[   38.735833] random: cc1: uninitialized urandom read (8 bytes read)
[   39.300840] IPVS: ftp: loaded support on port[0] = 21
[   40.377872] can: request_module (can-proto-0) failed.
[   40.386818] can: request_module (can-proto-0) failed.
[   40.542378] audit: type=1400 audit(1578065419.793:37): avc:  denied  { create } for  pid=6671 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1
[   40.566053] audit: type=1400 audit(1578065419.793:38): avc:  denied  { create } for  pid=6671 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   40.589888] audit: type=1400 audit(1578065419.793:39): avc:  denied  { create } for  pid=6671 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[   40.865942] random: sshd: uninitialized urandom read (32 bytes read)
[   41.652439] random: sshd: uninitialized urandom read (32 bytes read)
[   41.849713] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.1.15' (ECDSA) to the list of known hosts.
2020/01/03 15:30:28 parsed 1 programs
2020/01/03 15:30:28 executed programs: 0
[   48.985541] audit: type=1400 audit(1578065428.233:40): avc:  denied  { map } for  pid=6743 comm="syz-execprog" path="/root/syzkaller-shm091812367" dev="sda1" ino=16495 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   49.280835] IPVS: ftp: loaded support on port[0] = 21
[   50.043490] chnl_net:caif_netlink_parms(): no params data found
[   50.051339] IPVS: ftp: loaded support on port[0] = 21
[   50.092165] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.098698] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.105838] device bridge_slave_0 entered promiscuous mode
[   50.114650] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.121151] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.128012] device bridge_slave_1 entered promiscuous mode
[   50.151896] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   50.161482] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   50.180494] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   50.187671] team0: Port device team_slave_0 added
[   50.195196] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   50.202253] team0: Port device team_slave_1 added
[   50.210207] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   50.218875] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   50.232368] IPVS: ftp: loaded support on port[0] = 21
[   50.311800] device hsr_slave_0 entered promiscuous mode
[   50.350281] device hsr_slave_1 entered promiscuous mode
[   50.392198] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   50.403942] chnl_net:caif_netlink_parms(): no params data found
[   50.412370] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   50.456857] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.463367] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.470637] device bridge_slave_0 entered promiscuous mode
[   50.477130] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.483592] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.490739] device bridge_slave_1 entered promiscuous mode
[   50.500489] IPVS: ftp: loaded support on port[0] = 21
[   50.501181] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.512197] bridge0: port 2(bridge_slave_1) entered forwarding state
[   50.519220] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.525612] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.552262] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   50.563082] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   50.585215] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   50.592659] team0: Port device team_slave_0 added
[   50.608366] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   50.616011] team0: Port device team_slave_1 added
[   50.623303] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   50.664092] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   50.677115] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   50.683433] 8021q: adding VLAN 0 to HW filter on device bond0
[   50.696309] IPVS: ftp: loaded support on port[0] = 21
[   50.782518] device hsr_slave_0 entered promiscuous mode
[   50.830278] device hsr_slave_1 entered promiscuous mode
[   50.871488] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   50.896808] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   50.903803] chnl_net:caif_netlink_parms(): no params data found
[   50.928784] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   50.938881] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   50.947191] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.965152] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.990547] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   50.996637] 8021q: adding VLAN 0 to HW filter on device team0
[   51.004542] chnl_net:caif_netlink_parms(): no params data found
[   51.018590] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   51.028295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   51.039545] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.046050] bridge0: port 1(bridge_slave_0) entered forwarding state
[   51.084728] IPVS: ftp: loaded support on port[0] = 21
[   51.104214] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   51.112864] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   51.121093] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.127485] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.136523] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   51.144044] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.150798] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.157650] device bridge_slave_0 entered promiscuous mode
[   51.166270] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.172977] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.179937] device bridge_slave_1 entered promiscuous mode
[   51.193499] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   51.201305] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   51.209577] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   51.234700] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.241528] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.248387] device bridge_slave_0 entered promiscuous mode
[   51.259451] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.266131] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.275033] device bridge_slave_1 entered promiscuous mode
[   51.289739] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   51.298096] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   51.313696] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   51.322819] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   51.334807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   51.342567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   51.353064] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[   51.363272] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   51.391123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   51.398580] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   51.421714] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   51.428761] team0: Port device team_slave_0 added
[   51.437602] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   51.445190] team0: Port device team_slave_1 added
[   51.452925] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[   51.460413] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   51.467744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   51.477572] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   51.484644] team0: Port device team_slave_0 added
[   51.492673] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   51.528419] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   51.538044] team0: Port device team_slave_1 added
[   51.543343] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   51.557367] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   51.563819] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   51.574985] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   51.583030] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   51.652040] device hsr_slave_0 entered promiscuous mode
[   51.700411] device hsr_slave_1 entered promiscuous mode
[   51.792014] device hsr_slave_0 entered promiscuous mode
[   51.830293] device hsr_slave_1 entered promiscuous mode
[   51.871175] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   51.877927] chnl_net:caif_netlink_parms(): no params data found
[   51.897683] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   51.907245] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   51.925972] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   51.947816] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.954644] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.961507] device bridge_slave_0 entered promiscuous mode
[   51.969176] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   52.022674] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.029086] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.037716] device bridge_slave_1 entered promiscuous mode
[   52.046430] 8021q: adding VLAN 0 to HW filter on device batadv0
[   52.056932] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   52.075939] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.082360] bridge0: port 2(bridge_slave_1) entered forwarding state
[   52.088934] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.095301] bridge0: port 1(bridge_slave_0) entered forwarding state
[   52.105388] chnl_net:caif_netlink_parms(): no params data found
[   52.149225] 8021q: adding VLAN 0 to HW filter on device bond0
[   52.156184] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.163002] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.173301] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   52.190801] bridge0: port 1(bridge_slave_0) entered blocking state
[   52.197172] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.206286] device bridge_slave_0 entered promiscuous mode
[   52.214079] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.220556] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.227449] device bridge_slave_1 entered promiscuous mode
[   52.234811] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   52.274313] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   52.291154] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   52.297623] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   52.309161] team0: Port device team_slave_0 added
[   52.315973] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   52.330705] 8021q: adding VLAN 0 to HW filter on device bond0
[   52.338492] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   52.346149] team0: Port device team_slave_1 added
[   52.357760] 8021q: adding VLAN 0 to HW filter on device bond0
[   52.365842] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   52.375272] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   52.381680] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   52.395626] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   52.403625] team0: Port device team_slave_0 added
[   52.408940] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   52.420605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   52.428050] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   52.454621] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   52.466054] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   52.472751] ==================================================================
[   52.479405] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   52.480252] BUG: KASAN: slab-out-of-bounds in bpf_skb_change_tail+0xa77/0xd50
[   52.480258] Read of size 8 at addr ffff888095b269d0 by task syz-executor.1/6797
[   52.480260] 
[   52.480266] CPU: 0 PID: 6797 Comm: syz-executor.1 Not tainted 4.14.161-syzkaller #0
[   52.480269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.480271] Call Trace:
[   52.480279]  dump_stack+0xf7/0x13b
[   52.480285]  ? bpf_skb_change_tail+0xa77/0xd50
[   52.480293]  print_address_description.cold.7+0x9/0x1c9
[   52.480297]  ? bpf_skb_change_tail+0xa77/0xd50
[   52.480302]  kasan_report.cold.8+0x11a/0x2d3
[   52.480309]  __asan_report_load8_noabort+0x14/0x20
[   52.480314]  bpf_skb_change_tail+0xa77/0xd50
[   52.480320]  ? __lock_acquire+0x6a4/0x4500
[   52.480325]  ? __build_skb+0x2a/0x2b0
[   52.480336]  bpf_prog_ac477e10ee530e9d+0x614/0x1000
[   52.480347]  ? trace_hardirqs_on+0x10/0x10
[   52.480353]  ? trace_hardirqs_off+0x10/0x10
[   52.480360]  ? find_held_lock+0x36/0x1d0
[   52.480371]  ? bpf_test_run+0x32/0x2d0
[   52.480376]  ? lock_downgrade+0x7f0/0x7f0
[   52.480382]  ? lock_acquire+0x173/0x400
[   52.480385]  ? bpf_test_run+0x159/0x2d0
[   52.480393]  ? bpf_test_run+0x8a/0x2d0
[   52.480398]  ? eth_gro_receive+0x880/0x880
[   52.480408]  ? bpf_prog_test_run_skb+0x58a/0xbc0
[   52.480415]  ? bpf_test_init.isra.6+0xa0/0xa0
[   52.480424]  ? __bpf_prog_get+0x128/0x170
[   52.480431]  ? SyS_bpf+0x97e/0x28d3
[   52.480440]  ? bpf_prog_get+0x10/0x10
[   52.480445]  ? kasan_check_read+0x11/0x20
[   52.480451]  ? _copy_to_user+0x91/0xb0
[   52.480460]  ? put_timespec64+0xa4/0xf0
[   52.480465]  ? nsecs_to_jiffies+0x20/0x20
[   52.480475]  ? SyS_clock_gettime+0x115/0x160
[   52.480484]  ? do_syscall_64+0x4c/0x5b0
[   52.480491]  ? bpf_prog_get+0x10/0x10
[   52.480496]  ? do_syscall_64+0x1c7/0x5b0
[   52.480500]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   52.480510]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   52.480521] 
[   52.480524] Allocated by task 0:
[   52.480526] (stack is not available)
[   52.480528] 
[   52.480530] Freed by task 0:
[   52.480532] (stack is not available)
[   52.480534] 
[   52.480538] The buggy address belongs to the object at ffff888095b26940
[   52.480538]  which belongs to the cache skbuff_head_cache of size 232
[   52.480542] The buggy address is located 144 bytes inside of
[   52.480542]  232-byte region [ffff888095b26940, ffff888095b26a28)
[   52.480544] The buggy address belongs to the page:
[   52.480549] page:ffffea000256c980 count:1 mapcount:0 mapping:ffff888095b26080 index:0x0
[   52.480555] flags: 0x1fffc0000000100(slab)
[   52.480561] raw: 01fffc0000000100 ffff888095b26080 0000000000000000 000000010000000c
[   52.480566] raw: ffffea0002244620 ffffea00022433a0 ffff88821b75e540 0000000000000000
[   52.480568] page dumped because: kasan: bad access detected
[   52.480570] 
[   52.480572] Memory state around the buggy address:
[   52.480576]  ffff888095b26880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.480580]  ffff888095b26900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.480583] >ffff888095b26980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.480586]                                                  ^
[   52.480588]  ffff888095b26a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.480591]  ffff888095b26a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   52.480593] ==================================================================
[   52.480595] Disabling lock debugging due to kernel taint
[   52.480698] Kernel panic - not syncing: panic_on_warn set ...
[   52.480698] 
[   52.496741] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   52.501471] CPU: 0 PID: 6797 Comm: syz-executor.1 Tainted: G    B           4.14.161-syzkaller #0
[   52.501473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   52.501475] Call Trace:
[   52.501484]  dump_stack+0xf7/0x13b
[   52.501491]  ? bpf_skb_change_tail+0xa77/0xd50
[   52.501495]  panic+0x1b0/0x358
[   52.501499]  ? add_taint.cold.5+0x11/0x11
[   52.501506]  ? bpf_skb_change_tail+0xa77/0xd50
[   52.501511]  kasan_end_report+0x47/0x4f
[   52.501516]  kasan_report.cold.8+0x76/0x2d3
[   52.503334] 8021q: adding VLAN 0 to HW filter on device team0
[   52.510918]  __asan_report_load8_noabort+0x14/0x20
[   52.510922]  bpf_skb_change_tail+0xa77/0xd50
[   52.510927]  ? __lock_acquire+0x6a4/0x4500
[   52.510932]  ? __build_skb+0x2a/0x2b0
[   52.510938]  bpf_prog_ac477e10ee530e9d+0x614/0x1000
[   52.510945]  ? trace_hardirqs_on+0x10/0x10
[   52.510949]  ? trace_hardirqs_off+0x10/0x10
[   52.510953]  ? find_held_lock+0x36/0x1d0
[   52.510961]  ? bpf_test_run+0x32/0x2d0
[   52.510965]  ? lock_downgrade+0x7f0/0x7f0
[   52.510969]  ? lock_acquire+0x173/0x400
[   52.510972]  ? bpf_test_run+0x159/0x2d0
[   52.510978]  ? bpf_test_run+0x8a/0x2d0
[   52.510982]  ? eth_gro_receive+0x880/0x880
[   52.510989]  ? bpf_prog_test_run_skb+0x58a/0xbc0
[   52.523918] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   52.526428]  ? bpf_test_init.isra.6+0xa0/0xa0
[   52.526437]  ? __bpf_prog_get+0x128/0x170
[   52.533282] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   52.536437]  ? SyS_bpf+0x97e/0x28d3
[   52.536443]  ? bpf_prog_get+0x10/0x10
[   52.544338] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   52.545575]  ? kasan_check_read+0x11/0x20
[   52.545582]  ? _copy_to_user+0x91/0xb0
[   52.552120] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   52.554888]  ? put_timespec64+0xa4/0xf0
[   52.554894]  ? nsecs_to_jiffies+0x20/0x20
[   52.562600] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   52.562895]  ? SyS_clock_gettime+0x115/0x160
[   52.569497] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   52.572110]  ? do_syscall_64+0x4c/0x5b0
[   52.572116]  ? bpf_prog_get+0x10/0x10
[   52.572120]  ? do_syscall_64+0x1c7/0x5b0
[   52.572123]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   52.572130]  ? entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   52.577126] Kernel Offset: disabled
[   53.049047] Rebooting in 86400 seconds..