Warning: Permanently added '10.128.0.65' (ECDSA) to the list of known hosts. [ 53.147419] audit: type=1400 audit(1578321592.925:36): avc: denied { map } for pid=7911 comm="syz-executor946" path="/root/syz-executor946294855" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 53.169491] IPVS: ftp: loaded support on port[0] = 21 [ 53.202748] audit: type=1400 audit(1578321592.975:37): avc: denied { create } for pid=7912 comm="syz-executor946" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 53.228355] audit: type=1400 audit(1578321592.975:38): avc: denied { write } for pid=7912 comm="syz-executor946" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 53.253258] audit: type=1400 audit(1578321592.975:39): avc: denied { read } for pid=7912 comm="syz-executor946" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 53.302491] chnl_net:caif_netlink_parms(): no params data found [ 53.337218] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.343776] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.351085] device bridge_slave_0 entered promiscuous mode [ 53.358597] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.365143] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.372131] device bridge_slave_1 entered promiscuous mode [ 53.388348] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.397410] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.414224] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.421948] team0: Port device team_slave_0 added [ 53.427603] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.434769] team0: Port device team_slave_1 added [ 53.440344] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.447883] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 53.497389] device hsr_slave_0 entered promiscuous mode [ 53.565346] device hsr_slave_1 entered promiscuous mode [ 53.636233] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 53.643351] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 53.689044] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.695526] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.702330] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.708733] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.742529] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 53.750248] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.758712] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.768330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.777064] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.784131] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.791308] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 53.801491] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 53.808784] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.818049] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.827024] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.833360] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.842505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.850614] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.857001] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.872373] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.880138] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.890014] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.904482] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 53.915496] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 53.926244] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 53.932642] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.940565] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.948189] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.961519] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 53.968971] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 53.975829] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 53.988101] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.001231] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 54.011219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.051431] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 54.058861] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 54.065787] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 54.076074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.083690] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.091468] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready executing program [ 54.100647] device veth0_vlan entered promiscuous mode [ 54.110352] device veth1_vlan entered promiscuous mode [ 54.116863] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 54.125755] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 54.155331] protocol 88fb is buggy, dev hsr_slave_0 [ 54.160513] protocol 88fb is buggy, dev hsr_slave_1 [ 54.175574] ================================================================== [ 54.183085] BUG: KASAN: slab-out-of-bounds in macvlan_broadcast+0x57c/0x660 [ 54.190191] Read of size 4 at addr ffff8880831cac81 by task syz-executor946/7912 [ 54.197716] [ 54.199339] CPU: 0 PID: 7912 Comm: syz-executor946 Not tainted 4.19.93-syzkaller #0 [ 54.207192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.216563] Call Trace: [ 54.219165] dump_stack+0x197/0x210 [ 54.222908] ? macvlan_broadcast+0x57c/0x660 [ 54.227314] print_address_description.cold+0x7c/0x20d [ 54.232873] ? macvlan_broadcast+0x57c/0x660 [ 54.237288] kasan_report.cold+0x8c/0x2ba [ 54.241428] __asan_report_load_n_noabort+0xf/0x20 [ 54.246355] macvlan_broadcast+0x57c/0x660 [ 54.251029] macvlan_start_xmit+0x408/0x785 [ 54.255350] dev_direct_xmit+0x34d/0x650 [ 54.259513] ? validate_xmit_skb_list+0x130/0x130 [ 54.264347] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.270654] ? skb_copy_datagram_from_iter+0x441/0x660 [ 54.275920] packet_direct_xmit+0xf9/0x170 [ 54.280141] packet_sendmsg+0x3bb2/0x6440 [ 54.284562] ? packet_notifier+0x840/0x840 [ 54.288794] ? release_sock+0x156/0x1c0 [ 54.292758] ? selinux_socket_sendmsg+0x36/0x40 [ 54.297410] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.302930] ? security_socket_sendmsg+0x8d/0xc0 [ 54.307678] ? packet_notifier+0x840/0x840 [ 54.311896] sock_sendmsg+0xd7/0x130 [ 54.315604] __sys_sendto+0x262/0x380 [ 54.319387] ? __ia32_sys_getpeername+0xb0/0xb0 [ 54.324128] ? __ia32_sys_socketpair+0xf0/0xf0 [ 54.328814] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.334352] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 54.339197] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 54.343951] ? do_syscall_64+0x26/0x620 [ 54.348081] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.353434] __x64_sys_sendto+0xe1/0x1a0 [ 54.357492] do_syscall_64+0xfd/0x620 [ 54.361281] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.366458] RIP: 0033:0x442bd9 [ 54.369640] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.388541] RSP: 002b:00007ffcf4a88fa8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 54.396257] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442bd9 [ 54.403515] RDX: 000000000000000e RSI: 0000000020000080 RDI: 0000000000000003 [ 54.410777] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 [ 54.418029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 54.425292] R13: 0000000000404150 R14: 0000000000000000 R15: 0000000000000000 [ 54.432563] [ 54.434175] Allocated by task 7075: [ 54.437788] save_stack+0x45/0xd0 [ 54.441833] kasan_kmalloc+0xce/0xf0 [ 54.445528] kasan_slab_alloc+0xf/0x20 [ 54.449394] kmem_cache_alloc+0x12e/0x700 [ 54.453531] getname_flags+0xd6/0x5b0 [ 54.457320] user_path_at_empty+0x2f/0x50 [ 54.461449] path_getxattr+0xa0/0x170 [ 54.465230] __x64_sys_lgetxattr+0x9a/0xf0 [ 54.469520] do_syscall_64+0xfd/0x620 [ 54.473323] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.478499] [ 54.480110] Freed by task 7075: [ 54.483419] save_stack+0x45/0xd0 [ 54.486943] __kasan_slab_free+0x102/0x150 [ 54.491203] kasan_slab_free+0xe/0x10 [ 54.495043] kmem_cache_free+0x86/0x260 [ 54.499005] putname+0xef/0x130 [ 54.502265] filename_lookup+0x28f/0x410 [ 54.506308] user_path_at_empty+0x43/0x50 [ 54.510437] path_getxattr+0xa0/0x170 [ 54.514223] __x64_sys_lgetxattr+0x9a/0xf0 [ 54.518441] do_syscall_64+0xfd/0x620 [ 54.522274] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.527441] [ 54.529062] The buggy address belongs to the object at ffff8880831cad00 [ 54.529062] which belongs to the cache names_cache of size 4096 [ 54.542655] The buggy address is located 127 bytes to the left of [ 54.542655] 4096-byte region [ffff8880831cad00, ffff8880831cbd00) [ 54.555033] The buggy address belongs to the page: [ 54.559991] page:ffffea00020c7280 count:1 mapcount:0 mapping:ffff88821bc47980 index:0x0 compound_mapcount: 0 [ 54.569951] flags: 0xfffe0000008100(slab|head) [ 54.574781] raw: 00fffe0000008100 ffffea00020c7208 ffffea0002534508 ffff88821bc47980 [ 54.582659] raw: 0000000000000000 ffff8880831cad00 0000000100000001 0000000000000000 [ 54.590519] page dumped because: kasan: bad access detected [ 54.596218] [ 54.597824] Memory state around the buggy address: [ 54.602737] ffff8880831cab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.610166] ffff8880831cac00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.617703] >ffff8880831cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.625065] ^ [ 54.628424] ffff8880831cad00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.635783] ffff8880831cad80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.643181] ================================================================== [ 54.650530] Disabling lock debugging due to kernel taint [ 54.656291] Kernel panic - not syncing: panic_on_warn set ... [ 54.656291] [ 54.663667] CPU: 0 PID: 7912 Comm: syz-executor946 Tainted: G B 4.19.93-syzkaller #0 [ 54.672839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.682177] Call Trace: [ 54.684752] dump_stack+0x197/0x210 [ 54.688366] ? macvlan_broadcast+0x57c/0x660 [ 54.692759] panic+0x26a/0x50e [ 54.696044] ? __warn_printk+0xf3/0xf3 [ 54.699912] ? retint_kernel+0x2d/0x2d [ 54.703781] ? trace_hardirqs_on+0x5e/0x220 [ 54.708348] ? macvlan_broadcast+0x57c/0x660 [ 54.712738] kasan_end_report+0x47/0x4f [ 54.716694] kasan_report.cold+0xa9/0x2ba [ 54.720826] __asan_report_load_n_noabort+0xf/0x20 [ 54.725737] macvlan_broadcast+0x57c/0x660 [ 54.729967] macvlan_start_xmit+0x408/0x785 [ 54.734274] dev_direct_xmit+0x34d/0x650 [ 54.738319] ? validate_xmit_skb_list+0x130/0x130 [ 54.743144] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.748674] ? skb_copy_datagram_from_iter+0x441/0x660 [ 54.753935] packet_direct_xmit+0xf9/0x170 [ 54.758151] packet_sendmsg+0x3bb2/0x6440 [ 54.762290] ? packet_notifier+0x840/0x840 [ 54.766533] ? release_sock+0x156/0x1c0 [ 54.770494] ? selinux_socket_sendmsg+0x36/0x40 [ 54.775145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.780667] ? security_socket_sendmsg+0x8d/0xc0 [ 54.785492] ? packet_notifier+0x840/0x840 [ 54.789707] sock_sendmsg+0xd7/0x130 [ 54.793413] __sys_sendto+0x262/0x380 [ 54.797196] ? __ia32_sys_getpeername+0xb0/0xb0 [ 54.801860] ? __ia32_sys_socketpair+0xf0/0xf0 [ 54.806670] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 54.812595] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 54.817452] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 54.822218] ? do_syscall_64+0x26/0x620 [ 54.826638] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.832037] __x64_sys_sendto+0xe1/0x1a0 [ 54.836091] do_syscall_64+0xfd/0x620 [ 54.839893] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.845153] RIP: 0033:0x442bd9 [ 54.848333] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.869190] RSP: 002b:00007ffcf4a88fa8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 54.876882] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000442bd9 [ 54.884134] RDX: 000000000000000e RSI: 0000000020000080 RDI: 0000000000000003 [ 54.891386] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 [ 54.898639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 54.905891] R13: 0000000000404150 R14: 0000000000000000 R15: 0000000000000000 [ 54.914412] Kernel Offset: disabled [ 54.918039] Rebooting in 86400 seconds..