[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   18.358011] audit: type=1400 audit(1520435523.413:6): avc:  denied  { map } for  pid=4180 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.5' (ECDSA) to the list of known hosts.
syzkaller login: [   24.631383] audit: type=1400 audit(1520435529.687:7): avc:  denied  { map } for  pid=4194 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/03/07 15:12:09 parsed 1 programs
2018/03/07 15:12:09 executed programs: 0
[   24.881269] audit: type=1400 audit(1520435529.937:8): avc:  denied  { map } for  pid=4194 comm="syz-execprog" path="/root/syzkaller-shm380374470" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   24.895811] IPVS: ftp: loaded support on port[0] = 21
[   24.950316] ==================================================================
[   24.957725] BUG: KASAN: use-after-free in ucma_close+0x2d7/0x2f0
[   24.963845] Read of size 8 at addr ffff8801b496f740 by task syz-executor0/4203
[   24.971171] 
[   24.972778] CPU: 0 PID: 4203 Comm: syz-executor0 Not tainted 4.16.0-rc4+ #254
[   24.980030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   24.989354] Call Trace:
[   24.991917]  dump_stack+0x194/0x24d
[   24.995528]  ? arch_local_irq_restore+0x53/0x53
[   25.000173]  ? show_regs_print_info+0x18/0x18
[   25.004640]  ? save_stack+0xa3/0xd0
[   25.008246]  ? ucma_close+0x2d7/0x2f0
[   25.012027]  print_address_description+0x73/0x250
[   25.016847]  ? ucma_close+0x2d7/0x2f0
[   25.020621]  kasan_report+0x23c/0x360
[   25.024400]  __asan_report_load8_noabort+0x14/0x20
[   25.029303]  ucma_close+0x2d7/0x2f0
[   25.032905]  ? __might_sleep+0x95/0x190
[   25.036855]  ? ucma_free_ctx+0xd90/0xd90
[   25.040891]  __fput+0x327/0x7e0
[   25.044150]  ? fput+0x140/0x140
[   25.047404]  ? _raw_spin_unlock_irq+0x27/0x70
[   25.051884]  ____fput+0x15/0x20
[   25.055142]  task_work_run+0x199/0x270
[   25.059008]  ? task_work_cancel+0x210/0x210
[   25.063316]  ? _raw_spin_unlock+0x22/0x30
[   25.067435]  ? switch_task_namespaces+0x87/0xc0
[   25.072081]  do_exit+0x9bb/0x1ad0
[   25.075508]  ? find_held_lock+0x35/0x1d0
[   25.079544]  ? mm_update_next_owner+0x930/0x930
[   25.084188]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.089357]  ? lock_downgrade+0x980/0x980
[   25.093481]  ? __unqueue_futex+0x1c0/0x290
[   25.097694]  ? lock_release+0xa40/0xa40
[   25.101645]  ? fault_in_user_writeable+0x90/0x90
[   25.106378]  ? do_raw_spin_trylock+0x190/0x190
[   25.110934]  ? futex_wake+0x680/0x680
[   25.114710]  ? kernel_text_address+0x102/0x140
[   25.119271]  ? drop_futex_key_refs.isra.13+0x63/0xb0
[   25.124353]  ? futex_wait+0x6a9/0x9a0
[   25.128137]  ? save_stack+0xa3/0xd0
[   25.131738]  ? trace_hardirqs_off+0x10/0x10
[   25.136032]  ? drop_futex_key_refs.isra.13+0x63/0xb0
[   25.141108]  ? futex_wake+0x2ca/0x680
[   25.144880]  ? do_fast_syscall_32+0x3ec/0xf9f
[   25.149351]  ? entry_SYSENTER_compat+0x70/0x7f
[   25.153913]  ? memset+0x31/0x40
[   25.157168]  ? find_held_lock+0x35/0x1d0
[   25.161208]  ? get_signal+0x7a9/0x16d0
[   25.165070]  ? lock_downgrade+0x980/0x980
[   25.169197]  do_group_exit+0x149/0x400
[   25.173056]  ? do_raw_spin_trylock+0x190/0x190
[   25.177611]  ? SyS_exit+0x30/0x30
[   25.181039]  ? _raw_spin_unlock_irq+0x27/0x70
[   25.185510]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   25.190511]  get_signal+0x73a/0x16d0
[   25.194215]  ? ptrace_notify+0x130/0x130
[   25.198253]  ? __might_sleep+0x95/0x190
[   25.202219]  ? kasan_check_write+0x14/0x20
[   25.206424]  ? _copy_from_user+0x99/0x110
[   25.210549]  ? ucma_write+0x11f/0x3d0
[   25.214318]  ? ucma_get_event+0xa90/0xa90
[   25.218439]  ? ucma_resolve_route+0x1a0/0x1a0
[   25.222909]  do_signal+0x90/0x1e90
[   25.226425]  ? ucma_resolve_route+0x1a0/0x1a0
[   25.230892]  ? __vfs_write+0xf7/0x970
[   25.234664]  ? rcu_note_context_switch+0x710/0x710
[   25.239567]  ? setup_sigcontext+0x7d0/0x7d0
[   25.243860]  ? kernel_read+0x120/0x120
[   25.247721]  ? __might_sleep+0x95/0x190
[   25.251670]  ? _cond_resched+0x14/0x30
[   25.255536]  ? __inode_security_revalidate+0xd9/0x130
[   25.260701]  ? avc_policy_seqno+0x9/0x20
[   25.264734]  ? selinux_file_permission+0x82/0x460
[   25.269562]  ? exit_to_usermode_loop+0x8c/0x2f0
[   25.274209]  exit_to_usermode_loop+0x258/0x2f0
[   25.278766]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   25.284279]  ? do_fast_syscall_32+0x156/0xf9f
[   25.288753]  do_fast_syscall_32+0xbe6/0xf9f
[   25.293047]  ? _raw_spin_unlock_irq+0x27/0x70
[   25.297521]  ? do_int80_syscall_32+0x9c0/0x9c0
[   25.302074]  ? _raw_spin_unlock_irq+0x27/0x70
[   25.306544]  ? finish_task_switch+0x1c1/0x7e0
[   25.311032]  ? syscall_return_slowpath+0x2ac/0x550
[   25.315940]  ? prepare_exit_to_usermode+0x350/0x350
[   25.320930]  ? sysret32_from_system_call+0x5/0x3c
[   25.325747]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   25.330565]  entry_SYSENTER_compat+0x70/0x7f
[   25.334945] RIP: 0023:0xf7f55c99
[   25.338281] RSP: 002b:00000000f7f5110c EFLAGS: 00000296 ORIG_RAX: 00000000000000f0
[   25.345962] RAX: fffffffffffffe00 RBX: 000000000813af1c RCX: 0000000000000000
[   25.353205] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   25.360444] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   25.368314] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   25.375558] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   25.382814] 
[   25.384415] Allocated by task 4203:
[   25.388029]  save_stack+0x43/0xd0
[   25.391451]  kasan_kmalloc+0xad/0xe0
[   25.395136]  kmem_cache_alloc_trace+0x136/0x740
[   25.399774]  ucma_alloc_ctx+0xce/0x610
[   25.403635]  ucma_create_id+0x205/0x620
[   25.407581]  ucma_write+0x2d6/0x3d0
[   25.411179]  __vfs_write+0xef/0x970
[   25.414777]  vfs_write+0x189/0x510
[   25.418292]  SyS_write+0xef/0x220
[   25.421718]  do_fast_syscall_32+0x3ec/0xf9f
[   25.426014]  entry_SYSENTER_compat+0x70/0x7f
[   25.430394] 
[   25.431992] Freed by task 4203:
[   25.435244]  save_stack+0x43/0xd0
[   25.438674]  __kasan_slab_free+0x11a/0x170
[   25.442878]  kasan_slab_free+0xe/0x10
[   25.446649]  kfree+0xd9/0x260
[   25.449723]  ucma_create_id+0x45b/0x620
[   25.453664]  ucma_write+0x2d6/0x3d0
[   25.457262]  __vfs_write+0xef/0x970
[   25.460857]  vfs_write+0x189/0x510
[   25.464367]  SyS_write+0xef/0x220
[   25.467790]  do_fast_syscall_32+0x3ec/0xf9f
[   25.472082]  entry_SYSENTER_compat+0x70/0x7f
[   25.476454] 
[   25.478054] The buggy address belongs to the object at ffff8801b496f6c0
[   25.478054]  which belongs to the cache kmalloc-256 of size 256
[   25.490675] The buggy address is located 128 bytes inside of
[   25.490675]  256-byte region [ffff8801b496f6c0, ffff8801b496f7c0)
[   25.502517] The buggy address belongs to the page:
[   25.507415] page:ffffea0006d25bc0 count:1 mapcount:0 mapping:ffff8801b496f080 index:0x0
[   25.515526] flags: 0x2fffc0000000100(slab)
[   25.519733] raw: 02fffc0000000100 ffff8801b496f080 0000000000000000 000000010000000c
[   25.527583] raw: ffffea0006d22ce0 ffffea0006d25d60 ffff8801dac007c0 0000000000000000
[   25.535950] page dumped because: kasan: bad access detected
[   25.541628] 
[   25.543223] Memory state around the buggy address:
[   25.548126]  ffff8801b496f600: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   25.555451]  ffff8801b496f680: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   25.562777] >ffff8801b496f700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.570111]                                            ^
[   25.575533]  ffff8801b496f780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   25.582860]  ffff8801b496f800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.590187] ==================================================================
[   25.597520] Disabling lock debugging due to kernel taint
[   25.603034] Kernel panic - not syncing: panic_on_warn set ...
[   25.603034] 
[   25.610376] CPU: 0 PID: 4203 Comm: syz-executor0 Tainted: G    B            4.16.0-rc4+ #254
[   25.618919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.628242] Call Trace:
[   25.630800]  dump_stack+0x194/0x24d
[   25.634396]  ? arch_local_irq_restore+0x53/0x53
[   25.639034]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.643758]  ? vsnprintf+0x1ed/0x1900
[   25.647530]  ? ucma_close+0x1f0/0x2f0
[   25.651297]  panic+0x1e4/0x41c
[   25.654456]  ? refcount_error_report+0x214/0x214
[   25.659182]  ? add_taint+0x1c/0x50
[   25.662691]  ? add_taint+0x1c/0x50
[   25.666201]  ? ucma_close+0x2d7/0x2f0
[   25.669970]  kasan_end_report+0x50/0x50
[   25.673912]  kasan_report+0x149/0x360
[   25.677683]  __asan_report_load8_noabort+0x14/0x20
[   25.682591]  ucma_close+0x2d7/0x2f0
[   25.686187]  ? __might_sleep+0x95/0x190
[   25.690130]  ? ucma_free_ctx+0xd90/0xd90
[   25.694161]  __fput+0x327/0x7e0
[   25.697409]  ? fput+0x140/0x140
[   25.700664]  ? _raw_spin_unlock_irq+0x27/0x70
[   25.705128]  ____fput+0x15/0x20
[   25.708375]  task_work_run+0x199/0x270
[   25.712234]  ? task_work_cancel+0x210/0x210
[   25.716525]  ? _raw_spin_unlock+0x22/0x30
[   25.720642]  ? switch_task_namespaces+0x87/0xc0
[   25.725283]  do_exit+0x9bb/0x1ad0
[   25.728706]  ? find_held_lock+0x35/0x1d0
[   25.732735]  ? mm_update_next_owner+0x930/0x930
[   25.737381]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   25.742539]  ? lock_downgrade+0x980/0x980
[   25.746658]  ? __unqueue_futex+0x1c0/0x290
[   25.750860]  ? lock_release+0xa40/0xa40
[   25.754801]  ? fault_in_user_writeable+0x90/0x90
[   25.759527]  ? do_raw_spin_trylock+0x190/0x190
[   25.764077]  ? futex_wake+0x680/0x680
[   25.767845]  ? kernel_text_address+0x102/0x140
[   25.772398]  ? drop_futex_key_refs.isra.13+0x63/0xb0
[   25.777469]  ? futex_wait+0x6a9/0x9a0
[   25.781245]  ? save_stack+0xa3/0xd0
[   25.784841]  ? trace_hardirqs_off+0x10/0x10
[   25.790087]  ? drop_futex_key_refs.isra.13+0x63/0xb0
[   25.795174]  ? futex_wake+0x2ca/0x680
[   25.798943]  ? do_fast_syscall_32+0x3ec/0xf9f
[   25.803410]  ? entry_SYSENTER_compat+0x70/0x7f
[   25.807960]  ? memset+0x31/0x40
[   25.811212]  ? find_held_lock+0x35/0x1d0
[   25.815250]  ? get_signal+0x7a9/0x16d0
[   25.819106]  ? lock_downgrade+0x980/0x980
[   25.823228]  do_group_exit+0x149/0x400
[   25.827083]  ? do_raw_spin_trylock+0x190/0x190
[   25.831634]  ? SyS_exit+0x30/0x30
[   25.835054]  ? _raw_spin_unlock_irq+0x27/0x70
[   25.839519]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   25.844503]  get_signal+0x73a/0x16d0
[   25.848189]  ? ptrace_notify+0x130/0x130
[   25.852223]  ? __might_sleep+0x95/0x190
[   25.856169]  ? kasan_check_write+0x14/0x20
[   25.860372]  ? _copy_from_user+0x99/0x110
[   25.864492]  ? ucma_write+0x11f/0x3d0
[   25.868260]  ? ucma_get_event+0xa90/0xa90
[   25.872378]  ? ucma_resolve_route+0x1a0/0x1a0
[   25.876843]  do_signal+0x90/0x1e90
[   25.880351]  ? ucma_resolve_route+0x1a0/0x1a0
[   25.884813]  ? __vfs_write+0xf7/0x970
[   25.888583]  ? rcu_note_context_switch+0x710/0x710
[   25.893486]  ? setup_sigcontext+0x7d0/0x7d0
[   25.897781]  ? kernel_read+0x120/0x120
[   25.901637]  ? __might_sleep+0x95/0x190
[   25.905580]  ? _cond_resched+0x14/0x30
[   25.909439]  ? __inode_security_revalidate+0xd9/0x130
[   25.914596]  ? avc_policy_seqno+0x9/0x20
[   25.918628]  ? selinux_file_permission+0x82/0x460
[   25.923444]  ? exit_to_usermode_loop+0x8c/0x2f0
[   25.928081]  exit_to_usermode_loop+0x258/0x2f0
[   25.932633]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   25.938139]  ? do_fast_syscall_32+0x156/0xf9f
[   25.942606]  do_fast_syscall_32+0xbe6/0xf9f
[   25.946894]  ? _raw_spin_unlock_irq+0x27/0x70
[   25.951362]  ? do_int80_syscall_32+0x9c0/0x9c0
[   25.955910]  ? _raw_spin_unlock_irq+0x27/0x70
[   25.960370]  ? finish_task_switch+0x1c1/0x7e0
[   25.964836]  ? syscall_return_slowpath+0x2ac/0x550
[   25.969733]  ? prepare_exit_to_usermode+0x350/0x350
[   25.974718]  ? sysret32_from_system_call+0x5/0x3c
[   25.979533]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   25.984345]  entry_SYSENTER_compat+0x70/0x7f
[   25.988720] RIP: 0023:0xf7f55c99
[   25.992052] RSP: 002b:00000000f7f5110c EFLAGS: 00000296 ORIG_RAX: 00000000000000f0
[   25.999727] RAX: fffffffffffffe00 RBX: 000000000813af1c RCX: 0000000000000000
[   26.006965] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   26.014205] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   26.021441] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   26.028681] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   26.036344] Dumping ftrace buffer:
[   26.039855]    (ftrace buffer empty)
[   26.043531] Kernel Offset: disabled
[   26.047125] Rebooting in 86400 seconds..