[   72.891249][   T26] audit: type=1800 audit(1565656198.158:28): pid=10242 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   73.733069][   T26] audit: type=1800 audit(1565656199.098:29): pid=10242 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   86.245770][T10409] IPVS: ftp: loaded support on port[0] = 21
[   87.648658][T10401] can: request_module (can-proto-0) failed.
[   87.668289][T10401] can: request_module (can-proto-0) failed.
Warning: Permanently added '10.128.1.21' (ECDSA) to the list of known hosts.
2019/08/13 00:30:21 parsed 1 programs
2019/08/13 00:30:21 executed programs: 0
[   96.623520][T10485] IPVS: ftp: loaded support on port[0] = 21
[   96.646718][T10488] IPVS: ftp: loaded support on port[0] = 21
[   96.667954][T10490] IPVS: ftp: loaded support on port[0] = 21
[   96.700052][T10491] IPVS: ftp: loaded support on port[0] = 21
[   96.701520][T10494] IPVS: ftp: loaded support on port[0] = 21
[   96.714638][T10495] IPVS: ftp: loaded support on port[0] = 21
[   96.860744][T10488] chnl_net:caif_netlink_parms(): no params data found
[   96.946123][T10488] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.953652][T10488] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.961978][T10488] device bridge_slave_0 entered promiscuous mode
[   96.971336][T10488] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.978477][T10488] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.986320][T10488] device bridge_slave_1 entered promiscuous mode
[   97.045132][T10494] chnl_net:caif_netlink_parms(): no params data found
[   97.075988][T10488] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.086403][T10490] chnl_net:caif_netlink_parms(): no params data found
[   97.119921][T10488] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.142710][T10485] chnl_net:caif_netlink_parms(): no params data found
[   97.176071][T10488] team0: Port device team_slave_0 added
[   97.199095][T10495] chnl_net:caif_netlink_parms(): no params data found
[   97.218799][T10488] team0: Port device team_slave_1 added
[   97.242853][T10494] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.251777][T10494] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.259521][T10494] device bridge_slave_0 entered promiscuous mode
[   97.271841][T10490] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.279358][T10490] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.287548][T10490] device bridge_slave_0 entered promiscuous mode
[   97.312421][T10491] chnl_net:caif_netlink_parms(): no params data found
[   97.321552][T10494] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.329016][T10494] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.336863][T10494] device bridge_slave_1 entered promiscuous mode
[   97.348375][T10490] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.355457][T10490] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.365019][T10490] device bridge_slave_1 entered promiscuous mode
[   97.393253][T10495] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.400527][T10495] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.408519][T10495] device bridge_slave_0 entered promiscuous mode
[   97.420092][T10495] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.427256][T10495] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.434974][T10495] device bridge_slave_1 entered promiscuous mode
[   97.445567][T10485] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.452741][T10485] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.460813][T10485] device bridge_slave_0 entered promiscuous mode
[   97.471816][T10485] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.479116][T10485] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.487129][T10485] device bridge_slave_1 entered promiscuous mode
[   97.499588][T10494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.515101][T10494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.533865][T10490] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.598749][T10488] device hsr_slave_0 entered promiscuous mode
[   97.636598][T10488] device hsr_slave_1 entered promiscuous mode
[   97.721151][T10490] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.741568][T10495] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.756302][T10495] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.777709][T10495] team0: Port device team_slave_0 added
[   97.789390][T10485] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.799985][T10485] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.809454][T10491] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.817288][T10491] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.825417][T10491] device bridge_slave_0 entered promiscuous mode
[   97.833593][T10494] team0: Port device team_slave_0 added
[   97.841135][T10494] team0: Port device team_slave_1 added
[   97.848877][T10495] team0: Port device team_slave_1 added
[   97.865226][T10490] team0: Port device team_slave_0 added
[   97.871266][T10491] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.878821][T10491] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.886928][T10491] device bridge_slave_1 entered promiscuous mode
[   97.905762][T10491] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.924608][T10490] team0: Port device team_slave_1 added
[   97.932298][T10488] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.939507][T10488] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.946837][T10488] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.953881][T10488] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.964777][T10491] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.980138][T10485] team0: Port device team_slave_0 added
[   98.029350][T10494] device hsr_slave_0 entered promiscuous mode
[   98.086858][T10494] device hsr_slave_1 entered promiscuous mode
[   98.156379][T10494] debugfs: Directory 'hsr0' with parent '/' already present!
[   98.218123][T10490] device hsr_slave_0 entered promiscuous mode
[   98.256551][T10490] device hsr_slave_1 entered promiscuous mode
[   98.306373][T10490] debugfs: Directory 'hsr0' with parent '/' already present!
[   98.314271][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.322058][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.342275][T10485] team0: Port device team_slave_1 added
[   98.364190][T10491] team0: Port device team_slave_0 added
[   98.418224][T10495] device hsr_slave_0 entered promiscuous mode
[   98.466761][T10495] device hsr_slave_1 entered promiscuous mode
[   98.536315][T10495] debugfs: Directory 'hsr0' with parent '/' already present!
[   98.551393][T10491] team0: Port device team_slave_1 added
[   98.618169][T10485] device hsr_slave_0 entered promiscuous mode
[   98.666630][T10485] device hsr_slave_1 entered promiscuous mode
[   98.706408][T10485] debugfs: Directory 'hsr0' with parent '/' already present!
[   98.758212][T10491] device hsr_slave_0 entered promiscuous mode
[   98.796540][T10491] device hsr_slave_1 entered promiscuous mode
[   98.846349][T10491] debugfs: Directory 'hsr0' with parent '/' already present!
[   98.923493][T10488] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.946816][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   98.954523][ T3015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   98.966033][T10488] 8021q: adding VLAN 0 to HW filter on device team0
[   98.993713][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   99.002653][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   99.011894][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.019087][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.027274][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   99.036477][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   99.044899][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.052023][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.060096][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   99.085216][T10494] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.104414][T10485] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.111781][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   99.120725][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   99.130184][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   99.140553][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   99.154210][T10490] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.167396][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   99.175980][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   99.185403][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   99.193546][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   99.201785][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   99.209803][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   99.225004][T10488] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   99.237822][T10488] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   99.254543][T10491] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.262713][T10494] 8021q: adding VLAN 0 to HW filter on device team0
[   99.271698][T10485] 8021q: adding VLAN 0 to HW filter on device team0
[   99.282266][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   99.290994][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   99.299619][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   99.309142][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   99.322777][T10495] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.337195][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   99.345051][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   99.353771][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   99.361802][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   99.371304][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   99.379962][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.387280][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.394801][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   99.403925][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   99.412539][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.419719][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.428377][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   99.442810][T10491] 8021q: adding VLAN 0 to HW filter on device team0
[   99.459032][T10490] 8021q: adding VLAN 0 to HW filter on device team0
[   99.466091][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   99.474506][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   99.482935][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   99.491534][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   99.500187][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.507384][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.515348][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   99.524143][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   99.532456][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.539541][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.547148][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   99.555663][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   99.564196][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.571660][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.579324][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   99.587969][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   99.596408][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.603455][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.611436][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   99.619321][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   99.639214][T10488] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.663505][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   99.675492][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   99.684425][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   99.697937][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   99.707101][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   99.715793][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   99.724329][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   99.733569][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   99.742502][ T2846] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.749680][ T2846] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.757529][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   99.766093][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   99.774540][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   99.783617][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   99.792239][ T2846] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.799312][ T2846] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.807645][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   99.816394][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   99.824759][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   99.834499][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   99.842390][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   99.850320][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   99.858396][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   99.867700][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   99.899102][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   99.912902][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   99.929302][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   99.938240][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   99.947046][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   99.955430][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   99.964351][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   99.973029][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   99.981947][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   99.990655][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   99.999263][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  100.008508][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  100.017572][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  100.026101][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  100.035325][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  100.044123][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  100.051842][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  100.061287][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  100.069357][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  100.077852][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  100.086387][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  100.100081][T10485] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  100.111142][T10485] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  100.124255][T10491] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  100.145130][T10491] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.155590][T10494] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  100.168283][T10494] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  100.176826][T10505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  100.193610][T10505] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  100.202034][T10505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  100.210589][T10505] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  100.219241][T10505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  100.228028][T10505] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  100.242620][T10490] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  100.253269][T10490] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  100.267426][T10495] 8021q: adding VLAN 0 to HW filter on device team0
[  100.284250][T10494] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.293619][T10505] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  100.307278][T10505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  100.321043][T10505] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  100.331711][T10505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  100.350947][T10505] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  100.360406][T10505] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  100.382330][T10485] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.406311][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  100.432766][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  100.442940][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.450179][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.480539][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  100.497034][T10490] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.517365][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  100.530029][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  100.550552][ T2846] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.557784][ T2846] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.597261][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  100.624173][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  100.651234][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  100.667358][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  100.676780][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  100.706738][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  100.715460][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  100.804595][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  100.823948][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  100.844760][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  100.855016][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  100.868503][T10495] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  100.895072][T10495] 8021q: adding VLAN 0 to HW filter on device batadv0
2019/08/13 00:30:26 executed programs: 48
2019/08/13 00:30:31 executed programs: 292
2019/08/13 00:30:36 executed programs: 523
2019/08/13 00:30:41 executed programs: 761
2019/08/13 00:30:47 executed programs: 1004
2019/08/13 00:30:52 executed programs: 1245
2019/08/13 00:30:57 executed programs: 1487
2019/08/13 00:31:02 executed programs: 1721
2019/08/13 00:31:07 executed programs: 1954
2019/08/13 00:31:12 executed programs: 2188
2019/08/13 00:31:17 executed programs: 2419
2019/08/13 00:31:22 executed programs: 2651
2019/08/13 00:31:27 executed programs: 2886
2019/08/13 00:31:32 executed programs: 3117
2019/08/13 00:31:37 executed programs: 3341
2019/08/13 00:31:42 executed programs: 3564
2019/08/13 00:31:47 executed programs: 3778
2019/08/13 00:31:52 executed programs: 3997
2019/08/13 00:31:57 executed programs: 4230
2019/08/13 00:32:02 executed programs: 4452
2019/08/13 00:32:07 executed programs: 4669
2019/08/13 00:32:12 executed programs: 4877
2019/08/13 00:32:17 executed programs: 5085
2019/08/13 00:32:22 executed programs: 5292
[  221.858479][T31180] ==================================================================
[  221.866737][T31180] BUG: KASAN: use-after-free in rxrpc_queue_local+0x7c/0x3e0
[  221.874130][T31180] Read of size 4 at addr ffff888081e3db14 by task syz-executor.5/31180
[  221.882471][T31180] 
[  221.884822][T31180] CPU: 0 PID: 31180 Comm: syz-executor.5 Not tainted 5.3.0-rc3+ #1
[  221.892725][T31180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  221.902882][T31180] Call Trace:
[  221.906206][T31180]  dump_stack+0x172/0x1f0
[  221.910826][T31180]  ? rxrpc_queue_local+0x7c/0x3e0
[  221.915888][T31180]  print_address_description.cold+0xd4/0x306
[  221.921898][T31180]  ? rxrpc_queue_local+0x7c/0x3e0
[  221.927035][T31180]  ? rxrpc_queue_local+0x7c/0x3e0
[  221.932085][T31180]  __kasan_report.cold+0x1b/0x36
[  221.937054][T31180]  ? rxrpc_queue_local+0x7c/0x3e0
[  221.942194][T31180]  ? rxrpc_unuse_local+0x52/0x80
[  221.947178][T31180]  kasan_report+0x12/0x17
[  221.951563][T31180]  check_memory_region+0x134/0x1a0
[  221.956702][T31180]  ? rxrpc_unuse_local+0x52/0x80
[  221.961665][T31180]  __kasan_check_read+0x11/0x20
[  221.967495][T31180]  rxrpc_queue_local+0x7c/0x3e0
[  221.972694][T31180]  rxrpc_unuse_local+0x52/0x80
[  221.977515][T31180]  rxrpc_release+0x47d/0x840
[  221.982141][T31180]  __sock_release+0xce/0x280
[  221.986756][T31180]  sock_close+0x1e/0x30
[  221.990937][T31180]  __fput+0x2ff/0x890
[  221.994960][T31180]  ? __sock_release+0x280/0x280
[  221.999979][T31180]  ____fput+0x16/0x20
[  222.003989][T31180]  task_work_run+0x145/0x1c0
[  222.008599][T31180]  exit_to_usermode_loop+0x316/0x380
[  222.013911][T31180]  do_syscall_64+0x5a9/0x6a0
[  222.018641][T31180]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  222.024558][T31180] RIP: 0033:0x413511
[  222.028552][T31180] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  222.048262][T31180] RSP: 002b:00007fffc45736d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  222.056688][T31180] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413511
[  222.064673][T31180] RDX: 0000001b33920000 RSI: 0000000000000000 RDI: 0000000000000003
[  222.072766][T31180] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[  222.080931][T31180] R10: 00007fffc45737b0 R11: 0000000000000293 R12: 000000000075bf20
[  222.089013][T31180] R13: 000000000003624a R14: 0000000000760270 R15: ffffffffffffffff
[  222.097103][T31180] 
[  222.099548][T31180] Allocated by task 31182:
[  222.103987][T31180]  save_stack+0x23/0x90
[  222.108298][T31180]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  222.108308][T31180]  kasan_kmalloc+0x9/0x10
[  222.108319][T31180]  kmem_cache_alloc_trace+0x158/0x790
[  222.108333][T31180]  rxrpc_lookup_local+0x562/0x1ba0
[  222.108352][T31180]  rxrpc_bind+0x34d/0x5e0
[  222.123674][T31180]  __sys_bind+0x239/0x290
[  222.133193][T31180]  __x64_sys_bind+0x73/0xb0
[  222.142275][T31180]  do_syscall_64+0xfd/0x6a0
[  222.147655][T31180]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  222.147659][T31180] 
[  222.147668][T31180] Freed by task 9:
[  222.147680][T31180]  save_stack+0x23/0x90
[  222.147695][T31180]  __kasan_slab_free+0x102/0x150
[  222.147712][T31180]  kasan_slab_free+0xe/0x10
[  222.155919][T31180]  kfree+0x10a/0x2c0
[  222.163890][T31180]  rxrpc_local_rcu+0x62/0x80
[  222.181778][T31180]  rcu_core+0x67f/0x1580
[  222.186120][T31180]  rcu_core_si+0x9/0x10
[  222.190325][T31180]  __do_softirq+0x262/0x98c
[  222.194832][T31180] 
[  222.197258][T31180] The buggy address belongs to the object at ffff888081e3db00
[  222.197258][T31180]  which belongs to the cache kmalloc-1k of size 1024
[  222.211763][T31180] The buggy address is located 20 bytes inside of
[  222.211763][T31180]  1024-byte region [ffff888081e3db00, ffff888081e3df00)
[  222.225134][T31180] The buggy address belongs to the page:
[  222.230790][T31180] page:ffffea0002078f00 refcount:1 mapcount:0 mapping:ffff8880aa400c40 index:0x0 compound_mapcount: 0
[  222.241746][T31180] flags: 0x1fffc0000010200(slab|head)
[  222.247158][T31180] raw: 01fffc0000010200 ffffea0002073288 ffffea00022f1608 ffff8880aa400c40
2019/08/13 00:32:27 executed programs: 5513
[  222.256199][T31180] raw: 0000000000000000 ffff888081e3c000 0000000100000007 0000000000000000
[  222.264975][T31180] page dumped because: kasan: bad access detected
[  222.271847][T31180] 
[  222.274161][T31180] Memory state around the buggy address:
[  222.280141][T31180]  ffff888081e3da00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  222.288518][T31180]  ffff888081e3da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  222.296685][T31180] >ffff888081e3db00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  222.304831][T31180]                          ^
[  222.309418][T31180]  ffff888081e3db80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  222.317562][T31180]  ffff888081e3dc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  222.325631][T31180] ==================================================================
[  222.334583][T31180] Kernel panic - not syncing: panic_on_warn set ...
[  222.341193][T31180] CPU: 1 PID: 31180 Comm: syz-executor.5 Tainted: G    B             5.3.0-rc3+ #1
[  222.350479][T31180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  222.360953][T31180] Call Trace:
[  222.364238][T31180]  dump_stack+0x172/0x1f0
[  222.368675][T31180]  panic+0x2dc/0x755
[  222.372562][T31180]  ? add_taint.cold+0x16/0x16
[  222.377370][T31180]  ? rxrpc_queue_local+0x7c/0x3e0
[  222.382389][T31180]  ? preempt_schedule+0x4b/0x60
[  222.387233][T31180]  ? ___preempt_schedule+0x16/0x20
[  222.392483][T31180]  ? trace_hardirqs_on+0x5e/0x240
[  222.397494][T31180]  ? rxrpc_queue_local+0x7c/0x3e0
[  222.402652][T31180]  end_report+0x47/0x4f
[  222.406812][T31180]  ? rxrpc_queue_local+0x7c/0x3e0
[  222.411834][T31180]  __kasan_report.cold+0xe/0x36
[  222.416680][T31180]  ? rxrpc_queue_local+0x7c/0x3e0
[  222.421838][T31180]  ? rxrpc_unuse_local+0x52/0x80
[  222.426979][T31180]  kasan_report+0x12/0x17
[  222.431315][T31180]  check_memory_region+0x134/0x1a0
[  222.436427][T31180]  ? rxrpc_unuse_local+0x52/0x80
[  222.441393][T31180]  __kasan_check_read+0x11/0x20
[  222.446250][T31180]  rxrpc_queue_local+0x7c/0x3e0
[  222.451122][T31180]  rxrpc_unuse_local+0x52/0x80
[  222.456010][T31180]  rxrpc_release+0x47d/0x840
[  222.460594][T31180]  __sock_release+0xce/0x280
[  222.465284][T31180]  sock_close+0x1e/0x30
[  222.469529][T31180]  __fput+0x2ff/0x890
[  222.473514][T31180]  ? __sock_release+0x280/0x280
[  222.478356][T31180]  ____fput+0x16/0x20
[  222.482682][T31180]  task_work_run+0x145/0x1c0
[  222.487341][T31180]  exit_to_usermode_loop+0x316/0x380
[  222.492655][T31180]  do_syscall_64+0x5a9/0x6a0
[  222.497355][T31180]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  222.503250][T31180] RIP: 0033:0x413511
[  222.507145][T31180] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  222.527047][T31180] RSP: 002b:00007fffc45736d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  222.535564][T31180] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413511
[  222.543533][T31180] RDX: 0000001b33920000 RSI: 0000000000000000 RDI: 0000000000000003
[  222.551502][T31180] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[  222.559559][T31180] R10: 00007fffc45737b0 R11: 0000000000000293 R12: 000000000075bf20
[  222.568524][T31180] R13: 000000000003624a R14: 0000000000760270 R15: ffffffffffffffff
[  222.578748][T31180] Kernel Offset: disabled
[  222.583180][T31180] Rebooting in 86400 seconds..