[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 43.145776] audit: type=1800 audit(1547570024.748:25): pid=8018 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 43.184086] audit: type=1800 audit(1547570024.748:26): pid=8018 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 43.224868] audit: type=1800 audit(1547570024.748:27): pid=8018 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.144' (ECDSA) to the list of known hosts. syzkaller login: [ 55.023841] IPVS: ftp: loaded support on port[0] = 21 [ 55.049959] IPVS: ftp: loaded support on port[0] = 21 [ 55.063003] IPVS: ftp: loaded support on port[0] = 21 [ 55.103157] IPVS: ftp: loaded support on port[0] = 21 [ 55.103335] IPVS: ftp: loaded support on port[0] = 21 [ 55.133599] IPVS: ftp: loaded support on port[0] = 21 [ 55.330487] chnl_net:caif_netlink_parms(): no params data found [ 55.532771] chnl_net:caif_netlink_parms(): no params data found [ 55.541378] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.548326] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.555377] device bridge_slave_0 entered promiscuous mode [ 55.565297] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.571690] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.579122] device bridge_slave_1 entered promiscuous mode [ 55.599342] chnl_net:caif_netlink_parms(): no params data found [ 55.614797] chnl_net:caif_netlink_parms(): no params data found [ 55.669586] chnl_net:caif_netlink_parms(): no params data found [ 55.684293] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.741058] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.748848] chnl_net:caif_netlink_parms(): no params data found [ 55.784165] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.791052] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.798608] device bridge_slave_0 entered promiscuous mode [ 55.823786] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.830925] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.839467] device bridge_slave_0 entered promiscuous mode [ 55.851270] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.857959] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.864851] device bridge_slave_1 entered promiscuous mode [ 55.891449] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.898228] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.905176] device bridge_slave_1 entered promiscuous mode [ 55.931959] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.940036] team0: Port device team_slave_0 added [ 55.986528] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.994689] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.002052] team0: Port device team_slave_1 added [ 56.013407] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.021164] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.028058] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.035016] device bridge_slave_0 entered promiscuous mode [ 56.041766] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.048387] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.055321] device bridge_slave_0 entered promiscuous mode [ 56.063497] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.079495] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.100112] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.108010] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.114357] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.121518] device bridge_slave_1 entered promiscuous mode [ 56.134414] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.141930] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.149444] device bridge_slave_1 entered promiscuous mode [ 56.156698] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.164051] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.171846] team0: Port device team_slave_0 added [ 56.203929] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.219151] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.226411] team0: Port device team_slave_1 added [ 56.231771] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.239653] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.246794] device bridge_slave_0 entered promiscuous mode [ 56.269002] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.278265] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.287871] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.300186] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.308632] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.314999] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.322462] device bridge_slave_1 entered promiscuous mode [ 56.329487] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.337291] team0: Port device team_slave_0 added [ 56.408666] device hsr_slave_0 entered promiscuous mode [ 56.456981] device hsr_slave_1 entered promiscuous mode [ 56.497277] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.504783] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.524470] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.532364] team0: Port device team_slave_1 added [ 56.544817] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.567424] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.589890] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.597818] team0: Port device team_slave_0 added [ 56.603127] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.610967] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.618475] team0: Port device team_slave_0 added [ 56.668800] device hsr_slave_0 entered promiscuous mode [ 56.726902] device hsr_slave_1 entered promiscuous mode [ 56.777637] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.784868] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.793330] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.801603] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.809455] team0: Port device team_slave_1 added [ 56.822078] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.829393] team0: Port device team_slave_1 added [ 56.835018] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.842653] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.856424] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.865008] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.930885] device hsr_slave_0 entered promiscuous mode [ 56.967354] device hsr_slave_1 entered promiscuous mode [ 57.034369] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 57.041456] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 57.090248] device hsr_slave_0 entered promiscuous mode [ 57.127050] device hsr_slave_1 entered promiscuous mode [ 57.177676] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 57.198469] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 57.205470] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 57.213699] team0: Port device team_slave_0 added [ 57.227110] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.247104] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 57.254391] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 57.262501] team0: Port device team_slave_1 added [ 57.268304] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.283329] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.301762] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 57.349891] device hsr_slave_0 entered promiscuous mode [ 57.377058] device hsr_slave_1 entered promiscuous mode [ 57.427717] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 57.435642] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.520015] device hsr_slave_0 entered promiscuous mode [ 57.577366] device hsr_slave_1 entered promiscuous mode [ 57.639330] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 57.646288] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 57.672141] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.682280] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 57.694955] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.724014] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.741964] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.752946] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 57.762952] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 57.769141] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.787180] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.798356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 57.807279] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.818576] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 57.839517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 57.848261] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.855910] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.862455] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.871217] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.881450] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 57.903383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 57.911699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.920151] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.926500] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.944749] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 57.959094] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.970785] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 57.981548] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 58.006096] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.013860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.025903] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 58.050169] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.058689] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.066390] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.077966] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.092298] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 58.102348] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.112523] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.120536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.129220] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.137155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.144022] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.153210] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 58.167379] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 58.173743] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.188578] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.194802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 58.203711] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.214045] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 58.223316] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.240467] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.249193] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 58.257251] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 58.265018] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.272895] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.281066] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.289051] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.295388] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.302831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.316272] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 58.323618] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 58.334447] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.348611] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 58.359731] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.366353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.374257] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.381617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.389615] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.397340] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.403685] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.413221] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 58.419760] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.427653] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.438514] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.447149] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.456239] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 58.463070] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.473206] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 58.483938] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 58.491190] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.498422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.505260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 58.512931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.519963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.531142] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 58.541063] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.550774] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 58.564344] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.574102] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 58.582454] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.590467] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.598354] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.604684] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.611724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.619688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.627560] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.633892] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.640989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.650158] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 58.656223] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.666215] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 58.677230] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 58.687259] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 58.697828] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.705021] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.721948] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.734229] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.745422] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.751832] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.759595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.767693] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.775258] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.781716] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.788843] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.800948] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready executing program [ 58.816101] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 58.825487] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 58.842895] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 58.851288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.860177] bridge0: port 1(bridge_slave_0) entered blocking state executing program executing program executing program [ 58.866542] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.873602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.882561] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.890367] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.898419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.905640] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 58.914305] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 58.921573] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 58.930519] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 58.945731] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 58.954010] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready executing program executing program [ 58.962168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.972777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.981929] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 58.990458] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.999357] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.002026] ================================================================== [ 59.005710] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.013143] BUG: KASAN: use-after-free in __xfrm_policy_unlink+0x9ec/0xa00 [ 59.013155] Write of size 8 at addr ffff8880a2f4b250 by task syz-executor878/8207 [ 59.013159] [ 59.013174] CPU: 0 PID: 8207 Comm: syz-executor878 Not tainted 5.0.0-rc2+ #27 [ 59.013181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.013189] Call Trace: [ 59.021315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.026671] dump_stack+0x1db/0x2d0 [ 59.026690] ? dump_stack_print_info.cold+0x20/0x20 [ 59.026706] ? find_held_lock+0x35/0x120 [ 59.026721] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 59.026741] print_address_description.cold+0x7c/0x20d [ 59.035034] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.035996] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 59.047340] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 59.052601] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 59.055171] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.062352] kasan_report.cold+0x1b/0x40 [ 59.062370] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 59.062388] __asan_report_store8_noabort+0x17/0x20 [ 59.062401] __xfrm_policy_unlink+0x9ec/0xa00 [ 59.062420] ? xfrm_policy_walk_done+0x360/0x360 [ 59.062437] ? __fib6_clean_all+0x300/0x430 [ 59.140523] ? xfrm_policy_byid+0x4a0/0x4a0 [ 59.144848] ? fib6_clean_tree+0x340/0x340 [ 59.149086] ? ipv6_route_yield+0x220/0x220 [ 59.153411] ? xfrm_pol_inexact_addr_use_any_list+0x1f0/0x1f0 [ 59.159580] xfrm_policy_insert+0x223/0x910 [ 59.163903] ? __fib6_clean_all+0x430/0x430 [ 59.168243] ? xfrm_policy_inexact_insert+0xda0/0xda0 [ 59.173437] ? copy_from_user_policy+0x110/0x2b0 [ 59.178197] ? xfrm_policy_construct+0x471/0x660 [ 59.182967] xfrm_add_policy+0x2a1/0x6c0 [ 59.187041] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.192583] ? xfrm_policy_construct+0x660/0x660 [ 59.197338] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.202873] ? __nla_parse+0x12a/0x340 [ 59.206766] ? nla_parse+0x45/0x60 [ 59.210308] ? xfrm_policy_construct+0x660/0x660 [ 59.215077] xfrm_user_rcv_msg+0x458/0x8d0 [ 59.219316] ? xfrm_dump_sa_done+0xf0/0xf0 [ 59.223549] ? xfrm_netlink_rcv+0x61/0x90 [ 59.227703] ? __mutex_lock+0x622/0x1670 [ 59.231800] netlink_rcv_skb+0x17d/0x410 [ 59.235896] ? xfrm_dump_sa_done+0xf0/0xf0 [ 59.240133] ? netlink_ack+0xba0/0xba0 [ 59.244021] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 59.249330] xfrm_netlink_rcv+0x70/0x90 [ 59.253309] netlink_unicast+0x574/0x770 [ 59.257381] ? netlink_attachskb+0x980/0x980 [ 59.261789] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.267336] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 59.272357] netlink_sendmsg+0xa05/0xf90 [ 59.276421] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 59.281965] ? netlink_unicast+0x770/0x770 [ 59.286251] ? smack_socket_sendmsg+0xb1/0x1a0 [ 59.291086] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.296624] ? security_socket_sendmsg+0x93/0xc0 [ 59.301385] ? netlink_unicast+0x770/0x770 [ 59.305621] sock_sendmsg+0xdd/0x130 [ 59.309343] ___sys_sendmsg+0x7ec/0x910 [ 59.313360] ? copy_msghdr_from_user+0x570/0x570 [ 59.318125] ? iterate_fd+0x4b0/0x4b0 [ 59.321941] ? check_preemption_disabled+0x48/0x290 [ 59.326980] ? __fget_light+0x2db/0x420 [ 59.330956] ? fget_raw+0x20/0x20 [ 59.334426] ? lock_downgrade+0x910/0x910 [ 59.338573] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 59.343853] ? rcu_read_unlock_special+0x380/0x380 [ 59.348788] ? __fdget+0x1b/0x20 [ 59.352157] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 59.357694] ? sockfd_lookup_light+0xc2/0x160 [ 59.362191] __sys_sendmsg+0x112/0x270 [ 59.366080] ? __ia32_sys_shutdown+0x80/0x80 [ 59.370496] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.376034] ? vmacache_update+0x114/0x140 [ 59.380291] ? do_futex+0x2910/0x2910 [ 59.384092] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.389459] ? trace_hardirqs_off_caller+0x300/0x300 [ 59.394562] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 59.399324] __x64_sys_sendmsg+0x78/0xb0 [ 59.403391] do_syscall_64+0x1a3/0x800 [ 59.407286] ? syscall_return_slowpath+0x5f0/0x5f0 [ 59.412215] ? prepare_exit_to_usermode+0x232/0x3b0 [ 59.417248] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 59.422097] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.427281] RIP: 0033:0x4494b9 [ 59.430487] Code: e8 7c e6 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 05 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.449388] RSP: 002b:00007fda98ce0da8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 59.457098] RAX: ffffffffffffffda RBX: 00000000006dfc28 RCX: 00000000004494b9 [ 59.464373] RDX: 0000000000000000 RSI: 000000002014f000 RDI: 0000000000000003 [ 59.471674] RBP: 00000000006dfc20 R08: 0000000000000000 R09: 0000000000000000 [ 59.478962] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dfc2c [ 59.486241] R13: bcadf0bc90831141 R14: 0923dc1574928e92 R15: 0000000000000000 [ 59.493532] [ 59.495156] Allocated by task 8201: [ 59.498801] save_stack+0x45/0xd0 [ 59.502266] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 59.507192] kasan_kmalloc+0x9/0x10 [ 59.510815] kmem_cache_alloc_trace+0x151/0x760 [ 59.515482] xfrm_policy_alloc+0xfb/0x530 [ 59.519647] xfrm_policy_construct+0x30/0x660 [ 59.524157] xfrm_add_policy+0x20a/0x6c0 [ 59.528219] xfrm_user_rcv_msg+0x458/0x8d0 [ 59.532456] netlink_rcv_skb+0x17d/0x410 [ 59.536513] xfrm_netlink_rcv+0x70/0x90 [ 59.540490] netlink_unicast+0x574/0x770 [ 59.544547] netlink_sendmsg+0xa05/0xf90 [ 59.548605] sock_sendmsg+0xdd/0x130 [ 59.552315] ___sys_sendmsg+0x7ec/0x910 [ 59.556289] __sys_sendmsg+0x112/0x270 [ 59.560176] __x64_sys_sendmsg+0x78/0xb0 [ 59.564243] do_syscall_64+0x1a3/0x800 [ 59.568158] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 59.573346] [ 59.574965] Freed by task 8166: [ 59.578255] save_stack+0x45/0xd0 [ 59.581739] __kasan_slab_free+0x102/0x150 [ 59.585989] kasan_slab_free+0xe/0x10 [ 59.589803] kfree+0xcf/0x230 [ 59.592905] xfrm_policy_destroy_rcu+0x48/0x60 [ 59.597487] rcu_process_callbacks+0xc4a/0x1680 [ 59.602150] __do_softirq+0x30b/0xb11 [ 59.605940] [ 59.607575] The buggy address belongs to the object at ffff8880a2f4b240 [ 59.607575] which belongs to the cache kmalloc-1k of size 1024 [ 59.620229] The buggy address is located 16 bytes inside of [ 59.620229] 1024-byte region [ffff8880a2f4b240, ffff8880a2f4b640) [ 59.632119] The buggy address belongs to the page: [ 59.637065] page:ffffea00028bd280 count:1 mapcount:0 mapping:ffff88812c3f0ac0 index:0x0 compound_mapcount: 0 [ 59.647034] flags: 0x1fffc0000010200(slab|head) [ 59.651709] raw: 01fffc0000010200 ffffea00028f4b88 ffffea00028b3c08 ffff88812c3f0ac0 [ 59.659852] raw: 0000000000000000 ffff8880a2f4a040 0000000100000007 0000000000000000 [ 59.667722] page dumped because: kasan: bad access detected [ 59.673509] [ 59.675131] Memory state around the buggy address: [ 59.680058] ffff8880a2f4b100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.687421] ffff8880a2f4b180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 59.694775] >ffff8880a2f4b200: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 59.702130] ^ [ 59.708098] ffff8880a2f4b280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.715451] ffff8880a2f4b300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.722799] ================================================================== [ 59.730151] Disabling lock debugging due to kernel taint [ 59.735672] Kernel panic - not syncing: panic_on_warn set ... [ 59.741569] CPU: 0 PID: 8207 Comm: syz-executor878 Tainted: G B 5.0.0-rc2+ #27 [ 59.750218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.759574] Call Trace: [ 59.762162] dump_stack+0x1db/0x2d0 [ 59.765788] ? dump_stack_print_info.cold+0x20/0x20 [ 59.770811] panic+0x2cb/0x65c [ 59.774013] ? add_taint.cold+0x16/0x16 [ 59.778001] ? trace_hardirqs_on+0xb4/0x310 [ 59.782331] ? trace_hardirqs_on+0xb4/0x310 [ 59.786669] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 59.791335] end_report+0x47/0x4f [ 59.794782] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 59.799453] kasan_report.cold+0xe/0x40 [ 59.803428] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 59.808095] __asan_report_store8_noabort+0x17/0x20 [ 59.813106] __xfrm_policy_unlink+0x9ec/0xa00 [ 59.817598] ? xfrm_policy_walk_done+0x360/0x360 [ 59.822353] ? __fib6_clean_all+0x300/0x430 [ 59.826846] ? xfrm_policy_byid+0x4a0/0x4a0 [ 59.831166] ? fib6_clean_tree+0x340/0x340 [ 59.835401] ? ipv6_route_yield+0x220/0x220 [ 59.839733] ? xfrm_pol_inexact_addr_use_any_list+0x1f0/0x1f0 [ 59.845620] xfrm_policy_insert+0x223/0x910 [ 59.849941] ? __fib6_clean_all+0x430/0x430 [ 59.854267] ? xfrm_policy_inexact_insert+0xda0/0xda0 [ 59.859458] ? copy_from_user_policy+0x110/0x2b0 [ 59.864211] ? xfrm_policy_construct+0x471/0x660 [ 59.868970] xfrm_add_policy+0x2a1/0x6c0 [ 59.873036] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.878571] ? xfrm_policy_construct+0x660/0x660 [ 59.883326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.888858] ? __nla_parse+0x12a/0x340 [ 59.892744] ? nla_parse+0x45/0x60 [ 59.896302] ? xfrm_policy_construct+0x660/0x660 [ 59.901116] xfrm_user_rcv_msg+0x458/0x8d0 [ 59.905353] ? xfrm_dump_sa_done+0xf0/0xf0 [ 59.909586] ? xfrm_netlink_rcv+0x61/0x90 [ 59.913778] ? __mutex_lock+0x622/0x1670 [ 59.917906] netlink_rcv_skb+0x17d/0x410 [ 59.921987] ? xfrm_dump_sa_done+0xf0/0xf0 [ 59.926217] ? netlink_ack+0xba0/0xba0 [ 59.930158] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 59.935454] xfrm_netlink_rcv+0x70/0x90 [ 59.939425] netlink_unicast+0x574/0x770 [ 59.943485] ? netlink_attachskb+0x980/0x980 [ 59.947891] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.953426] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 59.958492] netlink_sendmsg+0xa05/0xf90 [ 59.962549] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 59.968087] ? netlink_unicast+0x770/0x770 [ 59.972324] ? smack_socket_sendmsg+0xb1/0x1a0 [ 59.976945] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 59.982492] ? security_socket_sendmsg+0x93/0xc0 [ 59.987264] ? netlink_unicast+0x770/0x770 [ 59.991497] sock_sendmsg+0xdd/0x130 [ 59.995211] ___sys_sendmsg+0x7ec/0x910 [ 59.999189] ? copy_msghdr_from_user+0x570/0x570 [ 60.003944] ? iterate_fd+0x4b0/0x4b0 [ 60.007757] ? check_preemption_disabled+0x48/0x290 [ 60.012771] ? __fget_light+0x2db/0x420 [ 60.016782] ? fget_raw+0x20/0x20 [ 60.020240] ? lock_downgrade+0x910/0x910 [ 60.024386] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 60.029658] ? rcu_read_unlock_special+0x380/0x380 [ 60.034583] ? __fdget+0x1b/0x20 [ 60.037947] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 60.043485] ? sockfd_lookup_light+0xc2/0x160 [ 60.047993] __sys_sendmsg+0x112/0x270 [ 60.051917] ? __ia32_sys_shutdown+0x80/0x80 [ 60.056410] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 60.061954] ? vmacache_update+0x114/0x140 [ 60.066207] ? do_futex+0x2910/0x2910 [ 60.070017] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.075388] ? trace_hardirqs_off_caller+0x300/0x300 [ 60.080506] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 60.085269] __x64_sys_sendmsg+0x78/0xb0 [ 60.089329] do_syscall_64+0x1a3/0x800 [ 60.093217] ? syscall_return_slowpath+0x5f0/0x5f0 [ 60.098153] ? prepare_exit_to_usermode+0x232/0x3b0 [ 60.103173] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 60.108019] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.113202] RIP: 0033:0x4494b9 [ 60.116402] Code: e8 7c e6 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 05 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.135297] RSP: 002b:00007fda98ce0da8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 60.143005] RAX: ffffffffffffffda RBX: 00000000006dfc28 RCX: 00000000004494b9 [ 60.150271] RDX: 0000000000000000 RSI: 000000002014f000 RDI: 0000000000000003 [ 60.157535] RBP: 00000000006dfc20 R08: 0000000000000000 R09: 0000000000000000 [ 60.164800] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dfc2c [ 60.172083] R13: bcadf0bc90831141 R14: 0923dc1574928e92 R15: 0000000000000000 [ 60.180256] Kernel Offset: disabled [ 60.183875] Rebooting in 86400 seconds..