[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   24.188939] audit: type=1800 audit(1540511700.524:21): pid=5169 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[   24.216705] audit: type=1800 audit(1540511700.534:22): pid=5169 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   45.022566] ==================================================================
[   45.030174] BUG: KASAN: slab-out-of-bounds in sctp_getsockopt+0x7516/0x7cc2
[   45.037317] Read of size 8 at addr ffff8801d9569ee8 by task syz-executor786/5326
[   45.044835] 
[   45.046454] CPU: 0 PID: 5326 Comm: syz-executor786 Not tainted 4.19.0+ #155
[   45.053536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.062915] Call Trace:
[   45.065598]  dump_stack+0x244/0x39d
[   45.069337]  ? dump_stack_print_info.cold.1+0x20/0x20
[   45.074524]  ? printk+0xa7/0xcf
[   45.077795]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   45.082547]  print_address_description.cold.7+0x9/0x1ff
[   45.087903]  kasan_report.cold.8+0x242/0x309
[   45.092386]  ? sctp_getsockopt+0x7516/0x7cc2
[   45.096791]  __asan_report_load8_noabort+0x14/0x20
[   45.101717]  sctp_getsockopt+0x7516/0x7cc2
[   45.106013]  ? trace_hardirqs_off_caller+0x310/0x310
[   45.111122]  ? compat_start_thread+0x80/0x80
[   45.115561]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   45.121824]  ? kasan_check_write+0x14/0x20
[   45.126062]  ? finish_task_switch+0x2f4/0x910
[   45.130563]  ? __switch_to_asm+0x40/0x70
[   45.134626]  ? preempt_notifier_register+0x200/0x200
[   45.139714]  ? __switch_to_asm+0x34/0x70
[   45.143766]  ? __switch_to_asm+0x34/0x70
[   45.147833]  ? __switch_to_asm+0x40/0x70
[   45.151968]  ? __switch_to_asm+0x34/0x70
[   45.156045]  ? __switch_to_asm+0x40/0x70
[   45.160097]  ? __switch_to_asm+0x34/0x70
[   45.164161]  ? __switch_to_asm+0x40/0x70
[   45.168211]  ? __switch_to_asm+0x34/0x70
[   45.172293]  ? __switch_to_asm+0x34/0x70
[   45.176352]  ? __switch_to_asm+0x40/0x70
[   45.180415]  ? __switch_to_asm+0x34/0x70
[   45.184505]  ? __switch_to_asm+0x40/0x70
[   45.188560]  ? __switch_to_asm+0x34/0x70
[   45.192623]  ? __switch_to_asm+0x40/0x70
[   45.196680]  ? __schedule+0x8d7/0x21d0
[   45.200735]  ? __sched_text_start+0x8/0x8
[   45.204916]  ? zap_class+0x640/0x640
[   45.208726]  ? plist_check_list+0xa0/0xa0
[   45.212864]  ? lock_pin_lock+0x350/0x350
[   45.216930]  ? perf_trace_sched_process_exec+0x860/0x860
[   45.222369]  ? print_usage_bug+0xc0/0xc0
[   45.226422]  ? do_raw_spin_trylock+0x270/0x270
[   45.230994]  ? lock_acquire+0x1ed/0x520
[   45.234956]  ? __might_sleep+0x95/0x190
[   45.238914]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   45.244446]  ? futex_wait_queue_me+0x55d/0x840
[   45.249016]  ? __lock_acquire+0x62f/0x4c20
[   45.253267]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   45.258804]  ? get_futex_value_locked+0xcb/0xf0
[   45.263458]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   45.268466]  ? futex_wait_setup+0x266/0x3e0
[   45.272793]  ? mark_held_locks+0x130/0x130
[   45.277010]  ? futex_wake+0x760/0x760
[   45.280800]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   45.285981]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   45.291091]  ? futex_wait+0x5ec/0xa50
[   45.294935]  ? futex_wait_setup+0x3e0/0x3e0
[   45.299263]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   45.304512]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   45.309614]  ? futex_wake+0x304/0x760
[   45.313420]  ? _raw_spin_unlock_bh+0x30/0x40
[   45.317844]  ? zap_class+0x640/0x640
[   45.321589]  ? find_held_lock+0x36/0x1c0
[   45.325666]  ? __fget+0x4aa/0x740
[   45.329115]  ? lock_downgrade+0x900/0x900
[   45.333323]  ? check_preemption_disabled+0x48/0x280
[   45.338427]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   45.343421]  ? kasan_check_read+0x11/0x20
[   45.347575]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   45.352910]  ? rcu_softirq_qs+0x20/0x20
[   45.356886]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   45.362421]  ? aa_label_sk_perm+0x46d/0x8e0
[   45.366863]  ? aa_profile_af_perm+0x410/0x410
[   45.371350]  ? ksys_dup3+0x680/0x680
[   45.375066]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   45.380594]  ? security_socket_sendmsg+0x94/0xc0
[   45.385341]  ? fput+0x130/0x1a0
[   45.388609]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   45.393567]  ? aa_sk_perm+0x218/0x8b0
[   45.397514]  ? fget_raw+0x20/0x20
[   45.400958]  ? __do_page_fault+0x620/0xe60
[   45.405185]  ? aa_af_perm+0x5a0/0x5a0
[   45.408977]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   45.413975]  ? kasan_check_read+0x11/0x20
[   45.418126]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   45.423410]  sock_common_getsockopt+0x9a/0xe0
[   45.427901]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   45.434120]  ? sock_common_getsockopt+0x9a/0xe0
[   45.438783]  __sys_getsockopt+0x1ad/0x390
[   45.442920]  ? kernel_setsockopt+0x1d0/0x1d0
[   45.447320]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   45.451892]  ? trace_hardirqs_on+0xbd/0x310
[   45.456306]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.461668]  ? trace_hardirqs_off_caller+0x310/0x310
[   45.466773]  __x64_sys_getsockopt+0xbe/0x150
[   45.471171]  do_syscall_64+0x1b9/0x820
[   45.475053]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   45.480412]  ? syscall_return_slowpath+0x5e0/0x5e0
[   45.485376]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   45.490217]  ? trace_hardirqs_on_caller+0x310/0x310
[   45.495268]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   45.500276]  ? prepare_exit_to_usermode+0x291/0x3b0
[   45.505286]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   45.510123]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.515307] RIP: 0033:0x445789
[   45.518490] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   45.537479] RSP: 002b:00007faba2bd4db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   45.545179] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445789
[   45.552436] RDX: 0000000000000074 RSI: 0000000000000084 RDI: 0000000000000003
[   45.559800] RBP: 00000000006dac20 R08: 0000000020000040 R09: 0000000000000000
[   45.567271] R10: 0000000020000080 R11: 0000000000000246 R12: 00000000006dac2c
[   45.574570] R13: 00007fffb7a371ff R14: 00007faba2bd59c0 R15: 00000000006dad2c
[   45.581840] 
[   45.583459] Allocated by task 5327:
[   45.587076]  save_stack+0x43/0xd0
[   45.590514]  kasan_kmalloc+0xc7/0xe0
[   45.594279]  kmem_cache_alloc_trace+0x152/0x750
[   45.599003]  sctp_stream_init_ext+0x4f/0xf0
[   45.603369]  sctp_sendmsg_to_asoc+0x1308/0x1a20
[   45.608070]  sctp_sendmsg+0x13c2/0x1da0
[   45.612036]  inet_sendmsg+0x1a1/0x690
[   45.615828]  sock_sendmsg+0xd5/0x120
[   45.619688]  __sys_sendto+0x3d7/0x670
[   45.623484]  __x64_sys_sendto+0xe1/0x1a0
[   45.627625]  do_syscall_64+0x1b9/0x820
[   45.631501]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.636667] 
[   45.638280] Freed by task 3223:
[   45.641559]  save_stack+0x43/0xd0
[   45.645022]  __kasan_slab_free+0x102/0x150
[   45.649244]  kasan_slab_free+0xe/0x10
[   45.653044]  kfree+0xcf/0x230
[   45.656142]  kzfree+0x28/0x30
[   45.659235]  apparmor_file_free_security+0x133/0x1a0
[   45.664328]  security_file_free+0x4a/0x80
[   45.668466]  __fput+0x4e8/0xa30
[   45.671728]  ____fput+0x15/0x20
[   45.674993]  task_work_run+0x1e8/0x2a0
[   45.678943]  exit_to_usermode_loop+0x318/0x380
[   45.683521]  do_syscall_64+0x6be/0x820
[   45.687406]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   45.692577] 
[   45.694200] The buggy address belongs to the object at ffff8801d9569e80
[   45.694200]  which belongs to the cache kmalloc-96 of size 96
[   45.706771] The buggy address is located 8 bytes to the right of
[   45.706771]  96-byte region [ffff8801d9569e80, ffff8801d9569ee0)
[   45.718896] The buggy address belongs to the page:
[   45.723815] page:ffffea0007655a40 count:1 mapcount:0 mapping:ffff8801da8004c0 index:0xffff8801d9569200
[   45.733248] flags: 0x2fffc0000000100(slab)
[   45.737578] raw: 02fffc0000000100 ffffea0007656e08 ffffea0006f05d88 ffff8801da8004c0
[   45.745451] raw: ffff8801d9569200 ffff8801d9569000 000000010000001a 0000000000000000
[   45.753318] page dumped because: kasan: bad access detected
[   45.759011] 
[   45.760620] Memory state around the buggy address:
[   45.765538]  ffff8801d9569d80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   45.772887]  ffff8801d9569e00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   45.780309] >ffff8801d9569e80: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[   45.787659]                                                           ^
[   45.794402]  ffff8801d9569f00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   45.801745]  ffff8801d9569f80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   45.809081] ==================================================================
[   45.816485] Disabling lock debugging due to kernel taint
[   45.822254] Kernel panic - not syncing: panic_on_warn set ...
[   45.822254] 
[   45.829650] CPU: 0 PID: 5326 Comm: syz-executor786 Tainted: G    B             4.19.0+ #155
[   45.838174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   45.847516] Call Trace:
[   45.850101]  dump_stack+0x244/0x39d
[   45.853718]  ? dump_stack_print_info.cold.1+0x20/0x20
[   45.858939]  panic+0x238/0x4e7
[   45.862125]  ? add_taint.cold.5+0x16/0x16
[   45.866277]  ? preempt_schedule+0x4d/0x60
[   45.870409]  ? ___preempt_schedule+0x16/0x18
[   45.874809]  ? trace_hardirqs_on+0xb4/0x310
[   45.879228]  kasan_end_report+0x47/0x4f
[   45.883189]  kasan_report.cold.8+0x76/0x309
[   45.887498]  ? sctp_getsockopt+0x7516/0x7cc2
[   45.891994]  __asan_report_load8_noabort+0x14/0x20
[   45.896912]  sctp_getsockopt+0x7516/0x7cc2
[   45.901141]  ? trace_hardirqs_off_caller+0x310/0x310
[   45.906234]  ? compat_start_thread+0x80/0x80
[   45.910626]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   45.916840]  ? kasan_check_write+0x14/0x20
[   45.921067]  ? finish_task_switch+0x2f4/0x910
[   45.925552]  ? __switch_to_asm+0x40/0x70
[   45.929595]  ? preempt_notifier_register+0x200/0x200
[   45.934680]  ? __switch_to_asm+0x34/0x70
[   45.938721]  ? __switch_to_asm+0x34/0x70
[   45.942766]  ? __switch_to_asm+0x40/0x70
[   45.946874]  ? __switch_to_asm+0x34/0x70
[   45.950924]  ? __switch_to_asm+0x40/0x70
[   45.954968]  ? __switch_to_asm+0x34/0x70
[   45.959012]  ? __switch_to_asm+0x40/0x70
[   45.963059]  ? __switch_to_asm+0x34/0x70
[   45.967113]  ? __switch_to_asm+0x34/0x70
[   45.971167]  ? __switch_to_asm+0x40/0x70
[   45.975216]  ? __switch_to_asm+0x34/0x70
[   45.979278]  ? __switch_to_asm+0x40/0x70
[   45.983324]  ? __switch_to_asm+0x34/0x70
[   45.987368]  ? __switch_to_asm+0x40/0x70
[   45.991414]  ? __schedule+0x8d7/0x21d0
[   45.995286]  ? __sched_text_start+0x8/0x8
[   45.999491]  ? zap_class+0x640/0x640
[   46.003196]  ? plist_check_list+0xa0/0xa0
[   46.007326]  ? lock_pin_lock+0x350/0x350
[   46.011454]  ? perf_trace_sched_process_exec+0x860/0x860
[   46.016919]  ? print_usage_bug+0xc0/0xc0
[   46.021003]  ? do_raw_spin_trylock+0x270/0x270
[   46.025579]  ? lock_acquire+0x1ed/0x520
[   46.029539]  ? __might_sleep+0x95/0x190
[   46.033543]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   46.039071]  ? futex_wait_queue_me+0x55d/0x840
[   46.043704]  ? __lock_acquire+0x62f/0x4c20
[   46.047973]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   46.053504]  ? get_futex_value_locked+0xcb/0xf0
[   46.058159]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   46.063162]  ? futex_wait_setup+0x266/0x3e0
[   46.067466]  ? mark_held_locks+0x130/0x130
[   46.071687]  ? futex_wake+0x760/0x760
[   46.075472]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   46.080644]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   46.085796]  ? futex_wait+0x5ec/0xa50
[   46.089590]  ? futex_wait_setup+0x3e0/0x3e0
[   46.093896]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   46.099072]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   46.104163]  ? futex_wake+0x304/0x760
[   46.107957]  ? _raw_spin_unlock_bh+0x30/0x40
[   46.112359]  ? zap_class+0x640/0x640
[   46.116181]  ? find_held_lock+0x36/0x1c0
[   46.120278]  ? __fget+0x4aa/0x740
[   46.123721]  ? lock_downgrade+0x900/0x900
[   46.127852]  ? check_preemption_disabled+0x48/0x280
[   46.132855]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   46.137776]  ? kasan_check_read+0x11/0x20
[   46.141927]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   46.147334]  ? rcu_softirq_qs+0x20/0x20
[   46.151306]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   46.156833]  ? aa_label_sk_perm+0x46d/0x8e0
[   46.161146]  ? aa_profile_af_perm+0x410/0x410
[   46.165629]  ? ksys_dup3+0x680/0x680
[   46.169335]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   46.174901]  ? security_socket_sendmsg+0x94/0xc0
[   46.179730]  ? fput+0x130/0x1a0
[   46.183001]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   46.187946]  ? aa_sk_perm+0x218/0x8b0
[   46.191752]  ? fget_raw+0x20/0x20
[   46.195235]  ? __do_page_fault+0x620/0xe60
[   46.199470]  ? aa_af_perm+0x5a0/0x5a0
[   46.203269]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   46.208194]  ? kasan_check_read+0x11/0x20
[   46.212331]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   46.217611]  sock_common_getsockopt+0x9a/0xe0
[   46.222100]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   46.228316]  ? sock_common_getsockopt+0x9a/0xe0
[   46.232971]  __sys_getsockopt+0x1ad/0x390
[   46.237109]  ? kernel_setsockopt+0x1d0/0x1d0
[   46.241517]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   46.246094]  ? trace_hardirqs_on+0xbd/0x310
[   46.250406]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   46.255874]  ? trace_hardirqs_off_caller+0x310/0x310
[   46.261029]  __x64_sys_getsockopt+0xbe/0x150
[   46.265429]  do_syscall_64+0x1b9/0x820
[   46.269300]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   46.274649]  ? syscall_return_slowpath+0x5e0/0x5e0
[   46.279802]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   46.284745]  ? trace_hardirqs_on_caller+0x310/0x310
[   46.289745]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   46.294847]  ? prepare_exit_to_usermode+0x291/0x3b0
[   46.299858]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   46.304814]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   46.310057] RIP: 0033:0x445789
[   46.313256] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   46.332265] RSP: 002b:00007faba2bd4db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   46.339956] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445789
[   46.347262] RDX: 0000000000000074 RSI: 0000000000000084 RDI: 0000000000000003
[   46.354524] RBP: 00000000006dac20 R08: 0000000020000040 R09: 0000000000000000
[   46.361780] R10: 0000000020000080 R11: 0000000000000246 R12: 00000000006dac2c
[   46.369039] R13: 00007fffb7a371ff R14: 00007faba2bd59c0 R15: 00000000006dad2c
[   46.377279] Kernel Offset: disabled
[   46.380903] Rebooting in 86400 seconds..