syzkaller login: [ 33.958763] kauditd_printk_skb: 9 callbacks suppressed [ 33.958769] audit: type=1400 audit(1578350189.960:35): avc: denied { map } for pid=7104 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 40.441940] audit: type=1400 audit(1578350196.440:36): avc: denied { map } for pid=7115 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16480 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 41.237839] IPVS: ftp: loaded support on port[0] = 21 [ 41.673593] can: request_module (can-proto-0) failed. [ 42.763065] can: request_module (can-proto-0) failed. [ 42.771917] can: request_module (can-proto-0) failed. [ 42.947957] audit: type=1400 audit(1578350198.950:37): avc: denied { create } for pid=7115 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 42.971516] audit: type=1400 audit(1578350198.950:38): avc: denied { create } for pid=7115 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 42.995104] audit: type=1400 audit(1578350198.950:39): avc: denied { create } for pid=7115 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 Warning: Permanently added '10.128.10.15' (ECDSA) to the list of known hosts. 2020/01/06 22:36:45 parsed 1 programs 2020/01/06 22:36:46 executed programs: 0 [ 50.361130] IPVS: ftp: loaded support on port[0] = 21 [ 50.361132] IPVS: ftp: loaded support on port[0] = 21 [ 50.388311] IPVS: ftp: loaded support on port[0] = 21 [ 50.414066] IPVS: ftp: loaded support on port[0] = 21 [ 50.419650] IPVS: ftp: loaded support on port[0] = 21 [ 50.441625] IPVS: ftp: loaded support on port[0] = 21 [ 50.678156] chnl_net:caif_netlink_parms(): no params data found [ 50.694205] chnl_net:caif_netlink_parms(): no params data found [ 50.702350] chnl_net:caif_netlink_parms(): no params data found [ 50.710644] chnl_net:caif_netlink_parms(): no params data found [ 50.733837] chnl_net:caif_netlink_parms(): no params data found [ 50.790133] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.797338] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.804169] device bridge_slave_0 entered promiscuous mode [ 50.814724] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.821291] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.828422] device bridge_slave_1 entered promiscuous mode [ 50.880544] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.889124] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.896170] device bridge_slave_0 entered promiscuous mode [ 50.907503] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.913865] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.921050] device bridge_slave_0 entered promiscuous mode [ 50.931240] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.937702] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.944540] device bridge_slave_1 entered promiscuous mode [ 50.961682] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.968431] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.975514] device bridge_slave_0 entered promiscuous mode [ 50.982135] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.988978] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.996050] device bridge_slave_1 entered promiscuous mode [ 51.008600] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.019115] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.031337] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.037734] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.044520] device bridge_slave_1 entered promiscuous mode [ 51.055721] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.062089] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.069212] device bridge_slave_0 entered promiscuous mode [ 51.079434] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.085925] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.092944] device bridge_slave_1 entered promiscuous mode [ 51.099448] chnl_net:caif_netlink_parms(): no params data found [ 51.109750] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.137174] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.144498] team0: Port device team_slave_0 added [ 51.154178] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.163459] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.179647] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.188867] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.197308] team0: Port device team_slave_1 added [ 51.212423] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.221127] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.229756] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.242599] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.252887] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.276666] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.326713] device hsr_slave_0 entered promiscuous mode [ 51.375321] device hsr_slave_1 entered promiscuous mode [ 51.439081] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.450831] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.458539] team0: Port device team_slave_0 added [ 51.467868] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.475471] team0: Port device team_slave_1 added [ 51.484306] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.492039] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.499663] team0: Port device team_slave_0 added [ 51.505071] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.511961] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.519359] team0: Port device team_slave_1 added [ 51.527790] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.535725] team0: Port device team_slave_0 added [ 51.544538] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.551760] team0: Port device team_slave_1 added [ 51.556974] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.570533] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.578434] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.586868] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.597559] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.604699] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.612976] team0: Port device team_slave_0 added [ 51.623140] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.630677] team0: Port device team_slave_1 added [ 51.648021] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.654390] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.661660] device bridge_slave_0 entered promiscuous mode [ 51.672492] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.679211] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.686293] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.692637] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.704050] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.714902] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.723571] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.730796] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.740420] device bridge_slave_1 entered promiscuous mode [ 51.796837] device hsr_slave_0 entered promiscuous mode [ 51.835238] device hsr_slave_1 entered promiscuous mode [ 51.876505] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.883369] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.937487] device hsr_slave_0 entered promiscuous mode [ 51.985318] device hsr_slave_1 entered promiscuous mode [ 52.087470] device hsr_slave_0 entered promiscuous mode [ 52.125352] device hsr_slave_1 entered promiscuous mode [ 52.169426] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 52.179956] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.187125] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 52.197244] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 52.236618] device hsr_slave_0 entered promiscuous mode [ 52.285396] device hsr_slave_1 entered promiscuous mode [ 52.327396] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.337218] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.349127] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.356085] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 52.371542] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.383281] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.392048] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.413112] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.452957] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.463068] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.472249] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 52.479993] team0: Port device team_slave_0 added [ 52.488985] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.507662] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.514824] team0: Port device team_slave_1 added [ 52.525776] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.535371] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.544478] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.553704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.562940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.576775] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.582893] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.591983] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.656580] device hsr_slave_0 entered promiscuous mode [ 52.695471] device hsr_slave_1 entered promiscuous mode [ 52.737312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.744668] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.764396] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.773893] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.781040] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 52.788792] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.796338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.804338] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.813230] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.819629] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.829252] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.838947] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.848059] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.857733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.866065] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.873941] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.880455] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.888464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.896477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.906632] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.922820] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.929929] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.938519] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.946327] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.954346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.964411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.975379] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.986781] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.996597] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 53.006097] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.016205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.024253] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.032093] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.040513] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.051701] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 53.061369] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 53.073021] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 53.080730] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 53.089321] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.096876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.104721] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.112713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.121321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.129059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.136940] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.144565] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.150998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.160645] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 53.169888] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.177978] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.187500] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.194757] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 53.202129] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.210674] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.218457] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.227990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.236108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.243684] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.250071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.257059] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.264759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.273020] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.279472] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.286718] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.295098] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 53.301224] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.311623] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 53.319905] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.329124] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.337939] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.344605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.353397] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.361235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.369412] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.375843] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.382817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.390319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.398966] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.411746] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 53.424673] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 53.432996] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.442003] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 53.450110] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.460487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.468550] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.476263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.483863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.491111] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.498852] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.508959] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 53.517656] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 53.530191] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 53.536876] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.543756] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 53.551906] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.558342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.566735] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.574170] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 53.580922] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 53.588824] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 53.598224] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 53.608237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.617302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.625085] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.632857] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.641226] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.648898] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 53.657756] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 53.666395] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 53.679779] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 53.689382] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 53.696472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.704223] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.713725] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.720232] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.727281] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.735202] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.743899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.751877] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.759743] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.766142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.772885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.780956] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.788476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.796218] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.803822] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.810969] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.820232] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.831018] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 53.840507] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 53.846792] audit: type=1400 audit(1578350209.840:40): avc: denied { associate } for pid=7212 comm="syz-executor.1" name="syz1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 53.878738] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.887175] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 53.894281] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.902481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.910188] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.916605] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.923464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.931498] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.939157] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.945553] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.952616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.960621] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.970902] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.983074] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 53.992536] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 54.002753] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 54.016326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.032559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.041903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.042438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.042885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.044700] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 54.047998] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 54.049904] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 54.097510] ================================================================== [ 54.097542] BUG: KASAN: global-out-of-bounds in fb_pad_aligned_buffer+0xd3/0x130 [ 54.097548] Read of size 1 at addr ffffffff87692d76 by task syz-executor.1/7234 [ 54.097550] [ 54.097557] CPU: 0 PID: 7234 Comm: syz-executor.1 Not tainted 4.19.93-syzkaller #0 [ 54.097560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.097563] Call Trace: [ 54.097573] dump_stack+0x123/0x177 [ 54.097586] print_address_description.cold.8+0x58/0x1ff [ 54.097594] kasan_report.cold.9+0x242/0x309 [ 54.097599] ? fb_pad_aligned_buffer+0xd3/0x130 [ 54.097607] __asan_report_load1_noabort+0x14/0x20 [ 54.097613] fb_pad_aligned_buffer+0xd3/0x130 [ 54.097625] bit_putcs+0x81e/0xf00 [ 54.097645] ? bit_cursor+0x22e0/0x22e0 [ 54.097657] ? fb_get_color_depth+0x49/0x60 [ 54.097666] fbcon_putcs+0x2fb/0x5b0 [ 54.097674] ? bit_cursor+0x22e0/0x22e0 [ 54.097684] do_update_region+0x30c/0x640 [ 54.097695] ? fb_set_cmap+0x34e/0x550 [ 54.097704] ? con_get_trans_old+0x220/0x220 [ 54.097721] redraw_screen+0x515/0x820 [ 54.097725] ? bit_bmove+0x210/0x210 [ 54.097732] ? con_flush_chars+0x60/0x60 [ 54.097743] fbcon_do_set_font+0x656/0xa20 [ 54.097752] ? lock_acquire+0x173/0x3d0 [ 54.097761] fbcon_copy_font+0x116/0x1a0 [ 54.097769] con_font_op+0x228/0x11f0 [ 54.097779] ? con_write+0x80/0x80 [ 54.097783] ? lock_downgrade+0x860/0x860 [ 54.097797] ? kasan_check_write+0x14/0x20 [ 54.097807] vt_ioctl+0xa0f/0x2130 [ 54.097814] ? complete_change_console+0x300/0x300 [ 54.097821] ? find_held_lock+0x36/0x1d0 [ 54.097834] ? avc_has_extended_perms+0x4c5/0x1170 [ 54.097840] ? lock_downgrade+0x860/0x860 [ 54.097856] tty_ioctl+0x452/0x1290 [ 54.097863] ? tty_vhangup+0x20/0x20 [ 54.097869] ? avc_ss_reset+0x130/0x130 [ 54.097879] ? mark_held_locks+0x130/0x130 [ 54.097884] ? mark_held_locks+0x130/0x130 [ 54.097910] do_vfs_ioctl+0x196/0x10c0 [ 54.097919] ? ioctl_preallocate+0x1c0/0x1c0 [ 54.097927] ? selinux_file_mprotect+0x5f0/0x5f0 [ 54.097940] ? ksys_dup3+0x2e0/0x2e0 [ 54.097945] ? put_timespec64+0xa9/0x100 [ 54.097951] ? nsecs_to_jiffies+0x20/0x20 [ 54.097962] ? security_file_ioctl+0x4a/0x90 [ 54.097967] ? __fget_light+0x174/0x1e0 [ 54.097975] ksys_ioctl+0x62/0x90 [ 54.097979] ? lockdep_hardirqs_on+0x421/0x5c0 [ 54.097986] __x64_sys_ioctl+0x6e/0xb0 [ 54.097994] do_syscall_64+0xd0/0x4e0 [ 54.098003] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.098009] RIP: 0033:0x45a6f9 [ 54.098015] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.098018] RSP: 002b:00007f9ac19f7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 54.098024] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a6f9 [ 54.098028] RDX: 0000000020000000 RSI: 0000000000004b72 RDI: 0000000000000004 [ 54.098031] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 54.098034] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9ac19f86d4 [ 54.098037] R13: 00000000004c382b R14: 00000000004d8d78 R15: 00000000ffffffff [ 54.098051] [ 54.098053] The buggy address belongs to the variable: [ 54.098059] oid_index+0x76/0xa60 [ 54.098062] [ 54.098064] Memory state around the buggy address: [ 54.098069] ffffffff87692c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.098073] ffffffff87692c80: 00 00 00 00 00 00 00 00 00 00 00 05 fa fa fa fa [ 54.098077] >ffffffff87692d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 fa [ 54.098080] ^ [ 54.098084] ffffffff87692d80: fa fa fa fa 00 02 fa fa fa fa fa fa 00 01 fa fa [ 54.098088] ffffffff87692e00: fa fa fa fa 00 00 02 fa fa fa fa fa 00 03 fa fa [ 54.098090] ================================================================== [ 54.098093] Disabling lock debugging due to kernel taint [ 54.098096] Kernel panic - not syncing: panic_on_warn set ... [ 54.098096] [ 54.098101] CPU: 0 PID: 7234 Comm: syz-executor.1 Tainted: G B 4.19.93-syzkaller #0 [ 54.098103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.098104] Call Trace: [ 54.098109] dump_stack+0x123/0x177 [ 54.098115] panic+0x1cd/0x375 [ 54.098120] ? __warn_printk+0xd6/0xd6 [ 54.098124] ? lock_downgrade+0x860/0x860 [ 54.098128] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 54.098135] kasan_end_report+0x47/0x4f [ 54.098140] kasan_report.cold.9+0x76/0x309 [ 54.098144] ? fb_pad_aligned_buffer+0xd3/0x130 [ 54.098149] __asan_report_load1_noabort+0x14/0x20 [ 54.098153] fb_pad_aligned_buffer+0xd3/0x130 [ 54.098160] bit_putcs+0x81e/0xf00 [ 54.098171] ? bit_cursor+0x22e0/0x22e0 [ 54.098178] ? fb_get_color_depth+0x49/0x60 [ 54.098183] fbcon_putcs+0x2fb/0x5b0 [ 54.098188] ? bit_cursor+0x22e0/0x22e0 [ 54.098193] do_update_region+0x30c/0x640 [ 54.098197] ? fb_set_cmap+0x34e/0x550 [ 54.098203] ? con_get_trans_old+0x220/0x220 [ 54.098212] redraw_screen+0x515/0x820 [ 54.098216] ? bit_bmove+0x210/0x210 [ 54.098220] ? con_flush_chars+0x60/0x60 [ 54.098228] fbcon_do_set_font+0x656/0xa20 [ 54.098232] ? lock_acquire+0x173/0x3d0 [ 54.098239] fbcon_copy_font+0x116/0x1a0 [ 54.098244] con_font_op+0x228/0x11f0 [ 54.098250] ? con_write+0x80/0x80 [ 54.098253] ? lock_downgrade+0x860/0x860 [ 54.098260] ? kasan_check_write+0x14/0x20 [ 54.098266] vt_ioctl+0xa0f/0x2130 [ 54.098271] ? complete_change_console+0x300/0x300 [ 54.098275] ? find_held_lock+0x36/0x1d0 [ 54.098282] ? avc_has_extended_perms+0x4c5/0x1170 [ 54.098286] ? lock_downgrade+0x860/0x860 [ 54.098294] tty_ioctl+0x452/0x1290 [ 54.098299] ? tty_vhangup+0x20/0x20 [ 54.098303] ? avc_ss_reset+0x130/0x130 [ 54.098309] ? mark_held_locks+0x130/0x130 [ 54.098312] ? mark_held_locks+0x130/0x130 [ 54.098326] do_vfs_ioctl+0x196/0x10c0 [ 54.098331] ? ioctl_preallocate+0x1c0/0x1c0 [ 54.098336] ? selinux_file_mprotect+0x5f0/0x5f0 [ 54.098343] ? ksys_dup3+0x2e0/0x2e0 [ 54.098347] ? put_timespec64+0xa9/0x100 [ 54.098351] ? nsecs_to_jiffies+0x20/0x20 [ 54.098357] ? security_file_ioctl+0x4a/0x90 [ 54.098360] ? __fget_light+0x174/0x1e0 [ 54.098366] ksys_ioctl+0x62/0x90 [ 54.098369] ? lockdep_hardirqs_on+0x421/0x5c0 [ 54.098374] __x64_sys_ioctl+0x6e/0xb0 [ 54.098379] do_syscall_64+0xd0/0x4e0 [ 54.098384] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 54.098387] RIP: 0033:0x45a6f9 [ 54.098390] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 54.098393] RSP: 002b:00007f9ac19f7c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 54.098397] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a6f9 [ 54.098399] RDX: 0000000020000000 RSI: 0000000000004b72 RDI: 0000000000000004 [ 54.098401] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 54.098404] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9ac19f86d4 [ 54.098406] R13: 00000000004c382b R14: 00000000004d8d78 R15: 00000000ffffffff [ 54.099775] Kernel Offset: disabled [ 54.786630] Rebooting in 86400 seconds..