Warning: Permanently added '10.128.0.55' (ECDSA) to the list of known hosts. 2020/07/25 04:20:26 parsed 1 programs 2020/07/25 04:20:27 executed programs: 0 [ 35.263979] audit: type=1400 audit(1595650827.027:8): avc: denied { execmem } for pid=6369 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 35.539020] IPVS: ftp: loaded support on port[0] = 21 [ 36.414094] chnl_net:caif_netlink_parms(): no params data found [ 36.520544] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.527339] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.534357] device bridge_slave_0 entered promiscuous mode [ 36.542255] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.548757] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.555643] device bridge_slave_1 entered promiscuous mode [ 36.572510] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 36.581364] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 36.599469] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 36.606601] team0: Port device team_slave_0 added [ 36.612523] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 36.620152] team0: Port device team_slave_1 added [ 36.635668] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.642000] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.667321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.678919] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.685144] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.710486] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.721136] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 36.728708] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 36.789159] device hsr_slave_0 entered promiscuous mode [ 36.827100] device hsr_slave_1 entered promiscuous mode [ 36.867423] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 36.875027] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 36.936114] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.942558] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.949702] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.956043] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.986299] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 36.993769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.003012] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 37.012145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.030925] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.038430] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.048285] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 37.054368] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.063874] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.071752] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.078170] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.088037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.095669] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.102167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.117655] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 37.125317] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 37.133322] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 37.145820] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 37.155774] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 37.167351] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 37.173811] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 37.182962] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 37.190621] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 37.203455] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 37.211162] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 37.218936] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 37.230917] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.281429] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 37.291641] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 37.321254] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 37.329026] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 37.335444] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 37.344788] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 37.352556] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 37.360197] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 37.369109] device veth0_vlan entered promiscuous mode [ 37.378550] device veth1_vlan entered promiscuous mode [ 37.384321] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 37.393323] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 37.404164] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 37.412147] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 37.419353] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 37.426730] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 37.436691] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 37.443608] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 37.451957] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 37.461256] device veth0_macvtap entered promiscuous mode [ 37.468063] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 37.475830] device veth1_macvtap entered promiscuous mode [ 37.482379] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 37.491493] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 37.500530] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 37.509815] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 37.517059] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.523730] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 37.531418] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 37.539441] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 37.547528] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 37.557806] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 37.564667] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.571537] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 37.579365] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2020/07/25 04:20:32 executed programs: 41 [ 40.336121] ================================================================== [ 40.336164] BUG: KASAN: global-out-of-bounds in bit_putcs+0xab7/0xc30 [ 40.336171] Read of size 1 at addr ffffffff86e6a2ce by task syz-executor.0/6818 [ 40.336173] [ 40.336182] CPU: 1 PID: 6818 Comm: syz-executor.0 Not tainted 4.14.189-syzkaller #0 [ 40.336186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.336189] Call Trace: [ 40.336200] dump_stack+0x1b2/0x283 [ 40.336216] print_address_description.cold+0x5/0x1d3 [ 40.336226] kasan_report_error.cold+0x8a/0x194 [ 40.336233] ? bit_putcs+0xab7/0xc30 [ 40.336241] __asan_report_load1_noabort+0x68/0x70 [ 40.336249] ? bit_putcs+0xab7/0xc30 [ 40.336257] bit_putcs+0xab7/0xc30 [ 40.336277] ? bit_cursor+0x1620/0x1620 [ 40.336288] ? fbcon_clear_margins+0x1bb/0x300 [ 40.336296] ? fb_get_color_depth+0x100/0x200 [ 40.336308] ? bit_cursor+0x1620/0x1620 [ 40.336313] fbcon_putcs+0x2fe/0x480 [ 40.336328] do_update_region+0x34b/0x5b0 [ 40.336341] ? con_get_trans_old+0x200/0x200 [ 40.336349] ? fbcon_set_palette+0x466/0x580 [ 40.336356] ? var_to_display+0x7f0/0x7f0 [ 40.336367] redraw_screen+0x56e/0x790 [ 40.336378] ? con_shutdown+0x90/0x90 [ 40.336390] fbcon_do_set_font+0x6c3/0x9a0 [ 40.336401] ? fbcon_do_set_font+0x9a0/0x9a0 [ 40.336408] fbcon_copy_font+0x125/0x190 [ 40.336416] con_font_op+0x58b/0xf60 [ 40.336425] ? __might_fault+0x104/0x1b0 [ 40.336435] ? con_write+0xa0/0xa0 [ 40.336444] ? lock_downgrade+0x740/0x740 [ 40.336456] ? __might_fault+0x177/0x1b0 [ 40.336467] vt_ioctl+0x127b/0x1ea0 [ 40.336475] ? security_path_mknod+0xf0/0x160 [ 40.336483] ? vt_waitactive+0x2f0/0x2f0 [ 40.336494] ? avc_ss_reset+0x100/0x100 [ 40.336508] ? tty_jobctrl_ioctl+0x3f/0xe60 [ 40.336515] ? vt_waitactive+0x2f0/0x2f0 [ 40.336525] tty_ioctl+0x50f/0x13c0 [ 40.336534] ? tty_fasync+0x2c0/0x2c0 [ 40.336541] ? trace_hardirqs_on+0x10/0x10 [ 40.336550] ? trace_hardirqs_on+0x10/0x10 [ 40.336559] ? trace_hardirqs_on+0x10/0x10 [ 40.336569] ? futex_exit_release+0x220/0x220 [ 40.336577] ? trace_hardirqs_on+0x10/0x10 [ 40.336591] ? tty_fasync+0x2c0/0x2c0 [ 40.336612] do_vfs_ioctl+0x75a/0xff0 [ 40.336622] ? selinux_inode_setxattr+0x730/0x730 [ 40.336630] ? ioctl_preallocate+0x1a0/0x1a0 [ 40.336637] ? lock_downgrade+0x740/0x740 [ 40.336651] ? __fget+0x225/0x360 [ 40.336662] ? security_file_ioctl+0x83/0xb0 [ 40.336672] SyS_ioctl+0x7f/0xb0 [ 40.336680] ? do_vfs_ioctl+0xff0/0xff0 [ 40.336691] do_syscall_64+0x1d5/0x640 [ 40.336704] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 40.336710] RIP: 0033:0x45c369 [ 40.336714] RSP: 002b:00007f01d52bec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 40.336722] RAX: ffffffffffffffda RBX: 000000000000f540 RCX: 000000000045c369 [ 40.336727] RDX: 0000000020000480 RSI: 0000000000004b72 RDI: 0000000000000008 [ 40.336731] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 40.336736] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 40.336740] R13: 00007ffe6057569f R14: 00007f01d52bf9c0 R15: 000000000078bf0c [ 40.336754] [ 40.336756] The buggy address belongs to the variable: [ 40.336765] oid_index+0x4ce/0x9a0 [ 40.336767] [ 40.336770] Memory state around the buggy address: [ 40.336777] ffffffff86e6a180: fa fa fa fa 00 07 fa fa fa fa fa fa 00 07 fa fa [ 40.336782] ffffffff86e6a200: fa fa fa fa 06 fa fa fa fa fa fa fa 00 00 00 04 [ 40.336788] >ffffffff86e6a280: fa fa fa fa 00 00 fa fa fa fa fa fa 00 00 01 fa [ 40.336792] ^ [ 40.336798] ffffffff86e6a300: fa fa fa fa 00 00 00 00 fa fa fa fa 00 00 00 fa [ 40.336803] ffffffff86e6a380: fa fa fa fa 00 00 00 00 fa fa fa fa 04 fa fa fa [ 40.336806] ================================================================== [ 40.336809] Disabling lock debugging due to kernel taint [ 40.336856] Kernel panic - not syncing: panic_on_warn set ... [ 40.336856] [ 40.336863] CPU: 1 PID: 6818 Comm: syz-executor.0 Tainted: G B 4.14.189-syzkaller #0 [ 40.336867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.336869] Call Trace: [ 40.336877] dump_stack+0x1b2/0x283 [ 40.336886] panic+0x1f9/0x42d [ 40.336892] ? add_taint.cold+0x16/0x16 [ 40.336899] ? ___preempt_schedule+0x16/0x18 [ 40.336909] kasan_end_report+0x43/0x49 [ 40.336916] kasan_report_error.cold+0xa7/0x194 [ 40.336922] ? bit_putcs+0xab7/0xc30 [ 40.336928] __asan_report_load1_noabort+0x68/0x70 [ 40.336935] ? bit_putcs+0xab7/0xc30 [ 40.336940] bit_putcs+0xab7/0xc30 [ 40.336954] ? bit_cursor+0x1620/0x1620 [ 40.336962] ? fbcon_clear_margins+0x1bb/0x300 [ 40.336968] ? fb_get_color_depth+0x100/0x200 [ 40.336975] ? bit_cursor+0x1620/0x1620 [ 40.336980] fbcon_putcs+0x2fe/0x480 [ 40.336989] do_update_region+0x34b/0x5b0 [ 40.336998] ? con_get_trans_old+0x200/0x200 [ 40.337005] ? fbcon_set_palette+0x466/0x580 [ 40.337011] ? var_to_display+0x7f0/0x7f0 [ 40.337019] redraw_screen+0x56e/0x790 [ 40.337026] ? con_shutdown+0x90/0x90 [ 40.337034] fbcon_do_set_font+0x6c3/0x9a0 [ 40.337042] ? fbcon_do_set_font+0x9a0/0x9a0 [ 40.337048] fbcon_copy_font+0x125/0x190 [ 40.337054] con_font_op+0x58b/0xf60 [ 40.337060] ? __might_fault+0x104/0x1b0 [ 40.337067] ? con_write+0xa0/0xa0 [ 40.337073] ? lock_downgrade+0x740/0x740 [ 40.337082] ? __might_fault+0x177/0x1b0 [ 40.337090] vt_ioctl+0x127b/0x1ea0 [ 40.337096] ? security_path_mknod+0xf0/0x160 [ 40.337102] ? vt_waitactive+0x2f0/0x2f0 [ 40.337109] ? avc_ss_reset+0x100/0x100 [ 40.337118] ? tty_jobctrl_ioctl+0x3f/0xe60 [ 40.337123] ? vt_waitactive+0x2f0/0x2f0 [ 40.337131] tty_ioctl+0x50f/0x13c0 [ 40.337138] ? tty_fasync+0x2c0/0x2c0 [ 40.337145] ? trace_hardirqs_on+0x10/0x10 [ 40.337151] ? trace_hardirqs_on+0x10/0x10 [ 40.337158] ? trace_hardirqs_on+0x10/0x10 [ 40.337166] ? futex_exit_release+0x220/0x220 [ 40.337172] ? trace_hardirqs_on+0x10/0x10 [ 40.337182] ? tty_fasync+0x2c0/0x2c0 [ 40.337189] do_vfs_ioctl+0x75a/0xff0 [ 40.337195] ? selinux_inode_setxattr+0x730/0x730 [ 40.337202] ? ioctl_preallocate+0x1a0/0x1a0 [ 40.337207] ? lock_downgrade+0x740/0x740 [ 40.337216] ? __fget+0x225/0x360 [ 40.337224] ? security_file_ioctl+0x83/0xb0 [ 40.337231] SyS_ioctl+0x7f/0xb0 [ 40.337237] ? do_vfs_ioctl+0xff0/0xff0 [ 40.337244] do_syscall_64+0x1d5/0x640 [ 40.337254] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 40.337259] RIP: 0033:0x45c369 [ 40.337262] RSP: 002b:00007f01d52bec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 40.337269] RAX: ffffffffffffffda RBX: 000000000000f540 RCX: 000000000045c369 [ 40.337273] RDX: 0000000020000480 RSI: 0000000000004b72 RDI: 0000000000000008 [ 40.337277] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 40.337281] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 40.337285] R13: 00007ffe6057569f R14: 00007f01d52bf9c0 R15: 000000000078bf0c [ 40.338364] Kernel Offset: disabled [ 41.000423] Rebooting in 86400 seconds..