[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 18.237469] audit: type=1400 audit(1519542895.100:6): avc: denied { map } for pid=4218 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.217' (ECDSA) to the list of known hosts. syzkaller login: [ 24.487167] audit: type=1400 audit(1519542901.349:7): avc: denied { map } for pid=4232 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16479 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/02/25 07:15:01 parsed 1 programs 2018/02/25 07:15:01 executed programs: 0 [ 24.752268] audit: type=1400 audit(1519542901.615:8): avc: denied { map } for pid=4232 comm="syz-execprog" path="/root/syzkaller-shm907437956" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 24.786765] audit: type=1400 audit(1519542901.649:9): avc: denied { sys_admin } for pid=4239 comm="syz-executor0" capability=21 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 24.809426] IPVS: ftp: loaded support on port[0] = 21 [ 24.849784] audit: type=1400 audit(1519542901.710:10): avc: denied { net_admin } for pid=4243 comm="syz-executor6" capability=12 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 24.875951] IPVS: ftp: loaded support on port[0] = 21 [ 24.912133] IPVS: ftp: loaded support on port[0] = 21 [ 24.955414] IPVS: ftp: loaded support on port[0] = 21 [ 25.006547] IPVS: ftp: loaded support on port[0] = 21 [ 25.065713] IPVS: ftp: loaded support on port[0] = 21 [ 25.161688] IPVS: ftp: loaded support on port[0] = 21 [ 25.291839] IPVS: ftp: loaded support on port[0] = 21 [ 26.160164] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 26.281772] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 26.309393] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 26.500755] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 26.530767] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 26.586560] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 26.776996] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 26.913221] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 28.678108] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 28.684350] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.698932] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 28.705094] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.772198] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 28.778331] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.844570] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 28.850716] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.862891] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 28.931939] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 28.938116] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.959510] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 29.040906] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 29.047100] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.072110] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 29.080066] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 29.091865] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.107205] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 29.115125] audit: type=1400 audit(1519542905.977:11): avc: denied { sys_chroot } for pid=4242 comm="syz-executor3" capability=18 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1 [ 29.142497] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 29.196388] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 29.202793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 29.214886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.237159] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 29.270304] ------------[ cut here ]------------ [ 29.275229] refcount_t: underflow; use-after-free. [ 29.280483] WARNING: CPU: 0 PID: 5456 at lib/refcount.c:187 refcount_sub_and_test+0x167/0x1b0 [ 29.288480] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 29.289139] Kernel panic - not syncing: panic_on_warn set ... [ 29.289139] [ 29.289151] CPU: 0 PID: 5456 Comm: syz-executor3 Not tainted 4.16.0-rc2+ #238 [ 29.289156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.289160] Call Trace: [ 29.289175] dump_stack+0x194/0x24d [ 29.289189] ? arch_local_irq_restore+0x53/0x53 [ 29.295261] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.302570] ? vsnprintf+0x1ed/0x1900 [ 29.302586] panic+0x1e4/0x41c [ 29.302594] ? refcount_error_report+0x214/0x214 [ 29.302601] ? show_regs_print_info+0x18/0x18 [ 29.302623] ? __warn+0x1c1/0x200 [ 29.326901] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 29.330028] ? refcount_sub_and_test+0x167/0x1b0 [ 29.330038] __warn+0x1dc/0x200 [ 29.330048] ? refcount_sub_and_test+0x167/0x1b0 [ 29.330063] report_bug+0x211/0x2d0 [ 29.337974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 29.339711] fixup_bug.part.11+0x37/0x80 [ 29.339723] do_error_trap+0x2d7/0x3e0 [ 29.339731] ? vprintk_default+0x28/0x30 [ 29.339743] ? math_error+0x400/0x400 [ 29.343412] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.347640] ? printk+0xaa/0xca [ 29.347651] ? show_regs_print_info+0x18/0x18 [ 29.347677] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.347694] do_invalid_op+0x1b/0x20 [ 29.347704] invalid_op+0x58/0x80 [ 29.347713] RIP: 0010:refcount_sub_and_test+0x167/0x1b0 [ 29.347718] RSP: 0018:ffff8801caac6440 EFLAGS: 00010282 [ 29.347727] RAX: dffffc0000000008 RBX: 0000000000000201 RCX: ffffffff815abe7e [ 29.347732] RDX: 0000000000000000 RSI: 1ffff10039558c38 RDI: 1ffff10039558c0d [ 29.347737] RBP: ffff8801caac64d0 R08: 1ffff10039558bcf R09: 0000000000000000 [ 29.347741] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff10039558c89 [ 29.347746] R13: 00000000ffffff01 R14: 0000000000000300 R15: ffff8801d313833c [ 29.347765] ? vprintk_func+0x5e/0xc0 [ 29.347784] ? refcount_inc+0x50/0x50 [ 29.347790] ? refcount_sub_and_test+0x115/0x1b0 [ 29.347800] ? refcount_inc+0x50/0x50 [ 29.347808] ? sctp_do_sm+0x32e3/0x6ed0 [ 29.347818] ? sctp_close+0x266/0x9a0 [ 29.347826] ? inet_release+0xed/0x1c0 [ 29.347843] sock_wfree+0xa6/0x140 [ 29.366308] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 29.366510] sctp_wfree+0x2eb/0x670 [ 29.400088] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 29.400297] ? __sctp_write_space+0x910/0x910 [ 29.406809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.410021] skb_release_head_state+0x124/0x260 [ 29.410033] skb_release_all+0x15/0x60 [ 29.410042] consume_skb+0x153/0x490 [ 29.410051] ? sctp_chunk_put+0x99/0x420 [ 29.537810] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 29.539085] ? alloc_skb_with_frags+0x750/0x750 [ 29.539097] ? sctp_chunk_hold+0x20/0x20 [ 29.539117] ? refcount_sub_and_test+0x115/0x1b0 [ 29.539127] ? refcount_inc+0x50/0x50 [ 29.543704] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 29.546861] ? mark_held_locks+0xaf/0x100 [ 29.546878] ? sctp_datamsg_put+0x46f/0x5b0 [ 29.546899] sctp_chunk_put+0x29c/0x420 [ 29.546912] ? sctp_chunk_hold+0x20/0x20 [ 29.553222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 29.557596] ? sctp_transport_dst_confirm+0x50/0x50 [ 29.557612] ? save_stack+0xa3/0xd0 [ 29.557640] sctp_chunk_free+0x53/0x60 [ 29.569442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.570180] __sctp_outq_teardown+0x244/0x1230 [ 29.570190] ? get_signal+0x73a/0x16d0 [ 29.570197] ? do_signal+0x90/0x1e90 [ 29.570215] ? sctp_inq_set_th_handler+0x1d0/0x1d0 [ 29.624491] IPv6: veth1: IPv6 duplicate address fe80::1:b used by aa:aa:aa:aa:01:0b detected! [ 29.626480] ? free_obj_work+0x690/0x690 [ 29.626493] ? kfree+0xf3/0x260 [ 29.626503] ? skb_free_head+0x74/0xb0 [ 29.626515] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 29.647778] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 29.647827] ? trace_hardirqs_on+0xd/0x10 [ 29.656255] IPv6: veth0: IPv6 duplicate address fe80::a used by aa:aa:aa:aa:00:0a detected! [ 29.659946] ? __lock_is_held+0xb6/0x140 [ 29.659963] ? kfree_skbmem+0x1a1/0x1d0 [ 29.686590] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 29.686685] ? check_noncircular+0x20/0x20 [ 29.696105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 29.696922] ? rcu_read_lock_sched_held+0x108/0x120 [ 29.696933] ? kmem_cache_free+0x258/0x2a0 [ 29.711695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.712610] ? kfree_skbmem+0xe2/0x1d0 [ 29.712622] ? skb_to_sgvec_nomark+0x40/0x40 [ 29.712630] ? sctp_sock_rfree+0x18c/0x200 [ 29.712647] ? find_held_lock+0x35/0x1d0 2018/02/25 07:15:06 executed programs: 9 [ 29.735630] ? sock_def_wakeup+0x1fc/0x350 [ 29.739864] ? lock_downgrade+0x980/0x980 [ 29.744016] ? lock_release+0xa40/0xa40 [ 29.747998] sctp_outq_free+0x15/0x20 [ 29.751792] sctp_association_free+0x2d0/0x930 [ 29.756374] ? sctp_asconf_queue_teardown+0x700/0x700 [ 29.761562] ? sock_def_wakeup+0x225/0x350 [ 29.765787] ? sctp_ulpq_tail_event+0x164/0xc50 [ 29.770451] ? sk_dst_check+0x550/0x550 [ 29.774427] ? sctp_ulpq_reasm_drain+0x430/0x430 [ 29.779172] ? sctp_ulpevent_make_assoc_change+0x66d/0x8a0 [ 29.784809] sctp_do_sm+0x32e3/0x6ed0 [ 29.788622] ? sctp_do_8_2_transport_strike.isra.15+0x8a0/0x8a0 [ 29.788704] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 29.794676] ? sctp_chunkify+0x2fc/0x3f0 [ 29.794688] ? sctp_chunk_iif+0xa0/0xa0 [ 29.794699] ? kfree_skbmem+0x1a1/0x1d0 [ 29.794709] ? rcu_read_lock_sched_held+0x108/0x120 [ 29.794720] ? kmem_cache_free+0x258/0x2a0 [ 29.794739] ? print_irqtrace_events+0x270/0x270 [ 29.800895] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 29.804817] ? skb_dequeue+0x12a/0x180 [ 29.804826] ? skb_put+0x155/0x1d0 [ 29.804834] ? sctp_auth_send_cid+0xc4/0x140 [ 29.804845] ? _sctp_make_chunk+0x1f4/0x270 [ 29.804853] ? lock_release+0xa40/0xa40 [ 29.804863] ? skb_put+0x155/0x1d0 [ 29.804872] ? memcpy+0x45/0x50 [ 29.813428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.817785] ? sctp_make_abort_no_data+0x290/0x290 [ 29.817804] sctp_primitive_ABORT+0xa0/0xd0 [ 29.817821] sctp_close+0x266/0x9a0 [ 29.835762] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 29.837119] ? sctp_apply_peer_addr_params+0xf30/0xf30 [ 29.837131] ? __dentry_kill+0x4ae/0x700 [ 29.837149] ? trace_event_raw_event_sched_switch+0x810/0x810 [ 29.842432] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 29.845054] ? locks_remove_file+0x3fa/0x5a0 [ 29.845068] ? fcntl_setlk+0x1100/0x1100 [ 29.845077] ? fsnotify+0x7b3/0x1140 [ 29.845097] ? ip_mc_drop_socket+0x1ce/0x230 [ 29.849631] IPv6: veth0: IPv6 duplicate address fe80::6:10 used by aa:aa:aa:aa:06:10 detected! [ 29.853346] inet_release+0xed/0x1c0 [ 29.853362] sock_release+0x8d/0x1e0 [ 29.853374] ? sock_alloc_file+0x560/0x560 [ 29.857115] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 29.860146] sock_close+0x16/0x20 [ 29.860158] __fput+0x327/0x7e0 [ 29.860177] ? fput+0x140/0x140 [ 29.872057] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.875849] ? trace_event_raw_event_sched_switch+0x810/0x810 [ 29.875858] ? _raw_spin_unlock_irq+0x27/0x70 [ 29.875880] ____fput+0x15/0x20 [ 29.875890] task_work_run+0x199/0x270 [ 29.882417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 29.885535] ? task_work_cancel+0x210/0x210 [ 29.885547] ? _raw_spin_unlock+0x22/0x30 [ 29.885558] ? switch_task_namespaces+0x87/0xc0 [ 29.885578] do_exit+0x9bb/0x1ad0 [ 29.891264] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.894868] ? find_held_lock+0x35/0x1d0 [ 29.894885] ? mm_update_next_owner+0x930/0x930 [ 29.894899] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 29.894909] ? lock_downgrade+0x980/0x980 [ 29.894924] ? __unqueue_futex+0x1c0/0x290 [ 29.894931] ? lock_release+0xa40/0xa40 [ 29.894942] ? fault_in_user_writeable+0x90/0x90 [ 29.894954] ? do_raw_spin_trylock+0x190/0x190 [ 29.894963] ? futex_wake+0x680/0x680 [ 29.894984] ? drop_futex_key_refs.isra.13+0x63/0xb0 [ 29.894994] ? futex_wait+0x6a9/0x9a0 [ 29.895031] ? check_noncircular+0x20/0x20 [ 29.895041] ? drop_futex_key_refs.isra.13+0x63/0xb0 [ 29.895052] ? futex_wake+0x2ca/0x680 [ 29.895070] ? memset+0x31/0x40 [ 29.920331] IPv6: veth1: IPv6 duplicate address fe80::a8aa:aaff:feaa:610 used by aa:aa:aa:aa:06:10 detected! [ 29.923429] ? find_held_lock+0x35/0x1d0 [ 29.923452] ? get_signal+0x7a9/0x16d0 [ 29.923463] ? lock_downgrade+0x980/0x980 [ 29.932563] IPv6: veth0: IPv6 duplicate address fe80::a8aa:aaff:feaa:50f used by aa:aa:aa:aa:05:0f detected! [ 29.935893] do_group_exit+0x149/0x400 [ 29.935904] ? do_raw_spin_trylock+0x190/0x190 [ 29.935915] ? SyS_exit+0x30/0x30 [ 30.048235] IPv6: veth1: IPv6 duplicate address fe80::a8aa:aaff:feaa:10b used by aa:aa:aa:aa:01:0b detected! [ 30.048735] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.048751] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 30.112314] IPv6: veth0: IPv6 duplicate address fe80::a8aa:aaff:feaa:a used by aa:aa:aa:aa:00:0a detected! [ 30.113466] get_signal+0x73a/0x16d0 [ 30.113489] ? ptrace_notify+0x130/0x130 [ 30.120184] IPv6: veth0: IPv6 duplicate address fe80::a8aa:aaff:feaa:711 used by aa:aa:aa:aa:07:11 detected! [ 30.121473] ? avc_has_perm+0x43e/0x680 [ 30.121490] ? avc_has_perm_noaudit+0x520/0x520 [ 30.121498] ? __fget+0x342/0x5b0 [ 30.121512] ? lock_downgrade+0x980/0x980 [ 30.131726] IPv6: veth0: IPv6 duplicate address fe80::5:f used by aa:aa:aa:aa:05:0f detected! [ 30.135917] ? lock_release+0xa40/0xa40 [ 30.135940] do_signal+0x90/0x1e90 [ 30.135964] ? setup_sigcontext+0x7d0/0x7d0 [ 30.204850] ? sock_has_perm+0x2a4/0x420 [ 30.208893] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 30.214248] ? exit_to_usermode_loop+0x8c/0x2f0 [ 30.218895] exit_to_usermode_loop+0x258/0x2f0 [ 30.223453] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 30.228962] ? do_fast_syscall_32+0x156/0xf9f [ 30.233436] do_fast_syscall_32+0xbe6/0xf9f [ 30.237732] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.242205] ? do_int80_syscall_32+0x9c0/0x9c0 [ 30.246758] ? _raw_spin_unlock_irq+0x27/0x70 [ 30.251227] ? finish_task_switch+0x1c1/0x7e0 [ 30.255699] ? syscall_return_slowpath+0x2ac/0x550 [ 30.260602] ? prepare_exit_to_usermode+0x350/0x350 [ 30.265593] ? sysret32_from_system_call+0x5/0x3c [ 30.270412] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 30.272223] IPv6: veth1: IPv6 duplicate address fe80::a8aa:aaff:feaa:20c used by aa:aa:aa:aa:02:0c detected! [ 30.275244] entry_SYSENTER_compat+0x70/0x7f [ 30.275251] RIP: 0023:0xf7fb1c99 [ 30.275258] RSP: 002b:00000000f7f6b10c EFLAGS: 00000296 ORIG_RAX: 00000000000000f0 [ 30.300576] RAX: fffffffffffffe00 RBX: 000000000813b014 RCX: 0000000000000000 [ 30.307820] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 30.315063] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 30.322301] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 30.329541] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 30.337397] Dumping ftrace buffer: [ 30.340984] (ftrace buffer empty) [ 30.344666] Kernel Offset: disabled [ 30.348264] Rebooting in 86400 seconds..