[....] Starting enhanced syslogd: rsyslogd[ 13.202907] audit: type=1400 audit(1516486702.786:5): avc: denied { syslog } for pid=3499 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 19.235368] audit: type=1400 audit(1516486708.819:6): avc: denied { map } for pid=3638 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.208' (ECDSA) to the list of known hosts. [ 26.337952] audit: type=1400 audit(1516486715.921:7): avc: denied { map } for pid=3652 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/01/20 22:18:36 parsed 1 programs 2018/01/20 22:18:36 executed programs: 0 [ 26.559193] audit: type=1400 audit(1516486716.142:8): avc: denied { map } for pid=3652 comm="syz-execprog" path="/root/syzkaller-shm242073507" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 26.737768] audit: type=1400 audit(1516486716.321:9): avc: denied { sys_admin } for pid=3657 comm="syz-executor3" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 26.766486] audit: type=1400 audit(1516486716.350:10): avc: denied { sys_chroot } for pid=3667 comm="syz-executor3" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 2018/01/20 22:18:41 executed programs: 480 [ 35.610278] ================================================================== [ 35.617688] BUG: KASAN: use-after-free in __lock_acquire+0x3d4d/0x3e00 [ 35.624348] Read of size 8 at addr ffff8801cd8f7820 by task syz-executor5/9079 [ 35.631961] [ 35.634015] CPU: 0 PID: 9079 Comm: syz-executor5 Not tainted 4.15.0-rc8+ #180 [ 35.641266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.650595] Call Trace: [ 35.653166] dump_stack+0x194/0x257 [ 35.656782] ? arch_local_irq_restore+0x53/0x53 [ 35.661439] ? show_regs_print_info+0x18/0x18 [ 35.666196] ? check_noncircular+0x20/0x20 [ 35.670420] ? __lock_acquire+0x3d4d/0x3e00 [ 35.674719] print_address_description+0x73/0x250 [ 35.679535] ? __lock_acquire+0x3d4d/0x3e00 [ 35.683837] kasan_report+0x25b/0x340 [ 35.687623] __asan_report_load8_noabort+0x14/0x20 [ 35.692526] __lock_acquire+0x3d4d/0x3e00 [ 35.696649] ? check_noncircular+0x20/0x20 [ 35.700858] ? remove_wait_queue+0x81/0x350 [ 35.705163] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 35.710329] ? lock_downgrade+0x980/0x980 [ 35.714454] ? __schedule+0x2060/0x2060 [ 35.718404] ? find_held_lock+0x35/0x1d0 [ 35.722530] ? wait_for_completion+0xe0/0x770 [ 35.727017] ? lock_downgrade+0x980/0x980 [ 35.731148] ? lock_release+0xa40/0xa40 [ 35.735099] ? usleep_range+0x190/0x190 [ 35.739317] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 35.745175] ? kasan_slab_free+0x71/0xc0 [ 35.749219] ? do_raw_spin_trylock+0x190/0x190 [ 35.753778] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.758248] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 35.763237] ? trace_hardirqs_on+0xd/0x10 [ 35.767367] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.771841] ? wait_for_completion+0xe0/0x770 [ 35.776315] ? wait_for_completion_interruptible+0x7e0/0x7e0 [ 35.782095] ? __lockdep_init_map+0xe4/0x650 [ 35.786476] ? llist_add_batch+0xf3/0x180 [ 35.790598] lock_acquire+0x1d5/0x580 [ 35.794370] ? lock_acquire+0x1d5/0x580 [ 35.798319] ? remove_wait_queue+0x81/0x350 [ 35.802612] ? wake_up_process+0x10/0x20 [ 35.806654] ? lock_release+0xa40/0xa40 [ 35.810602] ? vhost_work_queue+0xc0/0xc0 [ 35.814725] ? vhost_poll_stop+0x90/0x90 [ 35.818773] ? wait_for_completion+0x770/0x770 [ 35.823427] _raw_spin_lock_irqsave+0x96/0xc0 [ 35.827897] ? remove_wait_queue+0x81/0x350 [ 35.832710] remove_wait_queue+0x81/0x350 [ 35.836831] ? add_wait_queue+0x290/0x290 [ 35.840953] ? vhost_poll_flush+0x3f/0x60 [ 35.845073] ? vhost_net_flush+0x209/0x2a0 [ 35.849372] vhost_dev_stop+0x15c/0x2a0 [ 35.853936] ? vhost_net_compat_ioctl+0x30/0x30 [ 35.858579] vhost_net_release+0x6e/0x190 [ 35.864096] __fput+0x327/0x7e0 [ 35.868564] ? fput+0x140/0x140 [ 35.873300] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 35.879170] ? _raw_spin_unlock_irq+0x27/0x70 [ 35.883638] ____fput+0x15/0x20 [ 35.886891] task_work_run+0x199/0x270 [ 35.890754] ? task_work_cancel+0x210/0x210 [ 35.895050] ? _raw_spin_unlock+0x22/0x30 [ 35.899192] ? switch_task_namespaces+0x87/0xc0 [ 35.903839] do_exit+0x9bb/0x1ad0 [ 35.907268] ? find_held_lock+0x35/0x1d0 [ 35.911315] ? mm_update_next_owner+0x930/0x930 [ 35.915967] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 35.921140] ? lock_downgrade+0x980/0x980 [ 35.925268] ? __unqueue_futex+0x1c0/0x290 [ 35.929474] ? lock_release+0xa40/0xa40 [ 35.933419] ? fault_in_user_writeable+0x90/0x90 [ 35.938160] ? do_raw_spin_trylock+0x190/0x190 [ 35.942716] ? futex_wake+0x680/0x680 [ 35.946499] ? drop_futex_key_refs.isra.12+0x63/0xb0 [ 35.951671] ? futex_wait+0x6a9/0x9a0 [ 35.955457] ? check_noncircular+0x20/0x20 [ 35.959664] ? hash_futex+0x15/0x210 [ 35.963349] ? drop_futex_key_refs.isra.12+0x63/0xb0 [ 35.968430] ? futex_wake+0x2ca/0x680 [ 35.972216] ? find_held_lock+0x35/0x1d0 [ 35.976264] ? get_signal+0x7ae/0x16c0 [ 35.980132] ? lock_downgrade+0x980/0x980 [ 35.984253] do_group_exit+0x149/0x400 [ 35.988124] ? do_raw_spin_trylock+0x190/0x190 [ 35.992682] ? SyS_exit+0x30/0x30 [ 35.996105] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.000576] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 36.005574] get_signal+0x73f/0x16c0 [ 36.009276] ? ptrace_notify+0x130/0x130 [ 36.013316] ? lock_release+0xa40/0xa40 [ 36.017268] ? mutex_unlock+0xd/0x10 [ 36.022169] ? vhost_net_ioctl+0x2af/0x1910 [ 36.028117] do_signal+0x90/0x1eb0 [ 36.032850] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 36.038718] ? free_obj_work+0x690/0x690 [ 36.042750] ? __fd_install+0x288/0x740 [ 36.046699] ? rcu_note_context_switch+0x710/0x710 [ 36.051601] ? setup_sigcontext+0x7d0/0x7d0 [ 36.055902] ? __might_sleep+0x95/0x190 [ 36.059847] ? _cond_resched+0x14/0x30 [ 36.063709] ? selinux_file_ioctl+0x444/0x690 [ 36.068176] ? __fget_light+0x297/0x380 [ 36.072121] ? selinux_capable+0x40/0x40 [ 36.076166] ? putname+0xee/0x130 [ 36.079600] ? kmem_cache_free+0x267/0x2a0 [ 36.083810] ? exit_to_usermode_loop+0x8c/0x310 [ 36.088450] exit_to_usermode_loop+0x214/0x310 [ 36.093009] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 36.098538] ? compat_SyS_ioctl+0x77/0x2a30 [ 36.102844] ? do_fast_syscall_32+0x156/0xf9d [ 36.107311] do_fast_syscall_32+0xbfd/0xf9d [ 36.111605] ? do_raw_spin_trylock+0x190/0x190 [ 36.116157] ? do_int80_syscall_32+0x9d0/0x9d0 [ 36.120716] ? syscall_return_slowpath+0x2ad/0x550 [ 36.125614] ? prepare_exit_to_usermode+0x340/0x340 [ 36.131252] ? sysret32_from_system_call+0x5/0x3b [ 36.136089] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.140903] entry_SYSENTER_compat+0x54/0x63 [ 36.145281] RIP: 0023:0xf7fe8c79 [ 36.148614] RSP: 002b:00000000f7fe410c EFLAGS: 00000296 ORIG_RAX: 00000000000000f0 [ 36.156291] RAX: fffffffffffffe00 RBX: 000000000813af1c RCX: 0000000000000000 [ 36.163532] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 36.170772] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 36.178016] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 36.185260] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 36.192511] [ 36.194120] Allocated by task 9079: [ 36.197721] save_stack+0x43/0xd0 [ 36.201145] kasan_kmalloc+0xad/0xe0 [ 36.204824] kmem_cache_alloc_trace+0x136/0x750 [ 36.209462] eventfd_file_create.part.