[ 43.253827] audit: type=1400 audit(1581366545.311:37): avc: denied { map } for pid=6870 comm="syz-fuzzer" path="/root/syzkaller-shm193465587" dev="sda1" ino=2233 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 43.503573] IPVS: ftp: loaded support on port[0] = 21 [ 44.750577] can: request_module (can-proto-0) failed. [ 44.761965] can: request_module (can-proto-0) failed. [ 44.973109] audit: type=1400 audit(1581366547.031:38): avc: denied { create } for pid=6870 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 44.997289] audit: type=1400 audit(1581366547.031:39): avc: denied { create } for pid=6870 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 45.021066] audit: type=1400 audit(1581366547.031:40): avc: denied { create } for pid=6870 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 45.271655] random: sshd: uninitialized urandom read (32 bytes read) [ 46.034831] random: sshd: uninitialized urandom read (32 bytes read) [ 46.247173] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.179' (ECDSA) to the list of known hosts. 2020/02/10 20:29:14 parsed 1 programs 2020/02/10 20:29:15 executed programs: 0 [ 53.331148] IPVS: ftp: loaded support on port[0] = 21 [ 54.109853] IPVS: ftp: loaded support on port[0] = 21 [ 54.159922] chnl_net:caif_netlink_parms(): no params data found [ 54.215686] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.222677] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.229918] device bridge_slave_0 entered promiscuous mode [ 54.237449] IPVS: ftp: loaded support on port[0] = 21 [ 54.238249] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.249315] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.256881] device bridge_slave_1 entered promiscuous mode [ 54.297526] chnl_net:caif_netlink_parms(): no params data found [ 54.306865] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.318798] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.344037] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.351578] team0: Port device team_slave_0 added [ 54.359175] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.368319] team0: Port device team_slave_1 added [ 54.382718] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.393453] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.415999] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.422452] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.429615] device bridge_slave_0 entered promiscuous mode [ 54.439345] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.445867] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.453011] device bridge_slave_1 entered promiscuous mode [ 54.522187] device hsr_slave_0 entered promiscuous mode [ 54.570480] device hsr_slave_1 entered promiscuous mode [ 54.645255] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.652637] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.666190] IPVS: ftp: loaded support on port[0] = 21 [ 54.679075] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.688334] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.702952] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.709568] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.716659] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.723209] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.743708] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.751885] team0: Port device team_slave_0 added [ 54.757580] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.765195] team0: Port device team_slave_1 added [ 54.781459] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.815234] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.830985] chnl_net:caif_netlink_parms(): no params data found [ 54.903145] device hsr_slave_0 entered promiscuous mode [ 54.940469] device hsr_slave_1 entered promiscuous mode [ 55.010892] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.018595] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.072378] IPVS: ftp: loaded support on port[0] = 21 [ 55.074129] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.084057] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.090755] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.097182] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.109677] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.116153] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.124527] device bridge_slave_0 entered promiscuous mode [ 55.142141] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.148620] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.155784] device bridge_slave_1 entered promiscuous mode [ 55.222716] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.234432] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.248335] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.266409] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.274305] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.281224] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.314323] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.335272] chnl_net:caif_netlink_parms(): no params data found [ 55.361562] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.369367] team0: Port device team_slave_0 added [ 55.369977] IPVS: ftp: loaded support on port[0] = 21 [ 55.375602] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.397746] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.405257] team0: Port device team_slave_1 added [ 55.410792] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.420643] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.431285] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.437486] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.444531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.453597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.462065] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.506572] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.531890] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.538407] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.545829] device bridge_slave_0 entered promiscuous mode [ 55.552665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.561426] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.569061] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.575714] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.586366] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.643859] device hsr_slave_0 entered promiscuous mode [ 55.680710] device hsr_slave_1 entered promiscuous mode [ 55.735523] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.743436] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.750596] device bridge_slave_1 entered promiscuous mode [ 55.764474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.773133] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.780873] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.787237] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.797101] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 55.807397] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 55.814799] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.824828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.862986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.870866] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.879399] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.897979] chnl_net:caif_netlink_parms(): no params data found [ 55.908499] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.919996] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.929694] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 55.939188] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.959584] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.969322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.977183] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.987920] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 56.009384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.017407] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.028809] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.035591] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.043272] team0: Port device team_slave_0 added [ 56.050629] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.058235] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 56.075232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.082459] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.089465] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.097272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.105337] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.114204] team0: Port device team_slave_1 added [ 56.121016] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.140373] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.146485] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.154608] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 56.167178] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.188347] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.195929] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.206249] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.215944] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.222620] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.229643] device bridge_slave_0 entered promiscuous mode [ 56.237349] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.244045] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.252200] device bridge_slave_1 entered promiscuous mode [ 56.293581] device hsr_slave_0 entered promiscuous mode [ 56.330656] device hsr_slave_1 entered promiscuous mode [ 56.391176] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 56.397251] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.405320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.415997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.423942] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.430427] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.440560] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.463043] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.484953] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.493410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.501660] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.508580] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.517770] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.529244] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.538183] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.567633] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.579416] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 56.588224] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.603629] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 56.630022] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.654326] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 56.663814] chnl_net:caif_netlink_parms(): no params data found [ 56.679463] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.686849] team0: Port device team_slave_0 added [ 56.694020] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.701538] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.709199] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.717569] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.735338] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 56.743089] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.751601] team0: Port device team_slave_1 added [ 56.757194] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.766942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.775046] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.789547] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 56.799350] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.816259] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.823279] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.831655] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.852668] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 56.922360] device hsr_slave_0 entered promiscuous mode [ 56.960632] device hsr_slave_1 entered promiscuous mode [ 57.021796] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 57.029829] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.058551] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 57.064819] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 57.075367] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 57.084127] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 57.099840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.115534] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.122527] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.129946] device bridge_slave_0 entered promiscuous mode [ 57.147610] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.173850] ------------[ cut here ]------------ [ 57.178864] WARNING: CPU: 1 PID: 6993 at drivers/dma-buf/dma-buf.c:1039 dma_buf_vunmap+0x154/0x1b0 [ 57.188015] Kernel panic - not syncing: panic_on_warn set ... [ 57.188015] [ 57.195373] CPU: 1 PID: 6993 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0 [ 57.203251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.212754] Call Trace: [ 57.215338] dump_stack+0xf7/0x13b [ 57.219042] ? dma_buf_vunmap+0x154/0x1b0 [ 57.223205] panic+0x1b0/0x36a [ 57.226395] ? add_taint.cold.5+0x11/0x11 [ 57.230539] ? __lock_acquire+0x24af/0x4500 [ 57.234858] ? dma_buf_vunmap+0x154/0x1b0 [ 57.239076] __warn.cold.8+0x25/0x2a [ 57.242781] ? dma_buf_vunmap+0x154/0x1b0 [ 57.246929] report_bug+0x1a4/0x1f3 [ 57.250550] do_error_trap+0x1bd/0x310 [ 57.254485] ? math_error+0x300/0x300 [ 57.258304] ? __lock_is_held+0xb5/0x140 [ 57.262361] ? vb2_core_queue_release+0x25/0x70 [ 57.267038] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.271897] do_invalid_op+0x1b/0x20 [ 57.275608] invalid_op+0x1b/0x40 [ 57.279068] RIP: 0010:dma_buf_vunmap+0x154/0x1b0 [ 57.283809] RSP: 0018:ffff88808b0e7bd0 EFLAGS: 00010246 [ 57.289201] RAX: dffffc0000000000 RBX: ffff88809c0eef00 RCX: 1ffff11013c8eca7 [ 57.296637] RDX: 1ffff1101381dde8 RSI: ffffc90005ebc000 RDI: 0000000000000000 [ 57.304050] RBP: ffff88808b0e7bf8 R08: ffff888082dd6b48 R09: 000000000000657b [ 57.311417] R10: ffff88808b0e7ce8 R11: ffff888082dd6280 R12: ffffffff8425a420 [ 57.318707] R13: ffff88809cc7e840 R14: ffff88809cc7e868 R15: ffff88809c0eef00 [ 57.326118] ? vb2_vmalloc_map_dmabuf+0x80/0x80 [ 57.330787] ? vb2_vmalloc_map_dmabuf+0x80/0x80 [ 57.335454] vb2_vmalloc_detach_dmabuf+0x4f/0x80 [ 57.340211] __vb2_plane_dmabuf_put.isra.6+0xff/0x2d0 [ 57.345400] __vb2_queue_free+0x55c/0x770 [ 57.349542] ? __vb2_queue_cancel+0x232/0x880 [ 57.354031] vb2_core_queue_release+0x57/0x70 [ 57.358591] _vb2_fop_release+0x1ac/0x280 [ 57.362728] vb2_fop_release+0x66/0xd0 [ 57.366604] vivid_fop_release+0x15f/0x3a0 [ 57.370825] v4l2_release+0xee/0x1a0 [ 57.374528] __fput+0x235/0x750 [ 57.377790] ? _raw_spin_unlock_irq+0x27/0x80 [ 57.382461] ____fput+0x9/0x10 [ 57.385639] task_work_run+0xeb/0x180 [ 57.389434] exit_to_usermode_loop+0x16a/0x1b0 [ 57.394017] do_syscall_64+0x418/0x5b0 [ 57.397988] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.402842] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 57.408081] RIP: 0033:0x4129e1 [ 57.411252] RSP: 002b:00007ffe50d92450 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 57.418952] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00000000004129e1 [ 57.426204] RDX: 0000001b2ed20000 RSI: 0000000000000000 RDI: 0000000000000003 [ 57.433503] RBP: 0000000000740518 R08: 000000000000df4e R09: 000000000000df4e [ 57.440868] R10: 00007ffe50d92520 R11: 0000000000000293 R12: 0000000000000001 [ 57.448133] R13: 000000000000df53 R14: 000000000000df80 R15: 000000000073bf0c [ 57.457390] Kernel Offset: disabled [ 57.461093] Rebooting in 86400 seconds..