[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 28.894936] kauditd_printk_skb: 7 callbacks suppressed [ 28.894948] audit: type=1800 audit(1544392317.331:29): pid=5913 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.920292] audit: type=1800 audit(1544392317.331:30): pid=5913 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts. net.ipv6.conf.syz_tun.accept_dad = 0 syzkaller login: [ 40.403113] IPVS: ftp: loaded support on port[0] = 21 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 40.664264] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.671094] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.678096] device bridge_slave_0 entered promiscuous mode [ 40.697283] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.703894] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.710777] device bridge_slave_1 entered promiscuous mode [ 40.728852] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 40.746857] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 40.797303] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 40.817212] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 40.881196] list_add corruption. prev->next should be next (ffffffff89fd0da0), but was 0000000000000000. (prev=ffff8881bf882ff0). [ 40.893366] ------------[ cut here ]------------ [ 40.898128] kernel BUG at lib/list_debug.c:28! [ 40.902757] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 40.908132] CPU: 0 PID: 6127 Comm: ip Not tainted 4.20.0-rc4+ #335 [ 40.914432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.923782] RIP: 0010:__list_add_valid.cold.2+0x23/0x2a [ 40.929143] Code: e8 90 fd d1 fd 0f 0b 48 89 d9 48 c7 c7 a0 d8 60 88 e8 7f fd d1 fd 0f 0b 48 89 f1 48 c7 c7 20 d9 60 88 48 89 de e8 6b fd d1 fd <0f> 0b 90 90 90 90 90 55 48 89 e5 41 57 41 56 49 be 00 00 00 00 00 [ 40.948042] RSP: 0000:ffff8881dae06dd0 EFLAGS: 00010282 [ 40.953392] RAX: 0000000000000075 RBX: ffffffff89fd0da0 RCX: 0000000000000000 [ 40.960665] RDX: 0000000000000000 RSI: ffffffff8165eae5 RDI: 0000000000000005 [ 40.967924] RBP: ffff8881dae06de8 R08: ffff8881bf894580 R09: ffffed103b5c5020 [ 40.975179] R10: ffffed103b5c5020 R11: ffff8881dae28107 R12: ffff8881ccadc730 [ 40.982464] R13: ffff8881ccadc4c0 R14: ffffffff89fd0b60 R15: ffffffff89fd0df0 [ 40.989720] FS: 0000000000000000(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000 [ 40.997946] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.003816] CR2: 00007f6434a6faf0 CR3: 00000001c081c000 CR4: 00000000001406f0 [ 41.011089] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.018344] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.025607] Call Trace: [ 41.028168] [ 41.030306] ___neigh_create+0x14b7/0x2600 [ 41.034529] ? neigh_remove_one+0x5a0/0x5a0 [ 41.038840] ? print_usage_bug+0xc0/0xc0 [ 41.042883] ? zap_class+0x640/0x640 [ 41.046577] ? __lock_acquire+0x62f/0x4c20 [ 41.050798] ? find_held_lock+0x36/0x1c0 [ 41.054862] ? ipv6_chk_mcast_addr+0x350/0x940 [ 41.059432] ? lock_downgrade+0x900/0x900 [ 41.063569] ? check_preemption_disabled+0x48/0x280 [ 41.068582] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 41.073495] ? kasan_check_read+0x11/0x20 [ 41.077649] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 41.082930] ? lock_acquire+0x1ed/0x520 [ 41.086891] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.092413] ? check_preemption_disabled+0x48/0x280 [ 41.097419] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 41.102939] ? rcu_pm_notify+0xc0/0xc0 [ 41.106810] __neigh_create+0x30/0x40 [ 41.110613] ip6_finish_output2+0xa59/0x27a0 [ 41.115009] ? ip6_forward_finish+0x560/0x560 [ 41.119487] ? ip6_mtu+0x39c/0x520 [ 41.123011] ? lock_downgrade+0x900/0x900 [ 41.127164] ? check_preemption_disabled+0x48/0x280 [ 41.132164] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 41.137079] ? kasan_check_read+0x11/0x20 [ 41.141212] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 41.146470] ? rcu_softirq_qs+0x20/0x20 [ 41.150454] ? ip6_mtu+0x160/0x520 [ 41.153979] ? find_match+0x10a0/0x10a0 [ 41.157937] ? kasan_check_read+0x11/0x20 [ 41.162087] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 41.167353] ip6_finish_output+0x58c/0xc60 [ 41.171570] ? ip6_finish_output+0x58c/0xc60 [ 41.175965] ip6_output+0x232/0x9d0 [ 41.179574] ? ip6_finish_output+0xc60/0xc60 [ 41.184082] ? ip6_fragment+0x38b0/0x38b0 [ 41.188212] ? ip6_mtu_from_fib6+0x770/0x770 [ 41.192608] mld_sendpack+0xad5/0xfa0 [ 41.196400] ? nf_hook.constprop.40+0x860/0x860 [ 41.201064] ? _raw_read_unlock_bh+0x30/0x40 [ 41.205466] ? trace_hardirqs_off_caller+0x310/0x310 [ 41.210558] ? __local_bh_enable_ip+0x160/0x260 [ 41.215213] mld_ifc_timer_expire+0x447/0x8a0 [ 41.219723] call_timer_fn+0x272/0x920 [ 41.223602] ? mld_dad_timer_expire+0x1b0/0x1b0 [ 41.228255] ? process_timeout+0x40/0x40 [ 41.232302] ? mark_held_locks+0xc7/0x130 [ 41.236434] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.240912] ? _raw_spin_unlock_irq+0x27/0x80 [ 41.245392] ? mld_dad_timer_expire+0x1b0/0x1b0 [ 41.250062] ? lockdep_hardirqs_on+0x296/0x5b0 [ 41.254646] ? trace_hardirqs_on+0xbd/0x310 [ 41.258952] ? kasan_check_read+0x11/0x20 [ 41.263085] ? __run_timers+0x7da/0xc70 [ 41.267061] ? trace_hardirqs_off_caller+0x310/0x310 [ 41.272159] ? mld_dad_timer_expire+0x1b0/0x1b0 [ 41.276813] __run_timers+0x7e5/0xc70 [ 41.280608] ? timer_fixup_init+0x70/0x70 [ 41.284740] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 41.289740] ? zap_class+0x640/0x640 [ 41.293456] ? print_usage_bug+0xc0/0xc0 [ 41.297503] ? hrtimer_update_softirq_timer+0xa0/0xa0 [ 41.302693] ? find_held_lock+0x36/0x1c0 [ 41.306738] ? zap_class+0x640/0x640 [ 41.310452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.315981] ? check_preemption_disabled+0x48/0x280 [ 41.321005] ? __lock_is_held+0xb5/0x140 [ 41.325081] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.330609] ? check_preemption_disabled+0x48/0x280 [ 41.335615] run_timer_softirq+0x52/0xb0 [ 41.339668] ? rcu_read_lock_sched_held+0x14f/0x180 [ 41.344670] __do_softirq+0x308/0xb7e [ 41.348471] ? ktime_get_raw_ts64+0x4d0/0x4d0 [ 41.352949] ? lock_downgrade+0x900/0x900 [ 41.357079] ? __irqentry_text_end+0x1f9658/0x1f9658 [ 41.362181] ? pvclock_read_flags+0x160/0x160 [ 41.366716] ? lapic_next_event+0x5a/0x90 [ 41.370846] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.376369] ? kvm_clock_read+0x18/0x30 [ 41.380329] ? kvm_sched_clock_read+0x9/0x20 [ 41.384739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.390277] ? check_preemption_disabled+0x48/0x280 [ 41.395292] irq_exit+0x17f/0x1c0 [ 41.398747] smp_apic_timer_interrupt+0x1cb/0x760 [ 41.403579] ? smp_reschedule_interrupt+0x109/0x650 [ 41.408585] ? smp_call_function_single_interrupt+0x650/0x650 [ 41.414459] ? interrupt_entry+0xb5/0xc0 [ 41.418530] ? trace_hardirqs_off_caller+0xbb/0x310 [ 41.423556] ? trace_hardirqs_off_caller+0xbb/0x310 [ 41.428673] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.433508] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.438504] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.443506] ? task_prio+0x50/0x50 [ 41.447028] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.452550] ? check_preemption_disabled+0x48/0x280 [ 41.457551] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.462376] apic_timer_interrupt+0xf/0x20 [ 41.466606] [ 41.468830] RIP: 0010:add_mm_counter_fast+0x78/0xd0 [ 41.473831] Code: 4a 8d bc a3 5c 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 <84> d2 75 39 46 01 ac a3 5c 04 00 00 e8 97 d3 cd ff 5b 41 5c 41 5d [ 41.492819] RSP: 0000:ffff8881bf5ff290 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13 [ 41.500505] RAX: 0000000000000007 RBX: ffff8881bf894580 RCX: ffffffff81b2f8a9 [ 41.507801] RDX: 0000000000000000 RSI: ffffffff81b1b71e RDI: ffff8881bf8949dc [ 41.515048] RBP: ffff8881bf5ff2b0 R08: ffff8881bf894580 R09: ffffed103b5c5b67 [ 41.522297] R10: ffffed103b5c5b67 R11: ffff8881dae2db3b R12: 0000000000000000 [ 41.529566] R13: 0000000000000001 R14: ffff8881bdf248c0 R15: ffff8881bf5ffa88 [ 41.536822] ? alloc_set_pte+0xcd9/0x1f40 [ 41.540952] ? add_mm_counter_fast+0x4e/0xd0 [ 41.545359] alloc_set_pte+0xd24/0x1f40 [ 41.549315] ? do_swap_page+0x3690/0x3690 [ 41.553445] ? mark_held_locks+0x130/0x130 [ 41.557659] ? mark_held_locks+0x130/0x130 [ 41.561880] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.567399] ? zap_class+0x640/0x640 [ 41.571094] ? zap_class+0x640/0x640 [ 41.574806] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 41.580330] ? unlock_page+0x2c2/0x4c0 [ 41.584215] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.589768] ? check_preemption_disabled+0x48/0x280 [ 41.594768] ? __lock_is_held+0xb5/0x140 [ 41.598816] filemap_map_pages+0x164b/0x1a20 [ 41.603209] ? find_get_entries_tag+0x1400/0x1400 [ 41.608035] ? save_stack+0xa9/0xd0 [ 41.611648] ? save_stack+0x43/0xd0 [ 41.615255] ? kasan_kmalloc+0xc7/0xe0 [ 41.619120] ? kasan_slab_alloc+0x12/0x20 [ 41.623257] ? kmem_cache_alloc+0x12e/0x730 [ 41.627561] ? ptlock_alloc+0x20/0x80 [ 41.631355] ? pte_alloc_one+0x6b/0x1a0 [ 41.635312] ? __handle_mm_fault+0x4afe/0x5be0 [ 41.639888] ? handle_mm_fault+0x54f/0xc70 [ 41.644120] ? __do_page_fault+0x5e8/0xe60 [ 41.648358] ? do_page_fault+0xf2/0x7e0 [ 41.652317] ? page_fault+0x1e/0x30 [ 41.655927] ? find_held_lock+0x36/0x1c0 [ 41.659970] ? zap_class+0x640/0x640 [ 41.663669] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.669199] ? check_preemption_disabled+0x48/0x280 [ 41.674200] ? __lock_is_held+0xb5/0x140 [ 41.678247] ? rcu_read_lock_sched_held+0x14f/0x180 [ 41.683243] ? kmem_cache_alloc+0x33a/0x730 [ 41.687560] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 41.693082] ? __lockdep_init_map+0x105/0x590 [ 41.697558] ? lockdep_init_map+0x9/0x10 [ 41.701601] __handle_mm_fault+0x45a0/0x5be0 [ 41.705991] ? trace_hardirqs_off+0xb8/0x310 [ 41.710379] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 41.715208] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 41.720726] ? rcu_pm_notify+0xc0/0xc0 [ 41.724600] ? zap_class+0x640/0x640 [ 41.728297] ? zap_class+0x640/0x640 [ 41.731994] ? putname+0xf7/0x130 [ 41.735428] ? find_held_lock+0x36/0x1c0 [ 41.739478] ? handle_mm_fault+0x42a/0xc70 [ 41.743694] ? lock_downgrade+0x900/0x900 [ 41.747822] ? check_preemption_disabled+0x48/0x280 [ 41.752820] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 41.757758] ? kasan_check_read+0x11/0x20 [ 41.761886] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 41.767153] ? rcu_softirq_qs+0x20/0x20 [ 41.771108] ? trace_hardirqs_off_caller+0x310/0x310 [ 41.776216] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.781737] ? check_preemption_disabled+0x48/0x280 [ 41.786740] handle_mm_fault+0x54f/0xc70 [ 41.790781] ? __handle_mm_fault+0x5be0/0x5be0 [ 41.795349] ? find_vma+0x34/0x190 [ 41.798873] __do_page_fault+0x5e8/0xe60 [ 41.802919] ? exit_to_usermode_loop+0x1f4/0x380 [ 41.807656] do_page_fault+0xf2/0x7e0 [ 41.811439] ? vmalloc_sync_all+0x30/0x30 [ 41.815570] ? error_entry+0x70/0xd0 [ 41.819273] ? trace_hardirqs_off_caller+0xbb/0x310 [ 41.824319] ? trace_hardirqs_on_caller+0xc0/0x310 [ 41.829252] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.834213] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.839054] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.844055] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 41.849489] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.854489] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.859489] ? page_fault+0x8/0x30 [ 41.863015] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.867836] ? page_fault+0x8/0x30 [ 41.871356] page_fault+0x1e/0x30 [ 41.874788] RIP: 0033:0x7f6434a6faf0 [ 41.878485] Code: 68 03 00 00 00 e9 b0 ff ff ff ff 25 4a f5 21 00 68 04 00 00 00 e9 a0 ff ff ff ff 25 42 f5 21 00 68 05 00 00 00 e9 90 ff ff ff <48> 89 e7 e8 28 06 00 00 49 89 c4 8b 05 ab f2 21 00 5a 48 8d 24 c4 [ 41.897365] RSP: 002b:00007ffd0f9324b0 EFLAGS: 00010202 [ 41.902725] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 41.909974] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 41.917226] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 41.924477] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 41.931727] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 41.938994] Modules linked in: [ 41.942244] ---[ end trace 41d06d45e16415ee ]--- [ 41.947004] RIP: 0010:__list_add_valid.cold.2+0x23/0x2a [ 41.952403] Code: e8 90 fd d1 fd 0f 0b 48 89 d9 48 c7 c7 a0 d8 60 88 e8 7f fd d1 fd 0f 0b 48 89 f1 48 c7 c7 20 d9 60 88 48 89 de e8 6b fd d1 fd <0f> 0b 90 90 90 90 90 55 48 89 e5 41 57 41 56 49 be 00 00 00 00 00 [ 41.971342] RSP: 0000:ffff8881dae06dd0 EFLAGS: 00010282 [ 41.976744] RAX: 0000000000000075 RBX: ffffffff89fd0da0 RCX: 0000000000000000 [ 41.984063] RDX: 0000000000000000 RSI: ffffffff8165eae5 RDI: 0000000000000005 [ 41.991358] RBP: ffff8881dae06de8 R08: ffff8881bf894580 R09: ffffed103b5c5020 [ 41.998625] R10: ffffed103b5c5020 R11: ffff8881dae28107 R12: ffff8881ccadc730 [ 42.005912] R13: ffff8881ccadc4c0 R14: ffffffff89fd0b60 R15: ffffffff89fd0df0 [ 42.013197] FS: 0000000000000000(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000 [ 42.021436] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.027312] CR2: 00007f6434a6faf0 CR3: 00000001c081c000 CR4: 00000000001406f0 [ 42.034610] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.041889] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.049146] Kernel panic - not syncing: Fatal exception in interrupt [ 42.056543] Kernel Offset: disabled [ 42.060184] Rebooting in 86400 seconds..