[   36.247133][   T26] audit: type=1800 audit(1563616182.216:22): pid=7292 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   49.223180][ T7457] IPVS: ftp: loaded support on port[0] = 21
[   50.169199][ T7462] can: request_module (can-proto-0) failed.
[   50.682676][ T7462] can: request_module (can-proto-0) failed.
Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts.
2019/07/20 09:50:04 parsed 1 programs
2019/07/20 09:50:05 executed programs: 0
[   59.523913][ T7532] IPVS: ftp: loaded support on port[0] = 21
[   59.523925][ T7535] IPVS: ftp: loaded support on port[0] = 21
[   59.559235][ T7540] IPVS: ftp: loaded support on port[0] = 21
[   59.559261][ T7538] IPVS: ftp: loaded support on port[0] = 21
[   59.585445][ T7536] IPVS: ftp: loaded support on port[0] = 21
[   59.597623][ T7541] IPVS: ftp: loaded support on port[0] = 21
[   59.721258][ T7532] chnl_net:caif_netlink_parms(): no params data found
[   59.835046][ T7532] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.843113][ T7532] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.850763][ T7532] device bridge_slave_0 entered promiscuous mode
[   59.858894][ T7532] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.866007][ T7532] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.873754][ T7532] device bridge_slave_1 entered promiscuous mode
[   59.893892][ T7532] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   59.904169][ T7535] chnl_net:caif_netlink_parms(): no params data found
[   59.923935][ T7540] chnl_net:caif_netlink_parms(): no params data found
[   59.934641][ T7532] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   60.010296][ T7535] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.017606][ T7535] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.025178][ T7535] device bridge_slave_0 entered promiscuous mode
[   60.053302][ T7532] team0: Port device team_slave_0 added
[   60.059286][ T7535] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.067738][ T7535] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.075397][ T7535] device bridge_slave_1 entered promiscuous mode
[   60.088402][ T7541] chnl_net:caif_netlink_parms(): no params data found
[   60.113447][ T7532] team0: Port device team_slave_1 added
[   60.124970][ T7540] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.132510][ T7540] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.140233][ T7540] device bridge_slave_0 entered promiscuous mode
[   60.150947][ T7540] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.158184][ T7540] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.165747][ T7540] device bridge_slave_1 entered promiscuous mode
[   60.194493][ T7535] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   60.204877][ T7535] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   60.221821][ T7540] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   60.233209][ T7540] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   60.248124][ T7536] chnl_net:caif_netlink_parms(): no params data found
[   60.269645][ T7538] chnl_net:caif_netlink_parms(): no params data found
[   60.290014][ T7535] team0: Port device team_slave_0 added
[   60.312276][ T7541] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.319606][ T7541] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.327316][ T7541] device bridge_slave_0 entered promiscuous mode
[   60.368471][ T7532] device hsr_slave_0 entered promiscuous mode
[   60.436030][ T7532] device hsr_slave_1 entered promiscuous mode
[   60.517214][ T7535] team0: Port device team_slave_1 added
[   60.524259][ T7540] team0: Port device team_slave_0 added
[   60.531864][ T7540] team0: Port device team_slave_1 added
[   60.541874][ T7541] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.551243][ T7541] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.559113][ T7541] device bridge_slave_1 entered promiscuous mode
[   60.627551][ T7535] device hsr_slave_0 entered promiscuous mode
[   60.666075][ T7535] device hsr_slave_1 entered promiscuous mode
[   60.719078][ T7541] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   60.733312][ T7541] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   60.758721][ T7536] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.766015][ T7536] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.773629][ T7536] device bridge_slave_0 entered promiscuous mode
[   60.837364][ T7540] device hsr_slave_0 entered promiscuous mode
[   60.896047][ T7540] device hsr_slave_1 entered promiscuous mode
[   60.983233][ T7541] team0: Port device team_slave_0 added
[   60.994486][ T7536] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.001651][ T7536] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.009346][ T7536] device bridge_slave_1 entered promiscuous mode
[   61.038418][ T7541] team0: Port device team_slave_1 added
[   61.044191][ T7538] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.051672][ T7538] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.059399][ T7538] device bridge_slave_0 entered promiscuous mode
[   61.069291][ T7536] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   61.089284][ T7538] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.096451][ T7538] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.104093][ T7538] device bridge_slave_1 entered promiscuous mode
[   61.114604][ T7536] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   61.142875][ T7538] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   61.218712][ T7541] device hsr_slave_0 entered promiscuous mode
[   61.256183][ T7541] device hsr_slave_1 entered promiscuous mode
[   61.327655][ T7538] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   61.348380][ T7538] team0: Port device team_slave_0 added
[   61.369415][ T7538] team0: Port device team_slave_1 added
[   61.382846][ T7536] team0: Port device team_slave_0 added
[   61.391731][ T7536] team0: Port device team_slave_1 added
[   61.488197][ T7536] device hsr_slave_0 entered promiscuous mode
[   61.555985][ T7536] device hsr_slave_1 entered promiscuous mode
[   61.650384][ T7538] device hsr_slave_0 entered promiscuous mode
[   61.696027][ T7538] device hsr_slave_1 entered promiscuous mode
[   61.763729][ T7532] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.812414][ T7532] 8021q: adding VLAN 0 to HW filter on device team0
[   61.829689][ T7535] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.837416][ T7543] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   61.846822][ T7543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   61.873233][ T7541] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.884107][ T7543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   61.896977][ T7543] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   61.905779][ T7543] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.913148][ T7543] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.947832][ T7540] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.960694][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   61.969080][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   61.977915][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   61.986924][ T2998] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.994260][ T2998] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.003249][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   62.012037][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   62.021499][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   62.030773][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   62.039161][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   62.047271][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   62.055393][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   62.072329][ T7541] 8021q: adding VLAN 0 to HW filter on device team0
[   62.099759][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   62.111050][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   62.120804][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   62.129659][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   62.137719][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   62.147097][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   62.156284][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   62.164632][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   62.173127][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.182472][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.191526][ T2998] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.199130][ T2998] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.210554][ T7532] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   62.222120][ T7532] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   62.234071][ T7540] 8021q: adding VLAN 0 to HW filter on device team0
[   62.245327][ T7535] 8021q: adding VLAN 0 to HW filter on device team0
[   62.258770][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   62.267331][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   62.276382][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   62.288407][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.298037][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.306739][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.313944][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.322125][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   62.353147][ T7536] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.361689][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.371499][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.380880][ T2998] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.388411][ T2998] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.396998][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.405807][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.414330][ T2998] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.421873][ T2998] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.430606][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   62.439907][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   62.457186][ T7538] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.476141][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   62.485282][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   62.494989][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   62.504642][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   62.512613][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   62.520409][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   62.528844][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   62.551493][ T7541] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   62.563553][ T7541] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   62.580207][ T7536] 8021q: adding VLAN 0 to HW filter on device team0
[   62.589011][ T7538] 8021q: adding VLAN 0 to HW filter on device team0
[   62.599829][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   62.609419][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.618648][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.628304][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.636313][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.644486][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.653903][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.662835][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.670218][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.678973][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   62.688634][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   62.697796][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   62.707132][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   62.716023][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   62.724820][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   62.733377][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   62.741946][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   62.751225][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   62.760119][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   62.768890][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   62.779251][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   62.787796][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   62.796082][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   62.820372][ T7532] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.843323][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   62.852770][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   62.864033][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   62.873635][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   62.882882][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.891834][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.900343][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.907791][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.915584][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   62.924297][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   62.933960][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.942911][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.951717][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.958895][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.966907][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   62.976017][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   62.984308][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   62.993462][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   63.002436][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   63.011318][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.018584][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.026376][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   63.035053][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   63.044651][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.052174][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.060049][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   63.068858][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   63.078474][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   63.087480][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   63.096881][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   63.105573][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   63.114265][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   63.122627][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   63.130755][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   63.138868][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   63.153112][ T7535] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   63.164916][ T7535] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   63.191505][ T7543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   63.201262][ T7543] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   63.211593][ T7543] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   63.220059][ T7543] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   63.229111][ T7543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   63.238037][ T7543] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   63.247968][ T7543] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   63.255815][ T7543] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   63.264447][ T7543] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   63.278549][ T7538] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   63.290999][ T7538] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   63.300284][ T7541] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.323716][ T7540] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   63.335262][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   63.362010][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   63.375151][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   63.390289][ T7535] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.407437][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   63.417375][ T3224] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   63.444862][ T7540] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.474515][ T7538] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.488691][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   63.506786][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   63.520486][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   63.529991][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   63.539624][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   63.550442][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   63.559523][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   63.579319][ T7536] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   63.630069][ T7536] 8021q: adding VLAN 0 to HW filter on device batadv0
2019/07/20 09:50:10 executed programs: 8
2019/07/20 09:50:15 executed programs: 39
2019/07/20 09:50:20 executed programs: 71
2019/07/20 09:50:25 executed programs: 102
2019/07/20 09:50:30 executed programs: 131
2019/07/20 09:50:35 executed programs: 163
[   91.426010][ T8577] BUG: Bad rss-counter state mm:000000001b47cd5c idx:0 val:241
[   91.433669][ T8577] BUG: Bad rss-counter state mm:000000001b47cd5c idx:1 val:544
[   91.441314][ T8577] BUG: non-zero pgtables_bytes on freeing mm: 73728
[   91.448584][ T8562] ==================================================================
[   91.457530][ T8562] BUG: KASAN: use-after-free in exit_mmap+0x3ff/0x450
[   91.464281][ T8562] Read of size 8 at addr ffff888090c1d3a8 by task syz-executor.3/8562
[   91.473392][ T8562] 
[   91.475704][ T8562] CPU: 0 PID: 8562 Comm: syz-executor.3 Not tainted 5.2.0-rc2+ #1
[   91.483491][ T8562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   91.493541][ T8562] Call Trace:
[   91.496813][ T8562]  dump_stack+0x113/0x167
[   91.501120][ T8562]  print_address_description.cold.5+0x9/0x1ff
[   91.507164][ T8562]  ? exit_mmap+0x3ff/0x450
[   91.511569][ T8562]  __kasan_report.cold.6+0x1b/0x39
[   91.516664][ T8562]  ? exit_mmap+0x3ff/0x450
[   91.521065][ T8562]  ? __mmu_notifier_release+0xe0/0x400
[   91.526602][ T8562]  ? exit_mmap+0x3ff/0x450
[   91.531020][ T8562]  kasan_report+0x12/0x20
[   91.535321][ T8562]  __asan_report_load8_noabort+0x14/0x20
[   91.540927][ T8562]  exit_mmap+0x3ff/0x450
[   91.545143][ T8562]  ? __ia32_sys_munmap+0x80/0x80
[   91.550769][ T8562]  ? kmem_cache_free+0x9d/0x290
[   91.555616][ T8562]  ? __khugepaged_exit+0x2b2/0x400
[   91.560709][ T8562]  ? __khugepaged_exit+0x2b2/0x400
[   91.565794][ T8562]  ? rcu_read_lock_sched_held+0x108/0x120
[   91.571500][ T8562]  ? kasan_check_write+0x14/0x20
[   91.576428][ T8562]  ? __khugepaged_exit+0x2c0/0x400
[   91.581533][ T8562]  mmput+0x107/0x3f0
[   91.585400][ T8562]  do_exit+0x934/0x2e80
[   91.589533][ T8562]  ? __call_rcu.constprop.67+0x292/0x700
[   91.595164][ T8562]  ? call_rcu+0xb/0x10
[   91.599216][ T8562]  ? mm_update_next_owner+0x650/0x650
[   91.604562][ T8562]  ? find_held_lock+0x36/0x1d0
[   91.609310][ T8562]  ? get_signal+0x294/0x1b70
[   91.613968][ T8562]  ? _raw_spin_unlock_irq+0x27/0x80
[   91.619155][ T8562]  ? get_signal+0x294/0x1b70
[   91.624088][ T8562]  do_group_exit+0xf4/0x2f0
[   91.629264][ T8562]  get_signal+0x339/0x1b70
[   91.633667][ T8562]  do_signal+0x87/0x1940
[   91.637902][ T8562]  ? __fget+0x2af/0x420
[   91.642051][ T8562]  ? setup_sigcontext+0x7d0/0x7d0
[   91.647052][ T8562]  ? kick_process+0xe9/0x170
[   91.651618][ T8562]  ? exit_to_usermode_loop+0x3a/0x200
[   91.656967][ T8562]  ? do_syscall_64+0x447/0x530
[   91.661726][ T8562]  ? lockdep_hardirqs_on+0x424/0x5c0
[   91.666991][ T8562]  ? exit_to_usermode_loop+0x3a/0x200
[   91.672418][ T8562]  ? trace_hardirqs_on+0x28/0x190
[   91.677529][ T8562]  exit_to_usermode_loop+0x114/0x200
[   91.682797][ T8562]  do_syscall_64+0x447/0x530
[   91.687366][ T8562]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   91.693252][ T8562] RIP: 0033:0x459819
[   91.697211][ T8562] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   91.716794][ T8562] RSP: 002b:00007f34480ebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   91.725198][ T8562] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000459819
[   91.733435][ T8562] RDX: 00000000200023c0 RSI: 000000004028af11 RDI: 0000000000000003
[   91.741391][ T8562] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[   91.749358][ T8562] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f34480ec6d4
[   91.757313][ T8562] R13: 00000000004c4722 R14: 00000000004d87d0 R15: 00000000ffffffff
[   91.765316][ T8562] 
[   91.767699][ T8562] Allocated by task 7538:
[   91.772025][ T8562]  save_stack+0x21/0x90
[   91.776178][ T8562]  __kasan_kmalloc.constprop.8+0xc7/0xd0
[   91.781792][ T8562]  kasan_slab_alloc+0x12/0x20
[   91.786443][ T8562]  kmem_cache_alloc+0x11a/0x720
[   91.791274][ T8562]  dup_mm+0x85/0x11b0
[   91.795253][ T8562]  copy_process.part.39+0x28eb/0x5f70
[   91.800612][ T8562]  _do_fork+0x160/0xb70
[   91.804746][ T8562]  __x64_sys_clone+0xba/0x140
[   91.809400][ T8562]  do_syscall_64+0xd0/0x530
[   91.813883][ T8562]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   91.819769][ T8562] 
[   91.822077][ T8562] Freed by task 8577:
[   91.826034][ T8562]  save_stack+0x21/0x90
[   91.830254][ T8562]  __kasan_slab_free+0x102/0x150
[   91.835166][ T8562]  kasan_slab_free+0xe/0x10
[   91.839643][ T8562]  kmem_cache_free+0x83/0x290
[   91.844308][ T8562]  __mmdrop+0x1d7/0x290
[   91.848456][ T8562]  finish_task_switch+0x4b6/0x690
[   91.853591][ T8562]  __schedule+0x8a0/0x1500
[   91.857987][ T8562]  schedule+0x8f/0x250
[   91.862028][ T8562]  schedule_timeout+0x5c4/0xad0
[   91.867076][ T8562]  wait_for_completion+0x282/0x460
[   91.872206][ T8562]  __wait_rcu_gp+0x23a/0x330
[   91.876780][ T8562]  synchronize_rcu.part.66+0xe0/0xf0
[   91.882042][ T8562]  synchronize_rcu+0x27/0xa0
[   91.886616][ T8562]  vhost_uninit_vq_maps+0x118/0x2a0
[   91.891811][ T8562]  vhost_vq_reset.isra.30+0x5bf/0x7a0
[   91.897166][ T8562]  vhost_dev_cleanup+0x1b2/0xbd0
[   91.902087][ T8562]  vhost_net_release+0x72/0x230
[   91.906918][ T8562]  __fput+0x25a/0x770
[   91.910875][ T8562]  ____fput+0x9/0x10
[   91.914743][ T8562]  task_work_run+0x108/0x180
[   91.926188][ T8562]  exit_to_usermode_loop+0x1a9/0x200
[   91.931457][ T8562]  do_syscall_64+0x447/0x530
[   91.936033][ T8562]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   91.941998][ T8562] 
[   91.944321][ T8562] The buggy address belongs to the object at ffff888090c1cec0
[   91.944321][ T8562]  which belongs to the cache mm_struct(81:syz3) of size 1496
[   91.959157][ T8562] The buggy address is located 1256 bytes inside of
[   91.959157][ T8562]  1496-byte region [ffff888090c1cec0, ffff888090c1d498)
[   91.973119][ T8562] The buggy address belongs to the page:
[   91.978733][ T8562] page:ffffea0002430700 refcount:1 mapcount:0 mapping:ffff888090fbca80 index:0x0 compound_mapcount: 0
[   91.989661][ T8562] flags: 0x1fffc0000010200(slab|head)
[   91.995009][ T8562] raw: 01fffc0000010200 ffffea0002249908 ffffea00024cc108 ffff888090fbca80
[   92.003685][ T8562] raw: 0000000000000000 ffff888090c1c1c0 0000000100000004 ffff8880a4668540
[   92.012250][ T8562] page dumped because: kasan: bad access detected
[   92.018658][ T8562] page->mem_cgroup:ffff8880a4668540
[   92.023831][ T8562] 
[   92.026158][ T8562] Memory state around the buggy address:
[   92.031764][ T8562]  ffff888090c1d280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   92.039889][ T8562]  ffff888090c1d300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   92.047940][ T8562] >ffff888090c1d380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   92.055978][ T8562]                                   ^
[   92.061341][ T8562]  ffff888090c1d400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   92.069497][ T8562]  ffff888090c1d480: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[   92.077532][ T8562] ==================================================================
[   92.085574][ T8562] Disabling lock debugging due to kernel taint
[   92.093494][ T8562] Kernel panic - not syncing: panic_on_warn set ...
[   92.100109][ T8562] CPU: 0 PID: 8562 Comm: syz-executor.3 Tainted: G    B             5.2.0-rc2+ #1
[   92.109279][ T8562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   92.119313][ T8562] Call Trace:
[   92.122599][ T8562]  dump_stack+0x113/0x167
[   92.126910][ T8562]  ? exit_mmap+0x380/0x450
[   92.131313][ T8562]  panic+0x212/0x4cb
[   92.135180][ T8562]  ? __warn_printk+0xd6/0xd6
[   92.139761][ T8562]  ? ___preempt_schedule+0x16/0x18
[   92.144858][ T8562]  ? exit_mmap+0x3ff/0x450
[   92.149250][ T8562]  end_report+0x47/0x4f
[   92.153382][ T8562]  __kasan_report.cold.6+0xe/0x39
[   92.158382][ T8562]  ? exit_mmap+0x3ff/0x450
[   92.162775][ T8562]  ? __mmu_notifier_release+0xe0/0x400
[   92.168229][ T8562]  ? exit_mmap+0x3ff/0x450
[   92.172628][ T8562]  kasan_report+0x12/0x20
[   92.176935][ T8562]  __asan_report_load8_noabort+0x14/0x20
[   92.182628][ T8562]  exit_mmap+0x3ff/0x450
[   92.186854][ T8562]  ? __ia32_sys_munmap+0x80/0x80
[   92.191802][ T8562]  ? kmem_cache_free+0x9d/0x290
[   92.196732][ T8562]  ? __khugepaged_exit+0x2b2/0x400
[   92.201815][ T8562]  ? __khugepaged_exit+0x2b2/0x400
[   92.206909][ T8562]  ? rcu_read_lock_sched_held+0x108/0x120
[   92.212702][ T8562]  ? kasan_check_write+0x14/0x20
[   92.217630][ T8562]  ? __khugepaged_exit+0x2c0/0x400
[   92.222719][ T8562]  mmput+0x107/0x3f0
[   92.226599][ T8562]  do_exit+0x934/0x2e80
[   92.230751][ T8562]  ? __call_rcu.constprop.67+0x292/0x700
[   92.236369][ T8562]  ? call_rcu+0xb/0x10
[   92.240414][ T8562]  ? mm_update_next_owner+0x650/0x650
[   92.246029][ T8562]  ? find_held_lock+0x36/0x1d0
[   92.250778][ T8562]  ? get_signal+0x294/0x1b70
[   92.255339][ T8562]  ? _raw_spin_unlock_irq+0x27/0x80
[   92.260515][ T8562]  ? get_signal+0x294/0x1b70
[   92.265080][ T8562]  do_group_exit+0xf4/0x2f0
[   92.269560][ T8562]  get_signal+0x339/0x1b70
[   92.273951][ T8562]  do_signal+0x87/0x1940
[   92.278172][ T8562]  ? __fget+0x2af/0x420
[   92.282309][ T8562]  ? setup_sigcontext+0x7d0/0x7d0
[   92.287321][ T8562]  ? kick_process+0xe9/0x170
[   92.291894][ T8562]  ? exit_to_usermode_loop+0x3a/0x200
[   92.297241][ T8562]  ? do_syscall_64+0x447/0x530
[   92.301980][ T8562]  ? lockdep_hardirqs_on+0x424/0x5c0
[   92.307398][ T8562]  ? exit_to_usermode_loop+0x3a/0x200
[   92.312757][ T8562]  ? trace_hardirqs_on+0x28/0x190
[   92.317781][ T8562]  exit_to_usermode_loop+0x114/0x200
[   92.323045][ T8562]  do_syscall_64+0x447/0x530
[   92.327700][ T8562]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   92.333740][ T8562] RIP: 0033:0x459819
[   92.337622][ T8562] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   92.357311][ T8562] RSP: 002b:00007f34480ebc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   92.365723][ T8562] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000459819
[   92.373684][ T8562] RDX: 00000000200023c0 RSI: 000000004028af11 RDI: 0000000000000003
[   92.381632][ T8562] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
[   92.389582][ T8562] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f34480ec6d4
[   92.397545][ T8562] R13: 00000000004c4722 R14: 00000000004d87d0 R15: 00000000ffffffff
[   92.406541][ T8562] Kernel Offset: disabled
[   92.410861][ T8562] Rebooting in 86400 seconds..