[   38.112663] audit: type=1400 audit(1577848469.154:37): avc:  denied  { map } for  pid=6683 comm="syz-fuzzer" path="/root/syzkaller-shm011036605" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[   38.391301] IPVS: ftp: loaded support on port[0] = 21
[   39.512996] can: request_module (can-proto-0) failed.
[   39.524096] can: request_module (can-proto-0) failed.
[   39.683337] audit: type=1400 audit(1577848470.724:38): avc:  denied  { create } for  pid=6683 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1
[   39.707650] audit: type=1400 audit(1577848470.724:39): avc:  denied  { create } for  pid=6683 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[   39.731360] audit: type=1400 audit(1577848470.724:40): avc:  denied  { create } for  pid=6683 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1
[   39.987384] random: sshd: uninitialized urandom read (32 bytes read)
[   40.808379] random: sshd: uninitialized urandom read (32 bytes read)
[   40.994444] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.10.29' (ECDSA) to the list of known hosts.
2020/01/01 03:14:38 parsed 1 programs
2020/01/01 03:14:38 executed programs: 0
[   48.100925] IPVS: ftp: loaded support on port[0] = 21
[   48.924666] chnl_net:caif_netlink_parms(): no params data found
[   48.953419] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.960828] bridge0: port 1(bridge_slave_0) entered disabled state
[   48.967924] device bridge_slave_0 entered promiscuous mode
[   48.975012] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.981506] bridge0: port 2(bridge_slave_1) entered disabled state
[   48.988352] device bridge_slave_1 entered promiscuous mode
[   48.995003] IPVS: ftp: loaded support on port[0] = 21
[   49.009466] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   49.018452] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   49.035048] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   49.042594] team0: Port device team_slave_0 added
[   49.048230] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   49.055825] team0: Port device team_slave_1 added
[   49.061164] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   49.070854] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   49.151860] device hsr_slave_0 entered promiscuous mode
[   49.230316] device hsr_slave_1 entered promiscuous mode
[   49.300751] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   49.311935] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   49.338233] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.344987] bridge0: port 2(bridge_slave_1) entered forwarding state
[   49.352141] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.358511] bridge0: port 1(bridge_slave_0) entered forwarding state
[   49.392959] IPVS: ftp: loaded support on port[0] = 21
[   49.422978] chnl_net:caif_netlink_parms(): no params data found
[   49.461714] IPVS: ftp: loaded support on port[0] = 21
[   49.487787] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.494675] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.501797] device bridge_slave_0 entered promiscuous mode
[   49.509170] bridge0: port 2(bridge_slave_1) entered blocking state
[   49.516474] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.524051] device bridge_slave_1 entered promiscuous mode
[   49.560243] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   49.570756] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   49.582510] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   49.588601] 8021q: adding VLAN 0 to HW filter on device bond0
[   49.629063] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   49.640898] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   49.648480] team0: Port device team_slave_0 added
[   49.649154] IPVS: ftp: loaded support on port[0] = 21
[   49.654041] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   49.666214] team0: Port device team_slave_1 added
[   49.681972] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   49.689137] chnl_net:caif_netlink_parms(): no params data found
[   49.703259] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   49.721931] bridge0: port 1(bridge_slave_0) entered disabled state
[   49.729099] bridge0: port 2(bridge_slave_1) entered disabled state
[   49.737825] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   49.758156] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   49.764415] 8021q: adding VLAN 0 to HW filter on device team0
[   49.831983] device hsr_slave_0 entered promiscuous mode
[   49.880480] device hsr_slave_1 entered promiscuous mode
[   49.920539] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   49.932484] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   49.947981] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   49.955563] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   49.963589] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   49.971333] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   49.978870] bridge0: port 1(bridge_slave_0) entered blocking state
[   49.985280] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.039020] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   50.047702] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.054356] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.061497] device bridge_slave_0 entered promiscuous mode
[   50.069938] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.078588] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.086054] device bridge_slave_1 entered promiscuous mode
[   50.095784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   50.104177] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   50.112490] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.118834] bridge0: port 2(bridge_slave_1) entered forwarding state
[   50.127012] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   50.147631] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   50.154190] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   50.162851] IPVS: ftp: loaded support on port[0] = 21
[   50.170105] chnl_net:caif_netlink_parms(): no params data found
[   50.179316] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   50.196830] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   50.206406] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   50.219066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   50.228050] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   50.258590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   50.266670] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   50.274442] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   50.285774] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   50.293737] team0: Port device team_slave_0 added
[   50.325972] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   50.334924] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   50.342224] team0: Port device team_slave_1 added
[   50.347415] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   50.372328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   50.380651] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   50.399366] 8021q: adding VLAN 0 to HW filter on device bond0
[   50.407180] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[   50.414678] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   50.438993] chnl_net:caif_netlink_parms(): no params data found
[   50.452048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   50.459516] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   50.469525] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   50.497254] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.503789] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.510921] device bridge_slave_0 entered promiscuous mode
[   50.517782] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[   50.526361] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   50.572548] device hsr_slave_0 entered promiscuous mode
[   50.610422] device hsr_slave_1 entered promiscuous mode
[   50.653570] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   50.662721] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   50.669830] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.678100] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.685769] device bridge_slave_1 entered promiscuous mode
[   50.692561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   50.702395] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   50.709831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   50.716781] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   50.725412] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   50.731627] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   50.771731] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   50.777842] 8021q: adding VLAN 0 to HW filter on device team0
[   50.796701] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.803234] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.810323] device bridge_slave_0 entered promiscuous mode
[   50.818141] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   50.827796] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   50.840076] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   50.849875] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   50.867383] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.875549] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.882835] device bridge_slave_1 entered promiscuous mode
[   50.906554] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   50.915373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   50.923197] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   50.931001] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.937362] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.944244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   50.953621] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   50.961438] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.967889] bridge0: port 2(bridge_slave_1) entered forwarding state
[   50.975281] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   51.003116] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   51.009551] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   51.017430] team0: Port device team_slave_0 added
[   51.023535] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   51.035914] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[   51.043579] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[   51.062192] chnl_net:caif_netlink_parms(): no params data found
[   51.072597] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   51.079778] team0: Port device team_slave_1 added
[   51.089209] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   51.099402] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[   51.110324] 8021q: adding VLAN 0 to HW filter on device batadv0
[   51.124816] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   51.136580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   51.146561] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[   51.158029] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   51.172639] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   51.179713] team0: Port device team_slave_0 added
[   51.186349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   51.194179] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   51.203934] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[   51.215057] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[   51.228312] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   51.236557] team0: Port device team_slave_1 added
[   51.242546] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   51.249629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   51.258121] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   51.266452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   51.274330] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   51.283744] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[   51.343296] device hsr_slave_0 entered promiscuous mode
[   51.369500] audit: type=1804 audit(1577848482.404:41): pid=6813 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir786165533/syzkaller.gEIbSe/0/file0/file0" dev="sda1" ino=16526 res=1
[   51.372608] ------------[ cut here ]------------
[   51.401855] WARNING: CPU: 1 PID: 6813 at fs/overlayfs/dir.c:523 ovl_create_or_link+0x545/0x13b0
[   51.410805] Kernel panic - not syncing: panic_on_warn set ...
[   51.410805] 
[   51.418168] CPU: 1 PID: 6813 Comm: syz-executor.2 Not tainted 4.14.161-syzkaller #0
[   51.420431] device hsr_slave_1 entered promiscuous mode
[   51.425968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.425973] Call Trace:
[   51.443639]  dump_stack+0xf7/0x13b
[   51.447252]  ? ovl_create_or_link+0x545/0x13b0
[   51.451903]  panic+0x1b0/0x358
[   51.455262]  ? add_taint.cold.5+0x11/0x11
[   51.459404]  ? ovl_create_or_link+0x545/0x13b0
[   51.464001]  __warn.cold.8+0x25/0x2c
[   51.467730]  ? mark_held_locks+0xc7/0x130
[   51.471897]  ? ovl_create_or_link+0x545/0x13b0
[   51.476465]  report_bug+0x1a4/0x1f3
[   51.480120]  do_error_trap+0x1bd/0x310
[   51.484078]  ? math_error+0x300/0x300
[   51.487950]  ? debug_object_activate+0x251/0x4b0
[   51.492706]  ? mark_held_locks+0xc7/0x130
[   51.496861]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   51.501705]  do_invalid_op+0x1b/0x20
[   51.505402]  invalid_op+0x1b/0x40
[   51.508838] RIP: 0010:ovl_create_or_link+0x545/0x13b0
[   51.514007] RSP: 0018:ffff88807ccbfb00 EFLAGS: 00010202
[   51.519358] RAX: 0000000000000000 RBX: ffff8880955873b0 RCX: ffff888088cc3544
[   51.526793] RDX: 1ffff11012ab0e77 RSI: ffff8880a03e0d20 RDI: ffff8880955873b8
[   51.534081] RBP: ffff88807ccbfcb8 R08: ffff8880a03e0d40 R09: 0000000000000000
[   51.541434] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   51.548781] R13: 0000000000000000 R14: 1ffff1100f997f6e R15: ffff888088d3e310
[   51.556187]  ? mutex_lock_io_nested+0x1380/0x1380
[   51.561029]  ? ovl_unlink+0x10/0x10
[   51.564638]  ? lock_downgrade+0x7f0/0x7f0
[   51.568778]  ? dput.part.27+0x25/0x610
[   51.572660]  ? dput.part.27+0x25/0x610
[   51.576523]  ? creds_are_invalid+0x43/0xd0
[   51.580743]  ? mutex_lock_interruptible_nested+0x16/0x20
[   51.586186]  ? mutex_lock_interruptible_nested+0x16/0x20
[   51.591615]  ? ovl_nlink_start+0x211/0x420
[   51.595831]  ovl_link+0x151/0x19d
[   51.599276]  ? ovl_create+0x20/0x20
[   51.602895]  vfs_link+0x646/0xa10
[   51.606425]  SyS_link+0x2f8/0x4b0
[   51.609853]  ? SyS_linkat+0x550/0x550
[   51.613633]  ? SyS_clock_gettime+0x115/0x160
[   51.618018]  ? SyS_clock_settime+0x1a0/0x1a0
[   51.622408]  ? do_syscall_64+0x4c/0x5b0
[   51.626362]  ? SyS_linkat+0x550/0x550
[   51.630143]  do_syscall_64+0x1c7/0x5b0
[   51.634004]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   51.638927]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[   51.644103] RIP: 0033:0x4597c9
[   51.647273] RSP: 002b:00007f0b22302c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000056
[   51.654962] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00000000004597c9
[   51.662222] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000020000140
[   51.669485] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   51.676814] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0b223036d4
[   51.684073] R13: 00000000004f53e2 R14: 00000000004d9f08 R15: 00000000ffffffff
[   51.693450] Kernel Offset: disabled
[   51.697319] Rebooting in 86400 seconds..