[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   12.283314] audit: type=1400 audit(1515347466.109:6): avc:  denied  { map } for  pid=3449 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   18.373224] audit: type=1400 audit(1515347472.199:7): avc:  denied  { map } for  pid=3463 comm="syzkaller016367" path="/root/syzkaller016367115" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
executing program
executing program
executing program
[   18.639221] 
[   18.640855] =========================
[   18.644618] WARNING: held lock freed!
[   18.648381] 4.15.0-rc6-mm1+ #51 Not tainted
[   18.652667] -------------------------
[   18.656436] syzkaller016367/3473 is freeing memory 000000008140089c-0000000092ed4e04, with a lock still held there!
[   18.666972]  (sk_lock-AF_INET6){+.+.}, at: [<00000000d1d25638>] sctp_sendmsg+0x2499/0x3060
[   18.675352] 1 lock held by syzkaller016367/3473:
[   18.680071]  #0:  (sk_lock-AF_INET6){+.+.}, at: [<00000000d1d25638>] sctp_sendmsg+0x2499/0x3060
[   18.688880] 
[   18.688880] stack backtrace:
[   18.693342] CPU: 1 PID: 3473 Comm: syzkaller016367 Not tainted 4.15.0-rc6-mm1+ #51
[   18.701016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   18.710333] Call Trace:
[   18.712890]  dump_stack+0x137/0x198
[   18.716487]  debug_check_no_locks_freed+0x32f/0x3c0
[   18.721481]  kmem_cache_free+0x68/0x2b0
[   18.725423]  __sk_destruct+0x3e4/0x590
[   18.729277]  sk_destruct+0x47/0x80
[   18.732784]  __sk_free+0xf1/0x2b0
[   18.736202]  sk_free+0x2a/0x40
[   18.739362]  sctp_association_put+0xd4/0x230
[   18.743737]  sctp_sendmsg+0x2719/0x3060
[   18.747686]  ? sctp_id2assoc+0x280/0x280
[   18.751726]  ? check_noncircular+0x20/0x20
[   18.755926]  ? find_held_lock+0x35/0x1e0
[   18.759956]  ? sock_has_perm+0x1ed/0x290
[   18.763984]  ? finish_wait+0x2a0/0x2a0
[   18.767840]  ? __might_fault+0x110/0x1d0
[   18.771878]  inet_sendmsg+0xe0/0x4b0
[   18.775558]  ? inet_sendmsg+0xe0/0x4b0
[   18.779412]  ? inet_recvmsg+0x520/0x520
[   18.783360]  sock_sendmsg+0xca/0x110
[   18.787042]  SYSC_sendto+0x2e0/0x360
[   18.790726]  ? SYSC_connect+0x310/0x310
[   18.794670]  ? sock_enable_timestamp+0xb0/0xb0
[   18.799219]  ? selinux_netlbl_socket_setsockopt+0x10e/0x320
[   18.804894]  ? selinux_netlbl_sock_rcv_skb+0x450/0x450
[   18.810147]  ? SyS_futex+0x1fd/0x2b0
[   18.813827]  ? do_futex+0x1830/0x1830
[   18.817594]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   18.822407]  SyS_sendto+0x40/0x50
[   18.825830]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   18.830552] RIP: 0033:0x445db9
[   18.833710] RSP: 002b:00007f2ba666dd98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   18.841383] RAX: ffffffffffffffda RBX: 00000000006dbc84 RCX: 0000000000445db9
[   18.848620] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000005
[   18.855857] RBP: 0000000000000000 R08: 00000000204d9000 R09: 000000000000001c
[   18.863093] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc80
[   18.870328] R13: 00000000209a9000 R14: 0100000000000000 R15: 0000000000000001
[   18.877643] ==================================================================
[   18.884984] BUG: KASAN: use-after-free in do_raw_spin_lock+0x1e0/0x220
[   18.891614] Read of size 4 at addr ffff8801bf81108c by task syzkaller016367/3473
[   18.899108] 
[   18.900707] CPU: 1 PID: 3473 Comm: syzkaller016367 Not tainted 4.15.0-rc6-mm1+ #51
[   18.908378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   18.917699] Call Trace:
[   18.920253]  dump_stack+0x137/0x198
[   18.923851]  ? do_raw_spin_lock+0x1e0/0x220
[   18.928144]  print_address_description+0x73/0x250
[   18.932956]  ? do_raw_spin_lock+0x1e0/0x220
executing program
[   18.937244]  kasan_report+0x23b/0x360
[   18.941020]  __asan_report_load4_noabort+0x14/0x20
[   18.945927]  do_raw_spin_lock+0x1e0/0x220
[   18.950049]  _raw_spin_lock_bh+0x39/0x40
[   18.954078]  ? release_sock+0x20/0x1c0
[   18.957947]  release_sock+0x20/0x1c0
[   18.961629]  sctp_sendmsg+0x2721/0x3060
[   18.965578]  ? sctp_id2assoc+0x280/0x280
[   18.969607]  ? check_noncircular+0x20/0x20
[   18.973809]  ? find_held_lock+0x35/0x1e0
[   18.977841]  ? sock_has_perm+0x1ed/0x290
[   18.981870]  ? finish_wait+0x2a0/0x2a0
[   18.985726]  ? __might_fault+0x110/0x1d0
[   18.989760]  inet_sendmsg+0xe0/0x4b0
[   18.993441]  ? inet_sendmsg+0xe0/0x4b0
[   18.997297]  ? inet_recvmsg+0x520/0x520
[   19.001237]  sock_sendmsg+0xca/0x110
[   19.004920]  SYSC_sendto+0x2e0/0x360
[   19.008615]  ? SYSC_connect+0x310/0x310
[   19.012557]  ? sock_enable_timestamp+0xb0/0xb0
[   19.017108]  ? selinux_netlbl_socket_setsockopt+0x10e/0x320
[   19.022787]  ? selinux_netlbl_sock_rcv_skb+0x450/0x450
[   19.028041]  ? SyS_futex+0x1fd/0x2b0
[   19.031723]  ? do_futex+0x1830/0x1830
[   19.035489]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   19.040299]  SyS_sendto+0x40/0x50
[   19.043720]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   19.048443] RIP: 0033:0x445db9
[   19.051599] RSP: 002b:00007f2ba666dd98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   19.059271] RAX: ffffffffffffffda RBX: 00000000006dbc84 RCX: 0000000000445db9
[   19.066507] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000005
[   19.073746] RBP: 0000000000000000 R08: 00000000204d9000 R09: 000000000000001c
[   19.080983] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc80
[   19.088218] R13: 00000000209a9000 R14: 0100000000000000 R15: 0000000000000001
[   19.095466] 
[   19.097063] Allocated by task 3474:
[   19.100660]  save_stack+0x43/0xd0
[   19.104079]  kasan_kmalloc+0xad/0xe0
[   19.107758]  kasan_slab_alloc+0x12/0x20
[   19.111698]  kmem_cache_alloc+0x12e/0x760
[   19.115814]  sk_prot_alloc+0x65/0x2a0
[   19.119580]  sk_alloc+0x37/0xd60
[   19.122912]  sctp_v6_create_accept_sk+0xf5/0x830
[   19.127633]  sctp_accept+0x3ab/0x620
[   19.131311]  inet_accept+0xef/0x7f0
[   19.134904]  SYSC_accept4+0x342/0x650
[   19.138672]  SyS_accept+0x26/0x30
[   19.142092]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   19.146810] 
[   19.148402] Freed by task 3473:
[   19.151646]  save_stack+0x43/0xd0
[   19.155065]  __kasan_slab_free+0x11a/0x170
[   19.159264]  kasan_slab_free+0xe/0x10
[   19.163030]  kmem_cache_free+0x86/0x2b0
[   19.166968]  __sk_destruct+0x3e4/0x590
[   19.170819]  sk_destruct+0x47/0x80
[   19.174321]  __sk_free+0xf1/0x2b0
[   19.177737]  sk_free+0x2a/0x40
[   19.180895]  sctp_association_put+0xd4/0x230
[   19.185269]  sctp_sendmsg+0x2719/0x3060
[   19.189207]  inet_sendmsg+0xe0/0x4b0
[   19.192886]  sock_sendmsg+0xca/0x110
[   19.196563]  SYSC_sendto+0x2e0/0x360
[   19.200240]  SyS_sendto+0x40/0x50
[   19.203667]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   19.208385] 
[   19.209979] The buggy address belongs to the object at ffff8801bf811000
[   19.209979]  which belongs to the cache SCTPv6 of size 1888
[   19.222251] The buggy address is located 140 bytes inside of
[   19.222251]  1888-byte region [ffff8801bf811000, ffff8801bf811760)
[   19.234179] The buggy address belongs to the page:
[   19.239075] page:ffffea0006fe0440 count:1 mapcount:0 mapping:ffff8801bf811000 index:0x0
[   19.247181] flags: 0x2fffc0000000100(slab)
[   19.251384] raw: 02fffc0000000100 ffff8801bf811000 0000000000000000 0000000100000002
[   19.259232] raw: ffffea0006fe0a20 ffffea0006fe2e60 ffff8801d35d3200 0000000000000000
[   19.267077] page dumped because: kasan: bad access detected
[   19.272748] 
[   19.274343] Memory state around the buggy address:
[   19.279238]  ffff8801bf810f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   19.286564]  ffff8801bf811000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.293889] >ffff8801bf811080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.301210]                       ^
[   19.304802]  ffff8801bf811100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.312126]  ffff8801bf811180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.319453] ==================================================================
[   19.326814] Kernel panic - not syncing: panic_on_warn set ...
[   19.326814] 
[   19.334164] CPU: 1 PID: 3473 Comm: syzkaller016367 Tainted: G    B            4.15.0-rc6-mm1+ #51
[   19.343158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   19.352480] Call Trace:
[   19.355042]  dump_stack+0x137/0x198
[   19.358661]  ? do_raw_spin_lock+0x1d0/0x220
[   19.362962]  panic+0x1e4/0x41c
[   19.366119]  ? refcount_error_report+0x214/0x214
[   19.370839]  ? add_taint+0x1c/0x50
[   19.374345]  ? add_taint+0x1c/0x50
[   19.377861]  ? do_raw_spin_lock+0x1e0/0x220
[   19.382155]  kasan_end_report+0x50/0x50
[   19.386095]  kasan_report+0x148/0x360
[   19.389862]  __asan_report_load4_noabort+0x14/0x20
[   19.394762]  do_raw_spin_lock+0x1e0/0x220
[   19.398878]  _raw_spin_lock_bh+0x39/0x40
[   19.402910]  ? release_sock+0x20/0x1c0
[   19.406764]  release_sock+0x20/0x1c0
[   19.410455]  sctp_sendmsg+0x2721/0x3060
[   19.414406]  ? sctp_id2assoc+0x280/0x280
[   19.418438]  ? check_noncircular+0x20/0x20
[   19.422641]  ? find_held_lock+0x35/0x1e0
[   19.426675]  ? sock_has_perm+0x1ed/0x290
[   19.430703]  ? finish_wait+0x2a0/0x2a0
[   19.434558]  ? __might_fault+0x110/0x1d0
[   19.438593]  inet_sendmsg+0xe0/0x4b0
[   19.442271]  ? inet_sendmsg+0xe0/0x4b0
[   19.446130]  ? inet_recvmsg+0x520/0x520
[   19.450072]  sock_sendmsg+0xca/0x110
[   19.453751]  SYSC_sendto+0x2e0/0x360
[   19.457431]  ? SYSC_connect+0x310/0x310
[   19.461371]  ? sock_enable_timestamp+0xb0/0xb0
[   19.465920]  ? selinux_netlbl_socket_setsockopt+0x10e/0x320
[   19.471596]  ? selinux_netlbl_sock_rcv_skb+0x450/0x450
[   19.476850]  ? SyS_futex+0x1fd/0x2b0
[   19.480533]  ? do_futex+0x1830/0x1830
[   19.484302]  ? entry_SYSCALL_64_fastpath+0x5/0x9a
[   19.489114]  SyS_sendto+0x40/0x50
[   19.492534]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   19.497253] RIP: 0033:0x445db9
[   19.500409] RSP: 002b:00007f2ba666dd98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   19.508082] RAX: ffffffffffffffda RBX: 00000000006dbc84 RCX: 0000000000445db9
[   19.515318] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000005
[   19.522559] RBP: 0000000000000000 R08: 00000000204d9000 R09: 000000000000001c
[   19.529795] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc80
[   19.537032] R13: 00000000209a9000 R14: 0100000000000000 R15: 0000000000000001
[   19.544682] Dumping ftrace buffer:
[   19.548189]    (ftrace buffer empty)
[   19.551865] Kernel Offset: disabled
[   19.555465] Rebooting in 86400 seconds..