[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 47.828681][ T26] audit: type=1800 audit(1563351797.706:25): pid=8300 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 47.857030][ T26] audit: type=1800 audit(1563351797.706:26): pid=8300 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 47.917596][ T26] audit: type=1800 audit(1563351797.716:27): pid=8300 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts. 2019/07/17 08:23:29 parsed 1 programs 2019/07/17 08:23:32 executed programs: 0 syzkaller login: [ 62.483565][ T8473] IPVS: ftp: loaded support on port[0] = 21 [ 62.530945][ T8475] IPVS: ftp: loaded support on port[0] = 21 [ 62.572513][ T8480] IPVS: ftp: loaded support on port[0] = 21 [ 62.595469][ T8479] IPVS: ftp: loaded support on port[0] = 21 [ 62.595565][ T8482] IPVS: ftp: loaded support on port[0] = 21 [ 62.660716][ T8483] IPVS: ftp: loaded support on port[0] = 21 [ 62.792903][ T8473] chnl_net:caif_netlink_parms(): no params data found [ 62.872563][ T8475] chnl_net:caif_netlink_parms(): no params data found [ 62.900075][ T8473] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.907809][ T8473] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.915421][ T8473] device bridge_slave_0 entered promiscuous mode [ 62.938172][ T8473] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.945275][ T8473] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.953502][ T8473] device bridge_slave_1 entered promiscuous mode [ 63.013473][ T8475] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.023978][ T8475] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.031964][ T8475] device bridge_slave_0 entered promiscuous mode [ 63.039903][ T8475] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.047088][ T8475] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.054938][ T8475] device bridge_slave_1 entered promiscuous mode [ 63.107540][ T8482] chnl_net:caif_netlink_parms(): no params data found [ 63.123995][ T8475] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.144724][ T8473] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.153911][ T8479] chnl_net:caif_netlink_parms(): no params data found [ 63.172050][ T8475] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.197591][ T8473] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.294575][ T8475] team0: Port device team_slave_0 added [ 63.301382][ T8482] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.308583][ T8482] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.316080][ T8482] device bridge_slave_0 entered promiscuous mode [ 63.325901][ T8482] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.333121][ T8482] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.340963][ T8482] device bridge_slave_1 entered promiscuous mode [ 63.347991][ T8483] chnl_net:caif_netlink_parms(): no params data found [ 63.360819][ T8473] team0: Port device team_slave_0 added [ 63.366557][ T8479] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.373851][ T8479] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.383500][ T8479] device bridge_slave_0 entered promiscuous mode [ 63.391998][ T8475] team0: Port device team_slave_1 added [ 63.419426][ T8473] team0: Port device team_slave_1 added [ 63.425220][ T8479] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.435110][ T8479] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.442915][ T8479] device bridge_slave_1 entered promiscuous mode [ 63.451000][ T8480] chnl_net:caif_netlink_parms(): no params data found [ 63.472107][ T8482] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.483286][ T8482] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.578509][ T8475] device hsr_slave_0 entered promiscuous mode [ 63.647156][ T8475] device hsr_slave_1 entered promiscuous mode [ 63.716107][ T8479] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.756085][ T8483] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.763740][ T8483] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.771725][ T8483] device bridge_slave_0 entered promiscuous mode [ 63.780708][ T8479] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.796124][ T8482] team0: Port device team_slave_0 added [ 63.810249][ T8482] team0: Port device team_slave_1 added [ 63.835742][ T8483] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.843066][ T8483] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.851595][ T8483] device bridge_slave_1 entered promiscuous mode [ 63.920080][ T8473] device hsr_slave_0 entered promiscuous mode [ 63.967336][ T8473] device hsr_slave_1 entered promiscuous mode [ 63.997189][ T8473] debugfs: Directory 'hsr0' with parent '/' already present! [ 64.019389][ T8480] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.027490][ T8480] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.035408][ T8480] device bridge_slave_0 entered promiscuous mode [ 64.063594][ T8483] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.077298][ T8480] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.084362][ T8480] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.093572][ T8480] device bridge_slave_1 entered promiscuous mode [ 64.113158][ T8479] team0: Port device team_slave_0 added [ 64.159681][ T8482] device hsr_slave_0 entered promiscuous mode [ 64.197191][ T8482] device hsr_slave_1 entered promiscuous mode [ 64.266841][ T8482] debugfs: Directory 'hsr0' with parent '/' already present! [ 64.279203][ T8483] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.293393][ T8480] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.305747][ T8480] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.316141][ T8479] team0: Port device team_slave_1 added [ 64.345999][ T8483] team0: Port device team_slave_0 added [ 64.375430][ T8483] team0: Port device team_slave_1 added [ 64.450287][ T8483] device hsr_slave_0 entered promiscuous mode [ 64.517220][ T8483] device hsr_slave_1 entered promiscuous mode [ 64.576834][ T8483] debugfs: Directory 'hsr0' with parent '/' already present! [ 64.599756][ T8480] team0: Port device team_slave_0 added [ 64.623941][ T8480] team0: Port device team_slave_1 added [ 64.699605][ T8479] device hsr_slave_0 entered promiscuous mode [ 64.737181][ T8479] device hsr_slave_1 entered promiscuous mode [ 64.787086][ T8479] debugfs: Directory 'hsr0' with parent '/' already present! [ 64.858716][ T8480] device hsr_slave_0 entered promiscuous mode [ 64.897176][ T8480] device hsr_slave_1 entered promiscuous mode [ 64.946952][ T8480] debugfs: Directory 'hsr0' with parent '/' already present! [ 65.011090][ T8473] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.038034][ T8475] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.051313][ T8482] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.070323][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 65.080881][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.094937][ T8482] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.104152][ T8473] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.125149][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 65.133994][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.141795][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 65.150233][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.158977][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.166142][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.174165][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 65.181910][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.190279][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 65.213379][ T8475] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.231415][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 65.240557][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.249601][ T3013] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.256677][ T3013] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.265124][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 65.289931][ T8479] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.308369][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 65.317421][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.325682][ T3013] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.332826][ T3013] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.341480][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 65.350485][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 65.359027][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.367762][ T3013] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.374833][ T3013] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.382677][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 65.391197][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 65.399869][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 65.408306][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.416550][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 65.425106][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.434046][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 65.442155][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.458953][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 65.468605][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.477379][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.484423][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.492193][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 65.500778][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.509447][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.516503][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.524763][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 65.545063][ T8473] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 65.555853][ T8473] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 65.581830][ T8480] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.594917][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 65.604819][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.613882][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 65.622831][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.631735][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 65.640468][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.649563][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 65.658176][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.666303][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 65.675142][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 65.683562][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.692223][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 65.700651][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.709098][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.719104][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 65.739925][ T8482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 65.755649][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 65.768336][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 65.776794][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.785137][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 65.793585][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.803050][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.817710][ T8483] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.828359][ T8487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 65.841977][ T8487] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.859600][ T8479] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.870156][ T8482] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.887765][ T8473] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.898605][ T8480] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.918799][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 65.935223][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.945221][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 65.954868][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.963550][ T3507] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.970622][ T3507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.985631][ T8483] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.999408][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.008662][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 66.026499][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 66.043937][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 66.052095][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.060142][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 66.068845][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.077254][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 66.085728][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.095291][ T3507] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.102380][ T3507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.117009][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.124960][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 66.134113][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.142809][ T3507] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.149911][ T3507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.158116][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 66.166718][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.175199][ T3507] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.182331][ T3507] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.210341][ T8475] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.225690][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 66.239938][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 66.249746][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.258518][ T3507] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.265560][ T3507] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.273665][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 66.282815][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.291493][ T3507] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.298596][ T3507] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.306094][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 66.315058][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 66.323618][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 66.332290][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 66.340833][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 66.349285][ T3507] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 66.376645][ T8479] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 66.390264][ T8479] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.418048][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 66.438435][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 66.449244][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 66.464982][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 66.474522][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 66.483765][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 66.492841][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 66.501611][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 66.510124][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 66.518665][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 66.527349][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 66.535625][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 66.544005][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 66.552328][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.560841][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 66.569617][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.578248][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 66.588107][ T8480] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.597099][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 66.605321][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.809635][ T8475] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.831074][ T8480] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.861811][ T8483] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 66.918868][ T8483] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.956894][ T8500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 66.975512][ T8500] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 66.995100][ T8500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 67.005903][ T8500] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 67.032702][ T8500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 67.051840][ T8500] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 67.065372][ T8500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 67.083168][ T8500] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 67.094747][ T8500] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 67.107858][ T8500] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 67.129031][ T8501] [ 67.131390][ T8501] ========================= [ 67.135874][ T8501] WARNING: held lock freed! [ 67.137998][ T8515] kobject: 'brif' (000000004cb87fa6): kobject_add_internal: parent: 'bcsf0', set: '' [ 67.140356][ T8501] 5.2.0+ #32 Not tainted [ 67.154558][ T8501] ------------------------- [ 67.159055][ T8501] syz-executor.1/8501 is freeing memory ffff8880908e95c0-ffff8880908e9dbf, with a lock still held there! [ 67.169248][ T8515] kobject: 'batman_adv' (00000000af4e1053): kobject_add_internal: parent: 'bcsf0', set: '' [ 67.170230][ T8501] 00000000a091dbf5 (sk_lock-AF_NETROM){+.+.}, at: nr_release+0xfe/0x390 [ 67.170261][ T8501] 2 locks held by syz-executor.1/8501: [ 67.194508][ T8501] #0: 0000000018589555 (&sb->s_type->i_mutex_key#11){+.+.}, at: sock_close+0x9e/0x260 [ 67.204152][ T8501] #1: 00000000a091dbf5 (sk_lock-AF_NETROM){+.+.}, at: nr_release+0xfe/0x390 [ 67.212957][ T8501] [ 67.212957][ T8501] stack backtrace: [ 67.218853][ T8501] CPU: 0 PID: 8501 Comm: syz-executor.1 Not tainted 5.2.0+ #32 [ 67.226394][ T8501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.226939][ T8479] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.236467][ T8501] Call Trace: [ 67.236489][ T8501] dump_stack+0x1d8/0x2f8 [ 67.236502][ T8501] debug_check_no_locks_freed+0x813/0x990 [ 67.236514][ T8501] ? lockdep_unregister_key+0x660/0x660 [ 67.236532][ T8501] ? _raw_spin_unlock_irqrestore+0xbc/0xe0 [ 67.257824][ T8479] kobject: 'vlan0' (000000004701eb4e): kobject_add_internal: parent: 'mesh', set: '' [ 67.262102][ T8501] ? debug_check_no_obj_freed+0x505/0x5b0 [ 67.262121][ T8501] ? __sk_destruct+0x567/0x660 [ 67.278155][ T8509] kobject: 'brif' (000000004cb87fa6): kobject_cleanup, parent 00000000adac442b [ 67.283582][ T8501] kfree+0xfb/0x200 [ 67.283606][ T8501] __sk_destruct+0x567/0x660 [ 67.302844][ T8509] kobject: 'brif' (000000004cb87fa6): auto cleanup kobject_del [ 67.305750][ T8501] ? __sk_free+0x30f/0x3e0 [ 67.305769][ T8501] __sk_free+0x317/0x3e0 [ 67.321967][ T8501] sk_free+0x2a/0x40 [ 67.323659][ T8509] kobject: 'brif' (000000004cb87fa6): calling ktype release [ 67.325861][ T8501] nr_destroy_socket+0x3e3/0x450 [ 67.325873][ T8501] nr_release+0x191/0x390 [ 67.325888][ T8501] sock_close+0xe1/0x260 [ 67.333356][ T8509] kobject: (000000004cb87fa6): dynamic_kobj_release [ 67.338165][ T8501] ? sock_mmap+0xa0/0xa0 [ 67.338178][ T8501] __fput+0x2e4/0x740 [ 67.338192][ T8501] ____fput+0x15/0x20 [ 67.338206][ T8501] task_work_run+0x17e/0x1b0 [ 67.342662][ T8509] kobject: 'brif': free name [ 67.346753][ T8501] prepare_exit_to_usermode+0x459/0x580 [ 67.346767][ T8501] syscall_return_slowpath+0x110/0x450 [ 67.346778][ T8501] do_syscall_64+0x126/0x140 [ 67.346796][ T8501] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 67.395981][ T8501] RIP: 0033:0x413501 [ 67.399850][ T8501] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 67.419456][ T8501] RSP: 002b:00007ffebb0784a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 67.427859][ T8501] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000413501 [ 67.435810][ T8501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 67.443775][ T8501] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 67.451744][ T8501] R10: 00007ffebb078580 R11: 0000000000000293 R12: 000000000075c9a0 [ 67.459691][ T8501] R13: 000000000075c9a0 R14: 0000000000760ff0 R15: ffffffffffffffff [ 67.484770][ T8509] kobject: 'batman_adv' (00000000af4e1053): kobject_uevent_env [ 67.496421][ T8501] ================================================================== [ 67.504511][ T8501] BUG: KASAN: use-after-free in do_raw_spin_lock+0x295/0x3a0 [ 67.511888][ T8501] Read of size 4 at addr ffff8880908e964c by task syz-executor.1/8501 [ 67.520032][ T8501] [ 67.522367][ T8501] CPU: 1 PID: 8501 Comm: syz-executor.1 Not tainted 5.2.0+ #32 [ 67.529905][ T8501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.539957][ T8501] Call Trace: [ 67.543253][ T8501] dump_stack+0x1d8/0x2f8 [ 67.547589][ T8501] print_address_description+0x75/0x5b0 [ 67.553130][ T8501] ? log_buf_vmcoreinfo_setup+0x153/0x153 [ 67.558863][ T8501] __kasan_report+0x14b/0x1c0 [ 67.563541][ T8501] ? do_raw_spin_lock+0x295/0x3a0 [ 67.568566][ T8501] kasan_report+0x26/0x50 [ 67.572892][ T8501] __asan_report_load4_noabort+0x14/0x20 [ 67.578524][ T8501] do_raw_spin_lock+0x295/0x3a0 [ 67.583374][ T8501] ? trace_lock_acquire+0x159/0x1d0 [ 67.588569][ T8501] ? __rwlock_init+0x130/0x130 [ 67.593331][ T8501] ? release_sock+0x30/0x1d0 [ 67.596846][ T8509] kobject: 'batman_adv' (00000000af4e1053): kobject_uevent_env: filter function caused the event to drop! [ 67.597918][ T8501] ? release_sock+0x30/0x1d0 [ 67.597927][ T8501] ? release_sock+0x30/0x1d0 [ 67.597943][ T8501] _raw_spin_lock_bh+0x40/0x50 [ 67.623117][ T8501] release_sock+0x30/0x1d0 [ 67.627538][ T8501] nr_release+0x1b9/0x390 [ 67.629541][ T8509] kobject: 'batman_adv' (00000000af4e1053): kobject_cleanup, parent 00000000e5e242cf [ 67.631868][ T8501] sock_close+0xe1/0x260 [ 67.631878][ T8501] ? sock_mmap+0xa0/0xa0 [ 67.631895][ T8501] __fput+0x2e4/0x740 [ 67.653779][ T8501] ____fput+0x15/0x20 [ 67.656868][ T8509] kobject: 'batman_adv' (00000000af4e1053): calling ktype release [ 67.657767][ T8501] task_work_run+0x17e/0x1b0 [ 67.665622][ T8509] kobject: (00000000af4e1053): dynamic_kobj_release [ 67.670128][ T8501] prepare_exit_to_usermode+0x459/0x580 [ 67.670141][ T8501] syscall_return_slowpath+0x110/0x450 [ 67.670152][ T8501] do_syscall_64+0x126/0x140 [ 67.670165][ T8501] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 67.670173][ T8501] RIP: 0033:0x413501 [ 67.670182][ T8501] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 67.670186][ T8501] RSP: 002b:00007ffebb0784a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 67.670194][ T8501] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000413501 [ 67.670199][ T8501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 67.670216][ T8501] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 67.696893][ T8509] kobject: 'batman_adv': free name [ 67.698178][ T8501] R10: 00007ffebb078580 R11: 0000000000000293 R12: 000000000075c9a0 [ 67.698190][ T8501] R13: 000000000075c9a0 R14: 0000000000760ff0 R15: ffffffffffffffff [ 67.698203][ T8501] [ 67.777214][ T8501] Allocated by task 0: [ 67.781269][ T8501] __kasan_kmalloc+0x11c/0x1b0 [ 67.786014][ T8501] kasan_kmalloc+0x9/0x10 [ 67.790327][ T8501] __kmalloc+0x254/0x340 [ 67.794548][ T8501] sk_prot_alloc+0xb0/0x290 [ 67.799032][ T8501] sk_alloc+0x38/0x950 [ 67.803085][ T8501] nr_rx_frame+0xabc/0x1e40 [ 67.807571][ T8501] nr_loopback_timer+0x6a/0x140 [ 67.812401][ T8501] call_timer_fn+0xec/0x200 [ 67.816883][ T8501] __run_timers+0x7cd/0x9c0 [ 67.821366][ T8501] run_timer_softirq+0x4a/0x90 [ 67.826137][ T8501] __do_softirq+0x333/0x7c4 [ 67.830621][ T8501] [ 67.832945][ T8501] Freed by task 8501: [ 67.836914][ T8501] __kasan_slab_free+0x12a/0x1e0 [ 67.841922][ T8501] kasan_slab_free+0xe/0x10 [ 67.846414][ T8501] kfree+0x115/0x200 [ 67.850302][ T8501] __sk_destruct+0x567/0x660 [ 67.854877][ T8501] __sk_free+0x317/0x3e0 [ 67.859101][ T8501] sk_free+0x2a/0x40 [ 67.862984][ T8501] nr_destroy_socket+0x3e3/0x450 [ 67.867915][ T8501] nr_release+0x191/0x390 [ 67.872231][ T8501] sock_close+0xe1/0x260 [ 67.876465][ T8501] __fput+0x2e4/0x740 [ 67.880436][ T8501] ____fput+0x15/0x20 [ 67.884406][ T8501] task_work_run+0x17e/0x1b0 [ 67.888991][ T8501] prepare_exit_to_usermode+0x459/0x580 [ 67.894526][ T8501] syscall_return_slowpath+0x110/0x450 [ 67.899980][ T8501] do_syscall_64+0x126/0x140 [ 67.904594][ T8501] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 67.911771][ T8501] [ 67.914108][ T8501] The buggy address belongs to the object at ffff8880908e95c0 [ 67.914108][ T8501] which belongs to the cache kmalloc-2k of size 2048 [ 67.928150][ T8501] The buggy address is located 140 bytes inside of [ 67.928150][ T8501] 2048-byte region [ffff8880908e95c0, ffff8880908e9dc0) [ 67.941492][ T8501] The buggy address belongs to the page: [ 67.947115][ T8501] page:ffffea0002423a00 refcount:1 mapcount:0 mapping:ffff8880aa400e00 index:0x0 compound_mapcount: 0 [ 67.958122][ T8501] flags: 0x1fffc0000010200(slab|head) [ 67.963489][ T8501] raw: 01fffc0000010200 ffffea0002a15508 ffffea000283dc08 ffff8880aa400e00 [ 67.972081][ T8501] raw: 0000000000000000 ffff8880908e84c0 0000000100000003 0000000000000000 [ 67.980655][ T8501] page dumped because: kasan: bad access detected [ 67.987138][ T8501] [ 67.989453][ T8501] Memory state around the buggy address: [ 67.995079][ T8501] ffff8880908e9500: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 68.003134][ T8501] ffff8880908e9580: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 68.011202][ T8501] >ffff8880908e9600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.019371][ T8501] ^ [ 68.025780][ T8501] ffff8880908e9680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.033857][ T8501] ffff8880908e9700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.041904][ T8501] ================================================================== [ 68.050024][ T8501] Kernel panic - not syncing: panic_on_warn set ... [ 68.056620][ T8501] CPU: 1 PID: 8501 Comm: syz-executor.1 Tainted: G B 5.2.0+ #32 [ 68.065548][ T8501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.075689][ T8501] Call Trace: [ 68.078987][ T8501] dump_stack+0x1d8/0x2f8 [ 68.083319][ T8501] panic+0x29b/0x7d9 [ 68.087227][ T8501] ? check_preemption_disabled+0x3a/0x2a0 [ 68.092958][ T8501] ? __kasan_report+0x195/0x1c0 [ 68.097820][ T8501] ? trace_hardirqs_on+0x34/0x80 [ 68.102847][ T8501] ? nmi_panic+0x97/0x97 [ 68.107092][ T8501] ? trace_hardirqs_on+0x34/0x80 [ 68.112027][ T8501] ? __kasan_report+0x195/0x1c0 [ 68.116882][ T8501] ? _raw_spin_unlock_irqrestore+0xad/0xe0 [ 68.122681][ T8501] __kasan_report+0x1bb/0x1c0 [ 68.127335][ T8501] ? do_raw_spin_lock+0x295/0x3a0 [ 68.132337][ T8501] kasan_report+0x26/0x50 [ 68.136647][ T8501] __asan_report_load4_noabort+0x14/0x20 [ 68.142273][ T8501] do_raw_spin_lock+0x295/0x3a0 [ 68.147101][ T8501] ? trace_lock_acquire+0x159/0x1d0 [ 68.152274][ T8501] ? __rwlock_init+0x130/0x130 [ 68.157033][ T8501] ? release_sock+0x30/0x1d0 [ 68.161600][ T8501] ? release_sock+0x30/0x1d0 [ 68.166164][ T8501] ? release_sock+0x30/0x1d0 [ 68.170736][ T8501] _raw_spin_lock_bh+0x40/0x50 [ 68.175484][ T8501] release_sock+0x30/0x1d0 [ 68.179918][ T8501] nr_release+0x1b9/0x390 [ 68.184265][ T8501] sock_close+0xe1/0x260 [ 68.188488][ T8501] ? sock_mmap+0xa0/0xa0 [ 68.192720][ T8501] __fput+0x2e4/0x740 [ 68.196790][ T8501] ____fput+0x15/0x20 [ 68.200763][ T8501] task_work_run+0x17e/0x1b0 [ 68.205338][ T8501] prepare_exit_to_usermode+0x459/0x580 [ 68.210875][ T8501] syscall_return_slowpath+0x110/0x450 [ 68.216346][ T8501] do_syscall_64+0x126/0x140 [ 68.220924][ T8501] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 68.226801][ T8501] RIP: 0033:0x413501 [ 68.230944][ T8501] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 68.250528][ T8501] RSP: 002b:00007ffebb0784a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 68.258926][ T8501] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000413501 [ 68.266878][ T8501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 68.274839][ T8501] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 68.282793][ T8501] R10: 00007ffebb078580 R11: 0000000000000293 R12: 000000000075c9a0 [ 68.290757][ T8501] R13: 000000000075c9a0 R14: 0000000000760ff0 R15: ffffffffffffffff [ 68.299674][ T8501] Kernel Offset: disabled [ 68.304003][ T8501] Rebooting in 86400 seconds..