Warning: Permanently added '10.128.15.216' (ECDSA) to the list of known hosts. 2019/12/02 04:23:19 fuzzer started [ 91.589434][ T25] audit: type=1400 audit(1575260599.732:42): avc: denied { map } for pid=9616 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/12/02 04:23:21 dialing manager at 10.128.0.26:38369 2019/12/02 04:23:21 syscalls: 2696 2019/12/02 04:23:21 code coverage: enabled 2019/12/02 04:23:21 comparison tracing: enabled 2019/12/02 04:23:21 extra coverage: extra coverage is not supported by the kernel 2019/12/02 04:23:21 setuid sandbox: enabled 2019/12/02 04:23:21 namespace sandbox: enabled 2019/12/02 04:23:21 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/02 04:23:21 fault injection: enabled 2019/12/02 04:23:21 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/02 04:23:21 net packet injection: enabled 2019/12/02 04:23:21 net device setup: enabled 2019/12/02 04:23:21 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/02 04:23:21 devlink PCI setup: PCI device 0000:00:10.0 is not available 04:23:22 executing program 0: clock_adjtime(0x0, &(0x7f00000001c0)={0x27ff, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xe10b}) [ 94.548376][ T25] audit: type=1400 audit(1575260602.692:43): avc: denied { map } for pid=9632 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=90 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 04:23:22 executing program 1: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x2) [ 94.721780][ T9633] IPVS: ftp: loaded support on port[0] = 21 [ 94.904477][ T9633] chnl_net:caif_netlink_parms(): no params data found [ 94.966287][ T9636] IPVS: ftp: loaded support on port[0] = 21 [ 94.975877][ T9633] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.985233][ T9633] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.994002][ T9633] device bridge_slave_0 entered promiscuous mode [ 95.006432][ T9633] bridge0: port 2(bridge_slave_1) entered blocking state 04:23:23 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000740)=""/246) ioctl$PPPIOCSACTIVE(r1, 0x40107447, &(0x7f0000000040)={0x1, &(0x7f0000000400)=[{}]}) [ 95.014969][ T9633] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.024415][ T9633] device bridge_slave_1 entered promiscuous mode [ 95.054432][ T9633] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.082357][ T9633] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.136354][ T9633] team0: Port device team_slave_0 added [ 95.168489][ T9633] team0: Port device team_slave_1 added 04:23:23 executing program 3: r0 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x1e, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) [ 95.260115][ T9633] device hsr_slave_0 entered promiscuous mode [ 95.347528][ T9633] device hsr_slave_1 entered promiscuous mode [ 95.411112][ T9639] IPVS: ftp: loaded support on port[0] = 21 [ 95.524238][ T9641] IPVS: ftp: loaded support on port[0] = 21 [ 95.533331][ T25] audit: type=1400 audit(1575260603.672:44): avc: denied { create } for pid=9633 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 95.580862][ T9633] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.588250][ T25] audit: type=1400 audit(1575260603.672:45): avc: denied { write } for pid=9633 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 04:23:23 executing program 4: r0 = syz_open_dev$swradio(&(0x7f0000000540)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000840)={0x0, 0x0, 0x0, {0xc}}) [ 95.615115][ T25] audit: type=1400 audit(1575260603.702:46): avc: denied { read } for pid=9633 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 95.700354][ T9633] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.769400][ T9633] netdevsim netdevsim0 netdevsim2: renamed from eth2 04:23:23 executing program 5: clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)={0x0, 0x0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) open(0x0, 0x8001141042, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000100)={0x0, 0x43}, 0x8) syz_open_procfs(0x0, &(0x7f0000000100)='net/arp\x00') syz_open_procfs(0x0, &(0x7f0000000080)='comm\x00') sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) getsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, &(0x7f0000000580)=0x80) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x57, 0x0, &(0x7f00000002c0)="92b34184571a823b1ecc54ee9733389d8768924379d730e19ef192077b6f5f3bb9b3b3281b152da2fa1191d5302a4335470e770b00a77ce3ce578d0017e7ba5fe0a470a69010de2a1fe82363a569612734762e3cb82fd6"}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0xfffffffe}) ioctl$sock_inet6_SIOCADDRT(r2, 0x89a0, &(0x7f00000005c0)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @remote, @remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x5) clock_nanosleep(0x3, 0xa, &(0x7f0000000000)={r0, r1+30000000}, 0x0) [ 95.809848][ T9633] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.851185][ T9636] chnl_net:caif_netlink_parms(): no params data found [ 95.893616][ T9644] IPVS: ftp: loaded support on port[0] = 21 [ 95.901998][ T9633] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.909280][ T9633] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.917361][ T9633] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.924449][ T9633] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.936545][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.957333][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.009835][ T9647] IPVS: ftp: loaded support on port[0] = 21 [ 96.143977][ T9636] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.152333][ T9636] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.161254][ T9636] device bridge_slave_0 entered promiscuous mode [ 96.169514][ T9639] chnl_net:caif_netlink_parms(): no params data found [ 96.207768][ T9636] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.214998][ T9636] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.224026][ T9636] device bridge_slave_1 entered promiscuous mode [ 96.250826][ T9636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.294108][ T9639] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.302346][ T9639] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.310797][ T9639] device bridge_slave_0 entered promiscuous mode [ 96.319699][ T9636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.332139][ T9633] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.360142][ T9639] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.368662][ T9639] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.377771][ T9639] device bridge_slave_1 entered promiscuous mode [ 96.475853][ T9636] team0: Port device team_slave_0 added [ 96.493605][ T9639] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.503889][ T9647] chnl_net:caif_netlink_parms(): no params data found [ 96.512952][ T9644] chnl_net:caif_netlink_parms(): no params data found [ 96.523893][ T9636] team0: Port device team_slave_1 added [ 96.530348][ T9641] chnl_net:caif_netlink_parms(): no params data found [ 96.542374][ T9639] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.573130][ T9637] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 96.582419][ T9637] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 96.631585][ T9633] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.681605][ T9636] device hsr_slave_0 entered promiscuous mode [ 96.737810][ T9636] device hsr_slave_1 entered promiscuous mode [ 96.777324][ T9636] debugfs: Directory 'hsr0' with parent '/' already present! [ 96.851093][ T9647] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.859653][ T9647] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.867692][ T9647] device bridge_slave_0 entered promiscuous mode [ 96.876912][ T9639] team0: Port device team_slave_0 added [ 96.883359][ T9644] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.890598][ T9644] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.898981][ T9644] device bridge_slave_0 entered promiscuous mode [ 96.906345][ T9641] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.913675][ T9641] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.922079][ T9641] device bridge_slave_0 entered promiscuous mode [ 96.931292][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 96.940942][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 96.949642][ T3061] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.956733][ T3061] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.964607][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 96.973238][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 96.981772][ T3061] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.989471][ T3061] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.006246][ T9647] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.020792][ T9647] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.029370][ T9647] device bridge_slave_1 entered promiscuous mode [ 97.043463][ T9639] team0: Port device team_slave_1 added [ 97.051685][ T9644] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.059328][ T9644] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.067446][ T9644] device bridge_slave_1 entered promiscuous mode [ 97.074652][ T9641] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.081834][ T9641] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.089862][ T9641] device bridge_slave_1 entered promiscuous mode [ 97.107504][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 97.116496][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 97.125348][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 97.134128][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.143265][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 97.152831][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.162394][ T9636] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 97.290687][ T9639] device hsr_slave_0 entered promiscuous mode [ 97.327656][ T9639] device hsr_slave_1 entered promiscuous mode [ 97.367368][ T9639] debugfs: Directory 'hsr0' with parent '/' already present! [ 97.380247][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 97.389468][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 97.398155][ T3061] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 97.407296][ T9636] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 97.457330][ T9647] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.473499][ T9633] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 97.485112][ T9633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 97.503509][ T9641] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.516793][ T9636] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 97.550170][ T9644] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.562105][ T9647] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.579936][ T9646] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 97.588377][ T9646] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 97.608438][ T9641] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.623935][ T9636] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 97.700786][ T9644] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.723614][ T9633] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.755842][ T9639] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 97.804539][ T9639] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 97.860572][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 97.868404][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 97.879017][ T9647] team0: Port device team_slave_0 added [ 97.906314][ T9639] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 97.961222][ T9647] team0: Port device team_slave_1 added [ 97.967040][ T9639] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 98.031930][ T25] audit: type=1400 audit(1575260606.172:47): avc: denied { associate } for pid=9633 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 98.035723][ T9641] team0: Port device team_slave_0 added [ 98.071596][ T9644] team0: Port device team_slave_0 added [ 98.080324][ T9644] team0: Port device team_slave_1 added [ 98.114902][ T9641] team0: Port device team_slave_1 added [ 98.170322][ T9647] device hsr_slave_0 entered promiscuous mode [ 98.207636][ T9647] device hsr_slave_1 entered promiscuous mode [ 98.267290][ T9647] debugfs: Directory 'hsr0' with parent '/' already present! [ 98.341320][ T9644] device hsr_slave_0 entered promiscuous mode [ 98.397631][ T9644] device hsr_slave_1 entered promiscuous mode [ 98.437273][ T9644] debugfs: Directory 'hsr0' with parent '/' already present! 12:23:48 executing program 0: clock_adjtime(0x0, &(0x7f00000001c0)={0x27ff, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xe10b}) [ 98.500371][ T9641] device hsr_slave_0 entered promiscuous mode [ 98.528521][ T9641] device hsr_slave_1 entered promiscuous mode 04:23:59 executing program 0: clock_adjtime(0x0, &(0x7f00000001c0)={0x27ff, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xe10b}) [ 98.567332][ T9641] debugfs: Directory 'hsr0' with parent '/' already present! 20:24:10 executing program 0: clock_adjtime(0x0, &(0x7f00000001c0)={0x27ff, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0xe10b}) [ 98.746942][ T9647] netdevsim netdevsim5 netdevsim0: renamed from eth0 12:24:21 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000200), 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/autofs\x00', 0x5000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) socket(0x11, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x4) setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f0000000280)=0x8, 0x4) bind$llc(r0, &(0x7f0000000040), 0x10) sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) [ 98.822279][ T9647] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 98.878427][ T25] audit: type=1400 audit(1575548662.026:48): avc: denied { open } for pid=9667 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 98.903309][ T25] audit: type=1400 audit(1575548662.026:49): avc: denied { kernel } for pid=9667 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 98.928105][ T9641] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 98.979175][ T9644] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 99.037128][ C0] hrtimer: interrupt took 49199 ns 12:24:22 executing program 0: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x10031, 0xffffffffffffffff, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000200), 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/autofs\x00', 0x5000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) socket(0x11, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x4) setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f0000000280)=0x8, 0x4) bind$llc(r0, &(0x7f0000000040), 0x10) sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) [ 99.077269][ T9644] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 99.212575][ T9639] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.243343][ T9639] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.303939][ T9639] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 99.322707][ T9639] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 99.373823][ T9639] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.634316][ T9675] ================================================================== [ 99.642904][ T9675] BUG: KASAN: slab-out-of-bounds in bpf_prog_create+0xe9/0x250 [ 99.650455][ T9675] Read of size 64 at addr ffff8880a8a2c380 by task syz-executor.2/9675 [ 99.658694][ T9675] [ 99.661036][ T9675] CPU: 0 PID: 9675 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 99.669273][ T9675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 99.679428][ T9675] Call Trace: [ 99.682815][ T9675] dump_stack+0x197/0x210 [ 99.687153][ T9675] ? bpf_prog_create+0xe9/0x250 [ 99.692013][ T9675] print_address_description.constprop.0.cold+0xd4/0x30b [ 99.699129][ T9675] ? bpf_prog_create+0xe9/0x250 [ 99.703991][ T9675] ? bpf_prog_create+0xe9/0x250 [ 99.708868][ T9675] __kasan_report.cold+0x1b/0x41 [ 99.713815][ T9675] ? find_next_bit+0xe0/0x130 [ 99.718508][ T9675] ? bpf_prog_create+0xe9/0x250 [ 99.723363][ T9675] kasan_report+0x12/0x20 [ 99.727698][ T9675] check_memory_region+0x134/0x1a0 [ 99.732809][ T9675] memcpy+0x24/0x50 [ 99.737053][ T9675] bpf_prog_create+0xe9/0x250 [ 99.741757][ T9675] get_filter.isra.0+0x108/0x1a0 [ 99.746711][ T9675] ? ppp_push+0x1290/0x1290 [ 99.751254][ T9675] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 99.755240][ T9636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.757532][ T9675] ? _copy_from_user+0x12c/0x1a0 [ 99.757559][ T9675] ppp_ioctl+0x12f7/0x2750 [ 99.757577][ T9675] ? ppp_nl_newlink+0x2a0/0x2a0 [ 99.757599][ T9675] ? ___might_sleep+0x163/0x2c0 [ 99.764728][ T9647] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 99.769133][ T9675] ? ppp_nl_newlink+0x2a0/0x2a0 [ 99.769149][ T9675] do_vfs_ioctl+0xdb6/0x13e0 [ 99.769167][ T9675] ? compat_ioctl_preallocate+0x210/0x210 [ 99.769180][ T9675] ? selinux_file_mprotect+0x620/0x620 [ 99.769197][ T9675] ? __fget+0x37f/0x550 [ 99.778425][ T9675] ? ksys_dup3+0x3e0/0x3e0 [ 99.778440][ T9675] ? nsecs_to_jiffies+0x30/0x30 [ 99.778461][ T9675] ? tomoyo_file_ioctl+0x23/0x30 [ 99.789946][ T9675] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 99.789962][ T9675] ? security_file_ioctl+0x8d/0xc0 [ 99.789977][ T9675] ksys_ioctl+0xab/0xd0 [ 99.789994][ T9675] __x64_sys_ioctl+0x73/0xb0 [ 99.799415][ T9675] do_syscall_64+0xfa/0x790 [ 99.799436][ T9675] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 99.799451][ T9675] RIP: 0033:0x45a679 [ 99.863862][ T9675] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 99.883971][ T9675] RSP: 002b:00007f9d9f32dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 99.892374][ T9675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 99.900334][ T9675] RDX: 0000000020000040 RSI: 0000000040107447 RDI: 0000000000000004 [ 99.908408][ T9675] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 99.916483][ T9675] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d9f32e6d4 [ 99.924465][ T9675] R13: 00000000004c45dc R14: 00000000004d9b30 R15: 00000000ffffffff [ 99.932435][ T9675] [ 99.934750][ T9675] Allocated by task 9675: [ 99.939078][ T9675] save_stack+0x23/0x90 [ 99.943230][ T9675] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 99.948839][ T9675] kasan_kmalloc+0x9/0x10 [ 99.953271][ T9675] __kmalloc_track_caller+0x15f/0x760 [ 99.958645][ T9675] memdup_user+0x26/0xb0 [ 99.962882][ T9675] get_filter.isra.0+0xd7/0x1a0 [ 99.967778][ T9675] ppp_ioctl+0x12f7/0x2750 [ 99.972199][ T9675] do_vfs_ioctl+0xdb6/0x13e0 [ 99.976790][ T9675] ksys_ioctl+0xab/0xd0 [ 99.980940][ T9675] __x64_sys_ioctl+0x73/0xb0 [ 99.986033][ T9675] do_syscall_64+0xfa/0x790 [ 99.990537][ T9675] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 99.996732][ T9675] [ 99.999056][ T9675] Freed by task 9468: [ 100.003046][ T9675] save_stack+0x23/0x90 [ 100.007293][ T9675] __kasan_slab_free+0x102/0x150 [ 100.012228][ T9675] kasan_slab_free+0xe/0x10 [ 100.016723][ T9675] kfree+0x10a/0x2c0 [ 100.020901][ T9675] tomoyo_check_open_permission+0x19e/0x3e0 [ 100.026990][ T9675] tomoyo_file_open+0xa9/0xd0 [ 100.033299][ T9675] security_file_open+0x71/0x300 [ 100.038228][ T9675] do_dentry_open+0x37a/0x1380 [ 100.043230][ T9675] vfs_open+0xa0/0xd0 [ 100.047451][ T9675] path_openat+0x10e4/0x4710 [ 100.052018][ T9675] do_filp_open+0x1a1/0x280 [ 100.056512][ T9675] do_sys_open+0x3fe/0x5d0 [ 100.061326][ T9675] __x64_sys_open+0x7e/0xc0 [ 100.065833][ T9675] do_syscall_64+0xfa/0x790 [ 100.070329][ T9675] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 100.076209][ T9675] [ 100.078531][ T9675] The buggy address belongs to the object at ffff8880a8a2c380 [ 100.078531][ T9675] which belongs to the cache kmalloc-32 of size 32 [ 100.092804][ T9675] The buggy address is located 0 bytes inside of [ 100.092804][ T9675] 32-byte region [ffff8880a8a2c380, ffff8880a8a2c3a0) [ 100.106266][ T9675] The buggy address belongs to the page: [ 100.112025][ T9675] page:ffffea0002a28b00 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a8a2cfc1 [ 100.122447][ T9675] raw: 00fffe0000000200 ffffea00029c7948 ffffea00029ac848 ffff8880aa4001c0 [ 100.131129][ T9675] raw: ffff8880a8a2cfc1 ffff8880a8a2c000 0000000100000024 0000000000000000 [ 100.139855][ T9675] page dumped because: kasan: bad access detected [ 100.146249][ T9675] [ 100.148557][ T9675] Memory state around the buggy address: [ 100.154217][ T9675] ffff8880a8a2c280: fb fb fb fb fc fc fc fc 00 00 01 fc fc fc fc fc [ 100.162719][ T9675] ffff8880a8a2c300: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 100.170804][ T9675] >ffff8880a8a2c380: 00 fc fc fc fc fc fc fc 00 00 01 fc fc fc fc fc [ 100.179205][ T9675] ^ [ 100.183797][ T9675] ffff8880a8a2c400: 05 fc fc fc fc fc fc fc fb fb fb fb fc fc fc fc [ 100.192193][ T9675] ffff8880a8a2c480: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 100.201437][ T9675] ================================================================== [ 100.210130][ T9675] Disabling lock debugging due to kernel taint [ 100.228205][ T9675] Kernel panic - not syncing: panic_on_warn set ... [ 100.234833][ T9675] CPU: 0 PID: 9675 Comm: syz-executor.2 Tainted: G B 5.4.0-syzkaller #0 [ 100.247672][ T9675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 100.257734][ T9675] Call Trace: [ 100.261039][ T9675] dump_stack+0x197/0x210 [ 100.265386][ T9675] panic+0x2e3/0x75c [ 100.269286][ T9675] ? add_taint.cold+0x16/0x16 [ 100.274058][ T9675] ? bpf_prog_create+0xe9/0x250 [ 100.278917][ T9675] ? preempt_schedule+0x4b/0x60 [ 100.283773][ T9675] ? ___preempt_schedule+0x16/0x18 [ 100.288898][ T9675] ? trace_hardirqs_on+0x5e/0x240 [ 100.293925][ T9675] ? bpf_prog_create+0xe9/0x250 [ 100.298787][ T9675] end_report+0x47/0x4f [ 100.302957][ T9675] ? bpf_prog_create+0xe9/0x250 [ 100.307805][ T9675] __kasan_report.cold+0xe/0x41 [ 100.312655][ T9675] ? find_next_bit+0xe0/0x130 [ 100.317501][ T9675] ? bpf_prog_create+0xe9/0x250 [ 100.322451][ T9675] kasan_report+0x12/0x20 [ 100.326864][ T9675] check_memory_region+0x134/0x1a0 [ 100.331970][ T9675] memcpy+0x24/0x50 [ 100.335795][ T9675] bpf_prog_create+0xe9/0x250 [ 100.340578][ T9675] get_filter.isra.0+0x108/0x1a0 [ 100.345513][ T9675] ? ppp_push+0x1290/0x1290 [ 100.350018][ T9675] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 100.356252][ T9675] ? _copy_from_user+0x12c/0x1a0 [ 100.361185][ T9675] ppp_ioctl+0x12f7/0x2750 [ 100.365599][ T9675] ? ppp_nl_newlink+0x2a0/0x2a0 [ 100.370447][ T9675] ? ___might_sleep+0x163/0x2c0 [ 100.375298][ T9675] ? ppp_nl_newlink+0x2a0/0x2a0 [ 100.380169][ T9675] do_vfs_ioctl+0xdb6/0x13e0 [ 100.384781][ T9675] ? compat_ioctl_preallocate+0x210/0x210 [ 100.390509][ T9675] ? selinux_file_mprotect+0x620/0x620 [ 100.395976][ T9675] ? __fget+0x37f/0x550 [ 100.400152][ T9675] ? ksys_dup3+0x3e0/0x3e0 [ 100.404573][ T9675] ? nsecs_to_jiffies+0x30/0x30 [ 100.409460][ T9675] ? tomoyo_file_ioctl+0x23/0x30 [ 100.411648][ T4084] kobject: 'loop0' (00000000bda3a947): kobject_uevent_env [ 100.414422][ T9675] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 100.427758][ T9675] ? security_file_ioctl+0x8d/0xc0 [ 100.432856][ T9675] ksys_ioctl+0xab/0xd0 [ 100.437706][ T9675] __x64_sys_ioctl+0x73/0xb0 [ 100.442278][ T9675] do_syscall_64+0xfa/0x790 [ 100.446766][ T9675] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 100.452733][ T9675] RIP: 0033:0x45a679 [ 100.456699][ T9675] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 100.477868][ T9675] RSP: 002b:00007f9d9f32dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 100.496015][ T9675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 100.503985][ T9675] RDX: 0000000020000040 RSI: 0000000040107447 RDI: 0000000000000004 [ 100.511948][ T9675] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 100.519909][ T9675] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9d9f32e6d4 [ 100.527876][ T9675] R13: 00000000004c45dc R14: 00000000004d9b30 R15: 00000000ffffffff [ 100.537345][ T9675] Kernel Offset: disabled [ 100.541671][ T9675] Rebooting in 86400 seconds..