[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   29.050017] sshd (5968) used greatest stack depth: 15992 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   29.314893] kauditd_printk_skb: 8 callbacks suppressed
[   29.314906] audit: type=1800 audit(1544351619.996:29): pid=5901 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   29.342033] audit: type=1800 audit(1544351620.006:30): pid=5901 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   35.080579] sshd (6040) used greatest stack depth: 15744 bytes left
Warning: Permanently added '10.128.0.149' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz_tun.accept_dad = 0
[  198.168577] IPVS: ftp: loaded support on port[0] = 21
net.ipv6.conf.syz_tun.router_solicitations = 0
[  198.419886] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.426828] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.434084] device bridge_slave_0 entered promiscuous mode
[  198.453146] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.460096] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.467139] device bridge_slave_1 entered promiscuous mode
[  198.484904] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  198.502900] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  198.550805] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  198.571247] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  198.649569] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  198.657080] team0: Port device team_slave_0 added
[  198.673649] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  198.681006] team0: Port device team_slave_1 added
[  198.699034] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  198.718310] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  198.738553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  198.758567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[  198.905790] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.912357] bridge0: port 2(bridge_slave_1) entered forwarding state
[  198.919414] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.925858] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[  199.440717] 8021q: adding VLAN 0 to HW filter on device bond0
[  199.493116] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  199.545660] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  199.551840] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  199.560257] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  199.608899] 8021q: adding VLAN 0 to HW filter on device team0
[  199.742931] list_del corruption. prev->next should be ffff8881c0a54730, but was ffff8881cc04aff0
[  199.752366] ------------[ cut here ]------------
[  199.757171] kernel BUG at lib/list_debug.c:53!
[  199.761808] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  199.767211] CPU: 0 PID: 6286 Comm: ip Not tainted 4.20.0-rc4+ #334
[  199.773631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  199.783003] RIP: 0010:__list_del_entry_valid.cold.1+0x48/0x4a
[  199.788885] Code: d6 60 88 e8 b2 fd d1 fd 0f 0b 48 89 de 48 c7 c7 40 d8 60 88 e8 a1 fd d1 fd 0f 0b 48 89 de 48 c7 c7 e0 d7 60 88 e8 90 fd d1 fd <0f> 0b 48 89 d9 48 c7 c7 a0 d8 60 88 e8 7f fd d1 fd 0f 0b 48 89 f1
[  199.807836] RSP: 0018:ffff8881be50e740 EFLAGS: 00010282
[  199.813194] RAX: 0000000000000054 RBX: ffff8881c0a54730 RCX: 0000000000000000
[  199.820454] RDX: 0000000000000000 RSI: ffffffff8165eae5 RDI: 0000000000000005
[  199.827715] RBP: ffff8881be50e758 R08: ffff8881bbc9a600 R09: ffffed103b5c5020
[  199.834974] R10: ffffed103b5c5020 R11: ffff8881dae28107 R12: ffff8881c0a55930
[  199.842239] R13: ffff8881c020b030 R14: ffff8881be50e860 R15: 1ffff11037ca1cf4
[  199.849504] FS:  00007f10ceb28700(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000
[  199.857747] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  199.863624] CR2: 000000000063f210 CR3: 00000001d8622000 CR4: 00000000001406f0
[  199.870888] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  199.878148] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  199.885647] Call Trace:
[  199.888236]  neigh_mark_dead+0x13b/0x410
[  199.892339]  ? zap_class+0x640/0x640
[  199.896052]  ? neigh_change_state+0x680/0x680
[  199.900552]  ? kasan_check_read+0x11/0x20
[  199.904714]  ? do_raw_write_lock+0x14f/0x310
[  199.909134]  ? do_raw_read_unlock+0x70/0x70
[  199.913449]  ? __lock_is_held+0xb5/0x140
[  199.917509]  neigh_flush_dev+0x3a1/0x960
[  199.921591]  ? neigh_changeaddr+0x24/0x40
[  199.925786]  ? __neigh_for_each_release+0x4f0/0x4f0
[  199.930815]  ? do_raw_read_unlock+0x70/0x70
[  199.935132]  ? net_to_rxe+0xe1/0x110
[  199.938846]  neigh_changeaddr+0x31/0x40
[  199.942817]  ndisc_netdev_event+0xe6/0x5b0
[  199.947066]  ? ndisc_send_unsol_na+0x500/0x500
[  199.951647]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  199.957195]  ? netconsole_netdev_event+0x7d/0x280
[  199.962037]  notifier_call_chain+0x17e/0x380
[  199.966440]  ? unregister_die_notifier+0x20/0x20
[  199.971192]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  199.976724]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  199.982251]  ? rtnl_is_locked+0xb5/0xf0
[  199.986220]  ? rtnl_trylock+0x20/0x20
[  199.990022]  raw_notifier_call_chain+0x2d/0x40
[  199.994598]  call_netdevice_notifiers_info+0x3f/0x90
[  199.999697]  dev_set_mac_address+0x293/0x3b0
[  200.004104]  ? netdev_state_change+0x1a0/0x1a0
[  200.008690]  do_setlink+0x7c7/0x3f30
[  200.012402]  ? print_usage_bug+0xc0/0xc0
[  200.016461]  ? validate_linkmsg+0xa50/0xa50
[  200.020772]  ? __this_cpu_preempt_check+0x1c/0x20
[  200.025599]  ? mark_held_locks+0x130/0x130
[  200.029838]  ? mark_held_locks+0x130/0x130
[  200.034074]  ? __sanitizer_cov_trace_switch+0x53/0x90
[  200.039261]  ? validate_nla+0x29a/0x1650
[  200.043352]  ? nla_memcmp+0x90/0x90
[  200.046990]  ? mark_held_locks+0x130/0x130
[  200.051222]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  200.056755]  ? rtnl_is_locked+0xb5/0xf0
[  200.060727]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  200.065734]  ? validate_linkmsg+0x271/0xa50
[  200.070052]  ? rtnl_stats_dump+0xd70/0xd70
[  200.074279]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  200.079807]  ? netdev_master_upper_dev_get+0x173/0x250
[  200.085078]  ? __nla_parse+0x12c/0x3e0
[  200.088957]  ? netdev_has_any_upper_dev+0x170/0x170
[  200.093984]  __rtnl_newlink+0xcde/0x19e0
[  200.098074]  ? rtnl_link_unregister+0x390/0x390
[  200.102815]  ? rcu_softirq_qs+0x20/0x20
[  200.106777]  ? rcu_softirq_qs+0x20/0x20
[  200.110788]  ? unwind_dump+0x190/0x190
[  200.114687]  ? is_bpf_text_address+0xd3/0x170
[  200.119176]  ? kernel_text_address+0x79/0xf0
[  200.123589]  ? __kernel_text_address+0xd/0x40
[  200.128077]  ? unwind_get_return_address+0x61/0xa0
[  200.132998]  ? __save_stack_trace+0x8d/0xf0
[  200.137349]  ? save_stack+0xa9/0xd0
[  200.140973]  ? save_stack+0x43/0xd0
[  200.144593]  ? kasan_kmalloc+0xc7/0xe0
[  200.148495]  ? kmem_cache_alloc_trace+0x152/0x750
[  200.153357]  ? rtnl_newlink+0x4d/0xa0
[  200.157149]  ? rtnetlink_rcv_msg+0x46a/0xc20
[  200.161570]  ? netlink_rcv_skb+0x172/0x440
[  200.165810]  ? rtnetlink_rcv+0x1c/0x20
[  200.169696]  ? netlink_unicast+0x5a5/0x760
[  200.173927]  ? netlink_sendmsg+0xa18/0xfc0
[  200.178188]  ? rtnl_newlink+0x4d/0xa0
[  200.181986]  ? rcu_read_lock_sched_held+0x14f/0x180
[  200.186999]  ? kmem_cache_alloc_trace+0x353/0x750
[  200.191837]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[  200.197110]  ? ns_capable_common+0x13f/0x170
[  200.201511]  ? rcu_softirq_qs+0x20/0x20
[  200.205513]  rtnl_newlink+0x6b/0xa0
[  200.209143]  ? __rtnl_newlink+0x19e0/0x19e0
[  200.213460]  rtnetlink_rcv_msg+0x46a/0xc20
[  200.217712]  ? rtnl_fdb_dump+0xd00/0xd00
[  200.221779]  netlink_rcv_skb+0x172/0x440
[  200.225852]  ? rtnl_fdb_dump+0xd00/0xd00
[  200.229966]  ? netlink_ack+0xb80/0xb80
[  200.233873]  rtnetlink_rcv+0x1c/0x20
[  200.237580]  netlink_unicast+0x5a5/0x760
[  200.241670]  ? netlink_attachskb+0x9a0/0x9a0
[  200.246093]  ? aa_sk_perm+0x22b/0x8e0
[  200.249891]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  200.254907]  netlink_sendmsg+0xa18/0xfc0
[  200.258968]  ? netlink_unicast+0x760/0x760
[  200.263199]  ? aa_sock_msg_perm.isra.14+0xba/0x160
[  200.268147]  ? apparmor_socket_sendmsg+0x29/0x30
[  200.272898]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  200.278434]  ? security_socket_sendmsg+0x94/0xc0
[  200.283187]  ? netlink_unicast+0x760/0x760
[  200.287417]  sock_sendmsg+0xd5/0x120
[  200.291127]  ___sys_sendmsg+0x7fd/0x930
[  200.295100]  ? copy_msghdr_from_user+0x580/0x580
[  200.299855]  ? zap_class+0x640/0x640
[  200.303568]  ? zap_class+0x640/0x640
[  200.307296]  ? zap_class+0x640/0x640
[  200.311039]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  200.316572]  ? __fget_light+0x2e9/0x430
[  200.320549]  ? fget_raw+0x20/0x20
[  200.324020]  ? __do_page_fault+0x620/0xe60
[  200.328253]  ? lock_downgrade+0x900/0x900
[  200.332398]  ? rcu_read_unlock_special+0x1c0/0x1c0
[  200.337320]  ? kasan_check_read+0x11/0x20
[  200.341466]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  200.347002]  ? sockfd_lookup_light+0xc5/0x160
[  200.351517]  __sys_sendmsg+0x11d/0x280
[  200.355427]  ? __ia32_sys_shutdown+0x80/0x80
[  200.359831]  ? up_read_non_owner+0x100/0x100
[  200.364253]  ? do_syscall_64+0x9a/0x820
[  200.368243]  ? do_syscall_64+0x9a/0x820
[  200.372217]  ? trace_hardirqs_off_caller+0x310/0x310
[  200.377321]  __x64_sys_sendmsg+0x78/0xb0
[  200.381394]  do_syscall_64+0x1b9/0x820
[  200.385291]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  200.390663]  ? syscall_return_slowpath+0x5e0/0x5e0
[  200.395634]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  200.400468]  ? trace_hardirqs_on_caller+0x310/0x310
[  200.405488]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  200.410508]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  200.416067]  ? prepare_exit_to_usermode+0x291/0x3b0
[  200.421080]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  200.425920]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  200.431099] RIP: 0033:0x7f10ce249320
[  200.434810] Code: 02 48 83 c8 ff eb 8d 48 8b 05 14 7b 2a 00 f7 da 64 89 10 48 83 c8 ff eb c9 90 83 3d d5 d2 2a 00 00 75 10 b8 2e 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e ba 00 00 48 89 04 24
[  200.453705] RSP: 002b:00007ffe0bac1ca8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  200.461410] RAX: ffffffffffffffda RBX: 00007ffe0bac5da0 RCX: 00007f10ce249320
[  200.468672] RDX: 0000000000000000 RSI: 00007ffe0bac1ce0 RDI: 0000000000000003
[  200.475932] RBP: 00007ffe0bac1ce0 R08: 0000000000000000 R09: 000000000000000d
[  200.483210] R10: 0000000000000000 R11: 0000000000000246 R12: 000000005c0cf030
[  200.490481] R13: 0000000000000000 R14: 00000000006395c0 R15: 00007ffe0bac6580
[  200.497750] Modules linked in:
[  200.501022] ---[ end trace 43716d7620348e25 ]---
[  200.505821] RIP: 0010:__list_del_entry_valid.cold.1+0x48/0x4a
[  200.511722] Code: d6 60 88 e8 b2 fd d1 fd 0f 0b 48 89 de 48 c7 c7 40 d8 60 88 e8 a1 fd d1 fd 0f 0b 48 89 de 48 c7 c7 e0 d7 60 88 e8 90 fd d1 fd <0f> 0b 48 89 d9 48 c7 c7 a0 d8 60 88 e8 7f fd d1 fd 0f 0b 48 89 f1
[  200.530689] RSP: 0018:ffff8881be50e740 EFLAGS: 00010282
[  200.536063] RAX: 0000000000000054 RBX: ffff8881c0a54730 RCX: 0000000000000000
[  200.543344] RDX: 0000000000000000 RSI: ffffffff8165eae5 RDI: 0000000000000005
[  200.550629] RBP: ffff8881be50e758 R08: ffff8881bbc9a600 R09: ffffed103b5c5020
[  200.557911] R10: ffffed103b5c5020 R11: ffff8881dae28107 R12: ffff8881c0a55930
[  200.565174] R13: ffff8881c020b030 R14: ffff8881be50e860 R15: 1ffff11037ca1cf4
[  200.572824] FS:  00007f10ceb28700(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000
[  200.581207] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  200.587103] CR2: 000000000063f210 CR3: 00000001d8622000 CR4: 00000000001406f0
[  200.594393] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  200.601682] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  200.608964] Kernel panic - not syncing: Fatal exception in interrupt
[  200.616612] Kernel Offset: disabled
[  200.620250] Rebooting in 86400 seconds..