[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   20.351982] audit: type=1400 audit(1520883997.685:6): avc:  denied  { map } for  pid=4256 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.43' (ECDSA) to the list of known hosts.
syzkaller login: [   26.657681] audit: type=1400 audit(1520884003.991:7): avc:  denied  { map } for  pid=4270 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/03/12 19:46:44 parsed 1 programs
2018/03/12 19:46:44 executed programs: 0
[   26.911113] audit: type=1400 audit(1520884004.244:8): avc:  denied  { map } for  pid=4270 comm="syz-execprog" path="/root/syzkaller-shm961290833" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   26.925726] IPVS: ftp: loaded support on port[0] = 21
[   26.969957] ==================================================================
[   26.977425] BUG: KASAN: use-after-free in ucma_close+0x2d7/0x2f0
[   26.983545] Read of size 8 at addr ffff8801afc75080 by task syz-executor0/4278
[   26.990877] 
[   26.992490] CPU: 1 PID: 4278 Comm: syz-executor0 Not tainted 4.16.0-rc5+ #261
[   26.999736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.009065] Call Trace:
[   27.011637]  dump_stack+0x194/0x24d
[   27.015243]  ? arch_local_irq_restore+0x53/0x53
[   27.019887]  ? show_regs_print_info+0x18/0x18
[   27.024356]  ? save_stack+0xa3/0xd0
[   27.027964]  ? ucma_close+0x2d7/0x2f0
[   27.031741]  print_address_description+0x73/0x250
[   27.036560]  ? ucma_close+0x2d7/0x2f0
[   27.040339]  kasan_report+0x23c/0x360
[   27.044118]  __asan_report_load8_noabort+0x14/0x20
[   27.049031]  ucma_close+0x2d7/0x2f0
[   27.052641]  ? __might_sleep+0x95/0x190
[   27.056590]  ? ucma_free_ctx+0xd90/0xd90
[   27.060627]  __fput+0x327/0x7e0
[   27.063895]  ? fput+0x140/0x140
[   27.067153]  ? _raw_spin_unlock_irq+0x27/0x70
[   27.071626]  ____fput+0x15/0x20
[   27.074881]  task_work_run+0x199/0x270
[   27.078757]  ? task_work_cancel+0x210/0x210
[   27.083059]  ? _raw_spin_unlock+0x22/0x30
[   27.087190]  ? switch_task_namespaces+0x87/0xc0
[   27.091845]  do_exit+0x9bb/0x1ad0
[   27.095273]  ? ucma_create_id+0x45b/0x620
[   27.099398]  ? mm_update_next_owner+0x930/0x930
[   27.104055]  ? ucma_create_id+0x17b/0x620
[   27.108196]  ? ucma_get_event+0xa90/0xa90
[   27.112346]  ? __might_sleep+0x95/0x190
[   27.116303]  ? kasan_check_write+0x14/0x20
[   27.120514]  ? _copy_from_user+0x99/0x110
[   27.124639]  ? ucma_write+0x11f/0x3d0
[   27.128416]  ? ucma_get_event+0xa90/0xa90
[   27.132540]  ? ucma_resolve_route+0x1a0/0x1a0
[   27.137018]  ? ucma_resolve_route+0x1a0/0x1a0
[   27.141490]  ? __vfs_write+0xf7/0x970
[   27.145265]  ? rcu_note_context_switch+0x710/0x710
[   27.150170]  ? kernel_read+0x120/0x120
[   27.154052]  ? __might_sleep+0x95/0x190
[   27.158003]  ? _cond_resched+0x14/0x30
[   27.161866]  ? __inode_security_revalidate+0xd9/0x130
[   27.167078]  ? avc_policy_seqno+0x9/0x20
[   27.171129]  ? security_file_permission+0x89/0x1e0
[   27.176056]  ? compat_SyS_futex+0x288/0x380
[   27.180355]  ? vfs_write+0x224/0x510
[   27.184058]  do_group_exit+0x149/0x400
[   27.187925]  ? compat_SyS_get_robust_list+0x300/0x300
[   27.193087]  ? SyS_write+0x184/0x220
[   27.196772]  ? __do_page_fault+0x3d6/0xc90
[   27.200982]  ? SyS_exit+0x30/0x30
[   27.204411]  ? SyS_read+0x220/0x220
[   27.208020]  ? do_fast_syscall_32+0x156/0xf9f
[   27.212501]  ? do_group_exit+0x400/0x400
[   27.216537]  SyS_exit_group+0x1d/0x20
[   27.220311]  do_fast_syscall_32+0x3ec/0xf9f
[   27.224612]  ? do_int80_syscall_32+0x9c0/0x9c0
[   27.229168]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   27.233909]  ? syscall_return_slowpath+0x2ac/0x550
[   27.238813]  ? prepare_exit_to_usermode+0x350/0x350
[   27.243816]  ? sysret32_from_system_call+0x5/0x3c
[   27.248638]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.253478]  entry_SYSENTER_compat+0x70/0x7f
[   27.257870] RIP: 0023:0xf7f54c99
[   27.261213] RSP: 002b:00000000ff92879c EFLAGS: 00000282 ORIG_RAX: 00000000000000fc
[   27.268893] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[   27.276225] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   27.283468] RBP: 00000000080a2c25 R08: 0000000000000000 R09: 0000000000000000
[   27.290714] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   27.297965] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   27.305225] 
[   27.306828] Allocated by task 4278:
[   27.310438]  save_stack+0x43/0xd0
[   27.313872]  kasan_kmalloc+0xad/0xe0
[   27.317560]  kmem_cache_alloc_trace+0x136/0x740
[   27.322201]  ucma_alloc_ctx+0xce/0x610
[   27.326060]  ucma_create_id+0x205/0x620
[   27.330004]  ucma_write+0x2d6/0x3d0
[   27.333602]  __vfs_write+0xef/0x970
[   27.337202]  vfs_write+0x189/0x510
[   27.340712]  SyS_write+0xef/0x220
[   27.344141]  do_fast_syscall_32+0x3ec/0xf9f
[   27.348436]  entry_SYSENTER_compat+0x70/0x7f
[   27.352812] 
[   27.354410] Freed by task 4278:
[   27.357661]  save_stack+0x43/0xd0
[   27.361083]  __kasan_slab_free+0x11a/0x170
[   27.365298]  kasan_slab_free+0xe/0x10
[   27.369077]  kfree+0xd9/0x260
[   27.372166]  ucma_create_id+0x45b/0x620
[   27.376122]  ucma_write+0x2d6/0x3d0
[   27.379719]  __vfs_write+0xef/0x970
[   27.383319]  vfs_write+0x189/0x510
[   27.386830]  SyS_write+0xef/0x220
[   27.390256]  do_fast_syscall_32+0x3ec/0xf9f
[   27.394551]  entry_SYSENTER_compat+0x70/0x7f
[   27.398930] 
[   27.400531] The buggy address belongs to the object at ffff8801afc75000
[   27.400531]  which belongs to the cache kmalloc-256 of size 256
[   27.413185] The buggy address is located 128 bytes inside of
[   27.413185]  256-byte region [ffff8801afc75000, ffff8801afc75100)
[   27.425032] The buggy address belongs to the page:
[   27.430110] page:ffffea0006bf1d40 count:1 mapcount:0 mapping:ffff8801afc75000 index:0x0
[   27.438234] flags: 0x2fffc0000000100(slab)
[   27.442452] raw: 02fffc0000000100 ffff8801afc75000 0000000000000000 000000010000000c
[   27.450314] raw: ffffea0006be2520 ffffea0006bf8e60 ffff8801dac007c0 0000000000000000
[   27.458188] page dumped because: kasan: bad access detected
[   27.463870] 
[   27.465469] Memory state around the buggy address:
[   27.470369]  ffff8801afc74f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.477701]  ffff8801afc75000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.485034] >ffff8801afc75080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.492363]                    ^
[   27.495704]  ffff8801afc75100: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[   27.503034]  ffff8801afc75180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   27.510361] ==================================================================
[   27.517689] Disabling lock debugging due to kernel taint
[   27.523154] Kernel panic - not syncing: panic_on_warn set ...
[   27.523154] 
[   27.530503] CPU: 1 PID: 4278 Comm: syz-executor0 Tainted: G    B            4.16.0-rc5+ #261
[   27.539050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.548383] Call Trace:
[   27.550944]  dump_stack+0x194/0x24d
[   27.554545]  ? arch_local_irq_restore+0x53/0x53
[   27.559189]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   27.563914]  ? vsnprintf+0x1ed/0x1900
[   27.567686]  ? ucma_close+0x240/0x2f0
[   27.571468]  panic+0x1e4/0x41c
[   27.574631]  ? refcount_error_report+0x214/0x214
[   27.579357]  ? add_taint+0x1c/0x50
[   27.582870]  ? add_taint+0x1c/0x50
[   27.586383]  ? ucma_close+0x2d7/0x2f0
[   27.590156]  kasan_end_report+0x50/0x50
[   27.594103]  kasan_report+0x149/0x360
[   27.597877]  __asan_report_load8_noabort+0x14/0x20
[   27.602774]  ucma_close+0x2d7/0x2f0
[   27.606372]  ? __might_sleep+0x95/0x190
[   27.610317]  ? ucma_free_ctx+0xd90/0xd90
[   27.614351]  __fput+0x327/0x7e0
[   27.617607]  ? fput+0x140/0x140
[   27.620865]  ? _raw_spin_unlock_irq+0x27/0x70
[   27.625332]  ____fput+0x15/0x20
[   27.629201]  task_work_run+0x199/0x270
[   27.633060]  ? task_work_cancel+0x210/0x210
[   27.637352]  ? _raw_spin_unlock+0x22/0x30
[   27.641469]  ? switch_task_namespaces+0x87/0xc0
[   27.646111]  do_exit+0x9bb/0x1ad0
[   27.649545]  ? ucma_create_id+0x45b/0x620
[   27.653665]  ? mm_update_next_owner+0x930/0x930
[   27.658313]  ? ucma_create_id+0x17b/0x620
[   27.662430]  ? ucma_get_event+0xa90/0xa90
[   27.666554]  ? __might_sleep+0x95/0x190
[   27.670510]  ? kasan_check_write+0x14/0x20
[   27.674726]  ? _copy_from_user+0x99/0x110
[   27.678845]  ? ucma_write+0x11f/0x3d0
[   27.682614]  ? ucma_get_event+0xa90/0xa90
[   27.686731]  ? ucma_resolve_route+0x1a0/0x1a0
[   27.691201]  ? ucma_resolve_route+0x1a0/0x1a0
[   27.695664]  ? __vfs_write+0xf7/0x970
[   27.699446]  ? rcu_note_context_switch+0x710/0x710
[   27.704348]  ? kernel_read+0x120/0x120
[   27.708204]  ? __might_sleep+0x95/0x190
[   27.712153]  ? _cond_resched+0x14/0x30
[   27.716018]  ? __inode_security_revalidate+0xd9/0x130
[   27.721181]  ? avc_policy_seqno+0x9/0x20
[   27.725217]  ? security_file_permission+0x89/0x1e0
[   27.730119]  ? compat_SyS_futex+0x288/0x380
[   27.734411]  ? vfs_write+0x224/0x510
[   27.738099]  do_group_exit+0x149/0x400
[   27.741964]  ? compat_SyS_get_robust_list+0x300/0x300
[   27.747123]  ? SyS_write+0x184/0x220
[   27.750806]  ? __do_page_fault+0x3d6/0xc90
[   27.755013]  ? SyS_exit+0x30/0x30
[   27.758438]  ? SyS_read+0x220/0x220
[   27.762038]  ? do_fast_syscall_32+0x156/0xf9f
[   27.766502]  ? do_group_exit+0x400/0x400
[   27.770532]  SyS_exit_group+0x1d/0x20
[   27.774302]  do_fast_syscall_32+0x3ec/0xf9f
[   27.778605]  ? do_int80_syscall_32+0x9c0/0x9c0
[   27.783168]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   27.787896]  ? syscall_return_slowpath+0x2ac/0x550
[   27.792795]  ? prepare_exit_to_usermode+0x350/0x350
[   27.797784]  ? sysret32_from_system_call+0x5/0x3c
[   27.802600]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   27.807417]  entry_SYSENTER_compat+0x70/0x7f
[   27.811794] RIP: 0023:0xf7f54c99
[   27.815128] RSP: 002b:00000000ff92879c EFLAGS: 00000282 ORIG_RAX: 00000000000000fc
[   27.822816] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[   27.830066] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   27.837315] RBP: 00000000080a2c25 R08: 0000000000000000 R09: 0000000000000000
[   27.844563] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   27.851812] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   27.859494] Dumping ftrace buffer:
[   27.863013]    (ftrace buffer empty)
[   27.866710] Kernel Offset: disabled
[   27.870311] Rebooting in 86400 seconds..