[   81.059797][   T27] audit: type=1800 audit(1581872405.525:25): pid=9824 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   82.009926][   T27] kauditd_printk_skb: 3 callbacks suppressed
[   82.009938][   T27] audit: type=1800 audit(1581872406.475:29): pid=9824 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   82.036554][   T27] audit: type=1800 audit(1581872406.475:30): pid=9824 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.155' (ECDSA) to the list of known hosts.
2020/02/16 17:00:15 parsed 1 programs
2020/02/16 17:00:17 executed programs: 0
syzkaller login: [   92.806409][ T9997] IPVS: ftp: loaded support on port[0] = 21
[   92.864653][ T9997] chnl_net:caif_netlink_parms(): no params data found
[   92.903132][ T9997] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.910954][ T9997] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.919793][ T9997] device bridge_slave_0 entered promiscuous mode
[   92.928744][ T9997] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.936349][ T9997] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.944703][ T9997] device bridge_slave_1 entered promiscuous mode
[   92.962608][ T9997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.974830][ T9997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.998659][ T9997] team0: Port device team_slave_0 added
[   93.009175][ T9997] team0: Port device team_slave_1 added
[   93.024658][ T9997] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.032176][ T9997] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.061605][ T9997] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.074012][ T9997] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.081114][ T9997] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.107129][ T9997] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.164476][ T9997] device hsr_slave_0 entered promiscuous mode
[   93.203203][ T9997] device hsr_slave_1 entered promiscuous mode
[   93.305493][ T9997] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   93.354603][ T9997] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   93.414687][ T9997] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   93.454139][ T9997] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   93.558012][ T9997] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.566017][ T9997] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.574023][ T9997] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.581615][ T9997] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.626058][ T9997] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.640336][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   93.650710][ T2691] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.659607][ T2691] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.668212][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   93.681377][ T9997] 8021q: adding VLAN 0 to HW filter on device team0
[   93.693112][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   93.701578][ T2894] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.708766][ T2894] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.719875][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   93.729285][ T2691] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.736490][ T2691] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.762924][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   93.771718][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   93.780842][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   93.794661][ T9997] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   93.806386][ T9997] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   93.814689][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   93.822552][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   93.842884][ T2780] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   93.850310][ T2780] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   93.865730][ T9997] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.884360][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   93.893868][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   93.912366][ T2780] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   93.920929][ T2780] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   93.931113][ T2780] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   93.939158][ T2780] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   93.948633][ T9997] device veth0_vlan entered promiscuous mode
[   93.960041][ T9997] device veth1_vlan entered promiscuous mode
[   93.985307][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   93.993945][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   94.002280][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   94.010659][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   94.020873][ T9997] device veth0_macvtap entered promiscuous mode
[   94.032656][ T9997] device veth1_macvtap entered promiscuous mode
[   94.049777][ T9997] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.057803][ T2780] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   94.066432][ T2780] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   94.074878][ T2780] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   94.083628][ T2780] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   94.096617][ T9997] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.104994][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   94.114652][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   94.372732][ T2894] ==================================================================
[   94.381000][ T2894] BUG: KASAN: use-after-free in l3mdev_master_ifindex_rcu+0x132/0x150
[   94.389160][ T2894] Read of size 4 at addr ffff88809136a21c by task kworker/0:42/2894
[   94.397127][ T2894] 
[   94.399473][ T2894] CPU: 0 PID: 2894 Comm: kworker/0:42 Not tainted 5.6.0-rc1-syzkaller #0
[   94.407879][ T2894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   94.418105][ T2894] Workqueue: ipv6_addrconf addrconf_dad_work
[   94.424092][ T2894] Call Trace:
[   94.427393][ T2894]  dump_stack+0x197/0x210
[   94.432083][ T2894]  ? l3mdev_master_ifindex_rcu+0x132/0x150
[   94.437916][ T2894]  print_address_description.constprop.0.cold+0xd4/0x30b
[   94.444946][ T2894]  ? l3mdev_master_ifindex_rcu+0x132/0x150
[   94.450864][ T2894]  ? l3mdev_master_ifindex_rcu+0x132/0x150
[   94.456681][ T2894]  __kasan_report.cold+0x1b/0x32
[   94.461672][ T2894]  ? l3mdev_master_ifindex_rcu+0x132/0x150
[   94.467498][ T2894]  kasan_report+0x12/0x20
[   94.471867][ T