[ 43.110926] audit: type=1400 audit(1580676937.112:40): avc: denied { create } for pid=7015 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 43.447938] random: sshd: uninitialized urandom read (32 bytes read) [ 44.228332] random: sshd: uninitialized urandom read (32 bytes read) [ 44.436602] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.185' (ECDSA) to the list of known hosts. 2020/02/02 20:55:45 parsed 1 programs 2020/02/02 20:55:45 executed programs: 0 [ 51.581004] IPVS: ftp: loaded support on port[0] = 21 [ 52.337868] IPVS: ftp: loaded support on port[0] = 21 [ 52.385882] chnl_net:caif_netlink_parms(): no params data found [ 52.427486] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.434351] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.441627] device bridge_slave_0 entered promiscuous mode [ 52.449103] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.455648] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.463239] device bridge_slave_1 entered promiscuous mode [ 52.463542] IPVS: ftp: loaded support on port[0] = 21 [ 52.495520] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.505973] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.539764] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 52.547416] team0: Port device team_slave_0 added [ 52.567936] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.575155] team0: Port device team_slave_1 added [ 52.587038] chnl_net:caif_netlink_parms(): no params data found [ 52.595413] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.604726] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.662077] IPVS: ftp: loaded support on port[0] = 21 [ 52.683094] device hsr_slave_0 entered promiscuous mode [ 52.720438] device hsr_slave_1 entered promiscuous mode [ 52.799133] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 52.812822] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.827832] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.834365] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.841974] device bridge_slave_0 entered promiscuous mode [ 52.850861] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.857257] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.864578] device bridge_slave_1 entered promiscuous mode [ 52.899032] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.935974] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.955316] chnl_net:caif_netlink_parms(): no params data found [ 52.974764] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 52.982743] team0: Port device team_slave_0 added [ 52.983589] IPVS: ftp: loaded support on port[0] = 21 [ 52.988488] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.000119] team0: Port device team_slave_1 added [ 53.005836] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.012388] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.019525] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.025982] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.045076] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.052754] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 53.104402] device hsr_slave_0 entered promiscuous mode [ 53.140534] device hsr_slave_1 entered promiscuous mode [ 53.200901] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 53.208499] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 53.231584] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.238068] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.245259] device bridge_slave_0 entered promiscuous mode [ 53.258428] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.265027] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.272198] device bridge_slave_1 entered promiscuous mode [ 53.307318] chnl_net:caif_netlink_parms(): no params data found [ 53.328792] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.350184] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.400587] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.407089] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.413912] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.420563] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.437384] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.444030] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.451381] device bridge_slave_0 entered promiscuous mode [ 53.458515] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.458996] IPVS: ftp: loaded support on port[0] = 21 [ 53.465033] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.477648] device bridge_slave_1 entered promiscuous mode [ 53.484250] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.492199] team0: Port device team_slave_0 added [ 53.498174] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.505252] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.514807] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.521780] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.554226] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.561748] team0: Port device team_slave_1 added [ 53.567900] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.578871] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.626965] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 53.664288] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.675559] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.732545] device hsr_slave_0 entered promiscuous mode [ 53.790342] device hsr_slave_1 entered promiscuous mode [ 53.841511] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.852045] chnl_net:caif_netlink_parms(): no params data found [ 53.860144] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 53.869332] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 53.877297] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.886730] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 53.893067] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.902417] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 53.912089] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.934974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.943165] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.950232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.957974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.965726] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.972255] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.981547] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.989449] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.001482] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.008630] team0: Port device team_slave_0 added [ 54.014615] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.021999] team0: Port device team_slave_1 added [ 54.037596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.045929] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.053852] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.060446] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.080265] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.087081] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 54.096663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.103689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.110765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.118671] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.127210] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.216223] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.222781] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.229717] device bridge_slave_0 entered promiscuous mode [ 54.237223] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.243841] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.251615] device bridge_slave_1 entered promiscuous mode [ 54.258758] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 54.265125] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.276150] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.282745] chnl_net:caif_netlink_parms(): no params data found [ 54.298973] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 54.313099] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 54.362728] device hsr_slave_0 entered promiscuous mode [ 54.400556] device hsr_slave_1 entered promiscuous mode [ 54.440442] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.448401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.458816] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.466566] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.473196] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.483186] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 54.496770] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.509644] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.525365] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 54.533188] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.540942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.548759] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.556841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.564818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.572655] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.579147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.586121] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.606284] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 54.614019] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.631055] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.639296] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.646982] team0: Port device team_slave_0 added [ 54.653677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.662369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.671120] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.698000] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.705980] team0: Port device team_slave_1 added [ 54.713132] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 54.723766] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.730428] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.737629] device bridge_slave_0 entered promiscuous mode [ 54.745375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.753726] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.763093] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.772229] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 54.780550] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 54.790569] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 54.797616] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.804753] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.812516] device bridge_slave_1 entered promiscuous mode [ 54.830792] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.838614] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.856568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.864592] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.872554] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.882296] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.889831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.901298] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.909401] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.919153] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 54.927643] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.936116] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.992712] device hsr_slave_0 entered promiscuous mode [ 55.030513] device hsr_slave_1 entered promiscuous mode [ 55.071014] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.092894] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.102153] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 55.113852] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.121565] team0: Port device team_slave_0 added [ 55.128003] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.135496] team0: Port device team_slave_1 added [ 55.142827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.150809] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.161738] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 55.172611] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.182863] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.193291] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.200976] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.208931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.217297] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.225031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.232049] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.240195] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 55.248469] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.258002] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 55.266794] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.281779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.289495] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.298358] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 55.304923] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.314873] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.321492] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.330114] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.343338] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.393379] device hsr_slave_0 entered promiscuous mode [ 55.431377] device hsr_slave_1 entered promiscuous mode [ 55.470768] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.478040] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.487452] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.494300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.503167] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.511082] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.517474] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.524729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.533006] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.540963] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.547319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.554902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.564811] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 55.575313] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 55.589984] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 55.606078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.616210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.624360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.632713] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.640834] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.656201] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 55.669983] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.683281] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 55.695386] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.706709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.715722] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.725799] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 55.742406] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.755035] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.762783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.773140] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 55.785993] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.793927] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.801721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.809318] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.817392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.824672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.840458] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 55.846524] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.857054] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.870968] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.886787] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 55.915507] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.926415] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.939470] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.951577] ================================================================== [ 55.959299] BUG: KASAN: use-after-free in _copy_to_user+0x84/0xb0 [ 55.963128] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.965580] Read of size 924 at addr ffff8880783ffff3 by task syz-executor.2/7144 [ 55.979372] [ 55.981007] CPU: 0 PID: 7144 Comm: syz-executor.2 Not tainted 4.14.169-syzkaller #0 [ 55.988927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.998325] Call Trace: [ 56.000935] dump_stack+0xf7/0x13b [ 56.004489] ? _copy_to_user+0x84/0xb0 [ 56.008384] print_address_description.cold.7+0x9/0x1c9 [ 56.013968] ? _copy_to_user+0x84/0xb0 [ 56.017854] kasan_report.cold.8+0x11a/0x2d3 [ 56.022262] check_memory_region+0x13e/0x1b0 [ 56.026798] kasan_check_read+0x11/0x20 [ 56.030817] _copy_to_user+0x84/0xb0 [ 56.034548] bpf_test_finish.isra.5+0xd5/0x170 [ 56.039124] ? bpf_test_run+0x2d0/0x2d0 [ 56.043193] ? kvm_clock_read+0x23/0x40 [ 56.047170] ? kvm_clock_get_cycles+0x9/0x10 [ 56.051585] ? ktime_get+0x13c/0x240 [ 56.055304] ? bpf_test_run+0x210/0x2d0 [ 56.059390] ? eth_gro_receive+0x880/0x880 [ 56.063750] bpf_prog_test_run_skb+0x66d/0xbc0 [ 56.068351] ? bpf_test_init.isra.6+0xa0/0xa0 [ 56.072864] ? __bpf_prog_get+0x128/0x170 [ 56.077250] SyS_bpf+0x97e/0x28d3 [ 56.080716] ? bpf_prog_get+0x10/0x10 [ 56.084512] ? kasan_check_read+0x11/0x20 [ 56.088774] ? _copy_to_user+0x91/0xb0 [ 56.092664] ? put_timespec64+0xa4/0xf0 [ 56.096770] ? nsecs_to_jiffies+0x20/0x20 [ 56.100913] ? SyS_clock_gettime+0x115/0x160 [ 56.105328] ? do_syscall_64+0x4c/0x5b0 [ 56.109292] ? bpf_prog_get+0x10/0x10 [ 56.113090] do_syscall_64+0x1c7/0x5b0 [ 56.117076] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.121930] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 56.127337] RIP: 0033:0x459829 [ 56.130523] RSP: 002b:00007fec6b9aec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 56.138234] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 56.145659] RDX: 0000000000000028 RSI: 0000000020000140 RDI: 000000000000000a [ 56.153021] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 56.160691] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fec6b9af6d4 [ 56.167963] R13: 00000000004bfb92 R14: 00000000004d1758 R15: 00000000ffffffff [ 56.175239] [ 56.176852] The buggy address belongs to the page: [ 56.181782] page:ffffea0001e0ffc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 56.189930] flags: 0x1fffc0000000000() [ 56.193920] raw: 01fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 56.201825] raw: ffffea0001e0ffe0 ffffea0001e0ffe0 0000000000000000 0000000000000000 [ 56.209819] page dumped because: kasan: bad access detected [ 56.215529] [ 56.217146] Memory state around the buggy address: [ 56.222072] ffff8880783ffe80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.229551] ffff8880783fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.236997] >ffff8880783fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.244347] ^ [ 56.251365] ffff888078400000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.258865] ffff888078400080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 56.266222] ================================================================== [ 56.273679] Disabling lock debugging due to kernel taint [ 56.281477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.289161] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.291590] Kernel panic - not syncing: panic_on_warn set ... [ 56.291590] [ 56.297218] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.303811] CPU: 1 PID: 7144 Comm: syz-executor.2 Tainted: G B 4.14.169-syzkaller #0 [ 56.303814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.303816] Call Trace: [ 56.303829] dump_stack+0xf7/0x13b [ 56.303837] ? _copy_to_user+0x84/0xb0 [ 56.303843] panic+0x1b0/0x358 [ 56.303848] ? add_taint.cold.5+0x11/0x11 [ 56.310274] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.319237] ? ___preempt_schedule+0x16/0x18 [ 56.329615] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.331195] ? _copy_to_user+0x84/0xb0 [ 56.331203] kasan_end_report+0x47/0x4f [ 56.331208] kasan_report.cold.8+0x76/0x2d3 [ 56.339420] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.341834] check_memory_region+0x13e/0x1b0 [ 56.341839] kasan_check_read+0x11/0x20 [ 56.341845] _copy_to_user+0x84/0xb0 [ 56.341852] bpf_test_finish.isra.5+0xd5/0x170 [ 56.341863] ? bpf_test_run+0x2d0/0x2d0 [ 56.341868] ? kvm_clock_read+0x23/0x40 [ 56.341871] ? kvm_clock_get_cycles+0x9/0x10 [ 56.341911] ? ktime_get+0x13c/0x240 [ 56.349124] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.352784] ? bpf_test_run+0x210/0x2d0 [ 56.352790] ? eth_gro_receive+0x880/0x880 [ 56.352796] bpf_prog_test_run_skb+0x66d/0xbc0 [ 56.352802] ? bpf_test_init.isra.6+0xa0/0xa0 [ 56.352808] ? __bpf_prog_get+0x128/0x170 [ 56.352820] SyS_bpf+0x97e/0x28d3 [ 56.359483] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.363907] ? bpf_prog_get+0x10/0x10 [ 56.363914] ? kasan_check_read+0x11/0x20 [ 56.363920] ? _copy_to_user+0x91/0xb0 [ 56.363927] ? put_timespec64+0xa4/0xf0 [ 56.363931] ? nsecs_to_jiffies+0x20/0x20 [ 56.363939] ? SyS_clock_gettime+0x115/0x160 [ 56.368063] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.371904] ? do_syscall_64+0x4c/0x5b0 [ 56.371911] ? bpf_prog_get+0x10/0x10 [ 56.371915] do_syscall_64+0x1c7/0x5b0 [ 56.371920] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.371931] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 56.378071] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.382329] RIP: 0033:0x459829 [ 56.382332] RSP: 002b:00007fec6b9aec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 56.382336] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 56.382338] RDX: 0000000000000028 RSI: 0000000020000140 RDI: 000000000000000a [ 56.382340] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 56.382342] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fec6b9af6d4 [ 56.382344] R13: 00000000004bfb92 R14: 00000000004d1758 R15: 00000000ffffffff [ 56.388512] Kernel Offset: disabled [ 56.565417] Rebooting in 86400 seconds..