[ 100.713768][ T39] audit: type=1400 audit(1575682454.541:41): avc: denied { map } for pid=8683 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:30958' (ECDSA) to the list of known hosts. [ 103.335331][ T39] audit: type=1400 audit(1575682457.161:42): avc: denied { map } for pid=8695 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2019/12/07 01:34:17 fuzzer started 2019/12/07 01:34:20 dialing manager at 10.0.2.10:33395 2019/12/07 01:34:20 syscalls: 2707 2019/12/07 01:34:20 code coverage: enabled 2019/12/07 01:34:20 comparison tracing: enabled 2019/12/07 01:34:20 extra coverage: enabled 2019/12/07 01:34:20 setuid sandbox: enabled 2019/12/07 01:34:20 namespace sandbox: enabled 2019/12/07 01:34:20 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/07 01:34:20 fault injection: enabled 2019/12/07 01:34:20 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/07 01:34:20 net packet injection: enabled 2019/12/07 01:34:20 net device setup: enabled 2019/12/07 01:34:20 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/07 01:34:20 devlink PCI setup: PCI device 0000:00:10.0 is not available 01:34:52 executing program 0: [ 139.123319][ T39] audit: type=1400 audit(1575682492.941:43): avc: denied { map } for pid=8717 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=20510 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 01:34:53 executing program 1: [ 139.770589][ T8718] IPVS: ftp: loaded support on port[0] = 21 [ 139.770603][ T8720] IPVS: ftp: loaded support on port[0] = 21 01:34:53 executing program 2: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x5010, 0x0) 01:34:53 executing program 3: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) [ 140.069379][ T8718] chnl_net:caif_netlink_parms(): no params data found [ 140.113732][ T8722] IPVS: ftp: loaded support on port[0] = 21 [ 140.196381][ T8720] chnl_net:caif_netlink_parms(): no params data found [ 140.211402][ T8718] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.223676][ T8718] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.240604][ T8718] device bridge_slave_0 entered promiscuous mode [ 140.260082][ T8718] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.273661][ T8718] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.287416][ T8718] device bridge_slave_1 entered promiscuous mode [ 140.313061][ T8726] IPVS: ftp: loaded support on port[0] = 21 [ 140.348722][ T8718] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 140.368311][ T8718] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 140.400055][ T8720] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.429914][ T8720] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.458046][ T8720] device bridge_slave_0 entered promiscuous mode [ 140.485843][ T8720] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.506064][ T8720] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.521136][ T8720] device bridge_slave_1 entered promiscuous mode [ 140.567162][ T8718] team0: Port device team_slave_0 added [ 140.577922][ T8718] team0: Port device team_slave_1 added [ 140.589685][ T8720] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 140.611685][ T8720] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 140.651295][ T8720] team0: Port device team_slave_0 added [ 140.667210][ T8720] team0: Port device team_slave_1 added [ 140.770139][ T8718] device hsr_slave_0 entered promiscuous mode [ 140.838389][ T8718] device hsr_slave_1 entered promiscuous mode [ 141.019195][ T8720] device hsr_slave_0 entered promiscuous mode [ 141.076970][ T8720] device hsr_slave_1 entered promiscuous mode [ 141.177186][ T8720] debugfs: Directory 'hsr0' with parent '/' already present! [ 141.200089][ T8722] chnl_net:caif_netlink_parms(): no params data found [ 141.272292][ T39] audit: type=1400 audit(1575682495.101:44): avc: denied { create } for pid=8718 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 141.316293][ T39] audit: type=1400 audit(1575682495.101:45): avc: denied { write } for pid=8718 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 141.316311][ T39] audit: type=1400 audit(1575682495.101:46): avc: denied { read } for pid=8718 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 141.419697][ T8718] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 141.476506][ T8722] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.489648][ T8722] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.504052][ T8722] device bridge_slave_0 entered promiscuous mode [ 141.520248][ T8722] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.533047][ T8722] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.546165][ T8722] device bridge_slave_1 entered promiscuous mode [ 141.564967][ T8718] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 141.631059][ T8718] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 141.712617][ T8718] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 141.770090][ T8720] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 141.819506][ T8720] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 141.898558][ T8720] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 141.978199][ T8726] chnl_net:caif_netlink_parms(): no params data found [ 142.002245][ T8722] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 142.020012][ T8720] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 142.117402][ T8722] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 142.163907][ T8722] team0: Port device team_slave_0 added [ 142.175506][ T8722] team0: Port device team_slave_1 added [ 142.197445][ T8726] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.209425][ T8726] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.222168][ T8726] device bridge_slave_0 entered promiscuous mode [ 142.237455][ T8726] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.251456][ T8726] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.265027][ T8726] device bridge_slave_1 entered promiscuous mode [ 142.359411][ T8722] device hsr_slave_0 entered promiscuous mode [ 142.467107][ T8722] device hsr_slave_1 entered promiscuous mode [ 142.556768][ T8722] debugfs: Directory 'hsr0' with parent '/' already present! [ 142.579998][ T8726] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 142.597356][ T8726] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 142.646011][ T8726] team0: Port device team_slave_0 added [ 142.662596][ T8726] team0: Port device team_slave_1 added [ 142.694153][ T8722] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 142.781815][ T8722] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 142.878561][ T8722] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 142.942227][ T8722] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 143.089473][ T8726] device hsr_slave_0 entered promiscuous mode [ 143.166990][ T8726] device hsr_slave_1 entered promiscuous mode [ 143.236871][ T8726] debugfs: Directory 'hsr0' with parent '/' already present! [ 143.307016][ T8726] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 143.409643][ T8726] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 143.469756][ T8726] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 143.549631][ T8726] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 143.616076][ T8720] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.633578][ T8718] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.669224][ T8733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 143.685859][ T8733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 143.700101][ T8733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 143.721070][ T8733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 143.742785][ T8718] 8021q: adding VLAN 0 to HW filter on device team0 [ 143.765667][ T8720] 8021q: adding VLAN 0 to HW filter on device team0 [ 143.785256][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 143.801243][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 143.817959][ T2588] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.831273][ T2588] bridge0: port 1(bridge_slave_0) entered forwarding state [ 143.855257][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 143.872098][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 143.888777][ T2588] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.904661][ T2588] bridge0: port 2(bridge_slave_1) entered forwarding state [ 143.924780][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 143.947792][ T8722] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.976260][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 143.992155][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 144.008748][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.021937][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.036225][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 144.050979][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 144.066190][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 144.081740][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.095120][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.108992][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 144.126479][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 144.142843][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 144.157348][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 144.172208][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 144.193696][ T8722] 8021q: adding VLAN 0 to HW filter on device team0 [ 144.213436][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 144.228358][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 144.244748][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 144.262996][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 144.280982][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 144.302566][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 144.318312][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 144.334502][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 144.349172][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 144.381120][ T8728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 144.397429][ T8728] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 144.412482][ T8728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 144.427642][ T8728] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 144.442286][ T8728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 144.460149][ T8728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 144.474776][ T8728] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.489402][ T8728] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.505983][ T8728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 144.524959][ T8728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 144.542733][ T8728] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.557521][ T8728] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.572371][ T8728] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 144.592060][ T8728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 144.610557][ T8728] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 144.627779][ T8728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 144.652271][ T8720] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 144.675292][ T8720] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 144.703416][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 144.721229][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 144.736039][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 144.753250][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 144.768693][ T3945] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 144.783076][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 144.822818][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 144.839172][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 144.854985][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 144.871085][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 144.885621][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 144.903170][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 144.918800][ T2588] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 144.938229][ T8726] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.964612][ T8726] 8021q: adding VLAN 0 to HW filter on device team0 [ 144.981522][ T8733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 144.997268][ T8733] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 145.011220][ T8733] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 145.025320][ T8733] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 145.038784][ T8733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 145.053244][ T8733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 145.073495][ T8722] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 145.094231][ T8722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 145.112043][ T8720] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 145.142692][ T8718] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 145.142890][ T39] audit: type=1400 audit(1575682498.971:47): avc: denied { associate } for pid=8720 comm="syz-executor.1" name="syz1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 145.224056][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 145.245384][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 145.259333][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 145.273625][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 145.288360][ T3016] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.304588][ T3016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 145.338601][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 145.353839][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 145.382075][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 145.405336][ T3016] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.424516][ T3016] bridge0: port 2(bridge_slave_1) entered forwarding state [ 145.444699][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 145.467502][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 145.493412][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 145.517137][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 145.536298][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 145.560527][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 145.585110][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 145.618613][ T8722] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 145.647427][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 145.666088][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 145.683479][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 145.700935][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 145.719369][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 145.734128][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 145.781265][ T8726] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 145.858962][ T8733] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 01:34:59 executing program 0: mlockall(0x1) lookup_dcookie(0x0, 0x0, 0x0) add_key$keyring(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) [ 145.921638][ T8733] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 01:34:59 executing program 1: mlockall(0x1) keyctl$search(0xa, 0x0, 0x0, 0x0, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) [ 146.022840][ T8726] 8021q: adding VLAN 0 to HW filter on device batadv0 01:34:59 executing program 2: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x5010, 0x0) 01:35:00 executing program 2: r0 = syz_open_dev$sndseq(&(0x7f0000ce9ff3)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x40605346, &(0x7f0000642fb4)={0x0, 0x0, 0x100000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfd]}) 01:35:00 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000040)=""/70, 0x46}, {0x0}, {0x0}], 0x3}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xfe72, 0x0, 0x0, 0x800e00516) shutdown(r0, 0x0) r2 = dup2(r1, r0) r3 = dup(r1) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$sock_timeval(r2, 0xffff, 0x1006, &(0x7f0000000140)={0x21190aff}, 0x10) r5 = dup2(r3, r4) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) shutdown(0xffffffffffffffff, 0x0) fstat(r6, &(0x7f00000001c0)) recvfrom$inet(r5, 0x0, 0xffffff27, 0x0, 0x0, 0x800e00512) shutdown(r4, 0x0) 01:35:00 executing program 2: r0 = syz_open_dev$sndseq(&(0x7f0000ce9ff3)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x40605346, &(0x7f0000642fb4)={0x0, 0x0, 0x100000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfd]}) 01:35:00 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) remap_file_pages(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0) [ 146.368184][ T39] audit: type=1400 audit(1575682500.191:48): avc: denied { open } for pid=8767 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 146.414579][ T8769] mmap: syz-executor.2 (8769) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 146.427373][ T39] audit: type=1400 audit(1575682500.201:49): avc: denied { kernel } for pid=8767 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 01:35:00 executing program 1: mlockall(0x1) keyctl$search(0xa, 0x0, 0x0, 0x0, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 01:35:00 executing program 0: mlockall(0x1) lookup_dcookie(0x0, 0x0, 0x0) add_key$keyring(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 01:35:00 executing program 3: mlockall(0x1) lookup_dcookie(0x0, 0x0, 0x0) add_key$keyring(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 01:35:00 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000240)="a48b12f728db4b2b5d2f2fba4fad273b1ea3e46f905080af4cf9f43b1136655aae84d1d2ce90ccb15322e200000000000000960f53691a655eb6989d32772cf2eebb1f6c785d6382fa7776ea267d32109a5633657b52873b9925f15a5b587ec8eaab2abd683c8ff8640f46e160757c496cd97afe9afbc943c0581476da2e55bac9db8afafcc7f896e6356f33", 0x8c}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 146.577784][ T39] audit: type=1400 audit(1575682500.411:50): avc: denied { read } for pid=8767 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 01:35:00 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000180)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000240)="5846534200001000000000000000100000000000000034fb8fb9e4bf48b6ad26c597eb4f5c1900000000000000040000000000000d880000000000000d890000000000000d8a000000010000100000000001000000000000035ab424027b2b745235acf0fa309300040000040000000000000000000000000000afe9a99acf5044d9ca869a539b9a68cadae63e0238425752993947759226ff67ec42e3ddca015776959e3bdacc858b8f720d47c737f53feef843b85bc72b6112867284edea4e90f7a308451e020f86b31598bc52f8c569fbe264d5aaf9e92332bbb7bd96c8181771f9f7a79c22045b8abffec1d89c168889cb09ef1af3fd9cf0802e1d0dced7b40d0f4f8bdc11666389dde1abf5b7a02841ae7fa59693989f6a66cfdd87854439939cb1bb40ab5f8cfa93c2165de26d17af54c420a3ec2177aef60e55d0004acbe7469ac02085ee437cebe3a763221ee8d916cf1725ddcff2823b6216d4b2d613ea", 0xfffffc9f}], 0x0, 0x0) 01:35:00 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() setpriority(0x2, r0, 0x0) [ 146.965551][ T8733] BUG: unable to handle page fault for address: fffff52004380000 [ 146.979343][ T4288] kobject: 'loop0' (00000000c27c4808): kobject_uevent_env [ 146.967551][ T8733] #PF: supervisor read access in kernel mode [ 146.995865][ T4288] kobject: 'loop0' (00000000c27c4808): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 146.967551][ T8733] #PF: error_code(0x0000) - not-present page [ 146.967551][ T8733] PGD 7ffcd067 P4D 7ffcd067 PUD 2cd1c067 PMD 67b24067 PTE 0 [ 146.967551][ T8733] Oops: 0000 [#1] PREEMPT SMP KASAN [ 146.967551][ T8733] CPU: 1 PID: 8733 Comm: kworker/1:3 Not tainted 5.4.0-syzkaller #0 [ 146.967551][ T8733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 146.967551][ T8733] Workqueue: xfs-buf/loop1 xfs_buf_ioend_work [ 146.967551][ T8733] RIP: 0010:xfs_sb_read_verify+0xf0/0x540 [ 146.967551][ T8733] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 18 04 00 00 4d 8b ac 24 30 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e a7 03 00 00 41 8b 75 00 bf 58 [ 146.967551][ T8733] RSP: 0018:ffffc90000d77af0 EFLAGS: 00010a06 [ 146.967551][ T8733] RAX: dffffc0000000000 RBX: 1ffff920001aef61 RCX: ffffffff82ac3676 [ 146.967551][ T8733] RDX: 1ffff92004380000 RSI: ffffffff82a8ff9b RDI: ffff888027eddda0 [ 146.967551][ T8733] RBP: ffffc90000d77cd0 R08: ffff88806564c300 R09: ffffed1005a27045 [ 146.967551][ T8733] R10: ffffed1005a27044 R11: ffff88802d138223 R12: ffff888027eddc80 [ 146.967551][ T8733] R13: ffffc90021c00000 R14: ffffc90000d77ca8 R15: ffff88806b1a6000 [ 146.967551][ T8733] FS: 0000000000000000(0000) GS:ffff88802d100000(0000) knlGS:0000000000000000 [ 146.967551][ T8733] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.967551][ T8733] CR2: fffff52004380000 CR3: 000000006f727000 CR4: 0000000000340ee0 [ 146.967551][ T8733] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 146.967551][ T8733] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 146.967551][ T8733] Call Trace: [ 146.967551][ T8733] ? xfs_sb_write_verify+0x470/0x470 [ 146.967551][ T8733] ? __kasan_check_read+0x11/0x20 [ 146.967551][ T8733] ? mark_lock+0xc2/0x1220 [ 146.967551][ T8733] ? __kasan_check_read+0x11/0x20 [ 146.967551][ T8733] ? __lock_acquire+0x16f2/0x4a00 [ 146.967551][ T8733] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 146.967551][ T8733] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 146.967551][ T8733] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 146.967551][ T8733] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 146.967551][ T8733] xfs_buf_ioend+0x3f9/0xde0 [ 146.967551][ T8733] ? trace_hardirqs_on+0x67/0x240 [ 146.967551][ T8733] xfs_buf_ioend_work+0x19/0x20 [ 146.967551][ T8733] process_one_work+0x9af/0x1740 [ 146.967551][ T8733] ? pwq_dec_nr_in_flight+0x320/0x320 [ 146.967551][ T8733] ? lock_acquire+0x190/0x410 [ 146.967551][ T8733] worker_thread+0x98/0xe40 [ 146.967551][ T8733] ? trace_hardirqs_on+0x67/0x240 [ 146.967551][ T8733] kthread+0x361/0x430 [ 146.967551][ T8733] ? process_one_work+0x1740/0x1740 [ 146.967551][ T8733] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 146.967551][ T8733] ret_from_fork+0x24/0x30 [ 146.967551][ T8733] Modules linked in: [ 146.967551][ T8733] CR2: fffff52004380000 [ 146.967551][ T8733] ---[ end trace b195bc0c7d3be107 ]--- [ 146.967551][ T8733] RIP: 0010:xfs_sb_read_verify+0xf0/0x540 [ 146.967551][ T8733] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 18 04 00 00 4d 8b ac 24 30 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e a7 03 00 00 41 8b 75 00 bf 58 [ 146.967551][ T8733] RSP: 0018:ffffc90000d77af0 EFLAGS: 00010a06 [ 146.967551][ T8733] RAX: dffffc0000000000 RBX: 1ffff920001aef61 RCX: ffffffff82ac3676 [ 146.967551][ T8733] RDX: 1ffff92004380000 RSI: ffffffff82a8ff9b RDI: ffff888027eddda0 [ 146.967551][ T8733] RBP: ffffc90000d77cd0 R08: ffff88806564c300 R09: ffffed1005a27045 [ 146.967551][ T8733] R10: ffffed1005a27044 R11: ffff88802d138223 R12: ffff888027eddc80 [ 146.967551][ T8733] R13: ffffc90021c00000 R14: ffffc90000d77ca8 R15: ffff88806b1a6000 [ 146.967551][ T8733] FS: 0000000000000000(0000) GS:ffff88802d100000(0000) knlGS:0000000000000000 [ 146.967551][ T8733] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.967551][ T8733] CR2: fffff52004380000 CR3: 000000006f727000 CR4: 0000000000340ee0 [ 146.967551][ T8733] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 146.967551][ T8733] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 146.967551][ T8733] Kernel panic - not syncing: Fatal exception [ 146.967551][ T8733] Kernel Offset: disabled [ 146.967551][ T8733] Rebooting in 86400 seconds..