[info] Using makefile-style concurrent boot in runlevel 2. [ 27.123382] audit: type=1800 audit(1542404140.684:21): pid=5904 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts. 2018/11/16 21:40:38 parsed 1 programs 2018/11/16 21:40:39 executed programs: 0 syzkaller login: [ 326.346476] IPVS: ftp: loaded support on port[0] = 21 [ 326.361255] IPVS: ftp: loaded support on port[0] = 21 [ 326.363046] IPVS: ftp: loaded support on port[0] = 21 [ 326.372185] IPVS: ftp: loaded support on port[0] = 21 [ 326.376962] IPVS: ftp: loaded support on port[0] = 21 [ 326.406370] IPVS: ftp: loaded support on port[0] = 21 [ 327.612046] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.621436] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.629581] device bridge_slave_0 entered promiscuous mode [ 327.637993] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.646912] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.655035] device bridge_slave_0 entered promiscuous mode [ 327.665173] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.671704] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.680692] device bridge_slave_0 entered promiscuous mode [ 327.697516] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.703991] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.711334] device bridge_slave_0 entered promiscuous mode [ 327.722120] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.732811] bridge0: port 2(bridge_slave_1) entered disabled state [ 327.740927] device bridge_slave_1 entered promiscuous mode [ 327.747761] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.754709] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.762071] device bridge_slave_0 entered promiscuous mode [ 327.771110] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.777959] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.788523] device bridge_slave_0 entered promiscuous mode [ 327.795653] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.802024] bridge0: port 2(bridge_slave_1) entered disabled state [ 327.809985] device bridge_slave_1 entered promiscuous mode [ 327.818828] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.826218] bridge0: port 2(bridge_slave_1) entered disabled state [ 327.833320] device bridge_slave_1 entered promiscuous mode [ 327.842220] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.848871] bridge0: port 2(bridge_slave_1) entered disabled state [ 327.856611] device bridge_slave_1 entered promiscuous mode [ 327.865029] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.871467] bridge0: port 2(bridge_slave_1) entered disabled state [ 327.880435] device bridge_slave_1 entered promiscuous mode [ 327.888708] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 327.898604] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.905638] bridge0: port 2(bridge_slave_1) entered disabled state [ 327.913902] device bridge_slave_1 entered promiscuous mode [ 327.921866] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 327.935258] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 327.942423] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 327.956859] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 327.971173] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 327.996894] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 328.008010] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 328.020007] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 328.030078] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 328.039548] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 328.049768] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 328.214793] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 328.236077] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 328.254720] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 328.276415] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 328.305052] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 328.318128] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 328.331793] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 328.341169] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 328.356999] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 328.376881] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 328.391855] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 328.411181] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 328.422345] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 328.436539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 328.453359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 328.464244] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 328.471261] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 328.479965] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 328.493979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 328.501708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 328.525033] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 328.532128] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 328.544742] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 328.553114] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 328.576135] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 328.591222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 328.599190] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 328.607426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 328.617865] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 328.627249] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 328.646244] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 328.653122] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 328.666485] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 328.682588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 328.727296] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 328.746171] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 328.808982] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 328.825174] team0: Port device team_slave_0 added [ 328.841475] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 328.858952] team0: Port device team_slave_0 added [ 328.868088] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 328.875998] team0: Port device team_slave_0 added [ 328.884392] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 328.892267] team0: Port device team_slave_1 added [ 328.902435] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 328.910939] team0: Port device team_slave_0 added [ 328.925953] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 328.933149] team0: Port device team_slave_0 added [ 328.940988] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 328.951397] team0: Port device team_slave_1 added [ 328.962966] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 328.981867] team0: Port device team_slave_1 added [ 328.990016] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 328.998271] team0: Port device team_slave_1 added [ 329.004321] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 329.020621] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 329.032388] team0: Port device team_slave_1 added [ 329.041017] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 329.052726] team0: Port device team_slave_0 added [ 329.086994] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 329.102114] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 329.110643] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 329.119379] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 329.129243] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 329.152686] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 329.169407] team0: Port device team_slave_1 added [ 329.178175] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 329.199963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 329.208007] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 329.215579] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 329.223148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 329.234279] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 329.241650] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 329.251656] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 329.260913] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 329.278725] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 329.288131] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 329.300535] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 329.308814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 329.317781] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 329.326283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 329.336448] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 329.343478] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 329.356990] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 329.365844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 329.374454] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 329.385037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 329.401259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 329.409252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 329.417342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 329.425806] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 329.434860] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 329.442692] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 329.459933] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 329.476662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 329.488207] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 329.504291] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 329.512251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 329.520712] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 329.528588] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 329.536289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 329.544088] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 329.557832] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 329.573485] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 329.593455] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 329.616949] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 329.632753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 329.641340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 329.655984] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 329.669679] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 329.678084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 329.703842] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 329.717766] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 329.736591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 330.185653] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.192209] bridge0: port 2(bridge_slave_1) entered forwarding state [ 330.199590] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.205991] bridge0: port 1(bridge_slave_0) entered forwarding state [ 330.222517] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 330.235719] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.242097] bridge0: port 2(bridge_slave_1) entered forwarding state [ 330.248826] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.255223] bridge0: port 1(bridge_slave_0) entered forwarding state [ 330.263414] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 330.302883] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.309345] bridge0: port 2(bridge_slave_1) entered forwarding state [ 330.316216] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.322574] bridge0: port 1(bridge_slave_0) entered forwarding state [ 330.339120] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 330.346269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 330.355157] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 330.362399] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 330.432492] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.438953] bridge0: port 2(bridge_slave_1) entered forwarding state [ 330.445621] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.451963] bridge0: port 1(bridge_slave_0) entered forwarding state [ 330.461246] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 330.477576] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.484066] bridge0: port 2(bridge_slave_1) entered forwarding state [ 330.490721] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.497105] bridge0: port 1(bridge_slave_0) entered forwarding state [ 330.522717] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 330.536657] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.543028] bridge0: port 2(bridge_slave_1) entered forwarding state [ 330.549673] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.556096] bridge0: port 1(bridge_slave_0) entered forwarding state [ 330.565127] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 331.395663] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 331.402919] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 331.418119] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 332.852043] 8021q: adding VLAN 0 to HW filter on device bond0 [ 332.990745] 8021q: adding VLAN 0 to HW filter on device bond0 [ 333.011345] 8021q: adding VLAN 0 to HW filter on device bond0 [ 333.067643] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 333.108485] 8021q: adding VLAN 0 to HW filter on device bond0 [ 333.159714] 8021q: adding VLAN 0 to HW filter on device bond0 [ 333.188824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 333.220599] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 333.289226] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 333.311885] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 333.336918] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 333.344624] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 333.411141] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 333.417645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 333.425349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 333.443087] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 333.457415] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 333.499485] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 333.534282] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 333.540478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 333.547839] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 333.585509] 8021q: adding VLAN 0 to HW filter on device team0 [ 333.671447] 8021q: adding VLAN 0 to HW filter on device team0 [ 333.686095] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 333.698102] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 333.713547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 333.738684] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 333.760070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 333.768751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 333.800065] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 333.817039] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 333.826334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 333.856531] 8021q: adding VLAN 0 to HW filter on device team0 [ 333.991838] 8021q: adding VLAN 0 to HW filter on device team0 [ 334.006456] 8021q: adding VLAN 0 to HW filter on device team0 [ 334.065264] 8021q: adding VLAN 0 to HW filter on device team0 2018/11/16 21:40:49 executed programs: 6 2018/11/16 21:40:54 executed programs: 42 2018/11/16 21:40:59 executed programs: 76 2018/11/16 21:41:05 executed programs: 110 2018/11/16 21:41:10 executed programs: 144 2018/11/16 21:41:15 executed programs: 180 2018/11/16 21:41:20 executed programs: 215 2018/11/16 21:41:25 executed programs: 247 2018/11/16 21:41:30 executed programs: 282 2018/11/16 21:41:36 executed programs: 318 2018/11/16 21:41:41 executed programs: 354 2018/11/16 21:41:46 executed programs: 389 2018/11/16 21:41:51 executed programs: 421 2018/11/16 21:41:57 executed programs: 456 2018/11/16 21:42:02 executed programs: 491 2018/11/16 21:42:07 executed programs: 525 2018/11/16 21:42:12 executed programs: 558 2018/11/16 21:42:17 executed programs: 593 2018/11/16 21:42:22 executed programs: 626 2018/11/16 21:42:27 executed programs: 660 2018/11/16 21:42:32 executed programs: 695 [ 443.263241] ================================================================== [ 443.271305] BUG: KASAN: use-after-free in sctp_epaddr_lookup_transport+0xacb/0xb20 [ 443.279005] Read of size 8 at addr ffff8881c3eaa370 by task syz-executor0/13198 [ 443.286447] [ 443.288077] CPU: 0 PID: 13198 Comm: syz-executor0 Not tainted 4.20.0-rc2+ #298 [ 443.295478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 443.304846] Call Trace: [ 443.307447] dump_stack+0x244/0x39d [ 443.311086] ? dump_stack_print_info.cold.1+0x20/0x20 [ 443.316442] ? printk+0xa7/0xcf [ 443.319710] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 443.324457] ? call_rcu+0xb/0x10 [ 443.327828] print_address_description.cold.7+0x9/0x1ff [ 443.333183] kasan_report.cold.8+0x242/0x309 [ 443.337579] ? sctp_epaddr_lookup_transport+0xacb/0xb20 [ 443.342952] __asan_report_load8_noabort+0x14/0x20 [ 443.347882] sctp_epaddr_lookup_transport+0xacb/0xb20 [ 443.353068] ? sctp_v4_err+0xb50/0xb50 [ 443.356953] ? zap_class+0x640/0x640 [ 443.360678] ? lock_acquire+0x1ed/0x520 [ 443.364651] ? sctp_endpoint_lookup_assoc+0x86/0x290 [ 443.369750] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 443.375350] ? check_preemption_disabled+0x48/0x280 [ 443.380383] ? kasan_check_read+0x11/0x20 [ 443.384558] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 443.389822] ? rcu_softirq_qs+0x20/0x20 [ 443.393807] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 443.399013] sctp_endpoint_lookup_assoc+0xe0/0x290 [ 443.404056] sctp_addr_id2transport+0x1f8/0x370 [ 443.408727] ? sctp_getsockopt_sctp_status+0xad0/0xad0 [ 443.413997] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 443.419537] ? sctp_v4_is_any+0x43/0x60 [ 443.423522] sctp_getsockopt_peer_addr_params+0x17c/0x1260 [ 443.429165] ? sctp_setsockopt_primary_addr+0x290/0x290 [ 443.434545] ? __local_bh_enable_ip+0x160/0x260 [ 443.439216] sctp_getsockopt+0x44f9/0x7d32 [ 443.443504] ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0 [ 443.449790] ? print_usage_bug+0xc0/0xc0 [ 443.453872] ? __lock_acquire+0x62f/0x4c20 [ 443.458117] ? mark_held_locks+0x130/0x130 [ 443.462353] ? print_usage_bug+0xc0/0xc0 [ 443.466415] ? print_usage_bug+0xc0/0xc0 [ 443.470509] ? zap_class+0x640/0x640 [ 443.474262] ? __lock_acquire+0x62f/0x4c20 [ 443.478505] ? find_held_lock+0x36/0x1c0 [ 443.482571] ? __fget+0x4aa/0x740 [ 443.486016] ? lock_downgrade+0x900/0x900 [ 443.490151] ? check_preemption_disabled+0x48/0x280 [ 443.495178] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 443.500113] ? kasan_check_read+0x11/0x20 [ 443.504279] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 443.504298] ? rcu_softirq_qs+0x20/0x20 [ 443.504325] ? __fget+0x4d1/0x740 [ 443.504346] ? ksys_dup3+0x680/0x680 [ 443.504376] ? perf_trace_sched_process_exec+0x860/0x860 [ 443.504392] ? find_held_lock+0x36/0x1c0 [ 443.504413] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 443.504428] ? aa_label_sk_perm+0x91/0x100 [ 443.504447] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 443.504461] ? aa_sk_perm+0x22b/0x8e0 [ 443.513797] ? fget_raw+0x20/0x20 [ 443.513827] ? lock_release+0xa00/0xa00 [ 443.513846] ? aa_af_perm+0x5a0/0x5a0 [ 443.513882] sock_common_getsockopt+0x9a/0xe0 [ 443.513900] ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0 [ 443.513913] ? sock_common_getsockopt+0x9a/0xe0 [ 443.513930] __sys_getsockopt+0x1ad/0x390 [ 443.513945] ? kernel_setsockopt+0x1d0/0x1d0 [ 443.513962] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 443.584177] ? trace_hardirqs_on+0xbd/0x310 [ 443.584196] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 443.584210] ? trace_hardirqs_off_caller+0x310/0x310 [ 443.584230] __x64_sys_getsockopt+0xbe/0x150 [ 443.593116] do_syscall_64+0x1b9/0x820 [ 443.611925] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 443.617302] ? syscall_return_slowpath+0x5e0/0x5e0 [ 443.622245] ? trace_hardirqs_on_caller+0x310/0x310 [ 443.627286] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 443.632302] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 443.638958] ? __switch_to_asm+0x40/0x70 [ 443.643008] ? __switch_to_asm+0x34/0x70 [ 443.647082] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 443.651925] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 443.657192] RIP: 0033:0x457569 [ 443.660392] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 443.679295] RSP: 002b:00007f8c5a269c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 443.687021] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457569 [ 443.694410] RDX: 0000000000000009 RSI: 0000000000000084 RDI: 0000000000000006 [ 443.701678] RBP: 000000000072c180 R08: 000000002044fffc R09: 0000000000000000 [ 443.708949] R10: 0000000020a68000 R11: 0000000000000246 R12: 00007f8c5a26a6d4 [ 443.716215] R13: 00000000004c8318 R14: 00000000004ce200 R15: 00000000ffffffff [ 443.723499] [ 443.725124] Allocated by task 13160: [ 443.725145] save_stack+0x43/0xd0 [ 443.725158] kasan_kmalloc+0xc7/0xe0 [ 443.725171] kmem_cache_alloc_trace+0x152/0x750 [ 443.725186] sctp_association_new+0x14e/0x2290 [ 443.725203] sctp_sendmsg_new_asoc+0x39c/0x11f0 [ 443.732339] sctp_sendmsg+0x18a5/0x1da0 [ 443.732351] inet_sendmsg+0x1a1/0x690 [ 443.732362] sock_sendmsg+0xd5/0x120 [ 443.732376] __sys_sendto+0x3d7/0x670 [ 443.765215] __x64_sys_sendto+0xe1/0x1a0 [ 443.769298] do_syscall_64+0x1b9/0x820 [ 443.773190] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 443.778377] [ 443.780009] Freed by task 13198: [ 443.783392] save_stack+0x43/0xd0 [ 443.786854] __kasan_slab_free+0x102/0x150 [ 443.791091] kasan_slab_free+0xe/0x10 [ 443.794892] kfree+0xcf/0x230 [ 443.798007] sctp_association_put+0x264/0x350 [ 443.802498] sctp_transport_put+0x186/0x1f0 [ 443.806839] sctp_hash_cmp+0x1ef/0x260 [ 443.810724] sctp_epaddr_lookup_transport+0x4fe/0xb20 [ 443.815904] sctp_endpoint_lookup_assoc+0xe0/0x290 [ 443.820837] sctp_addr_id2transport+0x1f8/0x370 [ 443.825506] sctp_getsockopt_peer_addr_params+0x17c/0x1260 [ 443.831288] sctp_getsockopt+0x44f9/0x7d32 [ 443.835525] sock_common_getsockopt+0x9a/0xe0 [ 443.840015] __sys_getsockopt+0x1ad/0x390 [ 443.844160] __x64_sys_getsockopt+0xbe/0x150 [ 443.848583] do_syscall_64+0x1b9/0x820 [ 443.852458] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 443.857632] [ 443.859255] The buggy address belongs to the object at ffff8881c3eaa2c0 [ 443.859255] which belongs to the cache kmalloc-4k of size 4096 [ 443.871922] The buggy address is located 176 bytes inside of [ 443.871922] 4096-byte region [ffff8881c3eaa2c0, ffff8881c3eab2c0) [ 443.871928] The buggy address belongs to the page: [ 443.871940] page:ffffea00070faa80 count:1 mapcount:0 mapping:ffff8881da800dc0 index:0x0 compound_mapcount: 0 [ 443.871955] flags: 0x2fffc0000010200(slab|head) [ 443.871974] raw: 02fffc0000010200 ffffea00070b4a08 ffffea00072dc308 ffff8881da800dc0 [ 443.871989] raw: 0000000000000000 ffff8881c3eaa2c0 0000000100000001 0000000000000000 [ 443.871994] page dumped because: kasan: bad access detected [ 443.871997] [ 443.872001] Memory state around the buggy address: [ 443.872019] ffff8881c3eaa200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 443.889906] kobject: 'loop1' (00000000e755a1a2): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 443.898845] ffff8881c3eaa280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 443.898856] >ffff8881c3eaa300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 443.898863] ^ [ 443.898873] ffff8881c3eaa380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 443.898884] ffff8881c3eaa400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 443.898889] ================================================================== [ 443.898894] Disabling lock debugging due to kernel taint [ 443.903842] Kernel panic - not syncing: panic_on_warn set ... [ 444.004107] CPU: 0 PID: 13198 Comm: syz-executor0 Tainted: G B 4.20.0-rc2+ #298 [ 444.012950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 444.022459] Call Trace: [ 444.025044] dump_stack+0x244/0x39d [ 444.028661] ? dump_stack_print_info.cold.1+0x20/0x20 [ 444.033941] panic+0x2ad/0x55c [ 444.037122] ? add_taint.cold.5+0x16/0x16 [ 444.041256] ? preempt_schedule+0x4d/0x60 [ 444.045389] ? ___preempt_schedule+0x16/0x18 [ 444.049779] ? trace_hardirqs_on+0xb4/0x310 [ 444.054200] kasan_end_report+0x47/0x4f [ 444.058309] kasan_report.cold.8+0x76/0x309 [ 444.062632] ? sctp_epaddr_lookup_transport+0xacb/0xb20 [ 444.068084] __asan_report_load8_noabort+0x14/0x20 [ 444.073033] sctp_epaddr_lookup_transport+0xacb/0xb20 [ 444.078495] ? sctp_v4_err+0xb50/0xb50 [ 444.082372] ? zap_class+0x640/0x640 [ 444.086087] ? lock_acquire+0x1ed/0x520 [ 444.090075] ? sctp_endpoint_lookup_assoc+0x86/0x290 [ 444.095176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 444.100697] ? check_preemption_disabled+0x48/0x280 [ 444.105698] ? kasan_check_read+0x11/0x20 [ 444.109834] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 444.111389] kobject: 'loop3' (0000000071b2e6f4): kobject_uevent_env [ 444.115100] ? rcu_softirq_qs+0x20/0x20 [ 444.115110] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 444.115123] sctp_endpoint_lookup_assoc+0xe0/0x290 [ 444.115138] sctp_addr_id2transport+0x1f8/0x370 [ 444.115147] ? sctp_getsockopt_sctp_status+0xad0/0xad0 [ 444.115161] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 444.121665] kobject: 'loop3' (0000000071b2e6f4): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 444.125552] ? sctp_v4_is_any+0x43/0x60 [ 444.125563] sctp_getsockopt_peer_addr_params+0x17c/0x1260 [ 444.125572] ? sctp_setsockopt_primary_addr+0x290/0x290 [ 444.125585] ? __local_bh_enable_ip+0x160/0x260 [ 444.125596] sctp_getsockopt+0x44f9/0x7d32 [ 444.125609] ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0 [ 444.125647] ? print_usage_bug+0xc0/0xc0 [ 444.195739] ? __lock_acquire+0x62f/0x4c20 [ 444.199977] ? mark_held_locks+0x130/0x130 [ 444.204217] ? print_usage_bug+0xc0/0xc0 [ 444.208400] ? print_usage_bug+0xc0/0xc0 [ 444.212451] ? zap_class+0x640/0x640 [ 444.216148] ? __lock_acquire+0x62f/0x4c20 [ 444.220370] ? find_held_lock+0x36/0x1c0 [ 444.224416] ? __fget+0x4aa/0x740 [ 444.227854] ? lock_downgrade+0x900/0x900 [ 444.231986] ? check_preemption_disabled+0x48/0x280 [ 444.236984] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 444.241917] ? kasan_check_read+0x11/0x20 [ 444.246045] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 444.251309] ? rcu_softirq_qs+0x20/0x20 [ 444.255271] ? __fget+0x4d1/0x740 [ 444.258715] ? ksys_dup3+0x680/0x680 [ 444.262435] ? perf_trace_sched_process_exec+0x860/0x860 [ 444.267870] ? find_held_lock+0x36/0x1c0 [ 444.271916] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 444.277435] ? aa_label_sk_perm+0x91/0x100 [ 444.281654] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 444.286566] ? aa_sk_perm+0x22b/0x8e0 [ 444.290362] ? fget_raw+0x20/0x20 [ 444.293805] ? lock_release+0xa00/0xa00 [ 444.297765] ? aa_af_perm+0x5a0/0x5a0 [ 444.301562] sock_common_getsockopt+0x9a/0xe0 [ 444.306049] ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0 [ 444.312267] ? sock_common_getsockopt+0x9a/0xe0 [ 444.317154] __sys_getsockopt+0x1ad/0x390 [ 444.321289] ? kernel_setsockopt+0x1d0/0x1d0 [ 444.325685] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 444.330255] ? trace_hardirqs_on+0xbd/0x310 [ 444.334574] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 444.339933] ? trace_hardirqs_off_caller+0x310/0x310 [ 444.345032] __x64_sys_getsockopt+0xbe/0x150 [ 444.349430] do_syscall_64+0x1b9/0x820 [ 444.353299] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 444.358647] ? syscall_return_slowpath+0x5e0/0x5e0 [ 444.363557] ? trace_hardirqs_on_caller+0x310/0x310 [ 444.368794] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 444.373946] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 444.380607] ? __switch_to_asm+0x40/0x70 [ 444.384653] ? __switch_to_asm+0x34/0x70 [ 444.388699] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 444.393530] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 444.398701] RIP: 0033:0x457569 [ 444.401890] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 444.420785] RSP: 002b:00007f8c5a269c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 444.428474] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457569 [ 444.435734] RDX: 0000000000000009 RSI: 0000000000000084 RDI: 0000000000000006 [ 444.442987] RBP: 000000000072c180 R08: 000000002044fffc R09: 0000000000000000 [ 444.450244] R10: 0000000020a68000 R11: 0000000000000246 R12: 00007f8c5a26a6d4 [ 444.457495] R13: 00000000004c8318 R14: 00000000004ce200 R15: 00000000ffffffff [ 444.465890] Kernel Offset: disabled [ 444.469554] Rebooting in 86400 seconds..