[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[   10.904740] sshd (3019) used greatest stack depth: 16416 bytes left
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   13.594570] audit: type=1400 audit(1514455345.782:6): avc:  denied  { map } for  pid=3127 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.194' (ECDSA) to the list of known hosts.
executing program
[   19.777640] audit: type=1400 audit(1514455351.965:7): avc:  denied  { map } for  pid=3141 comm="syzkaller710015" path="/root/syzkaller710015318" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   19.780614] ==================================================================
[   19.780632] BUG: KASAN: double-free or invalid-free in relay_open+0x6a1/0xa40
[   19.780634] 
[   19.780642] CPU: 1 PID: 3141 Comm: syzkaller710015 Not tainted 4.15.0-rc4-next-20171221+ #78
[   19.780646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   19.780649] Call Trace:
[   19.780659]  dump_stack+0x194/0x257
[   19.780672]  ? arch_local_irq_restore+0x53/0x53
[   19.780683]  ? show_regs_print_info+0x18/0x18
[   19.780690]  ? __lock_is_held+0xb6/0x140
[   19.780706]  ? relay_open+0x6a1/0xa40
[   19.780717]  print_address_description+0x73/0x250
[   19.780724]  ? relay_open+0x6a1/0xa40
[   19.780730]  ? relay_open+0x6a1/0xa40
[   19.780739]  kasan_report_double_free+0x55/0x80
[   19.780750]  kasan_slab_free+0xa3/0xc0
[   19.780760]  kfree+0xd6/0x260
[   19.780772]  relay_open+0x6a1/0xa40
[   19.780787]  ? relay_open_buf.part.10+0x9b0/0x9b0
[   19.780801]  ? __debugfs_create_file+0x2cf/0x3d0
[   19.780818]  ? debugfs_create_file+0x57/0x70
[   19.780834]  do_blk_trace_setup+0x4a4/0xcd0
[   19.780850]  ? blk_tracer_print_line+0x40/0x40
[   19.780860]  ? __might_sleep+0x95/0x190
[   19.780878]  ? kasan_check_write+0x14/0x20
[   19.780886]  ? _copy_from_user+0x99/0x110
[   19.780899]  __blk_trace_setup+0xbe/0x150
[   19.780910]  ? do_blk_trace_setup+0xcd0/0xcd0
[   19.780943]  blk_trace_setup+0x4d/0x70
[   19.780959]  sg_ioctl+0xc71/0x2d90
[   19.780968]  ? lock_release+0xa40/0xa40
[   19.780976]  ? __handle_mm_fault+0x80e/0x3ce0
[   19.780990]  ? sg_new_write.isra.18+0x870/0x870
[   19.780998]  ? __pmd_alloc+0x4e0/0x4e0
[   19.781012]  ? is_bpf_text_address+0xa4/0x120
[   19.781029]  ? avc_has_extended_perms+0x7fa/0x12c0
[   19.781053]  ? avc_ss_reset+0x110/0x110
[   19.781078]  ? __do_page_fault+0x5f7/0xc90
[   19.781125]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   19.781131]  ? up_read+0x1a/0x40
[   19.781143]  ? rcu_note_context_switch+0x710/0x710
[   19.781162]  ? sg_new_write.isra.18+0x870/0x870
[   19.781170]  do_vfs_ioctl+0x1b1/0x1520
[   19.781177]  ? _cond_resched+0x14/0x30
[   19.781192]  ? ioctl_preallocate+0x2b0/0x2b0
[   19.781205]  ? selinux_capable+0x40/0x40
[   19.781218]  ? putname+0xf3/0x130
[   19.781230]  ? do_sys_open+0x320/0x6d0
[   19.781253]  ? security_file_ioctl+0x89/0xb0
[   19.781267]  SyS_ioctl+0x8f/0xc0
[   19.781282]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   19.781292] RIP: 0033:0x443de9
[   19.781296] RSP: 002b:00007ffddf284d28 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[   19.781303] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443de9
[   19.781308] RDX: 0000000020001f8a RSI: 00000000c0481273 RDI: 0000000000000003
[   19.781312] RBP: 00000000006ce018 R08: 0000000000000000 R09: 0000000000000000
[   19.781315] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000401ad0
[   19.781319] R13: 0000000000401b60 R14: 0000000000000000 R15: 0000000000000000
[   19.781347] 
[   19.781350] Allocated by task 3141:
[   19.781356]  save_stack+0x43/0xd0
[   19.781362]  kasan_kmalloc+0xad/0xe0
[   19.781367]  kmem_cache_alloc_trace+0x136/0x750
[   19.781372]  relay_open+0xf2/0xa40
[   19.781378]  do_blk_trace_setup+0x4a4/0xcd0
[   19.781384]  __blk_trace_setup+0xbe/0x150
[   19.781389]  blk_trace_setup+0x4d/0x70
[   19.781394]  sg_ioctl+0xc71/0x2d90
[   19.781400]  do_vfs_ioctl+0x1b1/0x1520
[   19.781404]  SyS_ioctl+0x8f/0xc0
[   19.781410]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   19.781412] 
[   19.781414] Freed by task 3141:
[   19.781420]  save_stack+0x43/0xd0
[   19.781425]  kasan_slab_free+0x71/0xc0
[   19.781430]  kfree+0xd6/0x260
[   19.781435]  relay_open+0x84a/0xa40
[   19.781440]  do_blk_trace_setup+0x4a4/0xcd0
[   19.781446]  __blk_trace_setup+0xbe/0x150
[   19.781452]  blk_trace_setup+0x4d/0x70
[   19.781457]  sg_ioctl+0xc71/0x2d90
[   19.781462]  do_vfs_ioctl+0x1b1/0x1520
[   19.781467]  SyS_ioctl+0x8f/0xc0
[   19.781472]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   19.781474] 
[   19.781479] The buggy address belongs to the object at ffff8801cab94340
[   19.781479]  which belongs to the cache kmalloc-512 of size 512
[   19.781485] The buggy address is located 0 bytes inside of
[   19.781485]  512-byte region [ffff8801cab94340, ffff8801cab94540)
[   19.781487] The buggy address belongs to the page:
[   19.781493] page:0000000035b7c62b count:1 mapcount:0 mapping:00000000e6843608 index:0x0
[   19.781500] flags: 0x2fffc0000000100(slab)
[   19.781510] raw: 02fffc0000000100 ffff8801cab940c0 0000000000000000 0000000100000006
[   19.781517] raw: ffffea0007204ba0 ffffea0007204da0 ffff8801dac00940 0000000000000000
[   19.781520] page dumped because: kasan: bad access detected
[   19.781522] 
[   19.781524] Memory state around the buggy address:
[   19.781529]  ffff8801cab94200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.781534]  ffff8801cab94280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   19.781539] >ffff8801cab94300: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   19.781542]                                            ^
[   19.781547]  ffff8801cab94380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.781552]  ffff8801cab94400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.781554] ==================================================================
[   19.781557] Disabling lock debugging due to kernel taint
[   19.781560] Kernel panic - not syncing: panic_on_warn set ...
[   19.781560] 
[   19.781566] CPU: 1 PID: 3141 Comm: syzkaller710015 Tainted: G    B            4.15.0-rc4-next-20171221+ #78
[   19.781570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   19.781571] Call Trace:
[   19.781578]  dump_stack+0x194/0x257
[   19.781586]  ? arch_local_irq_restore+0x53/0x53
[   19.781592]  ? kasan_end_report+0x32/0x50
[   19.781599]  ? lock_downgrade+0x980/0x980
[   19.781605]  ? vsnprintf+0x1ed/0x1900
[   19.781615]  panic+0x1e4/0x41c
[   19.781621]  ? refcount_error_report+0x214/0x214
[   19.781632]  ? add_taint+0x40/0x50
[   19.781638]  ? add_taint+0x1c/0x50
[   19.781645]  ? relay_open+0x6a1/0xa40
[   19.781650]  ? relay_open+0x6a1/0xa40
[   19.781656]  kasan_end_report+0x50/0x50
[   19.781663]  kasan_report_double_free+0x72/0x80
[   19.781671]  kasan_slab_free+0xa3/0xc0
[   19.781679]  kfree+0xd6/0x260
[   19.781686]  relay_open+0x6a1/0xa40
[   19.781697]  ? relay_open_buf.part.10+0x9b0/0x9b0
[   19.781706]  ? __debugfs_create_file+0x2cf/0x3d0
[   19.781717]  ? debugfs_create_file+0x57/0x70
[   19.781728]  do_blk_trace_setup+0x4a4/0xcd0
[   19.781738]  ? blk_tracer_print_line+0x40/0x40
[   19.781745]  ? __might_sleep+0x95/0x190
[   19.781757]  ? kasan_check_write+0x14/0x20
[   19.781762]  ? _copy_from_user+0x99/0x110
[   19.781772]  __blk_trace_setup+0xbe/0x150
[   19.781780]  ? do_blk_trace_setup+0xcd0/0xcd0
[   19.781799]  blk_trace_setup+0x4d/0x70
[   19.781808]  sg_ioctl+0xc71/0x2d90
[   19.781816]  ? lock_release+0xa40/0xa40
[   19.781822]  ? __handle_mm_fault+0x80e/0x3ce0
[   19.781831]  ? sg_new_write.isra.18+0x870/0x870
[   19.781838]  ? __pmd_alloc+0x4e0/0x4e0
[   19.781845]  ? is_bpf_text_address+0xa4/0x120
[   19.781856]  ? avc_has_extended_perms+0x7fa/0x12c0
[   19.781869]  ? avc_ss_reset+0x110/0x110
[   19.781883]  ? __do_page_fault+0x5f7/0xc90
[   19.781910]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   19.781915]  ? up_read+0x1a/0x40
[   19.781923]  ? rcu_note_context_switch+0x710/0x710
[   19.781935]  ? sg_new_write.isra.18+0x870/0x870
[   19.781940]  do_vfs_ioctl+0x1b1/0x1520
[   19.781946]  ? _cond_resched+0x14/0x30
[   19.781956]  ? ioctl_preallocate+0x2b0/0x2b0
[   19.781965]  ? selinux_capable+0x40/0x40
[   19.781973]  ? putname+0xf3/0x130
[   19.781982]  ? do_sys_open+0x320/0x6d0
[   19.781995]  ? security_file_ioctl+0x89/0xb0
[   19.782004]  SyS_ioctl+0x8f/0xc0
[   19.782014]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   19.782018] RIP: 0033:0x443de9
[   19.782021] RSP: 002b:00007ffddf284d28 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[   19.782027] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443de9
[   19.782031] RDX: 0000000020001f8a RSI: 00000000c0481273 RDI: 0000000000000003
[   19.782035] RBP: 00000000006ce018 R08: 0000000000000000 R09: 0000000000000000
[   19.782038] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000401ad0
[   19.782041] R13: 0000000000401b60 R14: 0000000000000000 R15: 0000000000000000
[   19.803950] Dumping ftrace buffer:
[   19.803953]    (ftrace buffer empty)
[   19.803956] Kernel Offset: disabled
[   20.583136] Rebooting in 86400 seconds..