[ 36.858136][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 36.858141][ T26] audit: type=1800 audit(1576652697.984:29): pid=7496 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 36.885003][ T26] audit: type=1800 audit(1576652697.984:30): pid=7496 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 48.022590][ T7662] IPVS: ftp: loaded support on port[0] = 21 [ 48.460833][ T7660] can: request_module (can-proto-0) failed. [ 49.723437][ T7660] can: request_module (can-proto-0) failed. [ 49.734378][ T7660] can: request_module (can-proto-0) failed. Warning: Permanently added '10.128.0.126' (ECDSA) to the list of known hosts. 2019/12/18 07:05:17 parsed 1 programs 2019/12/18 07:05:18 executed programs: 0 [ 57.197816][ T7744] IPVS: ftp: loaded support on port[0] = 21 [ 57.198142][ T7740] IPVS: ftp: loaded support on port[0] = 21 [ 57.227220][ T7745] IPVS: ftp: loaded support on port[0] = 21 [ 57.229664][ T7743] IPVS: ftp: loaded support on port[0] = 21 [ 57.246953][ T7738] IPVS: ftp: loaded support on port[0] = 21 [ 57.262973][ T7736] IPVS: ftp: loaded support on port[0] = 21 [ 57.419428][ T7740] chnl_net:caif_netlink_parms(): no params data found [ 57.467146][ T7744] chnl_net:caif_netlink_parms(): no params data found [ 57.511251][ T7738] chnl_net:caif_netlink_parms(): no params data found [ 57.532961][ T7744] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.540555][ T7744] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.548327][ T7744] device bridge_slave_0 entered promiscuous mode [ 57.558957][ T7744] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.566098][ T7744] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.573922][ T7744] device bridge_slave_1 entered promiscuous mode [ 57.591347][ T7745] chnl_net:caif_netlink_parms(): no params data found [ 57.655149][ T7743] chnl_net:caif_netlink_parms(): no params data found [ 57.671219][ T7740] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.678444][ T7740] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.686544][ T7740] device bridge_slave_0 entered promiscuous mode [ 57.696344][ T7740] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.703495][ T7740] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.711128][ T7740] device bridge_slave_1 entered promiscuous mode [ 57.726880][ T7744] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.770140][ T7744] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.780017][ T7738] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.787657][ T7738] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.795643][ T7738] device bridge_slave_0 entered promiscuous mode [ 57.806747][ T7738] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.813910][ T7738] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.821606][ T7738] device bridge_slave_1 entered promiscuous mode [ 57.835185][ T7740] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.845571][ T7743] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.852854][ T7743] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.860347][ T7743] device bridge_slave_0 entered promiscuous mode [ 57.871241][ T7743] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.878678][ T7743] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.886887][ T7743] device bridge_slave_1 entered promiscuous mode [ 57.895083][ T7745] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.904144][ T7745] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.912070][ T7745] device bridge_slave_0 entered promiscuous mode [ 57.924687][ T7736] chnl_net:caif_netlink_parms(): no params data found [ 57.935363][ T7740] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.954430][ T7745] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.962169][ T7745] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.969706][ T7745] device bridge_slave_1 entered promiscuous mode [ 57.994211][ T7744] team0: Port device team_slave_0 added [ 58.009614][ T7740] team0: Port device team_slave_0 added [ 58.017334][ T7738] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.034273][ T7743] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.044823][ T7744] team0: Port device team_slave_1 added [ 58.051907][ T7743] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.062158][ T7740] team0: Port device team_slave_1 added [ 58.068754][ T7738] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.079204][ T7745] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.098680][ T7745] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.128640][ T7743] team0: Port device team_slave_0 added [ 58.154496][ T7743] team0: Port device team_slave_1 added [ 58.204150][ T7740] device hsr_slave_0 entered promiscuous mode [ 58.242158][ T7740] device hsr_slave_1 entered promiscuous mode [ 58.308513][ T7736] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.315792][ T7736] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.323537][ T7736] device bridge_slave_0 entered promiscuous mode [ 58.331814][ T7738] team0: Port device team_slave_0 added [ 58.337541][ T7736] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.344678][ T7736] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.352824][ T7736] device bridge_slave_1 entered promiscuous mode [ 58.393894][ T7744] device hsr_slave_0 entered promiscuous mode [ 58.431859][ T7744] device hsr_slave_1 entered promiscuous mode [ 58.471644][ T7744] debugfs: Directory 'hsr0' with parent '/' already present! [ 58.481036][ T7745] team0: Port device team_slave_0 added [ 58.487964][ T7738] team0: Port device team_slave_1 added [ 58.517181][ T7745] team0: Port device team_slave_1 added [ 58.582953][ T7738] device hsr_slave_0 entered promiscuous mode [ 58.631938][ T7738] device hsr_slave_1 entered promiscuous mode [ 58.671606][ T7738] debugfs: Directory 'hsr0' with parent '/' already present! [ 58.699066][ T7736] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.777933][ T7736] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.853841][ T7743] device hsr_slave_0 entered promiscuous mode [ 58.921927][ T7743] device hsr_slave_1 entered promiscuous mode [ 58.962190][ T7743] debugfs: Directory 'hsr0' with parent '/' already present! [ 59.277004][ T7745] device hsr_slave_0 entered promiscuous mode [ 59.443804][ T7745] device hsr_slave_1 entered promiscuous mode [ 59.541542][ T7745] debugfs: Directory 'hsr0' with parent '/' already present! [ 59.648252][ T7736] team0: Port device team_slave_0 added [ 59.795314][ T7736] team0: Port device team_slave_1 added [ 60.025165][ T7740] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.144165][ T7744] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.444900][ T7736] device hsr_slave_0 entered promiscuous mode [ 60.571810][ T7736] device hsr_slave_1 entered promiscuous mode [ 60.661801][ T7736] debugfs: Directory 'hsr0' with parent '/' already present! [ 60.683486][ T7744] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.724768][ T7738] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.796841][ T7740] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.831658][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.862431][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.870557][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 60.922127][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.998953][ T7738] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.089944][ T7744] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 61.181572][ T7744] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 61.186601][ T7743] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.253015][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.276840][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.332062][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.339264][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.395528][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.417211][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.449394][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.456619][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.466247][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 61.475283][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 61.484394][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 61.494389][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.503215][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 61.510957][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 61.520194][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.529439][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.538631][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.545736][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.554823][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.563514][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.572273][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.579323][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.587596][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 61.596986][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 61.605691][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 61.614337][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 61.623582][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 61.631913][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 61.640320][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 61.648845][ T42] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 61.677451][ T7743] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.720412][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.738949][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 61.749208][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 61.763829][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 61.777666][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 61.787216][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 61.800674][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.807800][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.823900][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 61.835101][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 61.854598][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.861737][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.895804][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 61.916185][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 61.936158][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 61.963491][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 61.983263][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.016086][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.045085][ T7745] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.082184][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.090061][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 62.117560][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 62.127049][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 62.136335][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 62.145551][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 62.154412][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 62.163439][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.172085][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 62.183751][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 62.192424][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.200858][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.209249][ T7752] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.216322][ T7752] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.224066][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.232667][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.240875][ T7752] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.247966][ T7752] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.255378][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 62.262832][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 62.270281][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 62.278618][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.286708][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 62.294953][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.305380][ T7744] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.324644][ T7738] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 62.336140][ T7738] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 62.346544][ T7740] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 62.356088][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 62.364630][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.373000][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 62.381158][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.401857][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.410249][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 62.422647][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 62.431165][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 62.440288][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 62.449018][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 62.460887][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 62.469270][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.477400][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 62.485699][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.494461][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 62.516013][ T7743] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 62.530544][ T7738] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.549151][ T7745] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.580039][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 62.587739][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 62.596929][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.608828][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.617292][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 62.624990][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 62.643705][ T7743] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.670972][ T7740] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.687904][ T7736] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.707739][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 62.715572][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 62.723664][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.732314][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.740646][ T2990] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.747784][ T2990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.755562][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.764139][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.772628][ T2990] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.779674][ T2990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.787287][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.795849][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 62.823454][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.846570][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 62.853757][ T7948] ================================================================== [ 62.862861][ T7948] BUG: KASAN: slab-out-of-bounds in watch_queue_ioctl+0x137a/0x15e0 [ 62.869899][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 62.870826][ T7948] Write of size 4 at addr ffff8880a5c6585c by task syz-executor.1/7948 [ 62.870829][ T7948] [ 62.870836][ T7948] CPU: 1 PID: 7948 Comm: syz-executor.1 Not tainted 5.4.0-rc2-syzkaller #0 [ 62.870840][ T7948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.870843][ T7948] Call Trace: [ 62.870856][ T7948] dump_stack+0x113/0x167 [ 62.870869][ T7948] print_address_description.constprop.8.cold.10+0x9/0x31d [ 62.880250][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 62.886888][ T7948] ? watch_queue_ioctl+0x137a/0x15e0 [ 62.886897][ T7948] __kasan_report.cold.11+0x1b/0x3a [ 62.886902][ T7948] ? watch_queue_ioctl+0x137a/0x15e0 [ 62.886909][ T7948] ? _copy_from_user+0x51/0x110 [ 62.886913][ T7948] ? watch_queue_ioctl+0x137a/0x15e0 [ 62.886918][ T7948] kasan_report+0x12/0x20 [ 62.886924][ T7948] __asan_report_store4_noabort+0x17/0x20 [ 62.886928][ T7948] watch_queue_ioctl+0x137a/0x15e0 [ 62.886938][ T7948] ? watch_queue_map_pages+0x4b0/0x4b0 [ 62.886944][ T7948] ? find_held_lock+0x36/0x1d0 [ 62.886955][ T7948] ? __fget+0x294/0x420 [ 62.886965][ T7948] do_vfs_ioctl+0x196/0x1150 [ 62.886974][ T7948] ? ioctl_preallocate+0x1c0/0x1c0 [ 62.886981][ T7948] ? __fget+0x2b1/0x420 [ 62.886994][ T7948] ? ksys_dup3+0x2e0/0x2e0 [ 62.892528][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 62.897979][ T7948] ? put_timespec64+0xa9/0x100 [ 62.897988][ T7948] ? nsecs_to_jiffies+0x20/0x20 [ 62.897999][ T7948] ? tomoyo_file_ioctl+0x14/0x20 [ 62.898009][ T7948] ksys_ioctl+0x62/0x90 [ 62.898016][ T7948] ? lockdep_hardirqs_on+0x42d/0x5d0 [ 62.898023][ T7948] __x64_sys_ioctl+0x6e/0xb0 [ 62.898034][ T7948] do_syscall_64+0xca/0x5d0 [ 62.911961][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 62.914498][ T7948] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.914505][ T7948] RIP: 0033:0x45a919 [ 62.914511][ T7948] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.914515][ T7948] RSP: 002b:00007f58f2da1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 62.914523][ T7948] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a919 [ 62.919315][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.926021][ T7948] RDX: 0000000020000240 RSI: 0000000000005761 RDI: 0000000000000003 [ 62.926024][ T7948] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 62.926027][ T7948] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f58f2da26d4 [ 62.926030][ T7948] R13: 00000000004cfb90 R14: 00000000004d8eb8 R15: 00000000ffffffff [ 62.926046][ T7948] [ 62.926050][ T7948] Allocated by task 7948: [ 62.926061][ T7948] save_stack+0x21/0x90 [ 62.926066][ T7948] __kasan_kmalloc.constprop.13+0xc7/0xd0 [ 62.926069][ T7948] kasan_kmalloc+0x9/0x10 [ 62.926073][ T7948] __kmalloc+0x164/0x790 [ 62.926078][ T7948] watch_queue_ioctl+0x2c4/0x15e0 [ 62.926084][ T7948] do_vfs_ioctl+0x196/0x1150 [ 62.926087][ T7948] ksys_ioctl+0x62/0x90 [ 62.926090][ T7948] __x64_sys_ioctl+0x6e/0xb0 [ 62.926096][ T7948] do_syscall_64+0xca/0x5d0 [ 62.926103][ T7948] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.926105][ T7948] [ 62.926108][ T7948] Freed by task 7844: [ 62.926111][ T7948] save_stack+0x21/0x90 [ 62.926115][ T7948] __kasan_slab_free+0x102/0x150 [ 62.926119][ T7948] kasan_slab_free+0xe/0x10 [ 62.926123][ T7948] kfree+0x108/0x2c0 [ 62.926129][ T7948] tomoyo_check_open_permission+0x15f/0x2f0 [ 62.926133][ T7948] tomoyo_file_open+0x81/0xa0 [ 62.926144][ T7948] security_file_open+0x46/0x240 [ 62.942474][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.944508][ T7948] do_dentry_open+0x2db/0x1100 [ 62.944514][ T7948] vfs_open+0x9a/0xc0 [ 62.944518][ T7948] path_openat+0xb76/0x3d00 [ 62.944522][ T7948] do_filp_open+0x177/0x250 [ 62.944525][ T7948] do_sys_open+0x1dd/0x370 [ 62.944529][ T7948] __x64_sys_open+0x79/0xb0 [ 62.944535][ T7948] do_syscall_64+0xca/0x5d0 [ 62.944545][ T7948] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.950347][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.954635][ T7948] [ 62.954641][ T7948] The buggy address belongs to the object at ffff8880a5c65840 [ 62.954641][ T7948] which belongs to the cache kmalloc-32 of size 32 [ 62.954645][ T7948] The buggy address is located 28 bytes inside of [ 62.954645][ T7948] 32-byte region [ffff8880a5c65840, ffff8880a5c65860) [ 62.954648][ T7948] The buggy address belongs to the page: [ 62.954654][ T7948] page:ffffea0002971940 refcount:1 mapcount:0 mapping:ffff8880aa4001c0 index:0xffff8880a5c65fc1 [ 62.954659][ T7948] flags: 0xfffe0000000200(slab) [ 62.954666][ T7948] raw: 00fffe0000000200 ffffea00029e7348 ffffea00025908c8 ffff8880aa4001c0 [ 62.954671][ T7948] raw: ffff8880a5c65fc1 ffff8880a5c65000 000000010000003f 0000000000000000 [ 62.954674][ T7948] page dumped because: kasan: bad access detected [ 62.954676][ T7948] [ 62.954678][ T7948] Memory state around the buggy address: [ 62.954681][ T7948] ffff8880a5c65700: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 62.954685][ T7948] ffff8880a5c65780: fb fb fb fb fc fc fc fc 00 00 05 fc fc fc fc fc [ 62.954688][ T7948] >ffff8880a5c65800: fb fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 62.954691][ T7948] ^ [ 62.954694][ T7948] ffff8880a5c65880: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 62.954698][ T7948] ffff8880a5c65900: fb fb fb fb fc fc fc fc 00 00 fc fc fc fc fc fc [ 62.954701][ T7948] ================================================================== [ 62.954704][ T7948] Disabling lock debugging due to kernel taint [ 62.961643][ T7948] Kernel panic - not syncing: panic_on_warn set ... [ 62.971042][ T2990] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 62.975140][ T7948] CPU: 1 PID: 7948 Comm: syz-executor.1 Tainted: G B 5.4.0-rc2-syzkaller #0 [ 62.975143][ T7948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.975145][ T7948] Call Trace: [ 62.975157][ T7948] dump_stack+0x113/0x167 [ 62.975163][ T7948] ? watch_queue_ioctl+0x1280/0x15e0 [ 62.975168][ T7948] panic+0x22a/0x4e3 [ 62.975172][ T7948] ? add_taint.cold.8+0x11/0x11 [ 62.975179][ T7948] ? ___preempt_schedule+0x16/0x20 [ 62.975184][ T7948] ? watch_queue_ioctl+0x137a/0x15e0 [ 62.975191][ T7948] end_report+0x47/0x4f [ 62.975195][ T7948] __kasan_report.cold.11+0xe/0x3a [ 62.975199][ T7948] ? watch_queue_ioctl+0x137a/0x15e0 [ 62.975205][ T7948] ? _copy_from_user+0x51/0x110 [ 62.975209][ T7948] ? watch_queue_ioctl+0x137a/0x15e0 [ 62.975213][ T7948] kasan_report+0x12/0x20 [ 62.975218][ T7948] __asan_report_store4_noabort+0x17/0x20 [ 62.975221][ T7948] watch_queue_ioctl+0x137a/0x15e0 [ 62.975228][ T7948] ? watch_queue_map_pages+0x4b0/0x4b0 [ 62.975233][ T7948] ? find_held_lock+0x36/0x1d0 [ 62.975240][ T7948] ? __fget+0x294/0x420 [ 62.975246][ T7948] do_vfs_ioctl+0x196/0x1150 [ 62.975251][ T7948] ? ioctl_preallocate+0x1c0/0x1c0 [ 62.975256][ T7948] ? __fget+0x2b1/0x420 [ 62.975262][ T7948] ? ksys_dup3+0x2e0/0x2e0 [ 62.975267][ T7948] ? put_timespec64+0xa9/0x100 [ 62.975272][ T7948] ? nsecs_to_jiffies+0x20/0x20 [ 62.975279][ T7948] ? tomoyo_file_ioctl+0x14/0x20 [ 62.975285][ T7948] ksys_ioctl+0x62/0x90 [ 62.975289][ T7948] ? lockdep_hardirqs_on+0x42d/0x5d0 [ 62.975294][ T7948] __x64_sys_ioctl+0x6e/0xb0 [ 62.975300][ T7948] do_syscall_64+0xca/0x5d0 [ 62.975308][ T7948] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 62.975312][ T7948] RIP: 0033:0x45a919 [ 62.975318][ T7948] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.975320][ T7948] RSP: 002b:00007f58f2da1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 62.975325][ T7948] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a919 [ 62.975327][ T7948] RDX: 0000000020000240 RSI: 0000000000005761 RDI: 0000000000000003 [ 62.975330][ T7948] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 62.975332][ T7948] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f58f2da26d4 [ 62.975338][ T7948] R13: 00000000004cfb90 R14: 00000000004d8eb8 R15: 00000000ffffffff [ 63.680881][ T7948] Kernel Offset: disabled [ 63.685354][ T7948] Rebooting in 86400 seconds..