[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   12.703829] audit: type=1400 audit(1515349385.938:6): avc:  denied  { map } for  pid=3459 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.15.204' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   22.140264] audit: type=1400 audit(1515349395.375:7): avc:  denied  { map } for  pid=3474 comm="syzkaller541995" path="/root/syzkaller541995193" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
executing program
executing program
[   22.328327] 
[   22.329993] =========================
[   22.333759] WARNING: held lock freed!
[   22.337535] 4.15.0-rc6-mm1+ #51 Not tainted
[   22.341834] -------------------------
[   22.345605] syzkaller541995/3479 is freeing memory 000000006dbc4b93-00000000c3edb7a7, with a lock still held there!
[   22.356142]  (sk_lock-AF_INET6){+.+.}, at: [<000000007a188415>] sctp_sendmsg+0x2499/0x3060
[   22.364533] 1 lock held by syzkaller541995/3479:
[   22.369252]  #0:  (sk_lock-AF_INET6){+.+.}, at: [<000000007a188415>] sctp_sendmsg+0x2499/0x3060
[   22.378070] 
[   22.378070] stack backtrace:
[   22.382535] CPU: 0 PID: 3479 Comm: syzkaller541995 Not tainted 4.15.0-rc6-mm1+ #51
[   22.390207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.399699] Call Trace:
[   22.402285]  dump_stack+0x137/0x198
[   22.405890]  debug_check_no_locks_freed+0x32f/0x3c0
[   22.410903]  kmem_cache_free+0x68/0x2b0
[   22.414851]  __sk_destruct+0x3e4/0x590
[   22.418708]  sk_destruct+0x47/0x80
[   22.422218]  __sk_free+0xf1/0x2b0
[   22.425644]  sk_free+0x2a/0x40
[   22.428803]  sctp_association_put+0xd4/0x230
[   22.433177]  sctp_sendmsg+0x2719/0x3060
[   22.437136]  ? sctp_id2assoc+0x280/0x280
[   22.441166]  ? check_noncircular+0x20/0x20
[   22.445377]  ? find_held_lock+0x35/0x1e0
[   22.449411]  ? sock_has_perm+0x1ed/0x290
[   22.453439]  ? finish_wait+0x2a0/0x2a0
[   22.457309]  ? __might_fault+0x110/0x1d0
[   22.461350]  inet_sendmsg+0xe0/0x4b0
[   22.465030]  ? inet_sendmsg+0xe0/0x4b0
[   22.468882]  ? inet_recvmsg+0x520/0x520
[   22.472825]  sock_sendmsg+0xca/0x110
[   22.476507]  SYSC_sendto+0x2e0/0x360
[   22.480199]  ? SYSC_connect+0x310/0x310
[   22.484143]  ? sock_enable_timestamp+0xb0/0xb0
[   22.488695]  ? selinux_netlbl_socket_setsockopt+0x10e/0x320
[   22.494382]  ? selinux_netlbl_sock_rcv_skb+0x450/0x450
[   22.500503]  ? SyS_futex+0x1fd/0x2b0
[   22.504201]  ? do_futex+0x1830/0x1830
[   22.507981]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   22.512806]  SyS_sendto+0x40/0x50
[   22.516229]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   22.520960] RIP: 0033:0x445db9
[   22.524116] RSP: 002b:00007f65d41e3d98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   22.531806] RAX: ffffffffffffffda RBX: 00000000006dbc6c RCX: 0000000000445db9
[   22.539054] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000004
[   22.546294] RBP: 0000000000000000 R08: 00000000204d9000 R09: 000000000000001c
[   22.553543] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc68
[   22.560784] R13: 00000000209a9000 R14: 0100000000000000 R15: 0000000000000001
[   22.568142] ==================================================================
[   22.575488] BUG: KASAN: use-after-free in do_raw_spin_lock+0x1e0/0x220
[   22.582120] Read of size 4 at addr ffff8801bf81188c by task syzkaller541995/3479
[   22.589617] 
[   22.591216] CPU: 0 PID: 3479 Comm: syzkaller541995 Not tainted 4.15.0-rc6-mm1+ #51
[   22.598898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   22.608230] Call Trace:
[   22.610790]  dump_stack+0x137/0x198
[   22.614386]  ? do_raw_spin_lock+0x1e0/0x220
[   22.618694]  print_address_description+0x73/0x250
[   22.623508]  ? do_raw_spin_lock+0x1e0/0x220
executing program
[   22.627807]  kasan_report+0x23b/0x360
[   22.631577]  __asan_report_load4_noabort+0x14/0x20
[   22.636492]  do_raw_spin_lock+0x1e0/0x220
[   22.640615]  _raw_spin_lock_bh+0x39/0x40
[   22.644645]  ? release_sock+0x20/0x1c0
[   22.648500]  release_sock+0x20/0x1c0
[   22.652188]  sctp_sendmsg+0x2721/0x3060
[   22.656135]  ? sctp_id2assoc+0x280/0x280
[   22.660167]  ? check_noncircular+0x20/0x20
[   22.664369]  ? find_held_lock+0x35/0x1e0
[   22.668419]  ? sock_has_perm+0x1ed/0x290
[   22.672487]  ? finish_wait+0x2a0/0x2a0
[   22.676346]  ? __might_fault+0x110/0x1d0
[   22.680385]  inet_sendmsg+0xe0/0x4b0
[   22.684080]  ? inet_sendmsg+0xe0/0x4b0
[   22.687933]  ? inet_recvmsg+0x520/0x520
[   22.691875]  sock_sendmsg+0xca/0x110
[   22.695557]  SYSC_sendto+0x2e0/0x360
[   22.699239]  ? SYSC_connect+0x310/0x310
[   22.703184]  ? sock_enable_timestamp+0xb0/0xb0
[   22.707746]  ? selinux_netlbl_socket_setsockopt+0x10e/0x320
[   22.713425]  ? selinux_netlbl_sock_rcv_skb+0x450/0x450
[   22.718681]  ? SyS_futex+0x1fd/0x2b0
[   22.722363]  ? do_futex+0x1830/0x1830
[   22.726132]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   22.730954]  SyS_sendto+0x40/0x50
[   22.734378]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   22.739100] RIP: 0033:0x445db9
[   22.742257] RSP: 002b:00007f65d41e3d98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   22.749944] RAX: ffffffffffffffda RBX: 00000000006dbc6c RCX: 0000000000445db9
[   22.757183] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000004
[   22.764423] RBP: 0000000000000000 R08: 00000000204d9000 R09: 000000000000001c
[   22.771663] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc68
[   22.778904] R13: 00000000209a9000 R14: 0100000000000000 R15: 0000000000000001
[   22.786150] 
[   22.787749] Allocated by task 3484:
[   22.791350]  save_stack+0x43/0xd0
[   22.794769]  kasan_kmalloc+0xad/0xe0
[   22.798447]  kasan_slab_alloc+0x12/0x20
[   22.802392]  kmem_cache_alloc+0x12e/0x760
[   22.806508]  sk_prot_alloc+0x65/0x2a0
[   22.810280]  sk_alloc+0x37/0xd60
[   22.813615]  sctp_v6_create_accept_sk+0xf5/0x830
[   22.818338]  sctp_accept+0x3ab/0x620
[   22.822020]  inet_accept+0xef/0x7f0
[   22.825612]  SYSC_accept4+0x342/0x650
[   22.829378]  SyS_accept+0x26/0x30
[   22.832799]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   22.837529] 
[   22.839122] Freed by task 3479:
[   22.842369]  save_stack+0x43/0xd0
[   22.845786]  __kasan_slab_free+0x11a/0x170
[   22.849986]  kasan_slab_free+0xe/0x10
[   22.853750]  kmem_cache_free+0x86/0x2b0
[   22.857701]  __sk_destruct+0x3e4/0x590
[   22.861573]  sk_destruct+0x47/0x80
[   22.865077]  __sk_free+0xf1/0x2b0
[   22.868496]  sk_free+0x2a/0x40
[   22.871657]  sctp_association_put+0xd4/0x230
[   22.876033]  sctp_sendmsg+0x2719/0x3060
[   22.879982]  inet_sendmsg+0xe0/0x4b0
[   22.883672]  sock_sendmsg+0xca/0x110
[   22.887352]  SYSC_sendto+0x2e0/0x360
[   22.891029]  SyS_sendto+0x40/0x50
[   22.894458]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   22.899185] 
[   22.900781] The buggy address belongs to the object at ffff8801bf811800
[   22.900781]  which belongs to the cache SCTPv6 of size 1888
[   22.913057] The buggy address is located 140 bytes inside of
[   22.913057]  1888-byte region [ffff8801bf811800, ffff8801bf811f60)
[   22.924985] The buggy address belongs to the page:
[   22.929894] page:ffffea0006fe0440 count:1 mapcount:0 mapping:ffff8801bf811000 index:0x0
[   22.938017] flags: 0x2fffc0000000100(slab)
[   22.942233] raw: 02fffc0000000100 ffff8801bf811000 0000000000000000 0000000100000002
[   22.950081] raw: ffffea00070043a0 ffffea0006ff7ee0 ffff8801d3727380 0000000000000000
[   22.957924] page dumped because: kasan: bad access detected
[   22.963603] 
[   22.965220] Memory state around the buggy address:
[   22.970127]  ffff8801bf811780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.977463]  ffff8801bf811800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.984791] >ffff8801bf811880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.992116]                       ^
[   22.995710]  ffff8801bf811900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   23.003038]  ffff8801bf811980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   23.010364] ==================================================================
[   23.017756] Kernel panic - not syncing: panic_on_warn set ...
[   23.017756] 
[   23.025094] CPU: 0 PID: 3479 Comm: syzkaller541995 Tainted: G    B            4.15.0-rc6-mm1+ #51
[   23.034082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   23.043410] Call Trace:
[   23.045973]  dump_stack+0x137/0x198
[   23.049569]  ? do_raw_spin_lock+0x1d0/0x220
[   23.053859]  panic+0x1e4/0x41c
[   23.057019]  ? refcount_error_report+0x214/0x214
[   23.061746]  ? add_taint+0x1c/0x50
[   23.065274]  ? add_taint+0x1c/0x50
[   23.068784]  ? do_raw_spin_lock+0x1e0/0x220
[   23.073077]  kasan_end_report+0x50/0x50
[   23.077019]  kasan_report+0x148/0x360
executing program
[   23.080803]  __asan_report_load4_noabort+0x14/0x20
[   23.085702]  do_raw_spin_lock+0x1e0/0x220
[   23.089832]  _raw_spin_lock_bh+0x39/0x40
[   23.093860]  ? release_sock+0x20/0x1c0
[   23.097715]  release_sock+0x20/0x1c0
[   23.101404]  sctp_sendmsg+0x2721/0x3060
[   23.105352]  ? sctp_id2assoc+0x280/0x280
[   23.109382]  ? check_noncircular+0x20/0x20
[   23.113583]  ? find_held_lock+0x35/0x1e0
[   23.117617]  ? sock_has_perm+0x1ed/0x290
[   23.121647]  ? finish_wait+0x2a0/0x2a0
[   23.125504]  ? __might_fault+0x110/0x1d0
[   23.129538]  inet_sendmsg+0xe0/0x4b0
[   23.133216]  ? inet_sendmsg+0xe0/0x4b0
[   23.137069]  ? inet_recvmsg+0x520/0x520
[   23.141012]  sock_sendmsg+0xca/0x110
[   23.144692]  SYSC_sendto+0x2e0/0x360
[   23.148374]  ? SYSC_connect+0x310/0x310
[   23.152321]  ? sock_enable_timestamp+0xb0/0xb0
[   23.156869]  ? selinux_netlbl_socket_setsockopt+0x10e/0x320
[   23.162548]  ? selinux_netlbl_sock_rcv_skb+0x450/0x450
[   23.167802]  ? SyS_futex+0x1fd/0x2b0
[   23.171495]  ? do_futex+0x1830/0x1830
[   23.175265]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   23.180078]  SyS_sendto+0x40/0x50
[   23.183499]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   23.188220] RIP: 0033:0x445db9
[   23.191376] RSP: 002b:00007f65d41e3d98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   23.199049] RAX: ffffffffffffffda RBX: 00000000006dbc6c RCX: 0000000000445db9
[   23.206287] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000004
[   23.213538] RBP: 0000000000000000 R08: 00000000204d9000 R09: 000000000000001c
[   23.220776] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc68
[   23.228016] R13: 00000000209a9000 R14: 0100000000000000 R15: 0000000000000001
[   23.235669] Dumping ftrace buffer:
[   23.239183]    (ftrace buffer empty)
[   23.242861] Kernel Offset: disabled
[   23.246457] Rebooting in 86400 seconds..