syzkaller login: [ 81.088685][ T26] audit: type=1400 audit(1560914170.538:35): avc: denied { map } for pid=9678 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 131.658981][ T26] audit: type=1400 audit(1560914221.118:36): avc: denied { map } for pid=9686 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.231' (ECDSA) to the list of known hosts. [ 967.756450][ T26] audit: type=1400 audit(1560915057.208:37): avc: denied { map } for pid=9693 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/19 03:30:58 parsed 1 programs [ 968.762293][ T26] audit: type=1400 audit(1560915058.218:38): avc: denied { map } for pid=9693 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1106 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/06/19 03:31:00 executed programs: 0 [ 971.561862][ T9721] IPVS: ftp: loaded support on port[0] = 21 [ 971.562726][ T9714] IPVS: ftp: loaded support on port[0] = 21 [ 971.586063][ T9717] IPVS: ftp: loaded support on port[0] = 21 [ 971.587497][ T9719] IPVS: ftp: loaded support on port[0] = 21 [ 971.593559][ T9718] IPVS: ftp: loaded support on port[0] = 21 [ 971.747023][ T9723] IPVS: ftp: loaded support on port[0] = 21 [ 971.914141][ T9721] chnl_net:caif_netlink_parms(): no params data found [ 972.023991][ T9719] chnl_net:caif_netlink_parms(): no params data found [ 972.084873][ T9721] bridge0: port 1(bridge_slave_0) entered blocking state [ 972.092882][ T9721] bridge0: port 1(bridge_slave_0) entered disabled state [ 972.101408][ T9721] device bridge_slave_0 entered promiscuous mode [ 972.112738][ T9721] bridge0: port 2(bridge_slave_1) entered blocking state [ 972.119948][ T9721] bridge0: port 2(bridge_slave_1) entered disabled state [ 972.127662][ T9721] device bridge_slave_1 entered promiscuous mode [ 972.144784][ T9714] chnl_net:caif_netlink_parms(): no params data found [ 972.177617][ T9717] chnl_net:caif_netlink_parms(): no params data found [ 972.237418][ T9721] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 972.255287][ T9721] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 972.263902][ T9719] bridge0: port 1(bridge_slave_0) entered blocking state [ 972.271119][ T9719] bridge0: port 1(bridge_slave_0) entered disabled state [ 972.280064][ T9719] device bridge_slave_0 entered promiscuous mode [ 972.292392][ T9719] bridge0: port 2(bridge_slave_1) entered blocking state [ 972.300003][ T9719] bridge0: port 2(bridge_slave_1) entered disabled state [ 972.307835][ T9719] device bridge_slave_1 entered promiscuous mode [ 972.359826][ T9719] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 972.370759][ T9714] bridge0: port 1(bridge_slave_0) entered blocking state [ 972.377845][ T9714] bridge0: port 1(bridge_slave_0) entered disabled state [ 972.386151][ T9714] device bridge_slave_0 entered promiscuous mode [ 972.407437][ T9721] team0: Port device team_slave_0 added [ 972.414326][ T9718] chnl_net:caif_netlink_parms(): no params data found [ 972.433908][ T9719] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 972.442403][ T9714] bridge0: port 2(bridge_slave_1) entered blocking state [ 972.450801][ T9714] bridge0: port 2(bridge_slave_1) entered disabled state [ 972.459775][ T9714] device bridge_slave_1 entered promiscuous mode [ 972.482130][ T9721] team0: Port device team_slave_1 added [ 972.531334][ T9717] bridge0: port 1(bridge_slave_0) entered blocking state [ 972.538844][ T9717] bridge0: port 1(bridge_slave_0) entered disabled state [ 972.546595][ T9717] device bridge_slave_0 entered promiscuous mode [ 972.565247][ T9719] team0: Port device team_slave_0 added [ 972.573053][ T9714] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 972.582606][ T9717] bridge0: port 2(bridge_slave_1) entered blocking state [ 972.591504][ T9717] bridge0: port 2(bridge_slave_1) entered disabled state [ 972.599877][ T9717] device bridge_slave_1 entered promiscuous mode [ 972.615574][ T9719] team0: Port device team_slave_1 added [ 972.625643][ T9714] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 972.647068][ T9723] chnl_net:caif_netlink_parms(): no params data found [ 972.770918][ T9721] device hsr_slave_0 entered promiscuous mode [ 972.839383][ T9721] device hsr_slave_1 entered promiscuous mode [ 972.880976][ T9717] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 972.896221][ T9718] bridge0: port 1(bridge_slave_0) entered blocking state [ 972.904134][ T9718] bridge0: port 1(bridge_slave_0) entered disabled state [ 972.912502][ T9718] device bridge_slave_0 entered promiscuous mode [ 972.926489][ T9718] bridge0: port 2(bridge_slave_1) entered blocking state [ 972.933655][ T9718] bridge0: port 2(bridge_slave_1) entered disabled state [ 972.941952][ T9718] device bridge_slave_1 entered promiscuous mode [ 972.950834][ T9714] team0: Port device team_slave_0 added [ 972.958404][ T9714] team0: Port device team_slave_1 added [ 972.967612][ T9717] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 973.021995][ T9719] device hsr_slave_0 entered promiscuous mode [ 973.089276][ T9719] device hsr_slave_1 entered promiscuous mode [ 973.200079][ T9717] team0: Port device team_slave_0 added [ 973.207749][ T9717] team0: Port device team_slave_1 added [ 973.223839][ T9718] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 973.233242][ T9723] bridge0: port 1(bridge_slave_0) entered blocking state [ 973.240490][ T9723] bridge0: port 1(bridge_slave_0) entered disabled state [ 973.252483][ T9723] device bridge_slave_0 entered promiscuous mode [ 973.277323][ T9718] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 973.295547][ T9723] bridge0: port 2(bridge_slave_1) entered blocking state [ 973.304423][ T9723] bridge0: port 2(bridge_slave_1) entered disabled state [ 973.312860][ T9723] device bridge_slave_1 entered promiscuous mode [ 973.382392][ T9714] device hsr_slave_0 entered promiscuous mode [ 973.439064][ T9714] device hsr_slave_1 entered promiscuous mode [ 973.549011][ T9723] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 973.571334][ T9718] team0: Port device team_slave_0 added [ 973.612782][ T9717] device hsr_slave_0 entered promiscuous mode [ 973.678897][ T9717] device hsr_slave_1 entered promiscuous mode [ 973.740766][ T9723] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 973.751093][ T9718] team0: Port device team_slave_1 added [ 973.805652][ T9723] team0: Port device team_slave_0 added [ 973.814508][ T9723] team0: Port device team_slave_1 added [ 973.852256][ T9718] device hsr_slave_0 entered promiscuous mode [ 973.889252][ T9718] device hsr_slave_1 entered promiscuous mode [ 973.967405][ T9719] 8021q: adding VLAN 0 to HW filter on device bond0 [ 974.010767][ T9723] device hsr_slave_0 entered promiscuous mode [ 974.048867][ T9723] device hsr_slave_1 entered promiscuous mode [ 974.133004][ T9723] bridge0: port 2(bridge_slave_1) entered blocking state [ 974.140356][ T9723] bridge0: port 2(bridge_slave_1) entered forwarding state [ 974.148244][ T9723] bridge0: port 1(bridge_slave_0) entered blocking state [ 974.155422][ T9723] bridge0: port 1(bridge_slave_0) entered forwarding state [ 974.190678][ T9725] bridge0: port 1(bridge_slave_0) entered disabled state [ 974.198983][ T9725] bridge0: port 2(bridge_slave_1) entered disabled state [ 974.223407][ T9721] 8021q: adding VLAN 0 to HW filter on device bond0 [ 974.237141][ T9719] 8021q: adding VLAN 0 to HW filter on device team0 [ 974.254035][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 974.263398][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 974.281717][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 974.293319][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 974.302390][ T3434] bridge0: port 1(bridge_slave_0) entered blocking state [ 974.309530][ T3434] bridge0: port 1(bridge_slave_0) entered forwarding state [ 974.317452][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 974.325444][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 974.333683][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 974.352721][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 974.361934][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 974.371049][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 974.378261][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 974.386295][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 974.397962][ T9721] 8021q: adding VLAN 0 to HW filter on device team0 [ 974.425370][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 974.444728][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 974.453764][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 974.464434][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 974.487249][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 974.496680][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 974.505766][ T3434] bridge0: port 1(bridge_slave_0) entered blocking state [ 974.512893][ T3434] bridge0: port 1(bridge_slave_0) entered forwarding state [ 974.521317][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 974.530074][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 974.538429][ T3434] bridge0: port 2(bridge_slave_1) entered blocking state [ 974.545573][ T3434] bridge0: port 2(bridge_slave_1) entered forwarding state [ 974.553912][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 974.569126][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 974.578015][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 974.587540][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 974.596188][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 974.609237][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 974.632791][ T9719] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 974.644829][ T9719] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 974.657689][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 974.666796][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 974.676007][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 974.708351][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 974.720191][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 974.730813][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 974.749057][ T9714] 8021q: adding VLAN 0 to HW filter on device bond0 [ 974.762804][ T9717] 8021q: adding VLAN 0 to HW filter on device bond0 [ 974.777214][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 974.788302][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 974.819415][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 974.827988][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 974.837299][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 974.846186][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 974.854951][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 974.863244][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 974.873767][ T9721] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 974.885180][ T9719] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 974.899133][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 974.907083][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 974.920795][ T9723] 8021q: adding VLAN 0 to HW filter on device bond0 [ 974.933581][ T9718] 8021q: adding VLAN 0 to HW filter on device bond0 [ 974.944745][ T9717] 8021q: adding VLAN 0 to HW filter on device team0 [ 974.955119][ T9714] 8021q: adding VLAN 0 to HW filter on device team0 [ 974.980165][ T9718] 8021q: adding VLAN 0 to HW filter on device team0 [ 975.004684][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 975.013709][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 975.022864][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 975.032281][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 975.041196][ T3434] bridge0: port 1(bridge_slave_0) entered blocking state [ 975.048260][ T3434] bridge0: port 1(bridge_slave_0) entered forwarding state [ 975.056170][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 975.065023][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 975.073790][ T3434] bridge0: port 2(bridge_slave_1) entered blocking state [ 975.080918][ T3434] bridge0: port 2(bridge_slave_1) entered forwarding state [ 975.088835][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 975.097957][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 975.122299][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 975.130708][ T26] audit: type=1400 audit(1560915064.578:39): avc: denied { associate } for pid=9719 comm="syz-executor.1" name="syz1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 975.156149][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 975.172022][ T9736] bridge0: port 1(bridge_slave_0) entered blocking state [ 975.179209][ T9736] bridge0: port 1(bridge_slave_0) entered forwarding state [ 975.193570][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 975.202540][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 975.211207][ T9736] bridge0: port 1(bridge_slave_0) entered blocking state [ 975.218321][ T9736] bridge0: port 1(bridge_slave_0) entered forwarding state [ 975.226436][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 975.236693][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 975.244947][ T9736] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 975.266954][ T9723] 8021q: adding VLAN 0 to HW filter on device team0 [ 975.281166][ T9721] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 975.291628][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 975.303985][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 975.313828][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 975.325768][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 975.345559][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 975.365409][ T26] audit: type=1400 audit(1560915064.818:40): avc: denied { map_create } for pid=9747 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 975.373780][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 975.405366][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 975.415713][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 975.430818][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 975.437927][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 975.446031][ T26] audit: type=1400 audit(1560915064.818:41): avc: denied { map_read map_write } for pid=9747 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 975.457304][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 975.479925][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 975.488425][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 975.495589][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 975.504869][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 975.535642][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 975.553074][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 975.572637][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 975.583829][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 975.592950][ T9735] bridge0: port 2(bridge_slave_1) entered blocking state [ 975.600087][ T9735] bridge0: port 2(bridge_slave_1) entered forwarding state [ 975.619767][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 975.630239][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 975.643235][ T9717] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 975.656265][ T9717] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 975.717102][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 975.727229][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 975.746753][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 975.756074][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 975.768444][ T9735] bridge0: port 2(bridge_slave_1) entered blocking state [ 975.775584][ T9735] bridge0: port 2(bridge_slave_1) entered forwarding state [ 975.784052][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 975.793080][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 975.802058][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 975.811020][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 975.820367][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 975.828992][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 975.838290][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 975.847641][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 975.887281][ T9718] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 975.912475][ T9718] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 975.940546][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 975.949801][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 975.958313][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 975.967057][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 975.975757][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 975.984415][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 975.993066][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 976.001931][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 976.010644][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 976.019844][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 976.028214][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 976.036692][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 976.044792][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 976.052879][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 976.079855][ T9734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 976.088304][ T9734] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 976.098000][ T9734] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 976.107184][ T9734] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 976.115902][ T9734] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 976.124330][ T9734] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 976.144243][ T9723] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 976.156160][ T9723] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 976.182964][ T9718] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 976.190836][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 976.202926][ T9735] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 976.216487][ T9714] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 976.229051][ T9714] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 976.250635][ T9723] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 976.277425][ T9717] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 976.286506][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 976.312789][ T3434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 976.376518][ T9714] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/06/19 03:31:05 executed programs: 15 2019/06/19 03:31:11 executed programs: 217 2019/06/19 03:31:16 executed programs: 409 2019/06/19 03:31:21 executed programs: 602 2019/06/19 03:31:26 executed programs: 807 2019/06/19 03:31:31 executed programs: 998 2019/06/19 03:31:36 executed programs: 1187 2019/06/19 03:31:41 executed programs: 1387 2019/06/19 03:31:46 executed programs: 1578 2019/06/19 03:31:51 executed programs: 1771 2019/06/19 03:31:56 executed programs: 1967 2019/06/19 03:32:01 executed programs: 2150 2019/06/19 03:32:06 executed programs: 2333 2019/06/19 03:32:11 executed programs: 2517 2019/06/19 03:32:16 executed programs: 2692 2019/06/19 03:32:21 executed programs: 2862 2019/06/19 03:32:26 executed programs: 3053 2019/06/19 03:32:31 executed programs: 3238 2019/06/19 03:32:36 executed programs: 3412 2019/06/19 03:32:41 executed programs: 3587 2019/06/19 03:32:46 executed programs: 3759 2019/06/19 03:32:51 executed programs: 3928 2019/06/19 03:32:56 executed programs: 4113 2019/06/19 03:33:01 executed programs: 4282 2019/06/19 03:33:06 executed programs: 4449 2019/06/19 03:33:11 executed programs: 4610 2019/06/19 03:33:16 executed programs: 4767 2019/06/19 03:33:21 executed programs: 4925 2019/06/19 03:33:26 executed programs: 5108 2019/06/19 03:33:31 executed programs: 5281 2019/06/19 03:33:36 executed programs: 5436 2019/06/19 03:33:41 executed programs: 5595 2019/06/19 03:33:46 executed programs: 5741 2019/06/19 03:33:51 executed programs: 5890 2019/06/19 03:33:56 executed programs: 6068 2019/06/19 03:34:02 executed programs: 6241 2019/06/19 03:34:07 executed programs: 6401 2019/06/19 03:34:12 executed programs: 6560 2019/06/19 03:34:17 executed programs: 6716 2019/06/19 03:34:22 executed programs: 6869 2019/06/19 03:34:27 executed programs: 7052 2019/06/19 03:34:32 executed programs: 7222 2019/06/19 03:34:37 executed programs: 7383 2019/06/19 03:34:42 executed programs: 7533 2019/06/19 03:34:47 executed programs: 7685 2019/06/19 03:34:52 executed programs: 7832 2019/06/19 03:34:57 executed programs: 8009 2019/06/19 03:35:02 executed programs: 8178 2019/06/19 03:35:07 executed programs: 8339 2019/06/19 03:35:12 executed programs: 8483 2019/06/19 03:35:17 executed programs: 8628 2019/06/19 03:35:22 executed programs: 8769 2019/06/19 03:35:27 executed programs: 8945 2019/06/19 03:35:32 executed programs: 9128 2019/06/19 03:35:37 executed programs: 9290 2019/06/19 03:35:42 executed programs: 9443 2019/06/19 03:35:47 executed programs: 9590 2019/06/19 03:35:52 executed programs: 9738 2019/06/19 03:35:57 executed programs: 9918 2019/06/19 03:36:02 executed programs: 10097 2019/06/19 03:36:07 executed programs: 10254 2019/06/19 03:36:12 executed programs: 10420 2019/06/19 03:36:17 executed programs: 10615 2019/06/19 03:36:22 executed programs: 10807 2019/06/19 03:36:27 executed programs: 11027 2019/06/19 03:36:32 executed programs: 11232 2019/06/19 03:36:37 executed programs: 11438 2019/06/19 03:36:42 executed programs: 11636 2019/06/19 03:36:48 executed programs: 11835 2019/06/19 03:36:53 executed programs: 12029 2019/06/19 03:36:58 executed programs: 12221 2019/06/19 03:37:03 executed programs: 12415 2019/06/19 03:37:08 executed programs: 12606 2019/06/19 03:37:13 executed programs: 12796 2019/06/19 03:37:18 executed programs: 12990 2019/06/19 03:37:23 executed programs: 13178 2019/06/19 03:37:28 executed programs: 13358 2019/06/19 03:37:33 executed programs: 13548 2019/06/19 03:37:38 executed programs: 13738 2019/06/19 03:37:43 executed programs: 13918 2019/06/19 03:37:48 executed programs: 14100 [ 1380.999049][ T1891] ================================================================== [ 1381.007545][ T1891] BUG: KASAN: use-after-free in sk_psock_unlink+0x3dd/0x4b0 [ 1381.014833][ T1891] Read of size 4 at addr ffff8880995365d8 by task syz-executor.3/1891 [ 1381.014846][ T1891] [ 1381.014908][ T1891] CPU: 0 PID: 1891 Comm: syz-executor.3 Not tainted 5.2.0-rc5+ #29 [ 1381.014944][ T1891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1381.014977][ T1891] Call Trace: [ 1381.015087][ T1891] dump_stack+0x172/0x1f0 [ 1381.015109][ T1891] ? sk_psock_unlink+0x3dd/0x4b0 [ 1381.015164][ T1891] ? tcp_check_oom+0x560/0x560 [ 1381.061100][ T1891] print_address_description.cold+0x7c/0x20d [ 1381.067103][ T1891] ? sk_psock_unlink+0x3dd/0x4b0 [ 1381.072055][ T1891] ? sk_psock_unlink+0x3dd/0x4b0 [ 1381.077009][ T1891] ? tcp_check_oom+0x560/0x560 [ 1381.081784][ T1891] __kasan_report.cold+0x1b/0x40 [ 1381.086770][ T1891] ? sk_psock_unlink+0x3dd/0x4b0 [ 1381.091723][ T1891] kasan_report+0x12/0x20 [ 1381.096064][ T1891] __asan_report_load4_noabort+0x14/0x20 [ 1381.101707][ T1891] sk_psock_unlink+0x3dd/0x4b0 [ 1381.106565][ T1891] ? sk_psock_link_pop+0x186/0x1f0 [ 1381.111693][ T1891] ? tcp_check_oom+0x560/0x560 [ 1381.116562][ T1891] tcp_bpf_remove+0x21/0x50 [ 1381.121125][ T1891] tcp_bpf_close+0x130/0x390 [ 1381.125822][ T1891] tls_sk_proto_close+0x18a/0x770 [ 1381.130865][ T1891] ? tcp_bpf_stream_read+0x270/0x270 [ 1381.136183][ T1891] ? tls_push_sg+0x680/0x680 [ 1381.140853][ T1891] ? ip_mc_drop_socket+0x211/0x270 [ 1381.145981][ T1891] inet_release+0xe0/0x1f0 [ 1381.150509][ T1891] inet6_release+0x53/0x80 [ 1381.155007][ T1891] __sock_release+0xce/0x2a0 [ 1381.159614][ T1891] sock_close+0x1b/0x30 [ 1381.163903][ T1891] __fput+0x2ff/0x890 [ 1381.172603][ T1891] ? __sock_release+0x2a0/0x2a0 [ 1381.177464][ T1891] ____fput+0x16/0x20 [ 1381.181549][ T1891] task_work_run+0x145/0x1c0 [ 1381.186229][ T1891] exit_to_usermode_loop+0x273/0x2c0 [ 1381.191536][ T1891] do_syscall_64+0x58e/0x680 [ 1381.196167][ T1891] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1381.202117][ T1891] RIP: 0033:0x412f90 [ 1381.206019][ T1891] Code: 01 f0 ff ff 0f 83 30 1b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d fd 32 66 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff [ 1381.225634][ T1891] RSP: 002b:00007ffe1cded918 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 1381.234123][ T1891] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000412f90 [ 1381.242099][ T1891] RDX: 0000001b32c20000 RSI: 0000000000000000 RDI: 0000000000000005 [ 1381.250075][ T1891] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffff [ 1381.258056][ T1891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000761178 [ 1381.266049][ T1891] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000075bf2c [ 1381.274043][ T1891] [ 1381.276455][ T1891] Allocated by task 1891: [ 1381.280808][ T1891] save_stack+0x23/0x90 [ 1381.284978][ T1891] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1381.290625][ T1891] kasan_kmalloc+0x9/0x10 [ 1381.296649][ T1891] kmem_cache_alloc_trace+0x151/0x750 [ 1381.302033][ T1891] sock_map_alloc+0x1b9/0x3f0 [ 1381.306810][ T1891] __do_sys_bpf+0x730/0x43d0 [ 1381.311423][ T1891] __x64_sys_bpf+0x73/0xb0 [ 1381.315855][ T1891] do_syscall_64+0xfd/0x680 [ 1381.320370][ T1891] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1381.326259][ T1891] [ 1381.328591][ T1891] Freed by task 9724: [ 1381.332586][ T1891] save_stack+0x23/0x90 [ 1381.336753][ T1891] __kasan_slab_free+0x102/0x150 [ 1381.341707][ T1891] kasan_slab_free+0xe/0x10 [ 1381.346225][ T1891] kfree+0xcf/0x220 [ 1381.350055][ T1891] sock_map_free+0x22a/0x310 [ 1381.354656][ T1891] bpf_map_free_deferred+0xb4/0xe0 [ 1381.359848][ T1891] process_one_work+0x989/0x1790 [ 1381.364802][ T1891] worker_thread+0x98/0xe40 [ 1381.369344][ T1891] kthread+0x354/0x420 [ 1381.373429][ T1891] ret_from_fork+0x24/0x30 [ 1381.377844][ T1891] [ 1381.380174][ T1891] The buggy address belongs to the object at ffff8880995365c0 [ 1381.380174][ T1891] which belongs to the cache kmalloc-512 of size 512 [ 1381.380187][ T1891] The buggy address is located 24 bytes inside of [ 1381.380187][ T1891] 512-byte region [ffff8880995365c0, ffff8880995367c0) [ 1381.380192][ T1891] The buggy address belongs to the page: [ 1381.380294][ T1891] page:ffffea0002654d80 refcount:1 mapcount:0 mapping:ffff8880aa400940 index:0xffff888099536ac0 [ 1381.423553][ T1891] flags: 0x1fffc0000000200(slab) [ 1381.423610][ T1891] raw: 01fffc0000000200 ffffea0001e8c508 ffffea00022b9208 ffff8880aa400940 [ 1381.437093][ T1891] raw: ffff888099536ac0 ffff8880995360c0 0000000100000004 0000000000000000 [ 1381.445685][ T1891] page dumped because: kasan: bad access detected [ 1381.452101][ T1891] [ 1381.454431][ T1891] Memory state around the buggy address: [ 1381.460076][ T1891] ffff888099536480: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 1381.468151][ T1891] ffff888099536500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1381.476234][ T1891] >ffff888099536580: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 1381.484289][ T1891] ^ [ 1381.491221][ T1891] ffff888099536600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1381.499289][ T1891] ffff888099536680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1381.507347][ T1891] ================================================================== [ 1381.515404][ T1891] Disabling lock debugging due to kernel taint [ 1381.533258][ T1891] Kernel panic - not syncing: panic_on_warn set ... [ 1381.537555][ T3879] kobject: 'loop1' (000000001526fcde): kobject_uevent_env [ 1381.539889][ T1891] CPU: 0 PID: 1891 Comm: syz-executor.3 Tainted: G B 5.2.0-rc5+ #29 [ 1381.539896][ T1891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1381.539901][ T1891] Call Trace: [ 1381.539925][ T1891] dump_stack+0x172/0x1f0 [ 1381.539941][ T1891] ? tcp_check_oom+0x560/0x560 [ 1381.540027][ T1891] panic+0x2cb/0x744 [ 1381.540049][ T1891] ? __warn_printk+0xf3/0xf3 [ 1381.549803][ T3879] kobject: 'loop1' (000000001526fcde): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 1381.556431][ T1891] ? sk_psock_unlink+0x3dd/0x4b0 [ 1381.556455][ T1891] ? tcp_check_oom+0x560/0x560 [ 1381.576236][ T3879] kobject: 'loop0' (00000000b6ecf274): kobject_uevent_env [ 1381.578867][ T1891] ? preempt_schedule+0x4b/0x60 [ 1381.578884][ T1891] ? ___preempt_schedule+0x16/0x18 [ 1381.578933][ T1891] ? trace_hardirqs_on+0x5e/0x220 [ 1381.578954][ T1891] ? sk_psock_unlink+0x3dd/0x4b0 [ 1381.583974][ T3879] kobject: 'loop0' (00000000b6ecf274): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 1381.587426][ T1891] ? tcp_check_oom+0x560/0x560 [ 1381.649064][ T1891] end_report+0x47/0x4f [ 1381.653224][ T1891] ? sk_psock_unlink+0x3dd/0x4b0 [ 1381.658164][ T1891] __kasan_report.cold+0xe/0x40 [ 1381.663026][ T1891] ? sk_psock_unlink+0x3dd/0x4b0 [ 1381.667974][ T1891] kasan_report+0x12/0x20 [ 1381.672405][ T1891] __asan_report_load4_noabort+0x14/0x20 [ 1381.678034][ T1891] sk_psock_unlink+0x3dd/0x4b0 [ 1381.682780][ T1891] ? sk_psock_link_pop+0x186/0x1f0 [ 1381.687873][ T1891] ? tcp_check_oom+0x560/0x560 [ 1381.692624][ T1891] tcp_bpf_remove+0x21/0x50 [ 1381.697109][ T1891] tcp_bpf_close+0x130/0x390 [ 1381.701683][ T1891] tls_sk_proto_close+0x18a/0x770 [ 1381.706690][ T1891] ? tcp_bpf_stream_read+0x270/0x270 [ 1381.711960][ T1891] ? tls_push_sg+0x680/0x680 [ 1381.716534][ T1891] ? ip_mc_drop_socket+0x211/0x270 [ 1381.721636][ T1891] inet_release+0xe0/0x1f0 [ 1381.726040][ T1891] inet6_release+0x53/0x80 [ 1381.730437][ T1891] __sock_release+0xce/0x2a0 [ 1381.735054][ T1891] sock_close+0x1b/0x30 [ 1381.739204][ T1891] __fput+0x2ff/0x890 [ 1381.743201][ T1891] ? __sock_release+0x2a0/0x2a0 [ 1381.748042][ T1891] ____fput+0x16/0x20 [ 1381.752009][ T1891] task_work_run+0x145/0x1c0 [ 1381.756598][ T1891] exit_to_usermode_loop+0x273/0x2c0 [ 1381.761876][ T1891] do_syscall_64+0x58e/0x680 [ 1381.766465][ T1891] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1381.772353][ T1891] RIP: 0033:0x412f90 [ 1381.776230][ T1891] Code: 01 f0 ff ff 0f 83 30 1b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d fd 32 66 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff [ 1381.795928][ T1891] RSP: 002b:00007ffe1cded918 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 1381.804321][ T1891] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000412f90 [ 1381.812272][ T1891] RDX: 0000001b32c20000 RSI: 0000000000000000 RDI: 0000000000000005 [ 1381.820232][ T1891] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffff [ 1381.828191][ T1891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000761178 [ 1381.836167][ T1891] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000075bf2c [ 1381.845973][ T1891] Kernel Offset: disabled [ 1381.850371][ T1891] Rebooting in 86400 seconds..