[ 81.982486][ T27] audit: type=1800 audit(1579326461.467:26): pid=9510 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 82.816750][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 82.816763][ T27] audit: type=1800 audit(1579326462.317:29): pid=9510 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 82.848922][ T27] audit: type=1800 audit(1579326462.327:30): pid=9510 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.78' (ECDSA) to the list of known hosts. 2020/01/18 05:47:52 parsed 1 programs 2020/01/18 05:47:55 executed programs: 0 syzkaller login: [ 96.051541][ T9689] IPVS: ftp: loaded support on port[0] = 21 [ 96.065350][ T9687] IPVS: ftp: loaded support on port[0] = 21 [ 96.121678][ T9694] IPVS: ftp: loaded support on port[0] = 21 [ 96.126267][ T9696] IPVS: ftp: loaded support on port[0] = 21 [ 96.142556][ T9697] IPVS: ftp: loaded support on port[0] = 21 [ 96.150654][ T9692] IPVS: ftp: loaded support on port[0] = 21 [ 96.242121][ T9689] chnl_net:caif_netlink_parms(): no params data found [ 96.351172][ T9689] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.359706][ T9689] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.368673][ T9689] device bridge_slave_0 entered promiscuous mode [ 96.428631][ T9689] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.437948][ T9689] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.446578][ T9689] device bridge_slave_1 entered promiscuous mode [ 96.473720][ T9689] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.510202][ T9687] chnl_net:caif_netlink_parms(): no params data found [ 96.521392][ T9689] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.538912][ T9696] chnl_net:caif_netlink_parms(): no params data found [ 96.590620][ T9689] team0: Port device team_slave_0 added [ 96.643760][ T9689] team0: Port device team_slave_1 added [ 96.780555][ T9689] device hsr_slave_0 entered promiscuous mode [ 96.847466][ T9689] device hsr_slave_1 entered promiscuous mode [ 96.949841][ T9694] chnl_net:caif_netlink_parms(): no params data found [ 96.960634][ T9687] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.968878][ T9687] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.977854][ T9687] device bridge_slave_0 entered promiscuous mode [ 97.000363][ T9696] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.008521][ T9696] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.016906][ T9696] device bridge_slave_0 entered promiscuous mode [ 97.024977][ T9697] chnl_net:caif_netlink_parms(): no params data found [ 97.046898][ T9687] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.055615][ T9687] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.066617][ T9687] device bridge_slave_1 entered promiscuous mode [ 97.080461][ T9692] chnl_net:caif_netlink_parms(): no params data found [ 97.090027][ T9696] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.098575][ T9696] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.108138][ T9696] device bridge_slave_1 entered promiscuous mode [ 97.173830][ T9687] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.192558][ T9696] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.219758][ T9687] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.245755][ T9696] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.294407][ T9687] team0: Port device team_slave_0 added [ 97.325222][ T9694] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.333506][ T9694] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.342470][ T9694] device bridge_slave_0 entered promiscuous mode [ 97.360684][ T9687] team0: Port device team_slave_1 added [ 97.371616][ T9696] team0: Port device team_slave_0 added [ 97.389697][ T9692] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.397357][ T9692] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.405592][ T9692] device bridge_slave_0 entered promiscuous mode [ 97.414730][ T9697] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.422101][ T9697] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.431191][ T9697] device bridge_slave_0 entered promiscuous mode [ 97.440544][ T9694] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.449602][ T9694] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.459085][ T9694] device bridge_slave_1 entered promiscuous mode [ 97.475224][ T9696] team0: Port device team_slave_1 added [ 97.481972][ T9692] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.491951][ T9692] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.501299][ T9692] device bridge_slave_1 entered promiscuous mode [ 97.510704][ T9697] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.519071][ T9697] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.527221][ T9697] device bridge_slave_1 entered promiscuous mode [ 97.552442][ T9694] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.604362][ T9697] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.615853][ T9694] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.641316][ T9692] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.719257][ T9687] device hsr_slave_0 entered promiscuous mode [ 97.777603][ T9687] device hsr_slave_1 entered promiscuous mode [ 97.817268][ T9687] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.825454][ T9687] Cannot create hsr debugfs directory [ 97.833811][ T9697] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.890125][ T9696] device hsr_slave_0 entered promiscuous mode [ 97.937550][ T9696] device hsr_slave_1 entered promiscuous mode [ 97.987144][ T9696] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.995717][ T9696] Cannot create hsr debugfs directory [ 98.011514][ T9692] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.069484][ T9694] team0: Port device team_slave_0 added [ 98.089920][ T9692] team0: Port device team_slave_0 added [ 98.104067][ T9689] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 98.170295][ T9694] team0: Port device team_slave_1 added [ 98.180509][ T9697] team0: Port device team_slave_0 added [ 98.203894][ T9692] team0: Port device team_slave_1 added [ 98.211204][ T9689] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 98.271984][ T9689] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 98.360866][ T9697] team0: Port device team_slave_1 added [ 98.392119][ T9689] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 98.550894][ T9694] device hsr_slave_0 entered promiscuous mode [ 98.607756][ T9694] device hsr_slave_1 entered promiscuous mode [ 98.647380][ T9694] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 98.656562][ T9694] Cannot create hsr debugfs directory [ 98.720591][ T9697] device hsr_slave_0 entered promiscuous mode [ 98.777610][ T9697] device hsr_slave_1 entered promiscuous mode [ 98.817211][ T9697] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 98.829578][ T9697] Cannot create hsr debugfs directory [ 98.901667][ T9692] device hsr_slave_0 entered promiscuous mode [ 98.967365][ T9692] device hsr_slave_1 entered promiscuous mode [ 99.047112][ T9692] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 99.055076][ T9692] Cannot create hsr debugfs directory [ 99.175538][ T9696] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 99.232541][ T9696] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 99.303297][ T9696] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 99.362513][ T9696] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 99.609373][ T9689] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.620493][ T9692] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 99.685179][ T9692] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 99.745977][ T9692] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 99.806193][ T9694] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 99.859421][ T9687] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 99.918586][ T9692] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 99.996349][ T9694] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 100.028813][ T9687] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 100.080433][ T9687] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 100.140407][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 100.152443][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 100.163149][ T9697] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 100.209478][ T9697] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 100.269982][ T9694] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 100.321367][ T9694] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 100.390965][ T9687] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 100.441679][ T9689] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.450674][ T9697] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 100.510371][ T9697] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 100.650490][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 100.660194][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 100.670193][ T2739] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.677463][ T2739] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.686176][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 100.699849][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 100.711305][ T2739] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.719602][ T2739] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.752787][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 100.765582][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 100.786018][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 100.795971][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 100.808444][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 100.819339][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 100.840554][ T9696] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.908820][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 100.920403][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 100.930203][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 100.938778][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 100.948026][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 100.956667][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 100.966531][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 100.976128][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 100.993336][ T9696] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.041117][ T9689] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 101.053104][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.063529][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.073446][ T2813] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.080968][ T2813] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.089682][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 101.123188][ T9687] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.149041][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.162645][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 101.173234][ T2738] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.180789][ T2738] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.190187][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 101.199626][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 101.210039][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 101.242664][ T9692] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.260264][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 101.274215][ T9697] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.304366][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 101.314128][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.325996][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 101.344993][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 101.359158][ T9689] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.378883][ T9687] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.392921][ T9692] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.401300][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 101.410576][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 101.421068][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.431347][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 101.440247][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 101.456761][ T9694] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.476014][ T9697] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.489463][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 101.498108][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 101.506703][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 101.519477][ T2740] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 101.548082][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.558638][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.569503][ T2692] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.578575][ T2692] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.590628][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.599605][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 101.609528][ T2692] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.617341][ T2692] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.625070][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 101.634366][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.643132][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.651986][ T2692] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.660417][ T2692] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.686144][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 101.696581][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 101.705052][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 101.715482][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 101.724899][ T2692] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.732503][ T2692] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.741635][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.750777][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 101.759524][ T2692] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.766575][ T2692] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.774559][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 101.783688][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 101.793413][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 101.802187][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 101.812020][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 101.842561][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 101.851865][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 101.861388][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 101.870469][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 101.879145][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 101.887665][ T2739] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.894725][ T2739] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.905887][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 101.922727][ T9696] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 101.949284][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 101.961204][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 101.972633][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 101.982465][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 101.990433][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 101.998405][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 102.007063][ T2739] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 102.026560][ T9687] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 102.040501][ T9687] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 102.056501][ T9694] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.088012][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 102.096468][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 102.106116][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 102.115065][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 102.124642][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 102.134571][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 102.143334][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 102.152472][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 102.160463][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 102.168662][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 102.199313][ T9689] device veth0_vlan entered promiscuous mode [ 102.220152][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 102.228991][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 102.237883][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 102.251416][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 102.259900][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 102.268799][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 102.278308][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 102.287564][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 102.295983][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 102.306305][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 102.315466][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 102.324216][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 102.332693][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 102.342422][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 102.352476][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 102.361183][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 102.370367][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 102.379605][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 102.388265][ T2738] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.395439][ T2738] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.404785][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 102.418258][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 102.426754][ T2813] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 102.438455][ T9692] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 102.453031][ T9696] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.473549][ T9697] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 102.485083][ T9697] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 102.496752][ T9689] device veth1_vlan entered promiscuous mode [ 102.508468][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 102.519694][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 102.529420][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 102.539652][ T2701] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.546727][ T2701] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.554625][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 102.562790][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 102.571531][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 102.580692][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 102.599116][ T9687] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.618638][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 102.629277][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 102.667136][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 102.675141][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 102.684737][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 102.693766][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 102.702838][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 102.712334][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 102.720846][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 102.767555][ T9697] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.775758][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 102.786324][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 102.795458][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 102.805148][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 102.812958][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 2020/01/18 05:48:02 executed programs: 6 [ 102.872776][ T9692] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.882129][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 102.927071][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 102.935555][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 102.983748][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 102.992781][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 103.001882][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 103.021723][ T9694] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 103.054099][ T9696] device veth0_vlan entered promiscuous mode [ 103.063453][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 103.073756][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 103.084977][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 103.102110][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 103.205912][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 103.214210][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 103.227303][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 103.235937][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 103.259131][ T9696] device veth1_vlan entered promiscuous mode [ 103.293886][ T9697] device veth0_vlan entered promiscuous mode [ 103.321245][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 103.330463][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 103.339476][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 103.348848][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 103.357484][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 103.365773][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 103.375583][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 103.384045][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 103.393125][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 103.401217][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 103.409685][ T9687] device veth0_vlan entered promiscuous mode [ 103.425400][ T9697] device veth1_vlan entered promiscuous mode [ 103.447647][ T9694] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.465102][ T9687] device veth1_vlan entered promiscuous mode [ 103.484012][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 103.493030][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 103.502346][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 103.512874][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 103.521788][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 103.593148][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 103.603444][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 103.613497][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 103.639358][ T9692] device veth0_vlan entered promiscuous mode [ 103.657937][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 103.665857][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 103.723192][ T9692] device veth1_vlan entered promiscuous mode [ 103.777426][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 103.895693][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 103.917814][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 103.965357][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 103.989842][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 103.999341][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 104.008341][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 104.020575][ T9694] device veth0_vlan entered promiscuous mode [ 104.038841][ T9694] device veth1_vlan entered promiscuous mode [ 104.858445][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 104.887922][ T2738] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready 2020/01/18 05:48:07 executed programs: 169 [ 109.854004][T10360] ================================================================== [ 109.863364][T10360] BUG: KASAN: slab-out-of-bounds in bitmap_port_add+0xef/0xe60 [ 109.871545][T10360] Read of size 8 at addr ffff8880a3650040 by task syz-executor.1/10360 [ 109.880736][T10360] [ 109.883084][T10360] CPU: 1 PID: 10360 Comm: syz-executor.1 Not tainted 5.5.0-rc6-syzkaller #0 [ 109.891842][T10360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 109.902015][T10360] Call Trace: [ 109.905404][T10360] dump_stack+0x197/0x210 [ 109.909750][T10360] ? bitmap_port_add+0xef/0xe60 [ 109.914620][T10360] print_address_description.constprop.0.cold+0xd4/0x30b [ 109.922996][T10360] ? bitmap_port_add+0xef/0xe60 [ 109.928004][T10360] ? bitmap_port_add+0xef/0xe60 [ 109.932871][T10360] __kasan_report.cold+0x1b/0x41 [ 109.937844][T10360] ? bitmap_port_add+0xef/0xe60 [ 109.942717][T10360] kasan_report+0x12/0x20 [ 109.947073][T10360] check_memory_region+0x134/0x1a0 [ 109.952198][T10360] __kasan_check_read+0x11/0x20 [ 109.957071][T10360] bitmap_port_add+0xef/0xe60 [ 109.961866][T10360] bitmap_port_uadt+0x65d/0x8a0 [ 109.967183][T10360] ? retint_kernel+0x2b/0x2b [ 109.971932][T10360] ? bitmap_port_gc+0x4f0/0x4f0 [ 109.976804][T10360] ? bitmap_port_same_set+0x1a0/0x1a0 [ 109.983202][T10360] call_ad+0x1a0/0x5a0 [ 109.987291][T10360] ? start_msg+0x220/0x220 [ 109.991821][T10360] ? nla_memcpy+0xb0/0xb0 [ 109.996197][T10360] ? __nla_parse+0x43/0x60 [ 110.001327][T10360] ip_set_ad.isra.0+0x572/0xb20 [ 110.006211][T10360] ? ip_set_nfnl_get_byindex+0x460/0x460 [ 110.011999][T10360] ? nla_memcpy+0xb0/0xb0 [ 110.016757][T10360] ? lock_downgrade+0x920/0x920 [ 110.022144][T10360] ip_set_uadd+0x37/0x50 [ 110.026384][T10360] ? ip_set_udel+0x50/0x50 [ 110.030812][T10360] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 110.037075][T10360] ? nfnetlink_bind+0x2c0/0x2c0 [ 110.041940][T10360] ? find_held_lock+0x35/0x130 [ 110.046829][T10360] ? __local_bh_enable_ip+0x15a/0x270 [ 110.052387][T10360] ? __dev_queue_xmit+0x175c/0x35c0 [ 110.057604][T10360] ? __local_bh_enable_ip+0x15a/0x270 [ 110.063112][T10360] ? lockdep_hardirqs_on+0x421/0x5e0 [ 110.068514][T10360] ? __dev_queue_xmit+0x172e/0x35c0 [ 110.073842][T10360] ? trace_hardirqs_on+0x67/0x240 [ 110.078954][T10360] ? __dev_queue_xmit+0x172e/0x35c0 [ 110.085064][T10360] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.091318][T10360] ? apparmor_capable+0x497/0x900 [ 110.096450][T10360] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.102701][T10360] ? __kasan_check_read+0x11/0x20 [ 110.107967][T10360] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 110.114636][T10360] netlink_rcv_skb+0x177/0x450 [ 110.120209][T10360] ? nfnetlink_bind+0x2c0/0x2c0 [ 110.125068][T10360] ? netlink_ack+0xb50/0xb50 [ 110.130572][T10360] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.136927][T10360] ? ns_capable_common+0x93/0x100 [ 110.141977][T10360] ? ns_capable+0x20/0x30 [ 110.146764][T10360] ? __netlink_ns_capable+0x104/0x140 [ 110.152569][T10360] nfnetlink_rcv+0x1ba/0x460 [ 110.157173][T10360] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 110.163128][T10360] ? netlink_deliver_tap+0x24a/0xbe0 [ 110.168538][T10360] netlink_unicast+0x58c/0x7d0 [ 110.174999][T10360] ? netlink_attachskb+0x870/0x870 [ 110.180225][T10360] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 110.187243][T10360] ? __check_object_size+0x3d/0x437 [ 110.193119][T10360] netlink_sendmsg+0x91c/0xea0 [ 110.200565][T10360] ? netlink_unicast+0x7d0/0x7d0 [ 110.205509][T10360] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 110.220188][T10360] ? apparmor_socket_sendmsg+0x2a/0x30 [ 110.226150][T10360] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.233338][T10360] ? security_socket_sendmsg+0x8d/0xc0 [ 110.239088][T10360] ? netlink_unicast+0x7d0/0x7d0 [ 110.245082][T10360] sock_sendmsg+0xd7/0x130 [ 110.250520][T10360] ____sys_sendmsg+0x753/0x880 [ 110.255428][T10360] ? kernel_sendmsg+0x50/0x50 [ 110.260374][T10360] ? __fget+0x35d/0x550 [ 110.265276][T10360] ? find_held_lock+0x35/0x130 [ 110.270435][T10360] ___sys_sendmsg+0x100/0x170 [ 110.275499][T10360] ? sendmsg_copy_msghdr+0x70/0x70 [ 110.281229][T10360] ? __kasan_check_read+0x11/0x20 [ 110.287050][T10360] ? __fget+0x37f/0x550 [ 110.291495][T10360] ? ksys_dup3+0x3e0/0x3e0 [ 110.295936][T10360] ? __fget_light+0x1a9/0x230 [ 110.300852][T10360] ? __fdget+0x1b/0x20 [ 110.304922][T10360] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 110.311276][T10360] __sys_sendmsg+0x105/0x1d0 [ 110.315883][T10360] ? __sys_sendmsg_sock+0xc0/0xc0 [ 110.320932][T10360] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 110.327530][T10360] ? do_syscall_64+0x26/0x790 [ 110.332213][T10360] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 110.338463][T10360] ? do_syscall_64+0x26/0x790 [ 110.344153][T10360] __x64_sys_sendmsg+0x78/0xb0 [ 110.349175][T10360] do_syscall_64+0xfa/0x790 [ 110.355090][T10360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 110.361019][T10360] RIP: 0033:0x45aff9 [ 110.364963][T10360] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 110.385000][T10360] RSP: 002b:00007f2bcd600c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 110.394069][T10360] RAX: ffffffffffffffda RBX: 00007f2bcd6016d4 RCX: 000000000045aff9 [ 110.402077][T10360] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 110.410037][T10360] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 110.418009][T10360] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 110.427033][T10360] R13: 00000000000008c8 R14: 00000000004c9dfc R15: 000000000075bf2c [ 110.435023][T10360] [ 110.437697][T10360] Allocated by task 10342: [ 110.442136][T10360] save_stack+0x23/0x90 [ 110.446304][T10360] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 110.452896][T10360] kasan_kmalloc+0x9/0x10 [ 110.457259][T10360] __kmalloc+0x163/0x770 [ 110.461606][T10360] ip_set_alloc+0x38/0x5e [ 110.465945][T10360] bitmap_port_create+0x3dc/0x7c0 [ 110.471774][T10360] ip_set_create+0x6f1/0x1500 [ 110.478530][T10360] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 110.483567][T10360] netlink_rcv_skb+0x177/0x450 [ 110.488321][T10360] nfnetlink_rcv+0x1ba/0x460 [ 110.492904][T10360] netlink_unicast+0x58c/0x7d0 [ 110.497748][T10360] netlink_sendmsg+0x91c/0xea0 [ 110.503408][T10360] sock_sendmsg+0xd7/0x130 [ 110.507834][T10360] ____sys_sendmsg+0x753/0x880 [ 110.512612][T10360] ___sys_sendmsg+0x100/0x170 [ 110.517292][T10360] __sys_sendmsg+0x105/0x1d0 [ 110.521970][T10360] __x64_sys_sendmsg+0x78/0xb0 [ 110.526731][T10360] do_syscall_64+0xfa/0x790 [ 110.531250][T10360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 110.537263][T10360] [ 110.539770][T10360] Freed by task 9689: [ 110.544720][T10360] save_stack+0x23/0x90 [ 110.548879][T10360] __kasan_slab_free+0x102/0x150 [ 110.553815][T10360] kasan_slab_free+0xe/0x10 [ 110.558342][T10360] kfree+0x10a/0x2c0 [ 110.562247][T10360] kvfree+0x61/0x70 [ 110.566055][T10360] translate_table+0xbfd/0x1860 [ 110.571029][T10360] do_ip6t_set_ctl+0x2fe/0x4c8 [ 110.575865][T10360] nf_setsockopt+0x77/0xd0 [ 110.580317][T10360] ipv6_setsockopt+0x13e/0x170 [ 110.585229][T10360] tcp_setsockopt+0x8f/0xe0 [ 110.589744][T10360] sock_common_setsockopt+0x94/0xd0 [ 110.595507][T10360] __sys_setsockopt+0x261/0x4c0 [ 110.600466][T10360] __x64_sys_setsockopt+0xbe/0x150 [ 110.605757][T10360] do_syscall_64+0xfa/0x790 [ 110.610379][T10360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 110.617839][T10360] [ 110.620254][T10360] The buggy address belongs to the object at ffff8880a3650040 [ 110.620254][T10360] which belongs to the cache kmalloc-32 of size 32 [ 110.634321][T10360] The buggy address is located 0 bytes inside of [ 110.634321][T10360] 32-byte region [ffff8880a3650040, ffff8880a3650060) [ 110.648469][T10360] The buggy address belongs to the page: [ 110.654245][T10360] page:ffffea00028d9400 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a3650fc1 [ 110.666409][T10360] raw: 00fffe0000000200 ffffea00029c7dc8 ffffea00028dd988 ffff8880aa4001c0 [ 110.675861][T10360] raw: ffff8880a3650fc1 ffff8880a3650000 000000010000002e 0000000000000000 [ 110.684582][T10360] page dumped because: kasan: bad access detected [ 110.692153][T10360] [ 110.694493][T10360] Memory state around the buggy address: [ 110.700130][T10360] ffff8880a364ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 110.708203][T10360] ffff8880a364ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 110.716387][T10360] >ffff8880a3650000: fb fb fb fb fc fc fc fc 04 fc fc fc fc fc fc fc [ 110.725420][T10360] ^ [ 110.732457][T10360] ffff8880a3650080: 00 00 00 02 fc fc fc fc fb fb fb fb fc fc fc fc [ 110.741650][T10360] ffff8880a3650100: 00 00 05 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 110.750566][T10360] ================================================================== [ 110.759322][T10360] Disabling lock debugging due to kernel taint [ 110.765574][T10360] Kernel panic - not syncing: panic_on_warn set ... [ 110.772266][T10360] CPU: 1 PID: 10360 Comm: syz-executor.1 Tainted: G B 5.5.0-rc6-syzkaller #0 [ 110.782514][T10360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 110.792588][T10360] Call Trace: [ 110.795898][T10360] dump_stack+0x197/0x210 [ 110.800424][T10360] panic+0x2e3/0x75c [ 110.804324][T10360] ? add_taint.cold+0x16/0x16 [ 110.809164][T10360] ? trace_hardirqs_on+0x5e/0x240 [ 110.814382][T10360] ? trace_hardirqs_on+0x5e/0x240 [ 110.821158][T10360] ? bitmap_port_add+0xef/0xe60 [ 110.827064][T10360] end_report+0x47/0x4f [ 110.831814][T10360] ? bitmap_port_add+0xef/0xe60 [ 110.836780][T10360] __kasan_report.cold+0xe/0x41 [ 110.841901][T10360] ? bitmap_port_add+0xef/0xe60 [ 110.846764][T10360] kasan_report+0x12/0x20 [ 110.851099][T10360] check_memory_region+0x134/0x1a0 [ 110.856302][T10360] __kasan_check_read+0x11/0x20 [ 110.861170][T10360] bitmap_port_add+0xef/0xe60 [ 110.866216][T10360] bitmap_port_uadt+0x65d/0x8a0 [ 110.871072][T10360] ? retint_kernel+0x2b/0x2b [ 110.875749][T10360] ? bitmap_port_gc+0x4f0/0x4f0 [ 110.880600][T10360] ? bitmap_port_same_set+0x1a0/0x1a0 [ 110.885996][T10360] call_ad+0x1a0/0x5a0 [ 110.890147][T10360] ? start_msg+0x220/0x220 [ 110.894550][T10360] ? nla_memcpy+0xb0/0xb0 [ 110.898924][T10360] ? __nla_parse+0x43/0x60 [ 110.903349][T10360] ip_set_ad.isra.0+0x572/0xb20 [ 110.908319][T10360] ? ip_set_nfnl_get_byindex+0x460/0x460 [ 110.914063][T10360] ? nla_memcpy+0xb0/0xb0 [ 110.918404][T10360] ? lock_downgrade+0x920/0x920 [ 110.924849][T10360] ip_set_uadd+0x37/0x50 [ 110.929640][T10360] ? ip_set_udel+0x50/0x50 [ 110.934061][T10360] nfnetlink_rcv_msg+0xcf2/0xfb0 [ 110.939048][T10360] ? nfnetlink_bind+0x2c0/0x2c0 [ 110.943931][T10360] ? find_held_lock+0x35/0x130 [ 110.948797][T10360] ? __local_bh_enable_ip+0x15a/0x270 [ 110.954167][T10360] ? __dev_queue_xmit+0x175c/0x35c0 [ 110.959447][T10360] ? __local_bh_enable_ip+0x15a/0x270 [ 110.964823][T10360] ? lockdep_hardirqs_on+0x421/0x5e0 [ 110.970199][T10360] ? __dev_queue_xmit+0x172e/0x35c0 [ 110.975402][T10360] ? trace_hardirqs_on+0x67/0x240 [ 110.980438][T10360] ? __dev_queue_xmit+0x172e/0x35c0 [ 110.985664][T10360] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.992969][T10360] ? apparmor_capable+0x497/0x900 [ 110.998428][T10360] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 111.005224][T10360] ? __kasan_check_read+0x11/0x20 [ 111.010268][T10360] ? apparmor_cred_prepare+0x7b0/0x7b0 [ 111.015759][T10360] netlink_rcv_skb+0x177/0x450 [ 111.020524][T10360] ? nfnetlink_bind+0x2c0/0x2c0 [ 111.025924][T10360] ? netlink_ack+0xb50/0xb50 [ 111.030811][T10360] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 111.039674][T10360] ? ns_capable_common+0x93/0x100 [ 111.044711][T10360] ? ns_capable+0x20/0x30 [ 111.049028][T10360] ? __netlink_ns_capable+0x104/0x140 [ 111.054417][T10360] nfnetlink_rcv+0x1ba/0x460 [ 111.059014][T10360] ? nfnetlink_rcv_batch+0x17a0/0x17a0 [ 111.064581][T10360] ? netlink_deliver_tap+0x24a/0xbe0 [ 111.069877][T10360] netlink_unicast+0x58c/0x7d0 [ 111.075605][T10360] ? netlink_attachskb+0x870/0x870 [ 111.080712][T10360] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 111.086433][T10360] ? __check_object_size+0x3d/0x437 [ 111.091857][T10360] netlink_sendmsg+0x91c/0xea0 [ 111.096624][T10360] ? netlink_unicast+0x7d0/0x7d0 [ 111.102083][T10360] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 111.107916][T10360] ? apparmor_socket_sendmsg+0x2a/0x30 [ 111.113820][T10360] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 111.120068][T10360] ? security_socket_sendmsg+0x8d/0xc0 [ 111.126490][T10360] ? netlink_unicast+0x7d0/0x7d0 [ 111.131562][T10360] sock_sendmsg+0xd7/0x130 [ 111.135981][T10360] ____sys_sendmsg+0x753/0x880 [ 111.140745][T10360] ? kernel_sendmsg+0x50/0x50 [ 111.146052][T10360] ? __fget+0x35d/0x550 [ 111.150202][T10360] ? find_held_lock+0x35/0x130 [ 111.154964][T10360] ___sys_sendmsg+0x100/0x170 [ 111.159657][T10360] ? sendmsg_copy_msghdr+0x70/0x70 [ 111.165320][T10360] ? __kasan_check_read+0x11/0x20 [ 111.171723][T10360] ? __fget+0x37f/0x550 [ 111.176595][T10360] ? ksys_dup3+0x3e0/0x3e0 [ 111.181100][T10360] ? __fget_light+0x1a9/0x230 [ 111.186539][T10360] ? __fdget+0x1b/0x20 [ 111.190616][T10360] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 111.196903][T10360] __sys_sendmsg+0x105/0x1d0 [ 111.201497][T10360] ? __sys_sendmsg_sock+0xc0/0xc0 [ 111.206529][T10360] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 111.211982][T10360] ? do_syscall_64+0x26/0x790 [ 111.216658][T10360] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 111.222731][T10360] ? do_syscall_64+0x26/0x790 [ 111.227409][T10360] __x64_sys_sendmsg+0x78/0xb0 [ 111.232165][T10360] do_syscall_64+0xfa/0x790 [ 111.236673][T10360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 111.242583][T10360] RIP: 0033:0x45aff9 [ 111.246482][T10360] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 111.266199][T10360] RSP: 002b:00007f2bcd600c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 111.274887][T10360] RAX: ffffffffffffffda RBX: 00007f2bcd6016d4 RCX: 000000000045aff9 [ 111.283469][T10360] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 111.292522][T10360] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 111.301183][T10360] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 111.309171][T10360] R13: 00000000000008c8 R14: 00000000004c9dfc R15: 000000000075bf2c [ 111.318595][T10360] Kernel Offset: disabled [ 111.322937][T10360] Rebooting in 86400 seconds..