[ 42.889142] random: cc1: uninitialized urandom read (8 bytes read) [ 43.531009] IPVS: ftp: loaded support on port[0] = 21 [ 44.683512] can: request_module (can-proto-0) failed. [ 44.693226] can: request_module (can-proto-0) failed. [ 44.872951] audit: type=1400 audit(1581097078.409:37): avc: denied { create } for pid=6970 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 44.896671] audit: type=1400 audit(1581097078.419:38): avc: denied { create } for pid=6970 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 44.920642] audit: type=1400 audit(1581097078.419:39): avc: denied { create } for pid=6970 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 45.090822] random: sshd: uninitialized urandom read (32 bytes read) [ 45.801695] random: sshd: uninitialized urandom read (32 bytes read) [ 46.019214] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.0' (ECDSA) to the list of known hosts. 2020/02/07 17:38:05 parsed 1 programs 2020/02/07 17:38:05 executed programs: 0 [ 52.025980] audit: type=1400 audit(1581097085.559:40): avc: denied { map } for pid=7042 comm="syz-execprog" path="/root/syzkaller-shm570714138" dev="sda1" ino=16501 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 52.331048] IPVS: ftp: loaded support on port[0] = 21 [ 53.147066] IPVS: ftp: loaded support on port[0] = 21 [ 53.194140] chnl_net:caif_netlink_parms(): no params data found [ 53.235117] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.242159] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.249205] device bridge_slave_0 entered promiscuous mode [ 53.256617] IPVS: ftp: loaded support on port[0] = 21 [ 53.257830] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.268950] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.276278] device bridge_slave_1 entered promiscuous mode [ 53.308884] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.319480] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.364401] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.371903] team0: Port device team_slave_0 added [ 53.379242] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.386506] team0: Port device team_slave_1 added [ 53.393929] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.401315] chnl_net:caif_netlink_parms(): no params data found [ 53.409595] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 53.442783] IPVS: ftp: loaded support on port[0] = 21 [ 53.502865] device hsr_slave_0 entered promiscuous mode [ 53.540329] device hsr_slave_1 entered promiscuous mode [ 53.643737] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 53.664682] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 53.673866] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.680846] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.687869] device bridge_slave_0 entered promiscuous mode [ 53.696552] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.702975] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.709874] device bridge_slave_1 entered promiscuous mode [ 53.725780] chnl_net:caif_netlink_parms(): no params data found [ 53.739964] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.762618] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.784282] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 53.791963] team0: Port device team_slave_0 added [ 53.797717] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 53.805034] team0: Port device team_slave_1 added [ 53.813928] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.835776] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 53.844013] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.850621] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.857699] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.864103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.882060] IPVS: ftp: loaded support on port[0] = 21 [ 53.892351] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.898788] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.905923] device bridge_slave_0 entered promiscuous mode [ 53.913035] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.919397] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.926656] device bridge_slave_1 entered promiscuous mode [ 53.992294] device hsr_slave_0 entered promiscuous mode [ 54.050335] device hsr_slave_1 entered promiscuous mode [ 54.092351] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.099517] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.108369] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.119641] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.178810] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.186595] team0: Port device team_slave_0 added [ 54.192350] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.199578] team0: Port device team_slave_1 added [ 54.212717] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.229394] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.252459] chnl_net:caif_netlink_parms(): no params data found [ 54.262516] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.268913] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.275602] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.281998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.299479] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.306518] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.314031] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.320942] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.382159] IPVS: ftp: loaded support on port[0] = 21 [ 54.402141] device hsr_slave_0 entered promiscuous mode [ 54.440367] device hsr_slave_1 entered promiscuous mode [ 54.521300] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.552488] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.611229] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.617804] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.626421] device bridge_slave_0 entered promiscuous mode [ 54.636391] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.643176] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.650689] device bridge_slave_1 entered promiscuous mode [ 54.670899] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.701650] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.711679] chnl_net:caif_netlink_parms(): no params data found [ 54.724491] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 54.749054] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 54.756332] team0: Port device team_slave_0 added [ 54.769108] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 54.777466] team0: Port device team_slave_1 added [ 54.783031] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.795494] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.802391] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.837722] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.857233] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.864074] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.874109] device bridge_slave_0 entered promiscuous mode [ 54.886956] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.893435] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.901066] device bridge_slave_1 entered promiscuous mode [ 54.909987] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.917196] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 54.952183] device hsr_slave_0 entered promiscuous mode [ 54.990359] device hsr_slave_1 entered promiscuous mode [ 55.031138] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.038150] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.053052] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.064348] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.070685] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.078233] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.086358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.101998] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.139174] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.146212] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.155116] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.161660] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.168746] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.179409] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.190001] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.200380] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.209295] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.219525] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.232411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.240717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.248621] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.255153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.263586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.272016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.279587] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.286171] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.293079] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.301030] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.308714] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.315136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.325752] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.341319] chnl_net:caif_netlink_parms(): no params data found [ 55.354906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.362779] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.372884] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.379252] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.387876] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.396830] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.408464] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.416659] team0: Port device team_slave_0 added [ 55.422597] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.429816] team0: Port device team_slave_1 added [ 55.447044] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 55.455711] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 55.463747] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.474395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.482221] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.491825] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 55.498609] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.505830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.517155] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 55.524485] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.543570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.561863] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 55.574987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.584068] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.590385] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.600283] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 55.614430] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 55.623094] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.629473] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.636625] device bridge_slave_0 entered promiscuous mode [ 55.645030] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.652754] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.659658] device bridge_slave_1 entered promiscuous mode [ 55.667258] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.675518] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.683409] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.689769] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.696857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.704913] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.772956] device hsr_slave_0 entered promiscuous mode [ 55.810436] device hsr_slave_1 entered promiscuous mode [ 55.871503] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 55.878776] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.886540] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 55.897227] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 55.911947] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 55.924375] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.931512] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.938410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.946239] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.954007] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.962201] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.969791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.977706] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.985199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.993584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.001476] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.007914] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.014825] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.022803] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.031339] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 56.040391] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 56.048697] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.059940] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 56.066242] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.082550] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.091174] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 56.098893] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.112913] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.120950] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.128375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.135989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.143655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.158662] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.167544] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 56.180502] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 56.189709] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 56.206715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.215773] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.224027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.231936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.239761] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.250512] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 56.259313] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 56.268310] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 56.277364] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.284729] team0: Port device team_slave_0 added [ 56.292817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.300767] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.307674] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.317966] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.325474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.333549] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.345768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.353380] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.361079] team0: Port device team_slave_1 added [ 56.367898] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 56.378483] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.387157] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.396953] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.404670] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.415525] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.426210] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 56.440441] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 56.449128] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.455929] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.468090] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.476563] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.484322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 56.491490] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.499885] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 56.506208] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.524952] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 56.537554] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 56.543948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.554400] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.562585] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.568932] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.577912] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 56.626932] FAULT_INJECTION: forcing a failure. [ 56.626932] name failslab, interval 1, probability 0, space 0, times 1 [ 56.642064] device hsr_slave_0 entered promiscuous mode [ 56.643352] CPU: 0 PID: 7098 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0 [ 56.655285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.664666] Call Trace: [ 56.667243] dump_stack+0xf7/0x13b [ 56.670791] should_fail.cold.3+0x105/0x14b [ 56.675098] should_failslab+0xba/0xf0 [ 56.678980] __kmalloc+0x2e8/0x7b0 [ 56.682674] ? tls_push_record+0xf6/0x14c0 [ 56.686904] tls_push_record+0xf6/0x14c0 [ 56.690951] tls_sw_sendpage+0x443/0xc50 [ 56.695013] ? tls_sw_sendmsg+0x10a0/0x10a0 [ 56.699346] ? pipe_lock+0x4f/0x60 [ 56.702884] inet_sendpage+0x122/0x600 [ 56.706758] ? kernel_sendpage+0xd0/0xd0 [ 56.710824] kernel_sendpage+0x60/0xd0 [ 56.714728] ? pipe_lock+0x4f/0x60 [ 56.718264] sock_sendpage+0x6d/0xd0 [ 56.721963] pipe_to_sendpage+0x206/0x420 [ 56.726122] ? generic_pipe_buf_nosteal+0x10/0x10 [ 56.730963] __splice_from_pipe+0x2cb/0x720 [ 56.735287] ? generic_pipe_buf_nosteal+0x10/0x10 [ 56.740166] ? generic_pipe_buf_nosteal+0x10/0x10 [ 56.745157] splice_from_pipe+0xb5/0x110 [ 56.749212] ? selinux_file_permission+0x2d1/0x3e0 [ 56.754131] ? splice_shrink_spd+0xa0/0xa0 [ 56.758367] ? rw_verify_area+0xb8/0x2b0 [ 56.762416] generic_splice_sendpage+0x10/0x20 [ 56.766992] SyS_splice+0x6e9/0x1580 [ 56.770690] ? __sb_end_write+0xa4/0xd0 [ 56.774706] ? compat_SyS_vmsplice+0x1e0/0x1e0 [ 56.779327] ? do_syscall_64+0x4c/0x5b0 [ 56.783310] ? compat_SyS_vmsplice+0x1e0/0x1e0 [ 56.787887] do_syscall_64+0x1c7/0x5b0 [ 56.791752] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.796594] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 56.801778] RIP: 0033:0x459a29 [ 56.804998] RSP: 002b:00007fd0736e6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 56.812849] RAX: ffffffffffffffda RBX: 00007fd0736e6c90 RCX: 0000000000459a29 [ 56.820105] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 56.827363] RBP: 000000000075bf20 R08: 0000000100000000 R09: 0000000000000000 [ 56.834622] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd0736e76d4 [ 56.841946] R13: 00000000004c9222 R14: 00000000004df820 R15: 0000000000000005 [ 56.881111] device hsr_slave_1 entered promiscuous mode [ 56.940927] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.949315] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.966270] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 56.973364] ================================================================== [ 56.980911] BUG: KASAN: use-after-free in scatterwalk_copychunks+0x207/0x690 [ 56.981713] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.988114] Read of size 4096 at addr ffff8880a5c11000 by task syz-executor.3/7098 [ 56.988124] [ 56.988132] CPU: 1 PID: 7098 Comm: syz-executor.3 Not tainted 4.14.170-syzkaller #0 [ 56.988134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.988137] Call Trace: [ 56.988152] dump_stack+0xf7/0x13b [ 56.988162] ? scatterwalk_copychunks+0x207/0x690 [ 56.988174] print_address_description.cold.7+0x9/0x1c9 [ 57.037342] ? scatterwalk_copychunks+0x207/0x690 [ 57.042182] kasan_report.cold.8+0x11a/0x2d3 [ 57.046983] check_memory_region+0x13e/0x1b0 [ 57.051382] memcpy+0x23/0x50 [ 57.054489] scatterwalk_copychunks+0x207/0x690 [ 57.059143] scatterwalk_map_and_copy+0x10d/0x1a0 [ 57.063976] ? __lock_is_held+0xb5/0x140 [ 57.068075] ? scatterwalk_copychunks+0x690/0x690 [ 57.072930] ? rcu_read_lock_sched_held+0x108/0x120 [ 57.077950] ? __kmalloc+0x36d/0x7b0 [ 57.081659] ? find_held_lock+0x36/0x1d0 [ 57.085707] ? gcmaes_encrypt.constprop.14+0x130/0xae0 [ 57.090979] gcmaes_encrypt.constprop.14+0x1c0/0xae0 [ 57.096090] ? lock_downgrade+0x7f0/0x7f0 [ 57.100241] generic_gcmaes_encrypt+0xf8/0x13d [ 57.104824] ? helper_rfc4106_encrypt+0x430/0x430 [ 57.109658] ? __kmalloc+0x36d/0x7b0 [ 57.113404] gcmaes_wrapper_encrypt+0xe0/0x140 [ 57.117979] tls_push_record+0x8e6/0x14c0 [ 57.122121] tls_sw_sendpage+0x443/0xc50 [ 57.126176] ? tls_sw_sendmsg+0x10a0/0x10a0 [ 57.130608] ? pipe_lock+0x4f/0x60 [ 57.134152] inet_sendpage+0x122/0x600 [ 57.138083] ? kernel_sendpage+0xd0/0xd0 [ 57.142142] kernel_sendpage+0x60/0xd0 [ 57.146077] ? pipe_lock+0x4f/0x60 [ 57.149612] sock_sendpage+0x6d/0xd0 [ 57.153346] pipe_to_sendpage+0x206/0x420 [ 57.157601] ? generic_pipe_buf_nosteal+0x10/0x10 [ 57.162440] __splice_from_pipe+0x2cb/0x720 [ 57.166742] ? generic_pipe_buf_nosteal+0x10/0x10 [ 57.171580] ? generic_pipe_buf_nosteal+0x10/0x10 [ 57.176414] splice_from_pipe+0xb5/0x110 [ 57.180464] ? selinux_file_permission+0x2d1/0x3e0 [ 57.185442] ? splice_shrink_spd+0xa0/0xa0 [ 57.189664] ? rw_verify_area+0xb8/0x2b0 [ 57.193727] generic_splice_sendpage+0x10/0x20 [ 57.198299] SyS_splice+0x6e9/0x1580 [ 57.202343] ? __sb_end_write+0xa4/0xd0 [ 57.206301] ? compat_SyS_vmsplice+0x1e0/0x1e0 [ 57.210871] ? do_syscall_64+0x4c/0x5b0 [ 57.214833] ? compat_SyS_vmsplice+0x1e0/0x1e0 [ 57.219394] do_syscall_64+0x1c7/0x5b0 [ 57.223371] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.228196] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 57.233370] RIP: 0033:0x459a29 [ 57.236546] RSP: 002b:00007fd0736e6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 57.244237] RAX: ffffffffffffffda RBX: 00007fd0736e6c90 RCX: 0000000000459a29 [ 57.251492] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 57.258749] RBP: 000000000075bf20 R08: 0000000100000000 R09: 0000000000000000 [ 57.266041] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd0736e76d4 [ 57.273298] R13: 00000000004c9222 R14: 00000000004df820 R15: 0000000000000005 [ 57.280636] [ 57.282245] Allocated by task 4108: [ 57.285866] save_stack_trace+0x16/0x20 [ 57.289821] save_stack+0x43/0xd0 [ 57.293258] kasan_kmalloc+0xc7/0xe0 [ 57.296974] kasan_slab_alloc+0x12/0x20 [ 57.300940] kmem_cache_alloc+0x12e/0x790 [ 57.305072] ptlock_alloc+0x1d/0x70 [ 57.308692] pte_alloc_one+0x46/0xd0 [ 57.312401] __pte_alloc+0x1d/0x280 [ 57.316016] copy_page_range+0xfed/0x1970 [ 57.320252] copy_process.part.37+0x5d91/0x66e0 [ 57.324902] _do_fork+0x155/0xbb0 [ 57.328346] SyS_clone+0x14/0x20 [ 57.331700] do_syscall_64+0x1c7/0x5b0 [ 57.335767] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 57.340932] [ 57.342540] Freed by task 5736: [ 57.345823] save_stack_trace+0x16/0x20 [ 57.349790] save_stack+0x43/0xd0 [ 57.353229] kasan_slab_free+0x71/0xc0 [ 57.357102] kmem_cache_free+0x80/0x2d0 [ 57.361062] ptlock_free+0x33/0x3d [ 57.364580] ___pte_free_tlb+0x3c/0xc0 [ 57.368443] free_pgd_range+0x894/0xae0 [ 57.372406] free_pgtables+0x237/0x310 [ 57.376281] exit_mmap+0x258/0x450 [ 57.379925] mmput+0xed/0x3c0 [ 57.384420] do_exit+0x8ae/0x2c00 [ 57.387850] do_group_exit+0xf4/0x2f0 [ 57.391638] SyS_exit_group+0x18/0x20 [ 57.395428] do_syscall_64+0x1c7/0x5b0 [ 57.399302] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 57.404525] [ 57.406134] The buggy address belongs to the object at ffff8880a5c11000 [ 57.406134] which belongs to the cache page->ptl of size 56 [ 57.418517] The buggy address is located 0 bytes inside of [ 57.418517] 56-byte region [ffff8880a5c11000, ffff8880a5c11038) [ 57.430237] The buggy address belongs to the page: [ 57.435157] page:ffffea0002970440 count:1 mapcount:0 mapping:ffff8880a5c11000 index:0xffff8880a5c11c08 [ 57.444648] flags: 0x1fffc0000000100(slab) [ 57.448861] raw: 01fffc0000000100 ffff8880a5c11000 ffff8880a5c11c08 0000000100000002 [ 57.456810] raw: ffffea00029643a0 ffffea0002946520 ffff8880aa810040 0000000000000000 [ 57.464668] page dumped because: kasan: bad access detected [ 57.470362] [ 57.471975] Memory state around the buggy address: [ 57.476895] ffff8880a5c10f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.484232] ffff8880a5c10f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 57.492270] >ffff8880a5c11000: fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb fb [ 57.499739] ^ [ 57.503133] ffff8880a5c11080: fb fb fc fc fc fc fb fb fb fb fb fb fb fc fc fc [ 57.510477] ffff8880a5c11100: fc fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb [ 57.517823] ================================================================== [ 57.525236] Disabling lock debugging due to kernel taint [ 57.532314] Kernel panic - not syncing: panic_on_warn set ... [ 57.532314] [ 57.539690] CPU: 1 PID: 7098 Comm: syz-executor.3 Tainted: G B 4.14.170-syzkaller #0 [ 57.548678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.558035] Call Trace: [ 57.560606] dump_stack+0xf7/0x13b [ 57.564171] ? scatterwalk_copychunks+0x207/0x690 [ 57.569000] panic+0x1b0/0x358 [ 57.572174] ? add_taint.cold.5+0x11/0x11 [ 57.576306] ? scatterwalk_copychunks+0x207/0x690 [ 57.581131] kasan_end_report+0x47/0x4f [ 57.585095] kasan_report.cold.8+0x76/0x2d3 [ 57.589402] check_memory_region+0x13e/0x1b0 [ 57.593793] memcpy+0x23/0x50 [ 57.596877] scatterwalk_copychunks+0x207/0x690 [ 57.601527] scatterwalk_map_and_copy+0x10d/0x1a0 [ 57.606353] ? __lock_is_held+0xb5/0x140 [ 57.610394] ? scatterwalk_copychunks+0x690/0x690 [ 57.615236] ? rcu_read_lock_sched_held+0x108/0x120 [ 57.620247] ? __kmalloc+0x36d/0x7b0 [ 57.623983] ? find_held_lock+0x36/0x1d0 [ 57.628042] ? gcmaes_encrypt.constprop.14+0x130/0xae0 [ 57.633458] gcmaes_encrypt.constprop.14+0x1c0/0xae0 [ 57.638540] ? lock_downgrade+0x7f0/0x7f0 [ 57.642680] generic_gcmaes_encrypt+0xf8/0x13d [ 57.647243] ? helper_rfc4106_encrypt+0x430/0x430 [ 57.652161] ? __kmalloc+0x36d/0x7b0 [ 57.655868] gcmaes_wrapper_encrypt+0xe0/0x140 [ 57.660432] tls_push_record+0x8e6/0x14c0 [ 57.664573] tls_sw_sendpage+0x443/0xc50 [ 57.668616] ? tls_sw_sendmsg+0x10a0/0x10a0 [ 57.672918] ? pipe_lock+0x4f/0x60 [ 57.676439] inet_sendpage+0x122/0x600 [ 57.680318] ? kernel_sendpage+0xd0/0xd0 [ 57.684359] kernel_sendpage+0x60/0xd0 [ 57.688226] ? pipe_lock+0x4f/0x60 [ 57.691741] sock_sendpage+0x6d/0xd0 [ 57.695429] pipe_to_sendpage+0x206/0x420 [ 57.699554] ? generic_pipe_buf_nosteal+0x10/0x10 [ 57.704375] __splice_from_pipe+0x2cb/0x720 [ 57.708674] ? generic_pipe_buf_nosteal+0x10/0x10 [ 57.713497] ? generic_pipe_buf_nosteal+0x10/0x10 [ 57.718338] splice_from_pipe+0xb5/0x110 [ 57.722388] ? selinux_file_permission+0x2d1/0x3e0 [ 57.727299] ? splice_shrink_spd+0xa0/0xa0 [ 57.731535] ? rw_verify_area+0xb8/0x2b0 [ 57.735653] generic_splice_sendpage+0x10/0x20 [ 57.740219] SyS_splice+0x6e9/0x1580 [ 57.743913] ? __sb_end_write+0xa4/0xd0 [ 57.747922] ? compat_SyS_vmsplice+0x1e0/0x1e0 [ 57.752492] ? do_syscall_64+0x4c/0x5b0 [ 57.756450] ? compat_SyS_vmsplice+0x1e0/0x1e0 [ 57.761021] do_syscall_64+0x1c7/0x5b0 [ 57.764894] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.769761] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 57.774973] RIP: 0033:0x459a29 [ 57.778149] RSP: 002b:00007fd0736e6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 57.785849] RAX: ffffffffffffffda RBX: 00007fd0736e6c90 RCX: 0000000000459a29 [ 57.793104] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 57.800547] RBP: 000000000075bf20 R08: 0000000100000000 R09: 0000000000000000 [ 57.808812] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd0736e76d4 [ 57.816093] R13: 00000000004c9222 R14: 00000000004df820 R15: 0000000000000005 [ 57.824754] Kernel Offset: disabled [ 57.828562] Rebooting in 86400 seconds..