Warning: Permanently added '[localhost]:32107' (ECDSA) to the list of known hosts. [ 124.767218][ T39] audit: type=1400 audit(1576754945.301:42): avc: denied { map } for pid=9186 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16345 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2019/12/19 11:29:05 fuzzer started 2019/12/19 11:29:08 dialing manager at 10.0.2.10:33637 2019/12/19 11:29:08 syscalls: 2716 2019/12/19 11:29:08 code coverage: enabled 2019/12/19 11:29:08 comparison tracing: enabled 2019/12/19 11:29:08 extra coverage: enabled 2019/12/19 11:29:08 setuid sandbox: enabled 2019/12/19 11:29:08 namespace sandbox: enabled 2019/12/19 11:29:08 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/19 11:29:08 fault injection: enabled 2019/12/19 11:29:08 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/19 11:29:08 net packet injection: enabled 2019/12/19 11:29:08 net device setup: enabled 2019/12/19 11:29:08 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/19 11:29:08 devlink PCI setup: PCI device 0000:00:10.0 is not available 11:29:47 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = dup(0xffffffffffffffff) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) [ 167.465774][ T39] audit: type=1400 audit(1576754987.991:43): avc: denied { map } for pid=9209 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=24237 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 11:29:48 executing program 1: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ion\x00', 0x0, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) dup2(r0, r1) [ 168.037924][ T9210] IPVS: ftp: loaded support on port[0] = 21 [ 168.037933][ T9212] IPVS: ftp: loaded support on port[0] = 21 [ 168.389238][ T9212] chnl_net:caif_netlink_parms(): no params data found [ 168.427170][ T9210] chnl_net:caif_netlink_parms(): no params data found [ 168.499327][ T9210] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.526555][ T9210] bridge0: port 1(bridge_slave_0) entered disabled state 11:29:49 executing program 2: mkdir(0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x400000000002, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x3}, 0x4) r1 = socket$inet6(0xa, 0x3, 0x84) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) request_key(0x0, &(0x7f0000000380)={'syz', 0x3}, 0x0, 0xfffffffffffffffa) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x211, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) write$binfmt_elf32(r2, 0x0, 0x0) [ 168.557968][ T9210] device bridge_slave_0 entered promiscuous mode [ 168.604421][ T9210] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.630852][ T9210] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.656171][ T9210] device bridge_slave_1 entered promiscuous mode [ 168.694063][ T9212] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.712814][ T9212] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.726020][ T9212] device bridge_slave_0 entered promiscuous mode [ 168.748184][ T9210] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.778929][ T9210] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.809027][ T9212] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.834150][ T9212] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.860752][ T9212] device bridge_slave_1 entered promiscuous mode [ 168.904166][ T9210] team0: Port device team_slave_0 added [ 168.933770][ T9212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.957252][ T9210] team0: Port device team_slave_1 added [ 168.974735][ T9212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.998548][ T9216] IPVS: ftp: loaded support on port[0] = 21 11:29:49 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clock_adjtime(0x0, &(0x7f0000000100)={0x6fbbe6db}) [ 169.016049][ T9212] team0: Port device team_slave_0 added [ 169.043812][ T9212] team0: Port device team_slave_1 added [ 169.113434][ T9210] device hsr_slave_0 entered promiscuous mode [ 169.180426][ T9210] device hsr_slave_1 entered promiscuous mode [ 169.289979][ T9219] IPVS: ftp: loaded support on port[0] = 21 [ 169.386752][ T9212] device hsr_slave_0 entered promiscuous mode [ 169.510061][ T9212] device hsr_slave_1 entered promiscuous mode [ 169.580229][ T9212] debugfs: Directory 'hsr0' with parent '/' already present! [ 169.673224][ T39] audit: type=1400 audit(1576754990.211:44): avc: denied { create } for pid=9210 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 169.675819][ T9210] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 169.761308][ T39] audit: type=1400 audit(1576754990.211:45): avc: denied { write } for pid=9210 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 169.824534][ T39] audit: type=1400 audit(1576754990.211:46): avc: denied { read } for pid=9210 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 169.904982][ T9210] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 169.971621][ T9210] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 170.064975][ T9210] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 170.130557][ T9212] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 170.211683][ T9212] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 170.326610][ T9212] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 170.411056][ T9212] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 170.528368][ T9216] chnl_net:caif_netlink_parms(): no params data found [ 170.587075][ T9219] chnl_net:caif_netlink_parms(): no params data found [ 170.640924][ T9216] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.649859][ T9216] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.659950][ T9216] device bridge_slave_0 entered promiscuous mode [ 170.673183][ T9216] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.684746][ T9216] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.695527][ T9216] device bridge_slave_1 entered promiscuous mode [ 170.730438][ T9219] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.743842][ T9219] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.757918][ T9219] device bridge_slave_0 entered promiscuous mode [ 170.778429][ T9219] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.792278][ T9219] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.805005][ T9219] device bridge_slave_1 entered promiscuous mode [ 170.826807][ T9216] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 170.853180][ T9219] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 170.873228][ T9216] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 170.895927][ T9219] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 170.949047][ T9216] team0: Port device team_slave_0 added [ 170.987569][ T9216] team0: Port device team_slave_1 added [ 171.006273][ T9219] team0: Port device team_slave_0 added [ 171.017157][ T9219] team0: Port device team_slave_1 added [ 171.112511][ T9216] device hsr_slave_0 entered promiscuous mode [ 171.202793][ T9216] device hsr_slave_1 entered promiscuous mode [ 171.260356][ T9216] debugfs: Directory 'hsr0' with parent '/' already present! [ 171.331814][ T9219] device hsr_slave_0 entered promiscuous mode [ 171.450023][ T9219] device hsr_slave_1 entered promiscuous mode [ 171.520029][ T9219] debugfs: Directory 'hsr0' with parent '/' already present! [ 171.561426][ T9210] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.570262][ T9216] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 171.635243][ T9216] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 171.724719][ T9216] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 171.808884][ T9216] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 171.880972][ T9212] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.895858][ T9219] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 171.955882][ T9210] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.966328][ T3168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.977927][ T3168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.992121][ T9219] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 172.054612][ T9219] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 172.142648][ T9219] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 172.197543][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 172.208613][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 172.225375][ T9212] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.252829][ T3168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 172.264208][ T3168] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 172.275546][ T3168] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.285661][ T3168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.306158][ T3168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 172.322788][ T3168] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.335068][ T3168] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.344349][ T3168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.358782][ T3168] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 172.375540][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 172.389057][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 172.401398][ T9221] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.410070][ T9221] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.420065][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 172.432212][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.447423][ T9221] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.459086][ T9221] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.494307][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 172.508505][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 172.521552][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 172.532975][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.544584][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.555508][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.566070][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.576174][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.589259][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.605584][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.616462][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 172.634895][ T9224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.646479][ T9224] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.661238][ T9210] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.680681][ T3203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 172.692750][ T3203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.708329][ T3203] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.721069][ T3203] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.750301][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.764781][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.783055][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.794862][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.805268][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 172.814589][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 172.830774][ T9212] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 172.855549][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.868438][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.889175][ T9216] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.911983][ T9210] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.938162][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 172.951842][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 172.972929][ T9216] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.987348][ T39] audit: type=1400 audit(1576754993.521:47): avc: denied { associate } for pid=9210 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 173.004215][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 173.058751][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.076135][ T9221] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.087617][ T9221] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.100155][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 173.110820][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 173.130849][ T9219] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.149307][ T9227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 173.164818][ T9227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 173.179135][ T9227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 173.193728][ T9227] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.209620][ T9227] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.225424][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 173.252477][ T9212] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.306307][ T9219] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.333776][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 173.359153][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 173.385626][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 173.473705][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 173.488338][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 173.508424][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 11:29:54 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10) sendmmsg$unix(r1, &(0x7f0000000680), 0x4924924924925c6, 0x0) [ 173.525123][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 173.545257][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 173.559858][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.573426][ T18] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.576859][ T39] audit: type=1400 audit(1576754994.111:48): avc: denied { open } for pid=9234 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 173.586386][ T18] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.587348][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 173.619696][ T39] audit: type=1400 audit(1576754994.111:49): avc: denied { kernel } for pid=9234 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 173.669413][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 173.689271][ T9216] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 173.715136][ T9216] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network 11:29:54 executing program 1: mkdir(&(0x7f0000000a80)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000903000)='./file0\x00', 0x0, 0x100000, 0x0) perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x0, 0x0) [ 173.757604][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 173.769876][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 173.792286][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 173.806599][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 11:29:54 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) statx(r0, 0x0, 0x0, 0x0, 0x0) [ 173.822684][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 173.847831][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 173.873856][ T1220] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.889808][ T1220] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.920034][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 11:29:54 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = openat$urandom(0xffffffffffffff9c, 0x0, 0x0, 0x0) statx(r0, 0x0, 0x0, 0x0, 0x0) [ 174.004231][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 174.016284][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 174.043330][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 11:29:54 executing program 1: mkdir(&(0x7f0000000a80)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000903000)='./file0\x00', 0x0, 0x100000, 0x0) perf_event_open(&(0x7f00000003c0)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x0, 0x0) [ 174.079249][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 11:29:54 executing program 0: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000200)={0x80033d, 0x20000000209, 0x0, 0xffffffffffffffff}) dup2(r0, r1) [ 174.133690][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 174.181551][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 174.320081][ T3856] BUG: unable to handle page fault for address: fffff52001a00000 [ 174.369965][ T3856] #PF: supervisor read access in kernel mode [ 174.426186][ T3856] #PF: error_code(0x0000) - not-present page [ 174.442871][ T3856] PGD 7ffcd067 P4D 7ffcd067 PUD 2cd1c067 PMD 2850d067 PTE 0 [ 174.510623][ T3856] Oops: 0000 [#1] PREEMPT SMP KASAN [ 174.510623][ T3856] CPU: 1 PID: 3856 Comm: ion_system_heap Not tainted 5.5.0-rc2-syzkaller #0 [ 174.579875][ T3856] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 174.629087][ T3856] RIP: 0010:check_memory_region+0x9c/0x1a0 [ 174.649892][ T3856] Code: c9 4d 0f 49 c1 49 c1 f8 03 45 85 c0 0f 84 10 01 00 00 41 83 e8 01 4e 8d 44 c0 08 eb 0d 48 83 c0 08 4c 39 c0 0f 84 a7 00 00 00 <48> 83 38 00 74 ed 4c 8d 40 08 eb 09 48 83 c0 01 49 39 c0 74 53 80 [ 174.691586][ T3856] RSP: 0018:ffffc900087ffab8 EFLAGS: 00010216 [ 174.704311][ T3856] RAX: fffff52001a00000 RBX: fffff52001a04000 RCX: ffffffff85ded959 [ 174.715443][ T3856] RDX: 0000000000000001 RSI: 0000000000020000 RDI: ffffc9000d000000 [ 174.727984][ T3856] RBP: ffffc900087ffad0 R08: fffff52001a04000 R09: 0000000000004000 [ 174.739170][ T3856] R10: fffff52001a03fff R11: ffffc9000d01ffff R12: fffff52001a00000 [ 174.750746][ T3856] R13: 0000000000020000 R14: 0000000000000000 R15: ffffc900087ffd08 [ 174.769396][ T3856] FS: 0000000000000000(0000) GS:ffff88802d100000(0000) knlGS:0000000000000000 [ 174.785803][ T3856] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 174.798054][ T3856] CR2: fffff52001a00000 CR3: 000000001ef48000 CR4: 0000000000340ee0 [ 174.817473][ T3856] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 174.846560][ T3856] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 174.869648][ T3856] Call Trace: [ 174.876932][ T3856] memset+0x24/0x40 [ 174.883349][ T3856] ion_heap_clear_pages+0x49/0x70 [ 174.893044][ T3856] ion_heap_sglist_zero+0x210/0x270 [ 174.902958][ T3856] ? ion_heap_deferred_free+0x630/0x630 [ 174.910105][ T3856] ? mark_lock+0xc2/0x1220 [ 174.914760][ T3856] ? pgprot_writecombine+0x5e/0xf0 [ 174.923312][ T3856] ? pagerange_is_ram_callback+0x130/0x130 [ 174.929549][ T3856] ? ion_heap_deferred_free+0x295/0x630 [ 174.940113][ T3856] ion_heap_buffer_zero+0xf5/0x150 [ 174.952730][ T3856] ion_system_heap_free+0x1eb/0x250 [ 174.965679][ T3856] ion_buffer_destroy+0x159/0x2d0 [ 174.974087][ T3856] ion_heap_deferred_free+0x29d/0x630 [ 174.981108][ T3856] ? ion_heap_shrink_scan+0x1d0/0x1d0 [ 174.986904][ T3856] ? trace_hardirqs_on+0x67/0x240 [ 174.995583][ T3856] ? finish_wait+0x260/0x260 [ 175.005221][ T3856] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 175.014836][ T3856] ? __kthread_parkme+0x108/0x1c0 [ 175.023301][ T3856] ? __kasan_check_read+0x11/0x20 [ 175.029605][ T3856] kthread+0x361/0x430 [ 175.036591][ T3856] ? ion_heap_shrink_scan+0x1d0/0x1d0 [ 175.043620][ T3856] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 175.057791][ T3856] ret_from_fork+0x24/0x30 [ 175.066346][ T3856] Modules linked in: [ 175.075054][ T3856] CR2: fffff52001a00000 [ 175.085162][ T3856] ---[ end trace bff980cede0c3c03 ]--- [ 175.095504][ T3856] RIP: 0010:check_memory_region+0x9c/0x1a0 [ 175.103548][ T3856] Code: c9 4d 0f 49 c1 49 c1 f8 03 45 85 c0 0f 84 10 01 00 00 41 83 e8 01 4e 8d 44 c0 08 eb 0d 48 83 c0 08 4c 39 c0 0f 84 a7 00 00 00 <48> 83 38 00 74 ed 4c 8d 40 08 eb 09 48 83 c0 01 49 39 c0 74 53 80 [ 175.130871][ T3856] RSP: 0018:ffffc900087ffab8 EFLAGS: 00010216 [ 175.141328][ T3856] RAX: fffff52001a00000 RBX: fffff52001a04000 RCX: ffffffff85ded959 [ 175.155107][ T3856] RDX: 0000000000000001 RSI: 0000000000020000 RDI: ffffc9000d000000 [ 175.165934][ T3856] RBP: ffffc900087ffad0 R08: fffff52001a04000 R09: 0000000000004000 [ 175.178981][ T3856] R10: fffff52001a03fff R11: ffffc9000d01ffff R12: fffff52001a00000 [ 175.192383][ T3856] R13: 0000000000020000 R14: 0000000000000000 R15: ffffc900087ffd08 [ 175.203177][ T3856] FS: 0000000000000000(0000) GS:ffff88802d100000(0000) knlGS:0000000000000000 [ 175.213743][ T3856] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 175.222855][ T3856] CR2: fffff52001a00000 CR3: 000000001ef48000 CR4: 0000000000340ee0 [ 175.233080][ T3856] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 175.247561][ T3856] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 175.258063][ T3856] Kernel panic - not syncing: Fatal exception [ 175.266199][ T3856] Kernel Offset: disabled [ 175.266199][ T3856] Rebooting in 86400 seconds..