[....] Starting enhanced syslogd: rsyslogd[   12.382885] audit: type=1400 audit(1516509161.437:5): avc:  denied  { syslog } for  pid=3514 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.879674] audit: type=1400 audit(1516509167.934:6): avc:  denied  { map } for  pid=3653 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.198' (ECDSA) to the list of known hosts.
executing program
[   35.783981] audit: type=1400 audit(1516509184.838:7): avc:  denied  { map } for  pid=3670 comm="syzkaller306637" path="/root/syzkaller306637253" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   35.812678] ==================================================================
[   35.820108] BUG: KASAN: use-after-free in __wake_up_common+0x670/0x780
[   35.826752] Read of size 8 at addr ffff8801bbd203c8 by task syzkaller306637/3670
[   35.834259] 
[   35.835871] CPU: 0 PID: 3670 Comm: syzkaller306637 Not tainted 4.15.0-rc8-mm1+ #59
[   35.843555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.852891] Call Trace:
[   35.855458]  dump_stack+0x194/0x257
[   35.859063]  ? arch_local_irq_restore+0x53/0x53
[   35.863705]  ? show_regs_print_info+0x18/0x18
[   35.868181]  ? __wake_up_common+0x670/0x780
[   35.872478]  print_address_description+0x73/0x250
[   35.877294]  ? __wake_up_common+0x670/0x780
[   35.881591]  kasan_report+0x23b/0x360
[   35.885371]  __asan_report_load8_noabort+0x14/0x20
[   35.890276]  __wake_up_common+0x670/0x780
[   35.894403]  ? do_wait_intr_irq+0x3e0/0x3e0
[   35.898702]  ? __save_stack_trace+0x7e/0xd0
[   35.903012]  __wake_up_common_lock+0x1b4/0x310
[   35.907573]  ? locks_remove_file+0x3fa/0x5a0
[   35.911959]  ? __wake_up_common+0x780/0x780
[   35.916250]  ? fcntl_setlk+0x10c0/0x10c0
[   35.920295]  ? fsnotify_first_mark+0x2b0/0x2b0
[   35.924855]  ? eventfd_show_fdinfo+0x90/0x90
[   35.929239]  __wake_up+0xe/0x10
[   35.932492]  eventfd_release+0x4a/0x60
[   35.936352]  __fput+0x327/0x7e0
[   35.939610]  ? fput+0x140/0x140
[   35.942866]  ? _raw_spin_unlock_irq+0x27/0x70
[   35.947347]  ____fput+0x15/0x20
[   35.950601]  task_work_run+0x199/0x270
[   35.954468]  ? task_work_cancel+0x210/0x210
[   35.958766]  ? _raw_spin_unlock+0x22/0x30
[   35.962908]  ? switch_task_namespaces+0x87/0xc0
[   35.967558]  do_exit+0x9bb/0x1ad0
[   35.970995]  ? mm_update_next_owner+0x930/0x930
[   35.975691]  ? mntput_no_expire+0x15e/0xa90
[   35.979989]  ? _raw_spin_unlock+0x22/0x30
[   35.984532]  ? mnt_get_count+0x150/0x150
[   35.988576]  ? find_held_lock+0x35/0x1d0
[   35.992706]  ? task_work_run+0x16c/0x270
[   35.996747]  ? lock_downgrade+0x980/0x980
[   36.000877]  ? mntput+0x66/0x90
[   36.004133]  ? lock_release+0xa40/0xa40
[   36.008084]  ? do_raw_spin_trylock+0x190/0x190
[   36.012643]  ? _raw_spin_unlock_irq+0x27/0x70
[   36.017115]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   36.022104]  ? trace_hardirqs_on+0xd/0x10
[   36.026225]  ? _raw_spin_unlock_irq+0x27/0x70
[   36.030691]  ? task_work_run+0x1f4/0x270
[   36.034728]  ? task_work_cancel+0x210/0x210
[   36.039025]  ? exit_to_usermode_loop+0x8c/0x2f0
[   36.043673]  ? trace_hardirqs_off+0xd/0x10
[   36.047885]  ? exit_to_usermode_loop+0x198/0x2f0
[   36.052618]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   36.058133]  ? __close_fd+0x222/0x360
[   36.061914]  do_group_exit+0x149/0x400
[   36.065777]  ? prepare_exit_to_usermode+0x340/0x340
[   36.070769]  ? SyS_exit+0x30/0x30
[   36.074199]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   36.079203]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   36.083938]  SyS_exit_group+0x1d/0x20
[   36.087716]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   36.092446] RIP: 0033:0x43e978
[   36.095613] RSP: 002b:00007fff34d93c48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   36.103295] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043e978
[   36.110698] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   36.117944] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0
[   36.125198] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004016a0
[   36.132453] R13: 0000000000401730 R14: 0000000000000000 R15: 0000000000000000
[   36.139726] 
[   36.141329] Allocated by task 3670:
[   36.144935]  save_stack+0x43/0xd0
[   36.148383]  kasan_kmalloc+0xad/0xe0
[   36.152085]  __kmalloc_node+0x47/0x70
[   36.155866]  kvmalloc_node+0x64/0xd0
[   36.159556]  vhost_net_open+0x27/0x670
[   36.163437]  misc_open+0x382/0x500
[   36.166955]  chrdev_open+0x257/0x730
[   36.170651]  do_dentry_open+0x667/0xd40
[   36.174598]  vfs_open+0x107/0x220
[   36.178024]  path_openat+0x1151/0x3530
[   36.181884]  do_filp_open+0x25b/0x3b0
[   36.185656]  do_sys_open+0x502/0x6d0
[   36.189339]  SyS_openat+0x30/0x40
[   36.192766]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   36.197489] 
[   36.199086] Freed by task 3670:
[   36.202340]  save_stack+0x43/0xd0
[   36.205780]  __kasan_slab_free+0x11a/0x170
[   36.209989]  kasan_slab_free+0xe/0x10
[   36.213775]  kfree+0xd9/0x260
[   36.216861]  kvfree+0x36/0x60
[   36.219939]  vhost_net_release+0x159/0x190
[   36.224145]  __fput+0x327/0x7e0
[   36.227394]  ____fput+0x15/0x20
[   36.230647]  task_work_run+0x199/0x270
[   36.234508]  exit_to_usermode_loop+0x275/0x2f0
[   36.239062]  syscall_return_slowpath+0x490/0x550
[   36.243790]  entry_SYSCALL_64_fastpath+0x9e/0xa0
[   36.248534] 
[   36.250149] The buggy address belongs to the object at ffff8801bbd20140
[   36.250149]  which belongs to the cache kmalloc-65536 of size 65536
[   36.263129] The buggy address is located 648 bytes inside of
[   36.263129]  65536-byte region [ffff8801bbd20140, ffff8801bbd30140)
[   36.275153] The buggy address belongs to the page:
[   36.280062] page:ffffea0006ef4800 count:1 mapcount:0 mapping:ffff8801bbd20140 index:0x0 compound_mapcount: 0
[   36.290015] flags: 0x2fffc0000008100(slab|head)
[   36.294657] raw: 02fffc0000008100 ffff8801bbd20140 0000000000000000 0000000100000001
[   36.302520] raw: ffffea00074c7020 ffffea0006ef7820 ffff8801dac02500 0000000000000000
[   36.310370] page dumped because: kasan: bad access detected
[   36.316059] 
[   36.317660] Memory state around the buggy address:
[   36.322576]  ffff8801bbd20280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   36.329906]  ffff8801bbd20300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   36.337234] >ffff8801bbd20380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   36.344577]                                               ^
[   36.350259]  ffff8801bbd20400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   36.357588]  ffff8801bbd20480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   36.365522] ==================================================================
[   36.372855] Disabling lock debugging due to kernel taint
[   36.378275] Kernel panic - not syncing: panic_on_warn set ...
[   36.378275] 
[   36.385609] CPU: 0 PID: 3670 Comm: syzkaller306637 Tainted: G    B            4.15.0-rc8-mm1+ #59
[   36.394591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.403936] Call Trace:
[   36.406511]  dump_stack+0x194/0x257
[   36.410113]  ? arch_local_irq_restore+0x53/0x53
[   36.414752]  ? kasan_end_report+0x32/0x50
[   36.418875]  ? lock_downgrade+0x980/0x980
[   36.422995]  ? vsnprintf+0x1ed/0x1900
[   36.426768]  ? __wake_up_common+0x660/0x780
[   36.431064]  panic+0x1e4/0x41c
[   36.434227]  ? refcount_error_report+0x214/0x214
[   36.438953]  ? add_taint+0x40/0x50
[   36.442462]  ? add_taint+0x1c/0x50
[   36.445974]  ? __wake_up_common+0x670/0x780
[   36.450266]  kasan_end_report+0x50/0x50
[   36.454214]  kasan_report+0x148/0x360
[   36.457990]  __asan_report_load8_noabort+0x14/0x20
[   36.462894]  __wake_up_common+0x670/0x780
[   36.467016]  ? do_wait_intr_irq+0x3e0/0x3e0
[   36.471396]  ? __save_stack_trace+0x7e/0xd0
[   36.475694]  __wake_up_common_lock+0x1b4/0x310
[   36.480246]  ? locks_remove_file+0x3fa/0x5a0
[   36.484628]  ? __wake_up_common+0x780/0x780
[   36.488921]  ? fcntl_setlk+0x10c0/0x10c0
[   36.492966]  ? fsnotify_first_mark+0x2b0/0x2b0
[   36.497523]  ? eventfd_show_fdinfo+0x90/0x90
[   36.502075]  __wake_up+0xe/0x10
[   36.505324]  eventfd_release+0x4a/0x60
[   36.509182]  __fput+0x327/0x7e0
[   36.512434]  ? fput+0x140/0x140
[   36.515691]  ? _raw_spin_unlock_irq+0x27/0x70
[   36.520160]  ____fput+0x15/0x20
[   36.523411]  task_work_run+0x199/0x270
[   36.527272]  ? task_work_cancel+0x210/0x210
[   36.531564]  ? _raw_spin_unlock+0x22/0x30
[   36.535701]  ? switch_task_namespaces+0x87/0xc0
[   36.540342]  do_exit+0x9bb/0x1ad0
[   36.543771]  ? mm_update_next_owner+0x930/0x930
[   36.548414]  ? mntput_no_expire+0x15e/0xa90
[   36.552704]  ? _raw_spin_unlock+0x22/0x30
[   36.556835]  ? mnt_get_count+0x150/0x150
[   36.560872]  ? find_held_lock+0x35/0x1d0
[   36.564908]  ? task_work_run+0x16c/0x270
[   36.568938]  ? lock_downgrade+0x980/0x980
[   36.573054]  ? mntput+0x66/0x90
[   36.576305]  ? lock_release+0xa40/0xa40
[   36.580253]  ? do_raw_spin_trylock+0x190/0x190
[   36.584821]  ? _raw_spin_unlock_irq+0x27/0x70
[   36.589295]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   36.594287]  ? trace_hardirqs_on+0xd/0x10
[   36.598418]  ? _raw_spin_unlock_irq+0x27/0x70
[   36.602883]  ? task_work_run+0x1f4/0x270
[   36.606916]  ? task_work_cancel+0x210/0x210
[   36.611223]  ? exit_to_usermode_loop+0x8c/0x2f0
[   36.615877]  ? trace_hardirqs_off+0xd/0x10
[   36.620093]  ? exit_to_usermode_loop+0x198/0x2f0
[   36.624839]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   36.630350]  ? __close_fd+0x222/0x360
[   36.634126]  do_group_exit+0x149/0x400
[   36.637983]  ? prepare_exit_to_usermode+0x340/0x340
[   36.642971]  ? SyS_exit+0x30/0x30
[   36.646395]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   36.651383]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   36.656112]  SyS_exit_group+0x1d/0x20
[   36.659885]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   36.664619] RIP: 0033:0x43e978
[   36.667882] RSP: 002b:00007fff34d93c48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   36.675647] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043e978
[   36.683149] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   36.690389] RBP: 00000000006ca018 R08: 00000000000000e7 R09: ffffffffffffffd0
[   36.697630] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004016a0
[   36.704872] R13: 0000000000401730 R14: 0000000000000000 R15: 0000000000000000
[   36.712504] Dumping ftrace buffer:
[   36.716015]    (ftrace buffer empty)
[   36.719699] Kernel Offset: disabled
[   36.723297] Rebooting in 86400 seconds..