Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 30.676803] kauditd_printk_skb: 9 callbacks suppressed [ 30.676814] audit: type=1800 audit(1538166408.181:33): pid=5331 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 30.713255] audit: type=1800 audit(1538166408.181:34): pid=5331 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 34.794508] audit: type=1400 audit(1538166412.301:35): avc: denied { map } for pid=5507 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.16' (ECDSA) to the list of known hosts. [ 41.484872] audit: type=1400 audit(1538166418.991:36): avc: denied { map } for pid=5521 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/09/28 20:26:59 parsed 1 programs [ 42.052224] audit: type=1400 audit(1538166419.561:37): avc: denied { map } for pid=5521 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1050 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2018/09/28 20:27:01 executed programs: 0 [ 44.527129] IPVS: ftp: loaded support on port[0] = 21 [ 44.535354] IPVS: ftp: loaded support on port[0] = 21 [ 44.553169] IPVS: ftp: loaded support on port[0] = 21 [ 44.553863] IPVS: ftp: loaded support on port[0] = 21 [ 44.568775] IPVS: ftp: loaded support on port[0] = 21 [ 44.591292] IPVS: ftp: loaded support on port[0] = 21 [ 45.904534] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.915217] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.931026] device bridge_slave_0 entered promiscuous mode [ 46.001860] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.008246] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.024063] device bridge_slave_1 entered promiscuous mode [ 46.069603] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.079303] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.086854] device bridge_slave_0 entered promiscuous mode [ 46.121116] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.128152] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.146549] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.160533] device bridge_slave_0 entered promiscuous mode [ 46.169933] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.176298] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.184476] device bridge_slave_0 entered promiscuous mode [ 46.196542] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.205101] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.213469] device bridge_slave_0 entered promiscuous mode [ 46.223686] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.231640] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.238564] device bridge_slave_1 entered promiscuous mode [ 46.246355] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.259124] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.265495] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.281003] device bridge_slave_1 entered promiscuous mode [ 46.290125] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.296597] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.304919] device bridge_slave_1 entered promiscuous mode [ 46.313115] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.320104] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.328219] device bridge_slave_0 entered promiscuous mode [ 46.354243] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.364969] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.372904] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.384551] device bridge_slave_1 entered promiscuous mode [ 46.394388] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.403872] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.417455] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.440531] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.446927] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.468140] device bridge_slave_1 entered promiscuous mode [ 46.479674] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.488698] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.513472] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.530638] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.555969] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.563872] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.637716] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.656758] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.718992] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.741490] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.761831] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.769940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.791455] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.831720] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.854091] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.868036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.883204] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.897453] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.913170] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.928178] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.986652] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.013046] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.169156] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.180245] team0: Port device team_slave_0 added [ 47.265039] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.273944] team0: Port device team_slave_0 added [ 47.314538] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.329851] team0: Port device team_slave_1 added [ 47.338697] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.363886] team0: Port device team_slave_0 added [ 47.372585] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.380403] team0: Port device team_slave_0 added [ 47.390376] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.397741] team0: Port device team_slave_1 added [ 47.410189] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.441952] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.452770] team0: Port device team_slave_0 added [ 47.458271] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.467284] team0: Port device team_slave_0 added [ 47.476219] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.485037] team0: Port device team_slave_1 added [ 47.502156] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.517863] team0: Port device team_slave_1 added [ 47.526296] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.544447] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.553858] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.562392] team0: Port device team_slave_1 added [ 47.570886] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.582594] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.595260] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.610166] team0: Port device team_slave_1 added [ 47.615480] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.625132] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.639800] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.647696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 47.656452] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.664230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 47.672344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.682807] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.694242] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.708198] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.721496] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.728603] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.738153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.749415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.760054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 47.774392] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.782112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 47.790048] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.797476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 47.805432] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.812935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 47.820957] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.829317] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.840399] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.850138] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.857937] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.873366] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.885071] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.894068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.919693] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.927763] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.935905] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 47.943793] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.951233] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 47.958845] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.966550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 47.974410] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.988814] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.999882] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.007892] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.036355] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.056109] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.067550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.076130] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.084313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.092400] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.100415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.108078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.116015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.129129] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.140785] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.160091] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.181627] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.193300] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.208249] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.217568] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.236183] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.247346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.273895] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.296978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.308884] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.788996] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.795548] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.802550] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.808926] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.828618] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.930648] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.937067] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.943806] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.950213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.966985] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.994282] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.000731] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.007417] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.013849] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.031745] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.047405] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.053819] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.060572] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.066961] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.091367] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.161377] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.167784] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.174547] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.180953] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.196043] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.205042] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.211459] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.218593] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.225047] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.233259] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.612224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.625339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.640788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.650066] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.657228] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.664738] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.929418] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.937963] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.049521] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.144303] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.165097] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.187168] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.238517] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.248323] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.314970] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.415021] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.440781] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.471082] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.477231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.486217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.525949] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.549225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.556334] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.585541] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.598246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.611850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.632266] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.752555] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.765595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.780032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.791758] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.805626] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.815606] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.834914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.857945] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.923603] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.929984] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.937079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.949587] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.079218] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.113607] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.134564] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.563453] audit: type=1400 audit(1538166432.071:38): avc: denied { name_bind } for pid=7055 comm="syz-executor3" src=20000 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 2018/09/28 20:27:12 executed programs: 6 [ 54.620984] audit: type=1400 audit(1538166432.071:39): avc: denied { node_bind } for pid=7055 comm="syz-executor3" src=20000 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 [ 54.749318] audit: type=1400 audit(1538166432.101:40): avc: denied { name_connect } for pid=7055 comm="syz-executor3" dest=20000 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 [ 54.778808] hrtimer: interrupt took 31333 ns 2018/09/28 20:27:17 executed programs: 172 [ 64.529575] ================================================================== [ 64.537137] BUG: KASAN: use-after-free in ccid_hc_tx_delete+0xe0/0x100 [ 64.543810] Read of size 8 at addr ffff8801b9e610c0 by task ksoftirqd/1/18 [ 64.543816] [ 64.543829] CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.0-rc5+ #37 [ 64.543837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.543842] Call Trace: [ 64.543859] dump_stack+0x1c4/0x2b4 [ 64.543877] ? dump_stack_print_info.cold.2+0x52/0x52 [ 64.543891] ? printk+0xa7/0xcf [ 64.543904] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 64.543930] print_address_description.cold.8+0x9/0x1ff [ 64.543946] kasan_report.cold.9+0x242/0x309 [ 64.543970] ? ccid_hc_tx_delete+0xe0/0x100 [ 64.602386] __asan_report_load8_noabort+0x14/0x20 [ 64.607334] ccid_hc_tx_delete+0xe0/0x100 [ 64.607351] ? dccp_init_sock+0x4a0/0x4a0 [ 64.607363] dccp_sk_destruct+0x3c/0x80 [ 64.607384] __sk_destruct+0x115/0xbd0 [ 64.615683] ? find_held_lock+0x36/0x1c0 [ 64.615701] ? sock_no_getname+0x10/0x10 [ 64.615720] ? debug_object_deactivate+0x2eb/0x450 [ 64.636635] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 64.641766] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 64.646888] ? lockdep_hardirqs_on+0x19e/0x5c0 [ 64.651490] ? trace_hardirqs_on+0xbd/0x310 [ 64.655828] ? kasan_check_read+0x11/0x20 [ 64.659992] ? debug_object_deactivate+0x2eb/0x450 [ 64.664947] ? lock_acquire+0x1ed/0x520 [ 64.668941] ? rcu_process_callbacks+0x1012/0x2670 [ 64.673898] ? lock_release+0x970/0x970 [ 64.677885] ? debug_stats_show+0x100/0x100 [ 64.682220] ? file_free_rcu+0x91/0xd0 [ 64.686130] ? kmem_cache_free+0x24f/0x290 [ 64.690381] ? sock_no_getname+0x10/0x10 [ 64.694473] rcu_process_callbacks+0xf23/0x2670 [ 64.699172] ? __rcu_read_unlock+0x2f0/0x2f0 [ 64.703606] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 64.709156] ? check_preemption_disabled+0x48/0x200 [ 64.714183] ? graph_lock+0x170/0x170 [ 64.718004] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 64.723558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 64.729130] ? finish_task_switch+0x1f5/0x900 [ 64.733649] ? _raw_spin_unlock_irq+0x27/0x80 [ 64.738173] ? _raw_spin_unlock_irq+0x27/0x80 [ 64.742697] ? lockdep_hardirqs_on+0x421/0x5c0 [ 64.747295] ? trace_hardirqs_on+0xbd/0x310 [ 64.751631] ? kasan_check_read+0x11/0x20 [ 64.755805] ? finish_task_switch+0x1f5/0x900 [ 64.760316] ? compat_start_thread+0x80/0x80 [ 64.764745] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 64.770300] ? kasan_check_write+0x14/0x20 [ 64.774561] ? finish_task_switch+0x2f5/0x900 [ 64.779068] ? __switch_to_asm+0x40/0x70 [ 64.783151] ? preempt_notifier_register+0x200/0x200 [ 64.788268] ? __switch_to_asm+0x34/0x70 [ 64.792340] ? __switch_to_asm+0x34/0x70 [ 64.796411] ? __switch_to_asm+0x40/0x70 [ 64.800513] ? __switch_to_asm+0x34/0x70 [ 64.804590] ? __switch_to_asm+0x40/0x70 [ 64.808683] ? __switch_to_asm+0x34/0x70 [ 64.812781] ? __switch_to_asm+0x40/0x70 [ 64.816852] ? __switch_to_asm+0x34/0x70 [ 64.820933] ? pvclock_read_flags+0x160/0x160 [ 64.825452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 2018/09/28 20:27:22 executed programs: 341 [ 64.831006] ? check_preemption_disabled+0x48/0x200 [ 64.836039] ? check_preemption_disabled+0x48/0x200 [ 64.841084] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 64.846631] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 64.851924] ? rcu_pm_notify+0xc0/0xc0 [ 64.851954] __do_softirq+0x30b/0xad8 [ 64.851979] ? __irqentry_text_end+0x1f9618/0x1f9618 [ 64.851993] ? trace_hardirqs_off+0x310/0x310 [ 64.852013] ? schedule+0x108/0x460 [ 64.872929] ? trace_hardirqs_off+0xb8/0x310 [ 64.877355] ? ___might_sleep+0x1ed/0x300 [ 64.881514] ? smpboot_thread_fn+0x68b/0xa00 [ 64.885935] ? trace_hardirqs_on+0x310/0x310 [ 64.890364] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 64.895908] ? check_preemption_disabled+0x48/0x200 [ 64.895924] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 64.895943] ? takeover_tasklets+0xa90/0xa90 [ 64.895961] run_ksoftirqd+0x94/0x100 [ 64.895982] smpboot_thread_fn+0x68b/0xa00 [ 64.906533] ? sort_range+0x30/0x30 [ 64.906553] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 64.906569] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 64.906586] ? __kthread_parkme+0xfb/0x1a0 [ 64.906606] kthread+0x35a/0x420 [ 64.906623] ? sort_range+0x30/0x30 [ 64.944501] ? kthread_bind+0x40/0x40 [ 64.948324] ret_from_fork+0x3a/0x50 [ 64.952059] [ 64.953702] Allocated by task 8487: [ 64.957344] save_stack+0x43/0xd0 [ 64.960808] kasan_kmalloc+0xc7/0xe0 [ 64.964555] kasan_slab_alloc+0x12/0x20 [ 64.968549] kmem_cache_alloc+0x12e/0x730 [ 64.972713] ccid_new+0x25b/0x3e0 [ 64.976184] dccp_hdlr_ccid+0x27/0x150 [ 64.980091] __dccp_feat_activate+0x188/0x280 [ 64.984607] dccp_feat_activate_values+0x3c1/0x80a [ 64.989551] dccp_rcv_state_process+0x11d4/0x1a32 [ 64.994434] dccp_v6_do_rcv+0x271/0xbf0 [ 64.998561] __release_sock+0x12f/0x3a0 [ 64.998578] release_sock+0xad/0x2c0 [ 65.006274] __inet_stream_connect+0x641/0x1150 [ 65.010955] inet_stream_connect+0x58/0xa0 [ 65.015208] __sys_connect+0x37d/0x4c0 [ 65.019117] __x64_sys_connect+0x73/0xb0 [ 65.023197] do_syscall_64+0x1b9/0x820 [ 65.027100] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 65.032290] [ 65.033926] Freed by task 8499: [ 65.037217] save_stack+0x43/0xd0 [ 65.040688] __kasan_slab_free+0x102/0x150 [ 65.044954] kasan_slab_free+0xe/0x10 [ 65.048772] kmem_cache_free+0x83/0x290 [ 65.052762] ccid_hc_tx_delete+0xc3/0x100 [ 65.056917] dccp_hdlr_ccid+0x7d/0x150 [ 65.060816] __dccp_feat_activate+0x188/0x280 [ 65.065331] dccp_feat_activate_values+0x3c1/0x80a [ 65.070275] dccp_create_openreq_child+0x47a/0x630 [ 65.075214] dccp_v6_request_recv_sock+0x278/0x2020 [ 65.080239] dccp_check_req+0x47d/0x6d0 [ 65.084223] dccp_v6_rcv+0x874/0x1ce9 [ 65.088050] ip6_input_finish+0x3fc/0x1aa0 [ 65.092294] ip6_input+0xe9/0x600 [ 65.095765] ip6_rcv_finish+0x17a/0x330 [ 65.095783] ipv6_rcv+0x11e/0x650 [ 65.103205] __netif_receive_skb_one_core+0x14d/0x200 [ 65.108408] __netif_receive_skb+0x2c/0x1e0 [ 65.112773] process_backlog+0x217/0x760 [ 65.116848] net_rx_action+0x7c5/0x1950 [ 65.120839] __do_softirq+0x30b/0xad8 [ 65.124642] [ 65.126290] The buggy address belongs to the object at ffff8801b9e610c0 [ 65.126290] which belongs to the cache ccid2_hc_tx_sock of size 1240 [ 65.139478] The buggy address is located 0 bytes inside of [ 65.139478] 1240-byte region [ffff8801b9e610c0, ffff8801b9e61598) [ 65.151278] The buggy address belongs to the page: [ 65.156218] page:ffffea0006e79800 count:1 mapcount:0 mapping:ffff8801cafcd4c0 index:0x0 compound_mapcount: 0 [ 65.166199] flags: 0x2fffc0000008100(slab|head) [ 65.170881] raw: 02fffc0000008100 ffff8801cae8c248 ffffea00071ff808 ffff8801cafcd4c0 [ 65.178773] raw: 0000000000000000 ffff8801b9e60040 0000000100000005 0000000000000000 [ 65.186672] page dumped because: kasan: bad access detected [ 65.192383] [ 65.194456] Memory state around the buggy address: [ 65.199389] ffff8801b9e60f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.199399] ffff8801b9e61000: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.199409] >ffff8801b9e61080: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 65.199415] ^ [ 65.199433] ffff8801b9e61100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.199443] ffff8801b9e61180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.199448] ================================================================== [ 65.199453] Disabling lock debugging due to kernel taint [ 65.199524] Kernel panic - not syncing: panic_on_warn set ... [ 65.199524] [ 65.206882] kobject: 'loop5' (000000000da6360f): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 65.214459] CPU: 1 PID: 18 Comm: ksoftirqd/1 Tainted: G B 4.19.0-rc5+ #37 [ 65.214467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.214471] Call Trace: [ 65.214489] dump_stack+0x1c4/0x2b4 [ 65.214508] ? dump_stack_print_info.cold.2+0x52/0x52 [ 65.300568] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 65.305350] panic+0x238/0x4e7 [ 65.308546] ? add_taint.cold.5+0x16/0x16 [ 65.312708] ? trace_hardirqs_on+0xb4/0x310 [ 65.317044] kasan_end_report+0x47/0x4f [ 65.321025] kasan_report.cold.9+0x76/0x309 [ 65.325356] ? ccid_hc_tx_delete+0xe0/0x100 [ 65.329695] __asan_report_load8_noabort+0x14/0x20 [ 65.334633] ccid_hc_tx_delete+0xe0/0x100 [ 65.338809] ? dccp_init_sock+0x4a0/0x4a0 [ 65.342966] dccp_sk_destruct+0x3c/0x80 [ 65.346955] __sk_destruct+0x115/0xbd0 [ 65.350855] ? find_held_lock+0x36/0x1c0 [ 65.354919] ? sock_no_getname+0x10/0x10 [ 65.355159] kobject: 'loop0' (00000000e811a4fb): kobject_uevent_env [ 65.358991] ? debug_object_deactivate+0x2eb/0x450 [ 65.370361] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 65.375473] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 65.380597] ? lockdep_hardirqs_on+0x19e/0x5c0 [ 65.385212] ? trace_hardirqs_on+0xbd/0x310 [ 65.389540] ? kasan_check_read+0x11/0x20 [ 65.393702] ? debug_object_deactivate+0x2eb/0x450 [ 65.394135] kobject: 'loop0' (00000000e811a4fb): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 65.398642] ? lock_acquire+0x1ed/0x520 [ 65.398658] ? rcu_process_callbacks+0x1012/0x2670 [ 65.398689] ? lock_release+0x970/0x970 [ 65.420997] ? debug_stats_show+0x100/0x100 [ 65.425329] ? file_free_rcu+0x91/0xd0 [ 65.429237] ? kmem_cache_free+0x24f/0x290 [ 65.433490] ? sock_no_getname+0x10/0x10 [ 65.437560] rcu_process_callbacks+0xf23/0x2670 [ 65.442245] ? __rcu_read_unlock+0x2f0/0x2f0 [ 65.446680] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 65.452223] ? check_preemption_disabled+0x48/0x200 [ 65.457245] ? graph_lock+0x170/0x170 [ 65.461054] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 65.466600] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 65.472158] ? finish_task_switch+0x1f5/0x900 [ 65.476671] ? _raw_spin_unlock_irq+0x27/0x80 [ 65.481174] ? _raw_spin_unlock_irq+0x27/0x80 [ 65.485687] ? lockdep_hardirqs_on+0x421/0x5c0 [ 65.490281] ? trace_hardirqs_on+0xbd/0x310 [ 65.494611] ? kasan_check_read+0x11/0x20 [ 65.498769] ? finish_task_switch+0x1f5/0x900 [ 65.501714] kobject: 'loop1' (00000000d82d68cd): kobject_uevent_env [ 65.503271] ? compat_start_thread+0x80/0x80 [ 65.503287] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 65.503304] ? kasan_check_write+0x14/0x20 [ 65.509841] kobject: 'loop1' (00000000d82d68cd): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 65.514103] ? finish_task_switch+0x2f5/0x900 [ 65.514117] ? __switch_to_asm+0x40/0x70 [ 65.514137] ? preempt_notifier_register+0x200/0x200 [ 65.520213] kobject: 'loop3' (000000004576dc6a): kobject_uevent_env [ 65.523926] ? __switch_to_asm+0x34/0x70 [ 65.523941] ? __switch_to_asm+0x34/0x70 [ 65.523954] ? __switch_to_asm+0x40/0x70 [ 65.523966] ? __switch_to_asm+0x34/0x70 [ 65.523984] ? __switch_to_asm+0x40/0x70 [ 65.538000] kobject: 'loop3' (000000004576dc6a): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 65.541969] ? __switch_to_asm+0x34/0x70 [ 65.541982] ? __switch_to_asm+0x40/0x70 [ 65.542006] ? __switch_to_asm+0x34/0x70 [ 65.542035] ? pvclock_read_flags+0x160/0x160 [ 65.542055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 65.547635] kobject: 'loop1' (00000000d82d68cd): kobject_uevent_env [ 65.553552] ? check_preemption_disabled+0x48/0x200 [ 65.553565] ? check_preemption_disabled+0x48/0x200 [ 65.553583] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 65.553597] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 65.553615] ? rcu_pm_notify+0xc0/0xc0 [ 65.557783] kobject: 'loop1' (00000000d82d68cd): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 65.561732] __do_softirq+0x30b/0xad8 [ 65.561751] ? __irqentry_text_end+0x1f9618/0x1f9618 [ 65.561764] ? trace_hardirqs_off+0x310/0x310 [ 65.561780] ? schedule+0x108/0x460 [ 65.605271] kobject: 'loop4' (0000000072c0e5a6): kobject_uevent_env [ 65.605534] ? trace_hardirqs_off+0xb8/0x310 [ 65.673725] ? ___might_sleep+0x1ed/0x300 [ 65.677871] ? smpboot_thread_fn+0x68b/0xa00 [ 65.682279] ? trace_hardirqs_on+0x310/0x310 [ 65.686689] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 65.692220] ? check_preemption_disabled+0x48/0x200 [ 65.697232] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 65.702762] ? takeover_tasklets+0xa90/0xa90 [ 65.707193] run_ksoftirqd+0x94/0x100 [ 65.710992] smpboot_thread_fn+0x68b/0xa00 [ 65.715225] ? sort_range+0x30/0x30 [ 65.718848] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 65.723945] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 65.729482] ? __kthread_parkme+0xfb/0x1a0 [ 65.733719] kthread+0x35a/0x420 [ 65.737079] ? sort_range+0x30/0x30 [ 65.740700] ? kthread_bind+0x40/0x40 [ 65.744497] ret_from_fork+0x3a/0x50 [ 65.749061] Kernel Offset: disabled [ 65.752683] Rebooting in 86400 seconds..