[ 36.249573] audit: type=1800 audit(1546508604.974:26): pid=7649 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[ 36.276750] audit: type=1800 audit(1546508604.974:27): pid=7649 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[ 36.304483] audit: type=1800 audit(1546508604.974:28): pid=7649 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[....] Starting OpenBSD Secure Shell server: sshd�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
[ 36.935362] audit: type=1800 audit(1546508605.684:29): pid=7649 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0
Debian GNU/Linux 7 syzkaller ttyS0
Warning: Permanently added '10.128.0.118' (ECDSA) to the list of known hosts.
2019/01/03 09:43:36 parsed 1 programs
2019/01/03 09:43:38 executed programs: 0
syzkaller login: [ 49.677185] IPVS: ftp: loaded support on port[0] = 21
[ 49.740012] chnl_net:caif_netlink_parms(): no params data found
[ 49.771909] bridge0: port 1(bridge_slave_0) entered blocking state
[ 49.778936] bridge0: port 1(bridge_slave_0) entered disabled state
[ 49.786074] device bridge_slave_0 entered promiscuous mode
[ 49.793590] bridge0: port 2(bridge_slave_1) entered blocking state
[ 49.800038] bridge0: port 2(bridge_slave_1) entered disabled state
[ 49.807446] device bridge_slave_1 entered promiscuous mode
[ 49.823223] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 49.832757] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 49.850960] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 49.858556] team0: Port device team_slave_0 added
[ 49.864014] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 49.871363] team0: Port device team_slave_1 added
[ 49.876729] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 49.884021] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 49.938943] device hsr_slave_0 entered promiscuous mode
[ 49.976883] device hsr_slave_1 entered promiscuous mode
[ 50.017220] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 50.024180] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 50.037932] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.044336] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.051411] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.057799] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.089069] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[ 50.095155] 8021q: adding VLAN 0 to HW filter on device bond0
[ 50.103716] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 50.112848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 50.132946] bridge0: port 1(bridge_slave_0) entered disabled state
[ 50.140665] bridge0: port 2(bridge_slave_1) entered disabled state
[ 50.149067] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 50.160211] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 50.166309] 8021q: adding VLAN 0 to HW filter on device team0
[ 50.174966] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 50.183119] bridge0: port 1(bridge_slave_0) entered blocking state
[ 50.189517] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 50.207979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 50.215618] bridge0: port 2(bridge_slave_1) entered blocking state
[ 50.222029] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 50.229942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 50.238025] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 50.246276] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 50.255436] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 50.267542] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 50.278434] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 50.284453] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 50.292441] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 50.304474] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[ 50.314906] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 51.460089] kasan: CONFIG_KASAN_INLINE enabled
[ 51.464829] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ 51.472270] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[ 51.478488] CPU: 0 PID: 8049 Comm: syz-executor0 Not tainted 4.20.0+ #6
[ 51.485221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 51.494677] RIP: 0010:__smc_diag_dump.isra.0+0x32a/0x2ba0
[ 51.500198] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 26 25 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 7f 20 49 8d 7f 0e 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 d2
[ 51.519101] RSP: 0018:ffff8880a7e9f0f0 EFLAGS: 00010203
[ 51.524458] RAX: dffffc0000000000 RBX: ffff88809443c980 RCX: 0000000000000000
[ 51.531709] RDX: 0000000000000001 RSI: ffffffff87b5e7c2 RDI: 000000000000000e
[ 51.538961] RBP: ffff8880a7e9f3b8 R08: ffff888084b38200 R09: ffff88808c762598
[ 51.546224] R10: ffffed10118ec4a8 R11: ffff88808c762547 R12: ffff888084b3b220
[ 51.553476] R13: ffff88808c762548 R14: ffff88809443cde0 R15: 0000000000000000
[ 51.560730] FS: 0000000000000000(0000) GS:ffff8880ae600000(0063) knlGS:00000000f7f26b40
[ 51.568941] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 51.574890] CR2: 0000000000000000 CR3: 0000000093384000 CR4: 00000000001406f0
[ 51.582147] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 51.589404] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 51.596657] Call Trace:
[ 51.599234] ? __kmalloc_node_track_caller+0x4e/0x70
[ 51.604407] ? __alloc_skb+0x185/0x730
[ 51.608378] ? smc_diag_handler_dump+0x350/0x350
[ 51.613118] ? sock_sendmsg+0xdd/0x130
[ 51.616988] ? ___sys_sendmsg+0x7ec/0x910
[ 51.621126] ? __sys_sendmsg+0x112/0x270
[ 51.625170] ? __x32_compat_sys_getsockopt+0x150/0x150
[ 51.630442] ? do_fast_syscall_32+0x333/0xf98
[ 51.634926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 51.640446] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 51.645980] ? check_preemption_disabled+0x48/0x290
[ 51.650982] ? __lock_is_held+0xb6/0x140
[ 51.655027] ? __kmalloc_node_track_caller+0x3d/0x70
[ 51.660124] ? lock_acquire+0x1db/0x570
[ 51.664082] ? smc_diag_dump_proto.isra.0+0xfb/0x3c0
[ 51.669168] ? lock_release+0xc40/0xc40
[ 51.673126] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 51.678650] ? kasan_check_write+0x14/0x20
[ 51.682881] smc_diag_dump_proto.isra.0+0x2e7/0x3c0
[ 51.687885] ? __smc_diag_dump.isra.0+0x2ba0/0x2ba0
[ 51.692882] ? find_held_lock+0x35/0x120
[ 51.696927] smc_diag_dump+0x27/0x80
[ 51.700623] netlink_dump+0x5f2/0x1070
[ 51.704507] ? netlink_broadcast+0x50/0x50
[ 51.708824] __netlink_dump_start+0x5b4/0x7e0
[ 51.713304] smc_diag_handler_dump+0x2a7/0x350
[ 51.717871] ? smc_gid_be16_convert+0x2c0/0x2c0
[ 51.722526] ? lock_downgrade+0x910/0x910
[ 51.726657] ? smc_diag_dump_proto.isra.0+0x3c0/0x3c0
[ 51.731830] ? rcu_read_unlock_special+0x380/0x380
[ 51.736748] sock_diag_rcv_msg+0x322/0x410
[ 51.740967] netlink_rcv_skb+0x17d/0x410
[ 51.745011] ? sock_diag_bind+0x80/0x80
[ 51.748970] ? netlink_ack+0xba0/0xba0
[ 51.752858] sock_diag_rcv+0x2b/0x40
[ 51.756554] netlink_unicast+0x574/0x770
[ 51.760608] ? netlink_attachskb+0x980/0x980
[ 51.764998] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 51.770530] ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 51.775533] netlink_sendmsg+0xa05/0xf90
[ 51.779589] ? netlink_unicast+0x770/0x770
[ 51.783808] ? aa_sock_msg_perm.isra.0+0xba/0x170
[ 51.788634] ? apparmor_socket_sendmsg+0x2a/0x30
[ 51.793371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 51.798893] ? security_socket_sendmsg+0x93/0xc0
[ 51.803638] ? netlink_unicast+0x770/0x770
[ 51.807858] sock_sendmsg+0xdd/0x130
[ 51.811559] ___sys_sendmsg+0x7ec/0x910
[ 51.815518] ? copy_msghdr_from_user+0x570/0x570
[ 51.820255] ? iterate_fd+0x4b0/0x4b0
[ 51.824037] ? lock_downgrade+0x910/0x910
[ 51.828174] ? __might_fault+0x12b/0x1e0
[ 51.832224] ? find_held_lock+0x35/0x120
[ 51.836269] ? __might_fault+0x12b/0x1e0
[ 51.840315] ? __fget_light+0x2db/0x420
[ 51.844275] ? fget_raw+0x20/0x20
[ 51.847713] ? lock_release+0xc40/0xc40
[ 51.851669] ? trace_hardirqs_off_caller+0x300/0x300
[ 51.856758] ? __fdget+0x1b/0x20
[ 51.860105] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 51.865627] ? sockfd_lookup_light+0xc2/0x160
[ 51.870107] __sys_sendmsg+0x112/0x270
[ 51.873978] ? __ia32_sys_shutdown+0x80/0x80
[ 51.878374] ? entry_SYSENTER_compat+0x70/0x7f
[ 51.882937] ? trace_hardirqs_off_caller+0x300/0x300
[ 51.888036] __ia32_compat_sys_sendmsg+0x7a/0xb0
[ 51.892777] do_fast_syscall_32+0x333/0xf98
[ 51.897100] ? do_int80_syscall_32+0x880/0x880
[ 51.901674] ? trace_hardirqs_off+0x310/0x310
[ 51.906154] ? syscall_return_slowpath+0x3b0/0x5f0
[ 51.911165] ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 51.916172] ? __switch_to_asm+0x34/0x70
[ 51.920326] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 51.925154] entry_SYSENTER_compat+0x70/0x7f
[ 51.929546] RIP: 0023:0xf7f2a869
[ 51.932904] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[ 51.951880] RSP: 002b:00000000f7f260cc EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 51.959575] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000020000040
[ 51.966831] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 51.974085] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 51.981341] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 51.988601] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 51.995857] Modules linked in:
[ 51.999458] ---[ end trace 31bc0e32d4cb4b43 ]---
[ 52.004217] RIP: 0010:__smc_diag_dump.isra.0+0x32a/0x2ba0
[ 52.009780] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 26 25 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 7f 20 49 8d 7f 0e 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 d2
[ 52.028983] RSP: 0018:ffff8880a7e9f0f0 EFLAGS: 00010203
[ 52.034331] RAX: dffffc0000000000 RBX: ffff88809443c980 RCX: 0000000000000000
[ 52.041624] RDX: 0000000000000001 RSI: ffffffff87b5e7c2 RDI: 000000000000000e
[ 52.048893] RBP: ffff8880a7e9f3b8 R08: ffff888084b38200 R09: ffff88808c762598
[ 52.056146] R10: ffffed10118ec4a8 R11: ffff88808c762547 R12: ffff888084b3b220
[ 52.063515] R13: ffff88808c762548 R14: ffff88809443cde0 R15: 0000000000000000
[ 52.070807] FS: 0000000000000000(0000) GS:ffff8880ae600000(0063) knlGS:00000000f7f26b40
[ 52.079028] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 52.084892] CR2: 0000000000000000 CR3: 0000000093384000 CR4: 00000000001406f0
[ 52.092259] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 52.099531] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 52.106805] Kernel panic - not syncing: Fatal exception
[ 52.113393] Kernel Offset: disabled
[ 52.117020] Rebooting in 86400 seconds..