Warning: Permanently added '10.128.0.249' (ECDSA) to the list of known hosts. syzkaller login: [ 59.297844] kauditd_printk_skb: 4 callbacks suppressed [ 59.297860] audit: type=1400 audit(1560671417.085:36): avc: denied { map } for pid=7821 comm="syz-executor637" path="/root/syz-executor637441160" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 59.325618] IPVS: ftp: loaded support on port[0] = 21 [ 59.389610] chnl_net:caif_netlink_parms(): no params data found [ 59.423947] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.430719] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.437988] device bridge_slave_0 entered promiscuous mode [ 59.445738] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.452439] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.459468] device bridge_slave_1 entered promiscuous mode [ 59.475011] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 59.484785] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 59.500839] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 59.508509] team0: Port device team_slave_0 added [ 59.514546] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 59.522150] team0: Port device team_slave_1 added [ 59.579099] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 59.609003] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 59.685652] device hsr_slave_0 entered promiscuous mode [ 59.731558] device hsr_slave_1 entered promiscuous mode [ 59.780656] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 59.787948] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 59.803272] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.811352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.821235] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.832052] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.869794] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 59.877736] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.886472] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.895808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.917009] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.924641] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.932832] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 59.943001] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 59.949204] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.958975] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.966752] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.973179] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.982858] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.992085] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.998593] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.019320] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 60.029785] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.040647] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 60.047885] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.056356] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.064116] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 60.074485] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready executing program [ 60.083469] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.090729] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.103927] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 60.115890] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.130337] kasan: CONFIG_KASAN_INLINE enabled [ 60.135186] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 60.142927] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 60.149387] CPU: 1 PID: 7822 Comm: syz-executor637 Not tainted 4.19.51 #23 [ 60.156666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.166044] RIP: 0010:xfrmi_decode_session+0x1c1/0x790 [ 60.171318] Code: 0a 78 fb 85 db 58 0f 85 93 03 00 00 e8 58 09 78 fb 49 8d bc 24 48 1b 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 61 05 00 00 4d 8b a4 24 48 1b 00 00 e8 08 3b 65 [ 60.191279] RSP: 0018:ffff888097f17178 EFLAGS: 00010a06 [ 60.196830] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff85f30158 [ 60.206251] RDX: 1e001fea7e002353 RSI: ffffffff85f2fd98 RDI: f000ff53f0011a9b [ 60.213593] RBP: ffff888097f171a0 R08: ffff88809881e1c0 R09: ffffed1015d24733 [ 60.222228] R10: ffffed1015d24732 R11: ffff8880ae923993 R12: f000ff53f000ff53 [ 60.229687] R13: 0000000000000039 R14: 000000000000000b R15: ffff8880986e0440 [ 60.237539] FS: 000000000268a880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 60.246494] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.252503] CR2: 0000000020000140 CR3: 00000000a0222000 CR4: 00000000001406e0 [ 60.259854] Call Trace: [ 60.262533] __xfrm_policy_check+0x1f6/0x2550 [ 60.267029] ? kasan_check_read+0x11/0x20 [ 60.271176] ? __xfrm_route_forward+0x870/0x870 [ 60.275839] ? nf_ct_deliver_cached_events+0x216/0x6e0 [ 60.281146] ? find_held_lock+0x35/0x130 [ 60.285289] ? __lock_is_held+0xb6/0x140 [ 60.289346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.295113] ? ip_tunnel_lookup+0xa0f/0xe00 [ 60.299429] vti_input+0x50f/0x790 [ 60.302969] vti_rcv+0x10b/0x140 [ 60.306327] xfrm4_esp_rcv+0xd2/0x230 [ 60.310189] ip_local_deliver_finish+0x27e/0xc60 [ 60.314984] ip_local_deliver+0x1e9/0x520 [ 60.319187] ? ip_call_ra_chain+0x5c0/0x5c0 [ 60.323510] ? ip_sublist_rcv_finish+0x320/0x320 [ 60.328260] ? ip_rcv_finish_core.isra.0+0x803/0x1b80 [ 60.333452] ip_rcv_finish+0x1d9/0x2f0 [ 60.337335] ip_rcv+0xe8/0x3f0 [ 60.340609] ? ip_local_deliver+0x520/0x520 [ 60.344922] ? ip_rcv_finish_core.isra.0+0x1b80/0x1b80 [ 60.350196] ? ip_local_deliver+0x520/0x520 [ 60.354513] __netif_receive_skb_one_core+0x113/0x1a0 [ 60.359702] ? __netif_receive_skb_core+0x2f70/0x2f70 [ 60.364889] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.370421] ? check_preemption_disabled+0x48/0x290 [ 60.375430] ? lock_acquire+0x16f/0x3f0 [ 60.379439] __netif_receive_skb+0x2c/0x1d0 [ 60.383762] netif_receive_skb_internal+0x117/0x520 [ 60.388783] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 60.394312] ? dev_cpu_dead+0x920/0x920 [ 60.398280] ? eth_gro_receive+0x8a0/0x8a0 [ 60.402510] napi_gro_frags+0x602/0xa20 [ 60.406486] tun_get_user+0x2ed8/0x4ba0 [ 60.410544] ? mark_held_locks+0x100/0x100 [ 60.414780] ? tun_build_skb.isra.0+0x19b0/0x19b0 [ 60.419624] ? tun_get+0x171/0x290 [ 60.423184] ? lock_downgrade+0x810/0x810 [ 60.427369] ? kasan_check_read+0x11/0x20 [ 60.431526] tun_chr_write_iter+0xbd/0x156 [ 60.435760] do_iter_readv_writev+0x558/0x830 [ 60.440253] ? vfs_dedupe_file_range+0x6f0/0x6f0 [ 60.445008] ? security_file_permission+0x89/0x230 [ 60.450024] ? rw_verify_area+0x118/0x360 [ 60.454326] do_iter_write+0x184/0x5f0 [ 60.458217] ? dup_iter+0x280/0x280 [ 60.461833] vfs_writev+0x1b3/0x2f0 [ 60.465486] ? vfs_iter_write+0xb0/0xb0 [ 60.469466] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 60.474341] ? find_held_lock+0x35/0x130 [ 60.478397] ? __do_page_fault+0x676/0xe90 [ 60.482623] ? lock_downgrade+0x810/0x810 [ 60.486766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.492386] ? __fget_light+0x1a9/0x230 [ 60.496398] do_writev+0x15e/0x370 [ 60.499936] ? vfs_writev+0x2f0/0x2f0 [ 60.503734] ? do_syscall_64+0x26/0x620 [ 60.507742] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.513108] ? do_syscall_64+0x26/0x620 [ 60.517083] __x64_sys_writev+0x75/0xb0 [ 60.521078] do_syscall_64+0xfd/0x620 [ 60.524868] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.530064] RIP: 0033:0x441fb0 [ 60.533304] Code: 05 48 3d 01 f0 ff ff 0f 83 3d 0f fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d 61 90 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 14 0f fc ff c3 48 83 ec 08 e8 7a 2b 00 00 [ 60.552460] RSP: 002b:00007ffc48643798 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 60.560165] RAX: ffffffffffffffda RBX: 00007ffc486437d0 RCX: 0000000000441fb0 [ 60.567466] RDX: 0000000000000001 RSI: 00007ffc486437d0 RDI: 00000000000000f0 [ 60.574737] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 60.581993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.589256] R13: 00000000004033e0 R14: 0000000000000000 R15: 0000000000000000 [ 60.596515] Modules linked in: [ 60.599808] ---[ end trace c8c60d33e5e80c8d ]--- [ 60.604597] RIP: 0010:xfrmi_decode_session+0x1c1/0x790 [ 60.609866] Code: 0a 78 fb 85 db 58 0f 85 93 03 00 00 e8 58 09 78 fb 49 8d bc 24 48 1b 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 61 05 00 00 4d 8b a4 24 48 1b 00 00 e8 08 3b 65 [ 60.628892] RSP: 0018:ffff888097f17178 EFLAGS: 00010a06 [ 60.634306] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff85f30158 [ 60.641762] RDX: 1e001fea7e002353 RSI: ffffffff85f2fd98 RDI: f000ff53f0011a9b [ 60.649034] RBP: ffff888097f171a0 R08: ffff88809881e1c0 R09: ffffed1015d24733 [ 60.656363] R10: ffffed1015d24732 R11: ffff8880ae923993 R12: f000ff53f000ff53 [ 60.663720] R13: 0000000000000039 R14: 000000000000000b R15: ffff8880986e0440 [ 60.671130] FS: 000000000268a880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 60.679534] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.685529] CR2: 0000000020000140 CR3: 00000000a0222000 CR4: 00000000001406e0 [ 60.692824] Kernel panic - not syncing: Fatal exception in interrupt [ 60.700385] Kernel Offset: disabled [ 60.704019] Rebooting in 86400 seconds..