[   40.187596] audit: type=1800 audit(1548655579.037:27): pid=7860 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   44.035980] sshd (7997) used greatest stack depth: 19848 bytes left
[   52.783843] IPVS: ftp: loaded support on port[0] = 21
[   54.043389] can: request_module (can-proto-0) failed.
[   54.563867] can: request_module (can-proto-0) failed.
Warning: Permanently added '10.128.10.46' (ECDSA) to the list of known hosts.
2019/01/28 06:06:41 parsed 1 programs
2019/01/28 06:06:42 executed programs: 0
[   63.500585] IPVS: ftp: loaded support on port[0] = 21
[   63.511413] IPVS: ftp: loaded support on port[0] = 21
[   63.523926] IPVS: ftp: loaded support on port[0] = 21
[   63.528117] IPVS: ftp: loaded support on port[0] = 21
[   63.542118] IPVS: ftp: loaded support on port[0] = 21
[   63.615610] IPVS: ftp: loaded support on port[0] = 21
[   63.885188] chnl_net:caif_netlink_parms(): no params data found
[   63.900463] chnl_net:caif_netlink_parms(): no params data found
[   63.935684] chnl_net:caif_netlink_parms(): no params data found
[   64.102329] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.112716] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.119810] device bridge_slave_0 entered promiscuous mode
[   64.141406] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.149205] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.156454] device bridge_slave_0 entered promiscuous mode
[   64.191939] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.198558] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.206120] device bridge_slave_1 entered promiscuous mode
[   64.212718] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.219160] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.227993] device bridge_slave_0 entered promiscuous mode
[   64.234651] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.241006] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.248110] device bridge_slave_1 entered promiscuous mode
[   64.277394] chnl_net:caif_netlink_parms(): no params data found
[   64.297119] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.303744] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.310689] device bridge_slave_1 entered promiscuous mode
[   64.317240] chnl_net:caif_netlink_parms(): no params data found
[   64.329820] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   64.339173] chnl_net:caif_netlink_parms(): no params data found
[   64.367150] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   64.384292] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   64.434303] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   64.444838] team0: Port device team_slave_0 added
[   64.451996] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   64.489384] team0: Port device team_slave_1 added
[   64.496020] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   64.532374] team0: Port device team_slave_0 added
[   64.540128] team0: Port device team_slave_1 added
[   64.551304] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.558279] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.566135] device bridge_slave_0 entered promiscuous mode
[   64.579385] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.586517] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.594200] device bridge_slave_1 entered promiscuous mode
[   64.607360] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.614178] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.621117] device bridge_slave_0 entered promiscuous mode
[   64.628300] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.634759] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.641770] device bridge_slave_1 entered promiscuous mode
[   64.672529] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.682940] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.689867] device bridge_slave_0 entered promiscuous mode
[   64.719045] team0: Port device team_slave_0 added
[   64.729642] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.736200] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.743702] device bridge_slave_1 entered promiscuous mode
[   64.806112] device hsr_slave_0 entered promiscuous mode
[   64.843215] device hsr_slave_1 entered promiscuous mode
[   64.904766] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   64.914373] team0: Port device team_slave_1 added
[   64.921122] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   64.984995] device hsr_slave_0 entered promiscuous mode
[   65.033304] device hsr_slave_1 entered promiscuous mode
[   65.077065] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   65.086353] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   65.103473] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   65.139586] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   65.160727] team0: Port device team_slave_0 added
[   65.180445] team0: Port device team_slave_0 added
[   65.188510] team0: Port device team_slave_1 added
[   65.256182] device hsr_slave_0 entered promiscuous mode
[   65.322985] device hsr_slave_1 entered promiscuous mode
[   65.394281] team0: Port device team_slave_1 added
[   65.400322] team0: Port device team_slave_0 added
[   65.406924] team0: Port device team_slave_1 added
[   65.466266] device hsr_slave_0 entered promiscuous mode
[   65.506196] device hsr_slave_1 entered promiscuous mode
[   65.606057] device hsr_slave_0 entered promiscuous mode
[   65.673125] device hsr_slave_1 entered promiscuous mode
[   65.794994] device hsr_slave_0 entered promiscuous mode
[   65.845128] device hsr_slave_1 entered promiscuous mode
[   65.976731] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.010310] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.047800] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   66.056165] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   66.068476] 8021q: adding VLAN 0 to HW filter on device team0
[   66.087204] 8021q: adding VLAN 0 to HW filter on device team0
[   66.096504] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   66.105081] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   66.112664] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.119156] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.126169] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   66.133405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   66.140833] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   66.171544] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.178127] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   66.186314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   66.194084] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.200420] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.210966] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   66.239880] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.258940] 8021q: adding VLAN 0 to HW filter on device team0
[   66.268724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   66.277559] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   66.285230] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.291581] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.298492] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   66.306806] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   66.314522] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.320911] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.327805] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   66.335837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   66.343875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   66.351701] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   66.359576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   66.367512] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   66.375421] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   66.383010] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   66.390377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   66.397378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   66.404669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   66.412385] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   66.419632] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   66.447679] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   66.457737] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   66.465311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   66.473216] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   66.480733] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.487178] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.494677] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   66.502434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   66.510065] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.516438] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.523537] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   66.531309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   66.539370] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   66.549765] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.562513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   66.607722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   66.615753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   66.623810] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   66.631839] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   66.639758] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   66.647774] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   66.655379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   66.662171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   66.670926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   66.679079] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   66.691044] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.701890] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.716660] 8021q: adding VLAN 0 to HW filter on device team0
[   66.724875] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   66.732451] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   66.743824] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   66.750744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   66.758078] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   66.766456] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   66.776571] 8021q: adding VLAN 0 to HW filter on device team0
[   66.789102] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   66.800401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   66.821000] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   66.839076] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   66.874415] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   66.875704] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
[   66.881974] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   66.889499] #PF error: [INSTR]
[   66.889505] PGD 0 P4D 0 
[   66.889520] Oops: 0010 [#1] PREEMPT SMP KASAN
[   66.889533] CPU: 1 PID: 1171 Comm: kworker/u5:0 Not tainted 5.0.0-rc4+ #1
[   66.889540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.889555] Workqueue: hci0 hci_power_on
[   66.889564] RIP: 0010:          (null)
[   66.889575] Code: Bad RIP value.
[   66.889582] RSP: 0018:ffff8880a75376b0 EFLAGS: 00010246
[   66.889602] RAX: 0000000000000000 RBX: ffffffff888c6900 RCX: dffffc0000000000
[   66.889610] RDX: 1ffffffff1118d39 RSI: 1ffff11014e8f96e RDI: ffff88809458d300
[   66.889620] RBP: ffff8880a7537798 R08: ffff8880a747c300 R09: 0000000000000004
[   66.900158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   66.902499] R10: 0000000000000000 R11: ffff88809458caaf R12: ffff8880a7537700
[   66.907586] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   66.913884] R13: ffff88809458d300 R14: 1ffff11014ea6eda R15: ffff88809458ca80
[   66.913895] FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[   66.913903] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   66.913911] CR2: ffffffffffffffd6 CR3: 00000000962ae000 CR4: 00000000001406e0
[   66.913921] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   66.924111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   66.927316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   66.931566] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   66.934527] Call Trace:
[   66.934547]  ? hci_uart_set_flow_control+0x5b6/0x810
[   66.934563]  ? hci_uart_init_ready+0xc0/0xc0
[   66.934579]  ? hci_uart_set_baudrate+0x23d/0x310
[   66.941417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   66.947204]  mrvl_setup+0x22/0x110
[   66.947217]  ? mrvl_load_firmware+0x650/0x650
[   66.947232]  hci_uart_setup+0x1c4/0x490
[   66.955157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   66.961758]  ? hci_uart_set_baudrate+0x310/0x310
[   66.969417] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   66.976097]  hci_dev_do_open+0x6b1/0x1920
[   66.976114]  ? hci_rx_work+0xcd0/0xcd0
[   66.976132]  ? process_one_work+0xbf1/0x1ce0
[   66.983767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   66.990395]  ? find_held_lock+0x35/0x120
[   66.999115] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.004507]  ? add_lock_to_list.isra.0+0x450/0x450
[   67.004522]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   67.004537]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   67.011813] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.019063]  ? check_preemption_disabled+0x48/0x290
[   67.019083]  hci_power_on+0x10d/0x880
[   67.026835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   67.033421]  ? hci_error_reset+0xf0/0xf0
[   67.033433]  ? __lock_is_held+0xb6/0x140
[   67.033454]  process_one_work+0xd0c/0x1ce0
[   67.040858] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   67.043051]  ? __wake_up_common_lock+0x1db/0x390
[   67.043072]  ? pwq_dec_nr_in_flight+0x4a0/0x4a0
[   67.043088]  ? trace_hardirqs_off+0xb8/0x310
[   67.049869] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.052581]  ? kasan_check_read+0x11/0x20
[   67.057362] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.063796]  ? do_raw_spin_unlock+0xa0/0x330
[   67.063812]  ? do_raw_spin_trylock+0x270/0x270
[   67.063835]  ? __wake_up_common+0x7d0/0x7d0
[   67.079114] 8021q: adding VLAN 0 to HW filter on device team0
[   67.082291]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   67.111737] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   67.114102]  ? get_work_pool_id+0x1a0/0x1a0
[   67.114116]  ? trace_hardirqs_on_caller+0x310/0x310
[   67.114151]  worker_thread+0x143/0x14a0
[   67.118215] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   67.124526]  ? process_one_work+0x1ce0/0x1ce0
[   67.124539]  ? __kthread_parkme+0xc3/0x1b0
[   67.124554]  ? lock_acquire+0x1db/0x570
[   67.141930] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.146996]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[   67.147012]  ? lockdep_hardirqs_on+0x415/0x5d0
[   67.147027]  ? trace_hardirqs_on+0xbd/0x310
[   67.152106] kobject: 'vlan0' (000000009e5b016e): kobject_add_internal: parent: 'mesh', set: '<NULL>'
[   67.155837]  ? kasan_check_read+0x11/0x20
[   67.155850]  ? __kthread_parkme+0xc3/0x1b0
[   67.155867]  ? trace_hardirqs_off_caller+0x300/0x300
[   67.178439] kobject: 'loop1' (00000000f6eed71d): kobject_uevent_env
[   67.182904]  ? do_raw_spin_trylock+0x270/0x270
[   67.182918]  ? schedule+0x108/0x350
[   67.182931]  ? do_raw_spin_trylock+0x270/0x270
[   67.182948]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[   67.187720] kobject: 'loop1' (00000000f6eed71d): fill_kobj_path: path = '/devices/virtual/block/loop1'
[   67.192400]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   67.365679]  ? __kthread_parkme+0xfb/0x1b0
[   67.369912]  kthread+0x357/0x430
[   67.373280]  ? process_one_work+0x1ce0/0x1ce0
[   67.377772]  ? kthread_stop+0x920/0x920
[   67.381747]  ret_from_fork+0x3a/0x50
[   67.385473] Modules linked in:
[   67.388660] CR2: 0000000000000000
[   67.392109] ---[ end trace deca46092c736303 ]---
[   67.396857] RIP: 0010:          (null)
[   67.400743] Code: Bad RIP value.
[   67.404100] RSP: 0018:ffff8880a75376b0 EFLAGS: 00010246
[   67.409454] RAX: 0000000000000000 RBX: ffffffff888c6900 RCX: dffffc0000000000
[   67.416716] RDX: 1ffffffff1118d39 RSI: 1ffff11014e8f96e RDI: ffff88809458d300
[   67.423979] RBP: ffff8880a7537798 R08: ffff8880a747c300 R09: 0000000000000004
[   67.431244] R10: 0000000000000000 R11: ffff88809458caaf R12: ffff8880a7537700
[   67.438509] R13: ffff88809458d300 R14: 1ffff11014ea6eda R15: ffff88809458ca80
[   67.445793] FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[   67.454011] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   67.459899] CR2: ffffffffffffffd6 CR3: 00000000962ae000 CR4: 00000000001406e0
[   67.467179] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   67.474483] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   67.481741] Kernel panic - not syncing: Fatal exception
[   67.487966] Kernel Offset: disabled
[   67.491586] Rebooting in 86400 seconds..