Warning: Permanently added '10.128.0.129' (ECDSA) to the list of known hosts. syzkaller login: [ 40.516276][ T24] kauditd_printk_skb: 3 callbacks suppressed [ 40.516283][ T24] audit: type=1400 audit(1562846551.698:36): avc: denied { map } for pid=7052 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/07/11 12:02:32 parsed 1 programs [ 41.622888][ T24] audit: type=1400 audit(1562846552.798:37): avc: denied { map } for pid=7052 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=45 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 41.625381][ T3785] kmemleak: Automatic memory scanning thread ended 2019/07/11 12:02:41 executed programs: 0 [ 50.395343][ T7067] IPVS: ftp: loaded support on port[0] = 21 [ 50.417987][ T7067] chnl_net:caif_netlink_parms(): no params data found [ 50.430443][ T7067] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.437990][ T7067] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.446328][ T7067] device bridge_slave_0 entered promiscuous mode [ 50.453872][ T7067] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.461249][ T7067] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.468946][ T7067] device bridge_slave_1 entered promiscuous mode [ 50.478879][ T7067] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.488361][ T7067] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.499676][ T7067] team0: Port device team_slave_0 added [ 50.506574][ T7067] team0: Port device team_slave_1 added [ 50.553893][ T7067] device hsr_slave_0 entered promiscuous mode [ 50.613322][ T7067] device hsr_slave_1 entered promiscuous mode [ 50.655320][ T7067] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.663142][ T7067] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.670569][ T7067] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.678027][ T7067] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.694825][ T7067] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.703569][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.721989][ T25] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.730954][ T25] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.738860][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 50.748099][ T7067] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.767430][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.777975][ T32] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.785935][ T32] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.800156][ T7067] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 50.811725][ T7067] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 50.824340][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.833700][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.841438][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.849533][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.858886][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.867796][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.876330][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.884687][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.892294][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.903100][ T7067] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.921562][ T24] audit: type=1400 audit(1562846562.098:38): avc: denied { associate } for pid=7067 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 52.023583][ T358] device bridge_slave_1 left promiscuous mode [ 52.030716][ T358] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.083427][ T358] device bridge_slave_0 left promiscuous mode [ 52.091316][ T358] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.264501][ T358] device hsr_slave_1 left promiscuous mode [ 52.313950][ T358] device hsr_slave_0 left promiscuous mode [ 52.374038][ T358] team0 (unregistering): Port device team_slave_1 removed [ 52.382781][ T358] team0 (unregistering): Port device team_slave_0 removed [ 52.391132][ T358] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 52.453881][ T358] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 52.517324][ T358] bond0 (unregistering): Released all slaves 2019/07/11 12:02:47 executed programs: 1 2019/07/11 12:02:47 result: hanged=false err=executor 0: failed to write control pipe: write |1: broken pipe umount(./0/file0) failed (errno 22) loop exited with status 0 [ 56.017834][ T7082] IPVS: ftp: loaded support on port[0] = 21 [ 56.038157][ T7082] chnl_net:caif_netlink_parms(): no params data found [ 56.050387][ T7082] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.058024][ T7082] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.065408][ T7082] device bridge_slave_0 entered promiscuous mode [ 56.072477][ T7082] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.079732][ T7082] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.087233][ T7082] device bridge_slave_1 entered promiscuous mode [ 56.097060][ T7082] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.105817][ T7082] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.116806][ T7082] team0: Port device team_slave_0 added [ 56.122860][ T7082] team0: Port device team_slave_1 added [ 56.143917][ T7082] device hsr_slave_0 entered promiscuous mode [ 56.173205][ T7082] device hsr_slave_1 entered promiscuous mode [ 56.225319][ T7082] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.232367][ T7082] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.239756][ T7082] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.246811][ T7082] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.261518][ T7082] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.269765][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.277540][ T3047] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.285943][ T3047] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.293496][ T3047] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 56.302095][ T7082] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.310502][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.319175][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.326445][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.339012][ T7082] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 56.349720][ T7082] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.360812][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.369177][ T32] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.376217][ T32] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.384841][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.399970][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.408170][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.416296][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.424444][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.431803][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.441943][ T7082] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.522750][ T7089] kmemleak: 6 new suspected memory leaks (see /sys/kernel/debug/kmemleak) [ 57.933589][ T358] device bridge_slave_1 left promiscuous mode [ 57.939839][ T358] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.013359][ T358] device bridge_slave_0 left promiscuous mode [ 58.019849][ T358] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.253732][ T358] device hsr_slave_1 left promiscuous mode [ 58.313834][ T358] device hsr_slave_0 left promiscuous mode [ 58.383992][ T358] team0 (unregistering): Port device team_slave_1 removed [ 58.391820][ T358] team0 (unregistering): Port device team_slave_0 removed [ 58.399595][ T358] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 58.453910][ T358] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 58.526988][ T358] bond0 (unregistering): Released all slaves [ 63.382445][ T7089] kmemleak: 6 new suspected memory leaks (see /sys/kernel/debug/kmemleak) BUG: memory leak unreferenced object 0xffff88811c6b0640 (size 64): comm "softirq", pid 0, jiffies 4294942314 (age 13.010s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 e0 7c b7 1e 81 88 ff ff .........|...... 00 00 00 00 00 00 00 00 50 a1 16 83 ff ff ff ff ........P....... backtrace: [<00000000db386b2f>] kmem_cache_alloc_trace+0x13d/0x280 [<00000000e523386b>] batadv_tvlv_handler_register+0xa3/0x170 [<00000000944f6da0>] batadv_tt_init+0x78/0x180 [<000000001cda316a>] batadv_mesh_init+0x196/0x230 [<00000000c8b30dff>] batadv_softif_init_late+0x1ca/0x220 [<000000009d9ba5ec>] register_netdevice+0xbf/0x600 [<000000008f8ee13b>] __rtnl_newlink+0xaca/0xb30 [<000000004c25e96f>] rtnl_newlink+0x4e/0x80 [<00000000f168e13a>] rtnetlink_rcv_msg+0x178/0x4b0 [<000000009a7e3298>] netlink_rcv_skb+0x61/0x170 [<0000000052d72095>] rtnetlink_rcv+0x1d/0x30 [<000000006ddc4002>] netlink_unicast+0x1ec/0x2d0 [<0000000066b8b127>] netlink_sendmsg+0x26a/0x480 [<00000000e09a3bfe>] sock_sendmsg+0x54/0x70 [<00000000d44ac127>] __sys_sendto+0x148/0x1f0 [<000000000621279e>] __x64_sys_sendto+0x2a/0x30 BUG: memory leak unreferenced object 0xffff888117411f80 (size 128): comm "syz-executor.0", pid 7067, jiffies 4294942323 (age 12.920s) hex dump (first 32 bytes): f0 08 3c 18 81 88 ff ff f0 08 3c 18 81 88 ff ff ..<.......<..... 52 24 bb 07 c8 06 92 36 7c 5e 5a 67 1c 1d 1e 1f R$.....6|^Zg.... backtrace: [<00000000db386b2f>] kmem_cache_alloc_trace+0x13d/0x280 [<000000000277b125>] hsr_create_self_node+0x42/0x150 [<000000004d07938f>] hsr_dev_finalize+0xa4/0x233 [<00000000a0cdbb2d>] hsr_newlink+0xf3/0x140 [<00000000647960d4>] __rtnl_newlink+0x892/0xb30 [<000000004c25e96f>] rtnl_newlink+0x4e/0x80 [<00000000f168e13a>] rtnetlink_rcv_msg+0x178/0x4b0 [<000000009a7e3298>] netlink_rcv_skb+0x61/0x170 [<0000000052d72095>] rtnetlink_rcv+0x1d/0x30 [<000000006ddc4002>] netlink_unicast+0x1ec/0x2d0 [<0000000066b8b127>] netlink_sendmsg+0x26a/0x480 [<00000000e09a3bfe>] sock_sendmsg+0x54/0x70 [<00000000d44ac127>] __sys_sendto+0x148/0x1f0 [<000000000621279e>] __x64_sys_sendto+0x2a/0x30 [<0000000060292958>] do_syscall_64+0x76/0x1a0 [<00000000c7421ac0>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 BUG: memory leak unreferenced object 0xffff8881215f8640 (size 64): comm "syz-executor.0", pid 7067, jiffies 4294942323 (age 12.920s) hex dump (first 32 bytes): 80 53 66 1c 81 88 ff ff 00 02 00 00 00 00 ad de .Sf............. 00 00 3c 18 81 88 ff ff c0 08 3c 18 81 88 ff ff ..<.......<..... backtrace: [<00000000db386b2f>] kmem_cache_alloc_trace+0x13d/0x280 [<00000000ec30cea2>] hsr_add_port+0xe7/0x220 [<000000009e723df2>] hsr_dev_finalize+0x14f/0x233 [<00000000a0cdbb2d>] hsr_newlink+0xf3/0x140 [<00000000647960d4>] __rtnl_newlink+0x892/0xb30 [<000000004c25e96f>] rtnl_newlink+0x4e/0x80 [<00000000f168e13a>] rtnetlink_rcv_msg+0x178/0x4b0 [<000000009a7e3298>] netlink_rcv_skb+0x61/0x170 [<0000000052d72095>] rtnetlink_rcv+0x1d/0x30 [<000000006ddc4002>] netlink_unicast+0x1ec/0x2d0 [<0000000066b8b127>] netlink_sendmsg+0x26a/0x480 [<00000000e09a3bfe>] sock_sendmsg+0x54/0x70 [<00000000d44ac127>] __sys_sendto+0x148/0x1f0 [<000000000621279e>] __x64_sys_sendto+0x2a/0x30 [<0000000060292958>] do_syscall_64+0x76/0x1a0 [<00000000c7421ac0>] entry_SYSCALL_64_after_hwframe+0x44/0xa9