[ 45.512772] audit: type=1800 audit(1546750243.604:30): pid=7969 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 49.981239] kauditd_printk_skb: 4 callbacks suppressed [ 49.981255] audit: type=1400 audit(1546750248.114:35): avc: denied { map } for pid=8143 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.87' (ECDSA) to the list of known hosts. [ 56.697218] audit: type=1400 audit(1546750254.824:36): avc: denied { map } for pid=8155 comm="syz-executor940" path="/root/syz-executor940122552" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 56.735184] IPVS: ftp: loaded support on port[0] = 21 [ 56.745557] IPVS: ftp: loaded support on port[0] = 21 [ 56.745806] IPVS: ftp: loaded support on port[0] = 21 [ 56.765653] IPVS: ftp: loaded support on port[0] = 21 [ 56.772559] IPVS: ftp: loaded support on port[0] = 21 [ 56.791925] IPVS: ftp: loaded support on port[0] = 21 [ 57.158605] chnl_net:caif_netlink_parms(): no params data found [ 57.212893] chnl_net:caif_netlink_parms(): no params data found [ 57.236802] chnl_net:caif_netlink_parms(): no params data found [ 57.251817] chnl_net:caif_netlink_parms(): no params data found [ 57.270873] chnl_net:caif_netlink_parms(): no params data found [ 57.280345] chnl_net:caif_netlink_parms(): no params data found [ 57.387537] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.395749] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.403004] device bridge_slave_0 entered promiscuous mode [ 57.417139] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.423941] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.431428] device bridge_slave_1 entered promiscuous mode [ 57.439728] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.446081] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.453631] device bridge_slave_0 entered promiscuous mode [ 57.467274] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.474868] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.482683] device bridge_slave_1 entered promiscuous mode [ 57.565442] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.572312] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.579820] device bridge_slave_0 entered promiscuous mode [ 57.586286] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.593123] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.600839] device bridge_slave_0 entered promiscuous mode [ 57.613323] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.629382] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.644036] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.650555] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.657622] device bridge_slave_1 entered promiscuous mode [ 57.664146] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.671895] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.679124] device bridge_slave_1 entered promiscuous mode [ 57.686588] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.701451] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.707910] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.715519] device bridge_slave_0 entered promiscuous mode [ 57.724288] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.736341] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.742859] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.750409] device bridge_slave_0 entered promiscuous mode [ 57.763293] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.769751] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.776691] device bridge_slave_1 entered promiscuous mode [ 57.802006] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.809564] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.816509] device bridge_slave_1 entered promiscuous mode [ 57.831015] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 57.838904] team0: Port device team_slave_0 added [ 57.859049] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.867003] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 57.876099] team0: Port device team_slave_0 added [ 57.887910] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 57.896554] team0: Port device team_slave_1 added [ 57.901959] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 57.909298] team0: Port device team_slave_1 added [ 57.915884] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.932817] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.946099] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.953605] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.962606] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.971936] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.981810] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.991001] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 58.012322] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 58.027424] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 58.055286] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.068218] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 58.075384] team0: Port device team_slave_0 added [ 58.087556] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 58.095167] team0: Port device team_slave_1 added [ 58.160003] device hsr_slave_0 entered promiscuous mode [ 58.198593] device hsr_slave_1 entered promiscuous mode [ 58.248385] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 58.255763] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 58.263096] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 58.270914] team0: Port device team_slave_0 added [ 58.282403] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 58.290920] team0: Port device team_slave_0 added [ 58.301192] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 58.309662] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 58.316645] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 58.324248] team0: Port device team_slave_1 added [ 58.370130] device hsr_slave_0 entered promiscuous mode [ 58.408182] device hsr_slave_1 entered promiscuous mode [ 58.448350] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 58.455760] team0: Port device team_slave_1 added [ 58.461361] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 58.469160] team0: Port device team_slave_0 added [ 58.484901] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 58.492887] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 58.500157] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 58.507970] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 58.515344] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 58.523093] team0: Port device team_slave_1 added [ 58.529031] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 58.580946] device hsr_slave_0 entered promiscuous mode [ 58.628018] device hsr_slave_1 entered promiscuous mode [ 58.668702] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 58.675978] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 58.683980] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 58.691616] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 58.707193] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 58.801119] device hsr_slave_0 entered promiscuous mode [ 58.858139] device hsr_slave_1 entered promiscuous mode [ 58.898354] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 58.905533] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 58.971014] device hsr_slave_0 entered promiscuous mode [ 59.008238] device hsr_slave_1 entered promiscuous mode [ 59.110908] device hsr_slave_0 entered promiscuous mode [ 59.148147] device hsr_slave_1 entered promiscuous mode [ 59.218488] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 59.225668] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 59.236656] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.245821] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.254921] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 59.266142] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.278281] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 59.303163] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.322827] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.372277] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.385609] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.422074] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.433304] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.458104] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.465868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.477170] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 59.484005] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.497107] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.507678] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.521878] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.531777] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 59.545395] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.552568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.560917] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.568839] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.575280] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.582415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.589742] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.597251] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.624421] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 59.631572] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.640844] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 59.650786] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 59.667263] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.681099] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.692925] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.700971] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.707115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.715339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.723272] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.729682] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.736489] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.744709] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.752660] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.759098] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.765880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.775235] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 59.787583] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.799239] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 59.805319] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.815343] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.822378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.830589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.837431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.844471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.851636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.860661] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 59.871517] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 59.881603] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 59.890283] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.904251] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.910452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.918993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.926540] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.932938] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.939880] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.947571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 59.955838] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.963519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.970558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.977478] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.987496] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 59.997462] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 60.010198] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 60.016279] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.024751] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 60.034499] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.044661] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.052715] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.059136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.065887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.074016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.081793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.092192] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 60.102241] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 60.108535] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.118859] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 60.125733] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.133088] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.140992] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.148847] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.155175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.162408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 60.173522] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 60.181999] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 60.194365] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 60.203422] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 60.213973] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 60.221536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.229810] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.237295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.245217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.253258] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.261348] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.267761] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.274598] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.282957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.290667] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.297010] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.303910] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.311995] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.319830] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.326236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.333566] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.340961] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.354101] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 60.362697] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 60.373508] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 60.383920] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.391093] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 60.399406] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.406761] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.414734] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.422361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 60.430819] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.440891] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 60.446925] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.456372] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 60.466620] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 60.477588] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 60.488705] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 60.498012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.505974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.513998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.522193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.529970] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.537486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.545352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.553226] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.559651] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.568039] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.574226] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.584234] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 60.603212] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 60.611945] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 60.625583] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 60.635538] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.644767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 60.653272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.661622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.669451] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.676944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.684895] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.692562] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.699832] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.708152] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 60.716889] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 60.730359] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 60.746551] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 60.759444] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 60.767601] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 60.774234] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.780916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.789514] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.797041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.804925] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.812478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 60.820513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 60.828149] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.835513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.843149] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.853155] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 60.861802] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 60.870722] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 60.881437] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 60.891309] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 60.897355] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.904643] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.911899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.920249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.927765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.935619] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.943652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.951622] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.959836] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.974020] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.986633] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 60.995689] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 61.007079] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 61.017476] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 61.026532] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 61.036841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.046281] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.053968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.061939] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.069636] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.076018] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.082967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.091210] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.099296] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.105640] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.112525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.120383] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.127973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.135424] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.143355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.161659] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 61.172796] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 61.185272] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 61.191651] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.203052] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 61.209694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 61.217459] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.225509] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.237796] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 61.243834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready executing program executing program [ 61.263102] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.273929] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 61.280647] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.290351] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready executing program executing program [ 61.314425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 61.327338] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 61.340333] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready executing program executing program [ 61.365661] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 61.377254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 61.385422] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.395120] ================================================================== [ 61.402582] BUG: KASAN: use-after-free in __xfrm_policy_unlink+0x9ec/0xa00 [ 61.409614] Write of size 8 at addr ffff88808eed3b50 by task syz-executor940/8182 [ 61.417230] [ 61.418851] CPU: 0 PID: 8182 Comm: syz-executor940 Not tainted 4.20.0+ #11 [ 61.425855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.435188] Call Trace: [ 61.437757] dump_stack+0x1db/0x2d0 [ 61.441440] ? dump_stack_print_info.cold+0x20/0x20 [ 61.446459] ? lock_downgrade+0x910/0x910 [ 61.450619] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 61.455293] print_address_description.cold+0x7c/0x20d [ 61.460558] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 61.465211] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 61.469895] kasan_report.cold+0x1b/0x40 [ 61.473963] ? __sanitizer_cov_trace_const_cmp2+0x11/0x20 [ 61.479492] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 61.484184] __asan_report_store8_noabort+0x17/0x20 [ 61.489197] __xfrm_policy_unlink+0x9ec/0xa00 [ 61.493678] ? xfrm_policy_walk_done+0x360/0x360 [ 61.498418] ? xfrm_policy_byid+0x4a0/0x4a0 [ 61.502723] ? refcount_inc_checked+0x2b/0x70 [ 61.507204] ? __xfrm_policy_link+0x220/0x2f0 [ 61.511694] ? xfrm_pol_inexact_addr_use_any_list+0x1f0/0x1f0 [ 61.517583] xfrm_policy_insert+0x223/0x910 [ 61.521889] ? xfrm_policy_inexact_insert+0xda0/0xda0 [ 61.527072] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 61.532253] pfkey_spdadd+0x111a/0x19a0 [ 61.536220] ? pfkey_spddelete+0x1090/0x1090 [ 61.540618] ? pfkey_spddelete+0x1090/0x1090 [ 61.545010] pfkey_process+0x6d2/0x810 [ 61.548885] ? pfkey_send_new_mapping+0x11f0/0x11f0 [ 61.553890] ? copyin+0xb5/0x100 [ 61.557269] pfkey_sendmsg+0x5bb/0xfc0 [ 61.561151] ? pfkey_spdget+0xa50/0xa50 [ 61.565138] ? selinux_socket_sendmsg+0x36/0x40 [ 61.569795] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.575336] ? security_socket_sendmsg+0x93/0xc0 [ 61.580081] ? pfkey_spdget+0xa50/0xa50 [ 61.584039] sock_sendmsg+0xdd/0x130 [ 61.587795] ___sys_sendmsg+0x7ec/0x910 [ 61.591787] ? copy_msghdr_from_user+0x570/0x570 [ 61.596533] ? __handle_mm_fault+0x955/0x55a0 [ 61.601033] ? add_lock_to_list.isra.0+0x450/0x450 [ 61.605960] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 61.610809] ? check_preemption_disabled+0x48/0x290 [ 61.615829] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.621361] ? __fget_light+0x2db/0x420 [ 61.625340] ? fget_raw+0x20/0x20 [ 61.628782] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 61.634040] ? rcu_read_unlock_special+0x380/0x380 [ 61.638959] ? __fdget+0x1b/0x20 [ 61.642330] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 61.647850] ? sockfd_lookup_light+0xc2/0x160 [ 61.652350] __sys_sendmsg+0x112/0x270 [ 61.656221] ? __ia32_sys_shutdown+0x80/0x80 [ 61.660664] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.666018] ? trace_hardirqs_off_caller+0x300/0x300 [ 61.671106] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 61.675848] __x64_sys_sendmsg+0x78/0xb0 [ 61.679898] do_syscall_64+0x1a3/0x800 [ 61.683770] ? syscall_return_slowpath+0x5f0/0x5f0 [ 61.688697] ? prepare_exit_to_usermode+0x232/0x3b0 [ 61.693710] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 61.698537] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.703713] RIP: 0033:0x442279 [ 61.706889] Code: e8 6c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.725770] RSP: 002b:00007ffe6faadd58 EFLAGS: 00000217 ORIG_RAX: 000000000000002e [ 61.733460] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442279 [ 61.740723] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 61.747982] RBP: 000000000000ef91 R08: 0000000100000000 R09: 0000000100000000 [ 61.755251] R10: 0000000100000000 R11: 0000000000000217 R12: 0000000000000000 [ 61.762506] R13: 00007ffe6faadd90 R14: 0000000000000000 R15: 0000000000000000 [ 61.769776] [ 61.771384] Allocated by task 8179: [ 61.775010] save_stack+0x45/0xd0 [ 61.778445] kasan_kmalloc+0xcf/0xe0 [ 61.782173] kmem_cache_alloc_trace+0x151/0x760 [ 61.786835] xfrm_policy_alloc+0xfb/0x530 [ 61.790964] pfkey_spdadd+0x24d/0x19a0 [ 61.794856] pfkey_process+0x6d2/0x810 [ 61.798740] pfkey_sendmsg+0x5bb/0xfc0 [ 61.802640] sock_sendmsg+0xdd/0x130 [ 61.806339] ___sys_sendmsg+0x7ec/0x910 [ 61.810294] __sys_sendmsg+0x112/0x270 [ 61.814169] __x64_sys_sendmsg+0x78/0xb0 [ 61.818229] do_syscall_64+0x1a3/0x800 [ 61.822100] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.827279] [ 61.828893] Freed by task 0: [ 61.831895] save_stack+0x45/0xd0 [ 61.835360] __kasan_slab_free+0x102/0x150 [ 61.839579] kasan_slab_free+0xe/0x10 [ 61.843365] kfree+0xcf/0x230 [ 61.846470] xfrm_policy_destroy_rcu+0x48/0x60 [ 61.851036] rcu_process_callbacks+0xc4a/0x1680 [ 61.855693] __do_softirq+0x30b/0xb11 [ 61.859466] [ 61.861080] The buggy address belongs to the object at ffff88808eed3b40 [ 61.861080] which belongs to the cache kmalloc-1k of size 1024 [ 61.873718] The buggy address is located 16 bytes inside of [ 61.873718] 1024-byte region [ffff88808eed3b40, ffff88808eed3f40) [ 61.885603] The buggy address belongs to the page: [ 61.890526] page:ffffea00023bb480 count:1 mapcount:0 mapping:ffff88812c3f0ac0 index:0x0 compound_mapcount: 0 [ 61.900488] flags: 0x1fffc0000010200(slab|head) [ 61.905144] raw: 01fffc0000010200 ffffea0001fbf588 ffffea00023eed08 ffff88812c3f0ac0 [ 61.913005] raw: 0000000000000000 ffff88808eed2040 0000000100000007 0000000000000000 [ 61.920861] page dumped because: kasan: bad access detected [ 61.926557] [ 61.928162] Memory state around the buggy address: [ 61.933079] ffff88808eed3a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.940419] ffff88808eed3a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 61.947770] >ffff88808eed3b00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 61.955118] ^ [ 61.961076] ffff88808eed3b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.968416] ffff88808eed3c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.975754] ================================================================== [ 61.983104] Disabling lock debugging due to kernel taint [ 61.988584] Kernel panic - not syncing: panic_on_warn set ... [ 61.994468] CPU: 0 PID: 8182 Comm: syz-executor940 Tainted: G B 4.20.0+ #11 [ 62.002858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.012199] Call Trace: [ 62.014770] dump_stack+0x1db/0x2d0 [ 62.018392] ? dump_stack_print_info.cold+0x20/0x20 [ 62.023403] panic+0x2cb/0x65c [ 62.026608] ? add_taint.cold+0x16/0x16 [ 62.030570] ? trace_hardirqs_on+0xb4/0x310 [ 62.034919] ? trace_hardirqs_on+0xb4/0x310 [ 62.039247] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 62.043897] end_report+0x47/0x4f [ 62.047340] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 62.051986] kasan_report.cold+0xe/0x40 [ 62.055939] ? __sanitizer_cov_trace_const_cmp2+0x11/0x20 [ 62.061465] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 62.066132] __asan_report_store8_noabort+0x17/0x20 [ 62.071180] __xfrm_policy_unlink+0x9ec/0xa00 [ 62.075700] ? xfrm_policy_walk_done+0x360/0x360 [ 62.080465] ? xfrm_policy_byid+0x4a0/0x4a0 [ 62.084777] ? refcount_inc_checked+0x2b/0x70 [ 62.089276] ? __xfrm_policy_link+0x220/0x2f0 [ 62.093768] ? xfrm_pol_inexact_addr_use_any_list+0x1f0/0x1f0 [ 62.099650] xfrm_policy_insert+0x223/0x910 [ 62.103954] ? xfrm_policy_inexact_insert+0xda0/0xda0 [ 62.109137] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 62.114330] pfkey_spdadd+0x111a/0x19a0 [ 62.118297] ? pfkey_spddelete+0x1090/0x1090 [ 62.122709] ? pfkey_spddelete+0x1090/0x1090 [ 62.127100] pfkey_process+0x6d2/0x810 [ 62.130972] ? pfkey_send_new_mapping+0x11f0/0x11f0 [ 62.135968] ? copyin+0xb5/0x100 [ 62.139331] pfkey_sendmsg+0x5bb/0xfc0 [ 62.143203] ? pfkey_spdget+0xa50/0xa50 [ 62.147163] ? selinux_socket_sendmsg+0x36/0x40 [ 62.151832] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 62.157360] ? security_socket_sendmsg+0x93/0xc0 [ 62.162098] ? pfkey_spdget+0xa50/0xa50 [ 62.166051] sock_sendmsg+0xdd/0x130 [ 62.169755] ___sys_sendmsg+0x7ec/0x910 [ 62.173715] ? copy_msghdr_from_user+0x570/0x570 [ 62.178451] ? __handle_mm_fault+0x955/0x55a0 [ 62.182943] ? add_lock_to_list.isra.0+0x450/0x450 [ 62.187853] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 62.192674] ? check_preemption_disabled+0x48/0x290 [ 62.197678] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 62.203245] ? __fget_light+0x2db/0x420 [ 62.207204] ? fget_raw+0x20/0x20 [ 62.210640] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 62.215912] ? rcu_read_unlock_special+0x380/0x380 [ 62.220834] ? __fdget+0x1b/0x20 [ 62.224183] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 62.229701] ? sockfd_lookup_light+0xc2/0x160 [ 62.234186] __sys_sendmsg+0x112/0x270 [ 62.238063] ? __ia32_sys_shutdown+0x80/0x80 [ 62.242458] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.247804] ? trace_hardirqs_off_caller+0x300/0x300 [ 62.252969] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 62.257718] __x64_sys_sendmsg+0x78/0xb0 [ 62.261781] do_syscall_64+0x1a3/0x800 [ 62.265654] ? syscall_return_slowpath+0x5f0/0x5f0 [ 62.270568] ? prepare_exit_to_usermode+0x232/0x3b0 [ 62.275571] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 62.280585] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.285759] RIP: 0033:0x442279 [ 62.288949] Code: e8 6c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.307847] RSP: 002b:00007ffe6faadd58 EFLAGS: 00000217 ORIG_RAX: 000000000000002e [ 62.315544] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442279 [ 62.322796] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 62.330081] RBP: 000000000000ef91 R08: 0000000100000000 R09: 0000000100000000 [ 62.337338] R10: 0000000100000000 R11: 0000000000000217 R12: 0000000000000000 [ 62.344720] R13: 00007ffe6faadd90 R14: 0000000000000000 R15: 0000000000000000 [ 62.352901] Kernel Offset: disabled [ 62.356522] Rebooting in 86400 seconds..