Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 32.655164] kauditd_printk_skb: 9 callbacks suppressed [ 32.655178] audit: type=1800 audit(1542415672.045:33): pid=5992 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [?25l[?1c7[ ok 8[?25h[?0c. [ 32.686953] audit: type=1800 audit(1542415672.045:34): pid=5992 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 35.530509] audit: type=1400 audit(1542415674.915:35): avc: denied { map } for pid=6167 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.127' (ECDSA) to the list of known hosts. [ 97.125423] audit: type=1400 audit(1542415736.515:36): avc: denied { map } for pid=6181 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/11/17 00:48:57 parsed 1 programs [ 97.700046] audit: type=1400 audit(1542415737.085:37): avc: denied { map } for pid=6181 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=14793 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2018/11/17 00:48:59 executed programs: 0 [ 99.920465] IPVS: ftp: loaded support on port[0] = 21 [ 99.926157] IPVS: ftp: loaded support on port[0] = 21 [ 99.939488] IPVS: ftp: loaded support on port[0] = 21 [ 99.957492] IPVS: ftp: loaded support on port[0] = 21 [ 99.965054] IPVS: ftp: loaded support on port[0] = 21 [ 99.989936] IPVS: ftp: loaded support on port[0] = 21 [ 101.358262] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.369375] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.377873] device bridge_slave_0 entered promiscuous mode [ 101.387859] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.396714] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.405335] device bridge_slave_0 entered promiscuous mode [ 101.426921] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.435330] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.442841] device bridge_slave_0 entered promiscuous mode [ 101.461686] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.472094] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.480434] device bridge_slave_1 entered promiscuous mode [ 101.488966] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.496808] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.504880] device bridge_slave_0 entered promiscuous mode [ 101.513027] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.519393] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.528932] device bridge_slave_1 entered promiscuous mode [ 101.538996] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.548113] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.556430] device bridge_slave_0 entered promiscuous mode [ 101.565395] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.571753] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.581510] device bridge_slave_0 entered promiscuous mode [ 101.589650] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.600307] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.608527] device bridge_slave_1 entered promiscuous mode [ 101.616460] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 101.629817] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 101.642180] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.657993] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.667547] device bridge_slave_1 entered promiscuous mode [ 101.676518] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.683573] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.690949] device bridge_slave_1 entered promiscuous mode [ 101.699554] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 101.709640] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 101.719653] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.728463] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.736619] device bridge_slave_1 entered promiscuous mode [ 101.752888] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 101.760403] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 101.790217] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 101.804342] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 101.813304] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 101.822367] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 101.866419] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 101.905179] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 101.967285] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 102.044133] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 102.055068] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 102.080494] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 102.118460] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 102.134461] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 102.143030] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 102.153784] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 102.171434] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 102.182023] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 102.202606] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 102.219126] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 102.229720] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 102.245868] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 102.258669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 102.275732] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 102.283549] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 102.293352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 102.301155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 102.321585] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 102.345434] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 102.352766] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 102.365314] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 102.374785] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 102.382969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 102.390766] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 102.415566] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 102.429085] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 102.436269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 102.450861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 102.464516] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 102.482211] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 102.539128] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 102.547754] team0: Port device team_slave_0 added [ 102.616785] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 102.638896] team0: Port device team_slave_1 added [ 102.647781] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 102.655999] team0: Port device team_slave_0 added [ 102.688812] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 102.700333] team0: Port device team_slave_0 added [ 102.706958] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 102.727876] team0: Port device team_slave_0 added [ 102.744483] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 102.752305] team0: Port device team_slave_1 added [ 102.769225] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 102.782548] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 102.798264] team0: Port device team_slave_1 added [ 102.806292] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 102.814370] team0: Port device team_slave_1 added [ 102.819690] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 102.827141] team0: Port device team_slave_0 added [ 102.843062] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 102.863874] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 102.874903] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 102.882283] team0: Port device team_slave_0 added [ 102.898243] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 102.916196] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 102.929882] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 102.946139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 102.963248] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 102.971087] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 102.980919] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 102.988178] team0: Port device team_slave_1 added [ 102.995956] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 103.007556] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 103.018142] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 103.027905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 103.043276] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 103.052191] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 103.061165] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 103.070692] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 103.078221] team0: Port device team_slave_1 added [ 103.086296] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 103.096661] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 103.104547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 103.112421] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 103.122184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 103.132090] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 103.143278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 103.151244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 103.170466] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 103.181342] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 103.197854] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 103.206701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 103.218004] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 103.236967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 103.244979] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 103.252401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 103.260372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 103.272512] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 103.287418] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 103.302078] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 103.312141] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 103.330525] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 103.342521] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 103.352237] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 103.362218] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 103.377718] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 103.387398] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 103.402458] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 103.411716] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 103.428019] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 103.441430] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 103.468421] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 103.484866] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 103.493276] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 103.501249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 103.514955] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 103.536731] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 103.552201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 103.566271] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 103.580226] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 103.595162] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 103.623079] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 103.630293] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 103.642647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 104.070776] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.077350] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.084395] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.090779] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.099426] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 104.115681] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.122060] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.128773] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.135213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.143851] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 104.202138] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.208557] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.215284] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.221669] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.232966] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 104.321054] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.327503] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.334220] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.340595] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.367690] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 104.441491] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.447933] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.454668] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.461049] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.471930] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 104.500342] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.506766] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.513494] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.519900] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.536776] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 105.055790] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 105.064703] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 105.072261] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 105.080054] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 105.087667] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 105.096374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 107.081117] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.193560] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.243158] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.256403] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.265653] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.332104] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.345304] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 107.493643] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 107.505311] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 107.563397] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 107.575319] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 107.587580] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 107.599033] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 107.607603] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 107.627276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 107.780619] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 107.795781] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 107.805318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 107.841862] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.854999] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 107.864759] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 107.873257] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 107.890040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 107.897944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 107.906357] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 107.913803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 107.920893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 107.928643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 107.940780] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 107.957571] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 107.987467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 108.140059] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.170308] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.190476] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.205197] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.217368] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.371215] audit: type=1400 audit(1542415748.755:38): avc: denied { associate } for pid=6208 comm="syz-executor4" name="syz4" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 2018/11/17 00:49:09 executed programs: 6 2018/11/17 00:49:14 executed programs: 41 2018/11/17 00:49:20 executed programs: 73 2018/11/17 00:49:25 executed programs: 108 2018/11/17 00:49:30 executed programs: 141 2018/11/17 00:49:35 executed programs: 175 2018/11/17 00:49:40 executed programs: 210 2018/11/17 00:49:45 executed programs: 241 2018/11/17 00:49:50 executed programs: 277 2018/11/17 00:49:55 executed programs: 312 2018/11/17 00:50:00 executed programs: 344 2018/11/17 00:50:05 executed programs: 378 2018/11/17 00:50:11 executed programs: 411 2018/11/17 00:50:16 executed programs: 445 2018/11/17 00:50:21 executed programs: 480 2018/11/17 00:50:26 executed programs: 513 2018/11/17 00:50:31 executed programs: 547 2018/11/17 00:50:36 executed programs: 580 [ 202.126496] ================================================================== [ 202.134027] BUG: KASAN: use-after-free in sctp_epaddr_lookup_transport+0xacb/0xb20 [ 202.141736] Read of size 8 at addr ffff8881bcc980f0 by task syz-executor5/12482 [ 202.149167] [ 202.150787] CPU: 0 PID: 12482 Comm: syz-executor5 Not tainted 4.20.0-rc2+ #117 [ 202.158136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.167487] Call Trace: [ 202.170065] dump_stack+0x244/0x39d [ 202.173695] ? dump_stack_print_info.cold.1+0x20/0x20 [ 202.178909] ? printk+0xa7/0xcf [ 202.182190] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 202.186978] ? call_rcu+0xb/0x10 [ 202.190405] print_address_description.cold.7+0x9/0x1ff [ 202.195781] kasan_report.cold.8+0x242/0x309 [ 202.200191] ? sctp_epaddr_lookup_transport+0xacb/0xb20 [ 202.205551] __asan_report_load8_noabort+0x14/0x20 [ 202.210478] sctp_epaddr_lookup_transport+0xacb/0xb20 [ 202.215666] ? sctp_v4_err+0xb60/0xb60 [ 202.219553] ? zap_class+0x640/0x640 [ 202.223276] ? lock_acquire+0x1ed/0x520 [ 202.227262] ? sctp_endpoint_lookup_assoc+0x86/0x290 [ 202.232372] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.237914] ? check_preemption_disabled+0x48/0x280 [ 202.242957] ? kasan_check_read+0x11/0x20 [ 202.247146] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 202.252439] ? rcu_softirq_qs+0x20/0x20 [ 202.256414] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 202.261611] sctp_endpoint_lookup_assoc+0xe0/0x290 [ 202.266555] sctp_addr_id2transport+0x1f8/0x370 [ 202.271240] ? sctp_getsockopt_sctp_status+0xad0/0xad0 [ 202.276523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.282057] ? sctp_v4_is_any+0x43/0x60 [ 202.286021] sctp_getsockopt_peer_addr_params+0x17c/0x1260 [ 202.291651] ? sctp_setsockopt_primary_addr+0x290/0x290 [ 202.297044] ? __local_bh_enable_ip+0x160/0x260 [ 202.301729] sctp_getsockopt+0x44f9/0x7d32 [ 202.305972] ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0 [ 202.312350] ? print_usage_bug+0xc0/0xc0 [ 202.316448] ? __lock_acquire+0x62f/0x4c20 [ 202.320719] ? mark_held_locks+0x130/0x130 [ 202.324999] ? print_usage_bug+0xc0/0xc0 [ 202.329072] ? print_usage_bug+0xc0/0xc0 [ 202.333151] ? zap_class+0x640/0x640 [ 202.336859] ? __lock_acquire+0x62f/0x4c20 [ 202.341136] ? find_held_lock+0x36/0x1c0 [ 202.345207] ? avc_has_perm+0x469/0x7e0 [ 202.349184] ? lock_downgrade+0x900/0x900 [ 202.353337] ? check_preemption_disabled+0x48/0x280 [ 202.358344] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 202.363274] ? kasan_check_read+0x11/0x20 [ 202.367435] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 202.372715] ? rcu_softirq_qs+0x20/0x20 [ 202.376709] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.382246] ? avc_has_perm+0x55f/0x7e0 [ 202.386229] ? avc_has_perm_noaudit+0x630/0x630 [ 202.390915] ? ksys_dup3+0x680/0x680 [ 202.394622] ? find_held_lock+0x36/0x1c0 [ 202.398703] ? sock_has_perm+0x2bc/0x3e0 [ 202.402765] ? selinux_secmark_relabel_packet+0xe0/0xe0 [ 202.408113] ? perf_trace_sched_process_exec+0x860/0x860 [ 202.413561] ? posix_get_monotonic_coarse+0x2/0x20 [ 202.418500] ? trace_hardirqs_off_caller+0x310/0x310 [ 202.423630] sock_common_getsockopt+0x9a/0xe0 [ 202.428132] ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0 [ 202.434391] ? sock_common_getsockopt+0x9a/0xe0 [ 202.439064] __sys_getsockopt+0x1ad/0x390 [ 202.443237] ? kernel_setsockopt+0x1d0/0x1d0 [ 202.447647] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 202.452231] ? trace_hardirqs_on+0xbd/0x310 [ 202.456559] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.461933] ? trace_hardirqs_off_caller+0x310/0x310 [ 202.467056] __x64_sys_getsockopt+0xbe/0x150 [ 202.471468] do_syscall_64+0x1b9/0x820 2018/11/17 00:50:41 executed programs: 613 [ 202.475349] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 202.480708] ? syscall_return_slowpath+0x5e0/0x5e0 [ 202.485656] ? trace_hardirqs_on_caller+0x310/0x310 [ 202.490669] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 202.495684] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 202.502361] ? __switch_to_asm+0x40/0x70 [ 202.506448] ? __switch_to_asm+0x34/0x70 [ 202.510546] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 202.515405] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.520616] RIP: 0033:0x457569 [ 202.523818] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.542728] RSP: 002b:00007ff924e00c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 202.550444] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457569 [ 202.557718] RDX: 0000000000000009 RSI: 0000000000000084 RDI: 0000000000000006 [ 202.565000] RBP: 000000000072c180 R08: 000000002044fffc R09: 0000000000000000 [ 202.572265] R10: 0000000020a68000 R11: 0000000000000246 R12: 00007ff924e016d4 [ 202.579522] R13: 00000000004c8318 R14: 00000000004ce200 R15: 00000000ffffffff [ 202.586797] [ 202.588438] Allocated by task 12445: [ 202.592164] save_stack+0x43/0xd0 [ 202.595616] kasan_kmalloc+0xc7/0xe0 [ 202.599325] kmem_cache_alloc_trace+0x152/0x750 [ 202.603995] sctp_association_new+0x14e/0x2290 [ 202.608584] sctp_sendmsg_new_asoc+0x39c/0x11f0 [ 202.613253] sctp_sendmsg+0x18a5/0x1da0 [ 202.617238] inet_sendmsg+0x1a1/0x690 [ 202.621046] sock_sendmsg+0xd5/0x120 [ 202.624772] __sys_sendto+0x3d7/0x670 [ 202.628558] __x64_sys_sendto+0xe1/0x1a0 [ 202.632604] do_syscall_64+0x1b9/0x820 [ 202.636473] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.641645] [ 202.643266] Freed by task 12482: [ 202.646629] save_stack+0x43/0xd0 [ 202.650089] __kasan_slab_free+0x102/0x150 [ 202.654348] kasan_slab_free+0xe/0x10 [ 202.658149] kfree+0xcf/0x230 [ 202.661277] sctp_association_put+0x264/0x350 [ 202.665782] sctp_transport_put+0x186/0x1f0 [ 202.670107] sctp_hash_cmp+0x1ef/0x260 [ 202.674024] sctp_epaddr_lookup_transport+0x4fe/0xb20 [ 202.679215] sctp_endpoint_lookup_assoc+0xe0/0x290 [ 202.684160] sctp_addr_id2transport+0x1f8/0x370 [ 202.688817] sctp_getsockopt_peer_addr_params+0x17c/0x1260 [ 202.694440] sctp_getsockopt+0x44f9/0x7d32 [ 202.698667] sock_common_getsockopt+0x9a/0xe0 [ 202.703146] __sys_getsockopt+0x1ad/0x390 [ 202.707305] __x64_sys_getsockopt+0xbe/0x150 [ 202.711719] do_syscall_64+0x1b9/0x820 [ 202.715612] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.720788] [ 202.722423] The buggy address belongs to the object at ffff8881bcc98040 [ 202.722423] which belongs to the cache kmalloc-4k of size 4096 [ 202.735090] The buggy address is located 176 bytes inside of [ 202.735090] 4096-byte region [ffff8881bcc98040, ffff8881bcc99040) [ 202.747048] The buggy address belongs to the page: [ 202.751980] page:ffffea0006f32600 count:1 mapcount:0 mapping:ffff8881da800dc0 index:0x0 compound_mapcount: 0 [ 202.761941] flags: 0x2fffc0000010200(slab|head) [ 202.766596] raw: 02fffc0000010200 ffffea0006f4da88 ffffea000762dc88 ffff8881da800dc0 [ 202.774494] raw: 0000000000000000 ffff8881bcc98040 0000000100000001 0000000000000000 [ 202.782378] page dumped because: kasan: bad access detected [ 202.788094] [ 202.789710] Memory state around the buggy address: [ 202.794630] ffff8881bcc97f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 202.801985] ffff8881bcc98000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 202.809343] >ffff8881bcc98080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 202.816696] ^ [ 202.823729] ffff8881bcc98100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 202.831100] ffff8881bcc98180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 202.838457] ================================================================== [ 202.845811] Disabling lock debugging due to kernel taint [ 202.862759] Kernel panic - not syncing: panic_on_warn set ... [ 202.868832] CPU: 1 PID: 12482 Comm: syz-executor5 Tainted: G B 4.20.0-rc2+ #117 [ 202.877592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.886957] Call Trace: [ 202.889557] dump_stack+0x244/0x39d [ 202.890578] kobject: 'loop0' (000000004c58e0f6): kobject_uevent_env [ 202.893207] ? dump_stack_print_info.cold.1+0x20/0x20 [ 202.893228] panic+0x2ad/0x55c [ 202.893242] ? add_taint.cold.5+0x16/0x16 [ 202.893257] ? preempt_schedule+0x4d/0x60 [ 202.893276] ? ___preempt_schedule+0x16/0x18 [ 202.900203] kobject: 'loop0' (000000004c58e0f6): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 202.904857] ? trace_hardirqs_on+0xb4/0x310 [ 202.904884] kasan_end_report+0x47/0x4f [ 202.904898] kasan_report.cold.8+0x76/0x309 [ 202.904915] ? sctp_epaddr_lookup_transport+0xacb/0xb20 [ 202.904935] __asan_report_load8_noabort+0x14/0x20 [ 202.912493] kobject: 'loop3' (00000000e4e10794): kobject_uevent_env [ 202.916435] sctp_epaddr_lookup_transport+0xacb/0xb20 [ 202.916456] ? sctp_v4_err+0xb60/0xb60 [ 202.916471] ? zap_class+0x640/0x640 [ 202.916493] ? lock_acquire+0x1ed/0x520 [ 202.916512] ? sctp_endpoint_lookup_assoc+0x86/0x290 [ 202.921025] kobject: 'loop3' (00000000e4e10794): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 202.930340] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.930359] ? check_preemption_disabled+0x48/0x280 [ 202.930383] ? kasan_check_read+0x11/0x20 [ 202.930397] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 202.930413] ? rcu_softirq_qs+0x20/0x20 [ 202.998097] kobject: 'loop4' (00000000e1170880): kobject_uevent_env [ 203.001932] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 203.010717] kobject: 'loop4' (00000000e1170880): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 203.011333] sctp_endpoint_lookup_assoc+0xe0/0x290 [ 203.011352] sctp_addr_id2transport+0x1f8/0x370 [ 203.045857] ? sctp_getsockopt_sctp_status+0xad0/0xad0 [ 203.051170] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.056731] ? sctp_v4_is_any+0x43/0x60 [ 203.060720] sctp_getsockopt_peer_addr_params+0x17c/0x1260 [ 203.066356] ? sctp_setsockopt_primary_addr+0x290/0x290 [ 203.071729] ? __local_bh_enable_ip+0x160/0x260 [ 203.076404] sctp_getsockopt+0x44f9/0x7d32 [ 203.080669] ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0 [ 203.086927] ? print_usage_bug+0xc0/0xc0 [ 203.091003] ? __lock_acquire+0x62f/0x4c20 [ 203.095240] ? mark_held_locks+0x130/0x130 [ 203.099493] ? print_usage_bug+0xc0/0xc0 [ 203.103554] ? print_usage_bug+0xc0/0xc0 [ 203.107629] ? zap_class+0x640/0x640 [ 203.111359] ? __lock_acquire+0x62f/0x4c20 [ 203.115600] ? find_held_lock+0x36/0x1c0 [ 203.119651] ? avc_has_perm+0x469/0x7e0 [ 203.123621] ? lock_downgrade+0x900/0x900 [ 203.127810] ? check_preemption_disabled+0x48/0x280 [ 203.132825] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 203.137742] ? kasan_check_read+0x11/0x20 [ 203.141893] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 203.147167] ? rcu_softirq_qs+0x20/0x20 [ 203.151149] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.156701] ? avc_has_perm+0x55f/0x7e0 [ 203.160686] ? avc_has_perm_noaudit+0x630/0x630 [ 203.165352] ? ksys_dup3+0x680/0x680 [ 203.169097] ? find_held_lock+0x36/0x1c0 [ 203.173202] ? sock_has_perm+0x2bc/0x3e0 [ 203.177259] ? selinux_secmark_relabel_packet+0xe0/0xe0 [ 203.182605] ? perf_trace_sched_process_exec+0x860/0x860 [ 203.188051] ? posix_get_monotonic_coarse+0x2/0x20 [ 203.192983] ? trace_hardirqs_off_caller+0x310/0x310 [ 203.198108] sock_common_getsockopt+0x9a/0xe0 [ 203.202617] ? sctp_getsockopt_peeloff_common.isra.24+0x2f0/0x2f0 [ 203.208847] ? sock_common_getsockopt+0x9a/0xe0 [ 203.213519] __sys_getsockopt+0x1ad/0x390 [ 203.217668] ? kernel_setsockopt+0x1d0/0x1d0 [ 203.222062] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 203.226630] ? trace_hardirqs_on+0xbd/0x310 [ 203.230938] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.236297] ? trace_hardirqs_off_caller+0x310/0x310 [ 203.241405] __x64_sys_getsockopt+0xbe/0x150 [ 203.245811] do_syscall_64+0x1b9/0x820 [ 203.249691] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 203.255041] ? syscall_return_slowpath+0x5e0/0x5e0 [ 203.259966] ? trace_hardirqs_on_caller+0x310/0x310 [ 203.264994] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 203.270031] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 203.276703] ? __switch_to_asm+0x40/0x70 [ 203.280766] ? __switch_to_asm+0x34/0x70 [ 203.284826] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 203.289658] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.294831] RIP: 0033:0x457569 [ 203.298013] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 203.316926] RSP: 002b:00007ff924e00c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 203.324637] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457569 [ 203.331905] RDX: 0000000000000009 RSI: 0000000000000084 RDI: 0000000000000006 [ 203.339167] RBP: 000000000072c180 R08: 000000002044fffc R09: 0000000000000000 [ 203.346430] R10: 0000000020a68000 R11: 0000000000000246 R12: 00007ff924e016d4 [ 203.353694] R13: 00000000004c8318 R14: 00000000004ce200 R15: 00000000ffffffff [ 203.361921] Kernel Offset: disabled [ 203.365541] Rebooting in 86400 seconds..