[ 40.552003] audit: type=1400 audit(1578506233.070:41): avc: denied { map } for pid=7648 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 46.874934] audit: type=1400 audit(1578506239.390:42): avc: denied { map } for pid=7658 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 48.606800] IPVS: ftp: loaded support on port[0] = 21 [ 48.632195] audit: type=1400 audit(1578506241.150:43): avc: denied { associate } for pid=7675 comm="syz-executor0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 48.927979] tipc: TX() has been purged, node left! [ 80.915029] can: request_module (can-proto-0) failed. [ 80.925496] can: request_module (can-proto-0) failed. [ 81.109720] audit: type=1400 audit(1578506273.630:44): avc: denied { create } for pid=7658 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 81.133535] audit: type=1400 audit(1578506273.630:45): avc: denied { create } for pid=7658 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 81.158725] audit: type=1400 audit(1578506273.630:46): avc: denied { create } for pid=7658 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 Warning: Permanently added '10.128.10.11' (ECDSA) to the list of known hosts. 2020/01/08 17:58:02 parsed 1 programs 2020/01/08 17:58:03 executed programs: 0 [ 90.943395] IPVS: ftp: loaded support on port[0] = 21 [ 90.950552] IPVS: ftp: loaded support on port[0] = 21 [ 90.983444] IPVS: ftp: loaded support on port[0] = 21 [ 91.052321] IPVS: ftp: loaded support on port[0] = 21 [ 91.060629] IPVS: ftp: loaded support on port[0] = 21 [ 91.078688] IPVS: ftp: loaded support on port[0] = 21 [ 91.209333] chnl_net:caif_netlink_parms(): no params data found [ 91.263494] chnl_net:caif_netlink_parms(): no params data found [ 91.335103] chnl_net:caif_netlink_parms(): no params data found [ 91.367543] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.375123] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.382806] device bridge_slave_0 entered promiscuous mode [ 91.392145] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.398670] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.405595] device bridge_slave_1 entered promiscuous mode [ 91.440906] chnl_net:caif_netlink_parms(): no params data found [ 91.462854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.471466] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.478444] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.485484] device bridge_slave_0 entered promiscuous mode [ 91.495264] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.501830] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.508941] device bridge_slave_1 entered promiscuous mode [ 91.537301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.601291] chnl_net:caif_netlink_parms(): no params data found [ 91.624399] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.631814] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.640905] device bridge_slave_0 entered promiscuous mode [ 91.649848] team0: Port device team_slave_0 added [ 91.659414] team0: Port device team_slave_1 added [ 91.668996] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.693522] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.700260] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.707522] device bridge_slave_1 entered promiscuous mode [ 91.714354] chnl_net:caif_netlink_parms(): no params data found [ 91.781025] device hsr_slave_0 entered promiscuous mode [ 91.848441] device hsr_slave_1 entered promiscuous mode [ 91.899485] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.943986] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.951565] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.958773] device bridge_slave_0 entered promiscuous mode [ 91.965332] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.971978] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.979551] device bridge_slave_0 entered promiscuous mode [ 91.993096] team0: Port device team_slave_0 added [ 92.002853] team0: Port device team_slave_1 added [ 92.011877] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.018395] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.025328] device bridge_slave_1 entered promiscuous mode [ 92.032415] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.040658] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.047666] device bridge_slave_1 entered promiscuous mode [ 92.056040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.098266] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.120053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.135238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.210813] device hsr_slave_0 entered promiscuous mode [ 92.248343] device hsr_slave_1 entered promiscuous mode [ 92.288172] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.295477] Cannot create hsr debugfs directory [ 92.302885] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.309432] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.316350] device bridge_slave_0 entered promiscuous mode [ 92.324276] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.341632] team0: Port device team_slave_0 added [ 92.369093] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.375496] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.382693] device bridge_slave_1 entered promiscuous mode [ 92.390083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.402398] team0: Port device team_slave_0 added [ 92.414536] team0: Port device team_slave_1 added [ 92.445863] team0: Port device team_slave_1 added [ 92.458929] team0: Port device team_slave_0 added [ 92.469601] team0: Port device team_slave_1 added [ 92.540391] device hsr_slave_0 entered promiscuous mode [ 92.578281] device hsr_slave_1 entered promiscuous mode [ 92.617966] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.624993] Cannot create hsr debugfs directory [ 92.650108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.660873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.720518] device hsr_slave_0 entered promiscuous mode [ 92.778386] device hsr_slave_1 entered promiscuous mode [ 92.838056] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.844956] Cannot create hsr debugfs directory [ 92.872855] team0: Port device team_slave_0 added [ 92.929924] device hsr_slave_0 entered promiscuous mode [ 92.978327] device hsr_slave_1 entered promiscuous mode [ 93.018076] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.025050] Cannot create hsr debugfs directory [ 93.034996] team0: Port device team_slave_1 added [ 93.131310] device hsr_slave_0 entered promiscuous mode [ 93.188413] device hsr_slave_1 entered promiscuous mode [ 93.257950] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.265037] Cannot create hsr debugfs directory [ 93.306665] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.337746] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.353559] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.375253] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.386632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 93.396022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 93.403690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.411647] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.420564] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.427011] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.434750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 93.442121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 93.449794] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 93.463985] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.476225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.494198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.502555] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.510426] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.516982] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.524254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.532753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.540457] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.546965] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.554178] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.562248] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.570156] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.576530] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.605777] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.619844] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 93.627049] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 93.635634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 93.643926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 93.653696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 93.661602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 93.668864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 93.675895] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 93.690653] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.706046] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.727865] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 93.736521] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 93.745566] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 93.753539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 93.762353] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 93.770216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.779017] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.786773] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.793340] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.800729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 93.808807] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 93.816351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.824766] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.832497] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.838914] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.847087] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 93.854275] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 93.861345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 93.882449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.890628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.898844] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.905220] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.914254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 93.922562] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 93.930531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.938730] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.946328] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.952803] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.960503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 93.974483] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.984186] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.994378] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.006845] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 94.026022] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 94.036511] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.048182] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 94.055295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.062823] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.071704] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.079561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 94.087321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 94.095372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 94.103279] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 94.111596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 94.120480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 94.128705] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.136532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.145537] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.153378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 94.161152] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 94.169635] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 94.177471] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 94.186152] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 94.193303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 94.230199] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.239340] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 94.249387] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.260565] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 94.270159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 94.278595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 94.286537] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.294278] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.300750] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.307536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 94.315398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 94.323175] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.330997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.339012] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.346463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 94.354645] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.361611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 94.369384] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 94.378709] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 94.385572] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.393080] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 94.400322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 94.408239] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.415817] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.422205] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.435785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.444836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.456665] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 94.467567] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.510124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 94.523513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 94.534354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 94.542366] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 94.550354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 94.558342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.566502] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.573139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.580145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 94.588206] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.596110] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.602793] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.610322] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 94.618445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 94.626324] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 94.634714] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 94.641945] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.657067] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.673239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 94.696085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 94.709131] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.723164] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 94.732291] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.740929] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.749776] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.757570] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 94.765438] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 94.773367] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 94.780617] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 94.793243] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.804935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 94.814092] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.833103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 94.850891] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 94.867109] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.888415] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.907490] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.923162] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 94.934012] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.954424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 94.962411] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 94.983516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 94.995015] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 95.002771] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 95.059586] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.140011] ================================================================== [ 95.147628] BUG: KASAN: slab-out-of-bounds in hci_event_packet+0x7fcf/0x9a96 [ 95.154836] Read of size 1 at addr ffff8880a8723c00 by task kworker/u5:7/7803 [ 95.154847] [ 95.154866] CPU: 1 PID: 7803 Comm: kworker/u5:7 Not tainted 5.5.0-rc5-syzkaller #0 [ 95.154870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 95.154894] Workqueue: hci4 hci_rx_work [ 95.154902] Call Trace: [ 95.154911] dump_stack+0x12d/0x187 [ 95.154924] print_address_description.constprop.8.cold.10+0x9/0x31d [ 95.163932] ? hci_event_packet+0x7fcf/0x9a96 [ 95.163941] __kasan_report.cold.11+0x1b/0x3a [ 95.163946] ? hci_event_packet+0x7fcf/0x9a96 [ 95.163953] ? hci_event_packet+0x7fcf/0x9a96 [ 95.163960] kasan_report+0x12/0x20 [ 95.163966] __asan_report_load1_noabort+0x14/0x20 [ 95.163972] hci_event_packet+0x7fcf/0x9a96 [ 95.163983] ? unwind_next_frame.part.6+0x1ab/0xa20 [ 95.163991] ? hci_cmd_complete_evt+0xb690/0xb690 [ 95.181072] ? unwind_next_frame+0x3e/0x50 [ 95.181080] ? profile_setup.cold.14+0xa0/0xa0 [ 95.181089] ? arch_stack_walk+0x8a/0xf0 [ 95.181102] ? ret_from_fork+0x3a/0x50 [ 95.181111] ? stack_trace_save+0x82/0xb0 [ 95.181117] ? stack_trace_consume_entry+0x170/0x170 [ 95.181120] ? profile_setup.cold.14+0xa0/0xa0 [ 95.181133] ? save_trace+0x3e/0x980 [ 95.181144] ? __lock_acquire+0x2cd5/0x4ef0 [ 95.181159] ? __kasan_check_read+0x11/0x20 [ 95.181164] ? mark_lock+0xc5/0x11d0 [ 95.181174] ? mark_held_locks+0xb8/0x130 [ 95.185855] kobject: 'rfkill11' (00000000c43093e5): kobject_add_internal: parent: 'hci6', set: 'devices' [ 95.187746] ? _raw_spin_unlock_irqrestore+0x7d/0xd0 [ 95.187755] ? skb_dequeue+0x11d/0x1b0 [ 95.187762] ? lockdep_hardirqs_on+0x42d/0x5d0 [ 95.187766] ? _raw_spin_unlock_irqrestore+0x7d/0xd0 [ 95.187775] ? trace_hardirqs_on+0x28/0x1b0 [ 95.187793] hci_rx_work+0x53d/0x930 [ 95.187798] ? hci_rx_work+0x53d/0x930 [ 95.187804] ? rcu_read_lock_any_held.part.10+0x50/0x50 [ 95.187809] ? trace_hardirqs_on+0x28/0x1b0 [ 95.187820] process_one_work+0x85b/0x1630 [ 95.187832] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [ 95.187836] ? lock_acquire+0x194/0x410 [ 95.187847] worker_thread+0x85/0xb60 [ 95.187854] ? __kthread_parkme+0x47/0x1a0 [ 95.192403] kobject: 'rfkill11' (00000000c43093e5): kobject_uevent_env [ 95.198079] kthread+0x334/0x3f0 [ 95.198086] ? process_one_work+0x1630/0x1630 [ 95.198091] ? kthread_mod_delayed_work+0x190/0x190 [ 95.198102] ret_from_fork+0x3a/0x50 [ 95.198116] [ 95.198121] Allocated by task 7799: [ 95.198131] save_stack+0x21/0x90 [ 95.198137] __kasan_kmalloc.constprop.9+0xc7/0xd0 [ 95.198142] kasan_kmalloc+0x9/0x10 [ 95.198147] __kmalloc_node_track_caller+0x4d/0x70 [ 95.198154] __kmalloc_reserve.isra.46+0x2c/0xc0 [ 95.198158] __alloc_skb+0xd7/0x570 [ 95.198165] vhci_write+0xa8/0x3e0 [ 95.198173] new_sync_write+0x402/0x7e0 [ 95.198176] __vfs_write+0x97/0x110 [ 95.198180] vfs_write+0x18a/0x520 [ 95.198184] ksys_write+0x105/0x220 [ 95.198188] __x64_sys_write+0x6e/0xb0 [ 95.198195] do_syscall_64+0xd0/0x600 [ 95.198201] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 95.203703] kobject: 'rfkill11' (00000000c43093e5): fill_kobj_path: path = '/devices/virtual/bluetooth/hci6/rfkill11' [ 95.207180] [ 95.207185] Freed by task 6642: [ 95.207197] save_stack+0x21/0x90 [ 95.207202] __kasan_slab_free+0x102/0x150 [ 95.207206] kasan_slab_free+0xe/0x10 [ 95.207211] kfree+0x108/0x2c0 [ 95.207217] free_pipe_info+0x21c/0x2e0 [ 95.207220] put_pipe_info+0x9b/0xb0 [ 95.207224] pipe_release+0x128/0x1b0 [ 95.207229] __fput+0x25d/0x780 [ 95.207233] ____fput+0x9/0x10 [ 95.207241] task_work_run+0x10e/0x190 [ 95.207249] exit_to_usermode_loop+0x1be/0x210 [ 95.207253] do_syscall_64+0x50b/0x600 [ 95.207261] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 95.218704] kobject: 'hci7' (000000002ec84c88): kobject_add_internal: parent: 'bluetooth', set: 'devices' [ 95.219850] [ 95.219856] The buggy address belongs to the object at ffff8880a8723800 [ 95.219856] which belongs to the cache kmalloc-1k of size 1024 [ 95.219861] The buggy address is located 0 bytes to the right of [ 95.219861] 1024-byte region [ffff8880a8723800, ffff8880a8723c00) [ 95.219863] The buggy address belongs to the page: [ 95.219869] page:ffffea0002a1c8c0 refcount:1 mapcount:0 mapping:ffff8880aa800c40 index:0x0 [ 95.219882] raw: 01fffc0000000200 ffffea00025065c8 ffffea00024d0b88 ffff8880aa800c40 [ 95.219888] raw: 0000000000000000 ffff8880a8723000 0000000100000002 0000000000000000 [ 95.219892] page dumped because: kasan: bad access detected [ 95.219894] [ 95.219897] Memory state around the buggy address: [ 95.219901] ffff8880a8723b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 95.219905] ffff8880a8723b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 95.228700] kobject: 'hci8' (00000000fc18430f): kobject_add_internal: parent: 'bluetooth', set: 'devices' [ 95.229137] >ffff8880a8723c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 95.234443] kobject: 'hci7' (000000002ec84c88): kobject_uevent_env [ 95.239116] ^ [ 95.239123] ffff8880a8723c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 95.239127] ffff8880a8723d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 95.239133] ================================================================== [ 95.239136] Disabling lock debugging due to kernel taint [ 95.247220] Kernel panic - not syncing: panic_on_warn set ... [ 95.253119] kobject: 'hci8' (00000000fc18430f): kobject_uevent_env [ 95.253132] CPU: 1 PID: 7803 Comm: kworker/u5:7 Tainted: G B 5.5.0-rc5-syzkaller #0 [ 95.257175] kobject: 'hci8' (00000000fc18430f): fill_kobj_path: path = '/devices/virtual/bluetooth/hci8' [ 95.261140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 95.261154] Workqueue: hci4 hci_rx_work [ 95.261157] Call Trace: [ 95.261167] dump_stack+0x12d/0x187 [ 95.261172] ? hci_event_packet+0x7f30/0x9a96 [ 95.261180] panic+0x22a/0x4f5 [ 95.261184] ? add_taint.cold.7+0x11/0x11 [ 95.261193] ? ___preempt_schedule+0x16/0x18 [ 95.261198] ? hci_event_packet+0x7fcf/0x9a96 [ 95.261205] end_report+0x47/0x4f [ 95.261208] __kasan_report.cold.11+0xe/0x3a [ 95.261211] ? hci_event_packet+0x7fcf/0x9a96 [ 95.261215] ? hci_event_packet+0x7fcf/0x9a96 [ 95.261219] kasan_report+0x12/0x20 [ 95.261224] __asan_report_load1_noabort+0x14/0x20 [ 95.261227] hci_event_packet+0x7fcf/0x9a96 [ 95.261235] ? unwind_next_frame.part.6+0x1ab/0xa20 [ 95.261240] ? hci_cmd_complete_evt+0xb690/0xb690 [ 95.261247] ? unwind_next_frame+0x3e/0x50 [ 95.261254] ? profile_setup.cold.14+0xa0/0xa0 [ 95.261260] ? arch_stack_walk+0x8a/0xf0 [ 95.261274] ? ret_from_fork+0x3a/0x50 [ 95.261279] ? stack_trace_save+0x82/0xb0 [ 95.261283] ? stack_trace_consume_entry+0x170/0x170 [ 95.261286] ? profile_setup.cold.14+0xa0/0xa0 [ 95.261296] ? save_trace+0x3e/0x980 [ 95.266714] kobject: 'rfkill12' (00000000ace1c797): kobject_add_internal: parent: 'hci8', set: 'devices' [ 95.270960] ? __lock_acquire+0x2cd5/0x4ef0 [ 95.270971] ? __kasan_check_read+0x11/0x20 [ 95.270978] ? mark_lock+0xc5/0x11d0 [ 95.270984] ? mark_held_locks+0xb8/0x130 [ 95.270989] ? _raw_spin_unlock_irqrestore+0x7d/0xd0 [ 95.270996] ? skb_dequeue+0x11d/0x1b0 [ 95.271000] ? lockdep_hardirqs_on+0x42d/0x5d0 [ 95.271003] ? _raw_spin_unlock_irqrestore+0x7d/0xd0 [ 95.271009] ? trace_hardirqs_on+0x28/0x1b0 [ 95.271018] hci_rx_work+0x53d/0x930 [ 95.274845] kobject: 'hci7' (000000002ec84c88): fill_kobj_path: path = '/devices/virtual/bluetooth/hci7' [ 95.279017] ? hci_rx_work+0x53d/0x930 [ 95.279023] ? rcu_read_lock_any_held.part.10+0x50/0x50 [ 95.279029] ? trace_hardirqs_on+0x28/0x1b0 [ 95.279037] process_one_work+0x85b/0x1630 [ 95.279043] ? pwq_dec_nr_in_flight+0x2c0/0x2c0 [ 95.279046] ? lock_acquire+0x194/0x410 [ 95.279053] worker_thread+0x85/0xb60 [ 95.279059] ? __kthread_parkme+0x47/0x1a0 [ 95.279066] kthread+0x334/0x3f0 [ 95.284100] kobject: 'rfkill12' (00000000ace1c797): kobject_uevent_env [ 95.287086] ? process_one_work+0x1630/0x1630 [ 95.287093] ? kthread_mod_delayed_work+0x190/0x190 [ 95.287101] ret_from_fork+0x3a/0x50 [ 95.288641] Kernel Offset: disabled [ 95.931008] Rebooting in 86400 seconds..