[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 83.664563][ T32] audit: type=1800 audit(1571487112.726:25): pid=11812 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 83.693521][ T32] audit: type=1800 audit(1571487112.746:26): pid=11812 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 83.713981][ T32] audit: type=1800 audit(1571487112.756:27): pid=11812 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.23' (ECDSA) to the list of known hosts. 2019/10/19 12:13:35 parsed 1 programs 2019/10/19 12:13:56 executed programs: 0 syzkaller login: [ 207.087786][T11987] IPVS: ftp: loaded support on port[0] = 21 [ 207.120313][T11989] IPVS: ftp: loaded support on port[0] = 21 [ 207.126261][T11988] IPVS: ftp: loaded support on port[0] = 21 [ 207.155650][T11990] IPVS: ftp: loaded support on port[0] = 21 [ 207.265035][T11994] IPVS: ftp: loaded support on port[0] = 21 [ 207.277762][T11993] IPVS: ftp: loaded support on port[0] = 21 [ 207.482569][T11988] chnl_net:caif_netlink_parms(): no params data found [ 207.676095][T11987] chnl_net:caif_netlink_parms(): no params data found [ 207.709191][T11988] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.716475][T11988] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.725219][T11988] device bridge_slave_0 entered promiscuous mode [ 207.738129][T11990] chnl_net:caif_netlink_parms(): no params data found [ 207.759653][T11988] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.767384][T11988] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.776074][T11988] device bridge_slave_1 entered promiscuous mode [ 207.858417][T11988] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.880620][T11989] chnl_net:caif_netlink_parms(): no params data found [ 207.914662][T11987] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.921851][T11987] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.930564][T11987] device bridge_slave_0 entered promiscuous mode [ 207.942375][T11988] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.952239][T11987] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.959475][T11987] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.968229][T11987] device bridge_slave_1 entered promiscuous mode [ 208.090722][T11988] team0: Port device team_slave_0 added [ 208.136187][T11989] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.143658][T11989] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.152238][T11989] device bridge_slave_0 entered promiscuous mode [ 208.160788][T11990] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.168030][T11990] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.176719][T11990] device bridge_slave_0 entered promiscuous mode [ 208.185331][T11989] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.192555][T11989] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.201731][T11989] device bridge_slave_1 entered promiscuous mode [ 208.211877][T11988] team0: Port device team_slave_1 added [ 208.227906][T11987] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.240827][T11993] chnl_net:caif_netlink_parms(): no params data found [ 208.270800][T11990] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.278710][T11990] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.287156][T11990] device bridge_slave_1 entered promiscuous mode [ 208.325267][T11987] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.338160][T11990] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.357140][T11990] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.411814][T11989] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.516837][T11988] device hsr_slave_0 entered promiscuous mode [ 208.553766][T11988] device hsr_slave_1 entered promiscuous mode [ 208.606943][T11989] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.654187][T11990] team0: Port device team_slave_0 added [ 208.662695][T11989] team0: Port device team_slave_0 added [ 208.675759][T11989] team0: Port device team_slave_1 added [ 208.685686][T11987] team0: Port device team_slave_0 added [ 208.713429][T11990] team0: Port device team_slave_1 added [ 208.722600][T11987] team0: Port device team_slave_1 added [ 208.728822][T11994] chnl_net:caif_netlink_parms(): no params data found [ 208.756781][T11993] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.764132][T11993] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.772810][T11993] device bridge_slave_0 entered promiscuous mode [ 208.782496][T11993] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.789818][T11993] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.798457][T11993] device bridge_slave_1 entered promiscuous mode [ 208.876883][T11989] device hsr_slave_0 entered promiscuous mode [ 208.934016][T11989] device hsr_slave_1 entered promiscuous mode [ 208.973505][T11989] debugfs: Directory 'hsr0' with parent '/' already present! [ 209.057346][T11987] device hsr_slave_0 entered promiscuous mode [ 209.103650][T11987] device hsr_slave_1 entered promiscuous mode [ 209.183260][T11987] debugfs: Directory 'hsr0' with parent '/' already present! [ 209.209545][T11994] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.217470][T11994] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.226280][T11994] device bridge_slave_0 entered promiscuous mode [ 209.242284][T11993] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 209.251750][T11994] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.259160][T11994] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.268397][T11994] device bridge_slave_1 entered promiscuous mode [ 209.320191][T11993] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 209.344258][T11994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 209.397154][T11990] device hsr_slave_0 entered promiscuous mode [ 209.463664][T11990] device hsr_slave_1 entered promiscuous mode [ 209.533302][T11990] debugfs: Directory 'hsr0' with parent '/' already present! [ 209.551990][T11994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 209.577193][T11993] team0: Port device team_slave_0 added [ 209.586318][T11993] team0: Port device team_slave_1 added [ 209.707122][T11993] device hsr_slave_0 entered promiscuous mode [ 209.753673][T11993] device hsr_slave_1 entered promiscuous mode [ 209.803279][T11993] debugfs: Directory 'hsr0' with parent '/' already present! [ 209.859352][T11994] team0: Port device team_slave_0 added [ 209.869779][T11994] team0: Port device team_slave_1 added [ 210.036951][T11994] device hsr_slave_0 entered promiscuous mode [ 210.084027][T11994] device hsr_slave_1 entered promiscuous mode [ 210.123636][T11994] debugfs: Directory 'hsr0' with parent '/' already present! [ 210.214978][T11989] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.233628][T11988] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.263488][T11990] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.308912][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.318244][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.344769][T11989] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.359761][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.368816][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.389271][T11990] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.407585][T11987] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.435857][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.445116][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.455343][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.464856][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.473703][ T3361] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.481091][ T3361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.489549][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.498711][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.507605][ T3361] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.514777][ T3361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.530198][T11993] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.537764][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.547235][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.566385][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.577514][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.586577][ T3361] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.593796][ T3361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.602140][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.611638][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.620630][ T3361] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.627866][ T3361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.636266][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.649118][T11988] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.674728][T11993] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.682393][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.691072][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.725962][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.736490][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.746379][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.756456][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.764944][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.789694][T11987] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.824435][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.834446][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.844393][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.854999][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.864695][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.874547][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.887120][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.896786][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.906296][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.913640][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.922016][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.931997][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.941645][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.951291][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.960581][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 210.969780][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.979268][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.989825][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.999184][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.008751][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.017879][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.025134][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.072301][T11990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 211.090630][T11989] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 211.103326][T11989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 211.123337][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 211.131928][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 211.140734][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.151577][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.160369][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.169599][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.178684][ T3932] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.186088][ T3932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.194678][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 211.204566][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.214815][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.224300][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.233460][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.242506][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.251564][ T3932] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.258861][ T3932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.267113][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.277278][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.286645][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.295638][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.304808][ T3932] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.311932][ T3932] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.320304][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 211.329086][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 211.345595][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 211.354616][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.374558][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.385102][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.394227][ T3932] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.401390][ T3932] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.409971][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 211.419175][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 211.466214][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 211.476269][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 211.485490][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 211.495279][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 211.505261][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.530621][T11993] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 211.540197][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.562281][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.572874][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.587821][T11994] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.604532][T11989] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.620551][T11990] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.628692][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 211.637348][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.646960][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.660669][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 211.670902][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.680909][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.743942][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.754101][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.763672][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 211.773550][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 211.782572][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 211.791806][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 211.800798][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 211.809984][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 211.823732][T12001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 211.832854][T12001] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 211.878338][T11987] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 211.915646][T11993] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.929106][T11994] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.957350][T11988] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 211.985199][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 211.994906][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 212.076715][T11988] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.106663][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.117510][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.126921][ T3361] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.134170][ T3361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.142568][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.152187][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.161341][ T3361] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.168591][ T3361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.176011][T12007] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 212.177137][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.202745][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 212.212925][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.222990][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.258030][T11987] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.312189][T11994] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 212.323386][T11994] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 212.405811][T11994] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.437152][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.446312][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 212.456577][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.466707][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 212.491521][ T1309] Bluetooth: Error in BCSP hdr checksum [ 212.502320][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 212.512217][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 212.522726][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 212.532064][ T3361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 212.544386][T12002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 214.257028][T12001] Bluetooth: hci0: command 0x1003 tx timeout [ 214.263851][T12033] Bluetooth: hci0: sending frame failed (-49) [ 214.335736][T12001] Bluetooth: hci1: command 0x1003 tx timeout [ 214.342259][T12033] Bluetooth: hci1: sending frame failed (-49) [ 214.494075][T12001] Bluetooth: hci2: command 0x1003 tx timeout [ 214.501468][T12033] Bluetooth: hci2: sending frame failed (-49) [ 214.743277][T12001] Bluetooth: hci3: command 0x1003 tx timeout [ 214.749643][T12033] Bluetooth: hci3: sending frame failed (-49) [ 214.814080][T12002] Bluetooth: hci4: command 0x1003 tx timeout [ 214.820525][T12033] Bluetooth: hci4: sending frame failed (-49) [ 214.893265][T12001] Bluetooth: hci5: command 0x1003 tx timeout [ 214.899708][T12033] Bluetooth: hci5: sending frame failed (-49) [ 216.333625][T12001] Bluetooth: hci0: command 0x1001 tx timeout [ 216.340124][T12033] Bluetooth: hci0: sending frame failed (-49) [ 216.413358][T12001] Bluetooth: hci1: command 0x1001 tx timeout [ 216.419673][T12033] Bluetooth: hci1: sending frame failed (-49) [ 216.574314][T12001] Bluetooth: hci2: command 0x1001 tx timeout [ 216.580677][T12033] Bluetooth: hci2: sending frame failed (-49) [ 216.813683][T12001] Bluetooth: hci3: command 0x1001 tx timeout [ 216.820181][T12033] Bluetooth: hci3: sending frame failed (-49) [ 216.895085][T12001] Bluetooth: hci4: command 0x1001 tx timeout [ 216.901416][T12033] Bluetooth: hci4: sending frame failed (-49) [ 216.974449][T12002] Bluetooth: hci5: command 0x1001 tx timeout [ 216.980973][T12033] Bluetooth: hci5: sending frame failed (-49) [ 218.413837][T12002] Bluetooth: hci0: command 0x1009 tx timeout [ 218.494368][T12002] Bluetooth: hci1: command 0x1009 tx timeout [ 218.654714][T12002] Bluetooth: hci2: command 0x1009 tx timeout [ 218.893357][T12002] Bluetooth: hci3: command 0x1009 tx timeout [ 218.973334][T12002] Bluetooth: hci4: command 0x1009 tx timeout [ 219.053345][T12001] Bluetooth: hci5: command 0x1009 tx timeout [ 222.496822][T12006] ===================================================== [ 222.503917][T12006] BUG: KMSAN: use-after-free in kfree_skb+0x23c/0x4c0 [ 222.510692][T12006] CPU: 1 PID: 12006 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 222.518594][T12006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 222.528650][T12006] Call Trace: [ 222.531940][T12006] dump_stack+0x191/0x1f0 [ 222.536266][T12006] kmsan_report+0x14a/0x2f0 [ 222.540870][T12006] __msan_warning+0x73/0xf0 [ 222.545383][T12006] kfree_skb+0x23c/0x4c0 [ 222.549612][T12006] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 222.555523][T12006] bcsp_close+0x127/0x1e0 [ 222.559840][T12006] ? bcsp_open+0x5d0/0x5d0 [ 222.564271][T12006] hci_uart_tty_close+0x385/0x410 [ 222.569817][T12006] ? hci_uart_tty_open+0x5a0/0x5a0 [ 222.574918][T12006] tty_ldisc_release+0x5dd/0xd50 [ 222.579856][T12006] tty_release_struct+0x4f/0x1d0 [ 222.584790][T12006] ? tty_unlock+0x82/0x100 [ 222.589207][T12006] tty_release+0x1be2/0x1e80 [ 222.593809][T12006] ? tty_release_struct+0x1d0/0x1d0 [ 222.598997][T12006] __fput+0x4c9/0xba0 [ 222.602982][T12006] ____fput+0x37/0x40 [ 222.606966][T12006] ? fput_many+0x2a0/0x2a0 [ 222.611385][T12006] task_work_run+0x22e/0x2a0 [ 222.616157][T12006] prepare_exit_to_usermode+0x39d/0x4d0 [ 222.621695][T12006] syscall_return_slowpath+0x90/0x610 [ 222.627063][T12006] do_syscall_64+0xdc/0x160 [ 222.631560][T12006] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 222.637452][T12006] RIP: 0033:0x413741 [ 222.641336][T12006] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 222.660928][T12006] RSP: 002b:0000000000a6fbf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 222.669504][T12006] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413741 [ 222.677550][T12006] RDX: 0000001b30d20000 RSI: 0000000000000000 RDI: 0000000000000003 [ 222.685510][T12006] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 222.693469][T12006] R10: 0000000000a6fcd0 R11: 0000000000000293 R12: 000000000075bf20 [ 222.701427][T12006] R13: 0000000000033e56 R14: 0000000000761618 R15: 000000000075bf2c [ 222.709570][T12006] [ 222.711892][T12006] Uninit was created at: [ 222.716134][T12006] kmsan_internal_poison_shadow+0x60/0x110 [ 222.721927][T12006] kmsan_slab_free+0x8d/0x100 [ 222.726588][T12006] kmem_cache_free+0x2d1/0x2b70 [ 222.731429][T12006] kfree_skb+0x473/0x4c0 [ 222.735670][T12006] hci_send_frame+0x438/0x470 [ 222.740330][T12006] hci_cmd_work+0x3a5/0x4f0 [ 222.744819][T12006] process_one_work+0x1572/0x1ef0 [ 222.749834][T12006] worker_thread+0x111b/0x2460 [ 222.754586][T12006] kthread+0x4b5/0x4f0 [ 222.758647][T12006] ret_from_fork+0x35/0x40 [ 222.763050][T12006] ===================================================== [ 222.769989][T12006] Disabling lock debugging due to kernel taint [ 222.776211][T12006] Kernel panic - not syncing: panic_on_warn set ... [ 222.782803][T12006] CPU: 1 PID: 12006 Comm: syz-executor.4 Tainted: G B 5.4.0-rc3+ #0 [ 222.792155][T12006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 222.802199][T12006] Call Trace: [ 222.805484][T12006] dump_stack+0x191/0x1f0 [ 222.809904][T12006] panic+0x3c9/0xc1e [ 222.813835][T12006] kmsan_report+0x2e8/0x2f0 [ 222.818351][T12006] __msan_warning+0x73/0xf0 [ 222.822865][T12006] kfree_skb+0x23c/0x4c0 [ 222.827112][T12006] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 222.833522][T12006] bcsp_close+0x127/0x1e0 [ 222.837854][T12006] ? bcsp_open+0x5d0/0x5d0 [ 222.842272][T12006] hci_uart_tty_close+0x385/0x410 [ 222.847295][T12006] ? hci_uart_tty_open+0x5a0/0x5a0 [ 222.852484][T12006] tty_ldisc_release+0x5dd/0xd50 [ 222.857434][T12006] tty_release_struct+0x4f/0x1d0 [ 222.862360][T12006] ? tty_unlock+0x82/0x100 [ 222.866764][T12006] tty_release+0x1be2/0x1e80 [ 222.871360][T12006] ? tty_release_struct+0x1d0/0x1d0 [ 222.876635][T12006] __fput+0x4c9/0xba0 [ 222.880617][T12006] ____fput+0x37/0x40 [ 222.884587][T12006] ? fput_many+0x2a0/0x2a0 [ 222.888996][T12006] task_work_run+0x22e/0x2a0 [ 222.893590][T12006] prepare_exit_to_usermode+0x39d/0x4d0 [ 222.899397][T12006] syscall_return_slowpath+0x90/0x610 [ 222.904887][T12006] do_syscall_64+0xdc/0x160 [ 222.909383][T12006] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 222.915351][T12006] RIP: 0033:0x413741 [ 222.919417][T12006] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 222.939021][T12006] RSP: 002b:0000000000a6fbf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 222.947510][T12006] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413741 [ 222.955565][T12006] RDX: 0000001b30d20000 RSI: 0000000000000000 RDI: 0000000000000003 [ 222.963529][T12006] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 222.971488][T12006] R10: 0000000000a6fcd0 R11: 0000000000000293 R12: 000000000075bf20 [ 222.979823][T12006] R13: 0000000000033e56 R14: 0000000000761618 R15: 000000000075bf2c [ 222.990237][T12006] Kernel Offset: disabled [ 222.994822][T12006] Rebooting in 86400 seconds..