[ 70.013568][ T26] audit: type=1800 audit(1564120403.426:27): pid=10161 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 70.036806][ T26] audit: type=1800 audit(1564120403.426:28): pid=10161 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 70.869919][ T26] audit: type=1800 audit(1564120404.336:29): pid=10161 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 70.890284][ T26] audit: type=1800 audit(1564120404.346:30): pid=10161 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.79' (ECDSA) to the list of known hosts. 2019/07/26 05:56:43 parsed 1 programs 2019/07/26 05:56:45 executed programs: 0 syzkaller login: [ 271.824033][T10340] IPVS: ftp: loaded support on port[0] = 21 [ 271.824728][T10342] IPVS: ftp: loaded support on port[0] = 21 [ 271.842659][T10341] IPVS: ftp: loaded support on port[0] = 21 [ 271.861380][T10344] IPVS: ftp: loaded support on port[0] = 21 [ 271.942845][T10348] IPVS: ftp: loaded support on port[0] = 21 [ 271.943835][T10346] IPVS: ftp: loaded support on port[0] = 21 [ 272.072055][T10342] chnl_net:caif_netlink_parms(): no params data found [ 272.204214][T10342] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.211369][T10342] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.219247][T10342] device bridge_slave_0 entered promiscuous mode [ 272.243290][T10340] chnl_net:caif_netlink_parms(): no params data found [ 272.253092][T10342] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.260677][T10342] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.268136][T10342] device bridge_slave_1 entered promiscuous mode [ 272.282575][T10342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 272.295248][T10342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 272.307584][T10344] chnl_net:caif_netlink_parms(): no params data found [ 272.373536][T10341] chnl_net:caif_netlink_parms(): no params data found [ 272.385453][T10348] chnl_net:caif_netlink_parms(): no params data found [ 272.412429][T10342] team0: Port device team_slave_0 added [ 272.446148][T10344] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.453317][T10344] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.461108][T10344] device bridge_slave_0 entered promiscuous mode [ 272.469137][T10342] team0: Port device team_slave_1 added [ 272.479073][T10340] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.486407][T10340] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.494190][T10340] device bridge_slave_0 entered promiscuous mode [ 272.503292][T10340] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.510434][T10340] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.518188][T10340] device bridge_slave_1 entered promiscuous mode [ 272.531820][T10344] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.538868][T10344] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.546730][T10344] device bridge_slave_1 entered promiscuous mode [ 272.570905][T10344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 272.624779][T10344] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 272.658119][T10344] team0: Port device team_slave_0 added [ 272.663943][T10341] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.672554][T10341] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.680386][T10341] device bridge_slave_0 entered promiscuous mode [ 272.697073][T10348] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.704227][T10348] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.711993][T10348] device bridge_slave_0 entered promiscuous mode [ 272.721383][T10348] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.728436][T10348] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.735923][T10348] device bridge_slave_1 entered promiscuous mode [ 272.744850][T10344] team0: Port device team_slave_1 added [ 272.750788][T10341] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.757845][T10341] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.765430][T10341] device bridge_slave_1 entered promiscuous mode [ 272.773545][T10340] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 272.784187][T10340] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 272.842562][T10342] device hsr_slave_0 entered promiscuous mode [ 272.890011][T10342] device hsr_slave_1 entered promiscuous mode [ 272.930087][T10346] chnl_net:caif_netlink_parms(): no params data found [ 272.988346][T10341] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 273.003410][T10340] team0: Port device team_slave_0 added [ 273.010471][T10340] team0: Port device team_slave_1 added [ 273.023874][T10348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 273.038258][T10341] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 273.122464][T10344] device hsr_slave_0 entered promiscuous mode [ 273.160088][T10344] device hsr_slave_1 entered promiscuous mode [ 273.199849][T10344] debugfs: Directory 'hsr0' with parent '/' already present! [ 273.208743][T10348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 273.272073][T10340] device hsr_slave_0 entered promiscuous mode [ 273.330322][T10340] device hsr_slave_1 entered promiscuous mode [ 273.369931][T10340] debugfs: Directory 'hsr0' with parent '/' already present! [ 273.382995][T10346] bridge0: port 1(bridge_slave_0) entered blocking state [ 273.390430][T10346] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.397892][T10346] device bridge_slave_0 entered promiscuous mode [ 273.413540][T10341] team0: Port device team_slave_0 added [ 273.429850][T10346] bridge0: port 2(bridge_slave_1) entered blocking state [ 273.436909][T10346] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.445387][T10346] device bridge_slave_1 entered promiscuous mode [ 273.453938][T10348] team0: Port device team_slave_0 added [ 273.462413][T10341] team0: Port device team_slave_1 added [ 273.478766][T10348] team0: Port device team_slave_1 added [ 273.551487][T10341] device hsr_slave_0 entered promiscuous mode [ 273.590022][T10341] device hsr_slave_1 entered promiscuous mode [ 273.639811][T10341] debugfs: Directory 'hsr0' with parent '/' already present! [ 273.654724][T10346] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 273.702306][T10348] device hsr_slave_0 entered promiscuous mode [ 273.750162][T10348] device hsr_slave_1 entered promiscuous mode [ 273.819807][T10348] debugfs: Directory 'hsr0' with parent '/' already present! [ 273.842274][T10346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 273.866148][T10346] team0: Port device team_slave_0 added [ 273.873297][T10346] team0: Port device team_slave_1 added [ 273.922858][T10346] device hsr_slave_0 entered promiscuous mode [ 273.970061][T10346] device hsr_slave_1 entered promiscuous mode [ 274.029853][T10346] debugfs: Directory 'hsr0' with parent '/' already present! [ 274.103018][T10342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 274.110791][T10346] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.117858][T10346] bridge0: port 2(bridge_slave_1) entered forwarding state [ 274.174469][T10344] 8021q: adding VLAN 0 to HW filter on device bond0 [ 274.191614][ T3013] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.201752][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 274.209302][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 274.218444][T10342] 8021q: adding VLAN 0 to HW filter on device team0 [ 274.228827][T10341] 8021q: adding VLAN 0 to HW filter on device bond0 [ 274.242740][T10340] 8021q: adding VLAN 0 to HW filter on device bond0 [ 274.258186][T10344] 8021q: adding VLAN 0 to HW filter on device team0 [ 274.270146][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 274.278660][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 274.287832][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 274.296479][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 274.305404][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.312487][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 274.320397][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 274.328788][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 274.337102][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.344150][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 274.352574][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 274.360551][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 274.380418][T10341] 8021q: adding VLAN 0 to HW filter on device team0 [ 274.389738][T10348] 8021q: adding VLAN 0 to HW filter on device bond0 [ 274.402425][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 274.412697][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 274.421107][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.428128][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 274.435776][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 274.443337][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 274.451179][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 274.459485][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 274.467256][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 274.479783][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 274.488371][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 274.497178][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 274.507305][T10340] 8021q: adding VLAN 0 to HW filter on device team0 [ 274.536494][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 274.544597][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 274.553466][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 274.562125][T10355] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.569165][T10355] bridge0: port 2(bridge_slave_1) entered forwarding state [ 274.576927][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 274.585523][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 274.593943][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 274.602357][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 274.610758][T10355] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.617787][T10355] bridge0: port 1(bridge_slave_0) entered forwarding state [ 274.625303][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 274.634047][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 274.642582][T10355] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.649627][T10355] bridge0: port 2(bridge_slave_1) entered forwarding state [ 274.657252][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 274.666927][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 274.674840][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 274.682545][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 274.707229][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 274.715749][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 274.725428][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 274.734026][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 274.742468][T10355] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.749489][T10355] bridge0: port 1(bridge_slave_0) entered forwarding state [ 274.757077][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 274.766504][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 274.774831][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 274.783386][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 274.792120][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 274.800438][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 274.808525][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 274.816717][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 274.824868][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 274.833226][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 274.841143][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 274.851913][T10348] 8021q: adding VLAN 0 to HW filter on device team0 [ 274.869389][T10341] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 274.880650][T10341] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 274.897658][T10342] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 274.908534][T10342] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 274.922996][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 274.932903][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 274.941486][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.948519][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 274.956149][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 274.964803][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 274.973054][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 274.981392][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 274.989540][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 274.997918][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 275.006149][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 275.014270][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 275.022415][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 275.030828][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 275.039031][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 275.047293][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 275.055711][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 275.063811][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 275.071484][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 275.091851][T10344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 275.103898][T10346] 8021q: adding VLAN 0 to HW filter on device bond0 [ 275.112361][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 275.121668][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 275.139614][T10341] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 275.158321][T10342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 275.171457][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 275.187341][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 275.196411][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 275.205553][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 275.213951][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.221014][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 275.228479][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 275.236810][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 275.250694][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 275.260652][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 275.269106][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.276211][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 275.284413][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 275.293145][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 275.302757][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 275.318008][T10346] 8021q: adding VLAN 0 to HW filter on device team0 [ 275.330086][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 275.338651][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 275.350396][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 275.358240][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 275.366289][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 275.374952][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 275.386284][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 275.410877][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 275.419633][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 275.430560][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 275.438900][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.445979][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 275.454688][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 275.463958][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 275.472623][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.479657][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 275.507424][T10344] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 275.517391][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 275.526959][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 275.535837][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 275.545187][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 275.553567][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 275.561949][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 275.570509][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 275.578603][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 275.587177][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 275.598548][T10348] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 275.611326][T10348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 275.666354][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 275.700497][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 275.717337][T10346] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 275.734088][T10346] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 275.752373][T10340] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 275.761325][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 275.772230][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 275.789030][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 275.818805][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 275.840271][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 275.848699][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 275.857325][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 275.865792][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 275.874129][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 275.882369][T10355] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 275.901964][T10348] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 275.946163][T10346] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/07/26 05:56:50 executed programs: 43 2019/07/26 05:56:55 executed programs: 277 2019/07/26 05:57:00 executed programs: 509 2019/07/26 05:57:05 executed programs: 745 2019/07/26 05:57:10 executed programs: 983 2019/07/26 05:57:15 executed programs: 1213 2019/07/26 05:57:20 executed programs: 1438 2019/07/26 05:57:25 executed programs: 1669 2019/07/26 05:57:30 executed programs: 1891 2019/07/26 05:57:35 executed programs: 2119 2019/07/26 05:57:40 executed programs: 2340 2019/07/26 05:57:45 executed programs: 2564 2019/07/26 05:57:50 executed programs: 2783 2019/07/26 05:57:55 executed programs: 2996 2019/07/26 05:58:00 executed programs: 3213 2019/07/26 05:58:05 executed programs: 3421 2019/07/26 05:58:10 executed programs: 3649 [ 358.259950][T24538] ================================================================== [ 358.268091][T24538] BUG: KASAN: use-after-free in do_raw_spin_lock+0x28a/0x2e0 [ 358.275472][T24538] Read of size 4 at addr ffff888091bd6e64 by task syz-executor.5/24538 [ 358.283697][T24538] [ 358.286044][T24538] CPU: 0 PID: 24538 Comm: syz-executor.5 Not tainted 5.3.0-rc1+ #84 [ 358.294012][T24538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 358.304062][T24538] Call Trace: [ 358.307366][T24538] dump_stack+0x172/0x1f0 [ 358.311715][T24538] ? do_raw_spin_lock+0x28a/0x2e0 [ 358.316759][T24538] print_address_description.cold+0xd4/0x306 [ 358.322740][T24538] ? do_raw_spin_lock+0x28a/0x2e0 [ 358.327775][T24538] ? do_raw_spin_lock+0x28a/0x2e0 [ 358.332795][T24538] __kasan_report.cold+0x1b/0x36 [ 358.337731][T24538] ? do_raw_spin_lock+0x28a/0x2e0 [ 358.342760][T24538] kasan_report+0x12/0x17 [ 358.347118][T24538] __asan_report_load4_noabort+0x14/0x20 [ 358.352761][T24538] do_raw_spin_lock+0x28a/0x2e0 [ 358.357625][T24538] ? rwlock_bug.part.0+0x90/0x90 [ 358.362567][T24538] ? lock_acquire+0x190/0x410 [ 358.367250][T24538] ? sk_psock_unlink+0x250/0x4b0 [ 358.372203][T24538] _raw_spin_lock_bh+0x3b/0x50 [ 358.376970][T24538] ? sk_psock_unlink+0x250/0x4b0 [ 358.376986][T24538] sk_psock_unlink+0x250/0x4b0 [ 358.377002][T24538] ? sk_psock_link_pop+0x186/0x1f0 [ 358.377025][T24538] ? tcp_check_oom+0x560/0x560 [ 358.386724][T24538] tcp_bpf_remove+0x21/0x50 [ 358.386737][T24538] tcp_bpf_close+0x130/0x390 [ 358.386754][T24538] inet_release+0xed/0x200 [ 358.386773][T24538] inet6_release+0x53/0x80 [ 358.396619][T24538] __sock_release+0xce/0x280 [ 358.396634][T24538] sock_close+0x1e/0x30 [ 358.396649][T24538] __fput+0x2ff/0x890 [ 358.396670][T24538] ? __sock_release+0x280/0x280 [ 358.406251][T24538] ____fput+0x16/0x20 [ 358.406265][T24538] task_work_run+0x145/0x1c0 [ 358.406286][T24538] exit_to_usermode_loop+0x316/0x380 [ 358.406306][T24538] do_syscall_64+0x5a9/0x6a0 [ 358.419674][T24538] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 358.419686][T24538] RIP: 0033:0x413511 [ 358.419714][T24538] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 358.419721][T24538] RSP: 002b:00007ffd9226d0a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 358.419732][T24538] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000413511 [ 358.419751][T24538] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 358.419758][T24538] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 358.419766][T24538] R10: 00007ffd9226d180 R11: 0000000000000293 R12: 000000000075bf20 [ 358.419793][T24538] R13: 000000000005774b R14: 00000000007610a8 R15: ffffffffffffffff [ 358.427898][T24538] [ 358.427907][T24538] Allocated by task 24553: [ 358.427923][T24538] save_stack+0x23/0x90 [ 358.427935][T24538] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 358.427952][T24538] kasan_kmalloc+0x9/0x10 [ 358.528714][T24538] kmem_cache_alloc_trace+0x158/0x790 [ 358.535430][T24538] sock_map_alloc+0x1bb/0x3a0 [ 358.535444][T24538] __do_sys_bpf+0x475/0x42f0 [ 358.535463][T24538] __x64_sys_bpf+0x73/0xb0 [ 358.568524][T24538] do_syscall_64+0xfd/0x6a0 [ 358.573031][T24538] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 358.578913][T24538] [ 358.581240][T24538] Freed by task 10593: [ 358.585309][T24538] save_stack+0x23/0x90 [ 358.589469][T24538] __kasan_slab_free+0x102/0x150 [ 358.594406][T24538] kasan_slab_free+0xe/0x10 [ 358.598897][T24538] kfree+0x10a/0x2c0 [ 358.602771][T24538] sock_map_free+0x22a/0x310 [ 358.607339][T24538] bpf_map_free_deferred+0xb3/0x100 [ 358.612608][T24538] process_one_work+0x9af/0x1740 [ 358.617537][T24538] worker_thread+0x98/0xe40 [ 358.622015][T24538] kthread+0x361/0x430 [ 358.626058][T24538] ret_from_fork+0x24/0x30 [ 358.630444][T24538] [ 358.632762][T24538] The buggy address belongs to the object at ffff888091bd6d40 [ 358.632762][T24538] which belongs to the cache kmalloc-512 of size 512 [ 358.646789][T24538] The buggy address is located 292 bytes inside of [ 358.646789][T24538] 512-byte region [ffff888091bd6d40, ffff888091bd6f40) [ 358.660032][T24538] The buggy address belongs to the page: [ 358.665647][T24538] page:ffffea000246f580 refcount:1 mapcount:0 mapping:ffff8880aa400a80 index:0xffff888091bd6ac0 [ 358.676164][T24538] flags: 0x1fffc0000000200(slab) [ 358.681085][T24538] raw: 01fffc0000000200 ffffea0002a4c048 ffffea0002803a88 ffff8880aa400a80 [ 358.689644][T24538] raw: ffff888091bd6ac0 ffff888091bd60c0 0000000100000004 0000000000000000 [ 358.698206][T24538] page dumped because: kasan: bad access detected [ 358.704587][T24538] [ 358.706891][T24538] Memory state around the buggy address: [ 358.712498][T24538] ffff888091bd6d00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 358.720532][T24538] ffff888091bd6d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 358.728574][T24538] >ffff888091bd6e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 358.736626][T24538] ^ [ 358.743795][T24538] ffff888091bd6e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 358.751834][T24538] ffff888091bd6f00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 358.759865][T24538] ================================================================== [ 358.767973][T24538] Kernel panic - not syncing: panic_on_warn set ... [ 358.774565][T24538] CPU: 0 PID: 24538 Comm: syz-executor.5 Tainted: G B 5.3.0-rc1+ #84 [ 358.777973][ T3907] kobject: 'loop1' (00000000d7fbeb8d): kobject_uevent_env [ 358.783916][T24538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 358.783922][T24538] Call Trace: [ 358.783945][T24538] dump_stack+0x172/0x1f0 [ 358.783964][T24538] panic+0x2dc/0x755 [ 358.783985][T24538] ? add_taint.cold+0x16/0x16 [ 358.792878][ T3907] kobject: 'loop1' (00000000d7fbeb8d): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 358.801132][T24538] ? trace_hardirqs_on+0x5e/0x240 [ 358.801144][T24538] ? trace_hardirqs_on+0x5e/0x240 [ 358.801168][T24538] ? do_raw_spin_lock+0x28a/0x2e0 [ 358.801188][T24538] end_report+0x47/0x4f [ 358.846563][T24538] ? do_raw_spin_lock+0x28a/0x2e0 [ 358.851566][T24538] __kasan_report.cold+0xe/0x36 [ 358.856394][T24538] ? do_raw_spin_lock+0x28a/0x2e0 [ 358.861399][T24538] kasan_report+0x12/0x17 [ 358.865707][T24538] __asan_report_load4_noabort+0x14/0x20 [ 358.871315][T24538] do_raw_spin_lock+0x28a/0x2e0 [ 358.876146][T24538] ? rwlock_bug.part.0+0x90/0x90 [ 358.881068][T24538] ? lock_acquire+0x190/0x410 [ 358.885726][T24538] ? sk_psock_unlink+0x250/0x4b0 [ 358.890647][T24538] _raw_spin_lock_bh+0x3b/0x50 [ 358.895389][T24538] ? sk_psock_unlink+0x250/0x4b0 [ 358.900302][T24538] sk_psock_unlink+0x250/0x4b0 [ 358.905064][T24538] ? sk_psock_link_pop+0x186/0x1f0 [ 358.910162][T24538] ? tcp_check_oom+0x560/0x560 [ 358.914903][T24538] tcp_bpf_remove+0x21/0x50 [ 358.919384][T24538] tcp_bpf_close+0x130/0x390 [ 358.923970][T24538] inet_release+0xed/0x200 [ 358.928371][T24538] inet6_release+0x53/0x80 [ 358.932766][T24538] __sock_release+0xce/0x280 [ 358.937349][T24538] sock_close+0x1e/0x30 [ 358.941502][T24538] __fput+0x2ff/0x890 [ 358.945463][T24538] ? __sock_release+0x280/0x280 [ 358.950291][T24538] ____fput+0x16/0x20 [ 358.954267][T24538] task_work_run+0x145/0x1c0 [ 358.958842][T24538] exit_to_usermode_loop+0x316/0x380 [ 358.964119][T24538] do_syscall_64+0x5a9/0x6a0 [ 358.968708][T24538] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 358.974589][T24538] RIP: 0033:0x413511 [ 358.978466][T24538] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 358.998067][T24538] RSP: 002b:00007ffd9226d0a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 359.006453][T24538] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000413511 [ 359.014399][T24538] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 359.022348][T24538] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 359.030317][T24538] R10: 00007ffd9226d180 R11: 0000000000000293 R12: 000000000075bf20 [ 359.038288][T24538] R13: 000000000005774b R14: 00000000007610a8 R15: ffffffffffffffff [ 359.047330][T24538] Kernel Offset: disabled [ 359.051653][T24538] Rebooting in 86400 seconds..