
[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   24.968441] audit: type=1800 audit(1540511732.730:21): pid=5226 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.110' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   42.765726] ==================================================================
[   42.773220] BUG: KASAN: slab-out-of-bounds in sctp_getsockopt+0x7516/0x7cc2
[   42.780310] Read of size 8 at addr ffff8801bd8bcee8 by task syz-executor055/5384
[   42.787822] 
[   42.789436] CPU: 1 PID: 5384 Comm: syz-executor055 Not tainted 4.19.0+ #303
[   42.796516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.805854] Call Trace:
[   42.808431]  dump_stack+0x244/0x39d
[   42.812049]  ? dump_stack_print_info.cold.1+0x20/0x20
[   42.817243]  ? printk+0xa7/0xcf
[   42.820525]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   42.825279]  print_address_description.cold.7+0x9/0x1ff
[   42.830870]  kasan_report.cold.8+0x242/0x309
[   42.835270]  ? sctp_getsockopt+0x7516/0x7cc2
[   42.839670]  __asan_report_load8_noabort+0x14/0x20
[   42.844587]  sctp_getsockopt+0x7516/0x7cc2
[   42.848810]  ? trace_hardirqs_off_caller+0x310/0x310
[   42.853901]  ? compat_start_thread+0x80/0x80
[   42.858309]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   42.864530]  ? kasan_check_write+0x14/0x20
[   42.868759]  ? finish_task_switch+0x2f4/0x910
[   42.873267]  ? __switch_to_asm+0x40/0x70
[   42.877321]  ? preempt_notifier_register+0x200/0x200
[   42.882412]  ? __switch_to_asm+0x34/0x70
[   42.886460]  ? __switch_to_asm+0x34/0x70
[   42.890518]  ? __switch_to_asm+0x40/0x70
[   42.894577]  ? __switch_to_asm+0x34/0x70
[   42.898624]  ? __switch_to_asm+0x40/0x70
[   42.902683]  ? __switch_to_asm+0x34/0x70
[   42.906746]  ? __switch_to_asm+0x40/0x70
[   42.910804]  ? __switch_to_asm+0x34/0x70
[   42.914861]  ? __switch_to_asm+0x34/0x70
[   42.919025]  ? __switch_to_asm+0x40/0x70
[   42.923080]  ? __switch_to_asm+0x34/0x70
[   42.927138]  ? __switch_to_asm+0x40/0x70
[   42.931181]  ? __switch_to_asm+0x34/0x70
[   42.935225]  ? __switch_to_asm+0x40/0x70
[   42.939279]  ? __schedule+0x8d7/0x21d0
[   42.943180]  ? __sched_text_start+0x8/0x8
[   42.947320]  ? zap_class+0x640/0x640
[   42.951025]  ? plist_check_list+0xa0/0xa0
[   42.955158]  ? lock_pin_lock+0x350/0x350
[   42.959230]  ? perf_trace_sched_process_exec+0x860/0x860
[   42.964673]  ? print_usage_bug+0xc0/0xc0
[   42.968733]  ? do_raw_spin_trylock+0x270/0x270
[   42.973309]  ? lock_acquire+0x1ed/0x520
[   42.977276]  ? __might_sleep+0x95/0x190
[   42.981263]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   42.986792]  ? futex_wait_queue_me+0x55d/0x840
[   42.991362]  ? __lock_acquire+0x62f/0x4c20
[   42.995602]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   43.001127]  ? get_futex_value_locked+0xcb/0xf0
[   43.005781]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   43.010800]  ? futex_wait_setup+0x266/0x3e0
[   43.015115]  ? mark_held_locks+0x130/0x130
[   43.019335]  ? futex_wake+0x760/0x760
[   43.023122]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   43.028302]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   43.033405]  ? futex_wait+0x5ec/0xa50
[   43.037211]  ? futex_wait_setup+0x3e0/0x3e0
[   43.041518]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   43.046696]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   43.051785]  ? futex_wake+0x304/0x760
[   43.055573]  ? _raw_spin_unlock_bh+0x30/0x40
[   43.059969]  ? zap_class+0x640/0x640
[   43.063684]  ? find_held_lock+0x36/0x1c0
[   43.067737]  ? __fget+0x4aa/0x740
[   43.071182]  ? lock_downgrade+0x900/0x900
[   43.075327]  ? check_preemption_disabled+0x48/0x280
[   43.080348]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   43.085278]  ? kasan_check_read+0x11/0x20
[   43.089427]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   43.094698]  ? rcu_softirq_qs+0x20/0x20
[   43.098671]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   43.104196]  ? aa_label_sk_perm+0x46d/0x8e0
[   43.108512]  ? aa_profile_af_perm+0x410/0x410
[   43.113001]  ? ksys_dup3+0x680/0x680
[   43.116723]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   43.122252]  ? security_socket_sendmsg+0x94/0xc0
[   43.127006]  ? fput+0x130/0x1a0
[   43.130277]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   43.135193]  ? aa_sk_perm+0x218/0x8b0
[   43.138999]  ? fget_raw+0x20/0x20
[   43.142441]  ? __do_page_fault+0x620/0xe60
[   43.146679]  ? aa_af_perm+0x5a0/0x5a0
[   43.150467]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   43.155381]  ? kasan_check_read+0x11/0x20
[   43.159517]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   43.164798]  sock_common_getsockopt+0x9a/0xe0
[   43.169285]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   43.175504]  ? sock_common_getsockopt+0x9a/0xe0
[   43.180161]  __sys_getsockopt+0x1ad/0x390
[   43.184295]  ? kernel_setsockopt+0x1d0/0x1d0
[   43.188693]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   43.193262]  ? trace_hardirqs_on+0xbd/0x310
[   43.197574]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   43.202982]  ? trace_hardirqs_off_caller+0x310/0x310
[   43.208082]  __x64_sys_getsockopt+0xbe/0x150
[   43.212483]  do_syscall_64+0x1b9/0x820
[   43.216382]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   43.221737]  ? syscall_return_slowpath+0x5e0/0x5e0
[   43.226656]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   43.231486]  ? trace_hardirqs_on_caller+0x310/0x310
[   43.236503]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   43.241503]  ? prepare_exit_to_usermode+0x291/0x3b0
[   43.246509]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   43.251342]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   43.256518] RIP: 0033:0x445789
[   43.259710] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   43.278612] RSP: 002b:00007f56abe21db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   43.286309] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445789
[   43.293565] RDX: 0000000000000074 RSI: 0000000000000084 RDI: 0000000000000003
[   43.300819] RBP: 00000000006dac20 R08: 0000000020000040 R09: 0000000000000000
[   43.308096] R10: 0000000020000080 R11: 0000000000000246 R12: 00000000006dac2c
[   43.315351] R13: 00007ffc52151bdf R14: 00007f56abe229c0 R15: 00000000006dad2c
[   43.322612] 
[   43.324224] Allocated by task 5385:
[   43.327838]  save_stack+0x43/0xd0
[   43.331274]  kasan_kmalloc+0xc7/0xe0
[   43.334968]  kmem_cache_alloc_trace+0x152/0x750
[   43.339637]  sctp_stream_init_ext+0x4f/0xf0
[   43.343949]  sctp_sendmsg_to_asoc+0x1308/0x1a20
[   43.348603]  sctp_sendmsg+0x13c2/0x1da0
[   43.352560]  inet_sendmsg+0x1a1/0x690
[   43.356347]  sock_sendmsg+0xd5/0x120
[   43.360046]  __sys_sendto+0x3d7/0x670
[   43.363855]  __x64_sys_sendto+0xe1/0x1a0
[   43.367930]  do_syscall_64+0x1b9/0x820
[   43.371803]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   43.376972] 
[   43.378586] Freed by task 3190:
[   43.381857]  save_stack+0x43/0xd0
[   43.385295]  __kasan_slab_free+0x102/0x150
[   43.389514]  kasan_slab_free+0xe/0x10
[   43.393296]  kfree+0xcf/0x230
[   43.396426]  kzfree+0x28/0x30
[   43.399520]  apparmor_file_free_security+0x133/0x1a0
[   43.404607]  security_file_free+0x4a/0x80
[   43.408745]  __fput+0x4e8/0xa30
[   43.412015]  ____fput+0x15/0x20
[   43.415300]  task_work_run+0x1e8/0x2a0
[   43.419173]  exit_to_usermode_loop+0x318/0x380
[   43.423741]  do_syscall_64+0x6be/0x820
[   43.427623]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   43.432803] 
[   43.434414] The buggy address belongs to the object at ffff8801bd8bce80
[   43.434414]  which belongs to the cache kmalloc-96 of size 96
[   43.446885] The buggy address is located 8 bytes to the right of
[   43.446885]  96-byte region [ffff8801bd8bce80, ffff8801bd8bcee0)
[   43.459024] The buggy address belongs to the page:
[   43.463946] page:ffffea0006f62f00 count:1 mapcount:0 mapping:ffff8801da8004c0 index:0x0
[   43.472087] flags: 0x2fffc0000000100(slab)
[   43.476317] raw: 02fffc0000000100 ffffea0006faf288 ffffea00070b8448 ffff8801da8004c0
[   43.484190] raw: 0000000000000000 ffff8801bd8bc000 0000000100000020 0000000000000000
[   43.492063] page dumped because: kasan: bad access detected
[   43.497761] 
[   43.499386] Memory state around the buggy address:
[   43.504302]  ffff8801bd8bcd80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   43.511672]  ffff8801bd8bce00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   43.519021] >ffff8801bd8bce80: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[   43.526365]                                                           ^
[   43.533100]  ffff8801bd8bcf00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   43.540440]  ffff8801bd8bcf80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   43.547778] ==================================================================
[   43.555120] Disabling lock debugging due to kernel taint
[   43.560854] Kernel panic - not syncing: panic_on_warn set ...
[   43.560854] 
[   43.568606] CPU: 1 PID: 5384 Comm: syz-executor055 Tainted: G    B             4.19.0+ #303
[   43.577096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   43.586439] Call Trace:
[   43.589015]  dump_stack+0x244/0x39d
[   43.592626]  ? dump_stack_print_info.cold.1+0x20/0x20
[   43.597802]  panic+0x238/0x4e7
[   43.600983]  ? add_taint.cold.5+0x16/0x16
[   43.605118]  ? preempt_schedule+0x4d/0x60
[   43.609250]  ? ___preempt_schedule+0x16/0x18
[   43.613646]  ? trace_hardirqs_on+0xb4/0x310
[   43.617971]  kasan_end_report+0x47/0x4f
[   43.621939]  kasan_report.cold.8+0x76/0x309
[   43.626247]  ? sctp_getsockopt+0x7516/0x7cc2
[   43.630655]  __asan_report_load8_noabort+0x14/0x20
[   43.635568]  sctp_getsockopt+0x7516/0x7cc2
[   43.639785]  ? trace_hardirqs_off_caller+0x310/0x310
[   43.644876]  ? compat_start_thread+0x80/0x80
[   43.649274]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   43.655488]  ? kasan_check_write+0x14/0x20
[   43.659709]  ? finish_task_switch+0x2f4/0x910
[   43.664188]  ? __switch_to_asm+0x40/0x70
[   43.668247]  ? preempt_notifier_register+0x200/0x200
[   43.673338]  ? __switch_to_asm+0x34/0x70
[   43.677397]  ? __switch_to_asm+0x34/0x70
[   43.681455]  ? __switch_to_asm+0x40/0x70
[   43.685496]  ? __switch_to_asm+0x34/0x70
[   43.689539]  ? __switch_to_asm+0x40/0x70
[   43.693583]  ? __switch_to_asm+0x34/0x70
[   43.697625]  ? __switch_to_asm+0x40/0x70
[   43.701669]  ? __switch_to_asm+0x34/0x70
[   43.705713]  ? __switch_to_asm+0x34/0x70
[   43.709761]  ? __switch_to_asm+0x40/0x70
[   43.713821]  ? __switch_to_asm+0x34/0x70
[   43.717864]  ? __switch_to_asm+0x40/0x70
[   43.721919]  ? __switch_to_asm+0x34/0x70
[   43.725964]  ? __switch_to_asm+0x40/0x70
[   43.730015]  ? __schedule+0x8d7/0x21d0
[   43.733911]  ? __sched_text_start+0x8/0x8
[   43.738045]  ? zap_class+0x640/0x640
[   43.741741]  ? plist_check_list+0xa0/0xa0
[   43.745873]  ? lock_pin_lock+0x350/0x350
[   43.749931]  ? perf_trace_sched_process_exec+0x860/0x860
[   43.755365]  ? print_usage_bug+0xc0/0xc0
[   43.759409]  ? do_raw_spin_trylock+0x270/0x270
[   43.763971]  ? lock_acquire+0x1ed/0x520
[   43.767936]  ? __might_sleep+0x95/0x190
[   43.771893]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   43.777413]  ? futex_wait_queue_me+0x55d/0x840
[   43.781990]  ? __lock_acquire+0x62f/0x4c20
[   43.786226]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   43.791773]  ? get_futex_value_locked+0xcb/0xf0
[   43.796443]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   43.801442]  ? futex_wait_setup+0x266/0x3e0
[   43.805750]  ? mark_held_locks+0x130/0x130
[   43.809981]  ? futex_wake+0x760/0x760
[   43.813776]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   43.818966]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   43.824060]  ? futex_wait+0x5ec/0xa50
[   43.827846]  ? futex_wait_setup+0x3e0/0x3e0
[   43.832151]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   43.837354]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   43.842459]  ? futex_wake+0x304/0x760
[   43.846250]  ? _raw_spin_unlock_bh+0x30/0x40
[   43.850660]  ? zap_class+0x640/0x640
[   43.854404]  ? find_held_lock+0x36/0x1c0
[   43.858454]  ? __fget+0x4aa/0x740
[   43.861892]  ? lock_downgrade+0x900/0x900
[   43.866045]  ? check_preemption_disabled+0x48/0x280
[   43.871050]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   43.875962]  ? kasan_check_read+0x11/0x20
[   43.880104]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   43.885364]  ? rcu_softirq_qs+0x20/0x20
[   43.889345]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   43.894868]  ? aa_label_sk_perm+0x46d/0x8e0
[   43.899190]  ? aa_profile_af_perm+0x410/0x410
[   43.903669]  ? ksys_dup3+0x680/0x680
[   43.907389]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   43.912911]  ? security_socket_sendmsg+0x94/0xc0
[   43.917667]  ? fput+0x130/0x1a0
[   43.920931]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   43.933261]  ? aa_sk_perm+0x218/0x8b0
[   43.937050]  ? fget_raw+0x20/0x20
[   43.940485]  ? __do_page_fault+0x620/0xe60
[   43.944707]  ? aa_af_perm+0x5a0/0x5a0
[   43.948515]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   43.953428]  ? kasan_check_read+0x11/0x20
[   43.957576]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   43.962844]  sock_common_getsockopt+0x9a/0xe0
[   43.967326]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   43.973550]  ? sock_common_getsockopt+0x9a/0xe0
[   43.978202]  __sys_getsockopt+0x1ad/0x390
[   43.982334]  ? kernel_setsockopt+0x1d0/0x1d0
[   43.986730]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   43.991299]  ? trace_hardirqs_on+0xbd/0x310
[   43.995605]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   44.000951]  ? trace_hardirqs_off_caller+0x310/0x310
[   44.006041]  __x64_sys_getsockopt+0xbe/0x150
[   44.010430]  do_syscall_64+0x1b9/0x820
[   44.014300]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   44.019648]  ? syscall_return_slowpath+0x5e0/0x5e0
[   44.024560]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   44.029409]  ? trace_hardirqs_on_caller+0x310/0x310
[   44.034411]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   44.039412]  ? prepare_exit_to_usermode+0x291/0x3b0
[   44.044415]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   44.049244]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   44.054420] RIP: 0033:0x445789
[   44.057596] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   44.076485] RSP: 002b:00007f56abe21db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   44.084180] RAX: ffffffffffffffda RBX: 00000000006dac28 RCX: 0000000000445789
[   44.091430] RDX: 0000000000000074 RSI: 0000000000000084 RDI: 0000000000000003
[   44.098696] RBP: 00000000006dac20 R08: 0000000020000040 R09: 0000000000000000
[   44.105966] R10: 0000000020000080 R11: 0000000000000246 R12: 00000000006dac2c
[   44.113217] R13: 00007ffc52151bdf R14: 00007f56abe229c0 R15: 00000000006dad2c
[   44.121307] Kernel Offset: disabled
[   44.124934] Rebooting in 86400 seconds..