 scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   43.481230] audit: type=1800 audit(1576230594.469:33): pid=7468 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   46.787047] kauditd_printk_skb: 1 callbacks suppressed
[   46.787061] audit: type=1400 audit(1576230597.779:35): avc:  denied  { map } for  pid=7642 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.216' (ECDSA) to the list of known hosts.
[   53.574750] audit: type=1400 audit(1576230604.569:36): avc:  denied  { map } for  pid=7654 comm="syz-executor358" path="/root/syz-executor358855344" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   53.590423] IPVS: ftp: loaded support on port[0] = 21
executing program
[   53.627940] audit: type=1400 audit(1576230604.619:37): avc:  denied  { create } for  pid=7655 comm="syz-executor358" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   53.633470] netlink: 2 bytes leftover after parsing attributes in process `syz-executor358'.
[   53.653082] audit: type=1400 audit(1576230604.619:38): avc:  denied  { write } for  pid=7655 comm="syz-executor358" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   53.685278] audit: type=1400 audit(1576230604.619:39): avc:  denied  { read } for  pid=7655 comm="syz-executor358" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   53.741768] ==================================================================
[   53.749289] BUG: KASAN: use-after-free in __alloc_skb+0x381/0x5f0
[   53.755531] Write of size 32 at addr ffff8881a3a4a540 by task swapper/1/0
[   53.762494] 
[   53.764118] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.89-syzkaller #0
[   53.771126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.780565] Call Trace:
[   53.783135]  <IRQ>
[   53.785290]  dump_stack+0x197/0x210
[   53.788953]  ? __alloc_skb+0x381/0x5f0
[   53.792843]  print_address_description.cold+0x7c/0x20d
[   53.798118]  ? __alloc_skb+0x381/0x5f0
[   53.802003]  kasan_report.cold+0x8c/0x2ba
[   53.806143]  check_memory_region+0x123/0x190
[   53.810541]  memset+0x24/0x40
[   53.813633]  __alloc_skb+0x381/0x5f0
[   53.817354]  ? skb_trim+0x190/0x190
[   53.820987]  ? update_stack_state+0x190/0x5f0
[   53.825476]  ? __lock_acquire+0x6ee/0x49c0
[   53.829699]  alloc_skb_with_frags+0x93/0x590
[   53.834098]  sock_alloc_send_pskb+0x72d/0x8a0
[   53.838600]  ? sock_wmalloc+0x120/0x120
[   53.842561]  ? find_held_lock+0x35/0x130
[   53.846722]  ? debug_object_activate+0x206/0x4e0
[   53.851502]  ? debug_object_activate+0x206/0x4e0
[   53.856373]  sock_alloc_send_skb+0x32/0x40
[   53.860600]  mld_newpack+0x1d7/0x7f0
[   53.864305]  ? ip6_mc_hdr.isra.0.constprop.0+0x5a0/0x5a0
[   53.869747]  ? mark_held_locks+0x100/0x100
[   53.873986]  add_grhead.isra.0+0x299/0x370
[   53.878216]  add_grec+0x7e7/0x10c0
[   53.881742]  ? mld_ifc_timer_expire+0x720/0x8b0
[   53.886420]  ? mld_sendpack+0xeb0/0xeb0
[   53.890382]  ? kasan_check_write+0x14/0x20
[   53.894605]  ? do_raw_spin_lock+0xc8/0x240
[   53.898830]  mld_ifc_timer_expire+0x3d4/0x8b0
[   53.903315]  call_timer_fn+0x18d/0x720
[   53.907201]  ? mld_dad_timer_expire+0x1c0/0x1c0
[   53.911863]  ? process_timeout+0x40/0x40
[   53.915936]  ? run_timer_softirq+0x644/0x16a0
[   53.920446]  ? trace_hardirqs_on+0x67/0x220
[   53.924754]  ? mld_dad_timer_expire+0x1c0/0x1c0
[   53.929407]  run_timer_softirq+0x64f/0x16a0
[   53.933711]  ? add_timer+0xbe0/0xbe0
[   53.937407]  ? kvm_clock_read+0x18/0x30
[   53.941369]  ? check_preemption_disabled+0x48/0x290
[   53.946367]  ? sched_clock+0x2e/0x50
[   53.950072]  __do_softirq+0x25c/0x921
[   53.953965]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   53.959482]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   53.965017]  irq_exit+0x180/0x1d0
[   53.968467]  smp_apic_timer_interrupt+0x13b/0x550
[   53.973396]  apic_timer_interrupt+0xf/0x20
[   53.977623]  </IRQ>
[   53.979846] RIP: 0010:native_safe_halt+0xe/0x10
[   53.984507] Code: ff ff 48 89 df e8 92 64 56 fa eb 82 e9 07 00 00 00 0f 00 2d 84 73 5b 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 73 5b 00 fb f4 <c3> 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 1e 43 0d fa e8 f9
[   54.004345] RSP: 0018:ffff8880aa3b7d08 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
[   54.012166] RAX: 1ffffffff11e4b7c RBX: ffff8880aa3a43c0 RCX: 0000000000000000
[   54.019435] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa3a4c3c
[   54.027213] RBP: ffff8880aa3b7d38 R08: ffff8880aa3a43c0 R09: 0000000000000000
[   54.034601] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[   54.041858] R13: ffffffff88f25bd0 R14: 0000000000000000 R15: ffff8880aa3a43c0
[   54.049144]  ? default_idle+0x4e/0x320
[   54.053019]  arch_cpu_idle+0xa/0x10
[   54.056640]  default_idle_call+0x36/0x90
[   54.060684]  do_idle+0x30c/0x4d0
[   54.064034]  ? trace_hardirqs_on+0x67/0x220
[   54.068339]  ? arch_cpu_idle_exit+0x80/0x80
[   54.072640]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   54.077737]  ? complete+0x61/0x80
[   54.081176]  cpu_startup_entry+0xc8/0xe0
[   54.085224]  ? cpu_in_idle+0x20/0x20
[   54.088923]  ? setup_APIC_timer+0x1aa/0x200
[   54.093241]  start_secondary+0x3e8/0x5b0
[   54.097293]  ? set_cpu_sibling_map+0x1860/0x1860
[   54.102049]  secondary_startup_64+0xa4/0xb0
[   54.106353] 
[   54.107958] The buggy address belongs to the page:
[   54.112939] page:ffffea00068e9280 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   54.121079] flags: 0x57ffe0000000000()
[   54.124961] raw: 057ffe0000000000 ffffea00068e9288 ffffea00068e9288 0000000000000000
[   54.133695] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   54.141555] page dumped because: kasan: bad access detected
[   54.147271] 
[   54.148875] Memory state around the buggy address:
[   54.153788]  ffff8881a3a4a400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.161132]  ffff8881a3a4a480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.168470] >ffff8881a3a4a500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.175807]                                            ^
[   54.181295]  ffff8881a3a4a580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.188779]  ffff8881a3a4a600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   54.196122] ==================================================================
[   54.203459] Disabling lock debugging due to kernel taint
[   54.208952] Kernel panic - not syncing: panic_on_warn set ...
[   54.208952] 
[   54.216318] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B             4.19.89-syzkaller #0
[   54.224700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.234034] Call Trace:
[   54.236610]  <IRQ>
[   54.238748]  dump_stack+0x197/0x210
[   54.242359]  ? __alloc_skb+0x381/0x5f0
[   54.246230]  panic+0x26a/0x50e
[   54.249402]  ? __warn_printk+0xf3/0xf3
[   54.253285]  ? retint_kernel+0x2d/0x2d
[   54.257157]  ? trace_hardirqs_on+0x5e/0x220
[   54.261460]  ? __alloc_skb+0x381/0x5f0
[   54.265329]  kasan_end_report+0x47/0x4f
[   54.269283]  kasan_report.cold+0xa9/0x2ba
[   54.273412]  check_memory_region+0x123/0x190
[   54.277803]  memset+0x24/0x40
[   54.280890]  __alloc_skb+0x381/0x5f0
[   54.284603]  ? skb_trim+0x190/0x190
[   54.288210]  ? update_stack_state+0x190/0x5f0
[   54.292691]  ? __lock_acquire+0x6ee/0x49c0
[   54.298823]  alloc_skb_with_frags+0x93/0x590
[   54.303231]  sock_alloc_send_pskb+0x72d/0x8a0
[   54.307716]  ? sock_wmalloc+0x120/0x120
[   54.311677]  ? find_held_lock+0x35/0x130
[   54.315727]  ? debug_object_activate+0x206/0x4e0
[   54.320493]  ? debug_object_activate+0x206/0x4e0
[   54.325235]  sock_alloc_send_skb+0x32/0x40
[   54.329453]  mld_newpack+0x1d7/0x7f0
[   54.333164]  ? ip6_mc_hdr.isra.0.constprop.0+0x5a0/0x5a0
[   54.338598]  ? mark_held_locks+0x100/0x100
[   54.342818]  add_grhead.isra.0+0x299/0x370
[   54.347048]  add_grec+0x7e7/0x10c0
[   54.350568]  ? mld_ifc_timer_expire+0x720/0x8b0
[   54.355259]  ? mld_sendpack+0xeb0/0xeb0
[   54.359234]  ? kasan_check_write+0x14/0x20
[   54.363473]  ? do_raw_spin_lock+0xc8/0x240
[   54.367695]  mld_ifc_timer_expire+0x3d4/0x8b0
[   54.372239]  call_timer_fn+0x18d/0x720
[   54.376114]  ? mld_dad_timer_expire+0x1c0/0x1c0
[   54.380806]  ? process_timeout+0x40/0x40
[   54.384865]  ? run_timer_softirq+0x644/0x16a0
[   54.389375]  ? trace_hardirqs_on+0x67/0x220
[   54.393693]  ? mld_dad_timer_expire+0x1c0/0x1c0
[   54.398346]  run_timer_softirq+0x64f/0x16a0
[   54.402653]  ? add_timer+0xbe0/0xbe0
[   54.406364]  ? kvm_clock_read+0x18/0x30
[   54.410328]  ? check_preemption_disabled+0x48/0x290
[   54.415334]  ? sched_clock+0x2e/0x50
[   54.419037]  __do_softirq+0x25c/0x921
[   54.422821]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.428337]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   54.433864]  irq_exit+0x180/0x1d0
[   54.437300]  smp_apic_timer_interrupt+0x13b/0x550
[   54.442123]  apic_timer_interrupt+0xf/0x20
[   54.446335]  </IRQ>
[   54.448553] RIP: 0010:native_safe_halt+0xe/0x10
[   54.453207] Code: ff ff 48 89 df e8 92 64 56 fa eb 82 e9 07 00 00 00 0f 00 2d 84 73 5b 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d 74 73 5b 00 fb f4 <c3> 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 1e 43 0d fa e8 f9
[   54.472087] RSP: 0018:ffff8880aa3b7d08 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
[   54.479782] RAX: 1ffffffff11e4b7c RBX: ffff8880aa3a43c0 RCX: 0000000000000000
[   54.487030] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880aa3a4c3c
[   54.494290] RBP: ffff8880aa3b7d38 R08: ffff8880aa3a43c0 R09: 0000000000000000
[   54.501549] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
[   54.508809] R13: ffffffff88f25bd0 R14: 0000000000000000 R15: ffff8880aa3a43c0
[   54.516069]  ? default_idle+0x4e/0x320
[   54.519940]  arch_cpu_idle+0xa/0x10
[   54.523547]  default_idle_call+0x36/0x90
[   54.527587]  do_idle+0x30c/0x4d0
[   54.530930]  ? trace_hardirqs_on+0x67/0x220
[   54.535243]  ? arch_cpu_idle_exit+0x80/0x80
[   54.539554]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   54.544642]  ? complete+0x61/0x80
[   54.548077]  cpu_startup_entry+0xc8/0xe0
[   54.552120]  ? cpu_in_idle+0x20/0x20
[   54.555820]  ? setup_APIC_timer+0x1aa/0x200
[   54.560121]  start_secondary+0x3e8/0x5b0
[   54.564164]  ? set_cpu_sibling_map+0x1860/0x1860
[   54.568902]  secondary_startup_64+0xa4/0xb0
[   54.574675] Kernel Offset: disabled
[   54.578560] Rebooting in 86400 seconds..