syzkaller login: [ 37.825698] kauditd_printk_skb: 9 callbacks suppressed [ 37.825704] audit: type=1400 audit(1577923273.352:35): avc: denied { map } for pid=7055 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 44.155751] audit: type=1400 audit(1577923279.682:36): avc: denied { map } for pid=7065 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 44.817815] IPVS: ftp: loaded support on port[0] = 21 [ 45.257239] can: request_module (can-proto-0) failed. [ 46.305789] can: request_module (can-proto-0) failed. [ 46.315825] can: request_module (can-proto-0) failed. [ 46.470974] audit: type=1400 audit(1577923282.002:37): avc: denied { create } for pid=7065 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 46.494635] audit: type=1400 audit(1577923282.002:38): avc: denied { create } for pid=7065 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 46.518229] audit: type=1400 audit(1577923282.002:39): avc: denied { create } for pid=7065 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 Warning: Permanently added '10.128.10.24' (ECDSA) to the list of known hosts. 2020/01/02 00:01:28 parsed 1 programs 2020/01/02 00:01:29 executed programs: 0 [ 53.739825] IPVS: ftp: loaded support on port[0] = 21 [ 53.763357] IPVS: ftp: loaded support on port[0] = 21 [ 53.766025] IPVS: ftp: loaded support on port[0] = 21 [ 53.775017] IPVS: ftp: loaded support on port[0] = 21 [ 53.814832] IPVS: ftp: loaded support on port[0] = 21 [ 53.818411] IPVS: ftp: loaded support on port[0] = 21 [ 53.951501] chnl_net:caif_netlink_parms(): no params data found [ 53.996946] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.004049] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.011059] device bridge_slave_0 entered promiscuous mode [ 54.020561] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.026945] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.033949] device bridge_slave_1 entered promiscuous mode [ 54.094296] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.116814] chnl_net:caif_netlink_parms(): no params data found [ 54.129386] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.167136] chnl_net:caif_netlink_parms(): no params data found [ 54.177301] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.184684] team0: Port device team_slave_0 added [ 54.221676] chnl_net:caif_netlink_parms(): no params data found [ 54.233232] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.240532] team0: Port device team_slave_1 added [ 54.267632] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.276221] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.283805] chnl_net:caif_netlink_parms(): no params data found [ 54.324891] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.331408] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.338265] device bridge_slave_0 entered promiscuous mode [ 54.375964] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.382495] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.390418] device bridge_slave_0 entered promiscuous mode [ 54.396824] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.403565] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.410939] device bridge_slave_1 entered promiscuous mode [ 54.422732] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.429621] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.436449] device bridge_slave_0 entered promiscuous mode [ 54.480563] device hsr_slave_0 entered promiscuous mode [ 54.519142] device hsr_slave_1 entered promiscuous mode [ 54.582907] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.589772] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.596167] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.603476] device bridge_slave_1 entered promiscuous mode [ 54.627709] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.634997] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.643944] device bridge_slave_1 entered promiscuous mode [ 54.658544] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.672129] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.682916] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.700172] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.709272] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.722653] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.729905] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.736877] device bridge_slave_0 entered promiscuous mode [ 54.745150] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.751633] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.758984] device bridge_slave_1 entered promiscuous mode [ 54.766320] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.779655] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.787418] chnl_net:caif_netlink_parms(): no params data found [ 54.825876] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.834775] team0: Port device team_slave_0 added [ 54.843301] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.851096] team0: Port device team_slave_0 added [ 54.856470] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.863804] team0: Port device team_slave_0 added [ 54.871921] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.879377] team0: Port device team_slave_1 added [ 54.884615] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.891897] team0: Port device team_slave_1 added [ 54.897748] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.906927] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.915481] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.923382] team0: Port device team_slave_1 added [ 54.932874] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.940231] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.947389] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.954742] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.975345] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.986896] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.004044] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.015170] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.022395] team0: Port device team_slave_0 added [ 55.031331] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.038393] team0: Port device team_slave_1 added [ 55.047297] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.058160] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.112031] device hsr_slave_0 entered promiscuous mode [ 55.159136] device hsr_slave_1 entered promiscuous mode [ 55.251468] device hsr_slave_0 entered promiscuous mode [ 55.299279] device hsr_slave_1 entered promiscuous mode [ 55.359766] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.410443] device hsr_slave_0 entered promiscuous mode [ 55.469121] device hsr_slave_1 entered promiscuous mode [ 55.509802] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.517146] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.526322] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.532886] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.540113] device bridge_slave_0 entered promiscuous mode [ 55.546743] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.554006] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.611412] device hsr_slave_0 entered promiscuous mode [ 55.651501] device hsr_slave_1 entered promiscuous mode [ 55.709928] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.717152] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.723815] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.730827] device bridge_slave_1 entered promiscuous mode [ 55.737290] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.754743] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.765675] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.788602] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.800842] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.809756] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.817116] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.851415] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.858653] team0: Port device team_slave_0 added [ 55.865508] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.873229] team0: Port device team_slave_1 added [ 55.881605] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.902938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.917797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.924392] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.941914] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.949896] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.958256] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.020629] device hsr_slave_0 entered promiscuous mode [ 56.069244] device hsr_slave_1 entered promiscuous mode [ 56.144005] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.153632] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.160848] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.172592] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.184344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.192540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.204060] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.212094] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.222880] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.231206] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.240215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.255596] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.268704] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.276104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.286023] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.294649] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.301245] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.310730] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.318319] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.324481] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.338165] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.347709] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.356518] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.367886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.375932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.384397] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.392316] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.399162] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.418068] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.426094] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.439030] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.446368] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.457556] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.465101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.473073] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.480989] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.487351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.494390] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.501262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.508089] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.515082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.521950] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.531671] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.542716] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.548790] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.556746] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.566167] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.573547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.581493] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.589271] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.595637] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.605359] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.614175] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.620565] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.627921] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 56.636830] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.645142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.653547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.661950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.669632] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.677180] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.689115] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 56.699941] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 56.708303] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.717060] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.725573] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.733647] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.740053] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.746789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.755185] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.763564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.772179] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.780280] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.787984] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.794517] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.801887] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.809233] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.817435] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.831055] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.837334] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.846300] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 56.856560] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 56.871467] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.880214] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.888105] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.896880] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.905747] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.914919] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.922829] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.930626] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.937656] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.945231] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.963005] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.972756] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.983807] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.990969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.998916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.006522] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.013192] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.020733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.028461] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.036507] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.043213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.050115] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.064206] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 57.071979] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 57.089798] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 57.098312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.104989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.112174] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 57.120066] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.127545] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.136337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.144344] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.153787] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 57.161619] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 57.170866] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 57.181009] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 57.190921] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.199348] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 57.206503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.214778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.222540] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.231140] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.238697] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.245096] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.251943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 57.260352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 57.267951] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 57.275778] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.283560] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 57.292325] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 57.301013] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 57.309390] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 57.317634] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.327957] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 57.334658] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.342698] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 57.352160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.360124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 57.368656] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.376668] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 57.385322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.392856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.400104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 57.408419] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.417143] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 57.426958] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 57.437424] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 57.446455] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 57.456514] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.464868] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 57.474549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.482626] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.490144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.498001] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.505861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 57.513601] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 57.522889] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 57.529586] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.539787] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 57.550286] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 57.558145] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 57.566924] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 57.574273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 57.582482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.590584] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.598228] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.606163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.614356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.633706] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 57.642243] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 57.652283] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 57.661077] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 57.668652] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 57.677032] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.685031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 57.693121] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 57.700837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.709013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.709280] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.723080] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.730971] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.739613] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 57.745849] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.756034] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 57.763180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 57.771493] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.780259] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 57.787340] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 57.795170] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 57.803738] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 57.817213] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 57.827812] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 57.834469] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.842017] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.850935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.859625] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.866364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.873810] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 57.881364] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 57.888032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.896643] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.906422] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 57.915240] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 57.923345] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 57.931948] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 57.942779] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 57.953383] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 57.959903] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.966808] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 57.974273] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 57.982243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.990244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.997784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.009908] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.018084] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 58.027527] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 58.035850] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 58.047984] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 58.056560] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.063666] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.073396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.081946] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.092505] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.099305] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.106018] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.115374] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 58.127059] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.136184] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.143782] audit: type=1400 audit(1577923293.672:40): avc: denied { associate } for pid=7170 comm="syz-executor.4" name="syz4" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 58.168013] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.179836] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 58.187712] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 58.202541] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 58.215425] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 58.224100] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.231714] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.238455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 58.246706] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.254821] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.261601] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.271091] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 58.279438] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 58.289981] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 58.296029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 58.313957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 58.321966] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.352640] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.363919] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 58.365226] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 58.415375] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.439796] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 58.439905] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 58.445976] 8021q: adding VLAN 0 to HW filter on device batadv0 2020/01/02 00:01:34 executed programs: 17 2020/01/02 00:01:39 executed programs: 374 2020/01/02 00:01:44 executed programs: 739 2020/01/02 00:01:49 executed programs: 1101 2020/01/02 00:01:54 executed programs: 1470 2020/01/02 00:01:59 executed programs: 1832 2020/01/02 00:02:04 executed programs: 2183 2020/01/02 00:02:09 executed programs: 2537 2020/01/02 00:02:14 executed programs: 2891 2020/01/02 00:02:19 executed programs: 3239 2020/01/02 00:02:24 executed programs: 3587 2020/01/02 00:02:29 executed programs: 3927 2020/01/02 00:02:34 executed programs: 4270 [ 119.223155] ================================================================== [ 119.223181] BUG: KASAN: use-after-free in con_shutdown+0x76/0x80 [ 119.223185] Write of size 8 at addr ffff88807c7e6208 by task syz-executor.4/23659 [ 119.223187] [ 119.223194] CPU: 0 PID: 23659 Comm: syz-executor.4 Not tainted 4.19.92-syzkaller #0 [ 119.223197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 119.223199] Call Trace: [ 119.223209] dump_stack+0x123/0x177 [ 119.223223] print_address_description.cold.8+0x9/0x1ff [ 119.223230] kasan_report.cold.9+0x242/0x309 [ 119.223234] ? con_shutdown+0x76/0x80 [ 119.223243] __asan_report_store8_noabort+0x17/0x20 [ 119.223247] con_shutdown+0x76/0x80 [ 119.223253] release_tty+0xb6/0x440 [ 119.223261] tty_release_struct+0x33/0x50 [ 119.223266] tty_release+0x97e/0xc60 [ 119.223280] __fput+0x249/0x7f0 [ 119.223290] ____fput+0x9/0x10 [ 119.223296] task_work_run+0x108/0x180 [ 119.223307] exit_to_usermode_loop+0x1a9/0x200 [ 119.223314] do_syscall_64+0x413/0x4e0 [ 119.223323] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 119.223328] RIP: 0033:0x414211 [ 119.223334] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 119.223337] RSP: 002b:00007ffd1f573470 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 119.223343] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414211 [ 119.223345] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000003 [ 119.223348] RBP: 0000000000000000 R08: ffffffffffffffff R09: ffffffffffffffff [ 119.223351] R10: 00007ffd1f573550 R11: 0000000000000293 R12: 000000000075bfc8 [ 119.223354] R13: 000000000001d17f R14: 00000000007601a0 R15: 000000000075bfd4 [ 119.223365] [ 119.223369] Allocated by task 23144: [ 119.223374] save_stack+0x43/0xd0 [ 119.223378] kasan_kmalloc+0xc7/0xe0 [ 119.223382] kmem_cache_alloc_trace+0x152/0x740 [ 119.223386] vc_allocate+0x1c0/0x6f0 [ 119.223389] con_install+0x4d/0x410 [ 119.223393] tty_init_dev+0xdb/0x3c0 [ 119.223395] tty_open+0x523/0x990 [ 119.223400] chrdev_open+0x1ed/0x5c0 [ 119.223403] do_dentry_open+0x3f1/0x1010 [ 119.223406] vfs_open+0x9a/0xc0 [ 119.223411] path_openat+0x691/0x3c00 [ 119.223414] do_filp_open+0x177/0x250 [ 119.223418] do_sys_open+0x1dd/0x350 [ 119.223422] __x64_sys_open+0x79/0xb0 [ 119.223426] do_syscall_64+0xd0/0x4e0 [ 119.223430] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 119.223432] [ 119.223435] Freed by task 23667: [ 119.223439] save_stack+0x43/0xd0 [ 119.223443] __kasan_slab_free+0x102/0x150 [ 119.223448] kasan_slab_free+0xe/0x10 [ 119.223451] kfree+0xcf/0x220 [ 119.223456] vt_disallocate_all+0x247/0x3f0 [ 119.223460] vt_ioctl+0x186f/0x2130 [ 119.223463] tty_ioctl+0x452/0x1290 [ 119.223468] do_vfs_ioctl+0x196/0x10c0 [ 119.223471] ksys_ioctl+0x62/0x90 [ 119.223475] __x64_sys_ioctl+0x6e/0xb0 [ 119.223478] do_syscall_64+0xd0/0x4e0 [ 119.223481] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 119.223483] [ 119.223487] The buggy address belongs to the object at ffff88807c7e6100 [ 119.223487] which belongs to the cache kmalloc-2048 of size 2048 [ 119.223491] The buggy address is located 264 bytes inside of [ 119.223491] 2048-byte region [ffff88807c7e6100, ffff88807c7e6900) [ 119.223494] The buggy address belongs to the page: [ 119.223499] page:ffffea0001f1f980 count:1 mapcount:0 mapping:ffff88812c29cc40 index:0x0 compound_mapcount: 0 [ 119.223505] flags: 0xfffe0000008100(slab|head) [ 119.223512] raw: 00fffe0000008100 ffffea0001cb3b88 ffffea00027c9288 ffff88812c29cc40 [ 119.223517] raw: 0000000000000000 ffff88807c7e6100 0000000100000003 0000000000000000 [ 119.223519] page dumped because: kasan: bad access detected [ 119.223521] [ 119.223524] Memory state around the buggy address: [ 119.223528] ffff88807c7e6100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.223531] ffff88807c7e6180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.223535] >ffff88807c7e6200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.223538] ^ [ 119.223542] ffff88807c7e6280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.223545] ffff88807c7e6300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.223548] ================================================================== [ 119.223550] Disabling lock debugging due to kernel taint [ 119.223577] Kernel panic - not syncing: panic_on_warn set ... [ 119.223577] [ 119.223582] CPU: 0 PID: 23659 Comm: syz-executor.4 Tainted: G B 4.19.92-syzkaller #0 [ 119.223583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 119.223585] Call Trace: [ 119.223590] dump_stack+0x123/0x177 [ 119.223597] panic+0x1cd/0x375 [ 119.223602] ? __warn_printk+0xd6/0xd6 [ 119.223607] ? do_raw_spin_unlock+0x54/0x260 [ 119.223614] kasan_end_report+0x47/0x4f [ 119.223618] kasan_report.cold.9+0x76/0x309 [ 119.223621] ? con_shutdown+0x76/0x80 [ 119.223626] __asan_report_store8_noabort+0x17/0x20 [ 119.223629] con_shutdown+0x76/0x80 [ 119.223633] release_tty+0xb6/0x440 [ 119.223637] tty_release_struct+0x33/0x50 [ 119.223640] tty_release+0x97e/0xc60 [ 119.223647] __fput+0x249/0x7f0 [ 119.223653] ____fput+0x9/0x10 [ 119.223656] task_work_run+0x108/0x180 [ 119.223662] exit_to_usermode_loop+0x1a9/0x200 [ 119.223666] do_syscall_64+0x413/0x4e0 [ 119.223670] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 119.223672] RIP: 0033:0x414211 [ 119.223676] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 119.223678] RSP: 002b:00007ffd1f573470 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 119.223682] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414211 [ 119.223684] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000003 [ 119.223686] RBP: 0000000000000000 R08: ffffffffffffffff R09: ffffffffffffffff [ 119.223688] R10: 00007ffd1f573550 R11: 0000000000000293 R12: 000000000075bfc8 [ 119.223691] R13: 000000000001d17f R14: 00000000007601a0 R15: 000000000075bfd4 [ 119.225283] Kernel Offset: disabled [ 119.832660] Rebooting in 86400 seconds..