[ 36.084022][ T26] audit: type=1800 audit(1556711024.620:27): pid=7543 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 36.104696][ T26] audit: type=1800 audit(1556711024.620:28): pid=7543 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.814197][ T26] audit: type=1800 audit(1556711025.430:29): pid=7543 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 36.841807][ T26] audit: type=1800 audit(1556711025.430:30): pid=7543 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. 2019/05/01 11:43:56 fuzzer started 2019/05/01 11:43:59 dialing manager at 10.128.0.26:34869 2019/05/01 11:43:59 syscalls: 2440 2019/05/01 11:43:59 code coverage: enabled 2019/05/01 11:43:59 comparison tracing: enabled 2019/05/01 11:43:59 extra coverage: extra coverage is not supported by the kernel 2019/05/01 11:43:59 setuid sandbox: enabled 2019/05/01 11:43:59 namespace sandbox: enabled 2019/05/01 11:43:59 Android sandbox: /sys/fs/selinux/policy does not exist 2019/05/01 11:43:59 fault injection: enabled 2019/05/01 11:43:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/05/01 11:43:59 net packet injection: enabled 2019/05/01 11:43:59 net device setup: enabled 11:45:41 executing program 0: syzkaller login: [ 153.299628][ T7708] IPVS: ftp: loaded support on port[0] = 21 11:45:42 executing program 1: [ 153.455713][ T7708] chnl_net:caif_netlink_parms(): no params data found [ 153.546659][ T7708] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.559239][ T7708] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.568869][ T7708] device bridge_slave_0 entered promiscuous mode [ 153.579743][ T7708] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.587406][ T7708] bridge0: port 2(bridge_slave_1) entered disabled state 11:45:42 executing program 2: [ 153.596994][ T7708] device bridge_slave_1 entered promiscuous mode [ 153.624418][ T7711] IPVS: ftp: loaded support on port[0] = 21 [ 153.624691][ T7708] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 153.644161][ T7708] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 153.699078][ T7708] team0: Port device team_slave_0 added [ 153.721089][ T7708] team0: Port device team_slave_1 added 11:45:42 executing program 3: [ 153.814602][ T7708] device hsr_slave_0 entered promiscuous mode [ 153.893006][ T7708] device hsr_slave_1 entered promiscuous mode [ 153.954631][ T7708] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.961845][ T7708] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.969834][ T7708] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.976963][ T7708] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.026164][ T7711] chnl_net:caif_netlink_parms(): no params data found [ 154.046597][ T7713] IPVS: ftp: loaded support on port[0] = 21 [ 154.098060][ T7715] IPVS: ftp: loaded support on port[0] = 21 [ 154.108196][ T7711] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.121198][ T7711] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.129797][ T7711] device bridge_slave_0 entered promiscuous mode 11:45:42 executing program 4: [ 154.142802][ T7711] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.150908][ T7711] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.159241][ T7711] device bridge_slave_1 entered promiscuous mode [ 154.265944][ T7708] 8021q: adding VLAN 0 to HW filter on device bond0 [ 154.275607][ T7711] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 154.325266][ T7711] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 154.375414][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 154.387105][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.407886][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.417872][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 154.431269][ T7708] 8021q: adding VLAN 0 to HW filter on device team0 [ 154.445199][ T7711] team0: Port device team_slave_0 added [ 154.453444][ T7719] IPVS: ftp: loaded support on port[0] = 21 [ 154.483195][ T7711] team0: Port device team_slave_1 added [ 154.502083][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 154.513751][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 154.524382][ T12] bridge0: port 1(bridge_slave_0) entered blocking state 11:45:43 executing program 5: [ 154.531573][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.593905][ T7713] chnl_net:caif_netlink_parms(): no params data found [ 154.610336][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 154.623248][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 154.633517][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.641327][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 154.650534][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 154.659515][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 154.733880][ T7711] device hsr_slave_0 entered promiscuous mode [ 154.771906][ T7711] device hsr_slave_1 entered promiscuous mode [ 154.886254][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 154.898225][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 154.909174][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 154.924851][ T7723] IPVS: ftp: loaded support on port[0] = 21 [ 154.946504][ T7715] chnl_net:caif_netlink_parms(): no params data found [ 154.964332][ T7713] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.971429][ T7713] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.980659][ T7713] device bridge_slave_0 entered promiscuous mode [ 154.989103][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 154.998836][ T2989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 155.041161][ T7713] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.048570][ T7713] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.056956][ T7713] device bridge_slave_1 entered promiscuous mode [ 155.105344][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 155.115004][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 155.123881][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 155.133201][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 155.144567][ T7708] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 155.160052][ T7715] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.168182][ T7715] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.176404][ T7715] device bridge_slave_0 entered promiscuous mode [ 155.187552][ T7713] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 155.212967][ T7715] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.220073][ T7715] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.229917][ T7715] device bridge_slave_1 entered promiscuous mode [ 155.250245][ T7713] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 155.276486][ T7713] team0: Port device team_slave_0 added [ 155.284999][ T7719] chnl_net:caif_netlink_parms(): no params data found [ 155.299398][ T7715] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 155.310083][ T7715] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 155.323779][ T7713] team0: Port device team_slave_1 added [ 155.385081][ T7715] team0: Port device team_slave_0 added [ 155.393709][ T7715] team0: Port device team_slave_1 added [ 155.429872][ T7723] chnl_net:caif_netlink_parms(): no params data found [ 155.513617][ T7713] device hsr_slave_0 entered promiscuous mode [ 155.562867][ T7713] device hsr_slave_1 entered promiscuous mode [ 155.621883][ T7719] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.628974][ T7719] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.637426][ T7719] device bridge_slave_0 entered promiscuous mode [ 155.647070][ T7719] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.654677][ T7719] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.662975][ T7719] device bridge_slave_1 entered promiscuous mode [ 155.726057][ T7715] device hsr_slave_0 entered promiscuous mode [ 155.791911][ T7715] device hsr_slave_1 entered promiscuous mode [ 155.866857][ T7708] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 155.875790][ T7719] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 155.920483][ T7719] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 155.940774][ T7711] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.958147][ T7723] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.968554][ T7723] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.981382][ T7723] device bridge_slave_0 entered promiscuous mode [ 155.991076][ T7723] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.000287][ T7723] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.009673][ T7723] device bridge_slave_1 entered promiscuous mode [ 156.029426][ T7719] team0: Port device team_slave_0 added [ 156.054445][ T7719] team0: Port device team_slave_1 added 11:45:44 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x101000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f00000001c0)="660fe2c79ddcf2ba6100edf2db8658000f1815660f3a22aa060003baf80c66b80c0c7b8a66efbafc0c66ed0f20d86635200000000f22d80f07", 0x39}], 0x1, 0x0, 0x0, 0xffffffffffffff9d) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) semop(0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 156.095769][ T7723] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 156.109424][ T7711] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.151366][ T7723] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 156.168327][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 156.176305][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 156.191337][ T7736] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 156.224502][ T7719] device hsr_slave_0 entered promiscuous mode [ 156.235715][ T7736] kasan: CONFIG_KASAN_INLINE enabled [ 156.241172][ T7736] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 156.249248][ T7736] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 156.256175][ T7736] CPU: 1 PID: 7736 Comm: syz-executor.0 Not tainted 5.1.0-rc7-next-20190430 #33 [ 156.265197][ T7736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 156.275266][ T7736] RIP: 0010:vcpu_enter_guest+0xbcd/0x5fb0 [ 156.280960][ T7736] Code: 48 c1 ea 03 80 3c 02 00 0f 85 6f 48 00 00 49 8b 9f b0 03 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 78 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 39 48 00 00 8b 5b 78 31 ff 89 [ 156.300559][ T7736] RSP: 0018:ffff88806547fa00 EFLAGS: 00010006 [ 156.306604][ T7736] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90005de1000 [ 156.314554][ T7736] RDX: 000000000000000f RSI: ffffffff810cd7b2 RDI: 0000000000000078 [ 156.323469][ T7736] RBP: ffff88806547fb10 R08: ffff888065474080 R09: ffffed1015d26be0 [ 156.331432][ T7736] R10: ffffed1015d26bdf R11: ffff8880ae935efb R12: ffff8880654f806c [ 156.339407][ T7736] R13: 0000000000000001 R14: ffff8880654f8070 R15: ffff8880654f8040 [ 156.347374][ T7736] FS: 00007f8123572700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 156.356291][ T7736] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 156.362853][ T7736] CR2: 00007f8123570178 CR3: 000000008bb08000 CR4: 00000000001426e0 [ 156.370804][ T7736] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 156.378765][ T7736] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 156.386721][ T7736] Call Trace: [ 156.390011][ T7736] ? emulator_read_emulated+0x50/0x50 [ 156.395370][ T7736] ? lock_acquire+0x16f/0x3f0 [ 156.400086][ T7736] ? kvm_arch_vcpu_ioctl_run+0x240/0x1750 [ 156.405799][ T7736] kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 156.411322][ T7736] ? kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 156.417030][ T7736] kvm_vcpu_ioctl+0x4dc/0xf90 [ 156.421687][ T7736] ? kvm_set_memory_region+0x50/0x50 [ 156.426951][ T7736] ? tomoyo_path_number_perm+0x263/0x520 [ 156.432577][ T7736] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 156.438376][ T7736] ? __fget+0x35a/0x550 [ 156.442523][ T7736] ? kvm_set_memory_region+0x50/0x50 [ 156.447792][ T7736] do_vfs_ioctl+0xd6e/0x1390 [ 156.452376][ T7736] ? ioctl_preallocate+0x210/0x210 [ 156.457476][ T7736] ? __fget+0x381/0x550 [ 156.461628][ T7736] ? ksys_dup3+0x3e0/0x3e0 [ 156.466033][ T7736] ? nsecs_to_jiffies+0x30/0x30 [ 156.470864][ T7736] ? tomoyo_file_ioctl+0x23/0x30 [ 156.475793][ T7736] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 156.482020][ T7736] ? security_file_ioctl+0x93/0xc0 [ 156.487113][ T7736] ksys_ioctl+0xab/0xd0 [ 156.491245][ T7736] __x64_sys_ioctl+0x73/0xb0 [ 156.495817][ T7736] do_syscall_64+0x103/0x670 [ 156.500399][ T7736] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 156.506271][ T7736] RIP: 0033:0x458da9 [ 156.510153][ T7736] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 156.529767][ T7736] RSP: 002b:00007f8123571c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 156.538202][ T7736] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458da9 [ 156.546161][ T7736] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 156.554123][ T7736] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 156.563006][ T7736] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f81235726d4 [ 156.570970][ T7736] R13: 00000000004c1d42 R14: 00000000004d4550 R15: 00000000ffffffff [ 156.578924][ T7736] Modules linked in: [ 156.582821][ T7736] ---[ end trace 9298b802dc3ae637 ]--- [ 156.588272][ T7736] RIP: 0010:vcpu_enter_guest+0xbcd/0x5fb0 [ 156.593980][ T7736] Code: 48 c1 ea 03 80 3c 02 00 0f 85 6f 48 00 00 49 8b 9f b0 03 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 78 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 39 48 00 00 8b 5b 78 31 ff 89 [ 156.618613][ T7736] RSP: 0018:ffff88806547fa00 EFLAGS: 00010006 [ 156.631946][ T7736] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90005de1000 [ 156.639961][ T7736] RDX: 000000000000000f RSI: ffffffff810cd7b2 RDI: 0000000000000078 [ 156.647920][ T7736] RBP: ffff88806547fb10 R08: ffff888065474080 R09: ffffed1015d26be0 [ 156.655879][ T7736] R10: ffffed1015d26bdf R11: ffff8880ae935efb R12: ffff8880654f806c [ 156.663837][ T7736] R13: 0000000000000001 R14: ffff8880654f8070 R15: ffff8880654f8040 [ 156.671798][ T7736] FS: 00007f8123572700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 156.680713][ T7736] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 156.687279][ T7736] CR2: 00007f8123570178 CR3: 000000008bb08000 CR4: 00000000001426e0 [ 156.695262][ T7736] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 156.703217][ T7736] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 156.711168][ T7736] Kernel panic - not syncing: Fatal exception [ 156.718565][ T7736] Kernel Offset: disabled [ 156.722892][ T7736] Rebooting in 86400 seconds..