[   13.287734] audit: type=1400 audit(1513026486.634:5): avc:  denied  { syslog } for  pid=2994 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   20.087309] audit: type=1400 audit(1513026493.434:6): avc:  denied  { map } for  pid=3136 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added 'ci-upstream-mmots-kasan-gce-3,10.128.0.35' (ECDSA) to the list of known hosts.
executing program
[   27.385547] audit: type=1400 audit(1513026500.732:7): avc:  denied  { map } for  pid=3151 comm="syzkaller114050" path="/root/syzkaller114050761" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   27.389717] ==================================================================
[   27.389739] BUG: KASAN: double-free or invalid-free in relay_open+0x6a1/0xa40
[   27.389743] 
[   27.389754] CPU: 1 PID: 3151 Comm: syzkaller114050 Not tainted 4.15.0-rc2-mm1+ #39
[   27.389760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.389764] Call Trace:
[   27.389777]  dump_stack+0x194/0x257
[   27.389792]  ? arch_local_irq_restore+0x53/0x53
[   27.389804]  ? show_regs_print_info+0x18/0x18
[   27.389813]  ? __lock_is_held+0xbc/0x140
[   27.389832]  ? relay_open+0x6a1/0xa40
[   27.389845]  print_address_description+0x73/0x250
[   27.389855]  ? relay_open+0x6a1/0xa40
[   27.389864]  ? relay_open+0x6a1/0xa40
[   27.389875]  kasan_report_double_free+0x55/0x80
[   27.389888]  kasan_slab_free+0xa3/0xc0
[   27.389902]  kfree+0xca/0x250
[   27.389916]  relay_open+0x6a1/0xa40
[   27.389935]  ? relay_open_buf.part.10+0x9b0/0x9b0
[   27.389952]  ? __debugfs_create_file+0x2cf/0x3d0
[   27.389971]  ? debugfs_create_file+0x57/0x70
[   27.389988]  do_blk_trace_setup+0x4a4/0xcd0
[   27.390010]  ? blk_tracer_print_line+0x40/0x40
[   27.390022]  ? __might_sleep+0x95/0x190
[   27.390042]  ? kasan_check_write+0x14/0x20
[   27.390052]  ? _copy_from_user+0x99/0x110
[   27.390068]  __blk_trace_setup+0xb6/0x140
[   27.390080]  ? do_blk_trace_setup+0xcd0/0xcd0
[   27.390101]  ? disk_name+0x98/0x100
[   27.390125]  blk_trace_ioctl+0x1d5/0x2a0
[   27.390137]  ? blk_add_trace_rq_remap+0x680/0x680
[   27.390157]  ? avc_has_extended_perms+0x7fa/0x12c0
[   27.390174]  blkdev_ioctl+0x1845/0x1e00
[   27.390195]  ? blkpg_ioctl+0xb20/0xb20
[   27.390215]  ? avc_ss_reset+0x110/0x110
[   27.390235]  ? lock_downgrade+0x980/0x980
[   27.390270]  ? down_read_trylock+0xdb/0x170
[   27.390297]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   27.390306]  ? up_read+0x1a/0x40
[   27.390320]  ? rcu_note_context_switch+0x710/0x710
[   27.390337]  block_ioctl+0xea/0x130
[   27.390350]  ? blkdev_fallocate+0x3b0/0x3b0
[   27.390361]  do_vfs_ioctl+0x1b1/0x1530
[   27.390369]  ? _cond_resched+0x14/0x30
[   27.390388]  ? ioctl_preallocate+0x2b0/0x2b0
[   27.390403]  ? selinux_capable+0x40/0x40
[   27.390418]  ? putname+0xf3/0x130
[   27.390434]  ? do_sys_open+0x320/0x6d0
[   27.390459]  ? security_file_ioctl+0x89/0xb0
[   27.390481]  SyS_ioctl+0x8f/0xc0
[   27.390499]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   27.390507] RIP: 0033:0x443e59
[   27.390513] RSP: 002b:00007ffc1867fa18 EFLAGS: 00000206 ORIG_RAX: 0000000000000010
[   27.390525] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443e59
[   27.390532] RDX: 0000000020f74000 RSI: 00000000c0481273 RDI: 0000000000000003
[   27.390538] RBP: 00000000006ce018 R08: 0000000000000000 R09: 0000000000000000
[   27.390544] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000401b40
[   27.390550] R13: 0000000000401bd0 R14: 0000000000000000 R15: 0000000000000000
[   27.390582] 
[   27.390587] Allocated by task 3151:
[   27.390595]  save_stack+0x43/0xd0
[   27.390602]  kasan_kmalloc+0xad/0xe0
[   27.390610]  kmem_cache_alloc_trace+0x136/0x750
[   27.390618]  relay_open+0xf2/0xa40
[   27.390626]  do_blk_trace_setup+0x4a4/0xcd0
[   27.390634]  __blk_trace_setup+0xb6/0x140
[   27.390641]  blk_trace_ioctl+0x1d5/0x2a0
[   27.390649]  blkdev_ioctl+0x1845/0x1e00
[   27.390656]  block_ioctl+0xea/0x130
[   27.390664]  do_vfs_ioctl+0x1b1/0x1530
[   27.390671]  SyS_ioctl+0x8f/0xc0
[   27.390680]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   27.390683] 
[   27.390688] Freed by task 3151:
[   27.390695]  save_stack+0x43/0xd0
[   27.390703]  kasan_slab_free+0x71/0xc0
[   27.390710]  kfree+0xca/0x250
[   27.390718]  relay_open+0x84a/0xa40
[   27.390726]  do_blk_trace_setup+0x4a4/0xcd0
[   27.390733]  __blk_trace_setup+0xb6/0x140
[   27.390741]  blk_trace_ioctl+0x1d5/0x2a0
[   27.390748]  blkdev_ioctl+0x1845/0x1e00
[   27.390755]  block_ioctl+0xea/0x130
[   27.390763]  do_vfs_ioctl+0x1b1/0x1530
[   27.390771]  SyS_ioctl+0x8f/0xc0
[   27.390779]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   27.390783] 
[   27.390790] The buggy address belongs to the object at ffff8801c4f2a040
[   27.390790]  which belongs to the cache kmalloc-512 of size 512
[   27.390798] The buggy address is located 0 bytes inside of
[   27.390798]  512-byte region [ffff8801c4f2a040, ffff8801c4f2a240)
[   27.390802] The buggy address belongs to the page:
[   27.390810] page:0000000078ec155a count:1 mapcount:0 mapping:00000000d735657c index:0x0
[   27.390821] flags: 0x2fffc0000000100(slab)
[   27.390832] raw: 02fffc0000000100 ffff8801c4f2a040 0000000000000000 0000000100000006
[   27.390842] raw: ffffea000716f860 ffffea000713cc20 ffff8801dac00940 0000000000000000
[   27.390847] page dumped because: kasan: bad access detected
[   27.390851] 
[   27.390855] Memory state around the buggy address:
[   27.390863]  ffff8801c4f29f00: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   27.390869]  ffff8801c4f29f80: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.390877] >ffff8801c4f2a000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   27.390881]                                            ^
[   27.390888]  ffff8801c4f2a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.390895]  ffff8801c4f2a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.390900] ==================================================================
[   27.390903] Disabling lock debugging due to kernel taint
[   27.390906] Kernel panic - not syncing: panic_on_warn set ...
[   27.390906] 
[   27.390912] CPU: 1 PID: 3151 Comm: syzkaller114050 Tainted: G    B            4.15.0-rc2-mm1+ #39
[   27.390916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   27.390917] Call Trace:
[   27.390924]  dump_stack+0x194/0x257
[   27.390933]  ? arch_local_irq_restore+0x53/0x53
[   27.390941]  ? vprintk_default+0x28/0x30
[   27.390948]  ? vsnprintf+0x1ed/0x1900
[   27.390957]  panic+0x1e4/0x41c
[   27.390964]  ? refcount_error_report+0x214/0x214
[   27.390973]  ? add_taint+0x40/0x50
[   27.390979]  ? add_taint+0x1c/0x50
[   27.390987]  ? relay_open+0x6a1/0xa40
[   27.390993]  ? relay_open+0x6a1/0xa40
[   27.390999]  kasan_end_report+0x50/0x50
[   27.391006]  kasan_report_double_free+0x72/0x80
[   27.391013]  kasan_slab_free+0xa3/0xc0
[   27.391021]  kfree+0xca/0x250
[   27.391030]  relay_open+0x6a1/0xa40
[   27.391041]  ? relay_open_buf.part.10+0x9b0/0x9b0
[   27.391050]  ? __debugfs_create_file+0x2cf/0x3d0
[   27.391061]  ? debugfs_create_file+0x57/0x70
[   27.391071]  do_blk_trace_setup+0x4a4/0xcd0
[   27.391081]  ? blk_tracer_print_line+0x40/0x40
[   27.391088]  ? __might_sleep+0x95/0x190
[   27.391099]  ? kasan_check_write+0x14/0x20
[   27.391104]  ? _copy_from_user+0x99/0x110
[   27.391113]  __blk_trace_setup+0xb6/0x140
[   27.391121]  ? do_blk_trace_setup+0xcd0/0xcd0
[   27.391132]  ? disk_name+0x98/0x100
[   27.391145]  blk_trace_ioctl+0x1d5/0x2a0
[   27.391153]  ? blk_add_trace_rq_remap+0x680/0x680
[   27.391163]  ? avc_has_extended_perms+0x7fa/0x12c0
[   27.391172]  blkdev_ioctl+0x1845/0x1e00
[   27.391180]  ? blkpg_ioctl+0xb20/0xb20
[   27.391187]  ? avc_ss_reset+0x110/0x110
[   27.391198]  ? lock_downgrade+0x980/0x980
[   27.391215]  ? down_read_trylock+0xdb/0x170
[   27.391230]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   27.391235]  ? up_read+0x1a/0x40
[   27.391243]  ? rcu_note_context_switch+0x710/0x710
[   27.391251]  block_ioctl+0xea/0x130
[   27.391259]  ? blkdev_fallocate+0x3b0/0x3b0
[   27.391265]  do_vfs_ioctl+0x1b1/0x1530
[   27.391270]  ? _cond_resched+0x14/0x30
[   27.391281]  ? ioctl_preallocate+0x2b0/0x2b0
[   27.391290]  ? selinux_capable+0x40/0x40
[   27.391298]  ? putname+0xf3/0x130
[   27.391306]  ? do_sys_open+0x320/0x6d0
[   27.391320]  ? security_file_ioctl+0x89/0xb0
[   27.391330]  SyS_ioctl+0x8f/0xc0
[   27.391340]  entry_SYSCALL_64_fastpath+0x1f/0x96
[   27.391344] RIP: 0033:0x443e59
[   27.391347] RSP: 002b:00007ffc1867fa18 EFLAGS: 00000206 ORIG_RAX: 0000000000000010
[   27.391353] RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443e59
[   27.391357] RDX: 0000000020f74000 RSI: 00000000c0481273 RDI: 0000000000000003
[   27.391360] RBP: 00000000006ce018 R08: 0000000000000000 R09: 0000000000000000
[   27.391364] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000401b40
[   27.391367] R13: 0000000000401bd0 R14: 0000000000000000 R15: 0000000000000000
[   27.411860] Dumping ftrace buffer:
[   27.411864]    (ftrace buffer empty)
[   27.411867] Kernel Offset: disabled
[   28.192333] Rebooting in 86400 seconds..