[   37.174923] audit: type=1800 audit(1545715052.009:25): pid=7669 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   37.201587] audit: type=1800 audit(1545715052.009:26): pid=7669 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   37.231675] audit: type=1800 audit(1545715052.009:27): pid=7669 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] startpar: service(s) returned failure: rsyslog ...[?25l[?1c7[1G[[31mFAIL[39;49m8[?25h[?0c [31mfailed![39;49m

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.61' (ECDSA) to the list of known hosts.
2018/12/25 05:18:38 parsed 1 programs
2018/12/25 05:18:40 executed programs: 0
syzkaller login: [  105.610417] IPVS: ftp: loaded support on port[0] = 21
[  105.865211] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.872525] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.879883] device bridge_slave_0 entered promiscuous mode
[  105.898412] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.905004] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.912313] device bridge_slave_1 entered promiscuous mode
[  105.930587] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  105.950481] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  105.999659] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  106.020227] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  106.095463] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  106.103103] team0: Port device team_slave_0 added
[  106.119491] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  106.126870] team0: Port device team_slave_1 added
[  106.143945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  106.163511] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  106.184571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  106.206000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  106.360002] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.366508] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.373380] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.379833] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.917716] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.972995] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  107.026477] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  107.032658] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  107.041644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  107.088198] 8021q: adding VLAN 0 to HW filter on device team0
[  107.450299] ==================================================================
[  107.457992] BUG: KASAN: use-after-free in filemap_fault+0x2818/0x2a70
[  107.464553] Read of size 8 at addr ffff8881d918a398 by task syz-executor0/8138
[  107.471897] 
[  107.473517] CPU: 1 PID: 8138 Comm: syz-executor0 Not tainted 4.20.0-rc7-next-20181224 #188
[  107.482011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  107.491356] Call Trace:
[  107.494023]  dump_stack+0x1d3/0x2c6
[  107.497646]  ? dump_stack_print_info.cold.1+0x20/0x20
[  107.502848]  ? printk+0xa7/0xcf
[  107.506135]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[  107.510900]  print_address_description.cold.5+0x9/0x1ff
[  107.516255]  ? filemap_fault+0x2818/0x2a70
[  107.520557]  kasan_report.cold.6+0x1b/0x39
[  107.524811]  ? filemap_fault+0x2818/0x2a70
[  107.529043]  ? filemap_fault+0x2818/0x2a70
[  107.533267]  __asan_report_load8_noabort+0x14/0x20
[  107.538185]  filemap_fault+0x2818/0x2a70
[  107.542238]  ? grab_cache_page_write_begin+0xa0/0xa0
[  107.547464]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  107.552569]  ? try_to_wake_up+0x11c/0x1460
[  107.556802]  ? graph_lock+0x270/0x270
[  107.560603]  ? migrate_swap_stop+0x930/0x930
[  107.565124]  ? find_held_lock+0x36/0x1c0
[  107.569174]  ? futex_wake+0x613/0x760
[  107.572959]  ? graph_lock+0x270/0x270
[  107.576745]  ? kasan_check_read+0x11/0x20
[  107.580878]  ? do_raw_spin_unlock+0xa7/0x330
[  107.585270]  ? do_raw_spin_trylock+0x270/0x270
[  107.589843]  ? __lock_is_held+0xb5/0x140
[  107.593977]  ? lock_acquire+0x1ed/0x520
[  107.597963]  ? ext4_filemap_fault+0x7a/0xad
[  107.602275]  ? lock_release+0xa00/0xa00
[  107.606276]  ? arch_local_save_flags+0x40/0x40
[  107.610847]  ? get_futex_key+0x21b0/0x21b0
[  107.615075]  ? down_read+0x8d/0x120
[  107.618690]  ? ext4_filemap_fault+0x7a/0xad
[  107.623117]  ? __down_interruptible+0x700/0x700
[  107.627789]  ext4_filemap_fault+0x82/0xad
[  107.631941]  __do_fault+0x176/0x6f0
[  107.635565]  ? kasan_check_write+0x14/0x20
[  107.639794]  ? lock_page+0x170/0x170
[  107.643504]  ? pmd_val+0x88/0x100
[  107.646949]  ? add_mm_counter_fast+0xd0/0xd0
[  107.651340]  ? add_mm_counter_fast+0xd0/0xd0
[  107.655737]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  107.661263]  __handle_mm_fault+0x373b/0x55f0
[  107.665662]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  107.670488]  ? graph_lock+0x270/0x270
[  107.674289]  ? find_held_lock+0x36/0x1c0
[  107.678346]  ? print_usage_bug+0xc0/0xc0
[  107.682401]  ? graph_lock+0x270/0x270
[  107.686184]  ? graph_lock+0x270/0x270
[  107.689981]  ? handle_mm_fault+0x42a/0xc70
[  107.694235]  ? lock_downgrade+0x900/0x900
[  107.698370]  ? check_preemption_disabled+0x48/0x280
[  107.703379]  ? kasan_check_read+0x11/0x20
[  107.707517]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  107.712779]  ? rcu_read_unlock_special+0x370/0x370
[  107.717699]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  107.723225]  ? check_preemption_disabled+0x48/0x280
[  107.728241]  handle_mm_fault+0x54f/0xc70
[  107.732288]  ? __handle_mm_fault+0x55f0/0x55f0
[  107.736859]  ? find_vma+0x34/0x190
[  107.740386]  __do_page_fault+0x5f6/0xd70
[  107.744444]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  107.749970]  do_page_fault+0xf2/0x7e0
[  107.753754]  ? vmalloc_sync_all+0x30/0x30
[  107.757907]  ? error_entry+0x70/0xd0
[  107.761607]  ? trace_hardirqs_off_caller+0xbb/0x310
[  107.766614]  ? trace_hardirqs_on_caller+0xc0/0x310
[  107.771527]  ? syscall_return_slowpath+0x5e0/0x5e0
[  107.776439]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  107.781265]  ? trace_hardirqs_on_caller+0x310/0x310
[  107.786264]  ? trace_hardirqs_off+0x310/0x310
[  107.790758]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  107.795760]  ? prepare_exit_to_usermode+0x291/0x3b0
[  107.800775]  ? page_fault+0x8/0x30
[  107.804315]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  107.809149]  ? page_fault+0x8/0x30
[  107.812675]  page_fault+0x1e/0x30
[  107.816196] RIP: 0033:0x43ea69
[  107.819385] Code: b7 0e 66 89 0f 48 83 c6 02 48 83 c7 02 0f 1f 40 00 f6 c2 04 74 0c 8b 0e 89 0f 48 83 c6 04 48 83 c7 04 f6 c2 08 74 0e 48 8b 0e <48> 89 0f 48 83 c6 08 48 83 c7 08 81 e2 f0 00 00 00 74 1f 0f 1f 40
[  107.838272] RSP: 002b:00007ffcb1ace4a8 EFLAGS: 00010202
[  107.843617] RAX: 0000000020008ff8 RBX: 0000000000000003 RCX: 0031656c69662f2e
[  107.850878] RDX: 0000000000000008 RSI: 0000000000740238 RDI: 0000000020008ff8
[  107.858143] RBP: 000000000073bf00 R08: 0000000000740218 R09: 0000000000000000
[  107.865715] R10: 00007ffcb1ace560 R11: 0000000000000246 R12: 0000000000000006
[  107.872969] R13: fffffffffffffffe R14: 000000000073bf0c R15: 000000000073bf0c
[  107.880242] 
[  107.881855] Allocated by task 8139:
[  107.885468]  save_stack+0x43/0xd0
[  107.888907]  kasan_kmalloc+0xcb/0xd0
[  107.892608]  kasan_slab_alloc+0x12/0x20
[  107.896573]  kmem_cache_alloc+0x130/0x730
[  107.900705]  vm_area_alloc+0x7a/0x1d0
[  107.904490]  mmap_region+0x9d7/0x1cd0
[  107.908271]  do_mmap+0xa22/0x1230
[  107.911708]  vm_mmap_pgoff+0x213/0x2c0
[  107.915586]  ksys_mmap_pgoff+0x4da/0x660
[  107.919634]  __x64_sys_mmap+0xe9/0x1b0
[  107.923507]  do_syscall_64+0x1b9/0x820
[  107.927400]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  107.932569] 
[  107.934176] Freed by task 8139:
[  107.937456]  save_stack+0x43/0xd0
[  107.940910]  __kasan_slab_free+0x102/0x150
[  107.945155]  kasan_slab_free+0xe/0x10
[  107.948942]  kmem_cache_free+0x83/0x290
[  107.952904]  vm_area_free+0x1c/0x20
[  107.956517]  remove_vma+0x13a/0x180
[  107.960126]  __do_munmap+0x729/0xf50
[  107.963825]  mmap_region+0x6a7/0x1cd0
[  107.967609]  do_mmap+0xa22/0x1230
[  107.971043]  vm_mmap_pgoff+0x213/0x2c0
[  107.974922]  ksys_mmap_pgoff+0x4da/0x660
[  107.978972]  __x64_sys_mmap+0xe9/0x1b0
[  107.982844]  do_syscall_64+0x1b9/0x820
[  107.986718]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  107.991884] 
[  107.993495] The buggy address belongs to the object at ffff8881d918a358
[  107.993495]  which belongs to the cache vm_area_struct(17:syz0) of size 200
[  108.007175] The buggy address is located 64 bytes inside of
[  108.007175]  200-byte region [ffff8881d918a358, ffff8881d918a420)
[  108.018946] The buggy address belongs to the page:
[  108.023867] page:ffffea0007646280 count:1 mapcount:0 mapping:ffff8881b2ebdcc0 index:0x0
[  108.031992] flags: 0x2fffc0000000200(slab)
[  108.036234] raw: 02fffc0000000200 ffffea0006e76f48 ffffea0006da9588 ffff8881b2ebdcc0
[  108.044104] raw: 0000000000000000 ffff8881d918a040 000000010000000f ffff8881d2544d00
[  108.051963] page dumped because: kasan: bad access detected
[  108.057654] page->mem_cgroup:ffff8881d2544d00
[  108.062127] 
[  108.063735] Memory state around the buggy address:
[  108.068659]  ffff8881d918a280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  108.076002]  ffff8881d918a300: 00 00 00 fc fc fc fc fc fc fc fc fb fb fb fb fb
[  108.083349] >ffff8881d918a380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  108.090687]                             ^
[  108.094816]  ffff8881d918a400: fb fb fb fb fc fc fc fc fc fc fc fc fb fb fb fb
[  108.102157]  ffff8881d918a480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  108.109497] ==================================================================
[  108.116843] Disabling lock debugging due to kernel taint
[  108.125267] Kernel panic - not syncing: panic_on_warn set ...
[  108.131216] CPU: 0 PID: 8138 Comm: syz-executor0 Tainted: G    B             4.20.0-rc7-next-20181224 #188
[  108.140987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  108.150322] Call Trace:
[  108.152892]  dump_stack+0x1d3/0x2c6
[  108.156514]  ? dump_stack_print_info.cold.1+0x20/0x20
[  108.161718]  ? filemap_fault+0x27a0/0x2a70
[  108.165961]  panic+0x2ad/0x632
[  108.169142]  ? add_taint.cold.5+0x16/0x16
[  108.173272]  ? preempt_schedule+0x4d/0x60
[  108.177403]  ? ___preempt_schedule+0x16/0x18
[  108.181902]  ? trace_hardirqs_on+0xb4/0x310
[  108.186207]  ? filemap_fault+0x2818/0x2a70
[  108.190422]  end_report+0x47/0x4f
[  108.193856]  kasan_report.cold.6+0xe/0x39
[  108.197990]  ? filemap_fault+0x2818/0x2a70
[  108.202210]  ? filemap_fault+0x2818/0x2a70
[  108.206446]  __asan_report_load8_noabort+0x14/0x20
[  108.211359]  filemap_fault+0x2818/0x2a70
[  108.215406]  ? grab_cache_page_write_begin+0xa0/0xa0
[  108.220495]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  108.225591]  ? try_to_wake_up+0x11c/0x1460
[  108.229807]  ? graph_lock+0x270/0x270
[  108.233609]  ? migrate_swap_stop+0x930/0x930
[  108.238001]  ? find_held_lock+0x36/0x1c0
[  108.242042]  ? futex_wake+0x613/0x760
[  108.245820]  ? graph_lock+0x270/0x270
[  108.249605]  ? kasan_check_read+0x11/0x20
[  108.253732]  ? do_raw_spin_unlock+0xa7/0x330
[  108.258123]  ? do_raw_spin_trylock+0x270/0x270
[  108.262690]  ? __lock_is_held+0xb5/0x140
[  108.266735]  ? lock_acquire+0x1ed/0x520
[  108.270783]  ? ext4_filemap_fault+0x7a/0xad
[  108.275179]  ? lock_release+0xa00/0xa00
[  108.279159]  ? arch_local_save_flags+0x40/0x40
[  108.283728]  ? get_futex_key+0x21b0/0x21b0
[  108.287953]  ? down_read+0x8d/0x120
[  108.291563]  ? ext4_filemap_fault+0x7a/0xad
[  108.295960]  ? __down_interruptible+0x700/0x700
[  108.300614]  ext4_filemap_fault+0x82/0xad
[  108.304756]  __do_fault+0x176/0x6f0
[  108.308377]  ? kasan_check_write+0x14/0x20
[  108.312592]  ? lock_page+0x170/0x170
[  108.316284]  ? pmd_val+0x88/0x100
[  108.319721]  ? add_mm_counter_fast+0xd0/0xd0
[  108.324109]  ? add_mm_counter_fast+0xd0/0xd0
[  108.328501]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  108.334031]  __handle_mm_fault+0x373b/0x55f0
[  108.338433]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[  108.343257]  ? graph_lock+0x270/0x270
[  108.347034]  ? find_held_lock+0x36/0x1c0
[  108.351074]  ? print_usage_bug+0xc0/0xc0
[  108.355132]  ? graph_lock+0x270/0x270
[  108.358915]  ? graph_lock+0x270/0x270
[  108.362701]  ? handle_mm_fault+0x42a/0xc70
[  108.366917]  ? lock_downgrade+0x900/0x900
[  108.371048]  ? check_preemption_disabled+0x48/0x280
[  108.376058]  ? kasan_check_read+0x11/0x20
[  108.380204]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  108.385466]  ? rcu_read_unlock_special+0x370/0x370
[  108.390376]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  108.395894]  ? check_preemption_disabled+0x48/0x280
[  108.400895]  handle_mm_fault+0x54f/0xc70
[  108.404940]  ? __handle_mm_fault+0x55f0/0x55f0
[  108.409507]  ? find_vma+0x34/0x190
[  108.413039]  __do_page_fault+0x5f6/0xd70
[  108.417085]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  108.422607]  do_page_fault+0xf2/0x7e0
[  108.426408]  ? vmalloc_sync_all+0x30/0x30
[  108.430543]  ? error_entry+0x70/0xd0
[  108.434237]  ? trace_hardirqs_off_caller+0xbb/0x310
[  108.439246]  ? trace_hardirqs_on_caller+0xc0/0x310
[  108.444155]  ? syscall_return_slowpath+0x5e0/0x5e0
[  108.449063]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  108.453887]  ? trace_hardirqs_on_caller+0x310/0x310
[  108.458893]  ? trace_hardirqs_off+0x310/0x310
[  108.463391]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  108.468392]  ? prepare_exit_to_usermode+0x291/0x3b0
[  108.473388]  ? page_fault+0x8/0x30
[  108.476915]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  108.481745]  ? page_fault+0x8/0x30
[  108.485266]  page_fault+0x1e/0x30
[  108.488702] RIP: 0033:0x43ea69
[  108.491880] Code: b7 0e 66 89 0f 48 83 c6 02 48 83 c7 02 0f 1f 40 00 f6 c2 04 74 0c 8b 0e 89 0f 48 83 c6 04 48 83 c7 04 f6 c2 08 74 0e 48 8b 0e <48> 89 0f 48 83 c6 08 48 83 c7 08 81 e2 f0 00 00 00 74 1f 0f 1f 40
[  108.510765] RSP: 002b:00007ffcb1ace4a8 EFLAGS: 00010202
[  108.516120] RAX: 0000000020008ff8 RBX: 0000000000000003 RCX: 0031656c69662f2e
[  108.523371] RDX: 0000000000000008 RSI: 0000000000740238 RDI: 0000000020008ff8
[  108.530620] RBP: 000000000073bf00 R08: 0000000000740218 R09: 0000000000000000
[  108.537876] R10: 00007ffcb1ace560 R11: 0000000000000246 R12: 0000000000000006
[  108.545145] R13: fffffffffffffffe R14: 000000000073bf0c R15: 000000000073bf0c
[  108.553664] Kernel Offset: disabled
[  108.557288] Rebooting in 86400 seconds..