syzkaller login: [ 37.004593] kauditd_printk_skb: 9 callbacks suppressed [ 37.004599] audit: type=1400 audit(1583071251.265:35): avc: denied { map } for pid=7058 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 43.339758] audit: type=1400 audit(1583071257.605:36): avc: denied { map } for pid=7069 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 45.415964] IPVS: ftp: loaded support on port[0] = 21 [ 45.825427] can: request_module (can-proto-0) failed. [ 46.905124] can: request_module (can-proto-0) failed. [ 47.079517] audit: type=1400 audit(1583071261.345:37): avc: denied { create } for pid=7069 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 47.103601] audit: type=1400 audit(1583071261.345:38): avc: denied { create } for pid=7069 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 47.127278] audit: type=1400 audit(1583071261.345:39): avc: denied { create } for pid=7069 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 Warning: Permanently added '10.128.0.145' (ECDSA) to the list of known hosts. 2020/03/01 14:01:08 parsed 1 programs 2020/03/01 14:01:09 executed programs: 0 [ 55.283646] IPVS: ftp: loaded support on port[0] = 21 [ 55.311684] IPVS: ftp: loaded support on port[0] = 21 [ 55.377313] IPVS: ftp: loaded support on port[0] = 21 [ 55.382548] IPVS: ftp: loaded support on port[0] = 21 [ 55.442686] IPVS: ftp: loaded support on port[0] = 21 [ 55.517637] chnl_net:caif_netlink_parms(): no params data found [ 55.531328] IPVS: ftp: loaded support on port[0] = 21 [ 55.550948] chnl_net:caif_netlink_parms(): no params data found [ 55.619851] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.626508] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.633872] device bridge_slave_0 entered promiscuous mode [ 55.643047] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.649497] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.656683] device bridge_slave_1 entered promiscuous mode [ 55.663905] chnl_net:caif_netlink_parms(): no params data found [ 55.705229] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.711944] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.719489] device bridge_slave_0 entered promiscuous mode [ 55.730870] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.738391] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.745600] device bridge_slave_1 entered promiscuous mode [ 55.772269] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.802313] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.821101] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.829877] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.836246] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.844201] device bridge_slave_0 entered promiscuous mode [ 55.863572] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.871335] team0: Port device team_slave_0 added [ 55.877713] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.884909] team0: Port device team_slave_1 added [ 55.891080] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.900271] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.906666] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.913811] device bridge_slave_1 entered promiscuous mode [ 55.934680] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.965305] chnl_net:caif_netlink_parms(): no params data found [ 55.973309] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.986494] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.994715] chnl_net:caif_netlink_parms(): no params data found [ 56.009500] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.017358] team0: Port device team_slave_0 added [ 56.024085] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.031529] team0: Port device team_slave_1 added [ 56.037496] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.099622] device hsr_slave_0 entered promiscuous mode [ 56.157384] device hsr_slave_1 entered promiscuous mode [ 56.197491] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.204715] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.231579] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.238612] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.252349] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.259599] team0: Port device team_slave_0 added [ 56.285131] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.291945] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.299288] device bridge_slave_0 entered promiscuous mode [ 56.331231] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.339129] team0: Port device team_slave_1 added [ 56.344466] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.353894] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.360715] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.369944] device bridge_slave_0 entered promiscuous mode [ 56.380702] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.387211] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.394440] device bridge_slave_1 entered promiscuous mode [ 56.404094] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.412619] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.419704] device bridge_slave_1 entered promiscuous mode [ 56.435966] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.478513] device hsr_slave_0 entered promiscuous mode [ 56.517309] device hsr_slave_1 entered promiscuous mode [ 56.560854] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.568122] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.578233] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.596280] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.607372] chnl_net:caif_netlink_parms(): no params data found [ 56.618284] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.627978] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.679469] device hsr_slave_0 entered promiscuous mode [ 56.717706] device hsr_slave_1 entered promiscuous mode [ 56.760118] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.768055] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.776023] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.811558] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.819281] team0: Port device team_slave_0 added [ 56.824980] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.832706] team0: Port device team_slave_1 added [ 56.843082] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.857504] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.864890] team0: Port device team_slave_0 added [ 56.870450] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.879681] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.892375] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.899273] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.906357] device bridge_slave_0 entered promiscuous mode [ 56.913682] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.920116] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.927554] device bridge_slave_1 entered promiscuous mode [ 56.933925] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.941565] team0: Port device team_slave_1 added [ 56.947201] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.954791] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 57.018549] device hsr_slave_0 entered promiscuous mode [ 57.067431] device hsr_slave_1 entered promiscuous mode [ 57.120865] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 57.128517] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 57.142181] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.151042] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.168715] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.208918] device hsr_slave_0 entered promiscuous mode [ 57.247435] device hsr_slave_1 entered promiscuous mode [ 57.303760] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 57.314236] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 57.325634] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 57.334139] team0: Port device team_slave_0 added [ 57.340096] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 57.348186] team0: Port device team_slave_1 added [ 57.358518] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.371363] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.380188] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.392182] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.401606] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.412712] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 57.426770] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.434896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.445595] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 57.452106] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.460312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.474131] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.486533] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 57.538508] device hsr_slave_0 entered promiscuous mode [ 57.587823] device hsr_slave_1 entered promiscuous mode [ 57.647766] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 57.655234] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 57.668326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.676418] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.685204] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.691948] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.699982] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.706195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.715451] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 57.730758] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.741710] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.749988] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.756564] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.765861] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 57.788348] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.799385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.809091] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.815542] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.824960] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.836776] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 57.848546] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 57.854815] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.866855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.875204] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.881798] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 57.891736] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.902551] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 57.913691] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.925237] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 57.931985] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.939375] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 57.947492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.955493] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.965823] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.972303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.979303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.986190] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.993258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.002357] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.010519] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.017912] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.026063] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 58.040872] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 58.051652] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.059645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.068297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.076000] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.082420] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.089457] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.098203] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.111186] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 58.120547] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 58.131063] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 58.141546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.149774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 58.157556] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.165168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.173757] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.181830] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.188228] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.196043] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.206348] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 58.212972] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.221213] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 58.229046] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.236212] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.243776] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.251797] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.259823] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.267657] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.274013] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.282418] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 58.298729] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 58.306728] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 58.317462] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.325078] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.336018] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 58.343016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 58.352593] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 58.363673] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.371361] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 58.390703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.398867] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.406460] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.412874] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.420329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.428858] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.436834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.444077] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.452844] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 58.462408] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 58.475028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.483827] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.492028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.500580] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.507138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.519849] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.530150] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.540476] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.548904] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 58.556701] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 58.564070] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 58.573716] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 58.582376] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 58.594247] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 58.601708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.610497] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.619461] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.627589] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.635423] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.643398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.651467] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 58.659784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.668291] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.676743] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 58.683719] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.692469] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 58.701689] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 58.711283] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 58.720443] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.730623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.738069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.745040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.753182] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.760968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.769282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 58.777028] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.786421] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.795570] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 58.806800] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.815678] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 58.822462] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.830649] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 58.839705] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.849081] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.856748] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.863267] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.870552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.877718] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.884661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.892455] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.900329] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.910290] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.918310] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 58.927822] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 58.937735] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 58.945647] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 58.952795] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 58.962593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 58.970443] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.978535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.986310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.994122] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.000532] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.007528] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.015299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.023255] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.029675] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.036909] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.045095] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 59.053192] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 59.062541] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 59.073227] audit: type=1400 audit(1583071273.335:40): avc: denied { associate } for pid=7162 comm="syz-executor.1" name="syz1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 59.096116] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 59.103957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.117883] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.125695] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.132201] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.140700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.148538] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.156078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.164093] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.174028] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 59.186823] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 59.196534] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 59.208731] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 59.218419] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 59.225652] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.234805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 59.245460] ================================================================== [ 59.253000] BUG: KASAN: use-after-free in v4l2_ctrl_grab+0x114/0x120 [ 59.257472] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.259534] Read of size 8 at addr ffff8880a97b8220 by task syz-executor.1/7183 [ 59.259539] [ 59.259544] CPU: 0 PID: 7183 Comm: syz-executor.1 Not tainted 4.19.107-syzkaller #0 [ 59.259547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.259549] Call Trace: [ 59.259560] dump_stack+0x123/0x177 [ 59.259570] print_address_description.cold.8+0x9/0x1ff [ 59.259577] kasan_report.cold.9+0x242/0x309 [ 59.259584] ? v4l2_ctrl_grab+0x114/0x120 [ 59.259591] __asan_report_load8_noabort+0x14/0x20 [ 59.268143] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 59.274108] v4l2_ctrl_grab+0x114/0x120 [ 59.276236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.283541] vicodec_stop_streaming+0xfc/0x130 [ 59.283549] __vb2_queue_cancel+0x99/0x6f0 [ 59.283554] ? v4l2_m2m_ioctl_expbuf+0xc0/0xc0 [ 59.283562] ? kasan_check_read+0x11/0x20 [ 59.283570] vb2_core_queue_release+0x1e/0x70 [ 59.283576] vb2_queue_release+0x9/0x10 [ 59.283580] v4l2_m2m_ctx_release+0x22/0x30 [ 59.283585] vicodec_release+0xb5/0x120 [ 59.283592] v4l2_release+0xee/0x1a0 [ 59.283599] __fput+0x24c/0x7f0 [ 59.283607] ____fput+0x9/0x10 [ 59.294016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 59.295558] task_work_run+0x10e/0x190 [ 59.300268] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.304579] exit_to_usermode_loop+0x1a9/0x200 [ 59.309793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.313126] do_syscall_64+0x419/0x4e0 [ 59.319007] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.325258] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.330247] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.336349] RIP: 0033:0x4120b1 [ 59.436750] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 59.455740] RSP: 002b:00007ffff14b55d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 59.463436] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004120b1 [ 59.470707] RDX: 0000001b33420000 RSI: 0000000000740490 RDI: 0000000000000003 [ 59.478070] RBP: 000000000073c900 R08: 000000000000e758 R09: 000000000000e758 [ 59.485349] R10: 00007ffff14b56a0 R11: 0000000000000293 R12: ffffffffffffffff [ 59.492609] R13: 000000000000e759 R14: 00000000000003e8 R15: 000000000073bf0c [ 59.499881] [ 59.501500] Allocated by task 7184: [ 59.505115] save_stack+0x43/0xd0 [ 59.508556] kasan_kmalloc+0xc7/0xe0 [ 59.512397] __kmalloc_node+0x50/0x70 [ 59.516184] kvmalloc_node+0x68/0x70 [ 59.519887] v4l2_ctrl_new.part.9+0x22a/0x12b0 [ 59.524453] v4l2_ctrl_new_std+0x1c9/0x2d0 [ 59.528678] vicodec_open+0x18d/0xa90 [ 59.532465] v4l2_open+0x17d/0x2d0 [ 59.536005] chrdev_open+0x1f0/0x5c0 [ 59.539727] do_dentry_open+0x3f4/0x1010 [ 59.543776] vfs_open+0x9a/0xc0 [ 59.547050] path_openat+0x6fa/0x3c60 [ 59.550837] do_filp_open+0x177/0x250 [ 59.554630] do_sys_open+0x1dd/0x350 [ 59.558343] __x64_sys_openat+0x98/0xf0 [ 59.562311] do_syscall_64+0xd6/0x4e0 [ 59.566305] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.571497] [ 59.573111] Freed by task 7183: [ 59.576389] save_stack+0x43/0xd0 [ 59.579889] __kasan_slab_free+0x102/0x150 [ 59.584112] kasan_slab_free+0xe/0x10 [ 59.587913] kfree+0xcf/0x230 [ 59.591013] kvfree+0x2c/0x30 [ 59.594105] v4l2_ctrl_handler_free+0x421/0x7e0 [ 59.598760] vicodec_release+0x61/0x120 [ 59.602721] v4l2_release+0xee/0x1a0 [ 59.606470] __fput+0x24c/0x7f0 [ 59.609734] ____fput+0x9/0x10 [ 59.612926] task_work_run+0x10e/0x190 [ 59.616803] exit_to_usermode_loop+0x1a9/0x200 [ 59.621386] do_syscall_64+0x419/0x4e0 [ 59.625263] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.630438] [ 59.632066] The buggy address belongs to the object at ffff8880a97b8200 [ 59.632066] which belongs to the cache kmalloc-256 of size 256 [ 59.644710] The buggy address is located 32 bytes inside of [ 59.644710] 256-byte region [ffff8880a97b8200, ffff8880a97b8300) [ 59.656480] The buggy address belongs to the page: [ 59.661413] page:ffffea0002a5ee00 count:1 mapcount:0 mapping:ffff88812c31e7c0 index:0x0 [ 59.669640] flags: 0x1fffc0000000100(slab) [ 59.673993] raw: 01fffc0000000100 ffffea0001d36e08 ffffea0001d38948 ffff88812c31e7c0 [ 59.681996] raw: 0000000000000000 ffff8880a97b80c0 000000010000000c 0000000000000000 [ 59.689986] page dumped because: kasan: bad access detected [ 59.695731] [ 59.697338] Memory state around the buggy address: [ 59.702261] ffff8880a97b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.709611] ffff8880a97b8180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 59.716994] >ffff8880a97b8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.724437] ^ [ 59.728833] ffff8880a97b8280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.736181] ffff8880a97b8300: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 59.743528] ================================================================== [ 59.750890] Disabling lock debugging due to kernel taint [ 59.764976] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 59.773739] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 59.777070] Kernel panic - not syncing: panic_on_warn set ... [ 59.777070] [ 59.784118] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 59.788006] CPU: 1 PID: 7183 Comm: syz-executor.1 Tainted: G B 4.19.107-syzkaller #0 [ 59.788009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.788011] Call Trace: [ 59.788023] dump_stack+0x123/0x177 [ 59.788037] panic+0x1cd/0x387 [ 59.788041] ? __warn_printk+0xd6/0xd6 [ 59.788047] ? ___preempt_schedule+0x16/0x18 [ 59.788055] kasan_end_report+0x47/0x4f [ 59.788063] kasan_report.cold.9+0x76/0x309 [ 59.788069] ? v4l2_ctrl_grab+0x114/0x120 [ 59.788074] __asan_report_load8_noabort+0x14/0x20 [ 59.788078] v4l2_ctrl_grab+0x114/0x120 [ 59.788085] vicodec_stop_streaming+0xfc/0x130 [ 59.788089] __vb2_queue_cancel+0x99/0x6f0 [ 59.788094] ? v4l2_m2m_ioctl_expbuf+0xc0/0xc0 [ 59.788100] ? kasan_check_read+0x11/0x20 [ 59.788106] vb2_core_queue_release+0x1e/0x70 [ 59.788111] vb2_queue_release+0x9/0x10 [ 59.788114] v4l2_m2m_ctx_release+0x22/0x30 [ 59.788118] vicodec_release+0xb5/0x120 [ 59.788124] v4l2_release+0xee/0x1a0 [ 59.788129] __fput+0x24c/0x7f0 [ 59.788133] ____fput+0x9/0x10 [ 59.788138] task_work_run+0x10e/0x190 [ 59.788144] exit_to_usermode_loop+0x1a9/0x200 [ 59.788150] do_syscall_64+0x419/0x4e0 [ 59.788157] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.788161] RIP: 0033:0x4120b1 [ 59.788166] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 59.788168] RSP: 002b:00007ffff14b55d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 59.788172] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004120b1 [ 59.788175] RDX: 0000001b33420000 RSI: 0000000000740490 RDI: 0000000000000003 [ 59.788176] RBP: 000000000073c900 R08: 000000000000e758 R09: 000000000000e758 [ 59.788179] R10: 00007ffff14b56a0 R11: 0000000000000293 R12: ffffffffffffffff [ 59.788181] R13: 000000000000e759 R14: 00000000000003e8 R15: 000000000073bf0c [ 59.789652] Kernel Offset: disabled [ 59.986798] Rebooting in 86400 seconds..