[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   65.799527][   T27] audit: type=1800 audit(1564024300.865:25): pid=8826 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   65.838730][   T27] audit: type=1800 audit(1564024300.865:26): pid=8826 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   65.860364][   T27] audit: type=1800 audit(1564024300.865:27): pid=8826 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.137' (ECDSA) to the list of known hosts.
syzkaller login: [  125.879517][ T8987] IPVS: ftp: loaded support on port[0] = 21
[  125.880018][ T8990] IPVS: ftp: loaded support on port[0] = 21
[  125.900737][ T8985] IPVS: ftp: loaded support on port[0] = 21
[  125.901179][ T8988] IPVS: ftp: loaded support on port[0] = 21
[  125.909928][ T8986] IPVS: ftp: loaded support on port[0] = 21
[  125.927346][ T8989] IPVS: ftp: loaded support on port[0] = 21
[  126.078175][ T8988] chnl_net:caif_netlink_parms(): no params data found
[  126.114731][ T8987] chnl_net:caif_netlink_parms(): no params data found
[  126.222462][ T8988] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.230274][ T8988] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.238004][ T8988] device bridge_slave_0 entered promiscuous mode
[  126.247842][ T8988] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.255108][ T8988] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.262793][ T8988] device bridge_slave_1 entered promiscuous mode
[  126.281009][ T8989] chnl_net:caif_netlink_parms(): no params data found
[  126.293147][ T8990] chnl_net:caif_netlink_parms(): no params data found
[  126.320082][ T8986] chnl_net:caif_netlink_parms(): no params data found
[  126.331253][ T8985] chnl_net:caif_netlink_parms(): no params data found
[  126.346749][ T8988] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.357512][ T8987] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.364844][ T8987] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.372621][ T8987] device bridge_slave_0 entered promiscuous mode
[  126.402931][ T8988] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.412336][ T8987] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.419520][ T8987] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.427293][ T8987] device bridge_slave_1 entered promiscuous mode
[  126.445964][ T8989] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.454374][ T8989] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.462455][ T8989] device bridge_slave_0 entered promiscuous mode
[  126.470368][ T8989] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.477493][ T8989] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.485497][ T8989] device bridge_slave_1 entered promiscuous mode
[  126.508124][ T8986] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.523665][ T8986] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.531446][ T8986] device bridge_slave_0 entered promiscuous mode
[  126.563355][ T8986] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.570529][ T8986] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.578206][ T8986] device bridge_slave_1 entered promiscuous mode
[  126.597449][ T8985] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.607413][ T8985] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.615350][ T8985] device bridge_slave_0 entered promiscuous mode
[  126.627022][ T8985] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.634266][ T8985] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.642120][ T8985] device bridge_slave_1 entered promiscuous mode
[  126.651321][ T8988] team0: Port device team_slave_0 added
[  126.658315][ T8987] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.669204][ T8986] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.679536][ T8987] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.689012][ T8990] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.696110][ T8990] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.704375][ T8990] device bridge_slave_0 entered promiscuous mode
[  126.713024][ T8989] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.727643][ T8988] team0: Port device team_slave_1 added
[  126.734403][ T8986] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.752723][ T8990] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.759950][ T8990] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.767648][ T8990] device bridge_slave_1 entered promiscuous mode
[  126.775773][ T8989] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.790187][ T8985] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.807910][ T8987] team0: Port device team_slave_0 added
[  126.818317][ T8987] team0: Port device team_slave_1 added
[  126.828886][ T8986] team0: Port device team_slave_0 added
[  126.835641][ T8985] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.855328][ T8989] team0: Port device team_slave_0 added
[  126.864179][ T8986] team0: Port device team_slave_1 added
[  126.879554][ T8990] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.897577][ T8989] team0: Port device team_slave_1 added
[  126.914106][ T8990] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.939145][ T8985] team0: Port device team_slave_0 added
[  127.000952][ T8988] device hsr_slave_0 entered promiscuous mode
[  127.049050][ T8988] device hsr_slave_1 entered promiscuous mode
[  127.130702][ T8986] device hsr_slave_0 entered promiscuous mode
[  127.169028][ T8986] device hsr_slave_1 entered promiscuous mode
[  127.208746][ T8986] debugfs: Directory 'hsr0' with parent '/' already present!
[  127.217894][ T8990] team0: Port device team_slave_0 added
[  127.260586][ T8987] device hsr_slave_0 entered promiscuous mode
[  127.298833][ T8987] device hsr_slave_1 entered promiscuous mode
[  127.338740][ T8987] debugfs: Directory 'hsr0' with parent '/' already present!
[  127.347792][ T8985] team0: Port device team_slave_1 added
[  127.380816][ T8990] team0: Port device team_slave_1 added
[  127.440792][ T8985] device hsr_slave_0 entered promiscuous mode
[  127.512198][ T8985] device hsr_slave_1 entered promiscuous mode
[  127.548797][ T8985] debugfs: Directory 'hsr0' with parent '/' already present!
[  127.610590][ T8990] device hsr_slave_0 entered promiscuous mode
[  127.648996][ T8990] device hsr_slave_1 entered promiscuous mode
[  127.688642][ T8990] debugfs: Directory 'hsr0' with parent '/' already present!
[  127.750738][ T8989] device hsr_slave_0 entered promiscuous mode
[  127.808936][ T8989] device hsr_slave_1 entered promiscuous mode
[  127.858722][ T8989] debugfs: Directory 'hsr0' with parent '/' already present!
[  127.977704][ T8985] 8021q: adding VLAN 0 to HW filter on device bond0
[  128.001479][ T8990] 8021q: adding VLAN 0 to HW filter on device bond0
[  128.013626][ T8986] 8021q: adding VLAN 0 to HW filter on device bond0
[  128.025675][ T8988] 8021q: adding VLAN 0 to HW filter on device bond0
[  128.037924][ T8989] 8021q: adding VLAN 0 to HW filter on device bond0
[  128.059779][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  128.069259][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  128.076960][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  128.084723][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  128.094330][ T8985] 8021q: adding VLAN 0 to HW filter on device team0
[  128.110215][ T8990] 8021q: adding VLAN 0 to HW filter on device team0
[  128.118834][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  128.127349][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  128.136507][ T3252] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.143702][ T3252] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.152778][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  128.161479][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  128.169900][ T3252] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.177040][ T3252] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.184642][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  128.194871][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  128.205684][ T8989] 8021q: adding VLAN 0 to HW filter on device team0
[  128.224133][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  128.232269][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  128.240855][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  128.250035][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  128.258459][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.265538][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.273538][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  128.282623][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  128.291149][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  128.299821][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.306866][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.314702][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  128.323167][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  128.332255][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  128.340384][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  128.368132][ T8988] 8021q: adding VLAN 0 to HW filter on device team0
[  128.380298][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  128.392725][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  128.401261][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.408297][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.416117][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  128.425827][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  128.434737][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  128.443239][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.451016][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.458495][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  128.467240][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  128.474999][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  128.482763][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  128.491202][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  128.499096][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  128.513948][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  128.546314][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  128.559880][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  128.568158][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  128.577755][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  128.587078][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  128.595762][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  128.604074][ T3252] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.611185][ T3252] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.618825][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  128.627347][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  128.635836][ T3252] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.642938][ T3252] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.650656][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  128.659195][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  128.667393][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  128.675838][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  128.684212][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  128.694454][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  128.702789][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  128.710820][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  128.723348][ T8987] 8021q: adding VLAN 0 to HW filter on device bond0
[  128.732643][ T8986] 8021q: adding VLAN 0 to HW filter on device team0
[  128.744274][ T8990] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  128.755846][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  128.764426][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  128.773270][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  128.784452][ T8985] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  128.806424][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  128.815007][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  128.824069][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  128.833021][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  128.841551][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  128.850704][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  128.875036][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  128.886301][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  128.894955][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  128.903904][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  128.912661][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.919791][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.927519][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  128.935704][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  128.967077][ T8989] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  128.978000][ T8989] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  129.006018][ T8985] 8021q: adding VLAN 0 to HW filter on device batadv0
[  129.014265][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  129.023195][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  129.031697][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  129.041154][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  129.050347][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  129.059531][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  129.068016][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  129.076650][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  129.084963][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  129.094079][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  129.102544][ T8998] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.109660][ T8998] bridge0: port 2(bridge_slave_1) entered forwarding state
[  129.117357][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  129.128104][ T8987] 8021q: adding VLAN 0 to HW filter on device team0
[  129.140664][ T8990] 8021q: adding VLAN 0 to HW filter on device batadv0
[  129.175431][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  129.202844][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  129.211875][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  129.223981][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  129.232935][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  129.242401][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  129.250835][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  129.261451][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  129.270449][ T8998] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  129.291963][ T8989] 8021q: adding VLAN 0 to HW filter on device batadv0
[  129.307533][ T8986] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
executing program
[  129.320828][ T8986] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  129.336574][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  129.369302][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  129.382842][   T22] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.389953][   T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[  129.397962][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  129.407690][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  129.416591][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  129.425482][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  129.433895][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  129.442555][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  129.452163][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  129.460244][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
executing program
[  129.496536][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  129.505943][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  129.515650][ T3252] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.522788][ T3252] bridge0: port 2(bridge_slave_1) entered forwarding state
[  129.535992][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  129.545072][ T3252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  129.563953][ T8986] 8021q: adding VLAN 0 to HW filter on device batadv0
executing program
[  129.587084][ T8988] 8021q: adding VLAN 0 to HW filter on device batadv0
[  129.622382][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  129.647643][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  129.657252][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  129.666476][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  129.675326][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  129.684036][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  129.692742][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  129.702220][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  129.711441][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  129.720695][ T8987] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
executing program
executing program
[  129.765586][ T8987] 8021q: adding VLAN 0 to HW filter on device batadv0
executing program
executing program
[  134.359806][ T9011] 
[  134.362165][ T9011] =========================
[  134.366641][ T9011] WARNING: held lock freed!
[  134.371119][ T9011] 5.3.0-rc1-next-20190724 #50 Not tainted
[  134.376825][ T9011] -------------------------
[  134.381453][ T9011] syz-executor034/9011 is freeing memory ffff88808b3fac40-ffff88808b3fb43f, with a lock still held there!
[  134.392702][ T9011] 000000008eb09b1f (sk_lock-AF_NETROM){+.+.}, at: nr_release+0x130/0x3e0
[  134.401162][ T9011] 2 locks held by syz-executor034/9011:
[  134.406679][ T9011]  #0: 00000000d0f4c353 (&sb->s_type->i_mutex_key#12){+.+.}, at: __sock_release+0x89/0x280
[  134.416684][ T9011]  #1: 000000008eb09b1f (sk_lock-AF_NETROM){+.+.}, at: nr_release+0x130/0x3e0
[  134.425553][ T9011] 
[  134.425553][ T9011] stack backtrace:
[  134.431424][ T9011] CPU: 0 PID: 9011 Comm: syz-executor034 Not tainted 5.3.0-rc1-next-20190724 #50
[  134.440544][ T9011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  134.450589][ T9011] Call Trace:
[  134.453865][ T9011]  dump_stack+0x172/0x1f0
[  134.458189][ T9011]  debug_check_no_locks_freed.cold+0x9d/0xa9
[  134.464182][ T9011]  ? trace_hardirqs_off+0x62/0x240
[  134.469283][ T9011]  kfree+0xec/0x2c0
[  134.473076][ T9011]  __sk_destruct+0x4f7/0x6e0
[  134.477648][ T9011]  sk_destruct+0x86/0xa0
[  134.481868][ T9011]  __sk_free+0xfb/0x360
[  134.486000][ T9011]  sk_free+0x42/0x50
[  134.489876][ T9011]  nr_destroy_socket+0x3ea/0x4a0
[  134.494809][ T9011]  nr_release+0x347/0x3e0
[  134.505574][ T9011]  __sock_release+0xce/0x280
[  134.510152][ T9011]  sock_close+0x1e/0x30
[  134.514302][ T9011]  __fput+0x2ff/0x890
[  134.518263][ T9011]  ? __sock_release+0x280/0x280
[  134.523092][ T9011]  ____fput+0x16/0x20
[  134.527053][ T9011]  task_work_run+0x145/0x1c0
[  134.531637][ T9011]  do_exit+0x92f/0x2eb0
[  134.535786][ T9011]  ? mm_update_next_owner+0x640/0x640
[  134.541162][ T9011]  ? lock_downgrade+0x920/0x920
[  134.546013][ T9011]  ? _raw_spin_unlock_irq+0x28/0x90
[  134.551189][ T9011]  ? get_signal+0x392/0x2500
[  134.555767][ T9011]  ? _raw_spin_unlock_irq+0x28/0x90
executing program
[  134.560957][ T9011]  do_group_exit+0x135/0x360
[  134.565544][ T9011]  get_signal+0x47c/0x2500
[  134.569941][ T9011]  ? __kasan_check_read+0x11/0x20
[  134.574946][ T9011]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  134.581178][ T9011]  ? apparmor_socket_accept+0xb6/0x160
[  134.586623][ T9011]  do_signal+0x87/0x1700
[  134.590845][ T9011]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  134.597064][ T9011]  ? __sys_accept4+0x482/0x6a0
[  134.602613][ T9011]  ? setup_sigcontext+0x7d0/0x7d0
[  134.607637][ T9011]  ? release_sock+0x156/0x1c0
[  134.612322][ T9011]  ? nr_listen+0x115/0x160
[  134.616722][ T9011]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  134.622941][ T9011]  ? __sys_listen+0x1b7/0x260
[  134.627744][ T9011]  ? exit_to_usermode_loop+0x43/0x380
[  134.633109][ T9011]  ? do_syscall_64+0x65f/0x760
[  134.637851][ T9011]  ? exit_to_usermode_loop+0x43/0x380
[  134.643201][ T9011]  ? lockdep_hardirqs_on+0x418/0x5d0
[  134.648465][ T9011]  ? trace_hardirqs_on+0x67/0x240
[  134.653480][ T9011]  exit_to_usermode_loop+0x286/0x380
[  134.658745][ T9011]  do_syscall_64+0x65f/0x760
[  134.663316][ T9011]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  134.669183][ T9011] RIP: 0033:0x443569
[  134.673065][ T9011] Code: Bad RIP value.
[  134.677692][ T9011] RSP: 002b:00007ffe2e5f4dc8 EFLAGS: 00000246 ORIG_RAX: 000000000000002b
[  134.686086][ T9011] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 0000000000443569
[  134.694047][ T9011] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  134.702031][ T9011] RBP: 0000000000000003 R08: 00000000004aab5a R09: 00000000004aab5a
[  134.709982][ T9011] R10: 00000000004aab5a R11: 0000000000000246 R12: 000055555570a850
[  134.717929][ T9011] R13: 0000000000000013 R14: 0000000000000000 R15: 0000000000000000
[  134.728079][ T9011] ==================================================================
[  134.736165][ T9011] BUG: KASAN: use-after-free in do_raw_spin_lock+0x28a/0x2e0
[  134.743511][ T9011] Read of size 4 at addr ffff88808b3faccc by task syz-executor034/9011
[  134.751719][ T9011] 
executing program
[  134.754029][ T9011] CPU: 0 PID: 9011 Comm: syz-executor034 Not tainted 5.3.0-rc1-next-20190724 #50
[  134.763105][ T9011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  134.773134][ T9011] Call Trace:
[  134.776409][ T9011]  dump_stack+0x172/0x1f0
[  134.780725][ T9011]  ? do_raw_spin_lock+0x28a/0x2e0
[  134.785737][ T9011]  print_address_description.cold+0xd4/0x306
[  134.791710][ T9011]  ? do_raw_spin_lock+0x28a/0x2e0
[  134.796764][ T9011]  ? do_raw_spin_lock+0x28a/0x2e0
[  134.801798][ T9011]  __kasan_report.cold+0x1b/0x36
[  134.806732][ T9011]  ? do_raw_spin_lock+0x28a/0x2e0
executing program
executing program
[  134.811756][ T9011]  kasan_report+0x12/0x17
[  134.816106][ T9011]  __asan_report_load4_noabort+0x14/0x20
[  134.821723][ T9011]  do_raw_spin_lock+0x28a/0x2e0
[  134.826550][ T9011]  ? rwlock_bug.part.0+0x90/0x90
[  134.831472][ T9011]  ? lock_acquire+0x190/0x410
[  134.836142][ T9011]  ? release_sock+0x20/0x1c0
[  134.840708][ T9011]  ? __sk_free+0x100/0x360
[  134.845120][ T9011]  _raw_spin_lock_bh+0x3b/0x50
[  134.849887][ T9011]  ? release_sock+0x20/0x1c0
[  134.854491][ T9011]  release_sock+0x20/0x1c0
[  134.858886][ T9011]  nr_release+0x303/0x3e0
[  134.863194][ T9011]  __sock_release+0xce/0x280
[  134.867772][ T9011]  sock_close+0x1e/0x30
[  134.871919][ T9011]  __fput+0x2ff/0x890
[  134.875897][ T9011]  ? __sock_release+0x280/0x280
[  134.880730][ T9011]  ____fput+0x16/0x20
[  134.884693][ T9011]  task_work_run+0x145/0x1c0
[  134.889272][ T9011]  do_exit+0x92f/0x2eb0
[  134.893405][ T9011]  ? mm_update_next_owner+0x640/0x640
[  134.898772][ T9011]  ? lock_downgrade+0x920/0x920
[  134.903600][ T9011]  ? _raw_spin_unlock_irq+0x28/0x90
[  134.908776][ T9011]  ? get_signal+0x392/0x2500
[  134.913342][ T9011]  ? _raw_spin_unlock_irq+0x28/0x90
[  134.918526][ T9011]  do_group_exit+0x135/0x360
[  134.923118][ T9011]  get_signal+0x47c/0x2500
[  134.927532][ T9011]  ? __kasan_check_read+0x11/0x20
[  134.932543][ T9011]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  134.938761][ T9011]  ? apparmor_socket_accept+0xb6/0x160
[  134.944212][ T9011]  do_signal+0x87/0x1700
[  134.948441][ T9011]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  134.954662][ T9011]  ? __sys_accept4+0x482/0x6a0
[  134.959421][ T9011]  ? setup_sigcontext+0x7d0/0x7d0
[  134.964421][ T9011]  ? release_sock+0x156/0x1c0
[  134.969077][ T9011]  ? nr_listen+0x115/0x160
[  134.973472][ T9011]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  134.979699][ T9011]  ? __sys_listen+0x1b7/0x260
[  134.984372][ T9011]  ? exit_to_usermode_loop+0x43/0x380
[  134.989740][ T9011]  ? do_syscall_64+0x65f/0x760
[  134.994493][ T9011]  ? exit_to_usermode_loop+0x43/0x380
[  134.999841][ T9011]  ? lockdep_hardirqs_on+0x418/0x5d0
[  135.005106][ T9011]  ? trace_hardirqs_on+0x67/0x240
executing program
[  135.010107][ T9011]  exit_to_usermode_loop+0x286/0x380
[  135.015383][ T9011]  do_syscall_64+0x65f/0x760
[  135.019955][ T9011]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  135.025824][ T9011] RIP: 0033:0x443569
[  135.029734][ T9011] Code: Bad RIP value.
[  135.033788][ T9011] RSP: 002b:00007ffe2e5f4dc8 EFLAGS: 00000246 ORIG_RAX: 000000000000002b
[  135.042174][ T9011] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 0000000000443569
[  135.050135][ T9011] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  135.058097][ T9011] RBP: 0000000000000003 R08: 00000000004aab5a R09: 00000000004aab5a
[  135.066071][ T9011] R10: 00000000004aab5a R11: 0000000000000246 R12: 000055555570a850
[  135.074019][ T9011] R13: 0000000000000013 R14: 0000000000000000 R15: 0000000000000000
[  135.081971][ T9011] 
[  135.084287][ T9011] Allocated by task 8997:
[  135.088620][ T9011]  save_stack+0x23/0x90
[  135.092754][ T9011]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  135.098377][ T9011]  kasan_kmalloc+0x9/0x10
[  135.102699][ T9011]  __kmalloc+0x163/0x770
[  135.106949][ T9011]  sk_prot_alloc+0x23a/0x310
[  135.111518][ T9011]  sk_alloc+0x39/0xf70
[  135.115573][ T9011]  nr_rx_frame+0x733/0x1e73
[  135.120061][ T9011]  nr_loopback_timer+0x7b/0x170
[  135.124889][ T9011]  call_timer_fn+0x1ac/0x780
[  135.129455][ T9011]  run_timer_softirq+0x697/0x17a0
[  135.134457][ T9011]  __do_softirq+0x262/0x98c
[  135.138930][ T9011] 
[  135.141243][ T9011] Freed by task 9011:
[  135.145206][ T9011]  save_stack+0x23/0x90
[  135.149338][ T9011]  __kasan_slab_free+0x102/0x150
[  135.154269][ T9011]  kasan_slab_free+0xe/0x10
[  135.158756][ T9011]  kfree+0x10a/0x2c0
[  135.162640][ T9011]  __sk_destruct+0x4f7/0x6e0
[  135.167225][ T9011]  sk_destruct+0x86/0xa0
[  135.171447][ T9011]  __sk_free+0xfb/0x360
[  135.175582][ T9011]  sk_free+0x42/0x50
[  135.179454][ T9011]  nr_destroy_socket+0x3ea/0x4a0
[  135.184377][ T9011]  nr_release+0x347/0x3e0
[  135.188730][ T9011]  __sock_release+0xce/0x280
[  135.193312][ T9011]  sock_close+0x1e/0x30
[  135.197444][ T9011]  __fput+0x2ff/0x890
[  135.201418][ T9011]  ____fput+0x16/0x20
[  135.205386][ T9011]  task_work_run+0x145/0x1c0
[  135.209965][ T9011]  do_exit+0x92f/0x2eb0
[  135.214097][ T9011]  do_group_exit+0x135/0x360
[  135.218668][ T9011]  get_signal+0x47c/0x2500
[  135.223086][ T9011]  do_signal+0x87/0x1700
[  135.227326][ T9011]  exit_to_usermode_loop+0x286/0x380
[  135.232597][ T9011]  do_syscall_64+0x65f/0x760
[  135.237164][ T9011]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  135.243033][ T9011] 
[  135.245350][ T9011] The buggy address belongs to the object at ffff88808b3fac40
[  135.245350][ T9011]  which belongs to the cache kmalloc-2k of size 2048
[  135.259391][ T9011] The buggy address is located 140 bytes inside of
[  135.259391][ T9011]  2048-byte region [ffff88808b3fac40, ffff88808b3fb440)
[  135.272728][ T9011] The buggy address belongs to the page:
[  135.278354][ T9011] page:ffffea00022cfe80 refcount:1 mapcount:0 mapping:ffff8880aa400e00 index:0x0 compound_mapcount: 0
[  135.289275][ T9011] flags: 0x1fffc0000010200(slab|head)
[  135.294626][ T9011] raw: 01fffc0000010200 ffffea00027f4a08 ffffea00022a3588 ffff8880aa400e00
[  135.303197][ T9011] raw: 0000000000000000 ffff88808b3fa3c0 0000000100000003 0000000000000000
[  135.311762][ T9011] page dumped because: kasan: bad access detected
[  135.318143][ T9011] 
[  135.320445][ T9011] Memory state around the buggy address:
[  135.326051][ T9011]  ffff88808b3fab80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  135.334086][ T9011]  ffff88808b3fac00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  135.342125][ T9011] >ffff88808b3fac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  135.350165][ T9011]                                               ^
[  135.356552][ T9011]  ffff88808b3fad00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  135.364586][ T9011]  ffff88808b3fad80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  135.372615][ T9011] ==================================================================
[  135.380704][ T9011] Kernel panic - not syncing: panic_on_warn set ...
[  135.387303][ T9011] CPU: 0 PID: 9011 Comm: syz-executor034 Tainted: G    B             5.3.0-rc1-next-20190724 #50
[  135.397785][ T9011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  135.407817][ T9011] Call Trace:
[  135.411089][ T9011]  dump_stack+0x172/0x1f0
[  135.415494][ T9011]  panic+0x2dc/0x755
[  135.419392][ T9011]  ? add_taint.cold+0x16/0x16
[  135.424067][ T9011]  ? trace_hardirqs_on+0x5e/0x240
[  135.429067][ T9011]  ? trace_hardirqs_on+0x5e/0x240
[  135.434070][ T9011]  ? do_raw_spin_lock+0x28a/0x2e0
[  135.439071][ T9011]  end_report+0x47/0x4f
[  135.443207][ T9011]  ? do_raw_spin_lock+0x28a/0x2e0
[  135.448210][ T9011]  __kasan_report.cold+0xe/0x36
[  135.453040][ T9011]  ? do_raw_spin_lock+0x28a/0x2e0
[  135.458053][ T9011]  kasan_report+0x12/0x17
[  135.462377][ T9011]  __asan_report_load4_noabort+0x14/0x20
[  135.467992][ T9011]  do_raw_spin_lock+0x28a/0x2e0
[  135.472921][ T9011]  ? rwlock_bug.part.0+0x90/0x90
[  135.477837][ T9011]  ? lock_acquire+0x190/0x410
[  135.482501][ T9011]  ? release_sock+0x20/0x1c0
[  135.487088][ T9011]  ? __sk_free+0x100/0x360
[  135.491485][ T9011]  _raw_spin_lock_bh+0x3b/0x50
[  135.496246][ T9011]  ? release_sock+0x20/0x1c0
[  135.500822][ T9011]  release_sock+0x20/0x1c0
[  135.513819][ T9011]  nr_release+0x303/0x3e0
[  135.518142][ T9011]  __sock_release+0xce/0x280
[  135.522725][ T9011]  sock_close+0x1e/0x30
[  135.526880][ T9011]  __fput+0x2ff/0x890
[  135.530871][ T9011]  ? __sock_release+0x280/0x280
[  135.535726][ T9011]  ____fput+0x16/0x20
[  135.539687][ T9011]  task_work_run+0x145/0x1c0
[  135.544277][ T9011]  do_exit+0x92f/0x2eb0
[  135.548412][ T9011]  ? mm_update_next_owner+0x640/0x640
[  135.553762][ T9011]  ? lock_downgrade+0x920/0x920
[  135.558589][ T9011]  ? _raw_spin_unlock_irq+0x28/0x90
[  135.563763][ T9011]  ? get_signal+0x392/0x2500
[  135.568328][ T9011]  ? _raw_spin_unlock_irq+0x28/0x90
[  135.573506][ T9011]  do_group_exit+0x135/0x360
[  135.578100][ T9011]  get_signal+0x47c/0x2500
[  135.582518][ T9011]  ? __kasan_check_read+0x11/0x20
[  135.587532][ T9011]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  135.593753][ T9011]  ? apparmor_socket_accept+0xb6/0x160
[  135.599194][ T9011]  do_signal+0x87/0x1700
[  135.603481][ T9011]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  135.609747][ T9011]  ? __sys_accept4+0x482/0x6a0
[  135.614598][ T9011]  ? setup_sigcontext+0x7d0/0x7d0
[  135.619630][ T9011]  ? release_sock+0x156/0x1c0
[  135.624300][ T9011]  ? nr_listen+0x115/0x160
[  135.628698][ T9011]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  135.635005][ T9011]  ? __sys_listen+0x1b7/0x260
[  135.639660][ T9011]  ? exit_to_usermode_loop+0x43/0x380
[  135.645009][ T9011]  ? do_syscall_64+0x65f/0x760
[  135.649751][ T9011]  ? exit_to_usermode_loop+0x43/0x380
[  135.655103][ T9011]  ? lockdep_hardirqs_on+0x418/0x5d0
[  135.660367][ T9011]  ? trace_hardirqs_on+0x67/0x240
[  135.665370][ T9011]  exit_to_usermode_loop+0x286/0x380
[  135.670635][ T9011]  do_syscall_64+0x65f/0x760
[  135.675228][ T9011]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  135.681099][ T9011] RIP: 0033:0x443569
[  135.685017][ T9011] Code: Bad RIP value.
[  135.689077][ T9011] RSP: 002b:00007ffe2e5f4dc8 EFLAGS: 00000246 ORIG_RAX: 000000000000002b
[  135.697465][ T9011] RAX: 0000000000000003 RBX: 0000000000000003 RCX: 0000000000443569
[  135.705413][ T9011] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  135.713362][ T9011] RBP: 0000000000000003 R08: 00000000004aab5a R09: 00000000004aab5a
[  135.721313][ T9011] R10: 00000000004aab5a R11: 0000000000000246 R12: 000055555570a850
[  135.729290][ T9011] R13: 0000000000000013 R14: 0000000000000000 R15: 0000000000000000
[  135.738217][ T9011] Kernel Offset: disabled
[  135.742561][ T9011] Rebooting in 86400 seconds..