[ 42.240505] audit: type=1400 audit(1581490439.919:37): avc: denied { map } for pid=6733 comm="syz-fuzzer" path="/root/syzkaller-shm980714394" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 42.500836] IPVS: ftp: loaded support on port[0] = 21 [ 43.643782] can: request_module (can-proto-0) failed. [ 43.655454] can: request_module (can-proto-0) failed. [ 43.822354] audit: type=1400 audit(1581490441.499:38): avc: denied { create } for pid=6733 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 43.846439] audit: type=1400 audit(1581490441.499:39): avc: denied { create } for pid=6733 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 43.870860] audit: type=1400 audit(1581490441.499:40): avc: denied { create } for pid=6733 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 44.135613] random: sshd: uninitialized urandom read (32 bytes read) [ 44.886323] random: sshd: uninitialized urandom read (32 bytes read) [ 45.089537] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.43' (ECDSA) to the list of known hosts. 2020/02/12 06:54:09 parsed 1 programs 2020/02/12 06:54:09 executed programs: 0 [ 52.040869] IPVS: ftp: loaded support on port[0] = 21 [ 52.906903] IPVS: ftp: loaded support on port[0] = 21 [ 52.950633] chnl_net:caif_netlink_parms(): no params data found [ 53.014695] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.021954] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.022883] IPVS: ftp: loaded support on port[0] = 21 [ 53.029027] device bridge_slave_0 entered promiscuous mode [ 53.042982] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.049345] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.056465] device bridge_slave_1 entered promiscuous mode [ 53.071128] chnl_net:caif_netlink_parms(): no params data found [ 53.089069] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.104770] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.129933] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.137424] team0: Port device team_slave_0 added [ 53.144703] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.151774] team0: Port device team_slave_1 added [ 53.156976] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.166434] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 53.231779] IPVS: ftp: loaded support on port[0] = 21 [ 53.234020] device hsr_slave_0 entered promiscuous mode [ 53.280381] device hsr_slave_1 entered promiscuous mode [ 53.321531] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.327971] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.335057] device bridge_slave_0 entered promiscuous mode [ 53.343681] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.350195] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.357417] device bridge_slave_1 entered promiscuous mode [ 53.374983] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 53.382507] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.393200] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.408739] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 53.454207] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.461348] team0: Port device team_slave_0 added [ 53.468823] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.476203] team0: Port device team_slave_1 added [ 53.482990] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.491606] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.498033] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.504996] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.511378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.532493] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 53.603535] device hsr_slave_0 entered promiscuous mode [ 53.640308] device hsr_slave_1 entered promiscuous mode [ 53.681258] chnl_net:caif_netlink_parms(): no params data found [ 53.691653] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 53.702393] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 53.714322] IPVS: ftp: loaded support on port[0] = 21 [ 53.766079] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.773480] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.780987] device bridge_slave_0 entered promiscuous mode [ 53.789425] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.795904] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.803257] device bridge_slave_1 entered promiscuous mode [ 53.823261] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.842761] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.849164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.855800] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.862153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.876660] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.912848] chnl_net:caif_netlink_parms(): no params data found [ 53.925149] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.932543] team0: Port device team_slave_0 added [ 53.944973] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.952119] team0: Port device team_slave_1 added [ 53.957446] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.968970] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.012925] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.019970] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.027205] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.033941] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.046263] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.092480] device hsr_slave_0 entered promiscuous mode [ 54.130275] device hsr_slave_1 entered promiscuous mode [ 54.200675] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.212979] IPVS: ftp: loaded support on port[0] = 21 [ 54.216428] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.229716] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.244539] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.251124] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.258065] device bridge_slave_0 entered promiscuous mode [ 54.266179] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.272641] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.279630] device bridge_slave_1 entered promiscuous mode [ 54.288422] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.312488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.320182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.331826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.339222] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 54.345459] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.364103] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 54.373666] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.404043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.412083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.419706] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.426109] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.434031] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.445838] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.482747] chnl_net:caif_netlink_parms(): no params data found [ 54.501285] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 54.511610] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.518756] team0: Port device team_slave_0 added [ 54.527857] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.535304] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.543455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.551619] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.559177] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.565570] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.572558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.579435] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.588943] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.596287] team0: Port device team_slave_1 added [ 54.606807] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.615668] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 54.625842] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 54.637517] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 54.643897] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.650531] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.658256] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.666202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.685155] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 54.718322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.726100] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.735731] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.748382] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.755451] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.762758] device bridge_slave_0 entered promiscuous mode [ 54.769929] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 54.780913] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.787838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.797105] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.804740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.812860] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.820682] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.827021] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.872319] device hsr_slave_0 entered promiscuous mode [ 54.910303] device hsr_slave_1 entered promiscuous mode [ 54.950735] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.958064] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 54.965247] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.971734] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.978567] device bridge_slave_1 entered promiscuous mode [ 54.994908] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.013649] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.020580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.028043] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.037072] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.047661] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.056054] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.069494] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 55.079741] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.086145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.094252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.101965] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.108301] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.115296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.123132] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.162285] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 55.174957] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 55.181910] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.195381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.205453] chnl_net:caif_netlink_parms(): no params data found [ 55.215350] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.224659] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.232194] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.239218] team0: Port device team_slave_0 added [ 55.249206] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 55.256768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.264291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.271468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.282544] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.288613] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.303372] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.310711] team0: Port device team_slave_1 added [ 55.316159] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.325165] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 55.333479] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.354044] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.362265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.370512] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.378049] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.384475] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.392425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.402025] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.416604] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 55.431124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.438927] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.446661] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.453079] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.460503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.468117] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.476604] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 55.488431] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.495064] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.502494] device bridge_slave_0 entered promiscuous mode [ 55.509795] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.516483] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.523663] device bridge_slave_1 entered promiscuous mode [ 55.532090] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 55.546670] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 55.556826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.564483] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.571869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.579661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.587569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.595587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.603740] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.612911] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 55.672290] device hsr_slave_0 entered promiscuous mode [ 55.710339] device hsr_slave_1 entered promiscuous mode [ 55.752120] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 55.759319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.767868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.775371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.785054] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 55.799073] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.811188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.819080] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.827291] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.837273] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.845771] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 55.852329] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.859633] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.878988] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 55.889115] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.909171] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.917302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.925319] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.936231] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 55.956662] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.964035] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.972656] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.981152] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.988233] team0: Port device team_slave_0 added [ 55.994679] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 56.008395] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 56.015473] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.023413] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.031327] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.038510] team0: Port device team_slave_1 added [ 56.044268] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.057091] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.074792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.083496] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.108522] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.116113] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 56.126237] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.140121] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.153638] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 56.171780] ================================================================== [ 56.175250] BUG: unable to handle kernel [ 56.179356] BUG: KASAN: use-after-free in padata_parallel_worker+0x37a/0x420 [ 56.179362] Write of size 8 at addr ffff88809a598058 by task kworker/0:0/3 [ 56.183494] paging request at ffffffffffffffc8 [ 56.190670] [ 56.197769] IP: pcrypt_aead_enc+0x7b/0xf0 [ 56.202331] CPU: 0 PID: 3 Comm: kworker/0:0 Not tainted 4.14.170-syzkaller #0 [ 56.203943] PGD 786d067 [ 56.208074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.215333] P4D 786d067 [ 56.218010] Workqueue: pencrypt padata_parallel_worker [ 56.227450] PUD 786f067 [ 56.235454] PMD 0 [ 56.238216] Call Trace: [ 56.238223] Oops: 0000 [#1] PREEMPT SMP KASAN [ 56.240354] dump_stack+0xf7/0x13b [ 56.242915] Modules linked in: [ 56.247404] ? padata_parallel_worker+0x37a/0x420 [ 56.250923] CPU: 1 PID: 18 Comm: kworker/1:0 Not tainted 4.14.170-syzkaller #0 [ 56.254098] print_address_description.cold.7+0x9/0x1c9 [ 56.258918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.266268] ? padata_parallel_worker+0x37a/0x420 [ 56.271617] Workqueue: pencrypt padata_parallel_worker [ 56.280960] kasan_report.cold.8+0x11a/0x2d3 [ 56.285783] task: ffff8880a9d5c4c0 task.stack: ffff8880a9d68000 [ 56.291082] __asan_report_store8_noabort+0x17/0x20 [ 56.295586] RIP: 0010:pcrypt_aead_enc+0x7b/0xf0 [ 56.301635] padata_parallel_worker+0x37a/0x420 [ 56.306717] RSP: 0018:ffff8880a9d6fc90 EFLAGS: 00010246 [ 56.311375] ? padata_sysfs_store+0xa0/0xa0 [ 56.321497] process_one_work+0x79e/0x16c0 [ 56.325792] RAX: dffffc0000000000 RBX: ffff88809f8b87d0 RCX: ffffffff82b0738e [ 56.325796] RDX: 1ffffffffffffff9 RSI: 0000000000000008 RDI: ffff88809f8b8808 [ 56.330713] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 56.337982] RBP: ffff8880a9d6fcb0 R08: 0000000000000001 R09: 0000000000000000 [ 56.345381] worker_thread+0xcc/0xee0 [ 56.350029] R10: 0000000000000050 R11: ffff8880a9d5c4c0 R12: 0000000000000000 [ 56.357295] kthread+0x338/0x400 [ 56.361094] R13: ffff88809f8b8808 R14: ffff8880a9d6fcf8 R15: 1ffff110153adf9b [ 56.368357] ? process_one_work+0x16c0/0x16c0 [ 56.371705] FS: 0000000000000000(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 56.378965] ? kthread_create_on_node+0xa0/0xa0 [ 56.383445] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.391935] ret_from_fork+0x24/0x30 [ 56.396579] CR2: ffffffffffffffc8 CR3: 000000008cb69000 CR4: 00000000001406e0 [ 56.402485] [ 56.406183] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.413577] Allocated by task 6859: [ 56.415194] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.422889] save_stack_trace+0x16/0x20 [ 56.426514] Call Trace: [ 56.426528] padata_parallel_worker+0x24e/0x420 [ 56.426533] ? padata_sysfs_store+0xa0/0xa0 [ 56.426541] process_one_work+0x79e/0x16c0 [ 56.426548] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 56.433809] save_stack+0x43/0xd0 [ 56.437809] worker_thread+0xcc/0xee0 [ 56.437816] kthread+0x338/0x400 [ 56.437819] ? process_one_work+0x16c0/0x16c0 [ 56.437822] ? kthread_create_on_node+0xa0/0xa0 [ 56.437829] ret_from_fork+0x24/0x30 [ 56.437834] Code: 00 0f 85 [ 56.440424] kasan_kmalloc+0xc7/0xe0 [ 56.446325] 82 [ 56.450635] __kmalloc+0x15b/0x7b0 [ 56.454847] 00 [ 56.459553] tls_push_record+0xf6/0x14c0 [ 56.462991] 00 [ 56.466781] tls_sw_sendmsg+0x90b/0x10a0 [ 56.470125] 00 [ 56.474885] inet_sendmsg+0x108/0x440 [ 56.479533] 48 [ 56.483255] sock_sendmsg+0xb5/0xf0 [ 56.486167] b8 [ 56.489864] SYSC_sendto+0x1e3/0x2c0 [ 56.491727] 00 [ 56.495250] SyS_sendto+0x9/0x10 [ 56.497119] 00 [ 56.501159] do_syscall_64+0x1c7/0x5b0 [ 56.503024] 00 [ 56.507076] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 56.508985] 00 [ 56.512777] [ 56.514646] 00 [ 56.518254] Freed by task 6859: [ 56.520124] fc [ 56.523905] save_stack_trace+0x16/0x20 [ 56.525769] ff [ 56.529139] save_stack+0x43/0xd0 [ 56.531092] df [ 56.534988] kasan_slab_free+0x71/0xc0 [ 56.536850] 4d [ 56.542022] kfree+0xcc/0x270 [ 56.544008] 8b [ 56.545621] tls_push_record+0xd32/0x14c0 [ 56.547484] 64 [ 56.550739] tls_sw_sendmsg+0x90b/0x10a0 [ 56.552604] 24 [ 56.556567] inet_sendmsg+0x108/0x440 [ 56.558436] 38 [ 56.561870] sock_sendmsg+0xb5/0xf0 [ 56.564171] 49 [ 56.568072] SYSC_sendto+0x1e3/0x2c0 [ 56.568077] SyS_sendto+0x9/0x10 [ 56.569946] 8d [ 56.573098] do_syscall_64+0x1c7/0x5b0 [ 56.574969] 7c 24 [ 56.579104] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 56.581043] c8 [ 56.585093] [ 56.586967] 48 [ 56.590752] The buggy address belongs to the object at ffff88809a598000 [ 56.590752] which belongs to the cache kmalloc-256 of size 256 [ 56.592620] 89 [ 56.596232] The buggy address is located 88 bytes inside of [ 56.596232] 256-byte region [ffff88809a598000, ffff88809a598100) [ 56.598115] fa [ 56.601805] The buggy address belongs to the page: [ 56.605161] 48 [ 56.607028] page:ffffea0002696600 count:1 mapcount:0 mapping:ffff88809a598000 index:0xffff88809a5983c0 [ 56.610888] c1 [ 56.618371] ea [ 56.620351] flags: 0x1fffc0000000100(slab) [ 56.620357] raw: 01fffc0000000100 ffff88809a598000 ffff88809a5983c0 0000000100000009 [ 56.621970] 03 [ 56.623838] raw: ffffea00023faca0 ffff8880aa801638 ffff8880aa8007c0 0000000000000000 [ 56.636491] 80 [ 56.638375] page dumped because: kasan: bad access detected [ 56.650192] 3c 02 [ 56.652073] [ 56.656978] 00 [ 56.658844] Memory state around the buggy address: [ 56.668387] 75 [ 56.670260] ffff88809a597f00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 56.672129] 5a [ 56.676359] ffff88809a597f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 56.684222] 4c [ 56.686201] >ffff88809a598000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.694073] 89 [ 56.696069] ^ [ 56.701867] ef [ 56.704002] ffff88809a598080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.705604] <41> [ 56.707477] ffff88809a598100: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 56.712387] ff [ 56.714261] ================================================================== [ 56.721605] 54 [ 56.723531] Kernel panic - not syncing: panic_on_warn set ... [ 56.723531] [ 56.730927] 24 c8 48 8d 7b 1c 48 ba 00 00 00 00 00 fc ff df 48 89 [ 56.791824] RIP: pcrypt_aead_enc+0x7b/0xf0 RSP: ffff8880a9d6fc90 [ 56.797961] CR2: ffffffffffffffc8 [ 56.801499] ---[ end trace bbe9caa8b6c39b36 ]--- [ 57.826822] Shutting down cpus with NMI [ 57.832243] Kernel Offset: disabled [ 57.835865] Rebooting in 86400 seconds..