[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 26.843178] kauditd_printk_skb: 7 callbacks suppressed [ 26.843189] audit: type=1800 audit(1539701783.723:29): pid=5205 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 26.869663] audit: type=1800 audit(1539701783.733:30): pid=5205 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.66' (ECDSA) to the list of known hosts. 2018/10/16 14:58:10 parsed 1 programs 2018/10/16 14:58:12 executed programs: 0 syzkaller login: [ 135.517534] IPVS: ftp: loaded support on port[0] = 21 [ 135.773188] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.780021] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.787463] device bridge_slave_0 entered promiscuous mode [ 135.806002] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.812416] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.819639] device bridge_slave_1 entered promiscuous mode [ 135.838415] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 135.856503] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 135.907714] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 135.929367] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 136.005412] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 136.012835] team0: Port device team_slave_0 added [ 136.031878] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 136.039187] team0: Port device team_slave_1 added [ 136.056924] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 136.077523] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 136.098062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 136.119345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 136.277219] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.283650] bridge0: port 2(bridge_slave_1) entered forwarding state [ 136.290778] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.297152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 136.824952] 8021q: adding VLAN 0 to HW filter on device bond0 [ 136.878111] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 136.930510] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 136.936883] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 136.944057] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 136.997662] 8021q: adding VLAN 0 to HW filter on device team0 [ 137.329099] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 137.406179] kasan: CONFIG_KASAN_INLINE enabled [ 137.410894] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 137.410915] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 137.418499] kobject: 'kvm' (0000000056c396d8): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 137.424502] CPU: 1 PID: 5632 Comm: syz-executor0 Not tainted 4.19.0-rc8+ #62 [ 137.424509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 137.424531] RIP: 0010:kvm_pv_send_ipi+0x364/0xdd0 [ 137.424548] Code: 45 84 ed 0f 84 da 07 00 00 e8 58 ad 65 00 48 8d 4b 14 48 b8 00 00 00 00 00 fc ff df 48 89 ca 48 89 8d 70 fe ff ff 48 c1 ea 03 <0f> b6 14 02 48 89 c8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 f5 [ 137.473890] RSP: 0018:ffff8801b8697028 EFLAGS: 00010203 [ 137.479245] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000014 [ 137.486509] RDX: 0000000000000002 RSI: ffffffff8118fbf8 RDI: 0000000000000005 [ 137.493859] RBP: ffff8801b86971c8 R08: ffff8801ccc540c0 R09: 1ffffffff1273955 [ 137.501136] R10: ffffed003b5e4732 R11: ffff8801daf23993 R12: ffff8801b86971a0 [ 137.508522] R13: 0000000000000001 R14: 0000000000000000 R15: ffff8801b8697120 [ 137.515783] FS: 00007fae16925700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 [ 137.523996] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 137.529869] CR2: 0000000000000000 CR3: 00000001cb637000 CR4: 00000000001426e0 [ 137.537153] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 137.544478] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 137.551739] Call Trace: [ 137.554316] ? __lock_is_held+0xb5/0x140 [ 137.558443] ? graph_lock+0x170/0x170 [ 137.562252] ? kvm_apic_set_irq+0x170/0x170 [ 137.566563] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 137.572103] ? check_preemption_disabled+0x48/0x200 [ 137.577125] ? check_preemption_disabled+0x48/0x200 [ 137.582155] ? __lock_is_held+0xb5/0x140 [ 137.586222] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 137.591772] ? vmx_read_guest_seg_ar+0x221/0x270 [ 137.596524] kvm_emulate_hypercall+0xa1a/0xf20 [ 137.601099] ? kvm_load_guest_fpu+0x560/0x560 [ 137.605590] ? graph_lock+0x170/0x170 [ 137.609393] ? vmx_vcpu_run+0x1383/0x289d [ 137.613541] ? vmx_vcpu_run+0x1377/0x289d [ 137.617754] ? vmx_vcpu_run+0x1383/0x289d [ 137.621900] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 137.627428] ? check_preemption_disabled+0x48/0x200 [ 137.632440] ? check_preemption_disabled+0x48/0x200 [ 137.637451] ? __lock_is_held+0xb5/0x140 [ 137.641518] handle_vmcall+0x15/0x20 [ 137.645225] ? handle_io+0x100/0x100 [ 137.648928] vmx_handle_exit+0x2f7/0x17e0 [ 137.653062] ? lock_acquire+0x1ed/0x520 [ 137.657026] ? vcpu_enter_guest+0x12f2/0x6380 [ 137.661517] ? vcpu_enter_guest+0x1271/0x6380 [ 137.666062] ? handle_vmfunc+0x9d0/0x9d0 [ 137.670120] ? trace_hardirqs_on+0xbd/0x310 [ 137.674439] ? kvm_arch_vcpu_ioctl_run+0x375/0x16e0 [ 137.679451] ? check_preemption_disabled+0x48/0x200 [ 137.684521] ? check_preemption_disabled+0x48/0x200 [ 137.689678] vcpu_enter_guest+0x14a9/0x6380 [ 137.694005] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 137.699451] ? emulator_read_emulated+0x50/0x50 [ 137.704111] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 137.709216] ? vmx_vcpu_load+0xb06/0x1030 [ 137.713357] ? __list_del_entry_valid.cold.1+0x58/0x58 [ 137.718624] ? debug_object_free+0x325/0x690 [ 137.723022] ? vmx_write_tsc_offset+0x680/0x680 [ 137.727683] ? graph_lock+0x170/0x170 [ 137.731655] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 137.737184] ? check_preemption_disabled+0x48/0x200 [ 137.742202] ? check_preemption_disabled+0x48/0x200 [ 137.747213] ? __lock_is_held+0xb5/0x140 [ 137.751271] ? kvm_check_async_pf_completion+0x3ae/0x5c0 [ 137.756721] ? kvm_clear_async_pf_completion_queue+0x770/0x770 [ 137.762690] ? kvm_arch_dev_ioctl+0x630/0x630 [ 137.767178] ? preempt_notifier_dec+0x20/0x20 [ 137.771669] kvm_arch_vcpu_ioctl_run+0x375/0x16e0 [ 137.776501] ? kvm_arch_vcpu_ioctl_run+0x375/0x16e0 [ 137.781524] kvm_vcpu_ioctl+0x72b/0x1150 [ 137.785581] ? kvm_vcpu_block+0x1030/0x1030 [ 137.789905] ? graph_lock+0x170/0x170 [ 137.793717] ? find_held_lock+0x36/0x1c0 [ 137.799172] ? __fget+0x4aa/0x740 [ 137.803025] ? check_preemption_disabled+0x48/0x200 [ 137.809361] ? kasan_check_read+0x11/0x20 [ 137.813560] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 137.819085] ? rcu_bh_qs+0xc0/0xc0 [ 137.822637] ? __fget+0x4d1/0x740 [ 137.826076] ? ksys_dup3+0x680/0x680 [ 137.829774] ? __might_fault+0x12b/0x1e0 [ 137.833820] ? lock_downgrade+0x900/0x900 [ 137.837952] ? lock_release+0x970/0x970 [ 137.841912] ? arch_local_save_flags+0x40/0x40 [ 137.846602] ? kvm_vcpu_block+0x1030/0x1030 [ 137.850917] do_vfs_ioctl+0x1de/0x1720 [ 137.854802] ? ioctl_preallocate+0x300/0x300 [ 137.859202] ? __fget_light+0x2e9/0x430 [ 137.863166] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 137.868696] ? smack_file_ioctl+0x210/0x3c0 [ 137.873005] ? fget_raw+0x20/0x20 [ 137.876446] ? smack_file_lock+0x2e0/0x2e0 [ 137.880671] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 137.886196] ? put_timespec64+0x10f/0x1b0 [ 137.890338] ? nsecs_to_jiffies+0x30/0x30 [ 137.894618] ? do_syscall_64+0x9a/0x820 [ 137.898581] ? do_syscall_64+0x9a/0x820 [ 137.902556] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 137.908084] ? security_file_ioctl+0x94/0xc0 [ 137.912483] ksys_ioctl+0xa9/0xd0 [ 137.916800] __x64_sys_ioctl+0x73/0xb0 [ 137.920689] do_syscall_64+0x1b9/0x820 [ 137.924563] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 137.929914] ? syscall_return_slowpath+0x5e0/0x5e0 [ 137.934827] ? trace_hardirqs_on_caller+0x310/0x310 [ 137.939832] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 137.944834] ? recalc_sigpending_tsk+0x180/0x180 [ 137.949573] ? kasan_check_write+0x14/0x20 [ 137.953796] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 137.958633] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 137.963810] RIP: 0033:0x457569 [ 137.966988] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 137.985924] RSP: 002b:00007fae16924c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 137.993626] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 138.000879] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 138.008144] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 138.015401] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fae169256d4 [ 138.022659] R13: 00000000004c0027 R14: 00000000004d0108 R15: 00000000ffffffff [ 138.029927] Modules linked in: [ 138.035887] ---[ end trace 04e3568d8268cad6 ]--- [ 138.040691] RIP: 0010:kvm_pv_send_ipi+0x364/0xdd0 [ 138.045588] Code: 45 84 ed 0f 84 da 07 00 00 e8 58 ad 65 00 48 8d 4b 14 48 b8 00 00 00 00 00 fc ff df 48 89 ca 48 89 8d 70 fe ff ff 48 c1 ea 03 <0f> b6 14 02 48 89 c8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 f5 [ 138.064577] RSP: 0018:ffff8801b8697028 EFLAGS: 00010203 [ 138.069985] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000014 [ 138.077283] RDX: 0000000000000002 RSI: ffffffff8118fbf8 RDI: 0000000000000005 [ 138.084547] RBP: ffff8801b86971c8 R08: ffff8801ccc540c0 R09: 1ffffffff1273955 [ 138.091857] R10: ffffed003b5e4732 R11: ffff8801daf23993 R12: ffff8801b86971a0 [ 138.100226] R13: 0000000000000001 R14: 0000000000000000 R15: ffff8801b8697120 [ 138.107544] FS: 00007fae16925700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 138.115827] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 138.121697] CR2: 00007f1a3f8f9000 CR3: 00000001cb637000 CR4: 00000000001426f0 [ 138.129011] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 138.136330] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 138.143595] Kernel panic - not syncing: Fatal exception [ 138.149866] Kernel Offset: disabled [ 138.153488] Rebooting in 86400 seconds..