[ 40.248984] audit: type=1400 audit(1583977698.731:37): avc: denied { map } for pid=6995 comm="syz-fuzzer" path="/root/syzkaller-shm988718889" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 40.510943] IPVS: ftp: loaded support on port[0] = 21 [ 41.659535] can: request_module (can-proto-0) failed. [ 41.669772] can: request_module (can-proto-0) failed. [ 41.852183] audit: type=1400 audit(1583977700.341:38): avc: denied { create } for pid=6995 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 41.876471] audit: type=1400 audit(1583977700.341:39): avc: denied { create } for pid=6995 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 41.900151] audit: type=1400 audit(1583977700.341:40): avc: denied { create } for pid=6995 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 42.072700] random: sshd: uninitialized urandom read (32 bytes read) [ 42.772916] random: sshd: uninitialized urandom read (32 bytes read) [ 43.016025] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.56' (ECDSA) to the list of known hosts. 2020/03/12 01:48:27 parsed 1 programs 2020/03/12 01:48:27 executed programs: 0 [ 49.160947] IPVS: ftp: loaded support on port[0] = 21 [ 49.967475] IPVS: ftp: loaded support on port[0] = 21 [ 50.013763] chnl_net:caif_netlink_parms(): no params data found [ 50.054625] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.061758] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.069416] device bridge_slave_0 entered promiscuous mode [ 50.071265] IPVS: ftp: loaded support on port[0] = 21 [ 50.076789] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.086848] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.094394] device bridge_slave_1 entered promiscuous mode [ 50.115021] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.139933] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.164001] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.171333] team0: Port device team_slave_0 added [ 50.189218] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.196596] team0: Port device team_slave_1 added [ 50.204078] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.213263] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.223423] chnl_net:caif_netlink_parms(): no params data found [ 50.282525] device hsr_slave_0 entered promiscuous mode [ 50.350297] device hsr_slave_1 entered promiscuous mode [ 50.436155] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.444357] IPVS: ftp: loaded support on port[0] = 21 [ 50.444911] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.472860] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.479280] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.486962] device bridge_slave_0 entered promiscuous mode [ 50.497207] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.504135] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.511538] device bridge_slave_1 entered promiscuous mode [ 50.530209] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.539063] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.557249] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.563804] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.570732] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.577079] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.590735] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.597903] team0: Port device team_slave_0 added [ 50.605840] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.613393] team0: Port device team_slave_1 added [ 50.618868] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.627472] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.721935] device hsr_slave_0 entered promiscuous mode [ 50.760290] device hsr_slave_1 entered promiscuous mode [ 50.800403] chnl_net:caif_netlink_parms(): no params data found [ 50.809586] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.817260] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.859177] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.865801] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.872423] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.878757] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.903263] IPVS: ftp: loaded support on port[0] = 21 [ 50.925646] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.932302] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.939397] device bridge_slave_0 entered promiscuous mode [ 50.946220] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.952828] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.959743] device bridge_slave_1 entered promiscuous mode [ 50.985024] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.995037] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.014946] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 51.021244] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.032303] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.039374] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.046966] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 51.065502] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.072255] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.099067] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.106249] team0: Port device team_slave_0 added [ 51.117639] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.144824] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.151978] team0: Port device team_slave_1 added [ 51.159505] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.170593] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.179014] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.200544] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.207571] chnl_net:caif_netlink_parms(): no params data found [ 51.222870] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.229929] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.238268] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.244421] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.259441] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.276196] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.284187] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.293343] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.299600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.307942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.316142] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.322565] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.329481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.337932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.345558] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.351912] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.358668] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.366014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.386506] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.395809] IPVS: ftp: loaded support on port[0] = 21 [ 51.403016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.463460] device hsr_slave_0 entered promiscuous mode [ 51.520431] device hsr_slave_1 entered promiscuous mode [ 51.593682] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.599919] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.611300] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.622733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.631818] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.653014] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.667738] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 51.675214] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.681853] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.688725] device bridge_slave_0 entered promiscuous mode [ 51.697495] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.703998] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.711546] device bridge_slave_1 entered promiscuous mode [ 51.718421] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.728577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.736827] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.744648] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.754212] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.762033] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.768398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.775472] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.820809] chnl_net:caif_netlink_parms(): no params data found [ 51.838549] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.856279] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.864158] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 51.874781] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 51.884063] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 51.894308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.902217] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.909911] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.916478] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.924067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.931892] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.939638] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.947373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.954915] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.962587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.971943] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.981667] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.989528] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.033039] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.047386] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.054008] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.061379] device bridge_slave_0 entered promiscuous mode [ 52.079252] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.089298] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.102118] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.108664] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.115895] device bridge_slave_1 entered promiscuous mode [ 52.122670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.131663] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.139884] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.148395] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.155997] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 52.164962] team0: Port device team_slave_0 added [ 52.179170] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.190690] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.209817] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.220857] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.228470] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.236599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.244437] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.252374] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.259690] team0: Port device team_slave_1 added [ 52.268947] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.276668] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.288112] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.296734] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.318288] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.347046] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 52.354710] team0: Port device team_slave_0 added [ 52.363069] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.370614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.378334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.388246] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.394567] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.452209] device hsr_slave_0 entered promiscuous mode [ 52.502377] device hsr_slave_1 entered promiscuous mode [ 52.562814] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.570430] team0: Port device team_slave_1 added [ 52.576122] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.624897] chnl_net:caif_netlink_parms(): no params data found [ 52.634817] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 52.642239] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.649678] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.714541] device hsr_slave_0 entered promiscuous mode [ 52.742457] kasan: CONFIG_KASAN_INLINE enabled [ 52.747189] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 52.755089] device hsr_slave_1 entered promiscuous mode [ 52.760469] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 52.766726] Modules linked in: [ 52.770077] CPU: 1 PID: 7117 Comm: syz-executor.3 Not tainted 4.14.173-syzkaller #0 [ 52.779766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.789166] task: ffff88808db72000 task.stack: ffff88808c310000 [ 52.795479] RIP: 0010:do_blockdev_direct_IO+0x18f1/0x6be0 [ 52.801083] RSP: 0018:ffff88808c317490 EFLAGS: 00010202 [ 52.806431] RAX: 0000000000000004 RBX: ffffea000230241c RCX: 000000000000000c [ 52.813692] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000020 [ 52.820952] RBP: ffff88808c3177a0 R08: 0000000000000000 R09: ffff88809a62aa80 [ 52.828206] R10: ffffed10134c5560 R11: 0000000000000000 R12: dffffc0000000000 [ 52.835523] R13: 0000000000000000 R14: ffffea0002302400 R15: ffff88808cf67a40 [ 52.842852] FS: 00007f0e8030a700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 52.851133] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.857020] CR2: 0000000000b8e900 CR3: 000000008d087000 CR4: 00000000001406e0 [ 52.864280] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.871921] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.879462] Call Trace: [ 52.882043] ? sb_init_dio_done_wq+0x60/0x60 [ 52.886448] ? ext4_dio_get_block_unwritten_sync+0xb0/0xb0 [ 52.892241] ? ext4_direct_IO+0xfd5/0x1b80 [ 52.896472] ? lock_downgrade+0x7f0/0x7f0 [ 52.900612] __blockdev_direct_IO+0x72/0xd9 [ 52.905051] ext4_direct_IO+0x6ed/0x1b80 [ 52.909106] generic_file_direct_write+0x1ee/0x410 [ 52.914174] __generic_file_write_iter+0x270/0x580 [ 52.919250] ext4_file_write_iter+0x27a/0xe40 [ 52.924176] ? __lock_is_held+0xb5/0x140 [ 52.928412] ? ext4_file_mmap+0x260/0x260 [ 52.932552] ? __might_sleep+0x93/0xb0 [ 52.936686] do_iter_readv_writev+0x460/0x900 [ 52.941385] ? selinux_file_permission+0x31f/0x3e0 [ 52.946317] ? vfs_dedupe_file_range+0x800/0x800 [ 52.951081] ? rw_verify_area+0xb8/0x2b0 [ 52.955155] do_iter_write+0x12b/0x520 [ 52.959042] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.964183] ? __kmalloc+0x36d/0x7b0 [ 52.967879] vfs_iter_write+0x5b/0xb0 [ 52.971672] iter_file_splice_write+0x540/0xc20 [ 52.976352] ? default_file_splice_read+0x820/0x820 [ 52.981363] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 52.986331] ? __sb_start_write+0x1f3/0x2a0 [ 52.990749] SyS_splice+0x6e9/0x1580 [ 52.994666] ? put_timespec64+0xa4/0xf0 [ 52.998639] ? nsecs_to_jiffies+0x20/0x20 [ 53.002891] ? compat_SyS_vmsplice+0x1e0/0x1e0 [ 53.007461] ? do_syscall_64+0x4c/0x5b0 [ 53.011434] ? compat_SyS_vmsplice+0x1e0/0x1e0 [ 53.016010] do_syscall_64+0x1c7/0x5b0 [ 53.019898] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.024745] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 53.029928] RIP: 0033:0x459a59 [ 53.033097] RSP: 002b:00007f0e80309c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 53.040799] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459a59 [ 53.048048] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000004 [ 53.055300] RBP: 000000000075bf20 R08: 00000000ffffffff R09: 0000000000000000 [ 53.062568] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0e8030a6d4 [ 53.069841] R13: 00000000004c954e R14: 00000000004dffb0 R15: 00000000ffffffff [ 53.077104] Code: ff ff 48 8b bc 24 e0 00 00 00 48 c7 c6 80 84 94 86 e8 a4 fa e0 ff 0f 0b 48 8b 84 24 e0 00 00 00 48 8d 78 20 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 f3 44 00 00 48 8b 9c 24 e0 00 00 00 48 8b [ 53.096161] RIP: do_blockdev_direct_IO+0x18f1/0x6be0 RSP: ffff88808c317490 [ 53.104386] ---[ end trace 9af91b54781eeb88 ]--- [ 53.109164] Kernel panic - not syncing: Fatal exception [ 53.116100] Kernel Offset: disabled [ 53.119737] Rebooting in 86400 seconds..