[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 38.201901] audit: type=1800 audit(1547039598.380:25): pid=7834 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 38.241945] audit: type=1800 audit(1547039598.390:26): pid=7834 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 38.288722] audit: type=1800 audit(1547039598.390:27): pid=7834 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 44.076738] sshd (7971) used greatest stack depth: 19816 bytes left Warning: Permanently added '10.128.10.54' (ECDSA) to the list of known hosts. [ 62.670646] IPVS: ftp: loaded support on port[0] = 21 [ 62.671333] IPVS: ftp: loaded support on port[0] = 21 [ 62.682315] IPVS: ftp: loaded support on port[0] = 21 [ 62.685730] IPVS: ftp: loaded support on port[0] = 21 [ 62.700462] IPVS: ftp: loaded support on port[0] = 21 [ 62.700477] IPVS: ftp: loaded support on port[0] = 21 [ 63.044998] chnl_net:caif_netlink_parms(): no params data found [ 63.089651] chnl_net:caif_netlink_parms(): no params data found [ 63.117135] chnl_net:caif_netlink_parms(): no params data found [ 63.156344] chnl_net:caif_netlink_parms(): no params data found [ 63.189782] chnl_net:caif_netlink_parms(): no params data found [ 63.208805] chnl_net:caif_netlink_parms(): no params data found [ 63.270503] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.277274] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.284242] device bridge_slave_0 entered promiscuous mode [ 63.302578] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.312212] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.319912] device bridge_slave_0 entered promiscuous mode [ 63.344529] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.350942] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.358678] device bridge_slave_1 entered promiscuous mode [ 63.381750] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.391382] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.398535] device bridge_slave_1 entered promiscuous mode [ 63.456508] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.462963] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.470454] device bridge_slave_0 entered promiscuous mode [ 63.483286] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.489756] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.497170] device bridge_slave_1 entered promiscuous mode [ 63.517766] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.524139] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.533755] device bridge_slave_0 entered promiscuous mode [ 63.542778] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 63.554284] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 63.570936] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.577474] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.584433] device bridge_slave_0 entered promiscuous mode [ 63.591723] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.598587] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.606634] device bridge_slave_0 entered promiscuous mode [ 63.613246] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.622526] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.630255] device bridge_slave_1 entered promiscuous mode [ 63.638325] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 63.647780] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 63.670999] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.677547] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.684597] device bridge_slave_1 entered promiscuous mode [ 63.691100] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.698465] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.705921] device bridge_slave_1 entered promiscuous mode [ 63.733564] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 63.750710] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 63.758692] team0: Port device team_slave_0 added [ 63.783992] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 63.797115] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 63.811747] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 63.821144] team0: Port device team_slave_1 added [ 63.826994] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 63.848780] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 63.856628] team0: Port device team_slave_0 added [ 63.863078] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 63.877636] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 63.889003] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 63.898698] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 63.908888] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 63.916854] team0: Port device team_slave_1 added [ 63.929744] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 63.937593] team0: Port device team_slave_0 added [ 63.951385] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 63.960489] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 63.970914] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 63.988025] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 63.996247] team0: Port device team_slave_1 added [ 64.030650] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 64.038199] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 64.047676] team0: Port device team_slave_0 added [ 64.061198] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 64.118034] device hsr_slave_0 entered promiscuous mode [ 64.165637] device hsr_slave_1 entered promiscuous mode [ 64.235318] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 64.242784] team0: Port device team_slave_0 added [ 64.255328] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 64.262710] team0: Port device team_slave_1 added [ 64.273551] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 64.281329] team0: Port device team_slave_1 added [ 64.286910] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 64.294239] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 64.301952] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 64.309009] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 64.316734] team0: Port device team_slave_0 added [ 64.322002] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 64.329566] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 64.348307] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 64.356692] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 64.363828] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 64.371440] team0: Port device team_slave_1 added [ 64.383168] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 64.446597] device hsr_slave_0 entered promiscuous mode [ 64.485062] device hsr_slave_1 entered promiscuous mode [ 64.528703] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 64.548154] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 64.617860] device hsr_slave_0 entered promiscuous mode [ 64.675115] device hsr_slave_1 entered promiscuous mode [ 64.735530] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 64.786534] device hsr_slave_0 entered promiscuous mode [ 64.825096] device hsr_slave_1 entered promiscuous mode [ 64.908024] device hsr_slave_0 entered promiscuous mode [ 64.945358] device hsr_slave_1 entered promiscuous mode [ 64.985504] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 64.992458] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 65.004413] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 65.018598] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 65.026248] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 65.043527] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 65.100178] device hsr_slave_0 entered promiscuous mode [ 65.135158] device hsr_slave_1 entered promiscuous mode [ 65.175624] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 65.187374] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 65.195834] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 65.211596] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 65.224972] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 65.231582] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 65.272103] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 65.306895] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 65.366798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.398483] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 65.409775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.421409] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.436733] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.446733] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 65.454379] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 65.464384] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 65.477364] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 65.487641] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 65.495657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.502644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 65.509931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.519898] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 65.526511] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.533900] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 65.544550] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 65.550831] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.563015] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 65.573267] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 65.587355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 65.595662] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.603255] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.609746] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.617080] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 65.623932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.631354] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 65.646842] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 65.654383] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 65.662709] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 65.676089] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 65.686531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 65.693480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.701936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 65.710182] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.718061] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.724404] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.731613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 65.739742] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.747551] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.753869] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.760788] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 65.770129] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.777842] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.784175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.793739] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.805054] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 65.811121] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.823552] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 65.830900] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 65.840315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 65.848310] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.856633] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.862967] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.870695] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 65.882801] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 65.891954] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 65.901339] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.911815] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 65.920495] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 65.935095] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 65.944945] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 65.954401] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 65.965057] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 65.973055] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 65.981302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 65.989507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 65.997589] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.005491] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.011823] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.018744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 66.026461] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.033963] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.040348] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.047352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.061138] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 66.070335] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 66.081114] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 66.098869] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.108835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 66.117146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 66.125109] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.132653] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.139042] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.146704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 66.155588] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 66.163558] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 66.171997] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 66.181513] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 66.191374] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 66.202753] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 66.211141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 66.218575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.228858] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 66.236986] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 66.244482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 66.252609] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 66.260844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 66.268685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 66.276514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 66.284138] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 66.293882] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 66.303438] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.314051] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 66.324085] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 66.332897] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 66.343214] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 66.351128] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 66.358450] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 66.365764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 66.373364] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 66.381082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 66.389361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 66.398307] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 66.412264] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 66.421857] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 66.431333] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 66.439667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 66.448055] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 66.456359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 66.464036] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.471907] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.478272] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.486103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 66.493869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 66.500956] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.512912] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 66.522157] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 66.536573] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 66.542646] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.549317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.556590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 66.564060] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 66.572041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 66.579805] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 66.590222] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 66.599106] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.609929] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 66.616384] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.624526] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 66.636250] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 66.646101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 66.653553] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.661971] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 66.669849] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 66.677665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 66.686208] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 66.695059] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 66.702055] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 66.709477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 66.717584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.725975] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.732316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.747733] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 66.756958] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 66.766373] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 66.774407] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 66.784084] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 66.792448] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.803281] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 66.810089] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.820880] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.828265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 66.835928] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.843278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 66.851241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 66.858762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 66.866793] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.874336] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.880761] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.887657] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 66.895343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.903088] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.917099] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 66.927253] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 66.933274] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready executing program [ 66.952686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 66.970153] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 66.981795] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 66.990889] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready executing program [ 67.001521] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 67.009955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 67.018368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 67.026659] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 67.034365] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 67.042158] bridge0: port 2(bridge_slave_1) entered blocking state executing program [ 67.048541] bridge0: port 2(bridge_slave_1) entered forwarding state [ 67.057225] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 67.070655] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 67.080419] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 67.090900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready executing program [ 67.098870] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 67.107239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 67.114945] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 67.122640] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 67.138295] 8021q: adding VLAN 0 to HW filter on device batadv0 executing program [ 67.151652] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 67.161044] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 67.170344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 67.180718] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 67.188602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 67.197866] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready executing program executing program [ 67.203869] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 67.213708] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 67.222971] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 67.231200] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 67.243791] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready executing program [ 67.252484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 67.260457] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 67.273023] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 67.283269] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready executing program executing program executing program [ 67.311580] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 67.321146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 67.332860] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 67.340691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 67.351300] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 67.360016] ================================================================== [ 67.367496] BUG: KASAN: use-after-free in __xfrm_policy_unlink+0x9ec/0xa00 [ 67.374511] Write of size 8 at addr ffff88808e630dd0 by task syz-executor858/8017 [ 67.382118] [ 67.383735] CPU: 0 PID: 8017 Comm: syz-executor858 Not tainted 4.20.0+ #3 [ 67.390639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.399981] Call Trace: [ 67.402555] dump_stack+0x1db/0x2d0 [ 67.406182] ? dump_stack_print_info.cold+0x20/0x20 [ 67.411204] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 67.416219] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 67.420878] print_address_description.cold+0x7c/0x20d [ 67.426163] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 67.430829] kasan_report.cold+0x8c/0x2ba [ 67.434978] __asan_report_store8_noabort+0x17/0x20 [ 67.439987] __xfrm_policy_unlink+0x9ec/0xa00 [ 67.444469] ? xfrm_policy_walk_done+0x360/0x360 [ 67.449226] ? xfrm_policy_byid+0x4a0/0x4a0 [ 67.453546] ? refcount_inc_checked+0x2b/0x70 [ 67.458027] ? __xfrm_policy_link+0x220/0x2f0 [ 67.462512] ? xfrm_pol_inexact_addr_use_any_list+0x1f0/0x1f0 [ 67.468418] xfrm_policy_insert+0x223/0x910 [ 67.472744] ? xfrm_policy_inexact_insert+0xda0/0xda0 [ 67.477922] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 67.483102] pfkey_spdadd+0x111a/0x19a0 [ 67.487082] ? pfkey_spddelete+0x1090/0x1090 [ 67.491483] ? iov_iter_advance+0x354/0x1490 [ 67.495882] ? pfkey_spddelete+0x1090/0x1090 [ 67.500280] pfkey_process+0x6d2/0x810 [ 67.504155] ? pfkey_send_new_mapping+0x11f0/0x11f0 [ 67.509160] ? copyin+0xb5/0x100 [ 67.512530] ? aa_sk_perm+0x234/0x8e0 [ 67.516325] pfkey_sendmsg+0x5bb/0xfc0 [ 67.520200] ? pfkey_spdget+0xa50/0xa50 [ 67.524161] ? apparmor_socket_sendmsg+0x2a/0x30 [ 67.528911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 67.534448] ? security_socket_sendmsg+0x93/0xc0 [ 67.539191] ? pfkey_spdget+0xa50/0xa50 [ 67.543241] sock_sendmsg+0xdd/0x130 [ 67.546967] ___sys_sendmsg+0x7ec/0x910 [ 67.550954] ? copy_msghdr_from_user+0x570/0x570 [ 67.555704] ? find_held_lock+0x35/0x120 [ 67.559787] ? __fd_install+0x2a0/0x8c0 [ 67.563745] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 67.569277] ? lock_downgrade+0x910/0x910 [ 67.573430] ? kasan_check_read+0x11/0x20 [ 67.577563] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 67.583086] ? __fget_light+0x2db/0x420 [ 67.587057] ? fget_raw+0x20/0x20 [ 67.590525] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 67.596088] ? __fdget+0x1b/0x20 [ 67.599453] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 67.604988] ? sockfd_lookup_light+0xc2/0x160 [ 67.609514] __sys_sendmsg+0x112/0x270 [ 67.613425] ? __ia32_sys_shutdown+0x80/0x80 [ 67.617832] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 67.623211] ? trace_hardirqs_off_caller+0x300/0x300 [ 67.628359] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 67.633153] __x64_sys_sendmsg+0x78/0xb0 [ 67.637200] do_syscall_64+0x1a3/0x800 [ 67.641075] ? syscall_return_slowpath+0x5f0/0x5f0 [ 67.646006] ? prepare_exit_to_usermode+0x232/0x3b0 [ 67.651019] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 67.655864] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 67.661130] RIP: 0033:0x442319 [ 67.664312] Code: e8 6c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 67.683210] RSP: 002b:00007ffcb732e538 EFLAGS: 00000217 ORIG_RAX: 000000000000002e [ 67.690907] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442319 [ 67.698164] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004 [ 67.705436] RBP: 00000000000106da R08: 0000000300000000 R09: 0000000300000000 [ 67.712730] R10: 0000000300000000 R11: 0000000000000217 R12: 0000000000000000 [ 67.719982] R13: 00007ffcb732e570 R14: 0000000000000000 R15: 0000000000000000 [ 67.727252] [ 67.728878] Allocated by task 8014: [ 67.732515] save_stack+0x45/0xd0 [ 67.735976] kasan_kmalloc+0xce/0xf0 [ 67.739680] kmem_cache_alloc_trace+0x152/0x760 [ 67.744334] xfrm_policy_alloc+0xfc/0x510 [ 67.748475] pfkey_spdadd+0x24d/0x19a0 [ 67.752359] pfkey_process+0x6d2/0x810 [ 67.756231] pfkey_sendmsg+0x5bb/0xfc0 [ 67.760102] sock_sendmsg+0xdd/0x130 [ 67.763799] ___sys_sendmsg+0x7ec/0x910 [ 67.767761] __sys_sendmsg+0x112/0x270 [ 67.771656] __x64_sys_sendmsg+0x78/0xb0 [ 67.775716] do_syscall_64+0x1a3/0x800 [ 67.779598] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 67.784771] [ 67.786402] Freed by task 0: [ 67.789444] save_stack+0x45/0xd0 [ 67.792888] __kasan_slab_free+0x102/0x150 [ 67.797116] kasan_slab_free+0xe/0x10 [ 67.800903] kfree+0xcf/0x230 [ 67.803993] xfrm_policy_destroy_rcu+0x48/0x60 [ 67.808569] rcu_process_callbacks+0xc4a/0x1680 [ 67.813231] __do_softirq+0x30b/0xb11 [ 67.817008] [ 67.818619] The buggy address belongs to the object at ffff88808e630dc0 [ 67.818619] which belongs to the cache kmalloc-1k of size 1024 [ 67.831258] The buggy address is located 16 bytes inside of [ 67.831258] 1024-byte region [ffff88808e630dc0, ffff88808e6311c0) [ 67.843128] The buggy address belongs to the page: [ 67.848082] page:ffffea0002398c00 count:1 mapcount:0 mapping:ffff88812c3f0ac0 index:0x0 compound_mapcount: 0 [ 67.858041] flags: 0x1fffc0000010200(slab|head) [ 67.862697] raw: 01fffc0000010200 ffffea0002a00f88 ffffea0002a1a208 ffff88812c3f0ac0 [ 67.870572] raw: 0000000000000000 ffff88808e630040 0000000100000007 0000000000000000 [ 67.878441] page dumped because: kasan: bad access detected [ 67.884129] [ 67.885741] Memory state around the buggy address: [ 67.890660] ffff88808e630c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.898013] ffff88808e630d00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 67.905371] >ffff88808e630d80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 67.912753] ^ [ 67.918746] ffff88808e630e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.926095] ffff88808e630e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.933451] ================================================================== [ 67.940790] Disabling lock debugging due to kernel taint [ 67.946273] Kernel panic - not syncing: panic_on_warn set ... [ 67.952168] CPU: 0 PID: 8017 Comm: syz-executor858 Tainted: G B 4.20.0+ #3 [ 67.960477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.969812] Call Trace: [ 67.972382] dump_stack+0x1db/0x2d0 [ 67.976016] ? dump_stack_print_info.cold+0x20/0x20 [ 67.981119] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 67.985783] panic+0x2cb/0x589 [ 67.988984] ? add_taint.cold+0x16/0x16 [ 67.992946] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 67.997601] ? trace_hardirqs_on+0xb4/0x310 [ 68.001907] ? trace_hardirqs_on+0xb4/0x310 [ 68.006239] ? __xfrm_policy_unlink+0x9ec/0xa00 [ 68.010902] kasan_end_report+0x47/0x4f [ 68.014870] kasan_report.cold+0xa9/0x2ba [ 68.019013] __asan_report_store8_noabort+0x17/0x20 [ 68.024013] __xfrm_policy_unlink+0x9ec/0xa00 [ 68.028492] ? xfrm_policy_walk_done+0x360/0x360 [ 68.033229] ? xfrm_policy_byid+0x4a0/0x4a0 [ 68.037533] ? refcount_inc_checked+0x2b/0x70 [ 68.042007] ? __xfrm_policy_link+0x220/0x2f0 [ 68.046488] ? xfrm_pol_inexact_addr_use_any_list+0x1f0/0x1f0 [ 68.052372] xfrm_policy_insert+0x223/0x910 [ 68.056684] ? xfrm_policy_inexact_insert+0xda0/0xda0 [ 68.061857] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 68.067046] pfkey_spdadd+0x111a/0x19a0 [ 68.071006] ? pfkey_spddelete+0x1090/0x1090 [ 68.075420] ? iov_iter_advance+0x354/0x1490 [ 68.079821] ? pfkey_spddelete+0x1090/0x1090 [ 68.084228] pfkey_process+0x6d2/0x810 [ 68.088111] ? pfkey_send_new_mapping+0x11f0/0x11f0 [ 68.093116] ? copyin+0xb5/0x100 [ 68.096470] ? aa_sk_perm+0x234/0x8e0 [ 68.100294] pfkey_sendmsg+0x5bb/0xfc0 [ 68.104168] ? pfkey_spdget+0xa50/0xa50 [ 68.108140] ? apparmor_socket_sendmsg+0x2a/0x30 [ 68.112895] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 68.118445] ? security_socket_sendmsg+0x93/0xc0 [ 68.123188] ? pfkey_spdget+0xa50/0xa50 [ 68.127146] sock_sendmsg+0xdd/0x130 [ 68.130853] ___sys_sendmsg+0x7ec/0x910 [ 68.134823] ? copy_msghdr_from_user+0x570/0x570 [ 68.139570] ? find_held_lock+0x35/0x120 [ 68.143615] ? __fd_install+0x2a0/0x8c0 [ 68.147573] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 68.153093] ? lock_downgrade+0x910/0x910 [ 68.157228] ? kasan_check_read+0x11/0x20 [ 68.161392] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 68.166954] ? __fget_light+0x2db/0x420 [ 68.170921] ? fget_raw+0x20/0x20 [ 68.174364] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 68.179898] ? __fdget+0x1b/0x20 [ 68.183247] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 68.188903] ? sockfd_lookup_light+0xc2/0x160 [ 68.193384] __sys_sendmsg+0x112/0x270 [ 68.197293] ? __ia32_sys_shutdown+0x80/0x80 [ 68.201689] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 68.207055] ? trace_hardirqs_off_caller+0x300/0x300 [ 68.212156] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 68.216899] __x64_sys_sendmsg+0x78/0xb0 [ 68.220948] do_syscall_64+0x1a3/0x800 [ 68.224835] ? syscall_return_slowpath+0x5f0/0x5f0 [ 68.229756] ? prepare_exit_to_usermode+0x232/0x3b0 [ 68.234768] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 68.239610] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 68.244789] RIP: 0033:0x442319 [ 68.247989] Code: e8 6c e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 68.266884] RSP: 002b:00007ffcb732e538 EFLAGS: 00000217 ORIG_RAX: 000000000000002e [ 68.274572] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442319 [ 68.281822] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004 [ 68.289117] RBP: 00000000000106da R08: 0000000300000000 R09: 0000000300000000 [ 68.296377] R10: 0000000300000000 R11: 0000000000000217 R12: 0000000000000000 [ 68.303637] R13: 00007ffcb732e570 R14: 0000000000000000 R15: 0000000000000000 [ 68.311897] Kernel Offset: disabled [ 68.315519] Rebooting in 86400 seconds..