[   78.408160][   T27] audit: type=1800 audit(1583861917.786:26): pid=9509 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   79.440438][   T27] kauditd_printk_skb: 2 callbacks suppressed
[   79.440449][   T27] audit: type=1800 audit(1583861918.826:29): pid=9509 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   79.468351][   T27] audit: type=1800 audit(1583861918.826:30): pid=9509 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.160' (ECDSA) to the list of known hosts.
syzkaller login: [   90.744506][ T9664] IPVS: ftp: loaded support on port[0] = 21
[   90.795721][ T9664] chnl_net:caif_netlink_parms(): no params data found
[   90.864011][ T9664] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.874109][ T9664] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.884775][ T9664] device bridge_slave_0 entered promiscuous mode
[   90.894431][ T9664] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.902998][ T9664] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.911213][ T9664] device bridge_slave_1 entered promiscuous mode
[   90.931591][ T9664] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.945887][ T9664] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.968782][ T9664] team0: Port device team_slave_0 added
[   90.978815][ T9664] team0: Port device team_slave_1 added
[   90.998188][ T9664] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.007546][ T9664] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.036758][ T9664] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.051786][ T9664] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.059630][ T9664] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.089121][ T9664] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.164007][ T9664] device hsr_slave_0 entered promiscuous mode
[   91.202105][ T9664] device hsr_slave_1 entered promiscuous mode
[   91.325951][ T9664] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   91.385184][ T9664] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   91.444455][ T9664] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   91.483992][ T9664] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   91.547407][ T9664] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.554851][ T9664] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.562977][ T9664] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.570257][ T9664] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.615237][ T9664] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.628074][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   91.641178][ T2853] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.652388][ T2853] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.661179][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   91.676403][ T9664] 8021q: adding VLAN 0 to HW filter on device team0
[   91.688436][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   91.697718][ T2944] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.705647][ T2944] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.717540][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   91.727006][ T2853] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.734100][ T2853] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.754854][ T2849] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   91.774559][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   91.783434][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   91.792767][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   91.800978][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   91.825354][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   91.834457][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   91.847307][ T9664] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.867323][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   91.876829][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   91.898603][ T9664] device veth0_vlan entered promiscuous mode
[   91.906246][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   91.915393][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   91.930923][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   91.939640][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   91.949644][ T9664] device veth1_vlan entered promiscuous mode
[   91.972720][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   91.982602][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   91.990762][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   92.000185][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   92.012767][ T9664] device veth0_macvtap entered promiscuous mode
[   92.024110][ T9664] device veth1_macvtap entered promiscuous mode
[   92.041560][ T9664] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.049574][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   92.058412][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   92.070460][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   92.080578][ T2853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   92.093851][ T9664] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.101285][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   92.111401][ T2944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[   92.290401][ T9664] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[   92.304110][ T9664] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[   92.313817][ T9664] CPU: 1 PID: 9664 Comm: syz-executor420 Not tainted 5.6.0-rc5-syzkaller #0
[   92.323947][ T9664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   92.335995][ T9664] RIP: 0010:tcf_action_destroy+0x6a/0x150
[   92.342148][ T9664] Code: 47 fb 83 c5 01 bf 20 00 00 00 48 83 c3 08 89 ee e8 8b 95 47 fb 83 fd 20 0f 84 ae 00 00 00 e8 0d 94 47 fb 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 ae 00 00 00 4c 8b 3b 4d 85 ff 0f 84 8b 00 00
[   92.364768][ T9664] RSP: 0018:ffffc90001d37018 EFLAGS: 00010247
[   92.371203][ T9664] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000000000
[   92.379804][ T9664] RDX: 0000000000000000 RSI: ffffffff862a7f63 RDI: 0000000000000004
[   92.388039][ T9664] RBP: 0000000000000000 R08: ffff8880a66c6080 R09: ffffed1015ce7074
[   92.396000][ T9664] R10: ffffed1015ce7073 R11: ffff8880ae73839b R12: 0000000000000000
[   92.403985][ T9664] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000
[   92.412282][ T9664] FS:  0000000000000000(0000) GS:ffff8880ae700000(0063) knlGS:0000000008c74840
[   92.421296][ T9664] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   92.428782][ T9664] CR2: 0000000020000280 CR3: 000000009a35b000 CR4: 00000000001406e0
[   92.437364][ T9664] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   92.452720][ T9664] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   92.462160][ T9664] Call Trace:
[   92.465873][ T9664]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   92.472253][ T9664]  tcf_exts_destroy+0x42/0xc0
[   92.481111][ T9664]  tcf_exts_change+0xf4/0x150
[   92.486481][ T9664]  ? tcf_exts_destroy+0xc0/0xc0
[   92.491437][ T9664]  tcindex_set_parms+0xed8/0x1a00
[   92.497600][ T9664]  ? tcindex_alloc_perfect_hash+0x320/0x320
[   92.504470][ T9664]  ? mark_held_locks+0xe0/0xe0
[   92.510266][ T9664]  ? nla_memcpy+0xa0/0xa0
[   92.515035][ T9664]  ? tcindex_change+0x203/0x2e0
[   92.520077][ T9664]  tcindex_change+0x203/0x2e0
[   92.525213][ T9664]  ? tcindex_set_parms+0x1a00/0x1a00
[   92.531034][ T9664]  tc_new_tfilter+0xa59/0x20b0
[   92.536074][ T9664]  ? tcindex_set_parms+0x1a00/0x1a00
[   92.541834][ T9664]  ? tc_del_tfilter+0x1430/0x1430
[   92.546987][ T9664]  ? __lock_acquire+0x80b/0x3ca0
[   92.552042][ T9664]  ? apparmor_capable+0x454/0x8a0
[   92.557518][ T9664]  ? rcu_read_lock_held+0x9c/0xb0
[   92.563760][ T9664]  ? tc_del_tfilter+0x1430/0x1430
[   92.569752][ T9664]  rtnetlink_rcv_msg+0x810/0xad0
[   92.575652][ T9664]  ? rtnl_bridge_getlink+0x880/0x880
[   92.582354][ T9664]  ? netdev_core_pick_tx+0x2e0/0x2e0
[   92.588503][ T9664]  ? __copy_skb_header+0x210/0x5b0
[   92.595013][ T9664]  ? skb_splice_bits+0x1a0/0x1a0
[   92.600992][ T9664]  ? __kasan_kmalloc.constprop.0+0xbf/0xd0
[   92.607672][ T9664]  ? kmem_cache_alloc+0x261/0x730
[   92.612827][ T9664]  netlink_rcv_skb+0x15a/0x410
[   92.619533][ T9664]  ? rtnl_bridge_getlink+0x880/0x880
[   92.625154][ T9664]  ? netlink_ack+0xa80/0xa80
[   92.631117][ T9664]  netlink_unicast+0x537/0x740
[   92.637920][ T9664]  ? netlink_attachskb+0x810/0x810
[   92.643722][ T9664]  ? _copy_from_iter_full+0x25c/0x870
[   92.649466][ T9664]  ? __phys_addr_symbol+0x2c/0x70
[   92.654737][ T9664]  ? __check_object_size+0x171/0x437
[   92.660314][ T9664]  netlink_sendmsg+0x882/0xe10
[   92.665213][ T9664]  ? aa_af_perm+0x260/0x260
[   92.669722][ T9664]  ? netlink_unicast+0x740/0x740
[   92.674889][ T9664]  ? netlink_unicast+0x740/0x740
[   92.680261][ T9664]  sock_sendmsg+0xcf/0x120
[   92.685873][ T9664]  ____sys_sendmsg+0x6b9/0x7d0
[   92.691398][ T9664]  ? kernel_sendmsg+0x50/0x50
[   92.696649][ T9664]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   92.704568][ T9664]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   92.711955][ T9664]  ___sys_sendmsg+0x100/0x170
[   92.717971][ T9664]  ? sendmsg_copy_msghdr+0x70/0x70
[   92.723105][ T9664]  ? lock_downgrade+0x7f0/0x7f0
[   92.728635][ T9664]  ? lock_acquire+0x197/0x420
[   92.734987][ T9664]  ? __might_fault+0xef/0x1d0
[   92.739963][ T9664]  ? __might_fault+0x190/0x1d0
[   92.745733][ T9664]  ? _copy_to_user+0x107/0x150
[   92.752139][ T9664]  ? move_addr_to_user+0xb3/0x200
[   92.757808][ T9664]  ? __fget_light+0x1a5/0x270
[   92.764614][ T9664]  __sys_sendmsg+0xec/0x1b0
[   92.770339][ T9664]  ? __sys_sendmsg_sock+0xb0/0xb0
[   92.776209][ T9664]  ? mark_held_locks+0x9f/0xe0
[   92.784127][ T9664]  ? trace_hardirqs_off_caller+0x55/0x230
[   92.791310][ T9664]  ? do_fast_syscall_32+0xcc/0xe8f
[   92.799060][ T9664]  do_fast_syscall_32+0x270/0xe8f
[   92.806537][ T9664]  entry_SYSENTER_compat+0x70/0x7f
[   92.814223][ T9664] Modules linked in:
[   92.822945][ T9664] ---[ end trace fac06a3fde273f0e ]---
[   92.829763][ T9664] RIP: 0010:tcf_action_destroy+0x6a/0x150
[   92.837086][ T9664] Code: 47 fb 83 c5 01 bf 20 00 00 00 48 83 c3 08 89 ee e8 8b 95 47 fb 83 fd 20 0f 84 ae 00 00 00 e8 0d 94 47 fb 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 ae 00 00 00 4c 8b 3b 4d 85 ff 0f 84 8b 00 00
[   92.863296][ T9664] RSP: 0018:ffffc90001d37018 EFLAGS: 00010247
[   92.870277][ T9664] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000000000
[   92.878538][ T9664] RDX: 0000000000000000 RSI: ffffffff862a7f63 RDI: 0000000000000004
[   92.887136][ T9664] RBP: 0000000000000000 R08: ffff8880a66c6080 R09: ffffed1015ce7074
[   92.896453][ T9664] R10: ffffed1015ce7073 R11: ffff8880ae73839b R12: 0000000000000000
[   92.905255][ T9664] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000
[   92.913700][ T9664] FS:  0000000000000000(0000) GS:ffff8880ae700000(0063) knlGS:0000000008c74840
[   92.923467][ T9664] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[   92.930710][ T9664] CR2: 0000000020000280 CR3: 000000009a35b000 CR4: 00000000001406e0
[   92.939238][ T9664] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   92.947855][ T9664] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   92.956882][ T9664] Kernel panic - not syncing: Fatal exception
[   92.964466][ T9664] Kernel Offset: disabled
[   92.968806][ T9664] Rebooting in 86400 seconds..