[ 38.265745] audit: type=1400 audit(1575454375.426:37): avc: denied { map } for pid=6603 comm="syz-fuzzer" path="/root/syzkaller-shm129881293" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 38.520840] IPVS: ftp: loaded support on port[0] = 21 [ 39.617572] can: request_module (can-proto-0) failed. [ 39.630543] can: request_module (can-proto-0) failed. [ 39.763428] audit: type=1400 audit(1575454376.926:38): avc: denied { create } for pid=6603 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 39.787031] audit: type=1400 audit(1575454376.926:39): avc: denied { create } for pid=6603 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 39.810948] audit: type=1400 audit(1575454376.926:40): avc: denied { create } for pid=6603 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 40.035115] random: sshd: uninitialized urandom read (32 bytes read) [ 40.718115] random: sshd: uninitialized urandom read (32 bytes read) [ 40.903035] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.106' (ECDSA) to the list of known hosts. 2019/12/04 10:13:04 parsed 1 programs 2019/12/04 10:13:04 executed programs: 0 [ 47.660886] IPVS: ftp: loaded support on port[0] = 21 [ 48.496011] IPVS: ftp: loaded support on port[0] = 21 [ 48.525407] chnl_net:caif_netlink_parms(): no params data found [ 48.551187] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.557796] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.564731] device bridge_slave_0 entered promiscuous mode [ 48.571769] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.578168] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.585084] device bridge_slave_1 entered promiscuous mode [ 48.604773] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.614605] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.637089] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.644371] team0: Port device team_slave_0 added [ 48.651607] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.658561] team0: Port device team_slave_1 added [ 48.665493] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.672868] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.731842] IPVS: ftp: loaded support on port[0] = 21 [ 48.752076] device hsr_slave_0 entered promiscuous mode [ 48.790373] device hsr_slave_1 entered promiscuous mode [ 48.862867] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 48.869772] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 48.914853] chnl_net:caif_netlink_parms(): no params data found [ 48.936334] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.942937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.949817] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.956218] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.985222] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.994066] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.001798] device bridge_slave_0 entered promiscuous mode [ 49.002448] IPVS: ftp: loaded support on port[0] = 21 [ 49.015920] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.022375] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.029475] device bridge_slave_1 entered promiscuous mode [ 49.052989] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.065689] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.084269] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.091509] team0: Port device team_slave_0 added [ 49.096950] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.104135] team0: Port device team_slave_1 added [ 49.115369] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.124491] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 49.181874] device hsr_slave_0 entered promiscuous mode [ 49.220268] device hsr_slave_1 entered promiscuous mode [ 49.302506] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 49.321740] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 49.333288] IPVS: ftp: loaded support on port[0] = 21 [ 49.372319] chnl_net:caif_netlink_parms(): no params data found [ 49.399250] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 49.406566] 8021q: adding VLAN 0 to HW filter on device bond0 [ 49.414559] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 49.427554] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.433932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.440553] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.446889] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.473120] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 49.479195] 8021q: adding VLAN 0 to HW filter on device team0 [ 49.486069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 49.494846] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.511908] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.518990] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.525993] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.547788] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 49.555662] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.562119] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.568930] device bridge_slave_0 entered promiscuous mode [ 49.597670] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 49.607594] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.614191] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.621394] device bridge_slave_1 entered promiscuous mode [ 49.637640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 49.645433] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 49.652951] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.659263] bridge0: port 1(bridge_slave_0) entered forwarding state [ 49.667534] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 49.678235] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 49.687350] IPVS: ftp: loaded support on port[0] = 21 [ 49.696312] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 49.706045] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 49.713762] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 49.721432] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.727760] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.734577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 49.778182] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 49.785945] chnl_net:caif_netlink_parms(): no params data found [ 49.797267] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 49.808311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 49.829482] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 49.848541] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 49.856130] team0: Port device team_slave_0 added [ 49.868586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 49.876440] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 49.884279] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 49.896612] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 49.904212] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 49.911924] team0: Port device team_slave_1 added [ 49.917036] chnl_net:caif_netlink_parms(): no params data found [ 49.934704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 49.942779] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 49.961380] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 49.968288] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 49.978814] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.000608] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.007999] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.019952] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.026798] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.034324] device bridge_slave_0 entered promiscuous mode [ 50.055703] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 50.077809] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.085273] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.092694] device bridge_slave_0 entered promiscuous mode [ 50.098797] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.105302] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.113902] device bridge_slave_1 entered promiscuous mode [ 50.119842] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.127539] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.136674] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 50.142986] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.191927] device hsr_slave_0 entered promiscuous mode [ 50.232021] device hsr_slave_1 entered promiscuous mode [ 50.298677] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.305145] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.312469] device bridge_slave_1 entered promiscuous mode [ 50.326076] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.332784] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.373955] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.382790] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.390591] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.398689] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 50.413268] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.423903] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.437587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 50.444854] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.456379] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.478912] chnl_net:caif_netlink_parms(): no params data found [ 50.492158] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 50.498226] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.506892] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 50.515510] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.522839] team0: Port device team_slave_0 added [ 50.527980] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.535234] team0: Port device team_slave_0 added [ 50.540853] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.547798] team0: Port device team_slave_1 added [ 50.557479] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.568061] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.575307] team0: Port device team_slave_1 added [ 50.582128] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.589332] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.597142] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.604863] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.612403] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.618736] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.625926] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.635723] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.644570] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 50.656120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 50.665164] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.672812] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.679134] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.687218] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.715795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.729589] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 50.792704] device hsr_slave_0 entered promiscuous mode [ 50.840382] device hsr_slave_1 entered promiscuous mode [ 50.943429] device hsr_slave_0 entered promiscuous mode [ 50.980357] device hsr_slave_1 entered promiscuous mode [ 51.020531] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.028391] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.041727] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.048102] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.055552] device bridge_slave_0 entered promiscuous mode [ 51.065100] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.072719] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.080104] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.089605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.099540] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.106551] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.114457] device bridge_slave_1 entered promiscuous mode [ 51.130519] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.138132] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.147006] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 51.160434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.167939] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.175643] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.183513] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.205027] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.214644] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 51.233336] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.239881] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.249331] team0: Port device team_slave_0 added [ 51.257269] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.265351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.273245] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.292476] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.299512] team0: Port device team_slave_1 added [ 51.306130] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.315309] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 51.330715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.338610] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.347256] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.354354] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.374462] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 51.383489] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.394718] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.402598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.409855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.416755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.426172] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 51.432880] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.492137] device hsr_slave_0 entered promiscuous mode [ 51.530416] device hsr_slave_1 entered promiscuous mode [ 51.578161] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.584347] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.594190] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.602422] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.609986] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.618205] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 51.630392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.638052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.645955] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.652322] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.659333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.675435] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.683524] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.696067] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.704610] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.714232] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.724285] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.733690] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.742272] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.752282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.765987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.773666] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.779998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.787108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.794090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.801087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.807809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.816265] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.827270] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.833719] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.841934] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.848001] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.855147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.864197] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.872850] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.881444] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.891848] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.899809] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.907427] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.915468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.923353] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.929680] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.936614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.944692] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.952305] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.958631] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.968370] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 51.982421] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.997970] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.005380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.013029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.020700] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.028273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.036527] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.044505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.052166] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.058513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.067437] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.076171] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.085136] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.092097] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.098835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.106045] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.113646] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.121471] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.129150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.139309] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.147389] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.156474] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.166554] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.175704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.183635] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.189969] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.199433] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.244430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.253051] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.264120] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.276776] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.284398] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.291625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.299261] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.309123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.317812] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.325504] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.336852] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.346469] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.355525] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.366424] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.372626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.379976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.387359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 2019/12/04 10:13:09 executed programs: 11 [ 52.395112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.402786] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.413710] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.422299] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.428408] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.453663] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.459676] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.480768] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.491009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.498450] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.508679] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.521116] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.528522] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.537264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.545408] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.555618] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.563170] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.571690] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.580321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.587815] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.595749] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.602741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.611943] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.619761] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.628177] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.635898] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.642802] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.650679] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.659735] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.666249] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.676270] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.687916] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 52.698083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.706242] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.715168] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.721584] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.729884] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.741080] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.758236] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.767111] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.779683] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.788321] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.796995] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.803403] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.815780] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.825433] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.836643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.844640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.865650] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.876431] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.887973] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.895964] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.903821] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.913250] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.922913] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.936473] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.946461] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.956130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.964151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.972994] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.981322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.994286] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 53.003820] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.023710] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 53.035821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.852455] ================================================================== [ 54.859946] BUG: KASAN: use-after-free in __vb2_perform_fileio+0x10fd/0x12b0 [ 54.867120] Read of size 4 at addr ffff888091506c1c by task syz-executor.0/6861 [ 54.874552] [ 54.876159] CPU: 0 PID: 6861 Comm: syz-executor.0 Not tainted 4.14.157-syzkaller #0 [ 54.883928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.893262] Call Trace: [ 54.895841] dump_stack+0xf7/0x13b [ 54.899362] ? __vb2_perform_fileio+0x10fd/0x12b0 [ 54.904182] print_address_description.cold.7+0x9/0x1c9 [ 54.909525] ? __vb2_perform_fileio+0x10fd/0x12b0 [ 54.914346] kasan_report.cold.8+0x11a/0x2d3 [ 54.918734] __asan_report_load4_noabort+0x14/0x20 [ 54.923647] __vb2_perform_fileio+0x10fd/0x12b0 [ 54.928296] ? vb2_core_poll+0x730/0x730 [ 54.932374] vb2_read+0xf/0x20 [ 54.935543] vb2_fop_read+0x1b6/0x390 [ 54.939325] ? vb2_fop_write+0x390/0x390 [ 54.943372] v4l2_read+0x135/0x240 [ 54.946890] __vfs_read+0xde/0x840 [ 54.950412] ? vfs_copy_file_range+0xb50/0xb50 [ 54.954981] ? fsnotify+0x1160/0x1160 [ 54.958765] ? __inode_security_revalidate+0xd3/0x100 [ 54.963935] ? selinux_file_permission+0x31f/0x3e0 [ 54.968842] ? security_file_permission+0x14f/0x1c0 [ 54.973840] ? rw_verify_area+0xb8/0x2b0 [ 54.977895] vfs_read+0xf5/0x300 [ 54.981242] SyS_read+0x100/0x250 [ 54.984672] ? kernel_write+0x130/0x130 [ 54.988625] ? do_syscall_64+0x4c/0x5b0 [ 54.992582] ? kernel_write+0x130/0x130 [ 54.996538] do_syscall_64+0x1c9/0x5b0 [ 55.000404] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 55.005239] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 55.010408] RIP: 0033:0x458d99 [ 55.013591] RSP: 002b:00007f2838279c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 55.021281] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458d99 [ 55.028535] RDX: 000000000000004b RSI: 0000000020000400 RDI: 0000000000000003 [ 55.035784] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 55.043053] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f283827a6d4 [ 55.050301] R13: 00000000004c4aa8 R14: 00000000004da068 R15: 00000000ffffffff [ 55.057574] [ 55.059185] Allocated by task 6861: [ 55.062867] save_stack_trace+0x16/0x20 [ 55.066822] save_stack+0x43/0xd0 [ 55.070264] kasan_kmalloc+0xc7/0xe0 [ 55.073953] kmem_cache_alloc_trace+0x152/0x7b0 [ 55.078604] __vb2_init_fileio+0x160/0xaf0 [ 55.082826] __vb2_perform_fileio+0xa9f/0x12b0 [ 55.087383] vb2_read+0xf/0x20 [ 55.090549] vb2_fop_read+0x1b6/0x390 [ 55.094325] v4l2_read+0x135/0x240 [ 55.097843] __vfs_read+0xde/0x840 [ 55.101360] vfs_read+0xf5/0x300 [ 55.104700] SyS_read+0x100/0x250 [ 55.108130] do_syscall_64+0x1c9/0x5b0 [ 55.112004] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 55.117172] [ 55.118782] Freed by task 6858: [ 55.122052] save_stack_trace+0x16/0x20 [ 55.126012] save_stack+0x43/0xd0 [ 55.129441] kasan_slab_free+0x71/0xc0 [ 55.133305] kfree+0xcc/0x270 [ 55.136387] __vb2_cleanup_fileio+0xee/0x140 [ 55.140770] vb2_core_queue_release+0xf/0x70 [ 55.145206] _vb2_fop_release+0x1ac/0x280 [ 55.149332] vb2_fop_release+0x66/0xd0 [ 55.153198] vivid_fop_release+0x15f/0x3a0 [ 55.157409] v4l2_release+0xee/0x1a0 [ 55.161102] __fput+0x235/0x750 [ 55.164404] ____fput+0x9/0x10 [ 55.167574] task_work_run+0xeb/0x180 [ 55.171352] exit_to_usermode_loop+0x16a/0x1b0 [ 55.175909] do_syscall_64+0x418/0x5b0 [ 55.179773] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 55.184933] [ 55.186599] The buggy address belongs to the object at ffff888091506900 [ 55.186599] which belongs to the cache kmalloc-1024 of size 1024 [ 55.199414] The buggy address is located 796 bytes inside of [ 55.199414] 1024-byte region [ffff888091506900, ffff888091506d00) [ 55.211370] The buggy address belongs to the page: [ 55.216279] page:ffffea0002454180 count:1 mapcount:0 mapping:ffff888091506000 index:0x0 compound_mapcount: 0 [ 55.226241] flags: 0x1fffc0000008100(slab|head) [ 55.230895] raw: 01fffc0000008100 ffff888091506000 0000000000000000 0000000100000007 [ 55.238889] raw: ffffea0002451a20 ffff8880aa801848 ffff8880aa800ac0 0000000000000000 [ 55.246746] page dumped because: kasan: bad access detected [ 55.252432] [ 55.254043] Memory state around the buggy address: [ 55.258998] ffff888091506b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.266331] ffff888091506b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.273669] >ffff888091506c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.281004] ^ [ 55.285152] ffff888091506c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.292499] ffff888091506d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.299951] ================================================================== [ 55.307288] Disabling lock debugging due to kernel taint [ 55.315809] Kernel panic - not syncing: panic_on_warn set ... [ 55.315809] [ 55.323184] CPU: 0 PID: 6861 Comm: syz-executor.0 Tainted: G B 4.14.157-syzkaller #0 [ 55.332169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.341499] Call Trace: [ 55.344063] dump_stack+0xf7/0x13b [ 55.347581] ? __vb2_perform_fileio+0x10fd/0x12b0 [ 55.352450] panic+0x1b0/0x36a [ 55.355622] ? add_taint.cold.5+0x11/0x11 [ 55.359749] ? ___preempt_schedule+0x16/0x18 [ 55.364136] ? __vb2_perform_fileio+0x10fd/0x12b0 [ 55.368955] kasan_end_report+0x47/0x4f [ 55.372909] kasan_report.cold.8+0x76/0x2d3 [ 55.377205] __asan_report_load4_noabort+0x14/0x20 [ 55.382110] __vb2_perform_fileio+0x10fd/0x12b0 [ 55.386754] ? vb2_core_poll+0x730/0x730 [ 55.390798] vb2_read+0xf/0x20 [ 55.393983] vb2_fop_read+0x1b6/0x390 [ 55.397758] ? vb2_fop_write+0x390/0x390 [ 55.401802] v4l2_read+0x135/0x240 [ 55.405318] __vfs_read+0xde/0x840 [ 55.408832] ? vfs_copy_file_range+0xb50/0xb50 [ 55.413393] ? fsnotify+0x1160/0x1160 [ 55.417168] ? __inode_security_revalidate+0xd3/0x100 [ 55.422332] ? selinux_file_permission+0x31f/0x3e0 [ 55.427248] ? security_file_permission+0x14f/0x1c0 [ 55.432246] ? rw_verify_area+0xb8/0x2b0 [ 55.436283] vfs_read+0xf5/0x300 [ 55.439633] SyS_read+0x100/0x250 [ 55.443084] ? kernel_write+0x130/0x130 [ 55.447048] ? do_syscall_64+0x4c/0x5b0 [ 55.451000] ? kernel_write+0x130/0x130 [ 55.454956] do_syscall_64+0x1c9/0x5b0 [ 55.458817] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 55.463654] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 55.468852] RIP: 0033:0x458d99 [ 55.472018] RSP: 002b:00007f2838279c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 55.479757] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458d99 [ 55.487006] RDX: 000000000000004b RSI: 0000000020000400 RDI: 0000000000000003 [ 55.494303] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 55.501599] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f283827a6d4 [ 55.508847] R13: 00000000004c4aa8 R14: 00000000004da068 R15: 00000000ffffffff [ 55.517494] Kernel Offset: disabled [ 55.521112] Rebooting in 86400 seconds..