G[ ok [39;[ 73.335300][ T25] audit: type=1800 audit(1575254622.609:40): pid=9726 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 49m8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 75.574693][ T25] audit: type=1400 audit(1575254624.859:41): avc: denied { map } for pid=9902 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.1.15' (ECDSA) to the list of known hosts. [ 82.242466][ T25] audit: type=1400 audit(1575254631.529:42): avc: denied { map } for pid=9914 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16480 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/12/02 02:43:51 parsed 1 programs [ 83.883119][ T25] audit: type=1400 audit(1575254633.169:43): avc: denied { map } for pid=9914 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=19129 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/12/02 02:43:53 executed programs: 0 [ 84.725302][ T9935] IPVS: ftp: loaded support on port[0] = 21 [ 84.740618][ T9943] IPVS: ftp: loaded support on port[0] = 21 [ 84.750943][ T9939] IPVS: ftp: loaded support on port[0] = 21 [ 84.764021][ T9942] IPVS: ftp: loaded support on port[0] = 21 [ 84.765027][ T9944] IPVS: ftp: loaded support on port[0] = 21 [ 84.788393][ T9936] IPVS: ftp: loaded support on port[0] = 21 [ 85.076316][ T9939] chnl_net:caif_netlink_parms(): no params data found [ 85.111538][ T9942] chnl_net:caif_netlink_parms(): no params data found [ 85.166447][ T9944] chnl_net:caif_netlink_parms(): no params data found [ 85.195533][ T9943] chnl_net:caif_netlink_parms(): no params data found [ 85.250528][ T9942] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.258329][ T9942] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.266954][ T9942] device bridge_slave_0 entered promiscuous mode [ 85.277990][ T9939] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.285088][ T9939] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.293870][ T9939] device bridge_slave_0 entered promiscuous mode [ 85.337984][ T9942] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.345049][ T9942] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.354020][ T9942] device bridge_slave_1 entered promiscuous mode [ 85.373239][ T9939] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.380411][ T9939] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.388712][ T9939] device bridge_slave_1 entered promiscuous mode [ 85.411052][ T9944] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.418283][ T9944] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.426599][ T9944] device bridge_slave_0 entered promiscuous mode [ 85.443256][ T9944] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.451155][ T9944] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.459887][ T9944] device bridge_slave_1 entered promiscuous mode [ 85.527373][ T9935] chnl_net:caif_netlink_parms(): no params data found [ 85.540013][ T9939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.550114][ T9943] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.558156][ T9943] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.566455][ T9943] device bridge_slave_0 entered promiscuous mode [ 85.575150][ T9942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.587219][ T9944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.597380][ T9936] chnl_net:caif_netlink_parms(): no params data found [ 85.612718][ T9939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.623192][ T9943] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.631197][ T9943] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.639401][ T9943] device bridge_slave_1 entered promiscuous mode [ 85.648962][ T9942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.661951][ T9944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.726504][ T9944] team0: Port device team_slave_0 added [ 85.742597][ T9944] team0: Port device team_slave_1 added [ 85.767648][ T9942] team0: Port device team_slave_0 added [ 85.780968][ T9939] team0: Port device team_slave_0 added [ 85.798390][ T9943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.813029][ T9942] team0: Port device team_slave_1 added [ 85.833099][ T9939] team0: Port device team_slave_1 added [ 85.850896][ T9943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.878021][ T9936] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.885085][ T9936] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.893396][ T9936] device bridge_slave_0 entered promiscuous mode [ 85.902589][ T9936] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.909812][ T9936] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.918011][ T9936] device bridge_slave_1 entered promiscuous mode [ 85.959574][ T9944] device hsr_slave_0 entered promiscuous mode [ 86.006582][ T9944] device hsr_slave_1 entered promiscuous mode [ 86.060293][ T9935] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.067692][ T9935] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.075450][ T9935] device bridge_slave_0 entered promiscuous mode [ 86.119487][ T9943] team0: Port device team_slave_0 added [ 86.169299][ T9942] device hsr_slave_0 entered promiscuous mode [ 86.206308][ T9942] device hsr_slave_1 entered promiscuous mode [ 86.245969][ T9942] debugfs: Directory 'hsr0' with parent '/' already present! [ 86.253997][ T9935] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.262310][ T9935] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.273831][ T9935] device bridge_slave_1 entered promiscuous mode [ 86.289424][ T9936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.301820][ T9943] team0: Port device team_slave_1 added [ 86.369215][ T9939] device hsr_slave_0 entered promiscuous mode [ 86.436051][ T9939] device hsr_slave_1 entered promiscuous mode [ 86.515815][ T9939] debugfs: Directory 'hsr0' with parent '/' already present! [ 86.528162][ T9936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.551392][ T9935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.596490][ T9935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.657837][ T9943] device hsr_slave_0 entered promiscuous mode [ 86.706352][ T9943] device hsr_slave_1 entered promiscuous mode [ 86.755857][ T9943] debugfs: Directory 'hsr0' with parent '/' already present! [ 86.788147][ T9936] team0: Port device team_slave_0 added [ 86.809414][ T25] audit: type=1400 audit(1575254636.099:44): avc: denied { create } for pid=9942 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 86.842944][ T9942] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 86.850877][ T25] audit: type=1400 audit(1575254636.129:45): avc: denied { write } for pid=9942 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 86.875868][ T25] audit: type=1400 audit(1575254636.129:46): avc: denied { read } for pid=9942 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 86.992615][ T9942] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 87.062213][ T9942] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 87.120263][ T9936] team0: Port device team_slave_1 added [ 87.147946][ T9935] team0: Port device team_slave_0 added [ 87.153802][ T9939] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 87.210743][ T9939] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 87.259693][ T9942] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 87.325890][ T9944] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 87.378443][ T9935] team0: Port device team_slave_1 added [ 87.384244][ T9944] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 87.434755][ T9944] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 87.487212][ T9939] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 87.538579][ T9939] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 87.629594][ T9936] device hsr_slave_0 entered promiscuous mode [ 87.686388][ T9936] device hsr_slave_1 entered promiscuous mode [ 87.725846][ T9936] debugfs: Directory 'hsr0' with parent '/' already present! [ 87.743535][ T9944] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 87.819781][ T9943] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 87.858098][ T9943] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 87.903258][ T9943] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 87.958681][ T9943] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 88.068159][ T9935] device hsr_slave_0 entered promiscuous mode [ 88.116386][ T9935] device hsr_slave_1 entered promiscuous mode [ 88.175973][ T9935] debugfs: Directory 'hsr0' with parent '/' already present! [ 88.260950][ T9935] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.328934][ T9935] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.411076][ T9935] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.497911][ T9936] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.561615][ T9935] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.640381][ T9936] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.688625][ T9936] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.733305][ T9936] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.820977][ T9942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.878664][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 88.889444][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 88.912258][ T9942] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.936853][ T9944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.973105][ T3519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 88.984336][ T3519] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 88.993522][ T3519] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.001188][ T3519] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.010639][ T3519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.019667][ T3519] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.028774][ T3519] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.036027][ T3519] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.043680][ T3519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 89.051732][ T3519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 89.063455][ T9939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.096096][ T9944] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.117010][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 89.125290][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 89.134914][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 89.143631][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 89.153893][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 89.162478][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 89.171534][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 89.180319][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 89.188934][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 89.198036][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 89.210934][ T9943] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.234621][ T9935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.246482][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.255312][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.264606][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.271792][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.282649][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 89.291838][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 89.310148][ T9942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 89.340239][ T9943] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.348727][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 89.357784][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.367563][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.377009][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.384083][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.392472][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 89.401767][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 89.409736][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 89.418440][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 89.427257][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 89.435055][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 89.443279][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 89.469327][ T9935] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.482563][ T9939] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.496792][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 89.505369][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.515099][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.523662][ T9945] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.530776][ T9945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.539056][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.548411][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.556996][ T9945] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.564735][ T9945] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.572626][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 89.589014][ T9936] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.609642][ T9942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.629992][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 89.640300][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 89.657952][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 89.665666][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 89.673688][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.682537][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.691083][ T9945] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.699398][ T9945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.707215][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.716121][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.724510][ T9945] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.731717][ T9945] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.739857][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.748741][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.757616][ T9945] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.764821][ T9945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.772554][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 89.781263][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.790059][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.798974][ T9945] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.806112][ T9945] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.813927][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 89.822786][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 89.830707][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 89.839554][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 89.888273][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 89.897988][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 89.917263][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 89.925069][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 89.935627][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 89.944737][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 89.953536][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 89.962306][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 89.972109][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 89.980891][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 89.989818][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 89.998475][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 90.007290][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 90.015499][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 90.024300][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 90.032766][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 90.041251][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 90.051279][ T9936] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.080891][ T9944] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 90.096328][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 90.104444][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 90.114948][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 90.126805][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 90.137358][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 90.145941][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 90.154273][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 90.163825][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 90.172458][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 90.181177][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 90.190921][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 90.199639][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 90.208907][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 90.220723][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 90.232123][ T9943] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 90.250578][ T25] audit: type=1400 audit(1575254639.539:47): avc: denied { associate } for pid=9942 comm="syz-executor.4" name="syz4" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 90.287258][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 90.304611][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 90.315264][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 90.324134][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 90.332780][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 90.345580][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 90.354078][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 90.362500][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 90.378704][ T9935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 90.396926][ T9939] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 90.414359][ T9944] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.423887][ T9952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 90.442009][ T9952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 90.453882][ T9952] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.461080][ T9952] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.484889][ T9952] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 90.498300][ T9952] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 90.509670][ T9945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 90.580636][ T9952] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 90.589532][ T9952] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 90.597608][ T9952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 90.608174][ T9952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 90.617843][ T9952] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.625011][ T9952] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.633499][ T9952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 90.643796][ T9952] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 90.653008][ T9952] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 90.664956][ T9943] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.717526][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 90.727252][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 90.751802][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 90.762180][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 90.773014][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 90.791374][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 90.804024][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 90.818553][ T9935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.846258][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 90.854404][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 90.875318][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 90.909185][ T9939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.933771][ T9936] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.966767][ T9936] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 90.993737][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 91.004703][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 91.116757][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 91.126279][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 91.177379][ T9936] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/12/02 02:44:00 executed programs: 6 2019/12/02 02:44:05 executed programs: 34 2019/12/02 02:44:10 executed programs: 66 [ 102.400369][T10684] ================================================================== [ 102.408619][T10684] BUG: KASAN: slab-out-of-bounds in pipe_write+0xe30/0x1000 [ 102.415891][T10684] Write of size 8 at addr ffff888080ffa428 by task syz-executor.4/10684 [ 102.424190][T10684] [ 102.426510][T10684] CPU: 1 PID: 10684 Comm: syz-executor.4 Not tainted 5.4.0-syzkaller #0 [ 102.434824][T10684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 102.444862][T10684] Call Trace: [ 102.448145][T10684] dump_stack+0x197/0x210 [ 102.452462][T10684] ? pipe_write+0xe30/0x1000 [ 102.457048][T10684] print_address_description.constprop.0.cold+0xd4/0x30b [ 102.464055][T10684] ? pipe_write+0xe30/0x1000 [ 102.468638][T10684] ? pipe_write+0xe30/0x1000 [ 102.473214][T10684] __kasan_report.cold+0x1b/0x41 [ 102.478137][T10684] ? pipe_write+0xe30/0x1000 [ 102.482711][T10684] kasan_report+0x12/0x20 [ 102.487024][T10684] __asan_report_store8_noabort+0x17/0x20 [ 102.492728][T10684] pipe_write+0xe30/0x1000 [ 102.497159][T10684] new_sync_write+0x4d3/0x770 [ 102.501821][T10684] ? new_sync_read+0x800/0x800 [ 102.506585][T10684] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.512811][T10684] ? security_file_permission+0x8f/0x380 [ 102.518432][T10684] __vfs_write+0xe1/0x110 [ 102.522748][T10684] vfs_write+0x268/0x5d0 [ 102.526977][T10684] ksys_write+0x220/0x290 [ 102.531305][T10684] ? __ia32_sys_read+0xb0/0xb0 [ 102.536058][T10684] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 102.541527][T10684] ? do_syscall_64+0x26/0x790 [ 102.546227][T10684] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 102.552288][T10684] ? do_syscall_64+0x26/0x790 [ 102.556958][T10684] __x64_sys_write+0x73/0xb0 [ 102.561537][T10684] do_syscall_64+0xfa/0x790 [ 102.566044][T10684] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 102.571943][T10684] RIP: 0033:0x45a679 [ 102.575825][T10684] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 102.595412][T10684] RSP: 002b:00007f0e95ee0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 102.603808][T10684] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 102.611778][T10684] RDX: 0000000041395527 RSI: 0000000020000340 RDI: 0000000000000006 [ 102.619768][T10684] RBP: 000000000075c268 R08: 0000000000000000 R09: 0000000000000000 [ 102.627734][T10684] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0e95ee16d4 [ 102.635696][T10684] R13: 00000000004c7830 R14: 00000000004e44b0 R15: 00000000ffffffff [ 102.643667][T10684] [ 102.645980][T10684] Allocated by task 10679: [ 102.650382][T10684] save_stack+0x23/0x90 [ 102.654606][T10684] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 102.660228][T10684] kasan_kmalloc+0x9/0x10 [ 102.664542][T10684] __kmalloc+0x163/0x770 [ 102.668865][T10684] pipe_fcntl+0x3f7/0x8e0 [ 102.674322][T10684] do_fcntl+0x255/0x1030 [ 102.678550][T10684] __x64_sys_fcntl+0x16d/0x1e0 [ 102.683316][T10684] do_syscall_64+0xfa/0x790 [ 102.687827][T10684] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 102.693742][T10684] [ 102.696061][T10684] Freed by task 0: [ 102.699759][T10684] (stack is not available) [ 102.704157][T10684] [ 102.706478][T10684] The buggy address belongs to the object at ffff888080ffa400 [ 102.706478][T10684] which belongs to the cache kmalloc-64(17:syz4) of size 64 [ 102.721122][T10684] The buggy address is located 40 bytes inside of [ 102.721122][T10684] 64-byte region [ffff888080ffa400, ffff888080ffa440) [ 102.734198][T10684] The buggy address belongs to the page: [ 102.739818][T10684] page:ffffea000203fe80 refcount:1 mapcount:0 mapping:ffff888085650540 index:0x0 [ 102.749109][T10684] raw: 00fffe0000000200 ffff888098bfaf48 ffffea0001dc9248 ffff888085650540 [ 102.757678][T10684] raw: 0000000000000000 ffff888080ffa000 0000000100000020 0000000000000000 [ 102.766614][T10684] page dumped because: kasan: bad access detected [ 102.773541][T10684] [ 102.775852][T10684] Memory state around the buggy address: [ 102.784264][T10684] ffff888080ffa300: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 102.792331][T10684] ffff888080ffa380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 102.800404][T10684] >ffff888080ffa400: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 102.809978][T10684] ^ [ 102.815703][T10684] ffff888080ffa480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 102.823864][T10684] ffff888080ffa500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 102.832015][T10684] ================================================================== [ 102.840076][T10684] Disabling lock debugging due to kernel taint [ 102.847545][T10684] Kernel panic - not syncing: panic_on_warn set ... [ 102.854137][T10684] CPU: 1 PID: 10684 Comm: syz-executor.4 Tainted: G B 5.4.0-syzkaller #0 [ 102.864003][T10684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 102.874054][T10684] Call Trace: [ 102.877345][T10684] dump_stack+0x197/0x210 [ 102.881661][T10684] panic+0x2e3/0x75c [ 102.885538][T10684] ? add_taint.cold+0x16/0x16 [ 102.890198][T10684] ? trace_hardirqs_on+0x5e/0x240 [ 102.895205][T10684] ? trace_hardirqs_on+0x5e/0x240 [ 102.900213][T10684] ? pipe_write+0xe30/0x1000 [ 102.904781][T10684] end_report+0x47/0x4f [ 102.908917][T10684] ? pipe_write+0xe30/0x1000 [ 102.913501][T10684] __kasan_report.cold+0xe/0x41 [ 102.918348][T10684] ? pipe_write+0xe30/0x1000 [ 102.922931][T10684] kasan_report+0x12/0x20 [ 102.928820][T10684] __asan_report_store8_noabort+0x17/0x20 [ 102.934520][T10684] pipe_write+0xe30/0x1000 [ 102.938923][T10684] new_sync_write+0x4d3/0x770 [ 102.943581][T10684] ? new_sync_read+0x800/0x800 [ 102.948617][T10684] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 102.954839][T10684] ? security_file_permission+0x8f/0x380 [ 102.960888][T10684] __vfs_write+0xe1/0x110 [ 102.965210][T10684] vfs_write+0x268/0x5d0 [ 102.969441][T10684] ksys_write+0x220/0x290 [ 102.973754][T10684] ? __ia32_sys_read+0xb0/0xb0 [ 102.978502][T10684] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 102.983943][T10684] ? do_syscall_64+0x26/0x790 [ 102.988620][T10684] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 102.994819][T10684] ? do_syscall_64+0x26/0x790 [ 102.999828][T10684] __x64_sys_write+0x73/0xb0 [ 103.004488][T10684] do_syscall_64+0xfa/0x790 [ 103.008996][T10684] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 103.015052][T10684] RIP: 0033:0x45a679 [ 103.019180][T10684] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 103.040825][T10684] RSP: 002b:00007f0e95ee0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 103.052006][T10684] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679 [ 103.062833][T10684] RDX: 0000000041395527 RSI: 0000000020000340 RDI: 0000000000000006 [ 103.070789][T10684] RBP: 000000000075c268 R08: 0000000000000000 R09: 0000000000000000 [ 103.079992][T10684] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0e95ee16d4 [ 103.087959][T10684] R13: 00000000004c7830 R14: 00000000004e44b0 R15: 00000000ffffffff [ 103.097267][T10684] Kernel Offset: disabled [ 103.105703][T10684] Rebooting in 86400 seconds..