[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   32.770362][   T26] kauditd_printk_skb: 8 callbacks suppressed
[   32.770371][   T26] audit: type=1800 audit(1548375407.999:29): pid=7182 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   32.802247][   T26] audit: type=1800 audit(1548375407.999:30): pid=7182 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.48' (ECDSA) to the list of known hosts.
syzkaller login: [  445.523980][ T7339] IPVS: ftp: loaded support on port[0] = 21
[  445.572460][ T7339] chnl_net:caif_netlink_parms(): no params data found
[  445.598830][ T7339] bridge0: port 1(bridge_slave_0) entered blocking state
[  445.606701][ T7339] bridge0: port 1(bridge_slave_0) entered disabled state
[  445.614438][ T7339] device bridge_slave_0 entered promiscuous mode
[  445.622184][ T7339] bridge0: port 2(bridge_slave_1) entered blocking state
[  445.629221][ T7339] bridge0: port 2(bridge_slave_1) entered disabled state
[  445.636971][ T7339] device bridge_slave_1 entered promiscuous mode
[  445.650709][ T7339] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  445.659936][ T7339] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  445.675016][ T7339] team0: Port device team_slave_0 added
[  445.682418][ T7339] team0: Port device team_slave_1 added
[  445.740984][ T7339] device hsr_slave_0 entered promiscuous mode
[  445.779602][ T7339] device hsr_slave_1 entered promiscuous mode
[  445.825261][ T7339] bridge0: port 2(bridge_slave_1) entered blocking state
[  445.832480][ T7339] bridge0: port 2(bridge_slave_1) entered forwarding state
[  445.840066][ T7339] bridge0: port 1(bridge_slave_0) entered blocking state
[  445.847104][ T7339] bridge0: port 1(bridge_slave_0) entered forwarding state
[  445.873271][ T7339] 8021q: adding VLAN 0 to HW filter on device bond0
[  445.885104][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  445.904474][ T3473] bridge0: port 1(bridge_slave_0) entered disabled state
[  445.913810][ T3473] bridge0: port 2(bridge_slave_1) entered disabled state
[  445.922542][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  445.932883][ T7339] 8021q: adding VLAN 0 to HW filter on device team0
[  445.941805][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  445.950529][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  445.957992][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  445.967700][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  445.975979][ T3473] bridge0: port 2(bridge_slave_1) entered blocking state
[  445.983026][ T3473] bridge0: port 2(bridge_slave_1) entered forwarding state
[  445.997038][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  446.005912][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  446.018987][ T7339] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  446.030177][ T7339] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  446.041614][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  446.050030][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  446.058200][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  446.066298][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
executing program
[  446.081512][ T7339] 8021q: adding VLAN 0 to HW filter on device batadv0
[  446.119754][ T7348] IPVS: ftp: loaded support on port[0] = 21
[  446.121476][ T7349] IPVS: ftp: loaded support on port[0] = 21
executing program
[  447.250021][ T7352] IPVS: ftp: loaded support on port[0] = 21
[  447.251012][ T7354] IPVS: ftp: loaded support on port[0] = 21
executing program
[  448.778243][ T7357] IPVS: ftp: loaded support on port[0] = 21
[  448.779380][ T7359] IPVS: ftp: loaded support on port[0] = 21
executing program
[  449.967198][ T7362] IPVS: ftp: loaded support on port[0] = 21
[  449.981368][ T7364] IPVS: ftp: loaded support on port[0] = 21
executing program
[  451.349471][ T7369] IPVS: ftp: loaded support on port[0] = 21
[  451.349716][ T7368] IPVS: ftp: loaded support on port[0] = 21
executing program
[  452.620425][ T7373] IPVS: ftp: loaded support on port[0] = 21
[  452.696503][ T7374] kasan: CONFIG_KASAN_INLINE enabled
[  452.701973][ T7374] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  452.710061][ T7374] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  452.716995][ T7374] CPU: 0 PID: 7374 Comm: syz-executor189 Not tainted 5.0.0-rc3-next-20190124 #19
[  452.726063][ T7374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  452.736188][ T7374] RIP: 0010:nf_ct_gre_keymap_flush+0xb9/0x2f0
[  452.742227][ T7374] Code: 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 0f 85 2b 02 00 00 4c 8b bb f8 16 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85 fc 01 00 00 4c 3b bd 68 ff ff ff 4d 8b 27 0f 84
[  452.761809][ T7374] RSP: 0018:ffff88808a6e7698 EFLAGS: 00010246
[  452.767927][ T7374] RAX: dffffc0000000000 RBX: ffff8880930082c0 RCX: 0000000000000000
[  452.775866][ T7374] RDX: 1ffffffff146e05a RSI: 0000000000000004 RDI: ffff88808a6e7600
[  452.783804][ T7374] RBP: ffff88808a6e7748 R08: 1ffff110114dcec0 R09: ffffed10114dcec1
[  452.791743][ T7374] R10: ffffed10114dcec0 R11: 0000000000000003 R12: dffffc0000000000
[  452.799682][ T7374] R13: ffff88808a6e7858 R14: ffff8880930099b8 R15: 0000000000000000
[  452.807623][ T7374] FS:  00007febe4d2d700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
[  452.816517][ T7374] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  452.823067][ T7374] CR2: 00007febe4d2cdb8 CR3: 00000000901a3000 CR4: 00000000001406f0
[  452.831009][ T7374] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  452.838948][ T7374] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  452.846885][ T7374] Call Trace:
[  452.850162][ T7374]  ? nf_ct_gre_keymap_add+0x7e0/0x7e0
[  452.855509][ T7374]  ? nf_conntrack_tuple_taken+0x10b0/0x10b0
[  452.861377][ T7374]  nf_conntrack_proto_pernet_fini+0x16/0x1a
[  452.867266][ T7374]  nf_conntrack_cleanup_net_list+0x204/0x330
[  452.873216][ T7374]  ? nf_conntrack_cleanup_end+0x160/0x160
[  452.878901][ T7374]  ? kmem_cache_free+0x225/0x260
[  452.883812][ T7374]  ? pde_free+0xb5/0x110
[  452.888038][ T7374]  nf_conntrack_cleanup_net+0x1c5/0x270
[  452.893552][ T7374]  ? nf_conntrack_cleanup_net_list+0x330/0x330
[  452.899670][ T7374]  ? nf_conntrack_init_end+0x170/0x170
[  452.905098][ T7374]  nf_conntrack_pernet_init+0xc3f/0xf00
[  452.910616][ T7374]  ? nf_conntrack_hash_sysctl+0xd0/0xd0
[  452.916131][ T7374]  ops_init+0x109/0x5d0
[  452.920255][ T7374]  ? net_alloc_generic+0x70/0x70
[  452.925169][ T7374]  ? lockdep_init_map+0x10c/0x5b0
[  452.930164][ T7374]  setup_net+0x38f/0x940
[  452.934396][ T7374]  ? rcu_pm_notify+0xd0/0xd0
[  452.938955][ T7374]  ? ops_init+0x5d0/0x5d0
[  452.943351][ T7374]  ? down_read_killable+0x90/0x150
[  452.948438][ T7374]  ? copy_net_ns+0x289/0x4b0
[  452.952995][ T7374]  ? down_write+0x130/0x130
[  452.957474][ T7374]  ? net_alloc_generic+0x23/0x70
[  452.962387][ T7374]  copy_net_ns+0x2ae/0x4b0
[  452.966789][ T7374]  ? cgroupns_put+0x60/0x60
[  452.971260][ T7374]  ? net_drop_ns+0x30/0x30
[  452.975651][ T7374]  ? kmem_cache_alloc+0x341/0x710
[  452.980644][ T7374]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[  452.986417][ T7374]  ? apparmor_cred_transfer+0x670/0x670
[  452.991937][ T7374]  create_new_namespaces+0x4ce/0x930
[  452.997192][ T7374]  ? sys_ni_syscall+0x20/0x20
[  453.001838][ T7374]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  453.008047][ T7374]  ? ns_capable_common+0x93/0x100
[  453.013042][ T7374]  unshare_nsproxy_namespaces+0xc2/0x200
[  453.018645][ T7374]  ksys_unshare+0x6d7/0xfb0
[  453.023118][ T7374]  ? fork_idle+0x1d0/0x1d0
[  453.027505][ T7374]  ? find_held_lock+0x35/0x120
[  453.032238][ T7374]  ? walk_process_tree+0x440/0x440
[  453.037321][ T7374]  ? do_syscall_64+0x8c/0x800
[  453.041974][ T7374]  ? lockdep_hardirqs_on+0x418/0x5d0
[  453.047228][ T7374]  ? trace_hardirqs_on+0xbd/0x310
[  453.052222][ T7374]  ? do_futex+0x2910/0x2910
[  453.056708][ T7374]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  453.062741][ T7374]  ? trace_hardirqs_off_caller+0x300/0x300
[  453.068512][ T7374]  ? ret_from_fork+0x15/0x50
[  453.073073][ T7374]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  453.078502][ T7374]  __x64_sys_unshare+0x31/0x40
[  453.083325][ T7374]  do_syscall_64+0x1a3/0x800
[  453.087890][ T7374]  ? syscall_return_slowpath+0x5f0/0x5f0
[  453.093502][ T7374]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  453.099188][ T7374]  ? __switch_to_asm+0x34/0x70
[  453.103936][ T7374]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  453.109451][ T7374]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  453.115427][ T7374] RIP: 0033:0x449009
[  453.119309][ T7374] Code: e8 6c 14 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 05 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[  453.138899][ T7374] RSP: 002b:00007febe4d2ccf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  453.147280][ T7374] RAX: ffffffffffffffda RBX: 00000000006e59f8 RCX: 0000000000449009
[  453.155226][ T7374] RDX: 0000000000449009 RSI: 0000000000449009 RDI: 0000000040000000
[  453.163168][ T7374] RBP: 00000000006e59f0 R08: 0000000000000000 R09: 0000000000000000
[  453.171130][ T7374] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006e59fc
[  453.179079][ T7374] R13: 00007ffeec84fdaf R14: 00007febe4d2d9c0 R15: 0000000000000001
[  453.187024][ T7374] Modules linked in:
[  453.190932][ T7374] ---[ end trace e72b60d04a028cfc ]---
[  453.196410][ T7374] RIP: 0010:nf_ct_gre_keymap_flush+0xb9/0x2f0
[  453.202600][ T7374] Code: 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 0f 85 2b 02 00 00 4c 8b bb f8 16 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85 fc 01 00 00 4c 3b bd 68 ff ff ff 4d 8b 27 0f 84
[  453.222231][ T7374] RSP: 0018:ffff88808a6e7698 EFLAGS: 00010246
[  453.228266][ T7374] RAX: dffffc0000000000 RBX: ffff8880930082c0 RCX: 0000000000000000
[  453.236230][ T7374] RDX: 1ffffffff146e05a RSI: 0000000000000004 RDI: ffff88808a6e7600
[  453.244191][ T7374] RBP: ffff88808a6e7748 R08: 1ffff110114dcec0 R09: ffffed10114dcec1
[  453.252150][ T7374] R10: ffffed10114dcec0 R11: 0000000000000003 R12: dffffc0000000000
[  453.260120][ T7374] R13: ffff88808a6e7858 R14: ffff8880930099b8 R15: 0000000000000000
[  453.268065][ T7374] FS:  00007febe4d2d700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
[  453.277068][ T7374] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  453.283647][ T7374] CR2: 00007febe4d2cdb8 CR3: 00000000901a3000 CR4: 00000000001406f0
[  453.291625][ T7374] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  453.299601][ T7374] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  453.307638][ T7374] Kernel panic - not syncing: Fatal exception in interrupt
[  453.316019][ T7374] Kernel Offset: disabled
[  453.320366][ T7374] Rebooting in 86400 seconds..