Warning: Permanently added '[localhost]:9726' (ECDSA) to the list of known hosts. [ 110.567904][ T38] audit: type=1400 audit(1575619945.996:42): avc: denied { map } for pid=8943 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2019/12/06 08:12:26 fuzzer started 2019/12/06 08:12:28 dialing manager at 10.0.2.10:34093 2019/12/06 08:12:28 syscalls: 2707 2019/12/06 08:12:28 code coverage: enabled 2019/12/06 08:12:28 comparison tracing: enabled 2019/12/06 08:12:28 extra coverage: enabled 2019/12/06 08:12:28 setuid sandbox: enabled 2019/12/06 08:12:28 namespace sandbox: enabled 2019/12/06 08:12:28 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/06 08:12:28 fault injection: enabled 2019/12/06 08:12:28 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/06 08:12:28 net packet injection: enabled 2019/12/06 08:12:28 net device setup: enabled 2019/12/06 08:12:28 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/06 08:12:28 devlink PCI setup: PCI device 0000:00:10.0 is not available 08:13:03 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x1) ioctl$TCFLSH(r0, 0x8925, 0x0) [ 147.919828][ T38] audit: type=1400 audit(1575619983.346:43): avc: denied { map } for pid=8965 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=2104 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 148.664492][ T8966] IPVS: ftp: loaded support on port[0] = 21 08:13:04 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) r0 = open(0x0, 0x141042, 0x0) write$FUSE_POLL(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002f80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000740)=""/4096, 0x1000}], 0x1, &(0x7f0000001b00)=""/185, 0xb9}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) accept4(r0, &(0x7f00000002c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, &(0x7f0000000340)=0x80, 0x80000) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, &(0x7f0000000380)="251aff089ed89c9567e3830f53e44191d6193f0f5756942114bf11d8ea48a57773dee5a24e3edc6e6d28f6e77f8277ea14bdccf1ed25e30c8a9434db6f1556b7be5f4fa9b6955d50c0bc8f1a2235f2757a0c1d68e76c7ef5108391a44f1cf61bc722294e2715b4ea2619d6b67587097f1ed7fb5550978732a8ada64393454d27e3c68e51d2c0e6c289a4f7c46080d54fb6f7e2b498ed82928a3eebbd9eb898198c8c934f7dd91fbc8a2e1dddc51203d37e66049937c78bd99232b2d27b26a307af3aa683c20f3e8b636f3c1cf329931f7b2fb875ed729617cb08a88da5be258f5db08625f2aacc1715edf8ab2fd768dc430f244211ef00") r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/protocols\x00') preadv(r2, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) creat(0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) socket$inet6(0xa, 0x0, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0xa) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)=0xaa850ab34c804c98) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)=0xaa850ab34c804c98) io_setup(0x8, &(0x7f00000004c0)) [ 149.165547][ T8966] chnl_net:caif_netlink_parms(): no params data found [ 149.293075][ T8966] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.332746][ T8966] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.401541][ T8966] device bridge_slave_0 entered promiscuous mode [ 149.460940][ T8966] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.491889][ T8966] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.523141][ T8966] device bridge_slave_1 entered promiscuous mode [ 149.606028][ T8966] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 149.687652][ T8966] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 149.771054][ T8969] IPVS: ftp: loaded support on port[0] = 21 [ 149.843029][ T8966] team0: Port device team_slave_0 added [ 149.876711][ T8966] team0: Port device team_slave_1 added [ 150.146363][ T8966] device hsr_slave_0 entered promiscuous mode 08:13:05 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syslog(0x0, 0x0, 0x0) [ 150.553258][ T8966] device hsr_slave_1 entered promiscuous mode [ 150.858616][ T8972] IPVS: ftp: loaded support on port[0] = 21 [ 150.969561][ T38] audit: type=1400 audit(1575619986.396:44): avc: denied { create } for pid=8966 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 151.069442][ T38] audit: type=1400 audit(1575619986.396:45): avc: denied { write } for pid=8966 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 151.167229][ T38] audit: type=1400 audit(1575619986.406:46): avc: denied { read } for pid=8966 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 151.224170][ T8966] netdevsim netdevsim0 netdevsim0: renamed from eth0 08:13:06 executing program 3: r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000010000001809"], 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000380)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$nV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\xc6\x96Y\xf7\xd3`\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/376) write$apparmor_exec(r1, &(0x7f0000000600)={'\x9bH\x1b%P\x0e\x06C\xc3MY\x1d\x9b9%\a\x16\xb1\x9b=cy\xeaU\x0e3\\C6\x9bmwH_\xcb\xaa\xc7\xa6\x10&\xb0A\tim\x9bL\xd21\xd2\xbe\xddEf \xa0\xa6v\xf7\xe7\x89\xec\xbf\xc8\x97\xb37\xf0\x10\xcd\xd9\xaf;\xec\xccT\x9e\xe0\xbaw3\xc4K\v\x0e\xca\xdb\xa5\xe6\x91\xdc\x8d3\xf8\xec/\xa4U\x87\x02g\x06k\x9fW[.c\xb1\xd4y\xd4\xca=\f\xd8Q[\xacb\xa3f4\x9el\x90\x878[\x00\xd9\x04\x1a\xa6\xa4\x17\xa6(\x05tl\x17\xef\x1bU\xfbD\xec\x88\xd4\xa0&\xdb\x95wp\xfb\x01[\x8c\xc4(\xbb)\xf3\xa9\x1b\tt\xd3W\x11t\x1f\xa4n\xfd:\x90${\xc5\x16\xa5\x96\x88\xc78\xc0g\xb9\xbe\xbd1\x11}\x8d\'\x15+\xfe\x91\xed\x1e\xeb]\xfa\x9dS\xe6\x12\x9f\r\xc8\x81\xca\xd9\f\xfd\xc8/\xb99\xaa\x1a\r\x92\xae\xb6\xd2\xb8\xb7\f[\xd8y\xc6O\xcfE\xb4\xe6\x16\x1fT\x1e\x9b\x9c\f\x8d\xed1\x96\"\x83\x98\xb1S`\xc7\'\xc2\xbf\xb7', 'fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x9b\x0fJ\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'}, 0x50f) [ 151.388272][ T8966] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 151.490740][ T8966] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 151.602931][ T8966] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 151.731517][ T8974] IPVS: ftp: loaded support on port[0] = 21 [ 151.804729][ T8969] chnl_net:caif_netlink_parms(): no params data found [ 151.868067][ T8969] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.893621][ T8969] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.913210][ T8969] device bridge_slave_0 entered promiscuous mode [ 151.932693][ T8969] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.950386][ T8969] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.966203][ T8969] device bridge_slave_1 entered promiscuous mode [ 152.057580][ T8969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 152.087486][ T8969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 152.146272][ T8969] team0: Port device team_slave_0 added [ 152.173532][ T8972] chnl_net:caif_netlink_parms(): no params data found [ 152.233511][ T8969] team0: Port device team_slave_1 added [ 152.352533][ T8969] device hsr_slave_0 entered promiscuous mode [ 152.421136][ T8969] device hsr_slave_1 entered promiscuous mode [ 152.480290][ T8969] debugfs: Directory 'hsr0' with parent '/' already present! [ 152.523439][ T8972] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.546332][ T8972] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.563360][ T8972] device bridge_slave_0 entered promiscuous mode [ 152.578860][ T8972] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.594305][ T8972] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.614199][ T8972] device bridge_slave_1 entered promiscuous mode [ 152.702886][ T8972] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 152.740698][ T8974] chnl_net:caif_netlink_parms(): no params data found [ 152.802360][ T8972] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 152.838566][ T8972] team0: Port device team_slave_0 added [ 152.859432][ T8972] team0: Port device team_slave_1 added [ 152.880690][ T8969] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 152.940880][ T8969] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 153.037143][ T8969] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 153.132223][ T8969] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 153.258279][ T8974] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.271187][ T8974] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.287760][ T8974] device bridge_slave_0 entered promiscuous mode [ 153.306052][ T8974] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.319297][ T8974] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.337096][ T8974] device bridge_slave_1 entered promiscuous mode [ 153.422697][ T8972] device hsr_slave_0 entered promiscuous mode [ 153.491365][ T8972] device hsr_slave_1 entered promiscuous mode [ 153.550655][ T8972] debugfs: Directory 'hsr0' with parent '/' already present! [ 153.594720][ T8974] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 153.626927][ T8974] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 153.660433][ T8966] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.703800][ T8966] 8021q: adding VLAN 0 to HW filter on device team0 [ 153.731793][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 153.753253][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 153.797343][ T8972] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 153.902900][ T8972] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 153.987907][ T8974] team0: Port device team_slave_0 added [ 154.012715][ T8972] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 154.096802][ T8974] team0: Port device team_slave_1 added [ 154.117923][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 154.133193][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 154.147028][ T3880] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.157044][ T3880] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.177406][ T8972] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 154.252818][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 154.267959][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 154.286223][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 154.324380][ T18] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.349634][ T18] bridge0: port 2(bridge_slave_1) entered forwarding state [ 154.452734][ T8974] device hsr_slave_0 entered promiscuous mode [ 154.540516][ T8974] device hsr_slave_1 entered promiscuous mode [ 154.610469][ T8974] debugfs: Directory 'hsr0' with parent '/' already present! [ 154.634611][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 154.663680][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 154.676579][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 154.692525][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 154.713781][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 154.738735][ T8966] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 154.760283][ T8966] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 154.789088][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 154.808927][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 154.824328][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 154.842386][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 154.863134][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 154.890297][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 154.905793][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 154.930590][ T8969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 154.975744][ T8974] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 155.044766][ T8974] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 155.131289][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 155.175961][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 155.217705][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 155.251060][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 155.282697][ T8974] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 155.353868][ T8974] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 155.442312][ T8966] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 155.473707][ T8969] 8021q: adding VLAN 0 to HW filter on device team0 [ 155.513528][ T38] audit: type=1400 audit(1575619990.946:47): avc: denied { associate } for pid=8966 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 155.593998][ T8979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 155.613759][ T8979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 155.632116][ T8979] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.646385][ T8979] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.661804][ T8979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 155.685260][ T8979] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 155.709052][ T8979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 155.724389][ T8979] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.738260][ T8979] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.773297][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 155.798553][ T8972] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.823446][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 155.877033][ T2590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 155.903362][ T2590] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 155.958684][ T2590] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 155.995455][ T2590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 156.027679][ T2590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 156.073071][ T2590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 156.116055][ T2590] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 156.150630][ T2590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 156.185782][ T2590] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 156.227210][ T8972] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.252237][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 156.279928][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 156.317938][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.354780][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.403992][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 156.460151][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 156.505668][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.536147][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.566493][ T58] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 156.583382][ T8974] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.630753][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 156.650174][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 156.676973][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 156.693573][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 156.709444][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 156.721984][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 156.738400][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 156.757235][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 156.774295][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 156.793541][ T8969] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 156.813369][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 156.826600][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 156.846293][ T8974] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.866338][ T8972] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 156.882224][ T8972] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 156.893977][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 156.902764][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 156.923846][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 156.935225][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 156.953130][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 156.967184][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 156.977260][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.988707][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.006667][ T3940] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 157.017684][ T3940] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 157.027482][ T3940] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 157.037885][ T3940] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 157.052476][ T3940] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 157.065113][ T3940] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.074626][ T3940] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.108966][ T8979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 157.119596][ T8979] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 157.131932][ T8979] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 157.154682][ T8969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.174912][ T8972] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.192426][ T8979] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 157.203067][ T8979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 157.213597][ T8979] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 157.234816][ T8979] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 157.245942][ T8979] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 157.256443][ T8979] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 157.267547][ T8979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 157.279069][ T8979] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 157.294302][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 157.308096][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 157.324613][ T8974] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 157.359687][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 08:13:12 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x1) ioctl$TCFLSH(r0, 0x8925, 0x0) [ 157.416419][ T38] audit: type=1400 audit(1575619992.846:48): avc: denied { open } for pid=9008 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 157.442081][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 157.473097][ T8974] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.476165][ T38] audit: type=1400 audit(1575619992.846:49): avc: denied { kernel } for pid=9008 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 157.506012][ T38] audit: type=1400 audit(1575619992.926:50): avc: denied { syslog } for pid=9007 comm="syz-executor.2" capability=34 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 08:13:13 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x1) ioctl$TCFLSH(r0, 0x8925, 0x0) [ 158.057984][ C0] hrtimer: interrupt took 24753 ns 08:14:03 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x1) ioctl$TCFLSH(r0, 0x8925, 0x0) 08:14:03 executing program 2: semctl$IPC_INFO(0x0, 0x4, 0x3, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) r0 = semget$private(0x0, 0x6, 0x0) semop(r0, &(0x7f00000000c0)=[{0x0, 0x4}, {0x3}], 0x2) semctl$IPC_RMID(r0, 0x0, 0x0) semctl$IPC_INFO(r0, 0x4, 0x3, 0x0) semctl$IPC_RMID(r0, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) creat(&(0x7f0000000300)='./file0\x00', 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='devpts\x00', 0x0, &(0x7f00000001c0)='/selinux/policy\x00') r1 = gettid() tkill(r1, 0x3c) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x66db}, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clock_gettime(0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000059, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000d84000), 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x2401889c, &(0x7f0000b63fe4)={0xa, 0x0, 0x20000}, 0x1c) socket$netlink(0x10, 0x3, 0xa) fcntl$setpipe(r4, 0x407, 0x2) 08:14:03 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) r0 = open(0x0, 0x141042, 0x0) write$FUSE_POLL(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002f80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000740)=""/4096, 0x1000}], 0x1, &(0x7f0000001b00)=""/185, 0xb9}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) accept4(r0, &(0x7f00000002c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, &(0x7f0000000340)=0x80, 0x80000) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, &(0x7f0000000380)="251aff089ed89c9567e3830f53e44191d6193f0f5756942114bf11d8ea48a57773dee5a24e3edc6e6d28f6e77f8277ea14bdccf1ed25e30c8a9434db6f1556b7be5f4fa9b6955d50c0bc8f1a2235f2757a0c1d68e76c7ef5108391a44f1cf61bc722294e2715b4ea2619d6b67587097f1ed7fb5550978732a8ada64393454d27e3c68e51d2c0e6c289a4f7c46080d54fb6f7e2b498ed82928a3eebbd9eb898198c8c934f7dd91fbc8a2e1dddc51203d37e66049937c78bd99232b2d27b26a307af3aa683c20f3e8b636f3c1cf329931f7b2fb875ed729617cb08a88da5be258f5db08625f2aacc1715edf8ab2fd768dc430f244211ef00") r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/protocols\x00') preadv(r2, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) creat(0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) socket$inet6(0xa, 0x0, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0xa) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)=0xaa850ab34c804c98) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)=0xaa850ab34c804c98) io_setup(0x8, &(0x7f00000004c0)) [ 208.423754][ T38] audit: type=1804 audit(1575620043.836:51): pid=9055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/" dev="sda1" ino=2328 res=1 [ 208.581273][ T9069] devpts: called with bogus options 08:14:04 executing program 3: r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000010000001809"], 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000380)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$nV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\xc6\x96Y\xf7\xd3`\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/376) write$apparmor_exec(r1, &(0x7f0000000600)={'\x9bH\x1b%P\x0e\x06C\xc3MY\x1d\x9b9%\a\x16\xb1\x9b=cy\xeaU\x0e3\\C6\x9bmwH_\xcb\xaa\xc7\xa6\x10&\xb0A\tim\x9bL\xd21\xd2\xbe\xddEf \xa0\xa6v\xf7\xe7\x89\xec\xbf\xc8\x97\xb37\xf0\x10\xcd\xd9\xaf;\xec\xccT\x9e\xe0\xbaw3\xc4K\v\x0e\xca\xdb\xa5\xe6\x91\xdc\x8d3\xf8\xec/\xa4U\x87\x02g\x06k\x9fW[.c\xb1\xd4y\xd4\xca=\f\xd8Q[\xacb\xa3f4\x9el\x90\x878[\x00\xd9\x04\x1a\xa6\xa4\x17\xa6(\x05tl\x17\xef\x1bU\xfbD\xec\x88\xd4\xa0&\xdb\x95wp\xfb\x01[\x8c\xc4(\xbb)\xf3\xa9\x1b\tt\xd3W\x11t\x1f\xa4n\xfd:\x90${\xc5\x16\xa5\x96\x88\xc78\xc0g\xb9\xbe\xbd1\x11}\x8d\'\x15+\xfe\x91\xed\x1e\xeb]\xfa\x9dS\xe6\x12\x9f\r\xc8\x81\xca\xd9\f\xfd\xc8/\xb99\xaa\x1a\r\x92\xae\xb6\xd2\xb8\xb7\f[\xd8y\xc6O\xcfE\xb4\xe6\x16\x1fT\x1e\x9b\x9c\f\x8d\xed1\x96\"\x83\x98\xb1S`\xc7\'\xc2\xbf\xb7', 'fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x9b\x0fJ\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'}, 0x50f) [ 208.695657][ T38] audit: type=1804 audit(1575620044.126:52): pid=9081 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/" dev="sda1" ino=2328 res=1 08:14:04 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000ab4000/0x1000)=nil, 0x1000, 0x2, 0x8972, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000a62000/0x1000)=nil, 0x200000, 0x10200000008) [ 208.806402][ T9069] ================================================================== [ 208.835496][ T9069] BUG: KASAN: slab-out-of-bounds in pipe_write+0xe30/0x1000 [ 208.843492][ T38] audit: type=1400 audit(1575620044.226:53): avc: denied { create } for pid=9060 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_fib_lookup_socket permissive=1 [ 208.843164][ T9069] Write of size 8 at addr ffff88800f111fa8 by task syz-executor.2/9069 [ 208.843164][ T9069] [ 208.843164][ T9069] CPU: 2 PID: 9069 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 208.843164][ T9069] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 208.843164][ T9069] Call Trace: [ 208.843164][ T9069] dump_stack+0x197/0x210 [ 208.843164][ T9069] ? pipe_write+0xe30/0x1000 [ 208.843164][ T9069] print_address_description.constprop.0.cold+0xd4/0x30b [ 208.843164][ T9069] ? pipe_write+0xe30/0x1000 [ 208.843164][ T9069] ? pipe_write+0xe30/0x1000 [ 208.843164][ T9069] __kasan_report.cold+0x1b/0x41 [ 208.843164][ T9069] ? pipe_write+0xe30/0x1000 [ 208.843164][ T9069] kasan_report+0x12/0x20 [ 208.843164][ T9069] __asan_report_store8_noabort+0x17/0x20 [ 208.843164][ T9069] pipe_write+0xe30/0x1000 [ 208.843164][ T9069] new_sync_write+0x4d3/0x770 [ 208.843164][ T9069] ? new_sync_read+0x800/0x800 [ 208.843164][ T9069] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.843164][ T9069] ? security_file_permission+0x8f/0x380 [ 208.843164][ T9069] __vfs_write+0xe1/0x110 [ 208.843164][ T9069] vfs_write+0x268/0x5d0 [ 208.843164][ T9069] ksys_write+0x220/0x290 [ 208.843164][ T9069] ? __ia32_sys_read+0xb0/0xb0 [ 208.843164][ T9069] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 208.843164][ T9069] ? do_syscall_64+0x26/0x790 [ 208.843164][ T9069] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.843164][ T9069] ? do_syscall_64+0x26/0x790 [ 208.843164][ T9069] __x64_sys_write+0x73/0xb0 [ 208.843164][ T9069] do_syscall_64+0xfa/0x790 [ 208.843164][ T9069] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.843164][ T9069] RIP: 0033:0x45a759 [ 208.843164][ T9069] Code: bd b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 208.843164][ T9069] RSP: 002b:00007f47c3885c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 208.843164][ T9069] RAX: ffffffffffffffda RBX: 000000000072bf00 RCX: 000000000045a759 [ 208.843164][ T9069] RDX: 0000000041395527 RSI: 0000000020000340 RDI: 0000000000000005 [ 208.843164][ T9069] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 208.843164][ T9069] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47c38866d4 [ 208.843164][ T9069] R13: 00000000004ae96a R14: 00000000006f8b90 R15: 00000000ffffffff [ 208.843164][ T9069] [ 208.843164][ T9069] Allocated by task 9085: [ 208.941954][ T9051] kobject: 'rx-0' (000000008adfd000): auto cleanup 'remove' event [ 208.910588][ T9069] save_stack+0x23/0x90 [ 208.910588][ T9069] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 208.910588][ T9069] kasan_kmalloc+0x9/0x10 [ 208.910588][ T9069] __kmalloc+0x163/0x770 [ 208.910588][ T9069] pipe_fcntl+0x3f7/0x8e0 [ 208.910588][ T9069] do_fcntl+0x255/0x1030 [ 208.910588][ T9069] __x64_sys_fcntl+0x16d/0x1e0 [ 208.910588][ T9069] do_syscall_64+0xfa/0x790 [ 208.910588][ T9069] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.910588][ T9069] [ 208.910588][ T9069] Freed by task 0: [ 208.910588][ T9069] (stack is not available) [ 208.910588][ T9069] [ 208.910588][ T9069] The buggy address belongs to the object at ffff88800f111f80 [ 208.910588][ T9069] which belongs to the cache kmalloc-64(49:syz2) of size 64 [ 208.910588][ T9069] The buggy address is located 40 bytes inside of [ 208.910588][ T9069] 64-byte region [ffff88800f111f80, ffff88800f111fc0) [ 208.910588][ T9069] The buggy address belongs to the page: [ 208.910588][ T9069] page:ffffea00003c4440 refcount:1 mapcount:0 mapping:ffff88801cfa1c40 index:0x0 [ 208.967814][ T9051] kobject: 'rx-0' (000000008adfd000): kobject_uevent_env [ 208.910588][ T9069] raw: 00fffe0000000200 ffff88802a6aec48 ffff88802a6aec48 ffff88801cfa1c40 [ 208.910588][ T9069] raw: 0000000000000000 ffff88800f111000 0000000100000020 0000000000000000 [ 208.977155][ T9051] kobject: 'rx-0' (000000008adfd000): fill_kobj_path: path = '/devices/virtual/net/sl0/queues/rx-0' [ 208.979977][ T9069] page dumped because: kasan: bad access detected [ 208.979977][ T9069] [ 208.979977][ T9069] Memory state around the buggy address: [ 208.979977][ T9069] ffff88800f111e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 208.979977][ T9069] ffff88800f111f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 208.979977][ T9069] >ffff88800f111f80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 208.979977][ T9069] ^ [ 208.979977][ T9069] ffff88800f112000: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 208.979977][ T9069] ffff88800f112080: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 208.979977][ T9069] ================================================================== [ 208.979977][ T9069] Disabling lock debugging due to kernel taint [ 208.986628][ T9069] Kernel panic - not syncing: panic_on_warn set ... [ 209.013354][ T9051] kobject: 'rx-0' (000000008adfd000): auto cleanup kobject_del [ 209.000032][ T9069] CPU: 2 PID: 9069 Comm: syz-executor.2 Tainted: G B 5.4.0-syzkaller #0 [ 209.000032][ T9069] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 209.000032][ T9069] Call Trace: [ 209.000032][ T9069] dump_stack+0x197/0x210 [ 209.000032][ T9069] panic+0x2e3/0x75c [ 209.000032][ T9069] ? add_taint.cold+0x16/0x16 [ 209.000032][ T9069] ? pipe_write+0xe30/0x1000 [ 209.000032][ T9069] ? preempt_schedule+0x4b/0x60 [ 209.000032][ T9069] ? ___preempt_schedule+0x16/0x18 [ 209.000032][ T9069] ? trace_hardirqs_on+0x5e/0x240 [ 209.000032][ T9069] ? pipe_write+0xe30/0x1000 [ 209.026445][ T9051] kobject: 'rx-0' (000000008adfd000): calling ktype release [ 209.000032][ T9069] end_report+0x47/0x4f [ 209.000032][ T9069] ? pipe_write+0xe30/0x1000 [ 209.000032][ T9069] __kasan_report.cold+0xe/0x41 [ 209.000032][ T9069] ? pipe_write+0xe30/0x1000 [ 209.000032][ T9069] kasan_report+0x12/0x20 [ 209.000032][ T9069] __asan_report_store8_noabort+0x17/0x20 [ 209.000032][ T9069] pipe_write+0xe30/0x1000 [ 209.000032][ T9069] new_sync_write+0x4d3/0x770 [ 209.000032][ T9069] ? new_sync_read+0x800/0x800 [ 209.000032][ T9069] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 209.000032][ T9069] ? security_file_permission+0x8f/0x380 [ 209.000032][ T9069] __vfs_write+0xe1/0x110 [ 209.000032][ T9069] vfs_write+0x268/0x5d0 [ 209.000032][ T9069] ksys_write+0x220/0x290 [ 209.000032][ T9069] ? __ia32_sys_read+0xb0/0xb0 [ 209.000032][ T9069] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 209.000032][ T9069] ? do_syscall_64+0x26/0x790 [ 209.000032][ T9069] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 209.000032][ T9069] ? do_syscall_64+0x26/0x790 [ 209.000032][ T9069] __x64_sys_write+0x73/0xb0 [ 209.000032][ T9069] do_syscall_64+0xfa/0x790 [ 209.046404][ T9051] kobject: 'rx-0': free name [ 209.000032][ T9069] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 209.000032][ T9069] RIP: 0033:0x45a759 [ 209.000032][ T9069] Code: bd b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 209.000032][ T9069] RSP: 002b:00007f47c3885c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 209.000032][ T9069] RAX: ffffffffffffffda RBX: 000000000072bf00 RCX: 000000000045a759 [ 209.000032][ T9069] RDX: 0000000041395527 RSI: 0000000020000340 RDI: 0000000000000005 [ 209.000032][ T9069] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 209.000032][ T9069] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47c38866d4 [ 209.000032][ T9069] R13: 00000000004ae96a R14: 00000000006f8b90 R15: 00000000ffffffff [ 209.000032][ T9069] Kernel Offset: disabled [ 209.000032][ T9069] Rebooting in 86400 seconds..