[   35.725626] audit: type=1800 audit(1550963177.213:27): pid=7478 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   35.748387] audit: type=1800 audit(1550963177.213:28): pid=7478 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   36.315475] audit: type=1800 audit(1550963177.863:29): pid=7478 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   36.340123] audit: type=1800 audit(1550963177.863:30): pid=7478 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.111' (ECDSA) to the list of known hosts.
2019/02/23 23:06:30 parsed 1 programs
2019/02/23 23:06:32 executed programs: 0
syzkaller login: [   50.527014] IPVS: ftp: loaded support on port[0] = 21
[   50.582186] chnl_net:caif_netlink_parms(): no params data found
[   50.610706] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.618080] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.625268] device bridge_slave_0 entered promiscuous mode
[   50.632601] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.638977] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.646650] device bridge_slave_1 entered promiscuous mode
[   50.661612] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   50.670214] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   50.686495] team0: Port device team_slave_0 added
[   50.693553] team0: Port device team_slave_1 added
[   50.743121] device hsr_slave_0 entered promiscuous mode
[   50.791371] device hsr_slave_1 entered promiscuous mode
[   50.848071] bridge0: port 2(bridge_slave_1) entered blocking state
[   50.854523] bridge0: port 2(bridge_slave_1) entered forwarding state
[   50.861395] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.867725] bridge0: port 1(bridge_slave_0) entered forwarding state
[   50.895292] 8021q: adding VLAN 0 to HW filter on device bond0
[   50.906226] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   50.925638] bridge0: port 1(bridge_slave_0) entered disabled state
[   50.933622] bridge0: port 2(bridge_slave_1) entered disabled state
[   50.940727] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   50.951586] 8021q: adding VLAN 0 to HW filter on device team0
[   50.983346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   50.990887] bridge0: port 1(bridge_slave_0) entered blocking state
[   50.997261] bridge0: port 1(bridge_slave_0) entered forwarding state
[   51.004241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   51.012220] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.018550] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.025790] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   51.033522] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   51.040966] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   51.048484] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   51.057008] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   51.065005] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   51.081263] 8021q: adding VLAN 0 to HW filter on device batadv0
[   51.124231] IPv6: ADDRCONF(NETDEV_CHANGE): rose0: link becomes ready
[   51.251354] kasan: CONFIG_KASAN_INLINE enabled
[   51.256008] kasan: GPF could be caused by NULL-ptr deref or user memory access
[   51.263409] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[   51.269740] CPU: 1 PID: 7646 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ #92
[   51.276903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.286244] RIP: 0010:rose_send_frame+0x1a8/0x280
[   51.291083] Code: c1 ea 03 80 3c 02 00 0f 85 8d 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 20 49 8d bc 24 58 03 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 7e 49 8b 94 24 58 03 00 00 e9 b8 fe ff ff e8 70 fd
[   51.309981] RSP: 0018:ffff8880ae907ae8 EFLAGS: 00010202
[   51.315326] RAX: dffffc0000000000 RBX: ffff88809a401780 RCX: ffffffff8635e28b
[   51.322571] RDX: 000000000000006b RSI: ffffffff8635e3bc RDI: 0000000000000358
[   51.329822] RBP: ffff8880ae907b18 R08: ffff888091b18540 R09: ffffed1011e1bf1d
[   51.337069] R10: ffffed1011e1bf1c R11: ffff88808f0df8e3 R12: 0000000000000000
[   51.344371] R13: 0000000000000078 R14: 0000000000000005 R15: ffff8880a3ecc680
[   51.351641] FS:  0000000002116940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[   51.359951] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   51.365815] CR2: 000000000070e6b4 CR3: 0000000093f3c000 CR4: 00000000001406e0
[   51.373072] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   51.380324] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   51.387571] Call Trace:
[   51.390175]  <IRQ>
[   51.392323]  rose_transmit_clear_request+0x1de/0x2a0
[   51.397406]  ? __local_bh_enable_ip+0x15a/0x270
[   51.402055]  rose_rx_call_request+0x4ea/0x1990
[   51.406614]  ? rose_dev_get+0x21e/0x320
[   51.410568]  ? rose_release+0x410/0x410
[   51.414528]  rose_loopback_timer+0x26a/0x3f0
[   51.418920]  call_timer_fn+0x190/0x720
[   51.423011]  ? rose_link_rx_restart.cold+0xa9/0xa9
[   51.427931]  ? process_timeout+0x40/0x40
[   51.431969]  ? run_timer_softirq+0x647/0x1700
[   51.436444]  ? trace_hardirqs_on+0x67/0x230
[   51.440744]  ? kasan_check_read+0x11/0x20
[   51.444878]  ? rose_link_rx_restart.cold+0xa9/0xa9
[   51.449788]  run_timer_softirq+0x652/0x1700
[   51.454090]  ? add_timer+0xbe0/0xbe0
[   51.457792]  ? kvm_clock_read+0x18/0x30
[   51.461747]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.467264]  ? check_preemption_disabled+0x48/0x290
[   51.472262]  ? rcu_lockdep_current_cpu_online+0xe3/0x130
[   51.477698]  __do_softirq+0x266/0x95a
[   51.481480]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   51.487005]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   51.492534]  irq_exit+0x180/0x1d0
[   51.495975]  smp_apic_timer_interrupt+0x14a/0x570
[   51.500798]  apic_timer_interrupt+0xf/0x20
[   51.505004]  </IRQ>
[   51.507222] RIP: 0010:kfree+0x186/0x230
[   51.511181] Code: 5b 7e 0f 85 b3 fe ff ff e8 08 be 59 ff e9 a9 fe ff ff e8 7d a1 ce ff 48 83 3d 25 da eb 06 00 0f 84 9e 00 00 00 48 89 df 57 9d <0f> 1f 44 00 00 5b 41 5c 41 5d 41 5e 5d c3 4c 89 f2 4c 89 e6 4c 89
[   51.530069] RSP: 0018:ffff8880913d7a68 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
[   51.537762] RAX: 0000000000000007 RBX: 0000000000000286 RCX: 0000000000000000
[   51.545015] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000286
[   51.552269] RBP: ffff8880913d7a88 R08: ffff888091b18540 R09: 0000000000000000
[   51.559517] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880a68f0780
[   51.566765] R13: ffff88812c3f0340 R14: ffffffff819f1f0e R15: 0000000000000001
[   51.574022]  ? __vunmap+0x2ee/0x400
[   51.577639]  __vunmap+0x2ee/0x400
[   51.581083]  vfree+0x8d/0x140
[   51.584185]  __do_replace+0x176/0x930
[   51.587975]  ? compat_table_info+0x500/0x500
[   51.592369]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   51.597895]  ? _copy_from_user+0xdd/0x150
[   51.602027]  do_ip6t_set_ctl+0x327/0x498
[   51.606070]  ? compat_do_ip6t_set_ctl+0x160/0x160
[   51.610897]  ? mutex_unlock+0xd/0x10
[   51.614593]  ? nf_sockopt_find.constprop.0+0x226/0x290
[   51.619853]  nf_setsockopt+0x7d/0xd0
[   51.623559]  ipv6_setsockopt+0x144/0x170
[   51.627602]  tcp_setsockopt+0x95/0xf0
[   51.631432]  sock_common_setsockopt+0x9a/0xe0
[   51.635915]  __sys_setsockopt+0x180/0x280
[   51.640042]  ? kernel_accept+0x310/0x310
[   51.644086]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   51.648840]  ? do_syscall_64+0x26/0x610
[   51.652797]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   51.658211]  ? do_syscall_64+0x26/0x610
[   51.662174]  __x64_sys_setsockopt+0xbe/0x150
[   51.666566]  do_syscall_64+0x103/0x610
[   51.670443]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   51.675608] RIP: 0033:0x45a97a
[   51.678785] Code: 49 89 ca b8 37 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 49 89 ca b8 36 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00
[   51.697784] RSP: 002b:00007ffdab03d928 EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[   51.705478] RAX: ffffffffffffffda RBX: 00007ffdab03d950 RCX: 000000000045a97a
[   51.712730] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[   51.719977] RBP: 000000000070ecc0 R08: 00000000000003b8 R09: 0000000000004000
[   51.727240] R10: 000000000070e660 R11: 0000000000000206 R12: 0000000000000003
[   51.734489] R13: 0000000000000000 R14: 0000000000000029 R15: 000000000070e600
[   51.741746] Modules linked in:
[   51.744986] ---[ end trace e7cc9956a3b08c81 ]---
[   51.749738] RIP: 0010:rose_send_frame+0x1a8/0x280
[   51.754591] Code: c1 ea 03 80 3c 02 00 0f 85 8d 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 20 49 8d bc 24 58 03 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 75 7e 49 8b 94 24 58 03 00 00 e9 b8 fe ff ff e8 70 fd
[   51.773498] RSP: 0018:ffff8880ae907ae8 EFLAGS: 00010202
[   51.778841] RAX: dffffc0000000000 RBX: ffff88809a401780 RCX: ffffffff8635e28b
[   51.786126] RDX: 000000000000006b RSI: ffffffff8635e3bc RDI: 0000000000000358
[   51.793390] RBP: ffff8880ae907b18 R08: ffff888091b18540 R09: ffffed1011e1bf1d
[   51.800641] R10: ffffed1011e1bf1c R11: ffff88808f0df8e3 R12: 0000000000000000
[   51.807921] R13: 0000000000000078 R14: 0000000000000005 R15: ffff8880a3ecc680
[   51.815185] FS:  0000000002116940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[   51.823413] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   51.829272] CR2: 000000000070e6b4 CR3: 0000000093f3c000 CR4: 00000000001406e0
[   51.836560] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   51.843821] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   51.851138] Kernel panic - not syncing: Fatal exception in interrupt
[   51.858701] Kernel Offset: disabled
[   51.862322] Rebooting in 86400 seconds..