[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   30.409333] audit: type=1800 audit(1538921283.135:25): pid=5592 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   30.428215] audit: type=1800 audit(1538921283.135:26): pid=5592 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   30.428233] audit: type=1800 audit(1538921283.135:27): pid=5592 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.94' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz_tun.accept_dad = 0
net.ipv6.conf.syz_tun.router_solicitations = 0
syzkaller login: [   41.307404] IPVS: ftp: loaded support on port[0] = 21
[   41.479680] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.486243] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.493046] device bridge_slave_0 entered promiscuous mode
[   41.507454] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.513850] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.520879] device bridge_slave_1 entered promiscuous mode
[   41.534496] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   41.549468] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   41.586468] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   41.602733] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   41.655879] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   41.662997] team0: Port device team_slave_0 added
[   41.675909] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   41.682983] team0: Port device team_slave_1 added
[   41.696700] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   41.716965] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   41.732314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   41.748520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   41.848362] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.855976] bridge0: port 2(bridge_slave_1) entered forwarding state
[   41.865485] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.874884] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   42.236659] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   42.242896] 8021q: adding VLAN 0 to HW filter on device bond0
[   42.280223] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   42.317919] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.324992] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   42.361413] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   42.367818] 8021q: adding VLAN 0 to HW filter on device team0
[   42.426447] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
executing program
[   42.567428] kauditd_printk_skb: 3 callbacks suppressed
[   42.567440] audit: type=1804 audit(1538921295.295:31): pid=6004 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor261" name="/root/bus" dev="sda1" ino=16482 res=1
[   42.837332] ==================================================================
[   42.846548] BUG: KASAN: use-after-free in tls_push_record+0x10b9/0x1480
[   42.853283] Write of size 1 at addr ffff8801baa73091 by task syz-executor261/6005
[   42.860886] 
[   42.862516] CPU: 1 PID: 6005 Comm: syz-executor261 Not tainted 4.19.0-rc6+ #272
[   42.869944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.879327] Call Trace:
[   42.881911]  dump_stack+0x1c4/0x2b4
[   42.885541]  ? dump_stack_print_info.cold.2+0x52/0x52
[   42.890731]  ? printk+0xa7/0xcf
[   42.894067]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   42.898817]  print_address_description.cold.8+0x9/0x1ff
[   42.904688]  kasan_report.cold.9+0x242/0x309
[   42.909090]  ? tls_push_record+0x10b9/0x1480
[   42.913494]  __asan_report_store1_noabort+0x17/0x20
[   42.918512]  tls_push_record+0x10b9/0x1480
[   42.922820]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   42.928360]  ? lock_sock_nested+0x9a/0x120
[   42.932588]  tls_sw_push_pending_record+0x22/0x30
[   42.937415]  tls_sk_proto_close+0x69c/0xbb0
[   42.941722]  ? lock_acquire+0x1ed/0x520
[   42.945679]  ? tcp_check_oom+0x530/0x530
[   42.949899]  ? tls_write_space+0x390/0x390
[   42.954114]  ? arch_local_save_flags+0x40/0x40
[   42.958772]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   42.964213]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   42.969740]  ? ipv6_sock_ac_close+0x34f/0x470
[   42.975176]  ? ipv6_sock_mc_close+0x162/0x1d0
[   42.979724]  ? ip_mc_drop_socket+0x20b/0x270
[   42.984122]  ? down_write+0x8a/0x130
[   42.987823]  inet_release+0x104/0x1f0
[   42.991614]  inet6_release+0x50/0x70
[   42.995332]  __sock_release+0xd7/0x250
[   42.999216]  ? __sock_release+0x250/0x250
[   43.003350]  sock_close+0x19/0x20
[   43.006790]  __fput+0x385/0xa30
[   43.010277]  ? get_max_files+0x20/0x20
[   43.014157]  ? do_raw_spin_lock+0xc1/0x200
[   43.018381]  ? ___might_sleep+0x1ed/0x300
[   43.022520]  ? arch_local_save_flags+0x40/0x40
[   43.027086]  ____fput+0x15/0x20
[   43.030463]  task_work_run+0x1e8/0x2a0
[   43.034353]  ? task_work_cancel+0x240/0x240
[   43.039271]  ? switch_task_namespaces+0xb8/0xd0
[   43.043928]  do_exit+0x1ad7/0x2610
[   43.047610]  ? mm_update_next_owner+0x990/0x990
[   43.052293]  ? ___might_sleep+0x1ed/0x300
[   43.056432]  ? arch_local_save_flags+0x40/0x40
[   43.060996]  ? do_raw_spin_unlock+0xa7/0x2f0
[   43.065392]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   43.069956]  ? lock_acquire+0x1ed/0x520
[   43.073910]  ? __might_sleep+0x95/0x190
[   43.078713]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   43.084250]  ? futex_wait_queue_me+0x55d/0x840
[   43.088822]  ? refill_pi_state_cache.part.9+0x320/0x320
[   43.094182]  ? futex_wait+0x309/0xa50
[   43.098874]  ? lock_downgrade+0x900/0x900
[   43.103365]  ? kasan_check_write+0x14/0x20
[   43.109404]  ? mark_held_locks+0x130/0x130
[   43.115471]  ? kasan_check_read+0x11/0x20
[   43.121876]  ? do_raw_spin_unlock+0xa7/0x2f0
[   43.127843]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   43.134396]  ? kasan_check_write+0x14/0x20
[   43.139394]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   43.144922]  ? drop_futex_key_refs.isra.15+0x6d/0xe0
[   43.150088]  ? futex_wait+0x5ec/0xa50
[   43.153893]  ? futex_wait_setup+0x3e0/0x3e0
[   43.158201]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   43.163373]  ? drop_futex_key_refs.isra.15+0x6d/0xe0
[   43.168460]  ? futex_wake+0x304/0x760
[   43.172253]  ? memset+0x31/0x40
[   43.175516]  ? __dequeue_signal+0xf9/0x7d0
[   43.179741]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   43.185266]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   43.193144]  ? get_signal+0x95b/0x1980
[   43.197025]  ? lock_downgrade+0x900/0x900
[   43.201160]  do_group_exit+0x177/0x440
[   43.205044]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   43.210493]  ? __ia32_sys_exit+0x50/0x50
[   43.214541]  ? kasan_check_write+0x14/0x20
[   43.218758]  ? do_raw_spin_lock+0xc1/0x200
[   43.222980]  get_signal+0x8b0/0x1980
[   43.226680]  ? ptrace_notify+0x130/0x130
[   43.230728]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   43.236252]  ? do_tcp_setsockopt.isra.40+0x202/0x2770
[   43.241422]  ? tcp_peek_len+0x2c0/0x2c0
[   43.245379]  ? release_sock+0x1ec/0x2c0
[   43.249335]  do_signal+0x9c/0x21e0
[   43.252988]  ? aa_sk_perm+0x218/0x8b0
[   43.256793]  ? fget_raw+0x20/0x20
[   43.260231]  ? setup_sigcontext+0x7d0/0x7d0
[   43.264535]  ? aa_af_perm+0x5a0/0x5a0
[   43.268322]  ? __local_bh_enable_ip+0x160/0x260
[   43.272977]  ? _raw_spin_unlock_bh+0x30/0x40
[   43.277375]  ? tcp_setsockopt+0x9a/0xe0
[   43.281338]  ? __x64_sys_futex+0x47f/0x6a0
[   43.285568]  exit_to_usermode_loop+0x2e5/0x380
[   43.290498]  ? syscall_slow_exit_work+0x520/0x520
[   43.296552]  do_syscall_64+0x6be/0x820
[   43.300517]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   43.305883]  ? syscall_return_slowpath+0x5e0/0x5e0
[   43.310802]  ? trace_hardirqs_on_caller+0x310/0x310
[   43.315805]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   43.320802]  ? recalc_sigpending_tsk+0x180/0x180
[   43.325589]  ? kasan_check_write+0x14/0x20
[   43.329825]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   43.334664]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   43.339838] RIP: 0033:0x446e79
[   43.343132] Code: 00 2f 75 73 72 2f 6c 69 62 2f 72 73 79 73 6c 6f 67 2f 00 4d 6f 64 75 6c 65 20 27 25 73 27 20 61 6c 72 65 61 64 79 20 6c 6f 61 <64> 65 64 0a 00 6c 6f 61 64 69 6e 67 20 6d 6f 64 75 6c 65 20 27 25
[   43.362024] RSP: 002b:00007f60c8458da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   43.369719] RAX: fffffffffffffe00 RBX: 00000000006dcc58 RCX: 0000000000446e79
[   43.376973] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dcc58
[   43.384223] RBP: 00000000006dcc50 R08: 0000000000000000 R09: 0000000000000000
[   43.391563] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc5c
[   43.398818] R13: 4000000000000001 R14: 00007f60c84599c0 R15: 0000000000000001
[   43.406076] 
[   43.407682] The buggy address belongs to the page:
[   43.412701] page:ffffea0006ea9cc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   43.420894] flags: 0x2fffc0000000000()
[   43.424773] raw: 02fffc0000000000 0000000000000000 ffffffff06ea0101 0000000000000000
[   43.432642] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   43.440505] page dumped because: kasan: bad access detected
[   43.446191] 
[   43.447797] Memory state around the buggy address:
[   43.452710]  ffff8801baa72f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   43.460051]  ffff8801baa73000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   43.467523] >ffff8801baa73080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   43.474864]                          ^
[   43.478740]  ffff8801baa73100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   43.486084]  ffff8801baa73180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   43.493458] ==================================================================
[   43.503756] Kernel panic - not syncing: panic_on_warn set ...
[   43.503756] 
[   43.511275] CPU: 1 PID: 6005 Comm: syz-executor261 Tainted: G    B             4.19.0-rc6+ #272
[   43.520126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   43.529462] Call Trace:
[   43.532032]  dump_stack+0x1c4/0x2b4
[   43.535641]  ? dump_stack_print_info.cold.2+0x52/0x52
[   43.540811]  panic+0x238/0x4e7
[   43.543998]  ? add_taint.cold.5+0x16/0x16
[   43.548130]  ? preempt_schedule+0x4d/0x60
[   43.552260]  ? ___preempt_schedule+0x16/0x18
[   43.556654]  ? trace_hardirqs_on+0xb4/0x310
[   43.560958]  kasan_end_report+0x47/0x4f
[   43.564912]  kasan_report.cold.9+0x76/0x309
[   43.569216]  ? tls_push_record+0x10b9/0x1480
[   43.573605]  __asan_report_store1_noabort+0x17/0x20
[   43.578601]  tls_push_record+0x10b9/0x1480
[   43.582820]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   43.588339]  ? lock_sock_nested+0x9a/0x120
[   43.592558]  tls_sw_push_pending_record+0x22/0x30
[   43.597383]  tls_sk_proto_close+0x69c/0xbb0
[   43.601685]  ? lock_acquire+0x1ed/0x520
[   43.605643]  ? tcp_check_oom+0x530/0x530
[   43.609687]  ? tls_write_space+0x390/0x390
[   43.613903]  ? arch_local_save_flags+0x40/0x40
[   43.618467]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   43.623897]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   43.629413]  ? ipv6_sock_ac_close+0x34f/0x470
[   43.633901]  ? ipv6_sock_mc_close+0x162/0x1d0
[   43.638379]  ? ip_mc_drop_socket+0x20b/0x270
[   43.642767]  ? down_write+0x8a/0x130
[   43.646473]  inet_release+0x104/0x1f0
[   43.650263]  inet6_release+0x50/0x70
[   43.654221]  __sock_release+0xd7/0x250
[   43.658090]  ? __sock_release+0x250/0x250
[   43.662219]  sock_close+0x19/0x20
[   43.665652]  __fput+0x385/0xa30
[   43.668911]  ? get_max_files+0x20/0x20
[   43.672778]  ? do_raw_spin_lock+0xc1/0x200
[   43.676994]  ? ___might_sleep+0x1ed/0x300
[   43.681122]  ? arch_local_save_flags+0x40/0x40
[   43.685687]  ____fput+0x15/0x20
[   43.688969]  task_work_run+0x1e8/0x2a0
[   43.693450]  ? task_work_cancel+0x240/0x240
[   43.698101]  ? switch_task_namespaces+0xb8/0xd0
[   43.702767]  do_exit+0x1ad7/0x2610
[   43.706293]  ? mm_update_next_owner+0x990/0x990
[   43.710943]  ? ___might_sleep+0x1ed/0x300
[   43.715074]  ? arch_local_save_flags+0x40/0x40
[   43.719672]  ? do_raw_spin_unlock+0xa7/0x2f0
[   43.724080]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   43.728647]  ? lock_acquire+0x1ed/0x520
[   43.732604]  ? __might_sleep+0x95/0x190
[   43.736561]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   43.742080]  ? futex_wait_queue_me+0x55d/0x840
[   43.746642]  ? refill_pi_state_cache.part.9+0x320/0x320
[   43.751986]  ? futex_wait+0x309/0xa50
[   43.755785]  ? lock_downgrade+0x900/0x900
[   43.759926]  ? kasan_check_write+0x14/0x20
[   43.764140]  ? mark_held_locks+0x130/0x130
[   43.768354]  ? kasan_check_read+0x11/0x20
[   43.773001]  ? do_raw_spin_unlock+0xa7/0x2f0
[   43.777565]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   43.782124]  ? kasan_check_write+0x14/0x20
[   43.786351]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   43.791521]  ? drop_futex_key_refs.isra.15+0x6d/0xe0
[   43.796865]  ? futex_wait+0x5ec/0xa50
[   43.800646]  ? futex_wait_setup+0x3e0/0x3e0
[   43.804948]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   43.810119]  ? drop_futex_key_refs.isra.15+0x6d/0xe0
[   43.815203]  ? futex_wake+0x304/0x760
[   43.819005]  ? memset+0x31/0x40
[   43.822272]  ? __dequeue_signal+0xf9/0x7d0
[   43.826795]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   43.832313]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   43.837832]  ? get_signal+0x95b/0x1980
[   43.841699]  ? lock_downgrade+0x900/0x900
[   43.845831]  do_group_exit+0x177/0x440
[   43.849699]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   43.855145]  ? __ia32_sys_exit+0x50/0x50
[   43.859195]  ? kasan_check_write+0x14/0x20
[   43.863410]  ? do_raw_spin_lock+0xc1/0x200
[   43.867638]  get_signal+0x8b0/0x1980
[   43.871333]  ? ptrace_notify+0x130/0x130
[   43.875382]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   43.880922]  ? do_tcp_setsockopt.isra.40+0x202/0x2770
[   43.886095]  ? tcp_peek_len+0x2c0/0x2c0
[   43.890070]  ? release_sock+0x1ec/0x2c0
[   43.894026]  do_signal+0x9c/0x21e0
[   43.897547]  ? aa_sk_perm+0x218/0x8b0
[   43.901327]  ? fget_raw+0x20/0x20
[   43.904760]  ? setup_sigcontext+0x7d0/0x7d0
[   43.909061]  ? aa_af_perm+0x5a0/0x5a0
[   43.912843]  ? __local_bh_enable_ip+0x160/0x260
[   43.917493]  ? _raw_spin_unlock_bh+0x30/0x40
[   43.921881]  ? tcp_setsockopt+0x9a/0xe0
[   43.925865]  ? __x64_sys_futex+0x47f/0x6a0
[   43.930085]  exit_to_usermode_loop+0x2e5/0x380
[   43.934649]  ? syscall_slow_exit_work+0x520/0x520
[   43.939478]  do_syscall_64+0x6be/0x820
[   43.943345]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   43.948690]  ? syscall_return_slowpath+0x5e0/0x5e0
[   43.953598]  ? trace_hardirqs_on_caller+0x310/0x310
[   43.958619]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   43.963616]  ? recalc_sigpending_tsk+0x180/0x180
[   43.968350]  ? kasan_check_write+0x14/0x20
[   43.972566]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   43.977389]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   43.983271] RIP: 0033:0x446e79
[   43.986448] Code: 00 2f 75 73 72 2f 6c 69 62 2f 72 73 79 73 6c 6f 67 2f 00 4d 6f 64 75 6c 65 20 27 25 73 27 20 61 6c 72 65 61 64 79 20 6c 6f 61 <64> 65 64 0a 00 6c 6f 61 64 69 6e 67 20 6d 6f 64 75 6c 65 20 27 25
[   44.005325] RSP: 002b:00007f60c8458da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   44.013025] RAX: fffffffffffffe00 RBX: 00000000006dcc58 RCX: 0000000000446e79
[   44.020274] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dcc58
[   44.027521] RBP: 00000000006dcc50 R08: 0000000000000000 R09: 0000000000000000
[   44.034768] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc5c
[   44.042018] R13: 4000000000000001 R14: 00007f60c84599c0 R15: 0000000000000001
[   44.050812] Kernel Offset: disabled
[   44.054432] Rebooting in 86400 seconds..