[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   29.126789] kauditd_printk_skb: 7 callbacks suppressed
[   29.126801] audit: type=1800 audit(1542639706.312:29): pid=5902 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   29.160765] audit: type=1800 audit(1542639706.312:30): pid=5902 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.24' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz_tun.accept_dad = 0
net.ipv6.conf.syz_tun.router_solicitations = 0
syzkaller login: [   36.893221] IPVS: ftp: loaded support on port[0] = 21
[   37.150619] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.157397] bridge0: port 1(bridge_slave_0) entered disabled state
[   37.164710] device bridge_slave_0 entered promiscuous mode
[   37.184418] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.190833] bridge0: port 2(bridge_slave_1) entered disabled state
[   37.197792] device bridge_slave_1 entered promiscuous mode
[   37.215537] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   37.233540] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   37.283201] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   37.303204] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   37.379387] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   37.386726] team0: Port device team_slave_0 added
[   37.403474] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   37.410802] team0: Port device team_slave_1 added
[   37.428240] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   37.447374] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   37.467704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   37.487120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   37.633917] bridge0: port 2(bridge_slave_1) entered blocking state
[   37.640366] bridge0: port 2(bridge_slave_1) entered forwarding state
[   37.647168] bridge0: port 1(bridge_slave_0) entered blocking state
[   37.653574] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   38.185838] 8021q: adding VLAN 0 to HW filter on device bond0
[   38.238725] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   38.289764] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[   38.295893] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   38.305045] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   38.355640] 8021q: adding VLAN 0 to HW filter on device team0
executing program
[   38.649259] ==================================================================
[   38.649419] kasan: CONFIG_KASAN_INLINE enabled
[   38.656966] BUG: KASAN: use-after-free in tick_sched_handle+0x16c/0x180
[   38.656988] Read of size 8 at addr ffff8881c0895a30 by task syz-executor949/6058
[   38.661705] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   38.668384] 
[   38.668402] CPU: 0 PID: 6058 Comm: syz-executor949 Not tainted 4.20.0-rc2+ #303
[   38.679525] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[   38.683295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   38.684918] CPU: 1 PID: 2938 Comm: kworker/1:2 Not tainted 4.20.0-rc2+ #303
[   38.692341] Call Trace:
[   38.698558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   38.707896]  <IRQ>
[   38.714988] Workqueue: ipv6_addrconf addrconf_dad_work
[   38.717583]  dump_stack+0x244/0x39d
[   38.726915] RIP: 0010:skb_set_owner_w+0xb4/0x320
[   38.729049]  ? dump_stack_print_info.cold.1+0x20/0x20
[   38.734322] Code: ff df 48 c1 ea 03 80 3c 02 00 0f 85 30 02 00 00 49 8d 7c 24 12 4c 89 63 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 cd 01 00 00
[   38.737931]  ? printk+0xa7/0xcf
[   38.742663] RSP: 0018:ffff8881cb9274a8 EFLAGS: 00010203
[   38.747843]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   38.766858] RAX: dffffc0000000000 RBX: ffff8881c2cf4bc0 RCX: ffffffff86273988
[   38.770129]  print_address_description.cold.7+0x9/0x1ff
[   38.775486] RDX: 000000000000000e RSI: ffffffff8625bddf RDI: 0000000000000074
[   38.780228]  kasan_report.cold.8+0x242/0x309
[   38.787483] RBP: ffff8881cb9274d0 R08: ffff8881cb98e280 R09: ffffed103701800c
[   38.792848]  ? tick_sched_handle+0x16c/0x180
[   38.800098] R10: ffffed103701800c R11: ffff8881b80c0063 R12: 0000000000000062
[   38.804492]  __asan_report_load8_noabort+0x14/0x20
[   38.811746] R13: ffff8881c2cf4bd8 R14: ffff8881c2cf4c20 R15: 0000000000000020
[   38.816141]  tick_sched_handle+0x16c/0x180
[   38.823394] FS:  0000000000000000(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000
[   38.828321]  tick_sched_timer+0x45/0x130
[   38.835583] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   38.839804]  __hrtimer_run_queues+0x41c/0x10d0
[   38.848012] CR2: 00007fff57a32ff8 CR3: 00000001cb905000 CR4: 00000000001406e0
[   38.852067]  ? tick_sched_do_timer+0x1a0/0x1a0
[   38.857947] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   38.862547]  ? hrtimer_start_range_ns+0xe00/0xe00
[   38.869797] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   38.874368]  ? pvclock_read_flags+0x160/0x160
[   38.881607] Call Trace:
[   38.886459]  ? trace_hardirqs_on+0x310/0x310
[   38.893713]  ndisc_alloc_skb+0x284/0x340
[   38.898183]  ? kvm_clock_read+0x18/0x30
[   38.900747]  ndisc_send_ns+0x194/0x8e0
[   38.905150]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   38.909215]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   38.913172]  ? ktime_get_update_offsets_now+0x3b3/0x540
[   38.917042]  ? ndisc_netdev_event+0x5b0/0x5b0
[   38.922037]  ? do_timer+0x50/0x50
[   38.926602]  ? trace_hardirqs_off_caller+0x310/0x310
[   38.931951]  ? rwlock_bug.part.2+0x90/0x90
[   38.936432]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   38.939869]  ? trace_hardirqs_on+0x310/0x310
[   38.944961]  ? check_preemption_disabled+0x48/0x280
[   38.949173]  ? rcu_softirq_qs+0x20/0x20
[   38.954691]  ? addrconf_dad_work+0xab8/0x1310
[   38.959106]  hrtimer_interrupt+0x313/0x780
[   38.964118]  ? addrconf_dad_work+0xab8/0x1310
[   38.968089]  smp_apic_timer_interrupt+0x1a1/0x760
[   38.972574]  addrconf_dad_work+0xbf2/0x1310
[   38.976793]  ? smp_call_function_single_interrupt+0x650/0x650
[   38.981273]  ? addrconf_ifdown+0x1650/0x1650
[   38.986107]  ? interrupt_entry+0xb5/0xc0
[   38.990411]  ? __lock_is_held+0xb5/0x140
[   38.996278]  ? trace_hardirqs_off_caller+0xbb/0x310
[   39.000681]  process_one_work+0xc90/0x1c40
[   39.004718]  ? trace_hardirqs_off_caller+0xbb/0x310
[   39.008787]  ? mark_held_locks+0x130/0x130
[   39.013791]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.018009]  ? pwq_dec_nr_in_flight+0x4a0/0x4a0
[   39.023005]  ? trace_hardirqs_on_caller+0x310/0x310
[   39.027218]  ? __switch_to_asm+0x40/0x70
[   39.032098]  ? trace_hardirqs_on_caller+0x310/0x310
[   39.036750]  ? __switch_to_asm+0x34/0x70
[   39.041750]  ? task_prio+0x50/0x50
[   39.045794]  ? __switch_to_asm+0x34/0x70
[   39.050797]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.054842]  ? __switch_to_asm+0x40/0x70
[   39.058399]  ? check_preemption_disabled+0x48/0x280
[   39.062439]  ? __switch_to_asm+0x34/0x70
[   39.067960]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.071999]  ? __switch_to_asm+0x40/0x70
[   39.076999]  apic_timer_interrupt+0xf/0x20
[   39.081040]  ? __switch_to_asm+0x34/0x70
[   39.085858]  </IRQ>
[   39.089905]  ? __switch_to_asm+0x40/0x70
[   39.094140] 
[   39.098194]  ? __schedule+0x8d7/0x21d0
[   39.100424] Allocated by task 3230256160:
[   39.104480]  ? lock_downgrade+0x900/0x900
[   39.118216]  ? zap_class+0x640/0x640
[   39.121928]  ? zap_class+0x640/0x640
[   39.125646]  ? find_held_lock+0x36/0x1c0
[   39.129717]  ? lock_acquire+0x1ed/0x520
[   39.133689]  ? worker_thread+0x3e0/0x1390
[   39.137845]  ? kasan_check_read+0x11/0x20
[   39.142008]  ? do_raw_spin_lock+0x14f/0x350
[   39.146390]  ? kasan_check_read+0x11/0x20
[   39.150535]  ? rwlock_bug.part.2+0x90/0x90
[   39.154772]  ? trace_hardirqs_on+0x310/0x310
[   39.159185]  worker_thread+0x17f/0x1390
[   39.163157]  ? __switch_to_asm+0x34/0x70
[   39.167232]  ? __switch_to_asm+0x40/0x70
[   39.171298]  ? __switch_to_asm+0x34/0x70
[   39.175362]  ? process_one_work+0x1c40/0x1c40
[   39.179859]  ? zap_class+0x640/0x640
[   39.183574]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   39.188334]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   39.192926]  ? retint_kernel+0x2d/0x2d
[   39.196852]  ? __kthread_parkme+0xce/0x1a0
[   39.201097]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[   39.206193]  ? _raw_spin_unlock_irqrestore+0x82/0xd0
[   39.211323]  ? lockdep_hardirqs_on+0x3bb/0x5b0
[   39.215908]  ? trace_hardirqs_on+0xbd/0x310
[   39.220233]  ? kasan_check_read+0x11/0x20
[   39.224383]  ? __kthread_parkme+0xce/0x1a0
[   39.228633]  ? trace_hardirqs_off_caller+0x310/0x310
[   39.233733]  ? trace_hardirqs_off_caller+0x310/0x310
[   39.238841]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[   39.243943]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   39.249476]  ? __kthread_parkme+0xfb/0x1a0
[   39.253709]  ? process_one_work+0x1c40/0x1c40
[   39.258216]  kthread+0x35a/0x440
[   39.261581]  ? kthread_stop+0x900/0x900
[   39.265552]  ret_from_fork+0x3a/0x50
[   39.269264] Modules linked in:
[   39.272484] BUG: unable to handle kernel paging request at ffffffff8caa3e08
[   39.275518] ---[ end trace 6c1017c956f17b9c ]---
[   39.279588] PGD 946d067 P4D 946d067 PUD 946e063 PMD 0 
[   39.279606] Thread overran stack, or stack corrupted
[   39.279622] Oops: 0000 [#2] PREEMPT SMP KASAN
[   39.284376] RIP: 0010:skb_set_owner_w+0xb4/0x320
[   39.289643] CPU: 0 PID: 6058 Comm: syz-executor949 Tainted: G      D           4.20.0-rc2+ #303
[   39.289651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   39.289666] RIP: 0010:depot_fetch_stack+0x10/0x30
[   39.289683] Code: 89 e8 44 96 1c fe e9 87 fd ff ff e8 8a b0 a2 fd 90 90 90 90 90 90 90 90 90 90 89 f8 c1 ef 11 25 ff ff 1f 00 81 e7 f0 3f 00 00 <48> 03 3c c5 00 fa ad 8b 8b 47 0c 48 83 c7 18 c7 46 10 00 00 00 00
[   39.297237] Code: ff df 48 c1 ea 03 80 3c 02 00 0f 85 30 02 00 00 49 8d 7c 24 12 4c 89 63 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 cd 01 00 00
[   39.299239] RSP: 0018:ffff8881dae07a38 EFLAGS: 00010006
[   39.299250] RAX: 00000000001f8881 RBX: ffff8881c089cb84 RCX: 0000000000000000
[   39.299257] RDX: 0000000000000000 RSI: ffff8881dae07a40 RDI: 0000000000003ff0
[   39.299265] RBP: ffff8881dae07a68 R08: ffff8881c1da0080 R09: ffffed103b5c3ef8
[   39.299278] R10: ffffed103b5c3ef8 R11: ffff8881dae1f7c7 R12: ffffea0007022400
[   39.304141] RSP: 0018:ffff8881cb9274a8 EFLAGS: 00010203
[   39.312845] R13: ffff8881c0894b80 R14: ffff8881da802380 R15: ffff8881c089cb80
[   39.312856] FS:  000000000137f880(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000
[   39.312865] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   39.312878] CR2: ffffffff8caa3e08 CR3: 00000001c3bee000 CR4: 00000000001406f0
[   39.323745] RAX: dffffc0000000000 RBX: ffff8881c2cf4bc0 RCX: ffffffff86273988
[   39.327049] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   39.346150] RDX: 000000000000000e RSI: ffffffff8625bddf RDI: 0000000000000074
[   39.364827] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   39.364832] Call Trace:
[   39.364838]  <IRQ>
[   39.364854]  ? print_track.isra.4+0x3b/0x6f
[   39.364871]  print_address_description.cold.7+0x15b/0x1ff
[   39.370463] RBP: ffff8881cb9274d0 R08: ffff8881cb98e280 R09: ffffed103701800c
[   39.377485]  kasan_report.cold.8+0x242/0x309
[   39.384927] R10: ffffed103701800c R11: ffff8881b80c0063 R12: 0000000000000062
[   39.392002]  ? tick_sched_handle+0x16c/0x180
[   39.392018]  __asan_report_load8_noabort+0x14/0x20
[   39.392036]  tick_sched_handle+0x16c/0x180
[   39.399505] R13: ffff8881c2cf4bd8 R14: ffff8881c2cf4c20 R15: 0000000000000020
[   39.404653]  tick_sched_timer+0x45/0x130
[   39.412124] FS:  0000000000000000(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000
[   39.420122]  __hrtimer_run_queues+0x41c/0x10d0
[   39.420140]  ? tick_sched_do_timer+0x1a0/0x1a0
[   39.420157]  ? hrtimer_start_range_ns+0xe00/0xe00
[   39.426185] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   39.433362]  ? pvclock_read_flags+0x160/0x160
[   39.433382]  ? trace_hardirqs_on+0x310/0x310
[   39.441575] CR2: ffffffffff600400 CR3: 00000001cb905000 CR4: 00000000001406e0
[   39.447905]  ? kvm_clock_read+0x18/0x30
[   39.455437] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   39.462417]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   39.462445]  ? ktime_get_update_offsets_now+0x3b3/0x540
[   39.462460]  ? do_timer+0x50/0x50
[   39.465716] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   39.467197]  ? rwlock_bug.part.2+0x90/0x90
[   39.471674] Kernel panic - not syncing: Fatal exception
[   39.477020]  ? trace_hardirqs_on+0x310/0x310
[   39.611060]  ? rcu_softirq_qs+0x20/0x20
[   39.615036]  hrtimer_interrupt+0x313/0x780
[   39.619276]  smp_apic_timer_interrupt+0x1a1/0x760
[   39.624128]  ? smp_call_function_single_interrupt+0x650/0x650
[   39.630012]  ? interrupt_entry+0xb5/0xc0
[   39.634072]  ? trace_hardirqs_off_caller+0xbb/0x310
[   39.639097]  ? trace_hardirqs_off_caller+0xbb/0x310
[   39.644112]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.648955]  ? trace_hardirqs_on_caller+0x310/0x310
[   39.653968]  ? trace_hardirqs_on_caller+0x310/0x310
[   39.658980]  ? task_prio+0x50/0x50
[   39.662523]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   39.668063]  ? check_preemption_disabled+0x48/0x280
[   39.673080]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   39.677923]  apic_timer_interrupt+0xf/0x20
[   39.682147]  </IRQ>
[   39.684373] Modules linked in:
[   39.687605] CR2: ffffffff8caa3e08
[   39.691062] ---[ end trace 6c1017c956f17b9d ]---
[   39.695814] RIP: 0010:skb_set_owner_w+0xb4/0x320
[   39.700572] Code: ff df 48 c1 ea 03 80 3c 02 00 0f 85 30 02 00 00 49 8d 7c 24 12 4c 89 63 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 cd 01 00 00
[   39.719470] RSP: 0018:ffff8881cb9274a8 EFLAGS: 00010203
[   39.724828] RAX: dffffc0000000000 RBX: ffff8881c2cf4bc0 RCX: ffffffff86273988
[   39.732090] RDX: 000000000000000e RSI: ffffffff8625bddf RDI: 0000000000000074
[   39.739353] RBP: ffff8881cb9274d0 R08: ffff8881cb98e280 R09: ffffed103701800c
[   39.746618] R10: ffffed103701800c R11: ffff8881b80c0063 R12: 0000000000000062
[   39.753894] R13: ffff8881c2cf4bd8 R14: ffff8881c2cf4c20 R15: 0000000000000020
[   39.761160] FS:  000000000137f880(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000
[   39.769391] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   39.775276] CR2: ffffffff8caa3e08 CR3: 00000001c3bee000 CR4: 00000000001406f0
[   39.782549] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   39.789825] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   40.684013] Shutting down cpus with NMI
[   40.688945] Kernel Offset: disabled
[   40.692572] Rebooting in 86400 seconds..