Warning: Permanently added '10.128.0.84' (ECDSA) to the list of known hosts. 2019/07/17 05:41:36 parsed 1 programs 2019/07/17 05:41:38 executed programs: 0 syzkaller login: [ 89.550477][ T9038] IPVS: ftp: loaded support on port[0] = 21 [ 89.580997][ T9041] IPVS: ftp: loaded support on port[0] = 21 [ 89.592630][ T9042] IPVS: ftp: loaded support on port[0] = 21 [ 89.677143][ T9047] IPVS: ftp: loaded support on port[0] = 21 [ 89.711206][ T9046] IPVS: ftp: loaded support on port[0] = 21 [ 89.731996][ T9048] IPVS: ftp: loaded support on port[0] = 21 [ 89.922405][ T9042] chnl_net:caif_netlink_parms(): no params data found [ 90.019783][ T9041] chnl_net:caif_netlink_parms(): no params data found [ 90.089145][ T9042] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.097298][ T9042] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.105257][ T9042] device bridge_slave_0 entered promiscuous mode [ 90.113500][ T9038] chnl_net:caif_netlink_parms(): no params data found [ 90.162039][ T9042] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.169125][ T9042] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.177966][ T9042] device bridge_slave_1 entered promiscuous mode [ 90.198695][ T9046] chnl_net:caif_netlink_parms(): no params data found [ 90.213198][ T9038] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.221068][ T9038] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.228929][ T9038] device bridge_slave_0 entered promiscuous mode [ 90.276052][ T9038] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.284162][ T9038] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.292514][ T9038] device bridge_slave_1 entered promiscuous mode [ 90.311211][ T9042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.340244][ T9042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.352472][ T9041] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.359547][ T9041] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.367842][ T9041] device bridge_slave_0 entered promiscuous mode [ 90.378302][ T9041] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.385443][ T9041] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.393498][ T9041] device bridge_slave_1 entered promiscuous mode [ 90.424380][ T9038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.445190][ T9048] chnl_net:caif_netlink_parms(): no params data found [ 90.473695][ T9038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.522248][ T9042] team0: Port device team_slave_0 added [ 90.535896][ T9042] team0: Port device team_slave_1 added [ 90.548845][ T9041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.559013][ T9046] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.567378][ T9046] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.575317][ T9046] device bridge_slave_0 entered promiscuous mode [ 90.595061][ T9038] team0: Port device team_slave_0 added [ 90.609686][ T9038] team0: Port device team_slave_1 added [ 90.616912][ T9041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.626383][ T9046] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.633688][ T9046] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.642316][ T9046] device bridge_slave_1 entered promiscuous mode [ 90.668845][ T9047] chnl_net:caif_netlink_parms(): no params data found [ 90.710184][ T9048] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.723096][ T9048] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.731786][ T9048] device bridge_slave_0 entered promiscuous mode [ 90.739859][ T9048] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.747219][ T9048] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.755511][ T9048] device bridge_slave_1 entered promiscuous mode [ 90.769147][ T9046] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.824361][ T9042] device hsr_slave_0 entered promiscuous mode [ 90.861442][ T9042] device hsr_slave_1 entered promiscuous mode [ 90.938630][ T9041] team0: Port device team_slave_0 added [ 90.948638][ T9046] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.024284][ T9038] device hsr_slave_0 entered promiscuous mode [ 91.071260][ T9038] device hsr_slave_1 entered promiscuous mode [ 91.121069][ T9038] debugfs: Directory 'hsr0' with parent '/' already present! [ 91.149493][ T9041] team0: Port device team_slave_1 added [ 91.177296][ T9047] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.184760][ T9047] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.192671][ T9047] device bridge_slave_0 entered promiscuous mode [ 91.203294][ T9048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.226311][ T9046] team0: Port device team_slave_0 added [ 91.235098][ T9046] team0: Port device team_slave_1 added [ 91.242016][ T9047] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.249059][ T9047] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.256912][ T9047] device bridge_slave_1 entered promiscuous mode [ 91.265711][ T9048] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.382668][ T9041] device hsr_slave_0 entered promiscuous mode [ 91.471291][ T9041] device hsr_slave_1 entered promiscuous mode [ 91.540802][ T9041] debugfs: Directory 'hsr0' with parent '/' already present! [ 91.625418][ T9046] device hsr_slave_0 entered promiscuous mode [ 91.681406][ T9046] device hsr_slave_1 entered promiscuous mode [ 91.740927][ T9046] debugfs: Directory 'hsr0' with parent '/' already present! [ 91.750284][ T9047] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.771513][ T9048] team0: Port device team_slave_0 added [ 91.783768][ T9047] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.798946][ T9048] team0: Port device team_slave_1 added [ 91.874105][ T9048] device hsr_slave_0 entered promiscuous mode [ 91.911301][ T9048] device hsr_slave_1 entered promiscuous mode [ 91.980836][ T9048] debugfs: Directory 'hsr0' with parent '/' already present! [ 92.020025][ T9047] team0: Port device team_slave_0 added [ 92.027847][ T9047] team0: Port device team_slave_1 added [ 92.094253][ T9047] device hsr_slave_0 entered promiscuous mode [ 92.131192][ T9047] device hsr_slave_1 entered promiscuous mode [ 92.170918][ T9047] debugfs: Directory 'hsr0' with parent '/' already present! [ 92.224753][ T9042] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.249966][ T9042] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.280403][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 92.289741][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 92.319061][ T9038] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.340172][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 92.349345][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 92.358497][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.365722][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.374387][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 92.383393][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 92.391894][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.398936][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.436623][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 92.450392][ T9038] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.472463][ T9041] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.486253][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 92.494304][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 92.502230][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 92.510940][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 92.519536][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 92.528256][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 92.538368][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 92.575533][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 92.585953][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 92.595048][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 92.604926][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 92.613945][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 92.622718][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 92.631623][ T3567] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.638669][ T3567] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.646421][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 92.654986][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 92.663525][ T3567] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.670570][ T3567] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.678420][ T3567] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 92.695807][ T9046] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.707932][ T9042] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 92.726509][ T9042] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 92.755737][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 92.765105][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 92.774720][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 92.783279][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 92.792326][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 92.799948][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 92.807917][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 92.816930][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 92.829508][ T9041] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.850914][ T9042] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.862830][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 92.871563][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 92.879447][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 92.887739][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 92.896769][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 92.905319][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 92.914108][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 92.934826][ T9048] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.955211][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 92.972119][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 92.980595][ T9055] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.987733][ T9055] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.995818][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.004649][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.013390][ T9055] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.020424][ T9055] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.028471][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 93.037169][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 93.048149][ T9046] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.066079][ T9047] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.089230][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 93.097859][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 93.113178][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 93.127083][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 93.136307][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 93.147413][ T9038] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 93.159218][ T9038] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 93.173258][ T9047] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.189912][ T9048] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.217859][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 93.227663][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 93.245065][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 93.254468][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 93.271398][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 93.279346][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.289210][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.298221][ T9055] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.305321][ T9055] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.334932][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 93.348797][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 93.359440][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 93.368022][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 93.377044][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 93.385639][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.394303][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.403429][ T9055] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.410494][ T9055] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.418228][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 93.426816][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.435327][ T9055] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.442463][ T9055] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.450437][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.459218][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.467734][ T9055] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.474857][ T9055] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.483620][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 93.491828][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 93.506688][ T9038] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.531139][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.541102][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.553877][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.561021][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.570066][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 93.578896][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 93.748605][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 93.778372][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 93.796798][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 93.822249][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 93.831261][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 93.840475][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 93.871838][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 93.880604][ T9055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.911479][ T9055] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.918574][ T9055] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.942399][ T9041] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 93.998949][ T9061] [ 94.001123][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 94.001325][ T9061] ========================= [ 94.009131][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 94.012989][ T9061] WARNING: held lock freed! [ 94.012998][ T9061] 5.2.0+ #89 Not tainted [ 94.013001][ T9061] ------------------------- [ 94.013012][ T9061] syz-executor.3/9061 is freeing memory ffff8880a78bd740-ffff8880a78bdf3f, with a lock still held there! [ 94.013018][ T9061] 0000000017dd2523 (sk_lock-AF_NETROM){+.+.}, at: nr_release+0x130/0x3e0 [ 94.013047][ T9061] 2 locks held by syz-executor.3/9061: [ 94.013059][ T9061] #0: 000000008b24dd94 (&sb->s_type->i_mutex_key#12){+.+.}, at: __sock_release+0x89/0x280 [ 94.042224][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 94.045309][ T9061] #1: 0000000017dd2523 (sk_lock-AF_NETROM){+.+.}, at: nr_release+0x130/0x3e0 [ 94.081651][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 94.085862][ T9061] [ 94.085862][ T9061] stack backtrace: [ 94.099640][ T9061] CPU: 1 PID: 9061 Comm: syz-executor.3 Not tainted 5.2.0+ #89 [ 94.107181][ T9061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 94.117138][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.117241][ T9061] Call Trace: [ 94.128329][ T9061] dump_stack+0x172/0x1f0 [ 94.132672][ T9061] debug_check_no_locks_freed.cold+0x9d/0xa9 [ 94.138664][ T9061] ? trace_hardirqs_off+0x62/0x240 [ 94.143801][ T9061] kfree+0xec/0x2c0 [ 94.146352][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.147619][ T9061] __sk_destruct+0x4f7/0x6e0 [ 94.147640][ T9061] sk_destruct+0x86/0xa0 [ 94.164381][ T9061] __sk_free+0xfb/0x360 [ 94.168553][ T9061] sk_free+0x42/0x50 [ 94.172451][ T9061] nr_destroy_socket+0x3ea/0x4b0 [ 94.177395][ T9061] nr_release+0x347/0x3e0 [ 94.178468][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.181730][ T9061] __sock_release+0xce/0x280 [ 94.181743][ T9061] sock_close+0x1e/0x30 [ 94.181755][ T9061] __fput+0x2ff/0x890 [ 94.181768][ T9061] ? __sock_release+0x280/0x280 [ 94.181781][ T9061] ____fput+0x16/0x20 [ 94.181794][ T9061] task_work_run+0x145/0x1c0 [ 94.181814][ T9061] exit_to_usermode_loop+0x316/0x380 [ 94.181829][ T9061] do_syscall_64+0x5a9/0x6a0 [ 94.181844][ T9061] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.181853][ T9061] RIP: 0033:0x413501 [ 94.181866][ T9061] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 94.181873][ T9061] RSP: 002b:00007ffdd7bacf30 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 94.181884][ T9061] RAX: 0000000000000000 RBX: 0000000000000009 RCX: 0000000000413501 [ 94.181890][ T9061] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 94.181898][ T9061] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 94.181904][ T9061] R10: 00007ffdd7bad010 R11: 0000000000000293 R12: 000000000075c9a0 [ 94.181910][ T9061] R13: 000000000075c9a0 R14: 0000000000761050 R15: ffffffffffffffff [ 94.186829][ T9061] ================================================================== [ 94.211556][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 94.215813][ T9061] BUG: KASAN: use-after-free in do_raw_spin_lock+0x28a/0x2e0 [ 94.241559][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 94.255000][ T9061] Read of size 4 at addr ffff8880a78bd7cc by task syz-executor.3/9061 [ 94.255004][ T9061] [ 94.255017][ T9061] CPU: 1 PID: 9061 Comm: syz-executor.3 Not tainted 5.2.0+ #89 [ 94.255024][ T9061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 94.255028][ T9061] Call Trace: [ 94.255049][ T9061] dump_stack+0x172/0x1f0 [ 94.255063][ T9061] ? do_raw_spin_lock+0x28a/0x2e0 [ 94.255079][ T9061] print_address_description.cold+0xd4/0x306 [ 94.255091][ T9061] ? do_raw_spin_lock+0x28a/0x2e0 [ 94.255101][ T9061] ? do_raw_spin_lock+0x28a/0x2e0 [ 94.255113][ T9061] __kasan_report.cold+0x1b/0x36 [ 94.255126][ T9061] ? do_raw_spin_lock+0x28a/0x2e0 [ 94.255137][ T9061] kasan_report+0x12/0x20 [ 94.255148][ T9061] __asan_report_load4_noabort+0x14/0x20 [ 94.255159][ T9061] do_raw_spin_lock+0x28a/0x2e0 [ 94.255169][ T9061] ? rwlock_bug.part.0+0x90/0x90 [ 94.255182][ T9061] ? lock_acquire+0x190/0x410 [ 94.255196][ T9061] ? release_sock+0x20/0x1c0 [ 94.255217][ T9061] ? __sk_free+0x100/0x360 [ 94.287416][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.287539][ T9061] _raw_spin_lock_bh+0x3b/0x50 [ 94.305990][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.311515][ T9061] ? release_sock+0x20/0x1c0 [ 94.311532][ T9061] release_sock+0x20/0x1c0 [ 94.311544][ T9061] nr_release+0x303/0x3e0 [ 94.311555][ T9061] __sock_release+0xce/0x280 [ 94.311567][ T9061] sock_close+0x1e/0x30 [ 94.311595][ T9061] __fput+0x2ff/0x890 [ 94.333446][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 94.334633][ T9061] ? __sock_release+0x280/0x280 [ 94.351343][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 94.352624][ T9061] ____fput+0x16/0x20 [ 94.352646][ T9061] task_work_run+0x145/0x1c0 [ 94.373429][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 94.375478][ T9061] exit_to_usermode_loop+0x316/0x380 [ 94.375499][ T9061] do_syscall_64+0x5a9/0x6a0 [ 94.407149][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 94.411346][ T9061] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.411357][ T9061] RIP: 0033:0x413501 [ 94.411371][ T9061] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 94.411386][ T9061] RSP: 002b:00007ffdd7bacf30 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 94.421762][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 94.425819][ T9061] RAX: 0000000000000000 RBX: 0000000000000009 RCX: 0000000000413501 [ 94.425827][ T9061] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 94.425834][ T9061] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 94.425851][ T9061] R10: 00007ffdd7bad010 R11: 0000000000000293 R12: 000000000075c9a0 [ 94.441415][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 94.442740][ T9061] R13: 000000000075c9a0 R14: 0000000000761050 R15: ffffffffffffffff [ 94.461248][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 94.464283][ T9061] [ 94.464291][ T9061] Allocated by task 9055: [ 94.464314][ T9061] save_stack+0x23/0x90 [ 94.469181][ T9056] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 94.473213][ T9061] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 94.473223][ T9061] kasan_kmalloc+0x9/0x10 [ 94.473235][ T9061] __kmalloc+0x163/0x780 [ 94.473248][ T9061] sk_prot_alloc+0x23a/0x310 [ 94.473260][ T9061] sk_alloc+0x39/0xf70 [ 94.473270][ T9061] nr_rx_frame+0x733/0x1e80 [ 94.473288][ T9061] nr_loopback_timer+0x7b/0x170 [ 94.473300][ T9061] call_timer_fn+0x1ac/0x780 [ 94.473312][ T9061] run_timer_softirq+0x697/0x17a0 [ 94.473332][ T9061] __do_softirq+0x262/0x98c [ 94.485860][ T9046] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 94.489228][ T9061] [ 94.504201][ T9046] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.505729][ T9061] Freed by task 9061: [ 94.505746][ T9061] save_stack+0x23/0x90 [ 94.505764][ T9061] __kasan_slab_free+0x102/0x150 [ 94.525788][ T9047] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.528071][ T9061] kasan_slab_free+0xe/0x10 [ 94.537498][ T9047] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 94.541745][ T9061] kfree+0x10a/0x2c0 [ 94.541759][ T9061] __sk_destruct+0x4f7/0x6e0 [ 94.541770][ T9061] sk_destruct+0x86/0xa0 [ 94.541781][ T9061] __sk_free+0xfb/0x360 [ 94.541801][ T9061] sk_free+0x42/0x50 [ 94.558508][ T9048] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 94.565378][ T9061] nr_destroy_socket+0x3ea/0x4b0 [ 94.565387][ T9061] nr_release+0x347/0x3e0 [ 94.565397][ T9061] __sock_release+0xce/0x280 [ 94.565406][ T9061] sock_close+0x1e/0x30 [ 94.565417][ T9061] __fput+0x2ff/0x890 [ 94.565436][ T9061] ____fput+0x16/0x20 [ 94.578375][ T3895] kobject: 'loop2' (00000000919ff7ce): kobject_uevent_env [ 94.581630][ T9061] task_work_run+0x145/0x1c0 [ 94.581645][ T9061] exit_to_usermode_loop+0x316/0x380 [ 94.581656][ T9061] do_syscall_64+0x5a9/0x6a0 [ 94.581668][ T9061] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.581679][ T9061] [ 94.603123][ T3895] kobject: 'loop2' (00000000919ff7ce): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 94.606317][ T9061] The buggy address belongs to the object at ffff8880a78bd740 [ 94.606317][ T9061] which belongs to the cache kmalloc-2k of size 2048 [ 94.606329][ T9061] The buggy address is located 140 bytes inside of [ 94.606329][ T9061] 2048-byte region [ffff8880a78bd740, ffff8880a78bdf40) [ 94.606333][ T9061] The buggy address belongs to the page: [ 94.606346][ T9061] page:ffffea00029e2f00 refcount:1 mapcount:0 mapping:ffff8880aa400e00 index:0x0 compound_mapcount: 0 [ 94.639040][ T9048] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.640121][ T9061] flags: 0x1fffc0000010200(slab|head) [ 94.640140][ T9061] raw: 01fffc0000010200 ffffea00025b6008 ffffea0002350e88 ffff8880aa400e00 [ 94.640156][ T9061] raw: 0000000000000000 ffff8880a78bc640 0000000100000003 0000000000000000 [ 94.650914][ T9048] kobject: 'vlan0' (00000000bf4ee996): kobject_add_internal: parent: 'mesh', set: '' [ 94.656324][ T9061] page dumped because: kasan: bad access detected [ 94.656329][ T9061] [ 94.656332][ T9061] Memory state around the buggy address: [ 94.656344][ T9061] ffff8880a78bd680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 94.656353][ T9061] ffff8880a78bd700: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 94.656369][ T9061] >ffff8880a78bd780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 94.739562][ T3895] kobject: 'loop0' (000000007f6fcb6b): kobject_uevent_env [ 94.749434][ T9061] ^ [ 94.749448][ T9061] ffff8880a78bd800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 94.749456][ T9061] ffff8880a78bd880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 94.749460][ T9061] ================================================================== [ 94.749502][ T9061] Kernel panic - not syncing: panic_on_warn set ... [ 94.776641][ T3895] kobject: 'loop0' (000000007f6fcb6b): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 94.777926][ T9061] CPU: 1 PID: 9061 Comm: syz-executor.3 Tainted: G B 5.2.0+ #89 [ 94.777934][ T9061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 94.777939][ T9061] Call Trace: [ 94.777960][ T9061] dump_stack+0x172/0x1f0 [ 94.777980][ T9061] panic+0x2dc/0x755 [ 94.786003][ T9089] kobject: 'bcsf0' (00000000e737f645): kobject_add_internal: parent: 'net', set: 'devices' [ 94.788980][ T9061] ? add_taint.cold+0x16/0x16 [ 94.789003][ T9061] ? trace_hardirqs_on+0x5e/0x240 [ 94.801734][ T9089] kobject: 'bcsf0' (00000000e737f645): kobject_uevent_env [ 94.802810][ T9061] ? trace_hardirqs_on+0x5e/0x240 [ 94.802827][ T9061] ? do_raw_spin_lock+0x28a/0x2e0 [ 94.802848][ T9061] end_report+0x47/0x4f [ 94.808022][ T9089] kobject: 'bcsf0' (00000000e737f645): fill_kobj_path: path = '/devices/virtual/net/bcsf0' [ 94.810955][ T9061] ? do_raw_spin_lock+0x28a/0x2e0 [ 94.810970][ T9061] __kasan_report.cold+0xe/0x36 [ 94.810983][ T9061] ? do_raw_spin_lock+0x28a/0x2e0 [ 94.810995][ T9061] kasan_report+0x12/0x20 [ 94.811008][ T9061] __asan_report_load4_noabort+0x14/0x20 [ 94.811020][ T9061] do_raw_spin_lock+0x28a/0x2e0 [ 94.811041][ T9061] ? rwlock_bug.part.0+0x90/0x90 [ 94.824104][ T9089] kobject: 'queues' (0000000031bc7c36): kobject_add_internal: parent: 'bcsf0', set: '' [ 94.826681][ T9061] ? lock_acquire+0x190/0x410 [ 94.826698][ T9061] ? release_sock+0x20/0x1c0 [ 94.826720][ T9061] ? __sk_free+0x100/0x360 [ 94.852429][ T9089] kobject: 'queues' (0000000031bc7c36): kobject_uevent_env [ 94.854899][ T9061] _raw_spin_lock_bh+0x3b/0x50 [ 94.854915][ T9061] ? release_sock+0x20/0x1c0 [ 94.854935][ T9061] release_sock+0x20/0x1c0 [ 94.895565][ T9089] kobject: 'queues' (0000000031bc7c36): kobject_uevent_env: filter function caused the event to drop! [ 94.899061][ T9061] nr_release+0x303/0x3e0 [ 94.899077][ T9061] __sock_release+0xce/0x280 [ 94.899090][ T9061] sock_close+0x1e/0x30 [ 94.899110][ T9061] __fput+0x2ff/0x890 [ 94.913295][ T9089] kobject: 'rx-0' (0000000081326f69): kobject_add_internal: parent: 'queues', set: 'queues' [ 94.919797][ T9061] ? __sock_release+0x280/0x280 [ 94.919814][ T9061] ____fput+0x16/0x20 [ 94.919828][ T9061] task_work_run+0x145/0x1c0 [ 94.919850][ T9061] exit_to_usermode_loop+0x316/0x380 [ 94.928925][ T9089] kobject: 'rx-0' (0000000081326f69): kobject_uevent_env [ 94.938416][ T9061] do_syscall_64+0x5a9/0x6a0 [ 94.938433][ T9061] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 94.938443][ T9061] RIP: 0033:0x413501 [ 94.938458][ T9061] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 94.938464][ T9061] RSP: 002b:00007ffdd7bacf30 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 94.938476][ T9061] RAX: 0000000000000000 RBX: 0000000000000009 RCX: 0000000000413501 [ 94.938483][ T9061] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008 [ 94.938498][ T9061] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 94.945910][ T9089] kobject: 'rx-0' (0000000081326f69): fill_kobj_path: path = '/devices/virtual/net/bcsf0/queues/rx-0' [ 94.947215][ T9061] R10: 00007ffdd7bad010 R11: 0000000000000293 R12: 000000000075c9a0 [ 94.947224][ T9061] R13: 000000000075c9a0 R14: 0000000000761050 R15: ffffffffffffffff [ 94.948164][ T9061] Kernel Offset: disabled [ 95.353256][ T9061] Rebooting in 86400 seconds..