Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 68.884860][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 68.884872][ T26] audit: type=1800 audit(1559714779.740:33): pid=9317 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 68.925157][ T26] audit: type=1800 audit(1559714779.740:34): pid=9317 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 72.156426][ T26] audit: type=1400 audit(1559714783.020:35): avc: denied { map } for pid=9495 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.106' (ECDSA) to the list of known hosts. [ 507.860984][ T26] audit: type=1400 audit(1559715218.720:36): avc: denied { map } for pid=9507 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/05 06:13:39 parsed 1 programs [ 508.830951][ T26] audit: type=1400 audit(1559715219.690:37): avc: denied { map } for pid=9507 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=5684 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/06/05 06:13:41 executed programs: 0 [ 510.619925][ T9527] IPVS: ftp: loaded support on port[0] = 21 [ 510.698693][ T9529] IPVS: ftp: loaded support on port[0] = 21 [ 510.782097][ T9531] IPVS: ftp: loaded support on port[0] = 21 [ 510.851642][ T9536] IPVS: ftp: loaded support on port[0] = 21 [ 510.913793][ T9537] IPVS: ftp: loaded support on port[0] = 21 [ 510.945763][ T9534] IPVS: ftp: loaded support on port[0] = 21 [ 510.962738][ T9527] chnl_net:caif_netlink_parms(): no params data found [ 511.109699][ T9527] bridge0: port 1(bridge_slave_0) entered blocking state [ 511.117426][ T9527] bridge0: port 1(bridge_slave_0) entered disabled state [ 511.125845][ T9527] device bridge_slave_0 entered promiscuous mode [ 511.157324][ T9529] chnl_net:caif_netlink_parms(): no params data found [ 511.167260][ T9527] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.174328][ T9527] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.182034][ T9527] device bridge_slave_1 entered promiscuous mode [ 511.228818][ T9531] chnl_net:caif_netlink_parms(): no params data found [ 511.246760][ T9527] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 511.256992][ T9527] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 511.330109][ T9527] team0: Port device team_slave_0 added [ 511.351152][ T9529] bridge0: port 1(bridge_slave_0) entered blocking state [ 511.358962][ T9529] bridge0: port 1(bridge_slave_0) entered disabled state [ 511.366777][ T9529] device bridge_slave_0 entered promiscuous mode [ 511.378920][ T9531] bridge0: port 1(bridge_slave_0) entered blocking state [ 511.386118][ T9531] bridge0: port 1(bridge_slave_0) entered disabled state [ 511.393739][ T9531] device bridge_slave_0 entered promiscuous mode [ 511.401960][ T9531] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.409103][ T9531] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.417987][ T9531] device bridge_slave_1 entered promiscuous mode [ 511.426948][ T9527] team0: Port device team_slave_1 added [ 511.442116][ T9529] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.449262][ T9529] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.457510][ T9529] device bridge_slave_1 entered promiscuous mode [ 511.532873][ T9531] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 511.607252][ T9527] device hsr_slave_0 entered promiscuous mode [ 511.676448][ T9527] device hsr_slave_1 entered promiscuous mode [ 511.717957][ T9529] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 511.731578][ T9531] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 511.750509][ T9529] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 511.772331][ T9536] chnl_net:caif_netlink_parms(): no params data found [ 511.804046][ T9537] chnl_net:caif_netlink_parms(): no params data found [ 511.815380][ T9529] team0: Port device team_slave_0 added [ 511.851596][ T9529] team0: Port device team_slave_1 added [ 511.858873][ T9531] team0: Port device team_slave_0 added [ 511.886580][ T9536] bridge0: port 1(bridge_slave_0) entered blocking state [ 511.893758][ T9536] bridge0: port 1(bridge_slave_0) entered disabled state [ 511.901550][ T9536] device bridge_slave_0 entered promiscuous mode [ 511.918463][ T9531] team0: Port device team_slave_1 added [ 511.935027][ T9536] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.942403][ T9536] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.950253][ T9536] device bridge_slave_1 entered promiscuous mode [ 511.986176][ T9536] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 511.997165][ T9537] bridge0: port 1(bridge_slave_0) entered blocking state [ 512.004230][ T9537] bridge0: port 1(bridge_slave_0) entered disabled state [ 512.012280][ T9537] device bridge_slave_0 entered promiscuous mode [ 512.020204][ T9537] bridge0: port 2(bridge_slave_1) entered blocking state [ 512.027296][ T9537] bridge0: port 2(bridge_slave_1) entered disabled state [ 512.034965][ T9537] device bridge_slave_1 entered promiscuous mode [ 512.079550][ T9529] device hsr_slave_0 entered promiscuous mode [ 512.135499][ T9529] device hsr_slave_1 entered promiscuous mode [ 512.178305][ T9536] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 512.200382][ T9534] chnl_net:caif_netlink_parms(): no params data found [ 512.221657][ T9537] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 512.239018][ T9536] team0: Port device team_slave_0 added [ 512.287282][ T9531] device hsr_slave_0 entered promiscuous mode [ 512.315494][ T9531] device hsr_slave_1 entered promiscuous mode [ 512.376583][ T9537] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 512.390256][ T9536] team0: Port device team_slave_1 added [ 512.447251][ T9536] device hsr_slave_0 entered promiscuous mode [ 512.495606][ T9536] device hsr_slave_1 entered promiscuous mode [ 512.588035][ T9534] bridge0: port 1(bridge_slave_0) entered blocking state [ 512.595630][ T9534] bridge0: port 1(bridge_slave_0) entered disabled state [ 512.603310][ T9534] device bridge_slave_0 entered promiscuous mode [ 512.618685][ T9537] team0: Port device team_slave_0 added [ 512.626537][ T9537] team0: Port device team_slave_1 added [ 512.644645][ T9534] bridge0: port 2(bridge_slave_1) entered blocking state [ 512.651908][ T9534] bridge0: port 2(bridge_slave_1) entered disabled state [ 512.659711][ T9534] device bridge_slave_1 entered promiscuous mode [ 512.684522][ T9534] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 512.709204][ T9534] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 512.734863][ T9534] team0: Port device team_slave_0 added [ 512.798504][ T9537] device hsr_slave_0 entered promiscuous mode [ 512.845488][ T9537] device hsr_slave_1 entered promiscuous mode [ 512.923326][ T9534] team0: Port device team_slave_1 added [ 513.018370][ T9534] device hsr_slave_0 entered promiscuous mode [ 513.055508][ T9534] device hsr_slave_1 entered promiscuous mode [ 513.164158][ T9527] 8021q: adding VLAN 0 to HW filter on device bond0 [ 513.180619][ T9536] 8021q: adding VLAN 0 to HW filter on device bond0 [ 513.211536][ T9529] 8021q: adding VLAN 0 to HW filter on device bond0 [ 513.239197][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 513.248959][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 513.261679][ T9531] 8021q: adding VLAN 0 to HW filter on device bond0 [ 513.275704][ T9527] 8021q: adding VLAN 0 to HW filter on device team0 [ 513.293099][ T9536] 8021q: adding VLAN 0 to HW filter on device team0 [ 513.309854][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 513.318286][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 513.326436][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 513.334263][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 513.351387][ T9537] 8021q: adding VLAN 0 to HW filter on device bond0 [ 513.361248][ T9529] 8021q: adding VLAN 0 to HW filter on device team0 [ 513.374622][ T9531] 8021q: adding VLAN 0 to HW filter on device team0 [ 513.382456][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 513.391360][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 513.400343][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 513.407581][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 513.416263][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 513.424763][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 513.433519][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 513.440700][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 513.448557][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 513.456437][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 513.464163][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 513.496647][ T9537] 8021q: adding VLAN 0 to HW filter on device team0 [ 513.509231][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 513.518118][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 513.526748][ T9540] bridge0: port 1(bridge_slave_0) entered blocking state [ 513.533792][ T9540] bridge0: port 1(bridge_slave_0) entered forwarding state [ 513.542104][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 513.551276][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 513.559073][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 513.567845][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 513.576635][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 513.585184][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 513.593463][ T9540] bridge0: port 1(bridge_slave_0) entered blocking state [ 513.600552][ T9540] bridge0: port 1(bridge_slave_0) entered forwarding state [ 513.616485][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 513.624538][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 513.632945][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 513.642254][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 513.651583][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 513.658732][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 513.667998][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 513.676840][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 513.685393][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 513.692462][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 513.723818][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 513.733002][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 513.744346][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 513.751466][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 513.759879][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 513.768730][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 513.777591][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 513.786177][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 513.794680][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 513.803669][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 513.812734][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 513.821417][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 513.828510][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 513.838258][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 513.846961][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 513.855392][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 513.862438][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 513.870150][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 513.887552][ T9534] 8021q: adding VLAN 0 to HW filter on device bond0 [ 513.911435][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 513.920118][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 513.928154][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 513.936337][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 513.944773][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 513.953875][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 513.962916][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 513.971702][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 513.980711][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 513.989561][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 513.999042][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 514.007780][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 514.016810][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 514.025916][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 514.033876][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 514.053990][ T9534] 8021q: adding VLAN 0 to HW filter on device team0 [ 514.066500][ T9538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 514.075682][ T9538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 514.084199][ T9538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 514.093365][ T9538] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 514.101959][ T9538] bridge0: port 2(bridge_slave_1) entered blocking state [ 514.109074][ T9538] bridge0: port 2(bridge_slave_1) entered forwarding state [ 514.117241][ T9538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 514.124919][ T9538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 514.132782][ T9538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 514.141337][ T9538] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 514.150011][ T9538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 514.158689][ T9538] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 514.172584][ T9527] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 514.205920][ T9544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 514.214252][ T9544] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 514.222754][ T9544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 514.232762][ T9544] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 514.241568][ T9544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 514.250173][ T9544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 514.259196][ T9544] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 514.267632][ T9544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 514.276394][ T9544] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 514.284690][ T9544] bridge0: port 1(bridge_slave_0) entered blocking state [ 514.291790][ T9544] bridge0: port 1(bridge_slave_0) entered forwarding state [ 514.299506][ T9544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 514.308376][ T9544] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 514.317244][ T9544] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 514.325324][ T9544] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 514.353392][ T9529] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 514.366084][ T9529] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 514.384849][ T9537] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 514.395487][ T9537] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 514.416461][ T9527] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 514.424305][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 514.438963][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 514.449306][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 514.458820][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 514.468265][ T9550] bridge0: port 2(bridge_slave_1) entered blocking state [ 514.475480][ T9550] bridge0: port 2(bridge_slave_1) entered forwarding state [ 514.483226][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 514.491703][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 514.500163][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 514.508753][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 514.517375][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 514.526071][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 514.534526][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 514.543086][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 514.551493][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 514.559804][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 514.568194][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 514.576893][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 514.585168][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 514.593437][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 514.603411][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 514.612275][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 514.620039][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 514.628772][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 514.650534][ T9536] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 514.663485][ T9536] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 514.687673][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 514.697555][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 514.709049][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 514.717871][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 514.727568][ T9531] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 514.752252][ T26] audit: type=1400 audit(1559715225.610:38): avc: denied { associate } for pid=9527 comm="syz-executor.2" name="syz2" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 514.756133][ T9529] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 514.784905][ T9540] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 514.798289][ T9537] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 514.815423][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 514.824118][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 514.843189][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 514.853019][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 514.862891][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 514.871725][ T9550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 514.891500][ T9534] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 514.926038][ T9536] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 514.981841][ T9534] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 515.003142][ T26] audit: type=1400 audit(1559715225.860:39): avc: denied { create } for pid=9567 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 515.044727][ T9531] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 515.102955][ T26] audit: type=1400 audit(1559715225.890:40): avc: denied { write } for pid=9567 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 515.139402][ C0] hrtimer: interrupt took 51949 ns [ 515.357005][ T26] audit: type=1400 audit(1559715225.950:41): avc: denied { read } for pid=9567 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 2019/06/05 06:13:46 executed programs: 7 2019/06/05 06:13:51 executed programs: 79 2019/06/05 06:13:56 executed programs: 154 2019/06/05 06:14:01 executed programs: 226 2019/06/05 06:14:06 executed programs: 301 2019/06/05 06:14:12 executed programs: 373 2019/06/05 06:14:17 executed programs: 443 2019/06/05 06:14:22 executed programs: 514 2019/06/05 06:14:27 executed programs: 587 2019/06/05 06:14:32 executed programs: 656 2019/06/05 06:14:37 executed programs: 727 2019/06/05 06:14:42 executed programs: 796 2019/06/05 06:14:47 executed programs: 867 2019/06/05 06:14:52 executed programs: 936 2019/06/05 06:14:57 executed programs: 1004 2019/06/05 06:15:02 executed programs: 1073 [ 594.608979][T17397] ================================================================== [ 594.617391][T17397] BUG: KASAN: use-after-free in tomoyo_realpath_from_path+0x722/0x7a0 [ 594.625550][T17397] Read of size 2 at addr ffff8880a91276d0 by task syz-executor.3/17397 [ 594.633781][T17397] [ 594.636129][T17397] CPU: 0 PID: 17397 Comm: syz-executor.3 Not tainted 5.2.0-rc3+ #12 [ 594.644114][T17397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 594.644131][T17397] Call Trace: [ 594.644156][T17397] dump_stack+0x172/0x1f0 [ 594.644178][T17397] ? tomoyo_realpath_from_path+0x722/0x7a0 [ 594.644194][T17397] print_address_description.cold+0x7c/0x20d [ 594.644205][T17397] ? tomoyo_realpath_from_path+0x722/0x7a0 [ 594.644216][T17397] ? tomoyo_realpath_from_path+0x722/0x7a0 [ 594.685586][T17397] __kasan_report.cold+0x1b/0x40 [ 594.690536][T17397] ? tomoyo_realpath_from_path+0x722/0x7a0 [ 594.696397][T17397] kasan_report+0x12/0x20 [ 594.700738][T17397] __asan_report_load2_noabort+0x14/0x20 [ 594.706378][T17397] tomoyo_realpath_from_path+0x722/0x7a0 [ 594.712024][T17397] tomoyo_check_open_permission+0x2a8/0x3f0 [ 594.717925][T17397] ? tomoyo_path_number_perm+0x520/0x520 [ 594.723578][T17397] ? ___might_sleep+0x163/0x280 [ 594.728460][T17397] ? inode_has_perm+0x230/0x230 [ 594.733339][T17397] tomoyo_file_open+0xa9/0xd0 [ 594.738027][T17397] security_file_open+0x71/0x300 [ 594.742988][T17397] do_dentry_open+0x373/0x1250 [ 594.743015][T17397] ? chown_common+0x5c0/0x5c0 [ 594.753915][T17397] ? inode_permission+0xb4/0x560 [ 594.758872][T17397] vfs_open+0xa0/0xd0 [ 594.762863][T17397] path_openat+0x10e9/0x46d0 [ 594.767463][T17397] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 594.773294][T17397] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 594.778680][T17397] ? __alloc_fd+0x44d/0x560 [ 594.783289][T17397] do_filp_open+0x1a1/0x280 [ 594.787808][T17397] ? may_open_dev+0x100/0x100 [ 594.792511][T17397] ? do_raw_spin_unlock+0x57/0x270 [ 594.797637][T17397] ? _raw_spin_unlock+0x2d/0x50 [ 594.802517][T17397] do_sys_open+0x3fe/0x5d0 [ 594.806947][T17397] ? filp_open+0x80/0x80 [ 594.811209][T17397] ? blkcg_exit_queue+0x30/0x30 [ 594.816079][T17397] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 594.821548][T17397] ? do_syscall_64+0x26/0x680 [ 594.826277][T17397] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 594.833063][T17397] ? do_syscall_64+0x26/0x680 [ 594.841674][T17397] __x64_sys_open+0x7e/0xc0 [ 594.841692][T17397] do_syscall_64+0xfd/0x680 [ 594.841713][T17397] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 594.841732][T17397] RIP: 0033:0x413161 [ 594.861477][T17397] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 594.881213][T17397] RSP: 002b:00007f65230f8bb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 594.889651][T17397] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000413161 [ 594.897641][T17397] RDX: fffffffffffffffa RSI: 0000000000000000 RDI: 00007f65230f8bd0 [ 594.905623][T17397] RBP: 000000000075c060 R08: 0000000000000050 R09: 000000000000000f [ 594.905632][T17397] R10: 0000000000000004 R11: 0000000000000293 R12: 00007f65230f96d4 [ 594.905639][T17397] R13: 00000000004c83f6 R14: 00000000004dea40 R15: 00000000ffffffff [ 594.905661][T17397] [ 594.905669][T17397] Allocated by task 17373: [ 594.905691][T17397] save_stack+0x23/0x90 [ 594.905703][T17397] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 594.905713][T17397] kasan_kmalloc+0x9/0x10 [ 594.905722][T17397] __kmalloc+0x15c/0x740 [ 594.905738][T17397] sk_prot_alloc+0x19c/0x2e0 [ 594.905758][T17397] sk_alloc+0x39/0xf70 [ 594.905771][T17397] mISDN_sock_create+0xb4/0x3a0 [ 594.921874][T17397] __sock_create+0x3d8/0x730 [ 594.973020][T17397] __sys_socket+0x103/0x220 [ 594.977551][T17397] __x64_sys_socket+0x73/0xb0 [ 594.982241][T17397] do_syscall_64+0xfd/0x680 [ 594.986753][T17397] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 594.992640][T17397] [ 594.994971][T17397] Freed by task 17371: [ 594.999047][T17397] save_stack+0x23/0x90 [ 595.003212][T17397] __kasan_slab_free+0x102/0x150 [ 595.008154][T17397] kasan_slab_free+0xe/0x10 [ 595.008164][T17397] kfree+0xcf/0x220 [ 595.008186][T17397] __sk_destruct+0x4f7/0x6e0 [ 595.008199][T17397] sk_destruct+0x7b/0x90 [ 595.008210][T17397] __sk_free+0xce/0x300 [ 595.008223][T17397] sk_free+0x42/0x50 [ 595.008237][T17397] base_sock_release+0x269/0x279 [ 595.008254][T17397] __sock_release+0xce/0x2a0 [ 595.042881][T17397] sock_close+0x1b/0x30 [ 595.047047][T17397] __fput+0x2ff/0x890 [ 595.051032][T17397] ____fput+0x16/0x20 [ 595.055022][T17397] task_work_run+0x145/0x1c0 [ 595.059627][T17397] exit_to_usermode_loop+0x273/0x2c0 [ 595.064920][T17397] do_syscall_64+0x58e/0x680 [ 595.069520][T17397] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 595.075410][T17397] [ 595.077744][T17397] The buggy address belongs to the object at ffff8880a91276c0 [ 595.077744][T17397] which belongs to the cache kmalloc-2k of size 2048 [ 595.091814][T17397] The buggy address is located 16 bytes inside of [ 595.091814][T17397] 2048-byte region [ffff8880a91276c0, ffff8880a9127ec0) [ 595.105092][T17397] The buggy address belongs to the page: [ 595.110831][T17397] page:ffffea0002a44980 refcount:1 mapcount:0 mapping:ffff8880aa400c40 index:0x0 compound_mapcount: 0 [ 595.121772][T17397] flags: 0x1fffc0000010200(slab|head) [ 595.121791][T17397] raw: 01fffc0000010200 ffffea00022c9f88 ffffea0002234408 ffff8880aa400c40 [ 595.121807][T17397] raw: 0000000000000000 ffff8880a91265c0 0000000100000003 0000000000000000 [ 595.121812][T17397] page dumped because: kasan: bad access detected [ 595.121815][T17397] [ 595.121819][T17397] Memory state around the buggy address: [ 595.121830][T17397] ffff8880a9127580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 595.121839][T17397] ffff8880a9127600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 595.121850][T17397] >ffff8880a9127680: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 595.121856][T17397] ^ [ 595.121865][T17397] ffff8880a9127700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 595.121881][T17397] ffff8880a9127780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 595.127465][T17407] base_sock_release(000000008ab3bcea) sk=000000008046365b [ 595.135826][T17397] ================================================================== [ 595.135831][T17397] Disabling lock debugging due to kernel taint [ 595.138503][T17370] base_sock_release(00000000e70beedd) sk=00000000c06c9eaa [ 595.145583][T17409] base_sock_release(000000006ba2ea09) sk=000000003612f5dd [ 595.176590][T17397] Kernel panic - not syncing: panic_on_warn set ... [ 595.194430][ T3879] kobject: 'loop5' (000000003b474cbc): kobject_uevent_env [ 595.198045][T17397] CPU: 0 PID: 17397 Comm: syz-executor.3 Tainted: G B 5.2.0-rc3+ #12 [ 595.198053][T17397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 595.198058][T17397] Call Trace: [ 595.198091][T17397] dump_stack+0x172/0x1f0 [ 595.217535][T17401] base_sock_release(0000000029a0d23e) sk=00000000058dcacc [ 595.221316][T17397] panic+0x2cb/0x744 [ 595.221337][T17397] ? __warn_printk+0xf3/0xf3 [ 595.227613][ T3879] kobject: 'loop5' (000000003b474cbc): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 595.234598][T17397] ? tomoyo_realpath_from_path+0x722/0x7a0 [ 595.234616][T17397] ? preempt_schedule+0x4b/0x60 [ 595.234639][T17397] ? ___preempt_schedule+0x16/0x18 [ 595.267293][ T3879] kobject: 'loop4' (00000000ddc99a79): kobject_uevent_env [ 595.275101][T17397] ? trace_hardirqs_on+0x5e/0x220 [ 595.275121][T17397] ? tomoyo_realpath_from_path+0x722/0x7a0 [ 595.275143][T17397] end_report+0x47/0x4f [ 595.296967][ T3879] kobject: 'loop4' (00000000ddc99a79): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 595.298315][T17397] ? tomoyo_realpath_from_path+0x722/0x7a0 [ 595.298332][T17397] __kasan_report.cold+0xe/0x40 [ 595.298351][T17397] ? tomoyo_realpath_from_path+0x722/0x7a0 [ 595.321028][T17401] base_sock_release(00000000d15eaa9d) sk=00000000788d4d4b [ 595.324247][T17397] kasan_report+0x12/0x20 [ 595.324262][T17397] __asan_report_load2_noabort+0x14/0x20 [ 595.324287][T17397] tomoyo_realpath_from_path+0x722/0x7a0 [ 595.361823][T17426] base_sock_release(00000000efd05706) sk=00000000d4ef1732 [ 595.362292][T17397] tomoyo_check_open_permission+0x2a8/0x3f0 [ 595.382111][ T3879] kobject: 'loop1' (0000000095513ce0): kobject_uevent_env [ 595.384347][T17397] ? tomoyo_path_number_perm+0x520/0x520 [ 595.384374][T17397] ? ___might_sleep+0x163/0x280 [ 595.412608][T17426] base_sock_release(0000000095e9d449) sk=000000008ba72e72 [ 595.415887][T17397] ? inode_has_perm+0x230/0x230 [ 595.415915][T17397] tomoyo_file_open+0xa9/0xd0 [ 595.426137][ T3879] kobject: 'loop1' (0000000095513ce0): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 595.426379][T17397] security_file_open+0x71/0x300 [ 595.426401][T17397] do_dentry_open+0x373/0x1250 [ 595.462828][T17397] ? chown_common+0x5c0/0x5c0 [ 595.467521][T17397] ? inode_permission+0xb4/0x560 [ 595.472470][T17397] vfs_open+0xa0/0xd0 [ 595.474774][ T3879] kobject: 'loop4' (00000000ddc99a79): kobject_uevent_env [ 595.476459][T17397] path_openat+0x10e9/0x46d0 [ 595.476474][T17397] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 595.476497][T17397] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 595.476513][T17397] ? __alloc_fd+0x44d/0x560 [ 595.476533][T17397] do_filp_open+0x1a1/0x280 [ 595.487910][ T3879] kobject: 'loop4' (00000000ddc99a79): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 595.488239][T17397] ? may_open_dev+0x100/0x100 [ 595.523216][T17397] ? do_raw_spin_unlock+0x57/0x270 [ 595.528336][T17397] ? _raw_spin_unlock+0x2d/0x50 [ 595.533221][T17397] do_sys_open+0x3fe/0x5d0 [ 595.537653][T17397] ? filp_open+0x80/0x80 [ 595.541904][T17397] ? blkcg_exit_queue+0x30/0x30 [ 595.546762][T17397] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 595.552236][T17397] ? do_syscall_64+0x26/0x680 [ 595.556924][T17397] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 595.562998][T17397] ? do_syscall_64+0x26/0x680 [ 595.567691][T17397] __x64_sys_open+0x7e/0xc0 [ 595.572213][T17397] do_syscall_64+0xfd/0x680 [ 595.576731][T17397] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 595.582710][T17397] RIP: 0033:0x413161 [ 595.586614][T17397] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 595.606226][T17397] RSP: 002b:00007f65230f8bb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 595.614652][T17397] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000413161 [ 595.622627][T17397] RDX: fffffffffffffffa RSI: 0000000000000000 RDI: 00007f65230f8bd0 [ 595.624465][T17436] base_sock_release(00000000c50ffdc7) sk=000000006e209310 [ 595.630608][T17397] RBP: 000000000075c060 R08: 0000000000000050 R09: 000000000000000f [ 595.630616][T17397] R10: 0000000000000004 R11: 0000000000000293 R12: 00007f65230f96d4 [ 595.630622][T17397] R13: 00000000004c83f6 R14: 00000000004dea40 R15: 00000000ffffffff [ 595.638839][T17397] Kernel Offset: disabled [ 595.667038][T17397] Rebooting in 86400 seconds..