[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 34.440945] audit_printk_skb: 24 callbacks suppressed [ 34.447027] audit: type=1800 audit(1576038557.159:29): pid=6735 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 34.468794] audit: type=1800 audit(1576038557.189:30): pid=6735 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 47.209467] IPVS: Creating netns size=2712 id=1 [ 47.214476] IPVS: ftp: loaded support on port[0] = 21 Warning: Permanently added '10.128.10.13' (ECDSA) to the list of known hosts. 2019/12/11 04:29:37 parsed 1 programs 2019/12/11 04:29:37 executed programs: 0 [ 54.898660] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready [ 54.910239] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready [ 54.919107] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready [ 54.927381] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready [ 54.935519] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready [ 54.946701] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready [ 54.961198] IPVS: Creating netns size=2712 id=2 [ 54.966013] IPVS: ftp: loaded support on port[0] = 21 [ 55.036035] IPVS: Creating netns size=2712 id=3 [ 55.041217] IPVS: ftp: loaded support on port[0] = 21 [ 55.169692] chnl_net:caif_netlink_parms(): no params data found [ 55.194539] IPVS: Creating netns size=2712 id=4 [ 55.199396] IPVS: ftp: loaded support on port[0] = 21 [ 55.411950] IPVS: Creating netns size=2712 id=5 [ 55.416813] IPVS: ftp: loaded support on port[0] = 21 [ 55.433038] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.439450] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.448645] device bridge_slave_0 entered promiscuous mode [ 55.475355] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.481998] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.490887] device bridge_slave_1 entered promiscuous mode [ 55.560811] chnl_net:caif_netlink_parms(): no params data found [ 55.650421] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.680186] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.709456] chnl_net:caif_netlink_parms(): no params data found [ 55.766661] IPVS: Creating netns size=2712 id=6 [ 55.771626] IPVS: ftp: loaded support on port[0] = 21 [ 55.919014] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.926473] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.935625] device bridge_slave_0 entered promiscuous mode [ 55.963265] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.008286] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.014799] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.024041] device bridge_slave_1 entered promiscuous mode [ 56.036954] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.089809] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.096337] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.105544] device bridge_slave_0 entered promiscuous mode [ 56.157133] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.164094] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.173408] device bridge_slave_1 entered promiscuous mode [ 56.255779] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.278588] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.280657] IPVS: Creating netns size=2712 id=7 [ 56.280773] IPVS: ftp: loaded support on port[0] = 21 [ 56.326598] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.347047] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.354315] chnl_net:caif_netlink_parms(): no params data found [ 56.373401] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.412875] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.559077] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.595108] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.773897] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.780933] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.797756] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.805242] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.814674] device bridge_slave_0 entered promiscuous mode [ 56.823121] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.829520] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.838623] device bridge_slave_1 entered promiscuous mode [ 56.865635] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.953837] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 57.011820] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.049050] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 57.067571] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.100625] chnl_net:caif_netlink_parms(): no params data found [ 57.160433] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 57.195403] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 57.207592] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.216343] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.225432] chnl_net:caif_netlink_parms(): no params data found [ 57.264918] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 57.378921] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.385538] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.394512] device bridge_slave_0 entered promiscuous mode [ 57.417788] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.425016] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.434340] device bridge_slave_1 entered promiscuous mode [ 57.455743] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 57.512043] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.520734] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 57.606201] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.618621] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.625981] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.635579] device bridge_slave_0 entered promiscuous mode [ 57.650877] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.659463] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.665954] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.674828] device bridge_slave_1 entered promiscuous mode [ 57.689997] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 57.756455] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.835820] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 57.848483] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.859463] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 57.884396] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 57.915486] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 57.999715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.047512] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 58.074481] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.082661] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 58.090109] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 58.100027] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 58.145034] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.163105] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.170899] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.177348] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.187367] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.195457] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.201858] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.250707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.265435] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 58.284320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.305334] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 58.318225] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 58.326692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.344864] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.353794] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 58.362891] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.397590] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 58.405141] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.414710] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.435880] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 58.453412] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.463344] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.469756] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.477769] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.485853] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.492238] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.517768] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 58.536444] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.551964] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.559099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 58.622067] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 58.655088] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 58.701180] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 58.708963] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.717403] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.724030] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.755874] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.763742] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.772459] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.778827] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.813712] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 58.844375] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 58.860525] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.868645] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 58.878167] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.884612] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.926029] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 58.934231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 58.942511] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.948893] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.984792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.993924] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 59.018332] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 59.033446] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.065283] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.077533] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 59.094545] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.103500] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.119772] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.147544] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 59.170984] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.207035] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.217782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.278637] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.279330] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.279395] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.280359] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.300009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.300815] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.300872] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.373164] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.373878] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.373937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.374620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.404561] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 59.419351] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.420094] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.420151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.425267] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 59.437707] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.471692] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.489495] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 59.507158] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 59.552472] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.568322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.946184] kasan: CONFIG_KASAN_INLINE enabled [ 59.946191] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 59.946195] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 59.946198] Modules linked in: [ 59.946202] CPU: 0 PID: 7266 Comm: syz-executor.4 Not tainted 4.6.0-syzkaller #0 [ 59.946203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.946206] task: ffff8800b79ec440 ti: ffff880129b60000 task.ti: ffff880129b60000 [ 59.946216] RIP: 0010:[] [] insert_char+0x28a/0x420 [ 59.946218] RSP: 0018:ffff880129b67768 EFLAGS: 00010203 [ 59.946220] RAX: 0000000020000001 RBX: 000000010000000e RCX: dffffc0000000000 [ 59.946223] RDX: 00000000000000d2 RSI: 0000000000000001 RDI: ffff8800af4ae6f4 [ 59.946225] RBP: ffff880129b677b8 R08: 00000000ffffff3c R09: dffffc0000000000 [ 59.946226] R10: 0000000000000011 R11: 0000000000000001 R12: 00000000ffffff3a [ 59.946228] R13: 000000010000000c R14: ffff8800af4ae380 R15: 00000000ffffff3a [ 59.946232] FS: 00007f998e1a0700(0000) GS:ffff88012c000000(0000) knlGS:0000000000000000 [ 59.946234] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.946236] CR2: 0000000000758090 CR3: 00000000af651000 CR4: 00000000001406f0 [ 59.946242] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.946244] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.946245] Stack: [ 59.946250] ffff8800b79ecc40 ffff8800b79ecc48 ffff8800b79ecd10 1ffff1002536cef2 [ 59.946254] ffff880000000000 000000000000006b ffff8800af4ae380 0000000000000000 [ 59.946258] ffffed0015e95ce7 1ffff1002536cf00 ffff880129b67928 ffffffff82fdbdae [ 59.946259] Call Trace: [ 59.946263] [] do_con_trol+0x504e/0x5a40 [ 59.946268] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 59.946271] [] ? __lock_acquire+0x1985/0x5560 [ 59.946275] [] ? reset_palette+0x1d0/0x1d0 [ 59.946278] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 59.946281] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 59.946287] [] ? atomic_notifier_call_chain+0x7b/0x100 [ 59.946290] [] do_con_write.part.22+0x487/0x1950 [ 59.946295] [] ? mutex_lock_nested+0x7de/0xb30 [ 59.946301] [] ? trace_hardirqs_on_caller+0x44c/0x5e0 [ 59.946304] [] ? do_con_trol+0x5a40/0x5a40 [ 59.946308] [] ? add_wait_queue+0x3f/0xa0 [ 59.946311] [] ? _raw_spin_unlock_irqrestore+0x6a/0xd0 [ 59.946314] [] ? _mutex_lock_nest_lock+0xb30/0xb30 [ 59.946317] [] con_write+0x76/0x90 [ 59.946322] [] n_tty_write+0x4f0/0x10b0 [ 59.946326] [] ? n_tty_open+0x280/0x280 [ 59.946329] [] ? abort_exclusive_wait+0x1d0/0x1d0 [ 59.946333] [] tty_write+0x44d/0x7f0 [ 59.946336] [] ? n_tty_open+0x280/0x280 [ 59.946341] [] __vfs_write+0xdb/0x4f0 [ 59.946345] [] ? do_iter_readv_writev+0x330/0x330 [ 59.946348] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 59.946351] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 59.946356] [] ? common_file_perm+0x17e/0x410 [ 59.946359] [] ? apparmor_file_permission+0x13/0x20 [ 59.946364] [] ? security_file_permission+0x6a/0x1a0 [ 59.946368] [] ? rw_verify_area+0xb9/0x290 [ 59.946371] [] vfs_write+0x13a/0x4a0 [ 59.946375] [] SyS_write+0xcb/0x1a0 [ 59.946378] [] ? SyS_read+0x1a0/0x1a0 [ 59.946381] [] ? trace_hardirqs_on_caller+0x44c/0x5e0 [ 59.946386] [] ? trace_hardirqs_on_thunk+0x1b/0x1d [ 59.946390] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 59.946435] Code: 84 dd fe ff ff 48 b9 00 00 00 00 00 fc ff df 48 01 d2 48 89 d8 48 29 d0 4c 8d 40 fe 49 83 ed 02 48 83 eb 02 4c 89 e8 48 c1 e8 03 <0f> b6 14 08 4c 89 e8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 [ 59.946438] RIP [] insert_char+0x28a/0x420 [ 59.946440] RSP [ 59.946445] ---[ end trace 51a5821d957ab742 ]--- [ 59.946447] Kernel panic - not syncing: Fatal exception [ 59.947265] Kernel Offset: disabled