[ 54.797144][ T26] audit: type=1800 audit(1563473784.315:26): pid=8422 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 54.834519][ T26] audit: type=1800 audit(1563473784.315:27): pid=8422 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 66.238141][ T8591] IPVS: ftp: loaded support on port[0] = 21 [ 67.530968][ T8580] can: request_module (can-proto-0) failed. [ 68.037890][ T8580] can: request_module (can-proto-0) failed. Warning: Permanently added '10.128.15.205' (ECDSA) to the list of known hosts. 2019/07/18 18:16:45 parsed 1 programs 2019/07/18 18:16:46 executed programs: 0 [ 76.816213][ T8668] IPVS: ftp: loaded support on port[0] = 21 [ 76.846041][ T8670] IPVS: ftp: loaded support on port[0] = 21 [ 76.882284][ T8678] IPVS: ftp: loaded support on port[0] = 21 [ 76.882290][ T8676] IPVS: ftp: loaded support on port[0] = 21 [ 76.887726][ T8677] IPVS: ftp: loaded support on port[0] = 21 [ 76.922350][ T8674] IPVS: ftp: loaded support on port[0] = 21 [ 77.137580][ T8670] chnl_net:caif_netlink_parms(): no params data found [ 77.162435][ T8668] chnl_net:caif_netlink_parms(): no params data found [ 77.254783][ T8677] chnl_net:caif_netlink_parms(): no params data found [ 77.297404][ T8678] chnl_net:caif_netlink_parms(): no params data found [ 77.316072][ T8674] chnl_net:caif_netlink_parms(): no params data found [ 77.347700][ T8668] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.355502][ T8668] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.363362][ T8668] device bridge_slave_0 entered promiscuous mode [ 77.375384][ T8668] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.382546][ T8668] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.390380][ T8668] device bridge_slave_1 entered promiscuous mode [ 77.397752][ T8670] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.405417][ T8670] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.413148][ T8670] device bridge_slave_0 entered promiscuous mode [ 77.433695][ T8670] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.442729][ T8670] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.450480][ T8670] device bridge_slave_1 entered promiscuous mode [ 77.478262][ T8670] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.505966][ T8668] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.517873][ T8670] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.527391][ T8677] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.534772][ T8677] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.542452][ T8677] device bridge_slave_0 entered promiscuous mode [ 77.555963][ T8676] chnl_net:caif_netlink_parms(): no params data found [ 77.566336][ T8668] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.593468][ T8677] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.601618][ T8677] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.609910][ T8677] device bridge_slave_1 entered promiscuous mode [ 77.656868][ T8674] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.664079][ T8674] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.675384][ T8674] device bridge_slave_0 entered promiscuous mode [ 77.696726][ T8670] team0: Port device team_slave_0 added [ 77.703705][ T8678] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.710890][ T8678] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.718641][ T8678] device bridge_slave_0 entered promiscuous mode [ 77.730430][ T8674] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.737474][ T8674] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.745292][ T8674] device bridge_slave_1 entered promiscuous mode [ 77.764252][ T8668] team0: Port device team_slave_0 added [ 77.771127][ T8670] team0: Port device team_slave_1 added [ 77.777696][ T8668] team0: Port device team_slave_1 added [ 77.783548][ T8678] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.794082][ T8678] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.801785][ T8678] device bridge_slave_1 entered promiscuous mode [ 77.810868][ T8677] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.843073][ T8677] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.861053][ T8674] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.876752][ T8676] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.884004][ T8676] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.892200][ T8676] device bridge_slave_0 entered promiscuous mode [ 77.904268][ T8676] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.912282][ T8676] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.920069][ T8676] device bridge_slave_1 entered promiscuous mode [ 77.945059][ T8674] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.020372][ T8670] device hsr_slave_0 entered promiscuous mode [ 78.078739][ T8670] device hsr_slave_1 entered promiscuous mode [ 78.138149][ T8678] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.231174][ T8668] device hsr_slave_0 entered promiscuous mode [ 78.268916][ T8668] device hsr_slave_1 entered promiscuous mode [ 78.328637][ T8668] debugfs: Directory 'hsr0' with parent '/' already present! [ 78.341922][ T8674] team0: Port device team_slave_0 added [ 78.350349][ T8674] team0: Port device team_slave_1 added [ 78.361749][ T8678] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.372274][ T8677] team0: Port device team_slave_0 added [ 78.391809][ T8676] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.402245][ T8677] team0: Port device team_slave_1 added [ 78.415398][ T8678] team0: Port device team_slave_0 added [ 78.422774][ T8678] team0: Port device team_slave_1 added [ 78.434951][ T8676] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.490288][ T8674] device hsr_slave_0 entered promiscuous mode [ 78.528734][ T8674] device hsr_slave_1 entered promiscuous mode [ 78.568551][ T8674] debugfs: Directory 'hsr0' with parent '/' already present! [ 78.596671][ T8676] team0: Port device team_slave_0 added [ 78.633913][ T8676] team0: Port device team_slave_1 added [ 78.670410][ T8678] device hsr_slave_0 entered promiscuous mode [ 78.722140][ T8678] device hsr_slave_1 entered promiscuous mode [ 78.768562][ T8678] debugfs: Directory 'hsr0' with parent '/' already present! [ 78.840341][ T8677] device hsr_slave_0 entered promiscuous mode [ 78.889102][ T8677] device hsr_slave_1 entered promiscuous mode [ 78.958547][ T8677] debugfs: Directory 'hsr0' with parent '/' already present! [ 79.032709][ T8676] device hsr_slave_0 entered promiscuous mode [ 79.089003][ T8676] device hsr_slave_1 entered promiscuous mode [ 79.138732][ T8676] debugfs: Directory 'hsr0' with parent '/' already present! [ 79.148935][ T8668] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.182749][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.191781][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.245569][ T8670] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.262971][ T8668] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.284996][ T8674] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.304012][ T8678] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.320315][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.327938][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.336778][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 79.345646][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.354601][ T2885] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.361885][ T2885] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.371097][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 79.380207][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 79.389462][ T2885] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.396496][ T2885] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.404285][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 79.415687][ T8670] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.436893][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 79.447505][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 79.456234][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.464856][ T2885] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.471933][ T2885] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.480829][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 79.489900][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 79.498353][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 79.506763][ T2885] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.513826][ T2885] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.529550][ T8677] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.542763][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 79.551792][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.559990][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.567569][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 79.576392][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 79.587506][ T8674] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.615867][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 79.624192][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.632309][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.640364][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 79.648970][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 79.657232][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 79.665971][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.674902][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 79.683229][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.692058][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 79.700635][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 79.709324][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.717571][ T8599] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.724654][ T8599] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.734254][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 79.749176][ T8677] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.757991][ T8678] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.766249][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 79.775108][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 79.784895][ T8668] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 79.819542][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 79.828164][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 79.841413][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 79.850109][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 79.858532][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 79.866843][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 79.875397][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 79.883787][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.890865][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.898504][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 79.906940][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 79.915949][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.923059][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.930573][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 79.939531][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 79.947930][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 79.956280][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.964757][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 79.973727][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 80.000646][ T8676] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.011933][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 80.022470][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 80.031643][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.038753][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.046252][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 80.054814][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 80.063244][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 80.071737][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 80.080199][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 80.088529][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.095562][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.103286][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 80.111970][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 80.120393][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.127418][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.136369][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 80.144173][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 80.152564][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 80.164269][ T8670] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.179201][ T8670] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 80.201452][ T8668] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.218100][ T8676] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.231229][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 80.244910][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 80.253728][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 80.263649][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 80.272485][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 80.281114][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 80.289749][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 80.298096][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 80.306511][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 80.314965][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 80.323540][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 80.331251][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 80.339221][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 80.347610][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 80.356150][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 80.364660][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 80.373538][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 80.381391][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 80.395733][ T8678] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 80.407358][ T8678] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.433530][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 80.442119][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 80.451055][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 80.464221][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 80.473496][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 80.482338][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 80.490992][ T3194] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.498024][ T3194] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.505624][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 80.514225][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 80.522716][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 80.531049][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 80.539637][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 80.547804][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 80.556665][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 80.565429][ T3194] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 80.580387][ T8674] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 80.593496][ T8677] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 80.608077][ T8670] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.625964][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 80.638101][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 80.646718][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 80.665565][ T3191] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 80.674911][ T3191] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.682000][ T3191] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.717897][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 80.727869][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 80.744934][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 80.770641][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 80.790121][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 80.797901][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 80.807852][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 80.820032][ T8678] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.831019][ T8674] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.884080][ T8677] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.917513][ T8676] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 80.941903][ T8676] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.973227][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 80.989455][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 80.998051][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 81.013691][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 81.137953][ T8676] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.168029][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 81.208987][ T8694] [ 81.211341][ T8694] ========================= [ 81.215826][ T8694] WARNING: held lock freed! [ 81.218478][ T8721] kobject: 'queues' (00000000c7c822b3): kobject_add_internal: parent: 'bcsf0', set: '' [ 81.220318][ T8694] 5.2.0+ #1 Not tainted [ 81.234570][ T8694] ------------------------- [ 81.239069][ T8694] syz-executor.1/8694 is freeing memory ffff888097b9a2c0-ffff888097b9aabf, with a lock still held there! [ 81.250246][ T8694] 00000000fcc7216c (sk_lock-AF_NETROM){+.+.}, at: nr_release+0x130/0x3e0 [ 81.258668][ T8694] 2 locks held by syz-executor.1/8694: [ 81.264108][ T8694] #0: 00000000839018f7 (&sb->s_type->i_mutex_key#12){+.+.}, at: __sock_release+0x89/0x280 [ 81.270586][ T8721] kobject: 'queues' (00000000c7c822b3): kobject_uevent_env [ 81.274095][ T8694] #1: 00000000fcc7216c (sk_lock-AF_NETROM){+.+.}, at: nr_release+0x130/0x3e0 [ 81.290101][ T8694] [ 81.290101][ T8694] stack backtrace: [ 81.296088][ T8694] CPU: 0 PID: 8694 Comm: syz-executor.1 Not tainted 5.2.0+ #1 [ 81.296290][ T8721] kobject: 'queues' (00000000c7c822b3): kobject_uevent_env: filter function caused the event to drop! [ 81.303524][ T8694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.303529][ T8694] Call Trace: [ 81.303548][ T8694] dump_stack+0x172/0x1f0 [ 81.303571][ T8694] debug_check_no_locks_freed.cold+0x9d/0xa9 [ 81.303583][ T8694] ? trace_hardirqs_off+0x62/0x240 [ 81.303599][ T8694] kfree+0xec/0x2c0 [ 81.303614][ T8694] __sk_destruct+0x4f7/0x6e0 [ 81.303629][ T8694] sk_destruct+0x86/0xa0 [ 81.303642][ T8694] __sk_free+0xfb/0x360 [ 81.303656][ T8694] sk_free+0x42/0x50 [ 81.303668][ T8694] nr_destroy_socket+0x3ea/0x4b0 [ 81.303683][ T8694] nr_release+0x347/0x3e0 [ 81.354369][ T8721] kobject: 'rx-0' (00000000b9bf6fb1): kobject_add_internal: parent: 'queues', set: 'queues' [ 81.356032][ T8694] __sock_release+0xce/0x280 [ 81.356043][ T8694] sock_close+0x1e/0x30 [ 81.356059][ T8694] __fput+0x2ff/0x890 [ 81.373510][ T8721] kobject: 'rx-0' (00000000b9bf6fb1): kobject_uevent_env [ 81.383423][ T8694] ? __sock_release+0x280/0x280 [ 81.383437][ T8694] ____fput+0x16/0x20 [ 81.383450][ T8694] task_work_run+0x145/0x1c0 [ 81.383466][ T8694] exit_to_usermode_loop+0x316/0x380 [ 81.383483][ T8694] do_syscall_64+0x5a9/0x6a0 [ 81.410062][ T8721] kobject: 'rx-0' (00000000b9bf6fb1): fill_kobj_path: path = '/devices/virtual/net/bcsf0/queues/rx-0' [ 81.411969][ T8694] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.411985][ T8694] RIP: 0033:0x413501 [ 81.438538][ T8721] kobject: 'tx-0' (00000000725ddc0e): kobject_add_internal: parent: 'queues', set: 'queues' [ 81.443198][ T8694] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 81.443205][ T8694] RSP: 002b:00007ffff44a21c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 81.447279][ T8721] kobject: 'tx-0' (00000000725ddc0e): kobject_uevent_env [ 81.457119][ T8694] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413501 [ 81.457126][ T8694] RDX: 0000001b31720000 RSI: 0000000000000000 RDI: 0000000000000003 [ 81.457138][ T8694] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 81.457144][ T8694] R10: 00007ffff44a22a0 R11: 0000000000000293 R12: 000000000075c9a0 [ 81.457151][ T8694] R13: 000000000075c9a0 R14: 0000000000760e90 R15: ffffffffffffffff [ 81.534225][ T8694] ================================================================== [ 81.542314][ T8694] BUG: KASAN: use-after-free in do_raw_spin_lock+0x28a/0x2e0 [ 81.549673][ T8694] Read of size 4 at addr ffff888097b9a34c by task syz-executor.1/8694 [ 81.557806][ T8694] [ 81.560139][ T8694] CPU: 0 PID: 8694 Comm: syz-executor.1 Not tainted 5.2.0+ #1 [ 81.567584][ T8694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 81.577633][ T8694] Call Trace: [ 81.580925][ T8694] dump_stack+0x172/0x1f0 [ 81.585257][ T8694] ? do_raw_spin_lock+0x28a/0x2e0 [ 81.590384][ T8694] print_address_description.cold+0xd4/0x306 [ 81.596364][ T8694] ? do_raw_spin_lock+0x28a/0x2e0 [ 81.601389][ T8694] ? do_raw_spin_lock+0x28a/0x2e0 [ 81.606409][ T8694] __kasan_report.cold+0x1b/0x36 [ 81.611357][ T8694] ? do_raw_spin_lock+0x28a/0x2e0 [ 81.616380][ T8694] kasan_report+0x12/0x20 [ 81.620705][ T8694] __asan_report_load4_noabort+0x14/0x20 [ 81.626331][ T8694] do_raw_spin_lock+0x28a/0x2e0 [ 81.631176][ T8694] ? rwlock_bug.part.0+0x90/0x90 [ 81.636110][ T8694] ? lock_acquire+0x190/0x410 [ 81.640790][ T8694] ? release_sock+0x20/0x1c0 [ 81.645380][ T8694] ? __sk_free+0x100/0x360 [ 81.649799][ T8694] _raw_spin_lock_bh+0x3b/0x50 [ 81.654555][ T8694] ? release_sock+0x20/0x1c0 [ 81.659139][ T8694] release_sock+0x20/0x1c0 [ 81.663554][ T8694] nr_release+0x303/0x3e0 [ 81.667884][ T8694] __sock_release+0xce/0x280 [ 81.672469][ T8694] sock_close+0x1e/0x30 [ 81.676622][ T8694] __fput+0x2ff/0x890 [ 81.680620][ T8694] ? __sock_release+0x280/0x280 [ 81.682434][ T8721] kobject: 'tx-0' (00000000725ddc0e): fill_kobj_path: path = '/devices/virtual/net/bcsf0/queues/tx-0' [ 81.685469][ T8694] ____fput+0x16/0x20 [ 81.685483][ T8694] task_work_run+0x145/0x1c0 [ 81.685503][ T8694] exit_to_usermode_loop+0x316/0x380 [ 81.710221][ T8694] do_syscall_64+0x5a9/0x6a0 [ 81.714119][ T8721] kobject: 'brif' (000000008efe03a1): kobject_add_internal: parent: 'bcsf0', set: '' [ 81.714810][ T8694] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.730632][ T8694] RIP: 0033:0x413501 [ 81.734522][ T8694] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 81.735954][ T8721] kobject: 'batman_adv' (00000000283d7781): kobject_add_internal: parent: 'bcsf0', set: '' [ 81.754123][ T8694] RSP: 002b:00007ffff44a21c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 81.754135][ T8694] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413501 [ 81.754144][ T8694] RDX: 0000001b31720000 RSI: 0000000000000000 RDI: 0000000000000003 [ 81.754151][ T8694] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 81.754161][ T8694] R10: 00007ffff44a22a0 R11: 0000000000000293 R12: 000000000075c9a0 [ 81.754168][ T8694] R13: 000000000075c9a0 R14: 0000000000760e90 R15: ffffffffffffffff [ 81.754179][ T8694] [ 81.754189][ T8694] Allocated by task 8677: [ 81.754205][ T8694] save_stack+0x23/0x90 [ 81.754215][ T8694] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 81.754223][ T8694] kasan_kmalloc+0x9/0x10 [ 81.754234][ T8694] __kmalloc+0x163/0x780 [ 81.754247][ T8694] sk_prot_alloc+0x23a/0x310 [ 81.754256][ T8694] sk_alloc+0x39/0xf70 [ 81.754265][ T8694] nr_rx_frame+0x73b/0x1ec0 [ 81.754273][ T8694] nr_loopback_timer+0x7b/0x170 [ 81.754283][ T8694] call_timer_fn+0x1ac/0x780 [ 81.754293][ T8694] run_timer_softirq+0x697/0x17a0 [ 81.754303][ T8694] __do_softirq+0x262/0x98c [ 81.754305][ T8694] [ 81.754310][ T8694] Freed by task 8694: [ 81.754318][ T8694] save_stack+0x23/0x90 [ 81.754327][ T8694] __kasan_slab_free+0x102/0x150 [ 81.754336][ T8694] kasan_slab_free+0xe/0x10 [ 81.754346][ T8694] kfree+0x10a/0x2c0 [ 81.754356][ T8694] __sk_destruct+0x4f7/0x6e0 [ 81.754365][ T8694] sk_destruct+0x86/0xa0 [ 81.754373][ T8694] __sk_free+0xfb/0x360 [ 81.754383][ T8694] sk_free+0x42/0x50 [ 81.754390][ T8694] nr_destroy_socket+0x3ea/0x4b0 [ 81.754404][ T8694] nr_release+0x347/0x3e0 [ 81.921123][ T8694] __sock_release+0xce/0x280 [ 81.925706][ T8694] sock_close+0x1e/0x30 [ 81.929866][ T8694] __fput+0x2ff/0x890 [ 81.933848][ T8694] ____fput+0x16/0x20 [ 81.937825][ T8694] task_work_run+0x145/0x1c0 [ 81.942415][ T8694] exit_to_usermode_loop+0x316/0x380 [ 81.947698][ T8694] do_syscall_64+0x5a9/0x6a0 [ 81.952295][ T8694] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.958173][ T8694] [ 81.960496][ T8694] The buggy address belongs to the object at ffff888097b9a2c0 [ 81.960496][ T8694] which belongs to the cache kmalloc-2k of size 2048 [ 81.974545][ T8694] The buggy address is located 140 bytes inside of [ 81.974545][ T8694] 2048-byte region [ffff888097b9a2c0, ffff888097b9aac0) [ 81.987896][ T8694] The buggy address belongs to the page: [ 81.993523][ T8694] page:ffffea00025ee680 refcount:1 mapcount:0 mapping:ffff8880aa400e00 index:0x0 compound_mapcount: 0 [ 82.004449][ T8694] flags: 0x1fffc0000010200(slab|head) [ 82.009846][ T8694] raw: 01fffc0000010200 ffffea00022ed708 ffffea00022d3e08 ffff8880aa400e00 [ 82.018460][ T8694] raw: 0000000000000000 ffff888097b9a2c0 0000000100000003 0000000000000000 [ 82.027034][ T8694] page dumped because: kasan: bad access detected [ 82.033435][ T8694] [ 82.035753][ T8694] Memory state around the buggy address: [ 82.041374][ T8694] ffff888097b9a200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.049429][ T8694] ffff888097b9a280: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 82.057487][ T8694] >ffff888097b9a300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.065537][ T8694] ^ [ 82.071947][ T8694] ffff888097b9a380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.080001][ T8694] ffff888097b9a400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.088053][ T8694] ================================================================== [ 82.096146][ T8694] Kernel panic - not syncing: panic_on_warn set ... [ 82.102730][ T8694] CPU: 0 PID: 8694 Comm: syz-executor.1 Tainted: G B 5.2.0+ #1 [ 82.111562][ T8694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 82.121608][ T8694] Call Trace: [ 82.124903][ T8694] dump_stack+0x172/0x1f0 [ 82.129234][ T8694] panic+0x2dc/0x755 [ 82.133131][ T8694] ? add_taint.cold+0x16/0x16 [ 82.137808][ T8694] ? trace_hardirqs_on+0x5e/0x240 [ 82.142856][ T8694] ? trace_hardirqs_on+0x5e/0x240 [ 82.147863][ T8694] ? do_raw_spin_lock+0x28a/0x2e0 [ 82.152867][ T8694] end_report+0x47/0x4f [ 82.156999][ T8694] ? do_raw_spin_lock+0x28a/0x2e0 [ 82.162000][ T8694] __kasan_report.cold+0xe/0x36 [ 82.166828][ T8694] ? do_raw_spin_lock+0x28a/0x2e0 [ 82.171835][ T8694] kasan_report+0x12/0x20 [ 82.176139][ T8694] __asan_report_load4_noabort+0x14/0x20 [ 82.181747][ T8694] do_raw_spin_lock+0x28a/0x2e0 [ 82.186582][ T8694] ? rwlock_bug.part.0+0x90/0x90 [ 82.191493][ T8694] ? lock_acquire+0x190/0x410 [ 82.196150][ T8694] ? release_sock+0x20/0x1c0 [ 82.200716][ T8694] ? __sk_free+0x100/0x360 [ 82.205112][ T8694] _raw_spin_lock_bh+0x3b/0x50 [ 82.209855][ T8694] ? release_sock+0x20/0x1c0 [ 82.214422][ T8694] release_sock+0x20/0x1c0 [ 82.218820][ T8694] nr_release+0x303/0x3e0 [ 82.223126][ T8694] __sock_release+0xce/0x280 [ 82.227704][ T8694] sock_close+0x1e/0x30 [ 82.231860][ T8694] __fput+0x2ff/0x890 [ 82.235822][ T8694] ? __sock_release+0x280/0x280 [ 82.240646][ T8694] ____fput+0x16/0x20 [ 82.244609][ T8694] task_work_run+0x145/0x1c0 [ 82.249209][ T8694] exit_to_usermode_loop+0x316/0x380 [ 82.254481][ T8694] do_syscall_64+0x5a9/0x6a0 [ 82.259058][ T8694] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 82.264922][ T8694] RIP: 0033:0x413501 [ 82.268825][ T8694] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 82.288409][ T8694] RSP: 002b:00007ffff44a21c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 82.296800][ T8694] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413501 [ 82.304749][ T8694] RDX: 0000001b31720000 RSI: 0000000000000000 RDI: 0000000000000003 [ 82.312707][ T8694] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff [ 82.320655][ T8694] R10: 00007ffff44a22a0 R11: 0000000000000293 R12: 000000000075c9a0 [ 82.328610][ T8694] R13: 000000000075c9a0 R14: 0000000000760e90 R15: ffffffffffffffff [ 82.337692][ T8694] Kernel Offset: disabled [ 82.342008][ T8694] Rebooting in 86400 seconds..