[....] Starting enhanced syslogd: rsyslogd[   18.225069] audit: type=1400 audit(1521068953.571:5): avc:  denied  { syslog } for  pid=4136 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   23.443245] audit: type=1400 audit(1521068958.790:6): avc:  denied  { map } for  pid=4275 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts.
[   29.757447] audit: type=1400 audit(1521068965.104:7): avc:  denied  { map } for  pid=4289 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/03/14 23:09:25 parsed 1 programs
2018/03/14 23:09:25 executed programs: 0
[   29.992059] audit: type=1400 audit(1521068965.338:8): avc:  denied  { map } for  pid=4289 comm="syz-execprog" path="/root/syzkaller-shm571371270" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   30.002333] IPVS: ftp: loaded support on port[0] = 21
[   30.049657] ==================================================================
[   30.057103] BUG: KASAN: use-after-free in ucma_close+0x2d7/0x2f0
[   30.063225] Read of size 8 at addr ffff8801af2dc1c0 by task syz-executor0/4298
[   30.070562] 
[   30.072163] CPU: 1 PID: 4298 Comm: syz-executor0 Not tainted 4.16.0-rc5+ #263
[   30.079406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.088736] Call Trace:
[   30.091300]  dump_stack+0x194/0x24d
[   30.094911]  ? arch_local_irq_restore+0x53/0x53
[   30.099553]  ? show_regs_print_info+0x18/0x18
[   30.104016]  ? save_stack+0xa3/0xd0
[   30.107621]  ? ucma_close+0x2d7/0x2f0
[   30.111393]  print_address_description+0x73/0x250
[   30.116212]  ? ucma_close+0x2d7/0x2f0
[   30.119982]  kasan_report+0x23c/0x360
[   30.123765]  __asan_report_load8_noabort+0x14/0x20
[   30.128675]  ucma_close+0x2d7/0x2f0
[   30.132274]  ? __might_sleep+0x95/0x190
[   30.136219]  ? ucma_free_ctx+0xd90/0xd90
[   30.140254]  __fput+0x327/0x7e0
[   30.143510]  ? fput+0x140/0x140
[   30.146764]  ? _raw_spin_unlock_irq+0x27/0x70
[   30.151236]  ____fput+0x15/0x20
[   30.154490]  task_work_run+0x199/0x270
[   30.158350]  ? task_work_cancel+0x210/0x210
[   30.162647]  ? _raw_spin_unlock+0x22/0x30
[   30.166765]  ? switch_task_namespaces+0x87/0xc0
[   30.171413]  do_exit+0x9bb/0x1ad0
[   30.174838]  ? ucma_create_id+0x45b/0x620
[   30.178978]  ? mm_update_next_owner+0x930/0x930
[   30.183620]  ? ucma_create_id+0x17b/0x620
[   30.187738]  ? ucma_get_event+0xa90/0xa90
[   30.191868]  ? __might_sleep+0x95/0x190
[   30.195819]  ? kasan_check_write+0x14/0x20
[   30.200028]  ? _copy_from_user+0x99/0x110
[   30.204172]  ? ucma_write+0x11f/0x3d0
[   30.207944]  ? ucma_get_event+0xa90/0xa90
[   30.212067]  ? ucma_resolve_route+0x1a0/0x1a0
[   30.216551]  ? ucma_resolve_route+0x1a0/0x1a0
[   30.221018]  ? __vfs_write+0xf7/0x970
[   30.224792]  ? rcu_note_context_switch+0x710/0x710
[   30.229693]  ? kernel_read+0x120/0x120
[   30.233563]  ? __might_sleep+0x95/0x190
[   30.237516]  ? _cond_resched+0x14/0x30
[   30.241377]  ? __inode_security_revalidate+0xd9/0x130
[   30.246540]  ? avc_policy_seqno+0x9/0x20
[   30.250579]  ? security_file_permission+0x89/0x1e0
[   30.255501]  ? compat_SyS_futex+0x288/0x380
[   30.259791]  ? vfs_write+0x224/0x510
[   30.263497]  do_group_exit+0x149/0x400
[   30.267355]  ? compat_SyS_get_robust_list+0x300/0x300
[   30.272512]  ? SyS_write+0x184/0x220
[   30.276195]  ? __do_page_fault+0x3d6/0xc90
[   30.280405]  ? SyS_exit+0x30/0x30
[   30.283830]  ? SyS_read+0x220/0x220
[   30.287433]  ? do_fast_syscall_32+0x156/0xf9f
[   30.291905]  ? do_group_exit+0x400/0x400
[   30.295943]  SyS_exit_group+0x1d/0x20
[   30.299719]  do_fast_syscall_32+0x3ec/0xf9f
[   30.304018]  ? do_int80_syscall_32+0x9c0/0x9c0
[   30.308574]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.313303]  ? syscall_return_slowpath+0x2ac/0x550
[   30.318204]  ? prepare_exit_to_usermode+0x350/0x350
[   30.323201]  ? sysret32_from_system_call+0x5/0x3c
[   30.328033]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.332856]  entry_SYSENTER_compat+0x70/0x7f
[   30.337238] RIP: 0023:0xf7f2cc99
[   30.340574] RSP: 002b:00000000ff9d630c EFLAGS: 00000282 ORIG_RAX: 00000000000000fc
[   30.348267] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[   30.355509] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   30.362751] RBP: 00000000080a2c25 R08: 0000000000000000 R09: 0000000000000000
[   30.370005] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   30.377249] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   30.384515] 
[   30.386123] Allocated by task 4298:
[   30.389729]  save_stack+0x43/0xd0
[   30.393154]  kasan_kmalloc+0xad/0xe0
[   30.396839]  kmem_cache_alloc_trace+0x136/0x740
[   30.401480]  ucma_alloc_ctx+0xce/0x610
[   30.405339]  ucma_create_id+0x205/0x620
[   30.409290]  ucma_write+0x2d6/0x3d0
[   30.412893]  __vfs_write+0xef/0x970
[   30.416489]  vfs_write+0x189/0x510
[   30.420001]  SyS_write+0xef/0x220
[   30.423430]  do_fast_syscall_32+0x3ec/0xf9f
[   30.427725]  entry_SYSENTER_compat+0x70/0x7f
[   30.432103] 
[   30.433702] Freed by task 4298:
[   30.436955]  save_stack+0x43/0xd0
[   30.440381]  __kasan_slab_free+0x11a/0x170
[   30.444600]  kasan_slab_free+0xe/0x10
[   30.448374]  kfree+0xd9/0x260
[   30.451453]  ucma_create_id+0x45b/0x620
[   30.455416]  ucma_write+0x2d6/0x3d0
[   30.459015]  __vfs_write+0xef/0x970
[   30.462621]  vfs_write+0x189/0x510
[   30.466144]  SyS_write+0xef/0x220
[   30.469570]  do_fast_syscall_32+0x3ec/0xf9f
[   30.473865]  entry_SYSENTER_compat+0x70/0x7f
[   30.478242] 
[   30.479846] The buggy address belongs to the object at ffff8801af2dc140
[   30.479846]  which belongs to the cache kmalloc-256 of size 256
[   30.492484] The buggy address is located 128 bytes inside of
[   30.492484]  256-byte region [ffff8801af2dc140, ffff8801af2dc240)
[   30.504330] The buggy address belongs to the page:
[   30.509231] page:ffffea0006bcb700 count:1 mapcount:0 mapping:ffff8801af2dc000 index:0x0
[   30.517356] flags: 0x2fffc0000000100(slab)
[   30.521566] raw: 02fffc0000000100 ffff8801af2dc000 0000000000000000 000000010000000c
[   30.529427] raw: ffffea0006bcc820 ffffea0006bcbba0 ffff8801dac007c0 0000000000000000
[   30.537286] page dumped because: kasan: bad access detected
[   30.542969] 
[   30.544568] Memory state around the buggy address:
[   30.549470]  ffff8801af2dc080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.556810]  ffff8801af2dc100: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   30.564154] >ffff8801af2dc180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   30.571489]                                            ^
[   30.576909]  ffff8801af2dc200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   30.584239]  ffff8801af2dc280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.591567] ==================================================================
[   30.598895] Disabling lock debugging due to kernel taint
[   30.604373] Kernel panic - not syncing: panic_on_warn set ...
[   30.604373] 
[   30.611734] CPU: 1 PID: 4298 Comm: syz-executor0 Tainted: G    B            4.16.0-rc5+ #263
[   30.620279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   30.629611] Call Trace:
[   30.632174]  dump_stack+0x194/0x24d
[   30.635777]  ? arch_local_irq_restore+0x53/0x53
[   30.640428]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.645158]  ? vsnprintf+0x1ed/0x1900
[   30.648929]  ? ucma_close+0x210/0x2f0
[   30.652699]  panic+0x1e4/0x41c
[   30.655862]  ? refcount_error_report+0x214/0x214
[   30.660589]  ? add_taint+0x1c/0x50
[   30.664099]  ? add_taint+0x1c/0x50
[   30.667611]  ? ucma_close+0x2d7/0x2f0
[   30.671406]  kasan_end_report+0x50/0x50
[   30.675361]  kasan_report+0x149/0x360
[   30.679134]  __asan_report_load8_noabort+0x14/0x20
[   30.684033]  ucma_close+0x2d7/0x2f0
[   30.687640]  ? __might_sleep+0x95/0x190
[   30.691585]  ? ucma_free_ctx+0xd90/0xd90
[   30.695619]  __fput+0x327/0x7e0
[   30.698875]  ? fput+0x140/0x140
[   30.702126]  ? _raw_spin_unlock_irq+0x27/0x70
[   30.706595]  ____fput+0x15/0x20
[   30.709847]  task_work_run+0x199/0x270
[   30.713707]  ? task_work_cancel+0x210/0x210
[   30.718010]  ? _raw_spin_unlock+0x22/0x30
[   30.722128]  ? switch_task_namespaces+0x87/0xc0
[   30.726766]  do_exit+0x9bb/0x1ad0
[   30.730190]  ? ucma_create_id+0x45b/0x620
[   30.734309]  ? mm_update_next_owner+0x930/0x930
[   30.738951]  ? ucma_create_id+0x17b/0x620
[   30.743073]  ? ucma_get_event+0xa90/0xa90
[   30.747197]  ? __might_sleep+0x95/0x190
[   30.751146]  ? kasan_check_write+0x14/0x20
[   30.755362]  ? _copy_from_user+0x99/0x110
[   30.759490]  ? ucma_write+0x11f/0x3d0
[   30.763257]  ? ucma_get_event+0xa90/0xa90
[   30.767373]  ? ucma_resolve_route+0x1a0/0x1a0
[   30.771850]  ? ucma_resolve_route+0x1a0/0x1a0
[   30.776318]  ? __vfs_write+0xf7/0x970
[   30.780090]  ? rcu_note_context_switch+0x710/0x710
[   30.784998]  ? kernel_read+0x120/0x120
[   30.788856]  ? __might_sleep+0x95/0x190
[   30.792801]  ? _cond_resched+0x14/0x30
[   30.796661]  ? __inode_security_revalidate+0xd9/0x130
[   30.801819]  ? avc_policy_seqno+0x9/0x20
[   30.805858]  ? security_file_permission+0x89/0x1e0
[   30.810768]  ? compat_SyS_futex+0x288/0x380
[   30.815055]  ? vfs_write+0x224/0x510
[   30.818742]  do_group_exit+0x149/0x400
[   30.822598]  ? compat_SyS_get_robust_list+0x300/0x300
[   30.827756]  ? SyS_write+0x184/0x220
[   30.831449]  ? __do_page_fault+0x3d6/0xc90
[   30.835652]  ? SyS_exit+0x30/0x30
[   30.839076]  ? SyS_read+0x220/0x220
[   30.842674]  ? do_fast_syscall_32+0x156/0xf9f
[   30.847140]  ? do_group_exit+0x400/0x400
[   30.851174]  SyS_exit_group+0x1d/0x20
[   30.854945]  do_fast_syscall_32+0x3ec/0xf9f
[   30.859237]  ? do_int80_syscall_32+0x9c0/0x9c0
[   30.863790]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   30.868519]  ? syscall_return_slowpath+0x2ac/0x550
[   30.873419]  ? prepare_exit_to_usermode+0x350/0x350
[   30.878407]  ? sysret32_from_system_call+0x5/0x3c
[   30.883223]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   30.888057]  entry_SYSENTER_compat+0x70/0x7f
[   30.892453] RIP: 0023:0xf7f2cc99
[   30.895801] RSP: 002b:00000000ff9d630c EFLAGS: 00000282 ORIG_RAX: 00000000000000fc
[   30.903499] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[   30.910754] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   30.917997] RBP: 00000000080a2c25 R08: 0000000000000000 R09: 0000000000000000
[   30.925245] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   30.932483] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   30.940412] Dumping ftrace buffer:
[   30.943927]    (ftrace buffer empty)
[   30.947613] Kernel Offset: disabled
[   30.951215] Rebooting in 86400 seconds..