[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.44' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   40.714098] audit: type=1400 audit(1599873442.828:8): avc:  denied  { execmem } for  pid=6464 comm="syz-executor872" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   40.742342] IPVS: ftp: loaded support on port[0] = 21
[   40.778134] ==================================================================
[   40.785517] BUG: KASAN: slab-out-of-bounds in __lock_acquire+0x2cb4/0x3ff0
[   40.792546] Read of size 8 at addr ffff8882160c8fe0 by task syz-executor872/6465
[   40.800056] 
[   40.801671] CPU: 0 PID: 6465 Comm: syz-executor872 Not tainted 4.19.144-syzkaller #0
[   40.809534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   40.818889] Call Trace:
[   40.821467]  dump_stack+0x1fc/0x2fe
[   40.825076]  print_address_description.cold+0x54/0x219
[   40.830339]  kasan_report_error.cold+0x8a/0x1c7
[   40.835029]  ? __lock_acquire+0x2cb4/0x3ff0
[   40.839344]  __asan_report_load8_noabort+0x88/0x90
[   40.844251]  ? __lock_acquire+0x2cb4/0x3ff0
[   40.848551]  __lock_acquire+0x2cb4/0x3ff0
[   40.852676]  ? __read_once_size_nocheck.constprop.0+0x10/0x10
[   40.858571]  ? deref_stack_reg+0x1d0/0x1d0
[   40.862790]  ? mark_held_locks+0xf0/0xf0
[   40.866829]  ? check_usage+0x19a/0x670
[   40.870696]  ? bpf_prog_kallsyms_find.part.0+0x1ad/0x270
[   40.876143]  ? check_usage_backwards+0x300/0x300
[   40.880878]  ? __kernel_text_address+0x9/0x30
[   40.885357]  ? check_usage_forwards+0x310/0x310
[   40.890008]  ? __save_stack_trace+0xaf/0x190
[   40.894403]  lock_acquire+0x170/0x3c0
[   40.898187]  ? xt_find_match+0xa3/0x280
[   40.902160]  ? xt_find_match+0xa3/0x280
[   40.906126]  __mutex_lock+0xd7/0x1260
[   40.909908]  ? xt_find_match+0xa3/0x280
[   40.913886]  ? check_usage_forwards+0x310/0x310
[   40.918555]  ? xt_find_match+0xa3/0x280
[   40.922524]  ? __mutex_add_waiter+0x160/0x160
[   40.927014]  ? mark_held_locks+0xf0/0xf0
[   40.931060]  ? mark_held_locks+0xf0/0xf0
[   40.935105]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[   40.940195]  ? __sanitizer_cov_trace_switch+0x4b/0x80
[   40.945369]  xt_find_match+0xa3/0x280
[   40.949171]  xt_request_find_match+0x88/0x110
[   40.953652]  em_ipt_change+0x1c7/0x46b
[   40.957524]  ? check_match+0x1e0/0x1e0
[   40.961413]  ? lock_acquire+0x170/0x3c0
[   40.965376]  ? tcf_em_lookup+0x1c/0x150
[   40.969334]  ? do_raw_read_unlock+0x3b/0x70
[   40.973649]  ? _raw_read_unlock+0x29/0x40
[   40.977781]  ? check_match+0x1e0/0x1e0
[   40.981649]  tcf_em_tree_validate+0x8fa/0xe95
[   40.986142]  ? tcf_em_tree_destroy+0x50/0x50
[   40.990551]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[   40.995553]  ? kmem_cache_alloc_trace+0x323/0x380
[   41.000400]  flow_change+0x2a4/0x1ca0
[   41.004205]  ? flow_init+0xf0/0xf0
[   41.007734]  ? kmem_cache_alloc_trace+0x323/0x380
[   41.012559]  ? flow_init+0xf0/0xf0
[   41.016082]  tc_new_tfilter+0xb52/0x16c0
[   41.020130]  ? tcf_chain_tp_remove+0x2c0/0x2c0
[   41.024696]  ? check_nnp_nosuid.isra.0+0x2a0/0x2a0
[   41.029625]  ? rtnetlink_rcv_msg+0x3fe/0xb80
[   41.034030]  ? __mutex_add_waiter+0x160/0x160
[   41.038528]  ? tcf_chain_tp_remove+0x2c0/0x2c0
[   41.043146]  rtnetlink_rcv_msg+0x453/0xb80
[   41.047382]  ? rtnl_calcit.isra.0+0x430/0x430
[   41.051875]  ? __netlink_lookup+0x3fc/0x730
[   41.056184]  ? lock_downgrade+0x720/0x720
[   41.060318]  ? check_preemption_disabled+0x41/0x280
[   41.065344]  netlink_rcv_skb+0x160/0x440
[   41.069431]  ? rtnl_calcit.isra.0+0x430/0x430
[   41.073937]  ? netlink_ack+0xae0/0xae0
[   41.077827]  netlink_unicast+0x4d5/0x690
[   41.081880]  ? netlink_sendskb+0x110/0x110
[   41.086097]  netlink_sendmsg+0x6bb/0xc40
[   41.090141]  ? nlmsg_notify+0x1a0/0x1a0
[   41.094092]  ? kernel_recvmsg+0x220/0x220
[   41.098221]  ? nlmsg_notify+0x1a0/0x1a0
[   41.102196]  sock_sendmsg+0xc3/0x120
[   41.105896]  ___sys_sendmsg+0x3b3/0x8e0
[   41.109874]  ? copy_msghdr_from_user+0x440/0x440
[   41.114617]  ? mark_held_locks+0xf0/0xf0
[   41.118673]  ? mark_held_locks+0xf0/0xf0
[   41.122713]  ? mark_held_locks+0xf0/0xf0
[   41.126753]  ? fs_reclaim_release+0xd0/0x110
[   41.131145]  ? __might_fault+0x11f/0x1d0
[   41.135198]  ? lock_downgrade+0x720/0x720
[   41.139339]  ? lock_acquire+0x170/0x3c0
[   41.143297]  __sys_sendmmsg+0x195/0x470
[   41.147275]  ? __ia32_sys_sendmsg+0x220/0x220
[   41.151771]  ? alloc_file+0x326/0x4d0
[   41.155558]  ? check_preemption_disabled+0x41/0x280
[   41.160599]  ? __fd_install+0x1eb/0x610
[   41.164557]  ? __sys_socket+0x16d/0x200
[   41.168548]  ? move_addr_to_kernel+0x70/0x70
[   41.172950]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   41.177707]  __x64_sys_sendmmsg+0x99/0x100
[   41.181930]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[   41.186503]  do_syscall_64+0xf9/0x620
[   41.190328]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   41.195519] RIP: 0033:0x440d09
[   41.198697] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 0f fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   41.217582] RSP: 002b:00007ffd6392a5b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   41.225277] RAX: ffffffffffffffda RBX: 00000000004a2570 RCX: 0000000000440d09
[   41.232534] RDX: 010efe10675dec16 RSI: 0000000020000200 RDI: 0000000000000004
[   41.239788] RBP: 00007ffd6392a5c0 R08: 0000000120080522 R09: 0000000120080522
[   41.247041] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004a2570
[   41.254294] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[   41.261549] 
[   41.263166] Allocated by task 1:
[   41.266512]  kmem_cache_alloc+0x122/0x370
[   41.270637]  __proc_create+0x2b3/0x860
[   41.274497]  proc_create_reg+0xb2/0x180
[   41.278467]  proc_create_net_single+0x84/0x170
[   41.283044]  ip6_route_net_init_late+0x86/0xa0
[   41.287629]  ops_init+0xb3/0x410
[   41.290981]  register_pernet_operations+0x32f/0x790
[   41.295979]  register_pernet_subsys+0x25/0x40
[   41.300469]  ip6_route_init+0x13d/0x3ae
[   41.304444]  inet6_init+0x2ec/0x6b3
[   41.308053]  do_one_initcall+0xf1/0x734
[   41.312000]  kernel_init_freeable+0x9ab/0xa9d
[   41.316470]  kernel_init+0xd/0x1bd
[   41.320000]  ret_from_fork+0x24/0x30
[   41.323682] 
[   41.325295] Freed by task 0:
[   41.328297] (stack is not available)
[   41.332021] 
[   41.333636] The buggy address belongs to the object at ffff8882160c8e40
[   41.333636]  which belongs to the cache proc_dir_entry of size 256
[   41.346529] The buggy address is located 160 bytes to the right of
[   41.346529]  256-byte region [ffff8882160c8e40, ffff8882160c8f40)
[   41.358898] The buggy address belongs to the page:
[   41.363807] page:ffffea0008583200 count:1 mapcount:0 mapping:ffff88821b6856c0 index:0x0
[   41.371925] flags: 0x57ffe0000000100(slab)
[   41.376140] raw: 057ffe0000000100 ffffea000859fc88 ffffea0008583748 ffff88821b6856c0
[   41.384004] raw: 0000000000000000 ffff8882160c8080 000000010000000c 0000000000000000
[   41.391870] page dumped because: kasan: bad access detected
[   41.397554] 
[   41.399153] Memory state around the buggy address:
[   41.404066]  ffff8882160c8e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   41.411404]  ffff8882160c8f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   41.418741] >ffff8882160c8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.426072]                                                        ^
[   41.432542]  ffff8882160c9000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   41.439879]  ffff8882160c9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   41.447233] ==================================================================
[   41.454577] Disabling lock debugging due to kernel taint
[   41.460012] Kernel panic - not syncing: panic_on_warn set ...
[   41.460012] 
[   41.467358] CPU: 0 PID: 6465 Comm: syz-executor872 Tainted: G    B             4.19.144-syzkaller #0
[   41.476611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   41.485939] Call Trace:
[   41.488520]  dump_stack+0x1fc/0x2fe
[   41.492209]  panic+0x26a/0x50e
[   41.495377]  ? __warn_printk+0xf3/0xf3
[   41.499258]  ? lock_downgrade+0x720/0x720
[   41.503462]  ? print_shadow_for_address+0xb8/0x114
[   41.508420]  ? trace_hardirqs_off+0x64/0x200
[   41.512831]  kasan_end_report+0x43/0x49
[   41.516796]  kasan_report_error.cold+0xa7/0x1c7
[   41.521478]  ? __lock_acquire+0x2cb4/0x3ff0
[   41.525775]  __asan_report_load8_noabort+0x88/0x90
[   41.530684]  ? __lock_acquire+0x2cb4/0x3ff0
[   41.534983]  __lock_acquire+0x2cb4/0x3ff0
[   41.539109]  ? __read_once_size_nocheck.constprop.0+0x10/0x10
[   41.544979]  ? deref_stack_reg+0x1d0/0x1d0
[   41.549208]  ? mark_held_locks+0xf0/0xf0
[   41.553241]  ? check_usage+0x19a/0x670
[   41.557116]  ? bpf_prog_kallsyms_find.part.0+0x1ad/0x270
[   41.562561]  ? check_usage_backwards+0x300/0x300
[   41.567296]  ? __kernel_text_address+0x9/0x30
[   41.571769]  ? check_usage_forwards+0x310/0x310
[   41.576409]  ? __save_stack_trace+0xaf/0x190
[   41.580795]  lock_acquire+0x170/0x3c0
[   41.584583]  ? xt_find_match+0xa3/0x280
[   41.588533]  ? xt_find_match+0xa3/0x280
[   41.592495]  __mutex_lock+0xd7/0x1260
[   41.596268]  ? xt_find_match+0xa3/0x280
[   41.600220]  ? check_usage_forwards+0x310/0x310
[   41.604865]  ? xt_find_match+0xa3/0x280
[   41.608814]  ? __mutex_add_waiter+0x160/0x160
[   41.613298]  ? mark_held_locks+0xf0/0xf0
[   41.617408]  ? mark_held_locks+0xf0/0xf0
[   41.621579]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[   41.626972]  ? __sanitizer_cov_trace_switch+0x4b/0x80
[   41.632180]  xt_find_match+0xa3/0x280
[   41.636012]  xt_request_find_match+0x88/0x110
[   41.640498]  em_ipt_change+0x1c7/0x46b
[   41.644367]  ? check_match+0x1e0/0x1e0
[   41.648253]  ? lock_acquire+0x170/0x3c0
[   41.652205]  ? tcf_em_lookup+0x1c/0x150
[   41.656158]  ? do_raw_read_unlock+0x3b/0x70
[   41.660461]  ? _raw_read_unlock+0x29/0x40
[   41.664585]  ? check_match+0x1e0/0x1e0
[   41.668452]  tcf_em_tree_validate+0x8fa/0xe95
[   41.672933]  ? tcf_em_tree_destroy+0x50/0x50
[   41.677327]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[   41.682324]  ? kmem_cache_alloc_trace+0x323/0x380
[   41.687147]  flow_change+0x2a4/0x1ca0
[   41.690927]  ? flow_init+0xf0/0xf0
[   41.694441]  ? kmem_cache_alloc_trace+0x323/0x380
[   41.699263]  ? flow_init+0xf0/0xf0
[   41.702778]  tc_new_tfilter+0xb52/0x16c0
[   41.706816]  ? tcf_chain_tp_remove+0x2c0/0x2c0
[   41.711473]  ? check_nnp_nosuid.isra.0+0x2a0/0x2a0
[   41.716408]  ? rtnetlink_rcv_msg+0x3fe/0xb80
[   41.720795]  ? __mutex_add_waiter+0x160/0x160
[   41.725346]  ? tcf_chain_tp_remove+0x2c0/0x2c0
[   41.729905]  rtnetlink_rcv_msg+0x453/0xb80
[   41.734116]  ? rtnl_calcit.isra.0+0x430/0x430
[   41.738649]  ? __netlink_lookup+0x3fc/0x730
[   41.743090]  ? lock_downgrade+0x720/0x720
[   41.747296]  ? check_preemption_disabled+0x41/0x280
[   41.752575]  netlink_rcv_skb+0x160/0x440
[   41.756773]  ? rtnl_calcit.isra.0+0x430/0x430
[   41.761377]  ? netlink_ack+0xae0/0xae0
[   41.765343]  netlink_unicast+0x4d5/0x690
[   41.769465]  ? netlink_sendskb+0x110/0x110
[   41.773711]  netlink_sendmsg+0x6bb/0xc40
[   41.777774]  ? nlmsg_notify+0x1a0/0x1a0
[   41.781749]  ? kernel_recvmsg+0x220/0x220
[   41.785886]  ? nlmsg_notify+0x1a0/0x1a0
[   41.789854]  sock_sendmsg+0xc3/0x120
[   41.793572]  ___sys_sendmsg+0x3b3/0x8e0
[   41.797562]  ? copy_msghdr_from_user+0x440/0x440
[   41.802315]  ? mark_held_locks+0xf0/0xf0
[   41.806352]  ? mark_held_locks+0xf0/0xf0
[   41.810391]  ? mark_held_locks+0xf0/0xf0
[   41.814438]  ? fs_reclaim_release+0xd0/0x110
[   41.818837]  ? __might_fault+0x11f/0x1d0
[   41.822886]  ? lock_downgrade+0x720/0x720
[   41.827009]  ? lock_acquire+0x170/0x3c0
[   41.830963]  __sys_sendmmsg+0x195/0x470
[   41.834948]  ? __ia32_sys_sendmsg+0x220/0x220
[   41.839422]  ? alloc_file+0x326/0x4d0
[   41.843216]  ? check_preemption_disabled+0x41/0x280
[   41.848210]  ? __fd_install+0x1eb/0x610
[   41.852159]  ? __sys_socket+0x16d/0x200
[   41.856104]  ? move_addr_to_kernel+0x70/0x70
[   41.860489]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   41.865220]  __x64_sys_sendmmsg+0x99/0x100
[   41.869435]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[   41.873991]  do_syscall_64+0xf9/0x620
[   41.877771]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   41.882950] RIP: 0033:0x440d09
[   41.886209] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 0f fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   41.905108] RSP: 002b:00007ffd6392a5b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   41.912801] RAX: ffffffffffffffda RBX: 00000000004a2570 RCX: 0000000000440d09
[   41.920095] RDX: 010efe10675dec16 RSI: 0000000020000200 RDI: 0000000000000004
[   41.927353] RBP: 00007ffd6392a5c0 R08: 0000000120080522 R09: 0000000120080522
[   41.934599] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004a2570
[   41.941843] R13: 0000000000402220 R14: 0000000000000000 R15: 0000000000000000
[   41.950128] Kernel Offset: disabled
[   41.953741] Rebooting in 86400 seconds..