[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 33.165295] random: sshd: uninitialized urandom read (32 bytes read) [ 33.357733] kauditd_printk_skb: 11 callbacks suppressed [ 33.357741] audit: type=1400 audit(1569408406.241:35): avc: denied { map } for pid=6948 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 33.409754] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.989098] random: sshd: uninitialized urandom read (32 bytes read) [ 34.174117] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts. [ 39.873799] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/25 10:46:53 parsed 1 programs [ 40.052175] audit: type=1400 audit(1569408412.941:36): avc: denied { map } for pid=6961 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 40.108972] audit: type=1400 audit(1569408412.991:37): avc: denied { map } for pid=6961 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13764 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 40.738778] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/25 10:46:54 executed programs: 0 [ 41.710684] audit: type=1400 audit(1569408414.591:38): avc: denied { map } for pid=6961 comm="syz-execprog" path="/root/syzkaller-shm821326853" dev="sda1" ino=16485 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 42.020850] IPVS: ftp: loaded support on port[0] = 21 [ 42.868915] chnl_net:caif_netlink_parms(): no params data found [ 42.876620] IPVS: ftp: loaded support on port[0] = 21 [ 42.912055] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.918767] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.926007] device bridge_slave_0 entered promiscuous mode [ 42.935297] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.941748] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.948587] device bridge_slave_1 entered promiscuous mode [ 42.963905] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.972661] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.988871] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 42.996441] team0: Port device team_slave_0 added [ 43.003838] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.011700] team0: Port device team_slave_1 added [ 43.018574] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.030148] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 43.092196] device hsr_slave_0 entered promiscuous mode [ 43.140420] device hsr_slave_1 entered promiscuous mode [ 43.180674] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 43.189315] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 43.204445] IPVS: ftp: loaded support on port[0] = 21 [ 43.206445] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.216137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.223227] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.229602] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.284822] chnl_net:caif_netlink_parms(): no params data found [ 43.329383] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.337242] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.344535] device bridge_slave_0 entered promiscuous mode [ 43.356868] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.363797] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.371009] device bridge_slave_1 entered promiscuous mode [ 43.389063] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.398162] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.423961] IPVS: ftp: loaded support on port[0] = 21 [ 43.430621] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.438292] team0: Port device team_slave_0 added [ 43.444264] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.451795] team0: Port device team_slave_1 added [ 43.464168] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.473389] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 43.479462] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.489351] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 43.499792] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 43.581974] device hsr_slave_0 entered promiscuous mode [ 43.620282] device hsr_slave_1 entered promiscuous mode [ 43.690741] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 43.699486] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 43.716070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.724682] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.741883] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.756372] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 43.762837] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.785261] chnl_net:caif_netlink_parms(): no params data found [ 43.805225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.813944] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.820305] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.842485] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 43.851912] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 43.871943] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.881017] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.887349] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.894555] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.902516] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 43.909949] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 43.918377] IPVS: ftp: loaded support on port[0] = 21 [ 43.938191] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 43.946567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.957902] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 44.002303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.009743] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.021732] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 44.029402] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 44.040333] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 44.046671] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 44.053673] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.061043] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.067948] device bridge_slave_0 entered promiscuous mode [ 44.076660] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.083431] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.090512] device bridge_slave_1 entered promiscuous mode [ 44.104413] chnl_net:caif_netlink_parms(): no params data found [ 44.116583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.124744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.163090] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 44.174153] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 44.194115] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 44.224444] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 44.231961] team0: Port device team_slave_0 added [ 44.237502] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 44.245008] team0: Port device team_slave_1 added [ 44.250944] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 44.271032] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.278472] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.286632] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.293826] device bridge_slave_0 entered promiscuous mode [ 44.301900] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.318107] IPVS: ftp: loaded support on port[0] = 21 [ 44.329052] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.337350] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.344669] device bridge_slave_1 entered promiscuous mode [ 44.355163] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.402473] device hsr_slave_0 entered promiscuous mode [ 44.440361] device hsr_slave_1 entered promiscuous mode [ 44.502765] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.518596] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.535957] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.547261] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 44.569348] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 44.579929] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 44.589629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.596606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.614041] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 44.621089] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.651885] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 44.659724] team0: Port device team_slave_0 added [ 44.705497] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.720814] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 44.724914] hrtimer: interrupt took 26969 ns [ 44.733835] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 44.741240] team0: Port device team_slave_1 added [ 44.749263] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 44.762253] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.772029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.779892] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.795221] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.801640] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.818229] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.826420] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.838392] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.844781] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.857805] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 44.871279] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.887374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 44.895329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 44.907080] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 44.922142] chnl_net:caif_netlink_parms(): no params data found [ 44.949900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 44.966156] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 45.033718] device hsr_slave_0 entered promiscuous mode [ 45.060307] device hsr_slave_1 entered promiscuous mode [ 45.101197] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 45.108432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 45.116209] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.123935] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 45.132679] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 45.153572] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 45.161202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 45.168784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.196624] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 45.253237] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.259542] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.267055] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.276795] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 45.290169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.300374] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 45.306596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.314938] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.323357] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.329731] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.337755] device bridge_slave_0 entered promiscuous mode [ 45.350359] chnl_net:caif_netlink_parms(): no params data found [ 45.363232] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 45.369724] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 45.381074] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 45.387957] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.394441] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.403068] device bridge_slave_1 entered promiscuous mode [ 45.414796] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 45.421694] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.427869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.434910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.475689] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.484035] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.500330] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 45.507748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.515765] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.524046] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.530442] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.537676] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 45.547586] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.560811] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.567175] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.574379] device bridge_slave_0 entered promiscuous mode [ 45.581864] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.588288] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.596123] device bridge_slave_1 entered promiscuous mode [ 45.614865] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.628084] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 45.637125] team0: Port device team_slave_0 added [ 45.642494] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 45.650785] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.658612] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.665007] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.674579] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.685174] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 45.693906] team0: Port device team_slave_1 added [ 45.699924] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.709008] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.718163] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.727482] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.738086] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 45.745747] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 45.754144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 45.777067] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 45.784470] team0: Port device team_slave_0 added [ 45.789857] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 45.803247] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 45.814355] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 45.821096] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 45.828416] team0: Port device team_slave_1 added [ 45.836270] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 45.849704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 45.857442] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.864715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.875863] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 45.924997] device hsr_slave_0 entered promiscuous mode [ 45.961229] device hsr_slave_1 entered promiscuous mode [ 46.000836] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 46.007689] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.015559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.023885] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.031496] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.040690] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.046753] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.055654] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.077900] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 46.133679] device hsr_slave_0 entered promiscuous mode [ 46.170446] device hsr_slave_1 entered promiscuous mode [ 46.210378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.218640] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.231785] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.241412] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.249563] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 46.257700] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 46.268863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.277051] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.284784] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.291188] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.298085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.306622] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.314752] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.324036] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.331679] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 46.338652] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.346861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.354453] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.360826] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.372408] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 46.383746] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.392300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.399756] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.408131] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.418252] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 46.424585] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.437308] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.454063] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.463542] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 46.475629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.486063] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 46.496349] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 46.504194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.513220] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.521006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.528624] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.536384] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.546114] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 46.554627] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.562509] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.571386] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 46.579835] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 46.591818] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 46.597847] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.608220] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.619248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.627013] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.645503] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 46.659020] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.674121] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 46.683118] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 46.696481] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 46.708626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.717847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.730869] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.736940] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.756169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.765988] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 46.774005] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.784483] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 46.791689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.805390] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.812987] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.819315] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.827018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.834022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.843261] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.852237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 46.859216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.867235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.874997] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.881401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.890751] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.899461] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.908260] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.915154] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.927450] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 2019/09/25 10:46:59 executed programs: 14 [ 46.945716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.963579] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.978326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.986590] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.004187] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.010643] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.050874] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.070930] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.079187] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 47.092820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 47.101228] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.113455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.121534] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.129022] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.135402] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.144221] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.154449] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 47.161482] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 47.168298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 47.176491] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.184203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 47.191791] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.199958] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 47.213212] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 47.220309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 47.228034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 47.236580] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.245911] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 47.256417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 47.265488] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 47.272123] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.285583] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.292616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 47.300644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.309173] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 47.320465] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.327799] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 47.335846] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.344954] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 47.353927] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 47.361226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 47.368639] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.379248] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 47.387226] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 47.394857] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.403856] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 47.409856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.418024] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.432298] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 47.447012] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.610718] l2tp_core: tunl 4: sockfd_lookup(fd=4) returned -9 [ 49.178071] l2tp_core: tunl 4: sockfd_lookup(fd=4) returned -9 [ 49.491214] l2tp_core: tunl 4: sockfd_lookup(fd=4) returned -9 2019/09/25 10:47:04 executed programs: 185 [ 52.813378] l2tp_core: tunl 4: sockfd_lookup(fd=4) returned -9 [ 53.769487] l2tp_core: tunl 4: sockfd_lookup(fd=4) returned -9 [ 53.878447] l2tp_core: tunl 4: sockfd_lookup(fd=4) returned -9 [ 55.254265] l2tp_core: tunl 4: sockfd_lookup(fd=4) returned -9 2019/09/25 10:47:09 executed programs: 423 [ 57.701596] l2tp_core: tunl 4: sockfd_lookup(fd=4) returned -9 [ 57.984381] l2tp_core: tunl 4: sockfd_lookup(fd=4) returned -9 [ 58.035844] l2tp_core: tunl 4: sockfd_lookup(fd=4) returned -9 [ 58.246298] l2tp_core: tunl 4: sockfd_lookup(fd=4) returned -9 [ 58.287256] ================================================================== [ 58.294840] BUG: KASAN: use-after-free in pppol2tp_connect+0x169c/0x18b0 [ 58.301677] Read of size 8 at addr ffff888073c39858 by task syz-executor.5/8995 [ 58.309113] [ 58.310724] CPU: 0 PID: 8995 Comm: syz-executor.5 Not tainted 4.14.146 #0 [ 58.317715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.327062] Call Trace: [ 58.329636] dump_stack+0x138/0x197 [ 58.333247] ? pppol2tp_connect+0x169c/0x18b0 [ 58.337722] print_address_description.cold+0x7c/0x1dc [ 58.343002] ? pppol2tp_connect+0x169c/0x18b0 [ 58.347485] kasan_report.cold+0xa9/0x2af [ 58.351820] __asan_report_load8_noabort+0x14/0x20 [ 58.356728] pppol2tp_connect+0x169c/0x18b0 [ 58.361041] ? pppol2tp_seq_show+0xbc0/0xbc0 [ 58.365432] ? retint_kernel+0x2d/0x2d [ 58.369309] ? security_socket_connect+0x89/0xb0 [ 58.374047] SYSC_connect+0x1f6/0x2d0 [ 58.377829] ? SYSC_bind+0x220/0x220 [ 58.381533] ? SyS_clock_gettime+0xf8/0x180 [ 58.385847] SyS_connect+0x24/0x30 [ 58.389382] ? SyS_accept+0x30/0x30 [ 58.393003] do_syscall_64+0x1e8/0x640 [ 58.396884] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 58.401722] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 58.406902] RIP: 0033:0x459a29 [ 58.410070] RSP: 002b:00007fabb543ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 58.417784] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 58.425047] RDX: 0000000000000026 RSI: 0000000020000180 RDI: 0000000000000005 [ 58.432310] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 58.439590] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabb543b6d4 [ 58.446847] R13: 00000000004bff90 R14: 00000000004d1f00 R15: 00000000ffffffff [ 58.454122] [ 58.455730] Allocated by task 8995: [ 58.459348] save_stack_trace+0x16/0x20 [ 58.463304] save_stack+0x45/0xd0 [ 58.466735] kasan_kmalloc+0xce/0xf0 [ 58.470431] __kmalloc+0x15d/0x7a0 [ 58.473949] l2tp_session_create+0x38/0x1600 [ 58.478334] pppol2tp_connect+0x11bf/0x18b0 [ 58.482653] SYSC_connect+0x1f6/0x2d0 [ 58.487385] SyS_connect+0x24/0x30 [ 58.490905] do_syscall_64+0x1e8/0x640 [ 58.494772] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 58.499936] [ 58.501541] Freed by task 9004: [ 58.504799] save_stack_trace+0x16/0x20 [ 58.508751] save_stack+0x45/0xd0 [ 58.512191] kasan_slab_free+0x75/0xc0 [ 58.516063] kfree+0xcc/0x270 [ 58.519146] l2tp_session_free+0x176/0x210 [ 58.523360] l2tp_tunnel_closeall+0x2ca/0x380 [ 58.527842] l2tp_udp_encap_destroy+0x99/0x100 [ 58.532409] udpv6_destroy_sock+0xb3/0xd0 [ 58.536534] sk_common_release+0x6b/0x310 [ 58.540688] udp_lib_close+0x16/0x20 [ 58.544386] inet_release+0xec/0x1c0 [ 58.548084] inet6_release+0x53/0x80 [ 58.551788] __sock_release+0xce/0x2b0 [ 58.555653] sock_close+0x1b/0x30 [ 58.559082] __fput+0x275/0x7a0 [ 58.562343] ____fput+0x16/0x20 [ 58.565601] task_work_run+0x114/0x190 [ 58.569474] exit_to_usermode_loop+0x1da/0x220 [ 58.574033] do_syscall_64+0x4bc/0x640 [ 58.577908] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 58.583072] [ 58.584677] The buggy address belongs to the object at ffff888073c39840 [ 58.584677] which belongs to the cache kmalloc-512 of size 512 [ 58.597310] The buggy address is located 24 bytes inside of [ 58.597310] 512-byte region [ffff888073c39840, ffff888073c39a40) [ 58.609079] The buggy address belongs to the page: [ 58.613995] page:ffffea0001cf0e40 count:1 mapcount:0 mapping:ffff888073c390c0 index:0x0 [ 58.622124] flags: 0x1fffc0000000100(slab) [ 58.626340] raw: 01fffc0000000100 ffff888073c390c0 0000000000000000 0000000100000006 [ 58.634200] raw: ffffea00025a6520 ffffea0001d129a0 ffff8880aa800940 0000000000000000 [ 58.642057] page dumped because: kasan: bad access detected [ 58.647749] [ 58.649356] Memory state around the buggy address: [ 58.654261] ffff888073c39700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 58.661605] ffff888073c39780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.668942] >ffff888073c39800: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 58.676295] ^ [ 58.682501] ffff888073c39880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.689843] ffff888073c39900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.697185] ================================================================== [ 58.704522] Disabling lock debugging due to kernel taint [ 58.862430] Kernel panic - not syncing: panic_on_warn set ... [ 58.862430] [ 58.869819] CPU: 0 PID: 8995 Comm: syz-executor.5 Tainted: G B 4.14.146 #0 [ 58.877953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.887286] Call Trace: [ 58.889874] dump_stack+0x138/0x197 [ 58.893481] ? pppol2tp_connect+0x169c/0x18b0 [ 58.897952] panic+0x1f2/0x426 [ 58.901119] ? add_taint.cold+0x16/0x16 [ 58.905094] ? ___preempt_schedule+0x16/0x18 [ 58.909484] kasan_end_report+0x47/0x4f [ 58.913444] kasan_report.cold+0x130/0x2af [ 58.917656] __asan_report_load8_noabort+0x14/0x20 [ 58.922562] pppol2tp_connect+0x169c/0x18b0 [ 58.926863] ? pppol2tp_seq_show+0xbc0/0xbc0 [ 58.931248] ? retint_kernel+0x2d/0x2d [ 58.935126] ? security_socket_connect+0x89/0xb0 [ 58.939860] SYSC_connect+0x1f6/0x2d0 [ 58.943638] ? SYSC_bind+0x220/0x220 [ 58.947333] ? SyS_clock_gettime+0xf8/0x180 [ 58.951632] SyS_connect+0x24/0x30 [ 58.955148] ? SyS_accept+0x30/0x30 [ 58.958752] do_syscall_64+0x1e8/0x640 [ 58.962614] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 58.967434] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 58.972602] RIP: 0033:0x459a29 [ 58.975779] RSP: 002b:00007fabb543ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 58.983464] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a29 [ 58.990710] RDX: 0000000000000026 RSI: 0000000020000180 RDI: 0000000000000005 [ 58.997957] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 59.005206] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabb543b6d4 [ 59.012462] R13: 00000000004bff90 R14: 00000000004d1f00 R15: 00000000ffffffff [ 59.020964] Kernel Offset: disabled [ 59.024594] Rebooting in 86400 seconds..