[   30.454441][   T26] audit: type=1800 audit(1570612831.010:22): pid=7148 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   41.942617][ T7314] IPVS: ftp: loaded support on port[0] = 21
[   42.357427][ T7320] can: request_module (can-proto-0) failed.
[   43.570439][ T7320] can: request_module (can-proto-0) failed.
Warning: Permanently added '10.128.0.78' (ECDSA) to the list of known hosts.
2019/10/09 09:20:50 parsed 1 programs
2019/10/09 09:20:51 executed programs: 0
[   50.899778][ T7392] IPVS: ftp: loaded support on port[0] = 21
[   50.907691][ T7390] IPVS: ftp: loaded support on port[0] = 21
[   50.990164][ T7397] IPVS: ftp: loaded support on port[0] = 21
[   51.000979][ T7396] IPVS: ftp: loaded support on port[0] = 21
[   51.014667][ T7400] IPVS: ftp: loaded support on port[0] = 21
[   51.053049][ T7399] IPVS: ftp: loaded support on port[0] = 21
[   51.088328][ T7392] chnl_net:caif_netlink_parms(): no params data found
[   51.108017][ T7390] chnl_net:caif_netlink_parms(): no params data found
[   51.197509][ T7390] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.205343][ T7390] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.213197][ T7390] device bridge_slave_0 entered promiscuous mode
[   51.221215][ T7390] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.228250][ T7390] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.235932][ T7390] device bridge_slave_1 entered promiscuous mode
[   51.243218][ T7392] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.251371][ T7392] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.259116][ T7392] device bridge_slave_0 entered promiscuous mode
[   51.267659][ T7392] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.274791][ T7392] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.282395][ T7392] device bridge_slave_1 entered promiscuous mode
[   51.308129][ T7392] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   51.338550][ T7390] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   51.349202][ T7392] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   51.392562][ T7390] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   51.404101][ T7392] team0: Port device team_slave_0 added
[   51.440261][ T7392] team0: Port device team_slave_1 added
[   51.456595][ T7399] chnl_net:caif_netlink_parms(): no params data found
[   51.482355][ T7390] team0: Port device team_slave_0 added
[   51.488186][ T7396] chnl_net:caif_netlink_parms(): no params data found
[   51.500864][ T7397] chnl_net:caif_netlink_parms(): no params data found
[   51.514618][ T7390] team0: Port device team_slave_1 added
[   51.520579][ T7400] chnl_net:caif_netlink_parms(): no params data found
[   51.601156][ T7390] device hsr_slave_0 entered promiscuous mode
[   51.639150][ T7390] device hsr_slave_1 entered promiscuous mode
[   51.780229][ T7392] device hsr_slave_0 entered promiscuous mode
[   51.819502][ T7392] device hsr_slave_1 entered promiscuous mode
[   51.868932][ T7392] debugfs: Directory 'hsr0' with parent '/' already present!
[   51.884319][ T7397] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.894135][ T7397] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.901793][ T7397] device bridge_slave_0 entered promiscuous mode
[   51.910096][ T7399] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.917284][ T7399] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.924960][ T7399] device bridge_slave_0 entered promiscuous mode
[   51.932604][ T7396] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.939791][ T7396] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.947317][ T7396] device bridge_slave_0 entered promiscuous mode
[   51.954699][ T7396] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.962251][ T7396] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.970238][ T7396] device bridge_slave_1 entered promiscuous mode
[   51.977020][ T7400] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.984178][ T7400] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.992010][ T7400] device bridge_slave_0 entered promiscuous mode
[   51.999338][ T7397] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.006402][ T7397] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.014666][ T7397] device bridge_slave_1 entered promiscuous mode
[   52.021975][ T7399] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.029534][ T7399] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.037020][ T7399] device bridge_slave_1 entered promiscuous mode
[   52.051483][ T7400] bridge0: port 2(bridge_slave_1) entered blocking state
[   52.058548][ T7400] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.066391][ T7400] device bridge_slave_1 entered promiscuous mode
[   52.086734][ T7396] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   52.098998][ T7396] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   52.113470][ T7399] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   52.133347][ T7400] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   52.153647][ T7399] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   52.170783][ T7397] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   52.181568][ T7397] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   52.192385][ T7400] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   52.221580][ T7400] team0: Port device team_slave_0 added
[   52.232053][ T7396] team0: Port device team_slave_0 added
[   52.245638][ T7400] team0: Port device team_slave_1 added
[   52.255894][ T7397] team0: Port device team_slave_0 added
[   52.263499][ T7396] team0: Port device team_slave_1 added
[   52.276177][ T7399] team0: Port device team_slave_0 added
[   52.283303][ T7399] team0: Port device team_slave_1 added
[   52.290227][ T7397] team0: Port device team_slave_1 added
[   52.341095][ T7400] device hsr_slave_0 entered promiscuous mode
[   52.379150][ T7400] device hsr_slave_1 entered promiscuous mode
[   52.418920][ T7400] debugfs: Directory 'hsr0' with parent '/' already present!
[   52.470221][ T7399] device hsr_slave_0 entered promiscuous mode
[   52.529088][ T7399] device hsr_slave_1 entered promiscuous mode
[   52.568832][ T7399] debugfs: Directory 'hsr0' with parent '/' already present!
[   52.630624][ T7396] device hsr_slave_0 entered promiscuous mode
[   52.669100][ T7396] device hsr_slave_1 entered promiscuous mode
[   52.709070][ T7396] debugfs: Directory 'hsr0' with parent '/' already present!
[   52.771269][ T7397] device hsr_slave_0 entered promiscuous mode
[   52.829143][ T7397] device hsr_slave_1 entered promiscuous mode
[   52.888829][ T7397] debugfs: Directory 'hsr0' with parent '/' already present!
[   52.904183][ T7390] 8021q: adding VLAN 0 to HW filter on device bond0
[   52.921769][ T7392] 8021q: adding VLAN 0 to HW filter on device bond0
[   52.941444][ T7390] 8021q: adding VLAN 0 to HW filter on device team0
[   52.956911][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   52.965411][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   52.994170][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   53.003542][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.012122][ T2976] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.019299][ T2976] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.027191][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   53.035906][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.044273][ T2976] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.051320][ T2976] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.058777][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   53.079598][ T7396] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.090912][ T7392] 8021q: adding VLAN 0 to HW filter on device team0
[   53.098792][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   53.107069][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   53.115776][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   53.124258][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   53.133942][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   53.142516][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   53.150986][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   53.159801][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.167829][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   53.175694][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.183520][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   53.204365][ T7319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   53.213398][ T7319] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   53.221884][ T7319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   53.229976][ T7319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.237489][ T7319] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   53.246295][ T7319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.254696][ T7319] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.261781][ T7319] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.270978][ T7396] 8021q: adding VLAN 0 to HW filter on device team0
[   53.277710][ T7319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   53.312320][ T7407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   53.321149][ T7407] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.334163][ T7407] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.341275][ T7407] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.348679][ T7407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   53.357180][ T7407] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.365526][ T7407] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.372579][ T7407] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.380105][ T7407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   53.388434][ T7407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   53.397129][ T7407] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   53.406616][ T7390] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   53.436243][ T7400] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.444662][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   53.453893][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.462390][ T2992] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.469600][ T2992] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.477123][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   53.485604][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   53.493994][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   53.502294][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   53.510726][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   53.519849][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   53.528029][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.536236][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   53.544672][ T2992] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   53.557681][ T7397] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.570389][ T7396] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   53.586968][ T7392] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   53.597765][ T7392] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   53.618052][ T7399] 8021q: adding VLAN 0 to HW filter on device bond0
[   53.625338][ T7409] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   53.633361][ T7409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   53.646034][ T7409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   53.654629][ T7409] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   53.662888][ T7409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   53.671473][ T7409] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   53.680074][ T7409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   53.688167][ T7409] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.696698][ T7409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   53.705098][ T7409] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   53.718641][ T7390] 8021q: adding VLAN 0 to HW filter on device batadv0
[   53.738183][ T7392] 8021q: adding VLAN 0 to HW filter on device batadv0
[   53.749403][ T7409] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   53.757024][ T7409] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   53.765275][ T7409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   53.774084][ T7409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.782304][ T7409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   53.790743][ T7409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.799861][ T7397] 8021q: adding VLAN 0 to HW filter on device team0
[   53.810076][ T7400] 8021q: adding VLAN 0 to HW filter on device team0
[   53.821344][ T7399] 8021q: adding VLAN 0 to HW filter on device team0
[   53.833968][ T7409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   53.848492][ T7409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.865036][ T7396] 8021q: adding VLAN 0 to HW filter on device batadv0
[   53.909923][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   53.919712][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.929977][ T2976] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.937055][ T2976] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.944799][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   53.953642][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.961978][ T2976] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.969053][ T2976] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.976429][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   53.984818][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   53.993213][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   54.001529][ T2976] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.008554][ T2976] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.016143][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   54.024630][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   54.033104][ T2976] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.040166][ T2976] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.047692][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   54.056271][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   54.064663][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   54.073026][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   54.081357][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   54.090746][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   54.099060][ T2976] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.106088][ T2976] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.113553][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   54.122692][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   54.131007][ T2976] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.138030][ T2976] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.145536][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   54.153901][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   54.162377][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   54.170684][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   54.178890][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   54.187192][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   54.207246][ T7397] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   54.230586][ T7397] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   54.243758][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   54.252088][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   54.260132][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   54.267641][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   54.282018][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   54.294570][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   54.303464][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   54.312286][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   54.321099][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   54.329690][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   54.337870][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   54.346230][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   54.355351][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   54.364172][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   54.372333][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   54.380853][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   54.396329][ T7399] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   54.407074][ T7399] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   54.437009][ T7400] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   54.456715][ T7400] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   54.467722][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   54.476277][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   54.484008][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   54.492410][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   54.501533][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   54.510164][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   54.520182][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   54.528420][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   54.536758][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   54.545041][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   54.553667][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   54.565702][ T7397] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.594770][ T7400] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.651587][ T7399] 8021q: adding VLAN 0 to HW filter on device batadv0
2019/10/09 09:20:56 executed programs: 64
2019/10/09 09:21:01 executed programs: 359
[   63.573732][ T9463] ==================================================================
[   63.581968][ T9463] BUG: KASAN: use-after-free in tipc_nl_node_dump_monitor_peer+0x508/0x700
[   63.581976][ T9463] Read of size 2 at addr ffff8880a89c9014 by task syz-executor.3/9463
[   63.581978][ T9463] 
[   63.581985][ T9463] CPU: 1 PID: 9463 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0
[   63.581988][ T9463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   63.581991][ T9463] Call Trace:
[   63.582002][ T9463]  dump_stack+0x113/0x167
[   63.582012][ T9463]  print_address_description.constprop.8.cold.10+0x9/0x31d
[   63.582017][ T9463]  ? tipc_nl_node_dump_monitor_peer+0x508/0x700
[   63.582022][ T9463]  __kasan_report.cold.11+0x1b/0x3a
[   63.582026][ T9463]  ? tipc_nl_node_dump_monitor_peer+0x508/0x700
[   63.582035][ T9463]  ? __mutex_lock+0x560/0x1410
[   63.582039][ T9463]  ? tipc_nl_node_dump_monitor_peer+0x508/0x700
[   63.582045][ T9463]  kasan_report+0x12/0x20
[   63.582050][ T9463]  __asan_report_load2_noabort+0x14/0x20
[   63.582055][ T9463]  tipc_nl_node_dump_monitor_peer+0x508/0x700
[   63.582062][ T9463]  ? tipc_nl_node_dump_monitor+0x330/0x330
[   63.582066][ T9463]  ? kasan_kmalloc+0x9/0x10
[   63.582070][ T9463]  ? __kmalloc_node_track_caller+0x4d/0x70
[   63.582079][ T9463]  ? __kasan_check_write+0x14/0x20
[   63.582084][ T9463]  ? __alloc_skb+0x355/0x570
[   63.582098][ T9463]  genl_lock_dumpit+0x84/0xb0
[   63.582105][ T9463]  netlink_dump+0x49e/0x10c0
[   63.582112][ T9463]  ? netlink_broadcast+0x10/0x10
[   63.582125][ T9463]  __netlink_dump_start+0x52b/0x810
[   63.582135][ T9463]  genl_rcv_msg+0xbbb/0x1280
[   63.582141][ T9463]  ? __kasan_check_read+0x11/0x20
[   63.582150][ T9463]  ? __lock_acquire+0x100f/0x4ef0
[   63.582159][ T9463]  ? genl_family_rcv_msg_attrs_parse.isra.14+0x370/0x370
[   63.582164][ T9463]  ? genl_lock_dumpit+0xb0/0xb0
[   63.582168][ T9463]  ? genl_unlock+0x20/0x20
[   63.582172][ T9463]  ? genl_parallel_done+0x180/0x180
[   63.582182][ T9463]  ? mark_held_locks+0x130/0x130
[   63.582198][ T9463]  netlink_rcv_skb+0x13c/0x380
[   63.582205][ T9463]  ? genl_family_rcv_msg_attrs_parse.isra.14+0x370/0x370
[   63.582211][ T9463]  ? netlink_ack+0x970/0x970
[   63.582218][ T9463]  ? netlink_deliver_tap+0x182/0xad0
[   63.582228][ T9463]  genl_rcv+0x23/0x40
[   63.582233][ T9463]  netlink_unicast+0x43f/0x630
[   63.622414][ T9463]  ? netlink_attachskb+0x6f0/0x6f0
[   63.622422][ T9463]  ? _copy_from_iter_full+0x19e/0x7f0
[   63.622430][ T9463]  ? __kasan_check_read+0x11/0x20
[   63.622438][ T9463]  ? __check_object_size+0x203/0x2ea
[   63.622446][ T9463]  netlink_sendmsg+0x75d/0xc40
[   63.622455][ T9463]  ? netlink_unicast+0x630/0x630
[   63.651572][ T9463]  ? apparmor_socket_sendmsg+0x1b/0x20
[   63.651582][ T9463]  ? netlink_unicast+0x630/0x630
[   63.651588][ T9463]  sock_sendmsg+0xb5/0xf0
[   63.651594][ T9463]  ___sys_sendmsg+0x647/0x950
[   63.651603][ T9463]  ? copy_msghdr_from_user+0x420/0x420
[   63.651610][ T9463]  ? lock_downgrade+0x900/0x900
[   63.651622][ T9463]  ? __kasan_check_read+0x11/0x20
[   63.651631][ T9463]  ? __fget+0x2b1/0x420
[   63.651641][ T9463]  ? ksys_dup3+0x2e0/0x2e0
[   63.651650][ T9463]  ? __might_fault+0xf1/0x1b0
[   63.651659][ T9463]  ? __fget_light+0x179/0x1f0
[   63.651663][ T9463]  ? lock_acquire+0x194/0x410
[   63.651669][ T9463]  ? __fdget+0xe/0x10
[   63.651679][ T9463]  __sys_sendmsg+0xd9/0x180
[   63.651683][ T9463]  ? __sys_sendmsg_sock+0xb0/0xb0
[   63.651687][ T9463]  ? __kasan_check_read+0x11/0x20
[   63.651694][ T9463]  ? _copy_to_user+0xcb/0xf0
[   63.651703][ T9463]  ? put_timespec64+0xa9/0x100
[   63.651707][ T9463]  ? nsecs_to_jiffies+0x20/0x20
[   63.651724][ T9463]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   63.651733][ T9463]  __x64_sys_sendmsg+0x73/0xb0
[   63.651742][ T9463]  do_syscall_64+0xca/0x5d0
[   63.651750][ T9463]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   63.672638][ T9463] RIP: 0033:0x459a59
[   63.672645][ T9463] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   63.672648][ T9463] RSP: 002b:00007fad312d4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   63.672655][ T9463] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59
[   63.672658][ T9463] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[   63.672662][ T9463] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[   63.672666][ T9463] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fad312d56d4
[   63.672669][ T9463] R13: 00000000004c7a34 R14: 00000000004dd728 R15: 00000000ffffffff
[   63.672685][ T9463] 
[   63.672689][ T9463] Allocated by task 9464:
[   63.672697][ T9463]  save_stack+0x21/0x90
[   63.672701][ T9463]  __kasan_kmalloc.constprop.9+0xc7/0xd0
[   63.672705][ T9463]  kasan_kmalloc+0x9/0x10
[   63.672708][ T9463]  __kmalloc_node_track_caller+0x4d/0x70
[   63.672717][ T9463]  __kmalloc_reserve.isra.46+0x2c/0xc0
[   63.672721][ T9463]  __alloc_skb+0xd7/0x570
[   63.672727][ T9463]  netlink_sendmsg+0x808/0xc40
[   63.672732][ T9463]  sock_sendmsg+0xb5/0xf0
[   63.672735][ T9463]  ___sys_sendmsg+0x647/0x950
[   63.672739][ T9463]  __sys_sendmsg+0xd9/0x180
[   63.672742][ T9463]  __x64_sys_sendmsg+0x73/0xb0
[   63.672748][ T9463]  do_syscall_64+0xca/0x5d0
[   63.672753][ T9463]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   63.672755][ T9463] 
[   63.672758][ T9463] Freed by task 9464:
[   63.672762][ T9463]  save_stack+0x21/0x90
[   63.672766][ T9463]  __kasan_slab_free+0x102/0x150
[   63.672770][ T9463]  kasan_slab_free+0xe/0x10
[   63.672773][ T9463]  kfree+0x108/0x2c0
[   63.672777][ T9463]  skb_free_head+0x6e/0x90
[   63.672782][ T9463]  skb_release_data+0x376/0x6a0
[   63.672785][ T9463]  skb_release_all+0x3d/0x50
[   63.672788][ T9463]  consume_skb+0xad/0x2a0
[   63.672792][ T9463]  netlink_unicast+0x447/0x630
[   63.672795][ T9463]  netlink_sendmsg+0x75d/0xc40
[   63.672800][ T9463]  sock_sendmsg+0xb5/0xf0
[   64.134261][ T9463]  ___sys_sendmsg+0x647/0x950
[   64.138923][ T9463]  __sys_sendmsg+0xd9/0x180
[   64.143410][ T9463]  __x64_sys_sendmsg+0x73/0xb0
[   64.148217][ T9463]  do_syscall_64+0xca/0x5d0
[   64.152712][ T9463]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   64.158589][ T9463] 
[   64.160912][ T9463] The buggy address belongs to the object at ffff8880a89c9000
[   64.160912][ T9463]  which belongs to the cache kmalloc-512 of size 512
[   64.174958][ T9463] The buggy address is located 20 bytes inside of
[   64.174958][ T9463]  512-byte region [ffff8880a89c9000, ffff8880a89c9200)
[   64.188139][ T9463] The buggy address belongs to the page:
[   64.193762][ T9463] page:ffffea0002a27240 refcount:1 mapcount:0 mapping:ffff8880aa400a80 index:0xffff8880a89c9c80
[   64.204182][ T9463] flags: 0x1fffc0000000200(slab)
[   64.209560][ T9463] raw: 01fffc0000000200 ffffea00028efb88 ffffea00029f3088 ffff8880aa400a80
[   64.218130][ T9463] raw: ffff8880a89c9c80 ffff8880a89c9000 0000000100000003 0000000000000000
[   64.226705][ T9463] page dumped because: kasan: bad access detected
[   64.233105][ T9463] 
[   64.235415][ T9463] Memory state around the buggy address:
[   64.241027][ T9463]  ffff8880a89c8f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc
[   64.249078][ T9463]  ffff8880a89c8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.257133][ T9463] >ffff8880a89c9000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.265264][ T9463]                          ^
[   64.269840][ T9463]  ffff8880a89c9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.277882][ T9463]  ffff8880a89c9100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.285920][ T9463] ==================================================================
[   64.293968][ T9463] Disabling lock debugging due to kernel taint
[   64.301887][ T9463] Kernel panic - not syncing: panic_on_warn set ...
[   64.308496][ T9463] CPU: 1 PID: 9463 Comm: syz-executor.3 Tainted: G    B             5.4.0-rc1+ #0
[   64.317738][ T9463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.327781][ T9463] Call Trace:
[   64.331063][ T9463]  dump_stack+0x113/0x167
[   64.335376][ T9463]  ? tipc_nl_node_dump_monitor_peer+0x4a0/0x700
[   64.341620][ T9463]  panic+0x223/0x4dc
[   64.345490][ T9463]  ? add_taint.cold.8+0x11/0x11
[   64.350332][ T9463]  ? ___preempt_schedule+0x16/0x20
[   64.355426][ T9463]  ? tipc_nl_node_dump_monitor_peer+0x508/0x700
[   64.361650][ T9463]  end_report+0x47/0x4f
[   64.365794][ T9463]  __kasan_report.cold.11+0xe/0x3a
[   64.370884][ T9463]  ? tipc_nl_node_dump_monitor_peer+0x508/0x700
[   64.377105][ T9463]  ? __mutex_lock+0x560/0x1410
[   64.381854][ T9463]  ? tipc_nl_node_dump_monitor_peer+0x508/0x700
[   64.388070][ T9463]  kasan_report+0x12/0x20
[   64.392374][ T9463]  __asan_report_load2_noabort+0x14/0x20
[   64.397999][ T9463]  tipc_nl_node_dump_monitor_peer+0x508/0x700
[   64.404087][ T9463]  ? tipc_nl_node_dump_monitor+0x330/0x330
[   64.409874][ T9463]  ? kasan_kmalloc+0x9/0x10
[   64.414364][ T9463]  ? __kmalloc_node_track_caller+0x4d/0x70
[   64.420160][ T9463]  ? __kasan_check_write+0x14/0x20
[   64.425254][ T9463]  ? __alloc_skb+0x355/0x570
[   64.429823][ T9463]  genl_lock_dumpit+0x84/0xb0
[   64.434475][ T9463]  netlink_dump+0x49e/0x10c0
[   64.439041][ T9463]  ? netlink_broadcast+0x10/0x10
[   64.443968][ T9463]  __netlink_dump_start+0x52b/0x810
[   64.449148][ T9463]  genl_rcv_msg+0xbbb/0x1280
[   64.453760][ T9463]  ? __kasan_check_read+0x11/0x20
[   64.459033][ T9463]  ? __lock_acquire+0x100f/0x4ef0
[   64.464046][ T9463]  ? genl_family_rcv_msg_attrs_parse.isra.14+0x370/0x370
[   64.471167][ T9463]  ? genl_lock_dumpit+0xb0/0xb0
[   64.476006][ T9463]  ? genl_unlock+0x20/0x20
[   64.480401][ T9463]  ? genl_parallel_done+0x180/0x180
[   64.485584][ T9463]  ? mark_held_locks+0x130/0x130
[   64.490495][ T9463]  netlink_rcv_skb+0x13c/0x380
[   64.495236][ T9463]  ? genl_family_rcv_msg_attrs_parse.isra.14+0x370/0x370
[   64.502289][ T9463]  ? netlink_ack+0x970/0x970
[   64.506854][ T9463]  ? netlink_deliver_tap+0x182/0xad0
[   64.512128][ T9463]  genl_rcv+0x23/0x40
[   64.516111][ T9463]  netlink_unicast+0x43f/0x630
[   64.520869][ T9463]  ? netlink_attachskb+0x6f0/0x6f0
[   64.525986][ T9463]  ? _copy_from_iter_full+0x19e/0x7f0
[   64.531400][ T9463]  ? __kasan_check_read+0x11/0x20
[   64.536419][ T9463]  ? __check_object_size+0x203/0x2ea
[   64.541698][ T9463]  netlink_sendmsg+0x75d/0xc40
[   64.546456][ T9463]  ? netlink_unicast+0x630/0x630
[   64.551422][ T9463]  ? apparmor_socket_sendmsg+0x1b/0x20
[   64.556997][ T9463]  ? netlink_unicast+0x630/0x630
[   64.561925][ T9463]  sock_sendmsg+0xb5/0xf0
[   64.566230][ T9463]  ___sys_sendmsg+0x647/0x950
[   64.570897][ T9463]  ? copy_msghdr_from_user+0x420/0x420
[   64.576331][ T9463]  ? lock_downgrade+0x900/0x900
[   64.581161][ T9463]  ? __kasan_check_read+0x11/0x20
[   64.586170][ T9463]  ? __fget+0x2b1/0x420
[   64.590316][ T9463]  ? ksys_dup3+0x2e0/0x2e0
[   64.594708][ T9463]  ? __might_fault+0xf1/0x1b0
[   64.599366][ T9463]  ? __fget_light+0x179/0x1f0
[   64.604025][ T9463]  ? lock_acquire+0x194/0x410
[   64.608686][ T9463]  ? __fdget+0xe/0x10
[   64.612646][ T9463]  __sys_sendmsg+0xd9/0x180
[   64.617124][ T9463]  ? __sys_sendmsg_sock+0xb0/0xb0
[   64.622143][ T9463]  ? __kasan_check_read+0x11/0x20
[   64.627138][ T9463]  ? _copy_to_user+0xcb/0xf0
[   64.631711][ T9463]  ? put_timespec64+0xa9/0x100
[   64.636477][ T9463]  ? nsecs_to_jiffies+0x20/0x20
[   64.641320][ T9463]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   64.647366][ T9463]  __x64_sys_sendmsg+0x73/0xb0
[   64.652120][ T9463]  do_syscall_64+0xca/0x5d0
[   64.656610][ T9463]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   64.662490][ T9463] RIP: 0033:0x459a59
[   64.666358][ T9463] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   64.685949][ T9463] RSP: 002b:00007fad312d4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   64.694356][ T9463] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59
[   64.702306][ T9463] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[   64.710268][ T9463] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[   64.718217][ T9463] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fad312d56d4
[   64.726179][ T9463] R13: 00000000004c7a34 R14: 00000000004dd728 R15: 00000000ffffffff
[   64.735463][ T9463] Kernel Offset: disabled
[   64.739783][ T9463] Rebooting in 86400 seconds..