[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   68.008118][   T26] audit: type=1800 audit(1576105610.161:25): pid=8894 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   68.027944][   T26] audit: type=1800 audit(1576105610.161:26): pid=8894 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   68.078315][   T26] audit: type=1800 audit(1576105610.171:27): pid=8894 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.40' (ECDSA) to the list of known hosts.
2019/12/11 23:06:59 fuzzer started
2019/12/11 23:07:01 dialing manager at 10.128.0.26:33577
2019/12/11 23:07:01 syscalls: 2701
2019/12/11 23:07:01 code coverage: enabled
2019/12/11 23:07:01 comparison tracing: enabled
2019/12/11 23:07:01 extra coverage: enabled
2019/12/11 23:07:01 setuid sandbox: enabled
2019/12/11 23:07:01 namespace sandbox: enabled
2019/12/11 23:07:01 Android sandbox: /sys/fs/selinux/policy does not exist
2019/12/11 23:07:01 fault injection: enabled
2019/12/11 23:07:01 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/12/11 23:07:01 net packet injection: enabled
2019/12/11 23:07:01 net device setup: enabled
2019/12/11 23:07:01 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/12/11 23:07:01 devlink PCI setup: PCI device 0000:00:10.0 is not available
23:08:58 executing program 0:
r0 = gettid()
syncfs(0xffffffffffffffff)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
ioctl$PERF_EVENT_IOC_ID(0xffffffffffffffff, 0x80082407, 0x0)
r1 = eventfd2(0x0, 0x0)
fallocate(r1, 0x0, 0x0, 0x9)
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0)
ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000000)={0xdd, 0xe1, 0x0, 0x9, 0x3})
statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
shmget$private(0x0, 0x3000, 0x10, &(0x7f0000ffa000/0x3000)=nil)
setsockopt$inet6_IPV6_PKTINFO(r2, 0x29, 0x32, &(0x7f0000000100)={@loopback}, 0x14)
tkill(r0, 0x1000000000015)

23:08:58 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_VLAN_STATS_ENABLED={0x8, 0x29, 0xff}]}}}]}, 0x3c}}, 0x0)

syzkaller login: [  196.510704][ T9063] IPVS: ftp: loaded support on port[0] = 21
[  196.727263][ T9066] IPVS: ftp: loaded support on port[0] = 21
[  196.727641][ T9063] chnl_net:caif_netlink_parms(): no params data found
23:08:59 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f0000ca6000)={&(0x7f00000000c0)={0x2, 0xf, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0, [@sadb_x_sec_ctx={0x1}, @sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast2, @in=@local}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa8}}, 0x0)

[  196.801394][ T9063] bridge0: port 1(bridge_slave_0) entered blocking state
[  196.810304][ T9063] bridge0: port 1(bridge_slave_0) entered disabled state
[  196.820001][ T9063] device bridge_slave_0 entered promiscuous mode
[  196.832876][ T9063] bridge0: port 2(bridge_slave_1) entered blocking state
[  196.841884][ T9063] bridge0: port 2(bridge_slave_1) entered disabled state
[  196.860685][ T9063] device bridge_slave_1 entered promiscuous mode
[  196.934579][ T9063] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  196.965515][ T9063] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  197.012716][ T9063] team0: Port device team_slave_0 added
[  197.022555][ T9063] team0: Port device team_slave_1 added
[  197.058491][ T9068] IPVS: ftp: loaded support on port[0] = 21
23:08:59 executing program 3:
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]})
ptrace(0x4207, 0xffffffffffffffff)

[  197.107776][ T9063] device hsr_slave_0 entered promiscuous mode
[  197.225911][ T9063] device hsr_slave_1 entered promiscuous mode
23:08:59 executing program 4:
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]})
socketpair(0x0, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pwrite64(r0, 0x0, 0x0, 0x0)

[  197.379834][ T9071] IPVS: ftp: loaded support on port[0] = 21
[  197.452069][ T9066] chnl_net:caif_netlink_parms(): no params data found
[  197.547501][ T9063] netdevsim netdevsim0 netdevsim0: renamed from eth0
23:08:59 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_dev$sndpcmp(0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xfffff000}, [@IFLA_AF_SPEC={0x8, 0x1a, [{0x4, 0x2}]}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0x400000000000000}, 0x0)

[  197.614872][ T9063] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  197.715663][ T9063] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  197.766475][ T9063] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  197.831280][ T9066] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.839857][ T9066] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.848685][ T9066] device bridge_slave_0 entered promiscuous mode
[  197.869338][ T9076] IPVS: ftp: loaded support on port[0] = 21
[  197.871376][ T9075] IPVS: ftp: loaded support on port[0] = 21
[  197.926107][ T9066] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.933691][ T9066] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.941355][ T9066] device bridge_slave_1 entered promiscuous mode
[  198.010202][ T9066] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  198.023672][ T9066] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  198.037241][ T9068] chnl_net:caif_netlink_parms(): no params data found
[  198.088358][ T9066] team0: Port device team_slave_0 added
[  198.094498][ T9071] chnl_net:caif_netlink_parms(): no params data found
[  198.106256][ T9066] team0: Port device team_slave_1 added
[  198.226683][ T9066] device hsr_slave_0 entered promiscuous mode
[  198.263861][ T9066] device hsr_slave_1 entered promiscuous mode
[  198.303552][ T9066] debugfs: Directory 'hsr0' with parent '/' already present!
[  198.336732][ T9068] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.344664][ T9068] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.354353][ T9068] device bridge_slave_0 entered promiscuous mode
[  198.376168][ T9071] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.384509][ T9071] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.392501][ T9071] device bridge_slave_0 entered promiscuous mode
[  198.402445][ T9071] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.409749][ T9071] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.417717][ T9071] device bridge_slave_1 entered promiscuous mode
[  198.425034][ T9068] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.432126][ T9068] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.442758][ T9068] device bridge_slave_1 entered promiscuous mode
[  198.508722][ T9068] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  198.520437][ T9068] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  198.549876][ T9068] team0: Port device team_slave_0 added
[  198.561708][ T9071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  198.609313][ T9076] chnl_net:caif_netlink_parms(): no params data found
[  198.621307][ T9068] team0: Port device team_slave_1 added
[  198.628632][ T9071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  198.655342][ T9071] team0: Port device team_slave_0 added
[  198.673120][ T9071] team0: Port device team_slave_1 added
[  198.687764][ T9075] chnl_net:caif_netlink_parms(): no params data found
[  198.788196][ T9071] device hsr_slave_0 entered promiscuous mode
[  198.843804][ T9071] device hsr_slave_1 entered promiscuous mode
[  198.883667][ T9071] debugfs: Directory 'hsr0' with parent '/' already present!
[  198.895422][ T9066] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  198.945867][ T9066] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  199.045741][ T9066] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  199.136876][ T9068] device hsr_slave_0 entered promiscuous mode
[  199.193852][ T9068] device hsr_slave_1 entered promiscuous mode
[  199.243553][ T9068] debugfs: Directory 'hsr0' with parent '/' already present!
[  199.261292][ T9075] bridge0: port 1(bridge_slave_0) entered blocking state
[  199.275376][ T9075] bridge0: port 1(bridge_slave_0) entered disabled state
[  199.283249][ T9075] device bridge_slave_0 entered promiscuous mode
[  199.292145][ T9075] bridge0: port 2(bridge_slave_1) entered blocking state
[  199.299385][ T9075] bridge0: port 2(bridge_slave_1) entered disabled state
[  199.307721][ T9075] device bridge_slave_1 entered promiscuous mode
[  199.314856][ T9066] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  199.412003][ T9075] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  199.427236][ T9076] bridge0: port 1(bridge_slave_0) entered blocking state
[  199.435237][ T9076] bridge0: port 1(bridge_slave_0) entered disabled state
[  199.443082][ T9076] device bridge_slave_0 entered promiscuous mode
[  199.451807][ T9076] bridge0: port 2(bridge_slave_1) entered blocking state
[  199.459029][ T9076] bridge0: port 2(bridge_slave_1) entered disabled state
[  199.467155][ T9076] device bridge_slave_1 entered promiscuous mode
[  199.491688][ T9075] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  199.515817][ T9063] 8021q: adding VLAN 0 to HW filter on device bond0
[  199.539077][ T9071] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  199.580107][ T9071] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  199.659992][ T9068] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  199.708698][ T9075] team0: Port device team_slave_0 added
[  199.714922][ T9071] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  199.766186][ T9071] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  199.820945][ T9076] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  199.833473][ T9075] team0: Port device team_slave_1 added
[  199.839726][ T9068] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  199.885760][ T9063] 8021q: adding VLAN 0 to HW filter on device team0
[  199.901383][ T9076] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  199.915216][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  199.924229][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  199.933031][ T9068] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  199.997336][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  200.007137][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  200.016495][ T3701] bridge0: port 1(bridge_slave_0) entered blocking state
[  200.024046][ T3701] bridge0: port 1(bridge_slave_0) entered forwarding state
[  200.032104][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  200.041320][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  200.049857][ T3701] bridge0: port 2(bridge_slave_1) entered blocking state
[  200.056970][ T3701] bridge0: port 2(bridge_slave_1) entered forwarding state
[  200.066458][ T9068] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  200.176882][ T9075] device hsr_slave_0 entered promiscuous mode
[  200.244401][ T9075] device hsr_slave_1 entered promiscuous mode
[  200.283574][ T9075] debugfs: Directory 'hsr0' with parent '/' already present!
[  200.299572][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  200.307957][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  200.317193][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  200.353078][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  200.362716][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  200.372319][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  200.382943][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  200.392093][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  200.401695][ T9076] team0: Port device team_slave_0 added
[  200.413184][ T9076] team0: Port device team_slave_1 added
[  200.452203][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  200.461586][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  200.471147][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  200.479874][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  200.495826][ T9063] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  200.517945][ T9066] 8021q: adding VLAN 0 to HW filter on device bond0
[  200.566918][ T9076] device hsr_slave_0 entered promiscuous mode
[  200.613801][ T9076] device hsr_slave_1 entered promiscuous mode
[  200.653561][ T9076] debugfs: Directory 'hsr0' with parent '/' already present!
[  200.682456][ T9075] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  200.730061][ T9075] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  200.795708][ T9075] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  200.841341][ T9066] 8021q: adding VLAN 0 to HW filter on device team0
[  200.860731][ T9074] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  200.868814][ T9074] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  200.876762][ T9074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  200.884631][ T9074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  200.895708][ T9075] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  200.957675][ T9074] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  200.967393][ T9074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  200.978930][ T9074] bridge0: port 1(bridge_slave_0) entered blocking state
[  200.986054][ T9074] bridge0: port 1(bridge_slave_0) entered forwarding state
[  201.008249][ T9063] 8021q: adding VLAN 0 to HW filter on device batadv0
[  201.032111][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  201.040350][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  201.049344][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  201.059505][ T3701] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.066625][ T3701] bridge0: port 2(bridge_slave_1) entered forwarding state
[  201.075705][ T3701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  201.106873][ T9076] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  201.146430][ T9076] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  201.197221][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  201.215100][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  201.224667][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  201.236459][ T9068] 8021q: adding VLAN 0 to HW filter on device bond0
[  201.259255][ T9076] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  201.320937][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  201.334096][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  201.342980][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  201.353185][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  201.369564][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  201.378519][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  201.387215][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  201.398029][ T9071] 8021q: adding VLAN 0 to HW filter on device bond0
23:09:03 executing program 0:

[  201.417524][ T9076] netdevsim netdevsim5 netdevsim3: renamed from eth3
23:09:03 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071")
r1 = socket(0x10, 0x2, 0xc)
write(r1, &(0x7f0000000080)="1f0000000104ff00fd4354c7071100def205010008000100017ca5d59e950f", 0x1f)
write(r1, &(0x7f0000000000)="1f0000000104fffffd3b54c007110006f30501000b000200000010d10200cf", 0x1f)

[  201.492576][ T9071] 8021q: adding VLAN 0 to HW filter on device team0
[  201.528419][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  201.539482][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  201.551978][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  201.562391][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  201.576613][ T9066] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  201.596472][ T9090] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.0'.
[  201.616902][ T9068] 8021q: adding VLAN 0 to HW filter on device team0
23:09:03 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000001c0)={0x4, <r2=>0xffffffffffffffff})
dup3(r0, r2, 0x0)

[  201.654423][ T9066] 8021q: adding VLAN 0 to HW filter on device batadv0
[  201.676354][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  201.687256][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  201.696675][ T2735] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.703814][ T2735] bridge0: port 1(bridge_slave_0) entered forwarding state
[  201.711714][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  201.722165][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  201.731344][ T2735] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.738500][ T2735] bridge0: port 1(bridge_slave_0) entered forwarding state
[  201.750302][ T9093] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  201.751845][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  201.780716][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  201.816087][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  201.824234][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  201.843507][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  201.852239][ T2735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  201.870124][ T9092] list_del corruption. prev->next should be ffff8880902a3970, but was ffff88821b84e930
[  201.880856][ T9092] ------------[ cut here ]------------
[  201.886688][ T9092] kernel BUG at lib/list_debug.c:51!
[  201.892070][ T9092] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  201.901963][ T9092] CPU: 1 PID: 9092 Comm: syz-executor.0 Not tainted 5.5.0-rc1-next-20191211-syzkaller #0
[  201.911745][ T9092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  201.921801][ T9092] RIP: 0010:__list_del_entry_valid.cold+0xf/0x4f
[  201.928124][ T9092] Code: e8 c9 00 cb fd 0f 0b 48 89 f1 48 c7 c7 c0 10 70 88 4c 89 e6 e8 b5 00 cb fd 0f 0b 4c 89 f6 48 c7 c7 60 12 70 88 e8 a4 00 cb fd <0f> 0b 4c 89 ea 4c 89 f6 48 c7 c7 a0 11 70 88 e8 90 00 cb fd 0f 0b
[  201.948991][ T9092] RSP: 0018:ffffc90002407c00 EFLAGS: 00010282
[  201.955220][ T9092] RAX: 0000000000000054 RBX: ffff88821b84b160 RCX: 0000000000000000
[  201.963221][ T9092] RDX: 0000000000000000 RSI: ffffffff815e8576 RDI: fffff52000480f72
[  201.971289][ T9092] RBP: ffffc90002407c18 R08: 0000000000000054 R09: ffffed1015d26621
[  201.980970][ T9092] R10: ffffed1015d26620 R11: ffff8880ae933107 R12: ffff88821b84b260
[  201.989179][ T9092] R13: ffff88821b84e930 R14: ffff8880902a3970 R15: ffff8880902a3970
[  201.997326][ T9092] FS:  0000000001376940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  202.006641][ T9092] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  202.013327][ T9092] CR2: 0000001b32223000 CR3: 00000000a8dc9000 CR4: 00000000001426e0
[  202.021715][ T9092] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  202.029773][ T9092] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  202.037749][ T9092] Call Trace:
[  202.041030][ T9092]  __dentry_kill+0x1fd/0x600
[  202.045701][ T9092]  ? dput+0x38/0xe10
[  202.049577][ T9092]  ? dput+0x38/0xe10
[  202.053460][ T9092]  dput+0x62f/0xe10
[  202.057264][ T9092]  simple_recursive_removal+0x5bc/0x6d0
[  202.062792][ T9092]  ? debugfs_rename+0x7f0/0x7f0
[  202.067631][ T9092]  debugfs_remove+0x5e/0x80
[  202.072217][ T9092]  kvm_put_kvm+0x136/0xcc0
[  202.076639][ T9092]  ? kvm_irqfd_release+0xe2/0x120
[  202.081662][ T9092]  ? kvm_irqfd_release+0xe2/0x120
[  202.086668][ T9092]  kvm_vm_release+0x44/0x60
[  202.091150][ T9092]  __fput+0x2ff/0x890
[  202.095125][ T9092]  ? kvm_dev_ioctl+0x17d0/0x17d0
[  202.100053][ T9092]  ____fput+0x16/0x20
[  202.104024][ T9092]  task_work_run+0x145/0x1c0
[  202.108706][ T9092]  exit_to_usermode_loop+0x316/0x380
[  202.114068][ T9092]  do_syscall_64+0x676/0x790
[  202.118653][ T9092]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  202.124538][ T9092] RIP: 0033:0x4143e1
[  202.129158][ T9092] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  202.148946][ T9092] RSP: 002b:00007ffcd4d19270 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  202.157360][ T9092] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00000000004143e1
[  202.165611][ T9092] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  202.173574][ T9092] RBP: 0000000000000001 R08: 000000003560b3b2 R09: 000000003560b3b6
[  202.181538][ T9092] R10: 00007ffcd4d19350 R11: 0000000000000293 R12: 000000000075c9a0
[  202.189497][ T9092] R13: 000000000075c9a0 R14: 00000000007602c8 R15: 000000000075bfd4
[  202.197453][ T9092] Modules linked in:
[  202.201377][ T9092] ---[ end trace 2060af44561f5be8 ]---
[  202.206860][ T9092] RIP: 0010:__list_del_entry_valid.cold+0xf/0x4f
[  202.213179][ T9092] Code: e8 c9 00 cb fd 0f 0b 48 89 f1 48 c7 c7 c0 10 70 88 4c 89 e6 e8 b5 00 cb fd 0f 0b 4c 89 f6 48 c7 c7 60 12 70 88 e8 a4 00 cb fd <0f> 0b 4c 89 ea 4c 89 f6 48 c7 c7 a0 11 70 88 e8 90 00 cb fd 0f 0b
[  202.232931][ T9092] RSP: 0018:ffffc90002407c00 EFLAGS: 00010282
[  202.239047][ T9092] RAX: 0000000000000054 RBX: ffff88821b84b160 RCX: 0000000000000000
[  202.247125][ T9092] RDX: 0000000000000000 RSI: ffffffff815e8576 RDI: fffff52000480f72
[  202.255130][ T9092] RBP: ffffc90002407c18 R08: 0000000000000054 R09: ffffed1015d26621
[  202.263212][ T9092] R10: ffffed1015d26620 R11: ffff8880ae933107 R12: ffff88821b84b260
[  202.271223][ T9092] R13: ffff88821b84e930 R14: ffff8880902a3970 R15: ffff8880902a3970
[  202.279221][ T9092] FS:  0000000001376940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  202.288182][ T9092] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  202.294802][ T9092] CR2: 0000001b32223000 CR3: 00000000a8dc9000 CR4: 00000000001426e0
[  202.302784][ T9092] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  202.310805][ T9092] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  202.318801][ T9092] Kernel panic - not syncing: Fatal exception
[  202.326425][ T9092] Kernel Offset: disabled
[  202.330763][ T9092] Rebooting in 86400 seconds..