[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   64.357374][   T26] audit: type=1800 audit(1563350852.279:25): pid=8950 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   64.399901][   T26] audit: type=1800 audit(1563350852.289:26): pid=8950 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   64.435065][   T26] audit: type=1800 audit(1563350852.289:27): pid=8950 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.14' (ECDSA) to the list of known hosts.
2019/07/17 08:08:34 parsed 1 programs
2019/07/17 08:08:36 executed programs: 0
syzkaller login: [  128.954098][ T9125] IPVS: ftp: loaded support on port[0] = 21
[  128.965700][ T9126] IPVS: ftp: loaded support on port[0] = 21
[  129.004119][ T9131] IPVS: ftp: loaded support on port[0] = 21
[  129.019310][ T9129] IPVS: ftp: loaded support on port[0] = 21
[  129.019318][ T9133] IPVS: ftp: loaded support on port[0] = 21
[  129.034084][ T9134] IPVS: ftp: loaded support on port[0] = 21
[  129.383347][ T9134] chnl_net:caif_netlink_parms(): no params data found
[  129.407117][ T9129] chnl_net:caif_netlink_parms(): no params data found
[  129.420654][ T9126] chnl_net:caif_netlink_parms(): no params data found
[  129.463968][ T9125] chnl_net:caif_netlink_parms(): no params data found
[  129.557885][ T9131] chnl_net:caif_netlink_parms(): no params data found
[  129.595581][ T9133] chnl_net:caif_netlink_parms(): no params data found
[  129.615078][ T9126] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.622850][ T9126] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.631101][ T9126] device bridge_slave_0 entered promiscuous mode
[  129.645301][ T9126] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.652479][ T9126] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.660539][ T9126] device bridge_slave_1 entered promiscuous mode
[  129.685190][ T9129] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.692393][ T9129] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.700486][ T9129] device bridge_slave_0 entered promiscuous mode
[  129.716448][ T9134] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.723600][ T9134] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.732030][ T9134] device bridge_slave_0 entered promiscuous mode
[  129.745487][ T9134] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.752667][ T9134] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.761733][ T9134] device bridge_slave_1 entered promiscuous mode
[  129.787387][ T9129] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.795898][ T9129] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.804054][ T9129] device bridge_slave_1 entered promiscuous mode
[  129.851438][ T9134] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  129.875775][ T9126] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  129.888315][ T9129] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  129.903932][ T9134] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  129.914115][ T9125] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.921543][ T9125] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.929193][ T9125] device bridge_slave_0 entered promiscuous mode
[  129.945687][ T9126] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  129.956364][ T9129] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  129.965976][ T9131] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.973593][ T9131] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.981880][ T9131] device bridge_slave_0 entered promiscuous mode
[  129.994632][ T9125] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.001978][ T9125] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.009677][ T9125] device bridge_slave_1 entered promiscuous mode
[  130.016794][ T9133] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.025505][ T9133] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.033397][ T9133] device bridge_slave_0 entered promiscuous mode
[  130.048049][ T9133] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.055713][ T9133] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.064069][ T9133] device bridge_slave_1 entered promiscuous mode
[  130.083323][ T9131] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.090604][ T9131] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.098549][ T9131] device bridge_slave_1 entered promiscuous mode
[  130.152045][ T9129] team0: Port device team_slave_0 added
[  130.164662][ T9134] team0: Port device team_slave_0 added
[  130.173152][ T9134] team0: Port device team_slave_1 added
[  130.182004][ T9125] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  130.192534][ T9126] team0: Port device team_slave_0 added
[  130.200019][ T9125] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  130.211023][ T9133] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  130.222975][ T9129] team0: Port device team_slave_1 added
[  130.230281][ T9133] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  130.254052][ T9126] team0: Port device team_slave_1 added
[  130.288020][ T9131] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  130.301399][ T9131] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  130.325969][ T9131] team0: Port device team_slave_0 added
[  130.334592][ T9133] team0: Port device team_slave_0 added
[  130.346901][ T9125] team0: Port device team_slave_0 added
[  130.354279][ T9125] team0: Port device team_slave_1 added
[  130.377928][ T9131] team0: Port device team_slave_1 added
[  130.386279][ T9133] team0: Port device team_slave_1 added
[  130.453534][ T9134] device hsr_slave_0 entered promiscuous mode
[  130.500149][ T9134] device hsr_slave_1 entered promiscuous mode
[  130.602318][ T9126] device hsr_slave_0 entered promiscuous mode
[  130.650424][ T9126] device hsr_slave_1 entered promiscuous mode
[  130.700069][ T9126] debugfs: Directory 'hsr0' with parent '/' already present!
[  130.742246][ T9129] device hsr_slave_0 entered promiscuous mode
[  130.800409][ T9129] device hsr_slave_1 entered promiscuous mode
[  130.839953][ T9129] debugfs: Directory 'hsr0' with parent '/' already present!
[  130.953291][ T9131] device hsr_slave_0 entered promiscuous mode
[  131.030198][ T9131] device hsr_slave_1 entered promiscuous mode
[  131.100119][ T9131] debugfs: Directory 'hsr0' with parent '/' already present!
[  131.173220][ T9133] device hsr_slave_0 entered promiscuous mode
[  131.240165][ T9133] device hsr_slave_1 entered promiscuous mode
[  131.310070][ T9133] debugfs: Directory 'hsr0' with parent '/' already present!
[  131.361765][ T9125] device hsr_slave_0 entered promiscuous mode
[  131.400265][ T9125] device hsr_slave_1 entered promiscuous mode
[  131.440145][ T9125] debugfs: Directory 'hsr0' with parent '/' already present!
[  131.542011][ T9131] 8021q: adding VLAN 0 to HW filter on device bond0
[  131.590241][ T9131] 8021q: adding VLAN 0 to HW filter on device team0
[  131.616494][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  131.624859][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  131.654955][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  131.665038][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  131.673843][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.681223][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  131.689220][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  131.698216][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  131.709203][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.716329][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  131.743055][ T9125] 8021q: adding VLAN 0 to HW filter on device bond0
[  131.754292][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  131.762562][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  131.798157][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  131.821282][ T9125] 8021q: adding VLAN 0 to HW filter on device team0
[  131.847660][ T9129] 8021q: adding VLAN 0 to HW filter on device bond0
[  131.857356][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  131.865763][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  131.874206][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  131.882787][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  131.891409][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  131.900481][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  131.908952][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  131.924625][ T9133] 8021q: adding VLAN 0 to HW filter on device bond0
[  131.944540][ T9137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  131.953372][ T9137] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  131.963521][ T9137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  131.972370][ T9137] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  131.980885][ T9137] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.987930][ T9137] bridge0: port 1(bridge_slave_0) entered forwarding state
[  131.995655][ T9137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  132.004184][ T9137] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  132.012700][ T9137] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.019741][ T9137] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.040739][ T9133] 8021q: adding VLAN 0 to HW filter on device team0
[  132.058386][ T9129] 8021q: adding VLAN 0 to HW filter on device team0
[  132.075747][ T9131] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  132.087900][ T9131] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  132.097810][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  132.105904][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  132.114556][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  132.123062][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  132.132150][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  132.140007][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  132.147722][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  132.155806][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  132.168499][ T9126] 8021q: adding VLAN 0 to HW filter on device bond0
[  132.181315][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  132.191033][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  132.199523][ T3009] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.206658][ T3009] bridge0: port 1(bridge_slave_0) entered forwarding state
[  132.215514][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  132.224385][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  132.232849][ T3009] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.239978][ T3009] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.249463][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  132.257619][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  132.279208][ T9126] 8021q: adding VLAN 0 to HW filter on device team0
[  132.311114][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  132.327572][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  132.336231][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  132.344658][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  132.353116][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  132.362004][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  132.371801][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.378851][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[  132.386777][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  132.395366][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  132.403919][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.411014][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.418605][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  132.427465][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  132.436163][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  132.445010][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  132.453621][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  132.462602][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  132.473879][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  132.482036][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  132.490108][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  132.525559][ T9133] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  132.537526][ T9133] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  132.554397][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  132.563503][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  132.572996][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  132.581710][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  132.592509][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  132.600950][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  132.609221][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  132.618017][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  132.627084][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  132.636419][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  132.645102][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  132.653576][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  132.662385][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  132.691429][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  132.701460][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  132.710313][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  132.718871][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  132.727677][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.734809][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  132.743198][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  132.751474][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  132.763160][ T9134] 8021q: adding VLAN 0 to HW filter on device bond0
[  132.790148][ T9134] 8021q: adding VLAN 0 to HW filter on device team0
[  132.802503][ T9131] 8021q: adding VLAN 0 to HW filter on device batadv0
[  132.812861][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  132.821561][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  132.829507][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  132.838910][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  132.848286][ T3009] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.855507][ T3009] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.866696][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  132.875914][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  132.885313][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  132.894325][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  132.903275][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  132.912823][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  132.923528][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  132.965979][ T9125] 8021q: adding VLAN 0 to HW filter on device batadv0
[  132.982407][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  132.997298][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  133.017155][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  133.025796][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  133.034654][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  133.043727][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  133.052250][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.059307][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  133.067038][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  133.076023][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  133.084825][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  133.093668][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  133.102453][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.109518][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  133.117221][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  133.125601][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  133.134099][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  133.142753][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  133.158040][ T9129] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  133.168433][ T9126] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  133.180903][ T9126] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  133.215160][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  133.234620][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  133.243857][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  133.253218][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  133.263116][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  133.272130][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  133.281001][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  133.289407][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  133.298266][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  133.306686][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  133.319631][ T9133] 8021q: adding VLAN 0 to HW filter on device batadv0
[  133.334212][ T9134] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  133.353677][ T9134] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  133.387973][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  133.398915][ T3009] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  133.433079][ T9129] 8021q: adding VLAN 0 to HW filter on device batadv0
[  133.466874][ T9126] 8021q: adding VLAN 0 to HW filter on device batadv0
[  133.565629][ T9134] 8021q: adding VLAN 0 to HW filter on device batadv0
2019/07/17 08:08:41 executed programs: 6
[  134.543565][    C1] hrtimer: interrupt took 667206 ns
2019/07/17 08:08:48 executed programs: 14
2019/07/17 08:08:54 executed programs: 31
2019/07/17 08:09:00 executed programs: 48
2019/07/17 08:09:09 executed programs: 50
2019/07/17 08:09:14 executed programs: 66
2019/07/17 08:09:20 executed programs: 80
2019/07/17 08:09:26 executed programs: 92
2019/07/17 08:09:32 executed programs: 101
2019/07/17 08:09:37 executed programs: 111
2019/07/17 08:09:43 executed programs: 119
2019/07/17 08:09:48 executed programs: 126
[  205.776855][T11964] 
[  205.779245][T11964] =========================
[  205.783739][T11964] WARNING: held lock freed!
[  205.788245][T11964] 5.2.0-next-20190717 #40 Not tainted
[  205.793610][T11964] -------------------------
[  205.798246][T11964] syz-executor.1/11964 is freeing memory ffff888090f8a880-ffff888090f8b07f, with a lock still held there!
[  205.809619][T11964] 0000000018baa4eb (sk_lock-AF_NETROM){+.+.}, at: nr_release+0x130/0x3e0
[  205.818068][T11964] 2 locks held by syz-executor.1/11964:
[  205.823642][T11964]  #0: 0000000085db644c (&sb->s_type->i_mutex_key#12){+.+.}, at: __sock_release+0x89/0x280
[  205.833651][T11964]  #1: 0000000018baa4eb (sk_lock-AF_NETROM){+.+.}, at: nr_release+0x130/0x3e0
[  205.842524][T11964] 
[  205.842524][T11964] stack backtrace:
[  205.848425][T11964] CPU: 0 PID: 11964 Comm: syz-executor.1 Not tainted 5.2.0-next-20190717 #40
[  205.857183][T11964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  205.867258][T11964] Call Trace:
[  205.870561][T11964]  dump_stack+0x172/0x1f0
[  205.874909][T11964]  debug_check_no_locks_freed.cold+0x9d/0xa9
[  205.880905][T11964]  ? trace_hardirqs_off+0x62/0x240
[  205.886025][T11964]  kfree+0xec/0x2c0
[  205.889838][T11964]  __sk_destruct+0x4f7/0x6e0
[  205.894442][T11964]  sk_destruct+0x86/0xa0
[  205.898687][T11964]  __sk_free+0xfb/0x360
[  205.902858][T11964]  sk_free+0x42/0x50
[  205.906765][T11964]  nr_destroy_socket+0x3ea/0x4a0
[  205.911716][T11964]  nr_release+0x347/0x3e0
[  205.916058][T11964]  __sock_release+0xce/0x280
[  205.920655][T11964]  sock_close+0x1e/0x30
[  205.924821][T11964]  __fput+0x2ff/0x890
[  205.928806][T11964]  ? __sock_release+0x280/0x280
[  205.933663][T11964]  ____fput+0x16/0x20
[  205.937646][T11964]  task_work_run+0x145/0x1c0
[  205.942247][T11964]  exit_to_usermode_loop+0x316/0x380
[  205.947548][T11964]  do_syscall_64+0x5a9/0x6a0
[  205.952149][T11964]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  205.958048][T11964] RIP: 0033:0x413501
[  205.961945][T11964] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  205.981561][T11964] RSP: 002b:00007ffd42fd5bb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  205.989982][T11964] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000413501
[  205.997964][T11964] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  206.005943][T11964] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[  206.013923][T11964] R10: 00007ffd42fd5c90 R11: 0000000000000293 R12: 000000000075c9a0
[  206.021905][T11964] R13: 000000000075c9a0 R14: 0000000000760c80 R15: ffffffffffffffff
[  206.080001][T11899] kobject: 'rx-0' (00000000dfee9427): kobject_cleanup, parent 000000006cb46a10
[  206.149004][T11899] kobject: 'rx-0' (00000000dfee9427): auto cleanup 'remove' event
[  206.290137][T11899] kobject: 'rx-0' (00000000dfee9427): kobject_uevent_env
[  206.425763][T11899] kobject: 'rx-0' (00000000dfee9427): fill_kobj_path: path = '/devices/virtual/net/bcsf0/queues/rx-0'
[  206.636115][T11899] kobject: 'rx-0' (00000000dfee9427): auto cleanup kobject_del
[  206.776156][T11899] kobject: 'rx-0' (00000000dfee9427): calling ktype release
[  206.902460][T11899] kobject: 'rx-0': free name
[  206.977690][T11899] kobject: 'tx-0' (00000000ff8ff119): kobject_cleanup, parent 000000006cb46a10
[  207.140468][T11899] kobject: 'tx-0' (00000000ff8ff119): auto cleanup 'remove' event
[  207.269893][T11899] kobject: 'tx-0' (00000000ff8ff119): kobject_uevent_env
[  207.373758][T11899] kobject: 'tx-0' (00000000ff8ff119): fill_kobj_path: path = '/devices/virtual/net/bcsf0/queues/tx-0'
[  207.519864][T11964] ==================================================================
[  207.527992][T11964] BUG: KASAN: use-after-free in do_raw_spin_lock+0x28a/0x2e0
[  207.535361][T11964] Read of size 4 at addr ffff888090f8a90c by task syz-executor.1/11964
[  207.543594][T11964] 
[  207.545938][T11964] CPU: 1 PID: 11964 Comm: syz-executor.1 Not tainted 5.2.0-next-20190717 #40
[  207.554684][T11964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  207.556095][T11899] kobject: 'tx-0' (00000000ff8ff119): auto cleanup kobject_del
[  207.564838][T11964] Call Trace:
[  207.564866][T11964]  dump_stack+0x172/0x1f0
[  207.564880][T11964]  ? do_raw_spin_lock+0x28a/0x2e0
[  207.564895][T11964]  print_address_description.cold+0xd4/0x306
[  207.564906][T11964]  ? do_raw_spin_lock+0x28a/0x2e0
[  207.564916][T11964]  ? do_raw_spin_lock+0x28a/0x2e0
[  207.564928][T11964]  __kasan_report.cold+0x1b/0x36
[  207.564948][T11964]  ? do_raw_spin_lock+0x28a/0x2e0
[  207.611110][T11964]  kasan_report+0x12/0x17
[  207.615447][T11964]  __asan_report_load4_noabort+0x14/0x20
[  207.621080][T11964]  do_raw_spin_lock+0x28a/0x2e0
[  207.625934][T11964]  ? rwlock_bug.part.0+0x90/0x90
[  207.630875][T11964]  ? lock_acquire+0x190/0x410
[  207.635563][T11964]  ? release_sock+0x20/0x1c0
[  207.640160][T11964]  ? __sk_free+0x100/0x360
[  207.644584][T11964]  _raw_spin_lock_bh+0x3b/0x50
[  207.649348][T11964]  ? release_sock+0x20/0x1c0
[  207.654035][T11964]  release_sock+0x20/0x1c0
[  207.658459][T11964]  nr_release+0x303/0x3e0
[  207.662794][T11964]  __sock_release+0xce/0x280
[  207.667399][T11964]  sock_close+0x1e/0x30
[  207.671571][T11964]  __fput+0x2ff/0x890
[  207.675648][T11964]  ? __sock_release+0x280/0x280
[  207.680508][T11964]  ____fput+0x16/0x20
[  207.684495][T11964]  task_work_run+0x145/0x1c0
[  207.689096][T11964]  exit_to_usermode_loop+0x316/0x380
[  207.694396][T11964]  do_syscall_64+0x5a9/0x6a0
[  207.698993][T11964]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  207.706416][T11964] RIP: 0033:0x413501
[  207.710308][T11964] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  207.730933][T11964] RSP: 002b:00007ffd42fd5bb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  207.739354][T11964] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000413501
[  207.747339][T11964] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  207.755409][T11964] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[  207.763667][T11964] R10: 00007ffd42fd5c90 R11: 0000000000000293 R12: 000000000075c9a0
[  207.771460][T11899] kobject: 'tx-0' (00000000ff8ff119): calling ktype release
[  207.771669][T11964] R13: 000000000075c9a0 R14: 0000000000760c80 R15: ffffffffffffffff
[  207.786908][T11964] 
[  207.789232][T11964] Allocated by task 11764:
[  207.793655][T11964]  save_stack+0x23/0x90
[  207.797813][T11964]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  207.803444][T11964]  kasan_kmalloc+0x9/0x10
[  207.807766][T11964]  __kmalloc+0x163/0x770
[  207.812004][T11964]  sk_prot_alloc+0x23a/0x310
[  207.816588][T11964]  sk_alloc+0x39/0xf70
[  207.820862][T11964]  nr_rx_frame+0x733/0x1e73
[  207.825359][T11964]  nr_loopback_timer+0x7b/0x170
[  207.830249][T11964]  call_timer_fn+0x1ac/0x780
[  207.834847][T11964]  run_timer_softirq+0x697/0x17a0
[  207.839871][T11964]  __do_softirq+0x262/0x98c
[  207.844364][T11964] 
[  207.846701][T11964] Freed by task 11964:
[  207.850768][T11964]  save_stack+0x23/0x90
[  207.854722][T11899] kobject: 'tx-0': free name
[  207.854933][T11964]  __kasan_slab_free+0x102/0x150
[  207.864437][T11964]  kasan_slab_free+0xe/0x10
[  207.868939][T11964]  kfree+0x10a/0x2c0
[  207.872830][T11964]  __sk_destruct+0x4f7/0x6e0
[  207.877418][T11964]  sk_destruct+0x86/0xa0
[  207.881660][T11964]  __sk_free+0xfb/0x360
[  207.885815][T11964]  sk_free+0x42/0x50
[  207.889717][T11964]  nr_destroy_socket+0x3ea/0x4a0
[  207.894657][T11964]  nr_release+0x347/0x3e0
[  207.898991][T11964]  __sock_release+0xce/0x280
[  207.903580][T11964]  sock_close+0x1e/0x30
[  207.907737][T11964]  __fput+0x2ff/0x890
[  207.911720][T11964]  ____fput+0x16/0x20
[  207.914563][T11899] kobject: 'queues' (000000006cb46a10): kobject_cleanup, parent 00000000cf993a70
[  207.915698][T11964]  task_work_run+0x145/0x1c0
[  207.915714][T11964]  exit_to_usermode_loop+0x316/0x380
[  207.915731][T11964]  do_syscall_64+0x5a9/0x6a0
[  207.939265][T11964]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  207.945177][T11964] 
[  207.947503][T11964] The buggy address belongs to the object at ffff888090f8a880
[  207.947503][T11964]  which belongs to the cache kmalloc-2k of size 2048
[  207.961561][T11964] The buggy address is located 140 bytes inside of
[  207.961561][T11964]  2048-byte region [ffff888090f8a880, ffff888090f8b080)
[  207.974924][T11964] The buggy address belongs to the page:
[  207.980561][T11964] page:ffffea000243e280 refcount:1 mapcount:0 mapping:ffff8880aa400e00 index:0x0 compound_mapcount: 0
[  207.991500][T11964] flags: 0x1fffc0000010200(slab|head)
[  207.996880][T11964] raw: 01fffc0000010200 ffffea000248b588 ffffea0002400c88 ffff8880aa400e00
[  208.005472][T11964] raw: 0000000000000000 ffff888090f8a000 0000000100000003 0000000000000000
[  208.014063][T11964] page dumped because: kasan: bad access detected
[  208.020464][T11964] 
[  208.022787][T11964] Memory state around the buggy address:
[  208.028182][T11899] kobject: 'queues' (000000006cb46a10): calling ktype release
[  208.028412][T11964]  ffff888090f8a800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  208.043917][T11964]  ffff888090f8a880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  208.051977][T11964] >ffff888090f8a900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  208.060035][T11964]                       ^
[  208.064540][T11964]  ffff888090f8a980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  208.072597][T11964]  ffff888090f8aa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  208.080655][T11964] ==================================================================
[  208.088791][T11964] Kernel panic - not syncing: panic_on_warn set ...
[  208.095391][T11964] CPU: 1 PID: 11964 Comm: syz-executor.1 Tainted: G    B             5.2.0-next-20190717 #40
[  208.105537][T11964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  208.115597][T11964] Call Trace:
[  208.117398][T11899] kobject: 'queues' (000000006cb46a10): kset_release
[  208.118895][T11964]  dump_stack+0x172/0x1f0
[  208.118916][T11964]  panic+0x2dc/0x755
[  208.133873][T11964]  ? add_taint.cold+0x16/0x16
[  208.138559][T11964]  ? trace_hardirqs_on+0x5e/0x240
[  208.143587][T11964]  ? trace_hardirqs_on+0x5e/0x240
[  208.148616][T11964]  ? do_raw_spin_lock+0x28a/0x2e0
[  208.153646][T11964]  end_report+0x47/0x4f
[  208.157914][T11964]  ? do_raw_spin_lock+0x28a/0x2e0
[  208.162941][T11964]  __kasan_report.cold+0xe/0x36
[  208.167798][T11964]  ? do_raw_spin_lock+0x28a/0x2e0
[  208.172823][T11964]  kasan_report+0x12/0x17
[  208.177158][T11964]  __asan_report_load4_noabort+0x14/0x20
[  208.182791][T11964]  do_raw_spin_lock+0x28a/0x2e0
[  208.187646][T11964]  ? rwlock_bug.part.0+0x90/0x90
[  208.192586][T11964]  ? lock_acquire+0x190/0x410
[  208.197294][T11964]  ? release_sock+0x20/0x1c0
[  208.201887][T11964]  ? __sk_free+0x100/0x360
[  208.206304][T11964]  _raw_spin_lock_bh+0x3b/0x50
[  208.211069][T11964]  ? release_sock+0x20/0x1c0
[  208.215663][T11964]  release_sock+0x20/0x1c0
[  208.220085][T11964]  nr_release+0x303/0x3e0
[  208.224419][T11964]  __sock_release+0xce/0x280
[  208.229015][T11964]  sock_close+0x1e/0x30
[  208.233178][T11964]  __fput+0x2ff/0x890
[  208.237166][T11964]  ? __sock_release+0x280/0x280
[  208.237526][T11899] kobject: 'queues': free name
[  208.242011][T11964]  ____fput+0x16/0x20
[  208.242024][T11964]  task_work_run+0x145/0x1c0
[  208.242042][T11964]  exit_to_usermode_loop+0x316/0x380
[  208.242060][T11964]  do_syscall_64+0x5a9/0x6a0
[  208.265216][T11964]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  208.271114][T11964] RIP: 0033:0x413501
[  208.275013][T11964] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  208.294667][T11964] RSP: 002b:00007ffd42fd5bb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  208.303085][T11964] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000413501
[  208.309652][T11899] kobject: 'bcsf0' (000000000adc8b02): kobject_uevent_env
[  208.311055][T11964] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  208.311062][T11964] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[  208.311069][T11964] R10: 00007ffd42fd5c90 R11: 0000000000000293 R12: 000000000075c9a0
[  208.311076][T11964] R13: 000000000075c9a0 R14: 0000000000760c80 R15: ffffffffffffffff
[  208.319315][T11964] Kernel Offset: disabled
[  208.355423][T11964] Rebooting in 86400 seconds..