[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   59.670439][   T26] audit: type=1800 audit(1563347922.948:25): pid=8957 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   59.710820][   T26] audit: type=1800 audit(1563347922.948:26): pid=8957 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   59.748386][   T26] audit: type=1800 audit(1563347922.948:27): pid=8957 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.46' (ECDSA) to the list of known hosts.
2019/07/17 07:19:38 parsed 1 programs
2019/07/17 07:19:40 executed programs: 0
syzkaller login: [  117.604691][ T9136] IPVS: ftp: loaded support on port[0] = 21
[  117.611362][ T9134] IPVS: ftp: loaded support on port[0] = 21
[  117.612155][ T9131] IPVS: ftp: loaded support on port[0] = 21
[  117.636179][ T9139] IPVS: ftp: loaded support on port[0] = 21
[  117.644163][ T9140] IPVS: ftp: loaded support on port[0] = 21
[  117.693502][ T9141] IPVS: ftp: loaded support on port[0] = 21
[  117.907747][ T9131] chnl_net:caif_netlink_parms(): no params data found
[  118.027299][ T9134] chnl_net:caif_netlink_parms(): no params data found
[  118.085303][ T9131] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.093171][ T9131] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.101516][ T9131] device bridge_slave_0 entered promiscuous mode
[  118.143963][ T9131] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.152239][ T9131] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.159837][ T9131] device bridge_slave_1 entered promiscuous mode
[  118.167599][ T9136] chnl_net:caif_netlink_parms(): no params data found
[  118.184371][ T9139] chnl_net:caif_netlink_parms(): no params data found
[  118.248341][ T9140] chnl_net:caif_netlink_parms(): no params data found
[  118.260092][ T9131] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  118.312248][ T9131] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  118.348075][ T9134] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.355886][ T9134] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.363934][ T9134] device bridge_slave_0 entered promiscuous mode
[  118.385874][ T9131] team0: Port device team_slave_0 added
[  118.397690][ T9139] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.406047][ T9139] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.413903][ T9139] device bridge_slave_0 entered promiscuous mode
[  118.422173][ T9139] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.429239][ T9139] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.437327][ T9139] device bridge_slave_1 entered promiscuous mode
[  118.446248][ T9134] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.454206][ T9134] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.462252][ T9134] device bridge_slave_1 entered promiscuous mode
[  118.483817][ T9131] team0: Port device team_slave_1 added
[  118.494746][ T9136] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.502943][ T9136] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.510515][ T9136] device bridge_slave_0 entered promiscuous mode
[  118.525204][ T9141] chnl_net:caif_netlink_parms(): no params data found
[  118.553898][ T9136] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.561448][ T9136] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.569131][ T9136] device bridge_slave_1 entered promiscuous mode
[  118.594094][ T9134] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  118.605675][ T9134] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  118.615325][ T9140] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.623209][ T9140] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.631153][ T9140] device bridge_slave_0 entered promiscuous mode
[  118.654567][ T9139] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  118.671593][ T9139] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  118.693089][ T9140] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.700258][ T9140] bridge0: port 2(bridge_slave_1) entered disabled state
[  118.708334][ T9140] device bridge_slave_1 entered promiscuous mode
[  118.729822][ T9136] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  118.780087][ T9136] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  118.822952][ T9131] device hsr_slave_0 entered promiscuous mode
[  118.887672][ T9131] device hsr_slave_1 entered promiscuous mode
[  118.983007][ T9134] team0: Port device team_slave_0 added
[  118.990342][ T9139] team0: Port device team_slave_0 added
[  118.996701][ T9141] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.004345][ T9141] bridge0: port 1(bridge_slave_0) entered disabled state
[  119.012630][ T9141] device bridge_slave_0 entered promiscuous mode
[  119.021657][ T9140] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  119.053497][ T9134] team0: Port device team_slave_1 added
[  119.060881][ T9139] team0: Port device team_slave_1 added
[  119.066683][ T9141] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.074388][ T9141] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.082430][ T9141] device bridge_slave_1 entered promiscuous mode
[  119.098039][ T9140] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  119.125142][ T9140] team0: Port device team_slave_0 added
[  119.138443][ T9136] team0: Port device team_slave_0 added
[  119.166090][ T9140] team0: Port device team_slave_1 added
[  119.173605][ T9136] team0: Port device team_slave_1 added
[  119.254081][ T9139] device hsr_slave_0 entered promiscuous mode
[  119.311262][ T9139] device hsr_slave_1 entered promiscuous mode
[  119.350996][ T9139] debugfs: Directory 'hsr0' with parent '/' already present!
[  119.360574][ T9141] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  119.372108][ T9141] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  119.434100][ T9134] device hsr_slave_0 entered promiscuous mode
[  119.471165][ T9134] device hsr_slave_1 entered promiscuous mode
[  119.520911][ T9134] debugfs: Directory 'hsr0' with parent '/' already present!
[  119.592498][ T9140] device hsr_slave_0 entered promiscuous mode
[  119.651049][ T9140] device hsr_slave_1 entered promiscuous mode
[  119.700962][ T9140] debugfs: Directory 'hsr0' with parent '/' already present!
[  119.719837][ T9141] team0: Port device team_slave_0 added
[  119.730660][ T9141] team0: Port device team_slave_1 added
[  119.803626][ T9136] device hsr_slave_0 entered promiscuous mode
[  119.861448][ T9136] device hsr_slave_1 entered promiscuous mode
[  119.901039][ T9136] debugfs: Directory 'hsr0' with parent '/' already present!
[  119.994143][ T9141] device hsr_slave_0 entered promiscuous mode
[  120.061209][ T9141] device hsr_slave_1 entered promiscuous mode
[  120.120791][ T9141] debugfs: Directory 'hsr0' with parent '/' already present!
[  120.198539][ T9131] 8021q: adding VLAN 0 to HW filter on device bond0
[  120.248650][ T9131] 8021q: adding VLAN 0 to HW filter on device team0
[  120.266389][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  120.275589][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  120.299610][ T9140] 8021q: adding VLAN 0 to HW filter on device bond0
[  120.329584][ T9139] 8021q: adding VLAN 0 to HW filter on device bond0
[  120.342322][ T3708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  120.352841][ T3708] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  120.362030][ T3708] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.369176][ T3708] bridge0: port 1(bridge_slave_0) entered forwarding state
[  120.377828][ T3708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  120.386477][ T3708] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  120.394898][ T3708] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.402018][ T3708] bridge0: port 2(bridge_slave_1) entered forwarding state
[  120.410040][ T3708] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  120.431290][ T9139] 8021q: adding VLAN 0 to HW filter on device team0
[  120.446832][ T9140] 8021q: adding VLAN 0 to HW filter on device team0
[  120.453908][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  120.462335][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  120.469913][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  120.477860][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  120.507124][ T9136] 8021q: adding VLAN 0 to HW filter on device bond0
[  120.524011][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  120.535169][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  120.547415][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.554522][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  120.563193][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  120.572384][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  120.581057][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  120.589386][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.596489][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  120.604092][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  120.612905][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  120.621691][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.628737][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  120.636553][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  120.645234][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  120.653769][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.660897][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  120.669002][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  120.677133][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  120.709371][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  120.718975][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  120.730357][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  120.739269][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  120.748227][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  120.756847][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  120.765995][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  120.774853][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  120.783768][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  120.810226][ T9134] 8021q: adding VLAN 0 to HW filter on device bond0
[  120.824173][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  120.835514][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  120.844451][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  120.853202][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  120.862418][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  120.871219][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  120.879475][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  120.888229][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  120.897590][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  120.932344][ T9141] 8021q: adding VLAN 0 to HW filter on device bond0
[  120.944205][ T9136] 8021q: adding VLAN 0 to HW filter on device team0
[  120.952165][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  120.960522][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  120.969617][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  120.978434][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  120.986861][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  120.997309][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  121.005598][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  121.014063][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  121.022283][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  121.030511][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  121.038824][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  121.047066][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  121.055430][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  121.063052][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  121.070953][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  121.078552][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  121.089203][ T9140] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  121.101502][ T9139] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  121.110617][ T3709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  121.121427][ T3709] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  121.132338][ T9134] 8021q: adding VLAN 0 to HW filter on device team0
[  121.151804][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  121.160464][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  121.169585][ T9149] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.176734][ T9149] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.186199][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  121.195359][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  121.203674][ T9149] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.210812][ T9149] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.219023][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  121.250555][ T9141] 8021q: adding VLAN 0 to HW filter on device team0
[  121.266335][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  121.277797][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  121.286566][ T3003] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.293672][ T3003] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.304334][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  121.312160][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  121.319771][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  121.328701][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  121.337125][ T3003] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.344230][ T3003] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.353466][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  121.379826][ T9140] 8021q: adding VLAN 0 to HW filter on device batadv0
[  121.407606][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  121.416864][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  121.425952][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.433081][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.444701][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  121.453669][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  121.462351][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.469396][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.477185][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  121.485836][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  121.494675][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  121.503735][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  121.513132][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  121.521718][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  121.530135][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  121.539158][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  121.547266][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  121.568611][ T9139] 8021q: adding VLAN 0 to HW filter on device batadv0
[  121.582307][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  121.597046][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  121.608892][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  121.624863][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  121.635908][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  121.645104][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  121.660484][ T9136] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  121.671883][ T9136] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  121.724228][ T9131] 8021q: adding VLAN 0 to HW filter on device batadv0
[  121.737767][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  121.752547][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  121.763435][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  121.776847][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  121.785351][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  121.794632][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  121.803209][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  121.811684][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  121.819816][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  121.828203][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  121.843502][ T9141] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  121.907197][ T9136] 8021q: adding VLAN 0 to HW filter on device batadv0
[  121.919095][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  121.928588][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  121.948745][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  121.957512][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  122.048767][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  122.073587][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  122.099238][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  122.125617][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  122.137399][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  122.155998][ T9149] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  122.181734][ T9141] 8021q: adding VLAN 0 to HW filter on device batadv0
[  122.279995][ T9134] 8021q: adding VLAN 0 to HW filter on device batadv0
2019/07/17 07:19:45 executed programs: 9
2019/07/17 07:19:51 executed programs: 66
2019/07/17 07:19:56 executed programs: 128
2019/07/17 07:20:01 executed programs: 187
2019/07/17 07:20:06 executed programs: 248
2019/07/17 07:20:11 executed programs: 309
2019/07/17 07:20:16 executed programs: 365
[  153.571343][    C1] hrtimer: interrupt took 930274 ns
2019/07/17 07:20:21 executed programs: 425
[  162.441127][    C1] ==================================================================
[  162.449340][    C1] BUG: KASAN: use-after-free in refcount_inc_not_zero_checked+0x81/0x200
[  162.457753][    C1] Read of size 4 at addr ffff888095f677c0 by task swapper/1/0
[  162.460888][T11549] ------------[ cut here ]------------
[  162.465211][    C1] 
[  162.465233][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.2.0+ #89
[  162.465242][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  162.465248][    C1] Call Trace:
[  162.465255][    C1]  <IRQ>
[  162.465275][    C1]  dump_stack+0x172/0x1f0
[  162.465299][    C1]  ? refcount_inc_not_zero_checked+0x81/0x200
[  162.465323][    C1]  print_address_description.cold+0xd4/0x306
[  162.471578][T11549] refcount_t: increment on 0; use-after-free.
[  162.473164][    C1]  ? refcount_inc_not_zero_checked+0x81/0x200
[  162.473180][    C1]  ? refcount_inc_not_zero_checked+0x81/0x200
[  162.473196][    C1]  __kasan_report.cold+0x1b/0x36
[  162.473215][    C1]  ? refcount_inc_not_zero_checked+0x81/0x200
[  162.473231][    C1]  kasan_report+0x12/0x20
[  162.473251][    C1]  check_memory_region+0x134/0x1a0
[  162.480538][T11549] WARNING: CPU: 0 PID: 11549 at lib/refcount.c:156 refcount_inc_checked+0x61/0x70
[  162.490138][    C1]  __kasan_check_read+0x11/0x20
[  162.493402][T11549] Kernel panic - not syncing: panic_on_warn set ...
[  162.496266][    C1]  refcount_inc_not_zero_checked+0x81/0x200
[  162.578232][    C1]  ? refcount_dec_and_mutex_lock+0x90/0x90
[  162.584059][    C1]  ? lock_acquire+0x190/0x410
[  162.588757][    C1]  ? nr_insert_socket+0x21/0xe0
[  162.593616][    C1]  ? refcount_dec_not_one+0x1f0/0x1f0
[  162.598991][    C1]  refcount_inc_checked+0x17/0x70
[  162.604027][    C1]  nr_insert_socket+0x2d/0xe0
[  162.608708][    C1]  nr_rx_frame+0x1605/0x1e80
[  162.613322][    C1]  nr_loopback_timer+0x7b/0x170
[  162.618325][    C1]  call_timer_fn+0x1ac/0x780
[  162.622922][    C1]  ? nr_process_rx_frame+0x1540/0x1540
[  162.628377][    C1]  ? msleep_interruptible+0x150/0x150
[  162.633838][    C1]  ? nr_process_rx_frame+0x1540/0x1540
[  162.639305][    C1]  run_timer_softirq+0x697/0x17a0
[  162.644343][    C1]  ? add_timer+0x930/0x930
[  162.649274][    C1]  ? kvm_clock_read+0x18/0x30
[  162.653955][    C1]  ? kvm_sched_clock_read+0x9/0x20
[  162.659060][    C1]  ? sched_clock+0x2e/0x50
[  162.663479][    C1]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  162.669721][    C1]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  162.675970][    C1]  __do_softirq+0x262/0x98c
[  162.680560][    C1]  ? sched_clock_cpu+0x1b/0x1b0
[  162.685435][    C1]  irq_exit+0x19b/0x1e0
[  162.689593][    C1]  smp_apic_timer_interrupt+0x1a3/0x610
[  162.695143][    C1]  apic_timer_interrupt+0xf/0x20
[  162.700092][    C1]  </IRQ>
[  162.703033][    C1] RIP: 0010:native_safe_halt+0xe/0x10
[  162.708409][    C1] Code: e8 2b 7b fa eb 8a 90 90 90 90 90 90 e9 07 00 00 00 0f 00 2d d4 0e 57 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d c4 0e 57 00 fb f4 <c3> 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 7e 27 2f fa e8 59
[  162.728118][    C1] RSP: 0018:ffff8880a98e7d68 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
[  162.736541][    C1] RAX: 1ffffffff11a5ca5 RBX: ffff8880a98ce340 RCX: 0000000000000000
[  162.744616][    C1] RDX: dffffc0000000000 RSI: 0000000000000006 RDI: ffff8880a98cebcc
[  162.752584][    C1] RBP: ffff8880a98e7d98 R08: ffff8880a98ce340 R09: 0000000000000000
[  162.760555][    C1] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  162.768521][    C1] R13: ffffffff89a29778 R14: 0000000000000000 R15: 0000000000000001
[  162.776525][    C1]  ? default_idle+0x4e/0x360
[  162.781117][    C1]  arch_cpu_idle+0xa/0x10
[  162.785449][    C1]  default_idle_call+0x84/0xb0
[  162.790212][    C1]  do_idle+0x413/0x760
[  162.794276][    C1]  ? __this_cpu_preempt_check+0x3a/0x210
[  162.799917][    C1]  ? arch_cpu_idle_exit+0x80/0x80
[  162.804949][    C1]  cpu_startup_entry+0x1b/0x20
[  162.809717][    C1]  start_secondary+0x315/0x430
[  162.814484][    C1]  ? set_cpu_sibling_map+0x2180/0x2180
[  162.819954][    C1]  secondary_startup_64+0xa4/0xb0
[  162.824986][    C1] 
[  162.825002][T11549] CPU: 0 PID: 11549 Comm: syz-executor.1 Not tainted 5.2.0+ #89
[  162.825017][T11549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  162.827333][    C1] Allocated by task 0:
[  162.834963][T11549] Call Trace:
[  162.845022][    C1]  save_stack+0x23/0x90
[  162.849073][T11549]  dump_stack+0x172/0x1f0
[  162.852348][    C1]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  162.856496][T11549]  ? refcount_inc_not_zero_checked+0x1e0/0x200
[  162.860811][    C1]  kasan_kmalloc+0x9/0x10
[  162.866432][T11549]  panic+0x2dc/0x755
[  162.872586][    C1]  __kmalloc+0x163/0x780
[  162.876920][T11549]  ? add_taint.cold+0x16/0x16
[  162.880818][    C1]  sk_prot_alloc+0x23a/0x310
[  162.885050][T11549]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  162.889701][    C1]  sk_alloc+0x39/0xf70
[  162.894277][T11549]  ? __warn.cold+0x5/0x4c
[  162.900502][    C1]  nr_rx_frame+0x733/0x1e80
[  162.904568][T11549]  ? __warn+0xe7/0x1e0
[  162.908979][    C1]  nr_loopback_timer+0x7b/0x170
[  162.913472][T11549]  ? refcount_inc_checked+0x61/0x70
[  162.917518][    C1]  call_timer_fn+0x1ac/0x780
[  162.922349][T11549]  __warn.cold+0x20/0x4c
[  162.927532][    C1]  run_timer_softirq+0x697/0x17a0
[  162.932107][T11549]  ? refcount_inc_checked+0x61/0x70
[  162.936334][    C1]  __do_softirq+0x262/0x98c
[  162.941343][T11549]  report_bug+0x263/0x2b0
[  162.946514][    C1] 
[  162.951012][T11549]  do_error_trap+0x11b/0x200
[  162.955320][    C1] Freed by task 11556:
[  162.957651][T11549]  do_invalid_op+0x37/0x50
[  162.962220][    C1]  save_stack+0x23/0x90
[  162.966270][T11549]  ? refcount_inc_checked+0x61/0x70
[  162.970666][    C1]  __kasan_slab_free+0x102/0x150
[  162.974892][T11549]  invalid_op+0x14/0x20
[  162.980071][    C1]  kasan_slab_free+0xe/0x10
[  162.984997][T11549] RIP: 0010:refcount_inc_checked+0x61/0x70
[  162.989136][    C1]  kfree+0x10a/0x2c0
[  162.993622][T11549] Code: 1d 50 c5 63 06 31 ff 89 de e8 4b 4a 37 fe 84 db 75 dd e8 02 49 37 fe 48 c7 c7 a0 1b c5 87 c6 05 30 c5 63 06 01 e8 e7 f2 08 fe <0f> 0b eb c1 90 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 41 57 41
[  162.999410][    C1]  __sk_destruct+0x4f7/0x6e0
[  163.003283][T11549] RSP: 0018:ffff88807b56fd48 EFLAGS: 00010286
[  163.022899][    C1]  sk_destruct+0x86/0xa0
[  163.027465][T11549] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  163.033519][    C1]  __sk_free+0xfb/0x360
[  163.037736][T11549] RDX: 0000000000000000 RSI: ffffffff815c1016 RDI: ffffed100f6adf9b
[  163.045697][    C1]  sk_free+0x42/0x50
[  163.050171][T11549] RBP: ffff88807b56fd58 R08: ffff8880939fc280 R09: ffffed1015d040f1
[  163.050187][T11549] R10: ffffed1015d040f0 R11: ffff8880ae820787 R12: ffff888095f677c0
[  163.058159][    C1]  sock_efree+0x61/0x80
[  163.062027][T11549] R13: ffff888089b74098 R14: ffff888095f67ab8 R15: ffff888095f677c0
[  163.069999][    C1]  skb_release_head_state+0xeb/0x260
[  163.077970][T11549]  ? vprintk_func+0x86/0x189
[  163.082107][    C1]  skb_release_all+0x16/0x60
[  163.090216][T11549]  ? refcount_inc_checked+0x61/0x70
[  163.095482][    C1]  kfree_skb+0x101/0x3c0
[  163.100057][T11549]  nr_release+0x62/0x3e0
[  163.104632][    C1]  nr_accept+0x570/0x720
[  163.109817][T11549]  __sock_release+0xce/0x280
[  163.114033][    C1]  __sys_accept4+0x34e/0x6a0
[  163.118263][T11549]  sock_close+0x1e/0x30
[  163.122489][    C1]  __x64_sys_accept+0x75/0xb0
[  163.127066][T11549]  __fput+0x2ff/0x890
[  163.131638][    C1]  do_syscall_64+0xfd/0x6a0
[  163.135774][T11549]  ? __sock_release+0x280/0x280
[  163.140435][    C1]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  163.144394][T11549]  ____fput+0x16/0x20
[  163.148874][    C1] 
[  163.153724][T11549]  task_work_run+0x145/0x1c0
[  163.159591][    C1] The buggy address belongs to the object at ffff888095f67740
[  163.159591][    C1]  which belongs to the cache kmalloc-2k of size 2048
[  163.163559][T11549]  exit_to_usermode_loop+0x316/0x380
[  163.165864][    C1] The buggy address is located 128 bytes inside of
[  163.165864][    C1]  2048-byte region [ffff888095f67740, ffff888095f67f40)
[  163.170460][T11549]  do_syscall_64+0x5a9/0x6a0
[  163.184496][    C1] The buggy address belongs to the page:
[  163.189777][T11549]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  163.203112][    C1] page:ffffea000257d980 refcount:1 mapcount:0 mapping:ffff8880aa400e00 index:0x0 compound_mapcount: 0
[  163.207696][T11549] RIP: 0033:0x413501
[  163.213318][    C1] flags: 0x1fffc0000010200(slab|head)
[  163.219198][T11549] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  163.230115][    C1] raw: 01fffc0000010200 ffffea00025b3b88 ffffea00022e4308 ffff8880aa400e00
[  163.233993][T11549] RSP: 002b:00007ffd6b274170 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  163.239345][    C1] raw: 0000000000000000 ffff888095f66640 0000000100000003 0000000000000000
[  163.258947][T11549] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413501
[  163.267545][    C1] page dumped because: kasan: bad access detected
[  163.275949][T11549] RDX: 0000001b2ee20000 RSI: 0000000000000000 RDI: 0000000000000003
[  163.275964][T11549] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[  163.284974][    C1] 
[  163.292938][T11549] R10: 00007ffd6b274250 R11: 0000000000000293 R12: 000000000075c9a0
[  163.292954][T11549] R13: 000000000075c9a0 R14: 0000000000760a50 R15: ffffffffffffffff
[  163.299353][    C1] Memory state around the buggy address:
[  163.339111][    C1]  ffff888095f67680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  163.347165][    C1]  ffff888095f67700: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  163.355220][    C1] >ffff888095f67780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  163.363271][    C1]                                            ^
[  163.369436][    C1]  ffff888095f67800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  163.377498][    C1]  ffff888095f67880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  163.385552][    C1] ==================================================================
[  163.393619][    C1] Disabling lock debugging due to kernel taint
[  163.400619][T11549] Kernel Offset: disabled
[  163.404942][T11549] Rebooting in 86400 seconds..