Warning: Permanently added '10.128.15.208' (ECDSA) to the list of known hosts. 2019/03/16 14:22:15 parsed 1 programs 2019/03/16 14:22:17 executed programs: 0 syzkaller login: [ 180.488632][ T7616] IPVS: ftp: loaded support on port[0] = 21 [ 180.493947][ T7620] IPVS: ftp: loaded support on port[0] = 21 [ 180.501338][ T7622] IPVS: ftp: loaded support on port[0] = 21 [ 180.511060][ T7623] IPVS: ftp: loaded support on port[0] = 21 [ 180.514473][ T7618] IPVS: ftp: loaded support on port[0] = 21 [ 180.533614][ T7614] IPVS: ftp: loaded support on port[0] = 21 [ 180.730165][ T7623] chnl_net:caif_netlink_parms(): no params data found [ 180.830864][ T7620] chnl_net:caif_netlink_parms(): no params data found [ 180.880597][ T7618] chnl_net:caif_netlink_parms(): no params data found [ 180.889003][ T7622] chnl_net:caif_netlink_parms(): no params data found [ 180.940426][ T7623] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.948779][ T7623] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.957107][ T7623] device bridge_slave_0 entered promiscuous mode [ 180.967804][ T7623] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.974985][ T7623] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.982838][ T7623] device bridge_slave_1 entered promiscuous mode [ 181.028251][ T7614] chnl_net:caif_netlink_parms(): no params data found [ 181.038938][ T7623] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.048800][ T7623] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.072371][ T7622] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.079563][ T7622] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.087637][ T7622] device bridge_slave_0 entered promiscuous mode [ 181.098740][ T7622] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.105905][ T7622] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.113533][ T7622] device bridge_slave_1 entered promiscuous mode [ 181.151808][ T7623] team0: Port device team_slave_0 added [ 181.168370][ T7620] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.176209][ T7620] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.184583][ T7620] device bridge_slave_0 entered promiscuous mode [ 181.196207][ T7616] chnl_net:caif_netlink_parms(): no params data found [ 181.207208][ T7623] team0: Port device team_slave_1 added [ 181.213546][ T7618] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.220688][ T7618] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.231227][ T7618] device bridge_slave_0 entered promiscuous mode [ 181.242292][ T7620] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.250164][ T7620] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.258290][ T7620] device bridge_slave_1 entered promiscuous mode [ 181.290641][ T7620] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.300289][ T7618] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.307597][ T7618] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.315833][ T7618] device bridge_slave_1 entered promiscuous mode [ 181.324298][ T7622] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.337669][ T7614] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.346022][ T7614] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.354669][ T7614] device bridge_slave_0 entered promiscuous mode [ 181.364845][ T7614] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.371908][ T7614] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.382561][ T7614] device bridge_slave_1 entered promiscuous mode [ 181.426472][ T7623] device hsr_slave_0 entered promiscuous mode [ 181.483145][ T7623] device hsr_slave_1 entered promiscuous mode [ 181.524715][ T7620] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.543881][ T7622] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.585363][ T7618] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.600534][ T7616] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.608265][ T7616] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.616848][ T7616] device bridge_slave_0 entered promiscuous mode [ 181.626391][ T7616] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.633533][ T7616] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.641269][ T7616] device bridge_slave_1 entered promiscuous mode [ 181.657057][ T7620] team0: Port device team_slave_0 added [ 181.664771][ T7620] team0: Port device team_slave_1 added [ 181.675509][ T7618] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.693002][ T7623] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.700157][ T7623] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.708050][ T7623] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.715146][ T7623] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.731473][ T7616] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.742284][ T7614] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 181.752172][ T7622] team0: Port device team_slave_0 added [ 181.762308][ T7618] team0: Port device team_slave_0 added [ 181.769824][ T7618] team0: Port device team_slave_1 added [ 181.777582][ T7616] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.799782][ T2995] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.807895][ T2995] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.822567][ T7614] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 181.832176][ T7622] team0: Port device team_slave_1 added [ 181.875903][ T7618] device hsr_slave_0 entered promiscuous mode [ 181.943112][ T7618] device hsr_slave_1 entered promiscuous mode [ 182.010739][ T7616] team0: Port device team_slave_0 added [ 182.066148][ T7620] device hsr_slave_0 entered promiscuous mode [ 182.103260][ T7620] device hsr_slave_1 entered promiscuous mode [ 182.214527][ T7622] device hsr_slave_0 entered promiscuous mode [ 182.263250][ T7622] device hsr_slave_1 entered promiscuous mode [ 182.329067][ T7614] team0: Port device team_slave_0 added [ 182.335900][ T7616] team0: Port device team_slave_1 added [ 182.359049][ T7614] team0: Port device team_slave_1 added [ 182.465601][ T7616] device hsr_slave_0 entered promiscuous mode [ 182.503484][ T7616] device hsr_slave_1 entered promiscuous mode [ 182.576393][ T7623] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.624830][ T7614] device hsr_slave_0 entered promiscuous mode [ 182.663223][ T7614] device hsr_slave_1 entered promiscuous mode [ 182.754521][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 182.764010][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 182.773898][ T7623] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.814862][ T7620] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.821953][ T3479] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 182.832251][ T3479] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 182.842096][ T3479] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.849216][ T3479] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.862465][ T7622] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.871762][ T7618] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.898758][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 182.908498][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 182.917699][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.925110][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.935136][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 182.950771][ T7620] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.971025][ T7622] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.990485][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.000206][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.008705][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.018245][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.027189][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.036016][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.044669][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.053580][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.060632][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.069134][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.078524][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.087670][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.096261][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.105160][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.112236][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.120136][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.128661][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.137839][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.144929][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.152863][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.161382][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.170009][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.177119][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.185161][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.208948][ T7623] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 183.219835][ T7623] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 183.238301][ T7614] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.247719][ T7616] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.260568][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 183.268913][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.279089][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.287199][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.296001][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.305049][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 183.314240][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 183.323618][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 183.332003][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 183.340402][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.349930][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 183.371722][ T7618] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.383508][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.392219][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.401316][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.410460][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.419335][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.428980][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 183.437513][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 183.447819][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.455739][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.466566][ T7622] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 183.478786][ T7622] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 183.503321][ T7616] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.519328][ T7614] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.526692][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 183.537469][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 183.546344][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 183.554969][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.564117][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.572523][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.581013][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.589564][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.598086][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.605689][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.613587][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.622105][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.630588][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.637668][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.645413][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.653275][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.661735][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 183.669913][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.690600][ T7623] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.700568][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 183.709262][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 183.717880][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.726974][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.736003][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.743113][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.750815][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.759784][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.768890][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.778505][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.786167][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.793852][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.802324][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.810726][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.818128][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.826689][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.850536][ T7620] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 183.868601][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.879436][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.890686][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.897882][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.911224][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.921247][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.930148][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.937289][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.945216][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.954017][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.962625][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.971232][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 183.979499][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 183.988005][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.996656][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.005227][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.013180][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 184.030762][ T7622] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.077815][ T7618] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 184.099048][ T7618] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 184.126315][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 184.140829][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.150455][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.163627][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.173500][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.181867][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.190556][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.199174][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 184.207984][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 184.216601][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 184.224890][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 184.233795][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 184.243046][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 184.250812][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 184.263322][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 184.272154][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 184.280767][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 184.289193][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 184.312364][ T7616] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 184.351178][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.370522][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.380353][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.396299][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.409794][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 184.420197][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 184.434961][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 184.447495][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 184.458068][ T7632] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 184.492493][ T7616] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.501985][ T7614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 184.527947][ T7618] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.538645][ T7620] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.570236][ T7614] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.014074][ T7636] ================================================================== [ 185.022414][ T7636] BUG: KASAN: use-after-free in refcount_inc_not_zero_checked+0x81/0x200 [ 185.030819][ T7636] Read of size 4 at addr ffff8880a614c280 by task syz-executor.3/7636 [ 185.039065][ T7636] [ 185.041387][ T7636] CPU: 1 PID: 7636 Comm: syz-executor.3 Not tainted 5.0.0+ #25 [ 185.049001][ T7636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.059052][ T7636] Call Trace: [ 185.062343][ T7636] dump_stack+0x172/0x1f0 [ 185.066663][ T7636] ? refcount_inc_not_zero_checked+0x81/0x200 [ 185.072722][ T7636] print_address_description.cold+0x7c/0x20d [ 185.078709][ T7636] ? refcount_inc_not_zero_checked+0x81/0x200 [ 185.084801][ T7636] ? refcount_inc_not_zero_checked+0x81/0x200 [ 185.090869][ T7636] kasan_report.cold+0x1b/0x40 [ 185.095641][ T7636] ? refcount_inc_not_zero_checked+0x81/0x200 [ 185.101702][ T7636] check_memory_region+0x123/0x190 [ 185.106876][ T7636] kasan_check_read+0x11/0x20 [ 185.111561][ T7636] refcount_inc_not_zero_checked+0x81/0x200 [ 185.117472][ T7636] ? refcount_dec_and_mutex_lock+0x90/0x90 [ 185.123276][ T7636] ? lock_acquire+0x16f/0x3f0 [ 185.127956][ T7636] refcount_inc_checked+0x17/0x70 [ 185.133158][ T7636] nr_release+0x62/0x3c0 [ 185.137394][ T7636] __sock_release+0xd3/0x2b0 [ 185.141972][ T7636] ? __sock_release+0x2b0/0x2b0 [ 185.146811][ T7636] sock_close+0x1b/0x30 [ 185.151133][ T7636] __fput+0x2e5/0x8d0 [ 185.155113][ T7636] ____fput+0x16/0x20 [ 185.159100][ T7636] task_work_run+0x14a/0x1c0 [ 185.163709][ T7636] exit_to_usermode_loop+0x273/0x2c0 [ 185.168988][ T7636] do_syscall_64+0x52d/0x610 [ 185.173572][ T7636] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.179460][ T7636] RIP: 0033:0x411e31 [ 185.183343][ T7636] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 185.202943][ T7636] RSP: 002b:00007ffcf55d0f50 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 185.211349][ T7636] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000411e31 [ 185.219302][ T7636] RDX: 0000000000000000 RSI: 00000000007410c8 RDI: 0000000000000006 [ 185.227280][ T7636] RBP: 0000000000000000 R08: 000000000002cf1a R09: 000000000002cf1a [ 185.235272][ T7636] R10: 00007ffcf55d0e80 R11: 0000000000000293 R12: 0000000000000001 [ 185.243329][ T7636] R13: 00007ffcf55d0f90 R14: 0000000000000000 R15: 00007ffcf55d0fa0 [ 185.252535][ T7636] [ 185.254854][ T7636] Allocated by task 7638: [ 185.259185][ T7636] save_stack+0x45/0xd0 [ 185.263348][ T7636] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 185.268990][ T7636] kasan_kmalloc+0x9/0x10 [ 185.273326][ T7636] __kmalloc+0x15c/0x740 [ 185.277565][ T7636] sk_prot_alloc+0x19c/0x2e0 [ 185.282170][ T7636] sk_alloc+0x39/0xf70 [ 185.286285][ T7636] nr_create+0xb9/0x5e0 [ 185.290433][ T7636] __sock_create+0x3e6/0x750 [ 185.295012][ T7636] __sys_socket+0x103/0x220 [ 185.299516][ T7636] __x64_sys_socket+0x73/0xb0 [ 185.304191][ T7636] do_syscall_64+0x103/0x610 [ 185.308771][ T7636] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.314816][ T7636] [ 185.317138][ T7636] Freed by task 7636: [ 185.321133][ T7636] save_stack+0x45/0xd0 [ 185.325382][ T7636] __kasan_slab_free+0x102/0x150 [ 185.330399][ T7636] kasan_slab_free+0xe/0x10 [ 185.334895][ T7636] kfree+0xcf/0x230 [ 185.338686][ T7636] __sk_destruct+0x4f1/0x6d0 [ 185.343260][ T7636] sk_destruct+0x7b/0x90 [ 185.347490][ T7636] __sk_free+0xce/0x300 [ 185.351677][ T7636] sk_free+0x42/0x50 [ 185.355632][ T7636] nr_release+0x337/0x3c0 [ 185.360041][ T7636] __sock_release+0xd3/0x2b0 [ 185.364644][ T7636] sock_close+0x1b/0x30 [ 185.368814][ T7636] __fput+0x2e5/0x8d0 [ 185.372812][ T7636] ____fput+0x16/0x20 [ 185.376772][ T7636] task_work_run+0x14a/0x1c0 [ 185.381370][ T7636] exit_to_usermode_loop+0x273/0x2c0 [ 185.386664][ T7636] do_syscall_64+0x52d/0x610 [ 185.391265][ T7636] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.397141][ T7636] [ 185.399517][ T7636] The buggy address belongs to the object at ffff8880a614c200 [ 185.399517][ T7636] which belongs to the cache kmalloc-2k of size 2048 [ 185.413569][ T7636] The buggy address is located 128 bytes inside of [ 185.413569][ T7636] 2048-byte region [ffff8880a614c200, ffff8880a614ca00) [ 185.426919][ T7636] The buggy address belongs to the page: [ 185.432545][ T7636] page:ffffea0002985300 count:1 mapcount:0 mapping:ffff88812c3f0c40 index:0x0 compound_mapcount: 0 [ 185.443214][ T7636] flags: 0x1fffc0000010200(slab|head) [ 185.448623][ T7636] raw: 01fffc0000010200 ffffea00022f4408 ffffea000218f408 ffff88812c3f0c40 [ 185.458690][ T7636] raw: 0000000000000000 ffff8880a614c200 0000000100000003 0000000000000000 [ 185.467261][ T7636] page dumped because: kasan: bad access detected [ 185.473812][ T7636] [ 185.476265][ T7636] Memory state around the buggy address: [ 185.481890][ T7636] ffff8880a614c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 185.489950][ T7636] ffff8880a614c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 185.498020][ T7636] >ffff8880a614c280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 185.506156][ T7636] ^ [ 185.510217][ T7636] ffff8880a614c300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 185.518259][ T7636] ffff8880a614c380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 185.526310][ T7636] ================================================================== [ 185.534449][ T7636] Disabling lock debugging due to kernel taint [ 185.553976][ T7636] Kernel panic - not syncing: panic_on_warn set ... [ 185.560718][ T7636] CPU: 1 PID: 7636 Comm: syz-executor.3 Tainted: G B 5.0.0+ #25 [ 185.569662][ T7636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.579799][ T7636] Call Trace: [ 185.583083][ T7636] dump_stack+0x172/0x1f0 [ 185.587405][ T7636] panic+0x2cb/0x65c [ 185.591293][ T7636] ? __warn_printk+0xf3/0xf3 [ 185.596041][ T7636] ? refcount_inc_not_zero_checked+0x81/0x200 [ 185.602106][ T7636] ? preempt_schedule+0x4b/0x60 [ 185.606953][ T7636] ? ___preempt_schedule+0x16/0x18 [ 185.612064][ T7636] ? trace_hardirqs_on+0x5e/0x230 [ 185.617102][ T7636] ? refcount_inc_not_zero_checked+0x81/0x200 [ 185.623754][ T7636] end_report+0x47/0x4f [ 185.627908][ T7636] ? refcount_inc_not_zero_checked+0x81/0x200 [ 185.633969][ T7636] kasan_report.cold+0xe/0x40 [ 185.638636][ T7636] ? refcount_inc_not_zero_checked+0x81/0x200 [ 185.644799][ T7636] check_memory_region+0x123/0x190 [ 185.650172][ T7636] kasan_check_read+0x11/0x20 [ 185.654850][ T7636] refcount_inc_not_zero_checked+0x81/0x200 [ 185.660760][ T7636] ? refcount_dec_and_mutex_lock+0x90/0x90 [ 185.666556][ T7636] ? lock_acquire+0x16f/0x3f0 [ 185.671226][ T7636] refcount_inc_checked+0x17/0x70 [ 185.676233][ T7636] nr_release+0x62/0x3c0 [ 185.680458][ T7636] __sock_release+0xd3/0x2b0 [ 185.685301][ T7636] ? __sock_release+0x2b0/0x2b0 [ 185.690154][ T7636] sock_close+0x1b/0x30 [ 185.694432][ T7636] __fput+0x2e5/0x8d0 [ 185.698416][ T7636] ____fput+0x16/0x20 [ 185.702390][ T7636] task_work_run+0x14a/0x1c0 [ 185.706966][ T7636] exit_to_usermode_loop+0x273/0x2c0 [ 185.712327][ T7636] do_syscall_64+0x52d/0x610 [ 185.716921][ T7636] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.722798][ T7636] RIP: 0033:0x411e31 [ 185.726679][ T7636] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 185.746282][ T7636] RSP: 002b:00007ffcf55d0f50 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 185.754679][ T7636] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000411e31 [ 185.762672][ T7636] RDX: 0000000000000000 RSI: 00000000007410c8 RDI: 0000000000000006 [ 185.770635][ T7636] RBP: 0000000000000000 R08: 000000000002cf1a R09: 000000000002cf1a [ 185.778693][ T7636] R10: 00007ffcf55d0e80 R11: 0000000000000293 R12: 0000000000000001 [ 185.786668][ T7636] R13: 00007ffcf55d0f90 R14: 0000000000000000 R15: 00007ffcf55d0fa0 [ 185.795757][ T7636] Kernel Offset: disabled [ 185.800105][ T7636] Rebooting in 86400 seconds..