[   36.403841] audit: type=1800 audit(1538156056.348:22): pid=5925 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0
[   36.444903] audit: type=1800 audit(1538156056.348:23): pid=5925 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rsyslog" dev="sda1" ino=2442 res=0
[   36.464320] audit: type=1800 audit(1538156056.348:24): pid=5925 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="sudo" dev="sda1" ino=2454 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   41.189654] sshd (6064) used greatest stack depth: 16368 bytes left
Warning: Permanently added '10.128.0.47' (ECDSA) to the list of known hosts.
[   47.669383] IPVS: ftp: loaded support on port[0] = 21
[   47.791875] bridge0: port 1(bridge_slave_0) entered blocking state
[   47.798423] bridge0: port 1(bridge_slave_0) entered disabled state
[   47.805335] device bridge_slave_0 entered promiscuous mode
[   47.819704] bridge0: port 2(bridge_slave_1) entered blocking state
[   47.826140] bridge0: port 2(bridge_slave_1) entered disabled state
[   47.832903] device bridge_slave_1 entered promiscuous mode
[   47.847584] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   47.862279] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   47.900136] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   47.916228] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   47.971653] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   47.978998] team0: Port device team_slave_0 added
[   47.992892] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   48.000058] team0: Port device team_slave_1 added
[   48.013959] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   48.034376] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   48.050672] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   48.067202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   48.174058] bridge0: port 2(bridge_slave_1) entered blocking state
[   48.180443] bridge0: port 2(bridge_slave_1) entered forwarding state
[   48.187084] bridge0: port 1(bridge_slave_0) entered blocking state
[   48.193426] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   48.567724] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   48.573808] 8021q: adding VLAN 0 to HW filter on device bond0
[   48.613733] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   48.653596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   48.661616] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   48.697303] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   48.703362] 8021q: adding VLAN 0 to HW filter on device team0
[   48.735241] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
executing program
[   48.918452] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   48.924956] IPv6: NLM_F_CREATE should be set when creating new route
[   48.931482] IPv6: NLM_F_CREATE should be set when creating new route
[   48.938816] kasan: CONFIG_KASAN_INLINE enabled
[   48.943383] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   48.950766] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[   48.956984] CPU: 0 PID: 6079 Comm: syz-executor651 Not tainted 4.19.0-rc5-next-20180928+ #84
[   48.965534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   48.974884] RIP: 0010:addr_resolve+0x7bd/0x1b80
[   48.979537] Code: 0f 84 da 01 00 00 e8 62 d6 f4 fb 48 8b 85 d0 fd ff ff 48 8d b8 54 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 95
[   48.998422] RSP: 0018:ffff8801d4bef368 EFLAGS: 00010202
[   49.003767] RAX: dffffc0000000000 RBX: ffff8801d4bef578 RCX: ffffffff858891e0
[   49.011015] RDX: 000000000000003e RSI: ffffffff858891ee RDI: 00000000000001f1
[   49.018261] RBP: ffff8801d4bef5a0 R08: ffff8801bba14480 R09: 0000000000000000
[   49.025508] R10: ffffed003a97de60 R11: 0000000000000000 R12: ffff8801ccce85a0
[   49.032757] R13: 00000000ffffff9d R14: 0000000000000001 R15: 000000000000000a
[   49.040016] FS:  0000000000b89880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[   49.048221] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   49.054085] CR2: 0000000020000100 CR3: 00000001c4aa9000 CR4: 00000000001406f0
[   49.061343] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   49.068593] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   49.075841] Call Trace:
[   49.078419]  ? rdma_translate_ip+0x300/0x300
[   49.082810]  ? fs_reclaim_acquire+0x20/0x20
[   49.087116]  ? lock_downgrade+0x900/0x900
[   49.091248]  ? __lockdep_init_map+0x105/0x590
[   49.095724]  ? lockdep_init_map+0x9/0x10
[   49.099770]  ? init_timer_key+0x1a0/0x480
[   49.103901]  ? work_on_cpu_safe+0x90/0x90
[   49.108032]  ? init_timer_on_stack_key+0xe0/0xe0
[   49.112773]  ? kmem_cache_alloc_trace+0x31f/0x750
[   49.117598]  ? __lockdep_init_map+0x105/0x590
[   49.122077]  rdma_resolve_ip+0x499/0x790
[   49.126132]  ? cma_work_handler+0x1f0/0x1f0
[   49.130435]  ? process_one_req+0x920/0x920
[   49.134654]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[   49.139737]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   49.144909]  rdma_resolve_addr+0x2d6/0x2870
[   49.149306]  ? crng_backtrack_protect+0x80/0x80
[   49.153966]  ? debug_mutex_init+0x2d/0x60
[   49.158172]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   49.163701]  ? rdma_bind_addr+0x23d0/0x23d0
[   49.168006]  ? ucma_get_ctx+0x7f/0x160
[   49.171879]  ? lock_downgrade+0x900/0x900
[   49.176009]  ? init_wait_entry+0x1c0/0x1c0
[   49.180223]  ? __might_fault+0x12b/0x1e0
[   49.184264]  ? lock_downgrade+0x900/0x900
[   49.188395]  ? refcount_inc_checked+0x29/0x70
[   49.192871]  ? kasan_check_write+0x14/0x20
[   49.197086]  ? __mutex_unlock_slowpath+0x197/0x8c0
[   49.202005]  ? wait_for_completion+0x8a0/0x8a0
[   49.206576]  ? lock_release+0x970/0x970
[   49.210533]  ? check_same_owner+0x330/0x330
[   49.214835]  ? rcu_read_unlock_special+0x1c0/0x1c0
[   49.219753]  ucma_resolve_ip+0x242/0x2a0
[   49.223802]  ? ucma_resolve_ip+0x242/0x2a0
[   49.228017]  ? ucma_query+0xb20/0xb20
[   49.231809]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   49.237328]  ? _copy_from_user+0xdf/0x150
[   49.241458]  ? ucma_query+0xb20/0xb20
[   49.245237]  ucma_write+0x336/0x420
[   49.248850]  ? ucma_open+0x3f0/0x3f0
[   49.252548]  ? trace_hardirqs_off+0xb8/0x310
[   49.256936]  ? kasan_check_read+0x11/0x20
[   49.261065]  __vfs_write+0x119/0x9f0
[   49.264758]  ? ucma_open+0x3f0/0x3f0
[   49.268456]  ? kernel_read+0x120/0x120
[   49.272324]  ? apparmor_path_rmdir+0x30/0x30
[   49.276714]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   49.282241]  ? fsnotify_first_mark+0x350/0x350
[   49.286822]  ? apparmor_file_permission+0x24/0x30
[   49.291653]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   49.297174]  ? security_file_permission+0x1c2/0x230
[   49.302173]  ? rw_verify_area+0x118/0x360
[   49.306302]  vfs_write+0x1fc/0x560
[   49.309823]  ksys_write+0x101/0x260
[   49.313431]  ? __ia32_sys_read+0xb0/0xb0
[   49.317491]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   49.322921]  __x64_sys_write+0x73/0xb0
[   49.326797]  do_syscall_64+0x1b9/0x820
[   49.330670]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   49.336013]  ? syscall_return_slowpath+0x5e0/0x5e0
[   49.340930]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   49.345763]  ? trace_hardirqs_on_caller+0x310/0x310
[   49.350767]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   49.355769]  ? prepare_exit_to_usermode+0x291/0x3b0
[   49.360770]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   49.365600]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   49.370778] RIP: 0033:0x441339
[   49.373954] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   49.392839] RSP: 002b:00007ffe534553f8 EFLAGS: 00000217 ORIG_RAX: 0000000000000001
[   49.400525] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000441339
[   49.407777] RDX: 0000000000000048 RSI: 0000000020000100 RDI: 0000000000000004
[   49.415025] RBP: 00000000006cc018 R08: 0000000000000100 R09: 0000000000000100
[   49.422275] R10: 0000000000000100 R11: 0000000000000217 R12: 00000000004022a0
[   49.429524] R13: 0000000000402330 R14: 0000000000000000 R15: 0000000000000000
[   49.436780] Modules linked in:
[   49.441855] ---[ end trace 95414ca7a2cb2aec ]---
[   49.446644] RIP: 0010:addr_resolve+0x7bd/0x1b80
[   49.451296] Code: 0f 84 da 01 00 00 e8 62 d6 f4 fb 48 8b 85 d0 fd ff ff 48 8d b8 54 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 95
[   49.470355] RSP: 0018:ffff8801d4bef368 EFLAGS: 00010202
[   49.475761] RAX: dffffc0000000000 RBX: ffff8801d4bef578 RCX: ffffffff858891e0
[   49.483022] RDX: 000000000000003e RSI: ffffffff858891ee RDI: 00000000000001f1
[   49.490539] RBP: ffff8801d4bef5a0 R08: ffff8801bba14480 R09: 0000000000000000
[   49.497832] R10: ffffed003a97de60 R11: 0000000000000000 R12: ffff8801ccce85a0
[   49.505106] R13: 00000000ffffff9d R14: 0000000000000001 R15: 000000000000000a
[   49.512360] FS:  0000000000b89880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
[   49.520601] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   49.526492] CR2: 0000000020000100 CR3: 00000001c4aa9000 CR4: 00000000001406f0
[   49.533752] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   49.541057] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   49.548337] Kernel panic - not syncing: Fatal exception
[   49.554638] Kernel Offset: disabled
[   49.558259] Rebooting in 86400 seconds..