[ 31.869230] audit: type=1800 audit(1576234776.443:33): pid=6841 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 31.895860] audit: type=1800 audit(1576234776.453:34): pid=6841 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.011358] random: sshd: uninitialized urandom read (32 bytes read) [ 36.420840] audit: type=1400 audit(1576234781.003:35): avc: denied { map } for pid=7014 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 36.471163] random: sshd: uninitialized urandom read (32 bytes read) [ 37.038694] random: sshd: uninitialized urandom read (32 bytes read) [ 37.227283] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.10.17' (ECDSA) to the list of known hosts. [ 42.751013] random: sshd: uninitialized urandom read (32 bytes read) [ 42.875420] audit: type=1400 audit(1576234787.453:36): avc: denied { map } for pid=7026 comm="syz-executor128" path="/root/syz-executor128215221" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 43.131362] IPVS: ftp: loaded support on port[0] = 21 [ 43.866663] audit: type=1400 audit(1576234788.443:37): avc: denied { create } for pid=7035 comm="syz-executor128" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 43.891814] audit: type=1400 audit(1576234788.443:38): avc: denied { write } for pid=7035 comm="syz-executor128" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 43.916175] audit: type=1400 audit(1576234788.443:39): avc: denied { read } for pid=7035 comm="syz-executor128" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 43.942820] IPVS: ftp: loaded support on port[0] = 21 [ 43.996351] chnl_net:caif_netlink_parms(): no params data found [ 44.069381] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.077049] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.077417] IPVS: ftp: loaded support on port[0] = 21 [ 44.089284] device bridge_slave_0 entered promiscuous mode [ 44.101899] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.108345] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.115627] device bridge_slave_1 entered promiscuous mode [ 44.125518] chnl_net:caif_netlink_parms(): no params data found [ 44.159278] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 44.170748] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 44.194431] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 44.202394] team0: Port device team_slave_0 added [ 44.209453] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 44.216794] team0: Port device team_slave_1 added [ 44.233270] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 44.242763] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.249800] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.256522] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.263417] device bridge_slave_0 entered promiscuous mode [ 44.270254] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.276604] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.283996] device bridge_slave_1 entered promiscuous mode [ 44.291049] IPVS: ftp: loaded support on port[0] = 21 [ 44.326350] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 44.337137] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 44.382898] device hsr_slave_0 entered promiscuous mode [ 44.440555] device hsr_slave_1 entered promiscuous mode [ 44.539022] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.556056] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 44.563923] team0: Port device team_slave_0 added [ 44.571502] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.583160] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 44.590316] team0: Port device team_slave_1 added [ 44.595963] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 44.606065] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 44.629492] chnl_net:caif_netlink_parms(): no params data found [ 44.647251] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.653729] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.660646] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.666986] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.681098] IPVS: ftp: loaded support on port[0] = 21 [ 44.722832] device hsr_slave_0 entered promiscuous mode [ 44.790341] device hsr_slave_1 entered promiscuous mode [ 44.861135] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 44.881414] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 44.937006] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.944057] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.951535] device bridge_slave_0 entered promiscuous mode [ 44.974553] chnl_net:caif_netlink_parms(): no params data found [ 44.993284] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.999775] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.006922] device bridge_slave_1 entered promiscuous mode [ 45.014566] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.021008] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.027588] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.034003] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.064802] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.072314] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.079386] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.086103] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.119693] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.141784] IPVS: ftp: loaded support on port[0] = 21 [ 45.155369] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.178341] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.186912] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.193965] device bridge_slave_0 entered promiscuous mode [ 45.204407] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 45.212160] team0: Port device team_slave_0 added [ 45.245267] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.253540] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.260715] device bridge_slave_1 entered promiscuous mode [ 45.276706] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 45.284626] team0: Port device team_slave_1 added [ 45.292647] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.328085] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 45.335856] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 45.402195] device hsr_slave_0 entered promiscuous mode [ 45.470616] device hsr_slave_1 entered promiscuous mode [ 45.541664] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 45.549572] 8021q: adding VLAN 0 to HW filter on device bond0 [ 45.559120] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 45.571177] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 45.585229] chnl_net:caif_netlink_parms(): no params data found [ 45.593908] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 45.602859] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 45.612400] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 45.627822] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 45.635213] team0: Port device team_slave_0 added [ 45.641458] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 45.648591] team0: Port device team_slave_1 added [ 45.665810] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 45.674199] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 45.683610] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 45.689678] 8021q: adding VLAN 0 to HW filter on device team0 [ 45.699421] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 45.710996] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 45.723025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.731048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.737797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 45.744949] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.760703] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 45.774536] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 45.783178] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.791010] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.797465] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.808261] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 45.893664] device hsr_slave_0 entered promiscuous mode [ 45.952267] device hsr_slave_1 entered promiscuous mode [ 46.020888] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 46.029092] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.042540] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.048624] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.059157] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.069352] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.090678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.098783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.106619] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.113197] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.120100] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.133943] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 46.141014] chnl_net:caif_netlink_parms(): no params data found [ 46.151206] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 46.160222] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.166589] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.174220] device bridge_slave_0 entered promiscuous mode [ 46.183706] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 46.193228] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 46.201154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.208653] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.215050] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.222322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 46.229977] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.237935] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.244309] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.255610] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.263663] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.271221] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.278089] device bridge_slave_1 entered promiscuous mode [ 46.289159] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.302932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.310858] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 46.320282] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 46.328706] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 46.351068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.358913] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.368127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.375941] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.383977] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.397809] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.407613] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.429038] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 46.445704] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.463229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.473377] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.481349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 46.489616] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.499099] team0: Port device team_slave_0 added [ 46.504914] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.512889] team0: Port device team_slave_1 added [ 46.518418] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.526606] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.533404] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.541364] device bridge_slave_0 entered promiscuous mode [ 46.548547] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.555302] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.562264] device bridge_slave_1 entered promiscuous mode [ 46.569906] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 46.577630] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.598632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.607534] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 46.614629] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 46.622296] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.629748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 46.638371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.646357] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.670499] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 46.680560] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 46.687892] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 46.694688] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 46.703266] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 46.752235] device hsr_slave_0 entered promiscuous mode [ 46.790432] device hsr_slave_1 entered promiscuous mode [ 46.831784] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 46.840404] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 46.848257] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 46.855807] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.863840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 46.871636] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.879475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.886505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.898412] 8021q: adding VLAN 0 to HW filter on device bond0 [ 46.906705] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 46.926903] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 46.934500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 46.942239] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.951759] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 46.958583] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 46.967219] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.973752] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.988914] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.996553] team0: Port device team_slave_0 added [ 47.003382] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 47.011968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 47.019413] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.027129] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 47.034342] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 47.043902] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 47.049919] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.059055] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 47.067273] team0: Port device team_slave_1 added [ 47.073888] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.082356] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 47.091917] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.104800] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.112805] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.120722] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.127179] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.134304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.141706] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.148975] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 47.159501] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 47.167649] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.178941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 47.186027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.193936] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.201894] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.208226] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.217248] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 47.225859] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.244652] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 47.253482] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.262468] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 47.312219] device hsr_slave_0 entered promiscuous mode [ 47.370377] device hsr_slave_1 entered promiscuous mode [ 47.431939] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 47.439512] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 47.447233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 47.455227] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 47.463183] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.469620] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.476702] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 47.487903] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 47.498050] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 47.505885] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 47.518710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 47.526658] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 47.534368] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.540716] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.547591] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 47.554364] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 47.562651] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 47.572843] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.581381] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 47.591045] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.598888] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 47.607584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 47.619890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready executing program [ 47.627822] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.635954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 47.643912] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 47.653582] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.661488] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 47.687202] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 47.694695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 47.695181] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.695591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 47.702428] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 47.704886] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 47.707621] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 47.727948] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 47.780524] 8021q: adding VLAN 0 to HW filter on device bond0 executing program [ 47.786621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 47.798675] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.806772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 47.807329] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 47.807724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready executing program executing program [ 47.808087] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 47.808470] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 47.808769] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 47.811102] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 47.866381] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 47.876397] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 47.883992] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 47.884411] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 47.884707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.885024] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 47.885299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 47.891810] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 47.933407] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.941835] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 47.941858] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.945901] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 47.946671] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 47.949906] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 47.957045] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 48.011731] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 48.011832] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 48.011886] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.012137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.022602] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.028279] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 48.028284] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.030610] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 48.031801] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 48.033599] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 48.033955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.034289] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.034520] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.034548] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.036313] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 48.036611] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.036911] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 48.036958] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 48.043330] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 48.043865] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.044116] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.044342] bridge0: port 2(bridge_slave_1) entered blocking state executing program [ 48.044357] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.048153] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 48.051125] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.051372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 48.051683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.056482] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 48.241283] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 48.253067] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 48.261926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 48.269924] ================================================================== [ 48.269954] BUG: KASAN: slab-out-of-bounds in fbcon_get_font+0x288/0x550 [ 48.269961] Read of size 5 at addr ffff8880a50a360c by task syz-executor128/7088 [ 48.269963] [ 48.269971] CPU: 0 PID: 7088 Comm: syz-executor128 Not tainted 4.14.158-syzkaller #0 [ 48.269976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.269979] Call Trace: [ 48.269989] dump_stack+0x142/0x197 [ 48.270009] ? fbcon_get_font+0x288/0x550 [ 48.270018] print_address_description.cold+0x7c/0x1dc [ 48.270026] ? fbcon_get_font+0x288/0x550 [ 48.270032] kasan_report.cold+0xa9/0x2af [ 48.270042] check_memory_region+0x123/0x190 [ 48.270049] memcpy+0x24/0x50 [ 48.270057] fbcon_get_font+0x288/0x550 [ 48.270066] ? display_to_var+0x7e0/0x7e0 [ 48.270074] con_font_op+0x1d5/0x1060 [ 48.270082] ? avc_has_extended_perms+0x7b7/0xe40 [ 48.270089] ? con_write+0xc0/0xc0 [ 48.270100] ? security_capable+0x8e/0xc0 [ 48.270112] ? ns_capable_common+0x12c/0x160 [ 48.270122] vt_ioctl+0xb80/0x2170 [ 48.270128] ? avc_has_extended_perms+0x8ec/0xe40 [ 48.270138] ? complete_change_console+0x360/0x360 [ 48.270145] ? avc_ss_reset+0x110/0x110 [ 48.270159] ? tty_jobctrl_ioctl+0x44/0xc10 [ 48.270167] ? _raw_spin_unlock+0x2d/0x50 [ 48.270173] ? complete_change_console+0x360/0x360 [ 48.270183] tty_ioctl+0x841/0x1320 [ 48.270190] ? tty_vhangup+0x30/0x30 [ 48.270205] ? __might_sleep+0x93/0xb0 [ 48.270213] ? __fget+0x210/0x370 [ 48.270225] ? tty_vhangup+0x30/0x30 [ 48.270235] do_vfs_ioctl+0x7ae/0x1060 [ 48.270244] ? selinux_file_mprotect+0x5d0/0x5d0 [ 48.270253] ? lock_downgrade+0x740/0x740 [ 48.270262] ? ioctl_preallocate+0x1c0/0x1c0 [ 48.270272] ? __fget+0x237/0x370 [ 48.270285] ? security_file_ioctl+0x7d/0xb0 [ 48.270291] ? security_file_ioctl+0x89/0xb0 [ 48.270300] SyS_ioctl+0x8f/0xc0 [ 48.270306] ? do_vfs_ioctl+0x1060/0x1060 [ 48.270317] do_syscall_64+0x1e8/0x640 [ 48.270325] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.270337] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 48.270344] RIP: 0033:0x447f99 [ 48.270357] RSP: 002b:00007fc02c69fdb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 48.270367] RAX: ffffffffffffffda RBX: 00000000006ddc48 RCX: 0000000000447f99 [ 48.270372] RDX: 0000000020000140 RSI: 0000000000004b60 RDI: 0000000000000003 [ 48.270377] RBP: 00000000006ddc40 R08: 0000000000000000 R09: 0000000000000000 [ 48.270381] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ddc4c [ 48.270386] R13: 00007ffcb45d497f R14: 00007fc02c6a09c0 R15: 00000000006ddc4c [ 48.270400] [ 48.270403] Allocated by task 7076: [ 48.270413] save_stack_trace+0x16/0x20 [ 48.270419] save_stack+0x45/0xd0 [ 48.270425] kasan_kmalloc+0xce/0xf0 [ 48.270430] __kmalloc+0x15d/0x7a0 [ 48.270436] fbcon_set_font+0x2f8/0x7b0 [ 48.270441] con_font_op+0xc0f/0x1060 [ 48.270452] vt_ioctl+0xb80/0x2170 [ 48.270459] tty_ioctl+0x841/0x1320 [ 48.270464] do_vfs_ioctl+0x7ae/0x1060 [ 48.270471] SyS_ioctl+0x8f/0xc0 [ 48.270476] do_syscall_64+0x1e8/0x640 [ 48.270482] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 48.270483] [ 48.270487] Freed by task 0: [ 48.270489] (stack is not available) [ 48.270492] [ 48.270497] The buggy address belongs to the object at ffff8880a50a3200 [ 48.270497] which belongs to the cache kmalloc-2048 of size 2048 [ 48.270502] The buggy address is located 1036 bytes inside of [ 48.270502] 2048-byte region [ffff8880a50a3200, ffff8880a50a3a00) [ 48.270504] The buggy address belongs to the page: [ 48.270510] page:ffffea0002942880 count:1 mapcount:0 mapping:ffff8880a50a2100 index:0x0 compound_mapcount: 0 [ 48.270520] flags: 0xfffe0000008100(slab|head) [ 48.270530] raw: 00fffe0000008100 ffff8880a50a2100 0000000000000000 0000000100000003 [ 48.270537] raw: ffffea0002807620 ffffea0002838e20 ffff8880aa800c40 0000000000000000 [ 48.270541] page dumped because: kasan: bad access detected [ 48.270543] [ 48.270545] Memory state around the buggy address: [ 48.270550] ffff8880a50a3500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.270555] ffff8880a50a3580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.270560] >ffff8880a50a3600: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.270563] ^ [ 48.270568] ffff8880a50a3680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.270574] ffff8880a50a3700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.270576] ================================================================== [ 48.270579] Disabling lock debugging due to kernel taint [ 48.273250] Kernel panic - not syncing: panic_on_warn set ... [ 48.273250] [ 48.273260] CPU: 0 PID: 7088 Comm: syz-executor128 Tainted: G B 4.14.158-syzkaller #0 [ 48.273264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.273267] Call Trace: [ 48.273283] dump_stack+0x142/0x197 [ 48.273297] ? fbcon_get_font+0x288/0x550 [ 48.273306] panic+0x1f9/0x42d [ 48.273312] ? add_taint.cold+0x16/0x16 [ 48.273321] ? ___preempt_schedule+0x16/0x18 [ 48.273331] kasan_end_report+0x47/0x4f [ 48.273337] kasan_report.cold+0x130/0x2af [ 48.273344] check_memory_region+0x123/0x190 [ 48.273350] memcpy+0x24/0x50 [ 48.273357] fbcon_get_font+0x288/0x550 [ 48.273365] ? display_to_var+0x7e0/0x7e0 [ 48.273371] con_font_op+0x1d5/0x1060 [ 48.273383] ? avc_has_extended_perms+0x7b7/0xe40 [ 48.273390] ? con_write+0xc0/0xc0 [ 48.273398] ? security_capable+0x8e/0xc0 [ 48.273407] ? ns_capable_common+0x12c/0x160 [ 48.273415] vt_ioctl+0xb80/0x2170 [ 48.273421] ? avc_has_extended_perms+0x8ec/0xe40 [ 48.273428] ? complete_change_console+0x360/0x360 [ 48.273434] ? avc_ss_reset+0x110/0x110 [ 48.273444] ? tty_jobctrl_ioctl+0x44/0xc10 [ 48.273457] ? _raw_spin_unlock+0x2d/0x50 [ 48.273463] ? complete_change_console+0x360/0x360 [ 48.273470] tty_ioctl+0x841/0x1320 [ 48.273478] ? tty_vhangup+0x30/0x30 [ 48.273489] ? __might_sleep+0x93/0xb0 [ 48.273496] ? __fget+0x210/0x370 [ 48.273506] ? tty_vhangup+0x30/0x30 [ 48.273513] do_vfs_ioctl+0x7ae/0x1060 [ 48.273521] ? selinux_file_mprotect+0x5d0/0x5d0 [ 48.273527] ? lock_downgrade+0x740/0x740 [ 48.273534] ? ioctl_preallocate+0x1c0/0x1c0 [ 48.273541] ? __fget+0x237/0x370 [ 48.273551] ? security_file_ioctl+0x7d/0xb0 [ 48.273557] ? security_file_ioctl+0x89/0xb0 [ 48.273564] SyS_ioctl+0x8f/0xc0 [ 48.273570] ? do_vfs_ioctl+0x1060/0x1060 [ 48.273577] do_syscall_64+0x1e8/0x640 [ 48.273582] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.273591] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 48.273596] RIP: 0033:0x447f99 [ 48.273600] RSP: 002b:00007fc02c69fdb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 48.273608] RAX: ffffffffffffffda RBX: 00000000006ddc48 RCX: 0000000000447f99 [ 48.273612] RDX: 0000000020000140 RSI: 0000000000004b60 RDI: 0000000000000003 [ 48.273616] RBP: 00000000006ddc40 R08: 0000000000000000 R09: 0000000000000000 [ 48.273620] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ddc4c [ 48.273624] R13: 00007ffcb45d497f R14: 00007fc02c6a09c0 R15: 00000000006ddc4c [ 48.275465] Kernel Offset: disabled [ 48.954796] Rebooting in 86400 seconds..