[ 68.448835][ T24] audit: type=1400 audit(1563814869.009:35): avc: denied { map } for pid=9676 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.1' (ECDSA) to the list of known hosts. 2019/07/22 17:01:15 fuzzer started syzkaller login: [ 75.017909][ T24] audit: type=1400 audit(1563814875.579:36): avc: denied { map } for pid=9685 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/07/22 17:01:18 dialing manager at 10.128.0.26:44741 2019/07/22 17:01:19 syscalls: 2490 2019/07/22 17:01:19 code coverage: enabled 2019/07/22 17:01:19 comparison tracing: enabled 2019/07/22 17:01:19 extra coverage: extra coverage is not supported by the kernel 2019/07/22 17:01:19 setuid sandbox: enabled 2019/07/22 17:01:19 namespace sandbox: enabled 2019/07/22 17:01:19 Android sandbox: /sys/fs/selinux/policy does not exist 2019/07/22 17:01:19 fault injection: enabled 2019/07/22 17:01:19 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/07/22 17:01:19 net packet injection: enabled 2019/07/22 17:01:19 net device setup: enabled 17:03:52 executing program 0: [ 232.414181][ T24] audit: type=1400 audit(1563815032.979:37): avc: denied { map } for pid=9700 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=16278 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 232.547712][ T9701] IPVS: ftp: loaded support on port[0] = 21 17:03:53 executing program 1: [ 232.689768][ T9701] chnl_net:caif_netlink_parms(): no params data found [ 232.741340][ T9704] IPVS: ftp: loaded support on port[0] = 21 [ 232.804779][ T9701] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.811886][ T9701] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.820294][ T9701] device bridge_slave_0 entered promiscuous mode [ 232.832514][ T9701] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.839682][ T9701] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.847879][ T9701] device bridge_slave_1 entered promiscuous mode [ 232.875476][ T9701] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 232.887712][ T9701] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 232.915003][ T9701] team0: Port device team_slave_0 added 17:03:53 executing program 2: [ 232.924928][ T9701] team0: Port device team_slave_1 added [ 233.006192][ T9701] device hsr_slave_0 entered promiscuous mode [ 233.053547][ T9701] device hsr_slave_1 entered promiscuous mode 17:03:53 executing program 3: [ 233.124040][ T9706] IPVS: ftp: loaded support on port[0] = 21 [ 233.205499][ T9701] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.212701][ T9701] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.220454][ T9701] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.227570][ T9701] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.244281][ T9704] chnl_net:caif_netlink_parms(): no params data found [ 233.361616][ T9710] IPVS: ftp: loaded support on port[0] = 21 [ 233.372396][ T9704] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.379644][ T9704] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.387681][ T9704] device bridge_slave_0 entered promiscuous mode [ 233.410216][ T9706] chnl_net:caif_netlink_parms(): no params data found [ 233.431520][ T9701] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.454730][ T9704] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.461816][ T9704] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.469942][ T9704] device bridge_slave_1 entered promiscuous mode [ 233.509457][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 233.521863][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.532489][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.541828][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 233.565850][ T9701] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.598560][ T9704] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.608290][ T9706] bridge0: port 1(bridge_slave_0) entered blocking state 17:03:54 executing program 4: [ 233.616116][ T9706] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.624215][ T9706] device bridge_slave_0 entered promiscuous mode [ 233.638905][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 233.647944][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.655247][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.676718][ T9706] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.683843][ T9706] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.691912][ T9706] device bridge_slave_1 entered promiscuous mode [ 233.703479][ T9704] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 233.765613][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 233.774477][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 233.782910][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.790046][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.797729][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 233.806546][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 233.815301][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 233.824115][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 233.851920][ T9704] team0: Port device team_slave_0 added [ 233.870626][ T9710] chnl_net:caif_netlink_parms(): no params data found [ 233.881783][ T9706] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.900652][ T9704] team0: Port device team_slave_1 added [ 233.907698][ T9701] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 233.918328][ T9701] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 233.931427][ T9706] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 233.975433][ T9711] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 233.994908][ T9711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 234.009695][ T9711] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 234.018324][ T9711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 234.026819][ T9711] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 234.035937][ T9711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 234.044544][ T9711] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 17:03:54 executing program 5: [ 234.091374][ T9717] IPVS: ftp: loaded support on port[0] = 21 [ 234.147190][ T9704] device hsr_slave_0 entered promiscuous mode [ 234.213767][ T9704] device hsr_slave_1 entered promiscuous mode [ 234.253679][ T9704] debugfs: Directory 'hsr0' with parent '/' already present! [ 234.263431][ T9710] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.270582][ T9710] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.278629][ T9710] device bridge_slave_0 entered promiscuous mode [ 234.288043][ T9711] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 234.296266][ T9710] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.303441][ T9710] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.311462][ T9710] device bridge_slave_1 entered promiscuous mode [ 234.377217][ T9706] team0: Port device team_slave_0 added [ 234.385272][ T9710] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 234.401096][ T9706] team0: Port device team_slave_1 added [ 234.409206][ T9710] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 234.454448][ T9719] IPVS: ftp: loaded support on port[0] = 21 [ 234.475067][ T9706] device hsr_slave_0 entered promiscuous mode [ 234.543508][ T9706] device hsr_slave_1 entered promiscuous mode [ 234.583133][ T9706] debugfs: Directory 'hsr0' with parent '/' already present! [ 234.600814][ T9701] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 234.615931][ T9710] team0: Port device team_slave_0 added [ 234.623744][ T9710] team0: Port device team_slave_1 added [ 234.765541][ T9710] device hsr_slave_0 entered promiscuous mode [ 234.783512][ T9710] device hsr_slave_1 entered promiscuous mode [ 234.823153][ T9710] debugfs: Directory 'hsr0' with parent '/' already present! [ 234.880780][ T9717] chnl_net:caif_netlink_parms(): no params data found [ 234.912102][ T9704] 8021q: adding VLAN 0 to HW filter on device bond0 [ 234.945289][ T9701] invalid opcode: 0000 [#1] SMP KASAN [ 234.945357][ T9717] kobject: 'tx-0' (0000000035ca7b8e): kobject_add_internal: parent: 'queues', set: 'queues' [ 234.950700][ T9701] CPU: 1 PID: 9701 Comm: syz-executor.0 Not tainted 5.2.0+ #64 [ 234.960951][ T9717] kobject: 'tx-0' (0000000035ca7b8e): kobject_uevent_env [ 234.968262][ T9701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 234.968285][ T9701] RIP: 0010:cgroup_mkdir+0xc86/0x1140 [ 234.968305][ T9701] Code: 89 f9 48 c1 e9 03 0f b6 14 11 84 d2 74 09 80 fa 01 0f 8e cd 03 00 00 66 41 89 86 18 02 00 00 e8 c0 36 06 00 4c 89 f7 4d 89 f7 <4d> dd f5 e8 a2 69 ff ff e9 ff fa ff ff e8 a8 36 06 00 4c 89 f7 e8 [ 234.975369][ T9717] kobject: 'tx-0' (0000000035ca7b8e): fill_kobj_path: path = '/devices/virtual/net/veth0/queues/tx-0' [ 234.985361][ T9701] RSP: 0018:ffff88808a8dfd30 EFLAGS: 00010293 [ 234.985372][ T9701] RAX: ffff8880a96cc540 RBX: ffffffff88dc9db0 RCX: 0000000000000006 [ 234.985379][ T9701] RDX: 0000000000000000 RSI: ffffffff816b1fc0 RDI: ffff88805d4a2500 [ 234.985386][ T9701] RBP: ffff88808a8dfda8 R08: 1ffffffff14a6d40 R09: fffffbfff14a6d41 [ 234.985403][ T9701] R10: fffffbfff14a6d40 R11: ffffffff8a536a07 R12: ffffffff88dc9e08 [ 234.991536][ T9717] kobject: 'batman_adv' (00000000fd0773b3): kobject_add_internal: parent: 'veth0', set: '' [ 235.010355][ T9701] R13: ffff88805d4a2548 R14: ffff88805d4a2500 R15: ffff88805d4a2500 [ 235.010366][ T9701] FS: 0000555556554940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 235.010373][ T9701] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 235.010379][ T9701] CR2: 00007ffdd1b62e80 CR3: 0000000093fe3000 CR4: 00000000001406e0 [ 235.010389][ T9701] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 235.010395][ T9701] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 235.010411][ T9701] Call Trace: [ 235.021890][ T9717] kobject: 'veth1' (0000000045009e06): kobject_add_internal: parent: 'net', set: 'devices' [ 235.027417][ T9701] ? cgroup_destroy_locked+0x6f0/0x6f0 [ 235.027443][ T9701] kernfs_iop_mkdir+0x14d/0x1d0 [ 235.036138][ T9717] kobject: 'veth1' (0000000045009e06): kobject_uevent_env [ 235.043378][ T9701] vfs_mkdir+0x42e/0x670 [ 235.043399][ T9701] do_mkdirat+0x234/0x2a0 [ 235.051393][ T9717] kobject: 'veth1' (0000000045009e06): fill_kobj_path: path = '/devices/virtual/net/veth1' [ 235.059336][ T9701] ? __ia32_sys_mknod+0xb0/0xb0 [ 235.059351][ T9701] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 235.059375][ T9701] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 235.069978][ T9717] kobject: 'queues' (000000000049d659): kobject_add_internal: parent: 'veth1', set: '' [ 235.077812][ T9701] ? do_syscall_64+0x26/0x6a0 [ 235.077829][ T9701] ? lockdep_hardirqs_on+0x418/0x5d0 [ 235.077850][ T9701] __x64_sys_mkdir+0x5c/0x80 [ 235.086817][ T9717] kobject: 'queues' (000000000049d659): kobject_uevent_env [ 235.093338][ T9701] do_syscall_64+0xfd/0x6a0 [ 235.093361][ T9701] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 235.102754][ T9717] kobject: 'queues' (000000000049d659): kobject_uevent_env: filter function caused the event to drop! [ 235.110711][ T9701] RIP: 0033:0x458c37 [ 235.110725][ T9701] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 235.110731][ T9701] RSP: 002b:00007fff2e73ae78 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 235.118769][ T9717] kobject: 'rx-0' (00000000aaefd8e8): kobject_add_internal: parent: 'queues', set: 'queues' [ 235.121982][ T9701] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458c37 [ 235.132049][ T9717] kobject: 'rx-0' (00000000aaefd8e8): kobject_uevent_env [ 235.137398][ T9701] RDX: 00007fff2e73aed7 RSI: 00000000000001ff RDI: 00007fff2e73aec0 [ 235.137405][ T9701] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000017 [ 235.137412][ T9701] R10: 0000000000000075 R11: 0000000000000206 R12: 000000000075ca28 [ 235.137428][ T9701] R13: 00007fff2e73b2e8 R14: 0000000000000000 R15: 00007fff2e73aec0 [ 235.142298][ T9717] kobject: 'rx-0' (00000000aaefd8e8): fill_kobj_path: path = '/devices/virtual/net/veth1/queues/rx-0' [ 235.149358][ T9701] Modules linked in: [ 235.150170][ T9701] ---[ end trace 14370be14633a2c7 ]--- [ 235.154049][ T9717] kobject: 'tx-0' (000000001a6e4572): kobject_add_internal: parent: 'queues', set: 'queues' [ 235.157959][ T9701] RIP: 0010:cgroup_mkdir+0xc86/0x1140 [ 235.168103][ T9717] kobject: 'tx-0' (000000001a6e4572): kobject_uevent_env [ 235.172866][ T9701] Code: 89 f9 48 c1 e9 03 0f b6 14 11 84 d2 74 09 80 fa 01 0f 8e cd 03 00 00 66 41 89 86 18 02 00 00 e8 c0 36 06 00 4c 89 f7 4d 89 f7 <4d> dd f5 e8 a2 69 ff ff e9 ff fa ff ff e8 a8 36 06 00 4c 89 f7 e8 [ 235.178491][ T9717] kobject: 'tx-0' (000000001a6e4572): fill_kobj_path: path = '/devices/virtual/net/veth1/queues/tx-0' [ 235.184383][ T9701] RSP: 0018:ffff88808a8dfd30 EFLAGS: 00010293 [ 235.184396][ T9701] RAX: ffff8880a96cc540 RBX: ffffffff88dc9db0 RCX: 0000000000000006 [ 235.184404][ T9701] RDX: 0000000000000000 RSI: ffffffff816b1fc0 RDI: ffff88805d4a2500 [ 235.184413][ T9701] RBP: ffff88808a8dfda8 R08: 1ffffffff14a6d40 R09: fffffbfff14a6d41 [ 235.184421][ T9701] R10: fffffbfff14a6d40 R11: ffffffff8a536a07 R12: ffffffff88dc9e08 [ 235.184429][ T9701] R13: ffff88805d4a2548 R14: ffff88805d4a2500 R15: ffff88805d4a2500 [ 235.184440][ T9701] FS: 0000555556554940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 235.184448][ T9701] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 235.184456][ T9701] CR2: 00007ffdd1b62e80 CR3: 0000000093fe3000 CR4: 00000000001406e0 [ 235.184467][ T9701] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 235.184474][ T9701] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 235.184481][ T9701] Kernel panic - not syncing: Fatal exception [ 235.185513][ T9701] Kernel Offset: disabled [ 235.495885][ T9701] Rebooting in 86400 seconds..