[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 63.092612][ T26] audit: type=1800 audit(1559411569.887:25): pid=8758 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 63.131051][ T26] audit: type=1800 audit(1559411569.887:26): pid=8758 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 63.197143][ T26] audit: type=1800 audit(1559411569.887:27): pid=8758 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts. syzkaller login: [ 74.526597][ T8920] IPVS: ftp: loaded support on port[0] = 21 [ 74.527483][ T8921] IPVS: ftp: loaded support on port[0] = 21 [ 74.544533][ T8923] IPVS: ftp: loaded support on port[0] = 21 [ 74.547551][ T8922] IPVS: ftp: loaded support on port[0] = 21 [ 74.555520][ T8918] IPVS: ftp: loaded support on port[0] = 21 [ 74.563183][ T8919] IPVS: ftp: loaded support on port[0] = 21 [ 74.803081][ T8919] chnl_net:caif_netlink_parms(): no params data found [ 74.896356][ T8919] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.904292][ T8919] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.912232][ T8919] device bridge_slave_0 entered promiscuous mode [ 74.922122][ T8919] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.929194][ T8919] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.936852][ T8919] device bridge_slave_1 entered promiscuous mode [ 75.059443][ T8919] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 75.101926][ T8919] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 75.110361][ T8922] chnl_net:caif_netlink_parms(): no params data found [ 75.119411][ T8921] chnl_net:caif_netlink_parms(): no params data found [ 75.135219][ T8918] chnl_net:caif_netlink_parms(): no params data found [ 75.145396][ T8923] chnl_net:caif_netlink_parms(): no params data found [ 75.173561][ T8920] chnl_net:caif_netlink_parms(): no params data found [ 75.200508][ T8919] team0: Port device team_slave_0 added [ 75.249642][ T8919] team0: Port device team_slave_1 added [ 75.339986][ T8920] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.347225][ T8920] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.355747][ T8920] device bridge_slave_0 entered promiscuous mode [ 75.363932][ T8922] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.371254][ T8922] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.378824][ T8922] device bridge_slave_0 entered promiscuous mode [ 75.394372][ T8918] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.401937][ T8918] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.409611][ T8918] device bridge_slave_0 entered promiscuous mode [ 75.417111][ T8923] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.424662][ T8923] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.432947][ T8923] device bridge_slave_0 entered promiscuous mode [ 75.440171][ T8921] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.447874][ T8921] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.458931][ T8921] device bridge_slave_0 entered promiscuous mode [ 75.466225][ T8920] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.473590][ T8920] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.484267][ T8920] device bridge_slave_1 entered promiscuous mode [ 75.491809][ T8922] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.498863][ T8922] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.509952][ T8922] device bridge_slave_1 entered promiscuous mode [ 75.564173][ T8919] device hsr_slave_0 entered promiscuous mode [ 75.631298][ T8919] device hsr_slave_1 entered promiscuous mode [ 75.681289][ T8918] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.688369][ T8918] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.696629][ T8918] device bridge_slave_1 entered promiscuous mode [ 75.703823][ T8923] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.713946][ T8923] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.721857][ T8923] device bridge_slave_1 entered promiscuous mode [ 75.729544][ T8921] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.737211][ T8921] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.746084][ T8921] device bridge_slave_1 entered promiscuous mode [ 75.811167][ T8918] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 75.833144][ T8920] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 75.843533][ T8921] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 75.853233][ T8918] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 75.863430][ T8922] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 75.876443][ T8922] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 75.886373][ T8923] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 75.896649][ T8921] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 75.907176][ T8920] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 75.939984][ T8923] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 75.975310][ T8918] team0: Port device team_slave_0 added [ 76.004099][ T8923] team0: Port device team_slave_0 added [ 76.013890][ T8923] team0: Port device team_slave_1 added [ 76.021424][ T8920] team0: Port device team_slave_0 added [ 76.028210][ T8918] team0: Port device team_slave_1 added [ 76.035461][ T8922] team0: Port device team_slave_0 added [ 76.043008][ T8921] team0: Port device team_slave_0 added [ 76.049819][ T8922] team0: Port device team_slave_1 added [ 76.058492][ T8920] team0: Port device team_slave_1 added [ 76.067845][ T8921] team0: Port device team_slave_1 added [ 76.155666][ T8921] device hsr_slave_0 entered promiscuous mode [ 76.201074][ T8921] device hsr_slave_1 entered promiscuous mode [ 76.303967][ T8923] device hsr_slave_0 entered promiscuous mode [ 76.341408][ T8923] device hsr_slave_1 entered promiscuous mode [ 76.442952][ T8918] device hsr_slave_0 entered promiscuous mode [ 76.494128][ T8918] device hsr_slave_1 entered promiscuous mode [ 76.584678][ T8922] device hsr_slave_0 entered promiscuous mode [ 76.631187][ T8922] device hsr_slave_1 entered promiscuous mode [ 76.714250][ T8920] device hsr_slave_0 entered promiscuous mode [ 76.761309][ T8920] device hsr_slave_1 entered promiscuous mode [ 76.866530][ T8919] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.937444][ T8919] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.953848][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.962260][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.012569][ T8918] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.019480][ T8930] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.028371][ T8930] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.037727][ T8930] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.044898][ T8930] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.053445][ T8930] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.062431][ T8930] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.070794][ T8930] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.077894][ T8930] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.085598][ T8930] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.095046][ T8930] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.115456][ T8921] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.142383][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.152875][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.160681][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.170003][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.179111][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.188520][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.204356][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.215095][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.226116][ T8918] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.240102][ T8920] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.274448][ T8921] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.283340][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.291719][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.299582][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.307887][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.316197][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.324957][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.333460][ T1043] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.340494][ T1043] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.348098][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.356555][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.364973][ T1043] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.372061][ T1043] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.379672][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.388300][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.396874][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.405471][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.414646][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.422835][ T1043] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.441997][ T8922] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.460933][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.469671][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.481139][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.489578][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.498464][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.505592][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.513401][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.522086][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.530341][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.537422][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.546797][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.554890][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.563341][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.579833][ T8920] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.594556][ T8922] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.604449][ T8919] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.620241][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.628275][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.636209][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.644669][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.653036][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.660646][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.668588][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.689356][ T8918] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.700749][ T8918] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.709424][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.717859][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.726071][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.734943][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.743566][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.750589][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.758435][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.766988][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.775473][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.782546][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.790006][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.798669][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.806929][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.814023][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.822397][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.830308][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.858126][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.867710][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.876439][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.885448][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.894556][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.903114][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.911706][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.919870][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.928140][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.955114][ T8921] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.966421][ T8921] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.999287][ T8919] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.007528][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 78.031829][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 78.040368][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.049006][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.057667][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.065896][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 78.076321][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.084991][ T8931] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.092109][ T8931] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.099691][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 78.108352][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 78.117796][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 78.126319][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.136021][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.143980][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.152220][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 78.161275][ T8931] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.185872][ T8923] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.212048][ T8918] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.219194][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 78.237897][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.263666][ T8920] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 78.276393][ T8920] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.300207][ T8930] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 78.309167][ T8930] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.317724][ T8930] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.329390][ T8930] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.338431][ T8930] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.355331][ T8923] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.388321][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 78.398482][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.406905][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 78.415834][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.426941][ T8921] 8021q: adding VLAN 0 to HW filter on device batadv0 executing program [ 78.440038][ T8922] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.452860][ T8922] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.477941][ T8920] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.494464][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.503035][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.513499][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 78.523289][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 78.534661][ C0] hrtimer: interrupt took 51238 ns [ 78.546846][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.553945][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.562530][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready executing program [ 78.614475][ T8947] ================================================================== [ 78.622699][ T8947] BUG: KASAN: use-after-free in kfree_skb_list+0x5d/0x60 [ 78.629722][ T8947] Read of size 8 at addr ffff888085a3cbc0 by task syz-executor303/8947 [ 78.637952][ T8947] [ 78.640287][ T8947] CPU: 0 PID: 8947 Comm: syz-executor303 Not tainted 5.2.0-rc2+ #12 [ 78.648280][ T8947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.658341][ T8947] Call Trace: [ 78.661643][ T8947] dump_stack+0x172/0x1f0 [ 78.665982][ T8947] ? kfree_skb_list+0x5d/0x60 [ 78.670671][ T8947] print_address_description.cold+0x7c/0x20d [ 78.676659][ T8947] ? kfree_skb_list+0x5d/0x60 [ 78.681387][ T8947] ? kfree_skb_list+0x5d/0x60 [ 78.686072][ T8947] __kasan_report.cold+0x1b/0x40 [ 78.691009][ T8947] ? lockdep_hardirqs_on+0x3d0/0x5d0 [ 78.696297][ T8947] ? kfree_skb_list+0x5d/0x60 [ 78.700988][ T8947] kasan_report+0x12/0x20 [ 78.705327][ T8947] __asan_report_load8_noabort+0x14/0x20 [ 78.710965][ T8947] kfree_skb_list+0x5d/0x60 [ 78.715481][ T8947] ip6_fragment+0x1ef4/0x2680 [ 78.720201][ T8947] ? mark_held_locks+0xf0/0xf0 [ 78.725014][ T8947] ? ip6_forward_finish+0x570/0x570 [ 78.730245][ T8947] ? ip6_forward+0x3870/0x3870 [ 78.735019][ T8947] ? ip6_mtu+0x2e6/0x460 [ 78.739280][ T8947] ? lock_downgrade+0x880/0x880 [ 78.744150][ T8947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 78.750435][ T8947] ? kasan_check_read+0x11/0x20 [ 78.755310][ T8947] __ip6_finish_output+0x577/0xaa0 [ 78.760450][ T8947] ip6_finish_output+0x38/0x1f0 [ 78.765319][ T8947] ip6_output+0x235/0x7f0 [ 78.769660][ T8947] ? ip6_finish_output+0x1f0/0x1f0 [ 78.774785][ T8947] ? __ip6_finish_output+0xaa0/0xaa0 [ 78.780083][ T8947] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 78.785636][ T8947] ip6_local_out+0xbb/0x1b0 [ 78.790178][ T8947] ip6_send_skb+0xbb/0x350 [ 78.794614][ T8947] ip6_push_pending_frames+0xc8/0xf0 [ 78.799906][ T8947] rawv6_sendmsg+0x2993/0x35e0 [ 78.804687][ T8947] ? rawv6_getsockopt+0x150/0x150 [ 78.809713][ T8947] ? aa_profile_af_perm+0x320/0x320 [ 78.814913][ T8947] ? tomoyo_check_inet_address+0xf7/0x740 [ 78.820640][ T8947] ? tomoyo_unix_entry+0x5d0/0x5d0 [ 78.825757][ T8947] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 78.831481][ T8947] ? rw_copy_check_uvector+0x2a6/0x330 [ 78.836969][ T8947] ? ___might_sleep+0x163/0x280 [ 78.841843][ T8947] ? __might_sleep+0x95/0x190 [ 78.846544][ T8947] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 78.852100][ T8947] inet_sendmsg+0x141/0x5d0 [ 78.856601][ T8947] ? inet_sendmsg+0x141/0x5d0 [ 78.861285][ T8947] ? ipip_gro_receive+0x100/0x100 [ 78.866319][ T8947] sock_sendmsg+0xd7/0x130 [ 78.870748][ T8947] ___sys_sendmsg+0x803/0x920 [ 78.875431][ T8947] ? copy_msghdr_from_user+0x430/0x430 [ 78.880909][ T8947] ? lock_downgrade+0x880/0x880 [ 78.885770][ T8947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 78.892022][ T8947] ? kasan_check_read+0x11/0x20 [ 78.896881][ T8947] ? __fget+0x381/0x550 [ 78.901060][ T8947] ? __fget_light+0x1a9/0x230 [ 78.905757][ T8947] ? __fdget+0x1b/0x20 [ 78.909838][ T8947] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 78.916093][ T8947] __sys_sendmsg+0x105/0x1d0 [ 78.920694][ T8947] ? __ia32_sys_shutdown+0x80/0x80 [ 78.925811][ T8947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 78.932068][ T8947] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 78.937541][ T8947] ? do_syscall_64+0x26/0x680 [ 78.942233][ T8947] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 78.948328][ T8947] ? do_syscall_64+0x26/0x680 [ 78.953042][ T8947] __x64_sys_sendmsg+0x78/0xb0 [ 78.957841][ T8947] do_syscall_64+0xfd/0x680 [ 78.962358][ T8947] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 78.968274][ T8947] RIP: 0033:0x44add9 [ 78.972197][ T8947] Code: e8 7c e6 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 05 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 78.991824][ T8947] RSP: 002b:00007f826f33bce8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 79.000241][ T8947] RAX: ffffffffffffffda RBX: 00000000006e7a18 RCX: 000000000044add9 executing program [ 79.009736][ T8947] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005 [ 79.017709][ T8947] RBP: 00000000006e7a10 R08: 0000000000000000 R09: 0000000000000000 [ 79.025681][ T8947] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006e7a1c [ 79.033654][ T8947] R13: 00007ffcec4f7ebf R14: 00007f826f33c9c0 R15: 20c49ba5e353f7cf [ 79.041641][ T8947] [ 79.043974][ T8947] Allocated by task 8947: [ 79.048324][ T8947] save_stack+0x23/0x90 [ 79.052482][ T8947] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 79.058114][ T8947] kasan_slab_alloc+0xf/0x20 [ 79.062719][ T8947] kmem_cache_alloc_node+0x131/0x710 [ 79.068123][ T8947] __alloc_skb+0xd5/0x5e0 [ 79.072468][ T8947] __ip6_append_data.isra.0+0x2a24/0x3640 [ 79.078199][ T8947] ip6_append_data+0x1e5/0x320 [ 79.082964][ T8947] rawv6_sendmsg+0x1467/0x35e0 [ 79.087730][ T8947] inet_sendmsg+0x141/0x5d0 [ 79.092237][ T8947] sock_sendmsg+0xd7/0x130 [ 79.096674][ T8947] ___sys_sendmsg+0x803/0x920 [ 79.101353][ T8947] __sys_sendmsg+0x105/0x1d0 [ 79.105947][ T8947] __x64_sys_sendmsg+0x78/0xb0 [ 79.110736][ T8947] do_syscall_64+0xfd/0x680 [ 79.115240][ T8947] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.121132][ T8947] [ 79.123465][ T8947] Freed by task 8947: [ 79.127452][ T8947] save_stack+0x23/0x90 [ 79.131600][ T8947] __kasan_slab_free+0x102/0x150 [ 79.136574][ T8947] kasan_slab_free+0xe/0x10 [ 79.141067][ T8947] kmem_cache_free+0x86/0x260 [ 79.145724][ T8947] kfree_skbmem+0xc5/0x150 [ 79.150134][ T8947] kfree_skb+0xf0/0x390 [ 79.154298][ T8947] kfree_skb_list+0x44/0x60 [ 79.158808][ T8947] __dev_queue_xmit+0x3034/0x36b0 [ 79.163835][ T8947] dev_queue_xmit+0x18/0x20 [ 79.168348][ T8947] neigh_direct_output+0x16/0x20 [ 79.173293][ T8947] ip6_finish_output2+0x1034/0x2550 [ 79.178498][ T8947] ip6_fragment+0x1ebb/0x2680 [ 79.183190][ T8947] __ip6_finish_output+0x577/0xaa0 [ 79.188297][ T8947] ip6_finish_output+0x38/0x1f0 [ 79.193160][ T8947] ip6_output+0x235/0x7f0 [ 79.197491][ T8947] ip6_local_out+0xbb/0x1b0 [ 79.201985][ T8947] ip6_send_skb+0xbb/0x350 [ 79.206400][ T8947] ip6_push_pending_frames+0xc8/0xf0 [ 79.211675][ T8947] rawv6_sendmsg+0x2993/0x35e0 [ 79.216447][ T8947] inet_sendmsg+0x141/0x5d0 [ 79.220940][ T8947] sock_sendmsg+0xd7/0x130 [ 79.225384][ T8947] ___sys_sendmsg+0x803/0x920 [ 79.230049][ T8947] __sys_sendmsg+0x105/0x1d0 [ 79.234632][ T8947] __x64_sys_sendmsg+0x78/0xb0 [ 79.239410][ T8947] do_syscall_64+0xfd/0x680 [ 79.243915][ T8947] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.249798][ T8947] [ 79.252118][ T8947] The buggy address belongs to the object at ffff888085a3cbc0 [ 79.252118][ T8947] which belongs to the cache skbuff_head_cache of size 224 [ 79.266696][ T8947] The buggy address is located 0 bytes inside of [ 79.266696][ T8947] 224-byte region [ffff888085a3cbc0, ffff888085a3cca0) [ 79.279789][ T8947] The buggy address belongs to the page: [ 79.285404][ T8947] page:ffffea0002168f00 refcount:1 mapcount:0 mapping:ffff88821b6f63c0 index:0x0 [ 79.294499][ T8947] flags: 0x1fffc0000000200(slab) [ 79.299476][ T8947] raw: 01fffc0000000200 ffffea00027bbf88 ffffea0002105b88 ffff88821b6f63c0 [ 79.308061][ T8947] raw: 0000000000000000 ffff888085a3c080 000000010000000c 0000000000000000 [ 79.316644][ T8947] page dumped because: kasan: bad access detected [ 79.323037][ T8947] [ 79.325351][ T8947] Memory state around the buggy address: [ 79.330975][ T8947] ffff888085a3ca80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 79.339204][ T8947] ffff888085a3cb00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 79.347245][ T8947] >ffff888085a3cb80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 79.355321][ T8947] ^ [ 79.361473][ T8947] ffff888085a3cc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 79.369580][ T8947] ffff888085a3cc80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 79.377631][ T8947] ================================================================== [ 79.385689][ T8947] Disabling lock debugging due to kernel taint [ 79.400924][ T8947] Kernel panic - not syncing: panic_on_warn set ... [ 79.407546][ T8947] CPU: 1 PID: 8947 Comm: syz-executor303 Tainted: G B 5.2.0-rc2+ #12 [ 79.417434][ T8947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.427523][ T8947] Call Trace: [ 79.430821][ T8947] dump_stack+0x172/0x1f0 [ 79.435158][ T8947] panic+0x2cb/0x744 [ 79.439102][ T8947] ? __warn_printk+0xf3/0xf3 [ 79.443686][ T8947] ? kfree_skb_list+0x5d/0x60 [ 79.448361][ T8947] ? preempt_schedule+0x4b/0x60 [ 79.453231][ T8947] ? ___preempt_schedule+0x16/0x18 [ 79.454732][ T8922] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.458716][ T8947] ? trace_hardirqs_on+0x5e/0x220 [ 79.470482][ T8947] ? kfree_skb_list+0x5d/0x60 [ 79.473216][ T8922] kobject: 'vlan0' (00000000be078865): kobject_add_internal: parent: 'mesh', set: '' [ 79.475155][ T8947] end_report+0x47/0x4f [ 79.475177][ T8947] ? kfree_skb_list+0x5d/0x60 [ 79.493933][ T8947] __kasan_report.cold+0xe/0x40 [ 79.498784][ T8947] ? lockdep_hardirqs_on+0x3d0/0x5d0 [ 79.504076][ T8947] ? kfree_skb_list+0x5d/0x60 [ 79.508754][ T8947] kasan_report+0x12/0x20 [ 79.513102][ T8947] __asan_report_load8_noabort+0x14/0x20 [ 79.518744][ T8947] kfree_skb_list+0x5d/0x60 [ 79.523247][ T8947] ip6_fragment+0x1ef4/0x2680 [ 79.527967][ T8947] ? mark_held_locks+0xf0/0xf0 [ 79.532739][ T8947] ? ip6_forward_finish+0x570/0x570 [ 79.537941][ T8947] ? ip6_forward+0x3870/0x3870 [ 79.542705][ T8947] ? ip6_mtu+0x2e6/0x460 [ 79.546951][ T8947] ? lock_downgrade+0x880/0x880 [ 79.551807][ T8947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 79.558060][ T8947] ? kasan_check_read+0x11/0x20 [ 79.562933][ T8947] __ip6_finish_output+0x577/0xaa0 executing program [ 79.568079][ T8947] ip6_finish_output+0x38/0x1f0 [ 79.572973][ T8947] ip6_output+0x235/0x7f0 [ 79.577370][ T8947] ? ip6_finish_output+0x1f0/0x1f0 [ 79.582489][ T8947] ? __ip6_finish_output+0xaa0/0xaa0 [ 79.587775][ T8947] ? ip6_autoflowlabel.part.0+0x70/0x70 [ 79.593322][ T8947] ip6_local_out+0xbb/0x1b0 [ 79.597828][ T8947] ip6_send_skb+0xbb/0x350 [ 79.602249][ T8947] ip6_push_pending_frames+0xc8/0xf0 [ 79.607546][ T8947] rawv6_sendmsg+0x2993/0x35e0 [ 79.612311][ T8947] ? rawv6_getsockopt+0x150/0x150 [ 79.617331][ T8947] ? aa_profile_af_perm+0x320/0x320 [ 79.622525][ T8947] ? tomoyo_check_inet_address+0xf7/0x740 [ 79.628248][ T8947] ? tomoyo_unix_entry+0x5d0/0x5d0 [ 79.633363][ T8947] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 79.639090][ T8947] ? rw_copy_check_uvector+0x2a6/0x330 [ 79.644550][ T8947] ? ___might_sleep+0x163/0x280 [ 79.649394][ T8947] ? __might_sleep+0x95/0x190 [ 79.654078][ T8947] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 79.659630][ T8947] inet_sendmsg+0x141/0x5d0 [ 79.664128][ T8947] ? inet_sendmsg+0x141/0x5d0 [ 79.668798][ T8947] ? ipip_gro_receive+0x100/0x100 [ 79.673817][ T8947] sock_sendmsg+0xd7/0x130 [ 79.678228][ T8947] ___sys_sendmsg+0x803/0x920 [ 79.682901][ T8947] ? copy_msghdr_from_user+0x430/0x430 [ 79.688353][ T8947] ? lock_downgrade+0x880/0x880 [ 79.693194][ T8947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 79.699426][ T8947] ? kasan_check_read+0x11/0x20 [ 79.704270][ T8947] ? __fget+0x381/0x550 [ 79.708427][ T8947] ? __fget_light+0x1a9/0x230 [ 79.713094][ T8947] ? __fdget+0x1b/0x20 [ 79.717171][ T8947] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 79.723407][ T8947] __sys_sendmsg+0x105/0x1d0 [ 79.727988][ T8947] ? __ia32_sys_shutdown+0x80/0x80 [ 79.733132][ T8947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 79.739393][ T8947] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 79.744842][ T8947] ? do_syscall_64+0x26/0x680 [ 79.749526][ T8947] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.755593][ T8947] ? do_syscall_64+0x26/0x680 [ 79.760287][ T8947] __x64_sys_sendmsg+0x78/0xb0 [ 79.765078][ T8947] do_syscall_64+0xfd/0x680 [ 79.769588][ T8947] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 79.775469][ T8947] RIP: 0033:0x44add9 [ 79.779360][ T8947] Code: e8 7c e6 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b 05 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 79.798951][ T8947] RSP: 002b:00007f826f33bce8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 79.807367][ T8947] RAX: ffffffffffffffda RBX: 00000000006e7a18 RCX: 000000000044add9 [ 79.815341][ T8947] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005 [ 79.823301][ T8947] RBP: 00000000006e7a10 R08: 0000000000000000 R09: 0000000000000000 [ 79.831262][ T8947] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006e7a1c [ 79.839241][ T8947] R13: 00007ffcec4f7ebf R14: 00007f826f33c9c0 R15: 20c49ba5e353f7cf [ 79.848161][ T8947] Kernel Offset: disabled [ 79.852485][ T8947] Rebooting in 86400 seconds..