[   34.678027] audit: type=1800 audit(1546506277.960:28): pid=7476 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[   34.698654] cat (7544) used greatest stack depth: 19816 bytes left
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   35.350857] audit: type=1800 audit(1546506278.710:29): pid=7476 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
[   35.370613] audit: type=1800 audit(1546506278.720:30): pid=7476 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.84' (ECDSA) to the list of known hosts.
2019/01/03 09:05:58 parsed 1 programs
2019/01/03 09:06:00 executed programs: 0
syzkaller login: [  116.938671] IPVS: ftp: loaded support on port[0] = 21
[  117.001166] chnl_net:caif_netlink_parms(): no params data found
[  117.028853] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.036190] bridge0: port 1(bridge_slave_0) entered disabled state
[  117.043500] device bridge_slave_0 entered promiscuous mode
[  117.050790] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.057271] bridge0: port 2(bridge_slave_1) entered disabled state
[  117.064241] device bridge_slave_1 entered promiscuous mode
[  117.080251] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  117.088763] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  117.103977] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  117.111585] team0: Port device team_slave_0 added
[  117.116943] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  117.124013] team0: Port device team_slave_1 added
[  117.129186] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  117.136389] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  117.185138] device hsr_slave_0 entered promiscuous mode
[  117.223363] device hsr_slave_1 entered promiscuous mode
[  117.293666] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  117.300929] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  117.315222] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.321749] bridge0: port 2(bridge_slave_1) entered forwarding state
[  117.328917] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.335303] bridge0: port 1(bridge_slave_0) entered forwarding state
[  117.365999] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  117.372074] 8021q: adding VLAN 0 to HW filter on device bond0
[  117.381493] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  117.390624] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  117.410387] bridge0: port 1(bridge_slave_0) entered disabled state
[  117.418564] bridge0: port 2(bridge_slave_1) entered disabled state
[  117.427112] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  117.437243] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  117.443485] 8021q: adding VLAN 0 to HW filter on device team0
[  117.451685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  117.459483] bridge0: port 1(bridge_slave_0) entered blocking state
[  117.466035] bridge0: port 1(bridge_slave_0) entered forwarding state
[  117.477079] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  117.484818] bridge0: port 2(bridge_slave_1) entered blocking state
[  117.491140] bridge0: port 2(bridge_slave_1) entered forwarding state
[  117.514203] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  117.522056] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  117.530371] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  117.538144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  117.545932] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  117.554491] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  117.560716] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  117.573692] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  117.583768] 8021q: adding VLAN 0 to HW filter on device batadv0
[  117.737375] kasan: CONFIG_KASAN_INLINE enabled
[  117.742115] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  117.749551] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  117.755769] CPU: 1 PID: 7681 Comm: syz-executor0 Not tainted 4.20.0+ #2
[  117.762501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  117.771861] RIP: 0010:__smc_diag_dump.isra.0+0x32a/0x2b80
[  117.777393] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 08 25 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 7f 20 49 8d 7f 0e 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 b4
[  117.796416] RSP: 0018:ffff888085a37120 EFLAGS: 00010203
[  117.801806] RAX: dffffc0000000000 RBX: ffff888092e8c940 RCX: 0000000000000000
[  117.809063] RDX: 0000000000000001 RSI: ffffffff87b935b2 RDI: 000000000000000e
[  117.816319] RBP: ffff888085a373e8 R08: ffff888097768680 R09: ffff8880a81f1198
[  117.823619] R10: ffffed101503e228 R11: ffff8880a81f1147 R12: ffff88809711f620
[  117.830884] R13: ffff8880a81f1148 R14: ffff888092e8cda0 R15: 0000000000000000
[  117.838142] FS:  00007f1459bdf700(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[  117.846357] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.852217] CR2: 0000000000000000 CR3: 000000008c371000 CR4: 00000000001406e0
[  117.859473] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  117.866735] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  117.874132] Call Trace:
[  117.876722]  ? __kmalloc_node_track_caller+0x51/0x80
[  117.881868]  ? __alloc_skb+0x1c5/0x730
[  117.885751]  ? smc_diag_handler_dump+0x350/0x350
[  117.890494]  ? sock_sendmsg+0xdd/0x130
[  117.894368]  ? ___sys_sendmsg+0x7ec/0x910
[  117.898507]  ? __sys_sendmsg+0x112/0x270
[  117.902552]  ? __x64_sys_sendmsg+0x60/0xb0
[  117.906784]  ? do_syscall_64+0x1a3/0x800
[  117.910852]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  117.916434]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  117.921967]  ? check_preemption_disabled+0x48/0x290
[  117.927032]  ? __lock_is_held+0xb6/0x140
[  117.931169]  ? lock_acquire+0x1db/0x570
[  117.935162]  ? smc_diag_dump_proto.isra.0+0xfb/0x3c0
[  117.940264]  ? lock_release+0xc40/0xc40
[  117.944283]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  117.949820]  ? kasan_check_write+0x14/0x20
[  117.954045]  smc_diag_dump_proto.isra.0+0x2e7/0x3c0
[  117.959101]  ? __smc_diag_dump.isra.0+0x2b80/0x2b80
[  117.964109]  ? find_held_lock+0x35/0x120
[  117.968162]  smc_diag_dump+0x27/0x80
[  117.971868]  netlink_dump+0x5f2/0x1070
[  117.975743]  ? netlink_broadcast+0x50/0x50
[  117.979982]  __netlink_dump_start+0x5b4/0x7e0
[  117.984470]  smc_diag_handler_dump+0x2a7/0x350
[  117.989045]  ? smc_gid_be16_convert+0x2c0/0x2c0
[  117.993696]  ? lock_downgrade+0x910/0x910
[  117.997829]  ? smc_diag_dump_proto.isra.0+0x3c0/0x3c0
[  118.003016]  ? rcu_read_unlock_special+0x380/0x380
[  118.007945]  sock_diag_rcv_msg+0x322/0x410
[  118.012173]  netlink_rcv_skb+0x17d/0x410
[  118.016222]  ? sock_diag_bind+0x80/0x80
[  118.020184]  ? netlink_ack+0xba0/0xba0
[  118.024066]  sock_diag_rcv+0x2b/0x40
[  118.027767]  netlink_unicast+0x574/0x770
[  118.031818]  ? netlink_attachskb+0x980/0x980
[  118.036225]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  118.041749]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[  118.046758]  netlink_sendmsg+0xa05/0xf90
[  118.050917]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  118.056577]  ? netlink_unicast+0x770/0x770
[  118.060809]  ? aa_sock_msg_perm.isra.0+0xba/0x170
[  118.065649]  ? apparmor_socket_sendmsg+0x2a/0x30
[  118.070400]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  118.075985]  ? security_socket_sendmsg+0x93/0xc0
[  118.080734]  ? netlink_unicast+0x770/0x770
[  118.084955]  sock_sendmsg+0xdd/0x130
[  118.088656]  ___sys_sendmsg+0x7ec/0x910
[  118.092617]  ? copy_msghdr_from_user+0x570/0x570
[  118.097534]  ? iterate_fd+0x4b0/0x4b0
[  118.101324]  ? ___might_sleep+0x1e7/0x310
[  118.105454]  ? __might_fault+0x12b/0x1e0
[  118.109499]  ? find_held_lock+0x35/0x120
[  118.113543]  ? __might_fault+0x12b/0x1e0
[  118.117586]  ? __fget_light+0x2db/0x420
[  118.121736]  ? fget_raw+0x20/0x20
[  118.125191]  ? lock_release+0xc40/0xc40
[  118.129166]  ? trace_hardirqs_off_caller+0x300/0x300
[  118.134276]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  118.139817]  ? __fdget+0x1b/0x20
[  118.143171]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  118.148700]  ? sockfd_lookup_light+0xc2/0x160
[  118.153190]  __sys_sendmsg+0x112/0x270
[  118.157072]  ? __ia32_sys_shutdown+0x80/0x80
[  118.161533]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  118.166896]  ? trace_hardirqs_off_caller+0x300/0x300
[  118.171992]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  118.176743]  __x64_sys_sendmsg+0x78/0xb0
[  118.180794]  do_syscall_64+0x1a3/0x800
[  118.184669]  ? syscall_return_slowpath+0x5f0/0x5f0
[  118.189600]  ? prepare_exit_to_usermode+0x232/0x3b0
[  118.194601]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  118.199425]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  118.204599] RIP: 0033:0x457ec9
[  118.207788] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  118.226681] RSP: 002b:00007f1459bdec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  118.234377] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457ec9
[  118.241626] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007
[  118.248874] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[  118.256119] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1459bdf6d4
[  118.263493] R13: 00000000004c5188 R14: 00000000004d8a10 R15: 00000000ffffffff
[  118.270758] Modules linked in:
[  118.274943] ---[ end trace f491949c924f7d77 ]---
[  118.279795] RIP: 0010:__smc_diag_dump.isra.0+0x32a/0x2b80
[  118.285507] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 08 25 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 7f 20 49 8d 7f 0e 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 b4
[  118.304675] RSP: 0018:ffff888085a37120 EFLAGS: 00010203
[  118.310024] RAX: dffffc0000000000 RBX: ffff888092e8c940 RCX: 0000000000000000
[  118.317299] RDX: 0000000000000001 RSI: ffffffff87b935b2 RDI: 000000000000000e
[  118.324570] RBP: ffff888085a373e8 R08: ffff888097768680 R09: ffff8880a81f1198
[  118.331831] R10: ffffed101503e228 R11: ffff8880a81f1147 R12: ffff88809711f620
[  118.339185] R13: ffff8880a81f1148 R14: ffff888092e8cda0 R15: 0000000000000000
[  118.346468] FS:  00007f1459bdf700(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[  118.354695] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  118.360560] CR2: 0000000000000000 CR3: 000000008c371000 CR4: 00000000001406e0
[  118.367838] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  118.375111] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  118.382445] Kernel panic - not syncing: Fatal exception
[  118.388953] Kernel Offset: disabled
[  118.392592] Rebooting in 86400 seconds..