[   35.487824][   T26] audit: type=1800 audit(1564608170.483:21): pid=7318 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   47.568942][ T7483] IPVS: ftp: loaded support on port[0] = 21
[   48.037638][ T7487] can: request_module (can-proto-0) failed.
[   49.015826][ T7487] can: request_module (can-proto-0) failed.
Warning: Permanently added '10.128.0.211' (ECDSA) to the list of known hosts.
2019/07/31 21:23:11 parsed 1 programs
2019/07/31 21:23:12 executed programs: 0
[   57.418823][ T7556] IPVS: ftp: loaded support on port[0] = 21
[   57.450786][ T7559] IPVS: ftp: loaded support on port[0] = 21
[   57.485255][ T7561] IPVS: ftp: loaded support on port[0] = 21
[   57.509675][ T7562] IPVS: ftp: loaded support on port[0] = 21
[   57.585481][ T7556] chnl_net:caif_netlink_parms(): no params data found
[   57.604528][ T7565] IPVS: ftp: loaded support on port[0] = 21
[   57.605562][ T7566] IPVS: ftp: loaded support on port[0] = 21
[   57.723508][ T7559] chnl_net:caif_netlink_parms(): no params data found
[   57.732561][ T7556] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.740304][ T7556] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.748568][ T7556] device bridge_slave_0 entered promiscuous mode
[   57.784952][ T7556] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.792173][ T7556] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.799791][ T7556] device bridge_slave_1 entered promiscuous mode
[   57.818587][ T7556] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   57.829063][ T7556] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   57.857385][ T7556] team0: Port device team_slave_0 added
[   57.881163][ T7559] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.888737][ T7559] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.896189][ T7559] device bridge_slave_0 entered promiscuous mode
[   57.905513][ T7559] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.912705][ T7559] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.920307][ T7559] device bridge_slave_1 entered promiscuous mode
[   57.935481][ T7556] team0: Port device team_slave_1 added
[   57.950568][ T7559] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   57.963739][ T7561] chnl_net:caif_netlink_parms(): no params data found
[   57.974049][ T7559] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   58.024964][ T7559] team0: Port device team_slave_0 added
[   58.099750][ T7556] device hsr_slave_0 entered promiscuous mode
[   58.137711][ T7556] device hsr_slave_1 entered promiscuous mode
[   58.210959][ T7559] team0: Port device team_slave_1 added
[   58.235941][ T7565] chnl_net:caif_netlink_parms(): no params data found
[   58.249453][ T7562] chnl_net:caif_netlink_parms(): no params data found
[   58.266670][ T7561] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.273875][ T7561] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.282496][ T7561] device bridge_slave_0 entered promiscuous mode
[   58.290656][ T7561] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.297793][ T7561] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.305359][ T7561] device bridge_slave_1 entered promiscuous mode
[   58.389852][ T7559] device hsr_slave_0 entered promiscuous mode
[   58.428143][ T7559] device hsr_slave_1 entered promiscuous mode
[   58.508689][ T7565] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.515823][ T7565] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.523594][ T7565] device bridge_slave_0 entered promiscuous mode
[   58.532811][ T7565] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.540111][ T7565] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.547910][ T7565] device bridge_slave_1 entered promiscuous mode
[   58.559090][ T7556] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.566151][ T7556] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.573828][ T7556] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.580874][ T7556] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.592322][ T7561] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   58.615349][ T7566] chnl_net:caif_netlink_parms(): no params data found
[   58.630354][ T7561] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   58.659469][ T7562] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.666553][ T7562] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.675246][ T7562] device bridge_slave_0 entered promiscuous mode
[   58.683197][ T7562] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.690615][ T7562] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.698243][ T7562] device bridge_slave_1 entered promiscuous mode
[   58.717511][ T7565] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   58.726822][ T7561] team0: Port device team_slave_0 added
[   58.733429][ T7559] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.740530][ T7559] bridge0: port 2(bridge_slave_1) entered forwarding state
[   58.747877][ T7559] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.754923][ T7559] bridge0: port 1(bridge_slave_0) entered forwarding state
[   58.768824][   T17] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.776507][   T17] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.784804][   T17] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.792489][   T17] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.811952][ T7565] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   58.821362][ T7561] team0: Port device team_slave_1 added
[   58.842688][ T7566] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.850364][ T7566] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.858409][ T7566] device bridge_slave_0 entered promiscuous mode
[   58.866895][ T7562] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   58.876964][ T7562] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   58.886449][ T7565] team0: Port device team_slave_0 added
[   58.894773][ T7565] team0: Port device team_slave_1 added
[   58.901690][ T7566] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.909148][ T7566] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.916644][ T7566] device bridge_slave_1 entered promiscuous mode
[   58.956945][ T7566] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   58.998902][ T7561] device hsr_slave_0 entered promiscuous mode
[   59.050277][ T7561] device hsr_slave_1 entered promiscuous mode
[   59.169880][ T7565] device hsr_slave_0 entered promiscuous mode
[   59.207939][ T7565] device hsr_slave_1 entered promiscuous mode
[   59.256362][ T7566] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   59.265604][ T7562] team0: Port device team_slave_0 added
[   59.287038][ T7562] team0: Port device team_slave_1 added
[   59.315854][ T7566] team0: Port device team_slave_0 added
[   59.331875][ T7566] team0: Port device team_slave_1 added
[   59.378741][ T7566] device hsr_slave_0 entered promiscuous mode
[   59.427660][ T7566] device hsr_slave_1 entered promiscuous mode
[   59.550812][ T7562] device hsr_slave_0 entered promiscuous mode
[   59.587939][ T7562] device hsr_slave_1 entered promiscuous mode
[   59.689936][ T7566] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.697001][ T7566] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.731465][ T7559] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.742804][ T7556] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.759496][ T7561] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.771352][ T7565] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.789214][ T7559] 8021q: adding VLAN 0 to HW filter on device team0
[   59.810592][ T3503] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.824405][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   59.832958][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.848061][ T7562] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.858868][ T7556] 8021q: adding VLAN 0 to HW filter on device team0
[   59.875274][ T7565] 8021q: adding VLAN 0 to HW filter on device team0
[   59.885462][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   59.894784][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.902611][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   59.911247][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   59.919702][ T3503] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.926722][ T3503] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.934375][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   59.942747][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   59.951764][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   59.960402][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   59.968956][ T3503] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.975994][ T3503] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.986707][ T7566] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.003848][ T7562] 8021q: adding VLAN 0 to HW filter on device team0
[   60.011344][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   60.021258][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   60.029038][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   60.037996][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.046209][ T3503] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.053295][ T3503] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.061510][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   60.078023][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   60.085723][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   60.093486][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   60.102653][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.111096][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.118188][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.125699][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   60.134450][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.142746][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.149802][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.166115][ T7566] 8021q: adding VLAN 0 to HW filter on device team0
[   60.179348][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   60.188111][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.198054][ T7574] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.205077][ T7574] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.213094][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   60.221437][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   60.229103][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   60.236731][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   60.245138][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   60.253726][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   60.262072][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   60.270410][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.278717][ T7574] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.285743][ T7574] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.294980][ T7561] 8021q: adding VLAN 0 to HW filter on device team0
[   60.322448][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   60.330359][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   60.339211][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   60.348204][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   60.356669][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.365430][ T7574] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.372510][ T7574] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.380884][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   60.389480][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.398013][ T7574] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.405063][ T7574] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.412665][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   60.421129][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   60.429496][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   60.438507][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   60.446779][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   60.455139][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   60.463339][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   60.471527][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   60.479809][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   60.510485][ T7559] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   60.518936][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   60.526777][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   60.538307][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   60.546687][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   60.555387][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   60.563958][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   60.572149][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   60.580556][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   60.589226][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   60.598036][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   60.606186][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   60.614452][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   60.622559][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   60.631007][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   60.639231][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   60.647483][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   60.655592][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   60.664132][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   60.672870][ T7574] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.679948][ T7574] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.687626][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   60.696096][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.704475][ T7574] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.711526][ T7574] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.719489][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   60.727906][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   60.736116][ T7574] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.743198][ T7574] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.751338][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   60.759734][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   60.768510][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   60.776235][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   60.787720][ T7556] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   60.799470][ T7556] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   60.836812][ T7559] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.844480][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   60.862646][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   60.872612][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   60.881201][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   60.889872][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   60.898860][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   60.906991][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   60.916119][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   60.924666][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   60.933195][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   60.941524][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   60.950120][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   60.959869][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   60.967716][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   60.991428][ T7561] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   61.002830][ T7561] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   61.018267][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   61.026749][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   61.036314][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   61.044689][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   61.053252][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   61.061421][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   61.069722][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   61.078966][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   61.087268][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   61.095542][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   61.104185][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   61.112685][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   61.123240][ T7556] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.132843][ T7562] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   61.144724][ T7565] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.183152][ T7562] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.206807][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   61.225642][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   61.251836][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   61.260989][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   61.273657][ T7566] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   61.286734][ T7566] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   61.308811][ T7566] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.323494][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   61.342814][ T7574] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   61.380482][ T7561] 8021q: adding VLAN 0 to HW filter on device batadv0
2019/07/31 21:23:17 executed programs: 16
2019/07/31 21:23:22 executed programs: 75
2019/07/31 21:23:27 executed programs: 136
2019/07/31 21:23:32 executed programs: 198
2019/07/31 21:23:37 executed programs: 262
2019/07/31 21:23:42 executed programs: 325
[   91.168119][    C1] hrtimer: interrupt took 544100 ns
2019/07/31 21:23:47 executed programs: 385
2019/07/31 21:23:52 executed programs: 447
2019/07/31 21:23:57 executed programs: 508
2019/07/31 21:24:02 executed programs: 572
2019/07/31 21:24:08 executed programs: 634
2019/07/31 21:24:13 executed programs: 695
2019/07/31 21:24:18 executed programs: 758
2019/07/31 21:24:23 executed programs: 820
2019/07/31 21:24:28 executed programs: 883
2019/07/31 21:24:33 executed programs: 944
2019/07/31 21:24:38 executed programs: 1008
2019/07/31 21:24:43 executed programs: 1071
2019/07/31 21:24:48 executed programs: 1133
2019/07/31 21:24:53 executed programs: 1196
2019/07/31 21:24:58 executed programs: 1258
2019/07/31 21:25:03 executed programs: 1321
2019/07/31 21:25:08 executed programs: 1383
2019/07/31 21:25:13 executed programs: 1444
2019/07/31 21:25:19 executed programs: 1508
2019/07/31 21:25:24 executed programs: 1568
2019/07/31 21:25:29 executed programs: 1632
2019/07/31 21:25:34 executed programs: 1693
2019/07/31 21:25:39 executed programs: 1760
2019/07/31 21:25:44 executed programs: 1822
2019/07/31 21:25:49 executed programs: 1885
2019/07/31 21:25:54 executed programs: 1948
2019/07/31 21:25:59 executed programs: 2010
2019/07/31 21:26:04 executed programs: 2073
2019/07/31 21:26:09 executed programs: 2135
2019/07/31 21:26:15 executed programs: 2199
2019/07/31 21:26:20 executed programs: 2263
2019/07/31 21:26:25 executed programs: 2320
2019/07/31 21:26:30 executed programs: 2385
2019/07/31 21:26:35 executed programs: 2445
2019/07/31 21:26:40 executed programs: 2507
2019/07/31 21:26:45 executed programs: 2570
2019/07/31 21:26:50 executed programs: 2634
2019/07/31 21:26:55 executed programs: 2694
2019/07/31 21:27:00 executed programs: 2756
2019/07/31 21:27:05 executed programs: 2820
2019/07/31 21:27:10 executed programs: 2880
2019/07/31 21:27:15 executed programs: 2942
2019/07/31 21:27:20 executed programs: 3004
2019/07/31 21:27:25 executed programs: 3066
2019/07/31 21:27:30 executed programs: 3128
2019/07/31 21:27:35 executed programs: 3192
2019/07/31 21:27:40 executed programs: 3253
2019/07/31 21:27:46 executed programs: 3316
2019/07/31 21:27:51 executed programs: 3377
2019/07/31 21:27:56 executed programs: 3437
2019/07/31 21:28:01 executed programs: 3500
2019/07/31 21:28:06 executed programs: 3563
2019/07/31 21:28:11 executed programs: 3625
2019/07/31 21:28:16 executed programs: 3689
2019/07/31 21:28:21 executed programs: 3749
2019/07/31 21:28:26 executed programs: 3813
2019/07/31 21:28:31 executed programs: 3873
2019/07/31 21:28:36 executed programs: 3938
2019/07/31 21:28:41 executed programs: 3999
2019/07/31 21:28:46 executed programs: 4061
2019/07/31 21:28:51 executed programs: 4121
2019/07/31 21:28:56 executed programs: 4184
2019/07/31 21:29:01 executed programs: 4246
2019/07/31 21:29:07 executed programs: 4307
2019/07/31 21:29:12 executed programs: 4370
2019/07/31 21:29:17 executed programs: 4433
2019/07/31 21:29:22 executed programs: 4494
2019/07/31 21:29:27 executed programs: 4555
2019/07/31 21:29:32 executed programs: 4617
2019/07/31 21:29:37 executed programs: 4676
2019/07/31 21:29:42 executed programs: 4735
2019/07/31 21:29:47 executed programs: 4799
2019/07/31 21:29:52 executed programs: 4859
2019/07/31 21:29:57 executed programs: 4920
[  462.798428][    C0] ------------[ cut here ]------------
[  462.804041][    C0] refcount_t: increment on 0; use-after-free.
[  462.810260][    C0] WARNING: CPU: 0 PID: 0 at lib/refcount.c:156 refcount_inc_checked+0x2b/0x30
[  462.817444][T32375] ==================================================================
[  462.819084][    C0] Kernel panic - not syncing: panic_on_warn set ...
[  462.819095][    C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.2.0-rc6+ #1
[  462.827206][T32375] BUG: KASAN: use-after-free in refcount_inc_not_zero_checked+0x72/0x160
[  462.827214][T32375] Read of size 4 at addr ffff888089dcaa40 by task syz-executor.4/32375
[  462.833779][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  462.840877][T32375] 
[  462.869834][    C0] Call Trace:
[  462.873103][    C0]  <IRQ>
[  462.875946][    C0]  dump_stack+0x113/0x167
[  462.880265][    C0]  ? refcount_inc_checked+0x2b/0x30
[  462.885449][    C0]  panic+0x212/0x4cb
[  462.889324][    C0]  ? __warn_printk+0xd6/0xd6
[  462.894421][    C0]  __warn.cold.8+0x1b/0x38
[  462.898822][    C0]  ? refcount_inc_checked+0x2b/0x30
[  462.903999][    C0]  report_bug+0x1a4/0x200
[  462.908313][    C0]  do_error_trap+0x11b/0x200
[  462.912887][    C0]  do_invalid_op+0x36/0x40
[  462.917284][    C0]  ? refcount_inc_checked+0x2b/0x30
[  462.922472][    C0]  invalid_op+0x14/0x20
[  462.926607][    C0] RIP: 0010:refcount_inc_checked+0x2b/0x30
[  462.932391][    C0] Code: 48 89 e5 e8 97 fe ff ff 84 c0 74 02 5d c3 80 3d d3 82 f3 05 00 75 f5 48 c7 c7 00 52 41 87 c6 05 c3 82 f3 05 01 e8 a8 d2 3d fe <0f> 0b 5d c3 90 55 48 89 e5 41 56 41 55 49 89 fd 48 c7 c7 60 52 41
[  462.951976][    C0] RSP: 0018:ffff8880aea09c10 EFLAGS: 00010286
[  462.958021][    C0] RAX: 0000000000000000 RBX: ffff888089dca9c0 RCX: 0000000000000000
[  462.966936][    C0] RDX: 0000000000000004 RSI: ffffffff8827a8e8 RDI: ffffffff89d63d40
[  462.974887][    C0] RBP: ffff8880aea09c10 R08: 0000000000000002 R09: 0000000000000000
[  462.982849][    C0] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880a9000c00
[  462.990806][    C0] R13: ffff888089dcaa28 R14: 000000000000002f R15: ffff888089dcae5e
[  462.998780][    C0]  nr_insert_socket+0x28/0xd0
[  463.003435][    C0]  nr_rx_frame+0x160f/0x1f00
[  463.008006][    C0]  ? lock_downgrade+0x860/0x860
[  463.012844][    C0]  nr_loopback_timer+0x64/0x120
[  463.017672][    C0]  call_timer_fn+0x14d/0x510
[  463.022240][    C0]  ? nr_process_rx_frame+0x1280/0x1280
[  463.027672][    C0]  ? process_timeout+0x40/0x40
[  463.032417][    C0]  ? _raw_spin_unlock_irq+0x27/0x80
[  463.037597][    C0]  ? trace_hardirqs_on+0x28/0x190
[  463.042601][    C0]  ? kasan_check_read+0x11/0x20
[  463.047435][    C0]  ? nr_process_rx_frame+0x1280/0x1280
[  463.052883][    C0]  run_timer_softirq+0xc6f/0x1330
[  463.057903][    C0]  ? add_timer+0x730/0x730
[  463.062303][    C0]  __do_softirq+0x260/0x958
[  463.066779][    C0]  ? sched_clock_cpu+0x1b/0x1b0
[  463.071617][    C0]  irq_exit+0x17f/0x1c0
[  463.075753][    C0]  smp_apic_timer_interrupt+0x13e/0x540
[  463.081294][    C0]  apic_timer_interrupt+0xf/0x20
[  463.086208][    C0]  </IRQ>
[  463.089129][    C0] RIP: 0010:native_safe_halt+0x12/0x20
[  463.094566][    C0] Code: 11 ff ff ff 4c 89 e7 e8 6c 42 f4 fa eb 97 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 e9 07 00 00 00 0f 00 2d f0 91 63 00 fb f4 <5d> c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 e9 07 00 00
[  463.114147][    C0] RSP: 0018:ffffffff88207ce0 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13
[  463.122547][    C0] RAX: dffffc0000000000 RBX: ffffffff8827a040 RCX: 0000000000000000
[  463.130495][    C0] RDX: 1ffffffff10643e1 RSI: 0000000000000006 RDI: ffffffff88321f08
[  463.138445][    C0] RBP: ffffffff88207ce0 R08: 0000000000000006 R09: 0000000000000000
[  463.146400][    C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  463.154349][    C0] R13: ffffffff88321ef8 R14: 0000000000000000 R15: ffffffff88f69d78
[  463.162321][    C0]  default_idle+0x51/0x310
[  463.166726][    C0]  arch_cpu_idle+0xa/0x10
[  463.171033][    C0]  default_idle_call+0x6d/0x90
[  463.175776][    C0]  do_idle+0x3e4/0x590
[  463.179820][    C0]  ? retint_kernel+0x2b/0x2b
[  463.184389][    C0]  ? arch_cpu_idle_exit+0x70/0x70
[  463.189393][    C0]  cpu_startup_entry+0x18/0x20
[  463.194134][    C0]  rest_init+0x1a4/0x279
[  463.198357][    C0]  arch_call_rest_init+0x9/0xc
[  463.203095][    C0]  start_kernel+0x6bd/0x6f8
[  463.207573][    C0]  ? mem_encrypt_init+0x1/0x1
[  463.212230][    C0]  ? early_idt_handler_common+0x3b/0x60
[  463.217767][    C0]  x86_64_start_reservations+0x29/0x2b
[  463.223215][    C0]  x86_64_start_kernel+0x76/0x79
[  463.228140][    C0]  secondary_startup_64+0xa4/0xb0
[  463.233167][T32375] CPU: 1 PID: 32375 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #1
[  463.241059][T32375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  463.251099][T32375] Call Trace:
[  463.254377][T32375]  dump_stack+0x113/0x167
[  463.258691][T32375]  print_address_description.cold.5+0x9/0x1ff
[  463.264737][T32375]  ? refcount_inc_not_zero_checked+0x72/0x160
[  463.270795][T32375]  __kasan_report.cold.6+0x1b/0x39
[  463.275899][T32375]  ? refcount_inc_not_zero_checked+0x72/0x160
[  463.281945][T32375]  ? refcount_inc_not_zero_checked+0x72/0x160
[  463.288005][T32375]  kasan_report+0x12/0x20
[  463.292318][T32375]  check_memory_region+0x13e/0x1b0
[  463.297414][T32375]  kasan_check_read+0x11/0x20
[  463.302061][T32375]  refcount_inc_not_zero_checked+0x72/0x160
[  463.307932][T32375]  ? refcount_dec_and_mutex_lock+0x50/0x50
[  463.313750][T32375]  ? lock_acquire+0x173/0x3d0
[  463.318409][T32375]  ? __sock_release+0x7d/0x290
[  463.323159][T32375]  refcount_inc_checked+0x9/0x30
[  463.328085][T32375]  nr_release+0x53/0x360
[  463.332305][T32375]  __sock_release+0xc2/0x290
[  463.336878][T32375]  sock_close+0x10/0x20
[  463.341014][T32375]  __fput+0x25a/0x770
[  463.344975][T32375]  ? _raw_spin_unlock_irq+0x27/0x80
[  463.350160][T32375]  ____fput+0x9/0x10
[  463.354030][T32375]  task_work_run+0x108/0x180
[  463.358610][T32375]  exit_to_usermode_loop+0x1a9/0x200
[  463.363872][T32375]  do_syscall_64+0x447/0x530
[  463.368438][T32375]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  463.374330][T32375] RIP: 0033:0x413511
[  463.378217][T32375] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  463.397807][T32375] RSP: 002b:00007ffca9b79570 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  463.406193][T32375] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413511
[  463.414141][T32375] RDX: 0000001b2c820000 RSI: 0000000000000000 RDI: 0000000000000003
[  463.422085][T32375] RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
[  463.430035][T32375] R10: 00007ffca9b79650 R11: 0000000000000293 R12: 000000000075c9a0
[  463.437981][T32375] R13: 000000000075c9a0 R14: 0000000000760a50 R15: ffffffffffffffff
[  463.445938][T32375] 
[  463.448246][T32375] Allocated by task 0:
[  463.452316][T32375]  save_stack+0x21/0x90
[  463.456446][T32375]  __kasan_kmalloc.constprop.8+0xc7/0xd0
[  463.462049][T32375]  kasan_kmalloc+0x9/0x10
[  463.466353][T32375]  __kmalloc+0x15d/0x760
[  463.470584][T32375]  sk_prot_alloc+0x148/0x240
[  463.475145][T32375]  sk_alloc+0x30/0xc70
[  463.479186][T32375]  nr_rx_frame+0x645/0x1f00
[  463.483661][T32375]  nr_loopback_timer+0x64/0x120
[  463.488488][T32375]  call_timer_fn+0x14d/0x510
[  463.493054][T32375]  run_timer_softirq+0xc6f/0x1330
[  463.498051][T32375]  __do_softirq+0x260/0x958
[  463.502522][T32375] 
[  463.504828][T32375] Freed by task 32377:
[  463.508873][T32375]  save_stack+0x21/0x90
[  463.513001][T32375]  __kasan_slab_free+0x102/0x150
[  463.517909][T32375]  kasan_slab_free+0xe/0x10
[  463.522400][T32375]  kfree+0xcf/0x220
[  463.526188][T32375]  __sk_destruct+0x3f1/0x580
[  463.530754][T32375]  sk_destruct+0x49/0x60
[  463.534976][T32375]  __sk_free+0x9e/0x230
[  463.539107][T32375]  sk_free+0x23/0x30
[  463.542975][T32375]  sock_efree+0x42/0x50
[  463.547103][T32375]  skb_release_head_state+0x9f/0x1a0
[  463.552360][T32375]  skb_release_all+0xd/0x50
[  463.556848][T32375]  kfree_skb+0x97/0x270
[  463.560977][T32375]  nr_accept+0x487/0x690
[  463.565205][T32375]  __sys_accept4+0x32b/0x6b0
[  463.569767][T32375]  __x64_sys_accept+0x70/0xb0
[  463.574417][T32375]  do_syscall_64+0xd0/0x530
[  463.578917][T32375]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  463.584783][T32375] 
[  463.587090][T32375] The buggy address belongs to the object at ffff888089dca9c0
[  463.587090][T32375]  which belongs to the cache kmalloc-2k of size 2048
[  463.601129][T32375] The buggy address is located 128 bytes inside of
[  463.601129][T32375]  2048-byte region [ffff888089dca9c0, ffff888089dcb1c0)
[  463.614477][T32375] The buggy address belongs to the page:
[  463.620087][T32375] page:ffffea0002277280 refcount:1 mapcount:0 mapping:ffff8880aa400c40 index:0x0 compound_mapcount: 0
[  463.630994][T32375] flags: 0x1fffc0000010200(slab|head)
[  463.636347][T32375] raw: 01fffc0000010200 ffffea0002316408 ffffea00022a9488 ffff8880aa400c40
[  463.644912][T32375] raw: 0000000000000000 ffff888089dca140 0000000100000003 0000000000000000
[  463.653502][T32375] page dumped because: kasan: bad access detected
[  463.659910][T32375] 
[  463.662212][T32375] Memory state around the buggy address:
[  463.667817][T32375]  ffff888089dca900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  463.675868][T32375]  ffff888089dca980: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  463.683920][T32375] >ffff888089dcaa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  463.691962][T32375]                                            ^
[  463.698097][T32375]  ffff888089dcaa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  463.706148][T32375]  ffff888089dcab00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  463.714192][T32375] ==================================================================
[  463.722229][T32375] Disabling lock debugging due to kernel taint
[  463.729332][    C0] Kernel Offset: disabled
[  463.733644][    C0] Rebooting in 86400 seconds..