[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   59.841235][   T26] audit: type=1800 audit(1567876918.434:25): pid=8501 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   59.886617][   T26] audit: type=1800 audit(1567876918.434:26): pid=8501 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   59.927247][   T26] audit: type=1800 audit(1567876918.434:27): pid=8501 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.43' (ECDSA) to the list of known hosts.
syzkaller login: [   69.651216][ T8655] IPVS: ftp: loaded support on port[0] = 21
[   69.706635][ T8655] chnl_net:caif_netlink_parms(): no params data found
[   69.734216][ T8655] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.742890][ T8655] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.750740][ T8655] device bridge_slave_0 entered promiscuous mode
[   69.759260][ T8655] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.766351][ T8655] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.774579][ T8655] device bridge_slave_1 entered promiscuous mode
[   69.791547][ T8655] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   69.802083][ T8655] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   69.821837][ T8655] team0: Port device team_slave_0 added
[   69.828787][ T8655] team0: Port device team_slave_1 added
[   69.889589][ T8655] device hsr_slave_0 entered promiscuous mode
[   69.927562][ T8655] device hsr_slave_1 entered promiscuous mode
[   69.985371][ T8655] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.992672][ T8655] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.000625][ T8655] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.007709][ T8655] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.041106][ T8655] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.054240][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   70.074919][ T3506] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.083896][ T3506] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.092773][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   70.104179][ T8655] 8021q: adding VLAN 0 to HW filter on device team0
[   70.114556][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   70.123843][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.131359][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.142578][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   70.152240][ T3506] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.159930][ T3506] bridge0: port 2(bridge_slave_1) entered forwarding state
[   70.177026][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   70.186891][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   70.198602][ T3506] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   70.213622][ T8655] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   70.224926][ T8655] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
executing program
[   70.238285][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   70.247039][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   70.255515][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   70.273212][ T8655] 8021q: adding VLAN 0 to HW filter on device batadv0
[   70.308264][ T8655] netlink: 24 bytes leftover after parsing attributes in process `syz-executor139'.
[   70.318734][ T8655] kasan: CONFIG_KASAN_INLINE enabled
[   70.324183][ T8655] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   70.332339][ T8655] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[   70.339288][ T8655] CPU: 0 PID: 8655 Comm: syz-executor139 Not tainted 5.3.0-rc6-next-20190830 #75
[   70.348805][ T8655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   70.359042][ T8655] RIP: 0010:__list_del_entry_valid+0x85/0xf5
[   70.365126][ T8655] Code: 0f 84 e1 00 00 00 48 b8 22 01 00 00 00 00 ad de 49 39 c4 0f 84 e2 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 53 49 8b 14 24 4c 39 f2 0f 85 99 00 00 00 49 8d 7d
[   70.384918][ T8655] RSP: 0018:ffff88809fd17450 EFLAGS: 00010246
[   70.391075][ T8655] RAX: dffffc0000000000 RBX: ffff888092364000 RCX: ffffffff81597aca
[   70.399042][ T8655] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff888092364368
[   70.407128][ T8655] RBP: ffff88809fd17468 R08: 0000000000000004 R09: ffffed1013fa2e7d
[   70.415214][ T8655] R10: ffffed1013fa2e7c R11: 0000000000000003 R12: 0000000000000000
[   70.423504][ T8655] R13: 0000000000000000 R14: ffff888092364360 R15: ffff8880923642c0
[   70.431478][ T8655] FS:  00005555557c8880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   70.440388][ T8655] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   70.448341][ T8655] CR2: 0000000020000610 CR3: 00000000980b1000 CR4: 00000000001406f0
[   70.456293][ T8655] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   70.464242][ T8655] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   70.472300][ T8655] Call Trace:
[   70.475582][ T8655]  cbs_destroy+0x7d/0x2a0
[   70.479902][ T8655]  ? cbs_init+0x25d/0x450
[   70.484599][ T8655]  ? cbs_dequeue_soft+0x4b0/0x4b0
[   70.489703][ T8655]  qdisc_create+0xbc6/0x1210
[   70.494727][ T8655]  ? tc_get_qdisc+0xc10/0xc10
[   70.499971][ T8655]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.506478][ T8655]  tc_modify_qdisc+0x524/0x1c50
[   70.511326][ T8655]  ? qdisc_create+0x1210/0x1210
[   70.516278][ T8655]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   70.522516][ T8655]  ? qdisc_create+0x1210/0x1210
[   70.527346][ T8655]  rtnetlink_rcv_msg+0x463/0xb00
[   70.532615][ T8655]  ? rtnetlink_put_metrics+0x590/0x590
[   70.538140][ T8655]  ? netlink_deliver_tap+0x22d/0xbf0
[   70.543413][ T8655]  ? find_held_lock+0x35/0x130
[   70.548300][ T8655]  netlink_rcv_skb+0x177/0x450
[   70.553142][ T8655]  ? rtnetlink_put_metrics+0x590/0x590
[   70.558579][ T8655]  ? netlink_ack+0xb50/0xb50
[   70.563173][ T8655]  ? __kasan_check_read+0x11/0x20
[   70.568389][ T8655]  ? netlink_deliver_tap+0x254/0xbf0
[   70.573782][ T8655]  rtnetlink_rcv+0x1d/0x30
[   70.578297][ T8655]  netlink_unicast+0x531/0x710
[   70.583053][ T8655]  ? netlink_attachskb+0x7c0/0x7c0
[   70.588159][ T8655]  ? _copy_from_iter_full+0x25d/0x8c0
[   70.593513][ T8655]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[   70.599213][ T8655]  ? __check_object_size+0x3d/0x437
[   70.604741][ T8655]  netlink_sendmsg+0x8a5/0xd60
[   70.609488][ T8655]  ? netlink_unicast+0x710/0x710
[   70.614941][ T8655]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[   70.620659][ T8655]  ? apparmor_socket_sendmsg+0x2a/0x30
[   70.626109][ T8655]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.633426][ T8655]  ? security_socket_sendmsg+0x8d/0xc0
[   70.638959][ T8655]  ? netlink_unicast+0x710/0x710
[   70.643885][ T8655]  sock_sendmsg+0xd7/0x130
[   70.648375][ T8655]  ___sys_sendmsg+0x803/0x920
[   70.653030][ T8655]  ? copy_msghdr_from_user+0x440/0x440
[   70.659512][ T8655]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   70.666068][ T8655]  ? tomoyo_path_number_perm+0x263/0x520
[   70.671699][ T8655]  ? sock_ioctl+0x489/0x780
[   70.676190][ T8655]  ? dlci_ioctl_set+0x40/0x40
[   70.680901][ T8655]  ? __do_page_fault+0x56a/0xdd0
[   70.685818][ T8655]  ? dlci_ioctl_set+0x40/0x40
[   70.690666][ T8655]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.697182][ T8655]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   70.703426][ T8655]  ? __fget_light+0x1a9/0x230
[   70.708083][ T8655]  ? __fdget+0x1b/0x20
[   70.712196][ T8655]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   70.718553][ T8655]  __sys_sendmsg+0x105/0x1d0
[   70.723124][ T8655]  ? __sys_sendmsg_sock+0xd0/0xd0
[   70.728132][ T8655]  ? trace_hardirqs_on_thunk+0x1a/0x20
[   70.733744][ T8655]  ? do_syscall_64+0x26/0x760
[   70.738400][ T8655]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.744443][ T8655]  ? do_syscall_64+0x26/0x760
[   70.749108][ T8655]  __x64_sys_sendmsg+0x78/0xb0
[   70.753855][ T8655]  do_syscall_64+0xfa/0x760
[   70.758337][ T8655]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   70.764723][ T8655] RIP: 0033:0x441b59
[   70.768774][ T8655] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   70.788497][ T8655] RSP: 002b:00007ffceb8fa478 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   70.796956][ T8655] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000441b59
[   70.804940][ T8655] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
[   70.813204][ T8655] RBP: 00007ffceb8fa490 R08: 0000000001bbbbbb R09: 0000000001bbbbbb
[   70.821156][ T8655] R10: 0000000001bbbbbb R11: 0000000000000246 R12: 0000000000000000
[   70.829186][ T8655] R13: 00000000004030f0 R14: 0000000000000000 R15: 0000000000000000
[   70.837334][ T8655] Modules linked in:
[   70.842002][ T8655] ---[ end trace cf2093add11f5228 ]---
[   70.847519][ T8655] RIP: 0010:__list_del_entry_valid+0x85/0xf5
[   70.853501][ T8655] Code: 0f 84 e1 00 00 00 48 b8 22 01 00 00 00 00 ad de 49 39 c4 0f 84 e2 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 53 49 8b 14 24 4c 39 f2 0f 85 99 00 00 00 49 8d 7d
[   70.873237][ T8655] RSP: 0018:ffff88809fd17450 EFLAGS: 00010246
[   70.879537][ T8655] RAX: dffffc0000000000 RBX: ffff888092364000 RCX: ffffffff81597aca
[   70.887528][ T8655] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff888092364368
[   70.895659][ T8655] RBP: ffff88809fd17468 R08: 0000000000000004 R09: ffffed1013fa2e7d
[   70.903750][ T8655] R10: ffffed1013fa2e7c R11: 0000000000000003 R12: 0000000000000000
[   70.911753][ T8655] R13: 0000000000000000 R14: ffff888092364360 R15: ffff8880923642c0
[   70.919838][ T8655] FS:  00005555557c8880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   70.928978][ T8655] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   70.935544][ T8655] CR2: 0000000020000610 CR3: 00000000980b1000 CR4: 00000000001406f0
[   70.943543][ T8655] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   70.951678][ T8655] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   70.959670][ T8655] Kernel panic - not syncing: Fatal exception
[   70.967405][ T8655] Kernel Offset: disabled
[   70.971734][ T8655] Rebooting in 86400 seconds..