�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Starting mcstransd:
[....] Starting file context maintaining daemon: restorecond�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 12.283314] audit: type=1400 audit(1515347466.109:6): avc: denied { map } for pid=3449 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 18.373224] audit: type=1400 audit(1515347472.199:7): avc: denied { map } for pid=3463 comm="syzkaller016367" path="/root/syzkaller016367115" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
executing program
executing program
executing program
[ 18.639221]
[ 18.640855] =========================
[ 18.644618] WARNING: held lock freed!
[ 18.648381] 4.15.0-rc6-mm1+ #51 Not tainted
[ 18.652667] -------------------------
[ 18.656436] syzkaller016367/3473 is freeing memory 000000008140089c-0000000092ed4e04, with a lock still held there!
[ 18.666972] (sk_lock-AF_INET6){+.+.}, at: [<00000000d1d25638>] sctp_sendmsg+0x2499/0x3060
[ 18.675352] 1 lock held by syzkaller016367/3473:
[ 18.680071] #0: (sk_lock-AF_INET6){+.+.}, at: [<00000000d1d25638>] sctp_sendmsg+0x2499/0x3060
[ 18.688880]
[ 18.688880] stack backtrace:
[ 18.693342] CPU: 1 PID: 3473 Comm: syzkaller016367 Not tainted 4.15.0-rc6-mm1+ #51
[ 18.701016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 18.710333] Call Trace:
[ 18.712890] dump_stack+0x137/0x198
[ 18.716487] debug_check_no_locks_freed+0x32f/0x3c0
[ 18.721481] kmem_cache_free+0x68/0x2b0
[ 18.725423] __sk_destruct+0x3e4/0x590
[ 18.729277] sk_destruct+0x47/0x80
[ 18.732784] __sk_free+0xf1/0x2b0
[ 18.736202] sk_free+0x2a/0x40
[ 18.739362] sctp_association_put+0xd4/0x230
[ 18.743737] sctp_sendmsg+0x2719/0x3060
[ 18.747686] ? sctp_id2assoc+0x280/0x280
[ 18.751726] ? check_noncircular+0x20/0x20
[ 18.755926] ? find_held_lock+0x35/0x1e0
[ 18.759956] ? sock_has_perm+0x1ed/0x290
[ 18.763984] ? finish_wait+0x2a0/0x2a0
[ 18.767840] ? __might_fault+0x110/0x1d0
[ 18.771878] inet_sendmsg+0xe0/0x4b0
[ 18.775558] ? inet_sendmsg+0xe0/0x4b0
[ 18.779412] ? inet_recvmsg+0x520/0x520
[ 18.783360] sock_sendmsg+0xca/0x110
[ 18.787042] SYSC_sendto+0x2e0/0x360
[ 18.790726] ? SYSC_connect+0x310/0x310
[ 18.794670] ? sock_enable_timestamp+0xb0/0xb0
[ 18.799219] ? selinux_netlbl_socket_setsockopt+0x10e/0x320
[ 18.804894] ? selinux_netlbl_sock_rcv_skb+0x450/0x450
[ 18.810147] ? SyS_futex+0x1fd/0x2b0
[ 18.813827] ? do_futex+0x1830/0x1830
[ 18.817594] ? entry_SYSCALL_64_fastpath+0x5/0x9a
[ 18.822407] SyS_sendto+0x40/0x50
[ 18.825830] entry_SYSCALL_64_fastpath+0x23/0x9a
[ 18.830552] RIP: 0033:0x445db9
[ 18.833710] RSP: 002b:00007f2ba666dd98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[ 18.841383] RAX: ffffffffffffffda RBX: 00000000006dbc84 RCX: 0000000000445db9
[ 18.848620] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000005
[ 18.855857] RBP: 0000000000000000 R08: 00000000204d9000 R09: 000000000000001c
[ 18.863093] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc80
[ 18.870328] R13: 00000000209a9000 R14: 0100000000000000 R15: 0000000000000001
[ 18.877643] ==================================================================
[ 18.884984] BUG: KASAN: use-after-free in do_raw_spin_lock+0x1e0/0x220
[ 18.891614] Read of size 4 at addr ffff8801bf81108c by task syzkaller016367/3473
[ 18.899108]
[ 18.900707] CPU: 1 PID: 3473 Comm: syzkaller016367 Not tainted 4.15.0-rc6-mm1+ #51
[ 18.908378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 18.917699] Call Trace:
[ 18.920253] dump_stack+0x137/0x198
[ 18.923851] ? do_raw_spin_lock+0x1e0/0x220
[ 18.928144] print_address_description+0x73/0x250
[ 18.932956] ? do_raw_spin_lock+0x1e0/0x220
executing program
[ 18.937244] kasan_report+0x23b/0x360
[ 18.941020] __asan_report_load4_noabort+0x14/0x20
[ 18.945927] do_raw_spin_lock+0x1e0/0x220
[ 18.950049] _raw_spin_lock_bh+0x39/0x40
[ 18.954078] ? release_sock+0x20/0x1c0
[ 18.957947] release_sock+0x20/0x1c0
[ 18.961629] sctp_sendmsg+0x2721/0x3060
[ 18.965578] ? sctp_id2assoc+0x280/0x280
[ 18.969607] ? check_noncircular+0x20/0x20
[ 18.973809] ? find_held_lock+0x35/0x1e0
[ 18.977841] ? sock_has_perm+0x1ed/0x290
[ 18.981870] ? finish_wait+0x2a0/0x2a0
[ 18.985726] ? __might_fault+0x110/0x1d0
[ 18.989760] inet_sendmsg+0xe0/0x4b0
[ 18.993441] ? inet_sendmsg+0xe0/0x4b0
[ 18.997297] ? inet_recvmsg+0x520/0x520
[ 19.001237] sock_sendmsg+0xca/0x110
[ 19.004920] SYSC_sendto+0x2e0/0x360
[ 19.008615] ? SYSC_connect+0x310/0x310
[ 19.012557] ? sock_enable_timestamp+0xb0/0xb0
[ 19.017108] ? selinux_netlbl_socket_setsockopt+0x10e/0x320
[ 19.022787] ? selinux_netlbl_sock_rcv_skb+0x450/0x450
[ 19.028041] ? SyS_futex+0x1fd/0x2b0
[ 19.031723] ? do_futex+0x1830/0x1830
[ 19.035489] ? entry_SYSCALL_64_fastpath+0x5/0x9a
[ 19.040299] SyS_sendto+0x40/0x50
[ 19.043720] entry_SYSCALL_64_fastpath+0x23/0x9a
[ 19.048443] RIP: 0033:0x445db9
[ 19.051599] RSP: 002b:00007f2ba666dd98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[ 19.059271] RAX: ffffffffffffffda RBX: 00000000006dbc84 RCX: 0000000000445db9
[ 19.066507] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000005
[ 19.073746] RBP: 0000000000000000 R08: 00000000204d9000 R09: 000000000000001c
[ 19.080983] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc80
[ 19.088218] R13: 00000000209a9000 R14: 0100000000000000 R15: 0000000000000001
[ 19.095466]
[ 19.097063] Allocated by task 3474:
[ 19.100660] save_stack+0x43/0xd0
[ 19.104079] kasan_kmalloc+0xad/0xe0
[ 19.107758] kasan_slab_alloc+0x12/0x20
[ 19.111698] kmem_cache_alloc+0x12e/0x760
[ 19.115814] sk_prot_alloc+0x65/0x2a0
[ 19.119580] sk_alloc+0x37/0xd60
[ 19.122912] sctp_v6_create_accept_sk+0xf5/0x830
[ 19.127633] sctp_accept+0x3ab/0x620
[ 19.131311] inet_accept+0xef/0x7f0
[ 19.134904] SYSC_accept4+0x342/0x650
[ 19.138672] SyS_accept+0x26/0x30
[ 19.142092] entry_SYSCALL_64_fastpath+0x23/0x9a
[ 19.146810]
[ 19.148402] Freed by task 3473:
[ 19.151646] save_stack+0x43/0xd0
[ 19.155065] __kasan_slab_free+0x11a/0x170
[ 19.159264] kasan_slab_free+0xe/0x10
[ 19.163030] kmem_cache_free+0x86/0x2b0
[ 19.166968] __sk_destruct+0x3e4/0x590
[ 19.170819] sk_destruct+0x47/0x80
[ 19.174321] __sk_free+0xf1/0x2b0
[ 19.177737] sk_free+0x2a/0x40
[ 19.180895] sctp_association_put+0xd4/0x230
[ 19.185269] sctp_sendmsg+0x2719/0x3060
[ 19.189207] inet_sendmsg+0xe0/0x4b0
[ 19.192886] sock_sendmsg+0xca/0x110
[ 19.196563] SYSC_sendto+0x2e0/0x360
[ 19.200240] SyS_sendto+0x40/0x50
[ 19.203667] entry_SYSCALL_64_fastpath+0x23/0x9a
[ 19.208385]
[ 19.209979] The buggy address belongs to the object at ffff8801bf811000
[ 19.209979] which belongs to the cache SCTPv6 of size 1888
[ 19.222251] The buggy address is located 140 bytes inside of
[ 19.222251] 1888-byte region [ffff8801bf811000, ffff8801bf811760)
[ 19.234179] The buggy address belongs to the page:
[ 19.239075] page:ffffea0006fe0440 count:1 mapcount:0 mapping:ffff8801bf811000 index:0x0
[ 19.247181] flags: 0x2fffc0000000100(slab)
[ 19.251384] raw: 02fffc0000000100 ffff8801bf811000 0000000000000000 0000000100000002
[ 19.259232] raw: ffffea0006fe0a20 ffffea0006fe2e60 ffff8801d35d3200 0000000000000000
[ 19.267077] page dumped because: kasan: bad access detected
[ 19.272748]
[ 19.274343] Memory state around the buggy address:
[ 19.279238] ffff8801bf810f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 19.286564] ffff8801bf811000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 19.293889] >ffff8801bf811080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 19.301210] ^
[ 19.304802] ffff8801bf811100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 19.312126] ffff8801bf811180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 19.319453] ==================================================================
[ 19.326814] Kernel panic - not syncing: panic_on_warn set ...
[ 19.326814]
[ 19.334164] CPU: 1 PID: 3473 Comm: syzkaller016367 Tainted: G B 4.15.0-rc6-mm1+ #51
[ 19.343158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 19.352480] Call Trace:
[ 19.355042] dump_stack+0x137/0x198
[ 19.358661] ? do_raw_spin_lock+0x1d0/0x220
[ 19.362962] panic+0x1e4/0x41c
[ 19.366119] ? refcount_error_report+0x214/0x214
[ 19.370839] ? add_taint+0x1c/0x50
[ 19.374345] ? add_taint+0x1c/0x50
[ 19.377861] ? do_raw_spin_lock+0x1e0/0x220
[ 19.382155] kasan_end_report+0x50/0x50
[ 19.386095] kasan_report+0x148/0x360
[ 19.389862] __asan_report_load4_noabort+0x14/0x20
[ 19.394762] do_raw_spin_lock+0x1e0/0x220
[ 19.398878] _raw_spin_lock_bh+0x39/0x40
[ 19.402910] ? release_sock+0x20/0x1c0
[ 19.406764] release_sock+0x20/0x1c0
[ 19.410455] sctp_sendmsg+0x2721/0x3060
[ 19.414406] ? sctp_id2assoc+0x280/0x280
[ 19.418438] ? check_noncircular+0x20/0x20
[ 19.422641] ? find_held_lock+0x35/0x1e0
[ 19.426675] ? sock_has_perm+0x1ed/0x290
[ 19.430703] ? finish_wait+0x2a0/0x2a0
[ 19.434558] ? __might_fault+0x110/0x1d0
[ 19.438593] inet_sendmsg+0xe0/0x4b0
[ 19.442271] ? inet_sendmsg+0xe0/0x4b0
[ 19.446130] ? inet_recvmsg+0x520/0x520
[ 19.450072] sock_sendmsg+0xca/0x110
[ 19.453751] SYSC_sendto+0x2e0/0x360
[ 19.457431] ? SYSC_connect+0x310/0x310
[ 19.461371] ? sock_enable_timestamp+0xb0/0xb0
[ 19.465920] ? selinux_netlbl_socket_setsockopt+0x10e/0x320
[ 19.471596] ? selinux_netlbl_sock_rcv_skb+0x450/0x450
[ 19.476850] ? SyS_futex+0x1fd/0x2b0
[ 19.480533] ? do_futex+0x1830/0x1830
[ 19.484302] ? entry_SYSCALL_64_fastpath+0x5/0x9a
[ 19.489114] SyS_sendto+0x40/0x50
[ 19.492534] entry_SYSCALL_64_fastpath+0x23/0x9a
[ 19.497253] RIP: 0033:0x445db9
[ 19.500409] RSP: 002b:00007f2ba666dd98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[ 19.508082] RAX: ffffffffffffffda RBX: 00000000006dbc84 RCX: 0000000000445db9
[ 19.515318] RDX: 0000000000000001 RSI: 000000002010bf14 RDI: 0000000000000005
[ 19.522559] RBP: 0000000000000000 R08: 00000000204d9000 R09: 000000000000001c
[ 19.529795] R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dbc80
[ 19.537032] R13: 00000000209a9000 R14: 0100000000000000 R15: 0000000000000001
[ 19.544682] Dumping ftrace buffer:
[ 19.548189] (ftrace buffer empty)
[ 19.551865] Kernel Offset: disabled
[ 19.555465] Rebooting in 86400 seconds..