[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   56.292196][   T26] audit: type=1800 audit(1568138026.619:25): pid=8497 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   56.313339][   T26] audit: type=1800 audit(1568138026.619:26): pid=8497 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   56.374761][   T26] audit: type=1800 audit(1568138026.619:27): pid=8497 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.203' (ECDSA) to the list of known hosts.
syzkaller login: [  353.173935][ T8649] IPVS: ftp: loaded support on port[0] = 21
[  353.237343][ T8649] chnl_net:caif_netlink_parms(): no params data found
[  353.263474][ T8649] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.271632][ T8649] bridge0: port 1(bridge_slave_0) entered disabled state
[  353.279355][ T8649] device bridge_slave_0 entered promiscuous mode
[  353.287629][ T8649] bridge0: port 2(bridge_slave_1) entered blocking state
[  353.294737][ T8649] bridge0: port 2(bridge_slave_1) entered disabled state
[  353.302614][ T8649] device bridge_slave_1 entered promiscuous mode
[  353.320012][ T8649] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  353.330388][ T8649] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  353.350088][ T8649] team0: Port device team_slave_0 added
[  353.357057][ T8649] team0: Port device team_slave_1 added
[  353.418088][ T8649] device hsr_slave_0 entered promiscuous mode
[  353.456347][ T8649] device hsr_slave_1 entered promiscuous mode
[  353.534461][ T8649] bridge0: port 2(bridge_slave_1) entered blocking state
[  353.541655][ T8649] bridge0: port 2(bridge_slave_1) entered forwarding state
[  353.549435][ T8649] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.556579][ T8649] bridge0: port 1(bridge_slave_0) entered forwarding state
[  353.590941][ T8649] 8021q: adding VLAN 0 to HW filter on device bond0
[  353.602036][ T8652] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  353.621846][ T8652] bridge0: port 1(bridge_slave_0) entered disabled state
[  353.630084][ T8652] bridge0: port 2(bridge_slave_1) entered disabled state
[  353.639580][ T8652] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  353.650586][ T8649] 8021q: adding VLAN 0 to HW filter on device team0
[  353.661158][ T2843] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  353.669699][ T2843] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.676804][ T2843] bridge0: port 1(bridge_slave_0) entered forwarding state
[  353.696690][ T8652] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  353.705072][ T8652] bridge0: port 2(bridge_slave_1) entered blocking state
[  353.712182][ T8652] bridge0: port 2(bridge_slave_1) entered forwarding state
[  353.720433][ T8652] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  353.729365][ T8652] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  353.739704][ T8654] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
executing program
[  353.747558][ T8654] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  353.760118][ T2843] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  353.769994][ T8649] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  353.789537][ T8649] 8021q: adding VLAN 0 to HW filter on device batadv0
[  458.905785][    C1] rcu: INFO: rcu_preempt self-detected stall on CPU
[  458.912597][    C1] rcu: 	1-...!: (10499 ticks this GP) idle=a3e/1/0x4000000000000002 softirq=8947/8947 fqs=11 
[  458.922959][    C1] 	(t=10500 jiffies g=7041 q=28)
[  458.927894][    C1] rcu: rcu_preempt kthread starved for 10478 jiffies! g7041 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
[  458.939143][    C1] rcu: RCU grace-period kthread stack dump:
[  458.945012][    C1] rcu_preempt     I29360    10      2 0x80004000
[  458.951328][    C1] Call Trace:
[  458.954694][    C1]  __schedule+0x76e/0x17a0
[  458.959099][    C1]  ? __sched_text_start+0x8/0x8
[  458.963933][    C1]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  458.969742][    C1]  ? schedule_timeout+0x47c/0xc50
[  458.974749][    C1]  ? lockdep_hardirqs_on+0x418/0x5d0
[  458.980027][    C1]  schedule+0xd9/0x260
[  458.984368][    C1]  schedule_timeout+0x486/0xc50
[  458.989220][    C1]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  458.995040][    C1]  ? usleep_range+0x170/0x170
[  458.999701][    C1]  ? trace_hardirqs_on+0x67/0x240
[  459.004709][    C1]  ? __kasan_check_read+0x11/0x20
[  459.009724][    C1]  ? __next_timer_interrupt+0x1a0/0x1a0
[  459.015261][    C1]  ? swake_up_one+0x60/0x60
[  459.019752][    C1]  rcu_gp_kthread+0x9b2/0x18d0
[  459.024504][    C1]  ? invoke_rcu_core+0x230/0x230
[  459.029425][    C1]  ? trace_hardirqs_on+0x67/0x240
[  459.034438][    C1]  ? __kasan_check_read+0x11/0x20
[  459.039455][    C1]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  459.045701][    C1]  ? __kthread_parkme+0x108/0x1c0
[  459.050721][    C1]  ? __kasan_check_read+0x11/0x20
[  459.055736][    C1]  kthread+0x361/0x430
[  459.059788][    C1]  ? invoke_rcu_core+0x230/0x230
[  459.064709][    C1]  ? kthread_cancel_delayed_work_sync+0x20/0x20
[  459.070948][    C1]  ret_from_fork+0x24/0x30
[  459.075401][    C1] NMI backtrace for cpu 1
[  459.079735][    C1] CPU: 1 PID: 8649 Comm: syz-executor244 Not tainted 5.3.0-rc6-next-20190830 #75
[  459.088849][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  459.098897][    C1] Call Trace:
[  459.102176][    C1]  <IRQ>
[  459.105072][    C1]  dump_stack+0x172/0x1f0
[  459.109389][    C1]  nmi_cpu_backtrace.cold+0x70/0xb2
[  459.114583][    C1]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  459.120808][    C1]  ? lapic_can_unplug_cpu.cold+0x3a/0x3a
[  459.126433][    C1]  nmi_trigger_cpumask_backtrace+0x23b/0x28b
[  459.132407][    C1]  arch_trigger_cpumask_backtrace+0x14/0x20
[  459.138278][    C1]  rcu_dump_cpu_stacks+0x183/0x1cf
[  459.143373][    C1]  rcu_sched_clock_irq.cold+0x4fd/0xc12
[  459.148900][    C1]  ? raise_softirq+0x138/0x340
[  459.153659][    C1]  update_process_times+0x2d/0x70
[  459.158664][    C1]  tick_sched_handle+0xa2/0x190
[  459.163495][    C1]  tick_sched_timer+0x53/0x140
[  459.168254][    C1]  __hrtimer_run_queues+0x364/0xe40
[  459.173436][    C1]  ? tick_sched_do_timer+0x1b0/0x1b0
[  459.178710][    C1]  ? hrtimer_sleeper_start_expires+0x90/0x90
[  459.184672][    C1]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  459.190372][    C1]  ? ktime_get_update_offsets_now+0x2d3/0x440
[  459.196423][    C1]  hrtimer_interrupt+0x314/0x770
[  459.201357][    C1]  smp_apic_timer_interrupt+0x160/0x610
[  459.206897][    C1]  apic_timer_interrupt+0xf/0x20
[  459.211818][    C1] RIP: 0010:__list_del_entry_valid+0x85/0xf5
[  459.217799][    C1] Code: 0f 84 e1 00 00 00 48 b8 22 01 00 00 00 00 ad de 49 39 c4 0f 84 e2 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 53 49 8b 14 24 4c 39 f2 0f 85 99 00 00 00 49 8d 7d
[  459.237381][    C1] RSP: 0018:ffff8880ae909060 EFLAGS: 00000a06 ORIG_RAX: ffffffffffffff13
[  459.245862][    C1] RAX: dffffc0000000000 RBX: ffff88809a2fc2f8 RCX: ffffffff85cb69b9
[  459.253813][    C1] RDX: 1ffff1101345f872 RSI: ffffffff85cb6e86 RDI: ffff88809a2fc300
[  459.261770][    C1] RBP: ffff8880ae909078 R08: ffff8880a0af40c0 R09: fffffbfff14ed341
[  459.269723][    C1] R10: ffff8880a0af4a78 R11: ffff8880a0af40c0 R12: ffff88809a2fc390
[  459.277674][    C1] R13: ffff88809a2fc390 R14: ffff88809a2fc2f8 R15: 0000000000000000
[  459.285632][    C1]  ? apic_timer_interrupt+0xa/0x20
[  459.290791][    C1]  ? hhf_dequeue+0xb9/0xa20
[  459.295273][    C1]  ? hhf_dequeue+0x586/0xa20
[  459.299851][    C1]  hhf_dequeue+0x5c5/0xa20
[  459.304298][    C1]  __qdisc_run+0x1e7/0x19d0
[  459.308798][    C1]  ? dev_queue_xmit+0x18/0x20
[  459.313476][    C1]  __dev_queue_xmit+0x16f1/0x37c0
[  459.318484][    C1]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[  459.324623][    C1]  ? netdev_core_pick_tx+0x2f0/0x2f0
[  459.329893][    C1]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  459.336155][    C1]  ? br_nf_post_routing+0xd73/0x1d30
[  459.341454][    C1]  ? br_forward_finish+0x235/0x400
[  459.346546][    C1]  ? find_held_lock+0x35/0x130
[  459.351291][    C1]  ? br_forward_finish+0x235/0x400
[  459.356387][    C1]  dev_queue_xmit+0x18/0x20
[  459.360868][    C1]  ? dev_queue_xmit+0x18/0x20
[  459.365525][    C1]  br_dev_queue_push_xmit+0x3f3/0x5e0
[  459.370876][    C1]  ? __kasan_check_read+0x11/0x20
[  459.375894][    C1]  br_forward_finish+0xfa/0x400
[  459.380726][    C1]  ? br_dev_queue_push_xmit+0x5e0/0x5e0
[  459.386267][    C1]  ? br_fdb_add.cold+0x83/0x83
[  459.391011][    C1]  ? __kasan_check_read+0x11/0x20
[  459.396020][    C1]  __br_forward+0x641/0xb00
[  459.400518][    C1]  ? br_forward_finish+0x400/0x400
[  459.405614][    C1]  ? br_dev_queue_push_xmit+0x5e0/0x5e0
[  459.411148][    C1]  deliver_clone+0x61/0xc0
[  459.415550][    C1]  maybe_deliver+0x2c7/0x390
[  459.420126][    C1]  br_flood+0x13a/0x3d0
[  459.424269][    C1]  br_dev_xmit+0x98c/0x15a0
[  459.428755][    C1]  ? br_poll_controller+0x10/0x10
[  459.433763][    C1]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[  459.439901][    C1]  ? rcu_read_lock_sched_held+0x9c/0xd0
[  459.445427][    C1]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  459.451388][    C1]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  459.457614][    C1]  dev_hard_start_xmit+0x1a3/0x9c0
[  459.462715][    C1]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  459.468940][    C1]  __dev_queue_xmit+0x2b82/0x37c0
[  459.473943][    C1]  ? __kasan_check_read+0x11/0x20
[  459.478950][    C1]  ? __lock_acquire+0x293a/0x4a00
[  459.483954][    C1]  ? __lock_acquire+0x8a0/0x4a00
[  459.488878][    C1]  ? netdev_core_pick_tx+0x2f0/0x2f0
[  459.494147][    C1]  ? __kasan_check_read+0x11/0x20
[  459.499151][    C1]  ? mark_lock+0xc2/0x1220
[  459.503565][    C1]  ? mark_held_locks+0xa4/0xf0
[  459.508359][    C1]  ? ip_finish_output2+0x140e/0x2590
[  459.513624][    C1]  ? __ip_finish_output+0x5fc/0xbc0
[  459.518806][    C1]  ? ip_finish_output2+0x140e/0x2590
[  459.524081][    C1]  dev_queue_xmit+0x18/0x20
[  459.528573][    C1]  ? dev_queue_xmit+0x18/0x20
[  459.533241][    C1]  ip_finish_output2+0x1752/0x2590
[  459.538376][    C1]  ? nf_ct_deliver_cached_events+0x23d/0x6e0
[  459.544344][    C1]  ? ip_frag_next+0x910/0x910
[  459.549009][    C1]  __ip_finish_output+0x5fc/0xbc0
[  459.554013][    C1]  ? __ip_finish_output+0x5fc/0xbc0
[  459.559189][    C1]  ? alloc_chunk+0x120/0x220
[  459.563865][    C1]  ip_finish_output+0x38/0x1f0
[  459.568625][    C1]  ip_output+0x21f/0x670
[  459.572852][    C1]  ? ip_mc_output+0xf70/0xf70
[  459.577511][    C1]  ? __ip_finish_output+0xbc0/0xbc0
[  459.582696][    C1]  ip_local_out+0xbb/0x1b0
[  459.587110][    C1]  igmpv3_sendpack+0x1b5/0x2e0
[  459.591877][    C1]  igmp_ifc_timer_expire+0x687/0xa00
[  459.597160][    C1]  call_timer_fn+0x1ac/0x780
[  459.601751][    C1]  ? __ip_mc_dec_group+0x520/0x520
[  459.606843][    C1]  ? msleep_interruptible+0x150/0x150
[  459.612193][    C1]  ? run_timer_softirq+0x6ae/0x17f0
[  459.617463][    C1]  ? trace_hardirqs_on+0x67/0x240
[  459.622482][    C1]  ? __kasan_check_read+0x11/0x20
[  459.627485][    C1]  ? __ip_mc_dec_group+0x520/0x520
[  459.632579][    C1]  ? __ip_mc_dec_group+0x520/0x520
[  459.637684][    C1]  run_timer_softirq+0x6c0/0x17f0
[  459.642704][    C1]  ? add_timer+0x930/0x930
[  459.647104][    C1]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[  459.653240][    C1]  ? rcu_read_lock_sched_held+0x9c/0xd0
[  459.658769][    C1]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  459.664741][    C1]  ? nf_ct_iterate_cleanup+0x1f1/0x4e0
[  459.670185][    C1]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  459.676408][    C1]  __do_softirq+0x262/0x98c
[  459.680910][    C1]  ? nf_ct_iterate_cleanup+0x1f1/0x4e0
[  459.686351][    C1]  do_softirq_own_stack+0x2a/0x40
[  459.691350][    C1]  </IRQ>
[  459.694270][    C1]  do_softirq.part.0+0x11a/0x170
[  459.699199][    C1]  __local_bh_enable_ip+0x211/0x270
[  459.704378][    C1]  nf_ct_iterate_cleanup+0x217/0x4e0
[  459.709701][    C1]  ? nf_ct_alloc_hashtable+0x150/0x150
[  459.715142][    C1]  nf_ct_iterate_cleanup_net+0x133/0x190
[  459.720781][    C1]  ? nf_nat_redirect_ipv6+0x470/0x470
[  459.726137][    C1]  ? nf_ct_iterate_cleanup+0x4e0/0x4e0
[  459.731575][    C1]  ? nf_nat_redirect_ipv6+0x470/0x470
[  459.736937][    C1]  masq_device_event+0xb5/0xe0
[  459.741682][    C1]  notifier_call_chain+0xc2/0x230
[  459.746691][    C1]  raw_notifier_call_chain+0x2e/0x40
[  459.751957][    C1]  call_netdevice_notifiers_info+0x3f/0x90
[  459.757744][    C1]  dev_close_many+0x33f/0x6f0
[  459.762413][    C1]  ? __kasan_check_read+0x11/0x20
[  459.767422][    C1]  ? netdev_master_upper_dev_link+0x50/0x50
[  459.773331][    C1]  rollback_registered_many+0x43b/0xfc0
[  459.778859][    C1]  ? __kasan_check_read+0x11/0x20
[  459.783876][    C1]  ? generic_xdp_install+0x3d0/0x3d0
[  459.789146][    C1]  ? mark_held_locks+0xa4/0xf0
[  459.793897][    C1]  ? queue_delayed_work_on+0xf3/0x210
[  459.799279][    C1]  ? linkwatch_schedule_work+0x190/0x1d0
[  459.804896][    C1]  ? queue_delayed_work_on+0xf3/0x210
[  459.810247][    C1]  ? lockdep_hardirqs_on+0x418/0x5d0
[  459.815569][    C1]  rollback_registered+0x109/0x1d0
[  459.820680][    C1]  ? rollback_registered_many+0xfc0/0xfc0
[  459.826403][    C1]  unregister_netdevice_queue+0x1ee/0x2c0
[  459.832192][    C1]  __tun_detach+0xd8a/0x1040
[  459.836779][    C1]  tun_chr_close+0xe0/0x180
[  459.841270][    C1]  __fput+0x2ff/0x890
[  459.845241][    C1]  ? __tun_detach+0x1040/0x1040
[  459.850077][    C1]  ____fput+0x16/0x20
[  459.854041][    C1]  task_work_run+0x145/0x1c0
[  459.858615][    C1]  do_exit+0x904/0x2e60
[  459.862759][    C1]  ? mm_update_next_owner+0x640/0x640
[  459.868112][    C1]  ? down_read_non_owner+0x490/0x490
[  459.873382][    C1]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  459.879604][    C1]  ? handle_mm_fault+0x1d3/0x6c0
[  459.884525][    C1]  ? trace_hardirqs_on_thunk+0x1a/0x20
[  459.889963][    C1]  ? trace_hardirqs_on_thunk+0x1a/0x20
[  459.895405][    C1]  do_group_exit+0x135/0x360
[  459.899982][    C1]  __x64_sys_exit_group+0x44/0x50
[  459.904991][    C1]  do_syscall_64+0xfa/0x760
[  459.909532][    C1]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  459.915419][    C1] RIP: 0033:0x440c68
[  459.919314][    C1] Code: Bad RIP value.
[  459.923364][    C1] RSP: 002b:00007fff9c7f55b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  459.931766][    C1] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000440c68
[  459.939723][    C1] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001
[  459.947680][    C1] RBP: 00000000004c7110 R08: 00000000000000e7 R09: ffffffffffffffd0
[  459.955651][    C1] R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000001
[  459.963602][    C1] R13: 00000000006d9600 R14: 0000000000000000 R15: 0000000000000000