[ 40.869755] audit: type=1400 audit(1581846936.887:39): avc: denied { create } for pid=6880 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 41.032886] random: sshd: uninitialized urandom read (32 bytes read) [ 41.812753] random: sshd: uninitialized urandom read (32 bytes read) [ 42.008965] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.45' (ECDSA) to the list of known hosts. 2020/02/16 09:55:43 parsed 1 programs 2020/02/16 09:55:43 executed programs: 0 [ 48.160967] IPVS: ftp: loaded support on port[0] = 21 [ 48.956141] IPVS: ftp: loaded support on port[0] = 21 [ 48.998746] chnl_net:caif_netlink_parms(): no params data found [ 49.036936] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.043616] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.051035] device bridge_slave_0 entered promiscuous mode [ 49.058083] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.064707] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.072142] device bridge_slave_1 entered promiscuous mode [ 49.072497] IPVS: ftp: loaded support on port[0] = 21 [ 49.090877] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.102420] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.148583] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.156511] team0: Port device team_slave_0 added [ 49.163771] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.171129] team0: Port device team_slave_1 added [ 49.177916] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.185250] chnl_net:caif_netlink_parms(): no params data found [ 49.197523] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.291814] device hsr_slave_0 entered promiscuous mode [ 49.370286] device hsr_slave_1 entered promiscuous mode [ 49.452413] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 49.464702] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 49.491766] IPVS: ftp: loaded support on port[0] = 21 [ 49.492142] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.503511] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.512440] device bridge_slave_0 entered promiscuous mode [ 49.523535] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.529935] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.536835] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.543198] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.553313] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.559687] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.567257] device bridge_slave_1 entered promiscuous mode [ 49.628195] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.638925] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.651803] chnl_net:caif_netlink_parms(): no params data found [ 49.666756] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.673884] team0: Port device team_slave_0 added [ 49.679431] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.686536] team0: Port device team_slave_1 added [ 49.696587] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.708146] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.763041] IPVS: ftp: loaded support on port[0] = 21 [ 49.764514] device hsr_slave_0 entered promiscuous mode [ 49.820315] device hsr_slave_1 entered promiscuous mode [ 49.860713] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 49.886129] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 49.893288] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.902165] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 49.926827] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.933292] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.940258] device bridge_slave_0 entered promiscuous mode [ 49.948013] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 49.960535] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.966944] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.974165] device bridge_slave_1 entered promiscuous mode [ 50.002258] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.009266] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.016205] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 50.025275] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.036746] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 50.042904] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.049788] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.057775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.064686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.097304] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.106476] IPVS: ftp: loaded support on port[0] = 21 [ 50.111279] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.121829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.129968] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.137812] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.144191] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.165827] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.173017] team0: Port device team_slave_0 added [ 50.181635] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.188704] team0: Port device team_slave_1 added [ 50.194966] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.206936] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.215860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.223682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.231640] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.237978] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.245012] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.253410] chnl_net:caif_netlink_parms(): no params data found [ 50.264277] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 50.272699] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.286091] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 50.311118] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 50.372261] device hsr_slave_0 entered promiscuous mode [ 50.410439] device hsr_slave_1 entered promiscuous mode [ 50.450667] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.457653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.466998] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.493762] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.501252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.509073] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.518899] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.553622] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.559999] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.568639] device bridge_slave_0 entered promiscuous mode [ 50.575015] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.583368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.591052] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.604439] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 50.630433] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.638006] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.645014] device bridge_slave_1 entered promiscuous mode [ 50.664580] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.672338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.679780] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.689518] chnl_net:caif_netlink_parms(): no params data found [ 50.701855] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.716501] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 50.735133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.742607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.755194] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.776745] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.784512] team0: Port device team_slave_0 added [ 50.789916] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 50.796594] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.820857] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 50.826992] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.841774] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.848833] team0: Port device team_slave_1 added [ 50.854698] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.862220] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.883717] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.964114] device hsr_slave_0 entered promiscuous mode [ 51.020618] device hsr_slave_1 entered promiscuous mode [ 51.060894] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.068571] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.089707] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.098138] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.105085] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.113598] device bridge_slave_0 entered promiscuous mode [ 51.119855] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 51.128958] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.142644] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.149622] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.158552] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.164953] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.171358] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.177736] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.185118] device bridge_slave_1 entered promiscuous mode [ 51.204282] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 51.212618] chnl_net:caif_netlink_parms(): no params data found [ 51.220649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.227486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.234802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.241756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.250564] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.256628] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.265590] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.276884] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.294023] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.315099] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.322352] team0: Port device team_slave_0 added [ 51.328041] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.335406] team0: Port device team_slave_1 added [ 51.342536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.350673] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.358239] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.364684] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.374478] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.395269] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.402951] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.410980] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.418026] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.426231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.434047] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.440428] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.448192] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.456940] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.469540] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.485611] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.493488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.502273] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.509986] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.516510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.523641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.531775] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.540510] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.549217] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.558663] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.565969] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.573208] device bridge_slave_0 entered promiscuous mode [ 51.579671] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.586113] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.594279] device bridge_slave_1 entered promiscuous mode [ 51.652188] device hsr_slave_0 entered promiscuous mode [ 51.680273] device hsr_slave_1 entered promiscuous mode [ 51.721552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.729235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.737335] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.743689] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.750935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.760383] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.769032] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 51.776822] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.795018] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.805949] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.813541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.821164] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.828541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.837014] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.846153] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 51.857436] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.867886] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.878198] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 51.885622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.893661] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.901399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.909182] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.918633] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.945307] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.952695] team0: Port device team_slave_0 added [ 51.957849] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.972331] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 51.979574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.987732] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.996069] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.003361] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.020599] team0: Port device team_slave_1 added [ 52.027608] audit: type=1400 audit(1581846948.087:40): avc: denied { map } for pid=7008 comm="syz-executor.5" path=2F6D656D66643A73656375726974792E73656C696E7578202864656C6574656429 dev="tmpfs" ino=26336 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1 [ 52.034265] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.069190] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.077010] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.088013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.095892] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.104437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.112668] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.126460] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.133972] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.145289] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.153821] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.164755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.173177] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.181599] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.189378] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.198514] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.204832] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.217937] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.229248] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.235921] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.248736] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.294346] device hsr_slave_0 entered promiscuous mode [ 52.340443] device hsr_slave_1 entered promiscuous mode [ 52.360768] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 52.368021] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.384801] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.392052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.399067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.411720] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.417789] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.433403] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.449066] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.462972] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.474217] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.485368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.502584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.511118] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.517492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.532389] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.544203] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.553899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.561570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.569263] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.581820] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.588148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.602497] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.611709] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.634397] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.640552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.650691] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.658179] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.667121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.677306] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.685338] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.694572] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.701874] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.715789] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.722722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.736210] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.745590] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.753920] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.761851] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.769767] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.777610] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.784569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.791663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.798503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.807150] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.815142] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.821530] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.840821] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.849131] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready 2020/02/16 09:55:48 executed programs: 14 [ 52.858266] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.867068] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.879161] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.897924] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.906551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.914768] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.927090] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.933498] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.940743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.948292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.956115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.963822] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.971453] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.977774] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.986448] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.998037] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 53.004892] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.011978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.019509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.027002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.035387] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.046411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.054115] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.061957] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.068427] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.076084] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.087739] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 53.096176] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.103298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.113424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.121535] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.129144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.138839] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 53.148356] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 53.157732] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 53.166261] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.174864] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.182635] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.190746] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.198267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.206315] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.214113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.224084] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 53.234141] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 53.241166] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.247960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.255450] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.262954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.270989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.286352] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 53.295156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.303166] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.311937] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.319615] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 53.327072] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 53.337620] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 53.343814] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.351028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.361865] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.374385] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 53.383460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.391715] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.404448] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.413152] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 53.421840] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 53.429037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.440744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.453387] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 53.459531] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.472737] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.481997] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 53.494328] 8021q: adding VLAN 0 to HW filter on device batadv0 2020/02/16 09:55:53 executed programs: 217 2020/02/16 09:55:58 executed programs: 528 2020/02/16 09:56:03 executed programs: 837 2020/02/16 09:56:08 executed programs: 1164 2020/02/16 09:56:13 executed programs: 1478 2020/02/16 09:56:18 executed programs: 1799 2020/02/16 09:56:24 executed programs: 2119 2020/02/16 09:56:29 executed programs: 2439 2020/02/16 09:56:34 executed programs: 2748 2020/02/16 09:56:39 executed programs: 3054 2020/02/16 09:56:44 executed programs: 3375 2020/02/16 09:56:49 executed programs: 3688 2020/02/16 09:56:54 executed programs: 4007 [ 120.000780] [ 120.002448] ========================= [ 120.006236] WARNING: held lock freed! [ 120.010035] 4.14.171-syzkaller #0 Not tainted [ 120.014514] ------------------------- [ 120.018300] syz-executor.4/24094 is freeing memory ffff8880a93320c0-ffff8880a93328bf, with a lock still held there! [ 120.028887] (sk_lock-AF_PPPOX){+.+.}, at: [] pppol2tp_release+0x45/0x290 [ 120.037383] 2 locks held by syz-executor.4/24094: [ 120.042214] #0: (&sb->s_type->i_mutex_key#11){+.+.}, at: [] __sock_release+0x7d/0x2a0 [ 120.051928] #1: (sk_lock-AF_PPPOX){+.+.}, at: [] pppol2tp_release+0x45/0x290 [ 120.060884] [ 120.060884] stack backtrace: [ 120.065355] CPU: 1 PID: 24094 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0 [ 120.073208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 120.082542] Call Trace: [ 120.085118] dump_stack+0xf7/0x13b [ 120.088645] debug_check_no_locks_freed.cold.64+0x9e/0xaa [ 120.094160] kfree+0xb1/0x270 [ 120.097245] __sk_destruct+0x3e1/0x4e0 [ 120.101115] sk_destruct+0x83/0xb0 [ 120.104652] __sk_free+0x47/0x1f0 [ 120.108080] sk_free+0x23/0x30 [ 120.111248] pppol2tp_release+0x21e/0x290 [ 120.115372] __sock_release+0xc2/0x2a0 [ 120.119247] sock_close+0x10/0x20 [ 120.122676] __fput+0x232/0x750 [ 120.125929] ? _raw_spin_unlock_irq+0x27/0x80 [ 120.130402] ____fput+0x9/0x10 [ 120.133568] task_work_run+0xe5/0x170 [ 120.137347] exit_to_usermode_loop+0x16a/0x1b0 [ 120.141918] do_syscall_64+0x416/0x5b0 [ 120.145790] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 120.150615] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 120.155779] RIP: 0033:0x459f49 [ 120.158974] RSP: 002b:00007fbd6ef1fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 120.166801] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000459f49 [ 120.174054] RDX: 000000000000002e RSI: 0000000020000180 RDI: 0000000000000004 [ 120.181404] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 120.188657] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd6ef206d4 [ 120.195916] R13: 00000000004c068b R14: 00000000004d2d58 R15: 00000000ffffffff [ 120.205613] ================================================================== [ 120.212980] BUG: KASAN: use-after-free in do_raw_spin_lock+0x1ef/0x230 [ 120.219620] Read of size 4 at addr ffff8880a933214c by task syz-executor.4/24094 [ 120.227131] [ 120.228791] CPU: 1 PID: 24094 Comm: syz-executor.4 Not tainted 4.14.171-syzkaller #0 [ 120.236675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 120.246126] Call Trace: [ 120.248707] dump_stack+0xf7/0x13b [ 120.252227] ? do_raw_spin_lock+0x1ef/0x230 [ 120.256530] print_address_description.cold.7+0x9/0x1c9 [ 120.261877] ? do_raw_spin_lock+0x1ef/0x230 [ 120.266178] kasan_report.cold.8+0x11a/0x2d3 [ 120.270567] __asan_report_load4_noabort+0x14/0x20 [ 120.275480] do_raw_spin_lock+0x1ef/0x230 [ 120.279611] _raw_spin_lock_bh+0x39/0x40 [ 120.283667] ? release_sock+0x1b/0x180 [ 120.287534] release_sock+0x1b/0x180 [ 120.291226] pppol2tp_release+0x1f5/0x290 [ 120.295480] __sock_release+0xc2/0x2a0 [ 120.299357] sock_close+0x10/0x20 [ 120.302834] __fput+0x232/0x750 [ 120.306096] ? _raw_spin_unlock_irq+0x27/0x80 [ 120.310575] ____fput+0x9/0x10 [ 120.314358] task_work_run+0xe5/0x170 [ 120.318137] exit_to_usermode_loop+0x16a/0x1b0 [ 120.322695] do_syscall_64+0x416/0x5b0 [ 120.326567] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 120.331495] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 120.336661] RIP: 0033:0x459f49 [ 120.339833] RSP: 002b:00007fbd6ef1fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 120.347522] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000459f49 [ 120.354776] RDX: 000000000000002e RSI: 0000000020000180 RDI: 0000000000000004 [ 120.362083] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 120.369335] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd6ef206d4 [ 120.376693] R13: 00000000004c068b R14: 00000000004d2d58 R15: 00000000ffffffff [ 120.383951] [ 120.385572] Allocated by task 24101: [ 120.389264] save_stack_trace+0x16/0x20 [ 120.393216] save_stack+0x43/0xd0 [ 120.396646] kasan_kmalloc+0xc7/0xe0 [ 120.400334] __kmalloc+0x15b/0x7b0 [ 120.403849] sk_prot_alloc+0x146/0x240 [ 120.407712] sk_alloc+0x30/0xc10 [ 120.411315] pppol2tp_create+0x23/0x1d0 [ 120.415264] pppox_create+0xd3/0x1f0 [ 120.418950] __sock_create+0x262/0x540 [ 120.422813] SyS_socket+0xc6/0x1a0 [ 120.426333] do_syscall_64+0x1c7/0x5b0 [ 120.430194] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 120.435367] [ 120.436972] Freed by task 24094: [ 120.440313] save_stack_trace+0x16/0x20 [ 120.444261] save_stack+0x43/0xd0 [ 120.447687] kasan_slab_free+0x71/0xc0 [ 120.451549] kfree+0xcc/0x270 [ 120.454629] __sk_destruct+0x3e1/0x4e0 [ 120.458491] sk_destruct+0x83/0xb0 [ 120.462009] __sk_free+0x47/0x1f0 [ 120.465439] sk_free+0x23/0x30 [ 120.468607] pppol2tp_release+0x21e/0x290 [ 120.472749] __sock_release+0xc2/0x2a0 [ 120.476609] sock_close+0x10/0x20 [ 120.480048] __fput+0x232/0x750 [ 120.483306] ____fput+0x9/0x10 [ 120.486481] task_work_run+0xe5/0x170 [ 120.490288] exit_to_usermode_loop+0x16a/0x1b0 [ 120.494908] do_syscall_64+0x416/0x5b0 [ 120.498774] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 120.503938] [ 120.505542] The buggy address belongs to the object at ffff8880a93320c0 [ 120.505542] which belongs to the cache kmalloc-2048 of size 2048 [ 120.518347] The buggy address is located 140 bytes inside of [ 120.518347] 2048-byte region [ffff8880a93320c0, ffff8880a93328c0) [ 120.530453] The buggy address belongs to the page: [ 120.535361] page:ffffea0002a4cc80 count:1 mapcount:0 mapping:ffff8880a93320c0 index:0x0 compound_mapcount: 0 [ 120.545305] flags: 0x1fffc0000008100(slab|head) [ 120.549963] raw: 01fffc0000008100 ffff8880a93320c0 0000000000000000 0000000100000003 [ 120.557833] raw: ffffea0002256d20 ffffea0001d91020 ffff8880aa800c40 0000000000000000 [ 120.565689] page dumped because: kasan: bad access detected [ 120.571481] [ 120.573089] Memory state around the buggy address: [ 120.577999] ffff8880a9332000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 120.585336] ffff8880a9332080: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 120.592681] >ffff8880a9332100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.600019] ^ [ 120.605713] ffff8880a9332180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.613064] ffff8880a9332200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.620627] ================================================================== [ 120.628008] Kernel panic - not syncing: panic_on_warn set ... [ 120.628008] [ 120.635357] CPU: 1 PID: 24094 Comm: syz-executor.4 Tainted: G B 4.14.171-syzkaller #0 [ 120.644438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 120.653898] Call Trace: [ 120.656573] dump_stack+0xf7/0x13b [ 120.660106] ? do_raw_spin_lock+0x1ef/0x230 [ 120.664415] panic+0x1b0/0x358 [ 120.667606] ? add_taint.cold.5+0x11/0x11 [ 120.671745] ? do_raw_spin_lock+0x1ef/0x230 [ 120.676054] kasan_end_report+0x47/0x4f [ 120.680016] kasan_report.cold.8+0x76/0x2d3 [ 120.684342] __asan_report_load4_noabort+0x14/0x20 [ 120.689363] do_raw_spin_lock+0x1ef/0x230 [ 120.693628] _raw_spin_lock_bh+0x39/0x40 [ 120.697694] ? release_sock+0x1b/0x180 [ 120.701573] release_sock+0x1b/0x180 [ 120.705273] pppol2tp_release+0x1f5/0x290 [ 120.709532] __sock_release+0xc2/0x2a0 [ 120.713415] sock_close+0x10/0x20 [ 120.716849] __fput+0x232/0x750 [ 120.720111] ? _raw_spin_unlock_irq+0x27/0x80 [ 120.724585] ____fput+0x9/0x10 [ 120.727764] task_work_run+0xe5/0x170 [ 120.731617] exit_to_usermode_loop+0x16a/0x1b0 [ 120.736185] do_syscall_64+0x416/0x5b0 [ 120.740074] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 120.745004] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 120.750179] RIP: 0033:0x459f49 [ 120.753355] RSP: 002b:00007fbd6ef1fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 120.761053] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000459f49 [ 120.768317] RDX: 000000000000002e RSI: 0000000020000180 RDI: 0000000000000004 [ 120.775564] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 120.782824] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbd6ef206d4 [ 120.790078] R13: 00000000004c068b R14: 00000000004d2d58 R15: 00000000ffffffff [ 120.798776] Kernel Offset: disabled [ 120.802470] Rebooting in 86400 seconds..