[....] Starting enhanced syslogd: rsyslogd[   11.274044] audit: type=1400 audit(1515075280.729:5): avc:  denied  { syslog } for  pid=3315 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   15.995135] audit: type=1400 audit(1515075285.450:6): avc:  denied  { map } for  pid=3455 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.197' (ECDSA) to the list of known hosts.
executing program
[   22.116634] audit: type=1400 audit(1515075291.572:7): avc:  denied  { map } for  pid=3469 comm="syzkaller923230" path="/root/syzkaller923230942" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   22.121397] ==================================================================
[   22.121414] BUG: KASAN: use-after-free in __lock_acquire+0x3c41/0x3cf0
[   22.121419] Read of size 8 at addr ffff8801cc359ab8 by task syzkaller923230/3469
[   22.121420] 
[   22.121428] CPU: 1 PID: 3469 Comm: syzkaller923230 Not tainted 4.15.0-rc6-next-20180103+ #87
[   22.121431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.121434] Call Trace:
[   22.121445]  dump_stack+0x137/0x198
[   22.121452]  ? __lock_acquire+0x3c41/0x3cf0
[   22.121462]  print_address_description+0x73/0x250
[   22.121468]  ? __lock_acquire+0x3c41/0x3cf0
[   22.121474]  kasan_report+0x23b/0x360
[   22.121482]  __asan_report_load8_noabort+0x14/0x20
[   22.121487]  __lock_acquire+0x3c41/0x3cf0
[   22.121493]  ? lock_downgrade+0x860/0x860
[   22.121502]  ? __bpf_address_lookup+0x2b0/0x2b0
[   22.121509]  ? __lock_acquire+0x63e/0x3cf0
[   22.121517]  ? remove_wait_queue+0x24/0x1b0
[   22.121526]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   22.121534]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   22.121543]  ? __mutex_lock+0xec/0x1550
[   22.121550]  ? ep_free+0x72/0x230
[   22.121555]  ? save_stack+0xa3/0xd0
[   22.121563]  lock_acquire+0x16b/0x420
[   22.121568]  ? lock_acquire+0x16b/0x420
[   22.121573]  ? remove_wait_queue+0x24/0x1b0
[   22.121582]  _raw_spin_lock_irqsave+0x96/0xc0
[   22.121588]  ? remove_wait_queue+0x24/0x1b0
[   22.121594]  remove_wait_queue+0x24/0x1b0
[   22.121602]  ep_unregister_pollwait.isra.7+0x9d/0x360
[   22.121609]  ? ep_free+0x230/0x230
[   22.121614]  ep_free+0xae/0x230
[   22.121621]  ? ep_free+0x230/0x230
[   22.121626]  ep_eventpoll_release+0x44/0x60
[   22.121632]  __fput+0x291/0x6e0
[   22.121640]  ____fput+0x15/0x20
[   22.121645]  task_work_run+0x122/0x1a0
[   22.121659]  do_exit+0x7f4/0x2da0
[   22.121669]  ? binder_ioctl_write_read.isra.39+0x8e0/0x8e0
[   22.121677]  ? do_vfs_ioctl+0x439/0xfe0
[   22.121684]  ? mm_update_next_owner+0x690/0x690
[   22.121690]  ? ioctl_preallocate+0x1c0/0x1c0
[   22.121700]  ? __do_page_fault+0x3c3/0xca0
[   22.121709]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   22.121717]  do_group_exit+0x108/0x320
[   22.121724]  SyS_exit_group+0x1d/0x20
[   22.121730]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   22.121735] RIP: 0033:0x4429f8
[   22.121738] RSP: 002b:00007ffc05f3b888 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   22.121745] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 00000000004429f8
[   22.121748] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   22.121751] RBP: 00000000006ce018 R08: 00000000000000e7 R09: ffffffffffffffd0
[   22.121755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a40
[   22.121758] R13: 0000000000401ad0 R14: 0000000000000000 R15: 0000000000000000
[   22.121765] 
[   22.121768] Allocated by task 3469:
[   22.121774]  save_stack+0x43/0xd0
[   22.121778]  kasan_kmalloc+0xad/0xe0
[   22.121783]  kmem_cache_alloc_trace+0x136/0x750
[   22.121788]  binder_get_thread+0x15d/0x700
[   22.121792]  binder_poll+0x4a/0x210
[   22.121797]  ep_item_poll.isra.10+0xf2/0x320
[   22.121803]  SyS_epoll_ctl+0x11c4/0x27b0
[   22.121808]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   22.121809] 
[   22.121811] Freed by task 3469:
[   22.121816]  save_stack+0x43/0xd0
[   22.121821]  kasan_slab_free+0x71/0xc0
[   22.121825]  kfree+0xd6/0x260
[   22.121829]  binder_thread_dec_tmpref+0x17d/0x1e0
[   22.121834]  binder_thread_release+0x27d/0x540
[   22.121838]  binder_ioctl+0xa1b/0x10ee
[   22.121843]  do_vfs_ioctl+0x190/0xfe0
[   22.121847]  SyS_ioctl+0x8f/0xc0
[   22.121852]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   22.121853] 
[   22.121858] The buggy address belongs to the object at ffff8801cc359a00
[   22.121858]  which belongs to the cache kmalloc-512 of size 512
[   22.121862] The buggy address is located 184 bytes inside of
[   22.121862]  512-byte region [ffff8801cc359a00, ffff8801cc359c00)
[   22.121864] The buggy address belongs to the page:
[   22.121869] page:ffffea000730d640 count:1 mapcount:0 mapping:ffff8801cc359000 index:0x0
[   22.121874] flags: 0x2fffc0000000100(slab)
[   22.121883] raw: 02fffc0000000100 ffff8801cc359000 0000000000000000 0000000100000006
[   22.121889] raw: ffffea00072f5820 ffffea000734e560 ffff8801db000940 0000000000000000
[   22.121891] page dumped because: kasan: bad access detected
[   22.121893] 
[   22.121894] Memory state around the buggy address:
[   22.121899]  ffff8801cc359980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.121903]  ffff8801cc359a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.121907] >ffff8801cc359a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.121909]                                         ^
[   22.121913]  ffff8801cc359b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.121918]  ffff8801cc359b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.121919] ==================================================================
[   22.121921] Disabling lock debugging due to kernel taint
[   22.121924] Kernel panic - not syncing: panic_on_warn set ...
[   22.121924] 
[   22.121930] CPU: 1 PID: 3469 Comm: syzkaller923230 Tainted: G    B            4.15.0-rc6-next-20180103+ #87
[   22.121933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.121934] Call Trace:
[   22.121940]  dump_stack+0x137/0x198
[   22.121947]  ? __lock_acquire+0x3b80/0x3cf0
[   22.121952]  panic+0x1e4/0x41c
[   22.121958]  ? refcount_error_report+0x214/0x214
[   22.121964]  ? add_taint+0x40/0x50
[   22.121969]  ? add_taint+0x1c/0x50
[   22.121976]  ? __lock_acquire+0x3c41/0x3cf0
[   22.121982]  kasan_end_report+0x50/0x50
[   22.121988]  kasan_report+0x148/0x360
[   22.121995]  __asan_report_load8_noabort+0x14/0x20
[   22.122004]  __lock_acquire+0x3c41/0x3cf0
[   22.122009]  ? lock_downgrade+0x860/0x860
[   22.122015]  ? __bpf_address_lookup+0x2b0/0x2b0
[   22.122022]  ? __lock_acquire+0x63e/0x3cf0
[   22.122028]  ? remove_wait_queue+0x24/0x1b0
[   22.122037]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   22.122045]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   22.122052]  ? __mutex_lock+0xec/0x1550
[   22.122058]  ? ep_free+0x72/0x230
[   22.122063]  ? save_stack+0xa3/0xd0
[   22.122070]  lock_acquire+0x16b/0x420
[   22.122075]  ? lock_acquire+0x16b/0x420
[   22.122081]  ? remove_wait_queue+0x24/0x1b0
[   22.122089]  _raw_spin_lock_irqsave+0x96/0xc0
[   22.122095]  ? remove_wait_queue+0x24/0x1b0
[   22.122101]  remove_wait_queue+0x24/0x1b0
[   22.122109]  ep_unregister_pollwait.isra.7+0x9d/0x360
[   22.122116]  ? ep_free+0x230/0x230
[   22.122121]  ep_free+0xae/0x230
[   22.122127]  ? ep_free+0x230/0x230
[   22.122133]  ep_eventpoll_release+0x44/0x60
[   22.122138]  __fput+0x291/0x6e0
[   22.122145]  ____fput+0x15/0x20
[   22.122150]  task_work_run+0x122/0x1a0
[   22.122157]  do_exit+0x7f4/0x2da0
[   22.122164]  ? binder_ioctl_write_read.isra.39+0x8e0/0x8e0
[   22.122170]  ? do_vfs_ioctl+0x439/0xfe0
[   22.122177]  ? mm_update_next_owner+0x690/0x690
[   22.122182]  ? ioctl_preallocate+0x1c0/0x1c0
[   22.122189]  ? __do_page_fault+0x3c3/0xca0
[   22.122198]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   22.122205]  do_group_exit+0x108/0x320
[   22.122212]  SyS_exit_group+0x1d/0x20
[   22.122219]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   22.122222] RIP: 0033:0x4429f8
[   22.122225] RSP: 002b:00007ffc05f3b888 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   22.122230] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 00000000004429f8
[   22.122234] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   22.122237] RBP: 00000000006ce018 R08: 00000000000000e7 R09: ffffffffffffffd0
[   22.122240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a40
[   22.122243] R13: 0000000000401ad0 R14: 0000000000000000 R15: 0000000000000000
[   22.142894] Dumping ftrace buffer:
[   22.142898]    (ftrace buffer empty)
[   22.142901] Kernel Offset: disabled
[   22.870761] Rebooting in 86400 seconds..