[   29.613246][   T24] audit: type=1800 audit(1563352513.435:22): pid=7096 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   56.152999][ T7269] IPVS: ftp: loaded support on port[0] = 21
[   56.559869][ T7254] can: request_module (can-proto-0) failed.
[   57.546113][ T7254] can: request_module (can-proto-0) failed.
Warning: Permanently added '10.128.1.57' (ECDSA) to the list of known hosts.
2019/07/17 08:35:48 parsed 1 programs
2019/07/17 08:35:49 executed programs: 0
[   65.855572][ T7341] IPVS: ftp: loaded support on port[0] = 21
[   65.888193][ T7346] IPVS: ftp: loaded support on port[0] = 21
[   65.909557][ T7344] IPVS: ftp: loaded support on port[0] = 21
[   65.911617][ T7351] IPVS: ftp: loaded support on port[0] = 21
[   65.919843][ T7348] IPVS: ftp: loaded support on port[0] = 21
[   65.963566][ T7350] IPVS: ftp: loaded support on port[0] = 21
[   66.119443][ T7341] chnl_net:caif_netlink_parms(): no params data found
[   66.149322][ T7346] chnl_net:caif_netlink_parms(): no params data found
[   66.182135][ T7351] chnl_net:caif_netlink_parms(): no params data found
[   66.203134][ T7344] chnl_net:caif_netlink_parms(): no params data found
[   66.282099][ T7346] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.289520][ T7346] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.297259][ T7346] device bridge_slave_0 entered promiscuous mode
[   66.309572][ T7341] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.316838][ T7341] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.324426][ T7341] device bridge_slave_0 entered promiscuous mode
[   66.356725][ T7346] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.364381][ T7346] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.373423][ T7346] device bridge_slave_1 entered promiscuous mode
[   66.381201][ T7350] chnl_net:caif_netlink_parms(): no params data found
[   66.394068][ T7341] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.402497][ T7341] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.409945][ T7341] device bridge_slave_1 entered promiscuous mode
[   66.416805][ T7344] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.424265][ T7344] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.431874][ T7344] device bridge_slave_0 entered promiscuous mode
[   66.471885][ T7344] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.478952][ T7344] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.488353][ T7344] device bridge_slave_1 entered promiscuous mode
[   66.495834][ T7351] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.503354][ T7351] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.511179][ T7351] device bridge_slave_0 entered promiscuous mode
[   66.518160][ T7348] chnl_net:caif_netlink_parms(): no params data found
[   66.528591][ T7346] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   66.542797][ T7341] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   66.557394][ T7341] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   66.566524][ T7351] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.573843][ T7351] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.581470][ T7351] device bridge_slave_1 entered promiscuous mode
[   66.604582][ T7346] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   66.640457][ T7341] team0: Port device team_slave_0 added
[   66.655891][ T7344] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   66.669774][ T7344] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   66.685354][ T7341] team0: Port device team_slave_1 added
[   66.692735][ T7346] team0: Port device team_slave_0 added
[   66.698489][ T7350] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.707306][ T7350] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.715737][ T7350] device bridge_slave_0 entered promiscuous mode
[   66.723395][ T7350] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.730432][ T7350] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.738201][ T7350] device bridge_slave_1 entered promiscuous mode
[   66.746401][ T7351] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   66.758060][ T7351] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   66.778158][ T7348] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.785692][ T7348] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.793564][ T7348] device bridge_slave_0 entered promiscuous mode
[   66.801501][ T7346] team0: Port device team_slave_1 added
[   66.807241][ T7348] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.814320][ T7348] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.822166][ T7348] device bridge_slave_1 entered promiscuous mode
[   66.847295][ T7344] team0: Port device team_slave_0 added
[   66.875740][ T7344] team0: Port device team_slave_1 added
[   66.883067][ T7348] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   66.892735][ T7350] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   66.933151][ T7341] device hsr_slave_0 entered promiscuous mode
[   67.000978][ T7341] device hsr_slave_1 entered promiscuous mode
[   67.056213][ T7351] team0: Port device team_slave_0 added
[   67.063125][ T7348] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   67.072485][ T7350] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   67.101584][ T7351] team0: Port device team_slave_1 added
[   67.152013][ T7346] device hsr_slave_0 entered promiscuous mode
[   67.191037][ T7346] device hsr_slave_1 entered promiscuous mode
[   67.235362][ T7350] team0: Port device team_slave_0 added
[   67.242316][ T7350] team0: Port device team_slave_1 added
[   67.292946][ T7344] device hsr_slave_0 entered promiscuous mode
[   67.360981][ T7344] device hsr_slave_1 entered promiscuous mode
[   67.514233][ T7351] device hsr_slave_0 entered promiscuous mode
[   67.561023][ T7351] device hsr_slave_1 entered promiscuous mode
[   67.606030][ T7348] team0: Port device team_slave_0 added
[   67.613361][ T7348] team0: Port device team_slave_1 added
[   67.664095][ T7350] device hsr_slave_0 entered promiscuous mode
[   67.720965][ T7350] device hsr_slave_1 entered promiscuous mode
[   67.802204][ T7348] device hsr_slave_0 entered promiscuous mode
[   67.841102][ T7348] device hsr_slave_1 entered promiscuous mode
[   67.964363][ T7341] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.995063][ T7344] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.008727][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   68.017322][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   68.028006][ T7341] 8021q: adding VLAN 0 to HW filter on device team0
[   68.049295][ T7344] 8021q: adding VLAN 0 to HW filter on device team0
[   68.074986][ T7350] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.083704][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   68.091872][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   68.108219][ T7344] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   68.119553][ T7344] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   68.145776][ T7350] 8021q: adding VLAN 0 to HW filter on device team0
[   68.152733][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   68.163639][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   68.172676][ T3495] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.179748][ T3495] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.187543][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   68.196749][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   68.205060][ T3495] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.212136][ T3495] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.219487][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   68.228302][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   68.236623][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   68.245118][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   68.253416][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   68.262117][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   68.270220][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   68.278552][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   68.286881][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   68.295058][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   68.303373][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   68.312044][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   68.320213][ T3495] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.327272][ T3495] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.334959][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   68.342640][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   68.350386][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   68.358141][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   68.365694][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   68.373311][ T3495] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   68.402911][ T7346] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.419115][ T7341] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   68.429956][ T7341] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   68.446680][ T7344] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.460358][ T7351] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.467423][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   68.476169][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   68.484722][ T3008] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.491833][ T3008] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.499284][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   68.508146][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   68.516649][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   68.525042][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   68.533572][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   68.542051][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   68.550224][ T3008] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.557318][ T3008] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.565201][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   68.573834][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   68.581939][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   68.590297][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   68.598590][ T3008] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.605627][ T3008] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.613202][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   68.621568][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   68.629586][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   68.637922][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   68.646047][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   68.654242][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   68.663646][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   68.671309][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   68.679538][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   68.695778][ T7351] 8021q: adding VLAN 0 to HW filter on device team0
[   68.718679][ T7348] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.726755][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   68.734682][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   68.743179][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   68.752058][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   68.783942][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   68.804430][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   68.814138][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   68.822526][ T2871] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.829547][ T2871] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.837133][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   68.845828][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   68.854128][ T2871] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.861176][ T2871] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.868641][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   68.877401][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   68.885922][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   68.894298][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   68.903297][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   68.911987][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   68.920181][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   68.928587][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   68.939047][ T7341] 8021q: adding VLAN 0 to HW filter on device batadv0
[   68.954454][ T7350] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   68.966163][ T7350] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   68.983385][ T7348] 8021q: adding VLAN 0 to HW filter on device team0
[   68.991138][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   69.000062][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   69.011676][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   69.020166][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   69.029025][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   69.037358][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   69.045619][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   69.053242][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   69.060963][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   69.068433][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   69.087026][ T7346] 8021q: adding VLAN 0 to HW filter on device team0
[   69.096741][ T7351] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   69.107790][ T7351] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   69.123171][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   69.131579][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   69.139794][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   69.149531][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   69.159151][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   69.192484][ T7351] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.212420][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   69.227225][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   69.248983][ T3008] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.256093][ T3008] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.281144][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   69.289716][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   69.298410][ T3008] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.305536][ T3008] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.314349][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   69.323075][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   69.332250][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   69.340532][ T3008] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.347617][ T3008] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.356734][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   69.365460][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   69.374335][ T3008] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.381422][ T3008] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.389343][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   69.397958][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   69.498735][ T7350] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.513609][ T7346] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   69.528447][ T7346] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   69.552389][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   69.562629][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   69.574957][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   69.588227][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   69.598086][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   69.613406][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   69.625276][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   69.635489][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   69.647952][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   69.658339][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   69.670058][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   69.680409][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   69.695777][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   69.711225][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   69.719376][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   69.727906][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   69.736225][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   69.747860][ T7348] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   69.760953][ T7367] 
[   69.763859][ T7348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   69.764583][ T7367] =========================
[   69.776139][ T7367] WARNING: held lock freed!
[   69.780625][ T7367] 5.2.0-rc6+ #1 Not tainted
[   69.783320][ T7346] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.785127][ T7367] -------------------------
[   69.785133][ T7367] syz-executor.5/7367 is freeing memory ffff88809a810100-ffff88809a8108ff, with a lock still held there!
[   69.785136][ T7367] 000000001e8c2f3e (sk_lock-AF_NETROM){+.+.}, at: nr_release+0x102/0x360
[   69.785150][ T7367] 2 locks held by syz-executor.5/7367:
[   69.785155][ T7367]  #0: 00000000e4e3066a (&sb->s_type->i_mutex_key#11){+.+.}, at: __sock_release+0x7d/0x290
[   69.792014][ T7346] kobject: 'vlan0' (00000000810a5430): kobject_add_internal: parent: 'mesh', set: '<NULL>'
[   69.796373][ T7367]  #1: 000000001e8c2f3e (sk_lock-AF_NETROM){+.+.}, at: nr_release+0x102/0x360
[   69.796384][ T7367] 
[   69.796384][ T7367] stack backtrace:
[   69.796391][ T7367] CPU: 1 PID: 7367 Comm: syz-executor.5 Not tainted 5.2.0-rc6+ #1
[   69.796394][ T7367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   69.796396][ T7367] Call Trace:
[   69.796404][ T7367]  dump_stack+0x113/0x167
[   69.881733][ T7367]  debug_check_no_locks_freed.cold.56+0x9e/0xaa
[   69.887954][ T7367]  ? trace_hardirqs_off+0x41/0x180
[   69.893034][ T7367]  kfree+0xb1/0x220
[   69.896811][ T7367]  __sk_destruct+0x3f1/0x580
[   69.901371][ T7367]  sk_destruct+0x49/0x60
[   69.905582][ T7367]  __sk_free+0x9e/0x230
[   69.909705][ T7367]  sk_free+0x23/0x30
[   69.913579][ T7367]  nr_destroy_socket+0x362/0x420
[   69.918481][ T7367]  nr_release+0x2c9/0x360
[   69.922776][ T7367]  __sock_release+0xc2/0x290
[   69.927331][ T7367]  sock_close+0x10/0x20
[   69.931452][ T7367]  __fput+0x25a/0x770
[   69.935401][ T7367]  ? _raw_spin_unlock_irq+0x27/0x80
[   69.940566][ T7367]  ____fput+0x9/0x10
[   69.944425][ T7367]  task_work_run+0x108/0x180
[   69.948991][ T7367]  exit_to_usermode_loop+0x1a9/0x200
[   69.954241][ T7367]  do_syscall_64+0x447/0x530
[   69.958798][ T7367]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   69.964675][ T7367] RIP: 0033:0x413501
[   69.968536][ T7367] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[   69.988108][ T7367] RSP: 002b:00007fff07f307a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   69.996490][ T7367] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000413501
[   70.004439][ T7367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[   70.012397][ T7367] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[   70.020342][ T7367] R10: 00007fff07f30880 R11: 0000000000000293 R12: 000000000075c9a0
[   70.028295][ T7367] R13: 000000000075c9a0 R14: 0000000000761050 R15: ffffffffffffffff
[   70.037185][ T7367] ==================================================================
[   70.037279][ T7388] kobject: 'bcsf0' (0000000093fc1043): kobject_add_internal: parent: 'net', set: 'devices'
[   70.045272][ T7367] BUG: KASAN: use-after-free in do_raw_spin_lock+0x282/0x2d0
[   70.045276][ T7367] Read of size 4 at addr ffff88809a81018c by task syz-executor.5/7367
[   70.045278][ T7367] 
[   70.045284][ T7367] CPU: 1 PID: 7367 Comm: syz-executor.5 Not tainted 5.2.0-rc6+ #1
[   70.045286][ T7367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.045288][ T7367] Call Trace:
[   70.045297][ T7367]  dump_stack+0x113/0x167
[   70.045306][ T7367]  print_address_description.cold.5+0x9/0x1ff
[   70.045311][ T7367]  ? do_raw_spin_lock+0x282/0x2d0
[   70.045316][ T7367]  __kasan_report.cold.6+0x1b/0x39
[   70.045320][ T7367]  ? do_raw_spin_lock+0x282/0x2d0
[   70.045325][ T7367]  ? do_raw_spin_lock+0x282/0x2d0
[   70.045329][ T7367]  kasan_report+0x12/0x20
[   70.045334][ T7367]  __asan_report_load4_noabort+0x14/0x20
[   70.045338][ T7367]  do_raw_spin_lock+0x282/0x2d0
[   70.045343][ T7367]  ? rwlock_bug.part.2+0x90/0x90
[   70.045347][ T7367]  ? lock_acquire+0x173/0x3d0
[   70.045353][ T7367]  ? release_sock+0x1b/0x180
[   70.045357][ T7367]  ? sk_destruct+0x49/0x60
[   70.045373][ T7367]  _raw_spin_lock_bh+0x39/0x40
[   70.045377][ T7367]  ? release_sock+0x1b/0x180
[   70.045381][ T7367]  release_sock+0x1b/0x180
[   70.045387][ T7367]  nr_release+0x168/0x360
[   70.045394][ T7367]  __sock_release+0xc2/0x290
[   70.045398][ T7367]  sock_close+0x10/0x20
[   70.045404][ T7367]  __fput+0x25a/0x770
[   70.045408][ T7367]  ? _raw_spin_unlock_irq+0x27/0x80
[   70.045414][ T7367]  ____fput+0x9/0x10
[   70.045418][ T7367]  task_work_run+0x108/0x180
[   70.045426][ T7367]  exit_to_usermode_loop+0x1a9/0x200
[   70.045432][ T7367]  do_syscall_64+0x447/0x530
[   70.045438][ T7367]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.045442][ T7367] RIP: 0033:0x413501
[   70.045449][ T7367] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[   70.045452][ T7367] RSP: 002b:00007fff07f307a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   70.045456][ T7367] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000413501
[   70.045458][ T7367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[   70.045460][ T7367] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[   70.045463][ T7367] R10: 00007fff07f30880 R11: 0000000000000293 R12: 000000000075c9a0
[   70.045466][ T7367] R13: 000000000075c9a0 R14: 0000000000761050 R15: ffffffffffffffff
[   70.045473][ T7367] 
[   70.045476][ T7367] Allocated by task 7351:
[   70.045480][ T7367]  save_stack+0x21/0x90
[   70.045484][ T7367]  __kasan_kmalloc.constprop.8+0xc7/0xd0
[   70.045487][ T7367]  kasan_kmalloc+0x9/0x10
[   70.045489][ T7367]  __kmalloc+0x15d/0x760
[   70.045493][ T7367]  sk_prot_alloc+0x148/0x240
[   70.045496][ T7367]  sk_alloc+0x30/0xc70
[   70.045499][ T7367]  nr_rx_frame+0x645/0x1f00
[   70.045502][ T7367]  nr_loopback_timer+0x64/0x120
[   70.045508][ T7367]  call_timer_fn+0x14d/0x510
[   70.045512][ T7367]  run_timer_softirq+0xc6f/0x1330
[   70.045515][ T7367]  __do_softirq+0x260/0x958
[   70.045516][ T7367] 
[   70.045518][ T7367] Freed by task 7367:
[   70.045522][ T7367]  save_stack+0x21/0x90
[   70.045524][ T7367]  __kasan_slab_free+0x102/0x150
[   70.045527][ T7367]  kasan_slab_free+0xe/0x10
[   70.045530][ T7367]  kfree+0xcf/0x220
[   70.045533][ T7367]  __sk_destruct+0x3f1/0x580
[   70.045537][ T7367]  sk_destruct+0x49/0x60
[   70.045540][ T7367]  __sk_free+0x9e/0x230
[   70.045543][ T7367]  sk_free+0x23/0x30
[   70.045546][ T7367]  nr_destroy_socket+0x362/0x420
[   70.045550][ T7367]  nr_release+0x2c9/0x360
[   70.045554][ T7367]  __sock_release+0xc2/0x290
[   70.045557][ T7367]  sock_close+0x10/0x20
[   70.045560][ T7367]  __fput+0x25a/0x770
[   70.045563][ T7367]  ____fput+0x9/0x10
[   70.045566][ T7367]  task_work_run+0x108/0x180
[   70.045570][ T7367]  exit_to_usermode_loop+0x1a9/0x200
[   70.045574][ T7367]  do_syscall_64+0x447/0x530
[   70.045577][ T7367]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.045579][ T7367] 
[   70.045583][ T7367] The buggy address belongs to the object at ffff88809a810100
[   70.045583][ T7367]  which belongs to the cache kmalloc-2k of size 2048
[   70.045586][ T7367] The buggy address is located 140 bytes inside of
[   70.045586][ T7367]  2048-byte region [ffff88809a810100, ffff88809a810900)
[   70.045588][ T7367] The buggy address belongs to the page:
[   70.045593][ T7367] page:ffffea00026a0400 refcount:1 mapcount:0 mapping:ffff8880aa400c40 index:0x0 compound_mapcount: 0
[   70.045600][ T7367] flags: 0x1fffc0000010200(slab|head)
[   70.045606][ T7367] raw: 01fffc0000010200 ffffea0002584888 ffffea0002652788 ffff8880aa400c40
[   70.045611][ T7367] raw: 0000000000000000 ffff88809a810100 0000000100000003 0000000000000000
[   70.045613][ T7367] page dumped because: kasan: bad access detected
[   70.045614][ T7367] 
[   70.045616][ T7367] Memory state around the buggy address:
[   70.045620][ T7367]  ffff88809a810080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   70.045623][ T7367]  ffff88809a810100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.045626][ T7367] >ffff88809a810180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.045628][ T7367]                       ^
[   70.045631][ T7367]  ffff88809a810200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.045635][ T7367]  ffff88809a810280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   70.045636][ T7367] ==================================================================
[   70.045675][ T7367] Kernel panic - not syncing: panic_on_warn set ...
[   70.045680][ T7367] CPU: 1 PID: 7367 Comm: syz-executor.5 Tainted: G    B             5.2.0-rc6+ #1
[   70.045683][ T7367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.045684][ T7367] Call Trace:
[   70.045690][ T7367]  dump_stack+0x113/0x167
[   70.045696][ T7367]  ? do_raw_spin_lock+0x200/0x2d0
[   70.045703][ T7367]  panic+0x212/0x4cb
[   70.045707][ T7367]  ? __warn_printk+0xd6/0xd6
[   70.045713][ T7367]  ? do_raw_spin_unlock+0x54/0x260
[   70.045719][ T7367]  ? do_raw_spin_lock+0x282/0x2d0
[   70.045724][ T7367]  end_report+0x47/0x4f
[   70.045728][ T7367]  __kasan_report.cold.6+0xe/0x39
[   70.045732][ T7367]  ? do_raw_spin_lock+0x282/0x2d0
[   70.045737][ T7367]  ? do_raw_spin_lock+0x282/0x2d0
[   70.045742][ T7367]  kasan_report+0x12/0x20
[   70.045746][ T7367]  __asan_report_load4_noabort+0x14/0x20
[   70.045750][ T7367]  do_raw_spin_lock+0x282/0x2d0
[   70.045754][ T7367]  ? rwlock_bug.part.2+0x90/0x90
[   70.045757][ T7367]  ? lock_acquire+0x173/0x3d0
[   70.045761][ T7367]  ? release_sock+0x1b/0x180
[   70.045765][ T7367]  ? sk_destruct+0x49/0x60
[   70.045770][ T7367]  _raw_spin_lock_bh+0x39/0x40
[   70.045774][ T7367]  ? release_sock+0x1b/0x180
[   70.045778][ T7367]  release_sock+0x1b/0x180
[   70.045782][ T7367]  nr_release+0x168/0x360
[   70.045787][ T7367]  __sock_release+0xc2/0x290
[   70.045792][ T7367]  sock_close+0x10/0x20
[   70.045795][ T7367]  __fput+0x25a/0x770
[   70.045799][ T7367]  ? _raw_spin_unlock_irq+0x27/0x80
[   70.045806][ T7367]  ____fput+0x9/0x10
[   70.045809][ T7367]  task_work_run+0x108/0x180
[   70.045817][ T7367]  exit_to_usermode_loop+0x1a9/0x200
[   70.045822][ T7367]  do_syscall_64+0x447/0x530
[   70.045827][ T7367]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.045831][ T7367] RIP: 0033:0x413501
[   70.045835][ T7367] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[   70.045838][ T7367] RSP: 002b:00007fff07f307a0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   70.045841][ T7367] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000413501
[   70.045843][ T7367] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[   70.045846][ T7367] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[   70.045848][ T7367] R10: 00007fff07f30880 R11: 0000000000000293 R12: 000000000075c9a0
[   70.045851][ T7367] R13: 000000000075c9a0 R14: 0000000000761050 R15: ffffffffffffffff
[   70.046886][ T7367] Kernel Offset: disabled
[   70.813776][ T7367] Rebooting in 86400 seconds..