[....] Starting enhanced syslogd: rsyslogd[   16.922389] audit: type=1400 audit(1520529323.095:5): avc:  denied  { syslog } for  pid=4083 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   22.537339] audit: type=1400 audit(1520529328.710:6): avc:  denied  { map } for  pid=4225 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts.
[   28.822059] audit: type=1400 audit(1520529334.994:7): avc:  denied  { map } for  pid=4239 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/03/08 17:15:35 parsed 1 programs
2018/03/08 17:15:35 executed programs: 0
[   29.073345] audit: type=1400 audit(1520529335.246:8): avc:  denied  { map } for  pid=4239 comm="syz-execprog" path="/root/syzkaller-shm049926365" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   29.087459] IPVS: ftp: loaded support on port[0] = 21
[   29.130537] ==================================================================
[   29.137948] BUG: KASAN: use-after-free in ucma_close+0x2d7/0x2f0
[   29.144070] Read of size 8 at addr ffff8801ae07cac0 by task syz-executor0/4247
[   29.151396] 
[   29.152997] CPU: 0 PID: 4247 Comm: syz-executor0 Not tainted 4.16.0-rc4+ #256
[   29.160240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.169563] Call Trace:
[   29.172127]  dump_stack+0x194/0x24d
[   29.175729]  ? arch_local_irq_restore+0x53/0x53
[   29.180370]  ? show_regs_print_info+0x18/0x18
[   29.184835]  ? save_stack+0xa3/0xd0
[   29.188439]  ? ucma_close+0x2d7/0x2f0
[   29.192212]  print_address_description+0x73/0x250
[   29.197035]  ? ucma_close+0x2d7/0x2f0
[   29.200819]  kasan_report+0x23c/0x360
[   29.204596]  __asan_report_load8_noabort+0x14/0x20
[   29.209496]  ucma_close+0x2d7/0x2f0
[   29.213100]  ? __might_sleep+0x95/0x190
[   29.217057]  ? ucma_free_ctx+0xd90/0xd90
[   29.221099]  __fput+0x327/0x7e0
[   29.224365]  ? fput+0x140/0x140
[   29.227619]  ? _raw_spin_unlock_irq+0x27/0x70
[   29.232093]  ____fput+0x15/0x20
[   29.235347]  task_work_run+0x199/0x270
[   29.239207]  ? task_work_cancel+0x210/0x210
[   29.243501]  ? _raw_spin_unlock+0x22/0x30
[   29.247624]  ? switch_task_namespaces+0x87/0xc0
[   29.252269]  do_exit+0x9bb/0x1ad0
[   29.255703]  ? ucma_create_id+0x45b/0x620
[   29.259844]  ? mm_update_next_owner+0x930/0x930
[   29.264485]  ? ucma_create_id+0x17b/0x620
[   29.268608]  ? ucma_get_event+0xa90/0xa90
[   29.272734]  ? __might_sleep+0x95/0x190
[   29.276689]  ? kasan_check_write+0x14/0x20
[   29.280897]  ? _copy_from_user+0x99/0x110
[   29.285027]  ? ucma_write+0x11f/0x3d0
[   29.288813]  ? ucma_get_event+0xa90/0xa90
[   29.292932]  ? ucma_resolve_route+0x1a0/0x1a0
[   29.297408]  ? ucma_resolve_route+0x1a0/0x1a0
[   29.301873]  ? __vfs_write+0xf7/0x970
[   29.305647]  ? rcu_note_context_switch+0x710/0x710
[   29.310551]  ? kernel_read+0x120/0x120
[   29.314408]  ? __might_sleep+0x95/0x190
[   29.318356]  ? _cond_resched+0x14/0x30
[   29.322217]  ? __inode_security_revalidate+0xd9/0x130
[   29.327377]  ? avc_policy_seqno+0x9/0x20
[   29.331414]  ? security_file_permission+0x89/0x1e0
[   29.336324]  ? compat_SyS_futex+0x288/0x380
[   29.340617]  ? vfs_write+0x224/0x510
[   29.344306]  do_group_exit+0x149/0x400
[   29.348165]  ? compat_SyS_get_robust_list+0x300/0x300
[   29.353323]  ? SyS_write+0x184/0x220
[   29.357021]  ? __do_page_fault+0x3d6/0xc90
[   29.361631]  ? SyS_exit+0x30/0x30
[   29.365077]  ? SyS_read+0x220/0x220
[   29.368678]  ? do_fast_syscall_32+0x156/0xf9f
[   29.373149]  ? do_group_exit+0x400/0x400
[   29.377181]  SyS_exit_group+0x1d/0x20
[   29.380953]  do_fast_syscall_32+0x3ec/0xf9f
[   29.385261]  ? do_int80_syscall_32+0x9c0/0x9c0
[   29.389818]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   29.394551]  ? syscall_return_slowpath+0x2ac/0x550
[   29.399454]  ? prepare_exit_to_usermode+0x350/0x350
[   29.404472]  ? sysret32_from_system_call+0x5/0x3c
[   29.409305]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.414129]  entry_SYSENTER_compat+0x70/0x7f
[   29.418518] RIP: 0023:0xf7f5fc99
[   29.421861] RSP: 002b:00000000ffff127c EFLAGS: 00000282 ORIG_RAX: 00000000000000fc
[   29.429543] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[   29.436785] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   29.444029] RBP: 00000000080a2c25 R08: 0000000000000000 R09: 0000000000000000
[   29.451274] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   29.458515] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   29.465771] 
[   29.467372] Allocated by task 4247:
[   29.470973]  save_stack+0x43/0xd0
[   29.474397]  kasan_kmalloc+0xad/0xe0
[   29.478083]  kmem_cache_alloc_trace+0x136/0x740
[   29.482727]  ucma_alloc_ctx+0xce/0x610
[   29.486586]  ucma_create_id+0x205/0x620
[   29.490536]  ucma_write+0x2d6/0x3d0
[   29.494135]  __vfs_write+0xef/0x970
[   29.497731]  vfs_write+0x189/0x510
[   29.501240]  SyS_write+0xef/0x220
[   29.504663]  do_fast_syscall_32+0x3ec/0xf9f
[   29.508954]  entry_SYSENTER_compat+0x70/0x7f
[   29.513327] 
[   29.514929] Freed by task 4247:
[   29.518188]  save_stack+0x43/0xd0
[   29.521617]  __kasan_slab_free+0x11a/0x170
[   29.525820]  kasan_slab_free+0xe/0x10
[   29.529591]  kfree+0xd9/0x260
[   29.532665]  ucma_create_id+0x45b/0x620
[   29.536610]  ucma_write+0x2d6/0x3d0
[   29.540211]  __vfs_write+0xef/0x970
[   29.543805]  vfs_write+0x189/0x510
[   29.547313]  SyS_write+0xef/0x220
[   29.550738]  do_fast_syscall_32+0x3ec/0xf9f
[   29.555040]  entry_SYSENTER_compat+0x70/0x7f
[   29.559420] 
[   29.561025] The buggy address belongs to the object at ffff8801ae07ca40
[   29.561025]  which belongs to the cache kmalloc-256 of size 256
[   29.573660] The buggy address is located 128 bytes inside of
[   29.573660]  256-byte region [ffff8801ae07ca40, ffff8801ae07cb40)
[   29.585501] The buggy address belongs to the page:
[   29.590400] page:ffffea0006b81f00 count:1 mapcount:0 mapping:ffff8801ae07c040 index:0x0
[   29.598513] flags: 0x2fffc0000000100(slab)
[   29.602725] raw: 02fffc0000000100 ffff8801ae07c040 0000000000000000 000000010000000c
[   29.610575] raw: ffffea0006c817a0 ffffea0006bcb7e0 ffff8801dac007c0 0000000000000000
[   29.618420] page dumped because: kasan: bad access detected
[   29.624098] 
[   29.625695] Memory state around the buggy address:
[   29.630595]  ffff8801ae07c980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   29.637926]  ffff8801ae07ca00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   29.645252] >ffff8801ae07ca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.652578]                                            ^
[   29.658004]  ffff8801ae07cb00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   29.665350]  ffff8801ae07cb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.672675] ==================================================================
[   29.680000] Disabling lock debugging due to kernel taint
[   29.685670] Kernel panic - not syncing: panic_on_warn set ...
[   29.685670] 
[   29.693019] CPU: 0 PID: 4247 Comm: syz-executor0 Tainted: G    B            4.16.0-rc4+ #256
[   29.701576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   29.710898] Call Trace:
[   29.713456]  dump_stack+0x194/0x24d
[   29.717060]  ? arch_local_irq_restore+0x53/0x53
[   29.721698]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   29.726425]  ? vsnprintf+0x1ed/0x1900
[   29.730195]  ? ucma_close+0x240/0x2f0
[   29.733968]  panic+0x1e4/0x41c
[   29.737134]  ? refcount_error_report+0x214/0x214
[   29.741862]  ? add_taint+0x1c/0x50
[   29.745372]  ? add_taint+0x1c/0x50
[   29.748882]  ? ucma_close+0x2d7/0x2f0
[   29.752653]  kasan_end_report+0x50/0x50
[   29.756598]  kasan_report+0x149/0x360
[   29.760369]  __asan_report_load8_noabort+0x14/0x20
[   29.765271]  ucma_close+0x2d7/0x2f0
[   29.768870]  ? __might_sleep+0x95/0x190
[   29.772816]  ? ucma_free_ctx+0xd90/0xd90
[   29.776846]  __fput+0x327/0x7e0
[   29.780096]  ? fput+0x140/0x140
[   29.783345]  ? _raw_spin_unlock_irq+0x27/0x70
[   29.787810]  ____fput+0x15/0x20
[   29.791057]  task_work_run+0x199/0x270
[   29.794914]  ? task_work_cancel+0x210/0x210
[   29.799204]  ? _raw_spin_unlock+0x22/0x30
[   29.803320]  ? switch_task_namespaces+0x87/0xc0
[   29.807973]  do_exit+0x9bb/0x1ad0
[   29.811394]  ? ucma_create_id+0x45b/0x620
[   29.815513]  ? mm_update_next_owner+0x930/0x930
[   29.820151]  ? ucma_create_id+0x17b/0x620
[   29.824268]  ? ucma_get_event+0xa90/0xa90
[   29.828388]  ? __might_sleep+0x95/0x190
[   29.832332]  ? kasan_check_write+0x14/0x20
[   29.836536]  ? _copy_from_user+0x99/0x110
[   29.840653]  ? ucma_write+0x11f/0x3d0
[   29.844420]  ? ucma_get_event+0xa90/0xa90
[   29.848536]  ? ucma_resolve_route+0x1a0/0x1a0
[   29.853006]  ? ucma_resolve_route+0x1a0/0x1a0
[   29.857482]  ? __vfs_write+0xf7/0x970
[   29.861251]  ? rcu_note_context_switch+0x710/0x710
[   29.866147]  ? kernel_read+0x120/0x120
[   29.870001]  ? __might_sleep+0x95/0x190
[   29.873953]  ? _cond_resched+0x14/0x30
[   29.877808]  ? __inode_security_revalidate+0xd9/0x130
[   29.882967]  ? avc_policy_seqno+0x9/0x20
[   29.886998]  ? security_file_permission+0x89/0x1e0
[   29.891909]  ? compat_SyS_futex+0x288/0x380
[   29.896200]  ? vfs_write+0x224/0x510
[   29.899884]  do_group_exit+0x149/0x400
[   29.903741]  ? compat_SyS_get_robust_list+0x300/0x300
[   29.908895]  ? SyS_write+0x184/0x220
[   29.912577]  ? __do_page_fault+0x3d6/0xc90
[   29.916780]  ? SyS_exit+0x30/0x30
[   29.920202]  ? SyS_read+0x220/0x220
[   29.923799]  ? do_fast_syscall_32+0x156/0xf9f
[   29.928265]  ? do_group_exit+0x400/0x400
[   29.932297]  SyS_exit_group+0x1d/0x20
[   29.936067]  do_fast_syscall_32+0x3ec/0xf9f
[   29.940362]  ? do_int80_syscall_32+0x9c0/0x9c0
[   29.944915]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   29.949642]  ? syscall_return_slowpath+0x2ac/0x550
[   29.954542]  ? prepare_exit_to_usermode+0x350/0x350
[   29.959531]  ? sysret32_from_system_call+0x5/0x3c
[   29.964344]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   29.969158]  entry_SYSENTER_compat+0x70/0x7f
[   29.973542] RIP: 0023:0xf7f5fc99
[   29.976876] RSP: 002b:00000000ffff127c EFLAGS: 00000282 ORIG_RAX: 00000000000000fc
[   29.984551] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[   29.991790] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   29.999032] RBP: 00000000080a2c25 R08: 0000000000000000 R09: 0000000000000000
[   30.006272] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   30.013511] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   30.021163] Dumping ftrace buffer:
[   30.024672]    (ftrace buffer empty)
[   30.028351] Kernel Offset: disabled
[   30.031951] Rebooting in 86400 seconds..