[   42.410328][   T26] audit: type=1800 audit(1570891166.301:25): pid=7833 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   42.450760][   T26] audit: type=1800 audit(1570891166.301:26): pid=7833 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   42.481154][   T26] audit: type=1800 audit(1570891166.301:27): pid=7833 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   42.501058][   T26] audit: type=1800 audit(1570891166.301:28): pid=7833 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.1.23' (ECDSA) to the list of known hosts.
syzkaller login: [   52.657291][ T7990] IPVS: ftp: loaded support on port[0] = 21
[   52.657305][ T7993] IPVS: ftp: loaded support on port[0] = 21
[   52.675831][ T7994] IPVS: ftp: loaded support on port[0] = 21
[   52.675836][ T7992] IPVS: ftp: loaded support on port[0] = 21
[   52.688944][ T7991] IPVS: ftp: loaded support on port[0] = 21
[   52.702882][ T7995] IPVS: ftp: loaded support on port[0] = 21
[   52.950110][ T7992] chnl_net:caif_netlink_parms(): no params data found
[   52.985289][ T7995] chnl_net:caif_netlink_parms(): no params data found
[   53.002870][ T7993] chnl_net:caif_netlink_parms(): no params data found
[   53.014833][ T7994] chnl_net:caif_netlink_parms(): no params data found
[   53.042287][ T7991] chnl_net:caif_netlink_parms(): no params data found
[   53.119146][ T7993] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.126937][ T7993] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.134671][ T7993] device bridge_slave_0 entered promiscuous mode
[   53.142256][ T7992] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.149301][ T7992] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.159224][ T7992] device bridge_slave_0 entered promiscuous mode
[   53.168337][ T7992] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.175572][ T7992] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.183300][ T7992] device bridge_slave_1 entered promiscuous mode
[   53.207592][ T7995] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.215908][ T7995] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.223677][ T7995] device bridge_slave_0 entered promiscuous mode
[   53.231737][ T7993] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.238816][ T7993] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.247407][ T7993] device bridge_slave_1 entered promiscuous mode
[   53.254873][ T7990] chnl_net:caif_netlink_parms(): no params data found
[   53.268694][ T7991] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.276228][ T7991] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.286057][ T7991] device bridge_slave_0 entered promiscuous mode
[   53.293336][ T7994] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.300381][ T7994] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.308633][ T7994] device bridge_slave_0 entered promiscuous mode
[   53.316179][ T7995] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.324918][ T7995] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.333943][ T7995] device bridge_slave_1 entered promiscuous mode
[   53.369870][ T7993] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.384076][ T7991] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.392177][ T7991] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.399941][ T7991] device bridge_slave_1 entered promiscuous mode
[   53.412180][ T7994] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.419417][ T7994] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.427850][ T7994] device bridge_slave_1 entered promiscuous mode
[   53.436399][ T7995] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.448670][ T7995] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.466828][ T7993] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.477401][ T7992] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.520580][ T7992] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.534878][ T7991] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.550034][ T7991] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.566221][ T7995] team0: Port device team_slave_0 added
[   53.574133][ T7990] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.583091][ T7990] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.591288][ T7990] device bridge_slave_0 entered promiscuous mode
[   53.599795][ T7993] team0: Port device team_slave_0 added
[   53.624926][ T7994] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.635376][ T7995] team0: Port device team_slave_1 added
[   53.643074][ T7990] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.650136][ T7990] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.657908][ T7990] device bridge_slave_1 entered promiscuous mode
[   53.666064][ T7993] team0: Port device team_slave_1 added
[   53.674325][ T7992] team0: Port device team_slave_0 added
[   53.685574][ T7992] team0: Port device team_slave_1 added
[   53.693530][ T7994] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.714592][ T7991] team0: Port device team_slave_0 added
[   53.724356][ T7991] team0: Port device team_slave_1 added
[   53.757091][ T7994] team0: Port device team_slave_0 added
[   53.815133][ T7995] device hsr_slave_0 entered promiscuous mode
[   53.871087][ T7995] device hsr_slave_1 entered promiscuous mode
[   53.926226][ T7990] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.940622][ T7990] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   53.958449][ T7994] team0: Port device team_slave_1 added
[   54.002286][ T7993] device hsr_slave_0 entered promiscuous mode
[   54.040963][ T7993] device hsr_slave_1 entered promiscuous mode
[   54.081052][ T7993] debugfs: Directory 'hsr0' with parent '/' already present!
[   54.133401][ T7991] device hsr_slave_0 entered promiscuous mode
[   54.200925][ T7991] device hsr_slave_1 entered promiscuous mode
[   54.270768][ T7991] debugfs: Directory 'hsr0' with parent '/' already present!
[   54.287719][ T7990] team0: Port device team_slave_0 added
[   54.297826][ T7990] team0: Port device team_slave_1 added
[   54.382758][ T7992] device hsr_slave_0 entered promiscuous mode
[   54.440953][ T7992] device hsr_slave_1 entered promiscuous mode
[   54.520694][ T7992] debugfs: Directory 'hsr0' with parent '/' already present!
[   54.583262][ T7994] device hsr_slave_0 entered promiscuous mode
[   54.621208][ T7994] device hsr_slave_1 entered promiscuous mode
[   54.660766][ T7994] debugfs: Directory 'hsr0' with parent '/' already present!
[   54.753487][ T7990] device hsr_slave_0 entered promiscuous mode
[   54.802425][ T7990] device hsr_slave_1 entered promiscuous mode
[   54.840822][ T7990] debugfs: Directory 'hsr0' with parent '/' already present!
[   54.928645][ T7991] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.948370][ T7993] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.967867][ T7991] 8021q: adding VLAN 0 to HW filter on device team0
[   54.983272][ T7992] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.993072][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   55.003044][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   55.016560][ T7993] 8021q: adding VLAN 0 to HW filter on device team0
[   55.034917][ T7994] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.048250][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   55.061206][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   55.069698][ T3505] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.076953][ T3505] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.086837][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   55.095880][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   55.103812][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   55.112706][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   55.121430][ T3505] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.128578][ T3505] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.136784][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   55.162876][ T7995] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.177827][ T7992] 8021q: adding VLAN 0 to HW filter on device team0
[   55.193068][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   55.202690][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   55.212457][ T3505] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.219512][ T3505] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.227147][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   55.236461][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   55.244904][ T3505] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.252057][ T3505] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.259712][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   55.268353][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   55.277367][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   55.285948][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   55.294794][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   55.303577][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   55.311908][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   55.320219][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   55.328348][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   55.336378][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   55.345221][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   55.353813][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   55.363054][ T3505] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.370102][ T3505] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.377823][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   55.387251][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   55.396075][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   55.404530][ T3505] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.411709][ T3505] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.419947][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   55.428493][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   55.436389][ T3505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   55.454709][ T7994] 8021q: adding VLAN 0 to HW filter on device team0
[   55.467461][ T7990] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.482276][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   55.491637][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   55.499955][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   55.513931][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   55.523612][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   55.531364][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   55.538998][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   55.547835][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   55.556443][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   55.569549][ T7991] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   55.581711][ T7991] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   55.603812][ T7990] 8021q: adding VLAN 0 to HW filter on device team0
[   55.610861][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   55.618868][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   55.628660][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   55.638804][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   55.647743][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   55.656283][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   55.664903][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   55.673190][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   55.681528][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   55.697099][ T7993] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   55.725096][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   55.734523][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   55.743823][ T2974] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.751078][ T2974] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.758623][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   55.767548][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   55.776087][ T2974] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.783330][ T2974] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.791025][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   55.799557][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   55.808018][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   55.816616][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   55.825614][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   55.834131][ T2974] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.841333][ T2974] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.848879][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   55.857539][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   55.866302][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   55.874766][ T2974] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.882542][ T2974] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.890025][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   55.898676][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   55.907286][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   55.915901][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   55.924525][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   55.933352][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   55.943125][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   55.951356][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   55.959059][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   55.967215][ T2974] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   55.983175][ T7995] 8021q: adding VLAN 0 to HW filter on device team0
[   55.999311][ T7994] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   56.010798][ T7994] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   56.030923][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.038936][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.047747][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   56.058795][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   56.067582][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   56.076461][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   56.085473][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   56.094343][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   56.102935][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   56.111555][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   56.119692][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   56.128445][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   56.137648][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   56.153614][ T7992] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   56.174084][ T7993] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.182313][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   56.193642][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   56.202588][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   56.211899][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   56.220341][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   56.229366][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   56.238246][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.245353][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.253471][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   56.261443][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   56.273515][ T7994] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.293511][ T7991] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.304914][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   56.319435][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   56.340001][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.347153][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.366369][ T7992] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.377018][ T8004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
executing program
[   56.387848][ T8004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   56.405193][ T8004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   56.417368][ T8004] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
executing program
[   56.442188][ T8004] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   56.459362][ T8004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   56.477076][ T8004] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   56.482465][ T8021] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
[   56.486015][ T8004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   56.522516][ T8024] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
[   56.546016][ T8004] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   56.554953][ T8004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   56.563514][ T8004] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   56.575050][ T7990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
executing program
[   56.598657][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   56.609609][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   56.632640][ T8029] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
[   56.634851][ T7995] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   56.676897][ T7995] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   56.689267][ T8004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
executing program
[   56.698289][ T8004] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   56.728580][ T7990] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.739931][ T7995] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.755943][ T8034] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
[   56.777988][ T8011] Bluetooth: Error in BCSP hdr checksum
executing program
executing program
[   56.849439][ T8047] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
[   56.886140][ T8046] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
[   58.542393][   T12] Bluetooth: hci0: command 0x1003 tx timeout
[   58.549110][ T8049] Bluetooth: hci0: sending frame failed (-49)
[   58.621470][   T12] Bluetooth: hci1: command 0x1003 tx timeout
[   58.627776][ T8049] Bluetooth: hci1: sending frame failed (-49)
[   58.701601][   T12] Bluetooth: hci2: command 0x1003 tx timeout
[   58.707819][ T8049] Bluetooth: hci2: sending frame failed (-49)
[   58.781420][   T12] Bluetooth: hci3: command 0x1003 tx timeout
[   58.787637][ T8049] Bluetooth: hci3: sending frame failed (-49)
[   58.941273][ T8004] Bluetooth: hci5: command 0x1003 tx timeout
[   58.947643][ T8049] Bluetooth: hci5: sending frame failed (-49)
[   58.954158][ T8004] Bluetooth: hci4: command 0x1003 tx timeout
[   58.960295][ T8049] Bluetooth: hci4: sending frame failed (-49)
[   60.620644][ T8004] Bluetooth: hci0: command 0x1001 tx timeout
[   60.626740][ T8049] Bluetooth: hci0: sending frame failed (-49)
[   60.700997][ T8004] Bluetooth: hci1: command 0x1001 tx timeout
[   60.707154][ T8049] Bluetooth: hci1: sending frame failed (-49)
[   60.780925][ T8004] Bluetooth: hci2: command 0x1001 tx timeout
[   60.787244][ T8049] Bluetooth: hci2: sending frame failed (-49)
[   60.870778][ T8004] Bluetooth: hci3: command 0x1001 tx timeout
[   60.876981][ T8049] Bluetooth: hci3: sending frame failed (-49)
[   61.020871][ T8004] Bluetooth: hci5: command 0x1001 tx timeout
[   61.021308][   T12] Bluetooth: hci4: command 0x1001 tx timeout
[   61.034078][ T8049] Bluetooth: hci5: sending frame failed (-49)
[   61.043863][ T8049] Bluetooth: hci4: sending frame failed (-49)
[   62.701185][   T12] Bluetooth: hci0: command 0x1009 tx timeout
[   62.780679][   T12] Bluetooth: hci1: command 0x1009 tx timeout
[   62.861021][   T12] Bluetooth: hci2: command 0x1009 tx timeout
[   62.940650][   T12] Bluetooth: hci3: command 0x1009 tx timeout
[   63.100742][ T8004] Bluetooth: hci4: command 0x1009 tx timeout
[   63.100780][   T12] Bluetooth: hci5: command 0x1009 tx timeout
executing program
[   66.625405][ T8015] ==================================================================
[   66.635392][ T8015] BUG: KASAN: use-after-free in kfree_skb+0x2a/0xb0
[   66.642010][ T8015] Read of size 4 at addr ffff88808ae76494 by task syz-executor096/8015
[   66.650354][ T8015] 
[   66.652687][ T8015] CPU: 0 PID: 8015 Comm: syz-executor096 Not tainted 5.4.0-rc2+ #0
[   66.660572][ T8015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.670621][ T8015] Call Trace:
[   66.670647][ T8015]  dump_stack+0x1d8/0x2f8
[   66.670663][ T8015]  print_address_description+0x75/0x5c0
[   66.670675][ T8015]  ? vprintk_func+0x158/0x170
[   66.670684][ T8015]  ? printk+0x62/0x8d
[   66.670692][ T8015]  ? vprintk_emit+0x2d4/0x3a0
[   66.670705][ T8015]  __kasan_report+0x14b/0x1c0
[   66.670719][ T8015]  ? kfree_skb+0x2a/0xb0
[   66.670729][ T8015]  kasan_report+0x26/0x50
[   66.670739][ T8015]  check_memory_region+0x2cf/0x2e0
[   66.670749][ T8015]  __kasan_check_read+0x11/0x20
[   66.670761][ T8015]  kfree_skb+0x2a/0xb0
[   66.670773][ T8015]  bcsp_close+0xb1/0xf0
[   66.670783][ T8015]  hci_uart_tty_close+0x201/0x240
[   66.678545][ T8015]  ? hci_uart_tty_open+0x340/0x340
[   66.678563][ T8015]  tty_ldisc_close+0x126/0x180
[   66.688761][ T8015]  tty_ldisc_release+0x248/0x5a0
[   66.688778][ T8015]  tty_release_struct+0x2a/0xe0
[   66.702076][ T8015]  tty_release+0xce9/0xfa0
[   66.702095][ T8015]  ? tty_release_struct+0xe0/0xe0
[   66.702107][ T8015]  __fput+0x2e4/0x740
[   66.702123][ T8015]  ____fput+0x15/0x20
[   66.702133][ T8015]  task_work_run+0x17e/0x1b0
[   66.702149][ T8015]  prepare_exit_to_usermode+0x459/0x580
[   66.702165][ T8015]  syscall_return_slowpath+0x113/0x4a0
[   66.702177][ T8015]  do_syscall_64+0x11f/0x1c0
[   66.702192][ T8015]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   66.702204][ T8015] RIP: 0033:0x407421
[   66.702213][ T8015] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 24 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[   66.702217][ T8015] RSP: 002b:00007fff742f28a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   66.715956][ T8015] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000407421
[   66.715962][ T8015] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   66.715968][ T8015] RBP: 00000000006dec4c R08: 00000000004b126b R09: 00000000004b126b
[   66.715973][ T8015] R10: 00007fff742f28c0 R11: 0000000000000293 R12: 00000000006dec40
[   66.715981][ T8015] R13: 0000000000000000 R14: 20c49ba5e353f7cf R15: 0000000000000009
[   66.725145][ T8015] 
[   66.725154][ T8015] Allocated by task 8011:
[   66.876072][ T8015]  __kasan_kmalloc+0x11c/0x1b0
[   66.880824][ T8015]  kasan_slab_alloc+0xf/0x20
[   66.885401][ T8015]  kmem_cache_alloc_node+0x235/0x280
[   66.890759][ T8015]  __alloc_skb+0x9f/0x500
[   66.895176][ T8015]  bcsp_recv+0x12e7/0x1720
[   66.899661][ T8015]  hci_uart_tty_receive+0x16b/0x470
[   66.904863][ T8015]  tty_ldisc_receive_buf+0x12e/0x170
[   66.910208][ T8015]  tty_port_default_receive_buf+0x82/0xb0
[   66.915998][ T8015]  flush_to_ldisc+0x328/0x550
[   66.920666][ T8015]  process_one_work+0x7ef/0x10e0
[   66.925692][ T8015]  worker_thread+0xc01/0x1630
[   66.930345][ T8015]  kthread+0x332/0x350
[   66.934401][ T8015]  ret_from_fork+0x24/0x30
[   66.938788][ T8015] 
[   66.941117][ T8015] Freed by task 8011:
[   66.945094][ T8015]  __kasan_slab_free+0x12a/0x1e0
[   66.950008][ T8015]  kasan_slab_free+0xe/0x10
[   66.954488][ T8015]  kmem_cache_free+0x81/0xf0
[   66.959068][ T8015]  __kfree_skb+0x118/0x170
[   66.963478][ T8015]  kfree_skb+0x6f/0xb0
[   66.967618][ T8015]  bcsp_recv+0x99c/0x1720
[   66.971929][ T8015]  hci_uart_tty_receive+0x16b/0x470
[   66.977406][ T8015]  tty_ldisc_receive_buf+0x12e/0x170
[   66.982674][ T8015]  tty_port_default_receive_buf+0x82/0xb0
[   66.988626][ T8015]  flush_to_ldisc+0x328/0x550
[   66.993285][ T8015]  process_one_work+0x7ef/0x10e0
[   66.998353][ T8015]  worker_thread+0xc01/0x1630
[   67.003020][ T8015]  kthread+0x332/0x350
[   67.007069][ T8015]  ret_from_fork+0x24/0x30
[   67.011475][ T8015] 
[   67.013810][ T8015] The buggy address belongs to the object at ffff88808ae763c0
[   67.013810][ T8015]  which belongs to the cache skbuff_head_cache of size 224
[   67.028378][ T8015] The buggy address is located 212 bytes inside of
[   67.028378][ T8015]  224-byte region [ffff88808ae763c0, ffff88808ae764a0)
[   67.041750][ T8015] The buggy address belongs to the page:
[   67.047387][ T8015] page:ffffea00022b9d80 refcount:1 mapcount:0 mapping:ffff8880a9806700 index:0x0
[   67.056473][ T8015] flags: 0x1fffc0000000200(slab)
[   67.061422][ T8015] raw: 01fffc0000000200 ffffea0002631888 ffffea00023cc908 ffff8880a9806700
[   67.069993][ T8015] raw: 0000000000000000 ffff88808ae76000 000000010000000c 0000000000000000
[   67.078562][ T8015] page dumped because: kasan: bad access detected
[   67.084954][ T8015] 
[   67.087258][ T8015] Memory state around the buggy address:
[   67.092871][ T8015]  ffff88808ae76380: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   67.100923][ T8015]  ffff88808ae76400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.108969][ T8015] >ffff88808ae76480: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[   67.117006][ T8015]                          ^
[   67.121581][ T8015]  ffff88808ae76500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   67.129720][ T8015]  ffff88808ae76580: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   67.138374][ T8015] ==================================================================
[   67.146410][ T8015] Disabling lock debugging due to kernel taint
[   67.153156][ T8015] Kernel panic - not syncing: panic_on_warn set ...
[   67.159757][ T8015] CPU: 0 PID: 8015 Comm: syz-executor096 Tainted: G    B             5.4.0-rc2+ #0
[   67.169184][ T8015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   67.179238][ T8015] Call Trace:
[   67.182520][ T8015]  dump_stack+0x1d8/0x2f8
[   67.187017][ T8015]  panic+0x264/0x7a9
[   67.190894][ T8015]  ? __kasan_report+0x195/0x1c0
[   67.195731][ T8015]  ? trace_hardirqs_on+0x34/0x80
[   67.200662][ T8015]  ? __kasan_report+0x195/0x1c0
[   67.205606][ T8015]  __kasan_report+0x1bb/0x1c0
[   67.210282][ T8015]  ? kfree_skb+0x2a/0xb0
[   67.215564][ T8015]  kasan_report+0x26/0x50
[   67.219891][ T8015]  check_memory_region+0x2cf/0x2e0
[   67.224986][ T8015]  __kasan_check_read+0x11/0x20
[   67.229824][ T8015]  kfree_skb+0x2a/0xb0
[   67.233963][ T8015]  bcsp_close+0xb1/0xf0
[   67.238094][ T8015]  hci_uart_tty_close+0x201/0x240
[   67.243091][ T8015]  ? hci_uart_tty_open+0x340/0x340
[   67.248226][ T8015]  tty_ldisc_close+0x126/0x180
[   67.252977][ T8015]  tty_ldisc_release+0x248/0x5a0
[   67.257908][ T8015]  tty_release_struct+0x2a/0xe0
[   67.261245][ T8045] kobject: 'rfkill10' (000000002427dc71): kobject_uevent_env
[   67.262743][ T8015]  tty_release+0xce9/0xfa0
[   67.270118][ T8045] kobject: 'rfkill10' (000000002427dc71): fill_kobj_path: path = '/devices/virtual/bluetooth/hci5/rfkill10'
[   67.274475][ T8015]  ? tty_release_struct+0xe0/0xe0
[   67.274484][ T8015]  __fput+0x2e4/0x740
[   67.274494][ T8015]  ____fput+0x15/0x20
[   67.274503][ T8015]  task_work_run+0x17e/0x1b0
[   67.274516][ T8015]  prepare_exit_to_usermode+0x459/0x580
[   67.274528][ T8015]  syscall_return_slowpath+0x113/0x4a0
[   67.274537][ T8015]  do_syscall_64+0x11f/0x1c0
[   67.274551][ T8015]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   67.274562][ T8015] RIP: 0033:0x407421
[   67.292240][ T8045] kobject: 'rfkill10' (000000002427dc71): kobject_cleanup, parent 000000003f055b4f
[   67.294979][ T8015] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 24 1a 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[   67.294984][ T8015] RSP: 002b:00007fff742f28a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   67.294995][ T8015] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000407421
[   67.295005][ T8015] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[   67.299134][ T8045] kobject: 'rfkill10' (000000002427dc71): calling ktype release
[   67.303629][ T8015] RBP: 00000000006dec4c R08: 00000000004b126b R09: 00000000004b126b
[   67.303634][ T8015] R10: 00007fff742f28c0 R11: 0000000000000293 R12: 00000000006dec40
[   67.303638][ T8015] R13: 0000000000000000 R14: 20c49ba5e353f7cf R15: 0000000000000009
[   67.305218][ T8015] Kernel Offset: disabled
[   67.419521][ T8015] Rebooting in 86400 seconds..