[ 42.472714][ T27] audit: type=1800 audit(1584235007.720:29): pid=7940 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 42.494155][ T27] audit: type=1800 audit(1584235007.720:30): pid=7940 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 51.763558][ T8112] IPVS: ftp: loaded support on port[0] = 21 [ 52.078782][ T562] tipc: TX() has been purged, node left! [ 52.358977][ T8100] can: request_module (can-proto-0) failed. [ 55.243190][ T8100] can: request_module (can-proto-0) failed. [ 55.253672][ T8100] can: request_module (can-proto-0) failed. Warning: Permanently added '10.128.10.19' (ECDSA) to the list of known hosts. 2020/03/15 01:17:07 parsed 1 programs 2020/03/15 01:17:08 executed programs: 0 [ 63.065072][ T8198] IPVS: ftp: loaded support on port[0] = 21 [ 63.065506][ T8194] IPVS: ftp: loaded support on port[0] = 21 [ 63.076111][ T8195] IPVS: ftp: loaded support on port[0] = 21 [ 63.078390][ T8201] IPVS: ftp: loaded support on port[0] = 21 [ 63.088792][ T8203] IPVS: ftp: loaded support on port[0] = 21 [ 63.094305][ T8199] IPVS: ftp: loaded support on port[0] = 21 [ 63.311820][ T8195] chnl_net:caif_netlink_parms(): no params data found [ 63.339159][ T8198] chnl_net:caif_netlink_parms(): no params data found [ 63.402911][ T8203] chnl_net:caif_netlink_parms(): no params data found [ 63.481026][ T8198] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.488888][ T8198] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.497566][ T8198] device bridge_slave_0 entered promiscuous mode [ 63.507193][ T8194] chnl_net:caif_netlink_parms(): no params data found [ 63.547972][ T8195] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.555443][ T8195] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.563310][ T8195] device bridge_slave_0 entered promiscuous mode [ 63.571414][ T8198] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.578530][ T8198] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.586292][ T8198] device bridge_slave_1 entered promiscuous mode [ 63.605620][ T8199] chnl_net:caif_netlink_parms(): no params data found [ 63.620600][ T8195] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.628004][ T8195] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.636365][ T8195] device bridge_slave_1 entered promiscuous mode [ 63.664828][ T8201] chnl_net:caif_netlink_parms(): no params data found [ 63.688414][ T8198] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.708434][ T8194] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.717683][ T8194] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.726139][ T8194] device bridge_slave_0 entered promiscuous mode [ 63.737180][ T8194] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.744672][ T8194] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.752627][ T8194] device bridge_slave_1 entered promiscuous mode [ 63.763854][ T8195] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.774494][ T8198] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.787409][ T8203] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.794881][ T8203] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.802685][ T8203] device bridge_slave_0 entered promiscuous mode [ 63.815796][ T8203] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.823270][ T8203] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.835040][ T8203] device bridge_slave_1 entered promiscuous mode [ 63.856609][ T8195] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.900241][ T8199] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.908159][ T8199] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.916333][ T8199] device bridge_slave_0 entered promiscuous mode [ 63.927601][ T8201] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.934912][ T8201] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.943113][ T8201] device bridge_slave_0 entered promiscuous mode [ 63.954791][ T8201] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.962323][ T8201] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.971689][ T8201] device bridge_slave_1 entered promiscuous mode [ 63.990670][ T8194] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.000788][ T8199] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.007865][ T8199] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.016764][ T8199] device bridge_slave_1 entered promiscuous mode [ 64.025577][ T8198] team0: Port device team_slave_0 added [ 64.036333][ T8203] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.047164][ T8195] team0: Port device team_slave_0 added [ 64.061159][ T8194] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.078776][ T8198] team0: Port device team_slave_1 added [ 64.085869][ T8203] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.096710][ T8195] team0: Port device team_slave_1 added [ 64.111544][ T8201] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.146782][ T8201] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.161853][ T8199] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.175791][ T8199] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.251532][ T8195] device hsr_slave_0 entered promiscuous mode [ 64.289186][ T8195] device hsr_slave_1 entered promiscuous mode [ 64.331543][ T8203] team0: Port device team_slave_0 added [ 64.343210][ T8194] team0: Port device team_slave_0 added [ 64.366320][ T8199] team0: Port device team_slave_0 added [ 64.374468][ T8203] team0: Port device team_slave_1 added [ 64.398339][ T8194] team0: Port device team_slave_1 added [ 64.450580][ T8198] device hsr_slave_0 entered promiscuous mode [ 64.509059][ T8198] device hsr_slave_1 entered promiscuous mode [ 64.558948][ T8198] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.567007][ T8198] Cannot create hsr debugfs directory [ 64.574278][ T8199] team0: Port device team_slave_1 added [ 64.641796][ T8203] device hsr_slave_0 entered promiscuous mode [ 64.699160][ T8203] device hsr_slave_1 entered promiscuous mode [ 64.748855][ T8203] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.756592][ T8203] Cannot create hsr debugfs directory [ 64.764571][ T8201] team0: Port device team_slave_0 added [ 64.830419][ T8194] device hsr_slave_0 entered promiscuous mode [ 64.879048][ T8194] device hsr_slave_1 entered promiscuous mode [ 64.948862][ T8194] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.956600][ T8194] Cannot create hsr debugfs directory [ 64.966049][ T8201] team0: Port device team_slave_1 added [ 65.051335][ T8201] device hsr_slave_0 entered promiscuous mode [ 65.101860][ T8201] device hsr_slave_1 entered promiscuous mode [ 65.139015][ T8201] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.146960][ T8201] Cannot create hsr debugfs directory [ 65.180641][ T8199] device hsr_slave_0 entered promiscuous mode [ 65.239085][ T8199] device hsr_slave_1 entered promiscuous mode [ 65.279771][ T8199] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.287597][ T8199] Cannot create hsr debugfs directory [ 65.309618][ T8195] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.353496][ T8195] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.416032][ T8195] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.463199][ T8195] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.521367][ T8198] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 65.571406][ T8198] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 65.622793][ T8198] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 65.682677][ T8203] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 65.731159][ T8203] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 65.780553][ T8198] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 65.847651][ T8203] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 65.901570][ T8203] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 65.998428][ T8194] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 66.065128][ T8194] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 66.123293][ T8194] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 66.212524][ T8194] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 66.261426][ T8199] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 66.311902][ T8199] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 66.391243][ T8199] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 66.443303][ T8199] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 66.520877][ T8195] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.561359][ T8198] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.581485][ T8201] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 66.633696][ T8201] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 66.703824][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 66.714065][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.733267][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 66.741812][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 66.749911][ T8201] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 66.813620][ T8198] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.823575][ T8195] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.838448][ T8201] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 66.910701][ T3077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 66.919900][ T3077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 66.928405][ T3077] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.935637][ T3077] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.944696][ T3077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 66.954611][ T3077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 66.964306][ T3077] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.971566][ T3077] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.979758][ T3077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 66.988208][ T3077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 66.996848][ T3077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 67.005304][ T3077] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.012547][ T3077] bridge0: port 1(bridge_slave_0) entered forwarding state [ 67.035498][ T8203] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.056180][ T3072] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 67.064427][ T3072] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 67.075511][ T3072] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 67.084831][ T3072] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 67.094058][ T3072] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 67.103195][ T3072] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.110320][ T3072] bridge0: port 2(bridge_slave_1) entered forwarding state [ 67.118224][ T3072] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 67.156768][ T8203] 8021q: adding VLAN 0 to HW filter on device team0 [ 67.172805][ T8194] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.182817][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 67.192991][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 67.202120][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 67.211770][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 67.221054][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 67.230220][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 67.238426][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 67.247059][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 67.255929][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 67.264767][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 67.273687][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 67.282664][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 67.292130][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 67.301003][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 67.309658][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 67.317947][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 67.326233][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.336171][ T8198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 67.373103][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 67.383391][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 67.392375][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 67.401552][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 67.410594][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 67.419782][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 67.428455][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.435670][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 67.443681][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 67.453561][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 67.463078][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.470319][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 67.478008][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 67.486550][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 67.494159][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.502265][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 67.520472][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 67.528127][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 67.542374][ T8194] 8021q: adding VLAN 0 to HW filter on device team0 [ 67.555854][ T8198] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.564970][ T8195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 67.597611][ T8199] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.611176][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 67.624558][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 67.635861][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 67.646355][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 67.655192][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 67.664318][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 67.672963][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 67.682850][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 67.692976][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 67.702076][ T2686] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.709518][ T2686] bridge0: port 1(bridge_slave_0) entered forwarding state [ 67.733033][ T8203] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 67.746781][ T8203] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 67.774030][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 67.783878][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 67.792800][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 67.802661][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 67.822978][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 67.836668][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 67.846012][ T8117] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.853157][ T8117] bridge0: port 2(bridge_slave_1) entered forwarding state [ 67.862770][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 67.873007][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 67.873410][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 67.873947][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 2020/03/15 01:17:13 executed programs: 8 [ 67.874031][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 67.882575][ T8195] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.944012][ T8203] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.960338][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 67.972712][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 67.988387][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.002975][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.015386][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.024036][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 68.024650][ T2686] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 68.031851][ T8199] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.063150][ T8201] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.081626][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 68.095730][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 68.112946][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 68.125709][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 68.135436][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 68.167379][ T8201] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.200599][ T8194] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 68.215107][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 68.226823][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.246996][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.254155][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.267433][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.276333][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.290044][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 68.299504][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.307975][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.315518][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.323788][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 68.347950][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 68.358374][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 68.367740][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 68.376667][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.385030][ T8117] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.392110][ T8117] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.399947][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 68.408540][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.417127][ T8117] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.424198][ T8117] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.439105][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 68.447087][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 68.456466][ T8117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 68.475012][ T8194] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.506882][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 68.517542][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 68.528007][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 68.537388][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.547959][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 68.557354][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 68.568174][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 68.577315][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.588374][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 68.596685][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 68.615410][ T8201] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 68.626261][ T8201] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 68.637986][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 68.646464][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 68.655450][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 68.664126][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 68.673035][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 68.681927][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 68.690547][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 68.705834][ T8199] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 68.717428][ T8199] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 68.745927][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 68.755730][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 68.805982][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 68.834883][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 68.852897][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 68.860817][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 68.869519][ T3076] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 68.887782][ T8201] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.915330][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 68.925752][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 68.937594][ T8199] 8021q: adding VLAN 0 to HW filter on device batadv0 2020/03/15 01:17:18 executed programs: 237 2020/03/15 01:17:23 executed programs: 551 2020/03/15 01:17:28 executed programs: 860 2020/03/15 01:17:33 executed programs: 1172 2020/03/15 01:17:38 executed programs: 1482 2020/03/15 01:17:43 executed programs: 1778 2020/03/15 01:17:48 executed programs: 2071 2020/03/15 01:17:53 executed programs: 2338 INIT: Id "2" respawning too fast: disabled for 5 minutes 2020/03/15 01:17:58 executed programs: 2599 2020/03/15 01:18:03 executed programs: 2860 2020/03/15 01:18:08 executed programs: 3121 2020/03/15 01:18:13 executed programs: 3407 [ 128.848661][T21329] ================================================================== [ 128.848693][T21329] BUG: KASAN: use-after-free in con_shutdown+0x76/0x80 [ 128.848698][T21329] Write of size 8 at addr ffff888097da9108 by task syz-executor.1/21329 [ 128.848700][T21329] [ 128.848708][T21329] CPU: 0 PID: 21329 Comm: syz-executor.1 Not tainted 5.6.0-rc5-syzkaller #0 [ 128.848712][T21329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 128.848715][T21329] Call Trace: [ 128.848727][T21329] dump_stack+0x12d/0x187 [ 128.848747][T21329] print_address_description.constprop.8.cold.10+0x9/0x31d [ 128.848753][T21329] ? con_shutdown+0x76/0x80 [ 128.848762][T21329] __kasan_report.cold.11+0x1b/0x32 [ 128.848767][T21329] ? con_shutdown+0x76/0x80 [ 128.848778][T21329] ? con_shutdown+0x76/0x80 [ 128.848788][T21329] kasan_report+0x12/0x20 [ 128.848796][T21329] __asan_report_store8_noabort+0x17/0x20 [ 128.848802][T21329] con_shutdown+0x76/0x80 [ 128.848809][T21329] release_tty+0xa6/0x400 [ 128.848821][T21329] tty_release_struct+0x33/0x50 [ 128.848829][T21329] tty_release+0x97e/0xc60 [ 128.848853][T21329] __fput+0x25a/0x770 [ 128.848861][T21329] ? _raw_spin_unlock_irq+0x22/0x80 [ 128.848878][T21329] ____fput+0x9/0x10 [ 128.848887][T21329] task_work_run+0x108/0x180 [ 128.848913][T21329] exit_to_usermode_loop+0x24e/0x2e0 [ 128.848926][T21329] do_syscall_64+0x531/0x630 [ 128.848938][T21329] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 128.848944][T21329] RIP: 0033:0x4144a1 [ 128.848951][T21329] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 128.848955][T21329] RSP: 002b:00007ffede536860 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 128.848962][T21329] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004144a1 [ 128.848965][T21329] RDX: 0000000000000000 RSI: 0000000000000081 RDI: 0000000000000004 [ 128.848969][T21329] RBP: 0000000000000000 R08: 0000000000760318 R09: ffffffffffffffff [ 128.848973][T21329] R10: 00007ffede536930 R11: 0000000000000293 R12: 000000000075bfc8 [ 128.848977][T21329] R13: 0000000000000004 R14: 0000000000760320 R15: 000000000075bfd4 [ 128.849003][T21329] [ 128.849008][T21329] Allocated by task 21335: [ 128.849014][T21329] save_stack+0x21/0x90 [ 128.849019][T21329] __kasan_kmalloc.constprop.17+0xc7/0xd0 [ 128.849024][T21329] kasan_kmalloc+0x9/0x10 [ 128.849029][T21329] kmem_cache_alloc_trace+0x15b/0x780 [ 128.849034][T21329] vc_allocate+0x1b7/0x7c0 [ 128.849038][T21329] con_install+0x4d/0x410 [ 128.849042][T21329] tty_init_dev+0xda/0x3c0 [ 128.849046][T21329] tty_open+0x514/0x9f0 [ 128.849052][T21329] chrdev_open+0x1ed/0x5c0 [ 128.849058][T21329] do_dentry_open+0x3fa/0x1100 [ 128.849063][T21329] vfs_open+0x9a/0xc0 [ 128.849068][T21329] path_openat+0x8fb/0x2d40 [ 128.849073][T21329] do_filp_open+0x171/0x240 [ 128.849078][T21329] do_sys_openat2+0x2e0/0x510 [ 128.849083][T21329] do_sys_open+0x90/0xe0 [ 128.849088][T21329] __x64_sys_open+0x79/0xb0 [ 128.849093][T21329] do_syscall_64+0xca/0x630 [ 128.849098][T21329] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 128.849101][T21329] [ 128.849104][T21329] Freed by task 21331: [ 128.849109][T21329] save_stack+0x21/0x90 [ 128.849114][T21329] __kasan_slab_free+0x102/0x150 [ 128.849119][T21329] kasan_slab_free+0xe/0x10 [ 128.849123][T21329] kfree+0x108/0x2c0 [ 128.849130][T21329] vt_disallocate_all+0x247/0x3f0 [ 128.849143][T21329] vt_ioctl+0x18b2/0x21c0 [ 128.849148][T21329] tty_ioctl+0x45b/0x12f0 [ 128.849154][T21329] ksys_ioctl+0xc1/0x110 [ 128.849164][T21329] __x64_sys_ioctl+0x6e/0xb0 [ 128.849169][T21329] do_syscall_64+0xca/0x630 [ 128.849174][T21329] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 128.849177][T21329] [ 128.849181][T21329] The buggy address belongs to the object at ffff888097da9000 [ 128.849181][T21329] which belongs to the cache kmalloc-2k of size 2048 [ 128.849186][T21329] The buggy address is located 264 bytes inside of [ 128.849186][T21329] 2048-byte region [ffff888097da9000, ffff888097da9800) [ 128.849189][T21329] The buggy address belongs to the page: [ 128.849195][T21329] page:ffffea00025f6a40 refcount:1 mapcount:0 mapping:ffff8880aa400e00 index:0x0 [ 128.849201][T21329] flags: 0xfffe0000000200(slab) [ 128.849208][T21329] raw: 00fffe0000000200 ffffea00028d4a08 ffffea00024d52c8 ffff8880aa400e00 [ 128.849214][T21329] raw: 0000000000000000 ffff888097da9000 0000000100000001 0000000000000000 [ 128.849218][T21329] page dumped because: kasan: bad access detected [ 128.849221][T21329] [ 128.849224][T21329] Memory state around the buggy address: [ 128.849228][T21329] ffff888097da9000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 128.849232][T21329] ffff888097da9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 128.849236][T21329] >ffff888097da9100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 128.849239][T21329] ^ [ 128.849243][T21329] ffff888097da9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 128.849247][T21329] ffff888097da9200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 128.849250][T21329] ================================================================== [ 128.849253][T21329] Disabling lock debugging due to kernel taint [ 128.849504][T21329] Kernel panic - not syncing: panic_on_warn set ... [ 128.849510][T21329] CPU: 0 PID: 21329 Comm: syz-executor.1 Tainted: G B 5.6.0-rc5-syzkaller #0 [ 128.849512][T21329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 128.849514][T21329] Call Trace: [ 128.849520][T21329] dump_stack+0x12d/0x187 [ 128.849527][T21329] ? con_shutdown+0x60/0x80 [ 128.849534][T21329] panic+0x22a/0x4e3 [ 128.849539][T21329] ? add_taint.cold.7+0x11/0x11 [ 128.849545][T21329] ? ___preempt_schedule+0x16/0x18 [ 128.849553][T21329] ? con_shutdown+0x76/0x80 [ 128.849558][T21329] end_report+0x47/0x4f [ 128.849563][T21329] __kasan_report.cold.11+0xe/0x32 [ 128.849567][T21329] ? con_shutdown+0x76/0x80 [ 128.849572][T21329] ? con_shutdown+0x76/0x80 [ 128.849578][T21329] kasan_report+0x12/0x20 [ 128.849583][T21329] __asan_report_store8_noabort+0x17/0x20 [ 128.849587][T21329] con_shutdown+0x76/0x80 [ 128.849591][T21329] release_tty+0xa6/0x400 [ 128.849596][T21329] tty_release_struct+0x33/0x50 [ 128.849601][T21329] tty_release+0x97e/0xc60 [ 128.849612][T21329] __fput+0x25a/0x770 [ 128.849615][T21329] ? _raw_spin_unlock_irq+0x22/0x80 [ 128.849623][T21329] ____fput+0x9/0x10 [ 128.849629][T21329] task_work_run+0x108/0x180 [ 128.849638][T21329] exit_to_usermode_loop+0x24e/0x2e0 [ 128.849646][T21329] do_syscall_64+0x531/0x630 [ 128.849653][T21329] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 128.849656][T21329] RIP: 0033:0x4144a1 [ 128.849660][T21329] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 128.849662][T21329] RSP: 002b:00007ffede536860 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 128.849666][T21329] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004144a1 [ 128.849669][T21329] RDX: 0000000000000000 RSI: 0000000000000081 RDI: 0000000000000004 [ 128.849671][T21329] RBP: 0000000000000000 R08: 0000000000760318 R09: ffffffffffffffff [ 128.849674][T21329] R10: 00007ffede536930 R11: 0000000000000293 R12: 000000000075bfc8 [ 128.849677][T21329] R13: 0000000000000004 R14: 0000000000760320 R15: 000000000075bfd4 [ 128.851220][T21329] Kernel Offset: disabled [ 129.604258][T21329] Rebooting in 86400 seconds..