[info] Using makefile-style concurrent boot in runlevel 2. [ 24.968441] audit: type=1800 audit(1540511732.730:21): pid=5226 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.110' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 42.765726] ================================================================== [ 42.773220] BUG: KASAN: slab-out-of-bounds in sctp_getsockopt+0x7516/0x7cc2 [ 42.780310] Read of size 8 at addr ffff8801bd8bcee8 by task syz-executor055/5384 [ 42.787822] [ 42.789436] CPU: 1 PID: 5384 Comm: syz-executor055 Not tainted 4.19.0+ #303 [ 42.796516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.805854] Call Trace: [ 42.808431] dump_stack+0x244/0x39d [ 42.812049] ? dump_stack_print_info.cold.1+0x20/0x20 [ 42.817243] ? printk+0xa7/0xcf [ 42.820525] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 42.825279] print_address_description.cold.7+0x9/0x1ff [ 42.830870] kasan_report.cold.8+0x242/0x309 [ 42.835270] ? sctp_getsockopt+0x7516/0x7cc2 [ 42.839670] __asan_report_load8_noabort+0x14/0x20 [ 42.844587] sctp_getsockopt+0x7516/0x7cc2 [ 42.848810] ? trace_hardirqs_off_caller+0x310/0x310 [ 42.853901] ? compat_start_thread+0x80/0x80 [ 42.858309] ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0 [ 42.864530] ? kasan_check_write+0x14/0x20 [ 42.868759] ? finish_task_switch+0x2f4/0x910 [ 42.873267] ? __switch_to_asm+0x40/0x70 [ 42.877321] ? preempt_notifier_register+0x200/0x200 [ 42.882412] ? __switch_to_asm+0x34/0x70 [ 42.886460] ? __switch_to_asm+0x34/0x70 [ 42.890518] ? __switch_to_asm+0x40/0x70 [ 42.894577] ? __switch_to_asm+0x34/0x70 [ 42.898624] ? __switch_to_asm+0x40/0x70 [ 42.902683] ? __switch_to_asm+0x34/0x70 [ 42.906746] ? __switch_to_asm+0x40/0x70 [ 42.910804] ? __switch_to_asm+0x34/0x70 [ 42.914861] ? __switch_to_asm+0x34/0x70 [ 42.919025] ? __switch_to_asm+0x40/0x70 [ 42.923080] ? __switch_to_asm+0x34/0x70 [ 42.927138] ? __switch_to_asm+0x40/0x70 [ 42.931181] ? __switch_to_asm+0x34/0x70 [ 42.935225] ? __switch_to_asm+0x40/0x70 [ 42.939279] ? __schedule+0x8d7/0x21d0 [ 42.943180] ? __sched_text_start+0x8/0x8 [ 42.947320] ? zap_class+0x640/0x640 [ 42.951025] ? plist_check_list+0xa0/0xa0 [ 42.955158] ? lock_pin_lock+0x350/0x350 [ 42.959230] ? perf_trace_sched_process_exec+0x860/0x860 [ 42.964673] ? print_usage_bug+0xc0/0xc0 [ 42.968733] ? do_raw_spin_trylock+0x270/0x270 [ 42.973309] ? lock_acquire+0x1ed/0x520 [ 42.977276] ? __might_sleep+0x95/0x190 [ 42.981263] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.986792] ? futex_wait_queue_me+0x55d/0x840 [ 42.991362] ? __lock_acquire+0x62f/0x4c20 [ 42.995602] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.001127] ? get_futex_value_locked+0xcb/0xf0 [ 43.005781] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 43.010800] ? futex_wait_setup+0x266/0x3e0 [ 43.015115] ? mark_held_locks+0x130/0x130 [ 43.019335] ? futex_wake+0x760/0x760 [ 43.023122] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 43.028302] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 43.033405] ? futex_wait+0x5ec/0xa50 [ 43.037211] ? futex_wait_setup+0x3e0/0x3e0 [ 43.041518] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 43.046696] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 43.051785] ? futex_wake+0x304/0x760 [ 43.055573] ? _raw_spin_unlock_bh+0x30/0x40 [ 43.059969] ? zap_class+0x640/0x640 [ 43.063684] ? find_held_lock+0x36/0x1c0 [ 43.067737] ? __fget+0x4aa/0x740 [ 43.071182] ? lock_downgrade+0x900/0x900 [ 43.075327] ? check_preemption_disabled+0x48/0x280 [ 43.080348] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 43.085278] ? kasan_check_read+0x11/0x20 [ 43.089427] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 43.094698] ? rcu_softirq_qs+0x20/0x20 [ 43.098671] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 43.104196] ? aa_label_sk_perm+0x46d/0x8e0 [ 43.108512] ? aa_profile_af_perm+0x410/0x410 [ 43.113001] ? ksys_dup3+0x680/0x680 [ 43.116723] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.122252] ? security_socket_sendmsg+0x94/0xc0 [ 43.127006] ? fput+0x130/0x1a0 [ 43.130277] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 43.135193] ? aa_sk_perm+0x218/0x8b0 [ 43.138999] ? fget_raw+0x20/0x20 [ 43.142441] ? __do_page_fault+0x620/0xe60 [ 43.146679] ? aa_af_perm+0x5a0/0x5a0 [ 43.150467] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 43.155381] ? kasan_check_read+0x11/0x20 [ 43.159517] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 43.164798] sock_common_getsockopt+0x9a/0xe0 [ 43.169285] ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0 [ 43.175504] ? sock_common_getsockopt+0x9a/0xe0 [ 43.180161] __sys_getsockopt+0x1ad/0x390 [ 43.184295] ? kernel_setsockopt+0x1d0/0x1d0 [ 43.188693] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 43.193262] ? trace_hardirqs_on+0xbd/0x310 [ 43.197574] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.202982] ? trace_hardirqs_off_caller+0x310/0x310 [ 43.208082] __x64_sys_getsockopt+0xbe/0x150 [ 43.212483] do_syscall_64+0x1b9/0x820 [ 43.216382] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 43.221737] ? syscall_return_slowpath+0x5e0/0x5e0 [ 43.226656] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.231486] ? trace_hardirqs_on_caller+0x310/0x310 [ 43.236503] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 43.241503] ? prepare_exit_to_usermode+0x291/0x3b0 [ 43.246509] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 43.251342] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.256518] RIP: 0033:0x445789 [ 43.259710] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 43.278612] RSP: 002b:00007f56abe21db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 43.286309] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445789 [ 43.293565] RDX: 0000000000000074 RSI: 0000000000000084 RDI: 0000000000000003 [ 43.300819] RBP: 00000000006dac20 R08: 0000000020000040 R09: 0000000000000000 [ 43.308096] R10: 0000000020000080 R11: 0000000000000246 R12: 00000000006dac2c [ 43.315351] R13: 00007ffc52151bdf R14: 00007f56abe229c0 R15: 00000000006dad2c [ 43.322612] [ 43.324224] Allocated by task 5385: [ 43.327838] save_stack+0x43/0xd0 [ 43.331274] kasan_kmalloc+0xc7/0xe0 [ 43.334968] kmem_cache_alloc_trace+0x152/0x750 [ 43.339637] sctp_stream_init_ext+0x4f/0xf0 [ 43.343949] sctp_sendmsg_to_asoc+0x1308/0x1a20 [ 43.348603] sctp_sendmsg+0x13c2/0x1da0 [ 43.352560] inet_sendmsg+0x1a1/0x690 [ 43.356347] sock_sendmsg+0xd5/0x120 [ 43.360046] __sys_sendto+0x3d7/0x670 [ 43.363855] __x64_sys_sendto+0xe1/0x1a0 [ 43.367930] do_syscall_64+0x1b9/0x820 [ 43.371803] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.376972] [ 43.378586] Freed by task 3190: [ 43.381857] save_stack+0x43/0xd0 [ 43.385295] __kasan_slab_free+0x102/0x150 [ 43.389514] kasan_slab_free+0xe/0x10 [ 43.393296] kfree+0xcf/0x230 [ 43.396426] kzfree+0x28/0x30 [ 43.399520] apparmor_file_free_security+0x133/0x1a0 [ 43.404607] security_file_free+0x4a/0x80 [ 43.408745] __fput+0x4e8/0xa30 [ 43.412015] ____fput+0x15/0x20 [ 43.415300] task_work_run+0x1e8/0x2a0 [ 43.419173] exit_to_usermode_loop+0x318/0x380 [ 43.423741] do_syscall_64+0x6be/0x820 [ 43.427623] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 43.432803] [ 43.434414] The buggy address belongs to the object at ffff8801bd8bce80 [ 43.434414] which belongs to the cache kmalloc-96 of size 96 [ 43.446885] The buggy address is located 8 bytes to the right of [ 43.446885] 96-byte region [ffff8801bd8bce80, ffff8801bd8bcee0) [ 43.459024] The buggy address belongs to the page: [ 43.463946] page:ffffea0006f62f00 count:1 mapcount:0 mapping:ffff8801da8004c0 index:0x0 [ 43.472087] flags: 0x2fffc0000000100(slab) [ 43.476317] raw: 02fffc0000000100 ffffea0006faf288 ffffea00070b8448 ffff8801da8004c0 [ 43.484190] raw: 0000000000000000 ffff8801bd8bc000 0000000100000020 0000000000000000 [ 43.492063] page dumped because: kasan: bad access detected [ 43.497761] [ 43.499386] Memory state around the buggy address: [ 43.504302] ffff8801bd8bcd80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 43.511672] ffff8801bd8bce00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 43.519021] >ffff8801bd8bce80: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc [ 43.526365] ^ [ 43.533100] ffff8801bd8bcf00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 43.540440] ffff8801bd8bcf80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 43.547778] ================================================================== [ 43.555120] Disabling lock debugging due to kernel taint [ 43.560854] Kernel panic - not syncing: panic_on_warn set ... [ 43.560854] [ 43.568606] CPU: 1 PID: 5384 Comm: syz-executor055 Tainted: G B 4.19.0+ #303 [ 43.577096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.586439] Call Trace: [ 43.589015] dump_stack+0x244/0x39d [ 43.592626] ? dump_stack_print_info.cold.1+0x20/0x20 [ 43.597802] panic+0x238/0x4e7 [ 43.600983] ? add_taint.cold.5+0x16/0x16 [ 43.605118] ? preempt_schedule+0x4d/0x60 [ 43.609250] ? ___preempt_schedule+0x16/0x18 [ 43.613646] ? trace_hardirqs_on+0xb4/0x310 [ 43.617971] kasan_end_report+0x47/0x4f [ 43.621939] kasan_report.cold.8+0x76/0x309 [ 43.626247] ? sctp_getsockopt+0x7516/0x7cc2 [ 43.630655] __asan_report_load8_noabort+0x14/0x20 [ 43.635568] sctp_getsockopt+0x7516/0x7cc2 [ 43.639785] ? trace_hardirqs_off_caller+0x310/0x310 [ 43.644876] ? compat_start_thread+0x80/0x80 [ 43.649274] ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0 [ 43.655488] ? kasan_check_write+0x14/0x20 [ 43.659709] ? finish_task_switch+0x2f4/0x910 [ 43.664188] ? __switch_to_asm+0x40/0x70 [ 43.668247] ? preempt_notifier_register+0x200/0x200 [ 43.673338] ? __switch_to_asm+0x34/0x70 [ 43.677397] ? __switch_to_asm+0x34/0x70 [ 43.681455] ? __switch_to_asm+0x40/0x70 [ 43.685496] ? __switch_to_asm+0x34/0x70 [ 43.689539] ? __switch_to_asm+0x40/0x70 [ 43.693583] ? __switch_to_asm+0x34/0x70 [ 43.697625] ? __switch_to_asm+0x40/0x70 [ 43.701669] ? __switch_to_asm+0x34/0x70 [ 43.705713] ? __switch_to_asm+0x34/0x70 [ 43.709761] ? __switch_to_asm+0x40/0x70 [ 43.713821] ? __switch_to_asm+0x34/0x70 [ 43.717864] ? __switch_to_asm+0x40/0x70 [ 43.721919] ? __switch_to_asm+0x34/0x70 [ 43.725964] ? __switch_to_asm+0x40/0x70 [ 43.730015] ? __schedule+0x8d7/0x21d0 [ 43.733911] ? __sched_text_start+0x8/0x8 [ 43.738045] ? zap_class+0x640/0x640 [ 43.741741] ? plist_check_list+0xa0/0xa0 [ 43.745873] ? lock_pin_lock+0x350/0x350 [ 43.749931] ? perf_trace_sched_process_exec+0x860/0x860 [ 43.755365] ? print_usage_bug+0xc0/0xc0 [ 43.759409] ? do_raw_spin_trylock+0x270/0x270 [ 43.763971] ? lock_acquire+0x1ed/0x520 [ 43.767936] ? __might_sleep+0x95/0x190 [ 43.771893] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.777413] ? futex_wait_queue_me+0x55d/0x840 [ 43.781990] ? __lock_acquire+0x62f/0x4c20 [ 43.786226] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.791773] ? get_futex_value_locked+0xcb/0xf0 [ 43.796443] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 43.801442] ? futex_wait_setup+0x266/0x3e0 [ 43.805750] ? mark_held_locks+0x130/0x130 [ 43.809981] ? futex_wake+0x760/0x760 [ 43.813776] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 43.818966] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 43.824060] ? futex_wait+0x5ec/0xa50 [ 43.827846] ? futex_wait_setup+0x3e0/0x3e0 [ 43.832151] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 43.837354] ? drop_futex_key_refs.isra.14+0x6d/0xe0 [ 43.842459] ? futex_wake+0x304/0x760 [ 43.846250] ? _raw_spin_unlock_bh+0x30/0x40 [ 43.850660] ? zap_class+0x640/0x640 [ 43.854404] ? find_held_lock+0x36/0x1c0 [ 43.858454] ? __fget+0x4aa/0x740 [ 43.861892] ? lock_downgrade+0x900/0x900 [ 43.866045] ? check_preemption_disabled+0x48/0x280 [ 43.871050] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 43.875962] ? kasan_check_read+0x11/0x20 [ 43.880104] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 43.885364] ? rcu_softirq_qs+0x20/0x20 [ 43.889345] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 43.894868] ? aa_label_sk_perm+0x46d/0x8e0 [ 43.899190] ? aa_profile_af_perm+0x410/0x410 [ 43.903669] ? ksys_dup3+0x680/0x680 [ 43.907389] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 43.912911] ? security_socket_sendmsg+0x94/0xc0 [ 43.917667] ? fput+0x130/0x1a0 [ 43.920931] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 43.933261] ? aa_sk_perm+0x218/0x8b0 [ 43.937050] ? fget_raw+0x20/0x20 [ 43.940485] ? __do_page_fault+0x620/0xe60 [ 43.944707] ? aa_af_perm+0x5a0/0x5a0 [ 43.948515] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 43.953428] ? kasan_check_read+0x11/0x20 [ 43.957576] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 43.962844] sock_common_getsockopt+0x9a/0xe0 [ 43.967326] ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0 [ 43.973550] ? sock_common_getsockopt+0x9a/0xe0 [ 43.978202] __sys_getsockopt+0x1ad/0x390 [ 43.982334] ? kernel_setsockopt+0x1d0/0x1d0 [ 43.986730] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 43.991299] ? trace_hardirqs_on+0xbd/0x310 [ 43.995605] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.000951] ? trace_hardirqs_off_caller+0x310/0x310 [ 44.006041] __x64_sys_getsockopt+0xbe/0x150 [ 44.010430] do_syscall_64+0x1b9/0x820 [ 44.014300] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 44.019648] ? syscall_return_slowpath+0x5e0/0x5e0 [ 44.024560] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.029409] ? trace_hardirqs_on_caller+0x310/0x310 [ 44.034411] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 44.039412] ? prepare_exit_to_usermode+0x291/0x3b0 [ 44.044415] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 44.049244] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 44.054420] RIP: 0033:0x445789 [ 44.057596] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 44.076485] RSP: 002b:00007f56abe21db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 44.084180] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445789 [ 44.091430] RDX: 0000000000000074 RSI: 0000000000000084 RDI: 0000000000000003 [ 44.098696] RBP: 00000000006dac20 R08: 0000000020000040 R09: 0000000000000000 [ 44.105966] R10: 0000000020000080 R11: 0000000000000246 R12: 00000000006dac2c [ 44.113217] R13: 00007ffc52151bdf R14: 00007f56abe229c0 R15: 00000000006dad2c [ 44.121307] Kernel Offset: disabled [ 44.124934] Rebooting in 86400 seconds..