[ 59.853844][ T27] audit: type=1400 audit(1584368832.175:42): avc: denied { map } for pid=8346 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 60.539815][ T27] audit: type=1400 audit(1584368832.855:43): avc: denied { integrity } for pid=8346 comm="syz-fuzzer" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 [ 60.677409][ T8365] IPVS: ftp: loaded support on port[0] = 21 [ 60.951746][ T909] tipc: TX() has been purged, node left! [ 61.213695][ T8369] can: request_module (can-proto-0) failed. [ 64.074534][ T8369] can: request_module (can-proto-0) failed. [ 64.085843][ T8369] can: request_module (can-proto-0) failed. [ 64.303144][ T27] audit: type=1400 audit(1584368836.625:44): avc: denied { create } for pid=8346 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 64.327433][ T27] audit: type=1400 audit(1584368836.625:45): avc: denied { create } for pid=8346 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 64.351951][ T27] audit: type=1400 audit(1584368836.625:46): avc: denied { create } for pid=8346 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 Warning: Permanently added '10.128.10.58' (ECDSA) to the list of known hosts. 2020/03/16 14:27:23 parsed 1 programs 2020/03/16 14:27:24 executed programs: 0 [ 71.938533][ T8451] IPVS: ftp: loaded support on port[0] = 21 [ 71.938798][ T8447] IPVS: ftp: loaded support on port[0] = 21 [ 71.955291][ T8453] IPVS: ftp: loaded support on port[0] = 21 [ 71.956112][ T8449] IPVS: ftp: loaded support on port[0] = 21 [ 71.974084][ T8445] IPVS: ftp: loaded support on port[0] = 21 [ 72.023262][ T8455] IPVS: ftp: loaded support on port[0] = 21 [ 72.199449][ T8451] chnl_net:caif_netlink_parms(): no params data found [ 72.228439][ T8447] chnl_net:caif_netlink_parms(): no params data found [ 72.253497][ T8455] chnl_net:caif_netlink_parms(): no params data found [ 72.319753][ T8453] chnl_net:caif_netlink_parms(): no params data found [ 72.339332][ T8449] chnl_net:caif_netlink_parms(): no params data found [ 72.380654][ T8451] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.390131][ T8451] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.397929][ T8451] device bridge_slave_0 entered promiscuous mode [ 72.409981][ T8451] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.417525][ T8451] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.425467][ T8451] device bridge_slave_1 entered promiscuous mode [ 72.432969][ T8445] chnl_net:caif_netlink_parms(): no params data found [ 72.453799][ T8447] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.460861][ T8447] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.468707][ T8447] device bridge_slave_0 entered promiscuous mode [ 72.480207][ T8447] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.487342][ T8447] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.494964][ T8447] device bridge_slave_1 entered promiscuous mode [ 72.511119][ T8451] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.521022][ T8455] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.531117][ T8455] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.539851][ T8455] device bridge_slave_0 entered promiscuous mode [ 72.573801][ T8451] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.592006][ T8455] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.599083][ T8455] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.611004][ T8455] device bridge_slave_1 entered promiscuous mode [ 72.618210][ T8453] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.625337][ T8453] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.635720][ T8453] device bridge_slave_0 entered promiscuous mode [ 72.644900][ T8453] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.652431][ T8453] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.659969][ T8453] device bridge_slave_1 entered promiscuous mode [ 72.676586][ T8447] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.691275][ T8447] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.705115][ T8449] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.712293][ T8449] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.719954][ T8449] device bridge_slave_0 entered promiscuous mode [ 72.760176][ T8449] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.768115][ T8449] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.776139][ T8449] device bridge_slave_1 entered promiscuous mode [ 72.783329][ T8445] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.790679][ T8445] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.799133][ T8445] device bridge_slave_0 entered promiscuous mode [ 72.807973][ T8451] team0: Port device team_slave_0 added [ 72.817384][ T8453] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.828169][ T8455] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.841583][ T8447] team0: Port device team_slave_0 added [ 72.854103][ T8445] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.861168][ T8445] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.869198][ T8445] device bridge_slave_1 entered promiscuous mode [ 72.877210][ T8451] team0: Port device team_slave_1 added [ 72.885393][ T8453] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.895897][ T8455] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.907472][ T8447] team0: Port device team_slave_1 added [ 72.924757][ T8449] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.961358][ T8455] team0: Port device team_slave_0 added [ 72.971098][ T8445] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.981288][ T8449] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.998864][ T8455] team0: Port device team_slave_1 added [ 73.007694][ T8453] team0: Port device team_slave_0 added [ 73.024949][ T8445] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.073452][ T8451] device hsr_slave_0 entered promiscuous mode [ 73.112074][ T8451] device hsr_slave_1 entered promiscuous mode [ 73.164313][ T8453] team0: Port device team_slave_1 added [ 73.213831][ T8447] device hsr_slave_0 entered promiscuous mode [ 73.252256][ T8447] device hsr_slave_1 entered promiscuous mode [ 73.292089][ T8447] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.299769][ T8447] Cannot create hsr debugfs directory [ 73.363478][ T8455] device hsr_slave_0 entered promiscuous mode [ 73.401972][ T8455] device hsr_slave_1 entered promiscuous mode [ 73.461782][ T8455] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.469559][ T8455] Cannot create hsr debugfs directory [ 73.477008][ T8449] team0: Port device team_slave_0 added [ 73.554511][ T8453] device hsr_slave_0 entered promiscuous mode [ 73.592035][ T8453] device hsr_slave_1 entered promiscuous mode [ 73.631819][ T8453] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.639414][ T8453] Cannot create hsr debugfs directory [ 73.646336][ T8449] team0: Port device team_slave_1 added [ 73.657471][ T8445] team0: Port device team_slave_0 added [ 73.669446][ T8445] team0: Port device team_slave_1 added [ 73.753304][ T8449] device hsr_slave_0 entered promiscuous mode [ 73.791970][ T8449] device hsr_slave_1 entered promiscuous mode [ 73.841844][ T8449] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.849526][ T8449] Cannot create hsr debugfs directory [ 73.878639][ T27] audit: type=1400 audit(1584368846.195:47): avc: denied { write } for pid=8451 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 73.903320][ T27] audit: type=1400 audit(1584368846.195:48): avc: denied { read } for pid=8451 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 73.963443][ T8445] device hsr_slave_0 entered promiscuous mode [ 73.992094][ T8445] device hsr_slave_1 entered promiscuous mode [ 74.041816][ T8445] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.049430][ T8445] Cannot create hsr debugfs directory [ 74.055405][ T8451] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 74.125474][ T8451] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 74.184344][ T8451] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 74.255814][ T8451] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 74.353885][ T8455] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.396311][ T8455] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.458664][ T8455] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.521520][ T8455] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 74.565382][ T8447] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 74.648116][ T8447] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 74.707471][ T8447] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 74.773892][ T8453] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 74.824036][ T8453] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 74.874338][ T8447] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 74.924122][ T8453] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 74.976725][ T8453] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 75.072194][ T8449] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 75.140754][ T8451] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.171567][ T8449] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 75.207314][ T8449] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 75.266199][ T8449] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 75.332965][ T8445] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 75.363748][ T8445] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 75.419902][ T8451] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.440526][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 75.449504][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 75.458436][ T8445] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 75.541836][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.550644][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.559812][ T3112] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.567055][ T3112] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.575408][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.584365][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.593996][ T3112] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.601050][ T3112] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.613574][ T8455] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.627538][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 75.636422][ T8445] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 75.698918][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 75.710459][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 75.719255][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 75.727929][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 75.742262][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 75.750993][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.760876][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 75.769746][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.780342][ T8455] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.806341][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 75.814726][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.823396][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.834552][ T3114] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.841681][ T3114] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.850186][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 75.859130][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 75.867481][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 75.875698][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 75.884774][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 75.906777][ T8451] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 75.920452][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.930789][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.941474][ T3113] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.948653][ T3113] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.957230][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 75.978372][ T8447] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.004315][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 76.040901][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 76.051465][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.060096][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 76.068553][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.077626][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.085268][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.092976][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 76.101111][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.113347][ T8447] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.127642][ T8453] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.144210][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.153609][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 76.161035][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 76.168821][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 76.177923][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.191914][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.200381][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.209539][ T2871] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.217256][ T2871] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.225001][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 76.233955][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.242742][ T2871] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.249777][ T2871] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.258843][ T8455] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.278729][ T8451] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.288483][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 76.296588][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 76.315727][ T8445] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.327551][ T8453] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.345356][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.353988][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.369675][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 76.388223][ T8455] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.404263][ T27] audit: type=1400 audit(1584368848.725:49): avc: denied { associate } for pid=8451 comm="syz-executor.3" name="syz3" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 76.415362][ T8445] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.448414][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 76.459031][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 76.466808][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 76.476647][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.485476][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.494454][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.505391][ T2881] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.529365][ T8447] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 76.540307][ T8447] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 76.562465][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.570888][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.605621][ T3112] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.612768][ T3112] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.624111][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 76.639995][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.660956][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 76.669741][ T1605] ================================================================== [ 76.671989][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.677941][ T1605] BUG: KASAN: slab-out-of-bounds in bacpy+0xe/0x10 [ 76.686315][ T3112] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.692477][ T1605] Read of size 6 at addr ffff8880962bea08 by task kworker/u5:0/1605 [ 76.692481][ T1605] [ 76.692494][ T1605] CPU: 1 PID: 1605 Comm: kworker/u5:0 Not tainted 5.6.0-rc6-syzkaller #0 [ 76.692497][ T1605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.692508][ T1605] Workqueue: hci0 hci_rx_work [ 76.692513][ T1605] Call Trace: [ 76.692526][ T1605] dump_stack+0x12d/0x187 [ 76.692544][ T1605] print_address_description.constprop.8.cold.10+0x9/0x31d [ 76.692550][ T1605] ? bacpy+0xe/0x10 [ 76.692558][ T1605] __kasan_report.cold.11+0x1b/0x32 [ 76.692565][ T1605] ? bacpy+0xe/0x10 [ 76.699609][ T3112] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.707629][ T1605] ? bacpy+0xe/0x10 [ 76.707638][ T1605] kasan_report+0x12/0x20 [ 76.707644][ T1605] check_memory_region+0x153/0x1d0 [ 76.707652][ T1605] memcpy+0x23/0x50 [ 76.707661][ T1605] bacpy+0xe/0x10 [ 76.712029][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 76.718450][ T1605] hci_event_packet+0x40ba/0x9868 [ 76.729094][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.733189][ T1605] ? hci_cmd_complete_evt+0xb690/0xb690 [ 76.733210][ T1605] ? unwind_next_frame+0x3e/0x50 [ 76.733215][ T1605] ? profile_setup.cold.14+0xa0/0xa0 [ 76.733223][ T1605] ? fpregs_mark_activate+0x1b0/0x240 [ 76.733252][ T1605] ? ret_from_fork+0x24/0x30 [ 76.738629][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 76.740834][ T1605] ? stack_trace_save+0x82/0xb0 [ 76.748834][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.751801][ T1605] ? stack_trace_consume_entry+0x170/0x170 [ 76.751808][ T1605] ? unwind_next_frame+0x3e/0x50 [ 76.751824][ T1605] ? save_trace+0x45/0x940 [ 76.751839][ T1605] ? __lock_acquire+0x2cd5/0x4ef0 [ 76.751860][ T1605] ? __kasan_check_read+0x11/0x20 [ 76.758470][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 76.760868][ T1605] ? mark_lock+0xc5/0x11d0 [ 76.768918][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.771837][ T1605] ? mark_held_locks+0xb8/0x130 [ 76.771849][ T1605] ? _raw_spin_unlock_irqrestore+0x7d/0xd0 [ 76.771858][ T1605] ? skb_dequeue+0x14d/0x1f0 [ 76.771865][ T1605] ? lockdep_hardirqs_on+0x42d/0x5d0 [ 76.771869][ T1605] ? _raw_spin_unlock_irqrestore+0x7d/0xd0 [ 76.771880][ T1605] ? trace_hardirqs_on+0x28/0x1a0 [ 76.777688][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.781322][ T1605] hci_rx_work+0x18e/0x940 [ 76.785719][ T3112] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.788717][ T1605] ? hci_rx_work+0x18e/0x940 [ 76.796683][ T3112] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.801615][ T1605] ? rcu_read_lock_any_held.part.10+0x50/0x50 [ 76.801623][ T1605] ? trace_hardirqs_on+0x28/0x1a0 [ 76.801640][ T1605] process_one_work+0x88b/0x1680 [ 76.810489][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 76.814892][ T1605] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [ 76.814914][ T1605] worker_thread+0x85/0xb60 [ 76.814920][ T1605] ? __kthread_parkme+0x47/0x1a0 [ 76.814939][ T1605] kthread+0x331/0x3f0 [ 76.820414][ T3112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.825126][ T1605] ? process_one_work+0x1680/0x1680 [ 76.825133][ T1605] ? kthread_mod_delayed_work+0x190/0x190 [ 76.825144][ T1605] ret_from_fork+0x24/0x30 [ 76.825166][ T1605] [ 76.825170][ T1605] Allocated by task 8468: [ 76.825177][ T1605] save_stack+0x21/0x90 [ 76.825185][ T1605] __kasan_kmalloc.constprop.17+0xc7/0xd0 [ 76.832515][ T3112] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.835114][ T1605] kasan_kmalloc+0x9/0x10 [ 76.843100][ T3112] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.847871][ T1605] __kmalloc_node_track_caller+0x4d/0x70 [ 76.847883][ T1605] __kmalloc_reserve.isra.46+0x2c/0xc0 [ 76.911142][ T8447] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.911793][ T1605] __alloc_skb+0xd7/0x570 [ 76.911800][ T1605] vhci_write+0xa8/0x3e0 [ 76.911807][ T1605] new_sync_write+0x3fd/0x7e0 [ 76.911811][ T1605] __vfs_write+0x94/0x110 [ 76.911814][ T1605] vfs_write+0x18a/0x520 [ 76.911818][ T1605] ksys_write+0x105/0x220 [ 76.911821][ T1605] __x64_sys_write+0x6e/0xb0 [ 76.911827][ T1605] do_syscall_64+0xca/0x630 [ 76.911836][ T1605] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 77.124237][ T1605] [ 77.126540][ T1605] Freed by task 8269: [ 77.130495][ T1605] save_stack+0x21/0x90 [ 77.134619][ T1605] __kasan_slab_free+0x102/0x150 [ 77.139527][ T1605] kasan_slab_free+0xe/0x10 [ 77.144015][ T1605] kfree+0x108/0x2c0 [ 77.147881][ T1605] load_elf_binary+0x1ab1/0x40d0 [ 77.152801][ T1605] search_binary_handler+0x11f/0x620 [ 77.158084][ T1605] __do_execve_file.isra.33+0x1288/0x1f90 [ 77.163769][ T1605] __x64_sys_execve+0x8a/0xb0 [ 77.168416][ T1605] do_syscall_64+0xca/0x630 [ 77.174280][ T1605] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 77.180140][ T1605] [ 77.182441][ T1605] The buggy address belongs to the object at ffff8880962be800 [ 77.182441][ T1605] which belongs to the cache kmalloc-512 of size 512 [ 77.196743][ T1605] The buggy address is located 8 bytes to the right of [ 77.196743][ T1605] 512-byte region [ffff8880962be800, ffff8880962bea00) [ 77.210413][ T1605] The buggy address belongs to the page: [ 77.216057][ T1605] page:ffffea000258af80 refcount:1 mapcount:0 mapping:ffff8880aa400a80 index:0x0 [ 77.225175][ T1605] flags: 0xfffe0000000200(slab) [ 77.230012][ T1605] raw: 00fffe0000000200 ffffea00027cadc8 ffffea00026093c8 ffff8880aa400a80 [ 77.238568][ T1605] raw: 0000000000000000 ffff8880962be000 0000000100000004 0000000000000000 [ 77.247118][ T1605] page dumped because: kasan: bad access detected [ 77.253509][ T1605] [ 77.255821][ T1605] Memory state around the buggy address: [ 77.261433][ T1605] ffff8880962be900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 77.269464][ T1605] ffff8880962be980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 77.277499][ T1605] >ffff8880962bea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.285529][ T1605] ^ [ 77.289835][ T1605] ffff8880962bea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.297879][ T1605] ffff8880962beb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.305920][ T1605] ================================================================== [ 77.313964][ T1605] Disabling lock debugging due to kernel taint [ 77.326842][ T1605] Kernel panic - not syncing: panic_on_warn set ... [ 77.333464][ T1605] CPU: 1 PID: 1605 Comm: kworker/u5:0 Tainted: G B 5.6.0-rc6-syzkaller #0 [ 77.333599][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.343264][ T1605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.343274][ T1605] Workqueue: hci0 hci_rx_work [ 77.343277][ T1605] Call Trace: [ 77.343288][ T1605] dump_stack+0x12d/0x187 [ 77.343294][ T1605] ? atomic_inc+0x10/0x20 [ 77.343302][ T1605] panic+0x22a/0x4e3 [ 77.355465][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.361154][ T1605] ? add_taint.cold.7+0x11/0x11 [ 77.361163][ T1605] ? ___preempt_schedule+0x16/0x18 [ 77.361172][ T1605] ? bacpy+0xe/0x10 [ 77.367429][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.369122][ T1605] end_report+0x47/0x4f [ 77.369130][ T1605] __kasan_report.cold.11+0xe/0x32 [ 77.374015][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.377771][ T1605] ? bacpy+0xe/0x10 [ 77.377778][ T1605] ? bacpy+0xe/0x10 [ 77.377786][ T1605] kasan_report+0x12/0x20 [ 77.377792][ T1605] check_memory_region+0x153/0x1d0 [ 77.382316][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.388778][ T1605] memcpy+0x23/0x50 [ 77.388785][ T1605] bacpy+0xe/0x10 [ 77.388790][ T1605] hci_event_packet+0x40ba/0x9868 [ 77.388801][ T1605] ? hci_cmd_complete_evt+0xb690/0xb690 [ 77.394279][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.398727][ T1605] ? unwind_next_frame+0x3e/0x50 [ 77.398732][ T1605] ? profile_setup.cold.14+0xa0/0xa0 [ 77.398740][ T1605] ? fpregs_mark_activate+0x1b0/0x240 [ 77.403098][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.409910][ T1605] ? ret_from_fork+0x24/0x30 [ 77.409921][ T1605] ? stack_trace_save+0x82/0xb0 [ 77.414701][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.419150][ T1605] ? stack_trace_consume_entry+0x170/0x170 [ 77.419156][ T1605] ? unwind_next_frame+0x3e/0x50 [ 77.419165][ T1605] ? save_trace+0x45/0x940 [ 77.427648][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.430834][ T1605] ? __lock_acquire+0x2cd5/0x4ef0 [ 77.430847][ T1605] ? __kasan_check_read+0x11/0x20 [ 77.434926][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.438943][ T1605] ? mark_lock+0xc5/0x11d0 [ 77.438951][ T1605] ? mark_held_locks+0xb8/0x130 [ 77.438962][ T1605] ? _raw_spin_unlock_irqrestore+0x7d/0xd0 [ 77.444368][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.451916][ T1605] ? skb_dequeue+0x14d/0x1f0 [ 77.451922][ T1605] ? lockdep_hardirqs_on+0x42d/0x5d0 [ 77.451928][ T1605] ? _raw_spin_unlock_irqrestore+0x7d/0xd0 [ 77.451934][ T1605] ? trace_hardirqs_on+0x28/0x1a0 [ 77.451946][ T1605] hci_rx_work+0x18e/0x940 [ 77.451951][ T1605] ? hci_rx_work+0x18e/0x940 [ 77.456404][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.459357][ T1605] ? rcu_read_lock_any_held.part.10+0x50/0x50 [ 77.459363][ T1605] ? trace_hardirqs_on+0x28/0x1a0 [ 77.459372][ T1605] process_one_work+0x88b/0x1680 [ 77.459382][ T1605] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [ 77.465099][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.469921][ T1605] worker_thread+0x85/0xb60 [ 77.469929][ T1605] ? __kthread_parkme+0x47/0x1a0 [ 77.478397][ T3114] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.482663][ T1605] kthread+0x331/0x3f0 [ 77.482670][ T1605] ? process_one_work+0x1680/0x1680 [ 77.482674][ T1605] ? kthread_mod_delayed_work+0x190/0x190 [ 77.482682][ T1605] ret_from_fork+0x24/0x30 [ 77.489386][ T1605] Kernel Offset: disabled [ 77.691995][ T1605] Rebooting in 86400 seconds..