[ 34.820984] audit: type=1800 audit(1556445088.228:33): pid=7002 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 34.848111] audit: type=1800 audit(1556445088.228:34): pid=7002 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.325243] random: sshd: uninitialized urandom read (32 bytes read) [ 36.645104] audit: type=1400 audit(1556445090.048:35): avc: denied { map } for pid=7174 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 36.697942] random: sshd: uninitialized urandom read (32 bytes read) [ 37.289286] random: sshd: uninitialized urandom read (32 bytes read) [ 37.885357] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.64' (ECDSA) to the list of known hosts. [ 43.476050] random: sshd: uninitialized urandom read (32 bytes read) [ 43.654727] audit: type=1400 audit(1556445097.058:36): avc: denied { map } for pid=7186 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/04/28 09:51:37 parsed 1 programs [ 44.465334] audit: type=1400 audit(1556445097.868:37): avc: denied { map } for pid=7186 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13810 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 45.269984] random: cc1: uninitialized urandom read (8 bytes read) 2019/04/28 09:51:39 executed programs: 0 [ 46.455040] audit: type=1400 audit(1556445099.848:38): avc: denied { map } for pid=7186 comm="syz-execprog" path="/root/syzkaller-shm492494065" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 47.220286] IPVS: ftp: loaded support on port[0] = 21 [ 47.512039] chnl_net:caif_netlink_parms(): no params data found [ 47.520370] IPVS: ftp: loaded support on port[0] = 21 [ 47.563509] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.571792] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.579637] device bridge_slave_0 entered promiscuous mode [ 47.588626] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.595085] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.602057] device bridge_slave_1 entered promiscuous mode [ 47.620710] IPVS: ftp: loaded support on port[0] = 21 [ 47.626918] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 47.637856] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 47.655327] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 47.662683] team0: Port device team_slave_0 added [ 47.668789] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.708759] team0: Port device team_slave_1 added [ 47.714228] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.722266] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.792246] device hsr_slave_0 entered promiscuous mode [ 47.830449] device hsr_slave_1 entered promiscuous mode [ 47.870719] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 47.895274] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 47.927749] chnl_net:caif_netlink_parms(): no params data found [ 47.953962] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.960780] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.967985] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.974428] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.996295] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.003326] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.011460] device bridge_slave_0 entered promiscuous mode [ 48.017981] IPVS: ftp: loaded support on port[0] = 21 [ 48.034287] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.040877] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.048042] device bridge_slave_1 entered promiscuous mode [ 48.104671] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.117738] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.141545] chnl_net:caif_netlink_parms(): no params data found [ 48.152206] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.159314] team0: Port device team_slave_0 added [ 48.167635] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.174924] team0: Port device team_slave_1 added [ 48.182131] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.213676] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.224721] IPVS: ftp: loaded support on port[0] = 21 [ 48.246392] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.252915] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.259976] device bridge_slave_0 entered promiscuous mode [ 48.266736] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.273216] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.280336] device bridge_slave_1 entered promiscuous mode [ 48.332268] device hsr_slave_0 entered promiscuous mode [ 48.370869] device hsr_slave_1 entered promiscuous mode [ 48.427826] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 48.446464] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.456146] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 48.466973] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.500727] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.508105] team0: Port device team_slave_0 added [ 48.514432] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 48.520964] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.544013] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.553078] team0: Port device team_slave_1 added [ 48.559054] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.572534] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.579999] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.587852] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 48.601634] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.612068] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.619695] chnl_net:caif_netlink_parms(): no params data found [ 48.630669] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 48.654185] IPVS: ftp: loaded support on port[0] = 21 [ 48.667445] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 48.712844] device hsr_slave_0 entered promiscuous mode [ 48.800391] device hsr_slave_1 entered promiscuous mode [ 48.880940] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 48.888909] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 48.898417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.905899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.927317] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 48.934289] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.952213] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 48.960475] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.967040] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.974807] device bridge_slave_0 entered promiscuous mode [ 48.983697] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.990506] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.997653] device bridge_slave_1 entered promiscuous mode [ 49.027072] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.036380] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 49.076363] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.085204] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.094028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.102139] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.108613] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.118477] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 49.131636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.155195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.163887] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.171548] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.178300] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.187481] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 49.214791] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.223005] team0: Port device team_slave_0 added [ 49.229497] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 49.240481] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 49.247434] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 49.257783] chnl_net:caif_netlink_parms(): no params data found [ 49.266614] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.274500] team0: Port device team_slave_1 added [ 49.280251] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.288234] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.298462] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 49.306173] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 49.315170] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.322633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.331790] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 49.354878] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 49.361402] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.367508] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 49.375713] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.383716] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.393015] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 49.425778] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.433251] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.440715] device bridge_slave_0 entered promiscuous mode [ 49.447142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 49.455331] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.464735] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 49.474363] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 49.532533] device hsr_slave_0 entered promiscuous mode [ 49.570785] device hsr_slave_1 entered promiscuous mode [ 49.630965] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 49.638318] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.644742] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.651852] device bridge_slave_1 entered promiscuous mode [ 49.663728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 49.672255] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.679942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 49.687576] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.696823] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 49.703850] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 49.714936] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 49.722973] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 49.732419] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 49.761643] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 49.771819] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.778312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.786539] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.794400] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.800928] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.807924] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.816328] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.824922] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.831426] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.838321] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 49.851630] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.878968] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 49.887745] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.908151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 49.918500] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.931486] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.946585] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.955201] team0: Port device team_slave_0 added [ 49.963695] chnl_net:caif_netlink_parms(): no params data found [ 49.978569] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 49.988845] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 49.998955] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.006432] team0: Port device team_slave_1 added [ 50.012334] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.019839] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.027756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.036463] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.045632] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.058497] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.079295] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.087395] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.105351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.114478] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.126178] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 50.134867] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.184019] device hsr_slave_0 entered promiscuous mode [ 50.220498] device hsr_slave_1 entered promiscuous mode [ 50.260744] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.267846] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.276099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.283792] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.299334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.309084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.322548] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 50.332096] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 50.338237] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.357807] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.368699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.376775] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.385613] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 50.391797] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.402038] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.410365] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.418068] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.425908] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.432294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.456503] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.464182] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.471461] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.479650] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.488146] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.494581] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.510258] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 50.518924] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.524313] vivid-003: kernel_thread() failed [ 50.536900] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.545321] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.559790] device bridge_slave_0 entered promiscuous mode [ 50.569491] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.577777] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 50.587911] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.597449] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.604437] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.615792] device bridge_slave_1 entered promiscuous mode [ 50.627797] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 50.638796] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 50.651827] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.661520] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 50.667805] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.679709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.688888] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.696121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.706822] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.716957] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.726921] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.735004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.745096] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.752912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.761083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.768623] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.773142] vivid-003: kernel_thread() failed [ 50.775026] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.798511] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.805675] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.819256] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.833228] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.844928] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.855616] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.862740] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.878595] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.889592] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.898111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.906334] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.912761] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.926033] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 50.936071] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 50.954398] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.966607] team0: Port device team_slave_0 added [ 50.972566] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.984225] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.991898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.001780] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 51.013554] vivid-003: kernel_thread() failed [ 51.027512] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.038298] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.052531] team0: Port device team_slave_1 added [ 51.062424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.070232] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.078584] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 51.085015] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.095816] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.107646] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.116257] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.128526] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 51.143301] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.152840] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.161786] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 51.172986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.185409] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.193648] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.200987] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.208152] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.228940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.237242] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 51.247449] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 51.256939] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.271951] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.312355] device hsr_slave_0 entered promiscuous mode [ 51.330621] device hsr_slave_1 entered promiscuous mode [ 51.370327] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.378045] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.385852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.393329] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.404245] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 51.411811] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.419297] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.429131] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.437625] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.448653] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.456433] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.464444] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.472405] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.478789] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.486621] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.496185] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.507664] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 51.513925] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.522475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.530367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.538020] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.544753] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.553767] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.570645] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 51.580579] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.591557] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.602575] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.616404] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.626987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.657248] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 51.665691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.675427] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.696877] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.705771] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 51.716564] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.725210] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.736513] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 51.744965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.753219] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 2019/04/28 09:51:45 executed programs: 16 [ 51.776528] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.789177] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 51.797796] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.806739] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.818344] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.827327] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 51.834068] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.843694] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.853736] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.859833] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.869713] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 51.873047] vivid-003: kernel_thread() failed [ 51.877125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.887533] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.898251] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.913331] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.923564] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.932423] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.935237] vivid-003: kernel_thread() failed [ 51.949631] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.956065] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.966186] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.978166] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.987868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.001460] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.009182] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.015576] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.025271] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.034410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.050255] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.057824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.067591] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.078170] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.086421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.094394] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.102402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.111114] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.121739] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.131466] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.138394] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.145986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.156996] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.165117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.173283] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.190704] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.196817] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.213820] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.221194] vivid-003: kernel_thread() failed [ 52.234629] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.524351] vivid-003: kernel_thread() failed [ 53.557515] ================================================================== [ 53.566851] BUG: KASAN: use-after-free in __vb2_perform_fileio+0xddf/0xeb0 [ 53.573975] Read of size 4 at addr ffff8880992b5e5c by task syz-executor.1/7360 [ 53.581408] [ 53.583032] CPU: 0 PID: 7360 Comm: syz-executor.1 Not tainted 4.14.114 #4 [ 53.590087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.599441] Call Trace: [ 53.602040] dump_stack+0x138/0x19c [ 53.605705] ? __vb2_perform_fileio+0xddf/0xeb0 [ 53.610376] print_address_description.cold+0x7c/0x1dc [ 53.615651] ? __vb2_perform_fileio+0xddf/0xeb0 [ 53.620325] kasan_report.cold+0xaf/0x2b5 [ 53.624469] __asan_report_load4_noabort+0x14/0x20 [ 53.629414] __vb2_perform_fileio+0xddf/0xeb0 [ 53.634006] ? vb2_core_poll+0x600/0x600 [ 53.638197] ? find_held_lock+0x35/0x130 [ 53.642251] vb2_read+0x3b/0x50 [ 53.645538] vb2_fop_read+0x1f5/0x3e0 [ 53.649329] ? vb2_fop_write+0x3e0/0x3e0 [ 53.653393] v4l2_read+0x1ac/0x210 [ 53.656939] __vfs_read+0x107/0x6b0 [ 53.660579] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 53.667245] ? v4l2_write+0x210/0x210 [ 53.671054] ? vfs_copy_file_range+0xa40/0xa40 [ 53.675742] ? __inode_security_revalidate+0xd6/0x130 [ 53.681038] ? avc_policy_seqno+0x9/0x20 [ 53.685101] ? selinux_file_permission+0x85/0x480 [ 53.689942] ? security_file_permission+0x8f/0x1f0 [ 53.694893] ? rw_verify_area+0xea/0x2b0 [ 53.698959] vfs_read+0x137/0x350 [ 53.702407] SyS_pread64+0x115/0x140 [ 53.706130] ? SyS_write+0x180/0x180 [ 53.709851] ? do_syscall_64+0x53/0x630 [ 53.715783] ? SyS_write+0x180/0x180 [ 53.719492] do_syscall_64+0x1eb/0x630 [ 53.723388] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.728277] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 53.733460] RIP: 0033:0x458da9 [ 53.736660] RSP: 002b:00007f71f15c9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 53.744365] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000458da9 [ 53.751634] RDX: 0000000000000090 RSI: 00000000200000c0 RDI: 0000000000000003 [ 53.758897] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 53.766189] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f71f15ca6d4 [ 53.773713] R13: 00000000004c5af4 R14: 00000000004d9e30 R15: 00000000ffffffff [ 53.780983] [ 53.782595] Allocated by task 7358: [ 53.786213] save_stack_trace+0x16/0x20 [ 53.790186] save_stack+0x45/0xd0 [ 53.793631] kasan_kmalloc+0xce/0xf0 [ 53.797344] kmem_cache_alloc_trace+0x152/0x790 [ 53.802000] __vb2_init_fileio+0x182/0xa90 [ 53.806226] __vb2_perform_fileio+0x9f0/0xeb0 [ 53.810740] vb2_read+0x3b/0x50 [ 53.814017] vb2_fop_read+0x1f5/0x3e0 [ 53.817827] v4l2_read+0x1ac/0x210 [ 53.821448] __vfs_read+0x107/0x6b0 [ 53.825087] vfs_read+0x137/0x350 [ 53.828674] SyS_pread64+0x115/0x140 [ 53.832378] do_syscall_64+0x1eb/0x630 [ 53.836296] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 53.841498] [ 53.843110] Freed by task 7352: [ 53.846396] save_stack_trace+0x16/0x20 [ 53.850369] save_stack+0x45/0xd0 [ 53.853815] kasan_slab_free+0x75/0xc0 [ 53.857692] kfree+0xcc/0x270 [ 53.860798] __vb2_cleanup_fileio+0xfc/0x150 [ 53.865202] vb2_core_queue_release+0x1d/0x80 [ 53.869692] _vb2_fop_release+0x1cf/0x2a0 [ 53.873833] vb2_fop_release+0x75/0xc0 [ 53.877719] vivid_fop_release+0x180/0x3f0 [ 53.882066] v4l2_release+0xfb/0x190 [ 53.885771] __fput+0x277/0x7a0 [ 53.889037] ____fput+0x16/0x20 [ 53.892308] task_work_run+0x119/0x190 [ 53.896185] exit_to_usermode_loop+0x1da/0x220 [ 53.900783] do_syscall_64+0x4a9/0x630 [ 53.904658] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 53.909828] [ 53.911442] The buggy address belongs to the object at ffff8880992b5b40 [ 53.911442] which belongs to the cache kmalloc-1024 of size 1024 [ 53.924271] The buggy address is located 796 bytes inside of [ 53.924271] 1024-byte region [ffff8880992b5b40, ffff8880992b5f40) [ 53.936449] The buggy address belongs to the page: [ 53.941374] page:ffffea000264ad00 count:1 mapcount:0 mapping:ffff8880992b4040 index:0x0 compound_mapcount: 0 [ 53.951467] flags: 0x1fffc0000008100(slab|head) [ 53.956215] raw: 01fffc0000008100 ffff8880992b4040 0000000000000000 0000000100000007 [ 53.964944] raw: ffffea00026384a0 ffffea00025be6a0 ffff8880aa800ac0 0000000000000000 [ 53.972818] page dumped because: kasan: bad access detected [ 53.978523] [ 53.980152] Memory state around the buggy address: [ 53.985083] ffff8880992b5d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 53.992625] ffff8880992b5d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 53.999995] >ffff8880992b5e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.007350] ^ [ 54.013578] ffff8880992b5e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.020931] ffff8880992b5f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 54.028278] ================================================================== [ 54.035630] Disabling lock debugging due to kernel taint [ 54.045408] Kernel panic - not syncing: panic_on_warn set ... [ 54.045408] [ 54.052804] CPU: 1 PID: 7360 Comm: syz-executor.1 Tainted: G B 4.14.114 #4 [ 54.061070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.070534] Call Trace: [ 54.073106] dump_stack+0x138/0x19c [ 54.076723] ? __vb2_perform_fileio+0xddf/0xeb0 [ 54.081401] panic+0x1f2/0x438 [ 54.084579] ? add_taint.cold+0x16/0x16 [ 54.088553] ? ___preempt_schedule+0x16/0x18 [ 54.092951] kasan_end_report+0x47/0x4f [ 54.096928] kasan_report.cold+0x136/0x2b5 [ 54.101162] __asan_report_load4_noabort+0x14/0x20 [ 54.106072] __vb2_perform_fileio+0xddf/0xeb0 [ 54.110580] ? vb2_core_poll+0x600/0x600 [ 54.114626] ? find_held_lock+0x35/0x130 [ 54.118674] vb2_read+0x3b/0x50 [ 54.121935] vb2_fop_read+0x1f5/0x3e0 [ 54.125716] ? vb2_fop_write+0x3e0/0x3e0 [ 54.129769] v4l2_read+0x1ac/0x210 [ 54.133634] __vfs_read+0x107/0x6b0 [ 54.137258] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 54.143912] ? v4l2_write+0x210/0x210 [ 54.147701] ? vfs_copy_file_range+0xa40/0xa40 [ 54.152442] ? __inode_security_revalidate+0xd6/0x130 [ 54.157613] ? avc_policy_seqno+0x9/0x20 [ 54.161654] ? selinux_file_permission+0x85/0x480 [ 54.166481] ? security_file_permission+0x8f/0x1f0 [ 54.171392] ? rw_verify_area+0xea/0x2b0 [ 54.175446] vfs_read+0x137/0x350 [ 54.178882] SyS_pread64+0x115/0x140 [ 54.182576] ? SyS_write+0x180/0x180 [ 54.186271] ? do_syscall_64+0x53/0x630 [ 54.190225] ? SyS_write+0x180/0x180 [ 54.193940] do_syscall_64+0x1eb/0x630 [ 54.197810] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 54.202740] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 54.208519] RIP: 0033:0x458da9 [ 54.211687] RSP: 002b:00007f71f15c9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 54.219750] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000458da9 [ 54.227005] RDX: 0000000000000090 RSI: 00000000200000c0 RDI: 0000000000000003 [ 54.234262] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 54.241518] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f71f15ca6d4 [ 54.248773] R13: 00000000004c5af4 R14: 00000000004d9e30 R15: 00000000ffffffff [ 54.258041] Kernel Offset: disabled [ 54.261683] Rebooting in 86400 seconds..