[ 33.426790] audit: type=1800 audit(1556170339.027:33): pid=6894 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 33.450400] audit: type=1800 audit(1556170339.027:34): pid=6894 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 37.646291] random: sshd: uninitialized urandom read (32 bytes read) [ 37.842808] audit: type=1400 audit(1556170343.447:35): avc: denied { map } for pid=7065 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 37.895665] random: sshd: uninitialized urandom read (32 bytes read) [ 38.530756] random: sshd: uninitialized urandom read (32 bytes read) [ 38.725824] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.202' (ECDSA) to the list of known hosts. [ 44.239130] random: sshd: uninitialized urandom read (32 bytes read) [ 44.423824] audit: type=1400 audit(1556170350.027:36): avc: denied { map } for pid=7077 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/04/25 05:32:30 parsed 1 programs [ 45.216488] audit: type=1400 audit(1556170350.817:37): avc: denied { map } for pid=7077 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=100 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 46.172388] random: cc1: uninitialized urandom read (8 bytes read) 2019/04/25 05:32:32 executed programs: 0 [ 46.970254] audit: type=1400 audit(1556170352.567:38): avc: denied { map } for pid=7077 comm="syz-execprog" path="/root/syzkaller-shm092690109" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 47.770179] IPVS: ftp: loaded support on port[0] = 21 [ 48.095279] chnl_net:caif_netlink_parms(): no params data found [ 48.105393] IPVS: ftp: loaded support on port[0] = 21 [ 48.159175] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.166042] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.173161] device bridge_slave_0 entered promiscuous mode [ 48.182562] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.188987] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.196291] device bridge_slave_1 entered promiscuous mode [ 48.222888] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.232066] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.252995] IPVS: ftp: loaded support on port[0] = 21 [ 48.254432] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.266686] team0: Port device team_slave_0 added [ 48.279087] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.286493] team0: Port device team_slave_1 added [ 48.301369] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.324415] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.432376] device hsr_slave_0 entered promiscuous mode [ 48.470619] device hsr_slave_1 entered promiscuous mode [ 48.510775] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 48.520830] chnl_net:caif_netlink_parms(): no params data found [ 48.533022] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 48.579210] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.585682] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.592684] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.599060] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.607507] IPVS: ftp: loaded support on port[0] = 21 [ 48.628991] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.636317] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.643293] device bridge_slave_0 entered promiscuous mode [ 48.650851] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.657258] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.664393] device bridge_slave_1 entered promiscuous mode [ 48.720167] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.734613] chnl_net:caif_netlink_parms(): no params data found [ 48.748118] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.786184] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.793975] team0: Port device team_slave_0 added [ 48.801955] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.809071] team0: Port device team_slave_1 added [ 48.814630] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.823249] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.902038] device hsr_slave_0 entered promiscuous mode [ 48.940305] device hsr_slave_1 entered promiscuous mode [ 48.986610] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 48.996725] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 49.004908] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.011438] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.018295] device bridge_slave_0 entered promiscuous mode [ 49.039771] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.046295] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.054504] device bridge_slave_1 entered promiscuous mode [ 49.083051] IPVS: ftp: loaded support on port[0] = 21 [ 49.099838] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.108691] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.122457] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 49.128516] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.154584] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.172082] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.179018] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 49.201798] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 49.209506] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.244469] chnl_net:caif_netlink_parms(): no params data found [ 49.254728] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.262472] team0: Port device team_slave_0 added [ 49.268083] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.275603] team0: Port device team_slave_1 added [ 49.281438] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.303587] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.320782] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 49.327534] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 49.334597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.373370] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 49.379450] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.396837] IPVS: ftp: loaded support on port[0] = 21 [ 49.413199] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 49.462219] device hsr_slave_0 entered promiscuous mode [ 49.500317] device hsr_slave_1 entered promiscuous mode [ 49.543683] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 49.551382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.559057] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.566684] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.573031] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.579951] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.587985] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.595217] device bridge_slave_0 entered promiscuous mode [ 49.604693] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.611414] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.618304] device bridge_slave_1 entered promiscuous mode [ 49.627899] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 49.635554] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 49.647893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.655626] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.663289] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.669627] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.714324] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 49.748387] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.758067] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.766218] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 49.779112] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 49.816080] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.823635] team0: Port device team_slave_0 added [ 49.828590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 49.849215] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.856363] team0: Port device team_slave_1 added [ 49.862968] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 49.873341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 49.882802] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.892844] chnl_net:caif_netlink_parms(): no params data found [ 49.908669] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.919688] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.935301] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.943519] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 49.968547] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.976167] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.034734] device hsr_slave_0 entered promiscuous mode [ 50.090490] device hsr_slave_1 entered promiscuous mode [ 50.130726] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.137965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.145703] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.194691] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.203026] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.212171] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 50.227377] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.234230] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.241674] device bridge_slave_0 entered promiscuous mode [ 50.264765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.272431] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.282526] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.289478] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 50.309113] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.315692] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.322617] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.329485] device bridge_slave_1 entered promiscuous mode [ 50.353550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.360524] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.367326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.374782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.384538] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 50.391437] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.400497] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.411858] chnl_net:caif_netlink_parms(): no params data found [ 50.423754] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.432518] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 50.438522] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.448496] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.455701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.464331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.472118] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.478452] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.486838] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.498788] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.514709] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.521769] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.529372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.538659] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.545073] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.554576] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 50.576488] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 50.586787] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.593063] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 50.601385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 50.608967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.616584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.625931] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 50.641224] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.651404] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 50.657470] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.674374] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.681875] team0: Port device team_slave_0 added [ 50.688000] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.700950] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.721498] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 50.728966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.736863] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.746293] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.752676] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.759602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.768195] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.777093] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.784614] team0: Port device team_slave_1 added [ 50.799854] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.807306] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.814834] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.822546] device bridge_slave_0 entered promiscuous mode [ 50.831607] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 50.841047] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 50.848088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 50.855391] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.862318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.869912] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.877764] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.884148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.892219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 50.899743] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.911020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.918371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.926077] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.933777] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.956212] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.962651] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.969459] device bridge_slave_1 entered promiscuous mode [ 50.993744] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 51.003835] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.052252] device hsr_slave_0 entered promiscuous mode [ 51.090335] device hsr_slave_1 entered promiscuous mode [ 51.159015] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.166966] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.174862] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.182733] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.190422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.199781] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 51.207165] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.218294] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.247593] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.257825] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.267757] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.288469] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.309581] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.330685] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 51.338367] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 51.351124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.358816] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.366876] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.375520] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.385832] team0: Port device team_slave_0 added [ 51.403873] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.419886] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.437734] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 51.446448] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.456457] team0: Port device team_slave_1 added [ 51.462058] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.469329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.477500] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.488157] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.499632] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.518229] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.525719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.534375] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.540818] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.548375] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 51.559808] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 51.602675] device hsr_slave_0 entered promiscuous mode [ 51.650399] device hsr_slave_1 entered promiscuous mode [ 51.676045] hrtimer: interrupt took 36721 ns [ 51.683075] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.690886] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.698410] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.706794] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.722244] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 51.728281] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.748450] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.767827] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.777517] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.795248] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.803172] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.810969] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.817341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.824688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.838390] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.857101] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.873027] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 51.881661] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.889432] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.899360] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.905739] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.921317] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.939226] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.948480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 2019/04/25 05:32:37 executed programs: 13 [ 51.963988] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.974228] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.993717] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.000519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.007403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.016612] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.027832] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.038433] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.045589] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.056110] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.066312] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.074169] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.082503] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.089937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.097796] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.105812] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.116057] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.125592] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.135337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.143580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.151816] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.158170] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.165266] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.172688] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.182413] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.193302] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.205869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.213598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.224800] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.233262] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.239631] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.246984] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.255044] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.271728] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.277752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.296938] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.305506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.324867] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.336973] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.348709] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.361117] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.370959] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.378954] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.386662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.395609] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.403346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.411107] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.419613] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.429490] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.440315] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.450322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.458551] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.466096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.473653] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.496411] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.502668] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.513415] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.533338] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.543219] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.554556] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.564594] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.571722] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.578696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.586000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.594838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.603715] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.610921] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.619210] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.627424] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.633858] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.649172] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.656630] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.664390] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.672948] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.681127] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.687515] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.699635] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.713551] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.721592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.729169] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.739901] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.748043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.756441] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.764904] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.775278] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.783421] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.791870] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.802948] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.810725] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.818159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.827595] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.834958] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.842665] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.860548] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.866573] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.887798] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.899711] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.756535] ================================================================== [ 53.764038] BUG: KASAN: use-after-free in __vb2_perform_fileio+0xddf/0xeb0 [ 53.771070] Read of size 4 at addr ffff888085cf3e5c by task syz-executor.0/7212 [ 53.778549] [ 53.780184] CPU: 0 PID: 7212 Comm: syz-executor.0 Not tainted 4.14.113 #3 [ 53.787104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.796454] Call Trace: [ 53.799046] dump_stack+0x138/0x19c [ 53.802681] ? __vb2_perform_fileio+0xddf/0xeb0 [ 53.807351] print_address_description.cold+0x7c/0x1dc [ 53.812664] ? __vb2_perform_fileio+0xddf/0xeb0 [ 53.817355] kasan_report.cold+0xaf/0x2b5 [ 53.817380] __asan_report_load4_noabort+0x14/0x20 [ 53.817393] __vb2_perform_fileio+0xddf/0xeb0 [ 53.817409] ? vb2_core_poll+0x600/0x600 [ 53.817422] ? finish_task_switch+0x178/0x660 [ 53.839614] ? finish_task_switch+0x14d/0x660 [ 53.844149] vb2_read+0x3b/0x50 [ 53.847434] vb2_fop_read+0x1f5/0x3e0 [ 53.851253] ? vb2_fop_write+0x3e0/0x3e0 [ 53.855322] v4l2_read+0x1ac/0x210 [ 53.858862] __vfs_read+0x107/0x6b0 [ 53.862478] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 53.869166] ? v4l2_write+0x210/0x210 [ 53.872956] ? vfs_copy_file_range+0xa40/0xa40 [ 53.877557] ? __inode_security_revalidate+0xd6/0x130 [ 53.882748] ? avc_policy_seqno+0x9/0x20 [ 53.886802] ? selinux_file_permission+0x85/0x480 [ 53.891672] ? security_file_permission+0x8f/0x1f0 [ 53.896636] ? rw_verify_area+0xea/0x2b0 [ 53.900702] vfs_read+0x137/0x350 [ 53.904163] SyS_read+0xb8/0x180 [ 53.907541] ? kernel_write+0x120/0x120 [ 53.911523] ? do_syscall_64+0x53/0x630 [ 53.915503] ? kernel_write+0x120/0x120 [ 53.919483] do_syscall_64+0x1eb/0x630 [ 53.923364] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.928205] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 53.933374] RIP: 0033:0x458d99 [ 53.936557] RSP: 002b:00007f04f9091c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 53.944290] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458d99 [ 53.951625] RDX: 0000000000000052 RSI: 0000000020000540 RDI: 0000000000000004 [ 53.958888] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 53.966154] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f04f90926d4 [ 53.973409] R13: 00000000004c4aa8 R14: 00000000004da068 R15: 00000000ffffffff [ 53.980687] [ 53.982314] Allocated by task 7212: [ 53.985939] save_stack_trace+0x16/0x20 [ 53.989908] save_stack+0x45/0xd0 [ 53.993344] kasan_kmalloc+0xce/0xf0 [ 53.997056] kmem_cache_alloc_trace+0x152/0x790 [ 54.001754] __vb2_init_fileio+0x182/0xa90 [ 54.006007] __vb2_perform_fileio+0x9f0/0xeb0 [ 54.010557] vb2_read+0x3b/0x50 [ 54.013833] vb2_fop_read+0x1f5/0x3e0 [ 54.017637] v4l2_read+0x1ac/0x210 [ 54.021204] __vfs_read+0x107/0x6b0 [ 54.024838] vfs_read+0x137/0x350 [ 54.028292] SyS_read+0xb8/0x180 [ 54.031660] do_syscall_64+0x1eb/0x630 [ 54.035533] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 54.040719] [ 54.042339] Freed by task 7205: [ 54.045609] save_stack_trace+0x16/0x20 [ 54.049572] save_stack+0x45/0xd0 [ 54.053008] kasan_slab_free+0x75/0xc0 [ 54.056879] kfree+0xcc/0x270 [ 54.059968] __vb2_cleanup_fileio+0xfc/0x150 [ 54.064365] vb2_core_queue_release+0x1d/0x80 [ 54.068852] _vb2_fop_release+0x1cf/0x2a0 [ 54.072993] vb2_fop_release+0x75/0xc0 [ 54.076879] vivid_fop_release+0x180/0x3f0 [ 54.081103] v4l2_release+0xfb/0x190 [ 54.084815] __fput+0x277/0x7a0 [ 54.088104] ____fput+0x16/0x20 [ 54.091379] task_work_run+0x119/0x190 [ 54.095269] exit_to_usermode_loop+0x1da/0x220 [ 54.099843] do_syscall_64+0x4a9/0x630 [ 54.105237] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 54.110412] [ 54.112051] The buggy address belongs to the object at ffff888085cf3b40 [ 54.112051] which belongs to the cache kmalloc-1024 of size 1024 [ 54.124973] The buggy address is located 796 bytes inside of [ 54.124973] 1024-byte region [ffff888085cf3b40, ffff888085cf3f40) [ 54.136971] The buggy address belongs to the page: [ 54.141895] page:ffffea0002173c80 count:1 mapcount:0 mapping:ffff888085cf2040 index:0x0 compound_mapcount: 0 [ 54.151869] flags: 0x1fffc0000008100(slab|head) [ 54.156554] raw: 01fffc0000008100 ffff888085cf2040 0000000000000000 0000000100000007 [ 54.164426] raw: ffffea0002704920 ffffea000229e720 ffff8880aa800ac0 0000000000000000 [ 54.172299] page dumped because: kasan: bad access detected [ 54.177989] [ 54.179600] Memory state around the buggy address: [ 54.184526] ffff888085cf3d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.191884] ffff888085cf3d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.199251] >ffff888085cf3e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.206604] ^ [ 54.212830] ffff888085cf3e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.220190] ffff888085cf3f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 54.227580] ================================================================== [ 54.234936] Disabling lock debugging due to kernel taint [ 54.254038] Kernel panic - not syncing: panic_on_warn set ... [ 54.254038] [ 54.261434] CPU: 1 PID: 7212 Comm: syz-executor.0 Tainted: G B 4.14.113 #3 [ 54.269591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.278929] Call Trace: [ 54.281499] dump_stack+0x138/0x19c [ 54.285106] ? __vb2_perform_fileio+0xddf/0xeb0 [ 54.289777] panic+0x1f2/0x438 [ 54.292948] ? add_taint.cold+0x16/0x16 [ 54.296900] ? ___preempt_schedule+0x16/0x18 [ 54.301290] kasan_end_report+0x47/0x4f [ 54.305255] kasan_report.cold+0x136/0x2b5 [ 54.309468] __asan_report_load4_noabort+0x14/0x20 [ 54.314381] __vb2_perform_fileio+0xddf/0xeb0 [ 54.318871] ? vb2_core_poll+0x600/0x600 [ 54.322915] ? finish_task_switch+0x178/0x660 [ 54.327384] ? finish_task_switch+0x14d/0x660 [ 54.331856] vb2_read+0x3b/0x50 [ 54.335127] vb2_fop_read+0x1f5/0x3e0 [ 54.338910] ? vb2_fop_write+0x3e0/0x3e0 [ 54.342973] v4l2_read+0x1ac/0x210 [ 54.346498] __vfs_read+0x107/0x6b0 [ 54.350113] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 54.356756] ? v4l2_write+0x210/0x210 [ 54.360550] ? vfs_copy_file_range+0xa40/0xa40 [ 54.365134] ? __inode_security_revalidate+0xd6/0x130 [ 54.370305] ? avc_policy_seqno+0x9/0x20 [ 54.374344] ? selinux_file_permission+0x85/0x480 [ 54.379167] ? security_file_permission+0x8f/0x1f0 [ 54.384077] ? rw_verify_area+0xea/0x2b0 [ 54.388116] vfs_read+0x137/0x350 [ 54.391550] SyS_read+0xb8/0x180 [ 54.394895] ? kernel_write+0x120/0x120 [ 54.398852] ? do_syscall_64+0x53/0x630 [ 54.402816] ? kernel_write+0x120/0x120 [ 54.406780] do_syscall_64+0x1eb/0x630 [ 54.410645] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 54.415478] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 54.420648] RIP: 0033:0x458d99 [ 54.423814] RSP: 002b:00007f04f9091c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 54.431504] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458d99 [ 54.438756] RDX: 0000000000000052 RSI: 0000000020000540 RDI: 0000000000000004 [ 54.446044] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 54.453299] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f04f90926d4 [ 54.460565] R13: 00000000004c4aa8 R14: 00000000004da068 R15: 00000000ffffffff [ 54.468501] Kernel Offset: disabled [ 54.472125] Rebooting in 86400 seconds..