[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 34.297231] audit_printk_skb: 24 callbacks suppressed [ 34.302631] audit: type=1800 audit(1576167022.241:29): pid=6747 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 34.324144] audit: type=1800 audit(1576167022.271:30): pid=6747 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 46.270897] IPVS: Creating netns size=2712 id=1 [ 46.275880] IPVS: ftp: loaded support on port[0] = 21 Warning: Permanently added '10.128.0.116' (ECDSA) to the list of known hosts. 2019/12/12 16:10:41 parsed 1 programs 2019/12/12 16:10:41 executed programs: 0 [ 53.995896] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready [ 54.008239] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready [ 54.017394] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready [ 54.027278] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready [ 54.035391] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready [ 54.043172] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready [ 54.060817] IPVS: Creating netns size=2712 id=2 [ 54.065929] IPVS: ftp: loaded support on port[0] = 21 [ 54.135163] IPVS: Creating netns size=2712 id=3 [ 54.140290] IPVS: ftp: loaded support on port[0] = 21 [ 54.266490] chnl_net:caif_netlink_parms(): no params data found [ 54.292114] IPVS: Creating netns size=2712 id=4 [ 54.297294] IPVS: ftp: loaded support on port[0] = 21 [ 54.513732] IPVS: Creating netns size=2712 id=5 [ 54.518687] IPVS: ftp: loaded support on port[0] = 21 [ 54.536385] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.542888] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.552364] device bridge_slave_0 entered promiscuous mode [ 54.572202] chnl_net:caif_netlink_parms(): no params data found [ 54.587150] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.593560] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.603580] device bridge_slave_1 entered promiscuous mode [ 54.680648] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.701040] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.851635] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.858748] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.868816] device bridge_slave_0 entered promiscuous mode [ 54.882722] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.889260] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.898154] device bridge_slave_1 entered promiscuous mode [ 54.906725] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.917002] IPVS: Creating netns size=2712 id=6 [ 54.921843] IPVS: ftp: loaded support on port[0] = 21 [ 54.994715] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.078748] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.140589] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.176417] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.224600] chnl_net:caif_netlink_parms(): no params data found [ 55.249113] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.339465] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.347560] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.384034] IPVS: Creating netns size=2712 id=7 [ 55.390002] IPVS: ftp: loaded support on port[0] = 21 [ 55.422958] chnl_net:caif_netlink_parms(): no params data found [ 55.445075] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.451601] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.495767] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.613209] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.620679] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.627808] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.634375] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.643109] device bridge_slave_0 entered promiscuous mode [ 55.716625] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.723157] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.732600] device bridge_slave_1 entered promiscuous mode [ 55.848003] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.854620] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.863433] device bridge_slave_0 entered promiscuous mode [ 55.908308] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.915315] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.924290] device bridge_slave_1 entered promiscuous mode [ 55.933266] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.953896] chnl_net:caif_netlink_parms(): no params data found [ 55.991579] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.047026] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.060832] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.111865] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.290672] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.305897] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.312342] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.326621] device bridge_slave_0 entered promiscuous mode [ 56.335909] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.407828] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.414672] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.423856] device bridge_slave_1 entered promiscuous mode [ 56.455402] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.513701] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.579287] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.606607] chnl_net:caif_netlink_parms(): no params data found [ 56.623669] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.632629] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.642941] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.662300] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.671744] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.716230] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.765695] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.775091] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.891548] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.903030] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.910936] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.918269] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.927711] device bridge_slave_0 entered promiscuous mode [ 56.938264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.947158] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.954810] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.971028] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.977797] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.987171] device bridge_slave_1 entered promiscuous mode [ 56.997906] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.032749] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.040786] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.047166] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.099492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.108391] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.114847] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.169349] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.179068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.197813] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.216636] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 57.253301] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 57.265769] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 57.315714] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 57.337496] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.349696] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.356106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.363659] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.385814] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.393823] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.404831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.412837] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.419228] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.429161] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.463669] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 57.477591] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.590686] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 57.608708] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 57.633671] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.643325] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 57.657275] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 57.679593] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.688713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.721457] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.746372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.753741] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.772130] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.796356] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.821383] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.868893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.890282] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.896812] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.905269] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.913045] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.919439] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.926922] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.952337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.010127] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 58.043264] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 58.072309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.080884] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.092564] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.098998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.123156] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.146004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.146789] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.147458] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.147515] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.148531] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.193414] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.240873] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 58.257342] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 58.265038] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.278890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.298069] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.350785] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.351473] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.351531] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.353187] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.369082] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.369763] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.369829] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.421794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.448410] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 58.497277] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.504033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.509637] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 58.536242] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.566823] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.725914] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.726571] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.726625] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.727247] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.773128] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.773793] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.773849] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.868564] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 58.887516] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready 2019/12/12 16:10:46 executed programs: 12 [ 58.918193] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.946924] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 2019/12/12 16:10:51 executed programs: 218 2019/12/12 16:10:56 executed programs: 460 2019/12/12 16:11:02 executed programs: 695 2019/12/12 16:11:07 executed programs: 952 2019/12/12 16:11:12 executed programs: 1200 2019/12/12 16:11:17 executed programs: 1450 2019/12/12 16:11:22 executed programs: 1673 2019/12/12 16:11:27 executed programs: 1925 2019/12/12 16:11:32 executed programs: 2181 2019/12/12 16:11:37 executed programs: 2434 2019/12/12 16:11:42 executed programs: 2665 2019/12/12 16:11:47 executed programs: 2918 2019/12/12 16:11:52 executed programs: 3164 2019/12/12 16:11:57 executed programs: 3396 2019/12/12 16:12:02 executed programs: 3655 2019/12/12 16:12:07 executed programs: 3900 2019/12/12 16:12:12 executed programs: 4163 2019/12/12 16:15:23 executed programs: 4356 2019/12/12 16:15:23 result: hanged=false err=executor 2: failed to write control pipe: write |1: broken pipe [ 335.724348] syz-executor.2 (6995) used greatest stack depth: 24224 bytes left 2019/12/12 16:15:23 result: hanged=false err=executor 3: failed to write control pipe: write |1: broken pipe 2019/12/12 16:15:23 result: hanged=false err=executor 0: failed to write control pipe: write |1: broken pipe [ 335.790112] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready 2019/12/12 16:15:23 result: hanged=false err=executor 5: failed to write control pipe: write |1: broken pipe 2019/12/12 16:15:23 result: hanged=false err=executor 4: failed to write control pipe: write |1: broken pipe [ 335.854324] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready [ 335.856827] syz-executor.4 (6992) used greatest stack depth: 24144 bytes left 2019/12/12 16:15:23 result: hanged=false err=executor 1: failed to write control pipe: write |1: broken pipe [ 335.926049] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready [ 335.938644] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready [ 335.971156] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready [ 335.972921] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready [ 336.535068] device bridge_slave_1 left promiscuous mode [ 336.535634] bridge0: port 2(bridge_slave_1) entered disabled state [ 336.579018] device bridge_slave_0 left promiscuous mode [ 336.579282] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.753903] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 336.809279] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 336.929013] bond0 (unregistering): Released all slaves [ 341.469965] IPVS: Creating netns size=2712 id=8 [ 341.474762] IPVS: ftp: loaded support on port[0] = 21 [ 341.556025] IPVS: Creating netns size=2712 id=9 [ 341.560901] IPVS: ftp: loaded support on port[0] = 21 [ 341.728805] IPVS: Creating netns size=2712 id=10 [ 341.729929] chnl_net:caif_netlink_parms(): no params data found [ 341.739911] IPVS: ftp: loaded support on port[0] = 21 [ 341.976465] IPVS: Creating netns size=2712 id=11 [ 341.981437] IPVS: ftp: loaded support on port[0] = 21 [ 341.986818] bridge0: port 1(bridge_slave_0) entered blocking state [ 341.986898] bridge0: port 1(bridge_slave_0) entered disabled state [ 341.990952] device bridge_slave_0 entered promiscuous mode [ 341.994010] bridge0: port 2(bridge_slave_1) entered blocking state [ 341.994083] bridge0: port 2(bridge_slave_1) entered disabled state [ 341.998105] device bridge_slave_1 entered promiscuous mode [ 342.076733] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 342.088195] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 342.156704] chnl_net:caif_netlink_parms(): no params data found [ 342.269619] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 342.357872] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 342.368299] IPVS: Creating netns size=2712 id=12 [ 342.373291] IPVS: ftp: loaded support on port[0] = 21 [ 342.545866] bridge0: port 1(bridge_slave_0) entered blocking state [ 342.552383] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.561839] device bridge_slave_0 entered promiscuous mode [ 342.597759] bridge0: port 2(bridge_slave_1) entered blocking state [ 342.604806] bridge0: port 2(bridge_slave_1) entered disabled state [ 342.613896] device bridge_slave_1 entered promiscuous mode [ 342.621218] chnl_net:caif_netlink_parms(): no params data found [ 342.637805] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 342.687814] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 342.752898] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 342.764401] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 342.786606] IPVS: Creating netns size=2712 id=13 [ 342.791570] IPVS: ftp: loaded support on port[0] = 21 [ 343.002038] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 343.071156] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 343.193409] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 343.221210] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.227779] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.237228] device bridge_slave_0 entered promiscuous mode [ 343.276755] chnl_net:caif_netlink_parms(): no params data found [ 343.292977] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.299968] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.308806] device bridge_slave_1 entered promiscuous mode [ 343.437779] chnl_net:caif_netlink_parms(): no params data found [ 343.456589] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 343.465290] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 343.490571] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 343.504845] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 343.755847] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 343.774580] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 343.796022] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.802713] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.811594] device bridge_slave_0 entered promiscuous mode [ 343.916031] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 343.923658] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.931047] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.940217] device bridge_slave_1 entered promiscuous mode [ 344.047359] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.054028] bridge0: port 1(bridge_slave_0) entered disabled state [ 344.063212] device bridge_slave_0 entered promiscuous mode [ 344.146065] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.152555] bridge0: port 2(bridge_slave_1) entered disabled state [ 344.161640] device bridge_slave_1 entered promiscuous mode [ 344.195616] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 344.227208] chnl_net:caif_netlink_parms(): no params data found [ 344.256635] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 344.291026] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 344.303493] 8021q: adding VLAN 0 to HW filter on device bond0 [ 344.310597] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 344.345890] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 344.363117] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 344.471311] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 344.536471] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 344.588891] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 344.599946] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 344.608586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 344.704160] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 344.713495] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.721176] bridge0: port 1(bridge_slave_0) entered disabled state [ 344.732706] device bridge_slave_0 entered promiscuous mode [ 344.793017] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.800542] bridge0: port 2(bridge_slave_1) entered disabled state [ 344.809910] device bridge_slave_1 entered promiscuous mode [ 344.820617] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 344.836769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 344.866208] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 344.873950] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.880447] bridge0: port 1(bridge_slave_0) entered forwarding state [ 344.888855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 344.896983] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.903336] bridge0: port 2(bridge_slave_1) entered forwarding state [ 344.935991] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 344.945364] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 344.952788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 345.001702] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 345.021593] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 345.030216] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 345.052099] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 345.061532] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 345.109041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 345.179068] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 345.192075] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 345.213640] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 345.236346] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 345.268863] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 345.279928] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 345.396726] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 345.405664] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 345.413567] bridge0: port 1(bridge_slave_0) entered blocking state [ 345.420025] bridge0: port 1(bridge_slave_0) entered forwarding state [ 345.441359] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 345.452043] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 345.476199] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 345.495145] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 345.502881] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 345.511324] bridge0: port 2(bridge_slave_1) entered blocking state [ 345.517836] bridge0: port 2(bridge_slave_1) entered forwarding state [ 345.608882] 8021q: adding VLAN 0 to HW filter on device bond0 [ 345.658303] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 345.679901] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 345.712645] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 345.720976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 345.739538] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 345.757311] 8021q: adding VLAN 0 to HW filter on device bond0 [ 345.801522] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 345.816824] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 345.857797] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 345.875048] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 345.921638] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 345.930634] bridge0: port 1(bridge_slave_0) entered blocking state [ 345.937106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 345.965343] 8021q: adding VLAN 0 to HW filter on device bond0 [ 345.977283] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 346.003250] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 346.010979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 346.021723] bridge0: port 2(bridge_slave_1) entered blocking state [ 346.028314] bridge0: port 2(bridge_slave_1) entered forwarding state [ 346.091814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 346.136711] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 346.146313] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.152663] bridge0: port 1(bridge_slave_0) entered forwarding state [ 346.160028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 346.167912] bridge0: port 2(bridge_slave_1) entered blocking state [ 346.174322] bridge0: port 2(bridge_slave_1) entered forwarding state [ 346.212718] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 346.225751] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 346.258719] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 346.283706] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 346.300111] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 346.330105] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 346.341719] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.348179] bridge0: port 1(bridge_slave_0) entered forwarding state [ 346.359417] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 346.405460] 8021q: adding VLAN 0 to HW filter on device bond0 [ 346.413784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 346.422533] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 346.432647] bridge0: port 2(bridge_slave_1) entered blocking state [ 346.439103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 346.475887] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 346.490252] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 346.500288] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 346.534142] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 346.542496] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 346.543418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 346.605356] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 346.633963] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 2019/12/12 16:15:34 executed programs: 4368 [ 346.727102] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 346.752099] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 346.752830] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.752884] bridge0: port 1(bridge_slave_0) entered forwarding state [ 346.753516] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 346.794025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 346.794824] bridge0: port 2(bridge_slave_1) entered blocking state [ 346.794875] bridge0: port 2(bridge_slave_1) entered forwarding state [ 346.878016] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 346.906611] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 346.962743] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 346.995236] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 348.355266] device bridge_slave_1 left promiscuous mode [ 348.355530] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.386343] device bridge_slave_0 left promiscuous mode [ 348.386606] bridge0: port 1(bridge_slave_0) entered disabled state [ 348.472958] device bridge_slave_1 left promiscuous mode [ 348.473228] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.506879] device bridge_slave_0 left promiscuous mode [ 348.507150] bridge0: port 1(bridge_slave_0) entered disabled state [ 348.577898] device bridge_slave_1 left promiscuous mode [ 348.578182] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.626520] device bridge_slave_0 left promiscuous mode [ 348.626766] bridge0: port 1(bridge_slave_0) entered disabled state [ 348.716274] device bridge_slave_1 left promiscuous mode [ 348.716580] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.737357] device bridge_slave_0 left promiscuous mode [ 348.737598] bridge0: port 1(bridge_slave_0) entered disabled state [ 348.805625] device bridge_slave_1 left promiscuous mode [ 348.805890] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.852206] device bridge_slave_0 left promiscuous mode [ 348.852471] bridge0: port 1(bridge_slave_0) entered disabled state [ 349.841813] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 349.951170] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 350.395696] bond0 (unregistering): Released all slaves [ 351.040140] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 351.198168] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 351.634748] bond0 (unregistering): Released all slaves 2019/12/12 16:15:39 executed programs: 4531 [ 352.250611] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 352.350510] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 352.740680] bond0 (unregistering): Released all slaves [ 353.258980] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 353.338830] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 353.783166] bond0 (unregistering): Released all slaves [ 354.414128] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 354.481561] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 354.828347] bond0 (unregistering): Released all slaves 2019/12/12 16:15:44 executed programs: 4746 2019/12/12 16:15:49 executed programs: 5003 2019/12/12 16:15:54 executed programs: 5235 2019/12/12 16:15:59 executed programs: 5472 2019/12/12 16:16:04 executed programs: 5693 2019/12/12 16:16:09 executed programs: 5929 2019/12/12 16:16:14 executed programs: 6171 2019/12/12 16:16:19 executed programs: 6421 2019/12/12 16:16:24 executed programs: 6682 2019/12/12 16:16:29 executed programs: 6941 2019/12/12 16:16:34 executed programs: 7187 2019/12/12 16:16:39 executed programs: 7439 2019/12/12 16:16:44 executed programs: 7695 2019/12/12 16:16:49 executed programs: 7938 2019/12/12 16:16:54 executed programs: 8184 2019/12/12 16:16:59 executed programs: 8430 [ 436.291395] ================================================================== [ 436.291537] BUG: KASAN: use-after-free in n_tty_receive_buf_common+0x2cf1/0x2d80 at addr ffff8800b7a54580 [ 436.291541] Read of size 1 by task syz-executor.0/8720 [ 436.291548] CPU: 0 PID: 8720 Comm: syz-executor.0 Not tainted 4.6.0-syzkaller #0 [ 436.291549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 436.291555] 1ffffffff0d9577e ffff8800af4f7698 ffffffff82c4dd46 0000000000000001 [ 436.291559] ffff8800af4f7728 ffff8800b7a54580 ffff88012bc00100 ffff8800af4f7718 [ 436.291563] ffffffff81740207 ffff8800af4f7840 ffffffff85b70879 0000000000000286 [ 436.291564] Call Trace: [ 436.291577] [] dump_stack+0xe6/0x120 [ 436.291600] [] kasan_report_error+0x1e7/0x5c0 [ 436.291634] [] ? retint_kernel+0x2d/0x2d [ 436.291637] [] ? n_tty_receive_buf_common+0x2d80/0x2d80 [ 436.291641] [] __asan_report_load1_noabort+0x3e/0x40 [ 436.291644] [] ? n_tty_receive_buf_common+0x2cf1/0x2d80 [ 436.291647] [] n_tty_receive_buf_common+0x2cf1/0x2d80 [ 436.291722] [] ? trace_hardirqs_on_caller+0x44c/0x5e0 [ 436.291745] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 436.291748] [] ? n_tty_receive_buf_common+0x2d80/0x2d80 [ 436.291751] [] n_tty_receive_buf2+0xf/0x20 [ 436.291756] [] tty_ldisc_receive_buf+0x83/0x1e0 [ 436.291759] [] ? add_wait_queue+0x76/0xa0 [ 436.291762] [] paste_selection+0x245/0x390 [ 436.291765] [] ? set_selection+0xce0/0xce0 [ 436.291797] [] ? wake_up_q+0xe0/0xe0 [ 436.291806] [] tioclinux+0xf9/0x360 [ 436.291809] [] vt_ioctl+0x337/0x24e0 [ 436.291858] [] ? futex_wait+0x4b4/0x570 [ 436.291862] [] ? complete_change_console+0x300/0x300 [ 436.291865] [] ? futex_wait_setup+0x2c0/0x2c0 [ 436.291868] [] ? plist_del+0xe9/0x1d0 [ 436.291872] [] ? wake_up_q+0x82/0xe0 [ 436.291875] [] ? futex_wake+0x110/0x500 [ 436.291879] [] tty_ioctl+0x5d4/0x20f0 [ 436.291881] [] ? no_tty+0x90/0x90 [ 436.291884] [] ? __lock_acquire+0xca1/0x5560 [ 436.291887] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 436.291890] [] ? __lock_acquire+0x1985/0x5560 [ 436.291894] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 436.291897] [] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 436.291900] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 436.291909] [] do_vfs_ioctl+0x17f/0xe70 [ 436.291913] [] ? ioctl_preallocate+0x1a0/0x1a0 [ 436.291915] [] ? __fget+0x1c2/0x320 [ 436.291918] [] ? __fget+0x1df/0x320 [ 436.291920] [] ? __fget+0x42/0x320 [ 436.291923] [] ? __fget_light+0x79/0x200 [ 436.291925] [] SyS_ioctl+0x74/0x80 [ 436.291929] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 436.291932] Object at ffff8800b7a54580, in cache kmalloc-32 [ 436.291933] Object freed, allocated with size 3 bytes [ 436.291934] Allocation: [ 436.291935] PID = 8715 [ 436.291947] [] save_stack_trace+0x26/0x50 [ 436.291951] [] save_stack+0x46/0xd0 [ 436.291954] [] kasan_kmalloc+0xc9/0xe0 [ 436.291958] [] __kmalloc+0x169/0x6d0 [ 436.291961] [] set_selection+0x4e0/0xce0 [ 436.291964] [] tioclinux+0xe6/0x360 [ 436.291967] [] vt_ioctl+0x337/0x24e0 [ 436.291970] [] tty_ioctl+0x5d4/0x20f0 [ 436.291973] [] do_vfs_ioctl+0x17f/0xe70 [ 436.291976] [] SyS_ioctl+0x74/0x80 [ 436.291980] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 436.291980] Deallocation: [ 436.291981] PID = 8718 [ 436.291985] [] save_stack_trace+0x26/0x50 [ 436.291988] [] save_stack+0x46/0xd0 [ 436.291991] [] kasan_slab_free+0x9b/0xb0 [ 436.291994] [] kfree+0xe2/0x460 [ 436.291997] [] set_selection+0x505/0xce0 [ 436.292000] [] tioclinux+0xe6/0x360 [ 436.292003] [] vt_ioctl+0x337/0x24e0 [ 436.292006] [] tty_ioctl+0x5d4/0x20f0 [ 436.292009] [] do_vfs_ioctl+0x17f/0xe70 [ 436.292012] [] SyS_ioctl+0x74/0x80 [ 436.292015] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 436.292016] Memory state around the buggy address: [ 436.292020] ffff8800b7a54480: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 436.292022] ffff8800b7a54500: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 436.292024] >ffff8800b7a54580: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 436.292025] ^ [ 436.292027] ffff8800b7a54600: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 436.292029] ffff8800b7a54680: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 436.292030] ================================================================== [ 436.292031] Disabling lock debugging due to kernel taint 2019/12/12 16:17:04 executed programs: 8662