[....] Starting enhanced syslogd: rsyslogd[   10.948915] audit: type=1400 audit(1515344765.043:5): avc:  denied  { syslog } for  pid=3311 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   15.858381] audit: type=1400 audit(1515344769.953:6): avc:  denied  { map } for  pid=3452 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.0.6' (ECDSA) to the list of known hosts.
executing program
[   22.011543] audit: type=1400 audit(1515344776.106:7): avc:  denied  { map } for  pid=3467 comm="syzkaller818418" path="/root/syzkaller818418651" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
executing program
executing program
executing program
[   22.276636] 
[   22.278281] =========================
[   22.282045] WARNING: held lock freed!
[   22.285810] 4.15.0-rc6-next-20180105+ #89 Not tainted
[   22.290982] -------------------------
[   22.294755] syzkaller818418/3477 is freeing memory 000000006db616c9-00000000ebcb334b, with a lock still held there!
[   22.305290]  (sk_lock-AF_INET6){+.+.}, at: [<00000000c691048b>] sctp_sendmsg+0x2499/0x3060
[   22.313676] 1 lock held by syzkaller818418/3477:
[   22.318394]  #0:  (sk_lock-AF_INET6){+.+.}, at: [<00000000c691048b>] sctp_sendmsg+0x2499/0x3060
[   22.327212] 
[   22.327212] stack backtrace:
[   22.331692] CPU: 0 PID: 3477 Comm: syzkaller818418 Not tainted 4.15.0-rc6-next-20180105+ #89
[   22.340242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.349562] Call Trace:
[   22.352124]  dump_stack+0x137/0x198
[   22.355721]  debug_check_no_locks_freed+0x32f/0x3c0
[   22.360713]  kmem_cache_free+0x68/0x2b0
[   22.364655]  __sk_destruct+0x3e4/0x590
[   22.368517]  sk_destruct+0x47/0x80
[   22.372021]  __sk_free+0xf1/0x2b0
[   22.375448]  sk_free+0x2a/0x40
[   22.379228]  sctp_association_put+0xd4/0x230
[   22.383607]  sctp_sendmsg+0x2719/0x3060
[   22.387552]  ? sctp_id2assoc+0x280/0x280
[   22.391590]  ? check_noncircular+0x20/0x20
[   22.395792]  ? find_held_lock+0x35/0x1e0
[   22.399829]  ? sock_has_perm+0x1ed/0x290
[   22.403857]  ? finish_wait+0x2a0/0x2a0
[   22.407719]  ? __might_fault+0x110/0x1d0
[   22.411761]  inet_sendmsg+0xe0/0x4b0
[   22.415441]  ? inet_sendmsg+0xe0/0x4b0
[   22.419305]  ? inet_recvmsg+0x520/0x520
[   22.423248]  sock_sendmsg+0xca/0x110
[   22.426932]  SYSC_sendto+0x2e0/0x360
[   22.430615]  ? SYSC_connect+0x310/0x310
[   22.434557]  ? sock_enable_timestamp+0xb0/0xb0
[   22.439107]  ? selinux_netlbl_socket_setsockopt+0x10e/0x320
[   22.444783]  ? selinux_netlbl_sock_rcv_skb+0x450/0x450
[   22.450036]  ? SyS_futex+0x1fd/0x2b0
[   22.453718]  ? do_futex+0x1830/0x1830
[   22.457487]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   22.462300]  SyS_sendto+0x40/0x50
[   22.465719]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   22.470440] RIP: 0033:0x445db9
[   22.473597] RSP: 002b:00007fcd33c57d98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   22.481288] RAX: ffffffffffffffda RBX: 00000000006dbc84 RCX: 0000000000445db9
[   22.488533] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000005
[   22.495771] RBP: 0000000000000000 R08: 00000000204d9000 R09: 000000000000001c
[   22.503009] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc80
[   22.510248] R13: 00000000209a9000 R14: 0100000000000000 R15: 0000000000000001
[   22.517573] ==================================================================
[   22.524912] BUG: KASAN: use-after-free in do_raw_spin_lock+0x1e0/0x220
[   22.531549] Read of size 4 at addr ffff8801c0b9108c by task syzkaller818418/3477
[   22.539049] 
[   22.540652] CPU: 0 PID: 3477 Comm: syzkaller818418 Not tainted 4.15.0-rc6-next-20180105+ #89
[   22.549292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.558612] Call Trace:
[   22.561169]  dump_stack+0x137/0x198
[   22.564765]  ? do_raw_spin_lock+0x1e0/0x220
[   22.569056]  print_address_description+0x73/0x250
executing program
[   22.573863]  ? do_raw_spin_lock+0x1e0/0x220
[   22.578149]  kasan_report+0x23b/0x360
[   22.581918]  __asan_report_load4_noabort+0x14/0x20
[   22.586819]  do_raw_spin_lock+0x1e0/0x220
[   22.590955]  _raw_spin_lock_bh+0x39/0x40
[   22.594992]  ? release_sock+0x20/0x1c0
[   22.598848]  release_sock+0x20/0x1c0
[   22.602559]  sctp_sendmsg+0x2721/0x3060
[   22.606513]  ? sctp_id2assoc+0x280/0x280
[   22.610549]  ? check_noncircular+0x20/0x20
[   22.614760]  ? find_held_lock+0x35/0x1e0
[   22.618790]  ? sock_has_perm+0x1ed/0x290
[   22.622836]  ? finish_wait+0x2a0/0x2a0
[   22.626698]  ? __might_fault+0x110/0x1d0
[   22.630733]  inet_sendmsg+0xe0/0x4b0
[   22.634420]  ? inet_sendmsg+0xe0/0x4b0
[   22.638274]  ? inet_recvmsg+0x520/0x520
[   22.642217]  sock_sendmsg+0xca/0x110
[   22.645897]  SYSC_sendto+0x2e0/0x360
[   22.649585]  ? SYSC_connect+0x310/0x310
[   22.653526]  ? sock_enable_timestamp+0xb0/0xb0
[   22.658083]  ? selinux_netlbl_socket_setsockopt+0x10e/0x320
[   22.663759]  ? selinux_netlbl_sock_rcv_skb+0x450/0x450
[   22.669011]  ? SyS_futex+0x1fd/0x2b0
[   22.672690]  ? do_futex+0x1830/0x1830
[   22.676457]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   22.681268]  SyS_sendto+0x40/0x50
[   22.684689]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   22.689410] RIP: 0033:0x445db9
[   22.692565] RSP: 002b:00007fcd33c57d98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   22.700247] RAX: ffffffffffffffda RBX: 00000000006dbc84 RCX: 0000000000445db9
[   22.707486] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000005
[   22.714737] RBP: 0000000000000000 R08: 00000000204d9000 R09: 000000000000001c
[   22.721984] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc80
[   22.729226] R13: 00000000209a9000 R14: 0100000000000000 R15: 0000000000000001
[   22.736490] 
[   22.738083] Allocated by task 3478:
[   22.741678]  save_stack+0x43/0xd0
[   22.745095]  kasan_kmalloc+0xad/0xe0
[   22.748776]  kasan_slab_alloc+0x12/0x20
[   22.752715]  kmem_cache_alloc+0x12e/0x760
[   22.756829]  sk_prot_alloc+0x65/0x2a0
[   22.760593]  sk_alloc+0x37/0xd60
[   22.763928]  sctp_v6_create_accept_sk+0xf5/0x830
[   22.768653]  sctp_accept+0x3ab/0x620
[   22.772331]  inet_accept+0xef/0x7f0
[   22.775921]  SYSC_accept4+0x342/0x650
[   22.779807]  SyS_accept+0x26/0x30
[   22.783225]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   22.787949] 
[   22.789547] Freed by task 3477:
[   22.792795]  save_stack+0x43/0xd0
[   22.796214]  __kasan_slab_free+0x11a/0x170
[   22.800413]  kasan_slab_free+0xe/0x10
[   22.804278]  kmem_cache_free+0x86/0x2b0
[   22.808218]  __sk_destruct+0x3e4/0x590
[   22.812069]  sk_destruct+0x47/0x80
[   22.815571]  __sk_free+0xf1/0x2b0
[   22.818990]  sk_free+0x2a/0x40
[   22.822155]  sctp_association_put+0xd4/0x230
[   22.826530]  sctp_sendmsg+0x2719/0x3060
[   22.830490]  inet_sendmsg+0xe0/0x4b0
[   22.834175]  sock_sendmsg+0xca/0x110
[   22.837854]  SYSC_sendto+0x2e0/0x360
[   22.841531]  SyS_sendto+0x40/0x50
[   22.844951]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   22.849667] 
[   22.851259] The buggy address belongs to the object at ffff8801c0b91000
[   22.851259]  which belongs to the cache SCTPv6 of size 1888
[   22.863541] The buggy address is located 140 bytes inside of
[   22.863541]  1888-byte region [ffff8801c0b91000, ffff8801c0b91760)
[   22.877639] The buggy address belongs to the page:
[   22.882543] page:ffffea000702e440 count:1 mapcount:0 mapping:ffff8801c0b91000 index:0x0
[   22.890662] flags: 0x2fffc0000000100(slab)
[   22.894867] raw: 02fffc0000000100 ffff8801c0b91000 0000000000000000 0000000100000002
[   22.902716] raw: ffffea00070190e0 ffffea000702e420 ffff8801d3729e00 0000000000000000
[   22.910559] page dumped because: kasan: bad access detected
[   22.916241] 
[   22.917833] Memory state around the buggy address:
[   22.922734]  ffff8801c0b90f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.930055]  ffff8801c0b91000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.937380] >ffff8801c0b91080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.944703]                       ^
[   22.948294]  ffff8801c0b91100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.955624]  ffff8801c0b91180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.962945] ==================================================================
[   22.970316] Kernel panic - not syncing: panic_on_warn set ...
[   22.970316] 
[   22.977660] CPU: 0 PID: 3477 Comm: syzkaller818418 Tainted: G    B            4.15.0-rc6-next-20180105+ #89
[   22.987510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.996843] Call Trace:
[   22.999408]  dump_stack+0x137/0x198
[   23.003009]  ? do_raw_spin_lock+0x170/0x220
[   23.007304]  panic+0x1e4/0x41c
[   23.010470]  ? refcount_error_report+0x214/0x214
[   23.015193]  ? add_taint+0x1c/0x50
[   23.018701]  ? add_taint+0x1c/0x50
[   23.022217]  ? do_raw_spin_lock+0x1e0/0x220
[   23.026508]  kasan_end_report+0x50/0x50
[   23.030447]  kasan_report+0x148/0x360
[   23.034226]  __asan_report_load4_noabort+0x14/0x20
[   23.039143]  do_raw_spin_lock+0x1e0/0x220
[   23.043265]  _raw_spin_lock_bh+0x39/0x40
[   23.047306]  ? release_sock+0x20/0x1c0
[   23.051167]  release_sock+0x20/0x1c0
[   23.054856]  sctp_sendmsg+0x2721/0x3060
[   23.058803]  ? sctp_id2assoc+0x280/0x280
[   23.062833]  ? check_noncircular+0x20/0x20
[   23.067042]  ? find_held_lock+0x35/0x1e0
[   23.071081]  ? sock_has_perm+0x1ed/0x290
[   23.075109]  ? finish_wait+0x2a0/0x2a0
[   23.078976]  ? __might_fault+0x110/0x1d0
[   23.083010]  inet_sendmsg+0xe0/0x4b0
[   23.086689]  ? inet_sendmsg+0xe0/0x4b0
[   23.090540]  ? inet_recvmsg+0x520/0x520
[   23.094488]  sock_sendmsg+0xca/0x110
[   23.098169]  SYSC_sendto+0x2e0/0x360
[   23.101849]  ? SYSC_connect+0x310/0x310
[   23.105790]  ? sock_enable_timestamp+0xb0/0xb0
[   23.110339]  ? selinux_netlbl_socket_setsockopt+0x10e/0x320
[   23.116025]  ? selinux_netlbl_sock_rcv_skb+0x450/0x450
[   23.121280]  ? SyS_futex+0x1fd/0x2b0
[   23.124965]  ? do_futex+0x1830/0x1830
[   23.128735]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   23.133549]  SyS_sendto+0x40/0x50
[   23.136979]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   23.141706] RIP: 0033:0x445db9
[   23.144863] RSP: 002b:00007fcd33c57d98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   23.152542] RAX: ffffffffffffffda RBX: 00000000006dbc84 RCX: 0000000000445db9
[   23.159865] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000005
[   23.167102] RBP: 0000000000000000 R08: 00000000204d9000 R09: 000000000000001c
[   23.174338] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc80
[   23.181573] R13: 00000000209a9000 R14: 0100000000000000 R15: 0000000000000001
[   23.189180] Dumping ftrace buffer:
[   23.192688]    (ftrace buffer empty)
[   23.196367] Kernel Offset: disabled
[   23.199970] Rebooting in 86400 seconds..