[....] Starting enhanced syslogd: rsyslogd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 60.055609][ T27] audit: type=1800 audit(1563591124.174:25): pid=8890 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[ 60.098604][ T27] audit: type=1800 audit(1563591124.174:26): pid=8890 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 60.146338][ T27] audit: type=1800 audit(1563591124.174:27): pid=8890 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.10' (ECDSA) to the list of known hosts.
2019/07/20 02:53:33 parsed 1 programs
2019/07/20 02:53:35 executed programs: 0
syzkaller login: [ 151.644002][ T9068] IPVS: ftp: loaded support on port[0] = 21
[ 151.656622][ T9070] IPVS: ftp: loaded support on port[0] = 21
[ 151.720411][ T9074] IPVS: ftp: loaded support on port[0] = 21
[ 151.736997][ T9075] IPVS: ftp: loaded support on port[0] = 21
[ 151.797492][ T9078] IPVS: ftp: loaded support on port[0] = 21
[ 151.834537][ T9077] IPVS: ftp: loaded support on port[0] = 21
[ 151.971354][ T9070] chnl_net:caif_netlink_parms(): no params data found
[ 152.079699][ T9074] chnl_net:caif_netlink_parms(): no params data found
[ 152.105698][ T9070] bridge0: port 1(bridge_slave_0) entered blocking state
[ 152.114005][ T9070] bridge0: port 1(bridge_slave_0) entered disabled state
[ 152.121900][ T9070] device bridge_slave_0 entered promiscuous mode
[ 152.160839][ T9070] bridge0: port 2(bridge_slave_1) entered blocking state
[ 152.167988][ T9070] bridge0: port 2(bridge_slave_1) entered disabled state
[ 152.175633][ T9070] device bridge_slave_1 entered promiscuous mode
[ 152.207884][ T9070] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 152.222221][ T9075] chnl_net:caif_netlink_parms(): no params data found
[ 152.231236][ T9068] chnl_net:caif_netlink_parms(): no params data found
[ 152.254026][ T9070] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 152.285223][ T9070] team0: Port device team_slave_0 added
[ 152.317695][ T9070] team0: Port device team_slave_1 added
[ 152.337034][ T9074] bridge0: port 1(bridge_slave_0) entered blocking state
[ 152.345657][ T9074] bridge0: port 1(bridge_slave_0) entered disabled state
[ 152.354512][ T9074] device bridge_slave_0 entered promiscuous mode
[ 152.471603][ T9070] device hsr_slave_0 entered promiscuous mode
[ 152.508633][ T9070] device hsr_slave_1 entered promiscuous mode
[ 152.558815][ T9074] bridge0: port 2(bridge_slave_1) entered blocking state
[ 152.565909][ T9074] bridge0: port 2(bridge_slave_1) entered disabled state
[ 152.573884][ T9074] device bridge_slave_1 entered promiscuous mode
[ 152.610847][ T9074] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 152.628686][ T9074] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 152.657163][ T9078] chnl_net:caif_netlink_parms(): no params data found
[ 152.666112][ T9068] bridge0: port 1(bridge_slave_0) entered blocking state
[ 152.675585][ T9068] bridge0: port 1(bridge_slave_0) entered disabled state
[ 152.683936][ T9068] device bridge_slave_0 entered promiscuous mode
[ 152.695511][ T9068] bridge0: port 2(bridge_slave_1) entered blocking state
[ 152.702714][ T9068] bridge0: port 2(bridge_slave_1) entered disabled state
[ 152.711007][ T9068] device bridge_slave_1 entered promiscuous mode
[ 152.726926][ T9074] team0: Port device team_slave_0 added
[ 152.748997][ T9075] bridge0: port 1(bridge_slave_0) entered blocking state
[ 152.756075][ T9075] bridge0: port 1(bridge_slave_0) entered disabled state
[ 152.764028][ T9075] device bridge_slave_0 entered promiscuous mode
[ 152.774762][ T9075] bridge0: port 2(bridge_slave_1) entered blocking state
[ 152.782033][ T9075] bridge0: port 2(bridge_slave_1) entered disabled state
[ 152.790036][ T9075] device bridge_slave_1 entered promiscuous mode
[ 152.804875][ T9074] team0: Port device team_slave_1 added
[ 152.813022][ T9068] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 152.827906][ T9077] chnl_net:caif_netlink_parms(): no params data found
[ 152.852280][ T9068] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 152.892801][ T9070] bridge0: port 2(bridge_slave_1) entered blocking state
[ 152.900078][ T9070] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 152.907683][ T9070] bridge0: port 1(bridge_slave_0) entered blocking state
[ 152.914807][ T9070] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 152.926026][ T9075] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 152.982785][ T9075] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 152.993911][ T9068] team0: Port device team_slave_0 added
[ 153.061387][ T9074] device hsr_slave_0 entered promiscuous mode
[ 153.118671][ T9074] device hsr_slave_1 entered promiscuous mode
[ 153.158431][ T9074] debugfs: Directory 'hsr0' with parent '/' already present!
[ 153.172110][ T9078] bridge0: port 1(bridge_slave_0) entered blocking state
[ 153.180453][ T9078] bridge0: port 1(bridge_slave_0) entered disabled state
[ 153.188436][ T9078] device bridge_slave_0 entered promiscuous mode
[ 153.195639][ T9077] bridge0: port 1(bridge_slave_0) entered blocking state
[ 153.203288][ T9077] bridge0: port 1(bridge_slave_0) entered disabled state
[ 153.211119][ T9077] device bridge_slave_0 entered promiscuous mode
[ 153.225000][ T9077] bridge0: port 2(bridge_slave_1) entered blocking state
[ 153.232547][ T9077] bridge0: port 2(bridge_slave_1) entered disabled state
[ 153.240532][ T9077] device bridge_slave_1 entered promiscuous mode
[ 153.248802][ T9068] team0: Port device team_slave_1 added
[ 153.264303][ T3605] bridge0: port 1(bridge_slave_0) entered disabled state
[ 153.272007][ T3605] bridge0: port 2(bridge_slave_1) entered disabled state
[ 153.288692][ T9078] bridge0: port 2(bridge_slave_1) entered blocking state
[ 153.295786][ T9078] bridge0: port 2(bridge_slave_1) entered disabled state
[ 153.304618][ T9078] device bridge_slave_1 entered promiscuous mode
[ 153.321283][ T9075] team0: Port device team_slave_0 added
[ 153.333821][ T9077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 153.361669][ T9075] team0: Port device team_slave_1 added
[ 153.369183][ T9077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 153.441683][ T9068] device hsr_slave_0 entered promiscuous mode
[ 153.488508][ T9068] device hsr_slave_1 entered promiscuous mode
[ 153.528397][ T9068] debugfs: Directory 'hsr0' with parent '/' already present!
[ 153.563008][ T9078] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 153.630226][ T9075] device hsr_slave_0 entered promiscuous mode
[ 153.668571][ T9075] device hsr_slave_1 entered promiscuous mode
[ 153.708419][ T9075] debugfs: Directory 'hsr0' with parent '/' already present!
[ 153.717000][ T9077] team0: Port device team_slave_0 added
[ 153.730910][ T9078] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 153.757977][ T9077] team0: Port device team_slave_1 added
[ 153.792342][ T9078] team0: Port device team_slave_0 added
[ 153.842069][ T9077] device hsr_slave_0 entered promiscuous mode
[ 153.868663][ T9077] device hsr_slave_1 entered promiscuous mode
[ 153.928303][ T9077] debugfs: Directory 'hsr0' with parent '/' already present!
[ 153.936881][ T9078] team0: Port device team_slave_1 added
[ 154.021470][ T9078] device hsr_slave_0 entered promiscuous mode
[ 154.058701][ T9078] device hsr_slave_1 entered promiscuous mode
[ 154.098574][ T9078] debugfs: Directory 'hsr0' with parent '/' already present!
[ 154.160906][ T9075] 8021q: adding VLAN 0 to HW filter on device bond0
[ 154.177672][ T9070] 8021q: adding VLAN 0 to HW filter on device bond0
[ 154.225771][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 154.235453][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 154.243928][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 154.251808][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 154.262432][ T9075] 8021q: adding VLAN 0 to HW filter on device team0
[ 154.283083][ T9070] 8021q: adding VLAN 0 to HW filter on device team0
[ 154.307395][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 154.316267][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 154.325705][ T3597] bridge0: port 1(bridge_slave_0) entered blocking state
[ 154.332815][ T3597] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 154.340724][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 154.349388][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 154.357649][ T3597] bridge0: port 1(bridge_slave_0) entered blocking state
[ 154.364755][ T3597] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 154.372783][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 154.416616][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 154.426556][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 154.435661][ T3605] bridge0: port 2(bridge_slave_1) entered blocking state
[ 154.442792][ T3605] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 154.453780][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 154.462713][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 154.471519][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 154.480186][ T3605] bridge0: port 2(bridge_slave_1) entered blocking state
[ 154.487517][ T3605] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 154.499953][ T9077] 8021q: adding VLAN 0 to HW filter on device bond0
[ 154.513103][ T9074] 8021q: adding VLAN 0 to HW filter on device bond0
[ 154.537397][ T9077] 8021q: adding VLAN 0 to HW filter on device team0
[ 154.544528][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 154.553666][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 154.562992][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 154.571417][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 154.591841][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 154.600990][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 154.610222][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 154.619283][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 154.627800][ T3002] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 154.637102][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 154.667675][ T9070] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 154.679462][ T9070] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 154.698482][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 154.707234][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 154.716337][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 154.725857][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 154.734310][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 154.742780][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 154.751240][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 154.759749][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 154.767943][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 154.776547][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 154.785260][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 154.793765][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 154.802092][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 154.810020][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 154.817663][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 154.826441][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 154.834792][ T9080] bridge0: port 1(bridge_slave_0) entered blocking state
[ 154.841919][ T9080] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 154.849855][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 154.857838][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 154.865679][ T9080] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 154.880757][ T9074] 8021q: adding VLAN 0 to HW filter on device team0
[ 154.889712][ T9075] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 154.915672][ T9070] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 154.936991][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 154.947351][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 154.966547][ T3605] bridge0: port 2(bridge_slave_1) entered blocking state
[ 154.973692][ T3605] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 154.982230][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 154.991007][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 154.999988][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 155.008673][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 155.016965][ T3605] bridge0: port 1(bridge_slave_0) entered blocking state
[ 155.024084][ T3605] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 155.032121][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 155.040869][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 155.049553][ T3605] bridge0: port 2(bridge_slave_1) entered blocking state
[ 155.056598][ T3605] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 155.067717][ T9068] 8021q: adding VLAN 0 to HW filter on device bond0
[ 155.080228][ T9078] 8021q: adding VLAN 0 to HW filter on device bond0
[ 155.105810][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 155.115640][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 155.131317][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 155.144290][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 155.153151][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 155.178132][ T9068] 8021q: adding VLAN 0 to HW filter on device team0
[ 155.200171][ T9075] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 155.224977][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 155.241072][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 155.255504][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 155.265673][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 155.275482][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 155.284876][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 155.293351][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 155.301869][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 155.310188][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 155.317798][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 155.325827][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 155.333761][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 155.342704][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 155.351834][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 155.360502][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 155.375842][ T9074] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 155.386571][ T9074] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 155.409884][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 155.435515][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 155.458522][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 155.467186][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 155.484260][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 155.494432][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 155.502362][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 155.511881][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 155.520614][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 155.527673][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 155.536098][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 155.550669][ T9078] 8021q: adding VLAN 0 to HW filter on device team0
[ 155.610379][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 155.623284][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 155.637594][ T3605] bridge0: port 1(bridge_slave_0) entered blocking state
[ 155.644691][ T3605] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 155.653329][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 155.662991][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 155.671496][ T3605] bridge0: port 2(bridge_slave_1) entered blocking state
[ 155.678595][ T3605] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 155.686668][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 155.695962][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 155.704906][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 155.714066][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 155.732185][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 155.749767][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 155.757853][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 155.767676][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 155.778924][ T3605] bridge0: port 2(bridge_slave_1) entered blocking state
[ 155.786034][ T3605] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 155.829567][ T9074] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 155.842221][ T9077] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 155.866693][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 155.885924][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 155.905645][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 155.914572][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 155.930188][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 155.950233][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 155.964982][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 155.973731][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 155.983340][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 155.992736][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 156.002145][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 156.011028][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 156.019725][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 156.033642][ T3597] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 156.043207][ T9068] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 156.063263][ T9078] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 156.078594][ T9078] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 156.110460][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 156.136946][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 156.149765][ T3605] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 156.217349][ T9078] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 156.242318][ T9068] 8021q: adding VLAN 0 to HW filter on device batadv0
2019/07/20 02:53:40 executed programs: 11
[ 160.218378][ C1] ------------[ cut here ]------------
[ 160.224105][ C1] refcount_t: increment on 0; use-after-free.
[ 160.230488][ C1] WARNING: CPU: 1 PID: 0 at lib/refcount.c:156 refcount_inc_checked+0x61/0x70
[ 160.239017][ T9384] ==================================================================
[ 160.239324][ C1] Kernel panic - not syncing: panic_on_warn set ...
[ 160.239347][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.2.0+ #93
[ 160.247456][ T9384] BUG: KASAN: use-after-free in refcount_inc_not_zero_checked+0x81/0x200
[ 160.254019][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 160.260853][ T9384] Read of size 4 at addr ffff888094d3ec00 by task syz-executor.3/9384
[ 160.269238][ C1] Call Trace:
[ 160.279292][ T9384]
[ 160.293020][ C1]
[ 160.295879][ C1] dump_stack+0x172/0x1f0
[ 160.300214][ C1] ? refcount_inc_not_zero_checked+0x1e0/0x200
[ 160.306366][ C1] panic+0x2dc/0x755
[ 160.310257][ C1] ? add_taint.cold+0x16/0x16
[ 160.314938][ C1] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 160.321175][ C1] ? __warn.cold+0x5/0x4c
[ 160.325514][ C1] ? __warn+0xe7/0x1e0
[ 160.329588][ C1] ? refcount_inc_checked+0x61/0x70
[ 160.334780][ C1] __warn.cold+0x20/0x4c
[ 160.339018][ C1] ? vprintk_emit+0x1ea/0x700
[ 160.343688][ C1] ? refcount_inc_checked+0x61/0x70
[ 160.348887][ C1] report_bug+0x263/0x2b0
[ 160.353218][ C1] do_error_trap+0x11b/0x200
[ 160.357812][ C1] do_invalid_op+0x37/0x50
[ 160.362223][ C1] ? refcount_inc_checked+0x61/0x70
[ 160.367418][ C1] invalid_op+0x14/0x20
[ 160.371572][ C1] RIP: 0010:refcount_inc_checked+0x61/0x70
[ 160.377381][ C1] Code: 1d 90 c8 63 06 31 ff 89 de e8 4b 4b 37 fe 84 db 75 dd e8 02 4a 37 fe 48 c7 c7 20 1c c5 87 c6 05 70 c8 63 06 01 e8 e7 f3 08 fe <0f> 0b eb c1 90 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 41 57 41
[ 160.396983][ C1] RSP: 0018:ffff8880ae909bf0 EFLAGS: 00010282
[ 160.403039][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 160.411002][ C1] RDX: 0000000000000100 RSI: ffffffff815c1016 RDI: ffffed1015d21370
[ 160.418967][ C1] RBP: ffff8880ae909c00 R08: ffff8880a98ce340 R09: fffffbfff14a276f
[ 160.426940][ C1] R10: fffffbfff14a276e R11: ffffffff8a513b77 R12: ffff888094d3ec00
[ 160.434904][ C1] R13: ffff888094d3ebe8 R14: ffff888095d80088 R15: ffff888095d80060
[ 160.442896][ C1] ? vprintk_func+0x86/0x189
[ 160.447499][ C1] nr_insert_socket+0x2d/0xe0
[ 160.452175][ C1] nr_rx_frame+0x1605/0x1e80
[ 160.456777][ C1] nr_loopback_timer+0x7b/0x170
[ 160.461628][ C1] call_timer_fn+0x1ac/0x780
[ 160.466212][ C1] ? nr_process_rx_frame+0x1540/0x1540
[ 160.471668][ C1] ? msleep_interruptible+0x150/0x150
[ 160.477044][ C1] ? run_timer_softirq+0x685/0x17a0
[ 160.482238][ C1] ? trace_hardirqs_on+0x67/0x240
[ 160.487254][ C1] ? __kasan_check_read+0x11/0x20
[ 160.492271][ C1] ? nr_process_rx_frame+0x1540/0x1540
[ 160.497725][ C1] ? nr_process_rx_frame+0x1540/0x1540
[ 160.503181][ C1] run_timer_softirq+0x697/0x17a0
[ 160.508209][ C1] ? add_timer+0x930/0x930
[ 160.512626][ C1] ? kvm_clock_read+0x18/0x30
[ 160.517298][ C1] ? kvm_sched_clock_read+0x9/0x20
[ 160.522402][ C1] ? sched_clock+0x2e/0x50
[ 160.526815][ C1] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 160.533054][ C1] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 160.539306][ C1] __do_softirq+0x262/0x98c
[ 160.543808][ C1] ? sched_clock_cpu+0x1b/0x1b0
[ 160.548681][ C1] irq_exit+0x19b/0x1e0
[ 160.552842][ C1] smp_apic_timer_interrupt+0x1a3/0x610
[ 160.558385][ C1] apic_timer_interrupt+0xf/0x20
[ 160.563313][ C1]
[ 160.566251][ C1] RIP: 0010:native_safe_halt+0xe/0x10
[ 160.571623][ C1] Code: 18 23 7b fa eb 8a 90 90 90 90 90 90 e9 07 00 00 00 0f 00 2d 04 07 57 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d f4 06 57 00 fb f4 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 e8 ae 1f 2f fa e8 89
[ 160.591233][ C1] RSP: 0018:ffff8880a98e7d68 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
[ 160.599648][ C1] RAX: 1ffffffff11a5ca5 RBX: ffff8880a98ce340 RCX: 0000000000000000
[ 160.607624][ C1] RDX: dffffc0000000000 RSI: 0000000000000006 RDI: ffff8880a98cebcc
[ 160.615603][ C1] RBP: ffff8880a98e7d98 R08: ffff8880a98ce340 R09: 0000000000000000
[ 160.623589][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[ 160.631560][ C1] R13: ffffffff89a299b8 R14: 0000000000000000 R15: 0000000000000001
[ 160.639562][ C1] ? default_idle+0x4e/0x360
[ 160.644167][ C1] arch_cpu_idle+0xa/0x10
[ 160.648495][ C1] default_idle_call+0x84/0xb0
[ 160.653254][ C1] do_idle+0x413/0x760
[ 160.657328][ C1] ? arch_cpu_idle_exit+0x80/0x80
[ 160.662433][ C1] ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 160.668238][ C1] ? complete+0x61/0x80
[ 160.673972][ C1] cpu_startup_entry+0x1b/0x20
[ 160.678738][ C1] start_secondary+0x315/0x430
[ 160.683501][ C1] ? set_cpu_sibling_map+0x2180/0x2180
[ 160.688971][ C1] secondary_startup_64+0xa4/0xb0
[ 160.694015][ T9384] CPU: 0 PID: 9384 Comm: syz-executor.3 Not tainted 5.2.0+ #93
[ 160.701564][ T9384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 160.711614][ T9384] Call Trace:
[ 160.714907][ T9384] dump_stack+0x172/0x1f0
[ 160.719236][ T9384] ? refcount_inc_not_zero_checked+0x81/0x200
[ 160.725326][ T9384] print_address_description.cold+0xd4/0x306
[ 160.731312][ T9384] ? refcount_inc_not_zero_checked+0x81/0x200
[ 160.737464][ T9384] ? refcount_inc_not_zero_checked+0x81/0x200
[ 160.743530][ T9384] __kasan_report.cold+0x1b/0x36
[ 160.748492][ T9384] ? refcount_inc_not_zero_checked+0x81/0x200
[ 160.754559][ T9384] kasan_report+0x12/0x20
[ 160.758888][ T9384] check_memory_region+0x134/0x1a0
[ 160.764001][ T9384] __kasan_check_read+0x11/0x20
[ 160.768845][ T9384] refcount_inc_not_zero_checked+0x81/0x200
[ 160.774736][ T9384] ? refcount_dec_and_mutex_lock+0x90/0x90
[ 160.780542][ T9384] ? __kasan_check_write+0x14/0x20
[ 160.785648][ T9384] refcount_inc_checked+0x17/0x70
[ 160.790841][ T9384] nr_release+0x62/0x3e0
[ 160.795087][ T9384] __sock_release+0xce/0x280
[ 160.799674][ T9384] sock_close+0x1e/0x30
[ 160.803826][ T9384] __fput+0x2ff/0x890
[ 160.807806][ T9384] ? __sock_release+0x280/0x280
[ 160.812653][ T9384] ____fput+0x16/0x20
[ 160.816634][ T9384] task_work_run+0x145/0x1c0
[ 160.821230][ T9384] exit_to_usermode_loop+0x316/0x380
[ 160.826514][ T9384] do_syscall_64+0x5a9/0x6a0
[ 160.831109][ T9384] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 160.837109][ T9384] RIP: 0033:0x413501
[ 160.841000][ T9384] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[ 160.860604][ T9384] RSP: 002b:00007ffc649d87d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 160.869110][ T9384] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413501
[ 160.877074][ T9384] RDX: 0000001b32920000 RSI: 0000000000000000 RDI: 0000000000000003
[ 160.885042][ T9384] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[ 160.893014][ T9384] R10: 00007ffc649d88b0 R11: 0000000000000293 R12: 000000000075c9a0
[ 160.900985][ T9384] R13: 000000000075c9a0 R14: 0000000000760c28 R15: ffffffffffffffff
[ 160.908975][ T9384]
[ 160.911295][ T9384] Allocated by task 0:
[ 160.915361][ T9384] save_stack+0x23/0x90
[ 160.919512][ T9384] __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 160.925138][ T9384] kasan_kmalloc+0x9/0x10
[ 160.929458][ T9384] __kmalloc+0x163/0x780
[ 160.933694][ T9384] sk_prot_alloc+0x23a/0x310
[ 160.938282][ T9384] sk_alloc+0x39/0xf70
[ 160.942350][ T9384] nr_rx_frame+0x733/0x1e80
[ 160.946848][ T9384] nr_loopback_timer+0x7b/0x170
[ 160.951690][ T9384] call_timer_fn+0x1ac/0x780
[ 160.956274][ T9384] run_timer_softirq+0x697/0x17a0
[ 160.961301][ T9384] __do_softirq+0x262/0x98c
[ 160.965861][ T9384]
[ 160.968180][ T9384] Freed by task 9388:
[ 160.972156][ T9384] save_stack+0x23/0x90
[ 160.976320][ T9384] __kasan_slab_free+0x102/0x150
[ 160.981245][ T9384] kasan_slab_free+0xe/0x10
[ 160.985743][ T9384] kfree+0x10a/0x2c0
[ 160.989633][ T9384] __sk_destruct+0x4f7/0x6e0
[ 160.994216][ T9384] sk_destruct+0x86/0xa0
[ 160.998453][ T9384] __sk_free+0xfb/0x360
[ 161.002602][ T9384] sk_free+0x42/0x50
[ 161.006503][ T9384] sock_efree+0x61/0x80
[ 161.010653][ T9384] skb_release_head_state+0xeb/0x260
[ 161.015927][ T9384] skb_release_all+0x16/0x60
[ 161.020506][ T9384] kfree_skb+0x101/0x3c0
[ 161.024750][ T9384] nr_accept+0x570/0x720
[ 161.028986][ T9384] __sys_accept4+0x34e/0x6a0
[ 161.033562][ T9384] __x64_sys_accept+0x75/0xb0
[ 161.038232][ T9384] do_syscall_64+0xfd/0x6a0
[ 161.042727][ T9384] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 161.048600][ T9384]
[ 161.050923][ T9384] The buggy address belongs to the object at ffff888094d3eb80
[ 161.050923][ T9384] which belongs to the cache kmalloc-2k of size 2048
[ 161.064971][ T9384] The buggy address is located 128 bytes inside of
[ 161.064971][ T9384] 2048-byte region [ffff888094d3eb80, ffff888094d3f380)
[ 161.078314][ T9384] The buggy address belongs to the page:
[ 161.083944][ T9384] page:ffffea0002534f80 refcount:1 mapcount:0 mapping:ffff8880aa400e00 index:0x0 compound_mapcount: 0
[ 161.094869][ T9384] flags: 0x1fffc0000010200(slab|head)
[ 161.100240][ T9384] raw: 01fffc0000010200 ffffea000219c688 ffffea0002501c08 ffff8880aa400e00
[ 161.108819][ T9384] raw: 0000000000000000 ffff888094d3e300 0000000100000003 0000000000000000
[ 161.117390][ T9384] page dumped because: kasan: bad access detected
[ 161.123784][ T9384]
[ 161.126111][ T9384] Memory state around the buggy address:
[ 161.131734][ T9384] ffff888094d3eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 161.139787][ T9384] ffff888094d3eb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 161.147852][ T9384] >ffff888094d3ec00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 161.155903][ T9384] ^
[ 161.159963][ T9384] ffff888094d3ec80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 161.168017][ T9384] ffff888094d3ed00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 161.176086][ T9384] ==================================================================
[ 161.184229][ T9384] Disabling lock debugging due to kernel taint
[ 161.191332][ C1] Kernel Offset: disabled
[ 161.195672][ C1] Rebooting in 86400 seconds..