[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 39.908141][ T26] audit: type=1800 audit(1556694246.095:25): pid=7696 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 39.947015][ T26] audit: type=1800 audit(1556694246.095:26): pid=7696 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 39.987990][ T26] audit: type=1800 audit(1556694246.095:27): pid=7696 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.247' (ECDSA) to the list of known hosts. 2019/05/01 07:04:18 fuzzer started 2019/05/01 07:04:21 dialing manager at 10.128.0.26:34869 2019/05/01 07:04:21 syscalls: 2440 2019/05/01 07:04:21 code coverage: enabled 2019/05/01 07:04:21 comparison tracing: enabled 2019/05/01 07:04:21 extra coverage: extra coverage is not supported by the kernel 2019/05/01 07:04:21 setuid sandbox: enabled 2019/05/01 07:04:21 namespace sandbox: enabled 2019/05/01 07:04:21 Android sandbox: /sys/fs/selinux/policy does not exist 2019/05/01 07:04:21 fault injection: enabled 2019/05/01 07:04:21 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/05/01 07:04:21 net packet injection: enabled 2019/05/01 07:04:21 net device setup: enabled 07:05:56 executing program 0: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000140)=""/97, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000500)={0x1, 0x0, 0x0, &(0x7f0000000380)=""/181, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001900)=ANY=[]) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000100)=0x1) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000001c0)={0x2, 0x0, [{0x0, 0x1000, &(0x7f0000000600)=""/4096}, {0x0, 0x0, 0x0}]}) syzkaller login: [ 150.511634][ T7861] IPVS: ftp: loaded support on port[0] = 21 07:05:56 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000300)='\x00\x00\x00a\x0e\x108\x00\x00\x00\xb9v\xc6t\xf6\xca=\xde\xc7\x91\xf2\xf3\xdb\x17\x98\xc7,\x12\x10L\x18\xb5\x02\x93\xdb') getdents64(r0, &(0x7f0000000680)=""/158, 0x37d) [ 150.678189][ T7861] chnl_net:caif_netlink_parms(): no params data found [ 150.741911][ T7861] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.750575][ T7861] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.759098][ T7861] device bridge_slave_0 entered promiscuous mode [ 150.768061][ T7861] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.775599][ T7861] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.783633][ T7861] device bridge_slave_1 entered promiscuous mode [ 150.809598][ T7861] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 150.820212][ T7861] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 150.834459][ T7864] IPVS: ftp: loaded support on port[0] = 21 [ 150.851348][ T7861] team0: Port device team_slave_0 added 07:05:57 executing program 2: r0 = socket(0x2, 0x2, 0x0) r1 = socket(0x2, 0x2, 0x0) connect$unix(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="82022e2febbb12ce29d4"], 0x1) dup2(r1, r0) connect$unix(r0, &(0x7f0000000000)=@file={0xbd5699bc1ec0282, './file0\x00'}, 0x10) [ 150.860792][ T7861] team0: Port device team_slave_1 added [ 150.948678][ T7861] device hsr_slave_0 entered promiscuous mode [ 151.004685][ T7861] device hsr_slave_1 entered promiscuous mode 07:05:57 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") mmap(&(0x7f0000006000/0x4000)=nil, 0x4000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x3) [ 151.106029][ T7866] IPVS: ftp: loaded support on port[0] = 21 [ 151.137338][ T7861] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.144571][ T7861] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.152202][ T7861] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.159316][ T7861] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.232141][ T7868] IPVS: ftp: loaded support on port[0] = 21 [ 151.320504][ T7861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.386192][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 151.396583][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.416754][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.427009][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 151.443370][ T7861] 8021q: adding VLAN 0 to HW filter on device team0 07:05:57 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067f0200ff810040010000000058000b4824ca945f64009400050028845a01000000000000008000f0fffeffe809000000fff5dd000000100001000a0c10000000000001400000", 0x58}], 0x1) [ 151.505463][ T3698] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 151.515727][ T3698] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.522799][ T3698] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.531605][ T7866] chnl_net:caif_netlink_parms(): no params data found [ 151.544581][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 151.553018][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.560162][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.688594][ T7864] chnl_net:caif_netlink_parms(): no params data found [ 151.737009][ T7866] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.744127][ T7866] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.752746][ T7866] device bridge_slave_0 entered promiscuous mode [ 151.761029][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 151.766799][ T7877] IPVS: ftp: loaded support on port[0] = 21 [ 151.770925][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 151.783763][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 151.797709][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 151.807440][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 151.818278][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 151.828136][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 151.839325][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 151.855593][ T7861] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 151.871662][ T7866] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.880564][ T7866] bridge0: port 2(bridge_slave_1) entered disabled state 07:05:58 executing program 5: syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 151.889402][ T7866] device bridge_slave_1 entered promiscuous mode [ 151.919039][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 151.935381][ T7868] chnl_net:caif_netlink_parms(): no params data found [ 151.963077][ T7866] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 152.000461][ T7866] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 152.053615][ T7866] team0: Port device team_slave_0 added [ 152.069599][ T7864] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.077406][ T7864] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.087730][ T7864] device bridge_slave_0 entered promiscuous mode [ 152.095497][ T7864] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.102570][ T7864] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.110442][ T7864] device bridge_slave_1 entered promiscuous mode [ 152.119770][ T7866] team0: Port device team_slave_1 added [ 152.129897][ T7868] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.137862][ T7868] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.146219][ T7868] device bridge_slave_0 entered promiscuous mode [ 152.153777][ T7868] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.162225][ T7868] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.170062][ T7868] device bridge_slave_1 entered promiscuous mode [ 152.215400][ T7861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 152.240228][ T7880] IPVS: ftp: loaded support on port[0] = 21 [ 152.317975][ T7866] device hsr_slave_0 entered promiscuous mode [ 152.384772][ T7866] device hsr_slave_1 entered promiscuous mode [ 152.476667][ T7868] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 152.489690][ T7868] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 152.501308][ T7864] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 152.536955][ T7864] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 152.612470][ T7866] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.619638][ T7866] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.643144][ T7868] team0: Port device team_slave_0 added [ 152.677423][ T7864] team0: Port device team_slave_0 added [ 152.685066][ T7864] team0: Port device team_slave_1 added [ 152.692185][ T7868] team0: Port device team_slave_1 added 07:05:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000001240)=[@text64={0x40, &(0x7f00000012c0)="48b809000000000000000f23d80f21f835c00000b00f23f8b9800000c00f3235000800000f30c4e3791725be00000000640f080f01cf66ba4000ec66baf80cb8846a5b88ef66bafc0ced0f01d12e660f09660f3a22e1df", 0x57}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 152.720624][ T7877] chnl_net:caif_netlink_parms(): no params data found [ 152.778584][ T7894] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 152.797730][ T7868] device hsr_slave_0 entered promiscuous mode [ 152.834723][ T7868] device hsr_slave_1 entered promiscuous mode [ 152.860744][ T7894] kasan: CONFIG_KASAN_INLINE enabled [ 152.866107][ T7894] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 152.874158][ T7894] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 152.881104][ T7894] CPU: 0 PID: 7894 Comm: syz-executor.0 Not tainted 5.1.0-rc7-next-20190430 #33 [ 152.890103][ T7894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 152.900160][ T7894] RIP: 0010:vcpu_enter_guest+0xbcd/0x5fb0 [ 152.905860][ T7894] Code: 48 c1 ea 03 80 3c 02 00 0f 85 6f 48 00 00 49 8b 9f b0 03 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 78 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 39 48 00 00 8b 5b 78 31 ff 89 [ 152.925439][ T7894] RSP: 0018:ffff888067c3fa00 EFLAGS: 00010006 [ 152.931481][ T7894] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90005de9000 [ 152.939430][ T7894] RDX: 000000000000000f RSI: ffffffff810cd7b2 RDI: 0000000000000078 [ 152.947378][ T7894] RBP: ffff888067c3fb10 R08: ffff888067c36100 R09: ffffed1015d06be0 [ 152.955325][ T7894] R10: ffffed1015d06bdf R11: ffff8880ae835efb R12: ffff888067cf006c [ 152.963273][ T7894] R13: 0000000000000001 R14: ffff888067cf0070 R15: ffff888067cf0040 [ 152.971223][ T7894] FS: 00007f254fe21700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 152.980130][ T7894] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 152.986689][ T7894] CR2: 0000000000000010 CR3: 0000000094858000 CR4: 00000000001426f0 [ 152.994639][ T7894] Call Trace: [ 152.997914][ T7894] ? emulator_read_emulated+0x50/0x50 [ 153.003267][ T7894] ? lock_acquire+0x16f/0x3f0 [ 153.007926][ T7894] ? kvm_arch_vcpu_ioctl_run+0x240/0x1750 [ 153.013637][ T7894] kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 153.019178][ T7894] ? kvm_arch_vcpu_ioctl_run+0x425/0x1750 [ 153.024896][ T7894] kvm_vcpu_ioctl+0x4dc/0xf90 [ 153.029575][ T7894] ? kvm_set_memory_region+0x50/0x50 [ 153.034849][ T7894] ? tomoyo_path_number_perm+0x263/0x520 [ 153.040462][ T7894] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 153.046250][ T7894] ? __fget+0x35a/0x550 [ 153.050384][ T7894] ? kvm_set_memory_region+0x50/0x50 [ 153.055651][ T7894] do_vfs_ioctl+0xd6e/0x1390 [ 153.060226][ T7894] ? ioctl_preallocate+0x210/0x210 [ 153.065318][ T7894] ? __fget+0x381/0x550 [ 153.069455][ T7894] ? ksys_dup3+0x3e0/0x3e0 [ 153.073850][ T7894] ? nsecs_to_jiffies+0x30/0x30 [ 153.078680][ T7894] ? tomoyo_file_ioctl+0x23/0x30 [ 153.083598][ T7894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 153.089820][ T7894] ? security_file_ioctl+0x93/0xc0 [ 153.094911][ T7894] ksys_ioctl+0xab/0xd0 [ 153.099049][ T7894] __x64_sys_ioctl+0x73/0xb0 [ 153.103711][ T7894] do_syscall_64+0x103/0x670 [ 153.108299][ T7894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 153.114266][ T7894] RIP: 0033:0x458da9 [ 153.118142][ T7894] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 153.137729][ T7894] RSP: 002b:00007f254fe20c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 153.146118][ T7894] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458da9 [ 153.154066][ T7894] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 153.162020][ T7894] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 153.169979][ T7894] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f254fe216d4 [ 153.177944][ T7894] R13: 00000000004c1d42 R14: 00000000004d4550 R15: 00000000ffffffff [ 153.185895][ T7894] Modules linked in: [ 153.189812][ T7894] ---[ end trace 403726e0e3f149ba ]--- [ 153.195263][ T7894] RIP: 0010:vcpu_enter_guest+0xbcd/0x5fb0 [ 153.200960][ T7894] Code: 48 c1 ea 03 80 3c 02 00 0f 85 6f 48 00 00 49 8b 9f b0 03 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 78 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 39 48 00 00 8b 5b 78 31 ff 89 [ 153.220539][ T7894] RSP: 0018:ffff888067c3fa00 EFLAGS: 00010006 [ 153.226605][ T7894] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90005de9000 [ 153.234556][ T7894] RDX: 000000000000000f RSI: ffffffff810cd7b2 RDI: 0000000000000078 [ 153.242502][ T7894] RBP: ffff888067c3fb10 R08: ffff888067c36100 R09: ffffed1015d06be0 [ 153.250458][ T7894] R10: ffffed1015d06bdf R11: ffff8880ae835efb R12: ffff888067cf006c [ 153.258421][ T7894] R13: 0000000000000001 R14: ffff888067cf0070 R15: ffff888067cf0040 [ 153.266371][ T7894] FS: 00007f254fe21700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 153.275301][ T7894] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 153.281861][ T7894] CR2: 0000000000000010 CR3: 0000000094858000 CR4: 00000000001426f0 [ 153.289812][ T7894] Kernel panic - not syncing: Fatal exception [ 153.296803][ T7894] Kernel Offset: disabled [ 153.301123][ T7894] Rebooting in 86400 seconds..