[ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 32.293510] audit: type=1400 audit(1588473059.276:8): avc: denied { execmem } for pid=6123 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 32.531008] IPVS: ftp: loaded support on port[0] = 21 [ 33.663846] can: request_module (can-proto-0) failed. [ 33.672957] can: request_module (can-proto-0) failed. [ 33.697812] audit: type=1400 audit(1588473060.667:9): avc: denied { create } for pid=6099 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1 Warning: Permanently added '10.128.0.198' (ECDSA) to the list of known hosts. 2020/05/03 02:31:08 parsed 1 programs 2020/05/03 02:31:09 executed programs: 0 [ 42.079875] audit: type=1400 audit(1588473069.060:10): avc: denied { execmem } for pid=6239 comm="syz-executor.2" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 42.376809] IPVS: ftp: loaded support on port[0] = 21 [ 43.233523] IPVS: ftp: loaded support on port[0] = 21 [ 43.294827] chnl_net:caif_netlink_parms(): no params data found [ 43.331152] IPVS: ftp: loaded support on port[0] = 21 [ 43.370479] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.377662] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.384466] device bridge_slave_0 entered promiscuous mode [ 43.407904] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.414857] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.422945] device bridge_slave_1 entered promiscuous mode [ 43.444437] chnl_net:caif_netlink_parms(): no params data found [ 43.460879] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.472817] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.495317] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.503762] IPVS: ftp: loaded support on port[0] = 21 [ 43.504225] team0: Port device team_slave_0 added [ 43.518458] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.525493] team0: Port device team_slave_1 added [ 43.531542] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.539251] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 43.565399] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.572986] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.580888] device bridge_slave_0 entered promiscuous mode [ 43.627864] device hsr_slave_0 entered promiscuous mode [ 43.675990] device hsr_slave_1 entered promiscuous mode [ 43.716785] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 43.723638] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.730144] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.738119] device bridge_slave_1 entered promiscuous mode [ 43.757552] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.770530] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 43.778102] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.850945] chnl_net:caif_netlink_parms(): no params data found [ 43.868367] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.875394] team0: Port device team_slave_0 added [ 43.888980] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.897351] team0: Port device team_slave_1 added [ 43.902644] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.916128] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 43.930573] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.937032] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.943871] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.950278] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.960092] IPVS: ftp: loaded support on port[0] = 21 [ 44.017701] device hsr_slave_0 entered promiscuous mode [ 44.056039] device hsr_slave_1 entered promiscuous mode [ 44.105948] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.120702] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.127391] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.134692] device bridge_slave_0 entered promiscuous mode [ 44.144115] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.159938] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.166682] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.173423] device bridge_slave_1 entered promiscuous mode [ 44.190549] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 44.240137] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.246524] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.253148] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.259736] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.268779] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 44.294741] chnl_net:caif_netlink_parms(): no params data found [ 44.321063] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 44.331351] team0: Port device team_slave_0 added [ 44.338654] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 44.345848] team0: Port device team_slave_1 added [ 44.351283] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 44.359679] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.384919] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.392362] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.401004] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.408151] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.432575] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.433520] IPVS: ftp: loaded support on port[0] = 21 [ 44.441866] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.452081] device bridge_slave_0 entered promiscuous mode [ 44.458942] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.465287] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.472345] device bridge_slave_1 entered promiscuous mode [ 44.528147] device hsr_slave_0 entered promiscuous mode [ 44.565740] device hsr_slave_1 entered promiscuous mode [ 44.606385] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.620723] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 44.640981] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.651300] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 44.672662] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.684214] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.705011] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 44.714135] team0: Port device team_slave_0 added [ 44.720675] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 44.728101] team0: Port device team_slave_1 added [ 44.739036] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 44.798024] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 44.805053] chnl_net:caif_netlink_parms(): no params data found [ 44.814113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.822252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.834579] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.843858] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.851830] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.858790] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.879843] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 44.886951] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.894431] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 44.914488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.921673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.931670] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.977613] device hsr_slave_0 entered promiscuous mode [ 45.015538] device hsr_slave_1 entered promiscuous mode [ 45.058010] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 45.066729] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 45.072793] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.079897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.088130] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.096131] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.102474] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.111892] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.128780] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 45.137798] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.148289] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.156037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.163645] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.170326] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.177632] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.187047] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.194550] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.200972] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.216095] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.225986] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 45.241327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 45.249101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 45.259987] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.269966] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 45.277755] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.284095] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.291658] device bridge_slave_0 entered promiscuous mode [ 45.299526] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.306574] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.313541] device bridge_slave_1 entered promiscuous mode [ 45.329642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.337426] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.344902] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.351283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.358192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 45.366344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.373863] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 45.383878] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.403402] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.414781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 45.423870] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.431987] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 45.440987] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 45.450931] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.490799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 45.498760] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.506751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 45.520150] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 45.539328] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 45.546483] team0: Port device team_slave_0 added [ 45.552096] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 45.559715] team0: Port device team_slave_1 added [ 45.565819] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 45.572622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 45.580564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.588537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.596151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.603409] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 45.613487] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 45.623102] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 45.633295] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 45.642052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 45.650504] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.658785] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.666278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.676099] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 45.682884] chnl_net:caif_netlink_parms(): no params data found [ 45.693607] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 45.711539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.721630] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.731095] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 45.753564] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.808273] device hsr_slave_0 entered promiscuous mode [ 45.845330] device hsr_slave_1 entered promiscuous mode [ 45.885494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.893006] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.902931] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 45.909194] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 45.916687] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 45.922684] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 45.937921] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 45.956210] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 45.964020] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 45.981089] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.987879] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.999355] device bridge_slave_0 entered promiscuous mode [ 46.007077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.013909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.022025] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.031138] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.037464] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.047446] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.055864] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.063008] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.071421] device bridge_slave_1 entered promiscuous mode [ 46.091458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.099560] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.108624] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.115046] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.121876] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 46.133580] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.148645] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.157481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.165523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.173759] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.180137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.188364] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 46.196035] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.206583] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.228712] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.238487] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.248664] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 46.258608] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.266109] team0: Port device team_slave_0 added [ 46.272474] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 46.283243] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.290486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.298443] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.306480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.316535] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.324054] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.334769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.344358] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 46.354664] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.362677] team0: Port device team_slave_1 added [ 46.369563] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.381323] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.392795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.401493] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.411537] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 46.419327] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.437202] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 46.448299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.457455] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.468453] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 46.488969] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 46.499829] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 46.506696] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.517985] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.526079] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.535662] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 46.543721] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.556703] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.592958] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.600623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.609319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.621228] ================================================================== [ 46.629034] BUG: KASAN: use-after-free in _copy_to_user+0x84/0xb0 [ 46.635265] Read of size 924 at addr ffff88807a7ffff3 by task syz-executor.0/7126 [ 46.642912] [ 46.644539] CPU: 1 PID: 7126 Comm: syz-executor.0 Not tainted 4.14.178-syzkaller #0 [ 46.652419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.661751] Call Trace: [ 46.664409] dump_stack+0xf7/0x13b [ 46.668017] ? _copy_to_user+0x84/0xb0 [ 46.671887] print_address_description.cold.7+0x9/0x1c9 [ 46.677240] ? _copy_to_user+0x84/0xb0 [ 46.681103] kasan_report.cold.8+0x11a/0x2d3 [ 46.685495] check_memory_region+0x13e/0x1b0 [ 46.689882] kasan_check_read+0x11/0x20 [ 46.693917] _copy_to_user+0x84/0xb0 [ 46.697608] bpf_test_finish.isra.5+0xd5/0x170 [ 46.702165] ? bpf_test_run+0x2d0/0x2d0 [ 46.706115] ? kvm_clock_read+0x23/0x40 [ 46.710078] ? kvm_clock_get_cycles+0x9/0x10 [ 46.714477] ? ktime_get+0x13c/0x240 [ 46.718180] ? bpf_test_run+0x210/0x2d0 [ 46.722143] ? eth_gro_receive+0x880/0x880 [ 46.726369] bpf_prog_test_run_skb+0x66d/0xbc0 [ 46.730931] ? bpf_test_init.isra.6+0xa0/0xa0 [ 46.735420] ? __bpf_prog_get+0x128/0x170 [ 46.739544] SyS_bpf+0x4d7/0x288a [ 46.742974] ? bpf_prog_get+0x10/0x10 [ 46.746750] ? kasan_check_read+0x11/0x20 [ 46.750873] ? _copy_to_user+0x91/0xb0 [ 46.754737] ? put_timespec64+0xa4/0xf0 [ 46.758688] ? nsecs_to_jiffies+0x20/0x20 [ 46.762827] ? SyS_clock_gettime+0x115/0x160 [ 46.767216] ? do_syscall_64+0x4c/0x5b0 [ 46.771188] ? bpf_prog_get+0x10/0x10 [ 46.774976] do_syscall_64+0x1c7/0x5b0 [ 46.778852] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 46.783674] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 46.788842] RIP: 0033:0x459829 [ 46.792006] RSP: 002b:00007fea6653cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 46.799862] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 46.807109] RDX: 0000000000000028 RSI: 0000000020000140 RDI: 000000000000000a [ 46.814353] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 46.821596] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea6653d6d4 [ 46.828840] R13: 00000000004bfb92 R14: 00000000004d1758 R15: 00000000ffffffff [ 46.836094] [ 46.837699] The buggy address belongs to the page: [ 46.842607] page:ffffea0001e9ffc0 count:0 mapcount:0 mapping: (null) index:0x0 [ 46.850725] flags: 0x1fffc0000000000() [ 46.854675] raw: 01fffc0000000000 0000000000000000 0000000000000000 00000000ffffffff [ 46.862529] raw: ffffea0001e9ffe0 ffffea0001e9ffe0 0000000000000000 0000000000000000 [ 46.870382] page dumped because: kasan: bad access detected [ 46.876065] [ 46.878188] Memory state around the buggy address: [ 46.883091] ffff88807a7ffe80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.890424] ffff88807a7fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.897758] >ffff88807a7fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.905089] ^ [ 46.912076] ffff88807a800000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.919419] ffff88807a800080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 46.926751] ================================================================== [ 46.934082] Disabling lock debugging due to kernel taint [ 46.973718] Kernel panic - not syncing: panic_on_warn set ... [ 46.973718] [ 46.979807] device hsr_slave_0 entered promiscuous mode [ 46.981379] CPU: 1 PID: 7126 Comm: syz-executor.0 Tainted: G B 4.14.178-syzkaller #0 [ 46.995712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.005662] Call Trace: [ 47.008229] dump_stack+0xf7/0x13b [ 47.011833] ? _copy_to_user+0x84/0xb0 [ 47.015710] panic+0x1b0/0x358 [ 47.018890] ? add_taint.cold.5+0x11/0x11 [ 47.023011] ? ___preempt_schedule+0x16/0x18 [ 47.027409] ? _copy_to_user+0x84/0xb0 [ 47.031270] kasan_end_report+0x47/0x4f [ 47.035246] kasan_report.cold.8+0x76/0x2d3 [ 47.039563] check_memory_region+0x13e/0x1b0 [ 47.043952] kasan_check_read+0x11/0x20 [ 47.047909] _copy_to_user+0x84/0xb0 [ 47.051604] bpf_test_finish.isra.5+0xd5/0x170 [ 47.056167] ? bpf_test_run+0x2d0/0x2d0 [ 47.060117] ? kvm_clock_read+0x23/0x40 [ 47.064088] ? kvm_clock_get_cycles+0x9/0x10 [ 47.068497] ? ktime_get+0x13c/0x240 [ 47.072196] ? bpf_test_run+0x210/0x2d0 [ 47.076158] ? eth_gro_receive+0x880/0x880 [ 47.080371] bpf_prog_test_run_skb+0x66d/0xbc0 [ 47.085018] ? bpf_test_init.isra.6+0xa0/0xa0 [ 47.089506] ? __bpf_prog_get+0x128/0x170 [ 47.093629] SyS_bpf+0x4d7/0x288a [ 47.097058] ? bpf_prog_get+0x10/0x10 [ 47.100849] ? kasan_check_read+0x11/0x20 [ 47.104971] ? _copy_to_user+0x91/0xb0 [ 47.108834] ? put_timespec64+0xa4/0xf0 [ 47.112796] ? nsecs_to_jiffies+0x20/0x20 [ 47.116917] ? SyS_clock_gettime+0x115/0x160 [ 47.121299] ? do_syscall_64+0x4c/0x5b0 [ 47.125247] ? bpf_prog_get+0x10/0x10 [ 47.129021] do_syscall_64+0x1c7/0x5b0 [ 47.132884] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 47.137892] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 47.143054] RIP: 0033:0x459829 [ 47.146217] RSP: 002b:00007fea6653cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 47.153898] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 47.161141] RDX: 0000000000000028 RSI: 0000000020000140 RDI: 000000000000000a [ 47.168400] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 47.175644] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fea6653d6d4 [ 47.182886] R13: 00000000004bfb92 R14: 00000000004d1758 R15: 00000000ffffffff [ 47.191665] Kernel Offset: disabled [ 47.195328] Rebooting in 86400 seconds..