[ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 27.797425] audit: type=1400 audit(1587037319.950:8): avc: denied { execmem } for pid=6115 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 28.043715] IPVS: ftp: loaded support on port[0] = 21 [ 29.071576] can: request_module (can-proto-0) failed. [ 29.080701] can: request_module (can-proto-0) failed. [ 29.105869] audit: type=1400 audit(1587037321.261:9): avc: denied { create } for pid=6094 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 Warning: Permanently added '10.128.0.154' (ECDSA) to the list of known hosts. 2020/04/16 11:42:08 parsed 1 programs 2020/04/16 11:42:08 executed programs: 0 [ 36.536307] audit: type=1400 audit(1587037328.697:10): avc: denied { execmem } for pid=6236 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 36.806510] IPVS: ftp: loaded support on port[0] = 21 [ 37.563267] IPVS: ftp: loaded support on port[0] = 21 [ 37.624604] chnl_net:caif_netlink_parms(): no params data found [ 37.666443] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.673079] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.680847] device bridge_slave_0 entered promiscuous mode [ 37.688132] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.694596] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.702889] device bridge_slave_1 entered promiscuous mode [ 37.703853] IPVS: ftp: loaded support on port[0] = 21 [ 37.726159] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 37.739326] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 37.766248] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 37.773400] team0: Port device team_slave_0 added [ 37.806358] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 37.813371] team0: Port device team_slave_1 added [ 37.821374] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 37.846044] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 37.858816] chnl_net:caif_netlink_parms(): no params data found [ 37.890702] IPVS: ftp: loaded support on port[0] = 21 [ 37.917909] device hsr_slave_0 entered promiscuous mode [ 37.955377] device hsr_slave_1 entered promiscuous mode [ 37.996339] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 38.021191] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 38.042178] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.049191] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.056742] device bridge_slave_0 entered promiscuous mode [ 38.086772] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.093142] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.100756] device bridge_slave_1 entered promiscuous mode [ 38.140018] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.146515] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.153379] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.160727] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.173579] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 38.182539] chnl_net:caif_netlink_parms(): no params data found [ 38.197266] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 38.227288] IPVS: ftp: loaded support on port[0] = 21 [ 38.267662] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 38.274686] team0: Port device team_slave_0 added [ 38.282281] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 38.289620] team0: Port device team_slave_1 added [ 38.319335] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 38.326837] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 38.341130] chnl_net:caif_netlink_parms(): no params data found [ 38.427927] device hsr_slave_0 entered promiscuous mode [ 38.465037] device hsr_slave_1 entered promiscuous mode [ 38.510896] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 38.540625] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 38.552518] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.559204] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.566845] device bridge_slave_0 entered promiscuous mode [ 38.573588] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.580708] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.588050] device bridge_slave_0 entered promiscuous mode [ 38.599911] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 38.606334] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.616926] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.623283] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.630660] device bridge_slave_1 entered promiscuous mode [ 38.637749] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.644105] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.652306] device bridge_slave_1 entered promiscuous mode [ 38.660865] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 38.692812] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 38.704099] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.711510] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.718858] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 38.728618] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 38.737624] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 38.746491] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 38.763344] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 38.772356] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 38.780379] IPVS: ftp: loaded support on port[0] = 21 [ 38.801493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.809258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.817942] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 38.825944] team0: Port device team_slave_0 added [ 38.833178] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 38.839673] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.853803] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 38.861410] team0: Port device team_slave_0 added [ 38.877314] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 38.884321] team0: Port device team_slave_1 added [ 38.890270] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 38.901073] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 38.910441] team0: Port device team_slave_1 added [ 38.917916] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 38.934895] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 38.942158] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 38.949622] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 39.028811] device hsr_slave_0 entered promiscuous mode [ 39.064786] device hsr_slave_1 entered promiscuous mode [ 39.106516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.114313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.122387] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.128997] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.159196] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 39.168869] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 39.206643] device hsr_slave_0 entered promiscuous mode [ 39.254696] device hsr_slave_1 entered promiscuous mode [ 39.294946] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 39.301944] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 39.317259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.324950] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.332405] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.338919] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.346590] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 39.353718] chnl_net:caif_netlink_parms(): no params data found [ 39.372362] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.380383] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 39.446821] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 39.456530] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 39.466124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 39.496035] chnl_net:caif_netlink_parms(): no params data found [ 39.509120] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 39.517948] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 39.524084] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.530619] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.538466] device bridge_slave_0 entered promiscuous mode [ 39.545832] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.552170] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.560462] device bridge_slave_1 entered promiscuous mode [ 39.574949] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 39.585709] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 39.592728] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 39.607606] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 39.616662] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 39.623787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 39.632687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 39.640132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 39.647977] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 39.655551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 39.663171] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 39.670973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 39.678839] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 39.686478] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 39.699334] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 39.716846] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 39.726215] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 39.732288] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.742119] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 39.769484] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 39.777225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 39.789218] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 39.797386] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.803757] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.811316] device bridge_slave_0 entered promiscuous mode [ 39.818345] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.825003] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.832071] device bridge_slave_1 entered promiscuous mode [ 39.843552] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 39.851577] team0: Port device team_slave_0 added [ 39.857349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.865319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 39.874623] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.880986] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.889085] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 39.897292] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 39.903323] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 39.920745] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 39.928384] team0: Port device team_slave_1 added [ 39.935681] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 39.943176] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 39.951272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 39.959445] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.965963] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.977961] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 39.986407] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 39.994631] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 40.002275] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 40.019088] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 40.029936] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 40.037364] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 40.050230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 40.063168] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 40.070693] team0: Port device team_slave_0 added [ 40.077378] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 40.084603] team0: Port device team_slave_1 added [ 40.092308] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 40.115612] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 40.148564] device hsr_slave_0 entered promiscuous mode [ 40.214558] device hsr_slave_1 entered promiscuous mode [ 40.264752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 40.274189] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 40.282510] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 40.292919] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 40.300412] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 40.307921] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 40.316381] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 40.325335] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.332535] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 40.339919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 40.347930] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 40.355781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 40.363410] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 40.371217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 40.379259] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.389046] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 40.446959] device hsr_slave_0 entered promiscuous mode [ 40.474231] device hsr_slave_1 entered promiscuous mode [ 40.524129] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 40.532285] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 40.542820] hrtimer: interrupt took 25959 ns [ 40.545799] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.553299] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 40.564375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 40.572086] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.579940] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.587070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.596008] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 40.602014] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 40.610948] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 40.618919] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 40.630979] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 40.640744] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.647517] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 40.661974] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 40.674574] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 40.686226] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 40.693384] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 40.701012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.712924] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.720918] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.727312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.736701] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 40.758605] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.769511] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 40.776976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 40.789974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.798628] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.805278] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.815015] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 40.823168] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 40.832364] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 40.841966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 40.850802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 40.861496] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 40.870626] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 40.879703] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 40.886399] 8021q: adding VLAN 0 to HW filter on device team0 [ 40.893679] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 40.902755] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 40.910973] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.918628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.927161] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 40.935243] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 40.946873] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 40.955208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.962140] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.972977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 40.984610] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 40.994046] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 41.003127] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 41.037631] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 41.049828] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 41.059577] 8021q: adding VLAN 0 to HW filter on device team0 [ 41.071655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.081206] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.091121] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.097573] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.105674] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.119001] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.126628] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.132954] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.139831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 41.147374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.155290] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 41.167784] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 41.176401] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 41.187406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 41.195330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.203006] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.210615] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.217020] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.225606] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 41.236211] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 41.243231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 41.251448] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.264029] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 41.272823] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 41.282810] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 41.290604] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.298612] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.306291] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.312643] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.319710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 41.327396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 41.335148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 41.354412] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 41.362980] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 41.373127] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 41.380088] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 41.402387] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 41.423486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 41.432986] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 41.452178] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 41.465568] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 41.479514] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.486515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 41.494345] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 41.504822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 41.518279] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 41.526385] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 41.537129] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 41.544881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 41.552482] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 41.561784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 41.570148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.577966] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 41.587727] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 41.599721] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 41.608283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.615901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.622833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 41.630633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.645043] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready 2020/04/16 11:42:13 executed programs: 10 [ 41.651127] 8021q: adding VLAN 0 to HW filter on device team0 [ 41.672125] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 41.678465] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 41.693801] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 41.702264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 41.715597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.727632] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.734018] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.747841] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 41.770694] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 41.778815] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 41.787909] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 41.796235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 41.805738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 41.881995] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.890011] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.896443] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.910420] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 41.919298] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 41.928684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 41.936931] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.945050] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 41.952596] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.961336] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 41.973443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 41.982257] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 41.991154] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 41.999081] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 42.005767] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 42.012625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 42.024943] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 42.037267] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 42.044441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 42.052017] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 42.062707] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 42.071250] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 42.078547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 42.102483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 42.113655] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 42.128099] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 42.137990] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 42.154066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.161565] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.193725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 42.201113] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.210359] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 42.218084] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 42.230929] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 42.250806] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 42.262373] 8021q: adding VLAN 0 to HW filter on device batadv0 2020/04/16 11:42:19 executed programs: 79 [ 48.803726] ================================================================== [ 48.811225] BUG: KASAN: use-after-free in __vb2_perform_fileio+0x10fd/0x12b0 [ 48.818405] Read of size 4 at addr ffff8880986ff99c by task syz-executor.5/7765 [ 48.825842] [ 48.827466] CPU: 1 PID: 7765 Comm: syz-executor.5 Not tainted 4.14.176-syzkaller #0 [ 48.835267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.844614] Call Trace: [ 48.847260] dump_stack+0xf7/0x13b [ 48.850782] ? __vb2_perform_fileio+0x10fd/0x12b0 [ 48.855602] print_address_description.cold.7+0x9/0x1c9 [ 48.860982] ? __vb2_perform_fileio+0x10fd/0x12b0 [ 48.865865] kasan_report.cold.8+0x11a/0x2d3 [ 48.870270] __asan_report_load4_noabort+0x14/0x20 [ 48.875226] __vb2_perform_fileio+0x10fd/0x12b0 [ 48.879890] ? vb2_core_poll+0x730/0x730 [ 48.883943] vb2_read+0xf/0x20 [ 48.887124] vb2_fop_read+0x1b6/0x390 [ 48.890916] ? vb2_fop_write+0x390/0x390 [ 48.894960] v4l2_read+0x133/0x240 [ 48.898482] do_iter_read+0x35e/0x570 [ 48.902266] vfs_readv+0xb6/0x110 [ 48.905704] ? find_held_lock+0x36/0x1d0 [ 48.909896] ? compat_rw_copy_check_uvector+0x310/0x310 [ 48.915260] ? __fget+0x1ad/0x2f0 [ 48.918702] ? __fget_light+0x166/0x200 [ 48.922663] do_preadv+0x158/0x250 [ 48.926186] ? do_readv+0x320/0x320 [ 48.929793] ? do_syscall_64+0x4c/0x5b0 [ 48.933800] ? SyS_writev+0x10/0x10 [ 48.937412] SyS_preadv+0xc/0x10 [ 48.940760] do_syscall_64+0x1c7/0x5b0 [ 48.944624] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.949574] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 48.954744] RIP: 0033:0x459a29 [ 48.957912] RSP: 002b:00007f29c513bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 48.965597] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459a29 [ 48.972976] RDX: 0000000000000006 RSI: 00000000200018c0 RDI: 0000000000000004 [ 48.980234] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 48.987485] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f29c513c6d4 [ 48.994852] R13: 00000000004c6d3d R14: 00000000004dc0b8 R15: 00000000ffffffff [ 49.002116] [ 49.003723] Allocated by task 7764: [ 49.007339] save_stack_trace+0x16/0x20 [ 49.011303] save_stack+0x43/0xd0 [ 49.014747] kasan_kmalloc+0xc7/0xe0 [ 49.018444] kmem_cache_alloc_trace+0x152/0x7a0 [ 49.023091] __vb2_init_fileio+0x160/0xaf0 [ 49.027303] __vb2_perform_fileio+0xa9f/0x12b0 [ 49.031866] vb2_read+0xf/0x20 [ 49.035032] vb2_fop_read+0x1b6/0x390 [ 49.038821] v4l2_read+0x133/0x240 [ 49.042352] do_iter_read+0x35e/0x570 [ 49.046129] vfs_readv+0xb6/0x110 [ 49.049663] do_preadv+0x158/0x250 [ 49.053270] SyS_preadv+0xc/0x10 [ 49.057745] do_syscall_64+0x1c7/0x5b0 [ 49.061623] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 49.066811] [ 49.068430] Freed by task 7779: [ 49.071701] save_stack_trace+0x16/0x20 [ 49.075667] save_stack+0x43/0xd0 [ 49.079101] kasan_slab_free+0x71/0xc0 [ 49.082963] kfree+0xcc/0x270 [ 49.086048] __vb2_cleanup_fileio+0xee/0x140 [ 49.090433] vb2_core_queue_release+0xf/0x70 [ 49.094822] _vb2_fop_release+0x1ac/0x280 [ 49.098984] vb2_fop_release+0x66/0xd0 [ 49.102847] vivid_fop_release+0x15f/0x3a0 [ 49.107067] v4l2_release+0xeb/0x1a0 [ 49.110774] __fput+0x232/0x750 [ 49.114030] ____fput+0x9/0x10 [ 49.117196] task_work_run+0xe5/0x170 [ 49.120986] get_signal+0x148c/0x1b30 [ 49.124774] do_signal+0x7f/0x19a0 [ 49.128300] exit_to_usermode_loop+0x114/0x1b0 [ 49.132916] do_syscall_64+0x416/0x5b0 [ 49.136786] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 49.141954] [ 49.143569] The buggy address belongs to the object at ffff8880986ff680 [ 49.143569] which belongs to the cache kmalloc-1024 of size 1024 [ 49.156427] The buggy address is located 796 bytes inside of [ 49.156427] 1024-byte region [ffff8880986ff680, ffff8880986ffa80) [ 49.168384] The buggy address belongs to the page: [ 49.173301] page:ffffea000261bf80 count:1 mapcount:0 mapping:ffff8880986fe000 index:0xffff8880986fe900 compound_mapcount: 0 [ 49.184568] flags: 0x1fffc0000008100(slab|head) [ 49.189398] raw: 01fffc0000008100 ffff8880986fe000 ffff8880986fe900 0000000100000004 [ 49.197280] raw: ffffea00026167a0 ffffea0002225ba0 ffff8880aa800ac0 0000000000000000 [ 49.205595] page dumped because: kasan: bad access detected [ 49.211283] [ 49.212900] Memory state around the buggy address: [ 49.217822] ffff8880986ff880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.225170] ffff8880986ff900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.232510] >ffff8880986ff980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.239988] ^ [ 49.244122] ffff8880986ffa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.251469] ffff8880986ffa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 49.258835] ================================================================== [ 49.266171] Disabling lock debugging due to kernel taint [ 49.276148] Kernel panic - not syncing: panic_on_warn set ... [ 49.276148] [ 49.283526] CPU: 0 PID: 7765 Comm: syz-executor.5 Tainted: G B 4.14.176-syzkaller #0 [ 49.292528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.301871] Call Trace: [ 49.304436] dump_stack+0xf7/0x13b [ 49.307959] ? __vb2_perform_fileio+0x10fd/0x12b0 [ 49.312774] panic+0x1b0/0x358 [ 49.315942] ? add_taint.cold.5+0x11/0x11 [ 49.320064] ? ___preempt_schedule+0x16/0x18 [ 49.324448] ? __vb2_perform_fileio+0x10fd/0x12b0 [ 49.329323] kasan_end_report+0x47/0x4f [ 49.333274] kasan_report.cold.8+0x76/0x2d3 [ 49.337687] __asan_report_load4_noabort+0x14/0x20 [ 49.342677] __vb2_perform_fileio+0x10fd/0x12b0 [ 49.347320] ? vb2_core_poll+0x730/0x730 [ 49.351354] vb2_read+0xf/0x20 [ 49.354527] vb2_fop_read+0x1b6/0x390 [ 49.358309] ? vb2_fop_write+0x390/0x390 [ 49.362351] v4l2_read+0x133/0x240 [ 49.365872] do_iter_read+0x35e/0x570 [ 49.369654] vfs_readv+0xb6/0x110 [ 49.373081] ? find_held_lock+0x36/0x1d0 [ 49.377115] ? compat_rw_copy_check_uvector+0x310/0x310 [ 49.382452] ? __fget+0x1ad/0x2f0 [ 49.385883] ? __fget_light+0x166/0x200 [ 49.389860] do_preadv+0x158/0x250 [ 49.393374] ? do_readv+0x320/0x320 [ 49.396977] ? do_syscall_64+0x4c/0x5b0 [ 49.400980] ? SyS_writev+0x10/0x10 [ 49.404580] SyS_preadv+0xc/0x10 [ 49.407923] do_syscall_64+0x1c7/0x5b0 [ 49.411783] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 49.416606] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 49.421768] RIP: 0033:0x459a29 [ 49.424931] RSP: 002b:00007f29c513bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 49.432612] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459a29 [ 49.439861] RDX: 0000000000000006 RSI: 00000000200018c0 RDI: 0000000000000004 [ 49.447112] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 49.454365] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f29c513c6d4 [ 49.461614] R13: 00000000004c6d3d R14: 00000000004dc0b8 R15: 00000000ffffffff [ 49.470446] Kernel Offset: disabled [ 49.474104] Rebooting in 86400 seconds..