[   42.323440]  do_idle+0x24e/0x3b0
[   42.326770]  cpu_startup_entry+0x18/0x20
[   42.330794]  rest_init+0xed/0xf0
[   42.334128]  start_kernel+0x72e/0x754
[   42.337890]  ? mem_encrypt_init+0xb/0xb
[   42.341825]  ? x86_family+0x32/0x40
[   42.345415]  ? load_ucode_bsp+0x1ea/0x1f6
[   42.349524]  x86_64_start_reservations+0x2a/0x2c
[   42.354243]  x86_64_start_kernel+0x77/0x7a
[   42.358442]  secondary_startup_64+0xa5/0xa5
Warning: Permanently added 'ci-upstream-net-kasan-gce-9,10.128.15.224' (ECDSA) to the list of known hosts.
executing program
[   54.391129] device lo entered promiscuous mode
executing program
[   54.480087] ==================================================================
[   54.487467] BUG: KASAN: use-after-free in sctp_association_free+0x7b7/0x930
[   54.494534] Read of size 8 at addr ffff8801d1a382a0 by task syzkaller520355/3005
[   54.502028] 
[   54.503626] CPU: 0 PID: 3005 Comm: syzkaller520355 Not tainted 4.14.0-rc5+ #101
[   54.511034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.520352] Call Trace:
[   54.522907]  dump_stack+0x194/0x257
[   54.526499]  ? arch_local_irq_restore+0x53/0x53
[   54.531135]  ? show_regs_print_info+0x65/0x65
[   54.535600]  ? sctp_association_free+0x7b7/0x930
[   54.540321]  print_address_description+0x73/0x250
[   54.545128]  ? sctp_association_free+0x7b7/0x930
[   54.549849]  kasan_report+0x25b/0x340
[   54.553615]  __asan_report_load8_noabort+0x14/0x20
[   54.558506]  sctp_association_free+0x7b7/0x930
[   54.563059]  ? sctp_asconf_queue_teardown+0x700/0x700
[   54.568215]  ? sctp_init_sock+0x1350/0x1350
[   54.572511]  ? sctp_sched_fcfs_dequeue+0x290/0x290
[   54.577406]  ? finish_wait+0x490/0x490
[   54.581265]  sctp_sendmsg+0x1845/0x32b0
[   54.585210]  ? sctp_id2assoc+0x390/0x390
[   54.589244]  ? iterate_fd+0x3f0/0x3f0
[   54.593015]  ? __pmd_alloc+0x4e0/0x4e0
[   54.596873]  ? lock_acquire+0x1d5/0x580
[   54.600809]  ? lock_acquire+0x1d5/0x580
[   54.604747]  ? __might_fault+0x110/0x1d0
[   54.608780]  ? selinux_tun_dev_create+0xc0/0xc0
[   54.613416]  ? __check_object_size+0x25d/0x4f0
[   54.617966]  inet_sendmsg+0x11f/0x5e0
[   54.621732]  ? inet_sendmsg+0x11f/0x5e0
[   54.625691]  ? __might_sleep+0x95/0x190
[   54.629631]  ? inet_recvmsg+0x5f0/0x5f0
[   54.633569]  ? selinux_socket_sendmsg+0x36/0x40
[   54.638204]  ? security_socket_sendmsg+0x89/0xb0
[   54.642922]  ? inet_recvmsg+0x5f0/0x5f0
[   54.646861]  sock_sendmsg+0xca/0x110
[   54.650539]  SYSC_sendto+0x352/0x5a0
[   54.654222]  ? SYSC_connect+0x470/0x470
[   54.658165]  ? mm_fault_error+0x2c0/0x2c0
[   54.662278]  ? do_raw_spin_trylock+0x190/0x190
[   54.666823]  ? lock_release+0xa40/0xa40
[   54.670763]  ? __do_page_fault+0xd60/0xd60
[   54.674968]  ? syscall_return_slowpath+0x2b3/0x510
[   54.679861]  ? finish_task_switch+0x1aa/0x740
[   54.684320]  ? prepare_exit_to_usermode+0x2d0/0x2d0
[   54.689299]  ? prepare_exit_to_usermode+0x1a0/0x2d0
[   54.694277]  ? perf_trace_sys_enter+0xcb0/0xcb0
[   54.698913]  SyS_sendto+0x40/0x50
[   54.702336]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   54.707054] RIP: 0033:0x446f79
[   54.710214] RSP: 002b:00007fb847e3fdb8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   54.717888] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000446f79
[   54.725132] RDX: 0000000000000002 RSI: 0000000020925000 RDI: 0000000000000003
[   54.732367] RBP: 0000000000000000 R08: 00000000209e1000 R09: 000000000000001c
[   54.739601] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000
[   54.746835] R13: 00000000007efd1f R14: 00007fb847e409c0 R15: 0000000000000000
[   54.754080] 
[   54.755675] Allocated by task 3005:
[   54.759270]  save_stack_trace+0x16/0x20
[   54.763207]  save_stack+0x43/0xd0
[   54.766622]  kasan_kmalloc+0xad/0xe0
[   54.770299]  kmem_cache_alloc_trace+0x136/0x750
[   54.774932]  sctp_association_new+0x116/0x21a0
[   54.779479]  sctp_sendmsg+0x1c89/0x32b0
[   54.783418]  inet_sendmsg+0x11f/0x5e0
[   54.787181]  sock_sendmsg+0xca/0x110
[   54.790860]  SYSC_sendto+0x352/0x5a0
[   54.794538]  SyS_sendto+0x40/0x50
[   54.797955]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   54.802670] 
[   54.804260] Freed by task 3005:
[   54.807502]  save_stack_trace+0x16/0x20
[   54.811441]  save_stack+0x43/0xd0
[   54.814856]  kasan_slab_free+0x71/0xc0
[   54.818705]  kfree+0xca/0x250
[   54.821774]  sctp_association_put+0x21c/0x2f0
[   54.826232]  sctp_wait_for_sndbuf+0x5e3/0x7c0
[   54.830694]  sctp_sendmsg+0x2906/0x32b0
[   54.834631]  inet_sendmsg+0x11f/0x5e0
[   54.838394]  sock_sendmsg+0xca/0x110
[   54.842070]  SYSC_sendto+0x352/0x5a0
[   54.845747]  SyS_sendto+0x40/0x50
[   54.849163]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   54.853878] 
[   54.855472] The buggy address belongs to the object at ffff8801d1a38280
[   54.855472]  which belongs to the cache kmalloc-4096 of size 4096
[   54.868265] The buggy address is located 32 bytes inside of
[   54.868265]  4096-byte region [ffff8801d1a38280, ffff8801d1a39280)
[   54.880102] The buggy address belongs to the page:
[   54.884997] page:ffffea0007468e00 count:1 mapcount:0 mapping:ffff8801d1a38280 index:0x0 compound_mapcount: 0
[   54.894927] flags: 0x200000000008100(slab|head)
[   54.899561] raw: 0200000000008100 ffff8801d1a38280 0000000000000000 0000000100000001
[   54.907407] raw: ffffea0007468fa0 ffffea0007468ca0 ffff8801dac00dc0 0000000000000000
[   54.915249] page dumped because: kasan: bad access detected
[   54.920919] 
[   54.922509] Memory state around the buggy address:
[   54.927402]  ffff8801d1a38180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.934725]  ffff8801d1a38200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.942049] >ffff8801d1a38280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   54.949368]                                ^
[   54.953737]  ffff8801d1a38300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   54.961061]  ffff8801d1a38380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   54.968380] ==================================================================
[   54.975779] Kernel panic - not syncing: panic_on_warn set ...
[   54.975779] 
[   54.983108] CPU: 0 PID: 3005 Comm: syzkaller520355 Tainted: G    B           4.14.0-rc5+ #101
[   54.991732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.001051] Call Trace:
[   55.003603]  dump_stack+0x194/0x257
[   55.007194]  ? arch_local_irq_restore+0x53/0x53
[   55.011830]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   55.016553]  ? sctp_association_free+0x760/0x930
[   55.021273]  panic+0x1e4/0x417
[   55.024428]  ? __warn+0x1d9/0x1d9
[   55.027852]  ? sctp_association_free+0x7b7/0x930
[   55.032573]  kasan_end_report+0x50/0x50
[   55.036511]  kasan_report+0x144/0x340
[   55.040277]  __asan_report_load8_noabort+0x14/0x20
[   55.045169]  sctp_association_free+0x7b7/0x930
[   55.049717]  ? sctp_asconf_queue_teardown+0x700/0x700
[   55.054871]  ? sctp_init_sock+0x1350/0x1350
[   55.059164]  ? sctp_sched_fcfs_dequeue+0x290/0x290
[   55.064059]  ? finish_wait+0x490/0x490
[   55.067915]  sctp_sendmsg+0x1845/0x32b0
[   55.071863]  ? sctp_id2assoc+0x390/0x390
[   55.075898]  ? iterate_fd+0x3f0/0x3f0
[   55.079664]  ? __pmd_alloc+0x4e0/0x4e0
[   55.083519]  ? lock_acquire+0x1d5/0x580
[   55.087457]  ? lock_acquire+0x1d5/0x580
[   55.091393]  ? __might_fault+0x110/0x1d0
[   55.095423]  ? selinux_tun_dev_create+0xc0/0xc0
[   55.100057]  ? __check_object_size+0x25d/0x4f0
[   55.104607]  inet_sendmsg+0x11f/0x5e0
[   55.108371]  ? inet_sendmsg+0x11f/0x5e0
[   55.112309]  ? __might_sleep+0x95/0x190
[   55.116251]  ? inet_recvmsg+0x5f0/0x5f0
[   55.120192]  ? selinux_socket_sendmsg+0x36/0x40
[   55.124826]  ? security_socket_sendmsg+0x89/0xb0
[   55.129545]  ? inet_recvmsg+0x5f0/0x5f0
[   55.133484]  sock_sendmsg+0xca/0x110
[   55.137164]  SYSC_sendto+0x352/0x5a0
[   55.140842]  ? SYSC_connect+0x470/0x470
[   55.144784]  ? mm_fault_error+0x2c0/0x2c0
[   55.148898]  ? do_raw_spin_trylock+0x190/0x190
[   55.153443]  ? lock_release+0xa40/0xa40
[   55.157383]  ? __do_page_fault+0xd60/0xd60
[   55.161584]  ? syscall_return_slowpath+0x2b3/0x510
[   55.166477]  ? finish_task_switch+0x1aa/0x740
[   55.170936]  ? prepare_exit_to_usermode+0x2d0/0x2d0
[   55.175917]  ? prepare_exit_to_usermode+0x1a0/0x2d0
[   55.180896]  ? perf_trace_sys_enter+0xcb0/0xcb0
[   55.185529]  SyS_sendto+0x40/0x50
[   55.188952]  entry_SYSCALL_64_fastpath+0x1f/0xbe
[   55.193669] RIP: 0033:0x446f79
[   55.196824] RSP: 002b:00007fb847e3fdb8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
[   55.204497] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000446f79
[   55.211730] RDX: 0000000000000002 RSI: 0000000020925000 RDI: 0000000000000003
[   55.218963] RBP: 0000000000000000 R08: 00000000209e1000 R09: 000000000000001c
[   55.226196] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000
[   55.233432] R13: 00000000007efd1f R14: 00007fb847e409c0 R15: 0000000000000000
[   55.240702] Dumping ftrace buffer:
[   55.244207]    (ftrace buffer empty)
[   55.247883] Kernel Offset: disabled
[   55.251478] Rebooting in 86400 seconds..