[....] Starting enhanced syslogd: rsyslogd[   10.058710] audit: type=1400 audit(1515343884.271:5): avc:  denied  { syslog } for  pid=3312 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   12.451966] audit: type=1400 audit(1515343886.664:6): avc:  denied  { map } for  pid=3451 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.206' (ECDSA) to the list of known hosts.
executing program
[   18.514087] audit: type=1400 audit(1515343892.726:7): avc:  denied  { map } for  pid=3465 comm="syzkaller114469" path="/root/syzkaller114469130" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
executing program
executing program
[   18.701547] 
[   18.703207] =========================
[   18.706970] WARNING: held lock freed!
[   18.710735] 4.15.0-rc6-next-20180105+ #89 Not tainted
[   18.715889] -------------------------
[   18.719660] syzkaller114469/3470 is freeing memory 00000000da2ea38f-0000000088aaf8fb, with a lock still held there!
[   18.730193]  (sk_lock-AF_INET6){+.+.}, at: [<00000000e6623559>] sctp_sendmsg+0x2499/0x3060
[   18.738573] 1 lock held by syzkaller114469/3470:
[   18.743289]  #0:  (sk_lock-AF_INET6){+.+.}, at: [<00000000e6623559>] sctp_sendmsg+0x2499/0x3060
[   18.752101] 
[   18.752101] stack backtrace:
[   18.756564] CPU: 0 PID: 3470 Comm: syzkaller114469 Not tainted 4.15.0-rc6-next-20180105+ #89
[   18.765101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   18.774421] Call Trace:
[   18.776978]  dump_stack+0x137/0x198
[   18.780579]  debug_check_no_locks_freed+0x32f/0x3c0
[   18.785565]  kmem_cache_free+0x68/0x2b0
[   18.789512]  __sk_destruct+0x3e4/0x590
[   18.793366]  sk_destruct+0x47/0x80
[   18.796870]  __sk_free+0xf1/0x2b0
[   18.800289]  sk_free+0x2a/0x40
[   18.803455]  sctp_association_put+0xd4/0x230
[   18.807829]  sctp_sendmsg+0x2719/0x3060
[   18.811776]  ? sctp_id2assoc+0x280/0x280
[   18.815806]  ? check_noncircular+0x20/0x20
[   18.820009]  ? find_held_lock+0x35/0x1e0
[   18.824041]  ? sock_has_perm+0x1ed/0x290
[   18.828078]  ? finish_wait+0x2a0/0x2a0
[   18.831936]  ? __might_fault+0x110/0x1d0
[   18.835971]  inet_sendmsg+0xe0/0x4b0
[   18.839649]  ? inet_sendmsg+0xe0/0x4b0
[   18.843505]  ? inet_recvmsg+0x520/0x520
[   18.847447]  sock_sendmsg+0xca/0x110
[   18.851128]  SYSC_sendto+0x2e0/0x360
[   18.854810]  ? SYSC_connect+0x310/0x310
[   18.858755]  ? sock_enable_timestamp+0xb0/0xb0
[   18.863308]  ? selinux_netlbl_socket_setsockopt+0x10e/0x320
[   18.868985]  ? selinux_netlbl_sock_rcv_skb+0x450/0x450
[   18.874813]  ? SyS_futex+0x1fd/0x2b0
[   18.878507]  ? do_futex+0x1830/0x1830
[   18.882275]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   18.887089]  SyS_sendto+0x40/0x50
[   18.890515]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   18.895237] RIP: 0033:0x445db9
[   18.898395] RSP: 002b:00007f1c2a0ffd98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   18.906071] RAX: ffffffffffffffda RBX: 00000000006dbc6c RCX: 0000000000445db9
[   18.913307] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000004
[   18.920544] RBP: 0000000000000000 R08: 00000000204d9000 R09: 000000000000001c
[   18.927783] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc68
[   18.935019] R13: 00000000209a9000 R14: 0100000000000000 R15: 0000000000000001
[   18.942341] ==================================================================
[   18.949682] BUG: KASAN: use-after-free in do_raw_spin_lock+0x1e0/0x220
[   18.956313] Read of size 4 at addr ffff8801c0d4988c by task syzkaller114469/3470
[   18.963812] 
[   18.965407] CPU: 0 PID: 3470 Comm: syzkaller114469 Not tainted 4.15.0-rc6-next-20180105+ #89
[   18.973951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   18.983269] Call Trace:
[   18.985824]  dump_stack+0x137/0x198
[   18.989420]  ? do_raw_spin_lock+0x1e0/0x220
[   18.993710]  print_address_description+0x73/0x250
[   18.998516]  ? do_raw_spin_lock+0x1e0/0x220
executing program
[   19.002801]  kasan_report+0x23b/0x360
[   19.006568]  __asan_report_load4_noabort+0x14/0x20
[   19.011464]  do_raw_spin_lock+0x1e0/0x220
[   19.015584]  _raw_spin_lock_bh+0x39/0x40
[   19.019612]  ? release_sock+0x20/0x1c0
[   19.023471]  release_sock+0x20/0x1c0
[   19.027154]  sctp_sendmsg+0x2721/0x3060
[   19.031109]  ? sctp_id2assoc+0x280/0x280
[   19.035139]  ? check_noncircular+0x20/0x20
[   19.039341]  ? find_held_lock+0x35/0x1e0
[   19.043373]  ? sock_has_perm+0x1ed/0x290
[   19.047402]  ? finish_wait+0x2a0/0x2a0
[   19.051256]  ? __might_fault+0x110/0x1d0
[   19.055294]  inet_sendmsg+0xe0/0x4b0
[   19.058974]  ? inet_sendmsg+0xe0/0x4b0
[   19.062829]  ? inet_recvmsg+0x520/0x520
[   19.066770]  sock_sendmsg+0xca/0x110
[   19.070452]  SYSC_sendto+0x2e0/0x360
[   19.074131]  ? SYSC_connect+0x310/0x310
[   19.078075]  ? sock_enable_timestamp+0xb0/0xb0
[   19.082626]  ? selinux_netlbl_socket_setsockopt+0x10e/0x320
[   19.088309]  ? selinux_netlbl_sock_rcv_skb+0x450/0x450
[   19.093565]  ? SyS_futex+0x1fd/0x2b0
[   19.097250]  ? do_futex+0x1830/0x1830
[   19.101020]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   19.105831]  SyS_sendto+0x40/0x50
[   19.109254]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   19.113973] RIP: 0033:0x445db9
[   19.117131] RSP: 002b:00007f1c2a0ffd98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   19.124808] RAX: ffffffffffffffda RBX: 00000000006dbc6c RCX: 0000000000445db9
[   19.132048] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000004
[   19.139285] RBP: 0000000000000000 R08: 00000000204d9000 R09: 000000000000001c
[   19.146520] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc68
[   19.153754] R13: 00000000209a9000 R14: 0100000000000000 R15: 0000000000000001
[   19.160997] 
[   19.162596] Allocated by task 3475:
[   19.166196]  save_stack+0x43/0xd0
[   19.169613]  kasan_kmalloc+0xad/0xe0
[   19.173293]  kasan_slab_alloc+0x12/0x20
[   19.177235]  kmem_cache_alloc+0x12e/0x760
[   19.181351]  sk_prot_alloc+0x65/0x2a0
[   19.185116]  sk_alloc+0x37/0xd60
[   19.188449]  sctp_v6_create_accept_sk+0xf5/0x830
[   19.193171]  sctp_accept+0x3ab/0x620
[   19.196851]  inet_accept+0xef/0x7f0
[   19.200441]  SYSC_accept4+0x342/0x650
[   19.204206]  SyS_accept+0x26/0x30
[   19.207627]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   19.212349] 
[   19.213947] Freed by task 3470:
[   19.217192]  save_stack+0x43/0xd0
[   19.220613]  __kasan_slab_free+0x11a/0x170
[   19.224814]  kasan_slab_free+0xe/0x10
[   19.228578]  kmem_cache_free+0x86/0x2b0
[   19.232517]  __sk_destruct+0x3e4/0x590
[   19.236367]  sk_destruct+0x47/0x80
[   19.239872]  __sk_free+0xf1/0x2b0
[   19.243289]  sk_free+0x2a/0x40
[   19.246450]  sctp_association_put+0xd4/0x230
[   19.250826]  sctp_sendmsg+0x2719/0x3060
[   19.254768]  inet_sendmsg+0xe0/0x4b0
[   19.258446]  sock_sendmsg+0xca/0x110
[   19.262126]  SYSC_sendto+0x2e0/0x360
[   19.265805]  SyS_sendto+0x40/0x50
[   19.269223]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   19.273938] 
[   19.275534] The buggy address belongs to the object at ffff8801c0d49800
[   19.275534]  which belongs to the cache SCTPv6 of size 1888
[   19.287807] The buggy address is located 140 bytes inside of
[   19.287807]  1888-byte region [ffff8801c0d49800, ffff8801c0d49f60)
[   19.299730] The buggy address belongs to the page:
[   19.304623] page:ffffea0007035240 count:1 mapcount:0 mapping:ffff8801c0d49000 index:0x0
[   19.312733] flags: 0x2fffc0000000100(slab)
[   19.316935] raw: 02fffc0000000100 ffff8801c0d49000 0000000000000000 0000000100000002
[   19.324796] raw: ffffea0007039e20 ffffea000757a020 ffff8801d3581200 0000000000000000
[   19.332639] page dumped because: kasan: bad access detected
[   19.338311] 
[   19.339903] Memory state around the buggy address:
[   19.344798]  ffff8801c0d49780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.352126]  ffff8801c0d49800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.359450] >ffff8801c0d49880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.366780]                       ^
[   19.370370]  ffff8801c0d49900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.377696]  ffff8801c0d49980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.385020] ==================================================================
[   19.392386] Kernel panic - not syncing: panic_on_warn set ...
[   19.392386] 
[   19.399735] CPU: 0 PID: 3470 Comm: syzkaller114469 Tainted: G    B            4.15.0-rc6-next-20180105+ #89
[   19.409590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   19.418911] Call Trace:
[   19.421472]  dump_stack+0x137/0x198
[   19.425068]  ? do_raw_spin_lock+0x170/0x220
[   19.429356]  panic+0x1e4/0x41c
[   19.432514]  ? refcount_error_report+0x214/0x214
[   19.437233]  ? add_taint+0x1c/0x50
[   19.440742]  ? add_taint+0x1c/0x50
[   19.444257]  ? do_raw_spin_lock+0x1e0/0x220
[   19.448544]  kasan_end_report+0x50/0x50
[   19.452490]  kasan_report+0x148/0x360
[   19.456275]  __asan_report_load4_noabort+0x14/0x20
[   19.461170]  do_raw_spin_lock+0x1e0/0x220
[   19.465302]  _raw_spin_lock_bh+0x39/0x40
[   19.469336]  ? release_sock+0x20/0x1c0
[   19.473197]  release_sock+0x20/0x1c0
[   19.476886]  sctp_sendmsg+0x2721/0x3060
[   19.480841]  ? sctp_id2assoc+0x280/0x280
[   19.484872]  ? check_noncircular+0x20/0x20
[   19.489074]  ? find_held_lock+0x35/0x1e0
[   19.493116]  ? sock_has_perm+0x1ed/0x290
[   19.497145]  ? finish_wait+0x2a0/0x2a0
[   19.501000]  ? __might_fault+0x110/0x1d0
[   19.505038]  inet_sendmsg+0xe0/0x4b0
[   19.508718]  ? inet_sendmsg+0xe0/0x4b0
[   19.512571]  ? inet_recvmsg+0x520/0x520
[   19.516513]  sock_sendmsg+0xca/0x110
[   19.520193]  SYSC_sendto+0x2e0/0x360
[   19.523873]  ? SYSC_connect+0x310/0x310
[   19.527817]  ? sock_enable_timestamp+0xb0/0xb0
[   19.532366]  ? selinux_netlbl_socket_setsockopt+0x10e/0x320
[   19.538043]  ? selinux_netlbl_sock_rcv_skb+0x450/0x450
[   19.543295]  ? SyS_futex+0x1fd/0x2b0
[   19.546980]  ? do_futex+0x1830/0x1830
[   19.550749]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   19.555564]  SyS_sendto+0x40/0x50
[   19.558984]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   19.563703] RIP: 0033:0x445db9
[   19.566860] RSP: 002b:00007f1c2a0ffd98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   19.574531] RAX: ffffffffffffffda RBX: 00000000006dbc6c RCX: 0000000000445db9
[   19.581767] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000004
[   19.589003] RBP: 0000000000000000 R08: 00000000204d9000 R09: 000000000000001c
[   19.596259] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc68
[   19.603497] R13: 00000000209a9000 R14: 0100000000000000 R15: 0000000000000001
[   19.611167] Dumping ftrace buffer:
[   19.614678]    (ftrace buffer empty)
[   19.618351] Kernel Offset: disabled
[   19.621940] Rebooting in 86400 seconds..