[ 42.847455] audit: type=1400 audit(1582217903.110:37): avc: denied { map } for pid=6798 comm="syz-fuzzer" path="/root/syzkaller-shm246264079" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 43.121147] IPVS: ftp: loaded support on port[0] = 21 [ 44.262770] can: request_module (can-proto-0) failed. [ 44.272245] can: request_module (can-proto-0) failed. [ 44.422282] audit: type=1400 audit(1582217904.690:38): avc: denied { create } for pid=6798 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 44.445886] audit: type=1400 audit(1582217904.690:39): avc: denied { create } for pid=6798 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 44.469580] audit: type=1400 audit(1582217904.690:40): avc: denied { create } for pid=6798 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 44.737224] random: sshd: uninitialized urandom read (32 bytes read) [ 45.533818] random: sshd: uninitialized urandom read (32 bytes read) [ 45.730951] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.193' (ECDSA) to the list of known hosts. 2020/02/20 16:58:32 parsed 1 programs 2020/02/20 16:58:32 executed programs: 0 [ 52.771186] IPVS: ftp: loaded support on port[0] = 21 [ 53.636778] IPVS: ftp: loaded support on port[0] = 21 [ 53.678331] chnl_net:caif_netlink_parms(): no params data found [ 53.719150] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.725835] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.732839] device bridge_slave_0 entered promiscuous mode [ 53.740428] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.746816] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.753812] device bridge_slave_1 entered promiscuous mode [ 53.772008] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.782181] IPVS: ftp: loaded support on port[0] = 21 [ 53.789097] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.819192] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.826469] team0: Port device team_slave_0 added [ 53.833531] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.840600] team0: Port device team_slave_1 added [ 53.858465] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.867548] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 53.879151] chnl_net:caif_netlink_parms(): no params data found [ 53.971852] device hsr_slave_0 entered promiscuous mode [ 54.010299] device hsr_slave_1 entered promiscuous mode [ 54.070678] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.079199] IPVS: ftp: loaded support on port[0] = 21 [ 54.087042] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.095345] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.101815] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.108710] device bridge_slave_0 entered promiscuous mode [ 54.116145] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.122562] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.129511] device bridge_slave_1 entered promiscuous mode [ 54.166721] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.198847] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.213194] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.219715] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.226701] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.233070] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.249616] chnl_net:caif_netlink_parms(): no params data found [ 54.274892] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.282191] team0: Port device team_slave_0 added [ 54.291938] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.298949] team0: Port device team_slave_1 added [ 54.305320] IPVS: ftp: loaded support on port[0] = 21 [ 54.324641] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.332297] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.393096] device hsr_slave_0 entered promiscuous mode [ 54.460334] device hsr_slave_1 entered promiscuous mode [ 54.517535] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.534200] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.540648] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.547536] device bridge_slave_0 entered promiscuous mode [ 54.564022] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.575574] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.582053] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.588885] device bridge_slave_1 entered promiscuous mode [ 54.618998] chnl_net:caif_netlink_parms(): no params data found [ 54.627669] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.645847] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.684322] IPVS: ftp: loaded support on port[0] = 21 [ 54.684513] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.697191] team0: Port device team_slave_0 added [ 54.703008] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.710746] team0: Port device team_slave_1 added [ 54.716400] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.722791] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.729408] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.735806] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.745838] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.753013] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.760884] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.767514] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.783151] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.792401] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.803127] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.816430] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.832681] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.839178] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.846200] device bridge_slave_0 entered promiscuous mode [ 54.853651] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.860001] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.867037] device bridge_slave_1 entered promiscuous mode [ 54.874114] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 54.902611] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.912071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.962080] device hsr_slave_0 entered promiscuous mode [ 55.000297] device hsr_slave_1 entered promiscuous mode [ 55.081309] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.087429] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.127086] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.138324] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.149760] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.157850] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.168547] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.179902] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.205695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.213457] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.221530] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.227989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.234921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.243326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.250917] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.257257] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.264298] chnl_net:caif_netlink_parms(): no params data found [ 55.275522] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 55.303406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.323361] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.331001] team0: Port device team_slave_0 added [ 55.339231] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.347643] team0: Port device team_slave_1 added [ 55.354432] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.371920] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 55.414997] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.434211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.445116] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 55.462471] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.512591] device hsr_slave_0 entered promiscuous mode [ 55.550598] device hsr_slave_1 entered promiscuous mode [ 55.600337] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.606700] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.614054] device bridge_slave_0 entered promiscuous mode [ 55.620506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.628148] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.642469] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.649904] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 55.657925] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.664647] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.672191] device bridge_slave_1 entered promiscuous mode [ 55.678200] chnl_net:caif_netlink_parms(): no params data found [ 55.690702] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.702588] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.709801] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.717548] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.740462] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 55.748071] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.759131] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.765646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.773317] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.800705] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.810680] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 55.819745] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.830349] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 55.836562] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.850001] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.856632] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.864202] device bridge_slave_0 entered promiscuous mode [ 55.871054] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.878510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.897441] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.909901] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.916548] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.923519] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.931856] device bridge_slave_1 entered promiscuous mode [ 55.950614] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.964056] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 55.970618] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.977813] team0: Port device team_slave_0 added [ 55.983724] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.990882] team0: Port device team_slave_1 added [ 55.996189] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.005196] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.018342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.028569] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.072497] device hsr_slave_0 entered promiscuous mode [ 56.110386] device hsr_slave_1 entered promiscuous mode [ 56.175153] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.191945] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.200804] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.207184] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.215829] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.231092] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.239188] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.245820] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.253990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.261572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.268320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.276123] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.283754] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.290133] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.299570] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.309204] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.316487] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.324277] team0: Port device team_slave_0 added [ 56.331209] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.337639] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.347252] team0: Port device team_slave_1 added [ 56.352745] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.362868] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.380892] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.387063] kasan: CONFIG_KASAN_INLINE enabled [ 56.388793] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.393152] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 56.393180] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 56.401293] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.407776] Modules linked in: [ 56.414039] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.420285] CPU: 0 PID: 6924 Comm: syz-executor.2 Not tainted 4.14.171-syzkaller #0 [ 56.420287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.420290] task: ffff8880a84385c0 task.stack: ffff88808d0c8000 [ 56.420301] RIP: 0010:refcount_sub_and_test+0x1c/0x90 [ 56.420305] RSP: 0018:ffff88808d0cfbd0 EFLAGS: 00010282 [ 56.424066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.438207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.447064] RAX: dffffc0000000000 RBX: 0000000000000001 RCX: 1ffff110150871d1 [ 56.447066] RDX: 0000000000000004 RSI: 0000000000000020 RDI: 0000000000000001 [ 56.447068] RBP: ffff88808d0cfbe0 R08: ffff8880a8438e88 R09: 0000000000000000 [ 56.447070] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88808b23e580 [ 56.447072] R13: dffffc0000000000 R14: ffff88808b23e594 R15: 0000000000000000 [ 56.447075] FS: 00000000012de940(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 56.447077] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.447079] CR2: 000000000075c081 CR3: 0000000099019000 CR4: 00000000001406f0 [ 56.447084] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.447085] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.447088] Call Trace: [ 56.447101] refcount_dec_and_test+0x11/0x20 [ 56.447107] vb2_vmalloc_put+0x11/0x50 [ 56.447113] __vb2_buf_mem_free+0xf0/0x1c0 [ 56.459822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.463678] __vb2_queue_free+0x57a/0x770 [ 56.463683] ? __vb2_queue_cancel+0x22f/0x870 [ 56.463689] vb2_core_queue_release+0x57/0x70 [ 56.463694] _vb2_fop_release+0x1ac/0x280 [ 56.463698] vb2_fop_release+0x66/0xd0 [ 56.463703] vivid_fop_release+0x15f/0x3a0 [ 56.463710] v4l2_release+0xeb/0x1a0 [ 56.472756] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 56.477367] __fput+0x232/0x750 [ 56.486653] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.491987] ? _raw_spin_unlock_irq+0x27/0x80 [ 56.491997] ____fput+0x9/0x10 [ 56.492001] task_work_run+0xe5/0x170 [ 56.492008] exit_to_usermode_loop+0x16a/0x1b0 [ 56.492013] do_syscall_64+0x416/0x5b0 [ 56.492016] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.492022] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 56.492029] RIP: 0033:0x412f61 [ 56.499862] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.506661] RSP: 002b:00007ffe2dd3af10 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 56.506666] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000412f61 [ 56.506668] RDX: 0000001b32620000 RSI: 0000000000000000 RDI: 0000000000000003 [ 56.506670] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 56.506672] R10: 00007ffe2dd3aff0 R11: 0000000000000293 R12: 0000000000760ef8 [ 56.506674] R13: 000000000000dc42 R14: 000000000000dc6f R15: 000000000075bf2c [ 56.506680] Code: 70 95 6e 05 00 0f 84 42 02 00 00 5d c3 66 90 48 b8 00 00 00 00 00 fc ff df 55 48 89 f2 48 89 e5 48 c1 ea 03 53 89 fb 48 83 ec 08 <0f> b6 14 02 48 89 f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 3a [ 56.506764] RIP: refcount_sub_and_test+0x1c/0x90 RSP: ffff88808d0cfbd0 [ 56.623794] ---[ end trace d151221853fc1a12 ]--- [ 56.734201] Kernel panic - not syncing: Fatal exception [ 56.740876] Kernel Offset: disabled [ 56.744545] Rebooting in 86400 seconds..