[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   18.543928] audit: type=1400 audit(1520856184.489:6): avc:  denied  { map } for  pid=4091 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.16' (ECDSA) to the list of known hosts.
syzkaller login: [   24.899187] audit: type=1400 audit(1520856190.844:7): avc:  denied  { map } for  pid=4105 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/03/12 12:03:11 parsed 1 programs
2018/03/12 12:03:11 executed programs: 0
[   25.159629] audit: type=1400 audit(1520856191.105:8): avc:  denied  { map } for  pid=4105 comm="syz-execprog" path="/root/syzkaller-shm011926271" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   25.173261] IPVS: ftp: loaded support on port[0] = 21
[   25.218284] ==================================================================
[   25.225717] BUG: KASAN: use-after-free in ucma_close+0x2d7/0x2f0
[   25.231845] Read of size 8 at addr ffff8801cbb2ac40 by task syz-executor0/4113
[   25.239183] 
[   25.240793] CPU: 0 PID: 4113 Comm: syz-executor0 Not tainted 4.16.0-rc5+ #261
[   25.248045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.257383] Call Trace:
[   25.259949]  dump_stack+0x194/0x24d
[   25.263559]  ? arch_local_irq_restore+0x53/0x53
[   25.268207]  ? show_regs_print_info+0x18/0x18
[   25.272676]  ? save_stack+0xa3/0xd0
[   25.276285]  ? ucma_close+0x2d7/0x2f0
[   25.280072]  print_address_description+0x73/0x250
[   25.284909]  ? ucma_close+0x2d7/0x2f0
[   25.288690]  kasan_report+0x23c/0x360
[   25.292483]  __asan_report_load8_noabort+0x14/0x20
[   25.297391]  ucma_close+0x2d7/0x2f0
[   25.300994]  ? __might_sleep+0x95/0x190
[   25.304952]  ? ucma_free_ctx+0xd90/0xd90
[   25.308988]  __fput+0x327/0x7e0
[   25.312251]  ? fput+0x140/0x140
[   25.315509]  ? _raw_spin_unlock_irq+0x27/0x70
[   25.319992]  ____fput+0x15/0x20
[   25.323250]  task_work_run+0x199/0x270
[   25.327122]  ? task_work_cancel+0x210/0x210
[   25.331428]  ? _raw_spin_unlock+0x22/0x30
[   25.335557]  ? switch_task_namespaces+0x87/0xc0
[   25.340216]  do_exit+0x9bb/0x1ad0
[   25.343651]  ? ucma_create_id+0x45b/0x620
[   25.347781]  ? mm_update_next_owner+0x930/0x930
[   25.352426]  ? ucma_create_id+0x17b/0x620
[   25.356555]  ? ucma_get_event+0xa90/0xa90
[   25.360684]  ? __might_sleep+0x95/0x190
[   25.364645]  ? kasan_check_write+0x14/0x20
[   25.368854]  ? _copy_from_user+0x99/0x110
[   25.372980]  ? ucma_write+0x11f/0x3d0
[   25.376757]  ? ucma_get_event+0xa90/0xa90
[   25.380895]  ? ucma_resolve_route+0x1a0/0x1a0
[   25.385380]  ? ucma_resolve_route+0x1a0/0x1a0
[   25.389860]  ? __vfs_write+0xf7/0x970
[   25.393641]  ? rcu_note_context_switch+0x710/0x710
[   25.398551]  ? kernel_read+0x120/0x120
[   25.402415]  ? __might_sleep+0x95/0x190
[   25.406369]  ? _cond_resched+0x14/0x30
[   25.410240]  ? __inode_security_revalidate+0xd9/0x130
[   25.415406]  ? avc_policy_seqno+0x9/0x20
[   25.419452]  ? security_file_permission+0x89/0x1e0
[   25.424378]  ? compat_SyS_futex+0x288/0x380
[   25.428762]  ? vfs_write+0x224/0x510
[   25.432459]  do_group_exit+0x149/0x400
[   25.436507]  ? compat_SyS_get_robust_list+0x300/0x300
[   25.441672]  ? SyS_write+0x184/0x220
[   25.445364]  ? __do_page_fault+0x3d6/0xc90
[   25.449578]  ? SyS_exit+0x30/0x30
[   25.453009]  ? SyS_read+0x220/0x220
[   25.456623]  ? do_fast_syscall_32+0x156/0xf9f
[   25.461098]  ? do_group_exit+0x400/0x400
[   25.465143]  SyS_exit_group+0x1d/0x20
[   25.468925]  do_fast_syscall_32+0x3ec/0xf9f
[   25.473227]  ? do_int80_syscall_32+0x9c0/0x9c0
[   25.477881]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.482619]  ? syscall_return_slowpath+0x2ac/0x550
[   25.487540]  ? prepare_exit_to_usermode+0x350/0x350
[   25.492541]  ? sysret32_from_system_call+0x5/0x3c
[   25.497373]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   25.502223]  entry_SYSENTER_compat+0x70/0x7f
[   25.506608] RIP: 0023:0xf7fd2c99
[   25.509947] RSP: 002b:00000000ffd718ac EFLAGS: 00000286 ORIG_RAX: 00000000000000fc
[   25.517629] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[   25.524875] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   25.532126] RBP: 00000000080a2c25 R08: 0000000000000000 R09: 0000000000000000
[   25.539380] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   25.546640] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   25.553918] 
[   25.555527] Allocated by task 4113:
[   25.559134]  save_stack+0x43/0xd0
[   25.562570]  kasan_kmalloc+0xad/0xe0
[   25.566272]  kmem_cache_alloc_trace+0x136/0x740
[   25.570916]  ucma_alloc_ctx+0xce/0x610
[   25.574782]  ucma_create_id+0x205/0x620
[   25.578730]  ucma_write+0x2d6/0x3d0
[   25.582342]  __vfs_write+0xef/0x970
[   25.585945]  vfs_write+0x189/0x510
[   25.589458]  SyS_write+0xef/0x220
[   25.592885]  do_fast_syscall_32+0x3ec/0xf9f
[   25.597182]  entry_SYSENTER_compat+0x70/0x7f
[   25.601559] 
[   25.603164] Freed by task 4113:
[   25.606417]  save_stack+0x43/0xd0
[   25.609850]  __kasan_slab_free+0x11a/0x170
[   25.614063]  kasan_slab_free+0xe/0x10
[   25.617841]  kfree+0xd9/0x260
[   25.620919]  ucma_create_id+0x45b/0x620
[   25.624869]  ucma_write+0x2d6/0x3d0
[   25.628470]  __vfs_write+0xef/0x970
[   25.632266]  vfs_write+0x189/0x510
[   25.635782]  SyS_write+0xef/0x220
[   25.639212]  do_fast_syscall_32+0x3ec/0xf9f
[   25.643520]  entry_SYSENTER_compat+0x70/0x7f
[   25.647904] 
[   25.649507] The buggy address belongs to the object at ffff8801cbb2abc0
[   25.649507]  which belongs to the cache kmalloc-256 of size 256
[   25.662142] The buggy address is located 128 bytes inside of
[   25.662142]  256-byte region [ffff8801cbb2abc0, ffff8801cbb2acc0)
[   25.673992] The buggy address belongs to the page:
[   25.678911] page:ffffea00072eca80 count:1 mapcount:0 mapping:ffff8801cbb2a080 index:0xffff8801cbb2a080
[   25.688342] flags: 0x2fffc0000000100(slab)
[   25.692554] raw: 02fffc0000000100 ffff8801cbb2a080 ffff8801cbb2a080 0000000100000008
[   25.700411] raw: ffffea00072e6d60 ffffea000730cf20 ffff8801dac007c0 0000000000000000
[   25.708269] page dumped because: kasan: bad access detected
[   25.713952] 
[   25.715559] Memory state around the buggy address:
[   25.720463]  ffff8801cbb2ab00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.727798]  ffff8801cbb2ab80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   25.735144] >ffff8801cbb2ac00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.742478]                                            ^
[   25.747906]  ffff8801cbb2ac80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   25.755240]  ffff8801cbb2ad00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.762571] ==================================================================
[   25.770000] Disabling lock debugging due to kernel taint
[   25.775513] Kernel panic - not syncing: panic_on_warn set ...
[   25.775513] 
[   25.782874] CPU: 0 PID: 4113 Comm: syz-executor0 Tainted: G    B            4.16.0-rc5+ #261
[   25.791423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.800760] Call Trace:
[   25.803325]  dump_stack+0x194/0x24d
[   25.806924]  ? arch_local_irq_restore+0x53/0x53
[   25.811567]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.816294]  ? vsnprintf+0x1ed/0x1900
[   25.820066]  ? ucma_close+0x240/0x2f0
[   25.823848]  panic+0x1e4/0x41c
[   25.827017]  ? refcount_error_report+0x214/0x214
[   25.831757]  ? add_taint+0x1c/0x50
[   25.835283]  ? add_taint+0x1c/0x50
[   25.838799]  ? ucma_close+0x2d7/0x2f0
[   25.842577]  kasan_end_report+0x50/0x50
[   25.846525]  kasan_report+0x149/0x360
[   25.850300]  __asan_report_load8_noabort+0x14/0x20
[   25.855203]  ucma_close+0x2d7/0x2f0
[   25.858805]  ? __might_sleep+0x95/0x190
[   25.862751]  ? ucma_free_ctx+0xd90/0xd90
[   25.866785]  __fput+0x327/0x7e0
[   25.870049]  ? fput+0x140/0x140
[   25.873317]  ? _raw_spin_unlock_irq+0x27/0x70
[   25.877788]  ____fput+0x15/0x20
[   25.881044]  task_work_run+0x199/0x270
[   25.884905]  ? task_work_cancel+0x210/0x210
[   25.889199]  ? _raw_spin_unlock+0x22/0x30
[   25.893321]  ? switch_task_namespaces+0x87/0xc0
[   25.897973]  do_exit+0x9bb/0x1ad0
[   25.901396]  ? ucma_create_id+0x45b/0x620
[   25.905525]  ? mm_update_next_owner+0x930/0x930
[   25.910168]  ? ucma_create_id+0x17b/0x620
[   25.914288]  ? ucma_get_event+0xa90/0xa90
[   25.918409]  ? __might_sleep+0x95/0x190
[   25.922357]  ? kasan_check_write+0x14/0x20
[   25.926572]  ? _copy_from_user+0x99/0x110
[   25.930694]  ? ucma_write+0x11f/0x3d0
[   25.934465]  ? ucma_get_event+0xa90/0xa90
[   25.938583]  ? ucma_resolve_route+0x1a0/0x1a0
[   25.943054]  ? ucma_resolve_route+0x1a0/0x1a0
[   25.947530]  ? __vfs_write+0xf7/0x970
[   25.951302]  ? rcu_note_context_switch+0x710/0x710
[   25.956203]  ? kernel_read+0x120/0x120
[   25.960062]  ? __might_sleep+0x95/0x190
[   25.964016]  ? _cond_resched+0x14/0x30
[   25.967890]  ? __inode_security_revalidate+0xd9/0x130
[   25.973055]  ? avc_policy_seqno+0x9/0x20
[   25.977092]  ? security_file_permission+0x89/0x1e0
[   25.982000]  ? compat_SyS_futex+0x288/0x380
[   25.986305]  ? vfs_write+0x224/0x510
[   25.989994]  do_group_exit+0x149/0x400
[   25.993857]  ? compat_SyS_get_robust_list+0x300/0x300
[   25.999023]  ? SyS_write+0x184/0x220
[   26.002718]  ? __do_page_fault+0x3d6/0xc90
[   26.006928]  ? SyS_exit+0x30/0x30
[   26.010351]  ? SyS_read+0x220/0x220
[   26.013953]  ? do_fast_syscall_32+0x156/0xf9f
[   26.018428]  ? do_group_exit+0x400/0x400
[   26.022466]  SyS_exit_group+0x1d/0x20
[   26.026246]  do_fast_syscall_32+0x3ec/0xf9f
[   26.030544]  ? do_int80_syscall_32+0x9c0/0x9c0
[   26.035098]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   26.039828]  ? syscall_return_slowpath+0x2ac/0x550
[   26.044741]  ? prepare_exit_to_usermode+0x350/0x350
[   26.049741]  ? sysret32_from_system_call+0x5/0x3c
[   26.054558]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   26.059386]  entry_SYSENTER_compat+0x70/0x7f
[   26.063765] RIP: 0023:0xf7fd2c99
[   26.067109] RSP: 002b:00000000ffd718ac EFLAGS: 00000286 ORIG_RAX: 00000000000000fc
[   26.074789] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[   26.082033] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   26.089282] RBP: 00000000080a2c25 R08: 0000000000000000 R09: 0000000000000000
[   26.096537] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   26.103782] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   26.111085] Dumping ftrace buffer:
[   26.114601]    (ftrace buffer empty)
[   26.118283] Kernel Offset: disabled
[   26.121883] Rebooting in 86400 seconds..