[info] Using makefile-style concurrent boot in runlevel 2. [ 27.593713] audit: type=1800 audit(1542459802.806:21): pid=5888 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts. 2018/11/17 13:04:41 parsed 1 programs 2018/11/17 13:04:43 executed programs: 0 syzkaller login: [ 108.369154] IPVS: ftp: loaded support on port[0] = 21 [ 108.369215] IPVS: ftp: loaded support on port[0] = 21 [ 108.378844] IPVS: ftp: loaded support on port[0] = 21 [ 108.389813] IPVS: ftp: loaded support on port[0] = 21 [ 108.408138] IPVS: ftp: loaded support on port[0] = 21 [ 108.433608] IPVS: ftp: loaded support on port[0] = 21 [ 109.728456] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.745512] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.759907] device bridge_slave_0 entered promiscuous mode [ 109.774595] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.780994] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.788567] device bridge_slave_0 entered promiscuous mode [ 109.797961] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.805219] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.812708] device bridge_slave_0 entered promiscuous mode [ 109.822497] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.829462] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.837228] device bridge_slave_0 entered promiscuous mode [ 109.860858] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.883633] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.892258] device bridge_slave_1 entered promiscuous mode [ 109.901103] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.912023] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.919707] device bridge_slave_1 entered promiscuous mode [ 109.928979] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.935721] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.943086] device bridge_slave_0 entered promiscuous mode [ 109.952579] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.959230] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.967099] device bridge_slave_0 entered promiscuous mode [ 109.975997] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.982366] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.990490] device bridge_slave_1 entered promiscuous mode [ 109.999627] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.006476] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.015139] device bridge_slave_1 entered promiscuous mode [ 110.023847] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 110.036366] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 110.051939] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.060308] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.067900] device bridge_slave_1 entered promiscuous mode [ 110.076502] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 110.090761] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.101229] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.114564] device bridge_slave_1 entered promiscuous mode [ 110.123030] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 110.132157] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 110.143010] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 110.157821] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 110.184440] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 110.192011] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 110.231946] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 110.253762] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 110.273119] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 110.376588] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 110.419675] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 110.456985] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 110.469952] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 110.490542] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 110.504151] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 110.517162] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 110.529571] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 110.545471] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 110.555409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 110.574986] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 110.584733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 110.605959] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 110.624231] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 110.659853] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 110.688988] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 110.724727] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 110.735351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 110.882247] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 110.894298] team0: Port device team_slave_0 added [ 110.959265] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 110.971778] team0: Port device team_slave_0 added [ 110.978539] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 110.992103] team0: Port device team_slave_0 added [ 110.998265] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 111.013137] team0: Port device team_slave_0 added [ 111.021986] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 111.031797] team0: Port device team_slave_1 added [ 111.062327] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 111.083268] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 111.098021] team0: Port device team_slave_1 added [ 111.109880] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 111.117680] team0: Port device team_slave_1 added [ 111.123737] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 111.131080] team0: Port device team_slave_1 added [ 111.140522] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 111.154190] team0: Port device team_slave_0 added [ 111.164775] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 111.172081] team0: Port device team_slave_0 added [ 111.199295] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 111.219165] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 111.234216] team0: Port device team_slave_1 added [ 111.241517] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 111.258335] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 111.267841] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 111.276865] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 111.285946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 111.309413] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 111.317547] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 111.328447] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 111.336861] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 111.344884] team0: Port device team_slave_1 added [ 111.352662] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 111.360247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 111.372360] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 111.382590] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 111.391031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 111.401134] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 111.408365] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 111.418735] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 111.430814] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 111.444374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 111.455551] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 111.464037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.472058] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.480413] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 111.488274] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 111.496084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 111.504011] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 111.514004] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 111.521068] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 111.534791] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 111.543665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 111.556252] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 111.564944] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 111.579529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 111.587488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 111.595360] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 111.607522] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 111.615822] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 111.623269] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 111.636075] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 111.645449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 111.659882] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 111.676774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 111.685388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.693851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.703417] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 111.711413] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 111.722953] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 111.745427] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.755295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.764128] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 111.772062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 111.780601] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.788560] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.797090] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 111.808975] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 111.829673] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.842565] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.870974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.882299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 112.405678] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.412237] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.419254] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.425659] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.442814] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 112.529418] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.535811] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.542476] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.548947] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.557903] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 112.565714] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.572069] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.578779] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.585263] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.593747] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 112.611908] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.618314] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.625058] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.631461] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.657602] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 112.666593] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.672961] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.679642] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.686101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.694994] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 112.795608] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.802004] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.808726] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.815135] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.826376] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 113.334209] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 113.341646] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 113.361919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 113.378079] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 113.386183] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 113.394142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 115.227721] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.311381] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.367696] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.382921] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.542536] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 115.569545] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.579039] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 115.592477] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 115.672999] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 115.779128] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 115.785845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 115.798460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 115.809555] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.838843] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 115.849334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 115.858115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 115.906918] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 115.913127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 115.920841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 115.930983] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 115.949810] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 115.961044] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 115.972494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 116.054127] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.124093] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 116.145459] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.182504] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.213052] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 116.236183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 116.246809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 116.291237] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.424116] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 116.430490] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 116.438141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 116.537067] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.661542] 8021q: adding VLAN 0 to HW filter on device team0 2018/11/17 13:04:53 executed programs: 6 2018/11/17 13:04:59 executed programs: 42 2018/11/17 13:05:04 executed programs: 78 2018/11/17 13:05:10 executed programs: 114 2018/11/17 13:05:15 executed programs: 150 [ 144.025297] ================================================================== [ 144.032766] BUG: KASAN: use-after-free in sctp_epaddr_lookup_transport+0xacb/0xb20 [ 144.040483] Read of size 8 at addr ffff8881d25e2bf0 by task syz-executor5/8936 [ 144.047836] [ 144.049461] CPU: 0 PID: 8936 Comm: syz-executor5 Not tainted 4.20.0-rc2+ #117 [ 144.056734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 144.066109] Call Trace: [ 144.068716] dump_stack+0x244/0x39d [ 144.072350] ? dump_stack_print_info.cold.1+0x20/0x20 [ 144.077535] ? printk+0xa7/0xcf [ 144.080822] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 144.085585] ? call_rcu+0xb/0x10 [ 144.088971] print_address_description.cold.7+0x9/0x1ff [ 144.094343] kasan_report.cold.8+0x242/0x309 [ 144.098793] ? sctp_epaddr_lookup_transport+0xacb/0xb20 [ 144.104172] __asan_report_load8_noabort+0x14/0x20 [ 144.109122] sctp_epaddr_lookup_transport+0xacb/0xb20 [ 144.114328] ? sctp_v4_err+0xb60/0xb60 [ 144.118245] ? zap_class+0x640/0x640 [ 144.121983] ? lock_acquire+0x1ed/0x520 [ 144.125967] ? sctp_endpoint_lookup_assoc+0x86/0x290 [ 144.131068] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 144.136643] ? check_preemption_disabled+0x48/0x280 [ 144.141716] ? kasan_check_read+0x11/0x20 [ 144.145853] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 144.151116] ? rcu_softirq_qs+0x20/0x20 [ 144.155091] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 144.160328] sctp_endpoint_lookup_assoc+0xe0/0x290 [ 144.165293] sctp_addr_id2transport+0x1f8/0x370 [ 144.170008] ? sctp_getsockopt_sctp_status+0xad0/0xad0 [ 144.175319] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 144.180867] ? sctp_v4_is_any+0x43/0x60 [ 144.184852] sctp_getsockopt_peer_addr_params+0x17c/0x1260 [ 144.190483] ? sctp_setsockopt_primary_addr+0x290/0x290 [ 144.195863] ? __local_bh_enable_ip+0x160/0x260 [ 144.200542] sctp_getsockopt+0x44f9/0x7d32 [ 144.204794] ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0 [ 144.211113] ? print_usage_bug+0xc0/0xc0 [ 144.215217] ? __lock_acquire+0x62f/0x4c20 [ 144.219476] ? mark_held_locks+0x130/0x130 [ 144.223735] ? print_usage_bug+0xc0/0xc0 [ 144.227809] ? print_usage_bug+0xc0/0xc0 [ 144.231881] ? zap_class+0x640/0x640 [ 144.235594] ? __lock_acquire+0x62f/0x4c20 [ 144.239844] ? find_held_lock+0x36/0x1c0 [ 144.244160] ? __fget+0x4aa/0x740 [ 144.244180] ? lock_downgrade+0x900/0x900 [ 144.244196] ? check_preemption_disabled+0x48/0x280 [ 144.244221] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 144.244236] ? kasan_check_read+0x11/0x20 [ 144.261917] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 144.261942] ? rcu_softirq_qs+0x20/0x20 [ 144.261968] ? __fget+0x4d1/0x740 [ 144.261989] ? ksys_dup3+0x680/0x680 [ 144.262021] ? find_held_lock+0x36/0x1c0 [ 144.262044] ? __fget_light+0x2e9/0x430 [ 144.290585] ? fget_raw+0x20/0x20 [ 144.294086] ? lock_release+0xa00/0xa00 [ 144.298077] ? perf_trace_sched_process_exec+0x860/0x860 [ 144.303592] ? posix_ktime_get_ts+0x15/0x20 [ 144.307945] ? trace_hardirqs_off_caller+0x310/0x310 [ 144.313087] sock_common_getsockopt+0x9a/0xe0 [ 144.317600] ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0 [ 144.323842] ? sock_common_getsockopt+0x9a/0xe0 [ 144.328510] __sys_getsockopt+0x1ad/0x390 [ 144.332652] ? kernel_setsockopt+0x1d0/0x1d0 [ 144.337065] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 144.341660] ? trace_hardirqs_on+0xbd/0x310 [ 144.346054] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 144.351411] ? trace_hardirqs_off_caller+0x310/0x310 [ 144.356537] __x64_sys_getsockopt+0xbe/0x150 [ 144.360973] do_syscall_64+0x1b9/0x820 [ 144.364859] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 144.370225] ? syscall_return_slowpath+0x5e0/0x5e0 [ 144.375209] ? trace_hardirqs_on_caller+0x310/0x310 [ 144.380240] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 144.385312] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 144.391997] ? __switch_to_asm+0x40/0x70 [ 144.396054] ? __switch_to_asm+0x34/0x70 [ 144.400148] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 144.405012] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 144.405024] RIP: 0033:0x457569 [ 144.405039] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 144.405051] RSP: 002b:00007fac2f229c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 144.413415] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457569 [ 144.413425] RDX: 0000000000000009 RSI: 0000000000000084 RDI: 0000000000000006 [ 144.413433] RBP: 000000000072c180 R08: 000000002044fffc R09: 0000000000000000 [ 144.413441] R10: 0000000020a68000 R11: 0000000000000246 R12: 00007fac2f22a6d4 [ 144.413450] R13: 00000000004c8318 R14: 00000000004ce200 R15: 00000000ffffffff [ 144.413470] [ 144.413477] Allocated by task 8900: [ 144.413509] save_stack+0x43/0xd0 [ 144.413527] kasan_kmalloc+0xc7/0xe0 [ 144.488926] kmem_cache_alloc_trace+0x152/0x750 [ 144.493607] sctp_association_new+0x14e/0x2290 [ 144.498175] sctp_sendmsg_new_asoc+0x39c/0x11f0 [ 144.502827] sctp_sendmsg+0x18a5/0x1da0 [ 144.506786] inet_sendmsg+0x1a1/0x690 [ 144.510570] sock_sendmsg+0xd5/0x120 [ 144.514267] __sys_sendto+0x3d7/0x670 [ 144.518061] __x64_sys_sendto+0xe1/0x1a0 [ 144.522221] do_syscall_64+0x1b9/0x820 [ 144.526111] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 144.531294] [ 144.532909] Freed by task 8936: [ 144.536196] save_stack+0x43/0xd0 [ 144.539641] __kasan_slab_free+0x102/0x150 [ 144.543870] kasan_slab_free+0xe/0x10 [ 144.547671] kfree+0xcf/0x230 [ 144.550763] sctp_association_put+0x264/0x350 [ 144.555253] sctp_transport_put+0x186/0x1f0 [ 144.559579] sctp_hash_cmp+0x1ef/0x260 [ 144.563478] sctp_epaddr_lookup_transport+0x4fe/0xb20 [ 144.568674] sctp_endpoint_lookup_assoc+0xe0/0x290 [ 144.573609] sctp_addr_id2transport+0x1f8/0x370 [ 144.578307] sctp_getsockopt_peer_addr_params+0x17c/0x1260 [ 144.583951] sctp_getsockopt+0x44f9/0x7d32 [ 144.588211] sock_common_getsockopt+0x9a/0xe0 [ 144.592725] __sys_getsockopt+0x1ad/0x390 [ 144.596867] __x64_sys_getsockopt+0xbe/0x150 [ 144.601285] do_syscall_64+0x1b9/0x820 [ 144.605185] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 144.610392] [ 144.610405] The buggy address belongs to the object at ffff8881d25e2b40 [ 144.610405] which belongs to the cache kmalloc-4k of size 4096 [ 144.610418] The buggy address is located 176 bytes inside of [ 144.610418] 4096-byte region [ffff8881d25e2b40, ffff8881d25e3b40) [ 144.610423] The buggy address belongs to the page: [ 144.610441] page:ffffea0007497880 count:1 mapcount:0 mapping:ffff8881da800dc0 index:0x0 compound_mapcount: 0 [ 144.610458] flags: 0x2fffc0000010200(slab|head) [ 144.610477] raw: 02fffc0000010200 ffffea00074ac508 ffffea0007497908 ffff8881da800dc0 [ 144.612405] kobject: 'loop4' (00000000cd5e5170): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 144.624774] raw: 0000000000000000 ffff8881d25e2b40 0000000100000001 0000000000000000 [ 144.624780] page dumped because: kasan: bad access detected [ 144.624784] [ 144.624788] Memory state around the buggy address: [ 144.624800] ffff8881d25e2a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 144.624811] ffff8881d25e2b00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 144.624822] >ffff8881d25e2b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 144.624828] ^ [ 144.624838] ffff8881d25e2c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 144.624848] ffff8881d25e2c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 144.624853] ================================================================== [ 144.624858] Disabling lock debugging due to kernel taint [ 144.634770] Kernel panic - not syncing: panic_on_warn set ... [ 144.719091] kobject: 'loop2' (000000005b551f24): kobject_uevent_env [ 144.723576] CPU: 0 PID: 8936 Comm: syz-executor5 Tainted: G B 4.20.0-rc2+ #117 [ 144.723585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 144.723590] Call Trace: [ 144.723611] dump_stack+0x244/0x39d [ 144.723628] ? dump_stack_print_info.cold.1+0x20/0x20 [ 144.723648] panic+0x2ad/0x55c [ 144.731102] kobject: 'loop2' (000000005b551f24): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 144.738347] ? add_taint.cold.5+0x16/0x16 [ 144.738364] ? preempt_schedule+0x4d/0x60 [ 144.738379] ? ___preempt_schedule+0x16/0x18 [ 144.738393] ? trace_hardirqs_on+0xb4/0x310 [ 144.738410] kasan_end_report+0x47/0x4f [ 144.738443] kasan_report.cold.8+0x76/0x309 [ 144.830783] ? sctp_epaddr_lookup_transport+0xacb/0xb20 [ 144.836150] __asan_report_load8_noabort+0x14/0x20 [ 144.841075] sctp_epaddr_lookup_transport+0xacb/0xb20 [ 144.846270] ? sctp_v4_err+0xb60/0xb60 [ 144.850163] ? zap_class+0x640/0x640 [ 144.853865] ? lock_acquire+0x1ed/0x520 [ 144.857829] ? sctp_endpoint_lookup_assoc+0x86/0x290 [ 144.862921] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 144.868457] ? check_preemption_disabled+0x48/0x280 [ 144.873475] ? kasan_check_read+0x11/0x20 [ 144.877607] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 144.882863] ? rcu_softirq_qs+0x20/0x20 [ 144.886830] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 144.892019] sctp_endpoint_lookup_assoc+0xe0/0x290 [ 144.896959] sctp_addr_id2transport+0x1f8/0x370 [ 144.901745] ? sctp_getsockopt_sctp_status+0xad0/0xad0 [ 144.907039] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 144.912557] ? sctp_v4_is_any+0x43/0x60 [ 144.916546] sctp_getsockopt_peer_addr_params+0x17c/0x1260 [ 144.922171] ? sctp_setsockopt_primary_addr+0x290/0x290 [ 144.927542] ? __local_bh_enable_ip+0x160/0x260 [ 144.932195] sctp_getsockopt+0x44f9/0x7d32 [ 144.936437] ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0 [ 144.942685] ? print_usage_bug+0xc0/0xc0 [ 144.946749] ? __lock_acquire+0x62f/0x4c20 [ 144.951000] ? mark_held_locks+0x130/0x130 [ 144.955241] ? print_usage_bug+0xc0/0xc0 [ 144.959287] ? print_usage_bug+0xc0/0xc0 [ 144.963346] ? zap_class+0x640/0x640 [ 144.967057] ? __lock_acquire+0x62f/0x4c20 [ 144.971275] ? find_held_lock+0x36/0x1c0 [ 144.975322] ? __fget+0x4aa/0x740 [ 144.978766] ? lock_downgrade+0x900/0x900 [ 144.982912] ? check_preemption_disabled+0x48/0x280 [ 144.987939] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 144.992856] ? kasan_check_read+0x11/0x20 [ 144.996989] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 145.002250] ? rcu_softirq_qs+0x20/0x20 [ 145.006217] ? __fget+0x4d1/0x740 [ 145.009657] ? ksys_dup3+0x680/0x680 [ 145.013372] ? find_held_lock+0x36/0x1c0 [ 145.017430] ? __fget_light+0x2e9/0x430 [ 145.021389] ? fget_raw+0x20/0x20 [ 145.024861] ? lock_release+0xa00/0xa00 [ 145.028835] ? perf_trace_sched_process_exec+0x860/0x860 [ 145.034267] ? posix_ktime_get_ts+0x15/0x20 [ 145.038573] ? trace_hardirqs_off_caller+0x310/0x310 [ 145.043671] sock_common_getsockopt+0x9a/0xe0 [ 145.048167] ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0 [ 145.054385] ? sock_common_getsockopt+0x9a/0xe0 [ 145.059053] __sys_getsockopt+0x1ad/0x390 [ 145.063223] ? kernel_setsockopt+0x1d0/0x1d0 [ 145.067651] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 145.072249] ? trace_hardirqs_on+0xbd/0x310 [ 145.076612] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 145.081978] ? trace_hardirqs_off_caller+0x310/0x310 [ 145.087085] __x64_sys_getsockopt+0xbe/0x150 [ 145.091506] do_syscall_64+0x1b9/0x820 [ 145.095377] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 145.100733] ? syscall_return_slowpath+0x5e0/0x5e0 [ 145.105674] ? trace_hardirqs_on_caller+0x310/0x310 [ 145.110688] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 145.115731] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 145.122412] ? __switch_to_asm+0x40/0x70 [ 145.126456] ? __switch_to_asm+0x34/0x70 [ 145.130506] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 145.135332] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 145.140514] RIP: 0033:0x457569 [ 145.143691] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 145.157855] kobject: 'loop1' (00000000393d195e): kobject_uevent_env [ 145.162579] RSP: 002b:00007fac2f229c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 145.162593] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457569 [ 145.162601] RDX: 0000000000000009 RSI: 0000000000000084 RDI: 0000000000000006 [ 145.162610] RBP: 000000000072c180 R08: 000000002044fffc R09: 0000000000000000 [ 145.162618] R10: 0000000020a68000 R11: 0000000000000246 R12: 00007fac2f22a6d4 [ 145.162647] R13: 00000000004c8318 R14: 00000000004ce200 R15: 00000000ffffffff [ 145.174503] kobject: 'loop1' (00000000393d195e): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 145.177730] Kernel Offset: disabled [ 145.227031] Rebooting in 86400 seconds..