[ 45.901821][ T27] audit: type=1800 audit(1584236304.308:29): pid=8008 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 45.923240][ T27] audit: type=1800 audit(1584236304.308:30): pid=8008 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 56.903225][ T8172] IPVS: ftp: loaded support on port[0] = 21 [ 57.227028][ T559] tipc: TX() has been purged, node left! [ 57.527775][ T8154] can: request_module (can-proto-0) failed. [ 60.213846][ T8154] can: request_module (can-proto-0) failed. [ 60.225286][ T8154] can: request_module (can-proto-0) failed. Warning: Permanently added '10.128.15.192' (ECDSA) to the list of known hosts. 2020/03/15 01:38:45 parsed 1 programs 2020/03/15 01:38:46 executed programs: 0 [ 68.150443][ T8258] IPVS: ftp: loaded support on port[0] = 21 [ 68.164395][ T8250] IPVS: ftp: loaded support on port[0] = 21 [ 68.179714][ T8254] IPVS: ftp: loaded support on port[0] = 21 [ 68.179717][ T8249] IPVS: ftp: loaded support on port[0] = 21 [ 68.191907][ T8256] IPVS: ftp: loaded support on port[0] = 21 [ 68.218541][ T8255] IPVS: ftp: loaded support on port[0] = 21 [ 68.372761][ T8258] chnl_net:caif_netlink_parms(): no params data found [ 68.445943][ T8250] chnl_net:caif_netlink_parms(): no params data found [ 68.493312][ T8258] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.501324][ T8258] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.509484][ T8258] device bridge_slave_0 entered promiscuous mode [ 68.519787][ T8258] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.528510][ T8258] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.537791][ T8258] device bridge_slave_1 entered promiscuous mode [ 68.560949][ T8250] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.568496][ T8250] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.576245][ T8250] device bridge_slave_0 entered promiscuous mode [ 68.589752][ T8254] chnl_net:caif_netlink_parms(): no params data found [ 68.604833][ T8256] chnl_net:caif_netlink_parms(): no params data found [ 68.613763][ T8250] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.620966][ T8250] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.629829][ T8250] device bridge_slave_1 entered promiscuous mode [ 68.685224][ T8258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.706203][ T8250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.722274][ T8250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.742258][ T8258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.774678][ T8255] chnl_net:caif_netlink_parms(): no params data found [ 68.792432][ T8254] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.800155][ T8254] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.809012][ T8254] device bridge_slave_0 entered promiscuous mode [ 68.827325][ T8258] team0: Port device team_slave_0 added [ 68.843079][ T8250] team0: Port device team_slave_0 added [ 68.859994][ T8254] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.867573][ T8254] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.875366][ T8254] device bridge_slave_1 entered promiscuous mode [ 68.883720][ T8258] team0: Port device team_slave_1 added [ 68.897146][ T8250] team0: Port device team_slave_1 added [ 68.903436][ T8256] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.910821][ T8256] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.919132][ T8256] device bridge_slave_0 entered promiscuous mode [ 68.959399][ T8256] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.966577][ T8256] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.974642][ T8256] device bridge_slave_1 entered promiscuous mode [ 68.982068][ T8249] chnl_net:caif_netlink_parms(): no params data found [ 68.991197][ T8255] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.999071][ T8255] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.006755][ T8255] device bridge_slave_0 entered promiscuous mode [ 69.027059][ T8254] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.050608][ T8255] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.059073][ T8255] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.067304][ T8255] device bridge_slave_1 entered promiscuous mode [ 69.080032][ T8254] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.130329][ T8258] device hsr_slave_0 entered promiscuous mode [ 69.167486][ T8258] device hsr_slave_1 entered promiscuous mode [ 69.278905][ T8250] device hsr_slave_0 entered promiscuous mode [ 69.317447][ T8250] device hsr_slave_1 entered promiscuous mode [ 69.377098][ T8250] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.385179][ T8250] Cannot create hsr debugfs directory [ 69.398082][ T8256] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.419980][ T8255] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.440193][ T8254] team0: Port device team_slave_0 added [ 69.447346][ T8256] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.478946][ T8255] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.489386][ T8254] team0: Port device team_slave_1 added [ 69.515631][ T8255] team0: Port device team_slave_0 added [ 69.527489][ T8255] team0: Port device team_slave_1 added [ 69.533509][ T8249] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.541232][ T8249] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.549240][ T8249] device bridge_slave_0 entered promiscuous mode [ 69.565592][ T8256] team0: Port device team_slave_0 added [ 69.578017][ T8256] team0: Port device team_slave_1 added [ 69.597501][ T8249] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.604764][ T8249] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.612925][ T8249] device bridge_slave_1 entered promiscuous mode [ 69.681833][ T8255] device hsr_slave_0 entered promiscuous mode [ 69.738268][ T8255] device hsr_slave_1 entered promiscuous mode [ 69.777108][ T8255] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.785253][ T8255] Cannot create hsr debugfs directory [ 69.849011][ T8254] device hsr_slave_0 entered promiscuous mode [ 69.927323][ T8254] device hsr_slave_1 entered promiscuous mode [ 69.977122][ T8254] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.985069][ T8254] Cannot create hsr debugfs directory [ 70.009866][ T8258] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 70.079707][ T8258] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 70.140879][ T8249] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.154415][ T8249] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.211483][ T8256] device hsr_slave_0 entered promiscuous mode [ 70.267374][ T8256] device hsr_slave_1 entered promiscuous mode [ 70.307069][ T8256] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.315180][ T8256] Cannot create hsr debugfs directory [ 70.325608][ T8258] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 70.385688][ T8258] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 70.465348][ T8250] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.501135][ T8249] team0: Port device team_slave_0 added [ 70.512651][ T8250] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.600012][ T8249] team0: Port device team_slave_1 added [ 70.607431][ T8250] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.661240][ T8250] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.750158][ T8249] device hsr_slave_0 entered promiscuous mode [ 70.797340][ T8249] device hsr_slave_1 entered promiscuous mode [ 70.838159][ T8249] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.846117][ T8249] Cannot create hsr debugfs directory [ 70.852031][ T8254] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 70.909629][ T8254] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 70.995210][ T8254] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 71.029173][ T8254] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 71.107854][ T8256] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.178165][ T8256] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.232850][ T8256] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.298736][ T8256] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.356255][ T8255] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 71.407409][ T8255] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 71.463449][ T8255] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 71.513844][ T8258] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.536100][ T8249] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 71.578600][ T8255] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 71.655447][ T8249] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 71.693736][ T8249] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 71.739954][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 71.749851][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.760416][ T8258] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.778592][ T8249] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 71.821812][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 71.832299][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.841135][ T2784] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.848821][ T2784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.890214][ T8250] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.907016][ T2793] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 71.915389][ T2793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 71.924965][ T2793] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 71.934308][ T2793] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.941611][ T2793] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.950264][ T2793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 71.984260][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 71.993166][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 72.002384][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.011830][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 72.032473][ T8256] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.045713][ T8254] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.061004][ T2864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 72.072876][ T2864] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 72.081827][ T2864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 72.093779][ T2864] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.113678][ T8250] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.123027][ T2864] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 72.132070][ T2864] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 72.141945][ T2864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 72.151425][ T2864] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 72.160642][ T2864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 72.168955][ T2864] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.180867][ T8258] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 72.207497][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.216137][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.226141][ T2856] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.233294][ T2856] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.241629][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.250635][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.259138][ T2856] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.266217][ T2856] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.276751][ T8256] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.305059][ T8255] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.317886][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.325770][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 72.339085][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.348263][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 72.355792][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 72.389973][ T8254] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.405218][ T8258] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.413907][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.427752][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.436130][ T2702] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.443673][ T2702] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.453027][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.463703][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.472616][ T2702] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.479741][ T2702] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.488696][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 72.497468][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 72.506135][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 72.515624][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 72.523937][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.545559][ T8249] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.555411][ T8255] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.566374][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.581885][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 72.591922][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 72.604097][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.612973][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 72.630952][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.640618][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.649937][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.659276][ T2856] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.666525][ T2856] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.677785][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 72.686507][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 72.696474][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 72.704755][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 72.713651][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.735318][ T8256] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 72.750187][ T8256] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 72.766097][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 72.782229][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.791829][ T2784] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.799069][ T2784] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.808037][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 72.815830][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.823965][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 72.833276][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 72.842763][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 72.851864][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 72.861842][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 72.871308][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 72.881109][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 72.890390][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 72.899707][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 72.909248][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.918396][ T2784] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.926172][ T2784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.939509][ T8249] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.955653][ T8250] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 72.967901][ T8250] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 72.980557][ T2793] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 72.989794][ T2793] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 72.999043][ T2793] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.012339][ T2793] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 73.022114][ T2793] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.060750][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.069644][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 73.079881][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.093158][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 73.103518][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 73.112661][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 73.122044][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 73.132109][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 73.140856][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 73.150471][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 73.159908][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 73.169928][ T2784] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.178181][ T2784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.187507][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.196764][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.205312][ T2784] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.212398][ T2784] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.220883][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 73.229590][ T2784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 73.246245][ T8254] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 73.272323][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 73.292567][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 73.303704][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 73.322996][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 73.348512][ T2856] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.355956][ T2856] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.370652][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.381858][ C1] hrtimer: interrupt took 45135 ns [ 73.382407][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.396172][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 73.402422][ T8273] ================================================================== [ 73.410803][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 73.412527][ T8273] BUG: KASAN: use-after-free in eth_type_trans+0x601/0x740 [ 73.421439][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 73.427665][ T8273] Read of size 8 at addr ffff88807dbf0040 by task syz-executor.4/8273 [ 73.427669][ T8273] [ 73.427676][ T8273] CPU: 1 PID: 8273 Comm: syz-executor.4 Not tainted 5.6.0-rc5-syzkaller #0 [ 73.427680][ T8273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.427683][ T8273] Call Trace: [ 73.427798][ T8273] dump_stack+0x12d/0x187 [ 73.427819][ T8273] print_address_description.constprop.8.cold.10+0x9/0x31d [ 73.427830][ T8273] ? eth_type_trans+0x601/0x740 [ 73.427837][ T8273] __kasan_report.cold.11+0x1b/0x32 [ 73.427845][ T8273] ? eth_type_trans+0x601/0x740 [ 73.436947][ T2856] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 73.444111][ T8273] ? eth_type_trans+0x601/0x740 [ 73.484464][ T8254] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.486017][ T8273] kasan_report+0x12/0x20 [ 73.486029][ T8273] __asan_report_load8_noabort+0x14/0x20 [ 73.526218][ T8273] eth_type_trans+0x601/0x740 [ 73.531063][ T8273] ? eth_gro_receive+0x940/0x940 [ 73.536206][ T8273] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 73.541853][ T8273] ? llc_pdu_set_pf_bit+0x2e/0x180 [ 73.547205][ T8273] napi_gro_frags+0x6da/0xb00 [ 73.550749][ T8256] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.552041][ T8273] tun_get_user+0x2412/0x37b0 [ 73.563703][ T8273] ? __kasan_check_read+0x11/0x20 [ 73.568764][ T8273] ? tun_build_skb.isra.54+0x1110/0x1110 [ 73.574541][ T8273] ? aa_path_link+0x340/0x340 [ 73.575526][ T8250] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.579361][ T8273] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 73.579369][ T8273] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 73.579381][ T8273] ? lockdep_hardirqs_on+0x42d/0x5d0 [ 73.579385][ T8273] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 73.579407][ T8273] ? rcu_irq_exit+0x182/0x330 [ 73.579418][ T8273] ? retint_kernel+0x2b/0x2b [ 73.579454][ T8273] tun_chr_write_iter+0xaf/0x150 [ 73.622184][ T8273] do_iter_readv_writev+0x526/0xa70 [ 73.627447][ T8273] ? no_seek_end_llseek_size+0x20/0x20 [ 73.633094][ T8273] ? rw_verify_area+0xc5/0x2b0 [ 73.638104][ T8273] do_iter_write+0x12a/0x510 [ 73.643039][ T8273] ? dup_iter+0x220/0x220 [ 73.647523][ T8273] vfs_writev+0x16d/0x2d0 [ 73.652010][ T8273] ? vfs_iter_write+0xb0/0xb0 [ 73.656679][ T8273] ? __kasan_check_read+0x11/0x20 [ 73.661732][ T8273] ? ksys_dup3+0x2e0/0x2e0 [ 73.666148][ T8273] ? retint_kernel+0x2b/0x2b [ 73.670732][ T8273] ? __fget_light+0x1a7/0x220 [ 73.675518][ T8273] do_writev+0x112/0x2e0 [ 73.679762][ T8273] ? vfs_writev+0x2d0/0x2d0 [ 73.684644][ T8273] ? do_syscall_64+0x21/0x630 [ 73.689313][ T8273] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 73.695383][ T8273] __x64_sys_writev+0x70/0xb0 [ 73.700136][ T8273] do_syscall_64+0xca/0x630 [ 73.704645][ T8273] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 73.710532][ T8273] RIP: 0033:0x45a7d1 [ 73.714760][ T8273] Code: 75 14 b8 14 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 b7 fb ff c3 48 83 ec 08 e8 fa 2c 00 00 48 89 04 24 b8 14 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 43 2d 00 00 48 89 d0 48 83 c4 08 48 3d 01 [ 73.735545][ T8273] RSP: 002b:00007fccc2bb1ba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 [ 73.744049][ T8273] RAX: ffffffffffffffda RBX: 0000000000207843 RCX: 000000000045a7d1 [ 73.754375][ T8273] RDX: 0000000000000001 RSI: 00007fccc2bb1c00 RDI: 00000000000000f0 [ 73.762805][ T8273] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 73.773271][ T8273] R10: 0000000000000000 R11: 0000000000000293 R12: 00007fccc2bb26d4 [ 73.781250][ T8273] R13: 00000000004cab1f R14: 00000000004e4040 R15: 00000000ffffffff [ 73.790623][ T8273] [ 73.792955][ T8273] The buggy address belongs to the page: [ 73.799186][ T8273] page:ffffea0001f6fc00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 73.808487][ T8273] flags: 0xfffe0000000000() [ 73.813006][ T8273] raw: 00fffe0000000000 ffffea0001f6fc08 ffffea0001f6fc08 0000000000000000 [ 73.822367][ T8273] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 73.831233][ T8273] page dumped because: kasan: bad access detected [ 73.837831][ T8273] [ 73.840154][ T8273] Memory state around the buggy address: [ 73.846205][ T8273] ffff88807dbeff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 73.854715][ T8273] ffff88807dbeff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 73.864178][ T8273] >ffff88807dbf0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 73.872888][ T8273] ^ [ 73.879705][ T8273] ffff88807dbf0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 73.887778][ T8273] ffff88807dbf0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 73.896465][ T8273] ================================================================== [ 73.904725][ T8273] Disabling lock debugging due to kernel taint [ 73.911432][ T8273] Kernel panic - not syncing: panic_on_warn set ... [ 73.918533][ T8273] CPU: 1 PID: 8273 Comm: syz-executor.4 Tainted: G B 5.6.0-rc5-syzkaller #0 [ 73.928638][ T8273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.939051][ T8273] Call Trace: [ 73.943284][ T8273] dump_stack+0x12d/0x187 [ 73.948582][ T8273] ? eth_type_trans+0x5a0/0x740 [ 73.953590][ T8273] panic+0x22a/0x4e3 [ 73.958173][ T8273] ? add_taint.cold.7+0x11/0x11 [ 73.963013][ T8273] ? do_raw_spin_unlock+0x54/0x260 [ 73.968232][ T8273] ? eth_type_trans+0x601/0x740 [ 73.973074][ T8273] end_report+0x47/0x4f [ 73.977746][ T8273] __kasan_report.cold.11+0xe/0x32 [ 73.982991][ T8273] ? eth_type_trans+0x601/0x740 [ 73.988146][ T8273] ? eth_type_trans+0x601/0x740 [ 73.993373][ T8273] kasan_report+0x12/0x20 [ 73.997803][ T8273] __asan_report_load8_noabort+0x14/0x20 [ 74.003438][ T8273] eth_type_trans+0x601/0x740 [ 74.008107][ T8273] ? eth_gro_receive+0x940/0x940 [ 74.013624][ T8273] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 74.019337][ T8273] ? llc_pdu_set_pf_bit+0x2e/0x180 [ 74.024541][ T8273] napi_gro_frags+0x6da/0xb00 [ 74.029430][ T8273] tun_get_user+0x2412/0x37b0 [ 74.035682][ T8273] ? __kasan_check_read+0x11/0x20 [ 74.040947][ T8273] ? tun_build_skb.isra.54+0x1110/0x1110 [ 74.047351][ T8273] ? aa_path_link+0x340/0x340 [ 74.052381][ T8273] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 74.057868][ T8273] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 74.063435][ T8273] ? lockdep_hardirqs_on+0x42d/0x5d0 [ 74.068711][ T8273] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 74.074266][ T8273] ? rcu_irq_exit+0x182/0x330 [ 74.078936][ T8273] ? retint_kernel+0x2b/0x2b [ 74.083566][ T8273] tun_chr_write_iter+0xaf/0x150 [ 74.088504][ T8273] do_iter_readv_writev+0x526/0xa70 [ 74.093812][ T8273] ? no_seek_end_llseek_size+0x20/0x20 [ 74.099311][ T8273] ? rw_verify_area+0xc5/0x2b0 [ 74.104463][ T8273] do_iter_write+0x12a/0x510 [ 74.109045][ T8273] ? dup_iter+0x220/0x220 [ 74.113790][ T8273] vfs_writev+0x16d/0x2d0 [ 74.118114][ T8273] ? vfs_iter_write+0xb0/0xb0 [ 74.123046][ T8273] ? __kasan_check_read+0x11/0x20 [ 74.128090][ T8273] ? ksys_dup3+0x2e0/0x2e0 [ 74.132538][ T8273] ? retint_kernel+0x2b/0x2b [ 74.137127][ T8273] ? __fget_light+0x1a7/0x220 [ 74.141798][ T8273] do_writev+0x112/0x2e0 [ 74.146016][ T8273] ? vfs_writev+0x2d0/0x2d0 [ 74.150501][ T8273] ? do_syscall_64+0x21/0x630 [ 74.155443][ T8273] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 74.162294][ T8273] __x64_sys_writev+0x70/0xb0 [ 74.167230][ T8273] do_syscall_64+0xca/0x630 [ 74.171715][ T8273] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 74.177595][ T8273] RIP: 0033:0x45a7d1 [ 74.181466][ T8273] Code: 75 14 b8 14 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 b7 fb ff c3 48 83 ec 08 e8 fa 2c 00 00 48 89 04 24 b8 14 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 43 2d 00 00 48 89 d0 48 83 c4 08 48 3d 01 [ 74.201700][ T8273] RSP: 002b:00007fccc2bb1ba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014 [ 74.210110][ T8273] RAX: ffffffffffffffda RBX: 0000000000207843 RCX: 000000000045a7d1 [ 74.218148][ T8273] RDX: 0000000000000001 RSI: 00007fccc2bb1c00 RDI: 00000000000000f0 [ 74.226269][ T8273] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 74.234310][ T8273] R10: 0000000000000000 R11: 0000000000000293 R12: 00007fccc2bb26d4 [ 74.242437][ T8273] R13: 00000000004cab1f R14: 00000000004e4040 R15: 00000000ffffffff [ 74.252401][ T8273] Kernel Offset: disabled [ 74.257511][ T8273] Rebooting in 86400 seconds..