[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 34.014053] audit_printk_skb: 24 callbacks suppressed [ 34.019239] audit: type=1800 audit(1576543453.337:29): pid=6746 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 34.040811] audit: type=1800 audit(1576543453.367:30): pid=6746 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 45.408313] IPVS: Creating netns size=2712 id=1 [ 45.413518] IPVS: ftp: loaded support on port[0] = 21 Warning: Permanently added '10.128.0.73' (ECDSA) to the list of known hosts. 2019/12/17 00:44:32 parsed 1 programs 2019/12/17 00:44:32 executed programs: 0 [ 53.075983] IPv6: ADDRCONF(NETDEV_CHANGE): nr1: link becomes ready [ 53.092147] IPv6: ADDRCONF(NETDEV_CHANGE): nr3: link becomes ready [ 53.099897] IPv6: ADDRCONF(NETDEV_CHANGE): nr2: link becomes ready [ 53.108177] IPv6: ADDRCONF(NETDEV_CHANGE): nr0: link becomes ready [ 53.116834] IPv6: ADDRCONF(NETDEV_CHANGE): nr4: link becomes ready [ 53.125083] IPv6: ADDRCONF(NETDEV_CHANGE): nr5: link becomes ready [ 53.142458] IPVS: Creating netns size=2712 id=2 [ 53.147259] IPVS: ftp: loaded support on port[0] = 21 [ 53.215823] IPVS: Creating netns size=2712 id=3 [ 53.220714] IPVS: ftp: loaded support on port[0] = 21 [ 53.348730] chnl_net:caif_netlink_parms(): no params data found [ 53.372907] IPVS: Creating netns size=2712 id=4 [ 53.377741] IPVS: ftp: loaded support on port[0] = 21 [ 53.571920] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.578557] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.587632] device bridge_slave_0 entered promiscuous mode [ 53.596095] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.602759] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.612141] IPVS: Creating netns size=2712 id=5 [ 53.613267] device bridge_slave_1 entered promiscuous mode [ 53.623170] IPVS: ftp: loaded support on port[0] = 21 [ 53.697475] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 53.706787] chnl_net:caif_netlink_parms(): no params data found [ 53.742069] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 53.914405] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 53.922432] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.928810] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.937816] device bridge_slave_0 entered promiscuous mode [ 53.955801] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 53.963868] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.970928] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.971923] IPVS: Creating netns size=2712 id=6 [ 53.972038] IPVS: ftp: loaded support on port[0] = 21 [ 53.991638] device bridge_slave_1 entered promiscuous mode [ 54.137786] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.184594] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.246570] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.258999] chnl_net:caif_netlink_parms(): no params data found [ 54.293542] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.379584] IPVS: Creating netns size=2712 id=7 [ 54.400320] IPVS: ftp: loaded support on port[0] = 21 [ 54.412217] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.419434] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.476942] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 54.539328] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 54.557223] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.584499] chnl_net:caif_netlink_parms(): no params data found [ 54.645235] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.651884] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.661339] device bridge_slave_0 entered promiscuous mode [ 54.711569] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.717962] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.727191] device bridge_slave_1 entered promiscuous mode [ 54.835758] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 54.878144] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 54.892806] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 54.962256] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 54.979297] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.986190] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.995178] device bridge_slave_0 entered promiscuous mode [ 55.048734] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.055211] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.063944] device bridge_slave_1 entered promiscuous mode [ 55.077006] chnl_net:caif_netlink_parms(): no params data found [ 55.144190] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.162366] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.178309] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.189770] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.379877] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.389213] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.397850] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.410792] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.419970] device bridge_slave_0 entered promiscuous mode [ 55.479316] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.487984] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.495498] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.507348] device bridge_slave_1 entered promiscuous mode [ 55.520759] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.564469] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.603167] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.629804] chnl_net:caif_netlink_parms(): no params data found [ 55.647018] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.656764] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.699834] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.747068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.759503] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.796212] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.813144] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.928868] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.952021] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 55.959430] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.966257] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.977906] device bridge_slave_0 entered promiscuous mode [ 55.986388] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.003296] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.009742] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.019352] device bridge_slave_1 entered promiscuous mode [ 56.049114] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.057062] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.063417] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.117077] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.125134] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.131510] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.177342] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.193233] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.204465] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.214481] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.243613] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 56.251942] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.284332] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.295006] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 56.370364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.377854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.389215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.405263] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.435165] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.447892] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.468527] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.486582] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.566868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.584213] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.593144] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.599541] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.607572] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.619332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.637403] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.669709] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.680380] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.687333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.715623] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.756126] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.764017] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.770408] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.778276] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.786107] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.792463] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.804010] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.817836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.825374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 56.838027] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 56.869302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.895952] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 56.916886] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 56.938293] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 56.953295] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 56.980922] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.031322] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.039359] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.055272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.084456] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.115857] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.116557] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.116613] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.117285] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.118536] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.118593] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.127319] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.143430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.144227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.197858] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 57.220997] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 57.247208] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.269775] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.376747] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.377393] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.377447] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.378178] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.402067] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.418179] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.418869] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.418926] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.436381] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 57.493289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 57.548176] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 57.563559] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 57.604877] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.630311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 57.631017] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.631072] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.632355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 57.643822] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 57.664112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 57.664848] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.664904] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.727245] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 57.745905] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 57.766368] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 57.793498] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 2019/12/17 00:44:37 executed programs: 8 [ 58.887301] kasan: CONFIG_KASAN_INLINE enabled [ 58.887308] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 58.887311] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 58.887313] Modules linked in: [ 58.887317] CPU: 1 PID: 7374 Comm: syz-executor.0 Not tainted 4.6.0-syzkaller #0 [ 58.887319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.887322] task: ffff8800afff0480 ti: ffff8800af008000 task.ti: ffff8800af008000 [ 58.887332] RIP: 0010:[] [] insert_char+0x19a/0x420 [ 58.887334] RSP: 0018:ffff8800af00f768 EFLAGS: 00010203 [ 58.887336] RAX: 0000000020000001 RBX: 0000000100000010 RCX: 0000000100000010 [ 58.887338] RDX: 1ffff10025191b0e RSI: 0000000000000001 RDI: ffff880128c8d870 [ 58.887340] RBP: ffff8800af00f7b8 R08: 0000000000000720 R09: dffffc0000000000 [ 58.887341] R10: 0000000000000011 R11: 0000000000000001 R12: 000000010000000e [ 58.887343] R13: dffffc0000000000 R14: ffff880128c8d4c0 R15: 000000010000000e [ 58.887346] FS: 00007f4884cf5700(0000) GS:ffff88012c100000(0000) knlGS:0000000000000000 [ 58.887348] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.887350] CR2: 0000000000758090 CR3: 00000000af0cd000 CR4: 00000000001406e0 [ 58.887355] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 58.887356] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 58.887358] Stack: [ 58.887363] ffff8800afff0c80 ffff8800afff0c88 ffff8800afff0d50 1ffff10015e01ef2 [ 58.887367] ffff880000000000 0000000000000000 ffff880128c8d4c0 0000000000000000 [ 58.887371] ffffed0025191b0f 1ffff10015e01f00 ffff8800af00f928 ffffffff82fdbdae [ 58.887372] Call Trace: [ 58.887377] [] do_con_trol+0x504e/0x5a40 [ 58.887383] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 58.887386] [] ? __lock_acquire+0x1985/0x5560 [ 58.887390] [] ? reset_palette+0x1d0/0x1d0 [ 58.887393] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 58.887395] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 58.887402] [] ? atomic_notifier_call_chain+0x7b/0x100 [ 58.887405] [] do_con_write.part.22+0x487/0x1950 [ 58.887411] [] ? mutex_lock_nested+0x7de/0xb30 [ 58.887416] [] ? trace_hardirqs_on_caller+0x44c/0x5e0 [ 58.887419] [] ? do_con_trol+0x5a40/0x5a40 [ 58.887423] [] ? add_wait_queue+0x3f/0xa0 [ 58.887427] [] ? _raw_spin_unlock_irqrestore+0x6a/0xd0 [ 58.887430] [] ? _mutex_lock_nest_lock+0xb30/0xb30 [ 58.887433] [] con_write+0x76/0x90 [ 58.887438] [] n_tty_write+0x4f0/0x10b0 [ 58.887441] [] ? n_tty_open+0x280/0x280 [ 58.887444] [] ? abort_exclusive_wait+0x1d0/0x1d0 [ 58.887449] [] tty_write+0x44d/0x7f0 [ 58.887452] [] ? n_tty_open+0x280/0x280 [ 58.887457] [] __vfs_write+0xdb/0x4f0 [ 58.887461] [] ? do_iter_readv_writev+0x330/0x330 [ 58.887464] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 58.887467] [] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 58.887472] [] ? common_file_perm+0x17e/0x410 [ 58.887475] [] ? apparmor_file_permission+0x13/0x20 [ 58.887480] [] ? security_file_permission+0x6a/0x1a0 [ 58.887483] [] ? rw_verify_area+0xb9/0x290 [ 58.887486] [] vfs_write+0x13a/0x4a0 [ 58.887490] [] SyS_write+0xcb/0x1a0 [ 58.887493] [] ? SyS_read+0x1a0/0x1a0 [ 58.887497] [] ? trace_hardirqs_on_caller+0x44c/0x5e0 [ 58.887501] [] ? trace_hardirqs_on_thunk+0x1b/0x1d [ 58.887505] [] entry_SYSCALL_64_fastpath+0x23/0xc1 [ 58.887551] Code: 0f b7 86 b0 03 00 00 49 bd 00 00 00 00 00 fc ff df d1 ee 8d 46 ff 85 f6 49 8d 4c 47 02 74 33 49 8d 5c 24 02 4c 89 e0 48 c1 e8 03 <42> 0f b6 14 28 4c 89 e0 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f [ 58.887555] RIP [] insert_char+0x19a/0x420 [ 58.887556] RSP [ 58.887561] ---[ end trace 9bc0bfbff76e9164 ]--- [ 58.887564] Kernel panic - not syncing: Fatal exception [ 58.888868] Kernel Offset: disabled