d0/0x7d0
[   47.471785]  ? selinux_netlbl_sock_rcv_skb+0x6f0/0x6f0
[   47.477044]  ? release_sock+0x1ec/0x2c0
[   47.480999]  ? tcp_setsockopt+0x9a/0xe0
[   47.484963]  ? __x64_sys_futex+0x47f/0x6a0
[   47.489210]  exit_to_usermode_loop+0x2e5/0x380
[   47.493777]  ? syscall_slow_exit_work+0x520/0x520
[   47.498602]  do_syscall_64+0x6be/0x820
[   47.502471]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   47.507814]  ? syscall_return_slowpath+0x5e0/0x5e0
[   47.512725]  ? trace_hardirqs_on_caller+0x310/0x310
[   47.517724]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   47.522719]  ? recalc_sigpending_tsk+0x180/0x180
[   47.527545]  ? kasan_check_write+0x14/0x20
[   47.531761]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   47.536584]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.541749] RIP: 0033:0x446e79
[   47.544922] Code: 00 2f 75 73 72 2f 6c 69 62 2f 72 73 79 73 6c 6f 67 2f 00 4d 6f 64 75 6c 65 20 27 25 73 27 20 61 6c 72 65 61 64 79 20 6c 6f 61 <64> 65 64 0a 00 6c 6f 61 64 69 6e 67 20 6d 6f 64 75 6c 65 20 27 25
[   47.563807] RSP: 002b:00007fd78eb35da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   47.571512] RAX: fffffffffffffe00 RBX: 00000000006dcc58 RCX: 0000000000446e79
[   47.578760] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dcc58
[   47.586107] RBP: 00000000006dcc50 R08: 0000000000000000 R09: 0000000000000000
[   47.593359] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc5c
[   47.600610] R13: 4000000000000001 R14: 00007fd78eb369c0 R15: 0000000000000001
[   47.607861] 
[   47.609465] The buggy address belongs to the page:
[   47.614374] page:ffffea000702d680 count:0 mapcount:0 mapping:0000000000000000 index:0xffff8801c0b5aa80
[   47.623816] flags: 0x2fffc0000000000()
[   47.627685] raw: 02fffc0000000000 0000000000000000 dead000000000200 0000000000000000
[   47.635556] raw: ffff8801c0b5aa80 ffff8801c0b5aa80 00000000ffffffff 0000000000000000
[   47.643410] page dumped because: kasan: bad access detected
[   47.649094] 
[   47.650697] Memory state around the buggy address:
[   47.655607]  ffff8801c0b5ae80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   47.663538]  ffff8801c0b5af00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   47.670878] >ffff8801c0b5af80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   47.678231]                                                              ^
[   47.685225]  ffff8801c0b5b000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   47.692578]  ffff8801c0b5b080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   47.699913] ==================================================================
[   47.708581] Kernel panic - not syncing: panic_on_warn set ...
[   47.708581] 
[   47.715961] CPU: 1 PID: 6161 Comm: syz-executor206 Tainted: G    B             4.19.0-rc6+ #51
[   47.724689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.734019] Call Trace:
[   47.736692]  dump_stack+0x1c4/0x2b4
[   47.740302]  ? dump_stack_print_info.cold.2+0x52/0x52
[   47.745478]  panic+0x238/0x4e7
[   47.748655]  ? add_taint.cold.5+0x16/0x16
[   47.752793]  ? preempt_schedule+0x4d/0x60
[   47.756921]  ? ___preempt_schedule+0x16/0x18
[   47.761310]  ? trace_hardirqs_on+0xb4/0x310
[   47.765612]  kasan_end_report+0x47/0x4f
[   47.769568]  kasan_report.cold.9+0x76/0x309
[   47.773870]  ? tls_push_record+0x10b9/0x1480
[   47.778260]  __asan_report_store1_noabort+0x17/0x20
[   47.783256]  tls_push_record+0x10b9/0x1480
[   47.787471]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.793104]  ? lock_sock_nested+0x9a/0x120
[   47.797328]  tls_sw_push_pending_record+0x22/0x30
[   47.802152]  tls_sk_proto_close+0x69c/0xbb0
[   47.806455]  ? lock_acquire+0x1ed/0x520
[   47.810417]  ? tcp_check_oom+0x530/0x530
[   47.814464]  ? tls_write_space+0x390/0x390
[   47.818680]  ? arch_local_save_flags+0x40/0x40
[   47.823255]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.828778]  ? ipv6_sock_ac_close+0x34f/0x470
[   47.833256]  ? ipv6_sock_mc_close+0x162/0x1d0
[   47.837734]  ? ip_mc_drop_socket+0x20b/0x270
[   47.842128]  ? down_write+0x8a/0x130
[   47.845823]  inet_release+0x104/0x1f0
[   47.849606]  inet6_release+0x50/0x70
[   47.853305]  __sock_release+0xd7/0x250
[   47.857181]  ? __sock_release+0x250/0x250
[   47.861307]  sock_close+0x19/0x20
[   47.864742]  __fput+0x385/0xa30
[   47.868000]  ? get_max_files+0x20/0x20
[   47.871868]  ? do_raw_spin_lock+0xc1/0x200
[   47.876091]  ? ___might_sleep+0x1ed/0x300
[   47.880240]  ? arch_local_save_flags+0x40/0x40
[   47.884806]  ____fput+0x15/0x20
[   47.888066]  task_work_run+0x1e8/0x2a0
[   47.891934]  ? task_work_cancel+0x240/0x240
[   47.896237]  ? switch_task_namespaces+0xb8/0xd0
[   47.900888]  do_exit+0x1ad7/0x2610
[   47.904412]  ? mm_update_next_owner+0x990/0x990
[   47.909064]  ? ___might_sleep+0x1ed/0x300
[   47.913193]  ? arch_local_save_flags+0x40/0x40
[   47.917763]  ? do_raw_spin_unlock+0xa7/0x2f0
[   47.922154]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   47.926718]  ? lock_acquire+0x1ed/0x520
[   47.930675]  ? __might_sleep+0x95/0x190
[   47.934638]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.940160]  ? futex_wait_queue_me+0x55d/0x840
[   47.944726]  ? refill_pi_state_cache.part.9+0x320/0x320
[   47.950075]  ? futex_wait+0x309/0xa50
[   47.953862]  ? lock_downgrade+0x900/0x900
[   47.957989]  ? kasan_check_write+0x14/0x20
[   47.962208]  ? mark_held_locks+0x130/0x130
[   47.966421]  ? kasan_check_read+0x11/0x20
[   47.970551]  ? do_raw_spin_unlock+0xa7/0x2f0
[   47.974941]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   47.979507]  ? kasan_check_write+0x14/0x20
[   47.983722]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   47.988912]  ? drop_futex_key_refs.isra.15+0x6d/0xe0
[   47.993998]  ? futex_wait+0x5ec/0xa50
[   47.997784]  ? futex_wait_setup+0x3e0/0x3e0
[   48.002085]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   48.007264]  ? drop_futex_key_refs.isra.15+0x6d/0xe0
[   48.012349]  ? futex_wake+0x304/0x760
[   48.016134]  ? memset+0x31/0x40
[   48.019402]  ? __dequeue_signal+0xf9/0x7d0
[   48.023640]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   48.029158]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   48.034674]  ? get_signal+0x95b/0x1980
[   48.038541]  ? lock_downgrade+0x900/0x900
[   48.042674]  do_group_exit+0x177/0x440
[   48.046544]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   48.051979]  ? __ia32_sys_exit+0x50/0x50
[   48.056027]  ? kasan_check_write+0x14/0x20
[   48.060245]  ? do_raw_spin_lock+0xc1/0x200
[   48.064461]  get_signal+0x8b0/0x1980
[   48.068156]  ? ptrace_notify+0x130/0x130
[   48.072198]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   48.077731]  ? do_tcp_setsockopt.isra.40+0x202/0x2770
[   48.082914]  ? tcp_peek_len+0x2c0/0x2c0
[   48.086869]  ? release_sock+0x1ec/0x2c0
[   48.090823]  do_signal+0x9c/0x21e0
[   48.094344]  ? sock_has_perm+0x2bc/0x3e0
[   48.098388]  ? selinux_secmark_relabel_packet+0xe0/0xe0
[   48.103735]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   48.109253]  ? setup_sigcontext+0x7d0/0x7d0
[   48.113556]  ? selinux_netlbl_sock_rcv_skb+0x6f0/0x6f0
[   48.118815]  ? release_sock+0x1ec/0x2c0
[   48.122770]  ? tcp_setsockopt+0x9a/0xe0
[   48.126730]  ? __x64_sys_futex+0x47f/0x6a0
[   48.130948]  exit_to_usermode_loop+0x2e5/0x380
[   48.135510]  ? syscall_slow_exit_work+0x520/0x520
[   48.140337]  do_syscall_64+0x6be/0x820
[   48.144204]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   48.149549]  ? syscall_return_slowpath+0x5e0/0x5e0
[   48.154459]  ? trace_hardirqs_on_caller+0x310/0x310
[   48.159460]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   48.164472]  ? recalc_sigpending_tsk+0x180/0x180
[   48.169211]  ? kasan_check_write+0x14/0x20
[   48.173427]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   48.178254]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   48.183423] RIP: 0033:0x446e79
[   48.186597] Code: 00 2f 75 73 72 2f 6c 69 62 2f 72 73 79 73 6c 6f 67 2f 00 4d 6f 64 75 6c 65 20 27 25 73 27 20 61 6c 72 65 61 64 79 20 6c 6f 61 <64> 65 64 0a 00 6c 6f 61 64 69 6e 67 20 6d 6f 64 75 6c 65 20 27 25
[   48.205481] RSP: 002b:00007fd78eb35da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   48.213170] RAX: fffffffffffffe00 RBX: 00000000006dcc58 RCX: 0000000000446e79
[   48.220418] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dcc58
[   48.227669] RBP: 00000000006dcc50 R08: 0000000000000000 R09: 0000000000000000
[   48.234917] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc5c
[   48.242166] R13: 4000000000000001 R14: 00007fd78eb369c0 R15: 0000000000000001
[   48.250381] Kernel Offset: disabled
[   48.254001] Rebooting in 86400 seconds..