         Starting OpenBSD Secure Shell server...
         Starting Permit User Sessions...
[[0;32m  OK  [0m] Started Permit User Sessions.
[[0;32m  OK  [0m] Started Getty on tty5.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Getty on tty4.
[[0;32m  OK  [0m] Started Getty on tty6.
[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.
Warning: Permanently added '10.128.10.7' (ECDSA) to the list of known hosts.
[[0m[0;31m*     [0m] A start job is running for dev-ttyS0.device (8s / 1min 30s)[K[[0;1;31m*[0m[0;31m*    [0m] A start job is running for dev-ttyS0.device (8s / 1min 30s)[K[[0;31m*[0;1;31m*[0m[0;31m*   [0m] A start job is running for dev-ttyS0.device (9s / 1min 30s)[K[ [0;31m*[0;1;31m*[0m[0;31m*  [0m] A start job is running for dev-ttyS0.device (9s / 1min 30s)[K[  [0;31m*[0;1;31m*[0m[0;31m* [0m] A start job is running for dev-ttyS0.device (10s / 1min 30s)[K[   [0;31m*[0;1;31m*[0m[0;31m*[0m] A start job is running for dev-ttyS0.device (10s / 1min 30s)[K[    [0;31m*[0;1;31m*[0m] A start job is running for dev-ttyS0.device (11s / 1min 30s)[K[     [0;31m*[0m] A start job is running for dev-ttyS0.device (11s / 1min 30s)[K[    [0;31m*[0;1;31m*[0m] A start job is running for dev-ttyS0.device (12s / 1min 30s)[   18.891726][   T22] audit: type=1400 audit(1616016323.163:8): avc:  denied  { execmem } for  pid=337 comm="syz-executor915" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   18.947185][  T338] bridge0: port 1(bridge_slave_0) entered blocking state
[   18.954238][  T338] bridge0: port 1(bridge_slave_0) entered disabled state
[   18.961530][  T338] device bridge_slave_0 entered promiscuous mode
[   18.968795][  T338] bridge0: port 2(bridge_slave_1) entered blocking state
[   18.976070][  T338] bridge0: port 2(bridge_slave_1) entered disabled state
[   18.983356][  T338] device bridge_slave_1 entered promiscuous mode
[   19.021477][  T338] bridge0: port 2(bridge_slave_1) entered blocking state
[   19.028525][  T338] bridge0: port 2(bridge_slave_1) entered forwarding state
[   19.035820][  T338] bridge0: port 1(bridge_slave_0) entered blocking state
[   19.042832][  T338] bridge0: port 1(bridge_slave_0) entered forwarding state
[   19.063020][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[   19.070767][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[   19.079435][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   19.087633][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   19.104542][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   19.112743][   T67] bridge0: port 1(bridge_slave_0) entered blocking state
[   19.119760][   T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[   19.127335][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   19.135544][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[   19.142548][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[   19.150847][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   19.159116][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
executing program
[   19.171837][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   19.182422][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   19.196029][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   19.211771][  T146] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   19.220454][  T146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   19.234454][  T338] ==================================================================
[   19.243476][  T338] BUG: KASAN: use-after-free in eth_header_parse_protocol+0xad/0xd0
[   19.251422][  T338] Read of size 2 at addr ffff8881e8e0000b by task syz-executor915/338
[   19.259638][  T338] 
[   19.261942][  T338] CPU: 1 PID: 338 Comm: syz-executor915 Not tainted 5.4.106-syzkaller-00698-g3941336d0e38 #0
[   19.272694][  T338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   19.282833][  T338] Call Trace:
[   19.286099][  T338]  dump_stack+0x1d8/0x24e
[   19.290487][  T338]  ? show_regs_print_info+0x12/0x12
[   19.295767][  T338]  ? printk+0xcf/0x114
[   19.299970][  T338]  print_address_description+0x9b/0x650
[   19.305486][  T338]  ? devkmsg_release+0x11c/0x11c
[   19.310410][  T338]  __kasan_report+0x182/0x260
[   19.315061][  T338]  ? eth_header_parse_protocol+0xad/0xd0
[   19.320678][  T338]  kasan_report+0x30/0x60
[   19.324998][  T338]  eth_header_parse_protocol+0xad/0xd0
[   19.330442][  T338]  ? eth_header_cache_update+0x30/0x30
[   19.330450][  T338]  virtio_net_hdr_to_skb+0x6de/0xd70
[   19.330462][  T338]  ? fanout_demux_bpf+0x230/0x230
[   19.346421][  T338]  ? skb_copy_datagram_from_iter+0x5ce/0x6b0
[   19.352469][  T338]  ? skb_put+0x10f/0x1e0
[   19.356757][  T338]  packet_sendmsg+0x483a/0x6780
[   19.361612][  T338]  ? __rcu_read_lock+0x50/0x50
[K[   19.366371][  T338]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   19.372751][  T338]  ? __rcu_read_lock+0x50/0x50
[   19.377512][  T338]  ? _copy_to_user+0x8e/0xb0
[   19.382101][  T338]  ? sock_do_ioctl+0x31c/0x370
[[   19.386850][  T338]  ? sock_splice_read+0xf0/0xf0
[   19.391760][  T338]  ? memset+0x1f/0x40
[   19.395764][  T338]  ? selinux_socket_sendmsg+0x11f/0x340
[   19.401296][  T338]  ? selinux_socket_accept+0x5b0/0x5b0
   [0;31m*[0;1[   19.406738][  T338]  ? compat_packet_setsockopt+0x160/0x160
[   19.413818][  T338]  ? alloc_file+0x80/0x4d0
[   19.418220][  T338]  ? security_socket_sendmsg+0x9d/0xb0
;31m*[0m[0;31m[   19.423937][  T338]  ? compat_packet_setsockopt+0x160/0x160
[   19.431047][  T338]  __sys_sendto+0x4f1/0x6c0
[   19.435543][  T338]  ? __ia32_sys_getpeername+0x80/0x80
[   19.440902][  T338]  ? preempt_count_add+0x66/0x130
*[0m] A start j[   19.445925][  T338]  ? debug_smp_processor_id+0x20/0x20
[   19.455203][  T338]  ? sock_create_kern+0x40/0x40
[   19.460041][  T338]  __x64_sys_sendto+0xda/0xf0
ob is running fo[   19.464703][  T338]  do_syscall_64+0xcb/0x1e0
[   19.470569][  T338]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
r dev-ttyS0.devi[   19.476547][  T338] RIP: 0033:0x443229
[   19.481803][  T338] Code: 28 c3 e8 4a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
ce (12s / 1min 3[   19.501403][  T338] RSP: 002b:00007ffdd88701c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   19.511183][  T338] RAX: ffffffffffffffda RBX: 00007ffdd88701e8 RCX: 0000000000443229
[   19.519144][  T338] RDX: 0000000000000040 RSI: 0000000020000140 RDI: 0000000000000003
[   19.527099][  T338] RBP: 0000000000000003 R08: 0000000020000100 R09: 0000000000000014
[   19.535060][  T338] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdd88701f0
[   19.543023][  T338] R13: 00007ffdd8870210 R14: 00000000004b8018 R15: 00000000004004b8
[   19.550983][  T338] 
[   19.553297][  T338] Allocated by task 338:
[   19.557569][  T338]  __kasan_kmalloc+0x137/0x1e0
0s)[   19.562411][  T338]  kmem_cache_alloc+0x115/0x290
[   19.567511][  T338]  sk_prot_alloc+0x58/0x260
[   19.572000][  T338]  sk_alloc+0x30/0x330
[   19.576063][  T338]  unix_create1+0x8e/0x530
[   19.580536][  T338]  unix_create+0x129/0x1b0
[   19.584919][  T338]  __sock_create+0x393/0x730
[   19.589474][  T338]  __sys_socket+0x133/0x370
[   19.593942][  T338]  __x64_sys_socket+0x76/0x80
[   19.598600][  T338]  do_syscall_64+0xcb/0x1e0
[   19.603068][  T338]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   19.608922][  T338] 
[   19.611218][  T338] Freed by task 338:
[   19.615090][  T338]  __kasan_slab_free+0x18a/0x240
[   19.619992][  T338]  slab_free_freelist_hook+0x7b/0x150
[   19.625328][  T338]  kmem_cache_free+0xb8/0x5f0
[   19.629982][  T338]  __sk_destruct+0x418/0x4b0
[   19.634548][  T338]  unix_release_sock+0x8b2/0xa30
[   19.639449][  T338]  unix_release+0x4a/0x80
[   19.643758][  T338]  sock_close+0xd2/0x250
[   19.647966][  T338]  __fput+0x27d/0x6c0
[   19.651925][  T338]  task_work_run+0x186/0x1b0
[   19.656479][  T338]  prepare_exit_to_usermode+0x2b0/0x310
[   19.661989][  T338]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   19.667857][  T338] 
[   19.670153][  T338] The buggy address belongs to the object at ffff8881e8e00000
[   19.670153][  T338]  which belongs to the cache UNIX of size 1152
[   19.683651][  T338] The buggy address is located 11 bytes inside of
[   19.683651][  T338]  1152-byte region [ffff8881e8e00000, ffff8881e8e00480)
[   19.696889][  T338] The buggy address belongs to the page:
[   19.702499][  T338] page:ffffea0007a38000 refcount:1 mapcount:0 mapping:ffff8881f40dfb80 index:0x0 compound_mapcount: 0
[   19.713389][  T338] flags: 0x8000000000010200(slab|head)
[   19.718821][  T338] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f40dfb80
[   19.727371][  T338] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[   19.735929][  T338] page dumped because: kasan: bad access detected
[   19.742301][  T338] 
[   19.744607][  T338] Memory state around the buggy address:
[   19.750206][  T338]  ffff8881e8dfff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.758231][  T338]  ffff8881e8dfff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.766265][  T338] >ffff8881e8e00000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.77