[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 57.299157][ T25] audit: type=1800 audit(1569202632.523:25): pid=8662 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 57.321685][ T25] audit: type=1800 audit(1569202632.523:26): pid=8662 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 57.343352][ T25] audit: type=1800 audit(1569202632.523:27): pid=8662 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.225' (ECDSA) to the list of known hosts. 2019/09/23 01:37:22 parsed 1 programs 2019/09/23 01:37:24 executed programs: 0 syzkaller login: [ 69.877394][ T8839] IPVS: ftp: loaded support on port[0] = 21 [ 69.886272][ T8837] IPVS: ftp: loaded support on port[0] = 21 [ 69.895362][ T8841] IPVS: ftp: loaded support on port[0] = 21 [ 69.904274][ T8838] IPVS: ftp: loaded support on port[0] = 21 [ 69.923601][ T8840] IPVS: ftp: loaded support on port[0] = 21 [ 69.925730][ T8842] IPVS: ftp: loaded support on port[0] = 21 [ 70.176702][ T8841] chnl_net:caif_netlink_parms(): no params data found [ 70.189739][ T8837] chnl_net:caif_netlink_parms(): no params data found [ 70.253347][ T8840] chnl_net:caif_netlink_parms(): no params data found [ 70.365277][ T8837] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.373351][ T8837] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.381548][ T8837] device bridge_slave_0 entered promiscuous mode [ 70.399124][ T8841] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.407429][ T8841] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.415872][ T8841] device bridge_slave_0 entered promiscuous mode [ 70.423487][ T8838] chnl_net:caif_netlink_parms(): no params data found [ 70.444100][ T8837] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.451597][ T8837] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.459453][ T8837] device bridge_slave_1 entered promiscuous mode [ 70.477319][ T8841] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.484678][ T8841] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.494708][ T8841] device bridge_slave_1 entered promiscuous mode [ 70.503036][ T8840] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.510651][ T8840] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.518419][ T8840] device bridge_slave_0 entered promiscuous mode [ 70.529384][ T8840] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.536704][ T8840] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.545311][ T8840] device bridge_slave_1 entered promiscuous mode [ 70.582303][ T8839] chnl_net:caif_netlink_parms(): no params data found [ 70.604054][ T8837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.615010][ T8837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.637312][ T8841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.649852][ T8840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.669138][ T8842] chnl_net:caif_netlink_parms(): no params data found [ 70.686355][ T8841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.698174][ T8840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.729654][ T8840] team0: Port device team_slave_0 added [ 70.741755][ T8838] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.748836][ T8838] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.756719][ T8838] device bridge_slave_0 entered promiscuous mode [ 70.768799][ T8838] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.775974][ T8838] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.786463][ T8838] device bridge_slave_1 entered promiscuous mode [ 70.798534][ T8837] team0: Port device team_slave_0 added [ 70.805837][ T8840] team0: Port device team_slave_1 added [ 70.834737][ T8837] team0: Port device team_slave_1 added [ 70.844018][ T8841] team0: Port device team_slave_0 added [ 70.866264][ T8839] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.873822][ T8839] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.881911][ T8839] device bridge_slave_0 entered promiscuous mode [ 70.889597][ T8839] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.896949][ T8839] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.905226][ T8839] device bridge_slave_1 entered promiscuous mode [ 70.922380][ T8841] team0: Port device team_slave_1 added [ 70.934075][ T8838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.993539][ T8840] device hsr_slave_0 entered promiscuous mode [ 71.030769][ T8840] device hsr_slave_1 entered promiscuous mode [ 71.090267][ T8839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.099614][ T8842] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.108038][ T8842] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.117091][ T8842] device bridge_slave_0 entered promiscuous mode [ 71.126016][ T8838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.193454][ T8837] device hsr_slave_0 entered promiscuous mode [ 71.230611][ T8837] device hsr_slave_1 entered promiscuous mode [ 71.270321][ T8837] debugfs: Directory 'hsr0' with parent '/' already present! [ 71.279285][ T8839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.289398][ T8842] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.296847][ T8842] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.304753][ T8842] device bridge_slave_1 entered promiscuous mode [ 71.402419][ T8841] device hsr_slave_0 entered promiscuous mode [ 71.440981][ T8841] device hsr_slave_1 entered promiscuous mode [ 71.500385][ T8841] debugfs: Directory 'hsr0' with parent '/' already present! [ 71.527003][ T8842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.544476][ T8842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.556426][ T8838] team0: Port device team_slave_0 added [ 71.565034][ T8838] team0: Port device team_slave_1 added [ 71.572680][ T8839] team0: Port device team_slave_0 added [ 71.595907][ T8842] team0: Port device team_slave_0 added [ 71.604095][ T8839] team0: Port device team_slave_1 added [ 71.622465][ T8842] team0: Port device team_slave_1 added [ 71.673365][ T8838] device hsr_slave_0 entered promiscuous mode [ 71.710724][ T8838] device hsr_slave_1 entered promiscuous mode [ 71.750394][ T8838] debugfs: Directory 'hsr0' with parent '/' already present! [ 71.823831][ T8839] device hsr_slave_0 entered promiscuous mode [ 71.893923][ T8839] device hsr_slave_1 entered promiscuous mode [ 71.950391][ T8839] debugfs: Directory 'hsr0' with parent '/' already present! [ 71.962387][ T8837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.013336][ T8842] device hsr_slave_0 entered promiscuous mode [ 72.070621][ T8842] device hsr_slave_1 entered promiscuous mode [ 72.110569][ T8842] debugfs: Directory 'hsr0' with parent '/' already present! [ 72.156947][ T8837] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.179892][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 72.192273][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.225311][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.234800][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.245598][ T3010] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.254544][ T3010] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.263273][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.272667][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.281127][ T3010] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.288197][ T3010] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.296791][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.345589][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 72.355982][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 72.367018][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 72.377206][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.387144][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 72.414682][ T8838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.427942][ T8840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.442220][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 72.450795][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 72.459129][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 72.468709][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 72.483528][ T8842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.503068][ T8837] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 72.515055][ T8837] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 72.533052][ T8840] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.548930][ T8839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.556505][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 72.564996][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 72.574356][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 72.582201][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.589921][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 72.599300][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.612326][ T8838] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.627740][ T8842] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.642675][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 72.651785][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.660581][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.669336][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.679642][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.686948][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.695075][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.704061][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.712662][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.719724][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.728123][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.745864][ T8839] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.758846][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 72.768614][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.777134][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.785994][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.795087][ T8849] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.802215][ T8849] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.810576][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.819375][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.828181][ T8849] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.835536][ T8849] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.843967][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.852964][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.861588][ T8849] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.868684][ T8849] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.877513][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.886163][ T8849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.904704][ T8841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.928609][ T8837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.937545][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 72.947557][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.956859][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.967183][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.975061][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.983803][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 72.992582][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.001844][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.010909][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 73.019590][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.029041][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.057817][ T8840] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 73.069021][ T8840] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 73.088066][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 73.098274][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.113659][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.126611][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.137328][ T8851] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.144454][ T8851] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.152870][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 73.161008][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 73.169074][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.177951][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.186760][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 73.198346][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.207670][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 73.216144][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.224591][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.233383][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.241922][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 73.249877][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.259432][ T8841] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.269417][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.279311][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.326613][ T8842] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 73.339867][ T8842] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 73.365721][ T8840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.379426][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.388789][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 73.397826][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.410602][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.415512][ C0] hrtimer: interrupt took 35022 ns [ 73.419385][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.433522][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.443011][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.451664][ T8850] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.458739][ T8850] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.466534][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.482388][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.496335][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 73.506322][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.522944][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.537308][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.547363][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 73.562203][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.581116][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 73.589676][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.599610][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 73.608364][ T8850] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.623282][ T8839] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 73.635452][ T8839] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 73.663223][ T8842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.673613][ T8838] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 73.685885][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.705923][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.719899][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.728255][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.740831][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 73.749351][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.758834][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 73.771161][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.789052][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.798219][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.807060][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.814281][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.822551][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 73.831245][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.840795][ T2834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.848443][ T2834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 73.885073][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.894846][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.908327][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.915474][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.923730][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.932544][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.941693][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 73.950432][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.960177][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.968805][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.984483][ T8839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.018532][ T8838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.042018][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 74.062230][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 74.082426][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.115444][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 74.134660][ T8851] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 74.182145][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 74.323188][ T8841] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/09/23 01:37:30 executed programs: 16 [ 79.682103][ T9383] ================================================================== [ 79.690638][ T9383] BUG: KASAN: use-after-free in rxrpc_release_call+0x937/0xa50 [ 79.698257][ T9383] Read of size 8 at addr ffff88808ed24710 by task syz-executor.5/9383 [ 79.706467][ T9383] [ 79.708898][ T9383] CPU: 1 PID: 9383 Comm: syz-executor.5 Not tainted 5.3.0+ #0 [ 79.716355][ T9383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.726423][ T9383] Call Trace: [ 79.729724][ T9383] dump_stack+0x172/0x1f0 [ 79.734062][ T9383] ? rxrpc_release_call+0x937/0xa50 [ 79.739271][ T9383] print_address_description.cold+0xd4/0x306 [ 79.745269][ T9383] ? rxrpc_release_call+0x937/0xa50 [ 79.750483][ T9383] ? rxrpc_release_call+0x937/0xa50 [ 79.755724][ T9383] __kasan_report.cold+0x1b/0x36 [ 79.760700][ T9383] ? rxrpc_release_call+0x937/0xa50 [ 79.765913][ T9383] kasan_report+0x12/0x17 [ 79.770348][ T9383] __asan_report_load8_noabort+0x14/0x20 [ 79.775977][ T9383] rxrpc_release_call+0x937/0xa50 [ 79.781028][ T9383] ? rxrpc_release_calls_on_socket+0x6e7/0x1320 [ 79.787280][ T9383] rxrpc_release_calls_on_socket+0x6e7/0x1320 [ 79.793354][ T9383] ? rxrpc_discard_prealloc+0x664/0xf20 [ 79.798906][ T9383] ? rxrpc_release+0x238/0x550 [ 79.803786][ T9383] rxrpc_release+0x2a6/0x550 [ 79.809515][ T9383] __sock_release+0xce/0x280 [ 79.814137][ T9383] sock_close+0x1e/0x30 [ 79.818305][ T9383] __fput+0x2ff/0x890 [ 79.822384][ T9383] ? __sock_release+0x280/0x280 [ 79.827259][ T9383] ____fput+0x16/0x20 2019/09/23 01:37:35 executed programs: 126 [ 79.831247][ T9383] task_work_run+0x145/0x1c0 [ 79.835843][ T9383] exit_to_usermode_loop+0x316/0x380 [ 79.841135][ T9383] do_syscall_64+0x65f/0x760 [ 79.845830][ T9383] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.851728][ T9383] RIP: 0033:0x459a09 [ 79.855637][ T9383] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 79.875364][ T9383] RSP: 002b:00007fc03d5dcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 79.884216][ T9383] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000459a09 [ 79.892287][ T9383] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 79.900281][ T9383] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 79.908256][ T9383] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc03d5dd6d4 [ 79.916248][ T9383] R13: 00000000004f9352 R14: 00000000004d1da8 R15: 00000000ffffffff [ 79.924238][ T9383] [ 79.926568][ T9383] Allocated by task 9383: [ 79.930913][ T9383] save_stack+0x23/0x90 [ 79.935091][ T9383] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 79.940727][ T9383] kasan_kmalloc+0x9/0x10 [ 79.945060][ T9383] kmem_cache_alloc_trace+0x158/0x790 [ 79.950583][ T9383] rxrpc_alloc_connection+0x86/0x5f0 [ 79.955872][ T9383] rxrpc_connect_call+0x648/0x4c00 [ 79.961003][ T9383] rxrpc_new_client_call+0x978/0x19d0 [ 79.966396][ T9383] rxrpc_do_sendmsg+0xff5/0x1d53 [ 79.971340][ T9383] rxrpc_sendmsg+0x4d6/0x5f0 [ 79.976043][ T9383] sock_sendmsg+0xd7/0x130 [ 79.980491][ T9383] ___sys_sendmsg+0x3e2/0x920 [ 79.985172][ T9383] __sys_sendmmsg+0x1bf/0x4d0 [ 79.989842][ T9383] __x64_sys_sendmmsg+0x9d/0x100 [ 79.994798][ T9383] do_syscall_64+0xfa/0x760 [ 79.999309][ T9383] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 80.005196][ T9383] [ 80.007524][ T9383] Freed by task 8885: [ 80.011557][ T9383] save_stack+0x23/0x90 [ 80.015706][ T9383] __kasan_slab_free+0x102/0x150 [ 80.020655][ T9383] kasan_slab_free+0xe/0x10 [ 80.025178][ T9383] kfree+0x10a/0x2c0 [ 80.029078][ T9383] rxrpc_destroy_connection+0x1f2/0x2d0 [ 80.034652][ T9383] rcu_core+0x581/0x1560 [ 80.038909][ T9383] rcu_core_si+0x9/0x10 [ 80.043070][ T9383] __do_softirq+0x262/0x98c [ 80.047679][ T9383] [ 80.050018][ T9383] The buggy address belongs to the object at ffff88808ed244c0 [ 80.050018][ T9383] which belongs to the cache kmalloc-1k of size 1024 [ 80.064222][ T9383] The buggy address is located 592 bytes inside of [ 80.064222][ T9383] 1024-byte region [ffff88808ed244c0, ffff88808ed248c0) [ 80.077585][ T9383] The buggy address belongs to the page: [ 80.083227][ T9383] page:ffffea00023b4900 refcount:1 mapcount:0 mapping:ffff8880aa400c40 index:0x0 compound_mapcount: 0 [ 80.094319][ T9383] flags: 0x1fffc0000010200(slab|head) [ 80.099711][ T9383] raw: 01fffc0000010200 ffffea00023a8588 ffffea00023a9208 ffff8880aa400c40 [ 80.108814][ T9383] raw: 0000000000000000 ffff88808ed24040 0000000100000007 0000000000000000 [ 80.117495][ T9383] page dumped because: kasan: bad access detected [ 80.124005][ T9383] [ 80.126335][ T9383] Memory state around the buggy address: [ 80.132232][ T9383] ffff88808ed24600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.140295][ T9383] ffff88808ed24680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.148400][ T9383] >ffff88808ed24700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.156551][ T9383] ^ [ 80.161178][ T9383] ffff88808ed24780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.169247][ T9383] ffff88808ed24800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.177308][ T9383] ================================================================== [ 80.185364][ T9383] Disabling lock debugging due to kernel taint [ 80.298146][ T9383] Kernel panic - not syncing: panic_on_warn set ... [ 80.304791][ T9383] CPU: 1 PID: 9383 Comm: syz-executor.5 Tainted: G B 5.3.0+ #0 [ 80.313636][ T9383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.320982][ T3892] kobject: 'loop0' (00000000ad1c59c3): kobject_uevent_env [ 80.323954][ T9383] Call Trace: [ 80.334358][ T9383] dump_stack+0x172/0x1f0 [ 80.335239][ T3892] kobject: 'loop0' (00000000ad1c59c3): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 80.338695][ T9383] panic+0x2dc/0x755 [ 80.352716][ T9383] ? add_taint.cold+0x16/0x16 [ 80.357410][ T9383] ? rxrpc_release_call+0x937/0xa50 [ 80.358329][ T3892] kobject: 'loop3' (000000009063691e): kobject_uevent_env [ 80.362604][ T9383] ? preempt_schedule+0x4b/0x60 [ 80.362617][ T9383] ? ___preempt_schedule+0x16/0x20 [ 80.362630][ T9383] ? trace_hardirqs_on+0x5e/0x240 [ 80.362649][ T9383] ? rxrpc_release_call+0x937/0xa50 [ 80.369764][ T3892] kobject: 'loop3' (000000009063691e): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 80.374579][ T9383] end_report+0x47/0x4f [ 80.374593][ T9383] ? rxrpc_release_call+0x937/0xa50 [ 80.374610][ T9383] __kasan_report.cold+0xe/0x36 [ 80.414799][ T9383] ? rxrpc_release_call+0x937/0xa50 [ 80.420154][ T9383] kasan_report+0x12/0x17 [ 80.424476][ T9383] __asan_report_load8_noabort+0x14/0x20 [ 80.430112][ T9383] rxrpc_release_call+0x937/0xa50 [ 80.435126][ T9383] ? rxrpc_release_calls_on_socket+0x6e7/0x1320 [ 80.441351][ T9383] rxrpc_release_calls_on_socket+0x6e7/0x1320 [ 80.447418][ T9383] ? rxrpc_discard_prealloc+0x664/0xf20 [ 80.452964][ T9383] ? rxrpc_release+0x238/0x550 [ 80.458005][ T9383] rxrpc_release+0x2a6/0x550 [ 80.462687][ T9383] __sock_release+0xce/0x280 [ 80.467276][ T9383] sock_close+0x1e/0x30 [ 80.471419][ T9383] __fput+0x2ff/0x890 [ 80.475482][ T9383] ? __sock_release+0x280/0x280 [ 80.480346][ T9383] ____fput+0x16/0x20 [ 80.484440][ T9383] task_work_run+0x145/0x1c0 [ 80.489029][ T9383] exit_to_usermode_loop+0x316/0x380 [ 80.494311][ T9383] do_syscall_64+0x65f/0x760 [ 80.498968][ T9383] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 80.504838][ T9383] RIP: 0033:0x459a09 [ 80.508812][ T9383] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 80.528693][ T9383] RSP: 002b:00007fc03d5dcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 80.537432][ T9383] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000459a09 [ 80.545400][ T9383] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 80.553353][ T9383] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 80.561316][ T9383] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc03d5dd6d4 [ 80.569400][ T9383] R13: 00000000004f9352 R14: 00000000004d1da8 R15: 00000000ffffffff [ 80.579114][ T9383] Kernel Offset: disabled [ 80.583492][ T9383] Rebooting in 86400 seconds..