Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context mai[   37.305423] audit: type=1800 audit(1570075053.174:33): pid=7321 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
ntaining daemon: restorecond[?2[   37.328563] audit: type=1800 audit(1570075053.174:34): pid=7321 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0
5l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   41.234858] audit: type=1400 audit(1570075057.104:35): avc:  denied  { map } for  pid=7496 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts.
executing program
[   66.220514] audit: type=1400 audit(1570075082.084:36): avc:  denied  { map } for  pid=7508 comm="syz-executor177" path="/root/syz-executor177579298" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   66.261127] FAULT_INJECTION: forcing a failure.
[   66.261127] name failslab, interval 1, probability 0, space 0, times 1
[   66.272492] CPU: 0 PID: 7508 Comm: syz-executor177 Not tainted 4.19.76 #0
[   66.279426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.288775] Call Trace:
[   66.291352]  dump_stack+0x172/0x1f0
[   66.294968]  should_fail.cold+0xa/0x1b
[   66.298854]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[   66.303951]  ? lock_downgrade+0x880/0x880
[   66.308089]  __should_failslab+0x121/0x190
[   66.312307]  should_failslab+0x9/0x14
[   66.316091]  __kmalloc+0x2e2/0x750
[   66.319615]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   66.325138]  ? __sk_mem_schedule+0xac/0xe0
[   66.329369]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   66.334894]  ? tls_push_record+0x107/0x13a0
[   66.339222]  tls_push_record+0x107/0x13a0
[   66.343373]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   66.348979]  ? alloc_encrypted_sg+0xa8/0x110
[   66.353397]  tls_sw_sendpage+0x538/0xd50
[   66.357460]  ? tls_sw_sendmsg+0x1240/0x1240
[   66.361769]  ? pipe_lock+0x6e/0x80
[   66.365294]  ? tls_sw_sendmsg+0x1240/0x1240
[   66.369718]  inet_sendpage+0x168/0x630
[   66.373749]  kernel_sendpage+0x92/0xf0
[   66.377631]  ? inet_sendmsg+0x5d0/0x5d0
[   66.381593]  sock_sendpage+0x8b/0xc0
[   66.385295]  pipe_to_sendpage+0x296/0x360
[   66.389425]  ? kernel_sendpage+0xf0/0xf0
[   66.393471]  ? direct_splice_actor+0x190/0x190
[   66.398060]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   66.403581]  ? anon_pipe_buf_release+0x1c6/0x270
[   66.408324]  __splice_from_pipe+0x391/0x7d0
[   66.412638]  ? direct_splice_actor+0x190/0x190
[   66.417204]  ? direct_splice_actor+0x190/0x190
[   66.421777]  splice_from_pipe+0x108/0x170
[   66.425914]  ? splice_shrink_spd+0xd0/0xd0
[   66.430138]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   66.435669]  ? security_file_permission+0x89/0x230
[   66.440581]  generic_splice_sendpage+0x3c/0x50
[   66.445145]  ? splice_from_pipe+0x170/0x170
[   66.449452]  do_splice+0x642/0x12c0
[   66.453062]  ? __sb_end_write+0xd9/0x110
[   66.457127]  ? vfs_write+0x160/0x560
[   66.460834]  ? opipe_prep.part.0+0x2d0/0x2d0
[   66.465236]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   66.470755]  ? __fget_light+0x1a9/0x230
[   66.474730]  __x64_sys_splice+0x2c6/0x330
[   66.478876]  do_syscall_64+0xfd/0x620
[   66.482663]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   66.487843] RIP: 0033:0x440699
[   66.491021] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   66.509918] RSP: 002b:00007fffe78b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[   66.517616] RAX: ffffffffffffffda RBX: 00007fffe78b5040 RCX: 0000000000440699
[   66.524867] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
[   66.532131] RBP: 0000000000000005 R08: 000000011d100000 R09: 0000000000000000
[   66.539393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401f80
[   66.546752] R13: 0000000000402010 R14: 0000000000000000 R15: 0000000000000000
[   66.714527] ==================================================================
[   66.722021] BUG: KASAN: use-after-free in scatterwalk_copychunks+0x269/0x6a0
[   66.729881] Read of size 4096 at addr ffff8880a0a71000 by task syz-executor177/7508
[   66.737669] 
[   66.739297] CPU: 0 PID: 7508 Comm: syz-executor177 Not tainted 4.19.76 #0
[   66.746208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.756507] Call Trace:
[   66.759089]  dump_stack+0x172/0x1f0
[   66.762723]  ? scatterwalk_copychunks+0x269/0x6a0
[   66.767578]  print_address_description.cold+0x7c/0x20d
[   66.772846]  ? scatterwalk_copychunks+0x269/0x6a0
[   66.778042]  kasan_report.cold+0x8c/0x2ba
[   66.782176]  check_memory_region+0x123/0x190
[   66.786569]  memcpy+0x24/0x50
[   66.789668]  scatterwalk_copychunks+0x269/0x6a0
[   66.794329]  scatterwalk_map_and_copy+0x14d/0x1d0
[   66.799154]  ? scatterwalk_copychunks+0x6a0/0x6a0
[   66.803986]  ? rcu_read_lock_sched_held+0x110/0x130
[   66.810025]  ? __kmalloc+0x5e1/0x750
[   66.813733]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   66.818855]  ? gcmaes_encrypt.constprop.0+0x6c4/0xd90
[   66.824044]  gcmaes_encrypt.constprop.0+0x762/0xd90
[   66.829046]  ? save_stack+0x45/0xd0
[   66.832660]  ? kasan_kmalloc+0xce/0xf0
[   66.836544]  ? tls_push_record+0x107/0x13a0
[   66.841037]  ? gcmaes_crypt_by_sg.constprop.0+0x1850/0x1850
[   66.846745]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   66.852117]  ? mark_held_locks+0x100/0x100
[   66.856425]  ? schedule_timeout+0x52c/0xfc0
[   66.860744]  ? remove_wait_queue+0x10f/0x190
[   66.865168]  ? find_held_lock+0x35/0x130
[   66.869216]  ? fs_reclaim_acquire+0x20/0x20
[   66.873528]  ? __lock_is_held+0xb6/0x140
[   66.877575]  ? should_fail+0x14d/0x85c
[   66.881466]  generic_gcmaes_encrypt+0x108/0x160
[   66.886141]  ? generic_gcmaes_encrypt+0x108/0x160
[   66.890971]  ? helper_rfc4106_encrypt+0x390/0x390
[   66.895809]  ? __kmalloc+0x5e1/0x750
[   66.899509]  ? sk_stream_wait_memory+0xadc/0xe50
[   66.904257]  gcmaes_wrapper_encrypt+0x15f/0x200
[   66.908917]  tls_push_record+0x9c0/0x13a0
[   66.913064]  tls_sw_sendpage+0x538/0xd50
[   66.917266]  ? tls_sw_sendmsg+0x1240/0x1240
[   66.921591]  ? pipe_lock+0x6e/0x80
[   66.925120]  ? tls_sw_sendmsg+0x1240/0x1240
[   66.929441]  inet_sendpage+0x168/0x630
[   66.933316]  kernel_sendpage+0x92/0xf0
[   66.937200]  ? inet_sendmsg+0x5d0/0x5d0
[   66.941244]  sock_sendpage+0x8b/0xc0
[   66.945131]  pipe_to_sendpage+0x296/0x360
[   66.949266]  ? kernel_sendpage+0xf0/0xf0
[   66.953398]  ? direct_splice_actor+0x190/0x190
[   66.957966]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   66.963487]  ? anon_pipe_buf_release+0x1c6/0x270
[   66.968227]  __splice_from_pipe+0x391/0x7d0
[   66.972548]  ? direct_splice_actor+0x190/0x190
[   66.977120]  ? direct_splice_actor+0x190/0x190
[   66.981688]  splice_from_pipe+0x108/0x170
[   66.985843]  ? splice_shrink_spd+0xd0/0xd0
[   66.990248]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   66.995817]  ? security_file_permission+0x89/0x230
[   67.000743]  generic_splice_sendpage+0x3c/0x50
[   67.005312]  ? splice_from_pipe+0x170/0x170
[   67.009632]  do_splice+0x642/0x12c0
[   67.013245]  ? __sb_end_write+0xd9/0x110
[   67.017287]  ? vfs_write+0x160/0x560
[   67.020996]  ? opipe_prep.part.0+0x2d0/0x2d0
[   67.025391]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   67.030936]  ? __fget_light+0x1a9/0x230
[   67.035093]  __x64_sys_splice+0x2c6/0x330
[   67.039228]  do_syscall_64+0xfd/0x620
[   67.043011]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   67.048395] RIP: 0033:0x440699
[   67.051580] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   67.071224] RSP: 002b:00007fffe78b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[   67.078936] RAX: ffffffffffffffda RBX: 00007fffe78b5040 RCX: 0000000000440699
[   67.086188] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
[   67.093471] RBP: 0000000000000005 R08: 000000011d100000 R09: 0000000000000000
[   67.100725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401f80
[   67.107992] R13: 0000000000402010 R14: 0000000000000000 R15: 0000000000000000
[   67.115428] 
[   67.117059] Allocated by task 5909:
[   67.120687]  save_stack+0x45/0xd0
[   67.124130]  kasan_kmalloc+0xce/0xf0
[   67.128098]  kasan_slab_alloc+0xf/0x20
[   67.132151]  kmem_cache_alloc+0x12e/0x700
[   67.136297]  anon_vma_fork+0x1ea/0x4a0
[   67.140184]  copy_process.part.0+0x34e5/0x7a30
[   67.144776]  _do_fork+0x257/0xfd0
[   67.148231]  __x64_sys_clone+0xbf/0x150
[   67.152228]  do_syscall_64+0xfd/0x620
[   67.156019]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   67.161187] 
[   67.162803] Freed by task 5914:
[   67.166065]  save_stack+0x45/0xd0
[   67.169500]  __kasan_slab_free+0x102/0x150
[   67.173717]  kasan_slab_free+0xe/0x10
[   67.177499]  kmem_cache_free+0x86/0x260
[   67.181458]  unlink_anon_vmas+0x487/0x860
[   67.185608]  free_pgtables+0x1af/0x2f0
[   67.189476]  exit_mmap+0x2d1/0x530
[   67.193015]  mmput+0x15f/0x4c0
[   67.196211]  flush_old_exec+0x8d9/0x1c20
[   67.200268]  load_elf_binary+0x9c0/0x5350
[   67.204403]  search_binary_handler+0x179/0x570
[   67.208970]  __do_execve_file.isra.0+0x1227/0x2150
[   67.213882]  __x64_sys_execve+0x8f/0xc0
[   67.217840]  do_syscall_64+0xfd/0x620
[   67.221627]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   67.226792] 
[   67.228412] The buggy address belongs to the object at ffff8880a0a71000
[   67.228412]  which belongs to the cache anon_vma_chain of size 80
[   67.241235] The buggy address is located 0 bytes inside of
[   67.241235]  80-byte region [ffff8880a0a71000, ffff8880a0a71050)
[   67.252837] The buggy address belongs to the page:
[   67.257749] page:ffffea0002829c40 count:1 mapcount:0 mapping:ffff88821bc334c0 index:0x0
[   67.265888] flags: 0x1fffc0000000100(slab)
[   67.270205] raw: 01fffc0000000100 ffffea00026d7d08 ffffea000280cb48 ffff88821bc334c0
[   67.278081] raw: 0000000000000000 ffff8880a0a71000 0000000100000024 0000000000000000
[   67.285939] page dumped because: kasan: bad access detected
[   67.291634] 
[   67.293337] Memory state around the buggy address:
[   67.298258]  ffff8880a0a70f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   67.305608]  ffff8880a0a70f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   67.312958] >ffff8880a0a71000: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fb fb
[   67.320295]                    ^
[   67.323645]  ffff8880a0a71080: fb fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb
[   67.330985]  ffff8880a0a71100: fb fb fb fb fb fb fc fc fc fc fb fb fb fb fb fb
[   67.338344] ==================================================================
[   67.345808] Disabling lock debugging due to kernel taint
[   67.351379] Kernel panic - not syncing: panic_on_warn set ...
[   67.351379] 
[   67.358753] CPU: 0 PID: 7508 Comm: syz-executor177 Tainted: G    B             4.19.76 #0
[   67.367053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   67.376473] Call Trace:
[   67.379061]  dump_stack+0x172/0x1f0
[   67.382687]  ? scatterwalk_copychunks+0x269/0x6a0
[   67.387611]  panic+0x263/0x507
[   67.390797]  ? __warn_printk+0xf3/0xf3
[   67.394675]  ? scatterwalk_copychunks+0x269/0x6a0
[   67.399586]  ? trace_hardirqs_on+0x5e/0x220
[   67.403901]  ? trace_hardirqs_on+0x5e/0x220
[   67.408215]  ? scatterwalk_copychunks+0x269/0x6a0
[   67.413041]  kasan_end_report+0x47/0x4f
[   67.416998]  kasan_report.cold+0xa9/0x2ba
[   67.421127]  check_memory_region+0x123/0x190
[   67.425529]  memcpy+0x24/0x50
[   67.428617]  scatterwalk_copychunks+0x269/0x6a0
[   67.433268]  scatterwalk_map_and_copy+0x14d/0x1d0
[   67.438099]  ? scatterwalk_copychunks+0x6a0/0x6a0
[   67.442921]  ? rcu_read_lock_sched_held+0x110/0x130
[   67.447925]  ? __kmalloc+0x5e1/0x750
[   67.451624]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   67.456714]  ? gcmaes_encrypt.constprop.0+0x6c4/0xd90
[   67.461921]  gcmaes_encrypt.constprop.0+0x762/0xd90
[   67.466926]  ? save_stack+0x45/0xd0
[   67.470536]  ? kasan_kmalloc+0xce/0xf0
[   67.474424]  ? tls_push_record+0x107/0x13a0
[   67.478727]  ? gcmaes_crypt_by_sg.constprop.0+0x1850/0x1850
[   67.485158]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   67.490522]  ? mark_held_locks+0x100/0x100
[   67.494750]  ? schedule_timeout+0x52c/0xfc0
[   67.499056]  ? remove_wait_queue+0x10f/0x190
[   67.503471]  ? find_held_lock+0x35/0x130
[   67.507514]  ? fs_reclaim_acquire+0x20/0x20
[   67.511827]  ? __lock_is_held+0xb6/0x140
[   67.515869]  ? should_fail+0x14d/0x85c
[   67.519751]  generic_gcmaes_encrypt+0x108/0x160
[   67.524488]  ? generic_gcmaes_encrypt+0x108/0x160
[   67.529310]  ? helper_rfc4106_encrypt+0x390/0x390
[   67.534137]  ? __kmalloc+0x5e1/0x750
[   67.537842]  ? sk_stream_wait_memory+0xadc/0xe50
[   67.542578]  gcmaes_wrapper_encrypt+0x15f/0x200
[   67.547231]  tls_push_record+0x9c0/0x13a0
[   67.551366]  tls_sw_sendpage+0x538/0xd50
[   67.555422]  ? tls_sw_sendmsg+0x1240/0x1240
[   67.559725]  ? pipe_lock+0x6e/0x80
[   67.563245]  ? tls_sw_sendmsg+0x1240/0x1240
[   67.567548]  inet_sendpage+0x168/0x630
[   67.571427]  kernel_sendpage+0x92/0xf0
[   67.575470]  ? inet_sendmsg+0x5d0/0x5d0
[   67.579435]  sock_sendpage+0x8b/0xc0
[   67.583131]  pipe_to_sendpage+0x296/0x360
[   67.587264]  ? kernel_sendpage+0xf0/0xf0
[   67.591318]  ? direct_splice_actor+0x190/0x190
[   67.595898]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   67.601414]  ? anon_pipe_buf_release+0x1c6/0x270
[   67.606152]  __splice_from_pipe+0x391/0x7d0
[   67.610453]  ? direct_splice_actor+0x190/0x190
[   67.615018]  ? direct_splice_actor+0x190/0x190
[   67.619579]  splice_from_pipe+0x108/0x170
[   67.623710]  ? splice_shrink_spd+0xd0/0xd0
[   67.627937]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   67.633454]  ? security_file_permission+0x89/0x230
[   67.638366]  generic_splice_sendpage+0x3c/0x50
[   67.642930]  ? splice_from_pipe+0x170/0x170
[   67.647232]  do_splice+0x642/0x12c0
[   67.650845]  ? __sb_end_write+0xd9/0x110
[   67.654895]  ? vfs_write+0x160/0x560
[   67.658591]  ? opipe_prep.part.0+0x2d0/0x2d0
[   67.663079]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   67.668599]  ? __fget_light+0x1a9/0x230
[   67.672555]  __x64_sys_splice+0x2c6/0x330
[   67.676689]  do_syscall_64+0xfd/0x620
[   67.680493]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   67.685926] RIP: 0033:0x440699
[   67.689103] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   67.708118] RSP: 002b:00007fffe78b5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[   67.716340] RAX: ffffffffffffffda RBX: 00007fffe78b5040 RCX: 0000000000440699
[   67.723678] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
[   67.732150] RBP: 0000000000000005 R08: 000000011d100000 R09: 0000000000000000
[   67.739684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401f80
[   67.747831] R13: 0000000000402010 R14: 0000000000000000 R15: 0000000000000000
[   67.756650] Kernel Offset: disabled
[   67.760711] Rebooting in 86400 seconds..