[info] Using makefile-style concurrent boot in runlevel 2.
[   25.036988] audit: type=1800 audit(1540911140.742:21): pid=5277 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts.
syzkaller login: [   35.858246] IPVS: ftp: loaded support on port[0] = 21
[   36.011802] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.018392] bridge0: port 1(bridge_slave_0) entered disabled state
[   36.025573] device bridge_slave_0 entered promiscuous mode
[   36.043084] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.049701] bridge0: port 2(bridge_slave_1) entered disabled state
[   36.056631] device bridge_slave_1 entered promiscuous mode
[   36.074848] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   36.091593] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   36.139142] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   36.158053] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   36.228957] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   36.236306] team0: Port device team_slave_0 added
[   36.253315] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   36.260449] team0: Port device team_slave_1 added
[   36.276463] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   36.297350] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   36.315167] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   36.334037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   36.469200] bridge0: port 2(bridge_slave_1) entered blocking state
[   36.475641] bridge0: port 2(bridge_slave_1) entered forwarding state
[   36.482590] bridge0: port 1(bridge_slave_0) entered blocking state
[   36.488995] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   36.983895] 8021q: adding VLAN 0 to HW filter on device bond0
[   37.032427] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   37.083278] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   37.090165] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   37.097386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   37.148770] 8021q: adding VLAN 0 to HW filter on device team0
executing program
[   37.420968] ==================================================================
[   37.428437] BUG: KASAN: slab-out-of-bounds in _decode_session6+0x134a/0x1500
[   37.435610] Read of size 1 at addr ffff8801ca971707 by task syz-executor081/5431
[   37.443120] 
[   37.444737] CPU: 0 PID: 5431 Comm: syz-executor081 Not tainted 4.19.0+ #72
[   37.451730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   37.461065] Call Trace:
[   37.463644]  dump_stack+0x244/0x39d
[   37.467258]  ? dump_stack_print_info.cold.1+0x20/0x20
[   37.472432]  ? printk+0xa7/0xcf
[   37.475696]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   37.480443]  print_address_description.cold.7+0x9/0x1ff
[   37.485790]  kasan_report.cold.8+0x242/0x309
[   37.490198]  ? _decode_session6+0x134a/0x1500
[   37.494677]  __asan_report_load1_noabort+0x14/0x20
[   37.499591]  _decode_session6+0x134a/0x1500
[   37.503906]  __xfrm_decode_session+0x71/0x140
[   37.508385]  vti6_tnl_xmit+0x3fc/0x1c10
[   37.512345]  ? __lock_acquire+0x62f/0x4c20
[   37.516573]  ? vti6_tnl_create2+0x430/0x430
[   37.520883]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.526407]  ? check_preemption_disabled+0x48/0x280
[   37.531422]  dev_hard_start_xmit+0x295/0xc90
[   37.535821]  ? dev_direct_xmit+0x6b0/0x6b0
[   37.540042]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   37.545605]  ? netif_skb_features+0x690/0xb70
[   37.550083]  ? unwind_dump+0x190/0x190
[   37.553963]  ? lock_acquire+0x1ed/0x520
[   37.557921]  ? __dev_queue_xmit+0x3063/0x3ad0
[   37.562414]  ? kasan_check_read+0x11/0x20
[   37.566546]  ? do_raw_spin_lock+0x14f/0x350
[   37.570852]  ? rwlock_bug.part.2+0x90/0x90
[   37.575073]  ? netif_skb_features+0xb70/0xb70
[   37.579555]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.585080]  ? check_preemption_disabled+0x48/0x280
[   37.590097]  __dev_queue_xmit+0x2f71/0x3ad0
[   37.594419]  ? save_stack+0x43/0xd0
[   37.598035]  ? kasan_kmalloc+0xc7/0xe0
[   37.601909]  ? __kmalloc_node_track_caller+0x47/0x70
[   37.607000]  ? __kmalloc_reserve.isra.40+0x41/0xe0
[   37.611925]  ? netdev_pick_tx+0x310/0x310
[   37.616085]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.621611]  ? check_preemption_disabled+0x48/0x280
[   37.626618]  ? __lock_is_held+0xb5/0x140
[   37.630698]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   37.635700]  ? skb_release_data+0x1c4/0x880
[   37.640010]  ? kmem_cache_alloc_node_trace+0x34b/0x740
[   37.645275]  ? kasan_unpoison_shadow+0x35/0x50
[   37.650164]  ? skb_tx_error+0x2f0/0x2f0
[   37.654126]  ? __kmalloc_node_track_caller+0x47/0x70
[   37.659217]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   37.664738]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[   37.670262]  ? kasan_check_write+0x14/0x20
[   37.674485]  ? pskb_expand_head+0x6b3/0x10f0
[   37.678887]  ? skb_release_data+0x880/0x880
[   37.683193]  ? __alloc_skb+0x770/0x770
[   37.687071]  ? kasan_check_write+0x14/0x20
[   37.691291]  ? __skb_clone+0x6c7/0xa00
[   37.695164]  ? __copy_skb_header+0x6b0/0x6b0
[   37.699558]  ? kmem_cache_alloc+0x33a/0x730
[   37.703869]  ? skb_ensure_writable+0x15e/0x640
[   37.708439]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.713977]  dev_queue_xmit+0x17/0x20
[   37.717760]  ? dev_queue_xmit+0x17/0x20
[   37.721721]  __bpf_redirect+0x5cf/0xb20
[   37.725700]  bpf_clone_redirect+0x2f6/0x490
[   37.730016]  bpf_prog_c39d1ba309a769f7+0x800/0x1000
[   37.735037]  ? bpf_test_run+0x175/0x780
[   37.739010]  ? lock_downgrade+0x900/0x900
[   37.743147]  ? ktime_get+0x332/0x400
[   37.746852]  ? find_held_lock+0x36/0x1c0
[   37.750902]  ? lock_acquire+0x1ed/0x520
[   37.754861]  ? bpf_test_run+0x3cb/0x780
[   37.758840]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.764365]  ? check_preemption_disabled+0x48/0x280
[   37.769373]  ? kasan_check_read+0x11/0x20
[   37.773509]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   37.778773]  ? rcu_softirq_qs+0x20/0x20
[   37.782734]  ? bpf_cgroup_storage_release+0x220/0x220
[   37.787911]  ? skb_try_coalesce+0x1b70/0x1b70
[   37.792411]  ? bpf_test_run+0x25d/0x780
[   37.796375]  ? netlink_diag_dump+0x2a0/0x2a0
[   37.800774]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   37.806315]  ? bpf_test_init.isra.10+0x70/0x100
[   37.810976]  ? bpf_prog_test_run_skb+0x73c/0xcb0
[   37.815721]  ? bpf_test_finish.isra.9+0x1f0/0x1f0
[   37.820549]  ? bpf_prog_add+0x69/0xd0
[   37.824338]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.829871]  ? __bpf_prog_get+0x9b/0x290
[   37.833921]  ? bpf_test_finish.isra.9+0x1f0/0x1f0
[   37.838753]  ? bpf_prog_test_run+0x130/0x1a0
[   37.843148]  ? __x64_sys_bpf+0x3d8/0x520
[   37.847194]  ? bpf_prog_get+0x20/0x20
[   37.850996]  ? do_syscall_64+0x1b9/0x820
[   37.855044]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   37.860394]  ? syscall_return_slowpath+0x5e0/0x5e0
[   37.865304]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.870149]  ? trace_hardirqs_on_caller+0x310/0x310
[   37.875153]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   37.880153]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   37.885678]  ? prepare_exit_to_usermode+0x291/0x3b0
[   37.890686]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   37.895524]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.900878] 
[   37.902505] Allocated by task 5431:
[   37.906124]  save_stack+0x43/0xd0
[   37.909560]  kasan_kmalloc+0xc7/0xe0
[   37.913258]  __kmalloc_node_track_caller+0x47/0x70
[   37.918174]  __kmalloc_reserve.isra.40+0x41/0xe0
[   37.922918]  pskb_expand_head+0x230/0x10f0
[   37.927145]  skb_ensure_writable+0x3dd/0x640
[   37.931554]  bpf_clone_redirect+0x14a/0x490
[   37.935862]  bpf_prog_c39d1ba309a769f7+0x800/0x1000
[   37.940855] 
[   37.942465] Freed by task 4022:
[   37.945738]  save_stack+0x43/0xd0
[   37.949176]  __kasan_slab_free+0x102/0x150
[   37.953397]  kasan_slab_free+0xe/0x10
[   37.957193]  kfree+0xcf/0x230
[   37.960288]  load_elf_binary+0x25b4/0x5620
[   37.964510]  search_binary_handler+0x17d/0x570
[   37.969079]  __do_execve_file.isra.33+0x162f/0x2540
[   37.974080]  __x64_sys_execve+0x8f/0xc0
[   37.978038]  do_syscall_64+0x1b9/0x820
[   37.981911]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   37.987079] 
[   37.988691] The buggy address belongs to the object at ffff8801ca971500
[   37.988691]  which belongs to the cache kmalloc-512 of size 512
[   38.001338] The buggy address is located 7 bytes to the right of
[   38.001338]  512-byte region [ffff8801ca971500, ffff8801ca971700)
[   38.013548] The buggy address belongs to the page:
[   38.018465] page:ffffea00072a5c40 count:1 mapcount:0 mapping:ffff8801da800940 index:0x0
[   38.026600] flags: 0x2fffc0000000100(slab)
[   38.030824] raw: 02fffc0000000100 ffffea00072a6088 ffffea00072a7808 ffff8801da800940
[   38.038709] raw: 0000000000000000 ffff8801ca971000 0000000100000006 0000000000000000
[   38.046577] page dumped because: kasan: bad access detected
[   38.052273] 
[   38.053881] Memory state around the buggy address:
[   38.058795]  ffff8801ca971600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   38.066142]  ffff8801ca971680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   38.073495] >ffff8801ca971700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   38.080843]                    ^
[   38.084197]  ffff8801ca971780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   38.091547]  ffff8801ca971800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   38.098893] ==================================================================
[   38.106239] Disabling lock debugging due to kernel taint
[   38.111749] Kernel panic - not syncing: panic_on_warn set ...
[   38.111749] 
[   38.119137] CPU: 0 PID: 5431 Comm: syz-executor081 Tainted: G    B             4.19.0+ #72
[   38.127547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   38.136906] Call Trace:
[   38.139492]  dump_stack+0x244/0x39d
[   38.143105]  ? dump_stack_print_info.cold.1+0x20/0x20
[   38.148284]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   38.153032]  panic+0x238/0x4e7
[   38.156209]  ? add_taint.cold.5+0x16/0x16
[   38.160344]  ? trace_hardirqs_on+0x9a/0x310
[   38.164650]  ? trace_hardirqs_on+0xb4/0x310
[   38.168963]  ? trace_hardirqs_on+0xb4/0x310
[   38.173288]  kasan_end_report+0x47/0x4f
[   38.177246]  kasan_report.cold.8+0x76/0x309
[   38.181556]  ? _decode_session6+0x134a/0x1500
[   38.186037]  __asan_report_load1_noabort+0x14/0x20
[   38.190958]  _decode_session6+0x134a/0x1500
[   38.195275]  __xfrm_decode_session+0x71/0x140
[   38.199758]  vti6_tnl_xmit+0x3fc/0x1c10
[   38.203720]  ? __lock_acquire+0x62f/0x4c20
[   38.207954]  ? vti6_tnl_create2+0x430/0x430
[   38.212265]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   38.217798]  ? check_preemption_disabled+0x48/0x280
[   38.222804]  dev_hard_start_xmit+0x295/0xc90
[   38.227197]  ? dev_direct_xmit+0x6b0/0x6b0
[   38.231418]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   38.236936]  ? netif_skb_features+0x690/0xb70
[   38.241421]  ? unwind_dump+0x190/0x190
[   38.245299]  ? lock_acquire+0x1ed/0x520
[   38.249254]  ? __dev_queue_xmit+0x3063/0x3ad0
[   38.253736]  ? kasan_check_read+0x11/0x20
[   38.257865]  ? do_raw_spin_lock+0x14f/0x350
[   38.262170]  ? rwlock_bug.part.2+0x90/0x90
[   38.266386]  ? netif_skb_features+0xb70/0xb70
[   38.270866]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   38.276391]  ? check_preemption_disabled+0x48/0x280
[   38.281413]  __dev_queue_xmit+0x2f71/0x3ad0
[   38.285723]  ? save_stack+0x43/0xd0
[   38.289332]  ? kasan_kmalloc+0xc7/0xe0
[   38.293202]  ? __kmalloc_node_track_caller+0x47/0x70
[   38.298290]  ? __kmalloc_reserve.isra.40+0x41/0xe0
[   38.303208]  ? netdev_pick_tx+0x310/0x310
[   38.307343]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   38.312865]  ? check_preemption_disabled+0x48/0x280
[   38.317869]  ? __lock_is_held+0xb5/0x140
[   38.321922]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   38.326945]  ? skb_release_data+0x1c4/0x880
[   38.331255]  ? kmem_cache_alloc_node_trace+0x34b/0x740
[   38.336521]  ? kasan_unpoison_shadow+0x35/0x50
[   38.341101]  ? skb_tx_error+0x2f0/0x2f0
[   38.345067]  ? __kmalloc_node_track_caller+0x47/0x70
[   38.350177]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   38.355707]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[   38.361236]  ? kasan_check_write+0x14/0x20
[   38.365461]  ? pskb_expand_head+0x6b3/0x10f0
[   38.369859]  ? skb_release_data+0x880/0x880
[   38.374168]  ? __alloc_skb+0x770/0x770
[   38.378046]  ? kasan_check_write+0x14/0x20
[   38.382267]  ? __skb_clone+0x6c7/0xa00
[   38.386137]  ? __copy_skb_header+0x6b0/0x6b0
[   38.390619]  ? kmem_cache_alloc+0x33a/0x730
[   38.394927]  ? skb_ensure_writable+0x15e/0x640
[   38.399501]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   38.405026]  dev_queue_xmit+0x17/0x20
[   38.409157]  ? dev_queue_xmit+0x17/0x20
[   38.413117]  __bpf_redirect+0x5cf/0xb20
[   38.417077]  bpf_clone_redirect+0x2f6/0x490
[   38.421386]  bpf_prog_c39d1ba309a769f7+0x800/0x1000
[   38.426412]  ? bpf_test_run+0x175/0x780
[   38.430374]  ? lock_downgrade+0x900/0x900
[   38.434505]  ? ktime_get+0x332/0x400
[   38.438211]  ? find_held_lock+0x36/0x1c0
[   38.442264]  ? lock_acquire+0x1ed/0x520
[   38.446230]  ? bpf_test_run+0x3cb/0x780
[   38.450194]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   38.455725]  ? check_preemption_disabled+0x48/0x280
[   38.460732]  ? kasan_check_read+0x11/0x20
[   38.464870]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   38.470133]  ? rcu_softirq_qs+0x20/0x20
[   38.474095]  ? bpf_cgroup_storage_release+0x220/0x220
[   38.479273]  ? skb_try_coalesce+0x1b70/0x1b70
[   38.483754]  ? bpf_test_run+0x25d/0x780
[   38.487714]  ? netlink_diag_dump+0x2a0/0x2a0
[   38.492120]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   38.497649]  ? bpf_test_init.isra.10+0x70/0x100
[   38.502317]  ? bpf_prog_test_run_skb+0x73c/0xcb0
[   38.507076]  ? bpf_test_finish.isra.9+0x1f0/0x1f0
[   38.511913]  ? bpf_prog_add+0x69/0xd0
[   38.515707]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   38.521256]  ? __bpf_prog_get+0x9b/0x290
[   38.525311]  ? bpf_test_finish.isra.9+0x1f0/0x1f0
[   38.530137]  ? bpf_prog_test_run+0x130/0x1a0
[   38.534544]  ? __x64_sys_bpf+0x3d8/0x520
[   38.538607]  ? bpf_prog_get+0x20/0x20
[   38.542423]  ? do_syscall_64+0x1b9/0x820
[   38.546479]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   38.551833]  ? syscall_return_slowpath+0x5e0/0x5e0
[   38.556745]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   38.561575]  ? trace_hardirqs_on_caller+0x310/0x310
[   38.566577]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   38.571586]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   38.577123]  ? prepare_exit_to_usermode+0x291/0x3b0
[   38.582239]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   38.587088]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   38.593432] Kernel Offset: disabled
[   38.597076] Rebooting in 86400 seconds..