[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   11.540532] audit: type=1400 audit(1514265621.554:6): avc:  denied  { map } for  pid=3125 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added 'ci-upstream-mmots-kasan-gce-2,10.128.0.48' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   17.702967] audit: type=1400 audit(1514265627.716:7): avc:  denied  { map } for  pid=3139 comm="syzkaller540016" path="/root/syzkaller540016991" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   17.707273] ==================================================================
[   17.707286] BUG: KASAN: use-after-free in __lock_acquire+0x3d4d/0x3e00
[   17.707292] Read of size 8 at addr ffff8801ce6da8f8 by task syzkaller540016/3139
[   17.707293] 
[   17.707300] CPU: 1 PID: 3139 Comm: syzkaller540016 Not tainted 4.15.0-rc4-mm1+ #49
[   17.707303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   17.707305] Call Trace:
[   17.707313]  dump_stack+0x194/0x257
[   17.707320]  ? arch_local_irq_restore+0x53/0x53
[   17.707328]  ? show_regs_print_info+0x18/0x18
[   17.707333]  ? print_irqtrace_events+0x270/0x270
[   17.707339]  ? __lock_acquire+0x664/0x3e00
[   17.707346]  ? __lock_acquire+0x3d4d/0x3e00
[   17.707355]  print_address_description+0x73/0x250
[   17.707361]  ? __lock_acquire+0x3d4d/0x3e00
[   17.707367]  kasan_report+0x23b/0x360
[   17.707375]  __asan_report_load8_noabort+0x14/0x20
[   17.707380]  __lock_acquire+0x3d4d/0x3e00
[   17.707391]  ? __lock_acquire+0x664/0x3e00
[   17.707397]  ? lock_downgrade+0x980/0x980
[   17.707402]  ? lock_downgrade+0x980/0x980
[   17.707411]  ? remove_wait_queue+0x81/0x350
[   17.707420]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   17.707426]  ? __lock_acquire+0x664/0x3e00
[   17.707432]  ? check_noncircular+0x20/0x20
[   17.707444]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   17.707451]  ? lock_acquire+0x1d5/0x580
[   17.707456]  ? lock_acquire+0x1d5/0x580
[   17.707463]  ? ep_free+0xf4/0x320
[   17.707471]  ? lock_release+0xa40/0xa40
[   17.707479]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   17.707485]  ? print_irqtrace_events+0x270/0x270
[   17.707493]  ? rcu_note_context_switch+0x710/0x710
[   17.707500]  ? __might_sleep+0x95/0x190
[   17.707506]  ? ep_free+0xf4/0x320
[   17.707512]  ? __mutex_lock+0x16f/0x1a80
[   17.707517]  ? ep_free+0xf4/0x320
[   17.707523]  ? print_irqtrace_events+0x270/0x270
[   17.707528]  ? ep_free+0xf4/0x320
[   17.707536]  lock_acquire+0x1d5/0x580
[   17.707542]  ? lock_acquire+0x1d5/0x580
[   17.707547]  ? remove_wait_queue+0x81/0x350
[   17.707553]  ? __lock_acquire+0x664/0x3e00
[   17.707560]  ? lock_release+0xa40/0xa40
[   17.707570]  ? lock_acquire+0x1d5/0x580
[   17.707575]  ? lock_acquire+0x1d5/0x580
[   17.707581]  ? ep_unregister_pollwait.isra.7+0x323/0x590
[   17.707588]  _raw_spin_lock_irqsave+0x96/0xc0
[   17.707594]  ? remove_wait_queue+0x81/0x350
[   17.707600]  remove_wait_queue+0x81/0x350
[   17.707608]  ? add_wait_queue+0x290/0x290
[   17.707614]  ? rcutorture_record_progress+0x10/0x10
[   17.707624]  ep_unregister_pollwait.isra.7+0x18c/0x590
[   17.707631]  ? __kernel_text_address+0xd/0x40
[   17.707639]  ? clear_tfile_check_list+0x370/0x370
[   17.707646]  ? check_noncircular+0x20/0x20
[   17.707655]  ? locks_remove_file+0x3fa/0x5a0
[   17.707664]  ep_free+0x13f/0x320
[   17.707670]  ? ep_remove+0x800/0x800
[   17.707675]  ? fsnotify_first_mark+0x2b0/0x2b0
[   17.707683]  ? ep_free+0x320/0x320
[   17.707689]  ep_eventpoll_release+0x44/0x60
[   17.707695]  __fput+0x327/0x7e0
[   17.707703]  ? fput+0x140/0x140
[   17.707710]  ? _raw_spin_unlock_irq+0x27/0x70
[   17.707718]  ____fput+0x15/0x20
[   17.707724]  task_work_run+0x199/0x270
[   17.707732]  ? task_work_cancel+0x210/0x210
[   17.707738]  ? _raw_spin_unlock+0x22/0x30
[   17.707744]  ? switch_task_namespaces+0x87/0xc0
[   17.707752]  do_exit+0x9bb/0x1ad0
[   17.707761]  ? binder_ioctl+0x551/0x1417
[   17.707767]  ? mm_update_next_owner+0x930/0x930
[   17.707774]  ? binder_ioctl_write_read.isra.38+0xcb0/0xcb0
[   17.707784]  ? avc_ss_reset+0x110/0x110
[   17.707790]  ? mutex_unlock+0xd/0x10
[   17.707796]  ? SyS_epoll_ctl+0x30a/0x1a80
[   17.707815]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   17.707820]  ? up_read+0x1a/0x40
[   17.707827]  ? rcu_note_context_switch+0x710/0x710
[   17.707832]  ? __fd_install+0x288/0x740
[   17.707841]  ? binder_ioctl_write_read.isra.38+0xcb0/0xcb0
[   17.707846]  ? do_vfs_ioctl+0x486/0x1520
[   17.707852]  ? _cond_resched+0x14/0x30
[   17.707859]  ? ioctl_preallocate+0x2b0/0x2b0
[   17.707866]  ? selinux_capable+0x40/0x40
[   17.707872]  ? __alloc_fd+0x750/0x750
[   17.707881]  do_group_exit+0x149/0x400
[   17.707887]  ? SyS_exit+0x30/0x30
[   17.707894]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   17.707901]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   17.707909]  SyS_exit_group+0x1d/0x20
[   17.707915]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   17.707919] RIP: 0033:0x4429f8
[   17.707923] RSP: 002b:00007ffcc236e4e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   17.707929] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 00000000004429f8
[   17.707933] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   17.707936] RBP: 00000000006ce018 R08: 00000000000000e7 R09: ffffffffffffffd0
[   17.707939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a40
[   17.707943] R13: 0000000000401ad0 R14: 0000000000000000 R15: 0000000000000000
[   17.707951] 
[   17.707953] Allocated by task 3139:
[   17.707959]  save_stack+0x43/0xd0
[   17.707964]  kasan_kmalloc+0xad/0xe0
[   17.707968]  kmem_cache_alloc_trace+0x136/0x750
[   17.707973]  binder_get_thread+0x1cf/0x870
[   17.707977]  binder_poll+0x8c/0x390
[   17.707982]  ep_item_poll.isra.10+0xf2/0x320
[   17.707986]  ep_insert+0x6a2/0x1ac0
[   17.707991]  SyS_epoll_ctl+0x12bf/0x1a80
[   17.707996]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   17.707998] 
[   17.708000] Freed by task 3139:
[   17.708007]  save_stack+0x43/0xd0
[   17.708012]  kasan_slab_free+0x71/0xc0
[   17.708016]  kfree+0xd6/0x260
[   17.708021]  binder_thread_dec_tmpref+0x27f/0x310
[   17.708025]  binder_thread_release+0x27d/0x540
[   17.708030]  binder_ioctl+0xc02/0x1417
[   17.708034]  do_vfs_ioctl+0x1b1/0x1520
[   17.708038]  SyS_ioctl+0x8f/0xc0
[   17.708043]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   17.708044] 
[   17.708048] The buggy address belongs to the object at ffff8801ce6da840
[   17.708048]  which belongs to the cache kmalloc-512 of size 512
[   17.708053] The buggy address is located 184 bytes inside of
[   17.708053]  512-byte region [ffff8801ce6da840, ffff8801ce6daa40)
[   17.708055] The buggy address belongs to the page:
[   17.708060] page:ffffea000739b680 count:1 mapcount:0 mapping:ffff8801ce6da0c0 index:0x0
[   17.708065] flags: 0x2fffc0000000100(slab)
[   17.708073] raw: 02fffc0000000100 ffff8801ce6da0c0 0000000000000000 0000000100000006
[   17.708080] raw: ffffea0007391ce0 ffffea00073980a0 ffff8801dac00940 0000000000000000
[   17.708082] page dumped because: kasan: bad access detected
[   17.708083] 
[   17.708085] Memory state around the buggy address:
[   17.708090]  ffff8801ce6da780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   17.708094]  ffff8801ce6da800: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   17.708099] >ffff8801ce6da880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.708101]                                                                 ^
[   17.708106]  ffff8801ce6da900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.708110]  ffff8801ce6da980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.708112] ==================================================================
[   17.708114] Disabling lock debugging due to kernel taint
[   17.708117] Kernel panic - not syncing: panic_on_warn set ...
[   17.708117] 
[   17.708122] CPU: 1 PID: 3139 Comm: syzkaller540016 Tainted: G    B            4.15.0-rc4-mm1+ #49
[   17.708125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   17.708127] Call Trace:
[   17.708132]  dump_stack+0x194/0x257
[   17.708139]  ? arch_local_irq_restore+0x53/0x53
[   17.708144]  ? kasan_end_report+0x32/0x50
[   17.708151]  ? lock_downgrade+0x980/0x980
[   17.708156]  ? vsnprintf+0x1ed/0x1900
[   17.708163]  ? __lock_acquire+0x3c90/0x3e00
[   17.708168]  panic+0x1e4/0x41c
[   17.708174]  ? refcount_error_report+0x214/0x214
[   17.708181]  ? add_taint+0x40/0x50
[   17.708186]  ? add_taint+0x1c/0x50
[   17.708193]  ? __lock_acquire+0x3d4d/0x3e00
[   17.708199]  kasan_end_report+0x50/0x50
[   17.708205]  kasan_report+0x148/0x360
[   17.708212]  __asan_report_load8_noabort+0x14/0x20
[   17.708218]  __lock_acquire+0x3d4d/0x3e00
[   17.708223]  ? __lock_acquire+0x664/0x3e00
[   17.708229]  ? lock_downgrade+0x980/0x980
[   17.708234]  ? lock_downgrade+0x980/0x980
[   17.708241]  ? remove_wait_queue+0x81/0x350
[   17.708250]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   17.708257]  ? __lock_acquire+0x664/0x3e00
[   17.708262]  ? check_noncircular+0x20/0x20
[   17.708274]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   17.708280]  ? lock_acquire+0x1d5/0x580
[   17.708286]  ? lock_acquire+0x1d5/0x580
[   17.708291]  ? ep_free+0xf4/0x320
[   17.708299]  ? lock_release+0xa40/0xa40
[   17.708305]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   17.708311]  ? print_irqtrace_events+0x270/0x270
[   17.708317]  ? rcu_note_context_switch+0x710/0x710
[   17.708325]  ? __might_sleep+0x95/0x190
[   17.708330]  ? ep_free+0xf4/0x320
[   17.708335]  ? __mutex_lock+0x16f/0x1a80
[   17.708340]  ? ep_free+0xf4/0x320
[   17.708347]  ? print_irqtrace_events+0x270/0x270
[   17.708352]  ? ep_free+0xf4/0x320
[   17.708360]  lock_acquire+0x1d5/0x580
[   17.708365]  ? lock_acquire+0x1d5/0x580
[   17.708371]  ? remove_wait_queue+0x81/0x350
[   17.708376]  ? __lock_acquire+0x664/0x3e00
[   17.708388]  ? lock_release+0xa40/0xa40
[   17.708397]  ? lock_acquire+0x1d5/0x580
[   17.708402]  ? lock_acquire+0x1d5/0x580
[   17.708408]  ? ep_unregister_pollwait.isra.7+0x323/0x590
[   17.708415]  _raw_spin_lock_irqsave+0x96/0xc0
[   17.708420]  ? remove_wait_queue+0x81/0x350
[   17.708426]  remove_wait_queue+0x81/0x350
[   17.708434]  ? add_wait_queue+0x290/0x290
[   17.708440]  ? rcutorture_record_progress+0x10/0x10
[   17.708449]  ep_unregister_pollwait.isra.7+0x18c/0x590
[   17.708456]  ? __kernel_text_address+0xd/0x40
[   17.708463]  ? clear_tfile_check_list+0x370/0x370
[   17.708471]  ? check_noncircular+0x20/0x20
[   17.708478]  ? locks_remove_file+0x3fa/0x5a0
[   17.708487]  ep_free+0x13f/0x320
[   17.708493]  ? ep_remove+0x800/0x800
[   17.708498]  ? fsnotify_first_mark+0x2b0/0x2b0
[   17.708506]  ? ep_free+0x320/0x320
[   17.708512]  ep_eventpoll_release+0x44/0x60
[   17.708518]  __fput+0x327/0x7e0
[   17.708526]  ? fput+0x140/0x140
[   17.708532]  ? _raw_spin_unlock_irq+0x27/0x70
[   17.708540]  ____fput+0x15/0x20
[   17.708546]  task_work_run+0x199/0x270
[   17.708553]  ? task_work_cancel+0x210/0x210
[   17.708559]  ? _raw_spin_unlock+0x22/0x30
[   17.708565]  ? switch_task_namespaces+0x87/0xc0
[   17.708572]  do_exit+0x9bb/0x1ad0
[   17.708579]  ? binder_ioctl+0x551/0x1417
[   17.708585]  ? mm_update_next_owner+0x930/0x930
[   17.708593]  ? binder_ioctl_write_read.isra.38+0xcb0/0xcb0
[   17.708601]  ? avc_ss_reset+0x110/0x110
[   17.708607]  ? mutex_unlock+0xd/0x10
[   17.708612]  ? SyS_epoll_ctl+0x30a/0x1a80
[   17.708630]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   17.708635]  ? up_read+0x1a/0x40
[   17.708641]  ? rcu_note_context_switch+0x710/0x710
[   17.708646]  ? __fd_install+0x288/0x740
[   17.708654]  ? binder_ioctl_write_read.isra.38+0xcb0/0xcb0
[   17.708659]  ? do_vfs_ioctl+0x486/0x1520
[   17.708665]  ? _cond_resched+0x14/0x30
[   17.708672]  ? ioctl_preallocate+0x2b0/0x2b0
[   17.708679]  ? selinux_capable+0x40/0x40
[   17.708685]  ? __alloc_fd+0x750/0x750
[   17.708693]  do_group_exit+0x149/0x400
[   17.708699]  ? SyS_exit+0x30/0x30
[   17.708706]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   17.708712]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   17.708719]  SyS_exit_group+0x1d/0x20
[   17.708725]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   17.708728] RIP: 0033:0x4429f8
[   17.708731] RSP: 002b:00007ffcc236e4e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   17.708737] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 00000000004429f8
[   17.708740] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   17.708744] RBP: 00000000006ce018 R08: 00000000000000e7 R09: ffffffffffffffd0
[   17.708747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a40
[   17.708750] R13: 0000000000401ad0 R14: 0000000000000000 R15: 0000000000000000
[   17.729223] Dumping ftrace buffer:
[   17.729226]    (ftrace buffer empty)
[   17.729228] Kernel Offset: disabled
[   18.854100] Rebooting in 86400 seconds..