[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   46.199127][   T26] audit: type=1800 audit(1554915341.332:25): pid=7796 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   46.234102][   T26] audit: type=1800 audit(1554915341.332:26): pid=7796 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   46.268644][   T26] audit: type=1800 audit(1554915341.342:27): pid=7796 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.143' (ECDSA) to the list of known hosts.
syzkaller login: [   62.530137][ T7948] IPVS: ftp: loaded support on port[0] = 21
[   62.590675][ T7948] chnl_net:caif_netlink_parms(): no params data found
[   62.621937][ T7948] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.629819][ T7948] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.638249][ T7948] device bridge_slave_0 entered promiscuous mode
[   62.646776][ T7948] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.654567][ T7948] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.662934][ T7948] device bridge_slave_1 entered promiscuous mode
[   62.678635][ T7948] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   62.688756][ T7948] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   62.706281][ T7948] team0: Port device team_slave_0 added
[   62.713873][ T7948] team0: Port device team_slave_1 added
[   62.767877][ T7948] device hsr_slave_0 entered promiscuous mode
[   62.836099][ T7948] device hsr_slave_1 entered promiscuous mode
[   62.893159][ T7948] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.901438][ T7948] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.909783][ T7948] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.918905][ T7948] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.951000][ T7948] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.963819][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   62.985069][   T17] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.994593][   T17] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.003926][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   63.015420][ T7948] 8021q: adding VLAN 0 to HW filter on device team0
[   63.027218][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   63.036775][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.044158][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   63.066813][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   63.075479][   T17] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.083459][   T17] bridge0: port 2(bridge_slave_1) entered forwarding state
[   63.092065][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   63.101205][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   63.109939][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   63.120353][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   63.128157][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   63.139836][ T7948] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
executing program
[   63.157457][ T7948] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.171298][ T7948] kasan: CONFIG_KASAN_INLINE enabled
[   63.176888][ T7948] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   63.184998][ T7948] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[   63.192526][ T7948] CPU: 0 PID: 7948 Comm: syz-executor371 Not tainted 5.1.0-rc4+ #62
[   63.200979][ T7948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   63.211079][ T7948] RIP: 0010:xfrmi_decode_session+0x15c/0x6c0
[   63.217166][ T7948] Code: 7c fc 08 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2e 05 00 00 48 b8 00 00 00 00 00 fc ff df 4f 8b 64 fc 08 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 01 05 00 00 4d 8b 3c 24 e8 21 73 51 fb e8 ac c6
[   63.237964][ T7948] RSP: 0018:ffff8880a4877108 EFLAGS: 00010246
[   63.244325][ T7948] RAX: dffffc0000000000 RBX: ffff8880a97483c0 RCX: ffffffff860cc733
[   63.252472][ T7948] RDX: 0000000000000000 RSI: ffffffff860cc770 RDI: ffff888097bda9c8
[   63.260444][ T7948] RBP: ffff8880a4877130 R08: ffff8880a4b645c0 R09: ffffed1015d05bc8
[   63.268507][ T7948] R10: ffffed1015d05bc7 R11: ffff8880ae82de3b R12: 0000000000000000
[   63.276473][ T7948] R13: 0000000000000035 R14: ffff8880a97483d0 R15: ffffffffffffffff
[   63.285266][ T7948] FS:  000000000235d880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   63.295159][ T7948] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   63.302622][ T7948] CR2: 0000000020000000 CR3: 000000008fcfb000 CR4: 00000000001406f0
[   63.311287][ T7948] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   63.319640][ T7948] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   63.328396][ T7948] Call Trace:
[   63.332014][ T7948]  __xfrm_policy_check+0x1f8/0x2730
[   63.337326][ T7948]  ? find_held_lock+0x35/0x130
[   63.342102][ T7948]  ? vti6_tnl_lookup+0x287/0x1020
[   63.347224][ T7948]  ? __xfrm_route_forward+0x840/0x840
[   63.352857][ T7948]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   63.359333][ T7948]  ? vti6_tnl_lookup+0x69a/0x1020
[   63.365697][ T7948]  ? vti6_init_net+0x820/0x820
[   63.380407][ T7948]  vti6_rcv+0x51a/0x970
[   63.384635][ T7948]  xfrm6_esp_rcv+0xd8/0x230
[   63.389167][ T7948]  ip6_protocol_deliver_rcu+0x303/0x16c0
[   63.395118][ T7948]  ? lock_acquire+0x16f/0x3f0
[   63.399792][ T7948]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   63.406032][ T7948]  ? rcu_dynticks_curr_cpu_in_eqs+0x10/0xb0
[   63.412026][ T7948]  ip6_input_finish+0x84/0x170
[   63.417670][ T7948]  ip6_input+0xe4/0x3f0
[   63.421842][ T7948]  ? ip6_input_finish+0x170/0x170
[   63.427162][ T7948]  ? ip6_protocol_deliver_rcu+0x16c0/0x16c0
[   63.433066][ T7948]  ip6_rcv_finish+0x1e7/0x320
[   63.437841][ T7948]  ipv6_rcv+0x10e/0x420
[   63.442183][ T7948]  ? ip6_rcv_core.isra.0+0x1c00/0x1c00
[   63.447651][ T7948]  ? ip6_rcv_finish_core.isra.0+0x590/0x590
[   63.453557][ T7948]  ? mark_held_locks+0xf0/0xf0
[   63.458423][ T7948]  ? ip6_rcv_core.isra.0+0x1c00/0x1c00
[   63.463982][ T7948]  __netif_receive_skb_one_core+0x115/0x1a0
[   63.469887][ T7948]  ? __netif_receive_skb_core+0x3040/0x3040
[   63.475785][ T7948]  ? lock_acquire+0x16f/0x3f0
[   63.480543][ T7948]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   63.486912][ T7948]  __netif_receive_skb+0x2c/0x1c0
[   63.492693][ T7948]  netif_receive_skb_internal+0x117/0x660
[   63.498594][ T7948]  ? dev_cpu_dead+0x920/0x920
[   63.503549][ T7948]  ? eth_gro_receive+0x890/0x890
[   63.508470][ T7948]  napi_gro_frags+0xade/0xd10
[   63.513297][ T7948]  tun_get_user+0x2f24/0x3fb0
[   63.518355][ T7948]  ? tun_build_skb.isra.0+0x12f0/0x12f0
[   63.523928][ T7948]  ? tun_get+0x171/0x290
[   63.528314][ T7948]  ? lock_downgrade+0x880/0x880
[   63.534338][ T7948]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   63.540890][ T7948]  ? kasan_check_read+0x11/0x20
[   63.546027][ T7948]  tun_chr_write_iter+0xbd/0x156
[   63.550962][ T7948]  do_iter_readv_writev+0x5e1/0x8e0
[   63.556201][ T7948]  ? vfs_dedupe_file_range+0x780/0x780
[   63.561991][ T7948]  ? rw_copy_check_uvector+0x2a6/0x330
[   63.567516][ T7948]  ? rw_verify_area+0x118/0x360
[   63.572455][ T7948]  do_iter_write+0x184/0x610
[   63.577272][ T7948]  ? dup_iter+0x260/0x260
[   63.582283][ T7948]  vfs_writev+0x1b3/0x2f0
[   63.586705][ T7948]  ? vfs_iter_write+0xb0/0xb0
[   63.591581][ T7948]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   63.597947][ T7948]  ? __handle_mm_fault+0x7cd/0x3ec0
[   63.603157][ T7948]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[   63.608687][ T7948]  ? find_held_lock+0x35/0x130
[   63.613479][ T7948]  ? __do_page_fault+0x623/0xda0
[   63.618498][ T7948]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   63.624726][ T7948]  ? __fget_light+0x1a9/0x230
[   63.629480][ T7948]  do_writev+0x15e/0x370
[   63.633718][ T7948]  ? vfs_writev+0x2f0/0x2f0
[   63.638210][ T7948]  ? do_syscall_64+0x26/0x610
[   63.642973][ T7948]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   63.649168][ T7948]  ? do_syscall_64+0x26/0x610
[   63.653961][ T7948]  __x64_sys_writev+0x75/0xb0
[   63.658634][ T7948]  do_syscall_64+0x103/0x610
[   63.663516][ T7948]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   63.669832][ T7948] RIP: 0033:0x442060
[   63.674020][ T7948] Code: 05 48 3d 01 f0 ff ff 0f 83 3d 0f fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d b1 8f 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 14 0f fc ff c3 48 83 ec 08 e8 7a 2b 00 00
[   63.693705][ T7948] RSP: 002b:00007ffde5464b58 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   63.702115][ T7948] RAX: ffffffffffffffda RBX: 00007ffde5464ba0 RCX: 0000000000442060
[   63.710135][ T7948] RDX: 0000000000000001 RSI: 00007ffde5464ba0 RDI: 00000000000000f0
[   63.718193][ T7948] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
[   63.726156][ T7948] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffde5464b70
[   63.734121][ T7948] R13: 0000000000403490 R14: 0000000000000000 R15: 0000000000000000
[   63.742538][ T7948] Modules linked in:
[   63.746625][ T7948] ---[ end trace f2b4f08a2ba19afe ]---
[   63.752252][ T7948] RIP: 0010:xfrmi_decode_session+0x15c/0x6c0
[   63.758329][ T7948] Code: 7c fc 08 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2e 05 00 00 48 b8 00 00 00 00 00 fc ff df 4f 8b 64 fc 08 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 01 05 00 00 4d 8b 3c 24 e8 21 73 51 fb e8 ac c6
[   63.777973][ T7948] RSP: 0018:ffff8880a4877108 EFLAGS: 00010246
[   63.784033][ T7948] RAX: dffffc0000000000 RBX: ffff8880a97483c0 RCX: ffffffff860cc733
[   63.792050][ T7948] RDX: 0000000000000000 RSI: ffffffff860cc770 RDI: ffff888097bda9c8
[   63.800323][ T7948] RBP: ffff8880a4877130 R08: ffff8880a4b645c0 R09: ffffed1015d05bc8
[   63.808865][ T7948] R10: ffffed1015d05bc7 R11: ffff8880ae82de3b R12: 0000000000000000
[   63.817372][ T7948] R13: 0000000000000035 R14: ffff8880a97483d0 R15: ffffffffffffffff
[   63.825773][ T7948] FS:  000000000235d880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
[   63.835324][ T7948] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   63.841972][ T7948] CR2: 0000000020000000 CR3: 000000008fcfb000 CR4: 00000000001406f0
[   63.850375][ T7948] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   63.858686][ T7948] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   63.867089][ T7948] Kernel panic - not syncing: Fatal exception in interrupt
[   63.874980][ T7948] Kernel Offset: disabled
[   63.879321][ T7948] Rebooting in 86400 seconds..