Warning: Permanently added '10.128.0.254' (ECDSA) to the list of known hosts. 2020/07/04 06:21:39 parsed 1 programs 2020/07/04 06:21:39 executed programs: 0 syzkaller login: [ 34.168372] audit: type=1400 audit(1593843699.342:8): avc: denied { execmem } for pid=6360 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 34.484013] IPVS: ftp: loaded support on port[0] = 21 [ 35.285258] chnl_net:caif_netlink_parms(): no params data found [ 35.404080] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.410680] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.418289] device bridge_slave_0 entered promiscuous mode [ 35.425890] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.432379] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.439380] device bridge_slave_1 entered promiscuous mode [ 35.456748] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 35.465550] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 35.483997] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 35.491173] team0: Port device team_slave_0 added [ 35.497091] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 35.504425] team0: Port device team_slave_1 added [ 35.519655] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.525979] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.551290] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.563300] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.569558] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.595291] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.605980] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 35.613618] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 35.664221] device hsr_slave_0 entered promiscuous mode [ 35.722219] device hsr_slave_1 entered promiscuous mode [ 35.762379] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 35.769732] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 35.834828] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.841261] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.848205] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.854614] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.883257] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 35.889329] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.898264] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 35.907719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 35.926249] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.933440] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.943366] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 35.949425] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.958808] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 35.966596] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.972995] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.982370] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 35.989920] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.996304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.010205] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 36.017986] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 36.027696] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 36.041210] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 36.051853] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 36.062971] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 36.069319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 36.077713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 36.085375] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 36.096534] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 36.104631] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 36.111311] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 36.122631] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.172958] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 36.183602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 36.216689] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 36.224565] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 36.231251] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 36.242863] device veth0_vlan entered promiscuous mode [ 36.252132] device veth1_vlan entered promiscuous mode [ 36.258052] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 36.264786] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 36.272297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 36.279616] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 36.287347] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 36.294937] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 36.309258] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 36.318231] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 36.325769] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 36.333889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 36.343297] device veth0_macvtap entered promiscuous mode [ 36.349344] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 36.358634] device veth1_macvtap entered promiscuous mode [ 36.365115] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 36.373744] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 36.384171] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 36.393551] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 36.400769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.407838] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 36.415273] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 36.422444] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 36.430084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 36.440504] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 36.448085] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.455098] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 36.463378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 37.775406] ================================================================== [ 37.775440] BUG: KASAN: global-out-of-bounds in vga16fb_imageblit+0x1bf9/0x2160 [ 37.775445] Read of size 2 at addr ffffffff86c8c15e by task syz-executor.0/6596 [ 37.775446] [ 37.775453] CPU: 1 PID: 6596 Comm: syz-executor.0 Not tainted 4.14.184-syzkaller #0 [ 37.775456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.775458] Call Trace: [ 37.775468] dump_stack+0x1b2/0x283 [ 37.775473] ? vga16fb_imageblit+0x1bf9/0x2160 [ 37.775480] print_address_description.cold+0x5/0x1dc [ 37.775485] ? vga16fb_imageblit+0x1bf9/0x2160 [ 37.775490] kasan_report.cold+0xa9/0x2b9 [ 37.775495] vga16fb_imageblit+0x1bf9/0x2160 [ 37.775503] ? parse_no_kvmclock_vsyscall+0x7/0x10 [ 37.775508] ? debug_check_no_obj_freed+0x2cf/0x5fd [ 37.775512] ? fb_pad_unaligned_buffer+0xf/0x2f0 [ 37.775520] soft_cursor+0x50d/0xa40 [ 37.775528] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 37.775534] bit_cursor+0x1072/0x1660 [ 37.775541] ? bit_update_start+0x1f0/0x1f0 [ 37.775547] ? fb_release+0x121/0x140 [ 37.775552] ? fb_get_color_depth+0x5a/0x70 [ 37.775557] ? get_color+0x1b8/0x3a0 [ 37.775562] fbcon_cursor+0x4b1/0x690 [ 37.775566] ? bit_update_start+0x1f0/0x1f0 [ 37.775571] ? add_softcursor+0x14/0x2d0 [ 37.775577] set_cursor+0x189/0x1e0 [ 37.775581] redraw_screen+0x56f/0x760 [ 37.775598] ? set_palette+0x130/0x130 [ 37.775605] vc_do_resize+0xbe0/0xde0 [ 37.775613] ? vc_init+0x430/0x430 [ 37.775623] fbcon_modechanged+0x361/0x800 [ 37.775632] fbcon_event_notify+0x11a/0x1750 [ 37.775637] ? lock_acquire+0x170/0x3f0 [ 37.775643] notifier_call_chain+0x107/0x1a0 [ 37.775649] blocking_notifier_call_chain+0x79/0x90 [ 37.775654] fb_set_var+0xaad/0xc70 [ 37.775659] ? fb_set_suspend+0x110/0x110 [ 37.775664] ? lock_acquire+0x170/0x3f0 [ 37.775667] ? lock_fb_info+0x1a/0x70 [ 37.775673] ? lock_fb_info+0x1a/0x70 [ 37.775679] ? __mutex_lock+0x2cb/0x1430 [ 37.775683] ? trace_hardirqs_on+0x10/0x10 [ 37.775686] ? lock_fb_info+0x1a/0x70 [ 37.775693] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 37.775702] ? do_fb_ioctl+0x36a/0x840 [ 37.775709] do_fb_ioctl+0x3cc/0x840 [ 37.775712] ? lock_downgrade+0x6e0/0x6e0 [ 37.775716] ? fb_write+0x550/0x550 [ 37.775723] ? avc_has_extended_perms+0x6e2/0xbe0 [ 37.775730] ? avc_ss_reset+0x100/0x100 [ 37.775733] ? __lock_acquire+0x655/0x42a0 [ 37.775740] ? __lock_acquire+0x655/0x42a0 [ 37.775746] ? trace_hardirqs_on+0x10/0x10 [ 37.775759] fb_ioctl+0xda/0x120 [ 37.775762] ? do_fb_ioctl+0x840/0x840 [ 37.775767] do_vfs_ioctl+0x75a/0xfe0 [ 37.775772] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 37.775777] ? ioctl_preallocate+0x1a0/0x1a0 [ 37.775787] ? security_file_ioctl+0x76/0xb0 [ 37.775791] ? security_file_ioctl+0x83/0xb0 [ 37.775796] SyS_ioctl+0x7f/0xb0 [ 37.775799] ? do_vfs_ioctl+0xfe0/0xfe0 [ 37.775806] do_syscall_64+0x1d5/0x640 [ 37.775813] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 37.775817] RIP: 0033:0x45cb29 [ 37.775820] RSP: 002b:00007f89c5e87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 37.775826] RAX: ffffffffffffffda RBX: 00000000004e55e0 RCX: 000000000045cb29 [ 37.775829] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 37.775831] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 37.775834] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 37.775836] R13: 00000000000002fd R14: 00000000004c58a5 R15: 00007f89c5e886d4 [ 37.775844] [ 37.775845] The buggy address belongs to the variable: [ 37.775850] transl_h+0x3e/0x40 [ 37.775851] [ 37.775853] Memory state around the buggy address: [ 37.775857] ffffffff86c8c000: 00 03 fa fa fa fa fa fa 00 00 00 00 fa fa fa fa [ 37.775860] ffffffff86c8c080: 00 00 00 00 00 fa fa fa fa fa fa fa 04 fa fa fa [ 37.775863] >ffffffff86c8c100: fa fa fa fa 00 00 00 00 fa fa fa fa 00 00 00 00 [ 37.775865] ^ [ 37.775868] ffffffff86c8c180: fa fa fa fa 00 01 fa fa fa fa fa fa 00 00 00 04 [ 37.775871] ffffffff86c8c200: fa fa fa fa 00 00 04 fa fa fa fa fa 00 00 00 00 [ 37.775873] ================================================================== [ 37.775874] Disabling lock debugging due to kernel taint [ 37.775877] Kernel panic - not syncing: panic_on_warn set ... [ 37.775877] [ 37.775881] CPU: 1 PID: 6596 Comm: syz-executor.0 Tainted: G B 4.14.184-syzkaller #0 [ 37.775883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.775884] Call Trace: [ 37.775889] dump_stack+0x1b2/0x283 [ 37.775895] panic+0x1f9/0x42d [ 37.775899] ? add_taint.cold+0x16/0x16 [ 37.775903] ? lock_downgrade+0x6e0/0x6e0 [ 37.775908] ? vga16fb_imageblit+0x1bf9/0x2160 [ 37.775912] kasan_end_report+0x43/0x49 [ 37.775916] kasan_report.cold+0x12f/0x2b9 [ 37.775921] vga16fb_imageblit+0x1bf9/0x2160 [ 37.775925] ? parse_no_kvmclock_vsyscall+0x7/0x10 [ 37.775929] ? debug_check_no_obj_freed+0x2cf/0x5fd [ 37.775933] ? fb_pad_unaligned_buffer+0xf/0x2f0 [ 37.775940] soft_cursor+0x50d/0xa40 [ 37.775945] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 37.775949] bit_cursor+0x1072/0x1660 [ 37.775955] ? bit_update_start+0x1f0/0x1f0 [ 37.775959] ? fb_release+0x121/0x140 [ 37.775963] ? fb_get_color_depth+0x5a/0x70 [ 37.775966] ? get_color+0x1b8/0x3a0 [ 37.775971] fbcon_cursor+0x4b1/0x690 [ 37.775974] ? bit_update_start+0x1f0/0x1f0 [ 37.775977] ? add_softcursor+0x14/0x2d0 [ 37.775981] set_cursor+0x189/0x1e0 [ 37.775985] redraw_screen+0x56f/0x760 [ 37.775989] ? set_palette+0x130/0x130 [ 37.775994] vc_do_resize+0xbe0/0xde0 [ 37.775999] ? vc_init+0x430/0x430 [ 37.776005] fbcon_modechanged+0x361/0x800 [ 37.776010] fbcon_event_notify+0x11a/0x1750 [ 37.776014] ? lock_acquire+0x170/0x3f0 [ 37.776017] notifier_call_chain+0x107/0x1a0 [ 37.776022] blocking_notifier_call_chain+0x79/0x90 [ 37.776026] fb_set_var+0xaad/0xc70 [ 37.776030] ? fb_set_suspend+0x110/0x110 [ 37.776034] ? lock_acquire+0x170/0x3f0 [ 37.776037] ? lock_fb_info+0x1a/0x70 [ 37.776041] ? lock_fb_info+0x1a/0x70 [ 37.776044] ? __mutex_lock+0x2cb/0x1430 [ 37.776047] ? trace_hardirqs_on+0x10/0x10 [ 37.776050] ? lock_fb_info+0x1a/0x70 [ 37.776055] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 37.776061] ? do_fb_ioctl+0x36a/0x840 [ 37.776066] do_fb_ioctl+0x3cc/0x840 [ 37.776069] ? lock_downgrade+0x6e0/0x6e0 [ 37.776072] ? fb_write+0x550/0x550 [ 37.776076] ? avc_has_extended_perms+0x6e2/0xbe0 [ 37.776081] ? avc_ss_reset+0x100/0x100 [ 37.776084] ? __lock_acquire+0x655/0x42a0 [ 37.776089] ? __lock_acquire+0x655/0x42a0 [ 37.776094] ? trace_hardirqs_on+0x10/0x10 [ 37.776101] fb_ioctl+0xda/0x120 [ 37.776104] ? do_fb_ioctl+0x840/0x840 [ 37.776108] do_vfs_ioctl+0x75a/0xfe0 [ 37.776112] ? selinux_parse_skb.constprop.0+0x16c0/0x16c0 [ 37.776116] ? ioctl_preallocate+0x1a0/0x1a0 [ 37.776122] ? security_file_ioctl+0x76/0xb0 [ 37.776126] ? security_file_ioctl+0x83/0xb0 [ 37.776129] SyS_ioctl+0x7f/0xb0 [ 37.776132] ? do_vfs_ioctl+0xfe0/0xfe0 [ 37.776136] do_syscall_64+0x1d5/0x640 [ 37.776142] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 37.776144] RIP: 0033:0x45cb29 [ 37.776146] RSP: 002b:00007f89c5e87c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 37.776150] RAX: ffffffffffffffda RBX: 00000000004e55e0 RCX: 000000000045cb29 [ 37.776153] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000003 [ 37.776155] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 37.776157] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 37.776159] R13: 00000000000002fd R14: 00000000004c58a5 R15: 00007f89c5e886d4 [ 37.777504] Kernel Offset: disabled [ 38.510341] Rebooting in 86400 seconds..