[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   33.311417] audit: type=1800 audit(1538909038.504:25): pid=5655 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   33.336660] audit: type=1800 audit(1538909038.504:26): pid=5655 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   33.360214] audit: type=1800 audit(1538909038.504:27): pid=5655 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.91' (ECDSA) to the list of known hosts.
net.ipv6.conf.syz_tun.accept_dad = 0
syzkaller login: [   45.217168] IPVS: ftp: loaded support on port[0] = 21
net.ipv6.conf.syz_tun.router_solicitations = 0
[   45.409263] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.415798] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.422962] device bridge_slave_0 entered promiscuous mode
[   45.437449] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.443874] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.450925] device bridge_slave_1 entered promiscuous mode
[   45.464609] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[   45.479989] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[   45.517682] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   45.534462] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   45.589744] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   45.597314] team0: Port device team_slave_0 added
[   45.610729] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   45.617738] team0: Port device team_slave_1 added
[   45.631619] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   45.647983] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   45.663296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   45.679495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
RTNETLINK answers: Operation not supported
RTNETLINK answers: No buffer space available
RTNETLINK answers: Operation not supported
[   45.785033] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.791410] bridge0: port 2(bridge_slave_1) entered forwarding state
[   45.797968] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.804316] bridge0: port 1(bridge_slave_0) entered forwarding state
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Operation not supported
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
RTNETLINK answers: Invalid argument
[   46.182973] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   46.189147] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.229179] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   46.269769] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.276923] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   46.309905] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   46.316423] 8021q: adding VLAN 0 to HW filter on device team0
[   46.350660] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
executing program
[   46.526663] kauditd_printk_skb: 3 callbacks suppressed
[   46.526671] audit: type=1804 audit(1538909051.714:31): pid=6066 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor009" name="/root/bus" dev="sda1" ino=16482 res=1
[   46.782367] ==================================================================
[   46.789755] BUG: KASAN: use-after-free in tls_push_record+0x10b9/0x1480
[   46.796501] Write of size 1 at addr ffff8801bc9eaff2 by task syz-executor009/6067
[   46.804103] 
[   46.805742] CPU: 1 PID: 6067 Comm: syz-executor009 Not tainted 4.19.0-rc6+ #271
[   46.813175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   46.822502] Call Trace:
[   46.825079]  dump_stack+0x1c4/0x2b4
[   46.828689]  ? dump_stack_print_info.cold.2+0x52/0x52
[   46.833977]  ? printk+0xa7/0xcf
[   46.837242]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[   46.841981]  print_address_description.cold.8+0x9/0x1ff
[   46.847324]  kasan_report.cold.9+0x242/0x309
[   46.851720]  ? tls_push_record+0x10b9/0x1480
[   46.856112]  __asan_report_store1_noabort+0x17/0x20
[   46.861117]  tls_push_record+0x10b9/0x1480
[   46.865447]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   46.870973]  ? lock_sock_nested+0x9a/0x120
[   46.875189]  tls_sw_push_pending_record+0x22/0x30
[   46.880009]  tls_sk_proto_close+0x69c/0xbb0
[   46.884315]  ? lock_acquire+0x1ed/0x520
[   46.888269]  ? tcp_check_oom+0x530/0x530
[   46.892366]  ? tls_write_space+0x390/0x390
[   46.896688]  ? arch_local_save_flags+0x40/0x40
[   46.901260]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   46.906696]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   46.912213]  ? ipv6_sock_ac_close+0x34f/0x470
[   46.916810]  ? ipv6_sock_mc_close+0x162/0x1d0
[   46.921287]  ? ip_mc_drop_socket+0x20b/0x270
[   46.925684]  ? down_write+0x8a/0x130
[   46.929396]  inet_release+0x104/0x1f0
[   46.933190]  inet6_release+0x50/0x70
[   46.936899]  __sock_release+0xd7/0x250
[   46.940988]  ? __sock_release+0x250/0x250
[   46.945183]  sock_close+0x19/0x20
[   46.948626]  __fput+0x385/0xa30
[   46.951898]  ? get_max_files+0x20/0x20
[   46.955798]  ? do_raw_spin_lock+0xc1/0x200
[   46.960026]  ? ___might_sleep+0x1ed/0x300
[   46.964153]  ? arch_local_save_flags+0x40/0x40
[   46.968726]  ____fput+0x15/0x20
[   46.972061]  task_work_run+0x1e8/0x2a0
[   46.975943]  ? task_work_cancel+0x240/0x240
[   46.980294]  ? switch_task_namespaces+0xb8/0xd0
[   46.984963]  do_exit+0x1ad7/0x2610
[   46.988491]  ? mm_update_next_owner+0x990/0x990
[   46.993145]  ? ___might_sleep+0x1ed/0x300
[   46.997275]  ? arch_local_save_flags+0x40/0x40
[   47.001838]  ? do_raw_spin_unlock+0xa7/0x2f0
[   47.006287]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   47.010855]  ? lock_acquire+0x1ed/0x520
[   47.014834]  ? __might_sleep+0x95/0x190
[   47.018800]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.024339]  ? futex_wait_queue_me+0x55d/0x840
[   47.028972]  ? refill_pi_state_cache.part.9+0x320/0x320
[   47.034327]  ? futex_wait+0x309/0xa50
[   47.038112]  ? lock_downgrade+0x900/0x900
[   47.042239]  ? kasan_check_write+0x14/0x20
[   47.046460]  ? mark_held_locks+0x130/0x130
[   47.050674]  ? kasan_check_read+0x11/0x20
[   47.054800]  ? do_raw_spin_unlock+0xa7/0x2f0
[   47.059265]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   47.063898]  ? kasan_check_write+0x14/0x20
[   47.068124]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   47.073301]  ? drop_futex_key_refs.isra.15+0x6d/0xe0
[   47.078386]  ? futex_wait+0x5ec/0xa50
[   47.082179]  ? futex_wait_setup+0x3e0/0x3e0
[   47.086489]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   47.091665]  ? drop_futex_key_refs.isra.15+0x6d/0xe0
[   47.096747]  ? futex_wake+0x304/0x760
[   47.100530]  ? memset+0x31/0x40
[   47.103814]  ? __dequeue_signal+0xf9/0x7d0
[   47.108093]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   47.113623]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.119144]  ? get_signal+0x95b/0x1980
[   47.123017]  ? lock_downgrade+0x900/0x900
[   47.127165]  do_group_exit+0x177/0x440
[   47.131040]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   47.136475]  ? __ia32_sys_exit+0x50/0x50
[   47.140523]  ? kasan_check_write+0x14/0x20
[   47.144749]  ? do_raw_spin_lock+0xc1/0x200
[   47.148970]  get_signal+0x8b0/0x1980
[   47.152669]  ? ptrace_notify+0x130/0x130
[   47.156710]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.162232]  ? do_tcp_setsockopt.isra.40+0x202/0x2770
[   47.167398]  ? tcp_peek_len+0x2c0/0x2c0
[   47.171372]  ? release_sock+0x1ec/0x2c0
[   47.175367]  do_signal+0x9c/0x21e0
[   47.178889]  ? aa_sk_perm+0x218/0x8b0
[   47.182671]  ? fget_raw+0x20/0x20
[   47.186125]  ? setup_sigcontext+0x7d0/0x7d0
[   47.190426]  ? aa_af_perm+0x5a0/0x5a0
[   47.194226]  ? __local_bh_enable_ip+0x160/0x260
[   47.198879]  ? _raw_spin_unlock_bh+0x30/0x40
[   47.203270]  ? tcp_setsockopt+0x9a/0xe0
[   47.207234]  ? __x64_sys_futex+0x47f/0x6a0
[   47.211452]  exit_to_usermode_loop+0x2e5/0x380
[   47.216145]  ? syscall_slow_exit_work+0x520/0x520
[   47.220991]  do_syscall_64+0x6be/0x820
[   47.224897]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   47.230247]  ? syscall_return_slowpath+0x5e0/0x5e0
[   47.235181]  ? trace_hardirqs_on_caller+0x310/0x310
[   47.240193]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   47.245209]  ? recalc_sigpending_tsk+0x180/0x180
[   47.249945]  ? kasan_check_write+0x14/0x20
[   47.254162]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   47.258988]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.264159] RIP: 0033:0x446e79
[   47.267372] Code: 00 2f 75 73 72 2f 6c 69 62 2f 72 73 79 73 6c 6f 67 2f 00 4d 6f 64 75 6c 65 20 27 25 73 27 20 61 6c 72 65 61 64 79 20 6c 6f 61 <64> 65 64 0a 00 6c 6f 61 64 69 6e 67 20 6d 6f 64 75 6c 65 20 27 25
[   47.286255] RSP: 002b:00007fa37c5b2da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   47.293946] RAX: fffffffffffffe00 RBX: 00000000006dcc58 RCX: 0000000000446e79
[   47.301197] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dcc58
[   47.308448] RBP: 00000000006dcc50 R08: 0000000000000000 R09: 0000000000000000
[   47.315698] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc5c
[   47.322951] R13: 4000000000000001 R14: 00007fa37c5b39c0 R15: 0000000000000001
[   47.330211] 
[   47.331819] The buggy address belongs to the page:
[   47.336730] page:ffffea0006f27a80 count:0 mapcount:0 mapping:0000000000000000 index:0xffff8801bc9ea200
[   47.346151] flags: 0x2fffc0000000000()
[   47.350035] raw: 02fffc0000000000 0000000000000000 dead000000000200 0000000000000000
[   47.357930] raw: ffff8801bc9ea200 ffff8801bc9ea200 00000000ffffffff 0000000000000000
[   47.365788] page dumped because: kasan: bad access detected
[   47.371475] 
[   47.373091] Memory state around the buggy address:
[   47.378012]  ffff8801bc9eae80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   47.385351]  ffff8801bc9eaf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   47.392709] >ffff8801bc9eaf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   47.400045]                                                              ^
[   47.407074]  ffff8801bc9eb000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   47.414417]  ffff8801bc9eb080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   47.421754] ==================================================================
[   47.430795] Kernel panic - not syncing: panic_on_warn set ...
[   47.430795] 
[   47.438185] CPU: 0 PID: 6067 Comm: syz-executor009 Tainted: G    B             4.19.0-rc6+ #271
[   47.447002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   47.456340] Call Trace:
[   47.458925]  dump_stack+0x1c4/0x2b4
[   47.462551]  ? dump_stack_print_info.cold.2+0x52/0x52
[   47.467727]  panic+0x238/0x4e7
[   47.470909]  ? add_taint.cold.5+0x16/0x16
[   47.475047]  ? preempt_schedule+0x4d/0x60
[   47.479193]  ? ___preempt_schedule+0x16/0x18
[   47.483587]  ? trace_hardirqs_on+0xb4/0x310
[   47.487894]  kasan_end_report+0x47/0x4f
[   47.491852]  kasan_report.cold.9+0x76/0x309
[   47.496159]  ? tls_push_record+0x10b9/0x1480
[   47.500552]  __asan_report_store1_noabort+0x17/0x20
[   47.506003]  tls_push_record+0x10b9/0x1480
[   47.510220]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.515741]  ? lock_sock_nested+0x9a/0x120
[   47.519959]  tls_sw_push_pending_record+0x22/0x30
[   47.524784]  tls_sk_proto_close+0x69c/0xbb0
[   47.529107]  ? lock_acquire+0x1ed/0x520
[   47.533071]  ? tcp_check_oom+0x530/0x530
[   47.537119]  ? tls_write_space+0x390/0x390
[   47.541335]  ? arch_local_save_flags+0x40/0x40
[   47.545900]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   47.551336]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.556854]  ? ipv6_sock_ac_close+0x34f/0x470
[   47.561336]  ? ipv6_sock_mc_close+0x162/0x1d0
[   47.565828]  ? ip_mc_drop_socket+0x20b/0x270
[   47.570222]  ? down_write+0x8a/0x130
[   47.573921]  inet_release+0x104/0x1f0
[   47.577703]  inet6_release+0x50/0x70
[   47.581400]  __sock_release+0xd7/0x250
[   47.585272]  ? __sock_release+0x250/0x250
[   47.589400]  sock_close+0x19/0x20
[   47.592847]  __fput+0x385/0xa30
[   47.596107]  ? get_max_files+0x20/0x20
[   47.599977]  ? do_raw_spin_lock+0xc1/0x200
[   47.604224]  ? ___might_sleep+0x1ed/0x300
[   47.608367]  ? arch_local_save_flags+0x40/0x40
[   47.612961]  ____fput+0x15/0x20
[   47.616243]  task_work_run+0x1e8/0x2a0
[   47.620132]  ? task_work_cancel+0x240/0x240
[   47.624439]  ? switch_task_namespaces+0xb8/0xd0
[   47.629095]  do_exit+0x1ad7/0x2610
[   47.632623]  ? mm_update_next_owner+0x990/0x990
[   47.637276]  ? ___might_sleep+0x1ed/0x300
[   47.641437]  ? arch_local_save_flags+0x40/0x40
[   47.646021]  ? do_raw_spin_unlock+0xa7/0x2f0
[   47.650411]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   47.654983]  ? lock_acquire+0x1ed/0x520
[   47.658949]  ? __might_sleep+0x95/0x190
[   47.662910]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.668458]  ? futex_wait_queue_me+0x55d/0x840
[   47.673023]  ? refill_pi_state_cache.part.9+0x320/0x320
[   47.678401]  ? futex_wait+0x309/0xa50
[   47.682202]  ? lock_downgrade+0x900/0x900
[   47.686330]  ? kasan_check_write+0x14/0x20
[   47.690545]  ? mark_held_locks+0x130/0x130
[   47.694758]  ? kasan_check_read+0x11/0x20
[   47.698884]  ? do_raw_spin_unlock+0xa7/0x2f0
[   47.703275]  ? do_raw_spin_trylock+0x1c0/0x1c0
[   47.707836]  ? kasan_check_write+0x14/0x20
[   47.712070]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   47.717269]  ? drop_futex_key_refs.isra.15+0x6d/0xe0
[   47.722356]  ? futex_wait+0x5ec/0xa50
[   47.726145]  ? futex_wait_setup+0x3e0/0x3e0
[   47.730456]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   47.735641]  ? drop_futex_key_refs.isra.15+0x6d/0xe0
[   47.740766]  ? futex_wake+0x304/0x760
[   47.744549]  ? memset+0x31/0x40
[   47.747812]  ? __dequeue_signal+0xf9/0x7d0
[   47.752043]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   47.757585]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.763107]  ? get_signal+0x95b/0x1980
[   47.766976]  ? lock_downgrade+0x900/0x900
[   47.771110]  do_group_exit+0x177/0x440
[   47.774980]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   47.780429]  ? __ia32_sys_exit+0x50/0x50
[   47.784485]  ? kasan_check_write+0x14/0x20
[   47.788703]  ? do_raw_spin_lock+0xc1/0x200
[   47.792934]  get_signal+0x8b0/0x1980
[   47.796631]  ? ptrace_notify+0x130/0x130
[   47.800678]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   47.806212]  ? do_tcp_setsockopt.isra.40+0x202/0x2770
[   47.811398]  ? tcp_peek_len+0x2c0/0x2c0
[   47.815359]  ? release_sock+0x1ec/0x2c0
[   47.819317]  do_signal+0x9c/0x21e0
[   47.822841]  ? aa_sk_perm+0x218/0x8b0
[   47.826622]  ? fget_raw+0x20/0x20
[   47.830071]  ? setup_sigcontext+0x7d0/0x7d0
[   47.834377]  ? aa_af_perm+0x5a0/0x5a0
[   47.838163]  ? __local_bh_enable_ip+0x160/0x260
[   47.842817]  ? _raw_spin_unlock_bh+0x30/0x40
[   47.847209]  ? tcp_setsockopt+0x9a/0xe0
[   47.851171]  ? __x64_sys_futex+0x47f/0x6a0
[   47.855393]  exit_to_usermode_loop+0x2e5/0x380
[   47.859955]  ? syscall_slow_exit_work+0x520/0x520
[   47.864798]  do_syscall_64+0x6be/0x820
[   47.868682]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   47.874039]  ? syscall_return_slowpath+0x5e0/0x5e0
[   47.879255]  ? trace_hardirqs_on_caller+0x310/0x310
[   47.884258]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   47.889279]  ? recalc_sigpending_tsk+0x180/0x180
[   47.894033]  ? kasan_check_write+0x14/0x20
[   47.898260]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   47.903090]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   47.908264] RIP: 0033:0x446e79
[   47.911445] Code: 00 2f 75 73 72 2f 6c 69 62 2f 72 73 79 73 6c 6f 67 2f 00 4d 6f 64 75 6c 65 20 27 25 73 27 20 61 6c 72 65 61 64 79 20 6c 6f 61 <64> 65 64 0a 00 6c 6f 61 64 69 6e 67 20 6d 6f 64 75 6c 65 20 27 25
[   47.930326] RSP: 002b:00007fa37c5b2da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[   47.938017] RAX: fffffffffffffe00 RBX: 00000000006dcc58 RCX: 0000000000446e79
[   47.945282] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dcc58
[   47.952549] RBP: 00000000006dcc50 R08: 0000000000000000 R09: 0000000000000000
[   47.959796] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc5c
[   47.967046] R13: 4000000000000001 R14: 00007fa37c5b39c0 R15: 0000000000000001
[   47.975299] Kernel Offset: disabled
[   47.978922] Rebooting in 86400 seconds..