syzkaller login: [ 60.943978][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 60.943984][ T26] audit: type=1400 audit(1578508636.526:42): avc: denied { map } for pid=8254 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 62.073419][ T8273] IPVS: ftp: loaded support on port[0] = 21 [ 62.389359][ T7] tipc: TX() has been purged, node left! [ 62.630604][ T8259] can: request_module (can-proto-0) failed. [ 65.452111][ T8259] can: request_module (can-proto-0) failed. [ 65.463078][ T8259] can: request_module (can-proto-0) failed. [ 65.652172][ T26] audit: type=1400 audit(1578508641.236:43): avc: denied { create } for pid=8254 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 65.676684][ T26] audit: type=1400 audit(1578508641.236:44): avc: denied { create } for pid=8254 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 65.701439][ T26] audit: type=1400 audit(1578508641.236:45): avc: denied { create } for pid=8254 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 Warning: Permanently added '10.128.1.10' (ECDSA) to the list of known hosts. 2020/01/08 18:37:27 parsed 1 programs 2020/01/08 18:37:28 executed programs: 0 [ 73.065218][ T8351] IPVS: ftp: loaded support on port[0] = 21 [ 73.077295][ T8349] IPVS: ftp: loaded support on port[0] = 21 [ 73.086426][ T8353] IPVS: ftp: loaded support on port[0] = 21 [ 73.162896][ T8355] IPVS: ftp: loaded support on port[0] = 21 [ 73.201781][ T8358] IPVS: ftp: loaded support on port[0] = 21 [ 73.212224][ T8359] IPVS: ftp: loaded support on port[0] = 21 [ 73.349186][ T8353] chnl_net:caif_netlink_parms(): no params data found [ 73.401182][ T8349] chnl_net:caif_netlink_parms(): no params data found [ 73.431735][ T8353] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.439569][ T8353] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.447289][ T8353] device bridge_slave_0 entered promiscuous mode [ 73.482585][ T8353] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.490745][ T8353] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.498268][ T8353] device bridge_slave_1 entered promiscuous mode [ 73.538913][ T8359] chnl_net:caif_netlink_parms(): no params data found [ 73.548219][ T8349] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.555386][ T8349] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.563468][ T8349] device bridge_slave_0 entered promiscuous mode [ 73.597579][ T8349] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.606189][ T8349] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.614093][ T8349] device bridge_slave_1 entered promiscuous mode [ 73.639155][ T8349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.653731][ T8353] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.668907][ T8353] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.681898][ T8349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.706523][ T8349] team0: Port device team_slave_0 added [ 73.725232][ T8349] team0: Port device team_slave_1 added [ 73.735489][ T8355] chnl_net:caif_netlink_parms(): no params data found [ 73.751910][ T8353] team0: Port device team_slave_0 added [ 73.757709][ T8351] chnl_net:caif_netlink_parms(): no params data found [ 73.805858][ T8353] team0: Port device team_slave_1 added [ 73.827204][ T8359] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.835312][ T8359] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.842999][ T8359] device bridge_slave_0 entered promiscuous mode [ 73.901035][ T8349] device hsr_slave_0 entered promiscuous mode [ 73.929588][ T8349] device hsr_slave_1 entered promiscuous mode [ 74.003561][ T8359] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.011106][ T8359] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.018674][ T8359] device bridge_slave_1 entered promiscuous mode [ 74.026183][ T8358] chnl_net:caif_netlink_parms(): no params data found [ 74.044182][ T8355] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.051689][ T8355] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.059395][ T8355] device bridge_slave_0 entered promiscuous mode [ 74.102064][ T8353] device hsr_slave_0 entered promiscuous mode [ 74.169566][ T8353] device hsr_slave_1 entered promiscuous mode [ 74.229420][ T8353] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.237466][ T8353] Cannot create hsr debugfs directory [ 74.268930][ T8355] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.276191][ T8355] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.284206][ T8355] device bridge_slave_1 entered promiscuous mode [ 74.311883][ T8351] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.318943][ T8351] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.326530][ T8351] device bridge_slave_0 entered promiscuous mode [ 74.357681][ T8359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.367266][ T8351] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.374518][ T8351] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.383241][ T8351] device bridge_slave_1 entered promiscuous mode [ 74.391204][ T8355] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.412580][ T8359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.424948][ T26] audit: type=1400 audit(1578508650.006:46): avc: denied { write } for pid=8353 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 74.466719][ T8359] team0: Port device team_slave_0 added [ 74.471838][ T26] audit: type=1400 audit(1578508650.006:47): avc: denied { read } for pid=8353 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 74.473454][ T8353] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 74.544539][ T8353] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 74.602477][ T8355] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.612116][ T8358] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.621612][ T8358] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.630137][ T8358] device bridge_slave_0 entered promiscuous mode [ 74.643020][ T8359] team0: Port device team_slave_1 added [ 74.650426][ T8349] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.711817][ T8353] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 74.775175][ T8358] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.782370][ T8358] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.790227][ T8358] device bridge_slave_1 entered promiscuous mode [ 74.797927][ T8351] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.813247][ T8351] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.822340][ T8349] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.872266][ T8353] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 74.932738][ T8349] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.981590][ T8349] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.043791][ T8355] team0: Port device team_slave_0 added [ 75.055084][ T8351] team0: Port device team_slave_0 added [ 75.091081][ T8359] device hsr_slave_0 entered promiscuous mode [ 75.139587][ T8359] device hsr_slave_1 entered promiscuous mode [ 75.189683][ T8359] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 75.197417][ T8359] Cannot create hsr debugfs directory [ 75.210934][ T8355] team0: Port device team_slave_1 added [ 75.218066][ T8358] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.228266][ T8351] team0: Port device team_slave_1 added [ 75.256753][ T8358] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.322019][ T8355] device hsr_slave_0 entered promiscuous mode [ 75.359625][ T8355] device hsr_slave_1 entered promiscuous mode [ 75.439332][ T8355] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 75.446942][ T8355] Cannot create hsr debugfs directory [ 75.532053][ T8351] device hsr_slave_0 entered promiscuous mode [ 75.570431][ T8351] device hsr_slave_1 entered promiscuous mode [ 75.609398][ T8351] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 75.616985][ T8351] Cannot create hsr debugfs directory [ 75.627887][ T8358] team0: Port device team_slave_0 added [ 75.680241][ T8358] team0: Port device team_slave_1 added [ 75.690099][ T8359] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 75.734738][ T8359] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 75.791243][ T8355] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 75.834767][ T8355] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 75.893980][ T8359] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 75.945055][ T8359] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 76.004666][ T8355] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 76.122208][ T8358] device hsr_slave_0 entered promiscuous mode [ 76.159625][ T8358] device hsr_slave_1 entered promiscuous mode [ 76.209541][ T8358] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.217290][ T8358] Cannot create hsr debugfs directory [ 76.225559][ T8351] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 76.282047][ T8355] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 76.366266][ T8351] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 76.413349][ T8351] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 76.463324][ T8349] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.491145][ T8351] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 76.538846][ T8353] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.561991][ T8358] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 76.601579][ T8358] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 76.648725][ T8359] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.665107][ T8358] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 76.722579][ T8358] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 76.792167][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.801363][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.809351][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.817339][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.825486][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.833771][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.845487][ T8349] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.857957][ T8353] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.872123][ T8359] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.907410][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.917311][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.927719][ T2682] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.935643][ T2682] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.945569][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 76.954957][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.963939][ T2682] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.971902][ T2682] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.980869][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.989868][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.998658][ T2682] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.005963][ T2682] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.014373][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.022987][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.031826][ T2682] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.040179][ T2682] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.048134][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.056434][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.095762][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.104970][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.114004][ T2668] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.122137][ T2668] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.131449][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.140862][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.149281][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.157820][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.166886][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.177230][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.186630][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.195610][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.204224][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.213170][ T2668] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.222259][ T2668] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.229434][ T2668] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.244882][ T8351] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.263996][ T8349] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 77.275026][ T8349] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.300742][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.309768][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.318571][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.328273][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.337890][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.346533][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.354940][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.364148][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.373697][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.383343][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.414457][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.422194][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.430830][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.442181][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.451336][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.460253][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.468421][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.477096][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.485444][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.494237][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.502673][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.512207][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.520757][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.534958][ T8353] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.546137][ T8353] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.572661][ T8349] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.581264][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.590064][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.598191][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.606116][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.618635][ T8359] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.630603][ T8359] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.644559][ T26] audit: type=1400 audit(1578508653.226:48): avc: denied { associate } for pid=8349 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 77.658048][ T8353] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.690016][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.698485][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.711343][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.719725][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.727849][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.736655][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.747980][ T8355] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.768870][ T8351] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.780310][ T8358] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.836964][ T8358] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.896157][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.915705][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.925885][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.926405][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.926787][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 2020/01/08 18:37:33 executed programs: 7 [ 77.927162][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.927442][ T2671] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.927479][ T2671] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.932483][ T8355] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.954095][ T8359] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.955292][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.955698][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.956002][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.956289][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.957011][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.957222][ T2686] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.957242][ T2686] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.957419][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.957686][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.957886][ T2686] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.957904][ T2686] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.958399][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.982526][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.982900][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.983712][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.983738][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.983968][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.984382][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.984624][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.984647][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.984864][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.985228][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.985471][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.985491][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.985710][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.986438][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.997640][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.998188][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 78.015983][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 78.016464][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 78.016966][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.017547][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.021246][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 78.021844][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.028292][ T2671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 78.043293][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 78.043879][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.044250][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.068952][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 78.070594][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.071009][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 78.071401][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.071754][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 78.085883][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 78.086356][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.086667][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.086973][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.093091][ T8355] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.094566][ T8355] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.106134][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 78.106838][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.107179][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.107569][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.108274][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.114491][ T8351] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.132643][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 78.133152][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.133462][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 78.133730][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.133999][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.134267][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.155033][ T8355] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.159718][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.159814][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.163140][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.163231][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.183687][ T8358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.215017][ T8351] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.831726][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.860983][ T2682] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.868631][ T8358] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.274880][ T8423] ================================================================== [ 79.274909][ T8423] BUG: KASAN: use-after-free in con_shutdown+0x76/0x80 [ 79.274914][ T8423] Write of size 8 at addr ffff88809f2b3108 by task syz-executor.1/8423 [ 79.274917][ T8423] [ 79.274924][ T8423] CPU: 0 PID: 8423 Comm: syz-executor.1 Not tainted 5.5.0-rc5-syzkaller #0 [ 79.274928][ T8423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.274931][ T8423] Call Trace: [ 79.274941][ T8423] dump_stack+0x12d/0x187 [ 79.274954][ T8423] print_address_description.constprop.8.cold.10+0x9/0x31d [ 79.274960][ T8423] ? con_shutdown+0x76/0x80 [ 79.274966][ T8423] __kasan_report.cold.11+0x1b/0x3a [ 79.274971][ T8423] ? con_shutdown+0x76/0x80 [ 79.274979][ T8423] ? con_shutdown+0x76/0x80 [ 79.274986][ T8423] kasan_report+0x12/0x20 [ 79.274992][ T8423] __asan_report_store8_noabort+0x17/0x20 [ 79.274997][ T8423] con_shutdown+0x76/0x80 [ 79.275004][ T8423] release_tty+0xa6/0x400 [ 79.275012][ T8423] tty_release_struct+0x33/0x50 [ 79.275018][ T8423] tty_release+0x97e/0xc60 [ 79.275032][ T8423] __fput+0x25a/0x770 [ 79.275036][ T8423] ? _raw_spin_unlock_irq+0x22/0x80 [ 79.275046][ T8423] ____fput+0x9/0x10 [ 79.275053][ T8423] task_work_run+0x108/0x180 [ 79.275065][ T8423] exit_to_usermode_loop+0x24e/0x2e0 [ 79.275073][ T8423] do_syscall_64+0x4ff/0x5f0 [ 79.275081][ T8423] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.275086][ T8423] RIP: 0033:0x414291 [ 79.275092][ T8423] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 79.275096][ T8423] RSP: 002b:00007ffce51ebde0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 79.275101][ T8423] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000414291 [ 79.275105][ T8423] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 79.275107][ T8423] RBP: 0000000000000000 R08: ffffffffffffffff R09: ffffffffffffffff [ 79.275110][ T8423] R10: 00007ffce51ebec0 R11: 0000000000000293 R12: 000000000075bfc8 [ 79.275113][ T8423] R13: 0000000000013546 R14: 0000000000760128 R15: 000000000075bfd4 [ 79.275127][ T8423] [ 79.275130][ T8423] Allocated by task 8433: [ 79.275136][ T8423] save_stack+0x21/0x90 [ 79.275139][ T8423] __kasan_kmalloc.constprop.17+0xc7/0xd0 [ 79.275143][ T8423] kasan_kmalloc+0x9/0x10 [ 79.275147][ T8423] kmem_cache_alloc_trace+0x15b/0x780 [ 79.275150][ T8423] vc_allocate+0x1b7/0x7c0 [ 79.275153][ T8423] con_install+0x4d/0x410 [ 79.275157][ T8423] tty_init_dev+0xda/0x3c0 [ 79.275162][ T8423] tty_open+0x514/0x9f0 [ 79.275166][ T8423] chrdev_open+0x1ed/0x5c0 [ 79.275170][ T8423] do_dentry_open+0x3fa/0x1100 [ 79.275173][ T8423] vfs_open+0x9a/0xc0 [ 79.275178][ T8423] path_openat+0xb08/0x3bd0 [ 79.275181][ T8423] do_filp_open+0x177/0x250 [ 79.275185][ T8423] do_sys_open+0x1dd/0x370 [ 79.275189][ T8423] __x64_sys_open+0x79/0xb0 [ 79.275193][ T8423] do_syscall_64+0xca/0x5f0 [ 79.275198][ T8423] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.275200][ T8423] [ 79.275203][ T8423] Freed by task 8427: [ 79.275207][ T8423] save_stack+0x21/0x90 [ 79.275211][ T8423] __kasan_slab_free+0x102/0x150 [ 79.275215][ T8423] kasan_slab_free+0xe/0x10 [ 79.275219][ T8423] kfree+0x108/0x2c0 [ 79.275223][ T8423] vt_disallocate_all+0x247/0x3f0 [ 79.275226][ T8423] vt_ioctl+0x18c6/0x21f0 [ 79.275231][ T8423] tty_ioctl+0x45b/0x12f0 [ 79.275235][ T8423] do_vfs_ioctl+0x196/0x1190 [ 79.275239][ T8423] ksys_ioctl+0x62/0x90 [ 79.275243][ T8423] __x64_sys_ioctl+0x6e/0xb0 [ 79.275248][ T8423] do_syscall_64+0xca/0x5f0 [ 79.275252][ T8423] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.275254][ T8423] [ 79.275258][ T8423] The buggy address belongs to the object at ffff88809f2b3000 [ 79.275258][ T8423] which belongs to the cache kmalloc-2k of size 2048 [ 79.275262][ T8423] The buggy address is located 264 bytes inside of [ 79.275262][ T8423] 2048-byte region [ffff88809f2b3000, ffff88809f2b3800) [ 79.275265][ T8423] The buggy address belongs to the page: [ 79.275270][ T8423] page:ffffea00027cacc0 refcount:1 mapcount:0 mapping:ffff8880aa400e00 index:0x0 [ 79.275277][ T8423] raw: 00fffe0000000200 ffffea0002521708 ffffea0002892188 ffff8880aa400e00 [ 79.275282][ T8423] raw: 0000000000000000 ffff88809f2b3000 0000000100000001 0000000000000000 [ 79.275286][ T8423] page dumped because: kasan: bad access detected [ 79.275288][ T8423] [ 79.275291][ T8423] Memory state around the buggy address: [ 79.275295][ T8423] ffff88809f2b3000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.275298][ T8423] ffff88809f2b3080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.275301][ T8423] >ffff88809f2b3100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.275304][ T8423] ^ [ 79.275308][ T8423] ffff88809f2b3180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.275311][ T8423] ffff88809f2b3200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.275314][ T8423] ================================================================== [ 79.275316][ T8423] Disabling lock debugging due to kernel taint [ 79.275319][ T8423] Kernel panic - not syncing: panic_on_warn set ... [ 79.275324][ T8423] CPU: 0 PID: 8423 Comm: syz-executor.1 Tainted: G B 5.5.0-rc5-syzkaller #0 [ 79.275327][ T8423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.275329][ T8423] Call Trace: [ 79.275334][ T8423] dump_stack+0x12d/0x187 [ 79.275338][ T8423] ? update_region+0x100/0x100 [ 79.275344][ T8423] panic+0x22a/0x4e3 [ 79.275348][ T8423] ? add_taint.cold.7+0x11/0x11 [ 79.275353][ T8423] ? _raw_spin_unlock_irqrestore+0x7d/0xd0 [ 79.275358][ T8423] ? con_shutdown+0x76/0x80 [ 79.275362][ T8423] end_report+0x47/0x4f [ 79.275366][ T8423] __kasan_report.cold.11+0xe/0x3a [ 79.275370][ T8423] ? con_shutdown+0x76/0x80 [ 79.275374][ T8423] ? con_shutdown+0x76/0x80 [ 79.275379][ T8423] kasan_report+0x12/0x20 [ 79.275384][ T8423] __asan_report_store8_noabort+0x17/0x20 [ 79.275388][ T8423] con_shutdown+0x76/0x80 [ 79.275393][ T8423] release_tty+0xa6/0x400 [ 79.275398][ T8423] tty_release_struct+0x33/0x50 [ 79.275403][ T8423] tty_release+0x97e/0xc60 [ 79.275410][ T8423] __fput+0x25a/0x770 [ 79.275414][ T8423] ? _raw_spin_unlock_irq+0x22/0x80 [ 79.275420][ T8423] ____fput+0x9/0x10 [ 79.275425][ T8423] task_work_run+0x108/0x180 [ 79.275432][ T8423] exit_to_usermode_loop+0x24e/0x2e0 [ 79.275437][ T8423] do_syscall_64+0x4ff/0x5f0 [ 79.275442][ T8423] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.275446][ T8423] RIP: 0033:0x414291 [ 79.275450][ T8423] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 79.275453][ T8423] RSP: 002b:00007ffce51ebde0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 79.275457][ T8423] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000414291 [ 79.275459][ T8423] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 79.275461][ T8423] RBP: 0000000000000000 R08: ffffffffffffffff R09: ffffffffffffffff [ 79.275471][ T8423] R10: 00007ffce51ebec0 R11: 0000000000000293 R12: 000000000075bfc8 [ 79.275474][ T8423] R13: 0000000000013546 R14: 0000000000760128 R15: 000000000075bfd4 [ 79.276813][ T8423] Kernel Offset: disabled [ 79.987878][ T8423] Rebooting in 86400 seconds..