[ 36.726579] audit: type=1800 audit(1550206715.425:26): pid=7470 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 36.765866] audit: type=1800 audit(1550206715.425:27): pid=7470 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 36.786244] audit: type=1800 audit(1550206715.425:28): pid=7470 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.470594] audit: type=1800 audit(1550206716.205:29): pid=7470 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.84' (ECDSA) to the list of known hosts. 2019/02/15 04:58:48 parsed 1 programs 2019/02/15 04:58:51 executed programs: 0 syzkaller login: [ 52.629558] IPVS: ftp: loaded support on port[0] = 21 [ 52.646469] IPVS: ftp: loaded support on port[0] = 21 [ 52.663235] IPVS: ftp: loaded support on port[0] = 21 [ 52.665789] IPVS: ftp: loaded support on port[0] = 21 [ 52.720571] IPVS: ftp: loaded support on port[0] = 21 [ 52.722266] IPVS: ftp: loaded support on port[0] = 21 [ 52.886126] chnl_net:caif_netlink_parms(): no params data found [ 52.983009] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.989944] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.996831] device bridge_slave_0 entered promiscuous mode [ 53.003888] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.010338] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.017615] device bridge_slave_1 entered promiscuous mode [ 53.104104] chnl_net:caif_netlink_parms(): no params data found [ 53.114117] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.125179] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.155819] chnl_net:caif_netlink_parms(): no params data found [ 53.166955] chnl_net:caif_netlink_parms(): no params data found [ 53.241811] team0: Port device team_slave_0 added [ 53.252165] team0: Port device team_slave_1 added [ 53.261853] chnl_net:caif_netlink_parms(): no params data found [ 53.282326] chnl_net:caif_netlink_parms(): no params data found [ 53.419962] device hsr_slave_0 entered promiscuous mode [ 53.477268] device hsr_slave_1 entered promiscuous mode [ 53.523894] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.530665] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.538168] device bridge_slave_0 entered promiscuous mode [ 53.563523] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.570337] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.578402] device bridge_slave_0 entered promiscuous mode [ 53.584713] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.591242] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.600845] device bridge_slave_0 entered promiscuous mode [ 53.607955] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.614290] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.621744] device bridge_slave_1 entered promiscuous mode [ 53.628018] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.634362] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.641798] device bridge_slave_1 entered promiscuous mode [ 53.670792] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.677551] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.684416] device bridge_slave_1 entered promiscuous mode [ 53.710610] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.719866] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.726778] device bridge_slave_0 entered promiscuous mode [ 53.734803] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.762084] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.769726] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.776764] device bridge_slave_0 entered promiscuous mode [ 53.783301] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.790034] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.797640] device bridge_slave_1 entered promiscuous mode [ 53.811670] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.822870] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.831936] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.842975] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.849576] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.856390] device bridge_slave_1 entered promiscuous mode [ 53.881091] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.889906] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.904168] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.910630] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.917475] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.923815] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.940445] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.955031] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.983672] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.992971] team0: Port device team_slave_0 added [ 53.998825] team0: Port device team_slave_0 added [ 54.013843] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.020695] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.034180] team0: Port device team_slave_0 added [ 54.041304] team0: Port device team_slave_1 added [ 54.049084] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.057657] team0: Port device team_slave_1 added [ 54.063499] team0: Port device team_slave_1 added [ 54.074627] team0: Port device team_slave_0 added [ 54.106353] team0: Port device team_slave_1 added [ 54.119509] team0: Port device team_slave_0 added [ 54.125624] team0: Port device team_slave_1 added [ 54.180055] device hsr_slave_0 entered promiscuous mode [ 54.217131] device hsr_slave_1 entered promiscuous mode [ 54.319906] device hsr_slave_0 entered promiscuous mode [ 54.358028] device hsr_slave_1 entered promiscuous mode [ 54.479904] device hsr_slave_0 entered promiscuous mode [ 54.517339] device hsr_slave_1 entered promiscuous mode [ 54.629983] device hsr_slave_0 entered promiscuous mode [ 54.677382] device hsr_slave_1 entered promiscuous mode [ 54.770064] device hsr_slave_0 entered promiscuous mode [ 54.807389] device hsr_slave_1 entered promiscuous mode [ 54.855228] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.894391] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.909768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 54.917450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 54.924354] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.932381] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.940512] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.946931] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.018839] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.026577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.035155] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.041552] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.048689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.056293] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.064152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.071877] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.084353] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.094277] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.115299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.143165] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.150371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.158555] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.166117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.173872] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.181574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.189266] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.206002] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.223355] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.230215] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.237495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.247612] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.256397] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.281150] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.289977] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.298826] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.306511] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.315002] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.321397] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.328313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.335952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.343949] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.350322] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.357492] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.365585] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.392273] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.402096] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.409967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.417106] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.424239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.432184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.440473] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.448345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.455885] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.463704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.473061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.480216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.487148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.494306] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.504385] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.524999] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.540681] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.555794] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.573021] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 55.580849] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.589268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.597288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.604759] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.611119] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.618101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 55.625480] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.632986] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.640784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.648418] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.654739] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.661772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.669521] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.677244] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.683602] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.690472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.698472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.705946] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.712303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.719692] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.726591] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.733888] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.751721] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.808153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 55.815089] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.822910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 55.831083] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.838968] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.845289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.852298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 55.860003] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.867726] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.874100] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.880926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.888576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.896161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.904140] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.911878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.919888] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.927626] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.935230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.943083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.950913] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.958824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.966520] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.974932] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 55.982262] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.989589] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.005646] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 56.016421] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.031216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.039436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.046840] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.054629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.062665] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.070067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.077945] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.085300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.116502] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 56.128547] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.140104] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 56.148884] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.156621] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.163011] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.170628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 56.178430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.185907] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.192290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.199148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 56.206764] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.214613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 56.222359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.230289] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.237890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.245534] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.253214] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.260844] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.268631] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.276049] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.283739] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.290856] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.298218] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.314799] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 56.325101] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.351984] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 56.362767] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.373342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 56.381652] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.389952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 56.397927] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.405355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 56.413050] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.420930] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.429189] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.436525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 56.444321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.451898] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.459329] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 56.472821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.494952] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.511756] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.528949] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.571969] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/02/15 04:58:57 executed programs: 6 [ 62.610455] ================================================================== [ 62.617981] BUG: KASAN: use-after-free in refcount_inc_not_zero_checked+0x7b/0x200 [ 62.625671] Read of size 4 at addr ffff8880a69576c0 by task syz-executor.0/7681 [ 62.633102] [ 62.634738] CPU: 0 PID: 7681 Comm: syz-executor.0 Not tainted 5.0.0-rc5+ #77 [ 62.641937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.651308] Call Trace: [ 62.651333] dump_stack+0x172/0x1f0 [ 62.651351] ? refcount_inc_not_zero_checked+0x7b/0x200 [ 62.651371] print_address_description.cold+0x7c/0x20d [ 62.651386] ? refcount_inc_not_zero_checked+0x7b/0x200 [ 62.651401] ? refcount_inc_not_zero_checked+0x7b/0x200 [ 62.651427] kasan_report.cold+0x1b/0x40 [ 62.651452] ? trace_hardirqs_off_caller+0x200/0x220 [ 62.651467] ? refcount_inc_not_zero_checked+0x7b/0x200 [ 62.651486] check_memory_region+0x123/0x190 [ 62.651501] kasan_check_read+0x11/0x20 [ 62.698111] refcount_inc_not_zero_checked+0x7b/0x200 [ 62.707263] ? refcount_add_not_zero_checked+0x240/0x240 [ 62.707282] ? lock_acquire+0x16f/0x3f0 [ 62.707301] refcount_inc_checked+0x17/0x70 [ 62.707316] nr_release+0x62/0x3c0 [ 62.707334] __sock_release+0xd3/0x250 [ 62.707350] ? __sock_release+0x250/0x250 [ 62.707363] sock_close+0x1b/0x30 [ 62.707379] __fput+0x2df/0x8d0 [ 62.707400] ____fput+0x16/0x20 [ 62.707427] task_work_run+0x14a/0x1c0 [ 62.746562] do_exit+0x92c/0x2fd0 [ 62.750022] ? find_held_lock+0x35/0x130 [ 62.754094] ? get_signal+0x7fd/0x1750 [ 62.758001] ? mm_update_next_owner+0x660/0x660 [ 62.762678] ? recalc_sigpending+0x31/0xe0 [ 62.766933] ? _raw_spin_unlock_irq+0x28/0x90 [ 62.771446] ? get_signal+0x7fd/0x1750 [ 62.775345] ? _raw_spin_unlock_irq+0x28/0x90 [ 62.779855] do_group_exit+0x135/0x370 [ 62.783751] get_signal+0x766/0x1750 [ 62.787494] do_signal+0x87/0x1940 [ 62.791038] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 62.796575] ? __sys_accept4+0x48a/0x6a0 [ 62.800651] ? setup_sigcontext+0x7d0/0x7d0 [ 62.804971] ? put_timespec64+0xda/0x140 [ 62.809038] ? nsecs_to_jiffies+0x30/0x30 [ 62.813187] ? do_syscall_64+0x52d/0x610 [ 62.817250] ? exit_to_usermode_loop+0x43/0x2c0 [ 62.821947] ? lockdep_hardirqs_on+0x415/0x5d0 [ 62.826513] ? trace_hardirqs_on+0x67/0x230 [ 62.830837] exit_to_usermode_loop+0x244/0x2c0 [ 62.835443] do_syscall_64+0x52d/0x610 [ 62.839351] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.844539] RIP: 0033:0x457e29 [ 62.847732] Code: Bad RIP value. [ 62.851110] RSP: 002b:00007ffd2adf0178 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 62.858810] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 0000000000457e29 [ 62.866068] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 62.873318] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 62.880579] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000010b1914 [ 62.887868] R13: 00000000004bdbf0 R14: 00000000004cde80 R15: 00000000ffffffff [ 62.895134] [ 62.896772] Allocated by task 7681: [ 62.900433] save_stack+0x45/0xd0 [ 62.903906] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 62.908826] kasan_kmalloc+0x9/0x10 [ 62.912450] __kmalloc+0x15c/0x740 [ 62.915981] sk_prot_alloc+0x19c/0x2e0 [ 62.919867] sk_alloc+0x39/0xf70 [ 62.923234] nr_create+0xb9/0x5e0 [ 62.926682] __sock_create+0x3e6/0x750 [ 62.930553] __sys_socket+0x103/0x220 [ 62.934346] __x64_sys_socket+0x73/0xb0 [ 62.938341] do_syscall_64+0x103/0x610 [ 62.942257] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.947457] [ 62.949112] Freed by task 7681: [ 62.952384] save_stack+0x45/0xd0 [ 62.955818] __kasan_slab_free+0x102/0x150 [ 62.960048] kasan_slab_free+0xe/0x10 [ 62.963838] kfree+0xcf/0x230 [ 62.966937] __sk_destruct+0x4f1/0x6d0 [ 62.970832] sk_destruct+0x7b/0x90 [ 62.974379] __sk_free+0xce/0x300 [ 62.977826] sk_free+0x42/0x50 [ 62.981014] nr_release+0x337/0x3c0 [ 62.984654] __sock_release+0xd3/0x250 [ 62.988539] sock_close+0x1b/0x30 [ 62.991985] __fput+0x2df/0x8d0 [ 62.995247] ____fput+0x16/0x20 [ 62.998518] task_work_run+0x14a/0x1c0 [ 63.002407] do_exit+0x92c/0x2fd0 [ 63.005887] do_group_exit+0x135/0x370 [ 63.009789] get_signal+0x766/0x1750 [ 63.013502] do_signal+0x87/0x1940 [ 63.017071] exit_to_usermode_loop+0x244/0x2c0 [ 63.021687] do_syscall_64+0x52d/0x610 [ 63.025572] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.030747] [ 63.032376] The buggy address belongs to the object at ffff8880a6957640 [ 63.032376] which belongs to the cache kmalloc-2k of size 2048 [ 63.045047] The buggy address is located 128 bytes inside of [ 63.045047] 2048-byte region [ffff8880a6957640, ffff8880a6957e40) [ 63.045052] The buggy address belongs to the page: [ 63.045065] page:ffffea00029a5580 count:1 mapcount:0 mapping:ffff88812c3f0c40 index:0x0 compound_mapcount: 0 [ 63.045080] flags: 0x1fffc0000010200(slab|head) [ 63.045098] raw: 01fffc0000010200 ffffea00022fcc88 ffffea0002187688 ffff88812c3f0c40 [ 63.045114] raw: 0000000000000000 ffff8880a6956540 0000000100000003 0000000000000000 [ 63.045120] page dumped because: kasan: bad access detected [ 63.045124] [ 63.045128] Memory state around the buggy address: [ 63.045139] ffff8880a6957580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 63.045150] ffff8880a6957600: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 63.119278] >ffff8880a6957680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.126629] ^ [ 63.132083] ffff8880a6957700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.139459] ffff8880a6957780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.146822] ================================================================== [ 63.154181] Disabling lock debugging due to kernel taint [ 63.160279] Kernel panic - not syncing: panic_on_warn set ... [ 63.166180] CPU: 0 PID: 7681 Comm: syz-executor.0 Tainted: G B 5.0.0-rc5+ #77 [ 63.174746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.184106] Call Trace: [ 63.186680] dump_stack+0x172/0x1f0 [ 63.190307] panic+0x2cb/0x65c [ 63.193502] ? __warn_printk+0xf3/0xf3 [ 63.197385] ? refcount_inc_not_zero_checked+0x7b/0x200 [ 63.202761] ? preempt_schedule+0x4b/0x60 [ 63.206925] ? ___preempt_schedule+0x16/0x18 [ 63.211330] ? trace_hardirqs_on+0x5e/0x230 [ 63.215648] ? refcount_inc_not_zero_checked+0x7b/0x200 [ 63.220991] end_report+0x47/0x4f [ 63.224436] ? refcount_inc_not_zero_checked+0x7b/0x200 [ 63.229786] kasan_report.cold+0xe/0x40 [ 63.233744] ? trace_hardirqs_off_caller+0x200/0x220 [ 63.238863] ? refcount_inc_not_zero_checked+0x7b/0x200 [ 63.244219] check_memory_region+0x123/0x190 [ 63.248625] kasan_check_read+0x11/0x20 [ 63.252580] refcount_inc_not_zero_checked+0x7b/0x200 [ 63.257758] ? refcount_add_not_zero_checked+0x240/0x240 [ 63.263195] ? lock_acquire+0x16f/0x3f0 [ 63.267161] refcount_inc_checked+0x17/0x70 [ 63.271465] nr_release+0x62/0x3c0 [ 63.274986] __sock_release+0xd3/0x250 [ 63.278865] ? __sock_release+0x250/0x250 [ 63.283006] sock_close+0x1b/0x30 [ 63.286457] __fput+0x2df/0x8d0 [ 63.289735] ____fput+0x16/0x20 [ 63.292994] task_work_run+0x14a/0x1c0 [ 63.296860] do_exit+0x92c/0x2fd0 [ 63.300295] ? find_held_lock+0x35/0x130 [ 63.304357] ? get_signal+0x7fd/0x1750 [ 63.308242] ? mm_update_next_owner+0x660/0x660 [ 63.312934] ? recalc_sigpending+0x31/0xe0 [ 63.317157] ? _raw_spin_unlock_irq+0x28/0x90 [ 63.321641] ? get_signal+0x7fd/0x1750 [ 63.325519] ? _raw_spin_unlock_irq+0x28/0x90 [ 63.329996] do_group_exit+0x135/0x370 [ 63.333865] get_signal+0x766/0x1750 [ 63.337585] do_signal+0x87/0x1940 [ 63.341116] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 63.346633] ? __sys_accept4+0x48a/0x6a0 [ 63.350682] ? setup_sigcontext+0x7d0/0x7d0 [ 63.354982] ? put_timespec64+0xda/0x140 [ 63.359029] ? nsecs_to_jiffies+0x30/0x30 [ 63.363176] ? do_syscall_64+0x52d/0x610 [ 63.367404] ? exit_to_usermode_loop+0x43/0x2c0 [ 63.372077] ? lockdep_hardirqs_on+0x415/0x5d0 [ 63.376640] ? trace_hardirqs_on+0x67/0x230 [ 63.380948] exit_to_usermode_loop+0x244/0x2c0 [ 63.385528] do_syscall_64+0x52d/0x610 [ 63.389396] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 63.394569] RIP: 0033:0x457e29 [ 63.397760] Code: 48 83 e3 1f 48 c7 c1 20 00 00 00 48 29 d9 41 ba ff ff ff ff 49 d3 fa 49 d3 e2 4c 21 d2 f3 0f b8 d2 49 01 d4 4d 89 20 c3 c5 f8 <77> 4d 89 20 c3 cc cc 31 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc [ 63.416674] RSP: 002b:00007ffd2adf0178 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 63.424361] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 0000000000457e29 [ 63.431608] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 63.438861] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 63.446114] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000010b1914 [ 63.453358] R13: 00000000004bdbf0 R14: 00000000004cde80 R15: 00000000ffffffff [ 63.461481] Kernel Offset: disabled [ 63.465102] Rebooting in 86400 seconds..