[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.15.197' (ECDSA) to the list of known hosts.
2020/03/30 22:50:48 parsed 1 programs
2020/03/30 22:50:50 executed programs: 0
syzkaller login: [ 1021.707465][   T27] audit: type=1400 audit(1585608650.101:8): avc:  denied  { execmem } for  pid=7191 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[ 1021.748481][ T7192] IPVS: ftp: loaded support on port[0] = 21
[ 1021.845779][ T7192] chnl_net:caif_netlink_parms(): no params data found
[ 1021.896378][ T7192] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1021.904046][ T7192] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1021.913117][ T7192] device bridge_slave_0 entered promiscuous mode
[ 1021.922633][ T7192] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1021.930920][ T7192] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1021.939296][ T7192] device bridge_slave_1 entered promiscuous mode
[ 1021.959563][ T7192] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1021.970474][ T7192] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1021.993739][ T7192] team0: Port device team_slave_0 added
[ 1022.001456][ T7192] team0: Port device team_slave_1 added
[ 1022.019749][ T7192] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1022.026985][ T7192] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1022.054528][ T7192] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1022.068252][ T7192] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1022.075225][ T7192] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1022.101966][ T7192] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1022.160043][ T7192] device hsr_slave_0 entered promiscuous mode
[ 1022.197166][ T7192] device hsr_slave_1 entered promiscuous mode
[ 1022.357364][ T7192] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1022.409480][ T7192] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1022.469472][ T7192] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1022.529421][ T7192] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1022.591865][ T7192] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1022.599207][ T7192] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1022.607067][ T7192] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1022.614130][ T7192] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1022.661503][ T7192] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1022.674980][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1022.686472][ T7157] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1022.694837][ T7157] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1022.703682][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 1022.717871][ T7192] 8021q: adding VLAN 0 to HW filter on device team0
[ 1022.729493][ T2801] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1022.738592][ T2801] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1022.745716][ T2801] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1022.768605][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1022.777547][ T7157] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1022.784588][ T7157] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1022.793324][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1022.803052][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1022.817213][ T2801] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1022.832941][ T7192] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1022.845218][ T7192] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1022.857997][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1022.867362][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1022.875979][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1022.884992][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1022.893903][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1022.917978][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1022.925405][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1022.940643][ T7192] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1022.966967][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1022.975723][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1022.989050][ T2801] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1022.997457][ T2801] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1023.007337][ T2801] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1023.014998][ T2801] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1023.024827][ T7192] device veth0_vlan entered promiscuous mode
[ 1023.036758][ T7192] device veth1_vlan entered promiscuous mode
[ 1023.058384][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1023.067424][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1023.075709][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1023.084777][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1023.095609][ T7192] device veth0_macvtap entered promiscuous mode
[ 1023.107896][ T7192] device veth1_macvtap entered promiscuous mode
[ 1023.124426][ T7192] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1023.133285][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1023.141558][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1023.149845][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1023.158896][ T7157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1023.171145][ T7192] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1023.179221][ T2801] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1023.188592][ T2801] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2020/03/30 22:50:55 executed programs: 71
2020/03/30 22:51:00 executed programs: 181
2020/03/30 22:51:05 executed programs: 289
2020/03/30 22:51:10 executed programs: 398
2020/03/30 22:51:15 executed programs: 510
2020/03/30 22:51:20 executed programs: 620
2020/03/30 22:51:25 executed programs: 728
2020/03/30 22:51:30 executed programs: 839
2020/03/30 22:51:35 executed programs: 950
2020/03/30 22:51:40 executed programs: 1058
2020/03/30 22:51:45 executed programs: 1168
2020/03/30 22:51:50 executed programs: 1279
2020/03/30 22:51:55 executed programs: 1390
2020/03/30 22:52:00 executed programs: 1501
2020/03/30 22:52:05 executed programs: 1607
2020/03/30 22:52:10 executed programs: 1715
2020/03/30 22:52:15 executed programs: 1825
2020/03/30 22:52:20 executed programs: 1936
2020/03/30 22:52:25 executed programs: 2047
2020/03/30 22:52:30 executed programs: 2158
2020/03/30 22:52:35 executed programs: 2266
2020/03/30 22:52:40 executed programs: 2370
2020/03/30 22:52:45 executed programs: 2478
2020/03/30 22:52:50 executed programs: 2586
2020/03/30 22:52:55 executed programs: 2695
2020/03/30 22:53:00 executed programs: 2805
2020/03/30 22:53:05 executed programs: 2914
2020/03/30 22:53:10 executed programs: 3025
2020/03/30 22:53:15 executed programs: 3139
2020/03/30 22:53:20 executed programs: 3248
2020/03/30 22:53:25 executed programs: 3359
2020/03/30 22:53:30 executed programs: 3468
2020/03/30 22:53:36 executed programs: 3577
2020/03/30 22:53:41 executed programs: 3687
2020/03/30 22:53:46 executed programs: 3797
2020/03/30 22:53:51 executed programs: 3908
2020/03/30 22:53:56 executed programs: 4018
2020/03/30 22:54:01 executed programs: 4127
2020/03/30 22:54:06 executed programs: 4234
2020/03/30 22:54:11 executed programs: 4345
2020/03/30 22:54:16 executed programs: 4451
2020/03/30 22:54:21 executed programs: 4557
2020/03/30 22:54:26 executed programs: 4666
2020/03/30 22:54:31 executed programs: 4775
2020/03/30 22:54:36 executed programs: 4880
2020/03/30 22:54:41 executed programs: 4986
[ 1257.594773][    T0] NOHZ: local_softirq_pending 08
2020/03/30 22:54:46 executed programs: 5098
2020/03/30 22:54:51 executed programs: 5206
2020/03/30 22:54:56 executed programs: 5314
2020/03/30 22:55:01 executed programs: 5421
2020/03/30 22:55:06 executed programs: 5527
2020/03/30 22:55:11 executed programs: 5634
2020/03/30 22:55:16 executed programs: 5747
2020/03/30 22:55:21 executed programs: 5858
2020/03/30 22:55:26 executed programs: 5967
2020/03/30 22:55:31 executed programs: 6073
2020/03/30 22:55:36 executed programs: 6182
2020/03/30 22:55:41 executed programs: 6292
2020/03/30 22:55:46 executed programs: 6403
2020/03/30 22:55:51 executed programs: 6510
2020/03/30 22:55:56 executed programs: 6624
2020/03/30 22:56:01 executed programs: 6735
2020/03/30 22:56:06 executed programs: 6844
2020/03/30 22:56:11 executed programs: 6957
2020/03/30 22:56:16 executed programs: 7069
2020/03/30 22:56:21 executed programs: 7182
2020/03/30 22:56:26 executed programs: 7294
2020/03/30 22:56:31 executed programs: 7406
2020/03/30 22:56:36 executed programs: 7513
2020/03/30 22:56:41 executed programs: 7622
2020/03/30 22:56:46 executed programs: 7732
2020/03/30 22:56:51 executed programs: 7843
2020/03/30 22:56:56 executed programs: 7952
2020/03/30 22:57:01 executed programs: 8064
2020/03/30 22:57:06 executed programs: 8173
2020/03/30 22:57:12 executed programs: 8284
2020/03/30 22:57:17 executed programs: 8396
2020/03/30 22:57:22 executed programs: 8510
2020/03/30 22:57:27 executed programs: 8621
2020/03/30 22:57:32 executed programs: 8732
2020/03/30 22:57:37 executed programs: 8840
2020/03/30 22:57:42 executed programs: 8951
2020/03/30 22:57:47 executed programs: 9058
[ 1441.899979][    T0] NOHZ: local_softirq_pending 08
2020/03/30 22:57:52 executed programs: 9167
2020/03/30 22:57:57 executed programs: 9277
2020/03/30 22:58:02 executed programs: 9389
2020/03/30 22:58:07 executed programs: 9498
2020/03/30 22:58:12 executed programs: 9607
2020/03/30 22:58:17 executed programs: 9715
2020/03/30 22:58:22 executed programs: 9830
[ 1476.721350][T23155] ==================================================================
[ 1476.729765][T23155] BUG: KASAN: use-after-free in sctp_sock_dump+0xa56/0xad0
[ 1476.736952][T23155] Read of size 8 at addr ffff88809117e4a0 by task syz-executor.0/23155
[ 1476.745162][T23155] 
[ 1476.747478][T23155] CPU: 0 PID: 23155 Comm: syz-executor.0 Not tainted 5.6.0-syzkaller #0
[ 1476.755777][T23155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1476.765812][T23155] Call Trace:
[ 1476.769195][T23155]  dump_stack+0x188/0x20d
[ 1476.773557][T23155]  ? sctp_sock_dump+0xa56/0xad0
[ 1476.778446][T23155]  ? sctp_sock_dump+0xa56/0xad0
[ 1476.783340][T23155]  print_address_description.constprop.0.cold+0xd3/0x315
[ 1476.790404][T23155]  ? sctp_sock_dump+0xa56/0xad0
[ 1476.795248][T23155]  ? sctp_sock_dump+0xa56/0xad0
[ 1476.800128][T23155]  __kasan_report.cold+0x1a/0x32
[ 1476.805152][T23155]  ? sctp_sock_dump+0xa56/0xad0
[ 1476.810024][T23155]  kasan_report+0xe/0x20
[ 1476.814273][T23155]  sctp_sock_dump+0xa56/0xad0
[ 1476.819080][T23155]  ? rwlock_bug.part.0+0x90/0x90
[ 1476.824109][T23155]  sctp_for_each_transport+0x27c/0x310
[ 1476.829587][T23155]  ? sctp_v6_copy_ip_options.cold+0x2e/0x2e
[ 1476.835488][T23155]  ? sctp_tsp_dump_one+0x6a0/0x6a0
[ 1476.840610][T23155]  ? sctp_transport_get_next+0x140/0x140
[ 1476.846249][T23155]  ? mark_held_locks+0x9f/0xe0
[ 1476.851098][T23155]  ? sctp_for_each_endpoint+0x11b/0x1b0
[ 1476.856685][T23155]  ? __local_bh_enable_ip+0x159/0x270
[ 1476.862044][T23155]  ? sctp_for_each_endpoint+0x150/0x1b0
[ 1476.867577][T23155]  sctp_diag_dump+0x2fd/0x3f0
[ 1476.872277][T23155]  ? sctp_diag_dump_one+0x4d0/0x4d0
[ 1476.877498][T23155]  ? __phys_addr+0x9a/0x110
[ 1476.882116][T23155]  ? __alloc_skb+0x3a7/0x5a0
[ 1476.886773][T23155]  __inet_diag_dump+0x99/0x130
[ 1476.891602][T23155]  netlink_dump+0x515/0xf30
[ 1476.896095][T23155]  ? __netlink_sendskb+0xb0/0xb0
[ 1476.901074][T23155]  ? __mutex_unlock_slowpath+0xe2/0x660
[ 1476.906614][T23155]  __netlink_dump_start+0x648/0x910
[ 1476.911855][T23155]  inet_diag_handler_cmd+0x23f/0x300
[ 1476.917134][T23155]  ? inet_diag_rcv_msg_compat+0x300/0x300
[ 1476.922835][T23155]  ? lock_acquire+0x197/0x420
[ 1476.927549][T23155]  ? sock_diag_rcv+0x17/0x40
[ 1476.932128][T23155]  ? inet_diag_dump_compat+0x300/0x300
[ 1476.937729][T23155]  sock_diag_rcv_msg+0x2fe/0x3e0
[ 1476.942679][T23155]  netlink_rcv_skb+0x15a/0x410
[ 1476.947435][T23155]  ? sock_diag_bind+0x80/0x80
[ 1476.952138][T23155]  ? netlink_ack+0xa10/0xa10
[ 1476.956774][T23155]  sock_diag_rcv+0x26/0x40
[ 1476.961184][T23155]  netlink_unicast+0x537/0x740
[ 1476.965944][T23155]  ? netlink_attachskb+0x810/0x810
[ 1476.971122][T23155]  ? _copy_from_iter_full+0x25c/0x870
[ 1476.976540][T23155]  netlink_sendmsg+0x882/0xe10
[ 1476.981314][T23155]  ? netlink_unicast+0x740/0x740
[ 1476.986245][T23155]  ? netlink_unicast+0x740/0x740
[ 1476.991167][T23155]  sock_sendmsg+0xcf/0x120
[ 1476.995565][T23155]  sock_write_iter+0x283/0x3c0
[ 1477.000323][T23155]  ? sock_sendmsg+0x120/0x120
[ 1477.005047][T23155]  ? inode_has_perm+0x1a6/0x230
[ 1477.009898][T23155]  ? selinux_file_open+0x450/0x450
[ 1477.015070][T23155]  do_iter_readv_writev+0x59c/0x840
[ 1477.020257][T23155]  ? no_seek_end_llseek_size+0x60/0x60
[ 1477.025751][T23155]  do_iter_write+0x185/0x600
[ 1477.030336][T23155]  vfs_writev+0x1b3/0x2f0
[ 1477.034687][T23155]  ? vfs_iter_write+0xa0/0xa0
[ 1477.039420][T23155]  ? rcu_read_lock_held_common+0x130/0x130
[ 1477.045282][T23155]  ? ksys_dup3+0x3c0/0x3c0
[ 1477.049684][T23155]  ? _copy_to_user+0x107/0x150
[ 1477.054436][T23155]  ? __fget_light+0x208/0x270
[ 1477.059097][T23155]  do_writev+0x279/0x2f0
[ 1477.063320][T23155]  ? vfs_writev+0x2f0/0x2f0
[ 1477.067846][T23155]  ? __ia32_sys_clock_settime+0x260/0x260
[ 1477.073598][T23155]  ? trace_hardirqs_off_caller+0x55/0x230
[ 1477.079343][T23155]  do_syscall_64+0xf6/0x7d0
[ 1477.083835][T23155]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1477.089707][T23155] RIP: 0033:0x45c849
[ 1477.093588][T23155] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1477.113257][T23155] RSP: 002b:00007fd7dd721c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1477.121666][T23155] RAX: ffffffffffffffda RBX: 00007fd7dd7226d4 RCX: 000000000045c849
[ 1477.129672][T23155] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000006
[ 1477.137631][T23155] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000
[ 1477.145590][T23155] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1477.153560][T23155] R13: 0000000000000d12 R14: 00000000004cb1d9 R15: 000000000076bfac
[ 1477.161532][T23155] 
[ 1477.163851][T23155] Allocated by task 23155:
[ 1477.168259][T23155]  save_stack+0x1b/0x80
[ 1477.172398][T23155]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[ 1477.178024][T23155]  kmem_cache_alloc_trace+0x153/0x7d0
[ 1477.183442][T23155]  sctp_endpoint_new+0x72/0xc40
[ 1477.188280][T23155]  sctp_init_sock+0xcdf/0x1430
[ 1477.193072][T23155]  inet6_create+0x9cb/0xf80
[ 1477.197618][T23155]  __sock_create+0x3cb/0x730
[ 1477.202188][T23155]  __sys_socket+0xef/0x200
[ 1477.206584][T23155]  __x64_sys_socket+0x6f/0xb0
[ 1477.211240][T23155]  do_syscall_64+0xf6/0x7d0
[ 1477.215723][T23155]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1477.221611][T23155] 
[ 1477.223920][T23155] Freed by task 23152:
[ 1477.227974][T23155]  save_stack+0x1b/0x80
[ 1477.232117][T23155]  __kasan_slab_free+0xf7/0x140
[ 1477.236947][T23155]  kfree+0x109/0x2b0
[ 1477.240835][T23155]  sctp_endpoint_put+0x21d/0x2c0
[ 1477.245751][T23155]  sctp_destroy_sock+0x9c/0x3c0
[ 1477.250582][T23155]  sctp_v6_destroy_sock+0x11/0x20
[ 1477.255710][T23155]  sk_common_release+0x64/0x370
[ 1477.260722][T23155]  sctp_close+0x4d2/0x8a0
[ 1477.265115][T23155]  inet_release+0xe4/0x1f0
[ 1477.269518][T23155]  inet6_release+0x4c/0x70
[ 1477.274021][T23155]  __sock_release+0xcd/0x280
[ 1477.278597][T23155]  sock_close+0x18/0x20
[ 1477.282733][T23155]  __fput+0x2da/0x850
[ 1477.286878][T23155]  task_work_run+0x13f/0x1b0
[ 1477.291486][T23155]  get_signal+0x2054/0x24e0
[ 1477.296001][T23155]  do_signal+0x7e/0x13f0
[ 1477.300242][T23155]  exit_to_usermode_loop+0x26c/0x360
[ 1477.305505][T23155]  do_syscall_64+0x6b1/0x7d0
[ 1477.310084][T23155]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1477.315956][T23155] 
[ 1477.318325][T23155] The buggy address belongs to the object at ffff88809117e400
[ 1477.318325][T23155]  which belongs to the cache kmalloc-512 of size 512
[ 1477.332362][T23155] The buggy address is located 160 bytes inside of
[ 1477.332362][T23155]  512-byte region [ffff88809117e400, ffff88809117e600)
[ 1477.345611][T23155] The buggy address belongs to the page:
[ 1477.351387][T23155] page:ffffea0002445f80 refcount:1 mapcount:0 mapping:ffff8880aa000a80 index:0x0
[ 1477.360480][T23155] flags: 0xfffe0000000200(slab)
[ 1477.365318][T23155] raw: 00fffe0000000200 ffffea00024f7f88 ffffea00024e5308 ffff8880aa000a80
[ 1477.373971][T23155] raw: 0000000000000000 ffff88809117e000 0000000100000004 0000000000000000
[ 1477.382552][T23155] page dumped because: kasan: bad access detected
[ 1477.388940][T23155] 
[ 1477.391246][T23155] Memory state around the buggy address:
[ 1477.396855][T23155]  ffff88809117e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1477.404903][T23155]  ffff88809117e400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1477.413025][T23155] >ffff88809117e480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1477.421121][T23155]                                ^
[ 1477.426215][T23155]  ffff88809117e500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1477.434267][T23155]  ffff88809117e580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1477.442328][T23155] ==================================================================
[ 1477.450394][T23155] Disabling lock debugging due to kernel taint
[ 1477.462257][T23155] Kernel panic - not syncing: panic_on_warn set ...
[ 1477.468879][T23155] CPU: 0 PID: 23155 Comm: syz-executor.0 Tainted: G    B             5.6.0-syzkaller #0
[ 1477.478583][T23155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1477.488750][T23155] Call Trace:
[ 1477.492047][T23155]  dump_stack+0x188/0x20d
[ 1477.496447][T23155]  panic+0x2e3/0x75c
[ 1477.500339][T23155]  ? add_taint.cold+0x16/0x16
[ 1477.505006][T23155]  ? preempt_schedule_common+0x5e/0xc0
[ 1477.510459][T23155]  ? sctp_sock_dump+0xa56/0xad0
[ 1477.515288][T23155]  ? ___preempt_schedule+0x16/0x18
[ 1477.520377][T23155]  ? trace_hardirqs_on+0x55/0x220
[ 1477.525377][T23155]  ? sctp_sock_dump+0xa56/0xad0
[ 1477.530231][T23155]  end_report+0x43/0x49
[ 1477.534398][T23155]  ? sctp_sock_dump+0xa56/0xad0
[ 1477.539236][T23155]  __kasan_report.cold+0xd/0x32
[ 1477.544062][T23155]  ? sctp_sock_dump+0xa56/0xad0
[ 1477.548889][T23155]  kasan_report+0xe/0x20
[ 1477.553109][T23155]  sctp_sock_dump+0xa56/0xad0
[ 1477.557764][T23155]  ? rwlock_bug.part.0+0x90/0x90
[ 1477.562691][T23155]  sctp_for_each_transport+0x27c/0x310
[ 1477.568138][T23155]  ? sctp_v6_copy_ip_options.cold+0x2e/0x2e
[ 1477.574018][T23155]  ? sctp_tsp_dump_one+0x6a0/0x6a0
[ 1477.579121][T23155]  ? sctp_transport_get_next+0x140/0x140
[ 1477.584798][T23155]  ? mark_held_locks+0x9f/0xe0
[ 1477.589662][T23155]  ? sctp_for_each_endpoint+0x11b/0x1b0
[ 1477.595189][T23155]  ? __local_bh_enable_ip+0x159/0x270
[ 1477.600561][T23155]  ? sctp_for_each_endpoint+0x150/0x1b0
[ 1477.606087][T23155]  sctp_diag_dump+0x2fd/0x3f0
[ 1477.610742][T23155]  ? sctp_diag_dump_one+0x4d0/0x4d0
[ 1477.615924][T23155]  ? __phys_addr+0x9a/0x110
[ 1477.620410][T23155]  ? __alloc_skb+0x3a7/0x5a0
[ 1477.625143][T23155]  __inet_diag_dump+0x99/0x130
[ 1477.629895][T23155]  netlink_dump+0x515/0xf30
[ 1477.634429][T23155]  ? __netlink_sendskb+0xb0/0xb0
[ 1477.639461][T23155]  ? __mutex_unlock_slowpath+0xe2/0x660
[ 1477.645007][T23155]  __netlink_dump_start+0x648/0x910
[ 1477.650199][T23155]  inet_diag_handler_cmd+0x23f/0x300
[ 1477.655463][T23155]  ? inet_diag_rcv_msg_compat+0x300/0x300
[ 1477.661184][T23155]  ? lock_acquire+0x197/0x420
[ 1477.665853][T23155]  ? sock_diag_rcv+0x17/0x40
[ 1477.670425][T23155]  ? inet_diag_dump_compat+0x300/0x300
[ 1477.675869][T23155]  sock_diag_rcv_msg+0x2fe/0x3e0
[ 1477.680834][T23155]  netlink_rcv_skb+0x15a/0x410
[ 1477.685579][T23155]  ? sock_diag_bind+0x80/0x80
[ 1477.690234][T23155]  ? netlink_ack+0xa10/0xa10
[ 1477.694909][T23155]  sock_diag_rcv+0x26/0x40
[ 1477.699305][T23155]  netlink_unicast+0x537/0x740
[ 1477.704061][T23155]  ? netlink_attachskb+0x810/0x810
[ 1477.709158][T23155]  ? _copy_from_iter_full+0x25c/0x870
[ 1477.714518][T23155]  netlink_sendmsg+0x882/0xe10
[ 1477.719268][T23155]  ? netlink_unicast+0x740/0x740
[ 1477.724186][T23155]  ? netlink_unicast+0x740/0x740
[ 1477.729100][T23155]  sock_sendmsg+0xcf/0x120
[ 1477.733496][T23155]  sock_write_iter+0x283/0x3c0
[ 1477.738233][T23155]  ? sock_sendmsg+0x120/0x120
[ 1477.742900][T23155]  ? inode_has_perm+0x1a6/0x230
[ 1477.747729][T23155]  ? selinux_file_open+0x450/0x450
[ 1477.752835][T23155]  do_iter_readv_writev+0x59c/0x840
[ 1477.758033][T23155]  ? no_seek_end_llseek_size+0x60/0x60
[ 1477.763488][T23155]  do_iter_write+0x185/0x600
[ 1477.768086][T23155]  vfs_writev+0x1b3/0x2f0
[ 1477.772412][T23155]  ? vfs_iter_write+0xa0/0xa0
[ 1477.777096][T23155]  ? rcu_read_lock_held_common+0x130/0x130
[ 1477.782886][T23155]  ? ksys_dup3+0x3c0/0x3c0
[ 1477.787280][T23155]  ? _copy_to_user+0x107/0x150
[ 1477.792050][T23155]  ? __fget_light+0x208/0x270
[ 1477.796714][T23155]  do_writev+0x279/0x2f0
[ 1477.800977][T23155]  ? vfs_writev+0x2f0/0x2f0
[ 1477.805461][T23155]  ? __ia32_sys_clock_settime+0x260/0x260
[ 1477.811161][T23155]  ? trace_hardirqs_off_caller+0x55/0x230
[ 1477.816881][T23155]  do_syscall_64+0xf6/0x7d0
[ 1477.821365][T23155]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1477.827235][T23155] RIP: 0033:0x45c849
[ 1477.831108][T23155] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1477.850689][T23155] RSP: 002b:00007fd7dd721c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1477.859123][T23155] RAX: ffffffffffffffda RBX: 00007fd7dd7226d4 RCX: 000000000045c849
[ 1477.867118][T23155] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000006
[ 1477.875068][T23155] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000
[ 1477.883036][T23155] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1477.890999][T23155] R13: 0000000000000d12 R14: 00000000004cb1d9 R15: 000000000076bfac
[ 1477.900432][T23155] Kernel Offset: disabled
[ 1477.904759][T23155] Rebooting in 86400 seconds..