[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 65.499569][ T26] audit: type=1800 audit(1559721450.394:25): pid=8809 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 65.542510][ T26] audit: type=1800 audit(1559721450.404:26): pid=8809 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 65.582726][ T26] audit: type=1800 audit(1559721450.404:27): pid=8809 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts. 2019/06/05 08:10:18 parsed 1 programs 2019/06/05 08:10:20 executed programs: 0 syzkaller login: [ 836.070284][ T8991] IPVS: ftp: loaded support on port[0] = 21 [ 836.075525][ T8988] IPVS: ftp: loaded support on port[0] = 21 [ 836.087433][ T8985] IPVS: ftp: loaded support on port[0] = 21 [ 836.097001][ T8990] IPVS: ftp: loaded support on port[0] = 21 [ 836.098129][ T8993] IPVS: ftp: loaded support on port[0] = 21 [ 836.112033][ T8994] IPVS: ftp: loaded support on port[0] = 21 [ 836.258637][ T8991] chnl_net:caif_netlink_parms(): no params data found [ 836.321363][ T8993] chnl_net:caif_netlink_parms(): no params data found [ 836.417058][ T8991] bridge0: port 1(bridge_slave_0) entered blocking state [ 836.424986][ T8991] bridge0: port 1(bridge_slave_0) entered disabled state [ 836.433262][ T8991] device bridge_slave_0 entered promiscuous mode [ 836.441379][ T8985] chnl_net:caif_netlink_parms(): no params data found [ 836.457342][ T8993] bridge0: port 1(bridge_slave_0) entered blocking state [ 836.465428][ T8993] bridge0: port 1(bridge_slave_0) entered disabled state [ 836.473393][ T8993] device bridge_slave_0 entered promiscuous mode [ 836.483514][ T8988] chnl_net:caif_netlink_parms(): no params data found [ 836.507198][ T8991] bridge0: port 2(bridge_slave_1) entered blocking state [ 836.514445][ T8991] bridge0: port 2(bridge_slave_1) entered disabled state [ 836.522224][ T8991] device bridge_slave_1 entered promiscuous mode [ 836.554273][ T8993] bridge0: port 2(bridge_slave_1) entered blocking state [ 836.561464][ T8993] bridge0: port 2(bridge_slave_1) entered disabled state [ 836.570959][ T8993] device bridge_slave_1 entered promiscuous mode [ 836.610652][ T8991] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 836.620368][ T8991] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 836.629252][ T8994] chnl_net:caif_netlink_parms(): no params data found [ 836.674993][ T8990] chnl_net:caif_netlink_parms(): no params data found [ 836.684844][ T8993] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 836.695520][ T8993] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 836.714301][ T8991] team0: Port device team_slave_0 added [ 836.720315][ T8985] bridge0: port 1(bridge_slave_0) entered blocking state [ 836.728467][ T8985] bridge0: port 1(bridge_slave_0) entered disabled state [ 836.738736][ T8985] device bridge_slave_0 entered promiscuous mode [ 836.749866][ T8985] bridge0: port 2(bridge_slave_1) entered blocking state [ 836.757081][ T8985] bridge0: port 2(bridge_slave_1) entered disabled state [ 836.764856][ T8985] device bridge_slave_1 entered promiscuous mode [ 836.788211][ T8991] team0: Port device team_slave_1 added [ 836.794961][ T8994] bridge0: port 1(bridge_slave_0) entered blocking state [ 836.802271][ T8994] bridge0: port 1(bridge_slave_0) entered disabled state [ 836.809973][ T8994] device bridge_slave_0 entered promiscuous mode [ 836.820639][ T8994] bridge0: port 2(bridge_slave_1) entered blocking state [ 836.828083][ T8994] bridge0: port 2(bridge_slave_1) entered disabled state [ 836.835854][ T8994] device bridge_slave_1 entered promiscuous mode [ 836.856501][ T8988] bridge0: port 1(bridge_slave_0) entered blocking state [ 836.863668][ T8988] bridge0: port 1(bridge_slave_0) entered disabled state [ 836.871521][ T8988] device bridge_slave_0 entered promiscuous mode [ 836.879477][ T8988] bridge0: port 2(bridge_slave_1) entered blocking state [ 836.886615][ T8988] bridge0: port 2(bridge_slave_1) entered disabled state [ 836.894356][ T8988] device bridge_slave_1 entered promiscuous mode [ 836.910052][ T8985] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 836.919619][ T8993] team0: Port device team_slave_0 added [ 836.926715][ T8993] team0: Port device team_slave_1 added [ 836.937656][ T8994] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 836.950605][ T8994] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 836.960372][ T8985] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 836.994625][ T8988] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 837.007574][ T8988] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 837.064414][ T8991] device hsr_slave_0 entered promiscuous mode [ 837.132716][ T8991] device hsr_slave_1 entered promiscuous mode [ 837.254615][ T8993] device hsr_slave_0 entered promiscuous mode [ 837.292870][ T8993] device hsr_slave_1 entered promiscuous mode [ 837.352000][ T8985] team0: Port device team_slave_0 added [ 837.358051][ T8990] bridge0: port 1(bridge_slave_0) entered blocking state [ 837.366176][ T8990] bridge0: port 1(bridge_slave_0) entered disabled state [ 837.374583][ T8990] device bridge_slave_0 entered promiscuous mode [ 837.382632][ T8990] bridge0: port 2(bridge_slave_1) entered blocking state [ 837.389795][ T8990] bridge0: port 2(bridge_slave_1) entered disabled state [ 837.397884][ T8990] device bridge_slave_1 entered promiscuous mode [ 837.406023][ T8994] team0: Port device team_slave_0 added [ 837.425426][ T8988] team0: Port device team_slave_0 added [ 837.432308][ T8985] team0: Port device team_slave_1 added [ 837.445481][ T8994] team0: Port device team_slave_1 added [ 837.453832][ T8990] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 837.462943][ T8988] team0: Port device team_slave_1 added [ 837.469537][ T8990] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 837.544606][ T8994] device hsr_slave_0 entered promiscuous mode [ 837.583052][ T8994] device hsr_slave_1 entered promiscuous mode [ 837.674051][ T8985] device hsr_slave_0 entered promiscuous mode [ 837.732509][ T8985] device hsr_slave_1 entered promiscuous mode [ 837.810096][ T8990] team0: Port device team_slave_0 added [ 837.818260][ T8990] team0: Port device team_slave_1 added [ 837.885784][ T8988] device hsr_slave_0 entered promiscuous mode [ 837.922612][ T8988] device hsr_slave_1 entered promiscuous mode [ 838.054170][ T8990] device hsr_slave_0 entered promiscuous mode [ 838.082837][ T8990] device hsr_slave_1 entered promiscuous mode [ 838.187837][ T8993] 8021q: adding VLAN 0 to HW filter on device bond0 [ 838.229664][ T8991] 8021q: adding VLAN 0 to HW filter on device bond0 [ 838.257236][ T3489] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 838.266267][ T3489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 838.274587][ T3489] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 838.284118][ T3489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 838.310360][ T8991] 8021q: adding VLAN 0 to HW filter on device team0 [ 838.319415][ T8993] 8021q: adding VLAN 0 to HW filter on device team0 [ 838.356533][ T3489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 838.365922][ T3489] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 838.375089][ T3489] bridge0: port 1(bridge_slave_0) entered blocking state [ 838.382519][ T3489] bridge0: port 1(bridge_slave_0) entered forwarding state [ 838.390419][ T3489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 838.399385][ T3489] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 838.407783][ T3489] bridge0: port 1(bridge_slave_0) entered blocking state [ 838.414855][ T3489] bridge0: port 1(bridge_slave_0) entered forwarding state [ 838.450755][ T8985] 8021q: adding VLAN 0 to HW filter on device bond0 [ 838.460078][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 838.469466][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 838.479009][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 838.487647][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 838.496710][ T9002] bridge0: port 2(bridge_slave_1) entered blocking state [ 838.503835][ T9002] bridge0: port 2(bridge_slave_1) entered forwarding state [ 838.511658][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 838.521041][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 838.530022][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 838.538498][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 838.547118][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 838.556099][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 838.565226][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 838.573943][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 838.582428][ T9002] bridge0: port 2(bridge_slave_1) entered blocking state [ 838.589476][ T9002] bridge0: port 2(bridge_slave_1) entered forwarding state [ 838.597447][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 838.606999][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 838.648536][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 838.657269][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 838.666395][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 838.675931][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 838.684266][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 838.691815][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 838.700350][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 838.708811][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 838.717312][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 838.727171][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 838.735710][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 838.744522][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 838.760583][ T8988] 8021q: adding VLAN 0 to HW filter on device bond0 [ 838.771936][ T8990] 8021q: adding VLAN 0 to HW filter on device bond0 [ 838.784238][ T8991] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 838.802463][ T8985] 8021q: adding VLAN 0 to HW filter on device team0 [ 838.818135][ T8994] 8021q: adding VLAN 0 to HW filter on device bond0 [ 838.839220][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 838.848606][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 838.857521][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 838.866209][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 838.874840][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 838.882685][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 838.891266][ T8993] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 838.907923][ T8991] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 838.929244][ T8994] 8021q: adding VLAN 0 to HW filter on device team0 [ 838.938881][ T8988] 8021q: adding VLAN 0 to HW filter on device team0 [ 838.952547][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 838.961238][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 838.970471][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 838.977600][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 838.986077][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 838.994846][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 839.003314][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 839.010341][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 839.018028][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 839.027591][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 839.035332][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 839.043130][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 839.050709][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 839.059036][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 839.084100][ T8990] 8021q: adding VLAN 0 to HW filter on device team0 [ 839.093712][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 839.108276][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 839.117153][ T8996] bridge0: port 1(bridge_slave_0) entered blocking state [ 839.124265][ T8996] bridge0: port 1(bridge_slave_0) entered forwarding state [ 839.132023][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 839.140958][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 839.149366][ T8996] bridge0: port 1(bridge_slave_0) entered blocking state [ 839.156448][ T8996] bridge0: port 1(bridge_slave_0) entered forwarding state [ 839.164111][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 839.172883][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 839.181147][ T8996] bridge0: port 2(bridge_slave_1) entered blocking state [ 839.188246][ T8996] bridge0: port 2(bridge_slave_1) entered forwarding state [ 839.196419][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 839.224579][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 839.232910][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 839.241709][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 839.250503][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 839.259712][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 839.266812][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 839.274749][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 839.283691][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 839.292240][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 839.300589][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 839.311206][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 839.319647][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 839.326740][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 839.334636][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 839.343551][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 839.352389][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 839.360403][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 839.372732][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 839.381558][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 839.391260][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 839.400015][ T9002] bridge0: port 2(bridge_slave_1) entered blocking state [ 839.407109][ T9002] bridge0: port 2(bridge_slave_1) entered forwarding state [ 839.429643][ T8985] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 839.441233][ T8985] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 839.469255][ T8993] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 839.487326][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 839.502107][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 839.511485][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 839.520822][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 839.529828][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 839.538428][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 839.546852][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 839.555458][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 839.564217][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 839.572477][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 839.591216][ T8994] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 839.604562][ T8994] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 839.655470][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 839.675606][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 839.691987][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 839.701011][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 839.717297][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 839.726380][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 839.735620][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 839.744909][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 839.754013][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 839.762767][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 839.771555][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 839.780447][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 839.789513][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 839.798731][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 839.807464][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 839.816586][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 839.829426][ T8985] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 839.834316][ C0] hrtimer: interrupt took 25430 ns [ 839.849217][ T8994] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 839.869670][ T8990] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 839.890915][ T8990] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 839.918624][ T8988] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 839.929899][ T8988] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 839.951639][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 839.964607][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 839.976039][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 839.986091][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 839.995149][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 840.004141][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 840.012700][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 840.020937][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 840.029462][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 840.037965][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 840.046585][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 840.057393][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 840.065674][ T9002] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 840.079325][ T8988] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 840.197784][ T8990] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/06/05 08:10:25 executed programs: 15 2019/06/05 08:10:30 executed programs: 86 2019/06/05 08:10:36 executed programs: 165 2019/06/05 08:10:41 executed programs: 242 [ 857.799384][T10210] ================================================================== [ 857.807939][T10210] BUG: KASAN: use-after-free in tomoyo_realpath_from_path+0x722/0x7a0 [ 857.816111][T10210] Read of size 2 at addr ffff888091bcd4d0 by task syz-executor.4/10210 [ 857.824347][T10210] [ 857.826692][T10210] CPU: 0 PID: 10210 Comm: syz-executor.4 Not tainted 5.2.0-rc3+ #19 [ 857.834671][T10210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 857.834752][T10210] Call Trace: [ 857.834882][T10210] dump_stack+0x172/0x1f0 [ 857.852682][T10210] ? tomoyo_realpath_from_path+0x722/0x7a0 [ 857.858605][T10210] print_address_description.cold+0x7c/0x20d [ 857.865213][T10210] ? tomoyo_realpath_from_path+0x722/0x7a0 [ 857.871029][T10210] ? tomoyo_realpath_from_path+0x722/0x7a0 [ 857.876842][T10210] __kasan_report.cold+0x1b/0x40 [ 857.876863][T10210] ? tomoyo_realpath_from_path+0x722/0x7a0 [ 857.876879][T10210] kasan_report+0x12/0x20 [ 857.876899][T10210] __asan_report_load2_noabort+0x14/0x20 [ 857.897572][T10210] tomoyo_realpath_from_path+0x722/0x7a0 [ 857.903220][T10210] tomoyo_check_open_permission+0x2a8/0x3f0 [ 857.903292][T10210] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 857.903316][T10210] ? tomoyo_path_number_perm+0x520/0x520 [ 857.903328][T10210] ? smk_access_entry+0x1c0/0x1c0 [ 857.903372][T10210] ? retint_kernel+0x2b/0x2b [ 857.930794][T10210] tomoyo_file_open+0xa9/0xd0 [ 857.935492][T10210] security_file_open+0x71/0x300 [ 857.940455][T10210] do_dentry_open+0x373/0x1250 [ 857.945244][T10210] ? chown_common+0x5c0/0x5c0 [ 857.949940][T10210] vfs_open+0xa0/0xd0 [ 857.953945][T10210] path_openat+0x10e9/0x46d0 [ 857.958547][T10210] ? retint_kernel+0x2b/0x2b [ 857.963193][T10210] ? trace_hardirqs_on_caller+0x6a/0x220 [ 857.968861][T10210] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 857.974285][T10210] ? mark_held_locks+0xa4/0xf0 [ 857.979105][T10210] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 857.984582][T10210] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 857.990053][T10210] ? lockdep_hardirqs_on+0x418/0x5d0 [ 857.995352][T10210] ? __alloc_fd+0x44d/0x560 [ 857.999866][T10210] do_filp_open+0x1a1/0x280 [ 858.004384][T10210] ? may_open_dev+0x100/0x100 [ 858.009078][T10210] ? do_raw_spin_unlock+0x57/0x270 [ 858.014204][T10210] ? _raw_spin_unlock+0x2d/0x50 [ 858.019084][T10210] do_sys_open+0x3fe/0x5d0 [ 858.023516][T10210] ? filp_open+0x80/0x80 [ 858.027777][T10210] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 858.033243][T10210] ? do_syscall_64+0x26/0x680 [ 858.037930][T10210] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 858.044007][T10210] ? do_syscall_64+0x26/0x680 [ 858.048700][T10210] __x64_sys_open+0x7e/0xc0 [ 858.053214][T10210] do_syscall_64+0xfd/0x680 [ 858.057732][T10210] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 858.063665][T10210] RIP: 0033:0x413161 [ 858.063683][T10210] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 858.063691][T10210] RSP: 002b:00007f84687abbb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 858.095599][T10210] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000413161 [ 858.103570][T10210] RDX: fffffffffffffffa RSI: 0000000000000000 RDI: 00007f84687abbd0 [ 858.103579][T10210] RBP: 000000000075bfc0 R08: 0000000000000050 R09: 000000000000000f [ 858.103586][T10210] R10: 0000000000000004 R11: 0000000000000293 R12: 00007f84687ac6d4 [ 858.103594][T10210] R13: 00000000004c83f6 R14: 00000000004dea40 R15: 00000000ffffffff [ 858.103614][T10210] [ 858.103662][T10210] Allocated by task 10203: [ 858.103686][T10210] save_stack+0x23/0x90 [ 858.146418][T10210] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 858.152055][T10210] kasan_kmalloc+0x9/0x10 [ 858.156389][T10210] __kmalloc+0x15c/0x740 [ 858.160714][T10210] sk_prot_alloc+0x19c/0x2e0 [ 858.160734][T10210] sk_alloc+0x39/0xf70 [ 858.169444][T10210] mISDN_sock_create+0xb4/0x3a0 [ 858.174316][T10210] __sock_create+0x3d8/0x730 [ 858.178921][T10210] __sys_socket+0x103/0x220 [ 858.183432][T10210] __x64_sys_socket+0x73/0xb0 [ 858.188121][T10210] do_syscall_64+0xfd/0x680 [ 858.192635][T10210] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 858.198532][T10210] [ 858.200868][T10210] Freed by task 10202: [ 858.204943][T10210] save_stack+0x23/0x90 [ 858.209134][T10210] __kasan_slab_free+0x102/0x150 [ 858.214085][T10210] kasan_slab_free+0xe/0x10 [ 858.218595][T10210] kfree+0xcf/0x220 [ 858.218611][T10210] __sk_destruct+0x4f7/0x6e0 [ 858.218625][T10210] sk_destruct+0x7b/0x90 [ 858.218637][T10210] __sk_free+0xce/0x300 [ 858.218655][T10210] sk_free+0x42/0x50 [ 858.239309][T10210] base_sock_release+0x269/0x279 [ 858.244256][T10210] __sock_release+0xce/0x2a0 [ 858.248857][T10210] sock_close+0x1b/0x30 [ 858.253012][T10210] __fput+0x2ff/0x890 [ 858.253023][T10210] ____fput+0x16/0x20 [ 858.253044][T10210] task_work_run+0x145/0x1c0 [ 858.253059][T10210] exit_to_usermode_loop+0x273/0x2c0 [ 858.253077][T10210] do_syscall_64+0x58e/0x680 [ 858.275555][T10210] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 858.281452][T10210] [ 858.283788][T10210] The buggy address belongs to the object at ffff888091bcd4c0 [ 858.283788][T10210] which belongs to the cache kmalloc-2k of size 2048 [ 858.297852][T10210] The buggy address is located 16 bytes inside of [ 858.297852][T10210] 2048-byte region [ffff888091bcd4c0, ffff888091bcdcc0) [ 858.311118][T10210] The buggy address belongs to the page: [ 858.311148][T10210] page:ffffea000246f300 refcount:1 mapcount:0 mapping:ffff8880aa400c40 index:0x0 compound_mapcount: 0 [ 858.327695][T10210] flags: 0x1fffc0000010200(slab|head) [ 858.327715][T10210] raw: 01fffc0000010200 ffffea00024d6c88 ffffea000248d288 ffff8880aa400c40 [ 858.327730][T10210] raw: 0000000000000000 ffff888091bcc3c0 0000000100000003 0000000000000000 [ 858.327736][T10210] page dumped because: kasan: bad access detected [ 858.327739][T10210] [ 858.327744][T10210] Memory state around the buggy address: [ 858.327754][T10210] ffff888091bcd380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 858.327771][T10210] ffff888091bcd400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 858.380805][T10210] >ffff888091bcd480: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 858.388869][T10210] ^ [ 858.395556][T10210] ffff888091bcd500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 858.403624][T10210] ffff888091bcd580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 858.403630][T10210] ================================================================== [ 858.403635][T10210] Disabling lock debugging due to kernel taint [ 858.586563][T10210] Kernel panic - not syncing: panic_on_warn set ... [ 858.593195][T10210] CPU: 0 PID: 10210 Comm: syz-executor.4 Tainted: G B 5.2.0-rc3+ #19 [ 858.602642][T10210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 858.612696][T10210] Call Trace: [ 858.615994][T10210] dump_stack+0x172/0x1f0 [ 858.620385][T10210] panic+0x2cb/0x744 [ 858.624292][T10210] ? __warn_printk+0xf3/0xf3 [ 858.628899][T10210] ? tomoyo_realpath_from_path+0x722/0x7a0 [ 858.634731][T10210] ? preempt_schedule+0x4b/0x60 [ 858.639590][T10210] ? ___preempt_schedule+0x16/0x18 [ 858.644710][T10210] ? trace_hardirqs_on+0x5e/0x220 [ 858.649744][T10210] ? tomoyo_realpath_from_path+0x722/0x7a0 [ 858.655553][T10210] end_report+0x47/0x4f [ 858.659711][T10210] ? tomoyo_realpath_from_path+0x722/0x7a0 [ 858.665653][T10210] __kasan_report.cold+0xe/0x40 [ 858.670485][T10210] ? tomoyo_realpath_from_path+0x722/0x7a0 [ 858.676270][T10210] kasan_report+0x12/0x20 [ 858.680582][T10210] __asan_report_load2_noabort+0x14/0x20 [ 858.686201][T10210] tomoyo_realpath_from_path+0x722/0x7a0 [ 858.691814][T10210] tomoyo_check_open_permission+0x2a8/0x3f0 [ 858.697690][T10210] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 858.703960][T10210] ? tomoyo_path_number_perm+0x520/0x520 [ 858.709595][T10210] ? smk_access_entry+0x1c0/0x1c0 [ 858.714612][T10210] ? retint_kernel+0x2b/0x2b [ 858.719182][T10210] tomoyo_file_open+0xa9/0xd0 [ 858.723837][T10210] security_file_open+0x71/0x300 [ 858.728838][T10210] do_dentry_open+0x373/0x1250 [ 858.733581][T10210] ? chown_common+0x5c0/0x5c0 [ 858.738236][T10210] vfs_open+0xa0/0xd0 [ 858.742206][T10210] path_openat+0x10e9/0x46d0 [ 858.746773][T10210] ? retint_kernel+0x2b/0x2b [ 858.751341][T10210] ? trace_hardirqs_on_caller+0x6a/0x220 [ 858.756960][T10210] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 858.762318][T10210] ? mark_held_locks+0xa4/0xf0 [ 858.767076][T10210] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 858.772523][T10210] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 858.777960][T10210] ? lockdep_hardirqs_on+0x418/0x5d0 [ 858.783221][T10210] ? __alloc_fd+0x44d/0x560 [ 858.787702][T10210] do_filp_open+0x1a1/0x280 [ 858.792199][T10210] ? may_open_dev+0x100/0x100 [ 858.796857][T10210] ? do_raw_spin_unlock+0x57/0x270 [ 858.801946][T10210] ? _raw_spin_unlock+0x2d/0x50 [ 858.806778][T10210] do_sys_open+0x3fe/0x5d0 [ 858.811174][T10210] ? filp_open+0x80/0x80 [ 858.815397][T10210] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 858.820830][T10210] ? do_syscall_64+0x26/0x680 [ 858.825483][T10210] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 858.831528][T10210] ? do_syscall_64+0x26/0x680 [ 858.836185][T10210] __x64_sys_open+0x7e/0xc0 [ 858.840668][T10210] do_syscall_64+0xfd/0x680 [ 858.845157][T10210] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 858.851021][T10210] RIP: 0033:0x413161 [ 858.854903][T10210] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 858.874493][T10210] RSP: 002b:00007f84687abbb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 858.882894][T10210] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000413161 [ 858.890858][T10210] RDX: fffffffffffffffa RSI: 0000000000000000 RDI: 00007f84687abbd0 [ 858.898820][T10210] RBP: 000000000075bfc0 R08: 0000000000000050 R09: 000000000000000f [ 858.906781][T10210] R10: 0000000000000004 R11: 0000000000000293 R12: 00007f84687ac6d4 [ 858.914779][T10210] R13: 00000000004c83f6 R14: 00000000004dea40 R15: 00000000ffffffff [ 858.924030][T10210] Kernel Offset: disabled [ 858.935931][T10210] Rebooting in 86400 seconds..