[ 41.100908] IPVS: ftp: loaded support on port[0] = 21 [ 42.272014] can: request_module (can-proto-0) failed. [ 42.281904] can: request_module (can-proto-0) failed. [ 42.291101] can: request_module (can-proto-0) failed. [ 42.452718] audit: type=1400 audit(1577039736.693:37): avc: denied { create } for pid=6836 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 42.476301] audit: type=1400 audit(1577039736.693:38): avc: denied { create } for pid=6836 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 42.500138] audit: type=1400 audit(1577039736.693:39): avc: denied { create } for pid=6836 comm="syz-fuzzer" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 42.657157] random: sshd: uninitialized urandom read (32 bytes read) [ 43.384426] random: sshd: uninitialized urandom read (32 bytes read) [ 43.577558] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.1.59' (ECDSA) to the list of known hosts. 2019/12/22 18:35:43 parsed 1 programs 2019/12/22 18:35:43 executed programs: 0 [ 49.400080] audit: type=1400 audit(1577039743.633:40): avc: denied { map } for pid=6908 comm="syz-execprog" path="/root/syzkaller-shm306416294" dev="sda1" ino=16491 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 49.462062] IPVS: ftp: loaded support on port[0] = 21 [ 50.215014] chnl_net:caif_netlink_parms(): no params data found [ 50.242715] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.249370] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.256337] device bridge_slave_0 entered promiscuous mode [ 50.263401] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.269768] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.276938] device bridge_slave_1 entered promiscuous mode [ 50.277248] IPVS: ftp: loaded support on port[0] = 21 [ 50.304647] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.316917] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.339954] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.347171] team0: Port device team_slave_0 added [ 50.354528] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.361678] team0: Port device team_slave_1 added [ 50.368720] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.379652] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.411265] IPVS: ftp: loaded support on port[0] = 21 [ 50.422248] device hsr_slave_0 entered promiscuous mode [ 50.470318] device hsr_slave_1 entered promiscuous mode [ 50.530822] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 50.538008] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 50.545667] audit: type=1400 audit(1577039744.783:41): avc: denied { write } for pid=6933 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 50.569939] audit: type=1400 audit(1577039744.783:42): avc: denied { read } for pid=6933 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 50.654727] chnl_net:caif_netlink_parms(): no params data found [ 50.688813] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.695307] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.702276] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.708628] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.736693] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.743706] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.752231] device bridge_slave_0 entered promiscuous mode [ 50.759012] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.765563] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.773591] IPVS: ftp: loaded support on port[0] = 21 [ 50.774199] device bridge_slave_1 entered promiscuous mode [ 50.802519] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.828515] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.838455] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 50.845569] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.888224] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 50.901598] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.908754] team0: Port device team_slave_0 added [ 50.914441] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.921749] team0: Port device team_slave_1 added [ 50.942054] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 50.955329] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 50.970421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.978355] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.985765] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.993806] chnl_net:caif_netlink_parms(): no params data found [ 51.005844] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.012145] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.032939] IPVS: ftp: loaded support on port[0] = 21 [ 51.091916] device hsr_slave_0 entered promiscuous mode [ 51.130310] device hsr_slave_1 entered promiscuous mode [ 51.191604] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 51.198816] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 51.221247] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 51.228548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.236217] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.242576] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.250946] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 51.258521] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.266443] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.274301] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.280707] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.306115] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.312784] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.319577] device bridge_slave_0 entered promiscuous mode [ 51.326453] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.333099] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.339930] device bridge_slave_1 entered promiscuous mode [ 51.356532] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 51.396817] chnl_net:caif_netlink_parms(): no params data found [ 51.405011] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.416720] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 51.428217] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 51.437753] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 51.448925] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 51.473126] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.493603] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 51.513716] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.522231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.529906] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.543676] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 51.550975] team0: Port device team_slave_0 added [ 51.556688] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 51.564189] team0: Port device team_slave_1 added [ 51.569877] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.578604] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 51.588667] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.600625] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 51.614297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 51.622296] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.634413] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 51.645119] IPVS: ftp: loaded support on port[0] = 21 [ 51.646425] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 51.659756] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 51.672867] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.681212] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.688654] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.695686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.705425] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.711931] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.728040] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 51.736172] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.743395] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.750494] device bridge_slave_0 entered promiscuous mode [ 51.762824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.771275] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.781376] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 51.793098] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 51.799143] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.808679] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.815215] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.822207] device bridge_slave_1 entered promiscuous mode [ 51.862004] device hsr_slave_0 entered promiscuous mode [ 51.900351] device hsr_slave_1 entered promiscuous mode [ 51.960466] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.968170] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.975903] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.982281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.989119] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.024554] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 52.034550] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.070714] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.079222] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 52.090311] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 52.106515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.114327] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.121937] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.128257] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.135622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.144330] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.156832] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 52.164559] chnl_net:caif_netlink_parms(): no params data found [ 52.184601] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.203984] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 52.213742] team0: Port device team_slave_0 added [ 52.219835] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 52.226908] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 52.235099] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 52.244148] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.252717] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.260890] team0: Port device team_slave_1 added [ 52.281882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.290789] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 52.301783] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.309297] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.318005] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.325086] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.334084] device bridge_slave_0 entered promiscuous mode [ 52.341204] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.348966] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.356922] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.423582] device hsr_slave_0 entered promiscuous mode [ 52.460383] device hsr_slave_1 entered promiscuous mode [ 52.500922] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.507285] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.515202] device bridge_slave_1 entered promiscuous mode [ 52.523458] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 52.531917] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.549309] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 52.557020] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.564569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.572556] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.592222] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.636584] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 52.644412] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.661196] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.668856] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.708726] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 52.731795] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 52.744907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.752636] refcount_t: underflow; use-after-free. [ 52.757751] ------------[ cut here ]------------ [ 52.762502] WARNING: CPU: 1 PID: 6960 at lib/refcount.c:187 refcount_sub_and_test.cold.13+0x13/0x1c [ 52.771661] Kernel panic - not syncing: panic_on_warn set ... [ 52.771661] [ 52.778999] CPU: 1 PID: 6960 Comm: syz-executor.4 Not tainted 4.14.160-syzkaller #0 [ 52.786776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.796133] Call Trace: [ 52.798715] dump_stack+0xf7/0x13b [ 52.802295] ? refcount_sub_and_test.cold.13+0x13/0x1c [ 52.807553] panic+0x1b0/0x358 [ 52.810727] ? add_taint.cold.5+0x11/0x11 [ 52.814856] ? refcount_sub_and_test.cold.13+0x13/0x1c [ 52.820128] __warn.cold.8+0x25/0x2c [ 52.823838] ? refcount_sub_and_test.cold.13+0x13/0x1c [ 52.829147] report_bug+0x1a4/0x1f3 [ 52.832760] do_error_trap+0x1bd/0x310 [ 52.836634] ? math_error+0x300/0x300 [ 52.840442] ? vprintk_emit+0x1be/0x4e0 [ 52.844394] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.849215] do_invalid_op+0x1b/0x20 [ 52.853797] invalid_op+0x1b/0x40 [ 52.857240] RIP: 0010:refcount_sub_and_test.cold.13+0x13/0x1c [ 52.863102] RSP: 0018:ffff88807a387730 EFLAGS: 00010286 [ 52.868445] RAX: 0000000000000026 RBX: 0000000000008100 RCX: 0000000000000000 [ 52.875695] RDX: 0000000000000026 RSI: ffffffff86bcd8e0 RDI: ffffed100f470edd [ 52.882944] RBP: ffff88807a387740 R08: ffff8880a5304ac8 R09: 0000000000000000 [ 52.890200] R10: 0000000000000000 R11: dffffc0000000000 R12: 0000000000008100 [ 52.897458] R13: ffff8880a82032bc R14: ffffffff883524e0 R15: 0000000000000000 [ 52.904733] sock_wfree+0x9b/0x120 [ 52.908258] sctp_wfree+0x28b/0x5f0 [ 52.911878] skb_release_head_state+0xfc/0x1f0 [ 52.916450] skb_release_all+0xd/0x50 [ 52.920241] consume_skb+0x84/0x2a0 [ 52.923846] sctp_chunk_put+0x150/0x230 [ 52.927807] sctp_chunk_free+0x3f/0x50 [ 52.931687] __sctp_outq_teardown+0x1a2/0xe10 [ 52.936175] ? sock_def_wakeup+0xd4/0x1a0 [ 52.940315] sctp_outq_free+0x9/0x10 [ 52.944021] sctp_association_free+0x1d5/0x711 [ 52.948598] sctp_do_sm+0x2141/0x4910 [ 52.952381] ? trace_hardirqs_off+0x10/0x10 [ 52.956697] ? cache_grow_end.part.33+0x95/0x170 [ 52.961440] ? sctp_do_8_2_transport_strike.isra.17+0x800/0x800 [ 52.967486] ? rcu_read_lock_sched_held+0x108/0x120 [ 52.972751] ? kmem_cache_alloc+0x623/0x790 [ 52.977065] ? sctp_chunkify+0x47/0x2a0 [ 52.981018] ? sctp_chunkify+0x47/0x2a0 [ 52.984975] ? _sctp_make_chunk+0x18e/0x260 [ 52.989281] ? memcpy+0x45/0x50 [ 52.992571] ? sctp_make_abort_no_data+0x1a0/0x1a0 [ 52.997494] sctp_primitive_ABORT+0x7c/0xc0 [ 53.001933] sctp_close+0x23e/0x710 [ 53.005562] ? sctp_init_sock+0x1200/0x1200 [ 53.009883] ? lock_acquire+0x173/0x400 [ 53.013840] ? __sock_release+0x7d/0x2a0 [ 53.017886] inet_release+0xd9/0x1c0 [ 53.021579] __sock_release+0xc2/0x2a0 [ 53.025445] sock_close+0x10/0x20 [ 53.028884] __fput+0x232/0x750 [ 53.032296] ? _raw_spin_unlock_irq+0x27/0x80 [ 53.036785] ____fput+0x9/0x10 [ 53.039976] task_work_run+0xe5/0x170 [ 53.043789] exit_to_usermode_loop+0x16a/0x1b0 [ 53.048365] do_syscall_64+0x416/0x5b0 [ 53.052241] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.057065] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 53.062233] RIP: 0033:0x4141d1 [ 53.065403] RSP: 002b:00007ffeba090d50 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 53.073110] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00000000004141d1 [ 53.080361] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 53.087607] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 53.094859] R10: 00007ffeba090e30 R11: 0000000000000293 R12: 000000000075bf20 [ 53.102106] R13: 000000000000ce07 R14: 0000000000761400 R15: 000000000075bf2c [ 53.110808] Kernel Offset: disabled [ 53.114481] Rebooting in 86400 seconds..