syzkaller login: [ 34.923942] kauditd_printk_skb: 9 callbacks suppressed [ 34.923948] audit: type=1400 audit(1580477726.610:35): avc: denied { map } for pid=6988 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 41.266730] audit: type=1400 audit(1580477732.950:36): avc: denied { map } for pid=6999 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 43.260567] IPVS: ftp: loaded support on port[0] = 21 [ 43.673111] can: request_module (can-proto-0) failed. [ 44.747742] can: request_module (can-proto-0) failed. [ 44.912105] audit: type=1400 audit(1580477736.600:37): avc: denied { create } for pid=6999 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 44.936488] audit: type=1400 audit(1580477736.600:38): avc: denied { create } for pid=6999 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 44.960857] audit: type=1400 audit(1580477736.600:39): avc: denied { create } for pid=6999 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 Warning: Permanently added '10.128.0.247' (ECDSA) to the list of known hosts. 2020/01/31 13:35:44 parsed 1 programs 2020/01/31 13:35:44 executed programs: 0 [ 53.089517] IPVS: ftp: loaded support on port[0] = 21 [ 53.095987] IPVS: ftp: loaded support on port[0] = 21 [ 53.101861] IPVS: ftp: loaded support on port[0] = 21 [ 53.102869] IPVS: ftp: loaded support on port[0] = 21 [ 53.144843] IPVS: ftp: loaded support on port[0] = 21 [ 53.157312] IPVS: ftp: loaded support on port[0] = 21 [ 53.260447] chnl_net:caif_netlink_parms(): no params data found [ 53.337459] chnl_net:caif_netlink_parms(): no params data found [ 53.404856] chnl_net:caif_netlink_parms(): no params data found [ 53.414832] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.422327] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.429417] device bridge_slave_0 entered promiscuous mode [ 53.439312] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.445764] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.453177] device bridge_slave_1 entered promiscuous mode [ 53.490247] chnl_net:caif_netlink_parms(): no params data found [ 53.498259] chnl_net:caif_netlink_parms(): no params data found [ 53.527257] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.557861] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.581438] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.588131] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.595566] device bridge_slave_0 entered promiscuous mode [ 53.602678] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.609376] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.616728] device bridge_slave_0 entered promiscuous mode [ 53.626714] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.633434] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.640840] device bridge_slave_1 entered promiscuous mode [ 53.668620] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.675347] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.682653] device bridge_slave_1 entered promiscuous mode [ 53.704031] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.710845] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.719579] device bridge_slave_0 entered promiscuous mode [ 53.734089] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.741612] team0: Port device team_slave_0 added [ 53.751792] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.760125] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.766494] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.773581] device bridge_slave_1 entered promiscuous mode [ 53.787507] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.794199] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.801718] device bridge_slave_0 entered promiscuous mode [ 53.808205] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.815888] team0: Port device team_slave_1 added [ 53.823068] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.832132] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.850965] chnl_net:caif_netlink_parms(): no params data found [ 53.859459] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.866701] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.876126] device bridge_slave_1 entered promiscuous mode [ 53.882644] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.891173] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.899057] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 53.906882] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.914174] team0: Port device team_slave_0 added [ 53.933592] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.952646] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.960574] team0: Port device team_slave_1 added [ 53.973333] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.990269] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.997530] team0: Port device team_slave_0 added [ 54.006569] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.014995] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.082264] device hsr_slave_0 entered promiscuous mode [ 54.120100] device hsr_slave_1 entered promiscuous mode [ 54.160237] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.167608] team0: Port device team_slave_1 added [ 54.176950] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.184474] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.193719] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.205323] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.213149] team0: Port device team_slave_0 added [ 54.218392] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.229202] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.238913] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.261558] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.269037] team0: Port device team_slave_1 added [ 54.274274] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.280960] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.287829] device bridge_slave_0 entered promiscuous mode [ 54.294846] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.301392] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.308549] device bridge_slave_1 entered promiscuous mode [ 54.324464] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.331936] team0: Port device team_slave_0 added [ 54.337427] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.345460] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.401206] device hsr_slave_0 entered promiscuous mode [ 54.440031] device hsr_slave_1 entered promiscuous mode [ 54.480448] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.496550] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.504614] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.512746] team0: Port device team_slave_1 added [ 54.529316] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.571227] device hsr_slave_0 entered promiscuous mode [ 54.609983] device hsr_slave_1 entered promiscuous mode [ 54.650763] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.658611] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.668526] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.731215] device hsr_slave_0 entered promiscuous mode [ 54.769997] device hsr_slave_1 entered promiscuous mode [ 54.845449] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.852476] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.864096] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.871348] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.890849] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.902917] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.932634] device hsr_slave_0 entered promiscuous mode [ 54.970072] device hsr_slave_1 entered promiscuous mode [ 55.010288] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.017606] team0: Port device team_slave_0 added [ 55.026878] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.042222] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.052064] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.059460] team0: Port device team_slave_1 added [ 55.065940] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.076437] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.085542] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.114300] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.122719] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.140883] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.151710] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.211357] device hsr_slave_0 entered promiscuous mode [ 55.250143] device hsr_slave_1 entered promiscuous mode [ 55.300557] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.322052] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.333314] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.345034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.354668] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.364750] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.371537] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.380795] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.391829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.398217] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.406185] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.414049] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.420584] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.427897] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.440112] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.458551] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.465322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.473802] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.482065] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.488587] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.497408] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.506580] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 55.515199] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.523878] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.540133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.551971] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 55.563157] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.573550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.581818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.588787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.597059] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 55.608572] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.617084] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.624351] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.631985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.640157] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.647789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.654855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.664714] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.673913] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 55.684876] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.691972] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.699418] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.708260] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.718618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.727917] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.737475] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.748294] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.759360] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.767828] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.776720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.784690] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.791115] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.798158] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.806700] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.814380] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.820780] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.827654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.835227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.842557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.851052] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.863084] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.873405] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 55.883678] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.890828] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.896989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.905571] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.913822] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.920357] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.927257] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.935663] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.943641] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.950129] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.956993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.965117] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.972832] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.984725] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.992482] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.001793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.012191] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.019178] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.032863] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.043218] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.052212] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.062082] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 56.072072] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 56.079992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.087948] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.096199] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.102651] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.109514] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.117542] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.125700] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.132133] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.139136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.147198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.156558] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.168851] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.178343] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 56.187422] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 56.196212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.207123] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.215447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.223270] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.233458] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.241225] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 56.248209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.256464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.264314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.272429] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.281595] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 56.291728] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 56.301100] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 56.312197] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.318706] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.327525] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.335218] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.343598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.351535] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.359437] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.367339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.375120] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.383590] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 56.394500] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 56.402301] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 56.408559] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.417857] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 56.427070] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 56.434198] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.441611] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.449346] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.457114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.465248] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.473389] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.481229] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.488668] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.496727] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.504596] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.513711] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 56.526330] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.535280] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 56.542454] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.552049] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 56.564710] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.571193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.578923] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.586841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.595005] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.603109] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.609607] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.616770] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.624704] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.632877] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 56.639192] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.648351] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 56.658661] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.672054] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.683236] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.693344] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.700554] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.708264] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.715861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.724111] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.731898] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.738337] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.745420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.752780] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.762707] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 56.770493] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 56.776699] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.786127] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 56.795415] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.802900] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.812450] audit: type=1400 audit(1580477748.500:40): avc: denied { associate } for pid=7094 comm="syz-executor.1" name="syz1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 56.814228] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.850149] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.859566] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 56.873518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.883405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.891229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.898968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.909257] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 56.916828] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.926037] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.937225] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 56.951650] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 56.960449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.968283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.988335] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.994760] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.000657] ================================================================== [ 57.008851] BUG: KASAN: use-after-free in v4l2_ctrl_grab+0x114/0x120 [ 57.008989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 57.015346] Read of size 8 at addr ffff88808f131320 by task syz-executor.1/7110 [ 57.015349] [ 57.015357] CPU: 1 PID: 7110 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 57.015359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.015362] Call Trace: [ 57.015376] dump_stack+0x123/0x177 [ 57.015387] print_address_description.cold.8+0x9/0x1ff [ 57.015393] kasan_report.cold.9+0x242/0x309 [ 57.015399] ? v4l2_ctrl_grab+0x114/0x120 [ 57.015406] __asan_report_load8_noabort+0x14/0x20 [ 57.015410] v4l2_ctrl_grab+0x114/0x120 [ 57.015418] vicodec_stop_streaming+0xfc/0x130 [ 57.015423] __vb2_queue_cancel+0x99/0x6f0 [ 57.015428] ? v4l2_m2m_ioctl_expbuf+0xc0/0xc0 [ 57.015434] ? kasan_check_read+0x11/0x20 [ 57.015444] vb2_core_queue_release+0x1e/0x70 [ 57.015450] vb2_queue_release+0x9/0x10 [ 57.015454] v4l2_m2m_ctx_release+0x22/0x30 [ 57.015459] vicodec_release+0xb5/0x120 [ 57.015468] v4l2_release+0xee/0x1a0 [ 57.023399] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.030760] __fput+0x24c/0x7f0 [ 57.030770] ____fput+0x9/0x10 [ 57.030777] task_work_run+0x10e/0x190 [ 57.030787] exit_to_usermode_loop+0x1a9/0x200 [ 57.030794] do_syscall_64+0x419/0x4e0 [ 57.030803] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.030809] RIP: 0033:0x4120b1 [ 57.030814] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 57.030817] RSP: 002b:00007fffd3c13e60 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 57.030822] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004120b1 [ 57.030825] RDX: 0000001b2ef20000 RSI: 0000000000740490 RDI: 0000000000000003 [ 57.030828] RBP: 000000000073c900 R08: 000000000000de84 R09: 000000000000de84 [ 57.030830] R10: 00007fffd3c13f30 R11: 0000000000000293 R12: ffffffffffffffff [ 57.030833] R13: 000000000000de86 R14: 00000000000003e8 R15: 000000000073bf0c [ 57.030844] [ 57.030850] Allocated by task 7111: [ 57.033704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.040296] save_stack+0x43/0xd0 [ 57.040302] kasan_kmalloc+0xc7/0xe0 [ 57.040305] __kmalloc_node+0x50/0x70 [ 57.040311] kvmalloc_node+0x68/0x70 [ 57.040316] v4l2_ctrl_new.part.9+0x22a/0x12b0 [ 57.040320] v4l2_ctrl_new_std+0x1c9/0x2d0 [ 57.040325] vicodec_open+0x18d/0xa90 [ 57.040330] v4l2_open+0x17d/0x2d0 [ 57.040335] chrdev_open+0x1f0/0x5c0 [ 57.040339] do_dentry_open+0x3f4/0x1010 [ 57.040342] vfs_open+0x9a/0xc0 [ 57.040346] path_openat+0x710/0x3e40 [ 57.040350] do_filp_open+0x177/0x250 [ 57.040353] do_sys_open+0x1dd/0x350 [ 57.040356] __x64_sys_openat+0x98/0xf0 [ 57.040362] do_syscall_64+0xd6/0x4e0 [ 57.040368] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.040370] [ 57.040373] Freed by task 7110: [ 57.040377] save_stack+0x43/0xd0 [ 57.040381] __kasan_slab_free+0x102/0x150 [ 57.040385] kasan_slab_free+0xe/0x10 [ 57.040388] kfree+0xcf/0x230 [ 57.040392] kvfree+0x2c/0x30 [ 57.040395] v4l2_ctrl_handler_free+0x421/0x7e0 [ 57.040398] vicodec_release+0x61/0x120 [ 57.040402] v4l2_release+0xee/0x1a0 [ 57.040406] __fput+0x24c/0x7f0 [ 57.040409] ____fput+0x9/0x10 [ 57.040488] task_work_run+0x10e/0x190 [ 57.051302] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.052583] exit_to_usermode_loop+0x1a9/0x200 [ 57.058791] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 57.061597] do_syscall_64+0x419/0x4e0 [ 57.061606] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.061608] [ 57.061613] The buggy address belongs to the object at ffff88808f131300 [ 57.061613] which belongs to the cache kmalloc-256 of size 256 [ 57.061616] The buggy address is located 32 bytes inside of [ 57.061616] 256-byte region [ffff88808f131300, ffff88808f131400) [ 57.061618] The buggy address belongs to the page: [ 57.061623] page:ffffea00023c4c40 count:1 mapcount:0 mapping:ffff88812c31e7c0 index:0x0 [ 57.061628] flags: 0x1fffc0000000100(slab) [ 57.061634] raw: 01fffc0000000100 ffffea0002578cc8 ffffea0002589008 ffff88812c31e7c0 [ 57.061638] raw: 0000000000000000 ffff88808f131080 000000010000000c 0000000000000000 [ 57.061640] page dumped because: kasan: bad access detected [ 57.061642] [ 57.061644] Memory state around the buggy address: [ 57.061648] ffff88808f131200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.061651] ffff88808f131280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 57.061654] >ffff88808f131300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.061656] ^ [ 57.061659] ffff88808f131380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 57.061662] ffff88808f131400: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 57.061664] ================================================================== [ 57.061666] Disabling lock debugging due to kernel taint [ 57.064495] Kernel panic - not syncing: panic_on_warn set ... [ 57.064495] [ 57.072150] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 57.075532] CPU: 1 PID: 7110 Comm: syz-executor.1 Tainted: G B 4.19.100-syzkaller #0 [ 57.082840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.084094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.532832] Call Trace: [ 57.535426] dump_stack+0x123/0x177 [ 57.539098] panic+0x1cd/0x387 [ 57.542411] ? __warn_printk+0xd6/0xd6 [ 57.546415] ? ___preempt_schedule+0x16/0x18 [ 57.550867] kasan_end_report+0x47/0x4f [ 57.554977] kasan_report.cold.9+0x76/0x309 [ 57.559426] ? v4l2_ctrl_grab+0x114/0x120 [ 57.563771] __asan_report_load8_noabort+0x14/0x20 [ 57.568697] v4l2_ctrl_grab+0x114/0x120 [ 57.572670] vicodec_stop_streaming+0xfc/0x130 [ 57.577252] __vb2_queue_cancel+0x99/0x6f0 [ 57.581477] ? v4l2_m2m_ioctl_expbuf+0xc0/0xc0 [ 57.586057] ? kasan_check_read+0x11/0x20 [ 57.590194] vb2_core_queue_release+0x1e/0x70 [ 57.594807] vb2_queue_release+0x9/0x10 [ 57.598773] v4l2_m2m_ctx_release+0x22/0x30 [ 57.603120] vicodec_release+0xb5/0x120 [ 57.607121] v4l2_release+0xee/0x1a0 [ 57.610986] __fput+0x24c/0x7f0 [ 57.614464] ____fput+0x9/0x10 [ 57.617652] task_work_run+0x10e/0x190 [ 57.621641] exit_to_usermode_loop+0x1a9/0x200 [ 57.626258] do_syscall_64+0x419/0x4e0 [ 57.630144] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.635322] RIP: 0033:0x4120b1 [ 57.638516] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 57.657536] RSP: 002b:00007fffd3c13e60 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 57.665360] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004120b1 [ 57.672618] RDX: 0000001b2ef20000 RSI: 0000000000740490 RDI: 0000000000000003 [ 57.679979] RBP: 000000000073c900 R08: 000000000000de84 R09: 000000000000de84 [ 57.687333] R10: 00007fffd3c13f30 R11: 0000000000000293 R12: ffffffffffffffff [ 57.694794] R13: 000000000000de86 R14: 00000000000003e8 R15: 000000000073bf0c [ 57.703485] Kernel Offset: disabled [ 57.707123] Rebooting in 86400 seconds..