[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   41.045501] audit: type=1800 audit(1547433981.490:25): pid=7944 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   41.077120] audit: type=1800 audit(1547433981.490:26): pid=7944 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   41.105568] audit: type=1800 audit(1547433981.490:27): pid=7944 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.203' (ECDSA) to the list of known hosts.
syzkaller login: [   54.153467] IPVS: ftp: loaded support on port[0] = 21
[   54.219252] chnl_net:caif_netlink_parms(): no params data found
[   54.254261] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.261078] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.268364] device bridge_slave_0 entered promiscuous mode
[   54.275885] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.282268] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.289547] device bridge_slave_1 entered promiscuous mode
[   54.305978] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   54.315012] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   54.332078] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   54.339919] team0: Port device team_slave_0 added
[   54.345348] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   54.352524] team0: Port device team_slave_1 added
[   54.357922] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   54.365199] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   54.435954] device hsr_slave_0 entered promiscuous mode
[   54.503517] device hsr_slave_1 entered promiscuous mode
[   54.583640] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   54.590599] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   54.605658] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.612100] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.619228] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.625607] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.659061] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   54.666909] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.675717] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   54.685231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   54.705114] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.712644] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.720763] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   54.732286] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   54.738898] 8021q: adding VLAN 0 to HW filter on device team0
[   54.747435] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   54.755548] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.761877] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.784061] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   54.791677] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.798105] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.806479] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   54.816225] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   54.824118] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   54.831498] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   54.841144] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   54.847408] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   54.854605] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   54.870947] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   54.881240] 8021q: adding VLAN 0 to HW filter on device batadv0
[   54.893150] ==================================================================
[   54.900608] BUG: KASAN: use-after-free in tick_sched_handle+0x16f/0x190
[   54.907344] Read of size 8 at addr ffff88808de26030 by task syz-executor447/8097
[   54.914854] 
[   54.916466] CPU: 0 PID: 8097 Comm: syz-executor447 Not tainted 5.0.0-rc2 #24
[   54.923631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   54.932976] Call Trace:
[   54.935536]  <IRQ>
[   54.937718]  dump_stack+0x1db/0x2d0
[   54.941334]  ? dump_stack_print_info.cold+0x20/0x20
[   54.946338]  ? kasan_check_read+0x11/0x20
[   54.950469]  ? do_raw_spin_unlock+0xa0/0x330
[   54.954859]  ? lock_release+0xc40/0xc40
[   54.958821]  ? tick_sched_handle+0x16f/0x190
[   54.963213]  print_address_description.cold+0x7c/0x20d
[   54.968483]  ? tick_sched_handle+0x16f/0x190
[   54.972893]  ? tick_sched_handle+0x16f/0x190
[   54.983221]  kasan_report.cold+0x1b/0x40
[   54.987270]  ? tick_sched_handle+0x16f/0x190
[   54.991668]  __asan_report_load8_noabort+0x14/0x20
[   54.996585]  tick_sched_handle+0x16f/0x190
[   55.000820]  tick_sched_timer+0x47/0x130
[   55.004871]  __hrtimer_run_queues+0x3a7/0x1050
[   55.009456]  ? tick_sched_do_timer+0x1b0/0x1b0
[   55.014049]  ? hrtimer_start_range_ns+0xda0/0xda0
[   55.018895]  ? kvm_clock_read+0x18/0x30
[   55.022853]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   55.027860]  ? ktime_get_update_offsets_now+0x3d5/0x5e0
[   55.033209]  ? do_timer+0x50/0x50
[   55.036648]  ? add_lock_to_list.isra.0+0x450/0x450
[   55.041570]  ? rcu_softirq_qs+0x20/0x20
[   55.045528]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   55.051058]  hrtimer_interrupt+0x314/0x770
[   55.055284]  smp_apic_timer_interrupt+0x18d/0x760
[   55.060127]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   55.064951]  ? smp_call_function_single_interrupt+0x640/0x640
[   55.070816]  ? trace_hardirqs_off+0x310/0x310
[   55.075299]  ? task_prio+0x50/0x50
[   55.078831]  ? check_preemption_disabled+0x48/0x290
[   55.083868]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   55.088709]  apic_timer_interrupt+0xf/0x20
[   55.092971]  </IRQ>
[   55.095201] 
[   55.096820] The buggy address belongs to the page:
[   55.101736] page:ffffea0002378980 count:0 mapcount:0 mapping:0000000000000000 index:0xffff88808de26d00
[   55.111167] flags: 0x1fffc0000000000()
[   55.115043] raw: 01fffc0000000000 dead000000000100 dead000000000200 0000000000000000
[   55.122929] raw: ffff88808de26d00 0000000000000000 00000000ffffffff 0000000000000000
[   55.130804] page dumped because: kasan: bad access detected
[   55.136495] 
[   55.138100] Memory state around the buggy address:
[   55.143007]  ffff88808de25f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.150346]  ffff88808de25f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.157717] >ffff88808de26000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.165067]                                      ^
[   55.169992]  ffff88808de26080: f1 f1 f1 f1 04 f3 f3 f3 ff 00 00 00 00 00 00 00
[   55.177359]  ffff88808de26100: 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 f3 f3 f3 ff
[   55.184711] ==================================================================
[   55.192077] Disabling lock debugging due to kernel taint
[   55.197561] Kernel panic - not syncing: panic_on_warn set ...
[   55.203444] CPU: 0 PID: 8097 Comm: syz-executor447 Tainted: G    B             5.0.0-rc2 #24
[   55.212001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   55.221334] Call Trace:
[   55.223905]  <IRQ>
[   55.226060]  dump_stack+0x1db/0x2d0
[   55.229685]  ? dump_stack_print_info.cold+0x20/0x20
[   55.234686]  panic+0x2cb/0x65c
[   55.237876]  ? add_taint.cold+0x16/0x16
[   55.241833]  ? kasan_check_read+0x11/0x20
[   55.245965]  ? trace_hardirqs_on_caller+0x310/0x310
[   55.250963]  ? do_raw_spin_trylock+0x270/0x270
[   55.255527]  ? add_taint.cold+0x5/0x16
[   55.259433]  ? trace_hardirqs_off+0xaf/0x310
[   55.263829]  ? tick_sched_handle+0x16f/0x190
[   55.268601]  end_report+0x47/0x4f
[   55.272033]  ? tick_sched_handle+0x16f/0x190
[   55.276446]  kasan_report.cold+0xe/0x40
[   55.280430]  ? tick_sched_handle+0x16f/0x190
[   55.284824]  __asan_report_load8_noabort+0x14/0x20
[   55.289735]  tick_sched_handle+0x16f/0x190
[   55.293951]  tick_sched_timer+0x47/0x130
[   55.298000]  __hrtimer_run_queues+0x3a7/0x1050
[   55.302594]  ? tick_sched_do_timer+0x1b0/0x1b0
[   55.307161]  ? hrtimer_start_range_ns+0xda0/0xda0
[   55.311986]  ? kvm_clock_read+0x18/0x30
[   55.315941]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   55.320936]  ? ktime_get_update_offsets_now+0x3d5/0x5e0
[   55.326280]  ? do_timer+0x50/0x50
[   55.329712]  ? add_lock_to_list.isra.0+0x450/0x450
[   55.334650]  ? rcu_softirq_qs+0x20/0x20
[   55.338606]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   55.344129]  hrtimer_interrupt+0x314/0x770
[   55.348364]  smp_apic_timer_interrupt+0x18d/0x760
[   55.353189]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   55.358013]  ? smp_call_function_single_interrupt+0x640/0x640
[   55.363875]  ? trace_hardirqs_off+0x310/0x310
[   55.368356]  ? task_prio+0x50/0x50
[   55.371876]  ? check_preemption_disabled+0x48/0x290
[   55.376874]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   55.381792]  apic_timer_interrupt+0xf/0x20
[   55.386006]  </IRQ>
[   55.389209] Kernel Offset: disabled
[   55.392856] Rebooting in 86400 seconds..