Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.301518] audit: type=1800 audit(1573944104.419:33): pid=7315 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 41.219098] kauditd_printk_skb: 1 callbacks suppressed [ 41.219112] audit: type=1400 audit(1573944108.329:35): avc: denied { map } for pid=7488 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.109' (ECDSA) to the list of known hosts. [ 122.699502] audit: type=1400 audit(1573944189.809:36): avc: denied { map } for pid=7501 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/11/16 22:43:09 parsed 1 programs [ 122.776470] audit: type=1400 audit(1573944189.889:37): avc: denied { map } for pid=7501 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=227 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/11/16 22:43:12 executed programs: 0 [ 125.058203] IPVS: ftp: loaded support on port[0] = 21 [ 125.059042] IPVS: ftp: loaded support on port[0] = 21 [ 125.072637] IPVS: ftp: loaded support on port[0] = 21 [ 125.076460] IPVS: ftp: loaded support on port[0] = 21 [ 125.133813] IPVS: ftp: loaded support on port[0] = 21 [ 125.150297] IPVS: ftp: loaded support on port[0] = 21 [ 125.379835] chnl_net:caif_netlink_parms(): no params data found [ 125.404805] chnl_net:caif_netlink_parms(): no params data found [ 125.557057] chnl_net:caif_netlink_parms(): no params data found [ 125.578473] chnl_net:caif_netlink_parms(): no params data found [ 125.594524] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.603010] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.610622] device bridge_slave_0 entered promiscuous mode [ 125.625340] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.631792] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.638759] device bridge_slave_0 entered promiscuous mode [ 125.645673] chnl_net:caif_netlink_parms(): no params data found [ 125.662280] chnl_net:caif_netlink_parms(): no params data found [ 125.671064] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.677662] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.684922] device bridge_slave_1 entered promiscuous mode [ 125.700372] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.706882] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.714225] device bridge_slave_1 entered promiscuous mode [ 125.796247] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 125.805750] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 125.825531] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.832679] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.839616] device bridge_slave_0 entered promiscuous mode [ 125.846705] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.853361] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.860474] device bridge_slave_0 entered promiscuous mode [ 125.868349] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 125.877395] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 125.895999] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.902850] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.909985] device bridge_slave_1 entered promiscuous mode [ 125.916647] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.923118] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.930222] device bridge_slave_1 entered promiscuous mode [ 125.953925] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.960351] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.972122] device bridge_slave_0 entered promiscuous mode [ 125.998096] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 126.018119] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.025111] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.032756] device bridge_slave_1 entered promiscuous mode [ 126.038860] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.046160] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.053999] device bridge_slave_0 entered promiscuous mode [ 126.065955] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 126.076148] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 126.083831] team0: Port device team_slave_0 added [ 126.089141] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 126.097376] team0: Port device team_slave_0 added [ 126.107407] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 126.115800] team0: Port device team_slave_1 added [ 126.120964] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.128450] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.136025] device bridge_slave_1 entered promiscuous mode [ 126.143514] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 126.166913] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 126.175145] team0: Port device team_slave_1 added [ 126.186577] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 126.201901] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 126.209889] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 126.218189] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 126.226580] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 126.235063] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 126.243425] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 126.257635] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 126.265513] team0: Port device team_slave_0 added [ 126.278731] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 126.306602] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 126.316599] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 126.324760] team0: Port device team_slave_1 added [ 126.364839] device hsr_slave_0 entered promiscuous mode [ 126.401834] device hsr_slave_1 entered promiscuous mode [ 126.447997] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 126.456959] team0: Port device team_slave_0 added [ 126.467076] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 126.474848] team0: Port device team_slave_1 added [ 126.484958] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 126.492837] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 126.500105] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 126.517021] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 126.574249] device hsr_slave_0 entered promiscuous mode [ 126.611694] device hsr_slave_1 entered promiscuous mode [ 126.651906] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 126.659313] team0: Port device team_slave_0 added [ 126.676308] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 126.684965] team0: Port device team_slave_0 added [ 126.690249] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 126.697833] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 126.704952] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 126.705915] audit: type=1400 audit(1573944193.819:38): avc: denied { create } for pid=7525 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 126.739245] audit: type=1400 audit(1573944193.859:39): avc: denied { write } for pid=7525 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 126.764355] audit: type=1400 audit(1573944193.859:40): avc: denied { read } for pid=7525 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 126.794446] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 126.804936] team0: Port device team_slave_1 added [ 126.810251] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 126.818335] team0: Port device team_slave_1 added [ 126.829499] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 126.883196] device hsr_slave_0 entered promiscuous mode [ 126.921707] device hsr_slave_1 entered promiscuous mode [ 126.961815] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 126.969226] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 126.976712] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 126.988660] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 127.001072] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 127.013802] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 127.054694] device hsr_slave_0 entered promiscuous mode [ 127.091771] device hsr_slave_1 entered promiscuous mode [ 127.194206] device hsr_slave_0 entered promiscuous mode [ 127.231668] device hsr_slave_1 entered promiscuous mode [ 127.277135] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 127.288990] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 127.297875] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 127.310568] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 127.364164] device hsr_slave_0 entered promiscuous mode [ 127.421504] device hsr_slave_1 entered promiscuous mode [ 127.492315] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 127.503837] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 127.511005] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 127.520469] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 127.559465] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 127.572476] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 127.583752] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 127.607600] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 127.683859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.695587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.706130] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.717725] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 127.725700] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 127.747167] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 127.756988] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 127.766784] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 127.773095] 8021q: adding VLAN 0 to HW filter on device team0 [ 127.787099] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.795523] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 127.802345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 127.810139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 127.817304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 127.824360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 127.832747] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 127.841967] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 127.852516] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 127.863889] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 127.869961] 8021q: adding VLAN 0 to HW filter on device team0 [ 127.879184] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 127.886358] 8021q: adding VLAN 0 to HW filter on device team0 [ 127.892591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 127.899483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 127.906541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 127.914557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 127.922595] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.929091] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.936669] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 127.945884] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 127.955306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.962874] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 127.975334] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 127.982464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 127.990238] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 127.998053] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.004527] bridge0: port 2(bridge_slave_1) entered forwarding state [ 128.012041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 128.019776] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 128.027593] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.033982] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.040869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 128.048575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 128.058833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 128.065839] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 128.075235] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 128.083552] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 128.092607] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 128.102886] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 128.109069] 8021q: adding VLAN 0 to HW filter on device team0 [ 128.115618] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 128.122939] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 128.130725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 128.138395] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.144873] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.152368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 128.160252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 128.168219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 128.176011] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.182413] bridge0: port 2(bridge_slave_1) entered forwarding state [ 128.189813] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 128.199292] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 128.212284] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 128.220104] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 128.230976] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 128.242207] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 128.248915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 128.258011] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 128.268163] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.274622] bridge0: port 2(bridge_slave_1) entered forwarding state [ 128.282695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 128.290591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 128.299030] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 128.307154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 128.314545] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 128.324059] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 128.337210] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 128.345874] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 128.358065] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 128.366594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 128.374764] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 128.385941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 128.394536] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.400915] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.408203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 128.416116] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 128.424361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 128.431731] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 128.439883] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 128.450541] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 128.460516] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 128.468923] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 128.480524] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 128.486958] 8021q: adding VLAN 0 to HW filter on device team0 [ 128.494315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 128.504179] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 128.512315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 128.520261] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 128.528231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 128.536377] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 128.544231] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.550618] bridge0: port 2(bridge_slave_1) entered forwarding state [ 128.557758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 128.565085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 128.572427] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 128.581266] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 128.587748] 8021q: adding VLAN 0 to HW filter on device team0 [ 128.597976] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 128.608266] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 128.617673] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 128.627374] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 128.635119] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 128.649091] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 128.657370] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 128.665423] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.671825] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.678782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 128.687029] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 128.694782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 128.703676] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 128.714353] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 128.724047] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 128.734099] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 128.745847] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 128.754065] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 128.765087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 128.773179] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 128.780779] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 128.789329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 128.797751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 128.805425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 128.813655] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 128.821659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 128.829537] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 128.837314] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.843729] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.854388] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 128.863529] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 128.873535] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 128.881816] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 128.890948] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 128.902844] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 128.909034] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 128.916923] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 128.925237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 128.932736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 128.940643] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 128.948516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 128.956507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 128.964767] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.971217] bridge0: port 2(bridge_slave_1) entered forwarding state [ 128.978109] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 128.986111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 128.993733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 129.001521] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 129.009535] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 129.019439] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 129.035131] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 129.044033] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 129.056183] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 129.064219] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 129.070281] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 129.078534] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 129.087024] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 129.095231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 129.103237] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.109587] bridge0: port 2(bridge_slave_1) entered forwarding state [ 129.116700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 129.125059] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 129.134109] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 129.142589] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 129.153539] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 129.163136] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 129.173390] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 129.191487] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 129.198604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 129.209974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 129.218285] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 129.226474] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 129.234798] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 129.242760] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 129.253523] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 129.262372] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 129.276482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 129.285653] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 129.294205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 129.302758] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 129.312951] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 129.323720] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 129.333027] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 129.341077] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 129.350514] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 129.361901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 129.370019] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 129.378245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 129.386230] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 129.394525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 129.402660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 129.410113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 129.417937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 129.426104] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 129.434903] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 129.442601] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 129.451361] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 129.457499] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 129.470716] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 129.477450] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 129.486000] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 129.496852] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 129.505408] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 129.512740] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 129.527185] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 129.539612] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 129.547463] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 129.557995] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 129.573442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 129.584490] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 129.594485] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 129.601429] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 129.612886] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 129.619678] audit: type=1400 audit(1573944196.729:41): avc: denied { associate } for pid=7531 comm="syz-executor.5" name="syz5" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 129.649532] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 129.660373] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 129.669205] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 129.678650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 129.689267] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 129.697158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 129.705657] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 129.713737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 129.724044] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 129.737537] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 129.752212] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 129.758353] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 129.769690] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 129.792098] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 129.798241] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 129.815009] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 129.829400] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 129.840116] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 129.864934] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 129.880903] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 129.903374] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 129.953523] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 129.960367] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 129.977893] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 129.996221] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 130.009547] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 130.016353] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 130.024410] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 130.042311] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 130.050619] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 130.058042] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 130.067387] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 130.096711] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/11/16 22:43:17 executed programs: 6 2019/11/16 22:43:22 executed programs: 85 2019/11/16 22:43:27 executed programs: 164 2019/11/16 22:43:32 executed programs: 247 2019/11/16 22:43:37 executed programs: 331 2019/11/16 22:43:42 executed programs: 409 2019/11/16 22:43:47 executed programs: 492 2019/11/16 22:43:52 executed programs: 578 [ 166.550539] ================================================================== [ 166.558248] BUG: KASAN: slab-out-of-bounds in default_read_copy_kernel+0xdb/0x130 [ 166.565891] Write of size 5120 at addr ffff888089bf4780 by task syz-executor.3/11155 [ 166.573783] [ 166.575427] CPU: 0 PID: 11155 Comm: syz-executor.3 Not tainted 4.19.84 #0 [ 166.582353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 166.591710] Call Trace: [ 166.594314] dump_stack+0x197/0x210 [ 166.597961] ? default_read_copy_kernel+0xdb/0x130 [ 166.602896] print_address_description.cold+0x7c/0x20d [ 166.608296] ? default_read_copy_kernel+0xdb/0x130 [ 166.613231] kasan_report.cold+0x8c/0x2ba [ 166.617514] check_memory_region+0x123/0x190 [ 166.621945] memcpy+0x38/0x50 [ 166.625080] default_read_copy_kernel+0xdb/0x130 [ 166.629854] ? default_write_copy_kernel+0x130/0x130 [ 166.634975] interleaved_copy+0xce/0x100 [ 166.639041] __snd_pcm_lib_xfer+0x101d/0x1ce6 [ 166.643563] ? _raw_read_unlock_irq+0x28/0x90 [ 166.648071] ? lockdep_hardirqs_on+0x415/0x5d0 [ 166.652668] ? trace_hardirqs_on+0x67/0x220 [ 166.656988] ? snd_pcm_hw_rule_step+0x440/0x440 [ 166.661665] ? default_write_copy_kernel+0x130/0x130 [ 166.666777] ? pcm_lib_apply_appl_ptr+0x440/0x440 [ 166.671629] ? snd_pcm_kernel_ioctl+0x65/0x1f0 [ 166.676219] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 166.681237] ? snd_pcm_oss_capture_position_fixup+0x1aa/0x230 [ 166.687135] ? snd_pcm_oss_prepare+0x150/0x150 [ 166.692306] ? finish_task_switch+0x550/0x7c0 [ 166.696807] ? switch_mm_irqs_off+0x2de/0x1360 [ 166.701812] ? __mutex_lock+0xa67/0x1300 [ 166.706025] snd_pcm_oss_read3+0x1ca/0x420 [ 166.710354] ? snd_pcm_oss_write+0x8f0/0x8f0 [ 166.714784] ? lock_downgrade+0x880/0x880 [ 166.718970] io_capture_transfer+0x26c/0x300 [ 166.723481] ? rate_dst_frames+0x2b0/0x2b0 [ 166.727734] ? snd_pcm_plug_slave_size+0x1e6/0x320 [ 166.732673] snd_pcm_plug_read_transfer+0x197/0x2e0 [ 166.737712] ? snd_pcm_plug_write_transfer+0x3e0/0x3e0 [ 166.743040] ? snd_pcm_format_physical_width+0x75/0x90 [ 166.748472] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 166.753593] ? snd_pcm_plug_client_channels_buf+0x340/0x430 [ 166.759317] snd_pcm_oss_read2+0x1f0/0x3f0 [ 166.763555] ? snd_pcm_oss_read3+0x420/0x420 [ 166.767991] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 166.773551] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 166.779115] snd_pcm_oss_read+0x53a/0x6a0 [ 166.783277] __vfs_read+0x114/0x800 [ 166.786911] ? snd_pcm_oss_read2+0x3f0/0x3f0 [ 166.791359] ? vfs_copy_file_range+0xba0/0xba0 [ 166.796034] ? __inode_security_revalidate+0xda/0x120 [ 166.801245] ? avc_policy_seqno+0xd/0x70 [ 166.805329] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 166.810381] ? security_file_permission+0x89/0x230 [ 166.815323] ? rw_verify_area+0x118/0x360 [ 166.819473] vfs_read+0x194/0x3d0 [ 166.822949] ksys_read+0x14f/0x2d0 [ 166.826519] ? kernel_write+0x120/0x120 [ 166.830523] ? do_syscall_64+0x26/0x620 [ 166.834527] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 166.839926] ? do_syscall_64+0x26/0x620 [ 166.843942] __x64_sys_read+0x73/0xb0 [ 166.847748] do_syscall_64+0xfd/0x620 [ 166.851561] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 166.856758] RIP: 0033:0x45a669 [ 166.859946] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 166.878873] RSP: 002b:00007f9eef677c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 166.886632] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a669 [ 166.886647] RDX: 0000000000001000 RSI: 0000000020001880 RDI: 0000000000000005 [ 166.886654] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 166.886660] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9eef6786d4 [ 166.886667] R13: 00000000004c800c R14: 00000000004de068 R15: 00000000ffffffff [ 166.886688] [ 166.886699] Allocated by task 11150: [ 166.886722] save_stack+0x45/0xd0 [ 166.886732] kasan_kmalloc+0xce/0xf0 [ 166.886740] __kmalloc_node+0x51/0x80 [ 166.886752] kvmalloc_node+0xbd/0x100 [ 166.886766] snd_pcm_plugin_alloc+0x594/0x760 [ 166.886779] snd_pcm_plug_alloc+0x16d/0x2f0 [ 166.886791] snd_pcm_oss_change_params_locked+0x210f/0x3750 [ 166.886801] snd_pcm_oss_change_params+0x7b/0xd0 [ 166.886811] snd_pcm_oss_get_active_substream+0x136/0x190 [ 166.886820] snd_pcm_oss_ioctl+0x13df/0x3390 [ 166.886830] do_vfs_ioctl+0xd5f/0x1380 [ 166.886839] ksys_ioctl+0xab/0xd0 [ 166.886848] __x64_sys_ioctl+0x73/0xb0 [ 166.886862] do_syscall_64+0xfd/0x620 [ 166.886876] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 166.886879] [ 166.886890] Freed by task 9580: [ 166.886899] save_stack+0x45/0xd0 [ 166.886908] __kasan_slab_free+0x102/0x150 [ 166.909005] kasan_slab_free+0xe/0x10 [ 166.909018] kfree+0xcf/0x220 [ 166.909030] kvfree+0x61/0x70 [ 166.909048] snd_pcm_plugin_free+0xae/0xe0 [ 166.909061] snd_pcm_oss_release_substream+0x11a/0x1f0 [ 166.909074] snd_pcm_release_substream.part.0+0x209/0x330 [ 166.909091] snd_pcm_release_substream+0x61/0x80 [ 166.968580] snd_pcm_oss_release_file.part.0+0x75/0xa0 [ 166.980384] snd_pcm_oss_release+0x116/0x280 [ 167.045544] __fput+0x2dd/0x8b0 [ 167.048828] ____fput+0x16/0x20 [ 167.052113] task_work_run+0x145/0x1c0 [ 167.056355] exit_to_usermode_loop+0x273/0x2c0 [ 167.060941] do_syscall_64+0x53d/0x620 [ 167.064934] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 167.070140] [ 167.071783] The buggy address belongs to the object at ffff888089bf4780 [ 167.071783] which belongs to the cache kmalloc-8192 of size 8192 [ 167.084625] The buggy address is located 0 bytes inside of [ 167.084625] 8192-byte region [ffff888089bf4780, ffff888089bf6780) [ 167.096406] The buggy address belongs to the page: [ 167.101338] page:ffffea000226fd00 count:1 mapcount:0 mapping:ffff88812c3f2080 index:0x0 compound_mapcount: 0 [ 167.111344] flags: 0x1fffc0000008100(slab|head) [ 167.116014] raw: 01fffc0000008100 ffffea0002275008 ffffea000294ab08 ffff88812c3f2080 [ 167.123898] raw: 0000000000000000 ffff888089bf4780 0000000100000001 0000000000000000 [ 167.131777] page dumped because: kasan: bad access detected [ 167.137489] [ 167.139120] Memory state around the buggy address: [ 167.144061] ffff888089bf5980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 167.151863] ffff888089bf5a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 167.159228] >ffff888089bf5a80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 167.166583] ^ [ 167.172036] ffff888089bf5b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 167.179412] ffff888089bf5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 167.186780] ================================================================== [ 167.194151] Disabling lock debugging due to kernel taint [ 167.218013] Kernel panic - not syncing: panic_on_warn set ... [ 167.218013] [ 167.225458] CPU: 0 PID: 11155 Comm: syz-executor.3 Tainted: G B 4.19.84 #0 [ 167.233796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.243176] Call Trace: [ 167.245776] dump_stack+0x197/0x210 [ 167.249415] ? default_read_copy_kernel+0xdb/0x130 [ 167.254358] panic+0x26a/0x50e [ 167.257688] ? __warn_printk+0xf3/0xf3 [ 167.261586] ? default_read_copy_kernel+0xdb/0x130 [ 167.266609] ? preempt_schedule+0x4b/0x60 [ 167.270773] ? ___preempt_schedule+0x16/0x18 [ 167.275200] ? trace_hardirqs_on+0x5e/0x220 [ 167.277340] kobject: 'loop4' (000000000f5a31c5): kobject_uevent_env [ 167.279558] ? default_read_copy_kernel+0xdb/0x130 [ 167.279574] kasan_end_report+0x47/0x4f [ 167.279590] kasan_report.cold+0xa9/0x2ba [ 167.290022] kobject: 'loop4' (000000000f5a31c5): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 167.290941] check_memory_region+0x123/0x190 [ 167.290957] memcpy+0x38/0x50 [ 167.316254] default_read_copy_kernel+0xdb/0x130 [ 167.321029] ? default_write_copy_kernel+0x130/0x130 [ 167.326146] interleaved_copy+0xce/0x100 [ 167.330029] kobject: 'loop5' (00000000b47bfc79): kobject_uevent_env [ 167.330246] __snd_pcm_lib_xfer+0x101d/0x1ce6 [ 167.341138] ? _raw_read_unlock_irq+0x28/0x90 [ 167.345662] ? lockdep_hardirqs_on+0x415/0x5d0 [ 167.347362] kobject: 'loop5' (00000000b47bfc79): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 167.350261] ? trace_hardirqs_on+0x67/0x220 [ 167.350278] ? snd_pcm_hw_rule_step+0x440/0x440 [ 167.350296] ? default_write_copy_kernel+0x130/0x130 [ 167.373867] ? pcm_lib_apply_appl_ptr+0x440/0x440 [ 167.378785] ? snd_pcm_kernel_ioctl+0x65/0x1f0 [ 167.383381] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 167.388393] ? snd_pcm_oss_capture_position_fixup+0x1aa/0x230 [ 167.394270] ? snd_pcm_oss_prepare+0x150/0x150 [ 167.398873] ? finish_task_switch+0x550/0x7c0 [ 167.403379] ? switch_mm_irqs_off+0x2de/0x1360 [ 167.407957] ? __mutex_lock+0xa67/0x1300 [ 167.412018] snd_pcm_oss_read3+0x1ca/0x420 [ 167.416252] ? snd_pcm_oss_write+0x8f0/0x8f0 [ 167.420662] ? lock_downgrade+0x880/0x880 [ 167.424838] io_capture_transfer+0x26c/0x300 [ 167.429235] ? rate_dst_frames+0x2b0/0x2b0 [ 167.433457] ? snd_pcm_plug_slave_size+0x1e6/0x320 [ 167.438375] snd_pcm_plug_read_transfer+0x197/0x2e0 [ 167.443395] ? snd_pcm_plug_write_transfer+0x3e0/0x3e0 [ 167.448660] ? snd_pcm_format_physical_width+0x75/0x90 [ 167.453925] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 167.458926] ? snd_pcm_plug_client_channels_buf+0x340/0x430 [ 167.464644] snd_pcm_oss_read2+0x1f0/0x3f0 [ 167.468868] ? snd_pcm_oss_read3+0x420/0x420 [ 167.473262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 167.478788] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 167.484400] snd_pcm_oss_read+0x53a/0x6a0 [ 167.488539] __vfs_read+0x114/0x800 [ 167.492156] ? snd_pcm_oss_read2+0x3f0/0x3f0 [ 167.496551] ? vfs_copy_file_range+0xba0/0xba0 [ 167.501127] ? __inode_security_revalidate+0xda/0x120 [ 167.506319] ? avc_policy_seqno+0xd/0x70 [ 167.510375] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 167.515392] ? security_file_permission+0x89/0x230 [ 167.520309] ? rw_verify_area+0x118/0x360 [ 167.525049] vfs_read+0x194/0x3d0 [ 167.528488] ksys_read+0x14f/0x2d0 [ 167.532023] ? kernel_write+0x120/0x120 [ 167.535988] ? do_syscall_64+0x26/0x620 [ 167.539952] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 167.545303] ? do_syscall_64+0x26/0x620 [ 167.549274] __x64_sys_read+0x73/0xb0 [ 167.553105] do_syscall_64+0xfd/0x620 [ 167.556919] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 167.562109] RIP: 0033:0x45a669 [ 167.565300] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 167.584208] RSP: 002b:00007f9eef677c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 167.591914] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a669 [ 167.599183] RDX: 0000000000001000 RSI: 0000000020001880 RDI: 0000000000000005 [ 167.606439] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 167.613695] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9eef6786d4 [ 167.620963] R13: 00000000004c800c R14: 00000000004de068 R15: 00000000ffffffff [ 167.629635] Kernel Offset: disabled [ 167.633298] Rebooting in 86400 seconds..