[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   11.727633] audit: type=1400 audit(1515310055.449:6): avc:  denied  { map } for  pid=3451 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.13' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   17.837499] audit: type=1400 audit(1515310061.559:7): avc:  denied  { map } for  pid=3465 comm="syzkaller490163" path="/root/syzkaller490163554" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   17.842628] ==================================================================
[   17.842641] BUG: KASAN: use-after-free in __lock_acquire+0x3c41/0x3cf0
[   17.842646] Read of size 8 at addr ffff8801cc0265f8 by task syzkaller490163/3465
[   17.842648] 
[   17.842656] CPU: 1 PID: 3465 Comm: syzkaller490163 Not tainted 4.15.0-rc6-next-20180105+ #89
[   17.842659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   17.842661] Call Trace:
[   17.842670]  dump_stack+0x137/0x198
[   17.842677]  ? __lock_acquire+0x3c41/0x3cf0
[   17.842686]  print_address_description+0x73/0x250
[   17.842692]  ? __lock_acquire+0x3c41/0x3cf0
[   17.842699]  kasan_report+0x23b/0x360
[   17.842707]  __asan_report_load8_noabort+0x14/0x20
[   17.842712]  __lock_acquire+0x3c41/0x3cf0
[   17.842720]  ? bpf_prog_kallsyms_find+0x39/0x270
[   17.842728]  ? __lock_acquire+0x63e/0x3cf0
[   17.842735]  ? remove_wait_queue+0x24/0x1b0
[   17.842743]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   17.842752]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   17.842761]  ? __mutex_lock+0xec/0x1550
[   17.842769]  ? ep_free+0x72/0x230
[   17.842774]  ? save_stack+0x43/0xd0
[   17.842780]  ? __kasan_slab_free+0x11a/0x170
[   17.842785]  ? kasan_slab_free+0xe/0x10
[   17.842793]  lock_acquire+0x16b/0x420
[   17.842798]  ? lock_acquire+0x16b/0x420
[   17.842804]  ? remove_wait_queue+0x24/0x1b0
[   17.842813]  _raw_spin_lock_irqsave+0x96/0xc0
[   17.842818]  ? remove_wait_queue+0x24/0x1b0
[   17.842825]  remove_wait_queue+0x24/0x1b0
[   17.842833]  ep_unregister_pollwait.isra.7+0x9d/0x360
[   17.842841]  ? ep_free+0x230/0x230
[   17.842846]  ep_free+0xae/0x230
[   17.842852]  ? ep_free+0x230/0x230
[   17.842858]  ep_eventpoll_release+0x44/0x60
[   17.842864]  __fput+0x291/0x6e0
[   17.842872]  ____fput+0x15/0x20
[   17.842878]  task_work_run+0x122/0x1a0
[   17.842886]  do_exit+0x7f4/0x2da0
[   17.842894]  ? binder_ioctl_write_read.isra.39+0x8e0/0x8e0
[   17.842901]  ? do_vfs_ioctl+0x439/0xfe0
[   17.842908]  ? mm_update_next_owner+0x690/0x690
[   17.842914]  ? ioctl_preallocate+0x1c0/0x1c0
[   17.842921]  ? __do_page_fault+0x3c3/0xca0
[   17.842931]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   17.842939]  do_group_exit+0x108/0x320
[   17.842946]  SyS_exit_group+0x1d/0x20
[   17.842953]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   17.842957] RIP: 0033:0x4429f8
[   17.842960] RSP: 002b:00007ffe01bb7a18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   17.842967] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 00000000004429f8
[   17.842970] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   17.842974] RBP: 00000000006ce018 R08: 00000000000000e7 R09: ffffffffffffffd0
[   17.842977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a40
[   17.842980] R13: 0000000000401ad0 R14: 0000000000000000 R15: 0000000000000000
[   17.842987] 
[   17.842990] Allocated by task 3465:
[   17.842996]  save_stack+0x43/0xd0
[   17.843004]  kasan_kmalloc+0xad/0xe0
[   17.843010]  kmem_cache_alloc_trace+0x136/0x750
[   17.843014]  binder_get_thread+0x15d/0x700
[   17.843018]  binder_poll+0x4a/0x210
[   17.843024]  ep_item_poll.isra.10+0xf2/0x320
[   17.843029]  SyS_epoll_ctl+0x11c4/0x27b0
[   17.843035]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   17.843036] 
[   17.843038] Freed by task 3465:
[   17.843043]  save_stack+0x43/0xd0
[   17.843048]  __kasan_slab_free+0x11a/0x170
[   17.843053]  kasan_slab_free+0xe/0x10
[   17.843057]  kfree+0xd9/0x260
[   17.843062]  binder_thread_dec_tmpref+0x17d/0x1e0
[   17.843066]  binder_thread_release+0x27d/0x540
[   17.843071]  binder_ioctl+0xa1b/0x10ee
[   17.843075]  do_vfs_ioctl+0x190/0xfe0
[   17.843080]  SyS_ioctl+0x8f/0xc0
[   17.843085]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   17.843087] 
[   17.843091] The buggy address belongs to the object at ffff8801cc026540
[   17.843091]  which belongs to the cache kmalloc-512 of size 512
[   17.843096] The buggy address is located 184 bytes inside of
[   17.843096]  512-byte region [ffff8801cc026540, ffff8801cc026740)
[   17.843097] The buggy address belongs to the page:
[   17.843102] page:ffffea0007300980 count:1 mapcount:0 mapping:ffff8801cc026040 index:0x0
[   17.843107] flags: 0x2fffc0000000100(slab)
[   17.843116] raw: 02fffc0000000100 ffff8801cc026040 0000000000000000 0000000100000006
[   17.843123] raw: ffffea0007300860 ffffea0007305ba0 ffff8801db000940 0000000000000000
[   17.843125] page dumped because: kasan: bad access detected
[   17.843127] 
[   17.843128] Memory state around the buggy address:
[   17.843133]  ffff8801cc026480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   17.843137]  ffff8801cc026500: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   17.843141] >ffff8801cc026580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.843144]                                                                 ^
[   17.843148]  ffff8801cc026600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.843153]  ffff8801cc026680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.843154] ==================================================================
[   17.843156] Disabling lock debugging due to kernel taint
[   17.843159] Kernel panic - not syncing: panic_on_warn set ...
[   17.843159] 
[   17.843165] CPU: 1 PID: 3465 Comm: syzkaller490163 Tainted: G    B            4.15.0-rc6-next-20180105+ #89
[   17.843168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   17.843169] Call Trace:
[   17.843176]  dump_stack+0x137/0x198
[   17.843183]  ? __lock_acquire+0x3b60/0x3cf0
[   17.843188]  panic+0x1e4/0x41c
[   17.843194]  ? refcount_error_report+0x214/0x214
[   17.843201]  ? add_taint+0x40/0x50
[   17.843206]  ? add_taint+0x1c/0x50
[   17.843213]  ? __lock_acquire+0x3c41/0x3cf0
[   17.843219]  kasan_end_report+0x50/0x50
[   17.843225]  kasan_report+0x148/0x360
[   17.843233]  __asan_report_load8_noabort+0x14/0x20
[   17.843238]  __lock_acquire+0x3c41/0x3cf0
[   17.843245]  ? bpf_prog_kallsyms_find+0x39/0x270
[   17.843252]  ? __lock_acquire+0x63e/0x3cf0
[   17.843258]  ? remove_wait_queue+0x24/0x1b0
[   17.843266]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   17.843275]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   17.843282]  ? __mutex_lock+0xec/0x1550
[   17.843288]  ? ep_free+0x72/0x230
[   17.843293]  ? save_stack+0x43/0xd0
[   17.843299]  ? __kasan_slab_free+0x11a/0x170
[   17.843304]  ? kasan_slab_free+0xe/0x10
[   17.843311]  lock_acquire+0x16b/0x420
[   17.843316]  ? lock_acquire+0x16b/0x420
[   17.843322]  ? remove_wait_queue+0x24/0x1b0
[   17.843331]  _raw_spin_lock_irqsave+0x96/0xc0
[   17.843337]  ? remove_wait_queue+0x24/0x1b0
[   17.843343]  remove_wait_queue+0x24/0x1b0
[   17.843351]  ep_unregister_pollwait.isra.7+0x9d/0x360
[   17.843358]  ? ep_free+0x230/0x230
[   17.843368]  ep_free+0xae/0x230
[   17.843374]  ? ep_free+0x230/0x230
[   17.843380]  ep_eventpoll_release+0x44/0x60
[   17.843385]  __fput+0x291/0x6e0
[   17.843393]  ____fput+0x15/0x20
[   17.843398]  task_work_run+0x122/0x1a0
[   17.843405]  do_exit+0x7f4/0x2da0
[   17.843412]  ? binder_ioctl_write_read.isra.39+0x8e0/0x8e0
[   17.843418]  ? do_vfs_ioctl+0x439/0xfe0
[   17.843425]  ? mm_update_next_owner+0x690/0x690
[   17.843431]  ? ioctl_preallocate+0x1c0/0x1c0
[   17.843438]  ? __do_page_fault+0x3c3/0xca0
[   17.843448]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   17.843455]  do_group_exit+0x108/0x320
[   17.843462]  SyS_exit_group+0x1d/0x20
[   17.843468]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   17.843472] RIP: 0033:0x4429f8
[   17.843475] RSP: 002b:00007ffe01bb7a18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   17.843481] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 00000000004429f8
[   17.843484] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   17.843487] RBP: 00000000006ce018 R08: 00000000000000e7 R09: ffffffffffffffd0
[   17.843490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a40
[   17.843494] R13: 0000000000401ad0 R14: 0000000000000000 R15: 0000000000000000
[   17.863377] Dumping ftrace buffer:
[   17.863380]    (ftrace buffer empty)
[   17.863382] Kernel Offset: disabled
[   18.604989] Rebooting in 86400 seconds..