[ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 33.709973] audit: type=1400 audit(1591066484.097:9): avc: denied { execmem } for pid=6121 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 33.942487] IPVS: ftp: loaded support on port[0] = 21 [ 35.072589] can: request_module (can-proto-0) failed. [ 35.081499] can: request_module (can-proto-0) failed. [ 35.110150] audit: type=1400 audit(1591066485.498:10): avc: denied { create } for pid=6099 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts. 2020/06/02 02:54:53 parsed 1 programs 2020/06/02 02:54:53 executed programs: 0 [ 43.456779] audit: type=1400 audit(1591066493.842:11): avc: denied { execmem } for pid=6232 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 43.507397] IPVS: ftp: loaded support on port[0] = 21 [ 44.085456] IPVS: ftp: loaded support on port[0] = 21 [ 44.138179] chnl_net:caif_netlink_parms(): no params data found [ 44.169652] IPVS: ftp: loaded support on port[0] = 21 [ 44.192879] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.199723] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.207096] device bridge_slave_0 entered promiscuous mode [ 44.220479] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.226972] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.234122] device bridge_slave_1 entered promiscuous mode [ 44.294506] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 44.303340] chnl_net:caif_netlink_parms(): no params data found [ 44.313352] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 44.362191] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 44.368819] IPVS: ftp: loaded support on port[0] = 21 [ 44.371249] team0: Port device team_slave_0 added [ 44.379735] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.386224] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.395046] device bridge_slave_0 entered promiscuous mode [ 44.402979] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.409911] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.417478] device bridge_slave_1 entered promiscuous mode [ 44.423600] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 44.430932] team0: Port device team_slave_1 added [ 44.443956] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 44.451658] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.465415] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 44.508765] device hsr_slave_0 entered promiscuous mode [ 44.536937] device hsr_slave_1 entered promiscuous mode [ 44.589092] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.596097] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.604262] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 44.634692] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 44.642770] team0: Port device team_slave_0 added [ 44.651512] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 44.659250] team0: Port device team_slave_1 added [ 44.667059] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 44.675921] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.779517] device hsr_slave_0 entered promiscuous mode [ 44.816775] device hsr_slave_1 entered promiscuous mode [ 44.858809] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.869734] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.876208] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.883152] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.889543] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.898891] chnl_net:caif_netlink_parms(): no params data found [ 44.914983] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.928248] IPVS: ftp: loaded support on port[0] = 21 [ 44.955274] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.962868] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.970675] device bridge_slave_0 entered promiscuous mode [ 44.980970] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.987495] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.994079] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.000468] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.035677] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.042258] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.051615] device bridge_slave_1 entered promiscuous mode [ 45.092946] chnl_net:caif_netlink_parms(): no params data found [ 45.137867] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.149309] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.166960] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 45.173978] team0: Port device team_slave_0 added [ 45.192151] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.210241] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.219051] IPVS: ftp: loaded support on port[0] = 21 [ 45.225033] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.232474] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.242953] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.256711] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 45.263735] team0: Port device team_slave_1 added [ 45.269812] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 45.278219] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 45.350008] device hsr_slave_0 entered promiscuous mode [ 45.386626] device hsr_slave_1 entered promiscuous mode [ 45.437265] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 45.443596] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 45.473249] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.479980] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.487669] device bridge_slave_0 entered promiscuous mode [ 45.494756] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 45.511595] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.517990] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.524979] device bridge_slave_1 entered promiscuous mode [ 45.578961] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 45.585139] chnl_net:caif_netlink_parms(): no params data found [ 45.610130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.618102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.631652] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.642244] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.652223] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.667189] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 45.673256] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.681024] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 45.698419] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.709815] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.724961] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 45.750206] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.758941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.766732] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.773774] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.780877] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.788815] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.798228] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.822850] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 45.830898] team0: Port device team_slave_0 added [ 45.836621] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 45.843648] team0: Port device team_slave_1 added [ 45.854755] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.861702] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.869161] device bridge_slave_0 entered promiscuous mode [ 45.876663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.884307] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.892598] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.899167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.910745] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 45.919728] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 45.929142] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 45.935203] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.941995] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.949001] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.955913] device bridge_slave_1 entered promiscuous mode [ 45.980392] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.989477] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.033462] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.041712] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.089840] device hsr_slave_0 entered promiscuous mode [ 46.116274] device hsr_slave_1 entered promiscuous mode [ 46.157137] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.174117] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.183058] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 46.191551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.199606] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.207838] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.214275] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.221644] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.229771] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.237915] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 46.245466] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.253434] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.272711] chnl_net:caif_netlink_parms(): no params data found [ 46.281940] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.291739] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.310622] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.319240] team0: Port device team_slave_0 added [ 46.326937] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 46.335767] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 46.346243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.354169] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.362113] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.368809] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.376265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.383805] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.391801] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.399820] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.412777] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.424874] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.432675] team0: Port device team_slave_1 added [ 46.439156] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.451212] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.462283] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.470281] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.479449] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.485719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.494321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.506939] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 46.514737] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 46.534559] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 46.552936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.561328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.569549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.578096] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.585693] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.594404] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 46.601345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.649964] device hsr_slave_0 entered promiscuous mode [ 46.696218] device hsr_slave_1 entered promiscuous mode [ 46.748877] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 46.757789] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 46.772779] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.779085] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.787115] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 46.794207] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.803675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.811594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.819263] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.827261] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.836052] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.842970] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.851374] device bridge_slave_0 entered promiscuous mode [ 46.861334] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.873320] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 46.885486] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.892320] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.899448] device bridge_slave_1 entered promiscuous mode [ 46.905467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.915930] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.923562] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.929957] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.938200] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 46.946464] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 46.955870] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.962192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.970441] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.980040] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.003354] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 47.012918] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.029108] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 47.038101] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.064397] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 47.072493] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.081591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.090999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.099169] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.105563] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.115193] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 47.122434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.130858] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.138803] team0: Port device team_slave_0 added [ 47.144672] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.153237] team0: Port device team_slave_1 added [ 47.160403] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 47.180151] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.181427] ================================================================== [ 47.194502] BUG: KASAN: use-after-free in _copy_to_user+0x84/0xb0 [ 47.200735] Read of size 924 at addr ffff88807abffff3 by task syz-executor.1/7112 [ 47.202810] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.208712] [ 47.208721] CPU: 1 PID: 7112 Comm: syz-executor.1 Not tainted 4.14.182-syzkaller #0 [ 47.208724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.208727] Call Trace: [ 47.208739] dump_stack+0xf7/0x13b [ 47.208747] ? _copy_to_user+0x84/0xb0 [ 47.208754] print_address_description.cold.7+0x9/0x1c9 [ 47.208759] ? _copy_to_user+0x84/0xb0 [ 47.208764] kasan_report.cold.8+0x11a/0x2d3 [ 47.208770] check_memory_region+0x13e/0x1b0 [ 47.208776] kasan_check_read+0x11/0x20 [ 47.228163] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 47.234244] _copy_to_user+0x84/0xb0 [ 47.234254] bpf_test_finish.isra.5+0xd5/0x170 [ 47.234260] ? bpf_test_run+0x2d0/0x2d0 [ 47.252331] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 47.253671] ? kvm_clock_read+0x23/0x40 [ 47.253677] ? kvm_clock_get_cycles+0x9/0x10 [ 47.253685] ? ktime_get+0x13c/0x240 [ 47.261653] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.262582] ? bpf_test_run+0x210/0x2d0 [ 47.269961] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.273359] ? eth_gro_receive+0x880/0x880 [ 47.273373] bpf_prog_test_run_skb+0x66d/0xbc0 [ 47.283400] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.285666] ? bpf_test_init.isra.6+0xa0/0xa0 [ 47.285675] ? __bpf_prog_get+0x128/0x170 [ 47.285681] SyS_bpf+0x4d7/0x288a [ 47.285689] ? bpf_prog_get+0x10/0x10 [ 47.285695] ? kasan_check_read+0x11/0x20 [ 47.285702] ? _copy_to_user+0x91/0xb0 [ 47.285710] ? put_timespec64+0xa4/0xf0 [ 47.285714] ? nsecs_to_jiffies+0x20/0x20 [ 47.285724] ? SyS_clock_gettime+0x115/0x160 [ 47.285733] ? do_syscall_64+0x4c/0x5b0 [ 47.285740] ? bpf_prog_get+0x10/0x10 [ 47.285745] do_syscall_64+0x1c7/0x5b0 [ 47.285749] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.285760] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 47.285772] RIP: 0033:0x459829 [ 47.285775] RSP: 002b:00007f3c64e7bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 47.285782] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 47.285785] RDX: 0000000000000028 RSI: 0000000020000140 RDI: 000000000000000a [ 47.285789] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 47.294594] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 47.295820] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c64e7c6d4 [ 47.295823] R13: 00000000004bfb92 R14: 00000000004d1758 R15: 00000000ffffffff [ 47.295835] [ 47.295837] The buggy address belongs to the page: [ 47.295844] page:ffffea0001eaffc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 47.295849] flags: 0x1fffc0000000000() [ 47.295855] raw: 01fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 47.295859] raw: ffffea0001eaffe0 ffffea0001eaffe0 0000000000000000 0000000000000000 [ 47.295862] page dumped because: kasan: bad access detected [ 47.295864] [ 47.295867] Memory state around the buggy address: [ 47.295870] ffff88807abffe80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.295874] ffff88807abfff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.295877] >ffff88807abfff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.295880] ^ [ 47.295883] ffff88807ac00000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.295886] ffff88807ac00080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.295889] ================================================================== [ 47.295891] Disabling lock debugging due to kernel taint [ 47.425590] Kernel panic - not syncing: panic_on_warn set ... [ 47.425590] [ 47.561793] CPU: 1 PID: 7112 Comm: syz-executor.1 Tainted: G B 4.14.182-syzkaller #0 [ 47.570818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.580239] Call Trace: [ 47.582868] dump_stack+0xf7/0x13b [ 47.586395] ? _copy_to_user+0x84/0xb0 [ 47.590267] panic+0x1b0/0x358 [ 47.593924] ? add_taint.cold.5+0x11/0x11 [ 47.598298] ? ___preempt_schedule+0x16/0x18 [ 47.603191] ? _copy_to_user+0x84/0xb0 [ 47.607383] kasan_end_report+0x47/0x4f [ 47.612190] kasan_report.cold.8+0x76/0x2d3 [ 47.616588] check_memory_region+0x13e/0x1b0 [ 47.620983] kasan_check_read+0x11/0x20 [ 47.625094] _copy_to_user+0x84/0xb0 [ 47.629325] bpf_test_finish.isra.5+0xd5/0x170 [ 47.634007] ? bpf_test_run+0x2d0/0x2d0 [ 47.638011] ? kvm_clock_read+0x23/0x40 [ 47.642110] ? kvm_clock_get_cycles+0x9/0x10 [ 47.646514] ? ktime_get+0x13c/0x240 [ 47.650677] ? bpf_test_run+0x210/0x2d0 [ 47.654741] ? eth_gro_receive+0x880/0x880 [ 47.659028] bpf_prog_test_run_skb+0x66d/0xbc0 [ 47.663596] ? bpf_test_init.isra.6+0xa0/0xa0 [ 47.668266] ? __bpf_prog_get+0x128/0x170 [ 47.672407] SyS_bpf+0x4d7/0x288a [ 47.675867] ? bpf_prog_get+0x10/0x10 [ 47.679643] ? kasan_check_read+0x11/0x20 [ 47.683868] ? _copy_to_user+0x91/0xb0 [ 47.687750] ? put_timespec64+0xa4/0xf0 [ 47.691791] ? nsecs_to_jiffies+0x20/0x20 [ 47.696022] ? SyS_clock_gettime+0x115/0x160 [ 47.700408] ? do_syscall_64+0x4c/0x5b0 [ 47.704621] ? bpf_prog_get+0x10/0x10 [ 47.708425] do_syscall_64+0x1c7/0x5b0 [ 47.712315] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.717379] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 47.722571] RIP: 0033:0x459829 [ 47.725769] RSP: 002b:00007f3c64e7bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 47.733464] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 47.740717] RDX: 0000000000000028 RSI: 0000000020000140 RDI: 000000000000000a [ 47.748094] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 47.755469] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3c64e7c6d4 [ 47.762740] R13: 00000000004bfb92 R14: 00000000004d1758 R15: 00000000ffffffff [ 47.772207] Kernel Offset: disabled [ 47.775838] Rebooting in 86400 seconds..