[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.249' (ECDSA) to the list of known hosts.
2020/09/01 08:45:16 parsed 1 programs
2020/09/01 08:45:16 executed programs: 0
syzkaller login: [   39.786246] audit: type=1400 audit(1598949916.855:8): avc:  denied  { execmem } for  pid=6369 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   40.886334] IPVS: ftp: loaded support on port[0] = 21
[   40.991579] chnl_net:caif_netlink_parms(): no params data found
[   41.072431] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.079992] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.087791] device bridge_slave_0 entered promiscuous mode
[   41.095641] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.102030] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.109609] device bridge_slave_1 entered promiscuous mode
[   41.126230] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   41.135481] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   41.154431] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   41.161555] team0: Port device team_slave_0 added
[   41.167945] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   41.175324] team0: Port device team_slave_1 added
[   41.189969] batman_adv: batadv0: Adding interface: batadv_slave_0
[   41.196265] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   41.221879] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   41.233377] batman_adv: batadv0: Adding interface: batadv_slave_1
[   41.239672] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   41.264902] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   41.275802] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   41.283040] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   41.301495] device hsr_slave_0 entered promiscuous mode
[   41.307145] device hsr_slave_1 entered promiscuous mode
[   41.312988] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   41.320130] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   41.381298] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.387732] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.394597] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.400935] bridge0: port 1(bridge_slave_0) entered forwarding state
[   41.430965] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   41.437156] 8021q: adding VLAN 0 to HW filter on device bond0
[   41.445585] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   41.454541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   41.462353] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.479556] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.489704] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   41.496141] 8021q: adding VLAN 0 to HW filter on device team0
[   41.505324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   41.512885] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.519291] bridge0: port 1(bridge_slave_0) entered forwarding state
[   41.528237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   41.537161] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.543538] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.564162] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   41.571769] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   41.579398] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   41.586895] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   41.595259] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   41.601261] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   41.608923] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   41.621421] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
[   41.629057] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   41.636549] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   41.648367] 8021q: adding VLAN 0 to HW filter on device batadv0
[   41.699440] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[   41.708936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   41.741096] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[   41.748156] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[   41.756297] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[   41.765502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   41.772754] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   41.780736] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   41.789507] device veth0_vlan entered promiscuous mode
[   41.798563] device veth1_vlan entered promiscuous mode
[   41.804911] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
[   41.813071] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
[   41.825261] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
[   41.835472] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   41.842497] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   41.850301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   41.860479] device veth0_macvtap entered promiscuous mode
[   41.866556] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
[   41.874752] device veth1_macvtap entered promiscuous mode
[   41.882640] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
[   41.891817] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
[   41.901232] batman_adv: batadv0: Interface activated: batadv_slave_0
[   41.908190] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   41.916388] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   41.926641] batman_adv: batadv0: Interface activated: batadv_slave_1
[   41.933228] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   41.993696] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   42.923849] Bluetooth: hci0 command 0x0409 tx timeout
[   42.998424] ==================================================================
[   43.005923] BUG: KASAN: double-free or invalid-free in           (null)
[   43.012693] 
[   43.014307] CPU: 0 PID: 6845 Comm: syz-executor.0 Not tainted 4.14.195-syzkaller #0
[   43.022073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   43.031402] Call Trace:
[   43.034007]  dump_stack+0x1b2/0x283
[   43.037614]  ? vt_move_to_console+0x100/0x100
[   43.042101]  print_address_description.cold+0x54/0x1d3
[   43.047355]  ? vt_move_to_console+0x100/0x100
[   43.051827]  kasan_report_double_free+0x51/0x80
[   43.056487]  kasan_slab_free+0x16f/0x1a0
[   43.060536]  ? lock_acquire+0x170/0x3f0
[   43.064487]  ? lock_downgrade+0x740/0x740
[   43.068614]  ? check_preemption_disabled+0x35/0x240
[   43.073608]  ? debug_check_no_obj_freed+0x2c0/0x674
[   43.078603]  ? lock_acquire+0x170/0x3f0
[   43.082567]  ? lock_downgrade+0x740/0x740
[   43.086697]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[   43.091781]  ? debug_check_no_obj_freed+0x2c0/0x674
[   43.096785]  ? lock_downgrade+0x740/0x740
[   43.100915]  ? debug_object_activate+0x490/0x490
[   43.105659]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   43.111091]  ? vcs_release+0x49/0x60
[   43.114785]  kfree+0xc9/0x250
[   43.117883]  vcs_release+0x49/0x60
[   43.121400]  __fput+0x25f/0x7a0
[   43.124658]  task_work_run+0x11f/0x190
[   43.128528]  exit_to_usermode_loop+0x1ad/0x200
[   43.133093]  do_syscall_64+0x4a3/0x640
[   43.136968]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   43.142152] RIP: 0033:0x45d5b9
[   43.145316] RSP: 002b:00007f2ac0861c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[   43.152999] RAX: 0000000000000000 RBX: 0000000000002ac0 RCX: 000000000045d5b9
[   43.160244] RDX: 0000000000000005 RSI: 0000000000000001 RDI: 0000000000000006
[   43.167491] RBP: 000000000118cf88 R08: 0000000000000000 R09: 0000000000000000
[   43.174752] R10: 0000000020000040 R11: 0000000000000246 R12: 000000000118cf4c
[   43.181998] R13: 00007fff7c5aad2f R14: 00007f2ac08629c0 R15: 000000000118cf4c
[   43.189263] 
[   43.190868] Allocated by task 6846:
[   43.194487]  kasan_kmalloc+0xeb/0x160
[   43.198260]  kmem_cache_alloc_trace+0x131/0x3d0
[   43.202909]  vcs_poll_data_get.part.0+0x43/0x220
[   43.207644]  vcs_poll+0xed/0x120
[   43.210990]  SyS_epoll_ctl+0xa91/0x2950
[   43.214966]  do_syscall_64+0x1d5/0x640
[   43.218831]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   43.223998] 
[   43.225608] Freed by task 6844:
[   43.228874]  kasan_slab_free+0xc3/0x1a0
[   43.232844]  kfree+0xc9/0x250
[   43.235923]  vcs_release+0x49/0x60
[   43.239438]  __fput+0x25f/0x7a0
[   43.242696]  task_work_run+0x11f/0x190
[   43.246573]  exit_to_usermode_loop+0x1ad/0x200
[   43.251129]  do_syscall_64+0x4a3/0x640
[   43.255010]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   43.260184] 
[   43.261794] The buggy address belongs to the object at ffff888094a23240
[   43.261794]  which belongs to the cache kmalloc-128 of size 128
[   43.274430] The buggy address is located 0 bytes inside of
[   43.274430]  128-byte region [ffff888094a23240, ffff888094a232c0)
[   43.286105] The buggy address belongs to the page:
[   43.291007] page:ffffea00025288c0 count:1 mapcount:0 mapping:ffff888094a23000 index:0x0
[   43.299388] flags: 0xfffe0000000100(slab)
[   43.303523] raw: 00fffe0000000100 ffff888094a23000 0000000000000000 0000000100000015
[   43.311401] raw: ffffea00024a5960 ffffea0002843f60 ffff88812fe52640 0000000000000000
[   43.319269] page dumped because: kasan: bad access detected
[   43.324957] 
[   43.326568] Memory state around the buggy address:
[   43.331483]  ffff888094a23100: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[   43.338824]  ffff888094a23180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.346175] >ffff888094a23200: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   43.353521]                                            ^
[   43.358944]  ffff888094a23280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   43.366277]  ffff888094a23300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.373623] ==================================================================
[   43.380953] Disabling lock debugging due to kernel taint
[   43.386386] Kernel panic - not syncing: panic_on_warn set ...
[   43.386386] 
[   43.393729] CPU: 0 PID: 6845 Comm: syz-executor.0 Tainted: G    B           4.14.195-syzkaller #0
[   43.402723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   43.412056] Call Trace:
[   43.414636]  dump_stack+0x1b2/0x283
[   43.418244]  panic+0x1f9/0x42d
[   43.421410]  ? add_taint.cold+0x16/0x16
[   43.425360]  ? lock_downgrade+0x740/0x740
[   43.429484]  ? vt_move_to_console+0x100/0x100
[   43.433956]  kasan_end_report+0x43/0x49
[   43.437906]  kasan_report_double_free+0x6d/0x80
[   43.442550]  kasan_slab_free+0x16f/0x1a0
[   43.446597]  ? lock_acquire+0x170/0x3f0
[   43.450545]  ? lock_downgrade+0x740/0x740
[   43.454670]  ? check_preemption_disabled+0x35/0x240
[   43.459671]  ? debug_check_no_obj_freed+0x2c0/0x674
[   43.464673]  ? lock_acquire+0x170/0x3f0
[   43.468636]  ? lock_downgrade+0x740/0x740
[   43.472763]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[   43.477840]  ? debug_check_no_obj_freed+0x2c0/0x674
[   43.482843]  ? lock_downgrade+0x740/0x740
[   43.486973]  ? debug_object_activate+0x490/0x490
[   43.491702]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   43.497147]  ? vcs_release+0x49/0x60
[   43.500836]  kfree+0xc9/0x250
[   43.503915]  vcs_release+0x49/0x60
[   43.507428]  __fput+0x25f/0x7a0
[   43.510692]  task_work_run+0x11f/0x190
[   43.514571]  exit_to_usermode_loop+0x1ad/0x200
[   43.519128]  do_syscall_64+0x4a3/0x640
[   43.522995]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   43.528173] RIP: 0033:0x45d5b9
[   43.531335] RSP: 002b:00007f2ac0861c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[   43.539034] RAX: 0000000000000000 RBX: 0000000000002ac0 RCX: 000000000045d5b9
[   43.546293] RDX: 0000000000000005 RSI: 0000000000000001 RDI: 0000000000000006
[   43.553544] RBP: 000000000118cf88 R08: 0000000000000000 R09: 0000000000000000
[   43.560791] R10: 0000000020000040 R11: 0000000000000246 R12: 000000000118cf4c
[   43.568047] R13: 00007fff7c5aad2f R14: 00007f2ac08629c0 R15: 000000000118cf4c
[   43.576421] Kernel Offset: disabled
[   43.580048] Rebooting in 86400 seconds..