[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   24.320798] audit: type=1800 audit(1540519834.700:21): pid=5402 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[   24.348256] audit: type=1800 audit(1540519834.700:22): pid=5402 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.11' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   33.341867] ==================================================================
[   33.349341] BUG: KASAN: slab-out-of-bounds in sctp_getsockopt+0x7516/0x7cc2
[   33.356427] Read of size 8 at addr ffff8801bd139be8 by task syz-executor756/5555
[   33.363938] 
[   33.365551] CPU: 1 PID: 5555 Comm: syz-executor756 Not tainted 4.19.0-rc8-next-20181019+ #98
[   33.374105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   33.383438] Call Trace:
[   33.386017]  dump_stack+0x244/0x39d
[   33.389635]  ? dump_stack_print_info.cold.1+0x20/0x20
[   33.394810]  ? printk+0xa7/0xcf
[   33.398073]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   33.402826]  print_address_description.cold.7+0x9/0x1ff
[   33.408180]  kasan_report.cold.8+0x242/0x309
[   33.412585]  ? sctp_getsockopt+0x7516/0x7cc2
[   33.417008]  __asan_report_load8_noabort+0x14/0x20
[   33.421921]  sctp_getsockopt+0x7516/0x7cc2
[   33.426147]  ? trace_hardirqs_off_caller+0x300/0x300
[   33.431242]  ? compat_start_thread+0x80/0x80
[   33.435642]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   33.441878]  ? kasan_check_write+0x14/0x20
[   33.446101]  ? finish_task_switch+0x2f4/0x920
[   33.450586]  ? __switch_to_asm+0x40/0x70
[   33.454652]  ? preempt_notifier_register+0x200/0x200
[   33.459741]  ? __switch_to_asm+0x34/0x70
[   33.463790]  ? __switch_to_asm+0x34/0x70
[   33.467834]  ? __switch_to_asm+0x40/0x70
[   33.471883]  ? __switch_to_asm+0x34/0x70
[   33.475930]  ? __switch_to_asm+0x40/0x70
[   33.479976]  ? __switch_to_asm+0x34/0x70
[   33.484020]  ? __switch_to_asm+0x40/0x70
[   33.488084]  ? __switch_to_asm+0x34/0x70
[   33.492130]  ? __switch_to_asm+0x34/0x70
[   33.496173]  ? __switch_to_asm+0x40/0x70
[   33.500224]  ? __switch_to_asm+0x34/0x70
[   33.504274]  ? __switch_to_asm+0x40/0x70
[   33.508315]  ? __switch_to_asm+0x34/0x70
[   33.512356]  ? __switch_to_asm+0x40/0x70
[   33.516425]  ? __schedule+0x8d7/0x21d0
[   33.520300]  ? __sched_text_start+0x8/0x8
[   33.524451]  ? zap_class+0x640/0x640
[   33.528168]  ? plist_check_list+0xa0/0xa0
[   33.532305]  ? lock_pin_lock+0x350/0x350
[   33.536386]  ? perf_trace_sched_process_exec+0x860/0x860
[   33.541823]  ? print_usage_bug+0xc0/0xc0
[   33.545870]  ? do_raw_spin_trylock+0x270/0x270
[   33.550434]  ? lock_acquire+0x1ed/0x520
[   33.554392]  ? __might_sleep+0x95/0x190
[   33.558357]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.563906]  ? futex_wait_queue_me+0x55d/0x840
[   33.568480]  ? __lock_acquire+0x62f/0x4c20
[   33.572702]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.578237]  ? get_futex_value_locked+0xcb/0xf0
[   33.582895]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   33.587895]  ? futex_wait_setup+0x266/0x3e0
[   33.592218]  ? mark_held_locks+0x130/0x130
[   33.596444]  ? futex_wake+0x760/0x760
[   33.600238]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   33.605425]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   33.610512]  ? futex_wait+0x5ec/0xa50
[   33.614321]  ? futex_wait_setup+0x3e0/0x3e0
[   33.618628]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   33.623809]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   33.628893]  ? futex_wake+0x304/0x760
[   33.632680]  ? _raw_spin_unlock_bh+0x30/0x40
[   33.637077]  ? zap_class+0x640/0x640
[   33.640785]  ? find_held_lock+0x36/0x1c0
[   33.644834]  ? __fget+0x4aa/0x740
[   33.648288]  ? lock_downgrade+0x900/0x900
[   33.652423]  ? check_preemption_disabled+0x48/0x280
[   33.657427]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   33.662341]  ? kasan_check_read+0x11/0x20
[   33.666474]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   33.671739]  ? rcu_softirq_qs+0x20/0x20
[   33.675705]  ? __fget+0x4d1/0x740
[   33.679153]  ? ksys_dup3+0x680/0x680
[   33.682861]  ? perf_trace_sched_process_exec+0x860/0x860
[   33.688308]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   33.693830]  ? security_socket_sendmsg+0x94/0xc0
[   33.698592]  ? ipip_gro_receive+0x100/0x100
[   33.702905]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   33.708425]  ? aa_label_sk_perm+0x91/0x100
[   33.712648]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   33.717556]  ? aa_sk_perm+0x22b/0x8e0
[   33.721344]  ? fget_raw+0x20/0x20
[   33.724786]  ? __do_page_fault+0x60e/0xe40
[   33.729003]  ? aa_af_perm+0x5a0/0x5a0
[   33.732804]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   33.737726]  ? kasan_check_read+0x11/0x20
[   33.741877]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   33.747148]  sock_common_getsockopt+0x9a/0xe0
[   33.751631]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   33.757859]  ? sock_common_getsockopt+0x9a/0xe0
[   33.762545]  __sys_getsockopt+0x1ad/0x390
[   33.766717]  ? kernel_setsockopt+0x1d0/0x1d0
[   33.771120]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   33.775713]  ? trace_hardirqs_on+0xbd/0x310
[   33.780036]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.785386]  ? trace_hardirqs_off_caller+0x300/0x300
[   33.790477]  __x64_sys_getsockopt+0xbe/0x150
[   33.794887]  do_syscall_64+0x1b9/0x820
[   33.798760]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   33.804123]  ? syscall_return_slowpath+0x5e0/0x5e0
[   33.809048]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.813878]  ? trace_hardirqs_on_caller+0x310/0x310
[   33.818880]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   33.823884]  ? prepare_exit_to_usermode+0x291/0x3b0
[   33.828889]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   33.833727]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.838904] RIP: 0033:0x445789
[   33.842084] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   33.860970] RSP: 002b:00007f366bbfedb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   33.868661] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445789
[   33.875929] RDX: 0000000000000074 RSI: 0000000000000084 RDI: 0000000000000003
[   33.883198] RBP: 00000000006dac20 R08: 0000000020000040 R09: 0000000000000000
[   33.890455] R10: 0000000020000080 R11: 0000000000000246 R12: 00000000006dac2c
[   33.897715] R13: 00007ffc0c2f115f R14: 00007f366bbff9c0 R15: 00000000006dad2c
[   33.904980] 
[   33.906608] Allocated by task 5556:
[   33.910226]  save_stack+0x43/0xd0
[   33.913667]  kasan_kmalloc+0xc7/0xe0
[   33.917363]  kmem_cache_alloc_trace+0x152/0x750
[   33.922017]  sctp_stream_init_ext+0x4f/0xf0
[   33.926339]  sctp_sendmsg_to_asoc+0x1308/0x1a20
[   33.930992]  sctp_sendmsg+0x13c2/0x1da0
[   33.934950]  inet_sendmsg+0x19c/0x690
[   33.938737]  sock_sendmsg+0xd5/0x120
[   33.942435]  __sys_sendto+0x3d7/0x670
[   33.946238]  __x64_sys_sendto+0xe1/0x1a0
[   33.950281]  do_syscall_64+0x1b9/0x820
[   33.954171]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   33.959335] 
[   33.960945] Freed by task 3525:
[   33.964228]  save_stack+0x43/0xd0
[   33.967676]  __kasan_slab_free+0x102/0x150
[   33.971906]  kasan_slab_free+0xe/0x10
[   33.975690]  kfree+0xcf/0x230
[   33.978787]  kzfree+0x28/0x30
[   33.981894]  apparmor_file_free_security+0x133/0x1a0
[   33.986995]  security_file_free+0x4a/0x80
[   33.991131]  __fput+0x519/0xa70
[   33.994391]  ____fput+0x15/0x20
[   33.997656]  task_work_run+0x1e8/0x2a0
[   34.001527]  exit_to_usermode_loop+0x318/0x380
[   34.006091]  do_syscall_64+0x6be/0x820
[   34.009963]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.015133] 
[   34.016748] The buggy address belongs to the object at ffff8801bd139b80
[   34.016748]  which belongs to the cache kmalloc-96 of size 96
[   34.029216] The buggy address is located 8 bytes to the right of
[   34.029216]  96-byte region [ffff8801bd139b80, ffff8801bd139be0)
[   34.041338] The buggy address belongs to the page:
[   34.046340] page:ffffea0006f44e40 count:1 mapcount:0 mapping:ffff8801da8004c0 index:0x0
[   34.054465] flags: 0x2fffc0000000200(slab)
[   34.058685] raw: 02fffc0000000200 ffffea0006f44448 ffffea000704ee08 ffff8801da8004c0
[   34.066554] raw: 0000000000000000 ffff8801bd139000 0000000100000020 0000000000000000
[   34.074427] page dumped because: kasan: bad access detected
[   34.080115] 
[   34.081729] Memory state around the buggy address:
[   34.086644]  ffff8801bd139a80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   34.093984]  ffff8801bd139b00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   34.101326] >ffff8801bd139b80: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[   34.108663]                                                           ^
[   34.115396]  ffff8801bd139c00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   34.122738]  ffff8801bd139c80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   34.130076] ==================================================================
[   34.137411] Disabling lock debugging due to kernel taint
[   34.143620] Kernel panic - not syncing: panic_on_warn set ...
[   34.149526] CPU: 1 PID: 5555 Comm: syz-executor756 Tainted: G    B             4.19.0-rc8-next-20181019+ #98
[   34.159492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.168841] Call Trace:
[   34.171420]  dump_stack+0x244/0x39d
[   34.175033]  ? dump_stack_print_info.cold.1+0x20/0x20
[   34.180209]  panic+0x2ad/0x55c
[   34.183390]  ? add_taint.cold.5+0x16/0x16
[   34.187550]  ? preempt_schedule+0x4d/0x60
[   34.191683]  ? ___preempt_schedule+0x16/0x18
[   34.196077]  ? trace_hardirqs_on+0xb4/0x310
[   34.200380]  kasan_end_report+0x47/0x4f
[   34.204350]  kasan_report.cold.8+0x76/0x309
[   34.208662]  ? sctp_getsockopt+0x7516/0x7cc2
[   34.213054]  __asan_report_load8_noabort+0x14/0x20
[   34.217963]  sctp_getsockopt+0x7516/0x7cc2
[   34.222182]  ? trace_hardirqs_off_caller+0x300/0x300
[   34.227268]  ? compat_start_thread+0x80/0x80
[   34.231663]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   34.237897]  ? kasan_check_write+0x14/0x20
[   34.242121]  ? finish_task_switch+0x2f4/0x920
[   34.246614]  ? __switch_to_asm+0x40/0x70
[   34.250677]  ? preempt_notifier_register+0x200/0x200
[   34.255764]  ? __switch_to_asm+0x34/0x70
[   34.259806]  ? __switch_to_asm+0x34/0x70
[   34.263861]  ? __switch_to_asm+0x40/0x70
[   34.267901]  ? __switch_to_asm+0x34/0x70
[   34.271940]  ? __switch_to_asm+0x40/0x70
[   34.275995]  ? __switch_to_asm+0x34/0x70
[   34.280036]  ? __switch_to_asm+0x40/0x70
[   34.284078]  ? __switch_to_asm+0x34/0x70
[   34.288120]  ? __switch_to_asm+0x34/0x70
[   34.292162]  ? __switch_to_asm+0x40/0x70
[   34.296205]  ? __switch_to_asm+0x34/0x70
[   34.300247]  ? __switch_to_asm+0x40/0x70
[   34.304287]  ? __switch_to_asm+0x34/0x70
[   34.308342]  ? __switch_to_asm+0x40/0x70
[   34.312402]  ? __schedule+0x8d7/0x21d0
[   34.316274]  ? __sched_text_start+0x8/0x8
[   34.320407]  ? zap_class+0x640/0x640
[   34.324105]  ? plist_check_list+0xa0/0xa0
[   34.328239]  ? lock_pin_lock+0x350/0x350
[   34.332293]  ? perf_trace_sched_process_exec+0x860/0x860
[   34.337732]  ? print_usage_bug+0xc0/0xc0
[   34.341780]  ? do_raw_spin_trylock+0x270/0x270
[   34.346344]  ? lock_acquire+0x1ed/0x520
[   34.350299]  ? __might_sleep+0x95/0x190
[   34.354258]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.359781]  ? futex_wait_queue_me+0x55d/0x840
[   34.364348]  ? __lock_acquire+0x62f/0x4c20
[   34.368567]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.374088]  ? get_futex_value_locked+0xcb/0xf0
[   34.378738]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   34.383737]  ? futex_wait_setup+0x266/0x3e0
[   34.388045]  ? mark_held_locks+0x130/0x130
[   34.392259]  ? futex_wake+0x760/0x760
[   34.396041]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   34.401216]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   34.406301]  ? futex_wait+0x5ec/0xa50
[   34.410085]  ? futex_wait_setup+0x3e0/0x3e0
[   34.414402]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   34.419575]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   34.424661]  ? futex_wake+0x304/0x760
[   34.428447]  ? _raw_spin_unlock_bh+0x30/0x40
[   34.432837]  ? zap_class+0x640/0x640
[   34.436539]  ? find_held_lock+0x36/0x1c0
[   34.440586]  ? __fget+0x4aa/0x740
[   34.444025]  ? lock_downgrade+0x900/0x900
[   34.448157]  ? check_preemption_disabled+0x48/0x280
[   34.453159]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   34.458073]  ? kasan_check_read+0x11/0x20
[   34.462206]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   34.467471]  ? rcu_softirq_qs+0x20/0x20
[   34.471432]  ? __fget+0x4d1/0x740
[   34.474869]  ? ksys_dup3+0x680/0x680
[   34.478728]  ? perf_trace_sched_process_exec+0x860/0x860
[   34.484185]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   34.489714]  ? security_socket_sendmsg+0x94/0xc0
[   34.494457]  ? ipip_gro_receive+0x100/0x100
[   34.498761]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   34.504279]  ? aa_label_sk_perm+0x91/0x100
[   34.508494]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   34.513404]  ? aa_sk_perm+0x22b/0x8e0
[   34.517186]  ? fget_raw+0x20/0x20
[   34.520624]  ? __do_page_fault+0x60e/0xe40
[   34.524858]  ? aa_af_perm+0x5a0/0x5a0
[   34.528642]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   34.533555]  ? kasan_check_read+0x11/0x20
[   34.537687]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   34.542957]  sock_common_getsockopt+0x9a/0xe0
[   34.547450]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   34.553675]  ? sock_common_getsockopt+0x9a/0xe0
[   34.558330]  __sys_getsockopt+0x1ad/0x390
[   34.562483]  ? kernel_setsockopt+0x1d0/0x1d0
[   34.566894]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   34.571474]  ? trace_hardirqs_on+0xbd/0x310
[   34.575790]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.581145]  ? trace_hardirqs_off_caller+0x300/0x300
[   34.586234]  __x64_sys_getsockopt+0xbe/0x150
[   34.590630]  do_syscall_64+0x1b9/0x820
[   34.594501]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   34.599845]  ? syscall_return_slowpath+0x5e0/0x5e0
[   34.604757]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.609598]  ? trace_hardirqs_on_caller+0x310/0x310
[   34.614598]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   34.619802]  ? prepare_exit_to_usermode+0x291/0x3b0
[   34.624817]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   34.629644]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   34.634829] RIP: 0033:0x445789
[   34.638005] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   34.656901] RSP: 002b:00007f366bbfedb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   34.664602] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445789
[   34.671852] RDX: 0000000000000074 RSI: 0000000000000084 RDI: 0000000000000003
[   34.679100] RBP: 00000000006dac20 R08: 0000000020000040 R09: 0000000000000000
[   34.686348] R10: 0000000020000080 R11: 0000000000000246 R12: 00000000006dac2c
[   34.693632] R13: 00007ffc0c2f115f R14: 00007f366bbff9c0 R15: 00000000006dad2c
[   34.701823] Kernel Offset: disabled
[   34.705444] Rebooting in 86400 seconds..