         Starting Permit User Sessions...
         Starting OpenBSD Secure Shell server...
[[0;32m  OK  [0m] Started Permit User Sessions.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.
[   12.753613][    C1] random: crng init done
[   12.755019][    C1] random: 7 urandom warning(s) missed due to ratelimiting
Warning: Permanently added '10.128.0.227' (ECDSA) to the list of known hosts.
2020/08/23 11:16:04 parsed 1 programs
2020/08/23 11:16:05 executed programs: 0
[[0m[0;31m*     [0m] A start job is running for dev-ttyS0.device (8s / 1min 30s)[K[[0;1;31m*[0m[0;31m*    [0m] A start job is running for dev-ttyS0.device (9s / 1min 30s)[K[[0;31m*[0;1;31m*[0m[0;31m*   [0m] A start job is running for dev-ttyS0.device (9s / 1min 30s)[K[ [0;31m*[0;1;31m*[0m[0;31m*  [0m] A start job is running for dev-ttyS0.device (10s / 1min 30s)[K[  [0;31m*[0;1;31m*[0m[0;31m* [0m] A start job is running for dev-ttyS0.device (11s / 1min 30s)[K[   [0;31m*[0;1;31m*[0m[0;31m*[0m] A start job is running for dev-ttyS0.device (11s / 1min 30s)[K[    [0;31m*[0;1;31m*[0m] A start job is running for dev-ttyS0.device (12s / 1min 30s)[K[     [0;31m*[0m] A start job is running for dev-ttyS0.device (13s / 1min 30s)[K[    [0;31m*[0;1;31m*[0m] A start job is running for dev-ttyS0.device (13s / 1min 30s)[K[   [0;31m*[0;1;31m*[0m[0;31m*[0m] A start job is running for dev-ttyS0.device (14s / 1min 30s)[K[  [0;31m*[0;1;31m*[0m[0;31m* [0m] A start job is running for dev-ttyS0.device (14s / 1min 30s)[K[ [0;31m*[0;1;31m*[0m[0;31m*  [0m] A start job is running for dev-ttyS0.device (15s / 1min 30s)[K[[0;31m*[0;1;31m*[0m[0;31m*   [0m] A start job is running for dev-ttyS0.device (16s / 1min 30s)[   22.869392][   T22] audit: type=1400 audit(1598181365.102:8): avc:  denied  { execmem } for  pid=362 comm="syz-executor.3" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   22.879313][  T365] cgroup1: Unknown subsys name 'perf_event'
[   22.896449][  T366] cgroup1: Unknown subsys name 'perf_event'
[   22.899949][  T370] cgroup1: Unknown subsys name 'perf_event'
[   22.904344][  T365] cgroup1: Unknown subsys name 'net_cls'
[   22.909769][  T370] cgroup1: Unknown subsys name 'net_cls'
[   22.915302][  T368] cgroup1: Unknown subsys name 'perf_event'
[   22.923573][  T372] cgroup1: Unknown subsys name 'perf_event'
[   22.927102][  T366] cgroup1: Unknown subsys name 'net_cls'
[   22.934696][  T372] cgroup1: Unknown subsys name 'net_cls'
[   22.938419][  T368] cgroup1: Unknown subsys name 'net_cls'
[   22.943879][  T373] cgroup1: Unknown subsys name 'perf_event'
[   22.955459][  T373] cgroup1: Unknown subsys name 'net_cls'
[K[[0;1;31m*[0m[0;31m*    [0m] A start job is running for dev-ttyS0.device (16s / 1min 30s)[K[[0m[0;31m*     [0m] A start job is running for dev-ttyS0.device (17s / 1min 30s)[K[[0;1;31m*[0m[0;31m*    [0m] A start job is running for dev-ttyS0.device (18s / 1min 30s)[K[[0;31m*[0;1;31m*[0m[0;31m*   [0m] A start job is running for dev-ttyS0.device (18s / 1min 30s)[K[ [0;31m*[0;1;31m*[0m[0;31m*  [0m] A start job is running for dev-ttyS0.device (19s / 1min 30s)[K[  [0;31m*[0;1;31m*[0m[0;31m* [0m] A start job is running for dev-ttyS0.device (19s / 1min 30s)[   26.849354][ T2978] ==================================================================
[   26.857458][ T2978] BUG: KASAN: use-after-free in __list_del_entry_valid+0x2b/0x100
[   26.865251][ T2978] Read of size 8 at addr ffff8881c1896a00 by task syz-executor.3/2978
[   26.873379][ T2978] 
[   26.875708][ T2978] CPU: 1 PID: 2978 Comm: syz-executor.3 Not tainted 5.4.59-syzkaller-00527-g2f4d6c9fd77c #0
[   26.885840][ T2978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.895865][ T2978] Call Trace:
[   26.899129][ T2978]  dump_stack+0x14a/0x1ce
[   26.903429][ T2978]  ? show_regs_print_info+0x12/0x12
[   26.908597][ T2978]  ? printk+0xd2/0x114
[   26.912639][ T2978]  print_address_description+0x93/0x620
[   26.918152][ T2978]  ? devkmsg_release+0x11c/0x11c
[   26.923059][ T2978]  ? __kasan_slab_free+0x1f2/0x230
[   26.928140][ T2978]  ? __percpu_ref_switch_mode+0x350/0x5e0
[   26.933827][ T2978]  __kasan_report+0x16d/0x1e0
[   26.938482][ T2978]  ? __list_del_entry_valid+0x2b/0x100
[   26.943917][ T2978]  kasan_report+0x36/0x60
[   26.948225][ T2978]  __list_del_entry_valid+0x2b/0x100
[   26.953505][ T2978]  io_cancel_async_work+0x9b/0x280
[   26.953518][ T2978]  io_ring_ctx_wait_and_kill+0xaf/0x1380
[   26.964212][ T2978]  ? io_cancel_async_work+0x280/0x280
[   26.969572][ T2978]  io_uring_release+0x59/0x70
[   26.974228][ T2978]  ? io_uring_flush+0x130/0x130
[   26.979086][ T2978]  __fput+0x27d/0x6c0
[   26.983069][ T2978]  task_work_run+0x176/0x1a0
[   26.987643][ T2978]  do_exit+0xc42/0x2700
[   26.991784][ T2978]  ? __x64_sys_epoll_create1+0x33/0x40
[   26.997224][ T2978]  ? mm_update_next_owner+0x600/0x600
[   27.002586][ T2978]  ? futex_exit_release+0xc0/0xc0
[   27.007609][ T2978]  ? _raw_spin_lock_irq+0xa2/0x180
[   27.012716][ T2978]  ? _raw_spin_lock_irqsave+0x1e0/0x1e0
[   27.018262][ T2978]  do_group_exit+0x155/0x2b0
[   27.022848][ T2978]  get_signal+0x13ec/0x1f00
[   27.027353][ T2978]  ? security_file_alloc+0x32/0x200
[   27.032552][ T2978]  ? alloc_file+0x81/0x4b0
[   27.036971][ T2978]  ? ptrace_notify+0x340/0x340
[   27.041725][ T2978]  ? memcpy+0x38/0x50
[   27.045694][ T2978]  ? _copy_to_user+0x8e/0xb0
[   27.050272][ T2978]  do_signal+0x95/0x5d0
[K[   [0;31m*[   27.054411][ T2978]  ? __se_sys_futex+0x35c/0x470
[   27.060668][ T2978]  ? signal_fault+0x1f0/0x1f0
[   27.065370][ T2978]  ? fput_many+0x42/0x1a0
[0;1;31m*[0m[[   27.069679][ T2978]  ? __x64_sys_futex+0x1d/0xf0
[   27.075834][ T2978]  prepare_exit_to_usermode+0x207/0x2e0
0;31m*[0m] A st[   27.081367][ T2978]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   27.088617][ T2978] RIP: 0033:0x45d4d9
art job is runni[   27.092546][ T2978] Code: Bad RIP value.
[   27.098023][ T2978] RSP: 002b:00007f2df17a2cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   27.106426][ T2978] RAX: 0000000000000000 RBX: 000000000118cf48 RCX: 000000000045d4d9
[   27.114379][ T2978] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000118cf48
[   27.122332][ T2978] RBP: 000000000118cf40 R08: 0000000000000000 R09: 0000000000000000
ng for dev-ttyS0[   27.130298][ T2978] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118cf4c
[   27.139641][ T2978] R13: 00007ffc6c18a58f R14: 00007f2df17a39c0 R15: 000000000118cf4c
[   27.147609][ T2978] 
[   27.149934][ T2978] Allocated by task 2994:
[   27.154257][ T2978]  __kasan_kmalloc+0x12c/0x1c0
.device (20s / 1[   27.159028][ T2978]  kmem_cache_alloc+0x1d5/0x260
[   27.165253][ T2978]  io_get_req+0x1e8/0x850
[   27.169580][ T2978]  io_submit_sqe+0x83/0xe90
min 30s)[   27.174060][ T2978]  __se_sys_io_uring_enter+0x922/0x1ff0
[   27.180282][ T2978]  do_syscall_64+0xcb/0x150
[   27.184775][ T2978]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   27.190641][ T2978] 
[   27.192939][ T2978] Freed by task 378:
[   27.196809][ T2978]  __kasan_slab_free+0x181/0x230
[   27.201714][ T2978]  slab_free_freelist_hook+0xd0/0x150
[   27.207052][ T2978]  kmem_cache_free+0xac/0x600
[   27.211696][ T2978]  io_poll_complete_work+0x737/0x940
[   27.217032][ T2978]  process_one_work+0x777/0xf90
[   27.221886][ T2978]  worker_thread+0xa8f/0x1430
[   27.226530][ T2978]  kthread+0x2df/0x300
[   27.230570][ T2978]  ret_from_fork+0x1f/0x30
[   27.234950][ T2978] 
[   27.237245][ T2978] The buggy address belongs to the object at ffff8881c1896900
[   27.237245][ T2978]  which belongs to the cache io_kiocb of size 264
[   27.251003][ T2978] The buggy address is located 256 bytes inside of
[   27.251003][ T2978]  264-byte region [ffff8881c1896900, ffff8881c1896a08)
[   27.264236][ T2978] The buggy address belongs to the page:
[   27.269835][ T2978] page:ffffea0007062580 refcount:1 mapcount:0 mapping:ffff8881daa9af00 index:0x0 compound_mapcount: 0
[   27.280725][ T2978] flags: 0x8000000000010200(slab|head)
[   27.286168][ T2978] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881daa9af00
[   27.294719][ T2978] raw: 0000000000000000 0000000080150015 00000001ffffffff 0000000000000000
[   27.303264][ T2978] page dumped because: kasan: bad access detected
[   27.309644][ T2978] 
[   27.311936][ T2978] Memory state around the buggy address:
[   27.317533][ T2978]  ffff8881c1896900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.325588][ T2978]  ffff8881c1896980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.333718][ T2978] >ffff8881c1896a00: fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.341751][ T2978]                    ^
[   27.345789][ T2978]  ffff8881c1896a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.353830][ T2978]  ffff8881c1896b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.361856][ T2978] ==================================================================
[   27.369885][ T2978] Disabling lock debugging due to kernel taint
2020/08/23 11:16:10 executed programs: 68
2020/08/23 11:16:15 executed programs: 409