[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   33.681948] kauditd_printk_skb: 9 callbacks suppressed
[   33.681960] audit: type=1800 audit(1543719116.186:33): pid=6046 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   33.711328] audit: type=1800 audit(1543719116.186:34): pid=6046 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0
[   34.670316] audit: type=1400 audit(1543719117.176:35): avc:  denied  { map } for  pid=6220 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   41.309442] audit: type=1400 audit(1543719123.816:36): avc:  denied  { map } for  pid=6234 comm="syz-executor433" path="/root/syz-executor433688548" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
executing program
executing program
[   41.682711] ==================================================================
[   41.690208] BUG: KASAN: use-after-free in debugfs_remove+0x10b/0x130
[   41.690223] Read of size 8 at addr ffff8881a8c2f340 by task kworker/1:1/22
[   41.690232] 
[   41.690246] CPU: 1 PID: 22 Comm: kworker/1:1 Not tainted 4.20.0-rc4+ #138
[   41.690254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.690272] Workqueue: events __blk_release_queue
[   41.703826] Call Trace:
[   41.703847]  dump_stack+0x244/0x39d
[   41.703867]  ? dump_stack_print_info.cold.1+0x20/0x20
[   41.703880]  ? printk+0xa7/0xcf
[   41.703894]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   41.703916]  print_address_description.cold.7+0x9/0x1ff
[   41.712479]  kasan_report.cold.8+0x242/0x309
[   41.712494]  ? debugfs_remove+0x10b/0x130
[   41.712512]  __asan_report_load8_noabort+0x14/0x20
[   41.712526]  debugfs_remove+0x10b/0x130
[   41.712545]  blk_trace_free+0x35/0x130
[   41.727144]  __blk_trace_remove+0x7a/0xa0
[   41.727163]  blk_trace_shutdown+0x63/0x80
[   41.727182]  __blk_release_queue+0x235/0x510
[   41.733385]  process_one_work+0xc90/0x1c40
[   41.733402]  ? mark_held_locks+0x130/0x130
[   41.733428]  ? pwq_dec_nr_in_flight+0x4a0/0x4a0
[   41.733444]  ? __switch_to_asm+0x40/0x70
[   41.741907]  ? __switch_to_asm+0x34/0x70
[   41.741919]  ? __switch_to_asm+0x40/0x70
[   41.741946]  ? __switch_to_asm+0x34/0x70
[   41.741962]  ? __switch_to_asm+0x40/0x70
[   41.752049]  ? __switch_to_asm+0x34/0x70
[   41.752060]  ? __switch_to_asm+0x40/0x70
[   41.752087]  ? __switch_to_asm+0x34/0x70
[   41.752098]  ? __switch_to_asm+0x40/0x70
[   41.752117]  ? __schedule+0x8d7/0x21d0
[   41.752154]  ? lock_downgrade+0x900/0x900
[   41.760684]  ? zap_class+0x640/0x640
[   41.760704]  ? find_held_lock+0x36/0x1c0
[   41.760737]  ? lock_acquire+0x1ed/0x520
[   41.769600]  ? worker_thread+0x3e0/0x1390
[   41.769624]  ? kasan_check_read+0x11/0x20
[   41.769647]  ? do_raw_spin_lock+0x14f/0x350
[   41.777648]  ? kasan_check_read+0x11/0x20
[   41.777667]  ? rwlock_bug.part.2+0x90/0x90
[   41.777685]  ? trace_hardirqs_on+0x310/0x310
[   41.786222]  worker_thread+0x17f/0x1390
[   41.786235]  ? __switch_to_asm+0x34/0x70
[   41.786263]  ? process_one_work+0x1c40/0x1c40
[   41.786293]  ? __sched_text_start+0x8/0x8
[   41.794741]  ? __kthread_parkme+0xce/0x1a0
[   41.794758]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[   41.794780]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[   41.794798]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   41.794814]  ? trace_hardirqs_on+0xbd/0x310
[   41.803609]  ? kasan_check_read+0x11/0x20
[   41.803625]  ? __kthread_parkme+0xce/0x1a0
[   41.803648]  ? trace_hardirqs_off_caller+0x310/0x310
[   41.803673]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[   41.807886] kobject: 'mq' (000000000fefe66e): kobject_uevent_env
[   41.811779]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   41.811810]  ? __kthread_parkme+0xfb/0x1a0
[   41.811827]  ? process_one_work+0x1c40/0x1c40
[   41.816047] kobject: 'mq' (000000000fefe66e): kobject_uevent_env: filter function caused the event to drop!
[   41.819923]  kthread+0x35a/0x440
[   41.819940]  ? kthread_stop+0x900/0x900
[   41.819956]  ret_from_fork+0x3a/0x50
[   41.824213] kobject: '0' (0000000065eae01a): kobject_add_internal: parent: 'mq', set: '<NULL>'
[   41.828061] 
[   41.828070] Allocated by task 6237:
[   41.828088]  save_stack+0x43/0xd0
[   41.832422] kobject: 'cpu0' (0000000067ae1398): kobject_add_internal: parent: '0', set: '<NULL>'
[   41.836210]  kasan_kmalloc+0xc7/0xe0
[   41.836224]  kasan_slab_alloc+0x12/0x20
[   41.836237]  kmem_cache_alloc+0x12e/0x730
[   41.836255]  __d_alloc+0xc8/0xb90
[   41.840238] kobject: 'cpu1' (00000000110970b5): kobject_add_internal: parent: '0', set: '<NULL>'
[   41.844258]  d_alloc+0x96/0x380
[   41.844272]  d_alloc_parallel+0x15a/0x1f40
[   41.844286]  __lookup_slow+0x1e6/0x540
[   41.844300]  lookup_one_len+0x1d8/0x220
[   41.844314]  start_creating+0xc6/0x200
[   41.844330]  __debugfs_create_file+0x63/0x400
[   41.851276] kobject: 'queue' (00000000b6ee61e3): kobject_uevent_env
[   41.852080]  debugfs_create_file+0x57/0x70
[   41.852096]  do_blk_trace_setup+0x45d/0xdb0
[   41.852110]  __blk_trace_setup+0xd5/0x180
[   41.852124]  blk_trace_ioctl+0x17a/0x2f0
[   41.852138]  blkdev_ioctl+0x9e9/0x21b0
[   41.852154]  block_ioctl+0xee/0x130
[   41.856287] kobject: 'queue' (00000000b6ee61e3): kobject_uevent_env: filter function caused the event to drop!
[   41.860260]  do_vfs_ioctl+0x1de/0x1790
[   41.860271]  ksys_ioctl+0xa9/0xd0
[   41.860283]  __x64_sys_ioctl+0x73/0xb0
[   41.860303]  do_syscall_64+0x1b9/0x820
[   41.864670] kobject: 'iosched' (000000008cb9c9e2): kobject_add_internal: parent: 'queue', set: '<NULL>'
[   41.868739]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   41.868744] 
[   41.868750] Freed by task 0:
[   41.868765]  save_stack+0x43/0xd0
[   41.868790]  __kasan_slab_free+0x102/0x150
[   41.873214] kobject: 'iosched' (000000008cb9c9e2): kobject_uevent_env
[   41.877146]  kasan_slab_free+0xe/0x10
[   41.877160]  kmem_cache_free+0x83/0x290
[   41.877173]  __d_free+0x20/0x30
[   41.877189]  rcu_process_callbacks+0x100a/0x1ac0
[   41.881623] kobject: 'iosched' (000000008cb9c9e2): kobject_uevent_env: filter function caused the event to drop!
[   41.885548]  __do_softirq+0x308/0xb7e
[   41.885552] 
[   41.885563] The buggy address belongs to the object at ffff8881a8c2f300
[   41.885563]  which belongs to the cache dentry of size 288
[   41.885576] The buggy address is located 64 bytes inside of
[   41.885576]  288-byte region [ffff8881a8c2f300, ffff8881a8c2f420)
[   41.885581] The buggy address belongs to the page:
[   41.885594] page:ffffea0006a30bc0 count:1 mapcount:0 mapping:ffff8881da986cc0 index:0x0
[   41.885605] flags: 0x2fffc0000000200(slab)
[   41.885623] raw: 02fffc0000000200 ffffea0007301088 ffffea0006a31f08 ffff8881da986cc0
[   41.889921] kobject: 'integrity' (000000003bee9529): kobject_add_internal: parent: 'loop0', set: '<NULL>'
[   41.894152] raw: 0000000000000000 ffff8881a8c2f040 000000010000000b 0000000000000000
[   41.894158] page dumped because: kasan: bad access detected
[   41.894162] 
[   41.894166] Memory state around the buggy address:
[   41.894178]  ffff8881a8c2f200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.894188]  ffff8881a8c2f280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   41.894198] >ffff8881a8c2f300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.894221]                                            ^
[   41.898664] kobject: 'integrity' (000000003bee9529): kobject_uevent_env
[   41.902587]  ffff8881a8c2f380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.902598]  ffff8881a8c2f400: fb fb fb fb fc fc fc fc fc fc fc fc fb fb fb fb
[   41.902603] ==================================================================
[   41.902608] Disabling lock debugging due to kernel taint
[   41.922117] Kernel panic - not syncing: panic_on_warn set ...
[   41.927347] kobject: 'integrity' (000000003bee9529): kobject_uevent_env: filter function caused the event to drop!
[   41.930125] CPU: 1 PID: 22 Comm: kworker/1:1 Tainted: G    B             4.20.0-rc4+ #138
[   41.930133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.930155] Workqueue: events __blk_release_queue
[   42.355619] Call Trace:
[   42.358213]  dump_stack+0x244/0x39d
[   42.361859]  ? dump_stack_print_info.cold.1+0x20/0x20
[   42.367054]  panic+0x2ad/0x55c
[   42.370246]  ? add_taint.cold.5+0x16/0x16
[   42.374390]  ? preempt_schedule+0x4d/0x60
[   42.378534]  ? ___preempt_schedule+0x16/0x18
[   42.382945]  ? trace_hardirqs_on+0xb4/0x310
[   42.387271]  kasan_end_report+0x47/0x4f
[   42.391241]  kasan_report.cold.8+0x76/0x309
[   42.395565]  ? debugfs_remove+0x10b/0x130
[   42.399728]  __asan_report_load8_noabort+0x14/0x20
[   42.404658]  debugfs_remove+0x10b/0x130
[   42.408639]  blk_trace_free+0x35/0x130
[   42.412526]  __blk_trace_remove+0x7a/0xa0
[   42.416671]  blk_trace_shutdown+0x63/0x80
[   42.420821]  __blk_release_queue+0x235/0x510
[   42.425243]  process_one_work+0xc90/0x1c40
[   42.429484]  ? mark_held_locks+0x130/0x130
[   42.433722]  ? pwq_dec_nr_in_flight+0x4a0/0x4a0
[   42.438387]  ? __switch_to_asm+0x40/0x70
[   42.442441]  ? __switch_to_asm+0x34/0x70
[   42.446494]  ? __switch_to_asm+0x40/0x70
[   42.450564]  ? __switch_to_asm+0x34/0x70
[   42.454640]  ? __switch_to_asm+0x40/0x70
[   42.458697]  ? __switch_to_asm+0x34/0x70
[   42.462755]  ? __switch_to_asm+0x40/0x70
[   42.466821]  ? __switch_to_asm+0x34/0x70
[   42.470876]  ? __switch_to_asm+0x40/0x70
[   42.474942]  ? __schedule+0x8d7/0x21d0
[   42.478837]  ? lock_downgrade+0x900/0x900
[   42.482989]  ? zap_class+0x640/0x640
[   42.486701]  ? find_held_lock+0x36/0x1c0
[   42.490780]  ? lock_acquire+0x1ed/0x520
[   42.494752]  ? worker_thread+0x3e0/0x1390
[   42.498910]  ? kasan_check_read+0x11/0x20
[   42.503054]  ? do_raw_spin_lock+0x14f/0x350
[   42.507377]  ? kasan_check_read+0x11/0x20
[   42.511518]  ? rwlock_bug.part.2+0x90/0x90
[   42.515757]  ? trace_hardirqs_on+0x310/0x310
[   42.520182]  worker_thread+0x17f/0x1390
[   42.524153]  ? __switch_to_asm+0x34/0x70
[   42.528221]  ? process_one_work+0x1c40/0x1c40
[   42.532726]  ? __sched_text_start+0x8/0x8
[   42.536887]  ? __kthread_parkme+0xce/0x1a0
[   42.541119]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[   42.546223]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[   42.551335]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   42.555920]  ? trace_hardirqs_on+0xbd/0x310
[   42.560254]  ? kasan_check_read+0x11/0x20
[   42.564398]  ? __kthread_parkme+0xce/0x1a0
[   42.568627]  ? trace_hardirqs_off_caller+0x310/0x310
[   42.573739]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[   42.578844]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   42.584395]  ? __kthread_parkme+0xfb/0x1a0
[   42.588626]  ? process_one_work+0x1c40/0x1c40
[   42.593125]  kthread+0x35a/0x440
[   42.596491]  ? kthread_stop+0x900/0x900
[   42.600462]  ret_from_fork+0x3a/0x50
[   42.605097] Kernel Offset: disabled
[   42.608717] Rebooting in 86400 seconds..