[   29.994418][   T26] audit: type=1800 audit(1570417863.469:22): pid=7184 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   58.149602][ T7352] IPVS: ftp: loaded support on port[0] = 21
[   58.571375][ T7336] can: request_module (can-proto-0) failed.
[   59.635285][ T7336] can: request_module (can-proto-0) failed.
Warning: Permanently added '10.128.0.128' (ECDSA) to the list of known hosts.
2019/10/07 03:11:39 parsed 1 programs
2019/10/07 03:11:40 executed programs: 0
[   66.822883][ T7428] IPVS: ftp: loaded support on port[0] = 21
[   66.858272][ T7430] IPVS: ftp: loaded support on port[0] = 21
[   66.916574][ T7433] IPVS: ftp: loaded support on port[0] = 21
[   66.931409][ T7436] IPVS: ftp: loaded support on port[0] = 21
[   66.950988][ T7435] IPVS: ftp: loaded support on port[0] = 21
[   66.954011][ T7438] IPVS: ftp: loaded support on port[0] = 21
[   67.095599][ T7430] chnl_net:caif_netlink_parms(): no params data found
[   67.120032][ T7428] chnl_net:caif_netlink_parms(): no params data found
[   67.147748][ T7436] chnl_net:caif_netlink_parms(): no params data found
[   67.186202][ T7430] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.194056][ T7430] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.201466][ T7430] device bridge_slave_0 entered promiscuous mode
[   67.209272][ T7430] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.216368][ T7430] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.223783][ T7430] device bridge_slave_1 entered promiscuous mode
[   67.243713][ T7430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   67.267816][ T7430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   67.277151][ T7428] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.284295][ T7428] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.291738][ T7428] device bridge_slave_0 entered promiscuous mode
[   67.300102][ T7428] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.307183][ T7428] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.314899][ T7428] device bridge_slave_1 entered promiscuous mode
[   67.338222][ T7436] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.347915][ T7436] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.355497][ T7436] device bridge_slave_0 entered promiscuous mode
[   67.363055][ T7436] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.370078][ T7436] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.377601][ T7436] device bridge_slave_1 entered promiscuous mode
[   67.412093][ T7428] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   67.432934][ T7430] team0: Port device team_slave_0 added
[   67.448521][ T7428] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   67.466314][ T7430] team0: Port device team_slave_1 added
[   67.475816][ T7436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   67.487220][ T7438] chnl_net:caif_netlink_parms(): no params data found
[   67.507097][ T7428] team0: Port device team_slave_0 added
[   67.516116][ T7428] team0: Port device team_slave_1 added
[   67.522646][ T7436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   67.531775][ T7435] chnl_net:caif_netlink_parms(): no params data found
[   67.555236][ T7433] chnl_net:caif_netlink_parms(): no params data found
[   67.633681][ T7430] device hsr_slave_0 entered promiscuous mode
[   67.672510][ T7430] device hsr_slave_1 entered promiscuous mode
[   67.732483][ T7438] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.739538][ T7438] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.747318][ T7438] device bridge_slave_0 entered promiscuous mode
[   67.756995][ T7438] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.764112][ T7438] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.771506][ T7438] device bridge_slave_1 entered promiscuous mode
[   67.778954][ T7436] team0: Port device team_slave_0 added
[   67.788474][ T7436] team0: Port device team_slave_1 added
[   67.844503][ T7428] device hsr_slave_0 entered promiscuous mode
[   67.892452][ T7428] device hsr_slave_1 entered promiscuous mode
[   67.952271][ T7428] debugfs: Directory 'hsr0' with parent '/' already present!
[   68.003178][ T7435] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.010245][ T7435] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.018575][ T7435] device bridge_slave_0 entered promiscuous mode
[   68.025931][ T7435] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.033110][ T7435] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.040609][ T7435] device bridge_slave_1 entered promiscuous mode
[   68.048415][ T7438] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.060840][ T7438] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.134577][ T7436] device hsr_slave_0 entered promiscuous mode
[   68.202601][ T7436] device hsr_slave_1 entered promiscuous mode
[   68.262277][ T7436] debugfs: Directory 'hsr0' with parent '/' already present!
[   68.270576][ T7430] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.277743][ T7430] bridge0: port 2(bridge_slave_1) entered forwarding state
[   68.285481][ T7430] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.292541][ T7430] bridge0: port 1(bridge_slave_0) entered forwarding state
[   68.310539][   T22] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.328973][   T22] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.351298][ T7438] team0: Port device team_slave_0 added
[   68.357630][ T7433] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.364887][ T7433] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.373952][ T7433] device bridge_slave_0 entered promiscuous mode
[   68.381203][ T7433] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.388310][ T7433] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.396015][ T7433] device bridge_slave_1 entered promiscuous mode
[   68.421466][ T7438] team0: Port device team_slave_1 added
[   68.428573][ T7435] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.438815][ T7433] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.468118][ T7433] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.482553][ T7435] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.500101][ T7435] team0: Port device team_slave_0 added
[   68.506565][ T7435] team0: Port device team_slave_1 added
[   68.544542][ T7438] device hsr_slave_0 entered promiscuous mode
[   68.582546][ T7438] device hsr_slave_1 entered promiscuous mode
[   68.642323][ T7438] debugfs: Directory 'hsr0' with parent '/' already present!
[   68.693518][ T7435] device hsr_slave_0 entered promiscuous mode
[   68.742572][ T7435] device hsr_slave_1 entered promiscuous mode
[   68.783213][ T7435] debugfs: Directory 'hsr0' with parent '/' already present!
[   68.794577][ T7433] team0: Port device team_slave_0 added
[   68.814176][ T7433] team0: Port device team_slave_1 added
[   68.843424][ T7430] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.858758][ T7436] 8021q: adding VLAN 0 to HW filter on device bond0
[   68.903638][ T7433] device hsr_slave_0 entered promiscuous mode
[   68.942431][ T7433] device hsr_slave_1 entered promiscuous mode
[   69.002299][ T7433] debugfs: Directory 'hsr0' with parent '/' already present!
[   69.017884][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   69.026042][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   69.033717][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   69.041370][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   69.065902][ T7436] 8021q: adding VLAN 0 to HW filter on device team0
[   69.079282][ T7428] 8021q: adding VLAN 0 to HW filter on device bond0
[   69.090013][ T7438] 8021q: adding VLAN 0 to HW filter on device bond0
[   69.100376][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   69.109558][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   69.118065][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.125143][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.138285][ T7435] 8021q: adding VLAN 0 to HW filter on device bond0
[   69.149937][ T7430] 8021q: adding VLAN 0 to HW filter on device team0
[   69.161223][ T7438] 8021q: adding VLAN 0 to HW filter on device team0
[   69.172672][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   69.180229][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   69.188079][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   69.196029][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   69.203813][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   69.212219][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   69.220430][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.227485][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.235410][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   69.243114][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   69.250627][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   69.261737][ T7428] 8021q: adding VLAN 0 to HW filter on device team0
[   69.274273][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   69.281791][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   69.310824][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   69.319578][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   69.328140][ T7446] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.335204][ T7446] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.343285][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   69.351650][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   69.359924][ T7446] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.366958][ T7446] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.374651][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   69.383157][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   69.391308][ T7446] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.398360][ T7446] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.405863][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   69.414372][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   69.423976][ T7446] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.430998][ T7446] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.438735][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   69.447399][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   69.456106][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   69.465132][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   69.473485][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   69.481720][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   69.490041][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   69.498157][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   69.506634][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   69.514819][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   69.523427][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   69.531667][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   69.541675][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   69.549858][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   69.557652][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   69.566004][ T7446] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   69.576025][ T7435] 8021q: adding VLAN 0 to HW filter on device team0
[   69.590538][ T7436] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   69.601848][ T7436] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   69.627072][ T7438] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   69.637482][ T7438] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   69.650850][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   69.659701][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   69.668242][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   69.676634][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   69.685013][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   69.693257][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   69.701582][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   69.709764][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   69.717894][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   69.726326][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   69.734466][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   69.742709][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   69.750685][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   69.759270][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   69.767831][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.774897][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.782369][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   69.790704][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   69.798994][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.806075][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.814520][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   69.823182][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   69.831411][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   69.840074][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   69.848366][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   69.855913][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   69.863555][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   69.871201][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   69.891263][ T7428] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   69.902591][ T7428] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   69.919919][ T7438] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.940042][ T7447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   69.949261][ T7447] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   69.957946][ T7447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   69.970077][ T7447] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   69.978340][ T7447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   69.988020][ T7447] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   69.996244][ T7447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   70.004630][ T7447] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   70.012945][ T7447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   70.021001][ T7447] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   70.029944][ T7447] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   70.043157][ T7436] 8021q: adding VLAN 0 to HW filter on device batadv0
[   70.053209][ T7430] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   70.073398][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   70.081884][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   70.090868][ T2998] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.097965][ T2998] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.106366][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   70.114845][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   70.123778][ T2998] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.130820][ T2998] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.138488][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   70.147893][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   70.156300][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   70.164895][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   70.173164][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   70.181477][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   70.189692][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   70.197846][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   70.214716][ T7435] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   70.226036][ T7435] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   70.239516][ T7433] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.255166][ T7428] 8021q: adding VLAN 0 to HW filter on device batadv0
[   70.265568][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   70.284003][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   70.291695][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   70.300921][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   70.316669][ T7435] 8021q: adding VLAN 0 to HW filter on device batadv0
[   70.328931][ T7433] 8021q: adding VLAN 0 to HW filter on device team0
[   70.348479][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   70.376560][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   70.398159][ T7464] netlink: 'syz-executor.3': attribute type 6 has an invalid length.
[   70.408933][ T7430] 8021q: adding VLAN 0 to HW filter on device batadv0
[   70.441963][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   70.446897][ T7470] netlink: 'syz-executor.4': attribute type 6 has an invalid length.
[   70.453492][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   70.485959][ T2998] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.493081][ T2998] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.501076][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   70.509866][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   70.518320][ T2998] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.525398][ T2998] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.533031][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   70.541291][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   70.553254][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   70.560942][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   70.569657][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   70.578860][ T7469] netlink: 'syz-executor.3': attribute type 6 has an invalid length.
[   70.588489][ T2998] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   70.620075][ T7474] netlink: 'syz-executor.4': attribute type 6 has an invalid length.
[   70.631127][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   70.660857][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   70.679462][ T7479] netlink: 'syz-executor.0': attribute type 6 has an invalid length.
[   70.690701][ T7433] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   70.701843][ T7482] netlink: 'syz-executor.3': attribute type 6 has an invalid length.
[   70.703133][ T7433] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   70.716462][ T7480] netlink: 'syz-executor.5': attribute type 6 has an invalid length.
[   70.740403][ T7488] netlink: 'syz-executor.5': attribute type 6 has an invalid length.
[   70.764811][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   70.765011][ T7486] netlink: 'syz-executor.0': attribute type 6 has an invalid length.
[   70.800374][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   70.819547][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   70.828141][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   70.836660][ T3010] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   70.850908][ T7433] 8021q: adding VLAN 0 to HW filter on device batadv0
[   70.865530][ T7492] netlink: 'syz-executor.4': attribute type 6 has an invalid length.
[   70.880263][ T7492] ==================================================================
[   70.888464][ T7492] BUG: KASAN: use-after-free in nla_memcpy+0x8b/0xa0
[   70.895119][ T7492] Read of size 2 at addr ffff888098f43514 by task syz-executor.4/7492
[   70.895129][ T7492] 
[   70.895137][ T7492] CPU: 1 PID: 7492 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0
[   70.895140][ T7492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.895143][ T7492] Call Trace:
[   70.895156][ T7492]  dump_stack+0x113/0x167
[   70.895168][ T7492]  print_address_description.constprop.8.cold.10+0x9/0x31d
[   70.895174][ T7492]  ? nla_memcpy+0x8b/0xa0
[   70.895180][ T7492]  __kasan_report.cold.11+0x1b/0x3a
[   70.895184][ T7492]  ? nla_memcpy+0x8b/0xa0
[   70.895191][ T7492]  ? nla_memcpy+0x8b/0xa0
[   70.895196][ T7492]  kasan_report+0x12/0x20
[   70.895201][ T7492]  __asan_report_load2_noabort+0x14/0x20
[   70.895205][ T7492]  nla_memcpy+0x8b/0xa0
[   70.938262][ T7492]  __cfg802154_wpan_dev_from_attrs+0x18a/0x750
[   70.938273][ T7492]  ? nl802154_post_doit+0x1c0/0x1c0
[   70.938292][ T7492]  nl802154_prepare_wpan_dev_dump.isra.9.constprop.26+0xdf/0x4c0
[   70.938301][ T7492]  nl802154_dump_llsec_seclevel+0xd1/0xa60
[   70.938312][ T7492]  ? __mutex_lock+0x5be/0x1410
[   70.938319][ T7492]  ? nl802154_dump_llsec_key+0xc30/0xc30
[   70.938327][ T7492]  ? mutex_lock_io_nested+0x1280/0x1280
[   70.960710][ T7492]  ? kasan_kmalloc+0x9/0x10
[   70.960716][ T7492]  ? __kmalloc_node_track_caller+0x4d/0x70
[   70.960727][ T7492]  ? __kasan_check_write+0x14/0x20
[   70.960734][ T7492]  ? __alloc_skb+0x355/0x570
[   70.960750][ T7492]  genl_lock_dumpit+0x84/0xb0
[   70.960757][ T7492]  netlink_dump+0x49e/0x10c0
[   70.960766][ T7492]  ? netlink_broadcast+0x10/0x10
[   70.960780][ T7492]  __netlink_dump_start+0x52b/0x810
[   70.960789][ T7492]  genl_rcv_msg+0xbbb/0x1280
[   70.982444][ T7492]  ? genl_family_rcv_msg_attrs_parse.isra.14+0x370/0x370
[   70.982450][ T7492]  ? genl_lock_dumpit+0xb0/0xb0
[   70.982455][ T7492]  ? genl_unlock+0x20/0x20
[   70.982459][ T7492]  ? genl_parallel_done+0x180/0x180
[   70.982473][ T7492]  ? mark_held_locks+0x130/0x130
[   70.982490][ T7492]  netlink_rcv_skb+0x13c/0x380
[   70.982498][ T7492]  ? genl_family_rcv_msg_attrs_parse.isra.14+0x370/0x370
[   70.982504][ T7492]  ? netlink_ack+0x970/0x970
[   70.982512][ T7492]  ? netlink_deliver_tap+0x182/0xad0
[   70.982521][ T7492]  genl_rcv+0x23/0x40
[   70.982526][ T7492]  netlink_unicast+0x43f/0x630
[   70.982534][ T7492]  ? netlink_attachskb+0x6f0/0x6f0
[   71.016353][ T7492]  ? _copy_from_iter_full+0x19e/0x7f0
[   71.027217][ T7492]  ? __kasan_check_read+0x11/0x20
[   71.027225][ T7492]  ? __check_object_size+0x203/0x2ea
[   71.027237][ T7492]  netlink_sendmsg+0x75d/0xc40
[   71.027247][ T7492]  ? netlink_unicast+0x630/0x630
[   71.027260][ T7492]  ? apparmor_socket_sendmsg+0x1b/0x20
[   71.027272][ T7492]  ? netlink_unicast+0x630/0x630
[   71.027279][ T7492]  sock_sendmsg+0xb5/0xf0
[   71.157630][ T7492]  ___sys_sendmsg+0x647/0x950
[   71.163419][ T7492]  ? copy_msghdr_from_user+0x420/0x420
[   71.168852][ T7492]  ? lock_downgrade+0x900/0x900
[   71.173700][ T7492]  ? __kasan_check_read+0x11/0x20
[   71.178856][ T7492]  ? __fget+0x2b1/0x420
[   71.183003][ T7492]  ? ksys_dup3+0x2e0/0x2e0
[   71.187392][ T7492]  ? __might_fault+0xf1/0x1b0
[   71.192042][ T7492]  ? __fget_light+0x179/0x1f0
[   71.196701][ T7492]  ? lock_acquire+0x194/0x410
[   71.201365][ T7492]  ? __fdget+0xe/0x10
[   71.205327][ T7492]  __sys_sendmsg+0xd9/0x180
[   71.209799][ T7492]  ? __sys_sendmsg_sock+0xb0/0xb0
[   71.214792][ T7492]  ? __kasan_check_read+0x11/0x20
[   71.219802][ T7492]  ? _copy_to_user+0xcb/0xf0
[   71.224372][ T7492]  ? put_timespec64+0xa9/0x100
[   71.229109][ T7492]  ? nsecs_to_jiffies+0x20/0x20
[   71.233948][ T7492]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   71.239994][ T7492]  __x64_sys_sendmsg+0x73/0xb0
[   71.244734][ T7492]  do_syscall_64+0xca/0x5d0
[   71.250085][ T7492]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   71.255954][ T7492] RIP: 0033:0x459a59
[   71.259842][ T7492] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   71.279432][ T7492] RSP: 002b:00007fc66bdd4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   71.287834][ T7492] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59
[   71.295777][ T7492] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[   71.303722][ T7492] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   71.311793][ T7492] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc66bdd56d4
[   71.319745][ T7492] R13: 00000000004c7bad R14: 00000000004dd938 R15: 00000000ffffffff
[   71.327705][ T7492] 
[   71.330006][ T7492] Allocated by task 7494:
[   71.334320][ T7492]  save_stack+0x21/0x90
[   71.338466][ T7492]  __kasan_kmalloc.constprop.9+0xc7/0xd0
[   71.344084][ T7492]  kasan_kmalloc+0x9/0x10
[   71.348398][ T7492]  __kmalloc_node_track_caller+0x4d/0x70
[   71.354108][ T7492]  __kmalloc_reserve.isra.46+0x2c/0xc0
[   71.359590][ T7492]  __alloc_skb+0xd7/0x570
[   71.363894][ T7492]  netlink_sendmsg+0x808/0xc40
[   71.368629][ T7492]  sock_sendmsg+0xb5/0xf0
[   71.372936][ T7492]  ___sys_sendmsg+0x647/0x950
[   71.377591][ T7492]  __sys_sendmsg+0xd9/0x180
[   71.382074][ T7492]  __x64_sys_sendmsg+0x73/0xb0
[   71.386814][ T7492]  do_syscall_64+0xca/0x5d0
[   71.391299][ T7492]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   71.397165][ T7492] 
[   71.399465][ T7492] Freed by task 7494:
[   71.403432][ T7492]  save_stack+0x21/0x90
[   71.407557][ T7492]  __kasan_slab_free+0x102/0x150
[   71.412463][ T7492]  kasan_slab_free+0xe/0x10
[   71.416947][ T7492]  kfree+0x108/0x2c0
[   71.420823][ T7492]  skb_free_head+0x6e/0x90
[   71.425211][ T7492]  skb_release_data+0x376/0x6a0
[   71.430039][ T7492]  skb_release_all+0x3d/0x50
[   71.434604][ T7492]  consume_skb+0xad/0x2a0
[   71.438907][ T7492]  netlink_unicast+0x447/0x630
[   71.443647][ T7492]  netlink_sendmsg+0x75d/0xc40
[   71.448384][ T7492]  sock_sendmsg+0xb5/0xf0
[   71.452697][ T7492]  ___sys_sendmsg+0x647/0x950
[   71.457343][ T7492]  __sys_sendmsg+0xd9/0x180
[   71.461815][ T7492]  __x64_sys_sendmsg+0x73/0xb0
[   71.466558][ T7492]  do_syscall_64+0xca/0x5d0
[   71.471043][ T7492]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   71.476917][ T7492] 
[   71.479328][ T7492] The buggy address belongs to the object at ffff888098f43500
[   71.479328][ T7492]  which belongs to the cache kmalloc-512 of size 512
[   71.493349][ T7492] The buggy address is located 20 bytes inside of
[   71.493349][ T7492]  512-byte region [ffff888098f43500, ffff888098f43700)
[   71.506503][ T7492] The buggy address belongs to the page:
[   71.512123][ T7492] page:ffffea000263d0c0 refcount:1 mapcount:0 mapping:ffff8880aa400a80 index:0x0
[   71.521220][ T7492] flags: 0x1fffc0000000200(slab)
[   71.526129][ T7492] raw: 01fffc0000000200 ffffea0002647d88 ffffea0002648848 ffff8880aa400a80
[   71.534685][ T7492] raw: 0000000000000000 ffff888098f43000 0000000100000006 0000000000000000
[   71.543411][ T7492] page dumped because: kasan: bad access detected
[   71.549799][ T7492] 
[   71.552101][ T7492] Memory state around the buggy address:
[   71.557710][ T7492]  ffff888098f43400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.565752][ T7492]  ffff888098f43480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   71.573805][ T7492] >ffff888098f43500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.581924][ T7492]                          ^
[   71.586484][ T7492]  ffff888098f43580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.594520][ T7492]  ffff888098f43600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   71.602553][ T7492] ==================================================================
[   71.610757][ T7492] Disabling lock debugging due to kernel taint
[   71.621242][ T7492] Kernel panic - not syncing: panic_on_warn set ...
[   71.627844][ T7492] CPU: 1 PID: 7492 Comm: syz-executor.4 Tainted: G    B             5.4.0-rc1+ #0
[   71.637096][ T7492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   71.647124][ T7492] Call Trace:
[   71.650393][ T7492]  dump_stack+0x113/0x167
[   71.654700][ T7492]  ? nla_memcpy+0x30/0xa0
[   71.659009][ T7492]  panic+0x223/0x4dc
[   71.662887][ T7492]  ? add_taint.cold.8+0x11/0x11
[   71.667719][ T7492]  ? ___preempt_schedule+0x16/0x20
[   71.672809][ T7492]  ? nla_memcpy+0x8b/0xa0
[   71.677106][ T7492]  end_report+0x47/0x4f
[   71.681241][ T7492]  __kasan_report.cold.11+0xe/0x3a
[   71.686319][ T7492]  ? nla_memcpy+0x8b/0xa0
[   71.690627][ T7492]  ? nla_memcpy+0x8b/0xa0
[   71.694921][ T7492]  kasan_report+0x12/0x20
[   71.699236][ T7492]  __asan_report_load2_noabort+0x14/0x20
[   71.704832][ T7492]  nla_memcpy+0x8b/0xa0
[   71.708968][ T7492]  __cfg802154_wpan_dev_from_attrs+0x18a/0x750
[   71.715090][ T7492]  ? nl802154_post_doit+0x1c0/0x1c0
[   71.720252][ T7492]  nl802154_prepare_wpan_dev_dump.isra.9.constprop.26+0xdf/0x4c0
[   71.728064][ T7492]  nl802154_dump_llsec_seclevel+0xd1/0xa60
[   71.733858][ T7492]  ? __mutex_lock+0x5be/0x1410
[   71.738596][ T7492]  ? nl802154_dump_llsec_key+0xc30/0xc30
[   71.744211][ T7492]  ? mutex_lock_io_nested+0x1280/0x1280
[   71.749722][ T7492]  ? kasan_kmalloc+0x9/0x10
[   71.754189][ T7492]  ? __kmalloc_node_track_caller+0x4d/0x70
[   71.759981][ T7492]  ? __kasan_check_write+0x14/0x20
[   71.765073][ T7492]  ? __alloc_skb+0x355/0x570
[   71.769640][ T7492]  genl_lock_dumpit+0x84/0xb0
[   71.774286][ T7492]  netlink_dump+0x49e/0x10c0
[   71.778856][ T7492]  ? netlink_broadcast+0x10/0x10
[   71.783764][ T7492]  __netlink_dump_start+0x52b/0x810
[   71.788939][ T7492]  genl_rcv_msg+0xbbb/0x1280
[   71.793497][ T7492]  ? genl_family_rcv_msg_attrs_parse.isra.14+0x370/0x370
[   71.800485][ T7492]  ? genl_lock_dumpit+0xb0/0xb0
[   71.805319][ T7492]  ? genl_unlock+0x20/0x20
[   71.809699][ T7492]  ? genl_parallel_done+0x180/0x180
[   71.814877][ T7492]  ? mark_held_locks+0x130/0x130
[   71.819792][ T7492]  netlink_rcv_skb+0x13c/0x380
[   71.824527][ T7492]  ? genl_family_rcv_msg_attrs_parse.isra.14+0x370/0x370
[   71.831582][ T7492]  ? netlink_ack+0x970/0x970
[   71.836148][ T7492]  ? netlink_deliver_tap+0x182/0xad0
[   71.841406][ T7492]  genl_rcv+0x23/0x40
[   71.845353][ T7492]  netlink_unicast+0x43f/0x630
[   71.850087][ T7492]  ? netlink_attachskb+0x6f0/0x6f0
[   71.855164][ T7492]  ? _copy_from_iter_full+0x19e/0x7f0
[   71.860506][ T7492]  ? __kasan_check_read+0x11/0x20
[   71.865497][ T7492]  ? __check_object_size+0x203/0x2ea
[   71.870754][ T7492]  netlink_sendmsg+0x75d/0xc40
[   71.875492][ T7492]  ? netlink_unicast+0x630/0x630
[   71.880403][ T7492]  ? apparmor_socket_sendmsg+0x1b/0x20
[   71.885839][ T7492]  ? netlink_unicast+0x630/0x630
[   71.890758][ T7492]  sock_sendmsg+0xb5/0xf0
[   71.895060][ T7492]  ___sys_sendmsg+0x647/0x950
[   71.899711][ T7492]  ? copy_msghdr_from_user+0x420/0x420
[   71.905137][ T7492]  ? lock_downgrade+0x900/0x900
[   71.909954][ T7492]  ? __kasan_check_read+0x11/0x20
[   71.914951][ T7492]  ? __fget+0x2b1/0x420
[   71.922914][ T7492]  ? ksys_dup3+0x2e0/0x2e0
[   71.927303][ T7492]  ? __might_fault+0xf1/0x1b0
[   71.931946][ T7492]  ? __fget_light+0x179/0x1f0
[   71.936588][ T7492]  ? lock_acquire+0x194/0x410
[   71.941234][ T7492]  ? __fdget+0xe/0x10
[   71.945181][ T7492]  __sys_sendmsg+0xd9/0x180
[   71.949660][ T7492]  ? __sys_sendmsg_sock+0xb0/0xb0
[   71.954647][ T7492]  ? __kasan_check_read+0x11/0x20
[   71.959645][ T7492]  ? _copy_to_user+0xcb/0xf0
[   71.964216][ T7492]  ? put_timespec64+0xa9/0x100
[   71.968944][ T7492]  ? nsecs_to_jiffies+0x20/0x20
[   71.973776][ T7492]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   71.979808][ T7492]  __x64_sys_sendmsg+0x73/0xb0
[   71.984547][ T7492]  do_syscall_64+0xca/0x5d0
[   71.989029][ T7492]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   71.994971][ T7492] RIP: 0033:0x459a59
[   71.998836][ T7492] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[   72.018412][ T7492] RSP: 002b:00007fc66bdd4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   72.026802][ T7492] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59
[   72.034739][ T7492] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[   72.042678][ T7492] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[   72.050621][ T7492] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc66bdd56d4
[   72.059088][ T7492] R13: 00000000004c7bad R14: 00000000004dd938 R15: 00000000ffffffff
[   72.068290][ T7492] Kernel Offset: disabled
[   72.072600][ T7492] Rebooting in 86400 seconds..