[   33.029485][   T26] audit: type=1800 audit(1559714355.613:22): pid=7189 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   50.421990][ T7355] IPVS: ftp: loaded support on port[0] = 21
[   50.849933][ T7344] can: request_module (can-proto-0) failed.
[   51.867490][ T7344] can: request_module (can-proto-0) failed.
Warning: Permanently added '10.128.15.213' (ECDSA) to the list of known hosts.
2019/06/05 05:59:42 parsed 1 programs
2019/06/05 05:59:42 executed programs: 0
[   60.224623][ T7432] IPVS: ftp: loaded support on port[0] = 21
[   60.247796][ T7434] IPVS: ftp: loaded support on port[0] = 21
[   60.347947][ T7436] IPVS: ftp: loaded support on port[0] = 21
[   60.404699][ T7440] IPVS: ftp: loaded support on port[0] = 21
[   60.405815][ T7441] IPVS: ftp: loaded support on port[0] = 21
[   60.465723][ T7432] chnl_net:caif_netlink_parms(): no params data found
[   60.492599][ T7442] IPVS: ftp: loaded support on port[0] = 21
[   60.546381][ T7434] chnl_net:caif_netlink_parms(): no params data found
[   60.573330][ T7432] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.580428][ T7432] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.588567][ T7432] device bridge_slave_0 entered promiscuous mode
[   60.596275][ T7432] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.603545][ T7432] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.611222][ T7432] device bridge_slave_1 entered promiscuous mode
[   60.631548][ T7432] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   60.663233][ T7432] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   60.681701][ T7432] team0: Port device team_slave_0 added
[   60.693008][ T7434] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.700059][ T7434] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.707815][ T7434] device bridge_slave_0 entered promiscuous mode
[   60.716629][ T7434] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.723742][ T7434] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.732176][ T7434] device bridge_slave_1 entered promiscuous mode
[   60.739686][ T7432] team0: Port device team_slave_1 added
[   60.775606][ T7434] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   60.819372][ T7434] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   60.892988][ T7432] device hsr_slave_0 entered promiscuous mode
[   60.961910][ T7432] device hsr_slave_1 entered promiscuous mode
[   61.009284][ T7434] team0: Port device team_slave_0 added
[   61.017889][ T7434] team0: Port device team_slave_1 added
[   61.023875][ T7436] chnl_net:caif_netlink_parms(): no params data found
[   61.080331][ T7436] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.087747][ T7436] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.095574][ T7436] device bridge_slave_0 entered promiscuous mode
[   61.104968][ T7436] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.112127][ T7436] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.120222][ T7436] device bridge_slave_1 entered promiscuous mode
[   61.127104][ T7441] chnl_net:caif_netlink_parms(): no params data found
[   61.136132][ T7440] chnl_net:caif_netlink_parms(): no params data found
[   61.183058][ T7434] device hsr_slave_0 entered promiscuous mode
[   61.231187][ T7434] device hsr_slave_1 entered promiscuous mode
[   61.346076][ T7436] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   61.357018][ T7440] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.364555][ T7440] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.372180][ T7440] device bridge_slave_0 entered promiscuous mode
[   61.390757][ T7441] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.398218][ T7441] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.406157][ T7441] device bridge_slave_0 entered promiscuous mode
[   61.414534][ T7436] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   61.422999][ T7440] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.430057][ T7440] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.438250][ T7440] device bridge_slave_1 entered promiscuous mode
[   61.453827][ T7441] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.461566][ T7441] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.469006][ T7441] device bridge_slave_1 entered promiscuous mode
[   61.476731][ T7432] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.483960][ T7432] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.491563][ T7432] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.498623][ T7432] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.523942][ T7436] team0: Port device team_slave_0 added
[   61.529944][ T7442] chnl_net:caif_netlink_parms(): no params data found
[   61.549199][ T7441] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   61.559176][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.566809][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.578016][ T7440] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   61.589072][ T7436] team0: Port device team_slave_1 added
[   61.652175][ T7436] device hsr_slave_0 entered promiscuous mode
[   61.701121][ T7436] device hsr_slave_1 entered promiscuous mode
[   61.742092][ T7441] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   61.752327][ T7440] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   61.790363][ T7442] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.797582][ T7442] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.805139][ T7442] device bridge_slave_0 entered promiscuous mode
[   61.816783][ T7442] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.823870][ T7442] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.831677][ T7442] device bridge_slave_1 entered promiscuous mode
[   61.858235][ T7441] team0: Port device team_slave_0 added
[   61.865223][ T7441] team0: Port device team_slave_1 added
[   61.873218][ T7442] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   61.884066][ T7440] team0: Port device team_slave_0 added
[   61.895957][ T7440] team0: Port device team_slave_1 added
[   61.915323][ T7442] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   61.934314][ T7442] team0: Port device team_slave_0 added
[   61.992337][ T7441] device hsr_slave_0 entered promiscuous mode
[   62.041163][ T7441] device hsr_slave_1 entered promiscuous mode
[   62.090492][ T7442] team0: Port device team_slave_1 added
[   62.132250][ T7440] device hsr_slave_0 entered promiscuous mode
[   62.181261][ T7440] device hsr_slave_1 entered promiscuous mode
[   62.258531][ T7432] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.287024][ T7432] 8021q: adding VLAN 0 to HW filter on device team0
[   62.305619][ T7360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   62.314322][ T7360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   62.374382][ T7442] device hsr_slave_0 entered promiscuous mode
[   62.431348][ T7442] device hsr_slave_1 entered promiscuous mode
[   62.487056][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.495701][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.504683][   T17] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.511769][   T17] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.519323][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.528698][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.537125][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.544186][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.571578][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   62.580005][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   62.589013][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   62.597584][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   62.606145][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   62.627838][ T7432] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   62.638805][ T7432] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   62.653836][ T7434] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.671836][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   62.681140][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   62.689272][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   62.698345][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   62.706773][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   62.715107][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   62.724410][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   62.739766][ T7436] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.767125][ T7432] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.778704][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   62.787173][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   62.795429][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   62.803855][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   62.813405][ T7434] 8021q: adding VLAN 0 to HW filter on device team0
[   62.827915][ T7442] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.836801][ T7436] 8021q: adding VLAN 0 to HW filter on device team0
[   62.845869][ T7441] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.858233][ T7440] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.871341][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.879929][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.888654][ T3004] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.895772][ T3004] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.909107][ T7441] 8021q: adding VLAN 0 to HW filter on device team0
[   62.925498][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   62.935437][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   62.943243][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   62.950682][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   62.959149][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   62.967608][ T3004] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.974673][ T3004] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.982578][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   62.991177][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   62.999374][ T3004] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.006432][ T3004] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.014109][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   63.023165][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   63.031595][ T3004] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.038631][ T3004] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.046234][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   63.054942][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   63.063274][ T3004] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.070301][ T3004] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.077824][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   63.086648][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   63.094961][ T3004] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.102018][ T3004] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.110989][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   63.118792][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   63.126927][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   63.134546][ T3004] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   63.147678][ T7440] 8021q: adding VLAN 0 to HW filter on device team0
[   63.166000][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   63.174095][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   63.182375][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   63.191335][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   63.200344][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   63.209153][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   63.221667][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   63.230074][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   63.241195][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   63.257282][ T7442] 8021q: adding VLAN 0 to HW filter on device team0
[   63.276072][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   63.290779][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   63.300408][ T7450] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.307520][ T7450] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.315338][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   63.323884][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   63.332239][ T7450] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.339289][ T7450] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.346784][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   63.355290][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   63.364240][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   63.376469][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   63.385147][ T7450] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.392239][ T7450] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.399719][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   63.408451][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   63.416746][ T7450] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.423956][ T7450] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.431779][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   63.439543][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   63.459842][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   63.469171][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   63.477756][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   63.486235][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   63.494550][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   63.503360][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   63.511647][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   63.519895][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   63.528321][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   63.536633][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   63.544717][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   63.552788][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   63.561996][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   63.569591][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   63.578643][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   63.609345][ T7436] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   63.632503][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   63.641456][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   63.649804][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   63.659501][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   63.667956][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   63.676326][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   63.691033][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   63.699453][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   63.708896][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   63.717333][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   63.725976][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   63.740287][ T7440] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   63.751216][ T7440] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   63.770346][ T7442] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   63.790667][ T7442] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   63.807574][ T7434] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.815496][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   63.823270][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   63.834760][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   63.843451][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   63.852037][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   63.860115][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   63.868416][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   63.876599][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   63.884854][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   63.893266][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   63.902504][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   63.910598][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   63.918789][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   63.927323][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   63.935355][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   63.943172][ T7450] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   63.956084][ T7436] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.976281][ T7442] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.994768][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   64.005482][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   64.028544][ T7440] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.039076][ T7441] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   64.055040][ T7441] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   64.070300][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   64.089387][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   64.105771][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   64.115280][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   64.124866][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   64.141942][ T7441] 8021q: adding VLAN 0 to HW filter on device batadv0
2019/06/05 05:59:47 executed programs: 46
2019/06/05 05:59:52 executed programs: 278
2019/06/05 05:59:57 executed programs: 508
2019/06/05 06:00:02 executed programs: 746
2019/06/05 06:00:07 executed programs: 991
2019/06/05 06:00:12 executed programs: 1243
2019/06/05 06:00:17 executed programs: 1483
2019/06/05 06:00:22 executed programs: 1733
2019/06/05 06:00:27 executed programs: 1974
2019/06/05 06:00:32 executed programs: 2211
2019/06/05 06:00:37 executed programs: 2452
2019/06/05 06:00:42 executed programs: 2694
2019/06/05 06:00:48 executed programs: 2936
2019/06/05 06:00:53 executed programs: 3175
2019/06/05 06:00:58 executed programs: 3419
2019/06/05 06:01:03 executed programs: 3660
2019/06/05 06:01:08 executed programs: 3900
2019/06/05 06:01:13 executed programs: 4130
2019/06/05 06:01:18 executed programs: 4365
2019/06/05 06:01:23 executed programs: 4607
2019/06/05 06:01:28 executed programs: 4844
2019/06/05 06:01:33 executed programs: 5080
2019/06/05 06:01:38 executed programs: 5320
2019/06/05 06:01:43 executed programs: 5558
2019/06/05 06:01:48 executed programs: 5793
2019/06/05 06:01:53 executed programs: 6033
2019/06/05 06:01:58 executed programs: 6275
2019/06/05 06:02:03 executed programs: 6509
2019/06/05 06:02:08 executed programs: 6739
2019/06/05 06:02:13 executed programs: 6977
2019/06/05 06:02:18 executed programs: 7213
2019/06/05 06:02:23 executed programs: 7455
2019/06/05 06:02:28 executed programs: 7696
2019/06/05 06:02:33 executed programs: 7933
2019/06/05 06:02:38 executed programs: 8159
2019/06/05 06:02:43 executed programs: 8384
2019/06/05 06:02:48 executed programs: 8621
2019/06/05 06:02:53 executed programs: 8855
2019/06/05 06:02:58 executed programs: 9088
2019/06/05 06:03:03 executed programs: 9329
2019/06/05 06:03:08 executed programs: 9574
2019/06/05 06:03:13 executed programs: 9811
2019/06/05 06:03:18 executed programs: 10058
2019/06/05 06:03:23 executed programs: 10301
2019/06/05 06:03:28 executed programs: 10541
2019/06/05 06:03:33 executed programs: 10782
2019/06/05 06:03:38 executed programs: 11023
2019/06/05 06:03:43 executed programs: 11258
2019/06/05 06:03:48 executed programs: 11502
2019/06/05 06:03:53 executed programs: 11742
2019/06/05 06:03:58 executed programs: 11982
2019/06/05 06:04:03 executed programs: 12217
2019/06/05 06:04:08 executed programs: 12453
2019/06/05 06:04:13 executed programs: 12703
2019/06/05 06:04:18 executed programs: 12952
2019/06/05 06:04:23 executed programs: 13192
2019/06/05 06:04:28 executed programs: 13422
2019/06/05 06:04:33 executed programs: 13663
2019/06/05 06:04:38 executed programs: 13901
2019/06/05 06:04:43 executed programs: 14141
2019/06/05 06:04:48 executed programs: 14392
2019/06/05 06:04:53 executed programs: 14638
2019/06/05 06:04:58 executed programs: 14890
2019/06/05 06:05:03 executed programs: 15143
2019/06/05 06:05:08 executed programs: 15396
2019/06/05 06:05:13 executed programs: 15648
2019/06/05 06:05:18 executed programs: 15902
[  400.205392][T21644] ==================================================================
[  400.213747][T21644] BUG: KASAN: use-after-free in refcount_inc_not_zero_checked+0x72/0x160
[  400.222155][T21644] Read of size 4 at addr ffff88809860a1c8 by task syz-executor.3/21644
[  400.230373][T21644] 
[  400.232721][T21644] CPU: 0 PID: 21644 Comm: syz-executor.3 Not tainted 5.2.0-rc2+ #1
[  400.240605][T21644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  400.250704][T21644] Call Trace:
[  400.254027][T21644]  dump_stack+0x113/0x167
[  400.258377][T21644]  print_address_description.cold.5+0x9/0x1ff
[  400.264446][T21644]  ? refcount_inc_not_zero_checked+0x72/0x160
[  400.270500][T21644]  __kasan_report.cold.6+0x1b/0x39
[  400.275593][T21644]  ? refcount_inc_not_zero_checked+0x72/0x160
[  400.281662][T21644]  ? refcount_inc_not_zero_checked+0x72/0x160
[  400.287816][T21644]  kasan_report+0x12/0x20
[  400.292486][T21644]  check_memory_region+0x13e/0x1b0
[  400.297592][T21644]  kasan_check_read+0x11/0x20
[  400.302266][T21644]  refcount_inc_not_zero_checked+0x72/0x160
[  400.308155][T21644]  ? refcount_dec_and_mutex_lock+0x50/0x50
[  400.314009][T21644]  ? css_task_iter_next+0x75/0x140
[  400.319128][T21644]  refcount_inc_checked+0x9/0x30
[  400.324143][T21644]  css_task_iter_next+0xc5/0x140
[  400.329111][T21644]  pidlist_array_load+0x148/0x8d0
[  400.334144][T21644]  ? __mutex_lock+0x51b/0x1210
[  400.338906][T21644]  ? cgroup1_tasks_write+0x10/0x10
[  400.344019][T21644]  cgroup_pidlist_start+0x333/0x530
[  400.349209][T21644]  cgroup_seqfile_start+0xa7/0x100
[  400.354352][T21644]  kernfs_seq_start+0xcc/0x170
[  400.359169][T21644]  seq_read+0x253/0x1000
[  400.363452][T21644]  ? security_file_permission+0x173/0x290
[  400.369163][T21644]  kernfs_fop_read+0xcc/0x4f0
[  400.373859][T21644]  ? rw_verify_area+0xc5/0x2b0
[  400.378633][T21644]  do_iter_read+0x366/0x560
[  400.383123][T21644]  ? dup_iter+0x220/0x220
[  400.387443][T21644]  vfs_readv+0xc9/0x130
[  400.391584][T21644]  ? __fget+0x292/0x420
[  400.395721][T21644]  ? compat_rw_copy_check_uvector+0x330/0x330
[  400.401775][T21644]  ? kasan_check_read+0x11/0x20
[  400.406612][T21644]  ? __fget+0x2af/0x420
[  400.410756][T21644]  ? ksys_dup3+0x2e0/0x2e0
[  400.415156][T21644]  ? kasan_check_read+0x11/0x20
[  400.419992][T21644]  ? __fget_light+0x179/0x1f0
[  400.424665][T21644]  do_preadv+0x158/0x230
[  400.428894][T21644]  ? do_readv+0x2e0/0x2e0
[  400.433263][T21644]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  400.438711][T21644]  ? do_syscall_64+0x21/0x530
[  400.443425][T21644]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  400.449480][T21644]  __x64_sys_preadv+0x95/0xf0
[  400.454148][T21644]  do_syscall_64+0xd0/0x530
[  400.458651][T21644]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  400.464534][T21644] RIP: 0033:0x459279
[  400.468430][T21644] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  400.488023][T21644] RSP: 002b:00007f60b0f29c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  400.496427][T21644] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459279
[  400.504427][T21644] RDX: 0000000000000001 RSI: 0000000020000100 RDI: 0000000000000005
[  400.512388][T21644] RBP: 000000000075c060 R08: 0000000000000000 R09: 0000000000000000
[  400.520351][T21644] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f60b0f2a6d4
[  400.528331][T21644] R13: 00000000004c614c R14: 00000000004da9a8 R15: 00000000ffffffff
[  400.536306][T21644] 
[  400.538678][T21644] Allocated by task 21314:
[  400.543085][T21644]  save_stack+0x21/0x90
[  400.547308][T21644]  __kasan_kmalloc.constprop.8+0xc7/0xd0
[  400.552937][T21644]  kasan_kmalloc+0x9/0x10
[  400.557253][T21644]  kmem_cache_alloc_trace+0x154/0x740
[  400.562616][T21644]  find_css_set+0x5c5/0x1b00
[  400.567188][T21644]  cgroup_migrate_prepare_dst+0xf2/0x6e0
[  400.572801][T21644]  cgroup_attach_task+0x2df/0x630
[  400.577808][T21644]  cgroup_attach_task_all+0xaf/0x120
[  400.583120][T21644]  vhost_attach_cgroups_work+0x39/0x90
[  400.588563][T21644]  vhost_worker+0x251/0x4a0
[  400.593092][T21644]  kthread+0x324/0x3e0
[  400.597144][T21644]  ret_from_fork+0x24/0x30
[  400.601536][T21644] 
[  400.603849][T21644] Freed by task 16:
[  400.607639][T21644]  save_stack+0x21/0x90
[  400.611775][T21644]  __kasan_slab_free+0x102/0x150
[  400.616705][T21644]  kasan_slab_free+0xe/0x10
[  400.621187][T21644]  kfree+0xcf/0x220
[  400.625037][T21644]  rcu_core+0xc8e/0x1430
[  400.629264][T21644]  __do_softirq+0x260/0x958
[  400.633745][T21644] 
[  400.636063][T21644] The buggy address belongs to the object at ffff88809860a000
[  400.636063][T21644]  which belongs to the cache kmalloc-1k of size 1024
[  400.650103][T21644] The buggy address is located 456 bytes inside of
[  400.650103][T21644]  1024-byte region [ffff88809860a000, ffff88809860a400)
[  400.663450][T21644] The buggy address belongs to the page:
[  400.669071][T21644] page:ffffea0002618280 refcount:1 mapcount:0 mapping:ffff8880aa400ac0 index:0xffff88809860ad80 compound_mapcount: 0
[  400.681294][T21644] flags: 0x1fffc0000010200(slab|head)
[  400.686661][T21644] raw: 01fffc0000010200 ffffea000247d908 ffffea0002352c88 ffff8880aa400ac0
[  400.695232][T21644] raw: ffff88809860ad80 ffff88809860a000 0000000100000004 0000000000000000
[  400.703803][T21644] page dumped because: kasan: bad access detected
[  400.710202][T21644] 
[  400.712515][T21644] Memory state around the buggy address:
[  400.718130][T21644]  ffff88809860a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  400.726182][T21644]  ffff88809860a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  400.734233][T21644] >ffff88809860a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  400.742294][T21644]                                               ^
[  400.748696][T21644]  ffff88809860a200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  400.756748][T21644]  ffff88809860a280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  400.764794][T21644] ==================================================================
[  400.772853][T21644] Disabling lock debugging due to kernel taint
[  400.779003][T21644] Kernel panic - not syncing: panic_on_warn set ...
[  400.785582][T21644] CPU: 0 PID: 21644 Comm: syz-executor.3 Tainted: G    B             5.2.0-rc2+ #1
[  400.794839][T21644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  400.804880][T21644] Call Trace:
[  400.808178][T21644]  dump_stack+0x113/0x167
[  400.812511][T21644]  ? refcount_inc_not_zero_checked+0x10/0x160
[  400.818630][T21644]  panic+0x212/0x4cb
[  400.822553][T21644]  ? __warn_printk+0xd6/0xd6
[  400.827149][T21644]  ? lock_downgrade+0x860/0x860
[  400.831985][T21644]  ? _raw_spin_unlock_irqrestore+0x63/0xd0
[  400.837799][T21644]  ? kasan_check_read+0x11/0x20
[  400.842635][T21644]  ? refcount_inc_not_zero_checked+0x72/0x160
[  400.848684][T21644]  end_report+0x47/0x4f
[  400.852819][T21644]  __kasan_report.cold.6+0xe/0x39
[  400.857827][T21644]  ? refcount_inc_not_zero_checked+0x72/0x160
[  400.863878][T21644]  ? refcount_inc_not_zero_checked+0x72/0x160
[  400.869926][T21644]  kasan_report+0x12/0x20
[  400.874239][T21644]  check_memory_region+0x13e/0x1b0
[  400.879347][T21644]  kasan_check_read+0x11/0x20
[  400.884005][T21644]  refcount_inc_not_zero_checked+0x72/0x160
[  400.889878][T21644]  ? refcount_dec_and_mutex_lock+0x50/0x50
[  400.895665][T21644]  ? css_task_iter_next+0x75/0x140
[  400.900769][T21644]  refcount_inc_checked+0x9/0x30
[  400.905692][T21644]  css_task_iter_next+0xc5/0x140
[  400.910617][T21644]  pidlist_array_load+0x148/0x8d0
[  400.915633][T21644]  ? __mutex_lock+0x51b/0x1210
[  400.920387][T21644]  ? cgroup1_tasks_write+0x10/0x10
[  400.925498][T21644]  cgroup_pidlist_start+0x333/0x530
[  400.930680][T21644]  cgroup_seqfile_start+0xa7/0x100
[  400.937989][T21644]  kernfs_seq_start+0xcc/0x170
[  400.945363][T21644]  seq_read+0x253/0x1000
[  400.949598][T21644]  ? security_file_permission+0x173/0x290
[  400.955307][T21644]  kernfs_fop_read+0xcc/0x4f0
[  400.959996][T21644]  ? rw_verify_area+0xc5/0x2b0
[  400.964743][T21644]  do_iter_read+0x366/0x560
[  400.969227][T21644]  ? dup_iter+0x220/0x220
[  400.973539][T21644]  vfs_readv+0xc9/0x130
[  400.977691][T21644]  ? __fget+0x292/0x420
[  400.981837][T21644]  ? compat_rw_copy_check_uvector+0x330/0x330
[  400.987886][T21644]  ? kasan_check_read+0x11/0x20
[  400.992720][T21644]  ? __fget+0x2af/0x420
[  400.996854][T21644]  ? ksys_dup3+0x2e0/0x2e0
[  401.001252][T21644]  ? kasan_check_read+0x11/0x20
[  401.006090][T21644]  ? __fget_light+0x179/0x1f0
[  401.010744][T21644]  do_preadv+0x158/0x230
[  401.014966][T21644]  ? do_readv+0x2e0/0x2e0
[  401.019278][T21644]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  401.024715][T21644]  ? do_syscall_64+0x21/0x530
[  401.029375][T21644]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  401.035433][T21644]  __x64_sys_preadv+0x95/0xf0
[  401.040097][T21644]  do_syscall_64+0xd0/0x530
[  401.044583][T21644]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  401.050454][T21644] RIP: 0033:0x459279
[  401.054331][T21644] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  401.073917][T21644] RSP: 002b:00007f60b0f29c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  401.082317][T21644] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459279
[  401.090276][T21644] RDX: 0000000000000001 RSI: 0000000020000100 RDI: 0000000000000005
[  401.098330][T21644] RBP: 000000000075c060 R08: 0000000000000000 R09: 0000000000000000
[  401.106286][T21644] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f60b0f2a6d4
[  401.114244][T21644] R13: 00000000004c614c R14: 00000000004da9a8 R15: 00000000ffffffff
[  402.227520][T21644] Shutting down cpus with NMI
[  402.233391][T21644] Kernel Offset: disabled
[  402.237742][T21644] Rebooting in 86400 seconds..