[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   12.622785] sshd (3022) used greatest stack depth: 15072 bytes left
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   34.384233] audit: type=1400 audit(1512812716.858:6): avc:  denied  { map } for  pid=3138 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-next-kasan-gce-4,10.128.0.31' (ECDSA) to the list of known hosts.
executing program
[   40.463874] audit: type=1400 audit(1512812722.937:7): avc:  denied  { map } for  pid=3150 comm="syzkaller945393" path="/root/syzkaller945393497" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   40.466865] ==================================================================
[   40.466881] BUG: KASAN: double-free or invalid-free in relay_open+0x6a1/0xa40
[   40.466884] 
[   40.466891] CPU: 0 PID: 3150 Comm: syzkaller945393 Not tainted 4.15.0-rc2-next-20171208+ #63
[   40.466895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.466898] Call Trace:
[   40.466907]  dump_stack+0x194/0x257
[   40.466917]  ? arch_local_irq_restore+0x53/0x53
[   40.466926]  ? show_regs_print_info+0x18/0x18
[   40.466932]  ? __lock_is_held+0xbc/0x140
[   40.466944]  ? relay_open+0x6a1/0xa40
[   40.466953]  print_address_description+0x73/0x250
[   40.466959]  ? relay_open+0x6a1/0xa40
[   40.466964]  ? relay_open+0x6a1/0xa40
[   40.466971]  kasan_report_double_free+0x55/0x80
[   40.466979]  kasan_slab_free+0xa3/0xc0
[   40.466989]  kfree+0xca/0x250
[   40.466998]  relay_open+0x6a1/0xa40
[   40.467013]  ? relay_open_buf.part.10+0x9b0/0x9b0
[   40.467025]  ? __debugfs_create_file+0x2cf/0x3d0
[   40.467037]  ? debugfs_create_file+0x57/0x70
[   40.467050]  do_blk_trace_setup+0x4a4/0xcd0
[   40.467061]  ? blk_tracer_print_line+0x40/0x40
[   40.467069]  ? __might_sleep+0x95/0x190
[   40.467081]  ? kasan_check_write+0x14/0x20
[   40.467089]  ? _copy_from_user+0x99/0x110
[   40.467099]  __blk_trace_setup+0xb6/0x140
[   40.467106]  ? do_blk_trace_setup+0xcd0/0xcd0
[   40.467120]  ? disk_name+0x98/0x100
[   40.467135]  blk_trace_ioctl+0x1d5/0x2a0
[   40.467142]  ? blk_add_trace_rq_remap+0x680/0x680
[   40.467155]  ? avc_has_extended_perms+0x7fa/0x12c0
[   40.467165]  blkdev_ioctl+0x1845/0x1e00
[   40.467173]  ? blkpg_ioctl+0xb20/0xb20
[   40.467180]  ? avc_ss_reset+0x110/0x110
[   40.467192]  ? lock_downgrade+0x980/0x980
[   40.467213]  ? down_read_trylock+0xdb/0x170
[   40.467230]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   40.467235]  ? up_read+0x1a/0x40
[   40.467243]  ? rcu_note_context_switch+0x710/0x710
[   40.467255]  block_ioctl+0xea/0x130
[   40.467263]  ? blkdev_fallocate+0x3b0/0x3b0
[   40.467270]  do_vfs_ioctl+0x1b1/0x1530
[   40.467276]  ? _cond_resched+0x14/0x30
[   40.467287]  ? ioctl_preallocate+0x2b0/0x2b0
[   40.467296]  ? selinux_capable+0x40/0x40
[   40.467305]  ? putname+0xf3/0x130
[   40.467315]  ? do_sys_open+0x320/0x6d0
[   40.467330]  ? security_file_ioctl+0x89/0xb0
[   40.467340]  SyS_ioctl+0x8f/0xc0
[   40.467351]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   40.467357] RIP: 0033:0x443e59
[   40.467361] RSP: 002b:00007ffd0e9e9a68 EFLAGS: 00000206 ORIG_RAX: 0000000000000010
[   40.467368] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443e59
[   40.467372] RDX: 0000000020f74000 RSI: 00000000c0481273 RDI: 0000000000000003
[   40.467375] RBP: 00000000006ce018 R08: 0000000000000000 R09: 0000000000000000
[   40.467379] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000401b40
[   40.467383] R13: 0000000000401bd0 R14: 0000000000000000 R15: 0000000000000000
[   40.467402] 
[   40.467405] Allocated by task 3150:
[   40.467410]  save_stack+0x43/0xd0
[   40.467415]  kasan_kmalloc+0xad/0xe0
[   40.467420]  kmem_cache_alloc_trace+0x136/0x750
[   40.467425]  relay_open+0xf2/0xa40
[   40.467429]  do_blk_trace_setup+0x4a4/0xcd0
[   40.467434]  __blk_trace_setup+0xb6/0x140
[   40.467439]  blk_trace_ioctl+0x1d5/0x2a0
[   40.467443]  blkdev_ioctl+0x1845/0x1e00
[   40.467447]  block_ioctl+0xea/0x130
[   40.467452]  do_vfs_ioctl+0x1b1/0x1530
[   40.467457]  SyS_ioctl+0x8f/0xc0
[   40.467462]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   40.467464] 
[   40.467467] Freed by task 3150:
[   40.467471]  save_stack+0x43/0xd0
[   40.467475]  kasan_slab_free+0x71/0xc0
[   40.467480]  kfree+0xca/0x250
[   40.467485]  relay_open+0x84a/0xa40
[   40.467489]  do_blk_trace_setup+0x4a4/0xcd0
[   40.467494]  __blk_trace_setup+0xb6/0x140
[   40.467498]  blk_trace_ioctl+0x1d5/0x2a0
[   40.467503]  blkdev_ioctl+0x1845/0x1e00
[   40.467507]  block_ioctl+0xea/0x130
[   40.467512]  do_vfs_ioctl+0x1b1/0x1530
[   40.467516]  SyS_ioctl+0x8f/0xc0
[   40.467521]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   40.467524] 
[   40.467528] The buggy address belongs to the object at ffff8801c4e50780
[   40.467528]  which belongs to the cache kmalloc-512 of size 512
[   40.467533] The buggy address is located 0 bytes inside of
[   40.467533]  512-byte region [ffff8801c4e50780, ffff8801c4e50980)
[   40.467535] The buggy address belongs to the page:
[   40.467541] page:00000000b61a821a count:1 mapcount:0 mapping:0000000024c1219c index:0x0
[   40.467547] flags: 0x2fffc0000000100(slab)
[   40.467555] raw: 02fffc0000000100 ffff8801c4e50000 0000000000000000 0000000100000006
[   40.467565] raw: ffffea0007137060 ffffea0007137260 ffff8801dac00940 0000000000000000
[   40.467569] page dumped because: kasan: bad access detected
[   40.467571] 
[   40.467574] Memory state around the buggy address:
[   40.467578]  ffff8801c4e50680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.467582]  ffff8801c4e50700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   40.467586] >ffff8801c4e50780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.467589]                    ^
[   40.467593]  ffff8801c4e50800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.467597]  ffff8801c4e50880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   40.467600] ==================================================================
[   40.467602] Disabling lock debugging due to kernel taint
[   40.467605] Kernel panic - not syncing: panic_on_warn set ...
[   40.467605] 
[   40.467609] CPU: 0 PID: 3150 Comm: syzkaller945393 Tainted: G    B            4.15.0-rc2-next-20171208+ #63
[   40.467611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.467612] Call Trace:
[   40.467616]  dump_stack+0x194/0x257
[   40.467623]  ? arch_local_irq_restore+0x53/0x53
[   40.467628]  ? vprintk_default+0x28/0x30
[   40.467633]  ? vsnprintf+0x1ed/0x1900
[   40.467641]  panic+0x1e4/0x41c
[   40.467645]  ? refcount_error_report+0x214/0x214
[   40.467652]  ? add_taint+0x40/0x50
[   40.467655]  ? add_taint+0x1c/0x50
[   40.467660]  ? relay_open+0x6a1/0xa40
[   40.467664]  ? relay_open+0x6a1/0xa40
[   40.467668]  kasan_end_report+0x50/0x50
[   40.467672]  kasan_report_double_free+0x72/0x80
[   40.467677]  kasan_slab_free+0xa3/0xc0
[   40.467682]  kfree+0xca/0x250
[   40.467688]  relay_open+0x6a1/0xa40
[   40.467695]  ? relay_open_buf.part.10+0x9b0/0x9b0
[   40.467700]  ? __debugfs_create_file+0x2cf/0x3d0
[   40.467707]  ? debugfs_create_file+0x57/0x70
[   40.467713]  do_blk_trace_setup+0x4a4/0xcd0
[   40.467720]  ? blk_tracer_print_line+0x40/0x40
[   40.467724]  ? __might_sleep+0x95/0x190
[   40.467731]  ? kasan_check_write+0x14/0x20
[   40.467734]  ? _copy_from_user+0x99/0x110
[   40.467741]  __blk_trace_setup+0xb6/0x140
[   40.467746]  ? do_blk_trace_setup+0xcd0/0xcd0
[   40.467753]  ? disk_name+0x98/0x100
[   40.467761]  blk_trace_ioctl+0x1d5/0x2a0
[   40.467766]  ? blk_add_trace_rq_remap+0x680/0x680
[   40.467772]  ? avc_has_extended_perms+0x7fa/0x12c0
[   40.467778]  blkdev_ioctl+0x1845/0x1e00
[   40.467783]  ? blkpg_ioctl+0xb20/0xb20
[   40.467787]  ? avc_ss_reset+0x110/0x110
[   40.467794]  ? lock_downgrade+0x980/0x980
[   40.467805]  ? down_read_trylock+0xdb/0x170
[   40.467815]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   40.467818]  ? up_read+0x1a/0x40
[   40.467823]  ? rcu_note_context_switch+0x710/0x710
[   40.467828]  block_ioctl+0xea/0x130
[   40.467833]  ? blkdev_fallocate+0x3b0/0x3b0
[   40.467837]  do_vfs_ioctl+0x1b1/0x1530
[   40.467840]  ? _cond_resched+0x14/0x30
[   40.467846]  ? ioctl_preallocate+0x2b0/0x2b0
[   40.467851]  ? selinux_capable+0x40/0x40
[   40.467856]  ? putname+0xf3/0x130
[   40.467862]  ? do_sys_open+0x320/0x6d0
[   40.467870]  ? security_file_ioctl+0x89/0xb0
[   40.467877]  SyS_ioctl+0x8f/0xc0
[   40.467883]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   40.467886] RIP: 0033:0x443e59
[   40.467888] RSP: 002b:00007ffd0e9e9a68 EFLAGS: 00000206 ORIG_RAX: 0000000000000010
[   40.467891] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443e59
[   40.467893] RDX: 0000000020f74000 RSI: 00000000c0481273 RDI: 0000000000000003
[   40.467895] RBP: 00000000006ce018 R08: 0000000000000000 R09: 0000000000000000
[   40.467898] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000401b40
[   40.467900] R13: 0000000000401bd0 R14: 0000000000000000 R15: 0000000000000000
[   40.489753] Dumping ftrace buffer:
[   40.489758]    (ftrace buffer empty)
[   40.489759] Kernel Offset: disabled
[   41.269385] Rebooting in 86400 seconds..