[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 48.160291][ T26] audit: type=1800 audit(1579353387.898:29): pid=8230 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 61.648379][ T8394] IPVS: ftp: loaded support on port[0] = 21 [ 61.942747][ T418] tipc: TX() has been purged, node left! [ 62.234095][ T8381] can: request_module (can-proto-0) failed. [ 64.957935][ T8381] can: request_module (can-proto-0) failed. [ 64.971291][ T8381] can: request_module (can-proto-0) failed. Warning: Permanently added '10.128.1.10' (ECDSA) to the list of known hosts. 2020/01/18 13:16:51 parsed 1 programs 2020/01/18 13:16:52 executed programs: 0 [ 73.156575][ T8478] IPVS: ftp: loaded support on port[0] = 21 [ 73.156679][ T8477] IPVS: ftp: loaded support on port[0] = 21 [ 73.174907][ T8483] IPVS: ftp: loaded support on port[0] = 21 [ 73.178477][ T8475] IPVS: ftp: loaded support on port[0] = 21 [ 73.184339][ T8484] IPVS: ftp: loaded support on port[0] = 21 [ 73.189362][ T8481] IPVS: ftp: loaded support on port[0] = 21 [ 73.432097][ T8478] chnl_net:caif_netlink_parms(): no params data found [ 73.470852][ T8481] chnl_net:caif_netlink_parms(): no params data found [ 73.479894][ T8475] chnl_net:caif_netlink_parms(): no params data found [ 73.566279][ T8483] chnl_net:caif_netlink_parms(): no params data found [ 73.583829][ T8478] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.591792][ T8478] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.600352][ T8478] device bridge_slave_0 entered promiscuous mode [ 73.630166][ T8477] chnl_net:caif_netlink_parms(): no params data found [ 73.650625][ T8478] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.658259][ T8478] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.667025][ T8478] device bridge_slave_1 entered promiscuous mode [ 73.681946][ T8484] chnl_net:caif_netlink_parms(): no params data found [ 73.706515][ T8475] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.713998][ T8475] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.722115][ T8475] device bridge_slave_0 entered promiscuous mode [ 73.751414][ T8478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.761642][ T8475] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.769874][ T8475] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.779039][ T8475] device bridge_slave_1 entered promiscuous mode [ 73.811840][ T8483] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.819330][ T8483] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.827803][ T8483] device bridge_slave_0 entered promiscuous mode [ 73.837752][ T8478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.848455][ T8481] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.856597][ T8481] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.865201][ T8481] device bridge_slave_0 entered promiscuous mode [ 73.887638][ T8483] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.895018][ T8483] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.906190][ T8483] device bridge_slave_1 entered promiscuous mode [ 73.923098][ T8481] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.930631][ T8481] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.939568][ T8481] device bridge_slave_1 entered promiscuous mode [ 73.961947][ T8477] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.970806][ T8477] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.979939][ T8477] device bridge_slave_0 entered promiscuous mode [ 73.995449][ T8483] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.026274][ T8478] team0: Port device team_slave_0 added [ 74.034294][ T8475] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.052038][ T8481] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.061858][ T8477] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.070260][ T8477] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.079233][ T8477] device bridge_slave_1 entered promiscuous mode [ 74.088481][ T8483] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.109259][ T8478] team0: Port device team_slave_1 added [ 74.118173][ T8475] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.130386][ T8481] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.163198][ T8481] team0: Port device team_slave_0 added [ 74.170062][ T8484] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.177385][ T8484] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.185605][ T8484] device bridge_slave_0 entered promiscuous mode [ 74.199768][ T8484] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.208259][ T8484] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.219389][ T8484] device bridge_slave_1 entered promiscuous mode [ 74.249138][ T8483] team0: Port device team_slave_0 added [ 74.257860][ T8481] team0: Port device team_slave_1 added [ 74.277277][ T8475] team0: Port device team_slave_0 added [ 74.285708][ T8477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.299018][ T8477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.311625][ T8484] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.324075][ T8484] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.334268][ T8483] team0: Port device team_slave_1 added [ 74.374841][ T8478] device hsr_slave_0 entered promiscuous mode [ 74.413031][ T8478] device hsr_slave_1 entered promiscuous mode [ 74.475284][ T8475] team0: Port device team_slave_1 added [ 74.528886][ T8477] team0: Port device team_slave_0 added [ 74.595737][ T8483] device hsr_slave_0 entered promiscuous mode [ 74.633293][ T8483] device hsr_slave_1 entered promiscuous mode [ 74.702811][ T8483] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.710896][ T8483] Cannot create hsr debugfs directory [ 74.721482][ T8477] team0: Port device team_slave_1 added [ 74.730227][ T8484] team0: Port device team_slave_0 added [ 74.740132][ T8484] team0: Port device team_slave_1 added [ 74.785571][ T8481] device hsr_slave_0 entered promiscuous mode [ 74.853010][ T8481] device hsr_slave_1 entered promiscuous mode [ 74.912755][ T8481] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.920662][ T8481] Cannot create hsr debugfs directory [ 74.986259][ T8475] device hsr_slave_0 entered promiscuous mode [ 75.033105][ T8475] device hsr_slave_1 entered promiscuous mode [ 75.072816][ T8475] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 75.080435][ T8475] Cannot create hsr debugfs directory [ 75.154658][ T8484] device hsr_slave_0 entered promiscuous mode [ 75.203062][ T8484] device hsr_slave_1 entered promiscuous mode [ 75.252713][ T8484] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 75.260737][ T8484] Cannot create hsr debugfs directory [ 75.355578][ T8477] device hsr_slave_0 entered promiscuous mode [ 75.412993][ T8477] device hsr_slave_1 entered promiscuous mode [ 75.482829][ T8477] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 75.490453][ T8477] Cannot create hsr debugfs directory [ 75.621844][ T8478] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.677544][ T8478] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.738599][ T8478] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.807293][ T8478] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.910162][ T8481] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 75.957579][ T8481] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 76.019106][ T8481] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 76.069867][ T8483] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 76.104692][ T8483] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 76.166298][ T8481] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 76.220750][ T8483] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 76.278977][ T8483] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 76.305003][ T8484] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 76.369374][ T8484] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 76.435251][ T8475] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 76.458225][ T8475] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 76.497054][ T8484] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 76.545237][ T8484] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 76.605039][ T8475] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 76.636120][ T8475] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 76.717823][ T8477] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 76.784639][ T8477] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 76.829329][ T8477] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 76.893281][ T8477] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 76.930024][ T8478] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.983611][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.991841][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.028711][ T8478] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.061056][ T2727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.071607][ T2727] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.080775][ T2727] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.088628][ T2727] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.112397][ T8484] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.129331][ T2727] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.139707][ T2727] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.149433][ T2727] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.158142][ T2727] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.166432][ T2727] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.175610][ T2727] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.183749][ T2727] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.204603][ T8481] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.236046][ T8484] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.254201][ T8483] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.261107][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.270357][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.279923][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.289270][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.300424][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.333827][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.342785][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.351365][ T2944] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.358544][ T2944] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.366778][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.377617][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.386786][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.397619][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.406577][ T2944] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.414452][ T2944] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.423192][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.433038][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.442727][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.452328][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.461420][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.471208][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.480992][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.498402][ T8478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.523355][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.533440][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.543710][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.552386][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.561672][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.570356][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.579217][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.588674][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.600528][ T8481] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.618227][ T8483] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.631630][ T8475] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.643161][ T8477] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.657908][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.667540][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.680105][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.688958][ T2737] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.696108][ T2737] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.704121][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.714689][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.752451][ T8477] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.760134][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.769326][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.778781][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.787697][ T2737] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.794868][ T2737] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.803227][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.811737][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.820652][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.829265][ T2737] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.836583][ T2737] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.844725][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 77.860319][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.868156][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.877935][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.888170][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.896269][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.906605][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.915672][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.925869][ T2737] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.939373][ T8484] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.971285][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.986682][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.996567][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 78.008285][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.022100][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 78.032386][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.042245][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 78.052017][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 78.060702][ T2733] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.068111][ T2733] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.076464][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 78.085786][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.094540][ T2733] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.101667][ T2733] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.109509][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 78.118337][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.128970][ T2733] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.138507][ T2733] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.147989][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 78.166125][ T8475] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.174227][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 78.182432][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.202710][ T8478] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.219913][ T8481] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.236168][ T8481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.246171][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 78.255013][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 78.264272][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.273328][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.281734][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 78.291530][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 78.300036][ T2712] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.307272][ T2712] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.316154][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 78.326917][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 78.337732][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.377151][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.385689][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 78.396570][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 78.406507][ T2733] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.413692][ T2733] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.422287][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 78.432418][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 78.444302][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 78.453416][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.462220][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 78.471612][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.481379][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 78.492020][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 78.500659][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.509570][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 78.518398][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.527919][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.536706][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.587789][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 78.597019][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.606307][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 78.616145][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 78.625423][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 78.635108][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 78.644135][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.652777][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.661197][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 78.670516][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 78.682997][ T8484] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.697424][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.707650][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.725049][ T8477] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.741884][ T8475] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 78.756474][ T8481] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.778146][ T8478] device veth0_vlan entered promiscuous mode [ 78.789285][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 78.812038][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 78.822156][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 78.831019][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 78.840406][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 78.848985][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 78.858456][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 78.878710][ T8478] device veth1_vlan entered promiscuous mode [ 78.909937][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 78.923059][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 78.931595][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.940704][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.955866][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 78.964298][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 78.989778][ T8475] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.009017][ T8477] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.035518][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 79.044442][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 79.061154][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 79.070642][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 79.079793][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 79.088924][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 79.105870][ T8483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 79.139983][ T8484] device veth0_vlan entered promiscuous mode [ 79.156891][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 79.166956][ T2712] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.208088][ T8484] device veth1_vlan entered promiscuous mode [ 79.215618][ T8505] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 79.223616][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.242019][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 79.250600][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 79.259914][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 79.269129][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 79.274142][ T8505] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 79.279954][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 79.295946][ T2733] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 2020/01/18 13:16:59 executed programs: 6 [ 79.331543][ T8483] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.349851][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 79.362060][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 79.384763][ T8510] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 79.390789][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 79.408491][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.417797][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 79.428237][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 79.438026][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 79.447345][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.458800][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 79.470494][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.487984][ T8515] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 79.493201][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 79.514181][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.522127][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 79.532786][ T8475] device veth0_vlan entered promiscuous mode [ 79.544287][ T8515] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 79.576247][ T8477] device veth0_vlan entered promiscuous mode [ 79.589624][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 79.598684][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.612019][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.620489][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 79.631754][ T8481] device veth0_vlan entered promiscuous mode [ 79.643749][ T8521] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 79.659553][ T8475] device veth1_vlan entered promiscuous mode [ 79.682029][ T8477] device veth1_vlan entered promiscuous mode [ 79.706605][ T8481] device veth1_vlan entered promiscuous mode [ 79.766171][ T8529] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. [ 79.774542][ T8530] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 79.793311][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 79.801645][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 79.813487][ T8529] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. [ 79.814485][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 79.848943][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 79.857990][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 79.866763][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 79.896359][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 79.907761][ T8530] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 79.922136][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 79.962969][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 79.971777][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 79.981380][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 79.991035][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 80.033041][ T8483] device veth0_vlan entered promiscuous mode [ 80.090144][ T8483] device veth1_vlan entered promiscuous mode [ 80.300127][ T8556] ================================================================== [ 80.309994][ T8556] BUG: KASAN: use-after-free in __list_del_entry_valid+0xd0/0xf3 [ 80.318160][ T8556] Read of size 8 at addr ffff88809a6d6008 by task syz-executor.4/8556 [ 80.326604][ T8556] [ 80.328746][ T8558] list_del corruption, ffff8880a941c400->prev is LIST_POISON2 (dead000000000122) [ 80.328939][ T8556] CPU: 0 PID: 8556 Comm: syz-executor.4 Not tainted 5.5.0-rc5-syzkaller #0 [ 80.340809][ T8558] ------------[ cut here ]------------ [ 80.348920][ T8556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.348932][ T8556] Call Trace: [ 80.354855][ T8558] kernel BUG at lib/list_debug.c:50! [ 80.355195][ T8558] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 80.365139][ T8556] dump_stack+0x12d/0x187 [ 80.368763][ T8558] CPU: 1 PID: 8558 Comm: syz-executor.3 Not tainted 5.5.0-rc5-syzkaller #0 [ 80.375216][ T8556] print_address_description.constprop.8.cold.10+0x9/0x31d [ 80.381914][ T8558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.381933][ T8558] RIP: 0010:__list_del_entry_valid.cold.1+0x12/0x58 [ 80.386780][ T8556] ? __list_del_entry_valid+0xd0/0xf3 [ 80.395972][ T8558] Code: fc fd 0f 0b 48 89 f1 48 c7 c7 a0 7f cd 87 48 89 de e8 e9 a4 fc fd 0f 0b 4c 89 e2 48 89 de 48 c7 c7 e0 80 cd 87 e8 d5 a4 fc fd <0f> 0b 4c 89 ea 48 89 de 48 c7 c7 80 80 cd 87 e8 c1 a4 fc fd 0f 0b [ 80.404306][ T8556] __kasan_report.cold.11+0x1b/0x3a [ 80.415583][ T8558] RSP: 0018:ffffc90002cb7450 EFLAGS: 00010282 [ 80.422398][ T8556] ? __list_del_entry_valid+0xd0/0xf3 [ 80.427854][ T8558] RAX: 000000000000004e RBX: ffff8880a941c400 RCX: 0000000000000000 [ 80.448021][ T8556] ? __list_del_entry_valid+0xd0/0xf3 [ 80.453215][ T8558] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8a9444e0 [ 80.459812][ T8556] kasan_report+0x12/0x20 [ 80.465425][ T8558] RBP: ffffc90002cb7468 R08: ffffed1015d66621 R09: ffffed1015d66621 [ 80.474011][ T8556] __asan_report_load8_noabort+0x14/0x20 [ 80.479574][ T8558] R10: ffffed1015d66620 R11: ffff8880aeb33107 R12: dead000000000122 [ 80.487562][ T8556] __list_del_entry_valid+0xd0/0xf3 [ 80.492401][ T8558] R13: ffff8880a81973f0 R14: ffff88809871b940 R15: ffff88807d304a80 [ 80.500401][ T8556] __list_del_entry+0xf/0xb0 [ 80.506027][ T8558] FS: 00007fb0e07a7700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000 [ 80.514446][ T8556] __nf_tables_abort+0x1bef/0x2c30 [ 80.520018][ T8558] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.520027][ T8558] CR2: 000000000141f828 CR3: 0000000099bb5000 CR4: 00000000001406e0 [ 80.528368][ T8556] ? kfree+0x237/0x2c0 [ 80.533387][ T8558] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 80.544535][ T8556] nf_tables_abort+0xf/0x30 [ 80.549738][ T8558] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.549747][ T8558] Call Trace: [ 80.556365][ T8556] nfnetlink_rcv_batch+0x50b/0x15b0 [ 80.565994][ T8558] __list_del_entry+0xf/0xb0 [ 80.571791][ T8556] ? nfnetlink_subsys_register+0x290/0x290 [ 80.580007][ T8558] __nf_tables_abort+0x1bef/0x2c30 [ 80.584511][ T8556] ? __kasan_check_write+0x14/0x20 [ 80.593101][ T8558] ? nfnl_err_del+0xf3/0x150 [ 80.596361][ T8556] ? apparmor_capable+0x35e/0x670 [ 80.602476][ T8558] nf_tables_abort+0xf/0x30 [ 80.608020][ T8556] ? __kasan_check_write+0x14/0x20 [ 80.614711][ T8558] nfnetlink_rcv_batch+0x50b/0x15b0 [ 80.620698][ T8556] ? apparmor_capable+0x35e/0x670 [ 80.625829][ T8558] ? nfnetlink_subsys_register+0x290/0x290 [ 80.630411][ T8556] ? __nla_validate_parse+0xa1/0x1cf0 [ 80.635412][ T8558] ? __kasan_check_write+0x14/0x20 [ 80.640623][ T8556] ? security_capable+0x58/0xa0 [ 80.645929][ T8558] ? apparmor_capable+0x35e/0x670 [ 80.651308][ T8556] ? nla_memcpy+0xa0/0xa0 [ 80.656510][ T8558] ? __kasan_check_write+0x14/0x20 [ 80.663072][ T8556] ? ns_capable_common+0x5e/0xd0 [ 80.668874][ T8558] ? apparmor_capable+0x35e/0x670 [ 80.674292][ T8556] ? ns_capable+0xb/0x10 [ 80.679397][ T8558] ? __nla_validate_parse+0xa1/0x1cf0 [ 80.684518][ T8556] nfnetlink_rcv+0x2eb/0x3b0 [ 80.688980][ T8558] ? security_capable+0x58/0xa0 [ 80.694291][ T8556] ? nfnetlink_rcv_batch+0x15b0/0x15b0 [ 80.699256][ T8558] ? nla_memcpy+0xa0/0xa0 [ 80.704300][ T8556] ? netlink_deliver_tap+0x178/0xac0 [ 80.709945][ T8558] ? ns_capable_common+0x5e/0xd0 [ 80.716365][ T8556] netlink_unicast+0x45e/0x6a0 [ 80.721581][ T8558] ? ns_capable+0xb/0x10 [ 80.727182][ T8556] ? netlink_attachskb+0x740/0x740 [ 80.733350][ T8558] nfnetlink_rcv+0x2eb/0x3b0 [ 80.737832][ T8556] ? _copy_from_iter_full+0x18a/0x780 [ 80.743227][ T8558] ? nfnetlink_rcv_batch+0x15b0/0x15b0 [ 80.748857][ T8556] ? __kasan_check_read+0x11/0x20 [ 80.753614][ T8558] ? netlink_deliver_tap+0x178/0xac0 [ 80.757893][ T8556] ? __check_object_size+0x203/0x2ea [ 80.763020][ T8558] netlink_unicast+0x45e/0x6a0 [ 80.768609][ T8556] netlink_sendmsg+0x7b0/0xcb0 [ 80.774067][ T8558] ? netlink_attachskb+0x740/0x740 [ 80.780392][ T8556] ? netlink_unicast+0x6a0/0x6a0 [ 80.785419][ T8558] ? _copy_from_iter_full+0x18a/0x780 [ 80.790863][ T8556] ? apparmor_socket_sendmsg+0x1b/0x20 [ 80.796153][ T8558] ? __kasan_check_read+0x11/0x20 [ 80.804267][ T8556] ? netlink_unicast+0x6a0/0x6a0 [ 80.810656][ T8558] ? __check_object_size+0x203/0x2ea [ 80.816147][ T8556] sock_sendmsg+0xb5/0xf0 [ 80.821058][ T8558] netlink_sendmsg+0x7b0/0xcb0 [ 80.826608][ T8556] ____sys_sendmsg+0x603/0x950 [ 80.833235][ T8558] ? netlink_unicast+0x6a0/0x6a0 [ 80.838364][ T8556] ? copy_msghdr_from_user+0x209/0x420 [ 80.843762][ T8558] ? apparmor_socket_sendmsg+0x1b/0x20 [ 80.849779][ T8556] ? kernel_sendmsg+0x30/0x30 [ 80.854107][ T8558] ? netlink_unicast+0x6a0/0x6a0 [ 80.858988][ T8556] ___sys_sendmsg+0xe4/0x160 [ 80.863754][ T8558] sock_sendmsg+0xb5/0xf0 [ 80.870041][ T8556] ? sendmsg_copy_msghdr+0x30/0x30 [ 80.875575][ T8558] ____sys_sendmsg+0x603/0x950 [ 80.881221][ T8556] ? __kasan_check_read+0x11/0x20 [ 80.885899][ T8558] ? copy_msghdr_from_user+0x209/0x420 [ 80.891534][ T8556] ? __fget+0x2ac/0x410 [ 80.896150][ T8558] ? kernel_sendmsg+0x30/0x30 [ 80.900679][ T8556] ? ksys_dup3+0x2e0/0x2e0 [ 80.905777][ T8558] ___sys_sendmsg+0xe4/0x160 [ 80.910542][ T8556] ? __might_fault+0xf1/0x1b0 [ 80.915720][ T8558] ? sendmsg_copy_msghdr+0x30/0x30 [ 80.922051][ T8556] ? __fget_light+0x179/0x1f0 [ 80.926183][ T8558] ? __kasan_check_read+0x11/0x20 [ 80.931429][ T8556] ? lock_acquire+0x194/0x410 [ 80.931443][ T8556] ? __fdget+0xe/0x10 [ 80.931456][ T8556] __sys_sendmsg+0xd9/0x180 [ 80.935879][ T8558] ? __fget+0x2ac/0x410 [ 80.940545][ T8556] ? __sys_sendmsg_sock+0xa0/0xa0 [ 80.946300][ T8558] ? ksys_dup3+0x2e0/0x2e0 [ 80.952117][ T8556] ? __kasan_check_read+0x11/0x20 [ 80.957051][ T8558] ? __might_fault+0xf1/0x1b0 [ 80.962169][ T8556] ? _copy_to_user+0xcb/0xf0 [ 80.968249][ T8558] ? __fget_light+0x179/0x1f0 [ 80.972206][ T8556] ? put_timespec64+0xa9/0x100 [ 80.976711][ T8558] ? lock_acquire+0x194/0x410 [ 80.980888][ T8556] ? nsecs_to_jiffies+0x20/0x20 [ 80.986167][ T8558] ? __fdget+0xe/0x10 [ 80.990698][ T8556] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 80.995941][ T8558] __sys_sendmsg+0xd9/0x180 [ 81.001008][ T8556] __x64_sys_sendmsg+0x73/0xb0 [ 81.005588][ T8558] ? __sys_sendmsg_sock+0xa0/0xa0 [ 81.010277][ T8556] do_syscall_64+0xca/0x5f0 [ 81.015131][ T8558] ? __kasan_check_read+0x11/0x20 [ 81.020056][ T8556] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.024974][ T8558] ? _copy_to_user+0xcb/0xf0 [ 81.028923][ T8556] RIP: 0033:0x45aff9 [ 81.035284][ T8558] ? put_timespec64+0xa9/0x100 [ 81.039963][ T8556] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 81.045519][ T8558] ? nsecs_to_jiffies+0x20/0x20 [ 81.050787][ T8556] RSP: 002b:00007f269790bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 81.055313][ T8558] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.060314][ T8556] RAX: ffffffffffffffda RBX: 00007f269790c6d4 RCX: 000000000045aff9 [ 81.066542][ T8558] __x64_sys_sendmsg+0x73/0xb0 [ 81.071602][ T8556] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 81.079758][ T8558] do_syscall_64+0xca/0x5f0 [ 81.084511][ T8556] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 81.084522][ T8556] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 81.104240][ T8558] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.109200][ T8556] R13: 0000000000000901 R14: 00000000004ca2fe R15: 000000000075bf2c [ 81.109212][ T8556] [ 81.117634][ T8558] RIP: 0033:0x45aff9 [ 81.123803][ T8556] Allocated by task 8556: [ 81.131897][ T8558] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 81.136935][ T8556] save_stack+0x21/0x90 [ 81.145335][ T8558] RSP: 002b:00007fb0e07a6c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 81.150213][ T8556] __kasan_kmalloc.constprop.17+0xc7/0xd0 [ 81.158743][ T8558] RAX: ffffffffffffffda RBX: 00007fb0e07a76d4 RCX: 000000000045aff9 [ 81.158754][ T8558] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 81.167066][ T8556] kasan_kmalloc+0x9/0x10 [ 81.173084][ T8558] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 81.181399][ T8556] kmem_cache_alloc_trace+0x15b/0x780 [ 81.181414][ T8556] nf_tables_newtable+0x27f/0x14e0 [ 81.183860][ T8558] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 81.187754][ T8556] nfnetlink_rcv_batch+0xc75/0x15b0 [ 81.192352][ T8558] R13: 0000000000000901 R14: 00000000004ca2fe R15: 000000000075bf2c [ 81.212691][ T8556] nfnetlink_rcv+0x2eb/0x3b0 [ 81.212703][ T8556] netlink_unicast+0x45e/0x6a0 [ 81.216870][ T8558] Modules linked in: [ 81.225753][ T8556] netlink_sendmsg+0x7b0/0xcb0 [ 81.225769][ T8556] sock_sendmsg+0xb5/0xf0 [ 81.233366][ T8558] ---[ end trace 0338a73e6e7b2581 ]--- [ 81.240377][ T8556] ____sys_sendmsg+0x603/0x950 [ 81.240383][ T8556] ___sys_sendmsg+0xe4/0x160 [ 81.240385][ T8556] __sys_sendmsg+0xd9/0x180 [ 81.240388][ T8556] __x64_sys_sendmsg+0x73/0xb0 [ 81.240396][ T8556] do_syscall_64+0xca/0x5f0 [ 81.240403][ T8556] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 81.240406][ T8556] [ 81.240410][ T8556] Freed by task 2733: [ 81.240417][ T8556] save_stack+0x21/0x90 [ 81.240419][ T8556] __kasan_slab_free+0x102/0x150 [ 81.240422][ T8556] kasan_slab_free+0xe/0x10 [ 81.240425][ T8556] kfree+0x108/0x2c0 [ 81.240432][ T8556] nf_tables_table_destroy.isra.61+0xd0/0x110 [ 81.240435][ T8556] nf_tables_trans_destroy_work+0x45c/0x6e0 [ 81.240442][ T8556] process_one_work+0x856/0x1630 [ 81.240445][ T8556] worker_thread+0x85/0xb60 [ 81.240449][ T8556] kthread+0x331/0x3f0 [ 81.240451][ T8556] ret_from_fork+0x24/0x30 [ 81.240452][ T8556] [ 81.240456][ T8556] The buggy address belongs to the object at ffff88809a6d6000 [ 81.240456][ T8556] which belongs to the cache kmalloc-512 of size 512 [ 81.240459][ T8556] The buggy address is located 8 bytes inside of [ 81.240459][ T8556] 512-byte region [ffff88809a6d6000, ffff88809a6d6200) [ 81.240461][ T8556] The buggy address belongs to the page: [ 81.240471][ T8556] page:ffffea000269b580 refcount:1 mapcount:0 mapping:ffff8880aa400a80 index:0x0 [ 81.249362][ T8558] RIP: 0010:__list_del_entry_valid.cold.1+0x12/0x58 [ 81.253484][ T8556] raw: 00fffe0000000200 ffffea0002843348 ffffea0002574e88 ffff8880aa400a80 [ 81.253489][ T8556] raw: 0000000000000000 ffff88809a6d6000 0000000100000004 0000000000000000 [ 81.253491][ T8556] page dumped because: kasan: bad access detected [ 81.253493][ T8556] [ 81.253494][ T8556] Memory state around the buggy address: [ 81.253499][ T8556] ffff88809a6d5f00: fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc [ 81.253501][ T8556] ffff88809a6d5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.253503][ T8556] >ffff88809a6d6000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.253505][ T8556] ^ [ 81.253507][ T8556] ffff88809a6d6080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.253510][ T8556] ffff88809a6d6100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.253511][ T8556] ================================================================== [ 81.273765][ T8556] Kernel panic - not syncing: panic_on_warn set ... [ 81.283500][ T2751] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 81.294269][ T8556] Kernel Offset: disabled [ 81.599149][ T8556] Rebooting in 86400 seconds..