[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   18.919451] audit: type=1400 audit(1520909072.508:6): avc:  denied  { map } for  pid=4186 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.8' (ECDSA) to the list of known hosts.
syzkaller login: [   25.246484] audit: type=1400 audit(1520909078.835:7): avc:  denied  { map } for  pid=4200 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/03/13 02:44:39 parsed 1 programs
2018/03/13 02:44:39 executed programs: 0
[   25.502684] audit: type=1400 audit(1520909079.091:8): avc:  denied  { map } for  pid=4200 comm="syz-execprog" path="/root/syzkaller-shm355514454" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   25.540893] IPVS: ftp: loaded support on port[0] = 21
[   25.572538] ==================================================================
[   25.579961] BUG: KASAN: use-after-free in ucma_close+0x2d7/0x2f0
[   25.586092] Read of size 8 at addr ffff8801b361a280 by task syz-executor0/4210
[   25.593432] 
[   25.595044] CPU: 1 PID: 4210 Comm: syz-executor0 Not tainted 4.16.0-rc5+ #262
[   25.602297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.611632] Call Trace:
[   25.614227]  dump_stack+0x194/0x24d
[   25.617836]  ? arch_local_irq_restore+0x53/0x53
[   25.622483]  ? show_regs_print_info+0x18/0x18
[   25.626969]  ? save_stack+0xa3/0xd0
[   25.630590]  ? ucma_close+0x2d7/0x2f0
[   25.634369]  print_address_description+0x73/0x250
[   25.639187]  ? ucma_close+0x2d7/0x2f0
[   25.642961]  kasan_report+0x23c/0x360
[   25.646754]  __asan_report_load8_noabort+0x14/0x20
[   25.651659]  ucma_close+0x2d7/0x2f0
[   25.655265]  ? __might_sleep+0x95/0x190
[   25.659215]  ? ucma_free_ctx+0xd90/0xd90
[   25.663256]  __fput+0x327/0x7e0
[   25.666519]  ? fput+0x140/0x140
[   25.669778]  ? _raw_spin_unlock_irq+0x27/0x70
[   25.674257]  ____fput+0x15/0x20
[   25.677521]  task_work_run+0x199/0x270
[   25.681388]  ? task_work_cancel+0x210/0x210
[   25.685700]  ? _raw_spin_unlock+0x22/0x30
[   25.689826]  ? switch_task_namespaces+0x87/0xc0
[   25.694489]  do_exit+0x9bb/0x1ad0
[   25.697927]  ? ucma_create_id+0x45b/0x620
[   25.702055]  ? mm_update_next_owner+0x930/0x930
[   25.706702]  ? ucma_create_id+0x17b/0x620
[   25.710836]  ? ucma_get_event+0xa90/0xa90
[   25.714967]  ? __might_sleep+0x95/0x190
[   25.718924]  ? kasan_check_write+0x14/0x20
[   25.723136]  ? _copy_from_user+0x99/0x110
[   25.727269]  ? ucma_write+0x11f/0x3d0
[   25.731050]  ? ucma_get_event+0xa90/0xa90
[   25.735180]  ? ucma_resolve_route+0x1a0/0x1a0
[   25.739660]  ? ucma_resolve_route+0x1a0/0x1a0
[   25.744131]  ? __vfs_write+0xf7/0x970
[   25.747909]  ? rcu_note_context_switch+0x710/0x710
[   25.752816]  ? kernel_read+0x120/0x120
[   25.756685]  ? __might_sleep+0x95/0x190
[   25.760653]  ? _cond_resched+0x14/0x30
[   25.764516]  ? __inode_security_revalidate+0xd9/0x130
[   25.769690]  ? avc_policy_seqno+0x9/0x20
[   25.773740]  ? security_file_permission+0x89/0x1e0
[   25.778653]  ? compat_SyS_futex+0x288/0x380
[   25.782949]  ? vfs_write+0x224/0x510
[   25.786642]  do_group_exit+0x149/0x400
[   25.790512]  ? compat_SyS_get_robust_list+0x300/0x300
[   25.795682]  ? SyS_write+0x184/0x220
[   25.799369]  ? __do_page_fault+0x3d6/0xc90
[   25.803587]  ? SyS_exit+0x30/0x30
[   25.807032]  ? SyS_read+0x220/0x220
[   25.810645]  ? do_fast_syscall_32+0x156/0xf9f
[   25.815116]  ? do_group_exit+0x400/0x400
[   25.819162]  SyS_exit_group+0x1d/0x20
[   25.822937]  do_fast_syscall_32+0x3ec/0xf9f
[   25.827250]  ? do_int80_syscall_32+0x9c0/0x9c0
[   25.831815]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.836551]  ? syscall_return_slowpath+0x2ac/0x550
[   25.841468]  ? prepare_exit_to_usermode+0x350/0x350
[   25.846478]  ? sysret32_from_system_call+0x5/0x3c
[   25.851316]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   25.856142]  entry_SYSENTER_compat+0x70/0x7f
[   25.860522] RIP: 0023:0xf7fe7c99
[   25.863856] RSP: 002b:00000000fff3944c EFLAGS: 00000286 ORIG_RAX: 00000000000000fc
[   25.871537] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[   25.878792] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   25.886058] RBP: 00000000080a2c25 R08: 0000000000000000 R09: 0000000000000000
[   25.893307] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   25.900552] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   25.907811] 
[   25.909411] Allocated by task 4210:
[   25.913011]  save_stack+0x43/0xd0
[   25.916447]  kasan_kmalloc+0xad/0xe0
[   25.920143]  kmem_cache_alloc_trace+0x136/0x740
[   25.924783]  ucma_alloc_ctx+0xce/0x610
[   25.928642]  ucma_create_id+0x205/0x620
[   25.932595]  ucma_write+0x2d6/0x3d0
[   25.936192]  __vfs_write+0xef/0x970
[   25.939790]  vfs_write+0x189/0x510
[   25.943303]  SyS_write+0xef/0x220
[   25.946728]  do_fast_syscall_32+0x3ec/0xf9f
[   25.951028]  entry_SYSENTER_compat+0x70/0x7f
[   25.955414] 
[   25.957018] Freed by task 4210:
[   25.960290]  save_stack+0x43/0xd0
[   25.963728]  __kasan_slab_free+0x11a/0x170
[   25.968638]  kasan_slab_free+0xe/0x10
[   25.972410]  kfree+0xd9/0x260
[   25.975489]  ucma_create_id+0x45b/0x620
[   25.979434]  ucma_write+0x2d6/0x3d0
[   25.983031]  __vfs_write+0xef/0x970
[   25.986638]  vfs_write+0x189/0x510
[   25.990150]  SyS_write+0xef/0x220
[   25.993584]  do_fast_syscall_32+0x3ec/0xf9f
[   25.997880]  entry_SYSENTER_compat+0x70/0x7f
[   26.002258] 
[   26.003862] The buggy address belongs to the object at ffff8801b361a200
[   26.003862]  which belongs to the cache kmalloc-256 of size 256
[   26.016500] The buggy address is located 128 bytes inside of
[   26.016500]  256-byte region [ffff8801b361a200, ffff8801b361a300)
[   26.028344] The buggy address belongs to the page:
[   26.033247] page:ffffea0006cd8680 count:1 mapcount:0 mapping:ffff8801b361a0c0 index:0x0
[   26.041363] flags: 0x2fffc0000000100(slab)
[   26.045573] raw: 02fffc0000000100 ffff8801b361a0c0 0000000000000000 000000010000000c
[   26.053429] raw: ffffea0006cc1aa0 ffffea0006cd2d20 ffff8801dac007c0 0000000000000000
[   26.061276] page dumped because: kasan: bad access detected
[   26.066970] 
[   26.068577] Memory state around the buggy address:
[   26.073480]  ffff8801b361a180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   26.080812]  ffff8801b361a200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.088140] >ffff8801b361a280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.095466]                    ^
[   26.098802]  ffff8801b361a300: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   26.106131]  ffff8801b361a380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.113461] ==================================================================
[   26.120787] Disabling lock debugging due to kernel taint
[   26.126262] Kernel panic - not syncing: panic_on_warn set ...
[   26.126262] 
[   26.133796] CPU: 1 PID: 4210 Comm: syz-executor0 Tainted: G    B            4.16.0-rc5+ #262
[   26.142353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   26.151686] Call Trace:
[   26.154246]  dump_stack+0x194/0x24d
[   26.157854]  ? arch_local_irq_restore+0x53/0x53
[   26.162496]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.167237]  ? vsnprintf+0x1ed/0x1900
[   26.171011]  ? ucma_close+0x1f0/0x2f0
[   26.174786]  panic+0x1e4/0x41c
[   26.177950]  ? refcount_error_report+0x214/0x214
[   26.182680]  ? add_taint+0x1c/0x50
[   26.186198]  ? add_taint+0x1c/0x50
[   26.189718]  ? ucma_close+0x2d7/0x2f0
[   26.193491]  kasan_end_report+0x50/0x50
[   26.197437]  kasan_report+0x149/0x360
[   26.201208]  __asan_report_load8_noabort+0x14/0x20
[   26.206107]  ucma_close+0x2d7/0x2f0
[   26.209704]  ? __might_sleep+0x95/0x190
[   26.213646]  ? ucma_free_ctx+0xd90/0xd90
[   26.217678]  __fput+0x327/0x7e0
[   26.220940]  ? fput+0x140/0x140
[   26.224194]  ? _raw_spin_unlock_irq+0x27/0x70
[   26.228673]  ____fput+0x15/0x20
[   26.231941]  task_work_run+0x199/0x270
[   26.235806]  ? task_work_cancel+0x210/0x210
[   26.240106]  ? _raw_spin_unlock+0x22/0x30
[   26.244232]  ? switch_task_namespaces+0x87/0xc0
[   26.248876]  do_exit+0x9bb/0x1ad0
[   26.252300]  ? ucma_create_id+0x45b/0x620
[   26.256422]  ? mm_update_next_owner+0x930/0x930
[   26.261061]  ? ucma_create_id+0x17b/0x620
[   26.265179]  ? ucma_get_event+0xa90/0xa90
[   26.269299]  ? __might_sleep+0x95/0x190
[   26.273245]  ? kasan_check_write+0x14/0x20
[   26.277451]  ? _copy_from_user+0x99/0x110
[   26.281578]  ? ucma_write+0x11f/0x3d0
[   26.285347]  ? ucma_get_event+0xa90/0xa90
[   26.289464]  ? ucma_resolve_route+0x1a0/0x1a0
[   26.293934]  ? ucma_resolve_route+0x1a0/0x1a0
[   26.298399]  ? __vfs_write+0xf7/0x970
[   26.302170]  ? rcu_note_context_switch+0x710/0x710
[   26.307070]  ? kernel_read+0x120/0x120
[   26.310935]  ? __might_sleep+0x95/0x190
[   26.314884]  ? _cond_resched+0x14/0x30
[   26.318744]  ? __inode_security_revalidate+0xd9/0x130
[   26.323906]  ? avc_policy_seqno+0x9/0x20
[   26.327943]  ? security_file_permission+0x89/0x1e0
[   26.332853]  ? compat_SyS_futex+0x288/0x380
[   26.337168]  ? vfs_write+0x224/0x510
[   26.340856]  do_group_exit+0x149/0x400
[   26.344724]  ? compat_SyS_get_robust_list+0x300/0x300
[   26.349890]  ? SyS_write+0x184/0x220
[   26.353573]  ? __do_page_fault+0x3d6/0xc90
[   26.357779]  ? SyS_exit+0x30/0x30
[   26.361213]  ? SyS_read+0x220/0x220
[   26.364813]  ? do_fast_syscall_32+0x156/0xf9f
[   26.369277]  ? do_group_exit+0x400/0x400
[   26.373310]  SyS_exit_group+0x1d/0x20
[   26.377081]  do_fast_syscall_32+0x3ec/0xf9f
[   26.381375]  ? do_int80_syscall_32+0x9c0/0x9c0
[   26.385928]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.390658]  ? syscall_return_slowpath+0x2ac/0x550
[   26.395558]  ? prepare_exit_to_usermode+0x350/0x350
[   26.400546]  ? sysret32_from_system_call+0x5/0x3c
[   26.405360]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.410183]  entry_SYSENTER_compat+0x70/0x7f
[   26.414563] RIP: 0023:0xf7fe7c99
[   26.417898] RSP: 002b:00000000fff3944c EFLAGS: 00000286 ORIG_RAX: 00000000000000fc
[   26.425581] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[   26.432823] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   26.440064] RBP: 00000000080a2c25 R08: 0000000000000000 R09: 0000000000000000
[   26.447303] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   26.454550] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   26.462262] Dumping ftrace buffer:
[   26.465774]    (ftrace buffer empty)
[   26.469455] Kernel Offset: disabled
[   26.473051] Rebooting in 86400 seconds..