[ 43.844190] audit: type=1800 audit(1556641175.592:29): pid=7783 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 43.865820] audit: type=1800 audit(1556641175.592:30): pid=7783 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.94' (ECDSA) to the list of known hosts. syzkaller login: [ 53.082721] kauditd_printk_skb: 5 callbacks suppressed [ 53.082738] audit: type=1400 audit(1556641184.822:36): avc: denied { map } for pid=7968 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/04/30 16:19:45 parsed 1 programs [ 53.929176] audit: type=1400 audit(1556641185.672:37): avc: denied { map } for pid=7968 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14920 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/04/30 16:19:48 executed programs: 0 [ 57.059009] IPVS: ftp: loaded support on port[0] = 21 [ 57.076312] IPVS: ftp: loaded support on port[0] = 21 [ 57.079128] IPVS: ftp: loaded support on port[0] = 21 [ 57.084836] IPVS: ftp: loaded support on port[0] = 21 [ 57.107935] IPVS: ftp: loaded support on port[0] = 21 [ 57.115111] IPVS: ftp: loaded support on port[0] = 21 [ 57.394555] chnl_net:caif_netlink_parms(): no params data found [ 57.516324] chnl_net:caif_netlink_parms(): no params data found [ 57.530695] chnl_net:caif_netlink_parms(): no params data found [ 57.562086] chnl_net:caif_netlink_parms(): no params data found [ 57.635296] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.641701] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.649524] device bridge_slave_0 entered promiscuous mode [ 57.659748] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.666261] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.673520] device bridge_slave_1 entered promiscuous mode [ 57.724958] chnl_net:caif_netlink_parms(): no params data found [ 57.743236] chnl_net:caif_netlink_parms(): no params data found [ 57.766420] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.804028] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.811754] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.818563] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.826279] device bridge_slave_0 entered promiscuous mode [ 57.837511] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.844332] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.851343] device bridge_slave_1 entered promiscuous mode [ 57.857830] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.864383] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.871498] device bridge_slave_0 entered promiscuous mode [ 57.882919] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.889384] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.896965] device bridge_slave_0 entered promiscuous mode [ 57.909711] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.916267] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.926586] device bridge_slave_1 entered promiscuous mode [ 57.950512] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.958354] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.966019] device bridge_slave_1 entered promiscuous mode [ 58.007008] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 58.016561] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.035775] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 58.044892] team0: Port device team_slave_0 added [ 58.064832] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 58.079001] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 58.094317] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 58.103542] team0: Port device team_slave_1 added [ 58.108651] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.116400] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.123928] device bridge_slave_0 entered promiscuous mode [ 58.140874] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.157357] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.171593] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 58.179520] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 58.187487] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.194201] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.201227] device bridge_slave_1 entered promiscuous mode [ 58.207616] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.214373] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.221453] device bridge_slave_0 entered promiscuous mode [ 58.234696] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 58.242245] team0: Port device team_slave_0 added [ 58.267427] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.273994] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.281006] device bridge_slave_1 entered promiscuous mode [ 58.294375] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 58.301828] team0: Port device team_slave_1 added [ 58.356718] device hsr_slave_0 entered promiscuous mode [ 58.393838] device hsr_slave_1 entered promiscuous mode [ 58.433780] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 58.441415] team0: Port device team_slave_0 added [ 58.464741] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 58.472237] team0: Port device team_slave_0 added [ 58.480034] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 58.487587] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 58.495271] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 58.502261] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 58.509661] team0: Port device team_slave_1 added [ 58.517242] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 58.533753] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.541805] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 58.549215] team0: Port device team_slave_1 added [ 58.554863] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 58.569480] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 58.578227] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 58.591235] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 58.666504] device hsr_slave_0 entered promiscuous mode [ 58.706510] device hsr_slave_1 entered promiscuous mode [ 58.753652] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 58.761146] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 58.769337] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 58.788334] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 58.796319] team0: Port device team_slave_0 added [ 58.801671] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 58.816142] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 58.845359] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 58.852818] team0: Port device team_slave_1 added [ 58.915959] device hsr_slave_0 entered promiscuous mode [ 58.953563] device hsr_slave_1 entered promiscuous mode [ 58.998948] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.006189] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 59.017053] team0: Port device team_slave_0 added [ 59.022398] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 59.030571] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 59.086303] device hsr_slave_0 entered promiscuous mode [ 59.123526] device hsr_slave_1 entered promiscuous mode [ 59.163712] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 59.170756] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 59.178210] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 59.185267] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 59.192772] team0: Port device team_slave_1 added [ 59.200547] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 59.214736] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 59.232441] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 59.253249] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.276541] device hsr_slave_0 entered promiscuous mode [ 59.313578] device hsr_slave_1 entered promiscuous mode [ 59.369602] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 59.378322] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.401378] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.446576] device hsr_slave_0 entered promiscuous mode [ 59.483680] device hsr_slave_1 entered promiscuous mode [ 59.523876] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 59.530917] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 59.549172] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 59.589144] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.597864] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 59.677792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.690958] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.720186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.730068] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.750764] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.760963] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.770815] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.779134] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.791297] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.800589] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.807773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.815774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.822697] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.829891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.840414] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 59.847697] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.856791] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 59.862900] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.873447] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.882169] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.893655] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.902498] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 59.912548] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 59.924339] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 59.938739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.945971] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.952898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.960896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.968906] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.975458] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.982698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.991020] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.998729] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.005129] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.012004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.019160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.029277] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 60.036135] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.044461] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.054400] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 60.066426] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 60.072539] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.080442] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 60.089597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.097477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.105878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.112806] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.119913] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.128607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.137070] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.143507] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.150529] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.158580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.166324] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.172685] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.182419] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 60.194207] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 60.200323] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.210402] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 60.223460] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.231553] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.240111] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.246572] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.253725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.261557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.269423] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.275842] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.285591] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.292110] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.299710] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.311722] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 60.321040] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 60.332111] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 60.342226] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 60.349995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.358084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.366353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 60.375493] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 60.388163] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 60.396519] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 60.408470] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 60.416708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 60.424942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.432584] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.439021] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.447272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.456280] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.464290] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.470666] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.477854] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.485952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.493712] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.500075] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.507090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.515645] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.523859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 60.531164] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.539739] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 60.550179] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 60.558640] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 60.569342] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 60.578658] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 60.586447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 60.595615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.604019] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.611633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 60.620451] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.628301] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.634706] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.641589] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.650076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.657230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.664398] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.672852] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 60.684494] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 60.692900] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 60.703393] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 60.709500] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.717863] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 60.728574] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 60.737990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.746172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 60.754539] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 60.762287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.770856] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.778736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 60.786477] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.795872] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 60.805519] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 60.820255] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 60.831177] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 60.841565] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 60.848899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 60.858067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.866510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.874340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 60.882114] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.889966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.897835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.905759] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.913838] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.921573] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.928933] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.939819] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 60.952700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 60.961670] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.971378] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 60.982879] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 60.992078] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 61.005812] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 61.016052] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 61.022982] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.032901] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.040961] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.047394] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.054761] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.069751] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.080717] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.087155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.094465] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 61.102427] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.110237] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.127521] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 61.135642] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.144982] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 61.151858] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.159349] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 61.166724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.174844] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.185582] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 61.196071] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 61.211557] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 61.220711] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 61.231874] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 61.242890] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 61.249848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.261662] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.269716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 61.278067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.286186] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.295066] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 61.301916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.309260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.317038] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.327260] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 61.336834] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 61.346412] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 61.356280] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 61.367716] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 61.374453] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.381980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 61.392559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 61.401320] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.409136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.416774] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.426885] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 61.438242] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 61.447103] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 61.453678] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.471226] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 61.482903] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 61.490390] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 61.499468] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.507496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.515744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.523708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.531278] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.539336] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 61.549531] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 61.568560] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 61.577713] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 61.595194] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 61.604790] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 61.612675] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.621171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.628950] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.637225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.645245] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.658920] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.674795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.682184] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 61.689632] audit: type=1400 audit(1556641193.432:38): avc: denied { associate } for pid=7995 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 61.703232] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.732797] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 61.744935] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 61.773508] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.781273] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.808314] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 61.821484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.845828] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 61.862334] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.900484] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.909354] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 61.927406] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready 2019/04/30 16:19:53 executed programs: 7 [ 61.979721] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.015515] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.028881] hrtimer: interrupt took 32005 ns [ 62.297567] ================================================================== [ 62.305139] BUG: KASAN: use-after-free in __vb2_perform_fileio+0x105d/0x1140 [ 62.312346] Read of size 4 at addr ffff888091dc9e1c by task syz-executor.2/8039 [ 62.319779] [ 62.321400] CPU: 1 PID: 8039 Comm: syz-executor.2 Not tainted 4.19.37 #5 [ 62.328225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.337585] Call Trace: [ 62.340172] dump_stack+0x172/0x1f0 [ 62.343794] ? __vb2_perform_fileio+0x105d/0x1140 [ 62.348630] print_address_description.cold+0x7c/0x20d [ 62.353906] ? __vb2_perform_fileio+0x105d/0x1140 [ 62.358743] kasan_report.cold+0x8c/0x2ba [ 62.362892] __asan_report_load4_noabort+0x14/0x20 [ 62.367822] __vb2_perform_fileio+0x105d/0x1140 [ 62.372509] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 62.377269] ? vb2_thread_start+0x370/0x370 [ 62.381588] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 62.386340] vb2_read+0x3b/0x50 [ 62.389613] vb2_fop_read+0x212/0x410 [ 62.393426] ? vb2_fop_write+0x410/0x410 [ 62.397502] v4l2_read+0x1ce/0x230 [ 62.401036] __vfs_read+0x116/0x800 [ 62.404669] ? v4l2_write+0x230/0x230 [ 62.408462] ? vfs_copy_file_range+0xba0/0xba0 [ 62.413044] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 62.418594] ? __inode_security_revalidate+0xda/0x120 [ 62.423784] ? avc_policy_seqno+0xd/0x70 [ 62.427839] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 62.432855] ? security_file_permission+0x1ce/0x230 [ 62.437865] ? security_file_permission+0x8f/0x230 [ 62.442793] ? rw_verify_area+0x118/0x360 [ 62.446964] vfs_read+0x194/0x3d0 [ 62.450447] ksys_read+0xea/0x1f0 [ 62.453920] ? kernel_write+0x120/0x120 [ 62.457914] ? do_syscall_64+0x26/0x610 [ 62.461927] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.467313] ? do_syscall_64+0x26/0x610 [ 62.471319] __x64_sys_read+0x73/0xb0 [ 62.475154] do_syscall_64+0x103/0x610 [ 62.479062] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.479081] RIP: 0033:0x458da9 [ 62.479096] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.479113] RSP: 002b:00007ff540e47c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 62.479133] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458da9 [ 62.479141] RDX: 0000000000000052 RSI: 0000000020000180 RDI: 0000000000000004 [ 62.479149] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 62.479157] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff540e486d4 [ 62.487693] R13: 00000000004c4ac8 R14: 00000000004da088 R15: 00000000ffffffff [ 62.487715] [ 62.487723] Allocated by task 8039: [ 62.487742] save_stack+0x45/0xd0 [ 62.487755] kasan_kmalloc+0xce/0xf0 [ 62.487768] kmem_cache_alloc_trace+0x152/0x760 [ 62.487787] __vb2_init_fileio+0x1cb/0xbe0 [ 62.572015] __vb2_perform_fileio+0xbff/0x1140 [ 62.576590] vb2_read+0x3b/0x50 [ 62.579859] vb2_fop_read+0x212/0x410 [ 62.583656] v4l2_read+0x1ce/0x230 [ 62.587197] __vfs_read+0x116/0x800 [ 62.590828] vfs_read+0x194/0x3d0 [ 62.594269] ksys_read+0xea/0x1f0 [ 62.597713] __x64_sys_read+0x73/0xb0 [ 62.601520] do_syscall_64+0x103/0x610 [ 62.605418] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.610598] [ 62.612209] Freed by task 8041: [ 62.615491] save_stack+0x45/0xd0 [ 62.618956] __kasan_slab_free+0x102/0x150 [ 62.623202] kasan_slab_free+0xe/0x10 [ 62.627001] kfree+0xcf/0x230 [ 62.630107] __vb2_cleanup_fileio+0x100/0x170 [ 62.634603] vb2_core_queue_release+0x20/0x80 [ 62.639122] _vb2_fop_release+0x1cf/0x2a0 [ 62.643274] vb2_fop_release+0x75/0xc0 [ 62.647165] vivid_fop_release+0x18e/0x430 [ 62.651388] v4l2_release+0xfb/0x1a0 [ 62.655097] __fput+0x2df/0x8b0 [ 62.658381] ____fput+0x16/0x20 [ 62.661674] task_work_run+0x14a/0x1c0 [ 62.665569] exit_to_usermode_loop+0x273/0x2c0 [ 62.670142] do_syscall_64+0x52d/0x610 [ 62.674026] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.679203] [ 62.680835] The buggy address belongs to the object at ffff888091dc9b00 [ 62.680835] which belongs to the cache kmalloc-1024 of size 1024 [ 62.693698] The buggy address is located 796 bytes inside of [ 62.693698] 1024-byte region [ffff888091dc9b00, ffff888091dc9f00) [ 62.705677] The buggy address belongs to the page: [ 62.710819] page:ffffea0002477200 count:1 mapcount:0 mapping:ffff88812c3f0ac0 index:0x0 compound_mapcount: 0 [ 62.720791] flags: 0x1fffc0000008100(slab|head) [ 62.725454] raw: 01fffc0000008100 ffffea0002831488 ffffea0001fe7488 ffff88812c3f0ac0 [ 62.733470] raw: 0000000000000000 ffff888091dc8000 0000000100000007 0000000000000000 [ 62.741360] page dumped because: kasan: bad access detected [ 62.747072] [ 62.748706] Memory state around the buggy address: [ 62.753627] ffff888091dc9d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.760986] ffff888091dc9d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.768344] >ffff888091dc9e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.775713] ^ [ 62.779893] ffff888091dc9e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.787273] ffff888091dc9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 62.794651] ================================================================== [ 62.802022] Disabling lock debugging due to kernel taint [ 62.822108] Kernel panic - not syncing: panic_on_warn set ... [ 62.822108] [ 62.829532] CPU: 1 PID: 8039 Comm: syz-executor.2 Tainted: G B 4.19.37 #5 [ 62.837747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.847108] Call Trace: [ 62