[ 40.383883] audit: type=1400 audit(1575631316.957:37): avc: denied { map } for pid=6729 comm="syz-fuzzer" path="/root/syzkaller-shm511601518" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 40.650871] IPVS: ftp: loaded support on port[0] = 21 [ 41.760951] can: request_module (can-proto-0) failed. [ 41.769831] can: request_module (can-proto-0) failed. [ 41.912076] audit: type=1400 audit(1575631318.487:38): avc: denied { create } for pid=6729 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 41.935734] audit: type=1400 audit(1575631318.487:39): avc: denied { create } for pid=6729 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 41.959698] audit: type=1400 audit(1575631318.487:40): avc: denied { create } for pid=6729 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 42.211531] random: sshd: uninitialized urandom read (32 bytes read) [ 42.939538] random: sshd: uninitialized urandom read (32 bytes read) [ 43.123360] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.37' (ECDSA) to the list of known hosts. 2019/12/06 11:22:06 parsed 1 programs 2019/12/06 11:22:06 executed programs: 0 [ 49.970892] IPVS: ftp: loaded support on port[0] = 21 [ 50.834627] chnl_net:caif_netlink_parms(): no params data found [ 50.860762] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.867392] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.874339] device bridge_slave_0 entered promiscuous mode [ 50.881515] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.887912] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.895319] IPVS: ftp: loaded support on port[0] = 21 [ 50.901534] device bridge_slave_1 entered promiscuous mode [ 50.921388] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.933452] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.957837] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.965085] team0: Port device team_slave_0 added [ 50.970806] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.977811] team0: Port device team_slave_1 added [ 50.984637] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.993567] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.051774] IPVS: ftp: loaded support on port[0] = 21 [ 51.060840] device hsr_slave_0 entered promiscuous mode [ 51.110296] device hsr_slave_1 entered promiscuous mode [ 51.170735] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.177876] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.221448] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.227913] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.234924] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.241294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.261819] chnl_net:caif_netlink_parms(): no params data found [ 51.277455] IPVS: ftp: loaded support on port[0] = 21 [ 51.323161] chnl_net:caif_netlink_parms(): no params data found [ 51.382082] IPVS: ftp: loaded support on port[0] = 21 [ 51.393937] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.400491] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.407354] device bridge_slave_0 entered promiscuous mode [ 51.425827] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 51.432422] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.439431] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.445956] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.452961] device bridge_slave_1 entered promiscuous mode [ 51.475004] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.485029] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.497591] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.513116] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.519472] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.526526] device bridge_slave_0 entered promiscuous mode [ 51.547395] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.554115] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.561321] device bridge_slave_1 entered promiscuous mode [ 51.574295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.583015] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.589767] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.599941] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.607209] team0: Port device team_slave_0 added [ 51.613606] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.619931] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.635921] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.644487] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.651857] team0: Port device team_slave_1 added [ 51.659324] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.687793] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.704381] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.720406] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.727965] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.734332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.754593] IPVS: ftp: loaded support on port[0] = 21 [ 51.765844] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.774173] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.780571] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.788812] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.797143] chnl_net:caif_netlink_parms(): no params data found [ 51.806338] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.813430] team0: Port device team_slave_0 added [ 51.862773] device hsr_slave_0 entered promiscuous mode [ 51.920375] device hsr_slave_1 entered promiscuous mode [ 51.990634] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.999630] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.006887] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 52.014575] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.021868] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.029360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.046602] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.054337] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.062069] team0: Port device team_slave_1 added [ 52.081927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.089778] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.113474] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.158954] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.165682] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.172835] device bridge_slave_0 entered promiscuous mode [ 52.179136] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.190115] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.197089] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.203337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.213498] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.219850] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.227310] device bridge_slave_1 entered promiscuous mode [ 52.247061] chnl_net:caif_netlink_parms(): no params data found [ 52.272067] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.288885] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.322832] device hsr_slave_0 entered promiscuous mode [ 52.370428] device hsr_slave_1 entered promiscuous mode [ 52.424300] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 52.431413] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.438811] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.475186] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.481932] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.488701] device bridge_slave_0 entered promiscuous mode [ 52.498222] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.525134] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.531886] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.539127] device bridge_slave_1 entered promiscuous mode [ 52.557150] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 52.566091] team0: Port device team_slave_0 added [ 52.574524] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.597509] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.619960] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.627459] team0: Port device team_slave_1 added [ 52.633437] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.648346] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.655284] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.686760] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.702109] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.712077] chnl_net:caif_netlink_parms(): no params data found [ 52.725088] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 52.739413] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 52.741768] ------------[ cut here ]------------ [ 52.750867] kernel BUG at mm/slab.c:4427! [ 52.751004] team0: Port device team_slave_0 added [ 52.759911] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 52.761467] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.765273] Modules linked in: [ 52.765282] CPU: 0 PID: 6852 Comm: syz-executor.0 Not tainted 4.14.158-syzkaller #0 [ 52.765284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.765292] task: ffff888076fd4180 task.stack: ffff88808afc8000 [ 52.765303] RIP: 0010:__check_heap_object+0x5c/0x5e [ 52.772407] team0: Port device team_slave_1 added [ 52.775120] RSP: 0018:ffff88808afcfae0 EFLAGS: 00010246 [ 52.775125] RAX: 0000000000000001 RBX: ffff8880867ffff3 RCX: 000000000000000c [ 52.775127] RDX: 000000000000120b RSI: 00000000000003a3 RDI: ffff8880867ffff3 [ 52.775129] RBP: ffff88808afcfae0 R08: ffff8880aa800dc0 R09: ffff8880867feb80 [ 52.775131] R10: ffffed1043fff001 R11: 0000000000000001 R12: 00000000000003a3 [ 52.775135] R13: 0000000000000001 R14: ffff888086800396 R15: ffffea000219ff80 [ 52.783556] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.792293] FS: 00007f9b34e25700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 52.792295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.792297] CR2: 000000000075c091 CR3: 00000000a70d5000 CR4: 00000000001406f0 [ 52.792302] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.792304] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.792306] Call Trace: [ 52.792317] __check_object_size+0x176/0x224 [ 52.792325] bpf_test_finish.isra.5+0xc0/0x170 [ 52.792329] ? bpf_test_run+0x2d0/0x2d0 [ 52.792334] ? kvm_clock_read+0x23/0x40 [ 52.792337] ? kvm_clock_get_cycles+0x9/0x10 [ 52.792342] ? ktime_get+0x13c/0x240 [ 52.792347] ? bpf_test_run+0x210/0x2d0 [ 52.792353] ? eth_gro_receive+0x880/0x880 [ 52.792358] bpf_prog_test_run_skb+0x66d/0xbc0 [ 52.792363] ? bpf_test_init.isra.6+0xa0/0xa0 [ 52.792370] ? __bpf_prog_get+0x128/0x170 [ 52.792374] SyS_bpf+0x97e/0x28d3 [ 52.792379] ? bpf_prog_get+0x10/0x10 [ 52.792384] ? kasan_check_read+0x11/0x20 [ 52.792388] ? _copy_to_user+0x91/0xb0 [ 52.792394] ? put_timespec64+0xa4/0xf0 [ 52.792397] ? nsecs_to_jiffies+0x20/0x20 [ 52.792402] ? SyS_clock_gettime+0x115/0x160 [ 52.792408] ? do_syscall_64+0x4c/0x5b0 [ 52.792412] ? bpf_prog_get+0x10/0x10 [ 52.792415] do_syscall_64+0x1c7/0x5b0 [ 52.792418] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.792424] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 52.792428] RIP: 0033:0x459829 [ 52.792430] RSP: 002b:00007f9b34e24c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 52.792434] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829 [ 52.792436] RDX: 0000000000000028 RSI: 0000000020000140 RDI: 000000000000000a [ 52.792438] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 52.792439] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9b34e256d4 [ 52.792443] R13: 00000000004bfb92 R14: 00000000004d1758 R15: 00000000ffffffff [ 52.799314] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.803834] Code: 24 76 24 41 0f af 40 14 4c 01 c8 48 29 c7 49 63 40 74 48 39 f8 72 08 48 29 f8 48 39 f0 73 05 [ 52.809481] kobject: 'veth0_to_hsr' (ffff88808dc6b170): kobject_add_internal: parent: 'net', set: 'devices' [ 52.814038] 49 8b 40 58 c3 31 c0 c3 55 48 89 e5 <0f> 0b 44 89 f1 48 c7 c7 98 1a 60 87 89 75 d4 4c 8d 45 cc 81 e1 [ 52.814080] RIP: __check_heap_object+0x5c/0x5e RSP: ffff88808afcfae0 [ 52.879406] ---[ end trace 6b7c753cc9dfc258 ]--- [ 52.892215] kobject: 'veth0_to_hsr' (ffff88808dc6b170): kobject_uevent_env [ 52.920028] Kernel panic - not syncing: Fatal exception [ 52.923190] kobject: 'veth0_to_hsr' (ffff88808dc6b170): fill_kobj_path: path = '/devices/virtual/net/veth0_to_hsr' [ 52.926963] Kernel Offset: disabled [ 53.120032] Rebooting in 86400 seconds..