[ 69.256532][ T26] audit: type=1800 audit(1564876669.985:27): pid=10023 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 69.278916][ T26] audit: type=1800 audit(1564876669.985:28): pid=10023 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 70.068472][ T26] audit: type=1800 audit(1564876670.875:29): pid=10023 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 70.092247][ T26] audit: type=1800 audit(1564876670.875:30): pid=10023 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.62' (ECDSA) to the list of known hosts. syzkaller login: [ 736.634585][T10183] IPVS: ftp: loaded support on port[0] = 21 [ 736.643183][T10191] IPVS: ftp: loaded support on port[0] = 21 [ 736.650403][T10186] IPVS: ftp: loaded support on port[0] = 21 [ 736.659346][T10188] IPVS: ftp: loaded support on port[0] = 21 [ 736.666635][T10190] IPVS: ftp: loaded support on port[0] = 21 [ 736.695577][T10189] IPVS: ftp: loaded support on port[0] = 21 [ 736.860702][T10190] chnl_net:caif_netlink_parms(): no params data found [ 736.873245][T10191] chnl_net:caif_netlink_parms(): no params data found [ 736.892811][T10188] chnl_net:caif_netlink_parms(): no params data found [ 736.902744][T10186] chnl_net:caif_netlink_parms(): no params data found [ 736.920920][T10189] chnl_net:caif_netlink_parms(): no params data found [ 736.962370][T10183] chnl_net:caif_netlink_parms(): no params data found [ 737.017057][T10191] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.024614][T10191] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.032611][T10191] device bridge_slave_0 entered promiscuous mode [ 737.050387][T10188] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.058071][T10188] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.065820][T10188] device bridge_slave_0 entered promiscuous mode [ 737.078114][T10188] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.085246][T10188] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.093150][T10188] device bridge_slave_1 entered promiscuous mode [ 737.112895][T10191] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.119994][T10191] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.128171][T10191] device bridge_slave_1 entered promiscuous mode [ 737.157967][T10190] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.165763][T10190] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.173468][T10190] device bridge_slave_0 entered promiscuous mode [ 737.180597][T10186] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.187954][T10186] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.195696][T10186] device bridge_slave_0 entered promiscuous mode [ 737.219235][T10191] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 737.233424][T10190] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.240585][T10190] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.248526][T10190] device bridge_slave_1 entered promiscuous mode [ 737.255459][T10186] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.263070][T10186] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.270781][T10186] device bridge_slave_1 entered promiscuous mode [ 737.277873][T10189] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.285061][T10189] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.292926][T10189] device bridge_slave_0 entered promiscuous mode [ 737.299939][T10183] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.319012][T10183] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.326819][T10183] device bridge_slave_0 entered promiscuous mode [ 737.335287][T10191] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 737.346447][T10188] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 737.370703][T10189] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.378526][T10189] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.386285][T10189] device bridge_slave_1 entered promiscuous mode [ 737.393213][T10183] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.400274][T10183] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.408582][T10183] device bridge_slave_1 entered promiscuous mode [ 737.420586][T10188] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 737.437502][T10190] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 737.470066][T10189] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 737.487258][T10186] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 737.498600][T10190] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 737.514741][T10189] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 737.530338][T10191] team0: Port device team_slave_0 added [ 737.543654][T10186] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 737.559096][T10183] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 737.572990][T10191] team0: Port device team_slave_1 added [ 737.579287][T10189] team0: Port device team_slave_0 added [ 737.585852][T10188] team0: Port device team_slave_0 added [ 737.603533][T10183] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 737.614307][T10189] team0: Port device team_slave_1 added [ 737.621750][T10188] team0: Port device team_slave_1 added [ 737.638968][T10186] team0: Port device team_slave_0 added [ 737.646116][T10190] team0: Port device team_slave_0 added [ 737.713851][T10191] device hsr_slave_0 entered promiscuous mode [ 737.761479][T10191] device hsr_slave_1 entered promiscuous mode [ 737.802946][T10186] team0: Port device team_slave_1 added [ 737.815617][T10190] team0: Port device team_slave_1 added [ 737.882732][T10190] device hsr_slave_0 entered promiscuous mode [ 737.921371][T10190] device hsr_slave_1 entered promiscuous mode [ 737.961156][T10190] debugfs: Directory 'hsr0' with parent '/' already present! [ 737.972737][T10183] team0: Port device team_slave_0 added [ 738.023873][T10189] device hsr_slave_0 entered promiscuous mode [ 738.061592][T10189] device hsr_slave_1 entered promiscuous mode [ 738.101219][T10189] debugfs: Directory 'hsr0' with parent '/' already present! [ 738.127993][T10183] team0: Port device team_slave_1 added [ 738.223883][T10183] device hsr_slave_0 entered promiscuous mode [ 738.291340][T10183] device hsr_slave_1 entered promiscuous mode [ 738.371186][T10183] debugfs: Directory 'hsr0' with parent '/' already present! [ 738.423841][T10188] device hsr_slave_0 entered promiscuous mode [ 738.481635][T10188] device hsr_slave_1 entered promiscuous mode [ 738.531173][T10188] debugfs: Directory 'hsr0' with parent '/' already present! [ 738.572769][T10186] device hsr_slave_0 entered promiscuous mode [ 738.631513][T10186] device hsr_slave_1 entered promiscuous mode [ 738.671181][T10186] debugfs: Directory 'hsr0' with parent '/' already present! [ 738.792661][T10191] 8021q: adding VLAN 0 to HW filter on device bond0 [ 738.825075][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 738.833171][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 738.842151][T10191] 8021q: adding VLAN 0 to HW filter on device team0 [ 738.864351][T10183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 738.878290][T10188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 738.905823][T10186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 738.915555][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 738.926002][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 738.934434][ T2906] bridge0: port 1(bridge_slave_0) entered blocking state [ 738.941507][ T2906] bridge0: port 1(bridge_slave_0) entered forwarding state [ 738.949160][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 738.957668][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 738.965884][ T2906] bridge0: port 2(bridge_slave_1) entered blocking state [ 738.972968][ T2906] bridge0: port 2(bridge_slave_1) entered forwarding state [ 738.980543][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 738.997085][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 739.005428][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 739.013049][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 739.020942][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 739.035718][T10190] 8021q: adding VLAN 0 to HW filter on device bond0 [ 739.045456][T10188] 8021q: adding VLAN 0 to HW filter on device team0 [ 739.056506][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 739.064172][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 739.071972][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 739.080323][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 739.089373][T10194] bridge0: port 1(bridge_slave_0) entered blocking state [ 739.096445][T10194] bridge0: port 1(bridge_slave_0) entered forwarding state [ 739.104214][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 739.119279][T10186] 8021q: adding VLAN 0 to HW filter on device team0 [ 739.128404][T10183] 8021q: adding VLAN 0 to HW filter on device team0 [ 739.143118][T10189] 8021q: adding VLAN 0 to HW filter on device bond0 [ 739.154312][T10204] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 739.164700][T10204] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 739.172546][T10204] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 739.180062][T10204] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 739.188119][T10204] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 739.197304][T10204] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 739.205642][T10204] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 739.214273][T10204] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 739.222808][T10204] bridge0: port 2(bridge_slave_1) entered blocking state [ 739.229846][T10204] bridge0: port 2(bridge_slave_1) entered forwarding state [ 739.237425][T10204] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 739.245817][T10204] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 739.254305][T10204] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 739.262745][T10204] bridge0: port 1(bridge_slave_0) entered blocking state [ 739.269781][T10204] bridge0: port 1(bridge_slave_0) entered forwarding state [ 739.277306][T10204] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 739.285753][T10204] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 739.294248][T10204] bridge0: port 2(bridge_slave_1) entered blocking state [ 739.301341][T10204] bridge0: port 2(bridge_slave_1) entered forwarding state [ 739.308758][T10204] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 739.317966][T10204] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 739.325805][T10204] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 739.342994][T10190] 8021q: adding VLAN 0 to HW filter on device team0 [ 739.360911][T10191] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 739.372619][T10191] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 739.386315][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 739.394911][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 739.403413][T10200] bridge0: port 1(bridge_slave_0) entered blocking state [ 739.410451][T10200] bridge0: port 1(bridge_slave_0) entered forwarding state [ 739.418082][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 739.426093][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 739.433741][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 739.442128][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 739.450256][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 739.458687][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 739.466877][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 739.475158][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 739.484122][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 739.492569][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 739.500679][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 739.508842][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 739.517182][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 739.525445][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 739.533929][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 739.542066][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 739.549628][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 739.567299][T10183] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 739.577956][T10183] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 739.590537][T10189] 8021q: adding VLAN 0 to HW filter on device team0 [ 739.618005][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 739.626520][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 739.636581][ T2906] bridge0: port 2(bridge_slave_1) entered blocking state [ 739.644382][ T2906] bridge0: port 2(bridge_slave_1) entered forwarding state [ 739.654330][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 739.662830][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 739.671094][ T2906] bridge0: port 1(bridge_slave_0) entered blocking state [ 739.678132][ T2906] bridge0: port 1(bridge_slave_0) entered forwarding state [ 739.685685][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 739.694177][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 739.702841][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 739.711344][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 739.719594][ T2906] bridge0: port 2(bridge_slave_1) entered blocking state [ 739.726668][ T2906] bridge0: port 2(bridge_slave_1) entered forwarding state [ 739.734745][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 739.743103][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 739.751252][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 739.759625][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 739.768295][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 739.776758][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 739.785180][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 739.793904][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 739.802211][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 739.810264][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 739.818825][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 739.827466][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 739.835506][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 739.843362][ T2906] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 739.855745][T10188] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 739.867467][T10191] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 739.884375][T10203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 739.893463][T10203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 739.902307][T10203] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 739.910536][T10203] bridge0: port 1(bridge_slave_0) entered blocking state [ 739.917621][T10203] bridge0: port 1(bridge_slave_0) entered forwarding state [ 739.925384][T10203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 739.934033][T10203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 739.942512][T10203] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 739.951521][T10203] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 739.959356][T10203] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 739.978656][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 739.987459][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 739.996705][T10194] bridge0: port 2(bridge_slave_1) entered blocking state [ 740.003795][T10194] bridge0: port 2(bridge_slave_1) entered forwarding state [ 740.011981][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 740.020419][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 740.028990][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 740.037596][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 740.046137][T10194] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 740.061318][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 740.069876][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 740.078666][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 740.087235][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 740.095522][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 740.103818][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 740.118216][T10188] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 740.130407][T10183] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 740.148812][T10190] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 740.164919][T10190] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network executing program [ 740.179732][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 740.191444][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 740.200051][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 740.209487][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 740.218257][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 740.218941][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 740.235609][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 740.246706][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 740.255816][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 740.257130][T10216] IPVS: ftp: loaded support on port[0] = 21 [ 740.267350][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready executing program [ 740.277980][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 740.286745][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 740.294670][ T3488] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 740.306602][T10186] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network executing program [ 740.339876][T10223] IPVS: ftp: loaded support on port[0] = 21 [ 740.344149][T10190] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 740.366196][T10189] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 740.386342][T10189] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 740.396870][T10225] IPVS: ftp: loaded support on port[0] = 21 [ 740.403082][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 740.413807][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 740.422138][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 740.430549][T10200] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 740.465888][T10189] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 740.501530][T10186] 8021q: adding VLAN 0 to HW filter on device batadv0 executing program executing program [ 740.568723][T10235] IPVS: ftp: loaded support on port[0] = 21 [ 740.592412][ T33] Bluetooth: Error in BCSP hdr checksum executing program [ 740.636674][T10239] IPVS: ftp: loaded support on port[0] = 21 [ 740.679774][T10243] IPVS: ftp: loaded support on port[0] = 21 [ 742.351848][T10194] Bluetooth: hci1: command 0x1003 tx timeout [ 742.357924][T10194] Bluetooth: hci0: command 0x1003 tx timeout [ 742.358950][T10244] Bluetooth: hci1: sending frame failed (-49) [ 742.370094][T10244] Bluetooth: hci0: sending frame failed (-49) [ 742.432050][ T3488] Bluetooth: hci2: command 0x1003 tx timeout [ 742.438128][T10244] Bluetooth: hci2: sending frame failed (-49) [ 742.591555][ T3488] Bluetooth: hci3: command 0x1003 tx timeout [ 742.597780][T10244] Bluetooth: hci3: sending frame failed (-49) [ 742.671243][T10194] Bluetooth: hci4: command 0x1003 tx timeout [ 742.677401][T10244] Bluetooth: hci4: sending frame failed (-49) [ 742.751385][T10194] Bluetooth: hci5: command 0x1003 tx timeout [ 742.757548][T10244] Bluetooth: hci5: sending frame failed (-49) [ 744.431541][ T3488] Bluetooth: hci0: command 0x1001 tx timeout [ 744.437565][ T3488] Bluetooth: hci1: command 0x1001 tx timeout [ 744.437606][T10244] Bluetooth: hci0: sending frame failed (-49) [ 744.447670][T10245] Bluetooth: hci1: sending frame failed (-49) [ 744.511300][T10194] Bluetooth: hci2: command 0x1001 tx timeout [ 744.517511][T10245] Bluetooth: hci2: sending frame failed (-49) [ 744.671587][T10194] Bluetooth: hci3: command 0x1001 tx timeout [ 744.677735][T10245] Bluetooth: hci3: sending frame failed (-49) [ 744.751899][T10194] Bluetooth: hci4: command 0x1001 tx timeout [ 744.757963][T10245] Bluetooth: hci4: sending frame failed (-49) [ 744.831287][ T3488] Bluetooth: hci5: command 0x1001 tx timeout [ 744.837555][T10245] Bluetooth: hci5: sending frame failed (-49) [ 746.511125][T10194] Bluetooth: hci0: command 0x1009 tx timeout [ 746.511368][ T3488] Bluetooth: hci1: command 0x1009 tx timeout [ 746.591303][ T3488] Bluetooth: hci2: command 0x1009 tx timeout [ 746.751301][ T3488] Bluetooth: hci3: command 0x1009 tx timeout [ 746.831241][ T3488] Bluetooth: hci4: command 0x1009 tx timeout [ 746.911108][T10194] Bluetooth: hci5: command 0x1009 tx timeout [ 750.675537][T10223] ================================================================== [ 750.675656][T10223] BUG: KASAN: use-after-free in kfree_skb+0x38/0x3c0 [ 750.690320][T10223] Read of size 4 at addr ffff8880a40b6614 by task syz-executor822/10223 [ 750.698629][T10223] [ 750.700958][T10223] CPU: 0 PID: 10223 Comm: syz-executor822 Not tainted 5.3.0-rc2-next-20190802 #58 [ 750.710136][T10223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 750.720185][T10223] Call Trace: executing program [ 750.720269][T10223] dump_stack+0x172/0x1f0 [ 750.720289][T10223] ? kfree_skb+0x38/0x3c0 [ 750.727902][T10223] print_address_description.cold+0xd4/0x306 [ 750.738167][T10223] ? kfree_skb+0x38/0x3c0 [ 750.742489][T10223] ? kfree_skb+0x38/0x3c0 [ 750.742502][T10223] __kasan_report.cold+0x1b/0x36 [ 750.742516][T10223] ? kfree_skb+0x38/0x3c0 [ 750.742528][T10223] kasan_report+0x12/0x17 [ 750.742541][T10223] check_memory_region+0x134/0x1a0 [ 750.742553][T10223] __kasan_check_read+0x11/0x20 [ 750.742573][T10223] kfree_skb+0x38/0x3c0 executing program [ 750.756163][T10223] bcsp_close+0xc7/0x130 [ 750.756183][T10223] hci_uart_tty_close+0x21e/0x280 [ 750.765590][T10223] ? hci_uart_close+0x50/0x50 [ 750.765644][T10223] tty_ldisc_close.isra.0+0x119/0x190 [ 750.765663][T10223] tty_ldisc_kill+0x9c/0x160 [ 750.774643][T10223] tty_ldisc_release+0xe9/0x2b0 [ 750.774657][T10223] tty_release_struct+0x1b/0x50 [ 750.774677][T10223] tty_release+0xbcb/0xe90 [ 750.784041][T10223] __fput+0x2ff/0x890 [ 750.784055][T10223] ? put_tty_driver+0x20/0x20 [ 750.784069][T10223] ____fput+0x16/0x20 [ 750.784084][T10223] task_work_run+0x145/0x1c0 [ 750.784103][T10223] exit_to_usermode_loop+0x316/0x380 [ 750.784119][T10223] do_syscall_64+0x65f/0x760 [ 750.784181][T10223] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 750.798732][T10223] RIP: 0033:0x401fa0 [ 750.798748][T10223] Code: 01 f0 ff ff 0f 83 40 0d 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 8d 8b 2d 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 14 0d 00 00 c3 48 83 ec 08 e8 7a 02 00 00 [ 750.798755][T10223] RSP: 002b:00007ffcd25e8dd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 750.798767][T10223] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000401fa0 [ 750.798781][T10223] RDX: 0000000000442329 RSI: 0000000000000001 RDI: 0000000000000003 [ 750.808442][T10223] RBP: 00007ffcd25e8df0 R08: 0000000501bbbbbb R09: 0000000501bbbbbb [ 750.808450][T10223] R10: 0000000501bbbbbb R11: 0000000000000246 R12: 0000000000000000 [ 750.808458][T10223] R13: 00000000004031d0 R14: 0000000000000000 R15: 0000000000000000 [ 750.808471][T10223] executing program executing program [ 750.808484][T10223] Allocated by task 33: [ 750.821512][T10223] save_stack+0x23/0x90 [ 750.821524][T10223] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 750.821534][T10223] kasan_slab_alloc+0xf/0x20 [ 750.821545][T10223] kmem_cache_alloc_node+0x138/0x740 [ 750.821558][T10223] __alloc_skb+0xd5/0x5e0 [ 750.821569][T10223] bcsp_recv+0x8c1/0x13a0 [ 750.821581][T10223] hci_uart_tty_receive+0x279/0x790 [ 750.821593][T10223] tty_ldisc_receive_buf+0x15f/0x1c0 [ 750.821605][T10223] tty_port_default_receive_buf+0x7d/0xb0 [ 750.821623][T10223] flush_to_ldisc+0x222/0x390 [ 750.830159][T10223] process_one_work+0x9af/0x1740 [ 750.830170][T10223] worker_thread+0x98/0xe40 [ 750.830180][T10223] kthread+0x361/0x430 [ 750.830191][T10223] ret_from_fork+0x24/0x30 [ 750.830201][T10223] [ 750.840039][T10223] Freed by task 33: [ 750.840051][T10223] save_stack+0x23/0x90 [ 750.840062][T10223] __kasan_slab_free+0x102/0x150 [ 750.840072][T10223] kasan_slab_free+0xe/0x10 [ 750.840089][T10223] kmem_cache_free+0x86/0x320 [ 750.849843][T10223] kfree_skbmem+0xc5/0x150 [ 750.849855][T10223] kfree_skb+0x109/0x3c0 [ 750.849866][T10223] bcsp_recv+0x2d8/0x13a0 [ 750.849877][T10223] hci_uart_tty_receive+0x279/0x790 [ 750.849896][T10223] tty_ldisc_receive_buf+0x15f/0x1c0 [ 750.878523][T10223] tty_port_default_receive_buf+0x7d/0xb0 [ 750.878536][T10223] flush_to_ldisc+0x222/0x390 [ 750.878548][T10223] process_one_work+0x9af/0x1740 [ 750.878566][T10223] worker_thread+0x98/0xe40 [ 750.902560][T10223] kthread+0x361/0x430 [ 750.902574][T10223] ret_from_fork+0x24/0x30 [ 750.902577][T10223] [ 750.902587][T10223] The buggy address belongs to the object at ffff8880a40b6540 [ 750.902587][T10223] which belongs to the cache skbuff_head_cache of size 224 [ 750.902598][T10223] The buggy address is located 212 bytes inside of [ 750.902598][T10223] 224-byte region [ffff8880a40b6540, ffff8880a40b6620) [ 750.902602][T10223] The buggy address belongs to the page: [ 750.902613][T10223] page:ffffea0002902d80 refcount:1 mapcount:0 mapping:ffff8880a99a1c40 index:0x0 [ 750.902625][T10223] flags: 0x1fffc0000000200(slab) [ 750.902642][T10223] raw: 01fffc0000000200 ffffea000234a488 ffffea0002864588 ffff8880a99a1c40 [ 750.920780][T10223] raw: 0000000000000000 ffff8880a40b6040 000000010000000c 0000000000000000 [ 750.920786][T10223] page dumped because: kasan: bad access detected [ 750.920791][T10223] [ 750.920795][T10223] Memory state around the buggy address: [ 750.920805][T10223] ffff8880a40b6500: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 750.920819][T10223] ffff8880a40b6580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 750.927290][T10223] >ffff8880a40b6600: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 750.937044][T10223] ^ [ 750.937055][T10223] ffff8880a40b6680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 750.937065][T10223] ffff8880a40b6700: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 750.937070][T10223] ================================================================== [ 751.027038][T10249] IPVS: ftp: loaded support on port[0] = 21 [ 751.034081][T10247] IPVS: ftp: loaded support on port[0] = 21 [ 751.047185][T10251] kobject: 'rfkill14' (0000000096f04ea1): kobject_add_internal: parent: 'hci2', set: 'devices' [ 751.055717][T10249] kobject: 'lo' (0000000064ded0af): kobject_add_internal: parent: 'net', set: 'devices' [ 751.060864][T10248] kobject: 'nfs_client' (000000008e6b3eb8): kobject_add_internal: parent: 'net', set: 'nfs' [ 751.065324][T10249] kobject: 'lo' (0000000064ded0af): kobject_uevent_env [ 751.067872][T10251] kobject: 'rfkill14' (0000000096f04ea1): kobject_uevent_env [ 751.072253][T10249] kobject: 'lo' (0000000064ded0af): fill_kobj_path: path = '/devices/virtual/net/lo' [ 751.081215][T10248] kobject: 'nfs_client' (000000008e6b3eb8): kobject_uevent_env [ 751.102387][T10249] kobject: 'queues' (00000000e63c9e3b): kobject_add_internal: parent: 'lo', set: '' [ 751.110163][T10251] kobject: 'rfkill14' (0000000096f04ea1): fill_kobj_path: path = '/devices/virtual/bluetooth/hci2/rfkill14' [ 751.117187][T10249] kobject: 'queues' (00000000e63c9e3b): kobject_uevent_env [ 751.130448][T10251] kobject: 'nfs_client' (00000000d812ef7a): kobject_add_internal: parent: 'net', set: 'nfs' [ 751.141924][T10249] kobject: 'queues' (00000000e63c9e3b): kobject_uevent_env: filter function caused the event to drop! [ 751.145584][T10248] kobject: 'nfs_client' (000000008e6b3eb8): fill_kobj_path: path = '/fs/nfs/net/nfs_client' [ 751.147943][T10249] kobject: 'rx-0' (00000000fd9ec410): kobject_add_internal: parent: 'queues', set: 'queues' [ 751.158326][T10248] IPVS: ftp: loaded support on port[0] = 21 [ 751.163422][T10199] Bluetooth: Error in BCSP hdr checksum [ 751.169919][T10251] kobject: 'nfs_client' (00000000d812ef7a): kobject_uevent_env [ 751.178413][T10249] kobject: 'rx-0' (00000000fd9ec410): kobject_uevent_env [ 751.189683][T10251] kobject: 'nfs_client' (00000000d812ef7a): fill_kobj_path: path = '/fs/nfs/net/nfs_client' [ 751.191214][T10249] kobject: 'rx-0' (00000000fd9ec410): fill_kobj_path: path = '/devices/virtual/net/lo/queues/rx-0' [ 751.201781][T10251] IPVS: ftp: loaded support on port[0] = 21 [ 751.207234][T10249] kobject: 'tx-0' (000000005987c55b): kobject_add_internal: parent: 'queues', set: 'queues' [ 751.217459][T10223] Kernel panic - not syncing: panic_on_warn set ... [ 751.221636][T10249] kobject: 'tx-0' (000000005987c55b): kobject_uevent_env [ 751.229111][T10223] CPU: 0 PID: 10223 Comm: syz-executor822 Tainted: G B 5.3.0-rc2-next-20190802 #58 [ 751.229118][T10223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 751.229123][T10223] Call Trace: [ 751.229144][T10223] dump_stack+0x172/0x1f0 [ 751.229163][T10223] panic+0x2dc/0x755 [ 751.239975][T10199] Bluetooth: Error in BCSP hdr checksum [ 751.248909][T10223] ? add_taint.cold+0x16/0x16 [ 751.248926][T10223] ? kfree_skb+0x38/0x3c0 [ 751.248973][T10223] ? preempt_schedule+0x4b/0x60 [ 751.248995][T10223] ? ___preempt_schedule+0x16/0x20 [ 751.258534][T10249] kobject: 'tx-0' (000000005987c55b): fill_kobj_path: path = '/devices/virtual/net/lo/queues/tx-0' [ 751.263181][T10223] ? trace_hardirqs_on+0x5e/0x240 [ 751.263197][T10223] ? kfree_skb+0x38/0x3c0 [ 751.263211][T10223] end_report+0x47/0x4f [ 751.263223][T10223] ? kfree_skb+0x38/0x3c0 [ 751.263241][T10223] __kasan_report.cold+0xe/0x36 [ 751.277097][T10249] kobject: 'tunl0' (00000000a55a2cb9): kobject_add_internal: parent: 'net', set: 'devices' [ 751.280205][T10223] ? kfree_skb+0x38/0x3c0 [ 751.280220][T10223] kasan_report+0x12/0x17 [ 751.280240][T10223] check_memory_region+0x134/0x1a0 [ 751.290858][T10249] kobject: 'tunl0' (00000000a55a2cb9): kobject_uevent_env [ 751.301546][T10223] __kasan_check_read+0x11/0x20 [ 751.301571][T10223] kfree_skb+0x38/0x3c0 [ 751.301587][T10223] bcsp_close+0xc7/0x130 [ 751.301601][T10223] hci_uart_tty_close+0x21e/0x280 [ 751.301612][T10223] ? hci_uart_close+0x50/0x50 [ 751.301629][T10223] tty_ldisc_close.isra.0+0x119/0x190 [ 751.301643][T10223] tty_ldisc_kill+0x9c/0x160 [ 751.301662][T10223] tty_ldisc_release+0xe9/0x2b0 [ 751.312237][T10249] kobject: 'tunl0' (00000000a55a2cb9): fill_kobj_path: path = '/devices/virtual/net/tunl0' [ 751.319001][T10223] tty_release_struct+0x1b/0x50 [ 751.319013][T10223] tty_release+0xbcb/0xe90 [ 751.319033][T10223] __fput+0x2ff/0x890 [ 751.332806][T10249] kobject: 'queues' (0000000096b0221d): kobject_add_internal: parent: 'tunl0', set: '' [ 751.339999][T10223] ? put_tty_driver+0x20/0x20 [ 751.340015][T10223] ____fput+0x16/0x20 [ 751.340036][T10223] task_work_run+0x145/0x1c0 [ 751.352871][T10249] kobject: 'queues' (0000000096b0221d): kobject_uevent_env [ 751.355963][T10223] exit_to_usermode_loop+0x316/0x380 [ 751.355981][T10223] do_syscall_64+0x65f/0x760 [ 751.356002][T10223] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 751.362039][T10249] kobject: 'queues' (0000000096b0221d): kobject_uevent_env: filter function caused the event to drop! [ 751.369066][T10223] RIP: 0033:0x401fa0 [ 751.369081][T10223] Code: 01 f0 ff ff 0f 83 40 0d 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 8d 8b 2d 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 14 0d 00 00 c3 48 83 ec 08 e8 7a 02 00 00 [ 751.369089][T10223] RSP: 002b:00007ffcd25e8dd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 751.378462][T10249] kobject: 'rx-0' (00000000de40da0b): kobject_add_internal: parent: 'queues', set: 'queues' [ 751.386148][T10223] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000401fa0 [ 751.386155][T10223] RDX: 0000000000442329 RSI: 0000000000000001 RDI: 0000000000000003 [ 751.386163][T10223] RBP: 00007ffcd25e8df0 R08: 0000000501bbbbbb R09: 0000000501bbbbbb [ 751.386171][T10223] R10: 0000000501bbbbbb R11: 0000000000000246 R12: 0000000000000000 [ 751.386178][T10223] R13: 00000000004031d0 R14: 0000000000000000 R15: 0000000000000000 [ 751.386939][T10223] Kernel Offset: disabled [ 751.751427][T10223] Rebooting in 86400 seconds..