[   36.084022][   T26] audit: type=1800 audit(1556711024.620:27): pid=7543 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   36.104696][   T26] audit: type=1800 audit(1556711024.620:28): pid=7543 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   36.814197][   T26] audit: type=1800 audit(1556711025.430:29): pid=7543 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   36.841807][   T26] audit: type=1800 audit(1556711025.430:30): pid=7543 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts.
2019/05/01 11:43:56 fuzzer started
2019/05/01 11:43:59 dialing manager at 10.128.0.26:34869
2019/05/01 11:43:59 syscalls: 2440
2019/05/01 11:43:59 code coverage: enabled
2019/05/01 11:43:59 comparison tracing: enabled
2019/05/01 11:43:59 extra coverage: extra coverage is not supported by the kernel
2019/05/01 11:43:59 setuid sandbox: enabled
2019/05/01 11:43:59 namespace sandbox: enabled
2019/05/01 11:43:59 Android sandbox: /sys/fs/selinux/policy does not exist
2019/05/01 11:43:59 fault injection: enabled
2019/05/01 11:43:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/05/01 11:43:59 net packet injection: enabled
2019/05/01 11:43:59 net device setup: enabled
11:45:41 executing program 0:

syzkaller login: [  153.299628][ T7708] IPVS: ftp: loaded support on port[0] = 21
11:45:42 executing program 1:

[  153.455713][ T7708] chnl_net:caif_netlink_parms(): no params data found
[  153.546659][ T7708] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.559239][ T7708] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.568869][ T7708] device bridge_slave_0 entered promiscuous mode
[  153.579743][ T7708] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.587406][ T7708] bridge0: port 2(bridge_slave_1) entered disabled state
11:45:42 executing program 2:

[  153.596994][ T7708] device bridge_slave_1 entered promiscuous mode
[  153.624418][ T7711] IPVS: ftp: loaded support on port[0] = 21
[  153.624691][ T7708] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  153.644161][ T7708] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  153.699078][ T7708] team0: Port device team_slave_0 added
[  153.721089][ T7708] team0: Port device team_slave_1 added
11:45:42 executing program 3:

[  153.814602][ T7708] device hsr_slave_0 entered promiscuous mode
[  153.893006][ T7708] device hsr_slave_1 entered promiscuous mode
[  153.954631][ T7708] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.961845][ T7708] bridge0: port 2(bridge_slave_1) entered forwarding state
[  153.969834][ T7708] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.976963][ T7708] bridge0: port 1(bridge_slave_0) entered forwarding state
[  154.026164][ T7711] chnl_net:caif_netlink_parms(): no params data found
[  154.046597][ T7713] IPVS: ftp: loaded support on port[0] = 21
[  154.098060][ T7715] IPVS: ftp: loaded support on port[0] = 21
[  154.108196][ T7711] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.121198][ T7711] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.129797][ T7711] device bridge_slave_0 entered promiscuous mode
11:45:42 executing program 4:

[  154.142802][ T7711] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.150908][ T7711] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.159241][ T7711] device bridge_slave_1 entered promiscuous mode
[  154.265944][ T7708] 8021q: adding VLAN 0 to HW filter on device bond0
[  154.275607][ T7711] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  154.325266][ T7711] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  154.375414][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  154.387105][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.407886][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.417872][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  154.431269][ T7708] 8021q: adding VLAN 0 to HW filter on device team0
[  154.445199][ T7711] team0: Port device team_slave_0 added
[  154.453444][ T7719] IPVS: ftp: loaded support on port[0] = 21
[  154.483195][ T7711] team0: Port device team_slave_1 added
[  154.502083][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  154.513751][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  154.524382][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
11:45:43 executing program 5:

[  154.531573][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  154.593905][ T7713] chnl_net:caif_netlink_parms(): no params data found
[  154.610336][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  154.623248][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  154.633517][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.641327][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  154.650534][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  154.659515][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  154.733880][ T7711] device hsr_slave_0 entered promiscuous mode
[  154.771906][ T7711] device hsr_slave_1 entered promiscuous mode
[  154.886254][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  154.898225][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  154.909174][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  154.924851][ T7723] IPVS: ftp: loaded support on port[0] = 21
[  154.946504][ T7715] chnl_net:caif_netlink_parms(): no params data found
[  154.964332][ T7713] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.971429][ T7713] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.980659][ T7713] device bridge_slave_0 entered promiscuous mode
[  154.989103][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  154.998836][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  155.041161][ T7713] bridge0: port 2(bridge_slave_1) entered blocking state
[  155.048570][ T7713] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.056956][ T7713] device bridge_slave_1 entered promiscuous mode
[  155.105344][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  155.115004][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  155.123881][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  155.133201][   T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  155.144567][ T7708] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  155.160052][ T7715] bridge0: port 1(bridge_slave_0) entered blocking state
[  155.168182][ T7715] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.176404][ T7715] device bridge_slave_0 entered promiscuous mode
[  155.187552][ T7713] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  155.212967][ T7715] bridge0: port 2(bridge_slave_1) entered blocking state
[  155.220073][ T7715] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.229917][ T7715] device bridge_slave_1 entered promiscuous mode
[  155.250245][ T7713] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  155.276486][ T7713] team0: Port device team_slave_0 added
[  155.284999][ T7719] chnl_net:caif_netlink_parms(): no params data found
[  155.299398][ T7715] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  155.310083][ T7715] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  155.323779][ T7713] team0: Port device team_slave_1 added
[  155.385081][ T7715] team0: Port device team_slave_0 added
[  155.393709][ T7715] team0: Port device team_slave_1 added
[  155.429872][ T7723] chnl_net:caif_netlink_parms(): no params data found
[  155.513617][ T7713] device hsr_slave_0 entered promiscuous mode
[  155.562867][ T7713] device hsr_slave_1 entered promiscuous mode
[  155.621883][ T7719] bridge0: port 1(bridge_slave_0) entered blocking state
[  155.628974][ T7719] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.637426][ T7719] device bridge_slave_0 entered promiscuous mode
[  155.647070][ T7719] bridge0: port 2(bridge_slave_1) entered blocking state
[  155.654677][ T7719] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.662975][ T7719] device bridge_slave_1 entered promiscuous mode
[  155.726057][ T7715] device hsr_slave_0 entered promiscuous mode
[  155.791911][ T7715] device hsr_slave_1 entered promiscuous mode
[  155.866857][ T7708] 8021q: adding VLAN 0 to HW filter on device batadv0
[  155.875790][ T7719] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  155.920483][ T7719] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  155.940774][ T7711] 8021q: adding VLAN 0 to HW filter on device bond0
[  155.958147][ T7723] bridge0: port 1(bridge_slave_0) entered blocking state
[  155.968554][ T7723] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.981382][ T7723] device bridge_slave_0 entered promiscuous mode
[  155.991076][ T7723] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.000287][ T7723] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.009673][ T7723] device bridge_slave_1 entered promiscuous mode
[  156.029426][ T7719] team0: Port device team_slave_0 added
[  156.054445][ T7719] team0: Port device team_slave_1 added
11:45:44 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f319bd070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f00000001c0)="660fe2c79ddcf2ba6100edf2db8658000f1815660f3a22aa060003baf80c66b80c0c7b8a66efbafc0c66ed0f20d86635200000000f22d80f07", 0x39}], 0x1, 0x0, 0x0, 0xffffffffffffff9d)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
semop(0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  156.095769][ T7723] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  156.109424][ T7711] 8021q: adding VLAN 0 to HW filter on device team0
[  156.151366][ T7723] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  156.168327][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  156.176305][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  156.191337][ T7736] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
[  156.224502][ T7719] device hsr_slave_0 entered promiscuous mode
[  156.235715][ T7736] kasan: CONFIG_KASAN_INLINE enabled
[  156.241172][ T7736] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  156.249248][ T7736] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  156.256175][ T7736] CPU: 1 PID: 7736 Comm: syz-executor.0 Not tainted 5.1.0-rc7-next-20190430 #33
[  156.265197][ T7736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  156.275266][ T7736] RIP: 0010:vcpu_enter_guest+0xbcd/0x5fb0
[  156.280960][ T7736] Code: 48 c1 ea 03 80 3c 02 00 0f 85 6f 48 00 00 49 8b 9f b0 03 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 78 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 39 48 00 00 8b 5b 78 31 ff 89
[  156.300559][ T7736] RSP: 0018:ffff88806547fa00 EFLAGS: 00010006
[  156.306604][ T7736] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90005de1000
[  156.314554][ T7736] RDX: 000000000000000f RSI: ffffffff810cd7b2 RDI: 0000000000000078
[  156.323469][ T7736] RBP: ffff88806547fb10 R08: ffff888065474080 R09: ffffed1015d26be0
[  156.331432][ T7736] R10: ffffed1015d26bdf R11: ffff8880ae935efb R12: ffff8880654f806c
[  156.339407][ T7736] R13: 0000000000000001 R14: ffff8880654f8070 R15: ffff8880654f8040
[  156.347374][ T7736] FS:  00007f8123572700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  156.356291][ T7736] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  156.362853][ T7736] CR2: 00007f8123570178 CR3: 000000008bb08000 CR4: 00000000001426e0
[  156.370804][ T7736] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  156.378765][ T7736] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  156.386721][ T7736] Call Trace:
[  156.390011][ T7736]  ? emulator_read_emulated+0x50/0x50
[  156.395370][ T7736]  ? lock_acquire+0x16f/0x3f0
[  156.400086][ T7736]  ? kvm_arch_vcpu_ioctl_run+0x240/0x1750
[  156.405799][ T7736]  kvm_arch_vcpu_ioctl_run+0x425/0x1750
[  156.411322][ T7736]  ? kvm_arch_vcpu_ioctl_run+0x425/0x1750
[  156.417030][ T7736]  kvm_vcpu_ioctl+0x4dc/0xf90
[  156.421687][ T7736]  ? kvm_set_memory_region+0x50/0x50
[  156.426951][ T7736]  ? tomoyo_path_number_perm+0x263/0x520
[  156.432577][ T7736]  ? tomoyo_execute_permission+0x4a0/0x4a0
[  156.438376][ T7736]  ? __fget+0x35a/0x550
[  156.442523][ T7736]  ? kvm_set_memory_region+0x50/0x50
[  156.447792][ T7736]  do_vfs_ioctl+0xd6e/0x1390
[  156.452376][ T7736]  ? ioctl_preallocate+0x210/0x210
[  156.457476][ T7736]  ? __fget+0x381/0x550
[  156.461628][ T7736]  ? ksys_dup3+0x3e0/0x3e0
[  156.466033][ T7736]  ? nsecs_to_jiffies+0x30/0x30
[  156.470864][ T7736]  ? tomoyo_file_ioctl+0x23/0x30
[  156.475793][ T7736]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  156.482020][ T7736]  ? security_file_ioctl+0x93/0xc0
[  156.487113][ T7736]  ksys_ioctl+0xab/0xd0
[  156.491245][ T7736]  __x64_sys_ioctl+0x73/0xb0
[  156.495817][ T7736]  do_syscall_64+0x103/0x670
[  156.500399][ T7736]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  156.506271][ T7736] RIP: 0033:0x458da9
[  156.510153][ T7736] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  156.529767][ T7736] RSP: 002b:00007f8123571c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  156.538202][ T7736] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458da9
[  156.546161][ T7736] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[  156.554123][ T7736] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  156.563006][ T7736] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f81235726d4
[  156.570970][ T7736] R13: 00000000004c1d42 R14: 00000000004d4550 R15: 00000000ffffffff
[  156.578924][ T7736] Modules linked in:
[  156.582821][ T7736] ---[ end trace 9298b802dc3ae637 ]---
[  156.588272][ T7736] RIP: 0010:vcpu_enter_guest+0xbcd/0x5fb0
[  156.593980][ T7736] Code: 48 c1 ea 03 80 3c 02 00 0f 85 6f 48 00 00 49 8b 9f b0 03 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 78 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 39 48 00 00 8b 5b 78 31 ff 89
[  156.618613][ T7736] RSP: 0018:ffff88806547fa00 EFLAGS: 00010006
[  156.631946][ T7736] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90005de1000
[  156.639961][ T7736] RDX: 000000000000000f RSI: ffffffff810cd7b2 RDI: 0000000000000078
[  156.647920][ T7736] RBP: ffff88806547fb10 R08: ffff888065474080 R09: ffffed1015d26be0
[  156.655879][ T7736] R10: ffffed1015d26bdf R11: ffff8880ae935efb R12: ffff8880654f806c
[  156.663837][ T7736] R13: 0000000000000001 R14: ffff8880654f8070 R15: ffff8880654f8040
[  156.671798][ T7736] FS:  00007f8123572700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
[  156.680713][ T7736] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  156.687279][ T7736] CR2: 00007f8123570178 CR3: 000000008bb08000 CR4: 00000000001426e0
[  156.695262][ T7736] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  156.703217][ T7736] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  156.711168][ T7736] Kernel panic - not syncing: Fatal exception
[  156.718565][ T7736] Kernel Offset: disabled
[  156.722892][ T7736] Rebooting in 86400 seconds..