[ 35.812602] audit: type=1800 audit(1550552316.070:27): pid=7552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 35.840424] audit: type=1800 audit(1550552316.070:28): pid=7552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.591112] audit: type=1800 audit(1550552316.910:29): pid=7552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 36.616229] audit: type=1800 audit(1550552316.910:30): pid=7552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.57' (ECDSA) to the list of known hosts. 2019/02/19 04:58:49 parsed 1 programs 2019/02/19 04:58:50 executed programs: 0 syzkaller login: [ 50.404186] IPVS: ftp: loaded support on port[0] = 21 [ 50.461926] chnl_net:caif_netlink_parms(): no params data found [ 50.493282] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.500257] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.507419] device bridge_slave_0 entered promiscuous mode [ 50.514492] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.520925] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.527849] device bridge_slave_1 entered promiscuous mode [ 50.543240] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.552964] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.569914] team0: Port device team_slave_0 added [ 50.575718] team0: Port device team_slave_1 added [ 50.648424] device hsr_slave_0 entered promiscuous mode [ 50.706355] device hsr_slave_1 entered promiscuous mode [ 50.763742] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.770209] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.777147] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.783512] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.812808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.823759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.842982] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.850307] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.857960] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 50.868549] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.876893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.884446] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.890857] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.900004] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.908067] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.914403] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.934094] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 50.944122] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 50.956751] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.964704] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.972377] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.979933] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.987599] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.994568] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.011190] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.639466] kasan: CONFIG_KASAN_INLINE enabled [ 51.644193] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 51.652212] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 51.658439] CPU: 0 PID: 7825 Comm: syz-executor.0 Not tainted 5.0.0-rc7 #77 [ 51.665516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.674863] RIP: 0010:kernfs_add_one+0x343/0x4d0 [ 51.679601] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 52 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 70 48 8d 7b 08 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 1f 01 00 00 8b 5b 08 31 ff 83 [ 51.698484] RSP: 0018:ffff88808de672b0 EFLAGS: 00010202 [ 51.703825] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff870246c8 [ 51.711092] RDX: 0000000000000001 RSI: ffffffff81d252db RDI: 0000000000000008 [ 51.718346] RBP: ffff88808de672f0 R08: 1ffffffff115123c R09: fffffbfff115123d [ 51.725596] R10: fffffbfff115123c R11: ffffffff88a891e7 R12: ffff888091fc4700 [ 51.732845] R13: ffff888091fc4700 R14: 0000000000000000 R15: 0000000000000000 [ 51.740109] FS: 00007f7e4df09700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 51.748321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.754183] CR2: 00007fa41fea7000 CR3: 000000008f6db000 CR4: 00000000001406f0 [ 51.761440] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 51.768700] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.775959] Call Trace: [ 51.778546] kernfs_create_dir_ns+0xff/0x160 [ 51.782970] sysfs_create_dir_ns+0x131/0x2a0 [ 51.787363] ? sysfs_create_mount_point+0xa0/0xa0 [ 51.792196] ? class_dir_child_ns_type+0xd/0x60 [ 51.796852] kobject_add_internal.cold+0xe5/0x5d4 [ 51.801680] kobject_add+0x150/0x1c0 [ 51.805377] ? kset_create_and_add+0x1a0/0x1a0 [ 51.809941] ? kasan_check_read+0x11/0x20 [ 51.814073] ? mutex_unlock+0xd/0x10 [ 51.817769] ? device_add+0x30f/0x1870 [ 51.821637] device_add+0x3d5/0x1870 [ 51.825385] ? device_initialize+0x440/0x440 [ 51.829794] ? get_device_parent.isra.0+0x570/0x570 [ 51.834821] hci_register_dev+0x304/0x880 [ 51.838977] __vhci_create_device+0x2d0/0x5a0 [ 51.843459] vhci_write+0x2d0/0x470 [ 51.847090] __vfs_write+0x613/0x8e0 [ 51.850785] ? kernel_read+0x120/0x120 [ 51.854659] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 51.860186] ? find_held_lock+0x35/0x130 [ 51.864233] __kernel_write+0x110/0x3b0 [ 51.868193] write_pipe_buf+0x15d/0x1f0 [ 51.872167] ? do_splice_direct+0x2a0/0x2a0 [ 51.876471] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.881991] ? splice_from_pipe_next.part.0+0x255/0x2f0 [ 51.887336] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 51.892853] __splice_from_pipe+0x39a/0x7e0 [ 51.897156] ? do_splice_direct+0x2a0/0x2a0 [ 51.901464] ? do_splice_direct+0x2a0/0x2a0 [ 51.905769] splice_from_pipe+0x108/0x170 [ 51.909901] ? splice_shrink_spd+0xd0/0xd0 [ 51.914127] default_file_splice_write+0x3c/0x90 [ 51.918877] ? generic_splice_sendpage+0x50/0x50 [ 51.923632] direct_splice_actor+0x126/0x1a0 [ 51.928040] splice_direct_to_actor+0x369/0x970 [ 51.932693] ? generic_pipe_buf_nosteal+0x10/0x10 [ 51.937519] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.943045] ? do_splice_to+0x190/0x190 [ 51.947017] ? rw_verify_area+0x118/0x360 [ 51.951146] do_splice_direct+0x1da/0x2a0 [ 51.955279] ? splice_direct_to_actor+0x970/0x970 [ 51.960104] ? rw_verify_area+0x118/0x360 [ 51.964232] do_sendfile+0x597/0xd00 [ 51.967933] ? do_compat_pwritev64+0x1c0/0x1c0 [ 51.972498] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 51.978019] ? _copy_from_user+0xdd/0x150 [ 51.982149] __x64_sys_sendfile64+0x15a/0x220 [ 51.986633] ? __ia32_sys_sendfile+0x230/0x230 [ 51.991209] ? do_syscall_64+0x26/0x610 [ 51.995167] ? lockdep_hardirqs_on+0x415/0x5d0 [ 51.999733] ? trace_hardirqs_on+0x67/0x230 [ 52.004041] do_syscall_64+0x103/0x610 [ 52.007914] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.013083] RIP: 0033:0x457e29 [ 52.016257] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 52.035141] RSP: 002b:00007f7e4df08c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 52.042831] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 52.050089] RDX: 0000000020000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 52.057342] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 52.064591] R10: 0000000000000002 R11: 0000000000000246 R12: 00007f7e4df096d4 [ 52.071840] R13: 00000000004c4dcf R14: 00000000004d8a58 R15: 00000000ffffffff [ 52.079092] Modules linked in: [ 52.084264] ---[ end trace accea4a955e00c30 ]--- [ 52.089522] RIP: 0010:kernfs_add_one+0x343/0x4d0 [ 52.094274] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 52 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 70 48 8d 7b 08 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 1f 01 00 00 8b 5b 08 31 ff 83 [ 52.113510] RSP: 0018:ffff88808de672b0 EFLAGS: 00010202 [ 52.118924] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff870246c8 [ 52.126228] RDX: 0000000000000001 RSI: ffffffff81d252db RDI: 0000000000000008 [ 52.133484] RBP: ffff88808de672f0 R08: 1ffffffff115123c R09: fffffbfff115123d [ 52.140774] R10: fffffbfff115123c R11: ffffffff88a891e7 R12: ffff888091fc4700 [ 52.148076] R13: ffff888091fc4700 R14: 0000000000000000 R15: 0000000000000000 [ 52.155342] FS: 00007f7e4df09700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 52.164044] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.169977] CR2: ffffffffff600400 CR3: 000000008f6db000 CR4: 00000000001406e0 [ 52.177272] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.184528] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.191820] Kernel panic - not syncing: Fatal exception [ 52.198141] Kernel Offset: disabled [ 52.201772] Rebooting in 86400 seconds..