Warning: Permanently added '10.128.10.42' (ECDSA) to the list of known hosts. 2020/04/03 14:59:48 parsed 1 programs 2020/04/03 14:59:50 executed programs: 0 [ 132.681795][ T27] audit: type=1400 audit(1585925990.875:8): avc: denied { execmem } for pid=7046 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 132.719858][ T7047] IPVS: ftp: loaded support on port[0] = 21 [ 132.827790][ T7047] chnl_net:caif_netlink_parms(): no params data found [ 132.879251][ T7047] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.887539][ T7047] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.896685][ T7047] device bridge_slave_0 entered promiscuous mode [ 132.906189][ T7047] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.913406][ T7047] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.921261][ T7047] device bridge_slave_1 entered promiscuous mode [ 132.942757][ T7047] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 132.954340][ T7047] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 132.977220][ T7047] team0: Port device team_slave_0 added [ 132.986195][ T7047] team0: Port device team_slave_1 added [ 133.005573][ T7047] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 133.012537][ T7047] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 133.038693][ T7047] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 133.051375][ T7047] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 133.058410][ T7047] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 133.084371][ T7047] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 133.156995][ T7047] device hsr_slave_0 entered promiscuous mode [ 133.213425][ T7047] device hsr_slave_1 entered promiscuous mode [ 133.349190][ T7047] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 133.406767][ T7047] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 133.475626][ T7047] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 133.525984][ T7047] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 133.579867][ T7047] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.587157][ T7047] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.595424][ T7047] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.602500][ T7047] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.652696][ T7047] 8021q: adding VLAN 0 to HW filter on device bond0 [ 133.667576][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 133.679539][ T23] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.688987][ T23] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.697438][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 133.710968][ T7047] 8021q: adding VLAN 0 to HW filter on device team0 [ 133.722484][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 133.732413][ T2699] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.739583][ T2699] bridge0: port 1(bridge_slave_0) entered forwarding state [ 133.754001][ T2689] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 133.762344][ T2689] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.769497][ T2689] bridge0: port 2(bridge_slave_1) entered forwarding state [ 133.796544][ T2678] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 133.805544][ T2678] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 133.814986][ T2678] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 133.825991][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 133.834845][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 133.849833][ T7047] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 133.861619][ T7047] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 133.870514][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 133.880373][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 133.904485][ T7047] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 133.911638][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 133.920131][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 133.944737][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 133.954552][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 133.973256][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 133.981480][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 133.992087][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 134.001085][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 134.011097][ T7047] device veth0_vlan entered promiscuous mode [ 134.023834][ T7047] device veth1_vlan entered promiscuous mode [ 134.047071][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 134.057028][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 134.065614][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 134.075048][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 134.086056][ T7047] device veth0_macvtap entered promiscuous mode [ 134.097438][ T7047] device veth1_macvtap entered promiscuous mode [ 134.116618][ T7047] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 134.125359][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 134.134483][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 134.142408][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 134.151223][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 134.163368][ T7047] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 134.176754][ T3457] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 134.185947][ T3457] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 134.405538][ T7257] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 134.864595][ T7300] ================================================================== [ 134.872888][ T7300] BUG: KASAN: slab-out-of-bounds in __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 134.881576][ T7300] Read of size 8 at addr ffff888093920468 by task syz-executor.0/7300 [ 134.889717][ T7300] [ 134.892053][ T7300] CPU: 0 PID: 7300 Comm: syz-executor.0 Not tainted 5.6.0-syzkaller #0 [ 134.900418][ T7300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 134.910473][ T7300] Call Trace: [ 134.913776][ T7300] dump_stack+0x188/0x20d [ 134.918112][ T7300] print_address_description.constprop.0.cold+0xd3/0x315 [ 134.925133][ T7300] ? __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 134.931106][ T7300] __kasan_report.cold+0x35/0x4d [ 134.936052][ T7300] ? __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 134.942050][ T7300] ? __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 134.948138][ T7300] kasan_report+0x33/0x50 [ 134.952473][ T7300] __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 134.958307][ T7300] ? __kvm_write_guest_page+0x170/0x170 [ 134.963942][ T7300] kvm_lapic_set_vapic_addr+0x88/0x180 [ 134.969427][ T7300] kvm_arch_vcpu_ioctl+0xf0d/0x2c20 [ 134.974646][ T7300] ? kvm_arch_vcpu_put+0x530/0x530 [ 134.979794][ T7300] ? lock_acquire+0x1f2/0x8f0 [ 134.984497][ T7300] ? kvm_vcpu_ioctl+0x175/0xe60 [ 134.989363][ T7300] ? lock_release+0x800/0x800 [ 134.994063][ T7300] ? find_held_lock+0x2d/0x110 [ 134.998851][ T7300] ? __mutex_lock+0x458/0x13c0 [ 135.003741][ T7300] ? kfree+0x1eb/0x2b0 [ 135.007823][ T7300] ? kvm_vcpu_ioctl+0x175/0xe60 [ 135.012692][ T7300] ? mutex_trylock+0x2c0/0x2c0 [ 135.017470][ T7300] ? tomoyo_execute_permission+0x470/0x470 [ 135.023294][ T7300] ? __fget_files+0x30d/0x500 [ 135.027990][ T7300] kvm_vcpu_ioctl+0x866/0xe60 [ 135.032683][ T7300] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 135.039110][ T7300] ? ioctl_file_clone+0x180/0x180 [ 135.044145][ T7300] ? selinux_file_mprotect+0x610/0x610 [ 135.049623][ T7300] ? __fget_files+0x32f/0x500 [ 135.054315][ T7300] ? ksys_dup3+0x3c0/0x3c0 [ 135.058745][ T7300] ? __x64_sys_futex+0x380/0x4f0 [ 135.063704][ T7300] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 135.070133][ T7300] ksys_ioctl+0x11a/0x180 [ 135.074496][ T7300] __x64_sys_ioctl+0x6f/0xb0 [ 135.079107][ T7300] ? lockdep_hardirqs_on+0x463/0x620 [ 135.084404][ T7300] do_syscall_64+0xf6/0x7d0 [ 135.088925][ T7300] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 135.094860][ T7300] RIP: 0033:0x45c849 [ 135.098849][ T7300] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 135.118576][ T7300] RSP: 002b:00007f3a82145c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 135.127100][ T7300] RAX: ffffffffffffffda RBX: 00007f3a821466d4 RCX: 000000000045c849 [ 135.135080][ T7300] RDX: 0000000020000080 RSI: 000000004008ae93 RDI: 0000000000000005 [ 135.143160][ T7300] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 135.151241][ T7300] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 135.159223][ T7300] R13: 00000000000003dc R14: 00000000004c66f7 R15: 000000000076bfac [ 135.167214][ T7300] [ 135.169553][ T7300] Allocated by task 7303: [ 135.173889][ T7300] save_stack+0x1b/0x80 [ 135.178043][ T7300] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 135.183666][ T7300] kvmalloc_node+0x61/0xf0 [ 135.188115][ T7300] kvm_set_memslot+0x115/0x1530 [ 135.192991][ T7300] __kvm_set_memory_region+0xcf7/0x1320 [ 135.198553][ T7300] __x86_set_memory_region+0x2a3/0x5a0 [ 135.204021][ T7300] vmx_create_vcpu+0x2107/0x2b40 [ 135.208976][ T7300] kvm_arch_vcpu_create+0x6ef/0xb80 [ 135.214191][ T7300] kvm_vm_ioctl+0x15f7/0x23e0 [ 135.218872][ T7300] ksys_ioctl+0x11a/0x180 [ 135.223214][ T7300] __x64_sys_ioctl+0x6f/0xb0 [ 135.227843][ T7300] do_syscall_64+0xf6/0x7d0 [ 135.232365][ T7300] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 135.238266][ T7300] [ 135.240591][ T7300] Freed by task 0: [ 135.244308][ T7300] (stack is not available) [ 135.248717][ T7300] [ 135.251309][ T7300] The buggy address belongs to the object at ffff888093920000 [ 135.251309][ T7300] which belongs to the cache kmalloc-2k of size 2048 [ 135.265480][ T7300] The buggy address is located 1128 bytes inside of [ 135.265480][ T7300] 2048-byte region [ffff888093920000, ffff888093920800) [ 135.278923][ T7300] The buggy address belongs to the page: [ 135.285079][ T7300] page:ffffea00024e4800 refcount:1 mapcount:0 mapping:000000004e3aba6f index:0x0 [ 135.294179][ T7300] flags: 0xfffe0000000200(slab) [ 135.299118][ T7300] raw: 00fffe0000000200 ffffea000250aac8 ffffea00024e4848 ffff8880aa000e00 [ 135.307701][ T7300] raw: 0000000000000000 ffff888093920000 0000000100000001 0000000000000000 [ 135.316369][ T7300] page dumped because: kasan: bad access detected [ 135.322772][ T7300] [ 135.325091][ T7300] Memory state around the buggy address: [ 135.330717][ T7300] ffff888093920300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 135.338787][ T7300] ffff888093920380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 135.346842][ T7300] >ffff888093920400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 135.354912][ T7300] ^ [ 135.362366][ T7300] ffff888093920480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 135.370434][ T7300] ffff888093920500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 135.378486][ T7300] ================================================================== [ 135.386536][ T7300] Disabling lock debugging due to kernel taint [ 135.442847][ T7300] Kernel panic - not syncing: panic_on_warn set ... [ 135.449476][ T7300] CPU: 0 PID: 7300 Comm: syz-executor.0 Tainted: G B 5.6.0-syzkaller #0 [ 135.459084][ T7300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 135.469139][ T7300] Call Trace: [ 135.472422][ T7300] dump_stack+0x188/0x20d [ 135.476746][ T7300] panic+0x2e3/0x75c [ 135.480630][ T7300] ? add_taint.cold+0x16/0x16 [ 135.485297][ T7300] ? preempt_schedule_notrace_thunk+0x18/0x2c [ 135.491349][ T7300] ? preempt_schedule_thunk+0x16/0x18 [ 135.496709][ T7300] ? trace_hardirqs_on+0x55/0x220 [ 135.501730][ T7300] ? __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 135.507716][ T7300] end_report+0x43/0x49 [ 135.511874][ T7300] __kasan_report.cold+0xd/0x4d [ 135.516723][ T7300] ? __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 135.522698][ T7300] ? __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 135.528730][ T7300] kasan_report+0x33/0x50 [ 135.533082][ T7300] __kvm_gfn_to_hva_cache_init+0x5fb/0x670 [ 135.538968][ T7300] ? __kvm_write_guest_page+0x170/0x170 [ 135.544507][ T7300] kvm_lapic_set_vapic_addr+0x88/0x180 [ 135.549953][ T7300] kvm_arch_vcpu_ioctl+0xf0d/0x2c20 [ 135.555142][ T7300] ? kvm_arch_vcpu_put+0x530/0x530 [ 135.560255][ T7300] ? lock_acquire+0x1f2/0x8f0 [ 135.564919][ T7300] ? kvm_vcpu_ioctl+0x175/0xe60 [ 135.569758][ T7300] ? lock_release+0x800/0x800 [ 135.574423][ T7300] ? find_held_lock+0x2d/0x110 [ 135.579197][ T7300] ? __mutex_lock+0x458/0x13c0 [ 135.583963][ T7300] ? kfree+0x1eb/0x2b0 [ 135.588055][ T7300] ? kvm_vcpu_ioctl+0x175/0xe60 [ 135.592906][ T7300] ? mutex_trylock+0x2c0/0x2c0 [ 135.597677][ T7300] ? tomoyo_execute_permission+0x470/0x470 [ 135.603493][ T7300] ? __fget_files+0x30d/0x500 [ 135.608173][ T7300] kvm_vcpu_ioctl+0x866/0xe60 [ 135.612850][ T7300] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 135.619270][ T7300] ? ioctl_file_clone+0x180/0x180 [ 135.624295][ T7300] ? selinux_file_mprotect+0x610/0x610 [ 135.629854][ T7300] ? __fget_files+0x32f/0x500 [ 135.634558][ T7300] ? ksys_dup3+0x3c0/0x3c0 [ 135.638995][ T7300] ? __x64_sys_futex+0x380/0x4f0 [ 135.643946][ T7300] ? kvm_get_dirty_log_protect.isra.0+0x670/0x670 [ 135.650363][ T7300] ksys_ioctl+0x11a/0x180 [ 135.654690][ T7300] __x64_sys_ioctl+0x6f/0xb0 [ 135.659292][ T7300] ? lockdep_hardirqs_on+0x463/0x620 [ 135.664581][ T7300] do_syscall_64+0xf6/0x7d0 [ 135.669106][ T7300] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 135.675000][ T7300] RIP: 0033:0x45c849 [ 135.678896][ T7300] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 135.698584][ T7300] RSP: 002b:00007f3a82145c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 135.706996][ T7300] RAX: ffffffffffffffda RBX: 00007f3a821466d4 RCX: 000000000045c849 [ 135.714967][ T7300] RDX: 0000000020000080 RSI: 000000004008ae93 RDI: 0000000000000005 [ 135.723030][ T7300] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 135.730995][ T7300] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 135.738974][ T7300] R13: 00000000000003dc R14: 00000000004c66f7 R15: 000000000076bfac [ 135.748347][ T7300] Kernel Offset: disabled [ 135.752685][ T7300] Rebooting in 86400 seconds..