[....] Starting enhanced syslogd: rsyslogd[   12.491753] audit: type=1400 audit(1516486002.999:5): avc:  denied  { syslog } for  pid=3508 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.975115] audit: type=1400 audit(1516486009.482:6): avc:  denied  { map } for  pid=3649 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts.
[   50.793301] audit: type=1400 audit(1516486041.301:7): avc:  denied  { map } for  pid=3666 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2018/01/20 22:07:21 parsed 1 programs
2018/01/20 22:07:21 executed programs: 0
[   50.999642] audit: type=1400 audit(1516486041.505:8): avc:  denied  { map } for  pid=3666 comm="syz-execprog" path="/root/syzkaller-shm919508692" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   51.051439] audit: type=1400 audit(1516486041.559:9): avc:  denied  { sys_admin } for  pid=3671 comm="syz-executor5" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   51.098613] audit: type=1400 audit(1516486041.606:10): avc:  denied  { sys_chroot } for  pid=3682 comm="syz-executor3" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
2018/01/20 22:07:26 executed programs: 712
[   59.965086] ==================================================================
[   59.972504] BUG: KASAN: use-after-free in __lock_acquire+0x3d4d/0x3e00
[   59.979160] Read of size 8 at addr ffff8801c6eff720 by task syz-executor1/10681
[   59.986587] 
[   59.988201] CPU: 0 PID: 10681 Comm: syz-executor1 Not tainted 4.15.0-rc8-next-20180119+ #102
[   59.996755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.006091] Call Trace:
[   60.008658]  dump_stack+0x194/0x257
[   60.012272]  ? arch_local_irq_restore+0x53/0x53
[   60.016923]  ? show_regs_print_info+0x18/0x18
[   60.021394]  ? __lock_acquire+0x3d4d/0x3e00
[   60.025688]  print_address_description+0x73/0x250
[   60.030502]  ? __lock_acquire+0x3d4d/0x3e00
[   60.034804]  kasan_report+0x23b/0x360
[   60.038576]  __asan_report_load8_noabort+0x14/0x20
[   60.043480]  __lock_acquire+0x3d4d/0x3e00
[   60.047603]  ? remove_wait_queue+0x81/0x350
[   60.051900]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   60.057058]  ? lock_downgrade+0x980/0x980
[   60.061180]  ? __schedule+0x2060/0x2060
[   60.065128]  ? find_held_lock+0x35/0x1d0
[   60.069161]  ? wait_for_completion+0xe0/0x770
[   60.073629]  ? lock_downgrade+0x980/0x980
[   60.077748]  ? lock_release+0xa40/0xa40
[   60.081692]  ? usleep_range+0x190/0x190
[   60.085640]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   60.091495]  ? do_raw_spin_trylock+0x190/0x190
[   60.096053]  ? _raw_spin_unlock_irq+0x27/0x70
[   60.100530]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   60.105522]  ? trace_hardirqs_on+0xd/0x10
[   60.109649]  ? _raw_spin_unlock_irq+0x27/0x70
[   60.114114]  ? wait_for_completion+0xe0/0x770
[   60.118579]  ? wait_for_completion_interruptible+0x7e0/0x7e0
[   60.124349]  ? __lockdep_init_map+0xe4/0x650
[   60.128745]  ? llist_add_batch+0xf3/0x180
[   60.132865]  lock_acquire+0x1d5/0x580
[   60.136640]  ? lock_acquire+0x1d5/0x580
[   60.140591]  ? remove_wait_queue+0x81/0x350
[   60.144883]  ? wake_up_process+0x10/0x20
[   60.148917]  ? lock_release+0xa40/0xa40
[   60.152870]  ? vhost_work_queue+0xc0/0xc0
[   60.156990]  ? vhost_poll_stop+0x90/0x90
[   60.161033]  ? wait_for_completion+0x770/0x770
[   60.165586]  _raw_spin_lock_irqsave+0x96/0xc0
[   60.170061]  ? remove_wait_queue+0x81/0x350
[   60.174357]  remove_wait_queue+0x81/0x350
[   60.178476]  ? add_wait_queue+0x290/0x290
[   60.182601]  ? vhost_poll_flush+0x3f/0x60
[   60.186724]  ? vhost_net_flush+0x209/0x2a0
[   60.190933]  vhost_dev_stop+0x15c/0x2a0
[   60.194879]  ? vhost_net_compat_ioctl+0x30/0x30
[   60.199521]  vhost_net_release+0x6e/0x190
[   60.203640]  __fput+0x327/0x7e0
[   60.206892]  ? fput+0x140/0x140
[   60.210144]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   60.216004]  ? _raw_spin_unlock_irq+0x27/0x70
[   60.220479]  ____fput+0x15/0x20
[   60.223729]  task_work_run+0x199/0x270
[   60.227593]  ? task_work_cancel+0x210/0x210
[   60.231893]  ? _raw_spin_unlock+0x22/0x30
[   60.236021]  ? switch_task_namespaces+0x87/0xc0
[   60.240681]  do_exit+0x9bb/0x1ad0
[   60.244108]  ? mm_update_next_owner+0x930/0x930
[   60.248752]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   60.253915]  ? __might_sleep+0x95/0x190
[   60.257867]  ? find_held_lock+0x35/0x1d0
[   60.261912]  ? futex_wait+0x402/0x9a0
[   60.265692]  ? lock_downgrade+0x980/0x980
[   60.269811]  ? __unqueue_futex+0x1c0/0x290
[   60.274020]  ? lock_release+0xa40/0xa40
[   60.277972]  ? fault_in_user_writeable+0x90/0x90
[   60.282709]  ? do_raw_spin_trylock+0x190/0x190
[   60.287272]  ? futex_wake+0x680/0x680
[   60.291048]  ? mmdrop+0x18/0x30
[   60.294300]  ? check_noncircular+0x20/0x20
[   60.298511]  ? futex_wait+0x6a9/0x9a0
[   60.302292]  ? memset+0x31/0x40
[   60.305544]  ? find_held_lock+0x35/0x1d0
[   60.309578]  ? get_signal+0x7a9/0x16d0
[   60.313436]  ? lock_downgrade+0x980/0x980
[   60.317564]  do_group_exit+0x149/0x400
[   60.321429]  ? do_raw_spin_trylock+0x190/0x190
[   60.325991]  ? SyS_exit+0x30/0x30
[   60.329418]  ? _raw_spin_unlock_irq+0x27/0x70
[   60.333883]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   60.338877]  get_signal+0x73a/0x16d0
[   60.342566]  ? ptrace_notify+0x130/0x130
[   60.346613]  ? exit_robust_list+0x240/0x240
[   60.350910]  ? __sched_text_start+0x8/0x8
[   60.355033]  ? SyS_membarrier+0x600/0x600
[   60.359152]  ? check_noncircular+0x20/0x20
[   60.363355]  ? kmem_cache_alloc+0x466/0x760
[   60.367646]  ? __raw_spin_lock_init+0x1c/0x100
[   60.372201]  do_signal+0x90/0x1eb0
[   60.375715]  ? setup_sigcontext+0x7d0/0x7d0
[   60.380011]  ? schedule+0xf5/0x430
[   60.383529]  ? __schedule+0x2060/0x2060
[   60.387479]  ? exit_to_usermode_loop+0x8c/0x2f0
[   60.392119]  exit_to_usermode_loop+0x258/0x2f0
[   60.396674]  ? compat_SyS_epoll_pwait+0x4f0/0x4f0
[   60.401488]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   60.406996]  syscall_return_slowpath+0x490/0x550
[   60.411726]  ? prepare_exit_to_usermode+0x340/0x340
[   60.416716]  ? entry_SYSCALL_64_fastpath+0x73/0xa0
[   60.421618]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   60.426607]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   60.431336]  entry_SYSCALL_64_fastpath+0x9e/0xa0
[   60.436065] RIP: 0033:0x452ee9
[   60.439226] RSP: 002b:00007fd373eb2ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   60.446912] RAX: fffffffffffffe00 RBX: 000000000071c038 RCX: 0000000000452ee9
[   60.454154] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000071c038
[   60.461396] RBP: 000000000071c038 R08: 0000000000000000 R09: 000000000071c010
[   60.468636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   60.475876] R13: 0000000000a2f7cf R14: 00007fd373eb39c0 R15: 0000000000000004
[   60.483121] 
[   60.484718] Allocated by task 10654:
[   60.488411]  save_stack+0x43/0xd0
[   60.491841]  kasan_kmalloc+0xad/0xe0
[   60.495526]  kmem_cache_alloc_trace+0x136/0x750
[   60.500162]  eventfd_file_create.part.3+0x96/0x250
[   60.505058]  SyS_eventfd+0x2c/0x80
[   60.508571]  entry_SYSCALL_64_fastpath+0x29/0xa0
[   60.513291] 
[   60.514884] Freed by task 10681:
[   60.518219]  save_stack+0x43/0xd0
[   60.521643]  __kasan_slab_free+0x11a/0x170
[   60.525843]  kasan_slab_free+0xe/0x10
[   60.529609]  kfree+0xd9/0x260
[   60.532681]  eventfd_ctx_put+0x26/0x30
[   60.536536]  eventfd_release+0x52/0x60
[   60.540399]  __fput+0x327/0x7e0
[   60.543644]  ____fput+0x15/0x20
[   60.546890]  task_work_run+0x199/0x270
[   60.550745]  do_exit+0x9bb/0x1ad0
[   60.554166]  do_group_exit+0x149/0x400
[   60.558024]  get_signal+0x73a/0x16d0
[   60.561719]  do_signal+0x90/0x1eb0
[   60.565226]  exit_to_usermode_loop+0x258/0x2f0
[   60.569778]  syscall_return_slowpath+0x490/0x550
[   60.574502]  entry_SYSCALL_64_fastpath+0x9e/0xa0
[   60.579222] 
[   60.580820] The buggy address belongs to the object at ffff8801c6eff700
[   60.580820]  which belongs to the cache kmalloc-96 of size 96
[   60.593276] The buggy address is located 32 bytes inside of
[   60.593276]  96-byte region [ffff8801c6eff700, ffff8801c6eff760)
[   60.604941] The buggy address belongs to the page:
[   60.609837] page:ffffea00071bbfc0 count:1 mapcount:0 mapping:ffff8801c6eff000 index:0x0
[   60.617948] flags: 0x2fffc0000000100(slab)
[   60.622580] raw: 02fffc0000000100 ffff8801c6eff000 0000000000000000 0000000100000020
[   60.630430] raw: ffffea000740e9a0 ffffea000740b020 ffff8801dac004c0 0000000000000000
[   60.638285] page dumped because: kasan: bad access detected
[   60.643964] 
[   60.645562] Memory state around the buggy address:
[   60.650463]  ffff8801c6eff600: 00 00 00 00 00 00 00 00 05 fc fc fc fc fc fc fc
[   60.657791]  ffff8801c6eff680: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   60.665117] >ffff8801c6eff700: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   60.672445]                                ^
[   60.676821]  ffff8801c6eff780: 00 00 00 00 00 00 00 00 05 fc fc fc fc fc fc fc
[   60.684147]  ffff8801c6eff800: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   60.691472] ==================================================================
[   60.698797] Disabling lock debugging due to kernel taint
[   60.704215] Kernel panic - not syncing: panic_on_warn set ...
[   60.704215] 
[   60.711545] CPU: 0 PID: 10681 Comm: syz-executor1 Tainted: G    B            4.15.0-rc8-next-20180119+ #102
[   60.721398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.730724] Call Trace:
[   60.733289]  dump_stack+0x194/0x257
[   60.736896]  ? arch_local_irq_restore+0x53/0x53
[   60.741545]  ? kasan_end_report+0x32/0x50
[   60.745666]  ? lock_downgrade+0x980/0x980
[   60.749787]  ? vsnprintf+0x1ed/0x1900
[   60.753561]  ? __lock_acquire+0x3c60/0x3e00
[   60.757852]  panic+0x1e4/0x41c
[   60.761018]  ? refcount_error_report+0x214/0x214
[   60.765747]  ? add_taint+0x40/0x50
[   60.769267]  ? add_taint+0x1c/0x50
[   60.772775]  ? __lock_acquire+0x3d4d/0x3e00
[   60.777064]  kasan_end_report+0x50/0x50
[   60.781011]  kasan_report+0x148/0x360
[   60.784787]  __asan_report_load8_noabort+0x14/0x20
[   60.789686]  __lock_acquire+0x3d4d/0x3e00
[   60.793805]  ? remove_wait_queue+0x81/0x350
[   60.798098]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   60.803255]  ? lock_downgrade+0x980/0x980
[   60.807371]  ? __schedule+0x2060/0x2060
[   60.811317]  ? find_held_lock+0x35/0x1d0
[   60.815346]  ? wait_for_completion+0xe0/0x770
[   60.819809]  ? lock_downgrade+0x980/0x980
[   60.823924]  ? lock_release+0xa40/0xa40
[   60.827865]  ? usleep_range+0x190/0x190
[   60.831807]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   60.837661]  ? do_raw_spin_trylock+0x190/0x190
[   60.842212]  ? _raw_spin_unlock_irq+0x27/0x70
[   60.846676]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   60.851659]  ? trace_hardirqs_on+0xd/0x10
[   60.855774]  ? _raw_spin_unlock_irq+0x27/0x70
[   60.860236]  ? wait_for_completion+0xe0/0x770
[   60.864703]  ? wait_for_completion_interruptible+0x7e0/0x7e0
[   60.870469]  ? __lockdep_init_map+0xe4/0x650
[   60.874845]  ? llist_add_batch+0xf3/0x180
[   60.878963]  lock_acquire+0x1d5/0x580
[   60.882731]  ? lock_acquire+0x1d5/0x580
[   60.886672]  ? remove_wait_queue+0x81/0x350
[   60.890972]  ? wake_up_process+0x10/0x20
[   60.895004]  ? lock_release+0xa40/0xa40
[   60.898953]  ? vhost_work_queue+0xc0/0xc0
[   60.903068]  ? vhost_poll_stop+0x90/0x90
[   60.907101]  ? wait_for_completion+0x770/0x770
[   60.911654]  _raw_spin_lock_irqsave+0x96/0xc0
[   60.916119]  ? remove_wait_queue+0x81/0x350
[   60.920410]  remove_wait_queue+0x81/0x350
[   60.924530]  ? add_wait_queue+0x290/0x290
[   60.928649]  ? vhost_poll_flush+0x3f/0x60
[   60.932767]  ? vhost_net_flush+0x209/0x2a0
[   60.936971]  vhost_dev_stop+0x15c/0x2a0
[   60.940914]  ? vhost_net_compat_ioctl+0x30/0x30
[   60.945553]  vhost_net_release+0x6e/0x190
[   60.949671]  __fput+0x327/0x7e0
[   60.952920]  ? fput+0x140/0x140
[   60.956170]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   60.962025]  ? _raw_spin_unlock_irq+0x27/0x70
[   60.966505]  ____fput+0x15/0x20
[   60.969753]  task_work_run+0x199/0x270
[   60.973610]  ? task_work_cancel+0x210/0x210
[   60.977900]  ? _raw_spin_unlock+0x22/0x30
[   60.982023]  ? switch_task_namespaces+0x87/0xc0
[   60.986669]  do_exit+0x9bb/0x1ad0
[   60.990092]  ? mm_update_next_owner+0x930/0x930
[   60.994731]  ? debug_check_no_locks_freed+0x3c0/0x3c0
[   60.999889]  ? __might_sleep+0x95/0x190
[   61.003835]  ? find_held_lock+0x35/0x1d0
[   61.007869]  ? futex_wait+0x402/0x9a0
[   61.011641]  ? lock_downgrade+0x980/0x980
[   61.015759]  ? __unqueue_futex+0x1c0/0x290
[   61.019963]  ? lock_release+0xa40/0xa40
[   61.023904]  ? fault_in_user_writeable+0x90/0x90
[   61.028627]  ? do_raw_spin_trylock+0x190/0x190
[   61.033179]  ? futex_wake+0x680/0x680
[   61.036949]  ? mmdrop+0x18/0x30
[   61.040198]  ? check_noncircular+0x20/0x20
[   61.044401]  ? futex_wait+0x6a9/0x9a0
[   61.048171]  ? memset+0x31/0x40
[   61.051418]  ? find_held_lock+0x35/0x1d0
[   61.055453]  ? get_signal+0x7a9/0x16d0
[   61.059307]  ? lock_downgrade+0x980/0x980
[   61.063426]  do_group_exit+0x149/0x400
[   61.067282]  ? do_raw_spin_trylock+0x190/0x190
[   61.071833]  ? SyS_exit+0x30/0x30
[   61.075257]  ? _raw_spin_unlock_irq+0x27/0x70
[   61.079722]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   61.084707]  get_signal+0x73a/0x16d0
[   61.088396]  ? ptrace_notify+0x130/0x130
[   61.092425]  ? exit_robust_list+0x240/0x240
[   61.096715]  ? __sched_text_start+0x8/0x8
[   61.100835]  ? SyS_membarrier+0x600/0x600
[   61.104951]  ? check_noncircular+0x20/0x20
[   61.109153]  ? kmem_cache_alloc+0x466/0x760
[   61.113451]  ? __raw_spin_lock_init+0x1c/0x100
[   61.118004]  do_signal+0x90/0x1eb0
[   61.121519]  ? setup_sigcontext+0x7d0/0x7d0
[   61.125809]  ? schedule+0xf5/0x430
[   61.129319]  ? __schedule+0x2060/0x2060
[   61.133266]  ? exit_to_usermode_loop+0x8c/0x2f0
[   61.137904]  exit_to_usermode_loop+0x258/0x2f0
[   61.142453]  ? compat_SyS_epoll_pwait+0x4f0/0x4f0
[   61.147265]  ? trace_event_raw_event_sys_exit+0x260/0x260
[   61.152771]  syscall_return_slowpath+0x490/0x550
[   61.157499]  ? prepare_exit_to_usermode+0x340/0x340
[   61.162485]  ? entry_SYSCALL_64_fastpath+0x73/0xa0
[   61.167391]  ? trace_hardirqs_on_caller+0x421/0x5c0
[   61.172376]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   61.177103]  entry_SYSCALL_64_fastpath+0x9e/0xa0
[   61.181827] RIP: 0033:0x452ee9
[   61.184987] RSP: 002b:00007fd373eb2ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   61.192665] RAX: fffffffffffffe00 RBX: 000000000071c038 RCX: 0000000000452ee9
[   61.199904] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000071c038
[   61.207141] RBP: 000000000071c038 R08: 0000000000000000 R09: 000000000071c010
[   61.214382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   61.221621] R13: 0000000000a2f7cf R14: 00007fd373eb39c0 R15: 0000000000000004
[   61.229378] Dumping ftrace buffer:
[   61.232889]    (ftrace buffer empty)
[   61.236569] Kernel Offset: disabled
[   61.240165] Rebooting in 86400 seconds..