[ 35.511227] audit: type=1800 audit(1550950538.324:28): pid=7478 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.089836] audit: type=1800 audit(1550950538.984:29): pid=7478 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 36.109569] audit: type=1800 audit(1550950538.984:30): pid=7478 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [....] startpar: service(s) returned failure: ssh ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.82' (ECDSA) to the list of known hosts. 2019/02/23 19:37:50 parsed 1 programs 2019/02/23 19:37:52 executed programs: 0 syzkaller login: [ 169.462036] IPVS: ftp: loaded support on port[0] = 21 [ 169.514724] chnl_net:caif_netlink_parms(): no params data found [ 169.539647] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.546521] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.553477] device bridge_slave_0 entered promiscuous mode [ 169.562393] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.569016] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.576011] device bridge_slave_1 entered promiscuous mode [ 169.590771] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 169.599762] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 169.614978] team0: Port device team_slave_0 added [ 169.621052] team0: Port device team_slave_1 added [ 169.676503] device hsr_slave_0 entered promiscuous mode [ 169.724641] device hsr_slave_1 entered promiscuous mode [ 169.821511] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.828110] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.834974] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.841569] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.871394] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.883083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 169.902688] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.911258] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.919577] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 169.930235] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.938195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 169.945978] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.952299] bridge0: port 1(bridge_slave_0) entered forwarding state [ 169.972308] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 169.982580] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 169.994345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 170.002456] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.008982] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.016644] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 170.025717] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 170.033328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 170.040986] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 170.048415] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 170.055151] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 170.070403] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.107778] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 170.195117] ------------[ cut here ]------------ [ 170.199873] kernel BUG at arch/x86/kvm/x86.c:357! [ 170.204699] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 170.210041] CPU: 0 PID: 7671 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ #85 [ 170.217229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 170.226587] RIP: 0010:kvm_spurious_fault+0x9/0x10 [ 170.231529] Code: e8 9c ce 65 00 41 bd 03 00 00 00 5b 44 89 e8 41 5c 41 5d 5d c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 e8 77 ce 65 00 <0f> 0b 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 49 89 d6 41 55 41 54 [ 170.250416] RSP: 0018:ffff8880ae807e80 EFLAGS: 00010006 [ 170.255755] RAX: ffff88809871a280 RBX: ffff888096c3b810 RCX: ffffffff81329baa [ 170.263001] RDX: 0000000000010000 RSI: ffffffff810a1309 RDI: 0000000000000007 [ 170.270252] RBP: ffff8880ae807e80 R08: ffff88809871a280 R09: ffffed1015d05be9 [ 170.277502] R10: ffffed1015d05be8 R11: ffff8880ae82df47 R12: 1ffff11015d00fd3 [ 170.284748] R13: ffff88809cb7b000 R14: ffff8880ae807ef8 R15: 0000000000000000 [ 170.292012] FS: 0000000000bab940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 170.300385] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 170.306245] CR2: ffff8880ae807eb8 CR3: 0000000092901000 CR4: 00000000001426f0 [ 170.313533] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 170.320792] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 170.328041] Call Trace: [ 170.330598] [ 170.332731] loaded_vmcs_init+0x95/0x250 [ 170.336773] ? find_msr_entry+0x170/0x170 [ 170.340901] __loaded_vmcs_clear+0x229/0x360 [ 170.345290] flush_smp_call_function_queue+0x14a/0x500 [ 170.350543] ? loaded_vmcs_init+0x250/0x250 [ 170.354842] generic_smp_call_function_single_interrupt+0x13/0x2b [ 170.361200] smp_call_function_single_interrupt+0xa3/0x460 [ 170.366866] call_function_single_interrupt+0xf/0x20 [ 170.371978] [ 170.374313] RIP: 0010:__sanitizer_cov_trace_const_cmp1+0x15/0x20 [ 170.380444] Code: 00 48 89 e5 48 8b 4d 08 e8 18 ff ff ff 5d c3 66 0f 1f 44 00 00 55 40 0f b6 d6 40 0f b6 f7 bf 01 00 00 00 48 89 e5 48 8b 4d 08 f6 fe ff ff 5d c3 0f 1f 40 00 55 0f b7 d6 0f b7 f7 bf 03 00 00 [ 170.399327] RSP: 0018:ffff8880a88f7a78 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff04 [ 170.407014] RAX: 0000000000000000 RBX: ffffffff8761c0e1 RCX: ffffffff86ff0e31 [ 170.414284] RDX: 0000000000000054 RSI: 0000000000000000 RDI: 0000000000000001 [ 170.421548] RBP: ffff8880a88f7a78 R08: ffff88809871a280 R09: 0000000000000001 [ 170.428796] R10: ffffed1015d05bcf R11: ffff8880ae82de7b R12: ffff8880a88f7bb8 [ 170.436216] R13: dffffc0000000000 R14: ffff8880a88f7b10 R15: 0000000000000054 [ 170.443521] ? format_decode+0x1a1/0xbd0 [ 170.447573] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 170.453088] format_decode+0x1a1/0xbd0 [ 170.456954] ? ____fput+0x16/0x20 [ 170.460403] ? do_syscall_64+0x52d/0x610 [ 170.464446] ? enable_ptr_key_workfn+0x30/0x30 [ 170.469006] ? __dentry_path+0x56e/0x7c0 [ 170.473042] ? find_held_lock+0x35/0x130 [ 170.477082] vsnprintf+0x17e/0x19b0 [ 170.480687] ? pointer+0x910/0x910 [ 170.484212] add_uevent_var+0x14d/0x310 [ 170.488166] ? cleanup_uevent_env+0x50/0x50 [ 170.492464] ? simple_dname+0x1f0/0x1f0 [ 170.496417] ? kmem_cache_alloc_trace+0x354/0x760 [ 170.501244] ? kvm_uevent_notify_change.part.0+0x225/0x440 [ 170.506848] kvm_uevent_notify_change.part.0+0x245/0x440 [ 170.512278] ? kvm_put_kvm+0xc70/0xc70 [ 170.516148] kvm_put_kvm+0xae/0xc70 [ 170.519769] ? kvm_irqfd_release+0xe2/0x120 [ 170.524066] ? kvm_irqfd_release+0xe2/0x120 [ 170.528367] ? kvm_put_kvm+0xc70/0xc70 [ 170.532234] kvm_vm_release+0x44/0x60 [ 170.536015] __fput+0x2df/0x8d0 [ 170.539272] ____fput+0x16/0x20 [ 170.542528] task_work_run+0x14a/0x1c0 [ 170.546398] exit_to_usermode_loop+0x273/0x2c0 [ 170.550983] do_syscall_64+0x52d/0x610 [ 170.554868] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 170.560034] RIP: 0033:0x411d31 [ 170.563215] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 94 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 170.582112] RSP: 002b:00007ffcf4c9d5d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 170.589799] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000411d31 [ 170.597048] RDX: 0000000000000000 RSI: 0000000000740528 RDI: 0000000000000007 [ 170.604417] RBP: 0000000000000000 R08: 0000000000740520 R09: 0000000000029860 [ 170.611667] R10: 00007ffcf4c9d4f0 R11: 0000000000000293 R12: 0000000000000000 [ 170.618917] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000 [ 170.626172] Modules linked in: [ 170.629347] ---[ end trace ea33cc261dd7da4e ]--- [ 170.634081] RIP: 0010:kvm_spurious_fault+0x9/0x10 [ 170.638935] Code: e8 9c ce 65 00 41 bd 03 00 00 00 5b 44 89 e8 41 5c 41 5d 5d c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 e8 77 ce 65 00 <0f> 0b 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 49 89 d6 41 55 41 54 [ 170.657818] RSP: 0018:ffff8880ae807e80 EFLAGS: 00010006 [ 170.663168] RAX: ffff88809871a280 RBX: ffff888096c3b810 RCX: ffffffff81329baa [ 170.670416] RDX: 0000000000010000 RSI: ffffffff810a1309 RDI: 0000000000000007 [ 170.677681] RBP: ffff8880ae807e80 R08: ffff88809871a280 R09: ffffed1015d05be9 [ 170.684925] R10: ffffed1015d05be8 R11: ffff8880ae82df47 R12: 1ffff11015d00fd3 [ 170.692174] R13: ffff88809cb7b000 R14: ffff8880ae807ef8 R15: 0000000000000000 [ 170.699425] FS: 0000000000bab940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 170.707633] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 170.713491] CR2: ffff8880ae807eb8 CR3: 0000000092901000 CR4: 00000000001426f0 [ 170.720740] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 170.727983] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 170.735228] Kernel panic - not syncing: Fatal exception in interrupt [ 170.742515] Kernel Offset: disabled [ 170.746133] Rebooting in 86400 seconds..