Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 39.275921][ T6883] as (6883) used greatest stack depth: 23072 bytes left [ 39.777491][ T27] audit: type=1400 audit(1586596360.612:8): avc: denied { execmem } for pid=6892 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 39.790313][ T6893] IPVS: ftp: loaded support on port[0] = 21 [ 40.144585][ T347] tipc: TX() has been purged, node left! [ 40.387538][ T6869] can: request_module (can-proto-0) failed. [ 43.255822][ T6869] can: request_module (can-proto-0) failed. [ 43.266429][ T6869] can: request_module (can-proto-0) failed. [ 43.301040][ T27] audit: type=1400 audit(1586596364.133:9): avc: denied { create } for pid=6869 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 Warning: Permanently added '10.128.15.205' (ECDSA) to the list of known hosts. 2020/04/11 09:12:51 parsed 1 programs 2020/04/11 09:12:52 executed programs: 0 [ 51.398085][ T27] audit: type=1400 audit(1586596372.234:10): avc: denied { execmem } for pid=7010 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 51.495523][ T7016] IPVS: ftp: loaded support on port[0] = 21 [ 51.500373][ T7011] IPVS: ftp: loaded support on port[0] = 21 [ 51.530177][ T7019] IPVS: ftp: loaded support on port[0] = 21 [ 51.532540][ T7015] IPVS: ftp: loaded support on port[0] = 21 [ 51.559181][ T7021] IPVS: ftp: loaded support on port[0] = 21 [ 51.562004][ T7020] IPVS: ftp: loaded support on port[0] = 21 [ 51.820200][ T7016] chnl_net:caif_netlink_parms(): no params data found [ 51.870890][ T7021] chnl_net:caif_netlink_parms(): no params data found [ 51.981368][ T7020] chnl_net:caif_netlink_parms(): no params data found [ 52.003412][ T7011] chnl_net:caif_netlink_parms(): no params data found [ 52.020151][ T7021] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.029035][ T7021] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.037684][ T7021] device bridge_slave_0 entered promiscuous mode [ 52.048870][ T7021] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.056426][ T7021] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.064991][ T7021] device bridge_slave_1 entered promiscuous mode [ 52.074164][ T7016] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.081340][ T7016] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.090667][ T7016] device bridge_slave_0 entered promiscuous mode [ 52.098628][ T7019] chnl_net:caif_netlink_parms(): no params data found [ 52.128416][ T7016] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.135845][ T7016] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.144315][ T7016] device bridge_slave_1 entered promiscuous mode [ 52.208743][ T7021] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.250259][ T7020] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.257792][ T7020] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.269495][ T7020] device bridge_slave_0 entered promiscuous mode [ 52.277684][ T7015] chnl_net:caif_netlink_parms(): no params data found [ 52.288709][ T7021] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.310718][ T7019] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.318244][ T7019] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.327499][ T7019] device bridge_slave_0 entered promiscuous mode [ 52.336835][ T7016] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.347130][ T7020] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.355122][ T7020] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.363885][ T7020] device bridge_slave_1 entered promiscuous mode [ 52.383385][ T7011] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.390479][ T7011] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.399353][ T7011] device bridge_slave_0 entered promiscuous mode [ 52.407923][ T7019] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.415814][ T7019] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.423903][ T7019] device bridge_slave_1 entered promiscuous mode [ 52.433044][ T7016] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.460369][ T7021] team0: Port device team_slave_0 added [ 52.467700][ T7011] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.475511][ T7011] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.483789][ T7011] device bridge_slave_1 entered promiscuous mode [ 52.501560][ T7016] team0: Port device team_slave_0 added [ 52.509408][ T7021] team0: Port device team_slave_1 added [ 52.543483][ T7020] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.559829][ T7016] team0: Port device team_slave_1 added [ 52.604194][ T7021] device hsr_slave_0 entered promiscuous mode [ 52.642395][ T7021] device hsr_slave_1 entered promiscuous mode [ 52.694162][ T7019] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.704880][ T7020] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.729732][ T7020] team0: Port device team_slave_0 added [ 52.738913][ T7011] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.750282][ T7019] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.763837][ T7015] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.770888][ T7015] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.778990][ T7015] device bridge_slave_0 entered promiscuous mode [ 52.787980][ T7020] team0: Port device team_slave_1 added [ 52.802515][ T7011] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.845442][ T7015] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.852913][ T7015] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.860483][ T7015] device bridge_slave_1 entered promiscuous mode [ 52.901937][ T7011] team0: Port device team_slave_0 added [ 52.944801][ T7016] device hsr_slave_0 entered promiscuous mode [ 53.002298][ T7016] device hsr_slave_1 entered promiscuous mode [ 53.072029][ T7016] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.079750][ T7016] Cannot create hsr debugfs directory [ 53.124873][ T7020] device hsr_slave_0 entered promiscuous mode [ 53.162156][ T7020] device hsr_slave_1 entered promiscuous mode [ 53.221866][ T7020] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.229432][ T7020] Cannot create hsr debugfs directory [ 53.240416][ T7019] team0: Port device team_slave_0 added [ 53.250807][ T7019] team0: Port device team_slave_1 added [ 53.265574][ T7015] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.276272][ T7011] team0: Port device team_slave_1 added [ 53.295390][ T7015] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.354679][ T7011] device hsr_slave_0 entered promiscuous mode [ 53.382170][ T7011] device hsr_slave_1 entered promiscuous mode [ 53.432073][ T7011] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.439673][ T7011] Cannot create hsr debugfs directory [ 53.493661][ T7019] device hsr_slave_0 entered promiscuous mode [ 53.552203][ T7019] device hsr_slave_1 entered promiscuous mode [ 53.611891][ T7019] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 53.623114][ T7019] Cannot create hsr debugfs directory [ 53.628726][ T7021] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 53.687862][ T7021] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 53.732282][ T7015] team0: Port device team_slave_0 added [ 53.738758][ T7021] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 53.786904][ T7021] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 53.824289][ T7015] team0: Port device team_slave_1 added [ 53.858230][ T7020] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 53.894626][ T7020] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 53.988037][ T7020] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 54.033509][ T7016] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 54.074355][ T7016] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 54.137457][ T7016] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 54.194201][ T7016] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 54.314438][ T7015] device hsr_slave_0 entered promiscuous mode [ 54.351951][ T7015] device hsr_slave_1 entered promiscuous mode [ 54.392189][ T7015] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.399776][ T7015] Cannot create hsr debugfs directory [ 54.409565][ T7020] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 54.497940][ T7011] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.538689][ T7011] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.587785][ T7011] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.653295][ T7011] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.810703][ T7019] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 54.845433][ T7019] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 54.903991][ T7019] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 54.985041][ T7019] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 55.036964][ T7020] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.049865][ T7015] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 55.084187][ T7015] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 55.140675][ T7016] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.154901][ T7015] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 55.194774][ T7015] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 55.260603][ T7021] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.268973][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.278404][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.302817][ T7020] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.316225][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.324393][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.336318][ T7016] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.361058][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.370301][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.379882][ T2750] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.387101][ T2750] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.396253][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.404803][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.413141][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.422405][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.430928][ T2750] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.438033][ T2750] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.446718][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.461069][ T7011] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.470623][ T7021] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.495332][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.506595][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.517538][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.527874][ T2758] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.534986][ T2758] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.562179][ T7011] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.584829][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.593494][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.602702][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.611148][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.620320][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.629413][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.638390][ T2761] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.645484][ T2761] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.653628][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.661831][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.669416][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.678077][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.686652][ T2761] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.693773][ T2761] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.701583][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.709990][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.719150][ T2761] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.726254][ T2761] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.753344][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.761078][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.770773][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.779290][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.788528][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.797826][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.806649][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.816002][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.824835][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.833398][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.841814][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.850468][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.859879][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.868531][ T2758] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.875655][ T2758] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.883598][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.910379][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.919030][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.930682][ T2750] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.937803][ T2750] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.946431][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.956820][ T7020] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.985029][ T7019] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.998423][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.009790][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.018721][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.027179][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.036071][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.045088][ T2750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.076367][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.085203][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.093600][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.102866][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.111076][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.119982][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.128700][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.137539][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.146178][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.154244][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.171053][ T7011] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 56.184501][ T7011] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.208664][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.216677][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.225401][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.234134][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.242778][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.250927][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.260056][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.268611][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.276634][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.284950][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.299610][ T7019] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.309302][ T7020] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.320677][ T7015] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.330253][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.339921][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.351898][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.360149][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.372471][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.380725][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.401454][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.409963][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.420486][ T4011] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.427647][ T4011] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.443522][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.452733][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.462156][ T4011] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.469451][ T4011] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.479335][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.480451][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.496551][ T7011] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.504996][ T7016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.523127][ T7021] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.523743][ T7021] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.538694][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.538809][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.538886][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.539317][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.539613][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.548052][ T7015] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.567008][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.567497][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.567869][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.568275][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.568530][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.568560][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.569216][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.607160][ T7021] 8021q: adding VLAN 0 to HW filter on device batadv0 2020/04/11 09:12:57 executed programs: 6 [ 56.754603][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.785235][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.814326][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.834548][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.835203][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.877093][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.905532][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.905893][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.907034][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.907133][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.907210][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.907357][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 56.909560][ T7019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.915833][ T7016] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.926336][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.928325][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.929336][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.930298][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.930322][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.967615][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.968253][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.969376][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.970099][ T4011] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.973898][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.989006][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 56.989133][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 57.025528][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.026263][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.026752][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 57.027162][ T2758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.034075][ T7019] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.049365][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.049849][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.061896][ T7015] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.279803][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 57.279906][ T2761] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 57.293598][ T7015] 8021q: adding VLAN 0 to HW filter on device batadv0 2020/04/11 09:13:02 executed programs: 153 2020/04/11 09:13:07 executed programs: 266 2020/04/11 09:13:12 executed programs: 437 [ 72.244399][ T9794] ================================================================== [ 72.244431][ T9794] BUG: KASAN: use-after-free in fbcon_cursor+0x409/0x570 [ 72.244437][ T9794] Read of size 2 at addr ffff8880a18cc28c by task syz-executor.0/9794 [ 72.244440][ T9794] [ 72.244448][ T9794] CPU: 1 PID: 9794 Comm: syz-executor.0 Not tainted 5.6.0-syzkaller #0 [ 72.244452][ T9794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.244456][ T9794] Call Trace: [ 72.244467][ T9794] dump_stack+0x12d/0x187 [ 72.244476][ T9794] ? fbcon_cursor+0x409/0x570 [ 72.244482][ T9794] ? fbcon_cursor+0x409/0x570 [ 72.244492][ T9794] print_address_description.constprop.8.cold.10+0x9/0x31d [ 72.244498][ T9794] ? fbcon_cursor+0x409/0x570 [ 72.244503][ T9794] ? fbcon_cursor+0x409/0x570 [ 72.244510][ T9794] __kasan_report.cold.11+0x37/0x4e [ 72.244519][ T9794] ? lock_downgrade+0x870/0x960 [ 72.244524][ T9794] ? fbcon_cursor+0x409/0x570 [ 72.244533][ T9794] kasan_report+0x38/0x50 [ 72.244543][ T9794] __asan_report_load2_noabort+0x14/0x20 [ 72.244549][ T9794] fbcon_cursor+0x409/0x570 [ 72.244561][ T9794] fbcon_scrolldelta+0x525/0xf00 [ 72.244566][ T9794] ? kfree+0x224/0x2c0 [ 72.244581][ T9794] fbcon_set_origin+0x16/0x20 [ 72.244588][ T9794] set_origin+0xcc/0x390 [ 72.244596][ T9794] vc_do_resize+0x8ec/0x12b0 [ 72.244604][ T9794] ? mark_held_locks+0x130/0x130 [ 72.244624][ T9794] ? vc_uniscr_alloc+0xa0/0xa0 [ 72.244632][ T9794] ? lock_release+0x960/0x960 [ 72.244637][ T9794] ? lockdep_hardirqs_on+0x481/0x620 [ 72.244645][ T9794] ? _raw_spin_unlock_irqrestore+0x7d/0xd0 [ 72.244652][ T9794] ? trace_hardirqs_on+0x28/0x1a0 [ 72.244663][ T9794] vc_resize+0x3d/0x60 [ 72.244675][ T9794] ? console_lock+0x41/0x70 [ 72.244683][ T9794] vt_ioctl+0x35e/0x24c0 [ 72.244693][ T9794] ? complete_change_console+0x310/0x310 [ 72.244703][ T9794] ? tomoyo_path_number_perm+0x1e8/0x4c0 [ 72.244708][ T9794] ? lock_downgrade+0x960/0x960 [ 72.244712][ T9794] ? kfree+0x224/0x2c0 [ 72.244716][ T9794] ? tomoyo_path_number_perm+0x3e6/0x4c0 [ 72.244723][ T9794] ? lockdep_hardirqs_on+0x481/0x620 [ 72.244727][ T9794] ? kfree+0x224/0x2c0 [ 72.244735][ T9794] ? tomoyo_path_number_perm+0x3e6/0x4c0 [ 72.244745][ T9794] ? tomoyo_path_number_perm+0x213/0x4c0 [ 72.244753][ T9794] ? tomoyo_execute_permission+0x460/0x460 [ 72.244763][ T9794] tty_ioctl+0x45b/0x12f0 [ 72.244769][ T9794] ? find_held_lock+0x36/0x1d0 [ 72.244776][ T9794] ? tty_vhangup+0x20/0x20 [ 72.244788][ T9794] ? ___might_sleep+0x16b/0x2b0 [ 72.244808][ T9794] ? ioctl_file_clone+0x120/0x120 [ 72.244829][ T9794] ? ksys_dup3+0x2e0/0x2e0 [ 72.244836][ T9794] ? put_timespec64+0xa9/0x100 [ 72.244842][ T9794] ? nsecs_to_jiffies+0x20/0x20 [ 72.244855][ T9794] ? tomoyo_file_ioctl+0x14/0x20 [ 72.244865][ T9794] ksys_ioctl+0xc1/0x110 [ 72.244869][ T9794] ? lockdep_hardirqs_on+0x481/0x620 [ 72.244877][ T9794] __x64_sys_ioctl+0x6e/0xb0 [ 72.244885][ T9794] do_syscall_64+0xca/0x630 [ 72.244896][ T9794] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 72.244903][ T9794] RIP: 0033:0x45a909 [ 72.244910][ T9794] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 72.244914][ T9794] RSP: 002b:00007f56a8cbac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 72.244921][ T9794] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a909 [ 72.244925][ T9794] RDX: 0000000020000000 RSI: 0000000000005609 RDI: 0000000000000003 [ 72.244928][ T9794] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 72.244931][ T9794] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f56a8cbb6d4 [ 72.244935][ T9794] R13: 00000000004c7009 R14: 00000000004dd670 R15: 00000000ffffffff [ 72.244953][ T9794] [ 72.244957][ T9794] Allocated by task 9786: [ 72.244962][ T9794] save_stack+0x21/0x50 [ 72.244967][ T9794] __kasan_kmalloc.constprop.17+0xc7/0xd0 [ 72.244970][ T9794] kasan_kmalloc+0x9/0x10 [ 72.244974][ T9794] __kmalloc+0x164/0x790 [ 72.244979][ T9794] vc_do_resize+0x1de/0x12b0 [ 72.244983][ T9794] vc_resize+0x3d/0x60 [ 72.244987][ T9794] vt_ioctl+0x35e/0x24c0 [ 72.244990][ T9794] tty_ioctl+0x45b/0x12f0 [ 72.244994][ T9794] ksys_ioctl+0xc1/0x110 [ 72.244998][ T9794] __x64_sys_ioctl+0x6e/0xb0 [ 72.245003][ T9794] do_syscall_64+0xca/0x630 [ 72.245008][ T9794] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 72.245011][ T9794] [ 72.245014][ T9794] Freed by task 9794: [ 72.245018][ T9794] save_stack+0x21/0x50 [ 72.245023][ T9794] __kasan_slab_free+0x102/0x150 [ 72.245026][ T9794] kasan_slab_free+0xe/0x10 [ 72.245030][ T9794] kfree+0x108/0x2c0 [ 72.245034][ T9794] vc_do_resize+0x889/0x12b0 [ 72.245037][ T9794] vc_resize+0x3d/0x60 [ 72.245042][ T9794] vt_ioctl+0x35e/0x24c0 [ 72.245045][ T9794] tty_ioctl+0x45b/0x12f0 [ 72.245050][ T9794] ksys_ioctl+0xc1/0x110 [ 72.245054][ T9794] __x64_sys_ioctl+0x6e/0xb0 [ 72.245059][ T9794] do_syscall_64+0xca/0x630 [ 72.245063][ T9794] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 72.245066][ T9794] [ 72.245071][ T9794] The buggy address belongs to the object at ffff8880a18cc280 [ 72.245071][ T9794] which belongs to the cache kmalloc-32 of size 32 [ 72.245075][ T9794] The buggy address is located 12 bytes inside of [ 72.245075][ T9794] 32-byte region [ffff8880a18cc280, ffff8880a18cc2a0) [ 72.245079][ T9794] The buggy address belongs to the page: [ 72.245086][ T9794] page:ffffea0002863300 refcount:1 mapcount:0 mapping:0000000034afa877 index:0xffff8880a18ccfc1 [ 72.245092][ T9794] flags: 0xfffe0000000200(slab) [ 72.245100][ T9794] raw: 00fffe0000000200 ffffea000292fd48 ffffea00029d6ac8 ffff8880aa4001c0 [ 72.245106][ T9794] raw: ffff8880a18ccfc1 ffff8880a18cc000 000000010000003f 0000000000000000 [ 72.245109][ T9794] page dumped because: kasan: bad access detected [ 72.245112][ T9794] [ 72.245115][ T9794] Memory state around the buggy address: [ 72.245121][ T9794] ffff8880a18cc180: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc [ 72.245125][ T9794] ffff8880a18cc200: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 72.245130][ T9794] >ffff8880a18cc280: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 72.245133][ T9794] ^ [ 72.245138][ T9794] ffff8880a18cc300: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 72.245142][ T9794] ffff8880a18cc380: 00 00 01 fc fc fc fc fc fb fb fb fb fc fc fc fc [ 72.245145][ T9794] ================================================================== [ 72.245149][ T9794] Disabling lock debugging due to kernel taint [ 72.245214][ T9794] Kernel panic - not syncing: panic_on_warn set ... [ 72.245220][ T9794] CPU: 1 PID: 9794 Comm: syz-executor.0 Tainted: G B 5.6.0-syzkaller #0 [ 72.245222][ T9794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.245224][ T9794] Call Trace: [ 72.245230][ T9794] dump_stack+0x12d/0x187 [ 72.245235][ T9794] ? fbcon_cursor+0x310/0x570 [ 72.245239][ T9794] ? fbcon_cursor+0x409/0x570 [ 72.245244][ T9794] panic+0x22a/0x4e3 [ 72.245248][ T9794] ? add_taint.cold.7+0x11/0x11 [ 72.245253][ T9794] ? preempt_schedule_thunk+0x16/0x18 [ 72.245260][ T9794] ? fbcon_cursor+0x409/0x570 [ 72.245263][ T9794] ? fbcon_cursor+0x409/0x570 [ 72.245267][ T9794] end_report+0x51/0x59 [ 72.245272][ T9794] __kasan_report.cold.11+0xe/0x4e [ 72.245277][ T9794] ? lock_downgrade+0x870/0x960 [ 72.245281][ T9794] ? fbcon_cursor+0x409/0x570 [ 72.245286][ T9794] kasan_report+0x38/0x50 [ 72.245291][ T9794] __asan_report_load2_noabort+0x14/0x20 [ 72.245295][ T9794] fbcon_cursor+0x409/0x570 [ 72.245300][ T9794] fbcon_scrolldelta+0x525/0xf00 [ 72.245303][ T9794] ? kfree+0x224/0x2c0 [ 72.245310][ T9794] fbcon_set_origin+0x16/0x20 [ 72.245313][ T9794] set_origin+0xcc/0x390 [ 72.245318][ T9794] vc_do_resize+0x8ec/0x12b0 [ 72.245323][ T9794] ? mark_held_locks+0x130/0x130 [ 72.245332][ T9794] ? vc_uniscr_alloc+0xa0/0xa0 [ 72.245337][ T9794] ? lock_release+0x960/0x960 [ 72.245341][ T9794] ? lockdep_hardirqs_on+0x481/0x620 [ 72.245344][ T9794] ? _raw_spin_unlock_irqrestore+0x7d/0xd0 [ 72.245349][ T9794] ? trace_hardirqs_on+0x28/0x1a0 [ 72.245355][ T9794] vc_resize+0x3d/0x60 [ 72.245359][ T9794] ? console_lock+0x41/0x70 [ 72.245364][ T9794] vt_ioctl+0x35e/0x24c0 [ 72.245370][ T9794] ? complete_change_console+0x310/0x310 [ 72.245375][ T9794] ? tomoyo_path_number_perm+0x1e8/0x4c0 [ 72.245379][ T9794] ? lock_downgrade+0x960/0x960 [ 72.245382][ T9794] ? kfree+0x224/0x2c0 [ 72.245386][ T9794] ? tomoyo_path_number_perm+0x3e6/0x4c0 [ 72.245390][ T9794] ? lockdep_hardirqs_on+0x481/0x620 [ 72.245393][ T9794] ? kfree+0x224/0x2c0 [ 72.245399][ T9794] ? tomoyo_path_number_perm+0x3e6/0x4c0 [ 72.245406][ T9794] ? tomoyo_path_number_perm+0x213/0x4c0 [ 72.245411][ T9794] ? tomoyo_execute_permission+0x460/0x460 [ 72.245417][ T9794] tty_ioctl+0x45b/0x12f0 [ 72.245420][ T9794] ? find_held_lock+0x36/0x1d0 [ 72.245424][ T9794] ? tty_vhangup+0x20/0x20 [ 72.245431][ T9794] ? ___might_sleep+0x16b/0x2b0 [ 72.245441][ T9794] ? ioctl_file_clone+0x120/0x120 [ 72.245450][ T9794] ? ksys_dup3+0x2e0/0x2e0 [ 72.245455][ T9794] ? put_timespec64+0xa9/0x100 [ 72.245460][ T9794] ? nsecs_to_jiffies+0x20/0x20 [ 72.245467][ T9794] ? tomoyo_file_ioctl+0x14/0x20 [ 72.245473][ T9794] ksys_ioctl+0xc1/0x110 [ 72.245477][ T9794] ? lockdep_hardirqs_on+0x481/0x620 [ 72.245482][ T9794] __x64_sys_ioctl+0x6e/0xb0 [ 72.245487][ T9794] do_syscall_64+0xca/0x630 [ 72.245493][ T9794] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 72.245497][ T9794] RIP: 0033:0x45a909 [ 72.245502][ T9794] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 72.245505][ T9794] RSP: 002b:00007f56a8cbac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 72.245510][ T9794] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a909 [ 72.245512][ T9794] RDX: 0000000020000000 RSI: 0000000000005609 RDI: 0000000000000003 [ 72.245515][ T9794] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 72.245518][ T9794] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f56a8cbb6d4 [ 72.245520][ T9794] R13: 00000000004c7009 R14: 00000000004dd670 R15: 00000000ffffffff [ 72.247069][ T9794] Kernel Offset: disabled