[[36minfo[39;49m] Using makefile-style concurrent boot in runlevel 2.
[   24.334875] audit: type=1800 audit(1539701587.690:21): pid=5181 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0
[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   25.321846] sshd (5248) used greatest stack depth: 15496 bytes left
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.60' (ECDSA) to the list of known hosts.
2018/10/16 14:55:14 parsed 1 programs
2018/10/16 14:55:16 executed programs: 0
syzkaller login: [  152.710533] IPVS: ftp: loaded support on port[0] = 21
[  152.961504] bridge0: port 1(bridge_slave_0) entered blocking state
[  152.968158] bridge0: port 1(bridge_slave_0) entered disabled state
[  152.975139] device bridge_slave_0 entered promiscuous mode
[  152.994082] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.000743] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.008089] device bridge_slave_1 entered promiscuous mode
[  153.026284] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  153.044139] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  153.093812] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  153.114297] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  153.192910] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  153.200603] team0: Port device team_slave_0 added
[  153.218218] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  153.225347] team0: Port device team_slave_1 added
[  153.242247] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  153.262009] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  153.282381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  153.302089] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  153.447704] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.454129] bridge0: port 2(bridge_slave_1) entered forwarding state
[  153.461109] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.467443] bridge0: port 1(bridge_slave_0) entered forwarding state
[  153.975191] 8021q: adding VLAN 0 to HW filter on device bond0
[  154.026341] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  154.078000] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  154.084112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  154.091862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  154.144643] 8021q: adding VLAN 0 to HW filter on device team0
[  154.508944] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  154.579119] kasan: CONFIG_KASAN_INLINE enabled
[  154.583823] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  154.591518] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  154.597773] CPU: 1 PID: 5610 Comm: syz-executor0 Not tainted 4.19.0-rc8+ #285
[  154.605041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  154.614627] RIP: 0010:kvm_pv_send_ipi+0x364/0xdd0
[  154.619456] Code: 45 84 ed 0f 84 da 07 00 00 e8 58 ad 65 00 48 8d 4b 14 48 b8 00 00 00 00 00 fc ff df 48 89 ca 48 89 8d 70 fe ff ff 48 c1 ea 03 <0f> b6 14 02 48 89 c8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 f5
[  154.638340] RSP: 0018:ffff8801cf9f7028 EFLAGS: 00010203
[  154.643686] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000014
[  154.650940] RDX: 0000000000000002 RSI: ffffffff8118fbf8 RDI: 0000000000000005
[  154.658190] RBP: ffff8801cf9f71c8 R08: ffff8801d20ea0c0 R09: 1ffffffff1273955
[  154.665438] R10: ffffed003b5e4732 R11: ffff8801daf23993 R12: ffff8801cf9f71a0
[  154.672691] R13: 0000000000000001 R14: 0000000000000000 R15: ffff8801cf9f7120
[  154.679953] FS:  00007f7c2992d700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
[  154.688164] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  154.694028] CR2: 0000000000000000 CR3: 00000001ce127000 CR4: 00000000001426e0
[  154.701311] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  154.708561] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  154.715812] Call Trace:
[  154.718389]  ? __lock_is_held+0xb5/0x140
[  154.722451]  ? graph_lock+0x170/0x170
[  154.726234]  ? kvm_apic_set_irq+0x170/0x170
[  154.730558]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  154.736082]  ? check_preemption_disabled+0x48/0x200
[  154.741086]  ? check_preemption_disabled+0x48/0x200
[  154.746092]  ? __lock_is_held+0xb5/0x140
[  154.750141]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  154.755696]  ? vmx_read_guest_seg_ar+0x221/0x270
[  154.760494]  kvm_emulate_hypercall+0xa1a/0xf20
[  154.765076]  ? kvm_load_guest_fpu+0x560/0x560
[  154.769559]  ? graph_lock+0x170/0x170
[  154.773352]  ? vmx_vcpu_run+0x1383/0x289d
[  154.777495]  ? vmx_vcpu_run+0x1377/0x289d
[  154.781627]  ? vmx_vcpu_run+0x1383/0x289d
[  154.785759]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  154.791290]  ? check_preemption_disabled+0x48/0x200
[  154.796289]  ? check_preemption_disabled+0x48/0x200
[  154.801318]  ? __lock_is_held+0xb5/0x140
[  154.805376]  handle_vmcall+0x15/0x20
[  154.809078]  ? handle_io+0x100/0x100
[  154.812779]  vmx_handle_exit+0x2f7/0x17e0
[  154.816915]  ? lock_acquire+0x1ed/0x520
[  154.820892]  ? vcpu_enter_guest+0x12f2/0x6380
[  154.825378]  ? vcpu_enter_guest+0x1271/0x6380
[  154.829857]  ? handle_vmfunc+0x9d0/0x9d0
[  154.833905]  ? trace_hardirqs_on+0xbd/0x310
[  154.838210]  ? kvm_arch_vcpu_ioctl_run+0x375/0x16e0
[  154.843215]  ? check_preemption_disabled+0x48/0x200
[  154.848217]  ? check_preemption_disabled+0x48/0x200
[  154.853217]  vcpu_enter_guest+0x14a9/0x6380
[  154.857520]  ? __bpf_trace_preemptirq_template+0x30/0x30
[  154.862971]  ? emulator_read_emulated+0x50/0x50
[  154.867632]  ? _raw_spin_unlock_irqrestore+0x6d/0xd0
[  154.872736]  ? vmx_vcpu_load+0xb06/0x1030
[  154.876874]  ? __list_del_entry_valid.cold.1+0x58/0x58
[  154.882134]  ? debug_object_free+0x325/0x690
[  154.886525]  ? vmx_write_tsc_offset+0x680/0x680
[  154.891179]  ? graph_lock+0x170/0x170
[  154.894965]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  154.900489]  ? check_preemption_disabled+0x48/0x200
[  154.905490]  ? check_preemption_disabled+0x48/0x200
[  154.910491]  ? __lock_is_held+0xb5/0x140
[  154.914546]  ? kvm_check_async_pf_completion+0x3ae/0x5c0
[  154.919981]  ? kvm_clear_async_pf_completion_queue+0x770/0x770
[  154.925937]  ? kvm_arch_dev_ioctl+0x630/0x630
[  154.930415]  ? preempt_notifier_dec+0x20/0x20
[  154.934898]  kvm_arch_vcpu_ioctl_run+0x375/0x16e0
[  154.939724]  ? kvm_arch_vcpu_ioctl_run+0x375/0x16e0
[  154.944728]  kvm_vcpu_ioctl+0x72b/0x1150
[  154.948796]  ? kvm_vcpu_block+0x1030/0x1030
[  154.953107]  ? graph_lock+0x170/0x170
[  154.956891]  ? find_held_lock+0x36/0x1c0
[  154.960948]  ? __fget+0x4aa/0x740
[  154.964392]  ? check_preemption_disabled+0x48/0x200
[  154.969425]  ? kasan_check_read+0x11/0x20
[  154.973583]  ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160
[  154.978858]  ? rcu_bh_qs+0xc0/0xc0
[  154.982387]  ? __fget+0x4d1/0x740
[  154.985824]  ? ksys_dup3+0x680/0x680
[  154.989538]  ? __might_fault+0x12b/0x1e0
[  154.993594]  ? lock_downgrade+0x900/0x900
[  154.997726]  ? lock_release+0x970/0x970
[  155.001687]  ? arch_local_save_flags+0x40/0x40
[  155.006253]  ? kvm_vcpu_block+0x1030/0x1030
[  155.010564]  do_vfs_ioctl+0x1de/0x1720
[  155.014445]  ? ioctl_preallocate+0x300/0x300
[  155.018836]  ? __fget_light+0x2e9/0x430
[  155.022814]  ? fget_raw+0x20/0x20
[  155.026284]  ? _copy_to_user+0xc8/0x110
[  155.030245]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  155.035852]  ? put_timespec64+0x10f/0x1b0
[  155.039983]  ? nsecs_to_jiffies+0x30/0x30
[  155.044118]  ? do_syscall_64+0x9a/0x820
[  155.048084]  ? do_syscall_64+0x9a/0x820
[  155.052049]  ? lockdep_hardirqs_on+0x421/0x5c0
[  155.056615]  ? security_file_ioctl+0x94/0xc0
[  155.061007]  ksys_ioctl+0xa9/0xd0
[  155.064459]  __x64_sys_ioctl+0x73/0xb0
[  155.068333]  do_syscall_64+0x1b9/0x820
[  155.072205]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  155.077553]  ? syscall_return_slowpath+0x5e0/0x5e0
[  155.082470]  ? trace_hardirqs_on_caller+0x310/0x310
[  155.087472]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[  155.092630]  ? recalc_sigpending_tsk+0x180/0x180
[  155.097371]  ? kasan_check_write+0x14/0x20
[  155.101593]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  155.106423]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  155.111594] RIP: 0033:0x457569
[  155.114813] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  155.133698] RSP: 002b:00007f7c2992cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  155.141403] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
[  155.148683] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[  155.155933] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000
[  155.163340] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7c2992d6d4
[  155.170595] R13: 00000000004c0027 R14: 00000000004d0108 R15: 00000000ffffffff
[  155.177850] Modules linked in:
[  155.183708] ---[ end trace 4c10104cb1dd3b37 ]---
[  155.188493] RIP: 0010:kvm_pv_send_ipi+0x364/0xdd0
[  155.193344] Code: 45 84 ed 0f 84 da 07 00 00 e8 58 ad 65 00 48 8d 4b 14 48 b8 00 00 00 00 00 fc ff df 48 89 ca 48 89 8d 70 fe ff ff 48 c1 ea 03 <0f> b6 14 02 48 89 c8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 f5
[  155.213017] RSP: 0018:ffff8801cf9f7028 EFLAGS: 00010203
[  155.218441] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000014
[  155.225716] RDX: 0000000000000002 RSI: ffffffff8118fbf8 RDI: 0000000000000005
[  155.233025] RBP: ffff8801cf9f71c8 R08: ffff8801d20ea0c0 R09: 1ffffffff1273955
[  155.240319] R10: ffffed003b5e4732 R11: ffff8801daf23993 R12: ffff8801cf9f71a0
[  155.247634] R13: 0000000000000001 R14: 0000000000000000 R15: ffff8801cf9f7120
[  155.254903] FS:  00007f7c2992d700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
[  155.263148] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  155.269072] CR2: 0000000000000000 CR3: 00000001ce127000 CR4: 00000000001426e0
[  155.276330] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  155.283616] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  155.291173] Kernel panic - not syncing: Fatal exception
[  155.297346] Kernel Offset: disabled
[  155.300983] Rebooting in 86400 seconds..