[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   27.138821] kauditd_printk_skb: 8 callbacks suppressed
[   27.138833] audit: type=1800 audit(1540511661.264:29): pid=5235 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   27.164702] audit: type=1800 audit(1540511661.274:30): pid=5235 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.12' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   35.863955] ==================================================================
[   35.871427] BUG: KASAN: slab-out-of-bounds in sctp_getsockopt+0x7516/0x7cc2
[   35.878517] Read of size 8 at addr ffff8801bac47768 by task syz-executor984/5393
[   35.886031] 
[   35.887647] CPU: 0 PID: 5393 Comm: syz-executor984 Not tainted 4.19.0+ #80
[   35.894638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.903973] Call Trace:
[   35.906553]  dump_stack+0x244/0x39d
[   35.910167]  ? dump_stack_print_info.cold.1+0x20/0x20
[   35.915346]  ? printk+0xa7/0xcf
[   35.918614]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   35.923376]  print_address_description.cold.7+0x9/0x1ff
[   35.928727]  kasan_report.cold.8+0x242/0x309
[   35.933122]  ? sctp_getsockopt+0x7516/0x7cc2
[   35.937525]  __asan_report_load8_noabort+0x14/0x20
[   35.942459]  sctp_getsockopt+0x7516/0x7cc2
[   35.946679]  ? trace_hardirqs_off_caller+0x310/0x310
[   35.951768]  ? compat_start_thread+0x80/0x80
[   35.956182]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   35.962400]  ? _raw_spin_unlock_irq+0x60/0x80
[   35.966883]  ? finish_task_switch+0x1f4/0x910
[   35.971363]  ? finish_task_switch+0x1b4/0x910
[   35.975845]  ? __switch_to_asm+0x34/0x70
[   35.979893]  ? preempt_notifier_register+0x200/0x200
[   35.984983]  ? __switch_to_asm+0x34/0x70
[   35.989030]  ? __switch_to_asm+0x34/0x70
[   35.993076]  ? __switch_to_asm+0x40/0x70
[   35.997118]  ? __switch_to_asm+0x34/0x70
[   36.001163]  ? __switch_to_asm+0x40/0x70
[   36.005208]  ? __switch_to_asm+0x34/0x70
[   36.009254]  ? __switch_to_asm+0x40/0x70
[   36.013300]  ? __switch_to_asm+0x34/0x70
[   36.017350]  ? __switch_to_asm+0x34/0x70
[   36.021396]  ? __switch_to_asm+0x40/0x70
[   36.025442]  ? __switch_to_asm+0x34/0x70
[   36.029485]  ? __switch_to_asm+0x40/0x70
[   36.033540]  ? __switch_to_asm+0x34/0x70
[   36.037606]  ? __switch_to_asm+0x40/0x70
[   36.041660]  ? __schedule+0x8d7/0x21d0
[   36.045542]  ? __enqueue_entity+0x10d/0x1f0
[   36.049855]  ? __sched_text_start+0x8/0x8
[   36.053989]  ? zap_class+0x640/0x640
[   36.057692]  ? plist_check_list+0xa0/0xa0
[   36.061825]  ? zap_class+0x640/0x640
[   36.065558]  ? perf_trace_sched_process_exec+0x860/0x860
[   36.071004]  ? print_usage_bug+0xc0/0xc0
[   36.075062]  ? do_raw_spin_trylock+0x270/0x270
[   36.079636]  ? lock_acquire+0x1ed/0x520
[   36.083601]  ? __might_sleep+0x95/0x190
[   36.087566]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.093089]  ? futex_wait_queue_me+0x55d/0x840
[   36.097669]  ? __lock_acquire+0x62f/0x4c20
[   36.101893]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.107432]  ? get_futex_value_locked+0xcb/0xf0
[   36.112104]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   36.117128]  ? futex_wait_setup+0x266/0x3e0
[   36.121485]  ? mark_held_locks+0x130/0x130
[   36.125738]  ? futex_wake+0x760/0x760
[   36.129558]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   36.134772]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   36.139978]  ? futex_wait+0x5ec/0xa50
[   36.143790]  ? futex_wait_setup+0x3e0/0x3e0
[   36.148135]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   36.153323]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   36.158426]  ? futex_wake+0x304/0x760
[   36.162231]  ? zap_class+0x640/0x640
[   36.165942]  ? find_held_lock+0x36/0x1c0
[   36.169995]  ? __fget+0x4aa/0x740
[   36.173431]  ? lock_downgrade+0x900/0x900
[   36.177565]  ? check_preemption_disabled+0x48/0x280
[   36.182570]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   36.187484]  ? kasan_check_read+0x11/0x20
[   36.191625]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   36.196887]  ? rcu_softirq_qs+0x20/0x20
[   36.208189]  ? __fget+0x4d1/0x740
[   36.211637]  ? ksys_dup3+0x680/0x680
[   36.215343]  ? trace_hardirqs_on+0xbd/0x310
[   36.219658]  ? __wake_up_common_lock+0x1d0/0x330
[   36.224400]  ? find_held_lock+0x36/0x1c0
[   36.228448]  ? __local_bh_enable_ip+0x160/0x260
[   36.233384]  ? __local_bh_enable_ip+0x160/0x260
[   36.238037]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   36.242608]  ? __fget_light+0x2e9/0x430
[   36.246567]  ? fget_raw+0x20/0x20
[   36.250008]  ? release_sock+0x1ec/0x2c0
[   36.253964]  ? release_sock+0x1ec/0x2c0
[   36.258185]  ? __local_bh_enable_ip+0x160/0x260
[   36.262839]  ? _raw_spin_unlock_bh+0x30/0x40
[   36.267230]  ? release_sock+0x1ec/0x2c0
[   36.271211]  sock_common_getsockopt+0x9a/0xe0
[   36.275696]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   36.281913]  ? sock_common_getsockopt+0x9a/0xe0
[   36.286566]  __sys_getsockopt+0x1ad/0x390
[   36.290700]  ? kernel_setsockopt+0x1d0/0x1d0
[   36.295109]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   36.299676]  ? trace_hardirqs_on+0xbd/0x310
[   36.303984]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   36.309331]  ? trace_hardirqs_off_caller+0x310/0x310
[   36.314423]  __x64_sys_getsockopt+0xbe/0x150
[   36.318821]  do_syscall_64+0x1b9/0x820
[   36.322694]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   36.328047]  ? syscall_return_slowpath+0x5e0/0x5e0
[   36.332962]  ? trace_hardirqs_on_caller+0x310/0x310
[   36.337963]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   36.343213]  ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250
[   36.349866]  ? __switch_to_asm+0x40/0x70
[   36.353921]  ? __switch_to_asm+0x34/0x70
[   36.357990]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   36.362817]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   36.367992] RIP: 0033:0x445789
[   36.371173] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   36.390068] RSP: 002b:00007fe7edf5cdb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   36.397772] RAX: ffffffffffffffda RBX: 00000000006dac48 RCX: 0000000000445789
[   36.405022] RDX: 0000000000000074 RSI: 0000000000000084 RDI: 0000000000000003
[   36.412275] RBP: 00000000006dac40 R08: 0000000020000040 R09: 0000000000000000
[   36.419529] R10: 0000000020000080 R11: 0000000000000246 R12: 00000000006dac4c
[   36.426784] R13: 00007ffcbfe4ae6f R14: 00007fe7edf5d9c0 R15: 00000000006dad2c
[   36.434048] 
[   36.435667] Allocated by task 5392:
[   36.439302]  save_stack+0x43/0xd0
[   36.442742]  kasan_kmalloc+0xc7/0xe0
[   36.446441]  kmem_cache_alloc_trace+0x152/0x750
[   36.451107]  sctp_stream_init_ext+0x4f/0xf0
[   36.455441]  sctp_sendmsg_to_asoc+0x1308/0x1a20
[   36.460102]  sctp_sendmsg+0x13c2/0x1da0
[   36.464081]  inet_sendmsg+0x1a1/0x690
[   36.467877]  sock_sendmsg+0xd5/0x120
[   36.471587]  __sys_sendto+0x3d7/0x670
[   36.475386]  __x64_sys_sendto+0xe1/0x1a0
[   36.479464]  do_syscall_64+0x1b9/0x820
[   36.483351]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   36.488544] 
[   36.490168] Freed by task 3192:
[   36.493463]  save_stack+0x43/0xd0
[   36.496901]  __kasan_slab_free+0x102/0x150
[   36.501122]  kasan_slab_free+0xe/0x10
[   36.504910]  kfree+0xcf/0x230
[   36.508002]  kernfs_put_open_node.isra.7+0x2a4/0x420
[   36.513106]  kernfs_fop_release+0xec/0x1a0
[   36.517327]  __fput+0x385/0xa30
[   36.520590]  ____fput+0x15/0x20
[   36.523858]  task_work_run+0x1e8/0x2a0
[   36.527736]  exit_to_usermode_loop+0x318/0x380
[   36.532303]  do_syscall_64+0x6be/0x820
[   36.536179]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   36.541344] 
[   36.542955] The buggy address belongs to the object at ffff8801bac47700
[   36.542955]  which belongs to the cache kmalloc-96 of size 96
[   36.555606] The buggy address is located 8 bytes to the right of
[   36.555606]  96-byte region [ffff8801bac47700, ffff8801bac47760)
[   36.567721] The buggy address belongs to the page:
[   36.572633] page:ffffea0006eb11c0 count:1 mapcount:0 mapping:ffff8801da8004c0 index:0x0
[   36.580760] flags: 0x2fffc0000000100(slab)
[   36.584982] raw: 02fffc0000000100 ffffea0006ed8948 ffffea0006ee0d08 ffff8801da8004c0
[   36.592846] raw: 0000000000000000 ffff8801bac47000 0000000100000020 0000000000000000
[   36.600706] page dumped because: kasan: bad access detected
[   36.606393] 
[   36.607996] Memory state around the buggy address:
[   36.612905]  ffff8801bac47600: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   36.620252]  ffff8801bac47680: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   36.627601] >ffff8801bac47700: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[   36.634937]                                                           ^
[   36.641672]  ffff8801bac47780: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   36.649042]  ffff8801bac47800: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   36.656400] ==================================================================
[   36.663739] Disabling lock debugging due to kernel taint
[   36.669838] Kernel panic - not syncing: panic_on_warn set ...
[   36.669838] 
[   36.677241] CPU: 0 PID: 5393 Comm: syz-executor984 Tainted: G    B             4.19.0+ #80
[   36.685645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   36.695011] Call Trace:
[   36.697598]  dump_stack+0x244/0x39d
[   36.701211]  ? dump_stack_print_info.cold.1+0x20/0x20
[   36.706391]  panic+0x238/0x4e7
[   36.709569]  ? add_taint.cold.5+0x16/0x16
[   36.713704]  ? preempt_schedule+0x4d/0x60
[   36.717835]  ? ___preempt_schedule+0x16/0x18
[   36.722227]  ? trace_hardirqs_on+0xb4/0x310
[   36.726548]  kasan_end_report+0x47/0x4f
[   36.730515]  kasan_report.cold.8+0x76/0x309
[   36.734828]  ? sctp_getsockopt+0x7516/0x7cc2
[   36.739223]  __asan_report_load8_noabort+0x14/0x20
[   36.744139]  sctp_getsockopt+0x7516/0x7cc2
[   36.748358]  ? trace_hardirqs_off_caller+0x310/0x310
[   36.753450]  ? compat_start_thread+0x80/0x80
[   36.757848]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   36.764066]  ? _raw_spin_unlock_irq+0x60/0x80
[   36.768547]  ? finish_task_switch+0x1f4/0x910
[   36.773036]  ? finish_task_switch+0x1b4/0x910
[   36.777555]  ? __switch_to_asm+0x34/0x70
[   36.781614]  ? preempt_notifier_register+0x200/0x200
[   36.786710]  ? __switch_to_asm+0x34/0x70
[   36.790753]  ? __switch_to_asm+0x34/0x70
[   36.794967]  ? __switch_to_asm+0x40/0x70
[   36.799012]  ? __switch_to_asm+0x34/0x70
[   36.803057]  ? __switch_to_asm+0x40/0x70
[   36.807109]  ? __switch_to_asm+0x34/0x70
[   36.811154]  ? __switch_to_asm+0x40/0x70
[   36.815196]  ? __switch_to_asm+0x34/0x70
[   36.819241]  ? __switch_to_asm+0x34/0x70
[   36.823297]  ? __switch_to_asm+0x40/0x70
[   36.827339]  ? __switch_to_asm+0x34/0x70
[   36.831382]  ? __switch_to_asm+0x40/0x70
[   36.835425]  ? __switch_to_asm+0x34/0x70
[   36.839464]  ? __switch_to_asm+0x40/0x70
[   36.843516]  ? __schedule+0x8d7/0x21d0
[   36.847434]  ? __enqueue_entity+0x10d/0x1f0
[   36.851750]  ? __sched_text_start+0x8/0x8
[   36.855893]  ? zap_class+0x640/0x640
[   36.859601]  ? plist_check_list+0xa0/0xa0
[   36.863740]  ? zap_class+0x640/0x640
[   36.867460]  ? perf_trace_sched_process_exec+0x860/0x860
[   36.872899]  ? print_usage_bug+0xc0/0xc0
[   36.876943]  ? do_raw_spin_trylock+0x270/0x270
[   36.881516]  ? lock_acquire+0x1ed/0x520
[   36.885480]  ? __might_sleep+0x95/0x190
[   36.889437]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.894978]  ? futex_wait_queue_me+0x55d/0x840
[   36.899561]  ? __lock_acquire+0x62f/0x4c20
[   36.903783]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   36.909334]  ? get_futex_value_locked+0xcb/0xf0
[   36.914019]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   36.919044]  ? futex_wait_setup+0x266/0x3e0
[   36.923360]  ? mark_held_locks+0x130/0x130
[   36.927581]  ? futex_wake+0x760/0x760
[   36.931375]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   36.936584]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   36.941677]  ? futex_wait+0x5ec/0xa50
[   36.945466]  ? futex_wait_setup+0x3e0/0x3e0
[   36.949783]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   36.954979]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   36.960064]  ? futex_wake+0x304/0x760
[   36.963858]  ? zap_class+0x640/0x640
[   36.967559]  ? find_held_lock+0x36/0x1c0
[   36.971610]  ? __fget+0x4aa/0x740
[   36.975043]  ? lock_downgrade+0x900/0x900
[   36.979171]  ? check_preemption_disabled+0x48/0x280
[   36.984173]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   36.989085]  ? kasan_check_read+0x11/0x20
[   36.993252]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   36.998517]  ? rcu_softirq_qs+0x20/0x20
[   37.002482]  ? __fget+0x4d1/0x740
[   37.005952]  ? ksys_dup3+0x680/0x680
[   37.009646]  ? trace_hardirqs_on+0xbd/0x310
[   37.013953]  ? __wake_up_common_lock+0x1d0/0x330
[   37.018689]  ? find_held_lock+0x36/0x1c0
[   37.022740]  ? __local_bh_enable_ip+0x160/0x260
[   37.027388]  ? __local_bh_enable_ip+0x160/0x260
[   37.032044]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   37.036616]  ? __fget_light+0x2e9/0x430
[   37.040574]  ? fget_raw+0x20/0x20
[   37.044008]  ? release_sock+0x1ec/0x2c0
[   37.047961]  ? release_sock+0x1ec/0x2c0
[   37.051920]  ? __local_bh_enable_ip+0x160/0x260
[   37.056576]  ? _raw_spin_unlock_bh+0x30/0x40
[   37.060968]  ? release_sock+0x1ec/0x2c0
[   37.064951]  sock_common_getsockopt+0x9a/0xe0
[   37.069432]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   37.075648]  ? sock_common_getsockopt+0x9a/0xe0
[   37.080299]  __sys_getsockopt+0x1ad/0x390
[   37.084440]  ? kernel_setsockopt+0x1d0/0x1d0
[   37.088829]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   37.093396]  ? trace_hardirqs_on+0xbd/0x310
[   37.097722]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.103067]  ? trace_hardirqs_off_caller+0x310/0x310
[   37.108167]  __x64_sys_getsockopt+0xbe/0x150
[   37.112598]  do_syscall_64+0x1b9/0x820
[   37.116496]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   37.121876]  ? syscall_return_slowpath+0x5e0/0x5e0
[   37.126793]  ? trace_hardirqs_on_caller+0x310/0x310
[   37.131801]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   37.136803]  ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250
[   37.143463]  ? __switch_to_asm+0x40/0x70
[   37.147506]  ? __switch_to_asm+0x34/0x70
[   37.151566]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.156397]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.161569] RIP: 0033:0x445789
[   37.164746] Code: e8 6c b6 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 12 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   37.183641] RSP: 002b:00007fe7edf5cdb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   37.191349] RAX: ffffffffffffffda RBX: 00000000006dac48 RCX: 0000000000445789
[   37.198602] RDX: 0000000000000074 RSI: 0000000000000084 RDI: 0000000000000003
[   37.205855] RBP: 00000000006dac40 R08: 0000000020000040 R09: 0000000000000000
[   37.213108] R10: 0000000020000080 R11: 0000000000000246 R12: 00000000006dac4c
[   37.220366] R13: 00007ffcbfe4ae6f R14: 00007fe7edf5d9c0 R15: 00000000006dad2c
[   37.228576] Kernel Offset: disabled
[   37.232205] Rebooting in 86400 seconds..