[....] Starting enhanced syslogd: rsyslogd[   12.866046] audit: type=1400 audit(1515650708.928:5): avc:  denied  { syslog } for  pid=3340 comm="rsyslogd" capability=34  scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   18.497870] audit: type=1400 audit(1515650714.560:6): avc:  denied  { map } for  pid=3481 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Warning: Permanently added '10.128.15.232' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz0.accept_dad = 0
net.ipv6.conf.syz0.router_solicitations = 0
[   24.744355] audit: type=1400 audit(1515650720.806:7): avc:  denied  { map } for  pid=3496 comm="syzkaller563049" path="/root/syzkaller563049990" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
executing program
[   24.870985] audit: type=1400 audit(1515650720.932:8): avc:  denied  { sys_admin } for  pid=3496 comm="syzkaller563049" capability=21  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   24.897696] audit: type=1400 audit(1515650720.960:9): avc:  denied  { sys_chroot } for  pid=3520 comm="syzkaller563049" capability=18  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
[   24.978622] 
[   24.980272] =========================
[   24.984038] WARNING: held lock freed!
[   24.987807] 4.15.0-rc7+ #182 Not tainted
[   24.991843] -------------------------
[   24.995623] syzkaller563049/3523 is freeing memory 000000005639d4c9-0000000009bb4d97, with a lock still held there!
[   25.006158]  (sk_lock-AF_INET6){+.+.}, at: [<00000000c0efb952>] sctp_wait_for_sndbuf+0x509/0x8d0
[   25.015078] 1 lock held by syzkaller563049/3523:
[   25.019797]  #0:  (sk_lock-AF_INET6){+.+.}, at: [<00000000c0efb952>] sctp_wait_for_sndbuf+0x509/0x8d0
[   25.029129] 
[   25.029129] stack backtrace:
[   25.033604] CPU: 0 PID: 3523 Comm: syzkaller563049 Not tainted 4.15.0-rc7+ #182
[   25.041016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.050345] Call Trace:
[   25.052911]  dump_stack+0x194/0x257
[   25.056505]  ? arch_local_irq_restore+0x53/0x53
[   25.061149]  debug_check_no_locks_freed+0x32f/0x3c0
[   25.066139]  kmem_cache_free+0x68/0x2a0
[   25.070082]  __sk_destruct+0x622/0x910
[   25.074493]  ? save_stack+0x43/0xd0
[   25.078093]  ? sock_rfree+0x160/0x160
[   25.081859]  ? sctp_sendmsg+0x28f7/0x33f0
[   25.085977]  ? sock_sendmsg+0xca/0x110
[   25.089830]  ? SYSC_sendto+0x361/0x5c0
[   25.093702]  ? SyS_sendto+0x40/0x50
[   25.097297]  ? entry_SYSCALL_64_fastpath+0x23/0x9a
[   25.102202]  ? check_noncircular+0x20/0x20
[   25.106407]  ? print_irqtrace_events+0x270/0x270
[   25.111137]  ? __local_bh_enable_ip+0x121/0x230
[   25.115783]  ? sctp_put_port+0x495/0x640
[   25.119822]  ? sctp_poll+0xc00/0xc00
[   25.123510]  ? refcount_sub_and_test+0x115/0x1b0
[   25.128232]  ? refcount_inc+0x50/0x50
[   25.131997]  ? refcount_inc+0x50/0x50
[   25.135765]  sk_destruct+0x47/0x80
[   25.139283]  __sk_free+0xf1/0x2b0
[   25.142711]  sk_free+0x2a/0x40
[   25.145875]  sctp_association_put+0x14c/0x2f0
[   25.150338]  ? sctp_association_hold+0x20/0x20
[   25.154890]  ? lock_sock_nested+0x91/0x110
[   25.159099]  ? trace_hardirqs_on+0xd/0x10
[   25.163217]  ? __local_bh_enable_ip+0x121/0x230
[   25.167856]  sctp_wait_for_sndbuf+0x673/0x8d0
[   25.172327]  ? sctp_init_sock+0x13b0/0x13b0
[   25.176616]  ? do_raw_spin_trylock+0x190/0x190
[   25.181169]  ? __local_bh_enable_ip+0x121/0x230
[   25.185804]  ? sctp_prsctp_prune+0x97/0x790
[   25.190110]  ? prepare_to_wait+0x4d0/0x4d0
[   25.194323]  ? trace_hardirqs_on+0xd/0x10
[   25.198461]  sctp_sendmsg+0x28f7/0x33f0
[   25.202409]  ? sctp_id2assoc+0x390/0x390
[   25.206446]  ? avc_has_perm+0x43e/0x680
[   25.210399]  ? avc_has_perm_noaudit+0x520/0x520
[   25.215038]  ? __fget+0x35c/0x570
[   25.218461]  ? iterate_fd+0x3f0/0x3f0
[   25.222234]  ? find_held_lock+0x35/0x1d0
[   25.226283]  ? sock_has_perm+0x2a4/0x420
[   25.230323]  ? lock_release+0x9a2/0xa40
[   25.234268]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   25.240120]  ? __check_object_size+0x25d/0x4f0
[   25.244675]  inet_sendmsg+0x11f/0x5e0
[   25.248452]  ? inet_sendmsg+0x11f/0x5e0
[   25.252396]  ? __might_sleep+0x95/0x190
[   25.256339]  ? inet_create+0xf50/0xf50
[   25.260206]  ? selinux_socket_sendmsg+0x36/0x40
[   25.264842]  ? security_socket_sendmsg+0x89/0xb0
[   25.269564]  ? inet_create+0xf50/0xf50
[   25.273423]  sock_sendmsg+0xca/0x110
[   25.277115]  SYSC_sendto+0x361/0x5c0
[   25.280794]  ? SYSC_connect+0x4a0/0x4a0
[   25.284734]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   25.290064]  ? __do_page_fault+0x3d6/0xc90
[   25.294271]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   25.299528]  ? SyS_futex+0x269/0x390
[   25.303210]  ? SyS_setsockopt+0x215/0x360
[   25.307327]  ? do_futex+0x22a0/0x22a0
[   25.311096]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   25.315908]  SyS_sendto+0x40/0x50
[   25.319330]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   25.324052] RIP: 0033:0x44b8b9
[   25.327208] RSP: 002b:00007f9a904e3cd8 EFLAGS: 00000216 ORIG_RAX: 000000000000002c
[   25.334882] RAX: ffffffffffffffda RBX: 00000000006f0054 RCX: 000000000044b8b9
[   25.342131] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000004
[   25.349367] RBP: 00000000006f0050 R08: 00000000204d9000 R09: 000000000000001c
[   25.356607] R10: 0000000000000000 R11: 0000000000000216 R12: 0000000000000000
[   25.363845] R13: 00000000007ffe7f R14: 00007f9a904e49c0 R15: 0000000000002710
[   25.371342] ==================================================================
[   25.378694] BUG: KASAN: use-after-free in do_raw_spin_lock+0x1e0/0x220
[   25.385329] Read of size 4 at addr ffff8801c0fe088c by task syzkaller563049/3523
[   25.392829] 
[   25.394428] CPU: 0 PID: 3523 Comm: syzkaller563049 Not tainted 4.15.0-rc7+ #182
[   25.401846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.411176] Call Trace:
[   25.413733]  dump_stack+0x194/0x257
[   25.417344]  ? arch_local_irq_restore+0x53/0x53
[   25.421983]  ? show_regs_print_info+0x18/0x18
[   25.426443]  ? lock_acquire+0x1d5/0x580
[   25.430394]  ? trace_hardirqs_on+0xd/0x10
[   25.434508]  ? do_raw_spin_lock+0x1e0/0x220
[   25.438800]  print_address_description+0x73/0x250
[   25.443610]  ? do_raw_spin_lock+0x1e0/0x220
[   25.447899]  kasan_report+0x25b/0x340
[   25.451670]  __asan_report_load4_noabort+0x14/0x20
[   25.456566]  do_raw_spin_lock+0x1e0/0x220
[   25.460684]  _raw_spin_lock_bh+0x39/0x40
[   25.464716]  ? release_sock+0x74/0x2a0
[   25.468569]  release_sock+0x74/0x2a0
[   25.472251]  ? sctp_prsctp_prune+0x97/0x790
[   25.476538]  ? __release_sock+0x360/0x360
[   25.480652]  ? trace_hardirqs_on+0xd/0x10
[   25.484771]  sctp_sendmsg+0x2993/0x33f0
[   25.488726]  ? sctp_id2assoc+0x390/0x390
[   25.492753]  ? avc_has_perm+0x43e/0x680
[   25.496695]  ? avc_has_perm_noaudit+0x520/0x520
[   25.501346]  ? __fget+0x35c/0x570
[   25.504778]  ? iterate_fd+0x3f0/0x3f0
[   25.508549]  ? find_held_lock+0x35/0x1d0
[   25.512583]  ? sock_has_perm+0x2a4/0x420
[   25.516613]  ? lock_release+0x9a2/0xa40
[   25.520556]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   25.526409]  ? __check_object_size+0x25d/0x4f0
[   25.530961]  inet_sendmsg+0x11f/0x5e0
[   25.534736]  ? inet_sendmsg+0x11f/0x5e0
[   25.538687]  ? __might_sleep+0x95/0x190
[   25.542627]  ? inet_create+0xf50/0xf50
[   25.546491]  ? selinux_socket_sendmsg+0x36/0x40
[   25.551125]  ? security_socket_sendmsg+0x89/0xb0
[   25.555847]  ? inet_create+0xf50/0xf50
[   25.559703]  sock_sendmsg+0xca/0x110
[   25.563384]  SYSC_sendto+0x361/0x5c0
[   25.567064]  ? SYSC_connect+0x4a0/0x4a0
[   25.571017]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   25.576358]  ? __do_page_fault+0x3d6/0xc90
[   25.580563]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   25.585821]  ? SyS_futex+0x269/0x390
[   25.589511]  ? SyS_setsockopt+0x215/0x360
[   25.593627]  ? do_futex+0x22a0/0x22a0
[   25.597396]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   25.602211]  SyS_sendto+0x40/0x50
[   25.605635]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   25.610359] RIP: 0033:0x44b8b9
[   25.613517] RSP: 002b:00007f9a904e3cd8 EFLAGS: 00000216 ORIG_RAX: 000000000000002c
[   25.621192] RAX: ffffffffffffffda RBX: 00000000006f0054 RCX: 000000000044b8b9
[   25.628429] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000004
[   25.635668] RBP: 00000000006f0050 R08: 00000000204d9000 R09: 000000000000001c
[   25.642904] R10: 0000000000000000 R11: 0000000000000216 R12: 0000000000000000
[   25.650147] R13: 00000000007ffe7f R14: 00007f9a904e49c0 R15: 0000000000002710
[   25.657394] 
[   25.658989] Allocated by task 3524:
[   25.662586]  save_stack+0x43/0xd0
[   25.666005]  kasan_kmalloc+0xad/0xe0
[   25.669687]  kasan_slab_alloc+0x12/0x20
[   25.673627]  kmem_cache_alloc+0x12e/0x760
[   25.677742]  sk_prot_alloc+0x65/0x2a0
[   25.681518]  sk_alloc+0x105/0x1440
[   25.685028]  sctp_v6_create_accept_sk+0x15a/0x9b0
[   25.689840]  sctp_accept+0x5c4/0x970
[   25.693538]  inet_accept+0x12c/0x930
[   25.697220]  SYSC_accept4+0x38d/0x870
[   25.701007]  SyS_accept+0x26/0x30
[   25.704428]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   25.709148] 
[   25.710740] Freed by task 3523:
[   25.713987]  save_stack+0x43/0xd0
[   25.717431]  kasan_slab_free+0x71/0xc0
[   25.721285]  kmem_cache_free+0x83/0x2a0
[   25.725234]  __sk_destruct+0x622/0x910
[   25.729088]  sk_destruct+0x47/0x80
[   25.732615]  __sk_free+0xf1/0x2b0
[   25.736034]  sk_free+0x2a/0x40
[   25.739194]  sctp_association_put+0x14c/0x2f0
[   25.743655]  sctp_wait_for_sndbuf+0x673/0x8d0
[   25.748117]  sctp_sendmsg+0x28f7/0x33f0
[   25.752060]  inet_sendmsg+0x11f/0x5e0
[   25.755827]  sock_sendmsg+0xca/0x110
[   25.759508]  SYSC_sendto+0x361/0x5c0
[   25.763189]  SyS_sendto+0x40/0x50
[   25.766609]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   25.771326] 
[   25.772923] The buggy address belongs to the object at ffff8801c0fe0800
[   25.772923]  which belongs to the cache SCTPv6 of size 1888
[   25.785211] The buggy address is located 140 bytes inside of
[   25.785211]  1888-byte region [ffff8801c0fe0800, ffff8801c0fe0f60)
[   25.797151] The buggy address belongs to the page:
[   25.802049] page:ffffea000703f800 count:1 mapcount:0 mapping:ffff8801c0fe0000 index:0x0
[   25.810160] flags: 0x2fffc0000000100(slab)
[   25.814364] raw: 02fffc0000000100 ffff8801c0fe0000 0000000000000000 0000000100000002
[   25.822212] raw: ffffea0006ff09e0 ffff8801d318d348 ffff8801d318e500 0000000000000000
[   25.830067] page dumped because: kasan: bad access detected
[   25.835752] 
[   25.837346] Memory state around the buggy address:
[   25.842240]  ffff8801c0fe0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.849568]  ffff8801c0fe0800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.856911] >ffff8801c0fe0880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.864245]                       ^
[   25.867838]  ffff8801c0fe0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.875164]  ffff8801c0fe0980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.882502] ==================================================================
[   25.889881] Kernel panic - not syncing: panic_on_warn set ...
[   25.889881] 
[   25.897244] CPU: 0 PID: 3523 Comm: syzkaller563049 Tainted: G    B            4.15.0-rc7+ #182
[   25.905974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   25.915300] Call Trace:
[   25.917863]  dump_stack+0x194/0x257
[   25.921459]  ? arch_local_irq_restore+0x53/0x53
[   25.926098]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   25.930822]  ? vsnprintf+0x1ed/0x1900
[   25.934591]  ? do_raw_spin_lock+0x140/0x220
[   25.938893]  panic+0x1e4/0x41c
[   25.942052]  ? refcount_error_report+0x214/0x214
[   25.946775]  ? add_taint+0x1c/0x50
[   25.950293]  ? add_taint+0x1c/0x50
[   25.953799]  ? do_raw_spin_lock+0x1e0/0x220
[   25.958099]  kasan_end_report+0x50/0x50
[   25.962040]  kasan_report+0x144/0x340
[   25.965810]  __asan_report_load4_noabort+0x14/0x20
[   25.970705]  do_raw_spin_lock+0x1e0/0x220
[   25.974824]  _raw_spin_lock_bh+0x39/0x40
[   25.978853]  ? release_sock+0x74/0x2a0
[   25.982707]  release_sock+0x74/0x2a0
[   25.986389]  ? sctp_prsctp_prune+0x97/0x790
[   25.990679]  ? __release_sock+0x360/0x360
[   25.994795]  ? trace_hardirqs_on+0xd/0x10
[   25.998915]  sctp_sendmsg+0x2993/0x33f0
[   26.002861]  ? sctp_id2assoc+0x390/0x390
[   26.006891]  ? avc_has_perm+0x43e/0x680
[   26.010835]  ? avc_has_perm_noaudit+0x520/0x520
[   26.015473]  ? __fget+0x35c/0x570
[   26.018897]  ? iterate_fd+0x3f0/0x3f0
[   26.022668]  ? find_held_lock+0x35/0x1d0
[   26.026700]  ? sock_has_perm+0x2a4/0x420
[   26.030731]  ? lock_release+0x9a2/0xa40
[   26.034675]  ? trace_event_raw_event_sched_switch+0x800/0x800
[   26.040532]  ? __check_object_size+0x25d/0x4f0
[   26.045085]  inet_sendmsg+0x11f/0x5e0
[   26.048852]  ? inet_sendmsg+0x11f/0x5e0
[   26.052791]  ? __might_sleep+0x95/0x190
[   26.056743]  ? inet_create+0xf50/0xf50
[   26.060609]  ? selinux_socket_sendmsg+0x36/0x40
[   26.065244]  ? security_socket_sendmsg+0x89/0xb0
[   26.069963]  ? inet_create+0xf50/0xf50
[   26.073830]  sock_sendmsg+0xca/0x110
[   26.077511]  SYSC_sendto+0x361/0x5c0
[   26.081195]  ? SYSC_connect+0x4a0/0x4a0
[   26.085140]  ? selinux_secmark_relabel_packet+0xc0/0xc0
[   26.090471]  ? __do_page_fault+0x3d6/0xc90
[   26.094676]  ? selinux_netlbl_sock_rcv_skb+0x730/0x730
[   26.099932]  ? SyS_futex+0x269/0x390
[   26.103614]  ? SyS_setsockopt+0x215/0x360
[   26.107729]  ? do_futex+0x22a0/0x22a0
[   26.111498]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   26.116308]  SyS_sendto+0x40/0x50
[   26.119731]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   26.124453] RIP: 0033:0x44b8b9
[   26.127610] RSP: 002b:00007f9a904e3cd8 EFLAGS: 00000216 ORIG_RAX: 000000000000002c
[   26.135284] RAX: ffffffffffffffda RBX: 00000000006f0054 RCX: 000000000044b8b9
[   26.142520] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000004
[   26.149758] RBP: 00000000006f0050 R08: 00000000204d9000 R09: 000000000000001c
[   26.156999] R10: 0000000000000000 R11: 0000000000000216 R12: 0000000000000000
[   26.164239] R13: 00000000007ffe7f R14: 00007f9a904e49c0 R15: 0000000000002710
[   26.171524] Dumping ftrace buffer:
[   26.175032]    (ftrace buffer empty)
[   26.178709] Kernel Offset: disabled
[   26.182303] Rebooting in 86400 seconds..