[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   12.315582] audit: type=1400 audit(1515345618.849:6): avc:  denied  { map } for  pid=3447 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   18.459974] audit: type=1400 audit(1515345624.993:7): avc:  denied  { map } for  pid=3461 comm="syzkaller745054" path="/root/syzkaller745054720" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
executing program
executing program
executing program
[   18.732415] 
[   18.734074] =========================
[   18.737839] WARNING: held lock freed!
[   18.741606] 4.15.0-rc6-next-20180105+ #89 Not tainted
[   18.746764] -------------------------
[   18.750537] syzkaller745054/3472 is freeing memory 000000004fdb5732-00000000aaa9e399, with a lock still held there!
[   18.761075]  (sk_lock-AF_INET6){+.+.}, at: [<00000000cc147d31>] sctp_sendmsg+0x2499/0x3060
[   18.769464] 1 lock held by syzkaller745054/3472:
[   18.774184]  #0:  (sk_lock-AF_INET6){+.+.}, at: [<00000000cc147d31>] sctp_sendmsg+0x2499/0x3060
[   18.782997] 
[   18.782997] stack backtrace:
[   18.787467] CPU: 0 PID: 3472 Comm: syzkaller745054 Not tainted 4.15.0-rc6-next-20180105+ #89
[   18.796006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   18.805328] Call Trace:
[   18.807887]  dump_stack+0x137/0x198
[   18.811489]  debug_check_no_locks_freed+0x32f/0x3c0
[   18.816478]  kmem_cache_free+0x68/0x2b0
[   18.820424]  __sk_destruct+0x3e4/0x590
[   18.824278]  sk_destruct+0x47/0x80
[   18.827784]  __sk_free+0xf1/0x2b0
[   18.831205]  sk_free+0x2a/0x40
[   18.834374]  sctp_association_put+0xd4/0x230
[   18.838752]  sctp_sendmsg+0x2719/0x3060
[   18.842701]  ? sctp_id2assoc+0x280/0x280
[   18.846730]  ? check_noncircular+0x20/0x20
[   18.850932]  ? find_held_lock+0x35/0x1e0
[   18.854966]  ? sock_has_perm+0x1ed/0x290
[   18.858997]  ? finish_wait+0x2a0/0x2a0
[   18.862856]  ? __might_fault+0x110/0x1d0
[   18.866892]  inet_sendmsg+0xe0/0x4b0
[   18.870571]  ? inet_sendmsg+0xe0/0x4b0
[   18.874425]  ? inet_recvmsg+0x520/0x520
[   18.878371]  sock_sendmsg+0xca/0x110
[   18.882052]  SYSC_sendto+0x2e0/0x360
[   18.885733]  ? SYSC_connect+0x310/0x310
[   18.889676]  ? sock_enable_timestamp+0xb0/0xb0
[   18.894227]  ? selinux_netlbl_socket_setsockopt+0x10e/0x320
[   18.899904]  ? selinux_netlbl_sock_rcv_skb+0x450/0x450
[   18.905159]  ? SyS_futex+0x1fd/0x2b0
[   18.908841]  ? do_futex+0x1830/0x1830
[   18.912610]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   18.917424]  SyS_sendto+0x40/0x50
[   18.920848]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   18.925572] RIP: 0033:0x445db9
[   18.928731] RSP: 002b:00007f318fe2dd98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   18.936405] RAX: ffffffffffffffda RBX: 00000000006dbc9c RCX: 0000000000445db9
[   18.943655] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000005
[   18.950893] RBP: 0000000000000000 R08: 00000000204d9000 R09: 000000000000001c
[   18.958139] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc98
[   18.965379] R13: 00000000209a9000 R14: 0100000000000000 R15: 0000000000000001
[   18.972720] ==================================================================
[   18.980068] BUG: KASAN: use-after-free in do_raw_spin_lock+0x1e0/0x220
[   18.986702] Read of size 4 at addr ffff8801c0e9908c by task syzkaller745054/3472
[   18.994198] 
[   18.995799] CPU: 0 PID: 3472 Comm: syzkaller745054 Not tainted 4.15.0-rc6-next-20180105+ #89
[   19.004355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   19.013687] Call Trace:
[   19.016261]  dump_stack+0x137/0x198
[   19.019867]  ? do_raw_spin_lock+0x1e0/0x220
[   19.024166]  print_address_description+0x73/0x250
[   19.028974]  ? do_raw_spin_lock+0x1e0/0x220
executing program
[   19.033263]  kasan_report+0x23b/0x360
[   19.037035]  __asan_report_load4_noabort+0x14/0x20
[   19.041932]  do_raw_spin_lock+0x1e0/0x220
[   19.046058]  _raw_spin_lock_bh+0x39/0x40
[   19.050105]  ? release_sock+0x20/0x1c0
[   19.053967]  release_sock+0x20/0x1c0
[   19.057654]  sctp_sendmsg+0x2721/0x3060
[   19.061625]  ? sctp_id2assoc+0x280/0x280
[   19.065660]  ? check_noncircular+0x20/0x20
[   19.069862]  ? find_held_lock+0x35/0x1e0
[   19.073896]  ? sock_has_perm+0x1ed/0x290
[   19.077926]  ? finish_wait+0x2a0/0x2a0
[   19.081784]  ? __might_fault+0x110/0x1d0
[   19.085823]  inet_sendmsg+0xe0/0x4b0
[   19.089504]  ? inet_sendmsg+0xe0/0x4b0
[   19.093357]  ? inet_recvmsg+0x520/0x520
[   19.097300]  sock_sendmsg+0xca/0x110
[   19.100982]  SYSC_sendto+0x2e0/0x360
[   19.104664]  ? SYSC_connect+0x310/0x310
[   19.108607]  ? sock_enable_timestamp+0xb0/0xb0
[   19.113161]  ? selinux_netlbl_socket_setsockopt+0x10e/0x320
[   19.118841]  ? selinux_netlbl_sock_rcv_skb+0x450/0x450
[   19.124100]  ? SyS_futex+0x1fd/0x2b0
[   19.127799]  ? do_futex+0x1830/0x1830
[   19.131570]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   19.136383]  SyS_sendto+0x40/0x50
[   19.139808]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   19.144530] RIP: 0033:0x445db9
[   19.147688] RSP: 002b:00007f318fe2dd98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   19.155363] RAX: ffffffffffffffda RBX: 00000000006dbc9c RCX: 0000000000445db9
[   19.162601] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000005
[   19.169839] RBP: 0000000000000000 R08: 00000000204d9000 R09: 000000000000001c
[   19.177077] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc98
[   19.184316] R13: 00000000209a9000 R14: 0100000000000000 R15: 0000000000000001
[   19.191560] 
[   19.193157] Allocated by task 3473:
[   19.196756]  save_stack+0x43/0xd0
[   19.200175]  kasan_kmalloc+0xad/0xe0
[   19.203854]  kasan_slab_alloc+0x12/0x20
[   19.207793]  kmem_cache_alloc+0x12e/0x760
[   19.211910]  sk_prot_alloc+0x65/0x2a0
[   19.215675]  sk_alloc+0x37/0xd60
[   19.219011]  sctp_v6_create_accept_sk+0xf5/0x830
[   19.223735]  sctp_accept+0x3ab/0x620
[   19.227415]  inet_accept+0xef/0x7f0
[   19.231010]  SYSC_accept4+0x342/0x650
[   19.234775]  SyS_accept+0x26/0x30
[   19.238197]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   19.242914] 
[   19.244506] Freed by task 3472:
[   19.247755]  save_stack+0x43/0xd0
[   19.251175]  __kasan_slab_free+0x11a/0x170
[   19.255374]  kasan_slab_free+0xe/0x10
[   19.259143]  kmem_cache_free+0x86/0x2b0
[   19.263087]  __sk_destruct+0x3e4/0x590
[   19.266944]  sk_destruct+0x47/0x80
[   19.270449]  __sk_free+0xf1/0x2b0
[   19.273868]  sk_free+0x2a/0x40
[   19.277040]  sctp_association_put+0xd4/0x230
[   19.281415]  sctp_sendmsg+0x2719/0x3060
[   19.285355]  inet_sendmsg+0xe0/0x4b0
[   19.289035]  sock_sendmsg+0xca/0x110
[   19.292713]  SYSC_sendto+0x2e0/0x360
[   19.296390]  SyS_sendto+0x40/0x50
[   19.299810]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   19.304530] 
[   19.306128] The buggy address belongs to the object at ffff8801c0e99000
[   19.306128]  which belongs to the cache SCTPv6 of size 1888
[   19.318406] The buggy address is located 140 bytes inside of
[   19.318406]  1888-byte region [ffff8801c0e99000, ffff8801c0e99760)
[   19.330331] The buggy address belongs to the page:
[   19.335229] page:ffffea000703a640 count:1 mapcount:0 mapping:ffff8801c0e99000 index:0x0
[   19.343337] flags: 0x2fffc0000000100(slab)
[   19.347540] raw: 02fffc0000000100 ffff8801c0e99000 0000000000000000 0000000100000002
[   19.355390] raw: ffffea0007039ea0 ffffea000703c160 ffff8801d3718680 0000000000000000
[   19.363235] page dumped because: kasan: bad access detected
[   19.368908] 
[   19.370503] Memory state around the buggy address:
[   19.375400]  ffff8801c0e98f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.382724]  ffff8801c0e99000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.390048] >ffff8801c0e99080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.397373]                       ^
[   19.400966]  ffff8801c0e99100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.408290]  ffff8801c0e99180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.415624] ==================================================================
[   19.423005] Kernel panic - not syncing: panic_on_warn set ...
[   19.423005] 
[   19.430361] CPU: 0 PID: 3472 Comm: syzkaller745054 Tainted: G    B            4.15.0-rc6-next-20180105+ #89
[   19.440222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   19.449547] Call Trace:
[   19.452125]  dump_stack+0x137/0x198
[   19.455737]  ? do_raw_spin_lock+0x170/0x220
[   19.460035]  panic+0x1e4/0x41c
[   19.463194]  ? refcount_error_report+0x214/0x214
[   19.467915]  ? add_taint+0x1c/0x50
[   19.471419]  ? add_taint+0x1c/0x50
[   19.474930]  ? do_raw_spin_lock+0x1e0/0x220
[   19.479220]  kasan_end_report+0x50/0x50
[   19.483161]  kasan_report+0x148/0x360
[   19.486927]  __asan_report_load4_noabort+0x14/0x20
[   19.491821]  do_raw_spin_lock+0x1e0/0x220
[   19.495941]  _raw_spin_lock_bh+0x39/0x40
[   19.499985]  ? release_sock+0x20/0x1c0
[   19.503842]  release_sock+0x20/0x1c0
[   19.507527]  sctp_sendmsg+0x2721/0x3060
[   19.511484]  ? sctp_id2assoc+0x280/0x280
[   19.515517]  ? check_noncircular+0x20/0x20
[   19.519721]  ? find_held_lock+0x35/0x1e0
[   19.523755]  ? sock_has_perm+0x1ed/0x290
[   19.527786]  ? finish_wait+0x2a0/0x2a0
[   19.531644]  ? __might_fault+0x110/0x1d0
[   19.535682]  inet_sendmsg+0xe0/0x4b0
[   19.539362]  ? inet_sendmsg+0xe0/0x4b0
[   19.543218]  ? inet_recvmsg+0x520/0x520
[   19.547162]  sock_sendmsg+0xca/0x110
[   19.550844]  SYSC_sendto+0x2e0/0x360
[   19.554541]  ? SYSC_connect+0x310/0x310
[   19.558491]  ? sock_enable_timestamp+0xb0/0xb0
[   19.563046]  ? selinux_netlbl_socket_setsockopt+0x10e/0x320
[   19.568725]  ? selinux_netlbl_sock_rcv_skb+0x450/0x450
[   19.573980]  ? SyS_futex+0x1fd/0x2b0
[   19.577664]  ? do_futex+0x1830/0x1830
[   19.581438]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   19.586256]  SyS_sendto+0x40/0x50
[   19.589682]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   19.594404] RIP: 0033:0x445db9
[   19.597561] RSP: 002b:00007f318fe2dd98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   19.605239] RAX: ffffffffffffffda RBX: 00000000006dbc9c RCX: 0000000000445db9
[   19.612508] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000005
[   19.619757] RBP: 0000000000000000 R08: 00000000204d9000 R09: 000000000000001c
[   19.626995] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc98
[   19.634238] R13: 00000000209a9000 R14: 0100000000000000 R15: 0000000000000001
[   19.641922] Dumping ftrace buffer:
[   19.645435]    (ftrace buffer empty)
[   19.649114] Kernel Offset: disabled
[   19.652709] Rebooting in 86400 seconds..