[ 43.210814] audit: type=1400 audit(1584261526.478:39): avc: denied { create } for pid=6833 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 43.507716] random: sshd: uninitialized urandom read (32 bytes read) [ 44.263162] random: sshd: uninitialized urandom read (32 bytes read) [ 44.439672] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.112' (ECDSA) to the list of known hosts. 2020/03/15 08:38:54 parsed 1 programs 2020/03/15 08:38:54 executed programs: 0 [ 51.213086] audit: type=1400 audit(1584261534.528:40): avc: denied { map } for pid=6904 comm="syz-execprog" path="/root/syzkaller-shm137164515" dev="sda1" ino=16490 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 51.277521] IPVS: ftp: loaded support on port[0] = 21 [ 52.007589] IPVS: ftp: loaded support on port[0] = 21 [ 52.053097] chnl_net:caif_netlink_parms(): no params data found [ 52.093826] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.101011] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.108111] device bridge_slave_0 entered promiscuous mode [ 52.116500] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.123411] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.131311] IPVS: ftp: loaded support on port[0] = 21 [ 52.131389] device bridge_slave_1 entered promiscuous mode [ 52.162384] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.199272] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.225342] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 52.232815] team0: Port device team_slave_0 added [ 52.240833] chnl_net:caif_netlink_parms(): no params data found [ 52.250918] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.258076] team0: Port device team_slave_1 added [ 52.263397] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.280843] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.351742] IPVS: ftp: loaded support on port[0] = 21 [ 52.354284] device hsr_slave_0 entered promiscuous mode [ 52.440356] device hsr_slave_1 entered promiscuous mode [ 52.499040] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 52.507777] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.518249] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.524908] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.532194] device bridge_slave_0 entered promiscuous mode [ 52.542978] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.549337] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.557668] device bridge_slave_1 entered promiscuous mode [ 52.578304] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.606806] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.637496] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 52.644616] team0: Port device team_slave_0 added [ 52.650391] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.657470] team0: Port device team_slave_1 added [ 52.664577] chnl_net:caif_netlink_parms(): no params data found [ 52.665584] IPVS: ftp: loaded support on port[0] = 21 [ 52.683100] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.689554] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.696496] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.702981] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.716320] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.724013] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.782351] device hsr_slave_0 entered promiscuous mode [ 52.820311] device hsr_slave_1 entered promiscuous mode [ 52.880757] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 52.906882] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.924804] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.931923] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.939016] device bridge_slave_0 entered promiscuous mode [ 52.948433] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.955473] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.962612] device bridge_slave_1 entered promiscuous mode [ 52.983126] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.989660] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.996423] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.003077] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.024030] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.052852] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.061628] IPVS: ftp: loaded support on port[0] = 21 [ 53.080460] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.087757] team0: Port device team_slave_0 added [ 53.113716] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 53.119805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.128953] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.137145] team0: Port device team_slave_1 added [ 53.142532] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.191420] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.198571] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.205654] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 53.213565] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.220216] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.229648] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.237939] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 53.264870] chnl_net:caif_netlink_parms(): no params data found [ 53.322405] device hsr_slave_0 entered promiscuous mode [ 53.371814] device hsr_slave_1 entered promiscuous mode [ 53.412972] chnl_net:caif_netlink_parms(): no params data found [ 53.422980] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.436254] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 53.442501] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.448796] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 53.458825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.465798] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.487378] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 53.525250] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 53.536315] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.549442] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.556077] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.563446] device bridge_slave_0 entered promiscuous mode [ 53.570467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.578138] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.586261] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.592882] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.601889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.609845] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.617486] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.624013] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.638897] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.645682] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.652344] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.659383] device bridge_slave_0 entered promiscuous mode [ 53.665991] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.672796] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.679759] device bridge_slave_1 entered promiscuous mode [ 53.697086] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.703829] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.711258] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.718134] device bridge_slave_1 entered promiscuous mode [ 53.736000] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.786280] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.795804] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.804144] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.812905] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.822108] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.832204] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.842381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.850325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.857955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.864963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.883609] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.890795] team0: Port device team_slave_0 added [ 53.896967] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.913102] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 53.922255] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 53.928339] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.936828] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.944663] team0: Port device team_slave_1 added [ 53.950137] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.958162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.966033] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.973872] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.981547] chnl_net:caif_netlink_parms(): no params data found [ 53.999016] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.007886] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 54.016065] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.025112] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.032532] team0: Port device team_slave_0 added [ 54.037915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.045891] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.053430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.061245] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.068741] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.075119] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.091660] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 54.104310] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.113582] team0: Port device team_slave_1 added [ 54.118954] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.127315] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 54.135059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.145254] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.158623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.166746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.174648] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.181150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.192338] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 54.207604] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.217953] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 54.226429] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.233580] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.251839] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 54.272397] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.279844] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.287328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.332138] device hsr_slave_0 entered promiscuous mode [ 54.370342] device hsr_slave_1 entered promiscuous mode [ 54.410823] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.417970] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.483469] device hsr_slave_0 entered promiscuous mode [ 54.530529] device hsr_slave_1 entered promiscuous mode [ 54.590756] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.598958] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.607656] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.614859] device bridge_slave_0 entered promiscuous mode [ 54.622152] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.628616] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.635901] device bridge_slave_1 entered promiscuous mode [ 54.655563] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 54.662913] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.678882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.687581] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 54.697661] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.707178] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.716601] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 54.733434] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.741037] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.758851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.766995] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.776675] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.793366] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.800636] team0: Port device team_slave_0 added [ 54.805618] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.820247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.827974] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.838085] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 54.848603] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.856539] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.863624] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.871855] team0: Port device team_slave_1 added [ 54.877556] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.885112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.894092] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.903624] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 54.922076] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.929798] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.937790] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.948665] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.956676] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 54.963166] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.987034] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.997152] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.003422] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.016826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.023965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.038724] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.083946] device hsr_slave_0 entered promiscuous mode [ 55.100613] device hsr_slave_1 entered promiscuous mode [ 55.130876] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.137789] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.145989] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 55.165900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.175448] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.187536] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.193985] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.204641] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.226650] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.236670] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.246054] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.257019] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.271816] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.278244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.288486] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 55.305405] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.314912] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.326683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.338626] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.350001] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.358700] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.371104] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 55.378078] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.387331] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.394714] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.404549] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.411428] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.421638] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.432197] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.438939] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.447272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.455832] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.464147] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.470666] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.478142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.491953] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.499633] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.506653] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.515103] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 55.532238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.539718] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.552377] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.563602] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.578163] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 55.586234] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 55.594740] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.601718] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.609396] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.619399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.627276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.634570] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.643241] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 55.652392] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 55.662870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.672856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.681292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.691469] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.698170] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 55.706376] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.713560] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.723479] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.733284] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.742760] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 55.753312] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 55.759360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.767880] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.774959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.785633] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.793379] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.803777] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.813447] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.823524] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.831749] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.839514] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.845939] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.853151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.861054] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.868629] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.875013] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.882327] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.895582] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.903076] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 55.913844] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 55.921720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.929169] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.936325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.944307] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.951984] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.962688] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 55.970665] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 55.979612] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 55.987418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.995379] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.003304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.013054] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 56.023539] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.029647] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.041734] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.052167] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 56.061348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.069054] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.077719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.085406] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.094020] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.102991] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 56.109615] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.118525] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 56.129029] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.139259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.147777] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.157073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.165564] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.173437] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.179830] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.188746] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 56.198890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.206121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.213790] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.222703] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.232597] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.245195] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 56.252069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.262446] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.270697] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.277071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.284633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.294612] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 56.304014] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 56.322443] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.330159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 2020/03/15 08:38:59 executed programs: 16 [ 56.344013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.358868] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.369372] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 56.379780] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 56.386739] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.395769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.405000] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.413259] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.428067] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 56.438974] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 56.449011] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.456764] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.467984] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.477560] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 56.489581] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.499896] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.515624] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 56.523017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.531520] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.540908] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 56.546949] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.563729] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 56.581476] 8021q: adding VLAN 0 to HW filter on device batadv0 2020/03/15 08:39:04 executed programs: 274 2020/03/15 08:39:09 executed programs: 641 [ 68.044834] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 [ 68.899104] l2tp_core: tunl 4: sockfd_lookup(fd=5) returned -9 2020/03/15 08:39:14 executed programs: 985 [ 74.697708] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 2020/03/15 08:39:19 executed programs: 1343 2020/03/15 08:39:24 executed programs: 1680 2020/03/15 08:39:29 executed programs: 2032 [ 89.552245] l2tp_core: tunl 4: sockfd_lookup(fd=5) returned -9 [ 90.255640] l2tp_core: tunl 4: sockfd_lookup(fd=5) returned -9 2020/03/15 08:39:34 executed programs: 2371 [ 91.410616] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 2020/03/15 08:39:39 executed programs: 2727 2020/03/15 08:39:44 executed programs: 3056 2020/03/15 08:39:49 executed programs: 3391 [ 108.114066] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 2020/03/15 08:39:54 executed programs: 3725 2020/03/15 08:39:59 executed programs: 4051 [ 118.071466] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 2020/03/15 08:40:04 executed programs: 4382 [ 122.954451] l2tp_core: tunl 4: sockfd_lookup(fd=5) returned -9 [ 125.935052] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 2020/03/15 08:40:09 executed programs: 4700 2020/03/15 08:40:14 executed programs: 5032 [ 131.949211] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 [ 134.595620] l2tp_core: tunl 4: sockfd_lookup(fd=5) returned -9 2020/03/15 08:40:19 executed programs: 5348 [ 138.598263] l2tp_core: tunl 4: sockfd_lookup(fd=5) returned -9 [ 140.398622] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 2020/03/15 08:40:24 executed programs: 5661 [ 141.645155] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 2020/03/15 08:40:29 executed programs: 5982 [ 147.512601] l2tp_core: tunl 4: sockfd_lookup(fd=5) returned -9 [ 149.518785] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 2020/03/15 08:40:34 executed programs: 6316 2020/03/15 08:40:39 executed programs: 6648 [ 159.107534] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 2020/03/15 08:40:44 executed programs: 6961 [ 162.604117] l2tp_core: tunl 4: sockfd_lookup(fd=6) returned -9 [ 163.264562] ================================================================== [ 163.272215] BUG: KASAN: use-after-free in l2tp_session_create+0x144f/0x1720 [ 163.279317] Read of size 4 at addr ffff88807b1a4518 by task syz-executor.4/3743 [ 163.288072] [ 163.289730] CPU: 1 PID: 3743 Comm: syz-executor.4 Not tainted 4.14.173-syzkaller #0 [ 163.297663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 163.307027] Call Trace: [ 163.309821] dump_stack+0xf7/0x13b [ 163.316759] ? l2tp_session_create+0x144f/0x1720 [ 163.321613] print_address_description.cold.7+0x9/0x1c9 [ 163.326997] ? l2tp_session_create+0x144f/0x1720 [ 163.331776] kasan_report.cold.8+0x11a/0x2d3 [ 163.336628] __asan_report_load4_noabort+0x14/0x20 [ 163.341566] l2tp_session_create+0x144f/0x1720 [ 163.346246] ? trace_hardirqs_on_caller+0x40c/0x580 [ 163.351537] ? l2tp_session_get+0x181/0x660 [ 163.355879] ? trace_hardirqs_on+0xd/0x10 [ 163.360041] pppol2tp_connect+0x10c1/0x1900 [ 163.364378] ? pppol2tp_seq_show+0xc40/0xc40 [ 163.368811] ? __might_fault+0xf1/0x1b0 [ 163.372793] ? lock_downgrade+0x7f0/0x7f0 [ 163.376957] ? security_socket_connect+0x6a/0xa0 [ 163.381724] SYSC_connect+0x1e3/0x2a0 [ 163.385533] ? SYSC_bind+0x210/0x210 [ 163.389263] ? _copy_to_user+0x91/0xb0 [ 163.393158] ? nsecs_to_jiffies+0x20/0x20 [ 163.397327] ? SyS_clock_gettime+0x115/0x160 [ 163.401738] ? SyS_clock_settime+0x1a0/0x1a0 [ 163.406327] ? do_syscall_64+0x4c/0x5b0 [ 163.410314] ? SyS_accept+0x10/0x10 [ 163.413944] SyS_connect+0x9/0x10 [ 163.417401] do_syscall_64+0x1c7/0x5b0 [ 163.421297] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 163.426154] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 163.431357] RIP: 0033:0x459829 [ 163.434555] RSP: 002b:00007fa4499c9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 163.442540] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 163.450305] RDX: 0000000000000026 RSI: 0000000020000180 RDI: 0000000000000007 [ 163.457581] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 163.464969] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa4499ca6d4 [ 163.472242] R13: 00000000004bfd8b R14: 00000000004d1948 R15: 00000000ffffffff [ 163.479533] [ 163.481157] Allocated by task 3743: [ 163.484783] save_stack_trace+0x16/0x20 [ 163.488759] save_stack+0x43/0xd0 [ 163.492236] kasan_kmalloc+0xc7/0xe0 [ 163.495956] __kmalloc+0x15b/0x7b0 [ 163.499792] l2tp_session_create+0x34/0x1720 [ 163.504188] pppol2tp_connect+0x10c1/0x1900 [ 163.508491] SYSC_connect+0x1e3/0x2a0 [ 163.512271] SyS_connect+0x9/0x10 [ 163.515704] do_syscall_64+0x1c7/0x5b0 [ 163.519603] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 163.524957] [ 163.526586] Freed by task 3732: [ 163.529860] save_stack_trace+0x16/0x20 [ 163.533817] save_stack+0x43/0xd0 [ 163.537251] kasan_slab_free+0x71/0xc0 [ 163.541117] kfree+0xcc/0x270 [ 163.544249] l2tp_session_free+0x14f/0x1d0 [ 163.548758] l2tp_tunnel_closeall+0x23d/0x2f0 [ 163.553246] l2tp_udp_encap_destroy+0x7d/0xc0 [ 163.557723] udpv6_destroy_sock+0x89/0xb0 [ 163.561862] sk_common_release+0x5e/0x2c0 [ 163.565996] udp_lib_close+0x9/0x10 [ 163.569602] inet_release+0xd9/0x1c0 [ 163.574247] inet6_release+0x46/0x60 [ 163.577961] __sock_release+0xc2/0x2a0 [ 163.581985] sock_close+0x10/0x20 [ 163.585683] __fput+0x232/0x750 [ 163.589043] ____fput+0x9/0x10 [ 163.592837] task_work_run+0xe5/0x170 [ 163.596880] exit_to_usermode_loop+0x16a/0x1b0 [ 163.601534] do_syscall_64+0x416/0x5b0 [ 163.605598] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 163.610888] [ 163.612523] The buggy address belongs to the object at ffff88807b1a4500 [ 163.612523] which belongs to the cache kmalloc-512 of size 512 [ 163.625322] The buggy address is located 24 bytes inside of [ 163.625322] 512-byte region [ffff88807b1a4500, ffff88807b1a4700) [ 163.637122] The buggy address belongs to the page: [ 163.642134] page:ffffea0001ec6900 count:1 mapcount:0 mapping:ffff88807b1a4000 index:0x0 [ 163.650262] flags: 0x1fffc0000000100(slab) [ 163.654748] raw: 01fffc0000000100 ffff88807b1a4000 0000000000000000 0000000100000006 [ 163.662613] raw: ffffea00027a4220 ffffea00026e3d20 ffff8880aa800940 0000000000000000 [ 163.670605] page dumped because: kasan: bad access detected [ 163.676428] [ 163.678032] Memory state around the buggy address: [ 163.682940] ffff88807b1a4400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 163.690296] ffff88807b1a4480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 163.697637] >ffff88807b1a4500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 163.704992] ^ [ 163.709120] ffff88807b1a4580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 163.716575] ffff88807b1a4600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 163.724099] ================================================================== [ 163.731450] Disabling lock debugging due to kernel taint [ 163.742408] Kernel panic - not syncing: panic_on_warn set ... [ 163.742408] [ 163.749825] CPU: 1 PID: 3743 Comm: syz-executor.4 Tainted: G B 4.14.173-syzkaller #0 [ 163.758828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 163.768166] Call Trace: [ 163.770740] dump_stack+0xf7/0x13b [ 163.774261] ? l2tp_session_create+0x144f/0x1720 [ 163.779013] panic+0x1b0/0x358 [ 163.782185] ? add_taint.cold.5+0x11/0x11 [ 163.786331] ? ___preempt_schedule+0x16/0x18 [ 163.790738] ? l2tp_session_create+0x144f/0x1720 [ 163.795567] kasan_end_report+0x47/0x4f [ 163.799534] kasan_report.cold.8+0x76/0x2d3 [ 163.803841] __asan_report_load4_noabort+0x14/0x20 [ 163.808750] l2tp_session_create+0x144f/0x1720 [ 163.813332] ? trace_hardirqs_on_caller+0x40c/0x580 [ 163.818478] ? l2tp_session_get+0x181/0x660 [ 163.822793] ? trace_hardirqs_on+0xd/0x10 [ 163.826929] pppol2tp_connect+0x10c1/0x1900 [ 163.831253] ? pppol2tp_seq_show+0xc40/0xc40 [ 163.835703] ? __might_fault+0xf1/0x1b0 [ 163.839671] ? lock_downgrade+0x7f0/0x7f0 [ 163.843814] ? security_socket_connect+0x6a/0xa0 [ 163.848606] SYSC_connect+0x1e3/0x2a0 [ 163.852390] ? SYSC_bind+0x210/0x210 [ 163.856083] ? _copy_to_user+0x91/0xb0 [ 163.859970] ? nsecs_to_jiffies+0x20/0x20 [ 163.864097] ? SyS_clock_gettime+0x115/0x160 [ 163.868483] ? SyS_clock_settime+0x1a0/0x1a0 [ 163.872898] ? do_syscall_64+0x4c/0x5b0 [ 163.876965] ? SyS_accept+0x10/0x10 [ 163.880614] SyS_connect+0x9/0x10 [ 163.884199] do_syscall_64+0x1c7/0x5b0 [ 163.888088] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 163.892931] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 163.898173] RIP: 0033:0x459829 [ 163.901900] RSP: 002b:00007fa4499c9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 163.909771] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 163.917043] RDX: 0000000000000026 RSI: 0000000020000180 RDI: 0000000000000007 [ 163.925680] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 163.932944] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa4499ca6d4 [ 163.940281] R13: 00000000004bfd8b R14: 00000000004d1948 R15: 00000000ffffffff [ 163.949135] Kernel Offset: disabled [ 163.952777] Rebooting in 86400 seconds..