[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 31.444531] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 31.815513] kauditd_printk_skb: 9 callbacks suppressed [ 31.815522] audit: type=1400 audit(1570260588.948:35): avc: denied { map } for pid=6842 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 31.873801] random: sshd: uninitialized urandom read (32 bytes read) [ 32.421390] random: sshd: uninitialized urandom read (32 bytes read) [ 32.609222] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.3' (ECDSA) to the list of known hosts. [ 38.078118] random: sshd: uninitialized urandom read (32 bytes read) 2019/10/05 07:29:55 parsed 1 programs [ 38.254665] audit: type=1400 audit(1570260595.388:36): avc: denied { map } for pid=6856 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 38.325466] audit: type=1400 audit(1570260595.458:37): avc: denied { map } for pid=6856 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13738 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 39.054656] random: cc1: uninitialized urandom read (8 bytes read) 2019/10/05 07:29:57 executed programs: 0 [ 39.970125] audit: type=1400 audit(1570260597.098:38): avc: denied { map } for pid=6856 comm="syz-execprog" path="/root/syzkaller-shm339286930" dev="sda1" ino=16490 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 40.250916] IPVS: ftp: loaded support on port[0] = 21 [ 41.057091] chnl_net:caif_netlink_parms(): no params data found [ 41.071492] IPVS: ftp: loaded support on port[0] = 21 [ 41.096718] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.103601] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.111328] device bridge_slave_0 entered promiscuous mode [ 41.119688] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.126739] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.133782] device bridge_slave_1 entered promiscuous mode [ 41.152413] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 41.164977] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 41.188181] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 41.195497] team0: Port device team_slave_0 added [ 41.202548] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 41.209672] team0: Port device team_slave_1 added [ 41.219150] IPVS: ftp: loaded support on port[0] = 21 [ 41.227770] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 41.235820] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 41.292232] device hsr_slave_0 entered promiscuous mode [ 41.330339] device hsr_slave_1 entered promiscuous mode [ 41.392337] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 41.418347] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 41.443424] chnl_net:caif_netlink_parms(): no params data found [ 41.465695] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.472209] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.479072] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.485600] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.513223] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.519796] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.527295] device bridge_slave_0 entered promiscuous mode [ 41.534694] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.541362] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.548491] device bridge_slave_1 entered promiscuous mode [ 41.548877] IPVS: ftp: loaded support on port[0] = 21 [ 41.575650] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 41.588397] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 41.635570] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 41.643236] team0: Port device team_slave_0 added [ 41.655482] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 41.663154] team0: Port device team_slave_1 added [ 41.683443] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 41.689540] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.700972] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 41.723800] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 41.733268] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 41.739518] chnl_net:caif_netlink_parms(): no params data found [ 41.753767] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 41.754128] IPVS: ftp: loaded support on port[0] = 21 [ 41.759853] 8021q: adding VLAN 0 to HW filter on device team0 [ 41.781922] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.790500] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.797716] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.873199] device hsr_slave_0 entered promiscuous mode [ 41.940387] device hsr_slave_1 entered promiscuous mode [ 42.002467] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 42.009389] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.017657] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.024152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.055443] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 42.063806] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 42.071345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.080815] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.087212] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.106648] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.113269] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.120282] device bridge_slave_0 entered promiscuous mode [ 42.126847] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.133622] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.140919] device bridge_slave_1 entered promiscuous mode [ 42.162063] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 42.188307] chnl_net:caif_netlink_parms(): no params data found [ 42.200607] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.208610] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 42.219228] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 42.239489] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.253439] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 42.261149] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 42.288239] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 42.297224] team0: Port device team_slave_0 added [ 42.303140] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 42.310354] team0: Port device team_slave_1 added [ 42.315974] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 42.325981] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 42.334471] IPVS: ftp: loaded support on port[0] = 21 [ 42.353842] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.360991] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.368014] device bridge_slave_0 entered promiscuous mode [ 42.375438] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 42.382889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 42.390773] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 42.398229] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 42.405888] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 42.413493] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 42.425709] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 42.436112] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.442967] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.449839] device bridge_slave_1 entered promiscuous mode [ 42.462616] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 42.475613] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 42.484364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.492249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.515786] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 42.528868] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 42.539621] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 42.545661] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 42.554312] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 42.569520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 42.577192] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.643104] device hsr_slave_0 entered promiscuous mode [ 42.681163] device hsr_slave_1 entered promiscuous mode [ 42.765583] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.777192] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 42.784387] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 42.798212] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 42.805858] team0: Port device team_slave_0 added [ 42.832158] chnl_net:caif_netlink_parms(): no params data found [ 42.842410] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 42.863895] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 42.871651] team0: Port device team_slave_1 added [ 42.877036] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 42.893223] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 42.901477] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 42.920530] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 42.936491] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 42.944257] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 42.950653] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.022130] device hsr_slave_0 entered promiscuous mode [ 43.060449] device hsr_slave_1 entered promiscuous mode [ 43.126307] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.133451] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.142349] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 43.154431] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 43.166921] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 43.185608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.197935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.205725] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.212341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.219406] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 43.227870] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 43.236274] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 43.278915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.287402] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.295256] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.301740] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.314023] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 43.326396] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.333638] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.342272] device bridge_slave_0 entered promiscuous mode [ 43.352129] chnl_net:caif_netlink_parms(): no params data found [ 43.365257] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 43.383163] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 43.390234] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.396590] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.404091] device bridge_slave_1 entered promiscuous mode [ 43.414969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.431755] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 43.443862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 43.465306] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 43.482625] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 43.498479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 43.509946] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.518633] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 43.527584] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.536936] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 43.547975] IPVS: ftp: loaded support on port[0] = 21 [ 43.566267] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 43.574582] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.587388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.596932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.605359] audit: type=1400 audit(1570260600.748:39): avc: denied { write } for pid=6906 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=socket permissive=1 [ 43.605857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 43.635322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.644909] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 43.652317] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.668230] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 43.683401] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.691820] team0: Port device team_slave_0 added [ 43.696887] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.704155] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.711635] device bridge_slave_0 entered promiscuous mode [ 43.718506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 43.729544] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.744838] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 43.753787] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 43.761934] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.770380] team0: Port device team_slave_1 added [ 43.775570] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.782424] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.789603] device bridge_slave_1 entered promiscuous mode [ 43.803876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 43.811778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.819112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.827505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.835489] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.841899] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.849337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 43.858326] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 43.864781] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 43.873383] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 43.888912] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 43.911009] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 43.919692] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 43.982358] device hsr_slave_0 entered promiscuous mode [ 44.020481] device hsr_slave_1 entered promiscuous mode [ 44.073714] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.082339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.089959] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.096781] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.103724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 44.112961] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 44.126220] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 44.134684] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.142059] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.154755] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 44.165100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 44.174183] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 44.189378] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 44.218072] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.226160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 44.235412] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 44.235788] IPVS: ftp: loaded support on port[0] = 21 [ 44.245892] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 44.255767] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 44.263644] team0: Port device team_slave_0 added [ 44.270771] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 44.277936] team0: Port device team_slave_1 added [ 44.289179] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.296040] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 44.304178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 44.313839] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 44.328001] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.344501] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 44.353301] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 44.368936] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.378116] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.385795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.393826] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.409928] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 44.446883] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.455267] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.504034] device hsr_slave_0 entered promiscuous mode [ 44.530789] device hsr_slave_1 entered promiscuous mode [ 44.560860] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.568148] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.576792] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 44.591357] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.599506] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 44.605774] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 44.614392] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.621876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.631667] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 44.637760] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.646423] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.661232] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 44.675895] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.691468] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 44.701041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.708769] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.716570] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.722953] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.731220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.738258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.745786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 44.755038] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 44.765933] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.774410] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 44.787084] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 44.796684] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.816239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.824885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.833525] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.840747] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.851190] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 44.858741] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 44.870675] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 44.878442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.889386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.897227] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.903712] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.910897] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 44.922864] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 44.943561] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 44.952648] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.961091] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.969215] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.975679] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.983120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 44.998378] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.008316] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.024874] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 45.035125] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 45.044994] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 45.057624] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 45.066321] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.074292] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 45.083807] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 45.091332] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 45.102910] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 45.109917] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 45.118399] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.128241] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 45.137621] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 45.146613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 45.154788] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.162469] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 45.170545] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.178347] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 45.187728] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 45.197820] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 45.209331] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 45.218704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.227138] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.235379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 45.243571] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.251569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.258599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.270986] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 45.279194] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 45.286884] ================================================================== [ 45.295125] BUG: KASAN: use-after-free in refcount_inc_not_zero+0xd3/0xe0 [ 45.298250] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 45.302048] Read of size 4 at addr ffff888097be8d80 by task syz-executor.2/6917 [ 45.302054] [ 45.302062] CPU: 1 PID: 6917 Comm: syz-executor.2 Not tainted 4.14.146 #0 [ 45.302066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.302069] Call Trace: [ 45.302083] dump_stack+0x138/0x197 [ 45.302092] ? netpoll_poll_dev+0x38/0x5e0 [ 45.302102] ? refcount_inc_not_zero+0xd3/0xe0 [ 45.302111] print_address_description.cold+0x7c/0x1dc [ 45.302118] ? refcount_inc_not_zero+0xd3/0xe0 [ 45.302125] kasan_report.cold+0xa9/0x2af [ 45.302135] __asan_report_load4_noabort+0x14/0x20 [ 45.302142] refcount_inc_not_zero+0xd3/0xe0 [ 45.302151] refcount_inc+0x16/0x40 [ 45.302159] nr_release+0x5e/0x390 [ 45.302170] __sock_release+0xce/0x2b0 [ 45.302178] ? __sock_release+0x2b0/0x2b0 [ 45.302184] sock_close+0x1b/0x30 [ 45.302193] __fput+0x275/0x7a0 [ 45.302204] ____fput+0x16/0x20 [ 45.302213] task_work_run+0x114/0x190 [ 45.302225] exit_to_usermode_loop+0x1da/0x220 [ 45.302233] do_syscall_64+0x4bc/0x640 [ 45.302239] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.302254] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.302261] RIP: 0033:0x413741 2019/10/05 07:30:02 executed programs: 7 [ 45.302265] RSP: 002b:00007ffe520021b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 45.302274] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000413741 [ 45.302278] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 45.302282] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 45.302286] R10: 00007ffe52002290 R11: 0000000000000293 R12: 000000000075c9a0 [ 45.302290] R13: 000000000075c9a0 R14: 0000000000760c38 R15: 000000000075c124 [ 45.302303] [ 45.309038] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.315788] Allocated by task 6919: [ 45.315802] save_stack_trace+0x16/0x20 [ 45.315813] save_stack+0x45/0xd0 [ 45.315819] kasan_kmalloc+0xce/0xf0 [ 45.315825] __kmalloc+0x15d/0x7a0 [ 45.315832] sk_prot_alloc+0x171/0x2a0 [ 45.315838] sk_alloc+0x39/0xd70 [ 45.315845] nr_create+0xa1/0x5d0 [ 45.315850] __sock_create+0x2f6/0x620 [ 45.315855] SyS_socket+0xd3/0x170 [ 45.315862] do_syscall_64+0x1e8/0x640 [ 45.315870] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.315872] [ 45.315876] Freed by task 6917: [ 45.315881] save_stack_trace+0x16/0x20 [ 45.315886] save_stack+0x45/0xd0 [ 45.315892] kasan_slab_free+0x75/0xc0 [ 45.315897] kfree+0xcc/0x270 [ 45.315903] __sk_destruct+0x493/0x5d0 [ 45.315909] sk_destruct+0x67/0x80 [ 45.315915] __sk_free+0x54/0x230 [ 45.315922] sk_free+0x35/0x40 [ 45.324207] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.324468] nr_release+0x309/0x390 [ 45.338641] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 45.339996] __sock_release+0xce/0x2b0 [ 45.340003] sock_close+0x1b/0x30 [ 45.340011] __fput+0x275/0x7a0 [ 45.340016] ____fput+0x16/0x20 [ 45.340024] task_work_run+0x114/0x190 [ 45.340031] exit_to_usermode_loop+0x1da/0x220 [ 45.340037] do_syscall_64+0x4bc/0x640 [ 45.340046] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.340049] [ 45.340061] The buggy address belongs to the object at ffff888097be8d00 [ 45.340061] which belongs to the cache kmalloc-2048 of size 2048 [ 45.340066] The buggy address is located 128 bytes inside of [ 45.340066] 2048-byte region [ffff888097be8d00, ffff888097be9500) [ 45.340069] The buggy address belongs to the page: [ 45.340075] page:ffffea00025efa00 count:1 mapcount:0 mapping:ffff888097be8480 index:0x0 compound_mapcount: 0 [ 45.348869] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 45.353381] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 45.354249] flags: 0x1fffc0000008100(slab|head) [ 45.354260] raw: 01fffc0000008100 ffff888097be8480 0000000000000000 0000000100000003 [ 45.354269] raw: ffffea00027810a0 ffffea00025ccf20 ffff8880aa800c40 0000000000000000 [ 45.369346] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 45.372414] page dumped because: kasan: bad access detected [ 45.372418] [ 45.372421] Memory state around the buggy address: [ 45.372429] ffff888097be8c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.372434] ffff888097be8d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.372438] >ffff888097be8d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.372441] ^ [ 45.372446] ffff888097be8e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.372450] ffff888097be8e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.372453] ================================================================== [ 45.372455] Disabling lock debugging due to kernel taint [ 45.461999] kobject: 'loop3' (ffff8880a4a0b2a0): kobject_uevent_env [ 45.471161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.476255] kobject: 'loop3' (ffff8880a4a0b2a0): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 45.480879] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.487926] Kernel panic - not syncing: panic_on_warn set ... [ 45.487926] [ 45.494349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 45.494512] CPU: 1 PID: 6917 Comm: syz-executor.2 Tainted: G B 4.14.146 #0 [ 45.498744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.502258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.502261] Call Trace: [ 45.502276] dump_stack+0x138/0x197 [ 45.502286] ? refcount_inc_not_zero+0xd3/0xe0 [ 45.502292] panic+0x1f2/0x426 [ 45.502297] ? add_taint.cold+0x16/0x16 [ 45.502305] ? ___preempt_schedule+0x16/0x18 [ 45.502316] kasan_end_report+0x47/0x4f [ 45.502322] kasan_report.cold+0x130/0x2af [ 45.502330] __asan_report_load4_noabort+0x14/0x20 [ 45.502337] refcount_inc_not_zero+0xd3/0xe0 [ 45.502343] refcount_inc+0x16/0x40 [ 45.502351] nr_release+0x5e/0x390 [ 45.502359] __sock_release+0xce/0x2b0 [ 45.502364] ? __sock_release+0x2b0/0x2b0 [ 45.502370] sock_close+0x1b/0x30 [ 45.502377] __fput+0x275/0x7a0 [ 45.502385] ____fput+0x16/0x20 [ 45.502392] task_work_run+0x114/0x190 [ 45.502399] exit_to_usermode_loop+0x1da/0x220 [ 45.502406] do_syscall_64+0x4bc/0x640 [ 45.502412] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.502423] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 45.502428] RIP: 0033:0x413741 [ 45.502432] RSP: 002b:00007ffe520021b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 45.502439] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000413741 [ 45.502443] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 45.502447] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 45.502451] R10: 00007ffe52002290 R11: 0000000000000293 R12: 000000000075c9a0 [ 45.502455] R13: 000000000075c9a0 R14: 0000000000760c38 R15: 000000000075c124 [ 45.503971] Kernel Offset: disabled [ 45.966676] Rebooting in 86400 seconds..