[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 63.006935][ T27] audit: type=1800 audit(1561661326.106:25): pid=8757 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 63.045844][ T27] audit: type=1800 audit(1561661326.106:26): pid=8757 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 63.078876][ T27] audit: type=1800 audit(1561661326.106:27): pid=8757 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts. 2019/06/27 18:49:05 parsed 1 programs 2019/06/27 18:49:08 executed programs: 0 syzkaller login: [ 85.871854][ T8935] IPVS: ftp: loaded support on port[0] = 21 [ 85.875288][ T8934] IPVS: ftp: loaded support on port[0] = 21 [ 85.886871][ T8933] IPVS: ftp: loaded support on port[0] = 21 [ 85.889822][ T8936] IPVS: ftp: loaded support on port[0] = 21 [ 85.906281][ T8938] IPVS: ftp: loaded support on port[0] = 21 [ 85.926540][ T8939] IPVS: ftp: loaded support on port[0] = 21 [ 86.203327][ T8935] chnl_net:caif_netlink_parms(): no params data found [ 86.241088][ T8933] chnl_net:caif_netlink_parms(): no params data found [ 86.306380][ T8934] chnl_net:caif_netlink_parms(): no params data found [ 86.357080][ T8935] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.364519][ T8935] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.374600][ T8935] device bridge_slave_0 entered promiscuous mode [ 86.410860][ T8933] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.419241][ T8933] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.427679][ T8933] device bridge_slave_0 entered promiscuous mode [ 86.438683][ T8933] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.445890][ T8933] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.454072][ T8933] device bridge_slave_1 entered promiscuous mode [ 86.469618][ T8935] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.476865][ T8935] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.484535][ T8935] device bridge_slave_1 entered promiscuous mode [ 86.532441][ T8939] chnl_net:caif_netlink_parms(): no params data found [ 86.540968][ T8938] chnl_net:caif_netlink_parms(): no params data found [ 86.587402][ T8933] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 86.602116][ T8933] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 86.628824][ T8935] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 86.639452][ T8935] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 86.664574][ T8934] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.672319][ T8934] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.682570][ T8934] device bridge_slave_0 entered promiscuous mode [ 86.721176][ T8936] chnl_net:caif_netlink_parms(): no params data found [ 86.729721][ T8934] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.737646][ T8934] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.745285][ T8934] device bridge_slave_1 entered promiscuous mode [ 86.766149][ T8933] team0: Port device team_slave_0 added [ 86.781386][ T8935] team0: Port device team_slave_0 added [ 86.797611][ T8938] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.804664][ T8938] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.812678][ T8938] device bridge_slave_0 entered promiscuous mode [ 86.820751][ T8938] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.827915][ T8938] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.835986][ T8938] device bridge_slave_1 entered promiscuous mode [ 86.844049][ T8933] team0: Port device team_slave_1 added [ 86.855519][ T8935] team0: Port device team_slave_1 added [ 86.893306][ T8939] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.903918][ T8939] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.912226][ T8939] device bridge_slave_0 entered promiscuous mode [ 86.931404][ T8934] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 86.943035][ T8934] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 86.960517][ T8938] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 86.969128][ T8939] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.979318][ T8939] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.987193][ T8939] device bridge_slave_1 entered promiscuous mode [ 87.029530][ T8935] device hsr_slave_0 entered promiscuous mode [ 87.066394][ T8935] device hsr_slave_1 entered promiscuous mode [ 87.163634][ T8938] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 87.202064][ T8936] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.209816][ T8936] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.217736][ T8936] device bridge_slave_0 entered promiscuous mode [ 87.269032][ T8933] device hsr_slave_0 entered promiscuous mode [ 87.316729][ T8933] device hsr_slave_1 entered promiscuous mode [ 87.375587][ T8939] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.386209][ T8934] team0: Port device team_slave_0 added [ 87.393441][ T8936] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.400665][ T8936] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.408993][ T8936] device bridge_slave_1 entered promiscuous mode [ 87.425696][ T8938] team0: Port device team_slave_0 added [ 87.432980][ T8934] team0: Port device team_slave_1 added [ 87.440632][ T8939] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 87.473883][ T8938] team0: Port device team_slave_1 added [ 87.482817][ T8939] team0: Port device team_slave_0 added [ 87.496981][ T8939] team0: Port device team_slave_1 added [ 87.526058][ T8936] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.599175][ T8934] device hsr_slave_0 entered promiscuous mode [ 87.666131][ T8934] device hsr_slave_1 entered promiscuous mode [ 87.809021][ T8939] device hsr_slave_0 entered promiscuous mode [ 87.866315][ T8939] device hsr_slave_1 entered promiscuous mode [ 87.927781][ T8936] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 87.969219][ T8938] device hsr_slave_0 entered promiscuous mode [ 88.006476][ T8938] device hsr_slave_1 entered promiscuous mode [ 88.077530][ T8936] team0: Port device team_slave_0 added [ 88.089166][ T8936] team0: Port device team_slave_1 added [ 88.157710][ T8936] device hsr_slave_0 entered promiscuous mode [ 88.206484][ T8936] device hsr_slave_1 entered promiscuous mode [ 88.326756][ T8933] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.403066][ T8942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 88.411450][ T8942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 88.422174][ T8933] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.458423][ T8935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.470428][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 88.479434][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 88.488690][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.495933][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.507446][ T8938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.526494][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 88.534931][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 88.544217][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 88.555497][ T8934] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.579860][ T8938] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.590794][ T8942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 88.600662][ T8942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 88.609991][ T8942] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.617094][ T8942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.625242][ T8942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 88.634426][ T8942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 88.647071][ T8935] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.679416][ T8939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.688988][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 88.697435][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 88.705086][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 88.714128][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 88.722785][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.729880][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.738471][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.747235][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.755517][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 88.763376][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 88.771277][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 88.780246][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.818937][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 88.827238][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 88.834980][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 88.844015][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 88.852546][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.859668][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.868248][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 88.877322][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 88.885973][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.894407][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.902891][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 88.911645][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 88.920116][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.927364][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.934992][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 88.943713][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 88.952056][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.959169][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.966938][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 88.974592][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 88.982401][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 88.994100][ T8936] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.007031][ T8934] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.030043][ T8939] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.037760][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 89.045594][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 89.055534][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 89.065191][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 89.073742][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 89.083027][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 89.091947][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 89.100857][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 89.109648][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 89.118226][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 89.126739][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 89.134867][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 89.143741][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 89.153739][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 89.170226][ T8935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 89.189685][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 89.199054][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 89.207704][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.219280][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.228365][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.235396][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.250935][ T8936] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.290624][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 89.298801][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 89.306849][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 89.314510][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.323559][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.332396][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.339498][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.347700][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.356447][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.364742][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.371832][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.379373][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 89.388213][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 89.396894][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 89.405055][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 89.414264][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 89.422609][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 89.431304][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 89.439757][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 89.448279][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.457005][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.469032][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.476418][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.484912][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 89.494399][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 89.503074][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 89.511630][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 89.520080][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 89.528883][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 89.539278][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 89.547430][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 89.555437][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.564469][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.574924][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.582032][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.591756][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 89.615537][ T8933] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.641729][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 89.650817][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 89.660183][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.669240][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.677660][ T2913] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.684730][ T2913] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.692438][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 89.700878][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 89.709479][ T2913] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 89.741113][ T8935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.749598][ T8942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 89.761993][ T8942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 89.770903][ T8942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 89.779529][ T8942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 89.789603][ T8942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 89.798043][ T8942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 89.806404][ T8942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 89.814640][ T8942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 89.842535][ T8939] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 89.882389][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 89.892430][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 89.903782][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 89.912607][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 89.921045][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 89.929484][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 89.937837][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 89.946261][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 89.954862][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 89.967091][ T8936] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 89.997930][ T8936] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.024845][ T8934] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.062834][ T8934] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 90.079915][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 90.108738][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 90.125220][ T8938] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.145006][ T8939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.225426][ T8934] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/06/27 18:49:13 executed programs: 24 2019/06/27 18:49:18 executed programs: 184 2019/06/27 18:49:23 executed programs: 358 2019/06/27 18:49:28 executed programs: 526 2019/06/27 18:49:34 executed programs: 705 2019/06/27 18:49:39 executed programs: 883 [ 118.989540][T12680] ================================================================== [ 118.997876][T12680] BUG: KASAN: use-after-free in work_is_static_object+0x39/0x40 [ 119.005514][T12680] Read of size 8 at addr ffff888088cf5b78 by task syz-executor.2/12680 [ 119.013743][T12680] [ 119.016102][T12680] CPU: 1 PID: 12680 Comm: syz-executor.2 Not tainted 5.2.0-rc6+ #34 [ 119.024077][T12680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 119.034156][T12680] Call Trace: [ 119.037502][T12680] dump_stack+0x172/0x1f0 [ 119.041844][T12680] ? work_is_static_object+0x39/0x40 [ 119.047174][T12680] print_address_description.cold+0x7c/0x20d [ 119.053160][T12680] ? work_is_static_object+0x39/0x40 [ 119.058451][T12680] ? work_is_static_object+0x39/0x40 [ 119.063743][T12680] __kasan_report.cold+0x1b/0x40 [ 119.068702][T12680] ? work_is_static_object+0x39/0x40 [ 119.074003][T12680] kasan_report+0x12/0x20 [ 119.078351][T12680] __asan_report_load8_noabort+0x14/0x20 [ 119.083990][T12680] work_is_static_object+0x39/0x40 [ 119.089157][T12680] debug_object_activate+0x291/0x4e0 [ 119.094464][T12680] ? finish_task_switch+0x146/0x730 [ 119.099670][T12680] ? finish_task_switch+0x118/0x730 [ 119.104891][T12680] ? debug_object_free+0x430/0x430 [ 119.110043][T12680] ? __sched_text_start+0x8/0x8 [ 119.114909][T12680] __queue_work+0xcf/0x1200 [ 119.119441][T12680] ? rxrpc_put_local+0x24a/0x3a0 [ 119.124397][T12680] ? trace_hardirqs_off+0x62/0x220 [ 119.129522][T12680] queue_work_on+0x192/0x200 [ 119.134126][T12680] ? rxrpc_release+0x46e/0x830 [ 119.138902][T12680] rxrpc_put_local+0x24a/0x3a0 [ 119.143679][T12680] rxrpc_release+0x46e/0x830 [ 119.148320][T12680] __sock_release+0xce/0x2a0 [ 119.152924][T12680] sock_close+0x1b/0x30 [ 119.157110][T12680] __fput+0x2ff/0x890 [ 119.161102][T12680] ? __sock_release+0x2a0/0x2a0 [ 119.165972][T12680] ____fput+0x16/0x20 [ 119.169965][T12680] task_work_run+0x145/0x1c0 [ 119.174591][T12680] exit_to_usermode_loop+0x273/0x2c0 [ 119.179893][T12680] do_fast_syscall_32+0xb51/0xd7d [ 119.184972][T12680] entry_SYSENTER_compat+0x70/0x7f [ 119.190105][T12680] RIP: 0023:0xf7fd6849 [ 119.194189][T12680] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 119.213793][T12680] RSP: 002b:000000000847fbcc EFLAGS: 00000216 ORIG_RAX: 0000000000000006 [ 119.222227][T12680] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000000000 [ 119.222244][T12680] RDX: 0000000000000005 RSI: 00000000081707e0 RDI: 00000000081707d8 [ 119.222251][T12680] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 119.222257][T12680] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 119.222264][T12680] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 119.222293][T12680] [ 119.222316][T12680] Allocated by task 12687: [ 119.222334][T12680] save_stack+0x23/0x90 [ 119.254371][T12680] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 119.254383][T12680] kasan_kmalloc+0x9/0x10 [ 119.254396][T12680] kmem_cache_alloc_trace+0x151/0x750 [ 119.254409][T12680] rxrpc_lookup_local+0x64c/0x1b40 [ 119.254428][T12680] rxrpc_bind+0x34d/0x5e0 [ 119.264749][T12680] __sys_bind+0x239/0x290 [ 119.264760][T12680] __ia32_sys_bind+0x72/0xb0 [ 119.264776][T12680] do_fast_syscall_32+0x27b/0xd7d [ 119.264791][T12680] entry_SYSENTER_compat+0x70/0x7f [ 119.264802][T12680] [ 119.273344][T12680] Freed by task 16: [ 119.273362][T12680] save_stack+0x23/0x90 [ 119.273375][T12680] __kasan_slab_free+0x102/0x150 [ 119.273387][T12680] kasan_slab_free+0xe/0x10 [ 119.273396][T12680] kfree+0xcf/0x220 [ 119.273416][T12680] rxrpc_local_rcu+0x53/0x60 [ 119.283368][T12680] rcu_core+0xba5/0x1500 [ 119.283384][T12680] __do_softirq+0x25c/0x94c [ 119.283394][T12680] [ 119.293841][T12680] The buggy address belongs to the object at ffff888088cf5b40 [ 119.293841][T12680] which belongs to the cache kmalloc-1k of size 1024 [ 119.293853][T12680] The buggy address is located 56 bytes inside of [ 119.293853][T12680] 1024-byte region [ffff888088cf5b40, ffff888088cf5f40) [ 119.293858][T12680] The buggy address belongs to the page: [ 119.293882][T12680] page:ffffea0002233d00 refcount:1 mapcount:0 mapping:ffff8880aa400ac0 index:0xffff888088cf5240 compound_mapcount: 0 [ 119.298410][ T3880] kobject: 'loop5' (00000000815e9171): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 119.302541][T12680] flags: 0x1fffc0000010200(slab|head) [ 119.302561][T12680] raw: 01fffc0000010200 ffffea00027a8c88 ffffea00022df708 ffff8880aa400ac0 [ 119.302577][T12680] raw: ffff888088cf5240 ffff888088cf4040 0000000100000005 0000000000000000 [ 119.302583][T12680] page dumped because: kasan: bad access detected [ 119.302593][T12680] [ 119.344313][ T3880] kobject: 'loop0' (0000000065b0b2e2): kobject_uevent_env [ 119.345305][T12680] Memory state around the buggy address: [ 119.360662][ T3880] kobject: 'loop0' (0000000065b0b2e2): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 119.370391][T12680] ffff888088cf5a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.370401][T12680] ffff888088cf5a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 119.370411][T12680] >ffff888088cf5b00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 119.370417][T12680] ^ [ 119.370426][T12680] ffff888088cf5b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.370435][T12680] ffff888088cf5c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.370440][T12680] ================================================================== [ 119.370445][T12680] Disabling lock debugging due to kernel taint [ 119.370471][T12680] Kernel panic - not syncing: panic_on_warn set ... [ 119.391216][ T3880] kobject: 'loop4' (0000000078c198a2): kobject_uevent_env [ 119.401733][T12680] CPU: 1 PID: 12680 Comm: syz-executor.2 Tainted: G B 5.2.0-rc6+ #34 [ 119.401740][T12680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 119.401745][T12680] Call Trace: [ 119.401768][T12680] dump_stack+0x172/0x1f0 [ 119.401807][T12680] panic+0x2cb/0x744 [ 119.412238][ T3880] kobject: 'loop4' (0000000078c198a2): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 119.417376][T12680] ? __warn_printk+0xf3/0xf3 [ 119.417406][T12680] ? lock_downgrade+0x880/0x880 [ 119.417425][T12680] ? work_is_static_object+0x39/0x40 [ 119.599515][T12680] ? trace_hardirqs_off+0x62/0x220 [ 119.604608][T12680] ? trace_hardirqs_off+0x59/0x220 [ 119.609700][T12680] ? work_is_static_object+0x39/0x40 [ 119.614960][T12680] end_report+0x47/0x4f [ 119.619095][T12680] ? work_is_static_object+0x39/0x40 [ 119.624353][T12680] __kasan_report.cold+0xe/0x40 [ 119.629182][T12680] ? work_is_static_object+0x39/0x40 [ 119.634443][T12680] kasan_report+0x12/0x20 [ 119.638748][T12680] __asan_report_load8_noabort+0x14/0x20 [ 119.644355][T12680] work_is_static_object+0x39/0x40 [ 119.649449][T12680] debug_object_activate+0x291/0x4e0 [ 119.654740][T12680] ? finish_task_switch+0x146/0x730 [ 119.659912][T12680] ? finish_task_switch+0x118/0x730 [ 119.665086][T12680] ? debug_object_free+0x430/0x430 [ 119.670179][T12680] ? __sched_text_start+0x8/0x8 [ 119.675009][T12680] __queue_work+0xcf/0x1200 [ 119.679487][T12680] ? rxrpc_put_local+0x24a/0x3a0 [ 119.684396][T12680] ? trace_hardirqs_off+0x62/0x220 [ 119.689504][T12680] queue_work_on+0x192/0x200 [ 119.694087][T12680] ? rxrpc_release+0x46e/0x830 [ 119.698836][T12680] rxrpc_put_local+0x24a/0x3a0 [ 119.703575][T12680] rxrpc_release+0x46e/0x830 [ 119.708139][T12680] __sock_release+0xce/0x2a0 [ 119.712703][T12680] sock_close+0x1b/0x30 [ 119.716841][T12680] __fput+0x2ff/0x890 [ 119.720798][T12680] ? __sock_release+0x2a0/0x2a0 [ 119.725623][T12680] ____fput+0x16/0x20 [ 119.729580][T12680] task_work_run+0x145/0x1c0 [ 119.734146][T12680] exit_to_usermode_loop+0x273/0x2c0 [ 119.739405][T12680] do_fast_syscall_32+0xb51/0xd7d [ 119.744404][T12680] entry_SYSENTER_compat+0x70/0x7f [ 119.749484][T12680] RIP: 0023:0xf7fd6849 [ 119.753527][T12680] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 119.773133][T12680] RSP: 002b:000000000847fbcc EFLAGS: 00000216 ORIG_RAX: 0000000000000006 [ 119.781622][T12680] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000000000 [ 119.789576][T12680] RDX: 0000000000000005 RSI: 00000000081707e0 RDI: 00000000081707d8 [ 119.797522][T12680] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 119.805468][T12680] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 119.813435][T12680] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 119.822466][T12680] Kernel Offset: disabled [ 119.826816][T12680] Rebooting in 86400 seconds..