[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   18.392776] audit: type=1400 audit(1520647107.417:6): avc:  denied  { map } for  pid=4222 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts.
syzkaller login: [   24.730399] audit: type=1400 audit(1520647113.755:7): avc:  denied  { map } for  pid=4236 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/03/10 01:58:34 parsed 1 programs
2018/03/10 01:58:34 executed programs: 0
[   24.978325] audit: type=1400 audit(1520647114.003:8): avc:  denied  { map } for  pid=4236 comm="syz-execprog" path="/root/syzkaller-shm245812051" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   25.010657] IPVS: ftp: loaded support on port[0] = 21
[   25.043878] audit: type=1400 audit(1520647114.068:9): avc:  denied  { map } for  pid=4245 comm="syz-executor0" path="/dev/binder0" dev="devtmpfs" ino=9571 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1
[   25.046561] ==================================================================
[   25.075954] BUG: KASAN: use-after-free in ucma_close+0x2d7/0x2f0
[   25.082071] Read of size 8 at addr ffff8801b10876c0 by task syz-executor0/4245
[   25.089397] 
[   25.091003] CPU: 0 PID: 4245 Comm: syz-executor0 Not tainted 4.16.0-rc4+ #257
[   25.098249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.107574] Call Trace:
[   25.110136]  dump_stack+0x194/0x24d
[   25.113737]  ? arch_local_irq_restore+0x53/0x53
[   25.118380]  ? show_regs_print_info+0x18/0x18
[   25.122856]  ? ucma_close+0x2d7/0x2f0
[   25.126637]  print_address_description+0x73/0x250
[   25.131455]  ? ucma_close+0x2d7/0x2f0
[   25.135229]  kasan_report+0x23c/0x360
[   25.139005]  __asan_report_load8_noabort+0x14/0x20
[   25.143908]  ucma_close+0x2d7/0x2f0
[   25.147508]  ? __might_sleep+0x95/0x190
[   25.151457]  ? ucma_free_ctx+0xd90/0xd90
[   25.155491]  __fput+0x327/0x7e0
[   25.158749]  ? fput+0x140/0x140
[   25.162004]  ? check_same_owner+0x320/0x320
[   25.166303]  ? _raw_spin_unlock_irq+0x27/0x70
[   25.170784]  ____fput+0x15/0x20
[   25.174042]  task_work_run+0x199/0x270
[   25.177907]  ? task_work_cancel+0x210/0x210
[   25.182201]  ? _raw_spin_unlock+0x22/0x30
[   25.186322]  ? switch_task_namespaces+0x87/0xc0
[   25.190967]  do_exit+0x9bb/0x1ad0
[   25.194392]  ? ucma_create_id+0x45b/0x620
[   25.198515]  ? mm_update_next_owner+0x930/0x930
[   25.203162]  ? ucma_create_id+0x17b/0x620
[   25.207283]  ? ucma_get_event+0xa90/0xa90
[   25.211410]  ? __might_sleep+0x95/0x190
[   25.215365]  ? kasan_check_write+0x14/0x20
[   25.219578]  ? _copy_from_user+0x99/0x110
[   25.223700]  ? ucma_write+0x11f/0x3d0
[   25.227472]  ? ucma_get_event+0xa90/0xa90
[   25.231592]  ? ucma_resolve_route+0x1a0/0x1a0
[   25.236081]  ? ucma_resolve_route+0x1a0/0x1a0
[   25.240550]  ? __vfs_write+0xf7/0x970
[   25.244322]  ? rcu_note_context_switch+0x710/0x710
[   25.249225]  ? kernel_read+0x120/0x120
[   25.253083]  ? __might_sleep+0x95/0x190
[   25.257032]  ? _cond_resched+0x14/0x30
[   25.260893]  ? __inode_security_revalidate+0xd9/0x130
[   25.266060]  ? avc_policy_seqno+0x9/0x20
[   25.270101]  ? security_file_permission+0x89/0x1e0
[   25.275011]  ? compat_SyS_futex+0x288/0x380
[   25.279312]  ? vfs_write+0x224/0x510
[   25.283002]  do_group_exit+0x149/0x400
[   25.286865]  ? compat_SyS_get_robust_list+0x300/0x300
[   25.292031]  ? SyS_write+0x184/0x220
[   25.295726]  ? SyS_exit+0x30/0x30
[   25.299151]  ? SyS_read+0x220/0x220
[   25.302751]  ? do_fast_syscall_32+0x156/0xf9f
[   25.307219]  ? do_group_exit+0x400/0x400
[   25.311252]  SyS_exit_group+0x1d/0x20
[   25.315028]  do_fast_syscall_32+0x3ec/0xf9f
[   25.319328]  ? do_int80_syscall_32+0x9c0/0x9c0
[   25.323879]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.328612]  ? syscall_return_slowpath+0x2ac/0x550
[   25.333515]  ? prepare_exit_to_usermode+0x350/0x350
[   25.338505]  ? sysret32_from_system_call+0x5/0x3c
[   25.343328]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   25.348149]  entry_SYSENTER_compat+0x70/0x7f
[   25.352525] RIP: 0023:0xf7f99c99
[   25.355859] RSP: 002b:00000000ffe4d7fc EFLAGS: 00000286 ORIG_RAX: 00000000000000fc
[   25.363535] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[   25.370775] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   25.378021] RBP: 00000000080a2c25 R08: 0000000000000000 R09: 0000000000000000
[   25.385263] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   25.392507] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   25.399780] 
[   25.401391] Allocated by task 4245:
[   25.404991]  save_stack+0x43/0xd0
[   25.408414]  kasan_kmalloc+0xad/0xe0
[   25.412100]  kmem_cache_alloc_trace+0x136/0x740
[   25.416738]  ucma_alloc_ctx+0xce/0x610
[   25.420601]  ucma_create_id+0x205/0x620
[   25.424555]  ucma_write+0x2d6/0x3d0
[   25.428154]  __vfs_write+0xef/0x970
[   25.431748]  vfs_write+0x189/0x510
[   25.435260]  SyS_write+0xef/0x220
[   25.438682]  do_fast_syscall_32+0x3ec/0xf9f
[   25.442977]  entry_SYSENTER_compat+0x70/0x7f
[   25.447353] 
[   25.448951] Freed by task 4245:
[   25.452201]  save_stack+0x43/0xd0
[   25.455621]  __kasan_slab_free+0x11a/0x170
[   25.459823]  kasan_slab_free+0xe/0x10
[   25.463591]  kfree+0xd9/0x260
[   25.466674]  ucma_create_id+0x45b/0x620
[   25.470624]  ucma_write+0x2d6/0x3d0
[   25.474221]  __vfs_write+0xef/0x970
[   25.477815]  vfs_write+0x189/0x510
[   25.481327]  SyS_write+0xef/0x220
[   25.484755]  do_fast_syscall_32+0x3ec/0xf9f
[   25.489049]  entry_SYSENTER_compat+0x70/0x7f
[   25.493424] 
[   25.495026] The buggy address belongs to the object at ffff8801b1087640
[   25.495026]  which belongs to the cache kmalloc-256 of size 256
[   25.507651] The buggy address is located 128 bytes inside of
[   25.507651]  256-byte region [ffff8801b1087640, ffff8801b1087740)
[   25.519491] The buggy address belongs to the page:
[   25.524392] page:ffffea0006c421c0 count:1 mapcount:0 mapping:ffff8801b1087000 index:0xffff8801b1087c80
[   25.533806] flags: 0x2fffc0000000100(slab)
[   25.538011] raw: 02fffc0000000100 ffff8801b1087000 ffff8801b1087c80 000000010000000a
[   25.545875] raw: ffffea0006c41d60 ffffea0006bc88e0 ffff8801dac007c0 0000000000000000
[   25.553732] page dumped because: kasan: bad access detected
[   25.559408] 
[   25.561003] Memory state around the buggy address:
[   25.565902]  ffff8801b1087580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.573233]  ffff8801b1087600: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   25.580561] >ffff8801b1087680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.587894]                                            ^
[   25.593312]  ffff8801b1087700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   25.600638]  ffff8801b1087780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.607963] ==================================================================
[   25.615297] Disabling lock debugging due to kernel taint
[   25.620779] Kernel panic - not syncing: panic_on_warn set ...
[   25.620779] 
[   25.628131] CPU: 0 PID: 4245 Comm: syz-executor0 Tainted: G    B            4.16.0-rc4+ #257
[   25.636678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.645998] Call Trace:
[   25.648564]  dump_stack+0x194/0x24d
[   25.652162]  ? arch_local_irq_restore+0x53/0x53
[   25.656802]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.661525]  ? vsnprintf+0x1ed/0x1900
[   25.665295]  ? ucma_close+0x230/0x2f0
[   25.669065]  panic+0x1e4/0x41c
[   25.672227]  ? refcount_error_report+0x214/0x214
[   25.676951]  ? add_taint+0x1c/0x50
[   25.680465]  ? add_taint+0x1c/0x50
[   25.683976]  ? ucma_close+0x2d7/0x2f0
[   25.687745]  kasan_end_report+0x50/0x50
[   25.691688]  kasan_report+0x149/0x360
[   25.695458]  __asan_report_load8_noabort+0x14/0x20
[   25.700357]  ucma_close+0x2d7/0x2f0
[   25.703953]  ? __might_sleep+0x95/0x190
[   25.707896]  ? ucma_free_ctx+0xd90/0xd90
[   25.711927]  __fput+0x327/0x7e0
[   25.715178]  ? fput+0x140/0x140
[   25.718425]  ? check_same_owner+0x320/0x320
[   25.722714]  ? _raw_spin_unlock_irq+0x27/0x70
[   25.727180]  ____fput+0x15/0x20
[   25.730428]  task_work_run+0x199/0x270
[   25.734284]  ? task_work_cancel+0x210/0x210
[   25.738573]  ? _raw_spin_unlock+0x22/0x30
[   25.742689]  ? switch_task_namespaces+0x87/0xc0
[   25.747327]  do_exit+0x9bb/0x1ad0
[   25.750769]  ? ucma_create_id+0x45b/0x620
[   25.754923]  ? mm_update_next_owner+0x930/0x930
[   25.759589]  ? ucma_create_id+0x17b/0x620
[   25.763727]  ? ucma_get_event+0xa90/0xa90
[   25.767867]  ? __might_sleep+0x95/0x190
[   25.771835]  ? kasan_check_write+0x14/0x20
[   25.776061]  ? _copy_from_user+0x99/0x110
[   25.780198]  ? ucma_write+0x11f/0x3d0
[   25.783988]  ? ucma_get_event+0xa90/0xa90
[   25.788129]  ? ucma_resolve_route+0x1a0/0x1a0
[   25.792620]  ? ucma_resolve_route+0x1a0/0x1a0
[   25.797111]  ? __vfs_write+0xf7/0x970
[   25.800897]  ? rcu_note_context_switch+0x710/0x710
[   25.805799]  ? kernel_read+0x120/0x120
[   25.809657]  ? __might_sleep+0x95/0x190
[   25.813609]  ? _cond_resched+0x14/0x30
[   25.817473]  ? __inode_security_revalidate+0xd9/0x130
[   25.822635]  ? avc_policy_seqno+0x9/0x20
[   25.826676]  ? security_file_permission+0x89/0x1e0
[   25.831583]  ? compat_SyS_futex+0x288/0x380
[   25.835874]  ? vfs_write+0x224/0x510
[   25.839562]  do_group_exit+0x149/0x400
[   25.843436]  ? compat_SyS_get_robust_list+0x300/0x300
[   25.848596]  ? SyS_write+0x184/0x220
[   25.852277]  ? SyS_exit+0x30/0x30
[   25.855696]  ? SyS_read+0x220/0x220
[   25.859293]  ? do_fast_syscall_32+0x156/0xf9f
[   25.863756]  ? do_group_exit+0x400/0x400
[   25.867784]  SyS_exit_group+0x1d/0x20
[   25.871557]  do_fast_syscall_32+0x3ec/0xf9f
[   25.875848]  ? do_int80_syscall_32+0x9c0/0x9c0
[   25.880400]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.885124]  ? syscall_return_slowpath+0x2ac/0x550
[   25.890021]  ? prepare_exit_to_usermode+0x350/0x350
[   25.895006]  ? sysret32_from_system_call+0x5/0x3c
[   25.899820]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   25.904632]  entry_SYSENTER_compat+0x70/0x7f
[   25.909008] RIP: 0023:0xf7f99c99
[   25.912338] RSP: 002b:00000000ffe4d7fc EFLAGS: 00000286 ORIG_RAX: 00000000000000fc
[   25.920013] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[   25.927252] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   25.934497] RBP: 00000000080a2c25 R08: 0000000000000000 R09: 0000000000000000
[   25.941745] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   25.948983] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   25.956585] Dumping ftrace buffer:
[   25.960093]    (ftrace buffer empty)
[   25.963771] Kernel Offset: disabled
[   25.967367] Rebooting in 86400 seconds..