[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
Starting mcstransd: 
[   83.104194][   T27] audit: type=1400 audit(1578501434.134:37): avc:  denied  { watch } for  pid=10670 comm="restorecond" path="/root/.ssh" dev="sda1" ino=16179 scontext=system_u:system_r:kernel_t:s0 tcontext=unconfined_u:object_r:ssh_home_t:s0 tclass=dir permissive=1
[   83.111860][T10670] restorecond (10670) used greatest stack depth: 22920 bytes left
[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.46' (ECDSA) to the list of known hosts.
syzkaller login: [  123.341260][   T27] kauditd_printk_skb: 4 callbacks suppressed
[  123.341278][   T27] audit: type=1400 audit(1578501474.374:42): avc:  denied  { map } for  pid=10771 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
2020/01/08 16:37:54 parsed 1 programs
[  125.441005][   T27] audit: type=1400 audit(1578501476.474:43): avc:  denied  { map } for  pid=10771 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=22404 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
2020/01/08 16:37:57 executed programs: 0
[  126.358335][T10794] IPVS: ftp: loaded support on port[0] = 21
[  126.361149][T10798] IPVS: ftp: loaded support on port[0] = 21
[  126.373285][T10800] IPVS: ftp: loaded support on port[0] = 21
[  126.398811][T10802] IPVS: ftp: loaded support on port[0] = 21
[  126.400775][T10796] IPVS: ftp: loaded support on port[0] = 21
[  126.431277][T10803] IPVS: ftp: loaded support on port[0] = 21
[  126.757883][T10794] chnl_net:caif_netlink_parms(): no params data found
[  126.774863][T10800] chnl_net:caif_netlink_parms(): no params data found
[  126.830039][T10798] chnl_net:caif_netlink_parms(): no params data found
[  126.936697][T10802] chnl_net:caif_netlink_parms(): no params data found
[  126.984100][T10794] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.991926][T10794] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.999967][T10794] device bridge_slave_0 entered promiscuous mode
[  127.013473][T10803] chnl_net:caif_netlink_parms(): no params data found
[  127.026815][T10800] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.035705][T10800] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.043830][T10800] device bridge_slave_0 entered promiscuous mode
[  127.051923][T10796] chnl_net:caif_netlink_parms(): no params data found
[  127.061367][T10794] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.068877][T10794] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.077360][T10794] device bridge_slave_1 entered promiscuous mode
[  127.110284][T10800] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.117479][T10800] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.128314][T10800] device bridge_slave_1 entered promiscuous mode
[  127.168946][T10802] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.178897][T10802] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.188586][T10802] device bridge_slave_0 entered promiscuous mode
[  127.201359][T10802] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.210812][T10802] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.219528][T10802] device bridge_slave_1 entered promiscuous mode
[  127.249213][T10800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  127.259760][T10798] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.267981][T10798] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.277553][T10798] device bridge_slave_0 entered promiscuous mode
[  127.286518][T10794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  127.309211][T10802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  127.320385][T10800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  127.331058][T10798] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.338679][T10798] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.346808][T10798] device bridge_slave_1 entered promiscuous mode
[  127.363943][T10794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  127.385889][T10802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  127.465832][T10803] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.472917][T10803] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.482908][T10803] device bridge_slave_0 entered promiscuous mode
[  127.492375][T10798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  127.506107][T10798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  127.515493][T10796] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.522551][T10796] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.531030][T10796] device bridge_slave_0 entered promiscuous mode
[  127.541091][T10802] team0: Port device team_slave_0 added
[  127.551451][T10794] team0: Port device team_slave_0 added
[  127.559830][T10800] team0: Port device team_slave_0 added
[  127.568216][T10803] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.575910][T10803] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.584451][T10803] device bridge_slave_1 entered promiscuous mode
[  127.597392][T10796] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.605460][T10796] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.613616][T10796] device bridge_slave_1 entered promiscuous mode
[  127.621630][T10802] team0: Port device team_slave_1 added
[  127.632523][T10794] team0: Port device team_slave_1 added
[  127.639824][T10800] team0: Port device team_slave_1 added
[  127.747753][T10800] device hsr_slave_0 entered promiscuous mode
[  127.804236][T10800] device hsr_slave_1 entered promiscuous mode
[  127.846358][T10798] team0: Port device team_slave_0 added
[  127.860519][T10798] team0: Port device team_slave_1 added
[  127.869431][T10796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  127.881539][T10803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  127.965647][T10802] device hsr_slave_0 entered promiscuous mode
[  128.023575][T10802] device hsr_slave_1 entered promiscuous mode
[  128.093482][T10802] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  128.101402][T10802] Cannot create hsr debugfs directory
[  128.118583][T10796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  128.129975][T10803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  128.247102][T10794] device hsr_slave_0 entered promiscuous mode
[  128.283957][T10794] device hsr_slave_1 entered promiscuous mode
[  128.343471][T10794] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  128.351078][T10794] Cannot create hsr debugfs directory
[  128.395653][T10798] device hsr_slave_0 entered promiscuous mode
[  128.443741][T10798] device hsr_slave_1 entered promiscuous mode
[  128.493449][T10798] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  128.501094][T10798] Cannot create hsr debugfs directory
[  128.513058][T10796] team0: Port device team_slave_0 added
[  128.527761][T10803] team0: Port device team_slave_0 added
[  128.565406][T10796] team0: Port device team_slave_1 added
[  128.572603][T10803] team0: Port device team_slave_1 added
[  128.697030][T10803] device hsr_slave_0 entered promiscuous mode
[  128.733815][T10803] device hsr_slave_1 entered promiscuous mode
[  128.783381][T10803] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  128.790977][T10803] Cannot create hsr debugfs directory
[  128.937066][T10796] device hsr_slave_0 entered promiscuous mode
[  128.973788][T10796] device hsr_slave_1 entered promiscuous mode
[  129.013414][T10796] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  129.021067][T10796] Cannot create hsr debugfs directory
[  129.146984][   T27] audit: type=1400 audit(1578501480.184:44): avc:  denied  { create } for  pid=10800 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  129.172062][   T27] audit: type=1400 audit(1578501480.184:45): avc:  denied  { write } for  pid=10800 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  129.198052][   T27] audit: type=1400 audit(1578501480.184:46): avc:  denied  { read } for  pid=10800 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  129.252516][T10800] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  129.334873][T10794] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  129.385742][T10802] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  129.425662][T10798] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  129.486750][T10800] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  129.548958][T10800] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  129.608729][T10800] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  129.665694][T10794] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  129.705833][T10802] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  129.745882][T10798] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  129.789264][T10798] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  129.849892][T10798] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  129.898281][T10794] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  129.956671][T10794] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  130.015026][T10802] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  130.058497][T10802] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  130.195076][T10803] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  130.228076][T10803] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  130.296924][T10803] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  130.348369][T10803] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  130.404887][T10796] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  130.455969][T10796] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  130.492376][T10796] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  130.577530][T10796] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  130.791923][T10802] 8021q: adding VLAN 0 to HW filter on device bond0
[  130.819864][T10798] 8021q: adding VLAN 0 to HW filter on device bond0
[  130.839333][T10794] 8021q: adding VLAN 0 to HW filter on device bond0
[  130.872824][T10800] 8021q: adding VLAN 0 to HW filter on device bond0
[  130.882848][T10802] 8021q: adding VLAN 0 to HW filter on device team0
[  130.890741][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  130.900522][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  130.908684][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  130.916750][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  130.940730][T10798] 8021q: adding VLAN 0 to HW filter on device team0
[  130.950518][T10794] 8021q: adding VLAN 0 to HW filter on device team0
[  130.971221][T10800] 8021q: adding VLAN 0 to HW filter on device team0
[  130.987398][T10803] 8021q: adding VLAN 0 to HW filter on device bond0
[  130.997354][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  131.005504][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  131.016234][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  131.024880][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  131.032505][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  131.041432][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  131.050012][ T2677] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.057228][ T2677] bridge0: port 1(bridge_slave_0) entered forwarding state
[  131.082969][T10796] 8021q: adding VLAN 0 to HW filter on device bond0
[  131.096329][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  131.107861][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  131.118158][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  131.126931][ T2999] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.134035][ T2999] bridge0: port 1(bridge_slave_0) entered forwarding state
[  131.142825][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  131.151621][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  131.160035][ T2999] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.167171][ T2999] bridge0: port 2(bridge_slave_1) entered forwarding state
[  131.174979][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  131.183843][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  131.192220][ T2999] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.199320][ T2999] bridge0: port 1(bridge_slave_0) entered forwarding state
[  131.207971][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  131.216703][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  131.250424][ T2752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  131.259454][ T2752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  131.268585][ T2752] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.275713][ T2752] bridge0: port 1(bridge_slave_0) entered forwarding state
[  131.285074][ T2752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  131.294056][ T2752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  131.302568][ T2752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  131.311518][ T2752] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.318595][ T2752] bridge0: port 2(bridge_slave_1) entered forwarding state
[  131.327100][ T2752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  131.335721][ T2752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  131.344970][ T2752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  131.353753][ T2752] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.360876][ T2752] bridge0: port 2(bridge_slave_1) entered forwarding state
[  131.369379][ T2752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  131.378275][ T2752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  131.387392][ T2752] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.394512][ T2752] bridge0: port 2(bridge_slave_1) entered forwarding state
[  131.402229][ T2752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  131.438759][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  131.450569][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  131.459491][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  131.469252][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  131.478221][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  131.486699][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  131.496053][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  131.504403][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  131.512084][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  131.520770][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  131.530367][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  131.540644][T10803] 8021q: adding VLAN 0 to HW filter on device team0
[  131.554222][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  131.595138][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  131.604679][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  131.613939][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  131.622328][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  131.631573][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  131.640211][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  131.649776][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  131.658509][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  131.668147][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  131.677004][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  131.685864][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  131.695260][ T2999] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.702376][ T2999] bridge0: port 1(bridge_slave_0) entered forwarding state
[  131.710116][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  131.719060][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  131.727994][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  131.736705][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  131.745597][ T2999] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.752813][ T2999] bridge0: port 2(bridge_slave_1) entered forwarding state
[  131.762021][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  131.770077][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  131.778246][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  131.786791][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  131.795971][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  131.808582][T10796] 8021q: adding VLAN 0 to HW filter on device team0
[  131.840129][T10802] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  131.857120][T10802] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  131.867553][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  131.877036][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  131.885953][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  131.895317][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  131.903811][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  131.912121][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  131.920529][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  131.929371][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  131.938492][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  131.946960][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  131.956630][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  131.966308][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  131.977828][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  131.986366][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  131.996045][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  132.020955][T10798] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  132.041056][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  132.050468][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  132.059217][ T2999] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.066338][ T2999] bridge0: port 1(bridge_slave_0) entered forwarding state
[  132.074495][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  132.083059][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  132.091732][ T2999] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.098873][ T2999] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.106857][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  132.116759][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  132.127316][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  132.135975][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  132.166673][T10794] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  132.194534][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  132.205776][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  132.214548][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  132.223455][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  132.231874][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  132.240605][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  132.252008][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  132.289909][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  132.299634][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  132.308755][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  132.318838][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  132.326670][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  132.334236][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  132.343771][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  132.352320][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  132.361675][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  132.370999][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  132.387900][T10803] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  132.401258][T10803] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  132.438693][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  132.447621][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  132.458501][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  132.467133][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  132.475642][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  132.484504][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  132.492714][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  132.500484][ T2677] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  132.511333][T10802] 8021q: adding VLAN 0 to HW filter on device batadv0
[  132.524568][T10800] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  132.539327][T10794] 8021q: adding VLAN 0 to HW filter on device batadv0
[  132.554060][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  132.571459][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  132.581076][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  132.589097][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  132.608514][T10796] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  132.636595][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  132.646679][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  132.676490][T10798] 8021q: adding VLAN 0 to HW filter on device batadv0
[  132.715980][T10803] 8021q: adding VLAN 0 to HW filter on device batadv0
[  132.732482][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  132.740669][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  132.755848][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  132.763542][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  132.781745][T10800] 8021q: adding VLAN 0 to HW filter on device batadv0
[  132.808912][T10796] 8021q: adding VLAN 0 to HW filter on device batadv0
[  132.830132][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  132.844238][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  132.863345][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  132.872097][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  132.953825][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  132.962584][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  132.972567][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  132.982343][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  132.992142][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  133.001370][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  133.011028][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  133.019392][ T3029] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  133.029971][T10802] device veth0_vlan entered promiscuous mode
[  133.052909][T10794] device veth0_vlan entered promiscuous mode
[  133.066916][T10803] device veth0_vlan entered promiscuous mode
[  133.078914][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  133.088653][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  133.097668][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  133.106453][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  133.115299][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  133.124750][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  133.133799][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  133.141763][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  133.150643][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  133.159950][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  133.217979][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  133.227010][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  133.236173][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  133.247203][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  133.257165][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  133.265397][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  133.273673][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  133.281507][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  133.290985][T10794] device veth1_vlan entered promiscuous mode
[  133.304562][T10803] device veth1_vlan entered promiscuous mode
[  133.314068][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  133.322885][ T2999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  133.337704][T10800] device veth0_vlan entered promiscuous mode
[  133.376155][   T27] audit: type=1400 audit(1578501484.414:47): avc:  denied  { associate } for  pid=10803 comm="syz-executor.1" name="syz1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[  133.381363][T10802] device veth1_vlan entered promiscuous mode
[  133.442261][T10796] device veth0_vlan entered promiscuous mode
[  133.471667][T10800] device veth1_vlan entered promiscuous mode
[  133.491905][T10796] device veth1_vlan entered promiscuous mode
[  133.512672][T10798] device veth0_vlan entered promiscuous mode
[  133.556254][ T2762] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  133.574841][ T2762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  133.611330][T10798] device veth1_vlan entered promiscuous mode
[  133.668649][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  133.677839][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  133.686893][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  133.697062][   T27] audit: type=1804 audit(1578501484.734:48): pid=10824 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir903255893/syzkaller.TMnLpR/0/memory.events" dev="sda1" ino=16515 res=1
[  133.757266][   T27] audit: type=1800 audit(1578501484.784:49): pid=10824 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.1" name="memory.events" dev="sda1" ino=16515 res=0
[  133.789415][   T27] audit: type=1804 audit(1578501484.784:50): pid=10825 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir903255893/syzkaller.TMnLpR/0/memory.events" dev="sda1" ino=16515 res=1
[  133.852183][   T27] audit: type=1804 audit(1578501484.884:51): pid=10829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir466648654/syzkaller.3W0UsR/0/memory.events" dev="sda1" ino=16521 res=1
[  133.883628][   T27] audit: type=1800 audit(1578501484.884:52): pid=10829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.5" name="memory.events" dev="sda1" ino=16521 res=0
[  133.924914][   T27] audit: type=1804 audit(1578501484.894:53): pid=10829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir466648654/syzkaller.3W0UsR/0/memory.events" dev="sda1" ino=16521 res=1
[  134.049298][T10843] ==================================================================
[  134.057707][T10843] BUG: KASAN: use-after-free in macvlan_broadcast+0x547/0x620
[  134.065172][T10843] Read of size 4 at addr ffff8880a2af8801 by task syz-executor.1/10843
[  134.073408][T10843] 
[  134.075749][T10843] CPU: 0 PID: 10843 Comm: syz-executor.1 Not tainted 5.5.0-rc5-syzkaller #0
[  134.084418][T10843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  134.094490][T10843] Call Trace:
[  134.097802][T10843]  dump_stack+0x197/0x210
[  134.102153][T10843]  ? macvlan_broadcast+0x547/0x620
[  134.107287][T10843]  print_address_description.constprop.0.cold+0xd4/0x30b
[  134.114330][T10843]  ? macvlan_broadcast+0x547/0x620
[  134.119458][T10843]  ? macvlan_broadcast+0x547/0x620
[  134.124588][T10843]  __kasan_report.cold+0x1b/0x41
[  134.129542][T10843]  ? validate_xmit_xfrm+0x3d0/0xf10
[  134.134746][T10843]  ? macvlan_broadcast+0x547/0x620
[  134.139879][T10843]  kasan_report+0x12/0x20
[  134.144218][T10843]  __asan_report_load_n_noabort+0xf/0x20
[  134.149867][T10843]  macvlan_broadcast+0x547/0x620
[  134.154822][T10843]  ? validate_xmit_skb+0x81f/0xe50
[  134.159959][T10843]  macvlan_start_xmit+0x402/0x77f
[  134.164997][T10843]  dev_direct_xmit+0x419/0x630
[  134.169781][T10843]  ? __check_heap_object+0x91/0xb3
[  134.174915][T10843]  ? validate_xmit_skb_list+0x150/0x150
[  134.180473][T10843]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  134.186730][T10843]  ? netdev_pick_tx+0x14e/0xb00
[  134.191601][T10843]  packet_direct_xmit+0x1a9/0x250
[  134.196651][T10843]  packet_sendmsg+0x260d/0x6220
[  134.201514][T10843]  ? __kasan_check_read+0x11/0x20
[  134.206546][T10843]  ? __lock_acquire+0x16f2/0x4a00
[  134.211599][T10843]  ? __sched_text_start+0x8/0x8
[  134.216467][T10843]  ? __might_fault+0x12b/0x1e0
[  134.221253][T10843]  ? tomoyo_get_group+0x372/0x5fd
[  134.226302][T10843]  ? packet_notifier+0x880/0x880
[  134.231268][T10843]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  134.234344][   T27] audit: type=1804 audit(1578501484.964:54): pid=10834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir903255893/syzkaller.TMnLpR/0/memory.events" dev="sda1" ino=16515 res=1
[  134.237527][T10843]  ? security_socket_sendmsg+0x8d/0xc0
[  134.265900][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  134.271099][T10843]  ? packet_notifier+0x880/0x880
[  134.283483][T10843]  sock_sendmsg+0xd7/0x130
[  134.288098][T10843]  ____sys_sendmsg+0x753/0x880
[  134.292888][T10843]  ? kernel_sendmsg+0x50/0x50
[  134.297588][T10843]  ? __fget+0x35d/0x550
[  134.301759][T10843]  ? find_held_lock+0x35/0x130
[  134.306550][T10843]  ___sys_sendmsg+0x100/0x170
[  134.311345][T10843]  ? sendmsg_copy_msghdr+0x70/0x70
[  134.316495][T10843]  ? __kasan_check_read+0x11/0x20
[  134.321638][T10843]  ? __fget+0x37f/0x550
[  134.325807][T10843]  ? ksys_dup3+0x3e0/0x3e0
[  134.330249][T10843]  ? __fdget+0x1b/0x20
[  134.334322][T10843]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  134.340665][T10843]  __sys_sendmsg+0x105/0x1d0
[  134.345371][T10843]  ? __sys_sendmsg_sock+0xc0/0xc0
[  134.349457][   T27] audit: type=1800 audit(1578501484.964:55): pid=10834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.1" name="memory.events" dev="sda1" ino=16515 res=0
[  134.350410][T10843]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  134.379826][T10843]  ? do_syscall_64+0x26/0x790
[  134.384522][T10843]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  134.390610][T10843]  ? do_syscall_64+0x26/0x790
[  134.395308][T10843]  __x64_sys_sendmsg+0x78/0xb0
[  134.400090][T10843]  do_syscall_64+0xfa/0x790
[  134.402338][   T27] audit: type=1804 audit(1578501484.964:56): pid=10834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir903255893/syzkaller.TMnLpR/0/memory.events" dev="sda1" ino=16515 res=1
[  134.404600][T10843]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  134.404612][T10843] RIP: 0033:0x45af49
[  134.404628][T10843] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  134.404635][T10843] RSP: 002b:00007fe685884c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  134.404648][T10843] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045af49
[  134.404656][T10843] RDX: 0000000000000000 RSI: 0000000020007780 RDI: 0000000000000031
[  134.404664][T10843] RBP: 000000000075c1c0 R08: 0000000000000000 R09: 0000000000000000
[  134.404672][T10843] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe6858856d4
[  134.404681][T10843] R13: 00000000004ca92d R14: 00000000004e3cd8 R15: 00000000ffffffff
[  134.404700][T10843] 
[  134.404708][T10843] Allocated by task 10734:
[  134.404722][T10843]  save_stack+0x23/0x90
[  134.404740][T10843]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  134.527072][T10843]  kasan_kmalloc+0x9/0x10
[  134.531449][T10843]  __kmalloc+0x163/0x770
[  134.535707][T10843]  tomoyo_realpath_from_path+0xc5/0x660
[  134.541263][T10843]  tomoyo_path_perm+0x230/0x430
[  134.546123][T10843]  tomoyo_inode_getattr+0x1d/0x30
[  134.551162][T10843]  security_inode_getattr+0xf2/0x150
[  134.555028][   T27] audit: type=1804 audit(1578501485.034:57): pid=10839 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir466648654/syzkaller.3W0UsR/0/memory.events" dev="sda1" ino=16521 res=1
[  134.556449][T10843]  vfs_getattr+0x25/0x70
[  134.556462][T10843]  vfs_statx_fd+0x71/0xc0
[  134.556473][T10843]  __do_sys_newfstat+0x9b/0x120
[  134.556491][T10843]  __x64_sys_newfstat+0x54/0x80
[  134.602978][T10843]  do_syscall_64+0xfa/0x790
[  134.607494][T10843]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  134.613405][T10843] 
[  134.615737][T10843] Freed by task 10734:
[  134.619815][T10843]  save_stack+0x23/0x90
[  134.623979][T10843]  __kasan_slab_free+0x102/0x150
[  134.628924][T10843]  kasan_slab_free+0xe/0x10
[  134.633690][T10843]  kfree+0x10a/0x2c0
[  134.637611][T10843]  tomoyo_realpath_from_path+0x1a7/0x660
[  134.643256][T10843]  tomoyo_path_perm+0x230/0x430
[  134.648117][T10843]  tomoyo_inode_getattr+0x1d/0x30
[  134.649125][   T27] audit: type=1800 audit(1578501485.034:58): pid=10839 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.5" name="memory.events" dev="sda1" ino=16521 res=0
[  134.653150][T10843]  security_inode_getattr+0xf2/0x150
[  134.653164][T10843]  vfs_getattr+0x25/0x70
[  134.653176][T10843]  vfs_statx_fd+0x71/0xc0
[  134.653188][T10843]  __do_sys_newfstat+0x9b/0x120
[  134.653201][T10843]  __x64_sys_newfstat+0x54/0x80
[  134.653216][T10843]  do_syscall_64+0xfa/0x790
[  134.653231][T10843]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  134.653235][T10843] 
[  134.653246][T10843] The buggy address belongs to the object at ffff8880a2af8000
[  134.653246][T10843]  which belongs to the cache kmalloc-4k of size 4096
[  134.653259][T10843] The buggy address is located 2049 bytes inside of
[  134.653259][T10843]  4096-byte region [ffff8880a2af8000, ffff8880a2af9000)
[  134.653264][T10843] The buggy address belongs to the page:
[  134.653280][T10843] page:ffffea00028abe00 refcount:1 mapcount:0 mapping:ffff8880aa402000 index:0x0 compound_mapcount: 0
[  134.653301][T10843] raw: 00fffe0000010200 ffffea00027d7b08 ffffea00027aab08 ffff8880aa402000
[  134.653316][T10843] raw: 0000000000000000 ffff8880a2af8000 0000000100000001 0000000000000000
[  134.653322][T10843] page dumped because: kasan: bad access detected
[  134.653326][T10843] 
[  134.653331][T10843] Memory state around the buggy address:
[  134.653343][T10843]  ffff8880a2af8700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  134.653355][T10843]  ffff8880a2af8780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  134.653364][T10843] >ffff8880a2af8800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  134.653368][T10843]                    ^
[  134.653379][T10843]  ffff8880a2af8880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  134.653389][T10843]  ffff8880a2af8900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  134.653395][T10843] ==================================================================
[  134.653400][T10843] Disabling lock debugging due to kernel taint
[  134.653467][T10843] Kernel panic - not syncing: panic_on_warn set ...
[  134.653482][T10843] CPU: 0 PID: 10843 Comm: syz-executor.1 Tainted: G    B             5.5.0-rc5-syzkaller #0
[  134.653488][T10843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  134.653492][T10843] Call Trace:
[  134.653509][T10843]  dump_stack+0x197/0x210
[  134.653527][T10843]  panic+0x2e3/0x75c
[  134.653539][T10843]  ? add_taint.cold+0x16/0x16
[  134.653550][T10843]  ? retint_kernel+0x2b/0x2b
[  134.653569][T10843]  ? trace_hardirqs_on+0x5e/0x240
[  134.653592][T10843]  ? macvlan_broadcast+0x547/0x620
[  134.653607][T10843]  end_report+0x47/0x4f
[  134.653619][T10843]  ? macvlan_broadcast+0x547/0x620
[  134.653637][T10843]  __kasan_report.cold+0xe/0x41
[  134.693746][   T27] audit: type=1804 audit(1578501485.034:59): pid=10839 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir466648654/syzkaller.3W0UsR/0/memory.events" dev="sda1" ino=16521 res=1
[  134.696488][T10843]  ? validate_xmit_xfrm+0x3d0/0xf10
[  134.696505][T10843]  ? macvlan_broadcast+0x547/0x620
[  134.696525][T10843]  kasan_report+0x12/0x20
[  134.701444][   T27] audit: type=1804 audit(1578501485.044:60): pid=10837 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir059333242/syzkaller.l6JRnJ/0/memory.events" dev="sda1" ino=16527 res=1
[  134.705838][T10843]  __asan_report_load_n_noabort+0xf/0x20
[  134.705854][T10843]  macvlan_broadcast+0x547/0x620
[  134.705868][T10843]  ? validate_xmit_skb+0x81f/0xe50
[  134.705885][T10843]  macvlan_start_xmit+0x402/0x77f
[  134.705899][T10843]  dev_direct_xmit+0x419/0x630
[  134.705911][T10843]  ? __check_heap_object+0x91/0xb3
[  134.705923][T10843]  ? validate_xmit_skb_list+0x150/0x150
[  134.705939][T10843]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  134.705956][T10843]  ? netdev_pick_tx+0x14e/0xb00
[  134.719895][   T27] audit: type=1800 audit(1578501485.044:61): pid=10837 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="memory.events" dev="sda1" ino=16527 res=0
[  134.728178][T10843]  packet_direct_xmit+0x1a9/0x250
[  134.728192][T10843]  packet_sendmsg+0x260d/0x6220
[  134.728207][T10843]  ? __kasan_check_read+0x11/0x20
[  134.728219][T10843]  ? __lock_acquire+0x16f2/0x4a00
[  134.728232][T10843]  ? __sched_text_start+0x8/0x8
[  134.728251][T10843]  ? __might_fault+0x12b/0x1e0
[  134.744315][   T27] audit: type=1804 audit(1578501485.064:62): pid=10837 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir059333242/syzkaller.l6JRnJ/0/memory.events" dev="sda1" ino=16527 res=1
[  134.747298][T10843]  ? tomoyo_get_group+0x372/0x5fd
[  134.747314][T10843]  ? packet_notifier+0x880/0x880
[  134.747337][T10843]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  134.760938][   T27] audit: type=1804 audit(1578501485.184:63): pid=10829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir466648654/syzkaller.3W0UsR/0/memory.events" dev="sda1" ino=16521 res=1
[  134.766806][T10843]  ? security_socket_sendmsg+0x8d/0xc0
[  134.766823][T10843]  ? packet_notifier+0x880/0x880
[  134.766840][T10843]  sock_sendmsg+0xd7/0x130
[  134.766855][T10843]  ____sys_sendmsg+0x753/0x880
[  134.766869][T10843]  ? kernel_sendmsg+0x50/0x50
[  134.766883][T10843]  ? __fget+0x35d/0x550
[  134.766896][T10843]  ? find_held_lock+0x35/0x130
[  134.766914][T10843]  ___sys_sendmsg+0x100/0x170
[  134.766929][T10843]  ? sendmsg_copy_msghdr+0x70/0x70
[  134.766941][T10843]  ? __kasan_check_read+0x11/0x20
[  134.766953][T10843]  ? __fget+0x37f/0x550
[  134.766966][T10843]  ? ksys_dup3+0x3e0/0x3e0
[  134.766983][T10843]  ? __fdget+0x1b/0x20
[  134.766996][T10843]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  134.767014][T10843]  __sys_sendmsg+0x105/0x1d0
[  135.234961][T10843]  ? __sys_sendmsg_sock+0xc0/0xc0
[  135.239995][T10843]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  135.245512][T10843]  ? do_syscall_64+0x26/0x790
[  135.250177][T10843]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  135.256245][T10843]  ? do_syscall_64+0x26/0x790
[  135.260923][T10843]  __x64_sys_sendmsg+0x78/0xb0
[  135.265674][T10843]  do_syscall_64+0xfa/0x790
[  135.270206][T10843]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  135.276084][T10843] RIP: 0033:0x45af49
[  135.279961][T10843] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  135.299549][T10843] RSP: 002b:00007fe685884c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  135.308058][T10843] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045af49
[  135.316019][T10843] RDX: 0000000000000000 RSI: 0000000020007780 RDI: 0000000000000031
[  135.323983][T10843] RBP: 000000000075c1c0 R08: 0000000000000000 R09: 0000000000000000
[  135.331950][T10843] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe6858856d4
[  135.339918][T10843] R13: 00000000004ca92d R14: 00000000004e3cd8 R15: 00000000ffffffff
[  135.349189][T10843] Kernel Offset: disabled
[  135.353524][T10843] Rebooting in 86400 seconds..