[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   76.971906][   T24] audit: type=1800 audit(1565657297.984:29): pid=10420 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   76.996492][   T24] audit: type=1800 audit(1565657297.984:30): pid=10420 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   87.577948][T10585] IPVS: ftp: loaded support on port[0] = 21
[   88.797999][T10590] can: request_module (can-proto-0) failed.
[   88.979393][T10590] can: request_module (can-proto-0) failed.
Warning: Permanently added '10.128.0.196' (ECDSA) to the list of known hosts.
2019/08/13 00:48:37 parsed 1 programs
2019/08/13 00:48:38 executed programs: 0
[   97.711192][T10660] IPVS: ftp: loaded support on port[0] = 21
[   97.723682][T10661] IPVS: ftp: loaded support on port[0] = 21
[   97.794944][T10663] IPVS: ftp: loaded support on port[0] = 21
[   97.826526][T10668] IPVS: ftp: loaded support on port[0] = 21
[   97.850550][T10665] IPVS: ftp: loaded support on port[0] = 21
[   97.875514][T10669] IPVS: ftp: loaded support on port[0] = 21
[   97.950828][T10660] chnl_net:caif_netlink_parms(): no params data found
[   98.000881][T10661] chnl_net:caif_netlink_parms(): no params data found
[   98.073616][T10660] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.080940][T10660] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.088563][T10660] device bridge_slave_0 entered promiscuous mode
[   98.097750][T10660] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.105098][T10660] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.112962][T10660] device bridge_slave_1 entered promiscuous mode
[   98.165056][T10660] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.174515][T10661] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.181758][T10661] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.189546][T10661] device bridge_slave_0 entered promiscuous mode
[   98.204212][T10663] chnl_net:caif_netlink_parms(): no params data found
[   98.214157][T10660] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.230539][T10661] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.237643][T10661] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.245564][T10661] device bridge_slave_1 entered promiscuous mode
[   98.283510][T10660] team0: Port device team_slave_0 added
[   98.295257][T10660] team0: Port device team_slave_1 added
[   98.375006][T10669] chnl_net:caif_netlink_parms(): no params data found
[   98.386938][T10661] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.398951][T10661] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.424648][T10668] chnl_net:caif_netlink_parms(): no params data found
[   98.451258][T10665] chnl_net:caif_netlink_parms(): no params data found
[   98.484086][T10661] team0: Port device team_slave_0 added
[   98.494072][T10663] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.501664][T10663] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.509565][T10663] device bridge_slave_0 entered promiscuous mode
[   98.591295][T10660] device hsr_slave_0 entered promiscuous mode
[   98.629014][T10660] device hsr_slave_1 entered promiscuous mode
[   98.690115][T10661] team0: Port device team_slave_1 added
[   98.704968][T10663] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.712205][T10663] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.719845][T10663] device bridge_slave_1 entered promiscuous mode
[   98.740093][T10669] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.747629][T10669] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.755404][T10669] device bridge_slave_0 entered promiscuous mode
[   98.762934][T10669] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.770055][T10669] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.777977][T10669] device bridge_slave_1 entered promiscuous mode
[   98.790134][T10668] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.797223][T10668] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.805226][T10668] device bridge_slave_0 entered promiscuous mode
[   98.843181][T10668] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.850470][T10668] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.858029][T10668] device bridge_slave_1 entered promiscuous mode
[   98.872690][T10663] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.920228][T10661] device hsr_slave_0 entered promiscuous mode
[   98.958860][T10661] device hsr_slave_1 entered promiscuous mode
[   99.008670][T10661] debugfs: Directory 'hsr0' with parent '/' already present!
[   99.027049][T10669] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.036460][T10665] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.044578][T10665] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.052337][T10665] device bridge_slave_0 entered promiscuous mode
[   99.061872][T10665] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.069067][T10665] bridge0: port 2(bridge_slave_1) entered disabled state
[   99.076650][T10665] device bridge_slave_1 entered promiscuous mode
[   99.086306][T10663] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.112786][T10669] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.138913][T10669] team0: Port device team_slave_0 added
[   99.149793][T10669] team0: Port device team_slave_1 added
[   99.162706][T10668] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.190575][T10663] team0: Port device team_slave_0 added
[   99.197766][T10665] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   99.209305][T10668] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.227570][T10663] team0: Port device team_slave_1 added
[   99.236158][T10665] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   99.300343][T10669] device hsr_slave_0 entered promiscuous mode
[   99.339066][T10669] device hsr_slave_1 entered promiscuous mode
[   99.388630][T10669] debugfs: Directory 'hsr0' with parent '/' already present!
[   99.415882][T10665] team0: Port device team_slave_0 added
[   99.426351][T10665] team0: Port device team_slave_1 added
[   99.442431][T10668] team0: Port device team_slave_0 added
[   99.510293][T10665] device hsr_slave_0 entered promiscuous mode
[   99.559043][T10665] device hsr_slave_1 entered promiscuous mode
[   99.618756][T10665] debugfs: Directory 'hsr0' with parent '/' already present!
[   99.628301][T10668] team0: Port device team_slave_1 added
[   99.701656][T10663] device hsr_slave_0 entered promiscuous mode
[   99.758941][T10663] device hsr_slave_1 entered promiscuous mode
[   99.819048][T10663] debugfs: Directory 'hsr0' with parent '/' already present!
[   99.881429][T10668] device hsr_slave_0 entered promiscuous mode
[   99.920290][T10668] device hsr_slave_1 entered promiscuous mode
[   99.958786][T10668] debugfs: Directory 'hsr0' with parent '/' already present!
[   99.993717][T10661] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.041710][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  100.049863][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  100.068007][T10661] 8021q: adding VLAN 0 to HW filter on device team0
[  100.078142][T10660] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.106849][T10669] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.117560][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  100.126688][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  100.135635][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.142731][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.169748][ T3318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  100.177678][ T3318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  100.186412][ T3318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  100.195456][ T3318] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.202563][ T3318] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.210653][ T3318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  100.219397][ T3318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  100.227999][ T3318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  100.236556][ T3318] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  100.245455][ T3318] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  100.260345][T10660] 8021q: adding VLAN 0 to HW filter on device team0
[  100.275518][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  100.283428][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  100.291220][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  100.300036][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  100.309844][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  100.317485][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  100.332750][T10665] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.346003][T10669] 8021q: adding VLAN 0 to HW filter on device team0
[  100.360450][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  100.370476][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  100.379358][ T3013] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.386414][ T3013] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.394072][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  100.402972][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  100.411757][ T3013] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.418825][ T3013] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.426324][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  100.434951][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  100.443643][ T3013] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.450734][ T3013] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.458275][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  100.472032][T10661] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  100.483699][T10661] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  100.512478][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  100.521035][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  100.529503][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  100.537996][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  100.548028][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  100.557020][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  100.565503][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  100.573228][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  100.581087][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  100.589830][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  100.598134][ T3013] bridge0: port 2(bridge_slave_1) entered blocking state
[  100.605523][ T3013] bridge0: port 2(bridge_slave_1) entered forwarding state
[  100.613627][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  100.622350][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  100.631140][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  100.639742][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  100.648194][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  100.657676][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  100.666513][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  100.675878][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  100.683924][ T3013] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  100.697083][T10663] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.710609][T10665] 8021q: adding VLAN 0 to HW filter on device team0
[  100.732568][T10661] 8021q: adding VLAN 0 to HW filter on device batadv0
[  100.741921][T10668] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.750973][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  100.763392][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  100.773673][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  100.782650][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  100.791403][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  100.800064][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  100.808647][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  100.817007][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  100.825601][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  100.834113][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  100.843225][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  100.863668][T10668] 8021q: adding VLAN 0 to HW filter on device team0
[  100.874094][T10669] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  100.889767][ T3318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  100.897589][ T3318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  100.905651][ T3318] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  100.915045][ T3318] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  100.923892][ T3318] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  100.934267][ T3318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  100.942894][ T3318] bridge0: port 1(bridge_slave_0) entered blocking state
[  100.950019][ T3318] bridge0: port 1(bridge_slave_0) entered forwarding state
[  100.957963][ T3318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  100.972274][T10660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  101.001119][T10673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  101.009690][T10673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  101.017614][T10673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  101.027131][T10673] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  101.036698][T10673] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.043955][T10673] bridge0: port 1(bridge_slave_0) entered forwarding state
[  101.052038][T10673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  101.060741][T10673] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  101.069188][T10673] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.076396][T10673] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.084056][T10673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  101.093358][T10673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  101.102319][T10673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  101.111424][T10673] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  101.120271][T10673] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.127339][T10673] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.135164][T10673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  101.144380][T10673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  101.153079][T10673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  101.162647][T10673] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  101.172531][T10673] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  101.180771][T10673] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  101.194577][T10663] 8021q: adding VLAN 0 to HW filter on device team0
[  101.212862][T10669] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.248091][T10665] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  101.263312][T10665] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  101.276141][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  101.290015][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  101.300388][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  101.309743][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  101.318257][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  101.336708][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  101.345678][   T22] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.352882][   T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[  101.360975][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  101.369750][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  101.378286][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  101.396607][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  101.406581][   T22] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.413762][   T22] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.422189][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  101.431431][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  101.440831][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  101.452136][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  101.461692][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  101.470489][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  101.486714][T10660] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.508307][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  101.517512][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  101.526894][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  101.535174][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  101.544084][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  101.553155][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  101.562315][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  101.571491][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  101.580446][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  101.589144][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  101.604200][T10668] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  101.643813][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  101.664398][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  101.680081][T10665] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.693000][T10663] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  101.707006][T10663] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  101.728413][T10668] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.735984][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  101.744851][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  101.755299][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  101.763857][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  101.772405][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  101.816582][T10663] 8021q: adding VLAN 0 to HW filter on device batadv0
2019/08/13 00:48:43 executed programs: 56
2019/08/13 00:48:48 executed programs: 317
[  109.662062][T11829] ==================================================================
[  109.670211][T11829] BUG: KASAN: use-after-free in rxrpc_queue_local+0x7c/0x3e0
[  109.677595][T11829] Read of size 4 at addr ffff8880a82b56d4 by task syz-executor.0/11829
[  109.685827][T11829] 
[  109.688166][T11829] CPU: 1 PID: 11829 Comm: syz-executor.0 Not tainted 5.3.0-rc3+ #1
[  109.696049][T11829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  109.706139][T11829] Call Trace:
[  109.709454][T11829]  dump_stack+0x172/0x1f0
[  109.713810][T11829]  ? rxrpc_queue_local+0x7c/0x3e0
[  109.718854][T11829]  print_address_description.cold+0xd4/0x306
[  109.724854][T11829]  ? rxrpc_queue_local+0x7c/0x3e0
[  109.729987][T11829]  ? rxrpc_queue_local+0x7c/0x3e0
[  109.735027][T11829]  __kasan_report.cold+0x1b/0x36
[  109.739979][T11829]  ? rxrpc_queue_local+0x7c/0x3e0
[  109.745014][T11829]  ? rxrpc_unuse_local+0x52/0x80
[  109.749960][T11829]  kasan_report+0x12/0x17
[  109.754308][T11829]  check_memory_region+0x134/0x1a0
[  109.759429][T11829]  ? rxrpc_unuse_local+0x52/0x80
[  109.759442][T11829]  __kasan_check_read+0x11/0x20
[  109.759454][T11829]  rxrpc_queue_local+0x7c/0x3e0
[  109.759467][T11829]  rxrpc_unuse_local+0x52/0x80
[  109.759478][T11829]  rxrpc_release+0x47d/0x840
[  109.759494][T11829]  __sock_release+0xce/0x280
[  109.759507][T11829]  sock_close+0x1e/0x30
[  109.759521][T11829]  __fput+0x2ff/0x890
[  109.759535][T11829]  ? __sock_release+0x280/0x280
[  109.759550][T11829]  ____fput+0x16/0x20
[  109.759561][T11829]  task_work_run+0x145/0x1c0
[  109.759585][T11829]  exit_to_usermode_loop+0x316/0x380
[  109.769478][T11829]  do_syscall_64+0x5a9/0x6a0
[  109.769496][T11829]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  109.769505][T11829] RIP: 0033:0x413511
[  109.769519][T11829] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  109.769525][T11829] RSP: 002b:00007ffc204e87c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  109.769537][T11829] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413511
[  109.769543][T11829] RDX: 0000001b2e420000 RSI: 0000000000000000 RDI: 0000000000000003
[  109.769551][T11829] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[  109.769566][T11829] R10: 00007ffc204e88a0 R11: 0000000000000293 R12: 000000000075bf20
[  109.788340][T11829] R13: 000000000001ac29 R14: 0000000000760210 R15: ffffffffffffffff
[  109.788354][T11829] 
[  109.788373][T11829] Allocated by task 11830:
[  109.788397][T11829]  save_stack+0x23/0x90
[  109.788411][T11829]  __kasan_kmalloc.constprop.0+0xcf/0xe0
[  109.788429][T11829]  kasan_kmalloc+0x9/0x10
[  109.805463][T11829]  kmem_cache_alloc_trace+0x158/0x790
[  109.829671][T11829]  rxrpc_lookup_local+0x562/0x1ba0
[  109.829685][T11829]  rxrpc_sendmsg+0x379/0x5f0
[  109.829698][T11829]  sock_sendmsg+0xd7/0x130
[  109.829710][T11829]  ___sys_sendmsg+0x3e2/0x920
[  109.829723][T11829]  __sys_sendmmsg+0x1bf/0x4d0
[  109.829735][T11829]  __x64_sys_sendmmsg+0x9d/0x100
[  109.829748][T11829]  do_syscall_64+0xfd/0x6a0
[  109.829761][T11829]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  109.829765][T11829] 
[  109.829770][T11829] Freed by task 16:
[  109.829790][T11829]  save_stack+0x23/0x90
[  109.855124][ T3908] kobject: 'loop5' (000000007a38b313): fill_kobj_path: path = '/devices/virtual/block/loop5'
[  109.858001][T11829]  __kasan_slab_free+0x102/0x150
[  109.858013][T11829]  kasan_slab_free+0xe/0x10
[  109.858023][T11829]  kfree+0x10a/0x2c0
[  109.858037][T11829]  rxrpc_local_rcu+0x62/0x80
[  109.858049][T11829]  rcu_core+0x67f/0x1580
[  109.858068][T11829]  rcu_core_si+0x9/0x10
[  109.877664][ T3908] kobject: 'loop3' (000000008edc22c7): kobject_uevent_env
[  109.881987][T11829]  __do_softirq+0x262/0x98c
[  109.881991][T11829] 
[  109.882002][T11829] The buggy address belongs to the object at ffff8880a82b56c0
[  109.882002][T11829]  which belongs to the cache kmalloc-1k of size 1024
[  109.882013][T11829] The buggy address is located 20 bytes inside of
[  109.882013][T11829]  1024-byte region [ffff8880a82b56c0, ffff8880a82b5ac0)
[  109.882017][T11829] The buggy address belongs to the page:
[  109.882041][T11829] page:ffffea0002a0ad00 refcount:1 mapcount:0 mapping:ffff8880aa400c40 index:0xffff8880a82b5b40 compound_mapcount: 0
[  109.882062][T11829] flags: 0x1fffc0000010200(slab|head)
[  109.882087][T11829] raw: 01fffc0000010200 ffffea0002a1cb08 ffffea00023b0c88 ffff8880aa400c40
[  109.900005][ T3908] kobject: 'loop3' (000000008edc22c7): fill_kobj_path: path = '/devices/virtual/block/loop3'
[  109.900356][T11829] raw: ffff8880a82b5b40 ffff8880a82b4040 0000000100000006 0000000000000000
[  109.900363][T11829] page dumped because: kasan: bad access detected
[  109.900367][T11829] 
[  109.900370][T11829] Memory state around the buggy address:
[  109.900382][T11829]  ffff8880a82b5580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.900391][T11829]  ffff8880a82b5600: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  109.900405][T11829] >ffff8880a82b5680: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  109.919821][ T3908] kobject: 'loop5' (000000007a38b313): kobject_uevent_env
[  109.924305][T11829]                                                  ^
[  109.924320][T11829]  ffff8880a82b5700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.924328][T11829]  ffff8880a82b5780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  109.924332][T11829] ==================================================================
[  109.949606][T11829] Kernel panic - not syncing: panic_on_warn set ...
[  109.986401][ T3908] kobject: 'loop5' (000000007a38b313): fill_kobj_path: path = '/devices/virtual/block/loop5'
[  109.988692][T11829] CPU: 1 PID: 11829 Comm: syz-executor.0 Tainted: G    B             5.3.0-rc3+ #1
[  109.988701][T11829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  109.988705][T11829] Call Trace:
[  109.988727][T11829]  dump_stack+0x172/0x1f0
[  109.988743][T11829]  panic+0x2dc/0x755
[  109.988756][T11829]  ? add_taint.cold+0x16/0x16
[  109.988771][T11829]  ? rxrpc_queue_local+0x7c/0x3e0
[  109.988801][T11829]  ? preempt_schedule+0x4b/0x60
[  109.995727][ T3908] kobject: 'loop4' (00000000df6a4434): kobject_uevent_env
[  109.997201][T11829]  ? ___preempt_schedule+0x16/0x20
[  109.997222][T11829]  ? trace_hardirqs_on+0x5e/0x240
[  110.002335][ T3908] kobject: 'loop4' (00000000df6a4434): fill_kobj_path: path = '/devices/virtual/block/loop4'
[  110.006048][T11829]  ? rxrpc_queue_local+0x7c/0x3e0
[  110.006064][T11829]  end_report+0x47/0x4f
[  110.006083][T11829]  ? rxrpc_queue_local+0x7c/0x3e0
[  110.012267][ T3908] kobject: 'loop5' (000000007a38b313): kobject_uevent_env
[  110.017341][T11829]  __kasan_report.cold+0xe/0x36
[  110.017359][T11829]  ? rxrpc_queue_local+0x7c/0x3e0
[  110.017372][T11829]  ? rxrpc_unuse_local+0x52/0x80
[  110.017391][T11829]  kasan_report+0x12/0x17
[  110.023859][ T3908] kobject: 'loop5' (000000007a38b313): fill_kobj_path: path = '/devices/virtual/block/loop5'
[  110.024320][T11829]  check_memory_region+0x134/0x1a0
[  110.054142][ T3908] kobject: 'loop2' (000000005664e2ed): kobject_uevent_env
[  110.057361][T11829]  ? rxrpc_unuse_local+0x52/0x80
[  110.084276][ T3908] kobject: 'loop2' (000000005664e2ed): fill_kobj_path: path = '/devices/virtual/block/loop2'
[  110.093674][T11829]  __kasan_check_read+0x11/0x20
[  110.093690][T11829]  rxrpc_queue_local+0x7c/0x3e0
[  110.093703][T11829]  rxrpc_unuse_local+0x52/0x80
[  110.093714][T11829]  rxrpc_release+0x47d/0x840
[  110.093728][T11829]  __sock_release+0xce/0x280
[  110.093740][T11829]  sock_close+0x1e/0x30
[  110.093753][T11829]  __fput+0x2ff/0x890
[  110.093767][T11829]  ? __sock_release+0x280/0x280
[  110.093787][T11829]  ____fput+0x16/0x20
[  110.180550][ T3908] kobject: 'loop1' (00000000bca0fef4): kobject_uevent_env
[  110.185412][T11829]  task_work_run+0x145/0x1c0
[  110.226218][ T3908] kobject: 'loop1' (00000000bca0fef4): fill_kobj_path: path = '/devices/virtual/block/loop1'
[  110.226329][T11829]  exit_to_usermode_loop+0x316/0x380
[  110.325532][ T3908] kobject: 'loop4' (00000000df6a4434): kobject_uevent_env
[  110.330840][T11829]  do_syscall_64+0x5a9/0x6a0
[  110.330857][T11829]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  110.330867][T11829] RIP: 0033:0x413511
[  110.330882][T11829] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  110.330897][T11829] RSP: 002b:00007ffc204e87c0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  110.350916][ T3908] kobject: 'loop4' (00000000df6a4434): fill_kobj_path: path = '/devices/virtual/block/loop4'
[  110.355641][T11829] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413511
[  110.482502][T11829] RDX: 0000001b2e420000 RSI: 0000000000000000 RDI: 0000000000000003
[  110.490458][T11829] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[  110.498418][T11829] R10: 00007ffc204e88a0 R11: 0000000000000293 R12: 000000000075bf20
[  110.507004][T11829] R13: 000000000001ac29 R14: 0000000000760210 R15: ffffffffffffffff
[  110.516024][T11829] Kernel Offset: disabled
[  110.520349][T11829] Rebooting in 86400 seconds..