[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 82.080024][ T26] audit: type=1800 audit(1577267746.490:25): pid=9061 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 82.101302][ T26] audit: type=1800 audit(1577267746.490:26): pid=9061 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 82.122404][ T26] audit: type=1800 audit(1577267746.490:27): pid=9061 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.10' (ECDSA) to the list of known hosts. 2019/12/25 09:56:16 parsed 1 programs 2019/12/25 09:56:19 executed programs: 0 syzkaller login: [ 115.271129][ T9237] IPVS: ftp: loaded support on port[0] = 21 [ 115.281753][ T9238] IPVS: ftp: loaded support on port[0] = 21 [ 115.312148][ T9241] IPVS: ftp: loaded support on port[0] = 21 [ 115.313197][ T9245] IPVS: ftp: loaded support on port[0] = 21 [ 115.335819][ T9246] IPVS: ftp: loaded support on port[0] = 21 [ 115.346034][ T9243] IPVS: ftp: loaded support on port[0] = 21 [ 115.581482][ T9238] chnl_net:caif_netlink_parms(): no params data found [ 115.650249][ T9237] chnl_net:caif_netlink_parms(): no params data found [ 115.666820][ T9245] chnl_net:caif_netlink_parms(): no params data found [ 115.723641][ T9238] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.732424][ T9238] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.741842][ T9238] device bridge_slave_0 entered promiscuous mode [ 115.811503][ T9238] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.822302][ T9238] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.830751][ T9238] device bridge_slave_1 entered promiscuous mode [ 115.884473][ T9237] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.891546][ T9237] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.900683][ T9237] device bridge_slave_0 entered promiscuous mode [ 115.910520][ T9237] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.918272][ T9237] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.926498][ T9237] device bridge_slave_1 entered promiscuous mode [ 115.943404][ T9241] chnl_net:caif_netlink_parms(): no params data found [ 115.960493][ T9246] chnl_net:caif_netlink_parms(): no params data found [ 115.973677][ T9245] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.980996][ T9245] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.988933][ T9245] device bridge_slave_0 entered promiscuous mode [ 116.000556][ T9245] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.008045][ T9245] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.016226][ T9245] device bridge_slave_1 entered promiscuous mode [ 116.027313][ T9238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.038762][ T9238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.063452][ T9237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.080148][ T9243] chnl_net:caif_netlink_parms(): no params data found [ 116.108226][ T9237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.128975][ T9245] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.152911][ T9238] team0: Port device team_slave_0 added [ 116.178696][ T9245] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.211100][ T9238] team0: Port device team_slave_1 added [ 116.219283][ T9237] team0: Port device team_slave_0 added [ 116.259248][ T9237] team0: Port device team_slave_1 added [ 116.267180][ T9245] team0: Port device team_slave_0 added [ 116.274086][ T9241] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.281175][ T9241] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.290194][ T9241] device bridge_slave_0 entered promiscuous mode [ 116.303136][ T9241] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.310325][ T9241] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.318330][ T9241] device bridge_slave_1 entered promiscuous mode [ 116.325761][ T9246] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.332818][ T9246] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.341265][ T9246] device bridge_slave_0 entered promiscuous mode [ 116.350321][ T9245] team0: Port device team_slave_1 added [ 116.371524][ T9243] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.380292][ T9243] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.388425][ T9243] device bridge_slave_0 entered promiscuous mode [ 116.401671][ T9243] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.409839][ T9243] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.419722][ T9243] device bridge_slave_1 entered promiscuous mode [ 116.427331][ T9246] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.434994][ T9246] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.442938][ T9246] device bridge_slave_1 entered promiscuous mode [ 116.506026][ T9245] device hsr_slave_0 entered promiscuous mode [ 116.544219][ T9245] device hsr_slave_1 entered promiscuous mode [ 116.663141][ T9246] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.717400][ T9237] device hsr_slave_0 entered promiscuous mode [ 116.754367][ T9237] device hsr_slave_1 entered promiscuous mode [ 116.794110][ T9237] debugfs: Directory 'hsr0' with parent '/' already present! [ 116.808852][ T9241] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.827737][ T9241] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.839030][ T9243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.850763][ T9246] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.906620][ T9238] device hsr_slave_0 entered promiscuous mode [ 116.954646][ T9238] device hsr_slave_1 entered promiscuous mode [ 117.023989][ T9238] debugfs: Directory 'hsr0' with parent '/' already present! [ 117.047381][ T9243] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 117.095131][ T9241] team0: Port device team_slave_0 added [ 117.129534][ T9241] team0: Port device team_slave_1 added [ 117.135809][ T9245] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 117.181131][ T9245] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 117.238731][ T9246] team0: Port device team_slave_0 added [ 117.249551][ T9246] team0: Port device team_slave_1 added [ 117.266248][ T9243] team0: Port device team_slave_0 added [ 117.272237][ T9245] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 117.330782][ T9245] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 117.394186][ T9243] team0: Port device team_slave_1 added [ 117.406425][ T9237] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 117.527888][ T9246] device hsr_slave_0 entered promiscuous mode [ 117.594215][ T9246] device hsr_slave_1 entered promiscuous mode [ 117.664118][ T9246] debugfs: Directory 'hsr0' with parent '/' already present! [ 117.671737][ T9237] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 117.726384][ T9238] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 117.786662][ T9238] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 117.897423][ T9241] device hsr_slave_0 entered promiscuous mode [ 117.944483][ T9241] device hsr_slave_1 entered promiscuous mode [ 118.013975][ T9241] debugfs: Directory 'hsr0' with parent '/' already present! [ 118.068656][ T9243] device hsr_slave_0 entered promiscuous mode [ 118.114995][ T9243] device hsr_slave_1 entered promiscuous mode [ 118.163994][ T9243] debugfs: Directory 'hsr0' with parent '/' already present! [ 118.177889][ T9237] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 118.236033][ T9238] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 118.287063][ T9238] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 118.362739][ T9237] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 118.509528][ T9246] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 118.607100][ T9246] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 118.656745][ T9246] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 118.726144][ T9241] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 118.786786][ T9243] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 118.825746][ T9243] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 118.878835][ T9243] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 118.946595][ T9246] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 118.988969][ T9241] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 119.050208][ T9243] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 119.094957][ T9241] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 119.127624][ T9241] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 119.252533][ T9245] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.306902][ T9245] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.337038][ T9237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.349863][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.359192][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.390047][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.399395][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.410594][ T2729] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.418026][ T2729] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.427162][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.436367][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.445015][ T2729] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.452247][ T2729] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.460023][ T2729] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 119.481158][ T9238] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.501235][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 119.509438][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.525805][ T9237] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.539900][ T9246] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.552803][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.561898][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.569861][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.579168][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.587865][ T2937] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.595097][ T2937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.602779][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.611100][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.620223][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 119.628385][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 119.637894][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 119.652683][ T9238] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.671497][ T9246] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.687122][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 119.697302][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.705918][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.716716][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 119.725797][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 119.735756][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 119.744758][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 119.791614][ T9245] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 119.809561][ T9245] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 119.818155][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.827787][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.837185][ T2863] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.844471][ T2863] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.852115][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.862694][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.871395][ T2863] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.879413][ T2863] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.888207][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 119.897911][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.907385][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 119.916589][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 119.926742][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 119.935677][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 119.944144][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.954274][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.963463][ T2863] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.970688][ T2863] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.978701][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.989013][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.998065][ T2863] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.006075][ T2863] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.013651][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 120.022797][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 120.032074][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.041978][ T2863] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.049496][ T2863] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.057740][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 120.067146][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 120.075913][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 120.087374][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.096537][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 120.105921][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 120.113750][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 120.131572][ T9238] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 120.146468][ T9238] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 120.170416][ T9241] 8021q: adding VLAN 0 to HW filter on device bond0 [ 120.190135][ T9243] 8021q: adding VLAN 0 to HW filter on device bond0 [ 120.201763][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 120.210927][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 120.219855][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 120.233067][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.242100][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 120.251115][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 120.260649][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 120.270718][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 120.279111][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 120.287257][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 120.296938][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 120.326756][ T9241] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.339821][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 120.348420][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 120.357144][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 120.367749][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 120.376830][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 120.410878][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 120.419883][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 120.428750][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 120.438147][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 120.447411][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 120.455788][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 120.463672][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 120.472417][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.480883][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 120.488805][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 120.496899][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 120.505286][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 120.512896][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 120.521662][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 120.530292][ T2863] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.537571][ T2863] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.548471][ T9243] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.564332][ T9246] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 120.573081][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 120.582037][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 120.590984][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 120.599802][ T2885] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.607131][ T2885] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.616530][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 120.631067][ T9237] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 120.642339][ T9237] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 120.664664][ T9245] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.710172][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 120.723722][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 120.736047][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 120.745645][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.755060][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 120.763806][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.772505][ T2937] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.780644][ T2937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.788789][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 120.797841][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 120.807262][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 120.818033][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 120.827791][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 120.837753][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.846856][ T2937] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.855920][ T2937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.864008][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 120.872902][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 120.883570][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 120.891788][ T2937] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 120.907317][ T9238] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.952946][ T9246] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.969117][ T2896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 120.979651][ T2896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 120.989503][ T2896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 120.999562][ T2896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 121.008744][ T2896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 121.018334][ T2896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 121.027428][ T2896] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 121.035633][ T2896] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 121.045318][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 121.060456][ T9241] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 121.072358][ T9241] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 121.092287][ T9243] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 121.104948][ T9243] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 121.124287][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 121.132951][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 121.143227][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 121.153793][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 121.162861][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 121.171688][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 121.180475][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 121.189023][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 121.198586][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 121.207082][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 121.237689][ T9237] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 121.250490][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 121.269181][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 121.345305][ T9243] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 121.356598][ T9241] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 121.359504][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 121.359680][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 121.359786][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 121.359895][ T2941] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 2019/12/25 09:56:26 executed programs: 6 [ 123.378627][ T9357] ================================================================== [ 123.378700][ T9357] BUG: KASAN: use-after-free in fb_mode_is_equal+0x297/0x300 [ 123.378721][ T9357] Read of size 4 at addr ffff88809188de9c by task syz-executor.2/9357 [ 123.378725][ T9357] [ 123.378742][ T9357] CPU: 0 PID: 9357 Comm: syz-executor.2 Not tainted 5.5.0-rc3-syzkaller #0 [ 123.378751][ T9357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 123.378757][ T9357] Call Trace: [ 123.378776][ T9357] dump_stack+0x197/0x210 [ 123.378793][ T9357] ? fb_mode_is_equal+0x297/0x300 [ 123.378816][ T9357] print_address_description.constprop.0.cold+0xd4/0x30b [ 123.378831][ T9357] ? fb_mode_is_equal+0x297/0x300 [ 123.378847][ T9357] ? fb_mode_is_equal+0x297/0x300 [ 123.378862][ T9357] __kasan_report.cold+0x1b/0x41 [ 123.378879][ T9357] ? cache_grow_begin.cold+0x2d/0x2f [ 123.378895][ T9357] ? fb_mode_is_equal+0x297/0x300 [ 123.378913][ T9357] kasan_report+0x12/0x20 [ 123.378930][ T9357] __asan_report_load4_noabort+0x14/0x20 [ 123.378947][ T9357] fb_mode_is_equal+0x297/0x300 [ 123.378965][ T9357] fbcon_mode_deleted+0x12c/0x190 [ 123.378981][ T9357] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 123.379001][ T9357] fb_set_var+0xab9/0xdd0 [ 123.379019][ T9357] ? fb_blank+0x1a0/0x1a0 [ 123.379036][ T9357] ? lock_acquire+0x190/0x410 [ 123.379051][ T9357] ? do_fb_ioctl+0x348/0x7d0 [ 123.379075][ T9357] ? __mutex_lock+0x458/0x13c0 [ 123.379087][ T9357] ? down+0x50/0x90 [ 123.379108][ T9357] ? mutex_trylock+0x2d0/0x2d0 [ 123.379122][ T9357] ? mark_held_locks+0xf0/0xf0 [ 123.379138][ T9357] ? lock_downgrade+0x920/0x920 [ 123.379155][ T9357] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 123.379169][ T9357] ? down+0x50/0x90 [ 123.379187][ T9357] ? lock_acquire+0x190/0x410 [ 123.379202][ T9357] ? do_fb_ioctl+0x335/0x7d0 [ 123.379226][ T9357] do_fb_ioctl+0x390/0x7d0 [ 123.379243][ T9357] ? fb_mmap+0x520/0x520 [ 123.379260][ T9357] ? tomoyo_path_number_perm+0x214/0x520 [ 123.379275][ T9357] ? find_held_lock+0x35/0x130 [ 123.379292][ T9357] ? tomoyo_path_number_perm+0x214/0x520 [ 123.379314][ T9357] ? lock_downgrade+0x920/0x920 [ 123.379328][ T9357] ? lockdep_hardirqs_on+0x421/0x5e0 [ 123.379357][ T9357] ? tomoyo_path_number_perm+0x454/0x520 [ 123.379404][ T9357] fb_ioctl+0xe6/0x130 [ 123.379419][ T9357] ? do_fb_ioctl+0x7d0/0x7d0 [ 123.379436][ T9357] do_vfs_ioctl+0x977/0x14e0 [ 123.379457][ T9357] ? compat_ioctl_preallocate+0x220/0x220 [ 123.379472][ T9357] ? __fget+0x37f/0x550 [ 123.379493][ T9357] ? ksys_dup3+0x3e0/0x3e0 [ 123.379511][ T9357] ? ns_to_kernel_old_timeval+0x100/0x100 [ 123.379533][ T9357] ? tomoyo_file_ioctl+0x23/0x30 [ 123.379550][ T9357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 123.379566][ T9357] ? security_file_ioctl+0x8d/0xc0 [ 123.379584][ T9357] ksys_ioctl+0xab/0xd0 [ 123.379603][ T9357] __x64_sys_ioctl+0x73/0xb0 [ 123.379622][ T9357] do_syscall_64+0xfa/0x790 [ 123.379643][ T9357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 123.379655][ T9357] RIP: 0033:0x45a919 [ 123.379671][ T9357] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 123.379680][ T9357] RSP: 002b:00007ff3ef112c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 123.379694][ T9357] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a919 [ 123.379709][ T9357] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000013 [ 123.379718][ T9357] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 123.379727][ T9357] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3ef1136d4 [ 123.379736][ T9357] R13: 00000000004c310d R14: 00000000004d8498 R15: 00000000ffffffff [ 123.379756][ T9357] [ 123.379764][ T9357] Allocated by task 9260: [ 123.379777][ T9357] save_stack+0x23/0x90 [ 123.379790][ T9357] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 123.379803][ T9357] kasan_kmalloc+0x9/0x10 [ 123.379816][ T9357] kmem_cache_alloc_trace+0x158/0x790 [ 123.379830][ T9357] fb_add_videomode+0x2fb/0x610 [ 123.379844][ T9357] fb_set_var+0x5ef/0xdd0 [ 123.379856][ T9357] do_fb_ioctl+0x390/0x7d0 [ 123.379869][ T9357] fb_ioctl+0xe6/0x130 [ 123.379881][ T9357] do_vfs_ioctl+0x977/0x14e0 [ 123.379893][ T9357] ksys_ioctl+0xab/0xd0 [ 123.379927][ T9357] __x64_sys_ioctl+0x73/0xb0 [ 123.379941][ T9357] do_syscall_64+0xfa/0x790 [ 123.379963][ T9357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 123.379967][ T9357] [ 123.379974][ T9357] Freed by task 9341: [ 123.379986][ T9357] save_stack+0x23/0x90 [ 123.379998][ T9357] __kasan_slab_free+0x102/0x150 [ 123.380011][ T9357] kasan_slab_free+0xe/0x10 [ 123.380022][ T9357] kfree+0x10a/0x2c0 [ 123.380036][ T9357] fb_delete_videomode+0x3fa/0x540 [ 123.380049][ T9357] fb_set_var+0xac8/0xdd0 [ 123.380062][ T9357] do_fb_ioctl+0x390/0x7d0 [ 123.380074][ T9357] fb_ioctl+0xe6/0x130 [ 123.380086][ T9357] do_vfs_ioctl+0x977/0x14e0 [ 123.380098][ T9357] ksys_ioctl+0xab/0xd0 [ 123.380111][ T9357] __x64_sys_ioctl+0x73/0xb0 [ 123.380125][ T9357] do_syscall_64+0xfa/0x790 [ 123.380140][ T9357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 123.380144][ T9357] [ 123.380155][ T9357] The buggy address belongs to the object at ffff88809188de80 [ 123.380155][ T9357] which belongs to the cache kmalloc-96 of size 96 [ 123.380168][ T9357] The buggy address is located 28 bytes inside of [ 123.380168][ T9357] 96-byte region [ffff88809188de80, ffff88809188dee0) [ 123.380173][ T9357] The buggy address belongs to the page: [ 123.380187][ T9357] page:ffffea0002462340 refcount:1 mapcount:0 mapping:ffff8880aa400540 index:0x0 [ 123.380204][ T9357] raw: 00fffe0000000200 ffffea00024fe808 ffffea00024fe848 ffff8880aa400540 [ 123.380219][ T9357] raw: 0000000000000000 ffff88809188d000 0000000100000020 0000000000000000 [ 123.380226][ T9357] page dumped because: kasan: bad access detected [ 123.380230][ T9357] [ 123.380234][ T9357] Memory state around the buggy address: [ 123.380245][ T9357] ffff88809188dd80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 123.380257][ T9357] ffff88809188de00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 123.380268][ T9357] >ffff88809188de80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 123.380274][ T9357] ^ [ 123.380286][ T9357] ffff88809188df00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 123.380297][ T9357] ffff88809188df80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 123.380303][ T9357] ================================================================== [ 123.380308][ T9357] Disabling lock debugging due to kernel taint [ 123.380315][ T9357] Kernel panic - not syncing: panic_on_warn set ... [ 123.380327][ T9357] CPU: 0 PID: 9357 Comm: syz-executor.2 Tainted: G B 5.5.0-rc3-syzkaller #0 [ 123.380333][ T9357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 123.380336][ T9357] Call Trace: [ 123.380348][ T9357] dump_stack+0x197/0x210 [ 123.380362][ T9357] panic+0x2e3/0x75c [ 123.380374][ T9357] ? add_taint.cold+0x16/0x16 [ 123.380392][ T9357] ? trace_hardirqs_on+0x67/0x240 [ 123.380405][ T9357] ? trace_hardirqs_on+0x5e/0x240 [ 123.380420][ T9357] ? fb_mode_is_equal+0x297/0x300 [ 123.380430][ T9357] end_report+0x47/0x4f [ 123.380442][ T9357] ? fb_mode_is_equal+0x297/0x300 [ 123.380452][ T9357] __kasan_report.cold+0xe/0x41 [ 123.380464][ T9357] ? cache_grow_begin.cold+0x2d/0x2f [ 123.380483][ T9357] ? fb_mode_is_equal+0x297/0x300 [ 123.380494][ T9357] kasan_report+0x12/0x20 [ 123.380507][ T9357] __asan_report_load4_noabort+0x14/0x20 [ 123.380520][ T9357] fb_mode_is_equal+0x297/0x300 [ 123.380533][ T9357] fbcon_mode_deleted+0x12c/0x190 [ 123.380544][ T9357] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 123.380555][ T9357] fb_set_var+0xab9/0xdd0 [ 123.380569][ T9357] ? fb_blank+0x1a0/0x1a0 [ 123.380580][ T9357] ? lock_acquire+0x190/0x410 [ 123.380590][ T9357] ? do_fb_ioctl+0x348/0x7d0 [ 123.380604][ T9357] ? __mutex_lock+0x458/0x13c0 [ 123.380616][ T9357] ? down+0x50/0x90 [ 123.380630][ T9357] ? mutex_trylock+0x2d0/0x2d0 [ 123.380641][ T9357] ? mark_held_locks+0xf0/0xf0 [ 123.380652][ T9357] ? lock_downgrade+0x920/0x920 [ 123.380664][ T9357] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 123.380675][ T9357] ? down+0x50/0x90 [ 123.380688][ T9357] ? lock_acquire+0x190/0x410 [ 123.380701][ T9357] ? do_fb_ioctl+0x335/0x7d0 [ 123.380723][ T9357] do_fb_ioctl+0x390/0x7d0 [ 123.380736][ T9357] ? fb_mmap+0x520/0x520 [ 123.380748][ T9357] ? tomoyo_path_number_perm+0x214/0x520 [ 123.380760][ T9357] ? find_held_lock+0x35/0x130 [ 123.380774][ T9357] ? tomoyo_path_number_perm+0x214/0x520 [ 123.380789][ T9357] ? lock_downgrade+0x920/0x920 [ 123.380800][ T9357] ? lockdep_hardirqs_on+0x421/0x5e0 [ 123.380816][ T9357] ? tomoyo_path_number_perm+0x454/0x520 [ 123.380842][ T9357] fb_ioctl+0xe6/0x130 [ 123.380854][ T9357] ? do_fb_ioctl+0x7d0/0x7d0 [ 123.380866][ T9357] do_vfs_ioctl+0x977/0x14e0 [ 123.380886][ T9357] ? compat_ioctl_preallocate+0x220/0x220 [ 123.380898][ T9357] ? __fget+0x37f/0x550 [ 123.380913][ T9357] ? ksys_dup3+0x3e0/0x3e0 [ 123.380934][ T9357] ? ns_to_kernel_old_timeval+0x100/0x100 [ 123.380951][ T9357] ? tomoyo_file_ioctl+0x23/0x30 [ 123.380966][ T9357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 123.380978][ T9357] ? security_file_ioctl+0x8d/0xc0 [ 123.380991][ T9357] ksys_ioctl+0xab/0xd0 [ 123.381004][ T9357] __x64_sys_ioctl+0x73/0xb0 [ 123.381019][ T9357] do_syscall_64+0xfa/0x790 [ 123.381040][ T9357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 123.381049][ T9357] RIP: 0033:0x45a919 [ 123.381069][ T9357] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 123.381077][ T9357] RSP: 002b:00007ff3ef112c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 123.381089][ T9357] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a919 [ 123.381096][ T9357] RDX: 0000000020000000 RSI: 0000000000004601 RDI: 0000000000000013 [ 123.381103][ T9357] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 123.381111][ T9357] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3ef1136d4 [ 123.381119][ T9357] R13: 00000000004c310d R14: 00000000004d8498 R15: 00000000ffffffff [ 123.382687][ T9357] Kernel Offset: disabled