[   23.724169] audit: type=1800 audit(1540511769.118:22): pid=5163 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   24.662896] sshd (5230) used greatest stack depth: 16200 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   24.921743] startpar (5163) used greatest stack depth: 15984 bytes left

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.12' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   40.908224] ==================================================================
[   40.915718] BUG: KASAN: slab-out-of-bounds in sctp_getsockopt+0x7516/0x7cc2
[   40.922809] Read of size 8 at addr ffff8801bdb97668 by task syz-executor672/5321
[   40.930316] 
[   40.931931] CPU: 1 PID: 5321 Comm: syz-executor672 Not tainted 4.19.0+ #206
[   40.939009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.948346] Call Trace:
[   40.950926]  dump_stack+0x244/0x39d
[   40.954558]  ? dump_stack_print_info.cold.1+0x20/0x20
[   40.959741]  ? printk+0xa7/0xcf
[   40.963007]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   40.967754]  print_address_description.cold.7+0x9/0x1ff
[   40.973106]  kasan_report.cold.8+0x242/0x309
[   40.977502]  ? sctp_getsockopt+0x7516/0x7cc2
[   40.981898]  __asan_report_load8_noabort+0x14/0x20
[   40.986814]  sctp_getsockopt+0x7516/0x7cc2
[   40.991051]  ? trace_hardirqs_on+0xbd/0x310
[   40.995359]  ? kasan_check_read+0x11/0x20
[   40.999490]  ? finish_task_switch+0x1f4/0x910
[   41.003973]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   41.010198]  ? kasan_check_write+0x14/0x20
[   41.014419]  ? finish_task_switch+0x2f4/0x910
[   41.018899]  ? __switch_to_asm+0x40/0x70
[   41.022947]  ? preempt_notifier_register+0x200/0x200
[   41.028031]  ? __switch_to_asm+0x34/0x70
[   41.032092]  ? __switch_to_asm+0x34/0x70
[   41.036138]  ? __switch_to_asm+0x40/0x70
[   41.040181]  ? __switch_to_asm+0x34/0x70
[   41.044273]  ? __switch_to_asm+0x40/0x70
[   41.048328]  ? __switch_to_asm+0x34/0x70
[   41.052417]  ? __switch_to_asm+0x40/0x70
[   41.056474]  ? __switch_to_asm+0x34/0x70
[   41.060522]  ? __switch_to_asm+0x34/0x70
[   41.064578]  ? __switch_to_asm+0x40/0x70
[   41.068633]  ? __switch_to_asm+0x34/0x70
[   41.072680]  ? __switch_to_asm+0x40/0x70
[   41.076722]  ? __switch_to_asm+0x34/0x70
[   41.080765]  ? __switch_to_asm+0x40/0x70
[   41.084814]  ? __schedule+0x8d7/0x21d0
[   41.088686]  ? __sched_text_start+0x8/0x8
[   41.092820]  ? zap_class+0x640/0x640
[   41.096519]  ? plist_check_list+0xa0/0xa0
[   41.100646]  ? do_raw_spin_trylock+0x270/0x270
[   41.105219]  ? lock_pin_lock+0x350/0x350
[   41.109291]  ? perf_trace_sched_process_exec+0x860/0x860
[   41.114731]  ? do_raw_spin_unlock+0xa7/0x330
[   41.119124]  ? do_raw_spin_trylock+0x270/0x270
[   41.123694]  ? lock_acquire+0x1ed/0x520
[   41.127763]  ? __might_sleep+0x95/0x190
[   41.131728]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   41.137248]  ? futex_wait_queue_me+0x55d/0x840
[   41.141815]  ? refill_pi_state_cache.part.8+0x320/0x320
[   41.147177]  ? print_usage_bug+0xc0/0xc0
[   41.151235]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   41.156756]  ? get_futex_value_locked+0xcb/0xf0
[   41.161408]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   41.166406]  ? futex_wait_setup+0x266/0x3e0
[   41.170715]  ? futex_wake+0x760/0x760
[   41.174500]  ? __lock_acquire+0x62f/0x4c20
[   41.178717]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   41.183804]  ? futex_wait+0x5ec/0xa50
[   41.187592]  ? mark_held_locks+0x130/0x130
[   41.191811]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   41.196987]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   41.202073]  ? futex_wake+0x304/0x760
[   41.205860]  ? trace_hardirqs_off_caller+0x310/0x310
[   41.210967]  ? __local_bh_enable_ip+0x160/0x260
[   41.215640]  ? release_sock+0x1ec/0x2c0
[   41.219604]  ? lock_sock_nested+0x9a/0x120
[   41.223916]  ? zap_class+0x640/0x640
[   41.227620]  ? do_futex+0x249/0x26d0
[   41.231319]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[   41.236840]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   41.242360]  ? sctp_sendmsg+0x86f/0x1da0
[   41.246409]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   41.251929]  ? aa_label_sk_perm+0x46d/0x8e0
[   41.256234]  ? aa_profile_af_perm+0x410/0x410
[   41.260710]  ? kasan_check_read+0x11/0x20
[   41.264844]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   41.270113]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   41.275024]  ? aa_sk_perm+0x218/0x8b0
[   41.278817]  ? __sys_sendto+0x475/0x670
[   41.282775]  ? aa_af_perm+0x5a0/0x5a0
[   41.286558]  ? __ia32_sys_getpeername+0xb0/0xb0
[   41.291217]  ? aa_sock_opt_perm.isra.11+0xa1/0x130
[   41.296640]  compat_sock_common_getsockopt+0x10c/0x150
[   41.301908]  ? compat_sock_common_getsockopt+0x10c/0x150
[   41.307346]  ? sock_common_getsockopt+0xe0/0xe0
[   41.312000]  __compat_sys_getsockopt+0x1b6/0x8a0
[   41.316742]  ? compat_sock_get_timestampns+0x220/0x220
[   41.322005]  ? up_read+0x225/0x2c0
[   41.325588]  ? do_fast_syscall_32+0x150/0xfb2
[   41.330086]  ? do_fast_syscall_32+0x150/0xfb2
[   41.334572]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   41.339141]  ? trace_hardirqs_on+0xbd/0x310
[   41.343452]  ? find_vma+0x34/0x190
[   41.347082]  ? entry_SYSENTER_compat+0x70/0x7f
[   41.351651]  ? trace_hardirqs_off_caller+0x310/0x310
[   41.356743]  __ia32_compat_sys_getsockopt+0xbd/0x150
[   41.361834]  do_fast_syscall_32+0x34d/0xfb2
[   41.366244]  ? do_int80_syscall_32+0x890/0x890
[   41.370817]  ? entry_SYSENTER_compat+0x68/0x7f
[   41.375420]  ? trace_hardirqs_off_caller+0xbb/0x310
[   41.380426]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   41.385258]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   41.390089]  ? trace_hardirqs_on_caller+0x310/0x310
[   41.395094]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   41.400099]  ? prepare_exit_to_usermode+0x291/0x3b0
[   41.405146]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   41.409980]  entry_SYSENTER_compat+0x70/0x7f
[   41.414371] RIP: 0023:0xf7ff7a29
[   41.417720] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   41.436607] RSP: 002b:00000000f7ff31ec EFLAGS: 00000296 ORIG_RAX: 000000000000016d
[   41.444302] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000084
[   41.451559] RDX: 0000000000000074 RSI: 0000000020000080 RDI: 0000000020000040
[   41.458810] RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000
[   41.466065] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   41.473356] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   41.480622] 
[   41.482234] Allocated by task 5322:
[   41.485846]  save_stack+0x43/0xd0
[   41.489324]  kasan_kmalloc+0xc7/0xe0
[   41.493027]  kmem_cache_alloc_trace+0x152/0x750
[   41.497690]  sctp_stream_init_ext+0x4f/0xf0
[   41.501994]  sctp_sendmsg_to_asoc+0x1308/0x1a20
[   41.506642]  sctp_sendmsg+0x13c2/0x1da0
[   41.510597]  inet_sendmsg+0x1a1/0x690
[   41.514540]  sock_sendmsg+0xd5/0x120
[   41.518304]  __sys_sendto+0x3d7/0x670
[   41.522095]  __ia32_sys_sendto+0xdf/0x1a0
[   41.526228]  do_fast_syscall_32+0x34d/0xfb2
[   41.530532]  entry_SYSENTER_compat+0x70/0x7f
[   41.534917] 
[   41.536524] Freed by task 3308:
[   41.539784]  save_stack+0x43/0xd0
[   41.543218]  __kasan_slab_free+0x102/0x150
[   41.547434]  kasan_slab_free+0xe/0x10
[   41.551217]  kfree+0xcf/0x230
[   41.554314]  kzfree+0x28/0x30
[   41.557407]  apparmor_file_free_security+0x133/0x1a0
[   41.562499]  security_file_free+0x4a/0x80
[   41.566636]  __fput+0x4e8/0xa30
[   41.569895]  ____fput+0x15/0x20
[   41.573224]  task_work_run+0x1e8/0x2a0
[   41.577150]  exit_to_usermode_loop+0x318/0x380
[   41.581722]  do_syscall_64+0x6be/0x820
[   41.585595]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   41.590859] 
[   41.592472] The buggy address belongs to the object at ffff8801bdb97600
[   41.592472]  which belongs to the cache kmalloc-96 of size 96
[   41.604939] The buggy address is located 8 bytes to the right of
[   41.604939]  96-byte region [ffff8801bdb97600, ffff8801bdb97660)
[   41.617055] The buggy address belongs to the page:
[   41.621970] page:ffffea0006f6e5c0 count:1 mapcount:0 mapping:ffff8801da8004c0 index:0x0
[   41.630091] flags: 0x2fffc0000000100(slab)
[   41.634309] raw: 02fffc0000000100 ffffea0006f774c8 ffffea0006f772c8 ffff8801da8004c0
[   41.642175] raw: 0000000000000000 ffff8801bdb97000 0000000100000020 0000000000000000
[   41.650043] page dumped because: kasan: bad access detected
[   41.655736] 
[   41.657340] Memory state around the buggy address:
[   41.662249]  ffff8801bdb97500: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   41.669634]  ffff8801bdb97580: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   41.676984] >ffff8801bdb97600: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[   41.684323]                                                           ^
[   41.691068]  ffff8801bdb97680: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   41.698411]  ffff8801bdb97700: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   41.705754] ==================================================================
[   41.713093] Disabling lock debugging due to kernel taint
[   41.718678] Kernel panic - not syncing: panic_on_warn set ...
[   41.718678] 
[   41.726073] CPU: 1 PID: 5321 Comm: syz-executor672 Tainted: G    B             4.19.0+ #206
[   41.734555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.743890] Call Trace:
[   41.746467]  dump_stack+0x244/0x39d
[   41.750076]  ? dump_stack_print_info.cold.1+0x20/0x20
[   41.755253]  panic+0x238/0x4e7
[   41.758426]  ? add_taint.cold.5+0x16/0x16
[   41.762561]  ? preempt_schedule+0x4d/0x60
[   41.766691]  ? ___preempt_schedule+0x16/0x18
[   41.771080]  ? trace_hardirqs_on+0xb4/0x310
[   41.775387]  kasan_end_report+0x47/0x4f
[   41.779350]  kasan_report.cold.8+0x76/0x309
[   41.783732]  ? sctp_getsockopt+0x7516/0x7cc2
[   41.788137]  __asan_report_load8_noabort+0x14/0x20
[   41.793056]  sctp_getsockopt+0x7516/0x7cc2
[   41.797269]  ? trace_hardirqs_on+0xbd/0x310
[   41.801574]  ? kasan_check_read+0x11/0x20
[   41.805735]  ? finish_task_switch+0x1f4/0x910
[   41.810215]  ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0
[   41.816438]  ? kasan_check_write+0x14/0x20
[   41.820658]  ? finish_task_switch+0x2f4/0x910
[   41.825140]  ? __switch_to_asm+0x40/0x70
[   41.829190]  ? preempt_notifier_register+0x200/0x200
[   41.834278]  ? __switch_to_asm+0x34/0x70
[   41.838321]  ? __switch_to_asm+0x34/0x70
[   41.842366]  ? __switch_to_asm+0x40/0x70
[   41.846414]  ? __switch_to_asm+0x34/0x70
[   41.850455]  ? __switch_to_asm+0x40/0x70
[   41.854496]  ? __switch_to_asm+0x34/0x70
[   41.858545]  ? __switch_to_asm+0x40/0x70
[   41.862595]  ? __switch_to_asm+0x34/0x70
[   41.866639]  ? __switch_to_asm+0x34/0x70
[   41.870678]  ? __switch_to_asm+0x40/0x70
[   41.874720]  ? __switch_to_asm+0x34/0x70
[   41.878761]  ? __switch_to_asm+0x40/0x70
[   41.882803]  ? __switch_to_asm+0x34/0x70
[   41.886842]  ? __switch_to_asm+0x40/0x70
[   41.890884]  ? __schedule+0x8d7/0x21d0
[   41.894757]  ? __sched_text_start+0x8/0x8
[   41.898888]  ? zap_class+0x640/0x640
[   41.902589]  ? plist_check_list+0xa0/0xa0
[   41.906726]  ? do_raw_spin_trylock+0x270/0x270
[   41.911300]  ? lock_pin_lock+0x350/0x350
[   41.915355]  ? perf_trace_sched_process_exec+0x860/0x860
[   41.920792]  ? do_raw_spin_unlock+0xa7/0x330
[   41.925187]  ? do_raw_spin_trylock+0x270/0x270
[   41.929750]  ? lock_acquire+0x1ed/0x520
[   41.933707]  ? __might_sleep+0x95/0x190
[   41.937738]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   41.943266]  ? futex_wait_queue_me+0x55d/0x840
[   41.947833]  ? refill_pi_state_cache.part.8+0x320/0x320
[   41.953186]  ? print_usage_bug+0xc0/0xc0
[   41.957299]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   41.962830]  ? get_futex_value_locked+0xcb/0xf0
[   41.967486]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   41.972491]  ? futex_wait_setup+0x266/0x3e0
[   41.976799]  ? futex_wake+0x760/0x760
[   41.980581]  ? __lock_acquire+0x62f/0x4c20
[   41.984796]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   41.989877]  ? futex_wait+0x5ec/0xa50
[   41.993663]  ? mark_held_locks+0x130/0x130
[   41.997876]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   42.003052]  ? drop_futex_key_refs.isra.14+0x6d/0xe0
[   42.008139]  ? futex_wake+0x304/0x760
[   42.011925]  ? trace_hardirqs_off_caller+0x310/0x310
[   42.017018]  ? __local_bh_enable_ip+0x160/0x260
[   42.021681]  ? release_sock+0x1ec/0x2c0
[   42.025637]  ? lock_sock_nested+0x9a/0x120
[   42.029856]  ? zap_class+0x640/0x640
[   42.033555]  ? do_futex+0x249/0x26d0
[   42.037248]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[   42.042767]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   42.048284]  ? sctp_sendmsg+0x86f/0x1da0
[   42.052332]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   42.057851]  ? aa_label_sk_perm+0x46d/0x8e0
[   42.062157]  ? aa_profile_af_perm+0x410/0x410
[   42.066637]  ? kasan_check_read+0x11/0x20
[   42.070771]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   42.076054]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   42.080986]  ? aa_sk_perm+0x218/0x8b0
[   42.084779]  ? __sys_sendto+0x475/0x670
[   42.088735]  ? aa_af_perm+0x5a0/0x5a0
[   42.092517]  ? __ia32_sys_getpeername+0xb0/0xb0
[   42.097212]  ? aa_sock_opt_perm.isra.11+0xa1/0x130
[   42.102133]  compat_sock_common_getsockopt+0x10c/0x150
[   42.107391]  ? compat_sock_common_getsockopt+0x10c/0x150
[   42.112822]  ? sock_common_getsockopt+0xe0/0xe0
[   42.117474]  __compat_sys_getsockopt+0x1b6/0x8a0
[   42.122220]  ? compat_sock_get_timestampns+0x220/0x220
[   42.127479]  ? up_read+0x225/0x2c0
[   42.131010]  ? do_fast_syscall_32+0x150/0xfb2
[   42.135505]  ? do_fast_syscall_32+0x150/0xfb2
[   42.140023]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   42.144615]  ? trace_hardirqs_on+0xbd/0x310
[   42.148917]  ? find_vma+0x34/0x190
[   42.152439]  ? entry_SYSENTER_compat+0x70/0x7f
[   42.157000]  ? trace_hardirqs_off_caller+0x310/0x310
[   42.162087]  __ia32_compat_sys_getsockopt+0xbd/0x150
[   42.167173]  do_fast_syscall_32+0x34d/0xfb2
[   42.171478]  ? do_int80_syscall_32+0x890/0x890
[   42.176049]  ? entry_SYSENTER_compat+0x68/0x7f
[   42.180610]  ? trace_hardirqs_off_caller+0xbb/0x310
[   42.185606]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   42.190481]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   42.195314]  ? trace_hardirqs_on_caller+0x310/0x310
[   42.200315]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   42.205314]  ? prepare_exit_to_usermode+0x291/0x3b0
[   42.210311]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   42.215209]  entry_SYSENTER_compat+0x70/0x7f
[   42.219605] RIP: 0023:0xf7ff7a29
[   42.222952] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[   42.241836] RSP: 002b:00000000f7ff31ec EFLAGS: 00000296 ORIG_RAX: 000000000000016d
[   42.249524] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000084
[   42.256774] RDX: 0000000000000074 RSI: 0000000020000080 RDI: 0000000020000040
[   42.264027] RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000
[   42.271281] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   42.278529] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   42.286629] Kernel Offset: disabled
[   42.290252] Rebooting in 86400 seconds..