[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts.
2020/04/01 09:24:20 parsed 1 programs
2020/04/01 09:24:22 executed programs: 0
syzkaller login: [   66.805049][ T7070] IPVS: ftp: loaded support on port[0] = 21
[   66.897547][ T7070] chnl_net:caif_netlink_parms(): no params data found
[   66.949956][ T7070] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.958659][ T7070] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.966437][ T7070] device bridge_slave_0 entered promiscuous mode
[   66.976296][ T7070] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.983563][ T7070] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.991445][ T7070] device bridge_slave_1 entered promiscuous mode
[   67.011064][ T7070] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   67.022274][ T7070] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   67.044961][ T7070] team0: Port device team_slave_0 added
[   67.052635][ T7070] team0: Port device team_slave_1 added
[   67.069332][ T7070] batman_adv: batadv0: Adding interface: batadv_slave_0
[   67.076438][ T7070] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   67.103286][ T7070] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   67.115878][ T7070] batman_adv: batadv0: Adding interface: batadv_slave_1
[   67.123194][ T7070] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   67.149484][ T7070] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   67.240865][ T7070] device hsr_slave_0 entered promiscuous mode
[   67.278425][ T7070] device hsr_slave_1 entered promiscuous mode
[   67.395324][ T7070] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   67.441025][ T7070] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   67.510801][ T7070] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   67.550809][ T7070] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   67.604516][ T7070] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.612645][ T7070] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.620789][ T7070] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.628147][ T7070] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.674936][ T7070] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.688559][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   67.700176][ T2717] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.709070][ T2717] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.717313][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   67.732090][ T7070] 8021q: adding VLAN 0 to HW filter on device team0
[   67.743616][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   67.753464][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.760718][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.772978][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   67.782069][ T2717] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.789273][ T2717] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.809611][ T2717] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   67.822200][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   67.830338][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   67.843986][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   67.855812][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   67.867303][ T7070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   67.887509][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   67.896211][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   67.909148][ T7070] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.927571][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   67.937047][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   67.958323][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   67.966734][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   67.977147][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   67.985697][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   67.994062][ T7070] device veth0_vlan entered promiscuous mode
[   68.006477][ T7070] device veth1_vlan entered promiscuous mode
[   68.030765][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   68.039405][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   68.048838][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   68.057474][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   68.070454][ T7070] device veth0_macvtap entered promiscuous mode
[   68.080853][ T7070] device veth1_macvtap entered promiscuous mode
[   68.099136][ T7070] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.106607][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   68.115451][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   68.124156][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   68.133583][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   68.147279][ T7070] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.154958][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   68.164908][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   68.549878][ T7303] ==================================================================
[   68.558181][ T7303] BUG: KASAN: use-after-free in __list_add_valid+0x93/0xa0
[   68.565393][ T7303] Read of size 8 at addr ffff8880906e71e0 by task syz-executor.0/7303
[   68.573549][ T7303] 
[   68.575896][ T7303] CPU: 0 PID: 7303 Comm: syz-executor.0 Not tainted 5.6.0-syzkaller #0
[   68.584137][ T7303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.594454][ T7303] Call Trace:
[   68.597758][ T7303]  dump_stack+0x188/0x20d
[   68.602098][ T7303]  ? __list_add_valid+0x93/0xa0
[   68.606987][ T7303]  ? __list_add_valid+0x93/0xa0
[   68.612049][ T7303]  print_address_description.constprop.0.cold+0xd3/0x315
[   68.619294][ T7303]  ? __list_add_valid+0x93/0xa0
[   68.624133][ T7303]  ? __list_add_valid+0x93/0xa0
[   68.629173][ T7303]  __kasan_report.cold+0x1a/0x32
[   68.634105][ T7303]  ? __list_add_valid+0x93/0xa0
[   68.638965][ T7303]  kasan_report+0xe/0x20
[   68.643188][ T7303]  __list_add_valid+0x93/0xa0
[   68.647845][ T7303]  rdma_listen+0x681/0x910
[   68.652245][ T7303]  ucma_listen+0x14d/0x1c0
[   68.656652][ T7303]  ? ucma_notify+0x190/0x190
[   68.661312][ T7303]  ? __might_fault+0x190/0x1d0
[   68.666082][ T7303]  ? _copy_from_user+0x13c/0x1a0
[   68.671001][ T7303]  ? ucma_notify+0x190/0x190
[   68.675582][ T7303]  ucma_write+0x285/0x350
[   68.679900][ T7303]  ? ucma_open+0x270/0x270
[   68.684305][ T7303]  ? security_file_permission+0x8a/0x380
[   68.689946][ T7303]  ? ucma_open+0x270/0x270
[   68.694513][ T7303]  __vfs_write+0x76/0x100
[   68.698866][ T7303]  vfs_write+0x268/0x5d0
[   68.703208][ T7303]  ksys_write+0x1ee/0x250
[   68.707520][ T7303]  ? __ia32_sys_read+0xb0/0xb0
[   68.712278][ T7303]  ? __x64_sys_clock_gettime32+0x240/0x240
[   68.718087][ T7303]  ? trace_hardirqs_off_caller+0x55/0x230
[   68.723807][ T7303]  do_fast_syscall_32+0x270/0xe90
[   68.728827][ T7303]  entry_SYSENTER_compat+0x70/0x7f
[   68.734277][ T7303] 
[   68.736589][ T7303] Allocated by task 7297:
[   68.740905][ T7303]  save_stack+0x1b/0x80
[   68.745043][ T7303]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   68.750660][ T7303]  kmem_cache_alloc_trace+0x153/0x7d0
[   68.756121][ T7303]  __rdma_create_id+0x5b/0x850
[   68.760870][ T7303]  ucma_create_id+0x1d1/0x590
[   68.765561][ T7303]  ucma_write+0x285/0x350
[   68.769883][ T7303]  __vfs_write+0x76/0x100
[   68.774206][ T7303]  vfs_write+0x268/0x5d0
[   68.778431][ T7303]  ksys_write+0x1ee/0x250
[   68.782840][ T7303]  do_fast_syscall_32+0x270/0xe90
[   68.787857][ T7303]  entry_SYSENTER_compat+0x70/0x7f
[   68.792940][ T7303] 
[   68.795246][ T7303] Freed by task 7296:
[   68.799334][ T7303]  save_stack+0x1b/0x80
[   68.803485][ T7303]  __kasan_slab_free+0xf7/0x140
[   68.808333][ T7303]  kfree+0x109/0x2b0
[   68.812208][ T7303]  ucma_close+0x111/0x300
[   68.816528][ T7303]  __fput+0x2e9/0x860
[   68.820489][ T7303]  task_work_run+0xf4/0x1b0
[   68.824972][ T7303]  exit_to_usermode_loop+0x2fa/0x360
[   68.830235][ T7303]  do_fast_syscall_32+0xbef/0xe90
[   68.835292][ T7303]  entry_SYSENTER_compat+0x70/0x7f
[   68.840401][ T7303] 
[   68.842737][ T7303] The buggy address belongs to the object at ffff8880906e7000
[   68.842737][ T7303]  which belongs to the cache kmalloc-2k of size 2048
[   68.856769][ T7303] The buggy address is located 480 bytes inside of
[   68.856769][ T7303]  2048-byte region [ffff8880906e7000, ffff8880906e7800)
[   68.870211][ T7303] The buggy address belongs to the page:
[   68.875971][ T7303] page:ffffea000241b9c0 refcount:1 mapcount:0 mapping:ffff8880aa000e00 index:0x0
[   68.885147][ T7303] flags: 0xfffe0000000200(slab)
[   68.889983][ T7303] raw: 00fffe0000000200 ffffea00025d1088 ffffea000247ddc8 ffff8880aa000e00
[   68.898550][ T7303] raw: 0000000000000000 ffff8880906e7000 0000000100000001 0000000000000000
[   68.907132][ T7303] page dumped because: kasan: bad access detected
[   68.913531][ T7303] 
[   68.915835][ T7303] Memory state around the buggy address:
[   68.921458][ T7303]  ffff8880906e7080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.929695][ T7303]  ffff8880906e7100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.937755][ T7303] >ffff8880906e7180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.945860][ T7303]                                                        ^
[   68.953054][ T7303]  ffff8880906e7200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.961152][ T7303]  ffff8880906e7280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.969194][ T7303] ==================================================================
[   68.977322][ T7303] Disabling lock debugging due to kernel taint
[   68.987235][ T7303] Kernel panic - not syncing: panic_on_warn set ...
[   68.994292][ T7303] CPU: 0 PID: 7303 Comm: syz-executor.0 Tainted: G    B             5.6.0-syzkaller #0
[   69.003921][ T7303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.013978][ T7303] Call Trace:
[   69.017259][ T7303]  dump_stack+0x188/0x20d
[   69.021672][ T7303]  panic+0x2e3/0x75c
[   69.025657][ T7303]  ? add_taint.cold+0x16/0x16
[   69.030361][ T7303]  ? preempt_schedule_common+0x5e/0xc0
[   69.035815][ T7303]  ? __list_add_valid+0x93/0xa0
[   69.040768][ T7303]  ? preempt_schedule_thunk+0x16/0x18
[   69.046129][ T7303]  ? trace_hardirqs_on+0x55/0x220
[   69.051141][ T7303]  ? __list_add_valid+0x93/0xa0
[   69.055976][ T7303]  end_report+0x43/0x49
[   69.060117][ T7303]  ? __list_add_valid+0x93/0xa0
[   69.064966][ T7303]  __kasan_report.cold+0xd/0x32
[   69.069804][ T7303]  ? __list_add_valid+0x93/0xa0
[   69.074654][ T7303]  kasan_report+0xe/0x20
[   69.078902][ T7303]  __list_add_valid+0x93/0xa0
[   69.083591][ T7303]  rdma_listen+0x681/0x910
[   69.088011][ T7303]  ucma_listen+0x14d/0x1c0
[   69.092461][ T7303]  ? ucma_notify+0x190/0x190
[   69.097060][ T7303]  ? __might_fault+0x190/0x1d0
[   69.101821][ T7303]  ? _copy_from_user+0x13c/0x1a0
[   69.106752][ T7303]  ? ucma_notify+0x190/0x190
[   69.111439][ T7303]  ucma_write+0x285/0x350
[   69.115780][ T7303]  ? ucma_open+0x270/0x270
[   69.120188][ T7303]  ? security_file_permission+0x8a/0x380
[   69.126075][ T7303]  ? ucma_open+0x270/0x270
[   69.130610][ T7303]  __vfs_write+0x76/0x100
[   69.134939][ T7303]  vfs_write+0x268/0x5d0
[   69.139167][ T7303]  ksys_write+0x1ee/0x250
[   69.143498][ T7303]  ? __ia32_sys_read+0xb0/0xb0
[   69.148268][ T7303]  ? __x64_sys_clock_gettime32+0x240/0x240
[   69.154070][ T7303]  ? trace_hardirqs_off_caller+0x55/0x230
[   69.159797][ T7303]  do_fast_syscall_32+0x270/0xe90
[   69.164822][ T7303]  entry_SYSENTER_compat+0x70/0x7f
[   69.171278][ T7303] Kernel Offset: disabled
[   69.175603][ T7303] Rebooting in 86400 seconds..