[ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 30.169116] audit: type=1400 audit(1589274672.955:8): avc: denied { execmem } for pid=5977 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 30.442350] IPVS: ftp: loaded support on port[0] = 21 [ 31.593515] can: request_module (can-proto-0) failed. [ 31.602441] can: request_module (can-proto-0) failed. [ 31.629060] audit: type=1400 audit(1589274674.416:9): avc: denied { create } for pid=5953 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 Warning: Permanently added '10.128.10.35' (ECDSA) to the list of known hosts. 2020/05/12 09:11:22 parsed 1 programs 2020/05/12 09:11:23 executed programs: 0 [ 40.305210] audit: type=1400 audit(1589274683.101:10): avc: denied { execmem } for pid=6095 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 40.595520] IPVS: ftp: loaded support on port[0] = 21 [ 41.334038] IPVS: ftp: loaded support on port[0] = 21 [ 41.399524] chnl_net:caif_netlink_parms(): no params data found [ 41.455982] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.462676] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.470354] device bridge_slave_0 entered promiscuous mode [ 41.495538] IPVS: ftp: loaded support on port[0] = 21 [ 41.503921] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.516951] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.524011] device bridge_slave_1 entered promiscuous mode [ 41.538855] chnl_net:caif_netlink_parms(): no params data found [ 41.569913] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 41.587943] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 41.615329] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 41.623608] team0: Port device team_slave_0 added [ 41.636600] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 41.645623] team0: Port device team_slave_1 added [ 41.650841] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.658988] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.666519] device bridge_slave_0 entered promiscuous mode [ 41.677664] IPVS: ftp: loaded support on port[0] = 21 [ 41.684862] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 41.692183] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 41.701085] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.707755] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.715967] device bridge_slave_1 entered promiscuous mode [ 41.787269] device hsr_slave_0 entered promiscuous mode [ 41.834575] device hsr_slave_1 entered promiscuous mode [ 41.875573] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 41.883386] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 41.898841] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 41.906751] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 41.969758] chnl_net:caif_netlink_parms(): no params data found [ 41.993665] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 42.001465] team0: Port device team_slave_0 added [ 42.021467] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.028534] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.037539] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.043895] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.052559] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 42.061286] team0: Port device team_slave_1 added [ 42.069431] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 42.082922] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.089597] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.096653] device bridge_slave_0 entered promiscuous mode [ 42.103172] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.110794] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.119734] device bridge_slave_1 entered promiscuous mode [ 42.133184] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 42.155103] IPVS: ftp: loaded support on port[0] = 21 [ 42.157997] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.189126] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.256810] device hsr_slave_0 entered promiscuous mode [ 42.314323] device hsr_slave_1 entered promiscuous mode [ 42.354505] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 42.361564] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 42.425256] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 42.432384] team0: Port device team_slave_0 added [ 42.446435] chnl_net:caif_netlink_parms(): no params data found [ 42.461104] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.468134] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.478062] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 42.486407] team0: Port device team_slave_1 added [ 42.497353] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 42.518038] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 42.525777] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 42.586632] IPVS: ftp: loaded support on port[0] = 21 [ 42.597338] device hsr_slave_0 entered promiscuous mode [ 42.634189] device hsr_slave_1 entered promiscuous mode [ 42.684450] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 42.705210] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 42.729253] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.735710] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.744938] device bridge_slave_0 entered promiscuous mode [ 42.760629] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.768689] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.776977] device bridge_slave_1 entered promiscuous mode [ 42.807173] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.841304] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.879135] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.888229] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.900151] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 42.909384] chnl_net:caif_netlink_parms(): no params data found [ 42.918742] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.932733] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 42.940061] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.949058] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 42.968755] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 42.976984] team0: Port device team_slave_0 added [ 42.983287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.992794] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.000956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.008175] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.017749] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 43.024516] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.035651] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.042672] team0: Port device team_slave_1 added [ 43.054229] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.061824] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 43.078812] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 43.088621] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 43.095003] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.112936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.121173] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.129959] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.136459] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.146253] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 43.209942] chnl_net:caif_netlink_parms(): no params data found [ 43.229349] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 43.237949] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.247543] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.255349] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.262384] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.269662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.277448] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.285408] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.293293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.306975] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 43.366256] device hsr_slave_0 entered promiscuous mode [ 43.423811] device hsr_slave_1 entered promiscuous mode [ 43.464012] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 43.471401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 43.478756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 43.495156] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 43.503823] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 43.515123] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 43.523229] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 43.532177] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.538887] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.547334] device bridge_slave_0 entered promiscuous mode [ 43.554798] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.561135] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.568399] device bridge_slave_1 entered promiscuous mode [ 43.575222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.583096] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.591772] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.598258] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.613715] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.627168] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 43.636067] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 43.657244] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.665696] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 43.672684] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.688380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 43.698139] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.706997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 43.717218] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 43.737642] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.744986] team0: Port device team_slave_0 added [ 43.757763] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 43.765109] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 43.772652] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.782429] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 43.794825] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.801934] team0: Port device team_slave_1 added [ 43.809883] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 43.816685] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.823020] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.833037] device bridge_slave_0 entered promiscuous mode [ 43.839990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 43.848339] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 43.858166] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 43.866343] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 43.876528] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 43.885058] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.894162] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 43.900296] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.909589] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.917504] device bridge_slave_1 entered promiscuous mode [ 43.924007] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 43.931446] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.944694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 43.952100] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.960935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 43.969103] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.977758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 43.985767] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.993824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.000593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.008246] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 44.016587] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.038405] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 44.046047] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.064365] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 44.070504] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 44.080712] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 44.116862] device hsr_slave_0 entered promiscuous mode [ 44.163617] device hsr_slave_1 entered promiscuous mode [ 44.223840] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.231807] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 44.242523] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 44.251092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.259568] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.269164] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 44.280436] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.288699] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.302077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.310708] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.318739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.326988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.335735] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.342073] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.349505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 44.358735] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 44.365527] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 44.388543] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 44.396132] team0: Port device team_slave_0 added [ 44.402595] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.417984] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 44.425430] team0: Port device team_slave_1 added [ 44.431032] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 44.442052] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 44.450078] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 44.463580] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.471752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.480466] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.488707] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.495205] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.504227] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 44.514779] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 44.529421] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 44.539063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 44.549645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 44.558810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.615718] device hsr_slave_0 entered promiscuous mode [ 44.665480] device hsr_slave_1 entered promiscuous mode [ 44.706840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.720458] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.729247] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 44.737195] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.745237] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.763674] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 44.771322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 44.782686] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.791235] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 44.803313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.809582] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 44.817184] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 44.825564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 44.836169] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 44.845072] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 44.859069] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.866904] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.875147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.882144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.889708] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.898949] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 44.905917] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.916087] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.924497] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.942222] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 44.963026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.975230] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.990974] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 45.004565] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.010951] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.024409] ================================================================== [ 45.025860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.031899] BUG: KASAN: use-after-free in padata_parallel_worker+0x37a/0x420 [ 45.031906] Write of size 8 at addr ffff8880938d2b98 by task kworker/0:2/3989 [ 45.031908] [ 45.031914] CPU: 0 PID: 3989 Comm: kworker/0:2 Not tainted 4.14.180-syzkaller #0 [ 45.031918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.040060] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.046174] Workqueue: pencrypt padata_parallel_worker [ 45.046180] Call Trace: [ 45.046196] dump_stack+0xf7/0x13b [ 45.046202] ? padata_parallel_worker+0x37a/0x420 [ 45.046210] print_address_description.cold.7+0x9/0x1c9 [ 45.046214] ? padata_parallel_worker+0x37a/0x420 [ 45.046220] kasan_report.cold.8+0x11a/0x2d3 [ 45.046226] __asan_report_store8_noabort+0x17/0x20 [ 45.046230] padata_parallel_worker+0x37a/0x420 [ 45.046236] ? padata_sysfs_store+0xa0/0xa0 [ 45.046247] process_one_work+0x79e/0x16c0 [ 45.046257] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 45.046267] worker_thread+0xcc/0xee0 [ 45.046279] kthread+0x338/0x400 [ 45.046283] ? process_one_work+0x16c0/0x16c0 [ 45.046288] ? kthread_create_on_node+0xa0/0xa0 [ 45.055800] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 45.062692] ret_from_fork+0x24/0x30 [ 45.162386] [ 45.163995] Allocated by task 6992: [ 45.167609] save_stack_trace+0x16/0x20 [ 45.171560] save_stack+0x43/0xd0 [ 45.174987] kasan_kmalloc+0xc7/0xe0 [ 45.178676] __kmalloc+0x15b/0x7b0 [ 45.182211] tls_push_record+0xf6/0x14c0 [ 45.186251] tls_sw_sendmsg+0x90b/0x10a0 [ 45.190288] inet_sendmsg+0x108/0x440 [ 45.194069] sock_sendmsg+0xb5/0xf0 [ 45.197668] SYSC_sendto+0x1e3/0x2c0 [ 45.201361] SyS_sendto+0x9/0x10 [ 45.204704] do_syscall_64+0x1c7/0x5b0 [ 45.208566] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.213731] [ 45.215335] Freed by task 6992: [ 45.218589] save_stack_trace+0x16/0x20 [ 45.223059] save_stack+0x43/0xd0 [ 45.226509] kasan_slab_free+0x71/0xc0 [ 45.230371] kfree+0xcc/0x270 [ 45.233470] tls_push_record+0xd32/0x14c0 [ 45.237591] tls_sw_sendmsg+0x90b/0x10a0 [ 45.241626] inet_sendmsg+0x108/0x440 [ 45.245402] sock_sendmsg+0xb5/0xf0 [ 45.249003] SYSC_sendto+0x1e3/0x2c0 [ 45.252691] SyS_sendto+0x9/0x10 [ 45.256038] do_syscall_64+0x1c7/0x5b0 [ 45.259909] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.265071] [ 45.266678] The buggy address belongs to the object at ffff8880938d2b40 [ 45.266678] which belongs to the cache kmalloc-256 of size 256 [ 45.279312] The buggy address is located 88 bytes inside of [ 45.279312] 256-byte region [ffff8880938d2b40, ffff8880938d2c40) [ 45.291083] The buggy address belongs to the page: [ 45.296090] page:ffffea00024e3480 count:1 mapcount:0 mapping:ffff8880938d2000 index:0x0 [ 45.304233] flags: 0x1fffc0000000100(slab) [ 45.308460] raw: 01fffc0000000100 ffff8880938d2000 0000000000000000 000000010000000c [ 45.316317] raw: ffffea0002437860 ffffea00024ad2e0 ffff8880aa8007c0 0000000000000000 [ 45.324178] page dumped because: kasan: bad access detected [ 45.329861] [ 45.331487] Memory state around the buggy address: [ 45.336390] ffff8880938d2a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.343724] ffff8880938d2b00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 45.351304] >ffff8880938d2b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.358645] ^ [ 45.362769] ffff8880938d2c00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 45.370115] ffff8880938d2c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 45.377448] ================================================================== [ 45.384781] Disabling lock debugging due to kernel taint [ 45.390301] Kernel panic - not syncing: panic_on_warn set ... [ 45.390301] [ 45.392518] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.397676] CPU: 0 PID: 3989 Comm: kworker/0:2 Tainted: G B 4.14.180-syzkaller #0 [ 45.397678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.397696] Workqueue: pencrypt padata_parallel_worker [ 45.397699] Call Trace: [ 45.397708] dump_stack+0xf7/0x13b [ 45.397712] ? padata_parallel_worker+0x37a/0x420 [ 45.397716] panic+0x1b0/0x358 [ 45.397720] ? add_taint.cold.5+0x11/0x11 [ 45.397728] ? padata_parallel_worker+0x37a/0x420 [ 45.397733] kasan_end_report+0x47/0x4f [ 45.397737] kasan_report.cold.8+0x76/0x2d3 [ 45.397742] __asan_report_store8_noabort+0x17/0x20 [ 45.397746] padata_parallel_worker+0x37a/0x420 [ 45.397750] ? padata_sysfs_store+0xa0/0xa0 [ 45.397758] process_one_work+0x79e/0x16c0 [ 45.397764] ? pwq_dec_nr_in_flight+0x2b0/0x2b0 [ 45.397771] worker_thread+0xcc/0xee0 [ 45.397779] kthread+0x338/0x400 [ 45.397782] ? process_one_work+0x16c0/0x16c0 [ 45.397784] ? kthread_create_on_node+0xa0/0xa0 [ 45.397788] ret_from_fork+0x24/0x30 [ 45.399269] Kernel Offset: disabled [ 45.508258] Rebooting in 86400 seconds..