[ 36.097321][ T26] audit: type=1800 audit(1550665114.906:27): pid=7530 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 36.127534][ T26] audit: type=1800 audit(1550665114.906:28): pid=7530 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.876675][ T26] audit: type=1800 audit(1550665115.736:29): pid=7530 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 36.897263][ T26] audit: type=1800 audit(1550665115.736:30): pid=7530 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.14' (ECDSA) to the list of known hosts. syzkaller login: [ 60.190558][ T7683] IPVS: ftp: loaded support on port[0] = 21 [ 60.251181][ T7683] chnl_net:caif_netlink_parms(): no params data found [ 60.283306][ T7683] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.290707][ T7683] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.299123][ T7683] device bridge_slave_0 entered promiscuous mode [ 60.307225][ T7683] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.314411][ T7683] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.321990][ T7683] device bridge_slave_1 entered promiscuous mode [ 60.338918][ T7683] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 60.348684][ T7683] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 60.366546][ T7683] team0: Port device team_slave_0 added [ 60.373213][ T7683] team0: Port device team_slave_1 added [ 60.455744][ T7683] device hsr_slave_0 entered promiscuous mode [ 60.523614][ T7683] device hsr_slave_1 entered promiscuous mode [ 60.580136][ T7683] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.587416][ T7683] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.595095][ T7683] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.602131][ T7683] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.631692][ T7683] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.642353][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 60.652621][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.660922][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.668929][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 60.680743][ T7683] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.702609][ T7683] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 60.713649][ T7683] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.726009][ T7687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 60.734921][ T7687] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.742070][ T7687] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.749733][ T7687] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 60.758140][ T7687] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.765216][ T7687] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.773292][ T7687] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 60.781604][ T7687] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 60.790465][ T7687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready executing program [ 60.798961][ T7687] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 60.807751][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 60.815467][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 60.832199][ T7683] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.844192][ T7683] kasan: CONFIG_KASAN_INLINE enabled [ 60.849577][ T7683] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 60.857729][ T7683] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 60.864687][ T7683] CPU: 0 PID: 7683 Comm: syz-executor240 Not tainted 5.0.0-rc7-next-20190220 #39 [ 60.873780][ T7683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.883868][ T7683] RIP: 0010:xfrmi_decode_session+0x15c/0x6c0 [ 60.889832][ T7683] Code: 7c fc 08 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2e 05 00 00 48 b8 00 00 00 00 00 fc ff df 4f 8b 64 fc 08 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 01 05 00 00 4d 8b 3c 24 e8 91 62 55 fb e8 cc b7 [ 60.909456][ T7683] RSP: 0018:ffff88808870f128 EFLAGS: 00010246 [ 60.915506][ T7683] RAX: dffffc0000000000 RBX: ffff888096313e00 RCX: ffffffff860899d3 [ 60.923453][ T7683] RDX: 0000000000000000 RSI: ffffffff86089a10 RDI: ffff8880a0ef4f08 [ 60.931411][ T7683] RBP: ffff88808870f150 R08: ffff88808fc2a300 R09: ffffed1015d05bc8 [ 60.939363][ T7683] R10: ffffed1015d05bc7 R11: ffff8880ae82de3b R12: 0000000000000000 [ 60.947320][ T7683] R13: 0000000000000036 R14: ffff888096313e10 R15: ffffffffffffffff [ 60.955276][ T7683] FS: 0000000001129880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 60.964184][ T7683] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.970745][ T7683] CR2: 000000002000a000 CR3: 0000000092970000 CR4: 00000000001406f0 [ 60.978700][ T7683] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 60.986649][ T7683] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 60.994596][ T7683] Call Trace: [ 60.997879][ T7683] __xfrm_policy_check+0x1f8/0x2730 [ 61.003061][ T7683] ? lock_downgrade+0x880/0x880 [ 61.007889][ T7683] ? kasan_check_read+0x11/0x20 [ 61.012725][ T7683] ? __xfrm_route_forward+0x830/0x830 [ 61.018079][ T7683] ? __lock_acquire+0x55d/0x4710 [ 61.022997][ T7683] ? find_held_lock+0x35/0x130 [ 61.027882][ T7683] ? vti_input+0x217/0x7b0 [ 61.032286][ T7683] ? find_held_lock+0x35/0x130 [ 61.037040][ T7683] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.043259][ T7683] ? ip_tunnel_lookup+0xa0f/0xe00 [ 61.048261][ T7683] vti_input+0x4e3/0x7b0 [ 61.052478][ T7683] vti_rcv+0x10b/0x140 [ 61.056524][ T7683] xfrm4_esp_rcv+0xd8/0x230 [ 61.061005][ T7683] ip_protocol_deliver_rcu+0x60/0x8e0 [ 61.066367][ T7683] ? kasan_check_read+0x11/0x20 [ 61.071205][ T7683] ? rcu_dynticks_curr_cpu_in_eqs+0x54/0xb0 [ 61.077079][ T7683] ip_local_deliver_finish+0x23b/0x390 [ 61.082520][ T7683] ip_local_deliver+0x1e9/0x520 [ 61.087356][ T7683] ? ip_local_deliver_finish+0x390/0x390 [ 61.092982][ T7683] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.099207][ T7683] ? ip_protocol_deliver_rcu+0x8e0/0x8e0 [ 61.104821][ T7683] ? ip_rcv_finish_core.isra.0+0x82c/0x1b80 [ 61.110696][ T7683] ip_rcv_finish+0x1db/0x2f0 [ 61.115264][ T7683] ip_rcv+0xe8/0x3f0 [ 61.119182][ T7683] ? ip_local_deliver+0x520/0x520 [ 61.124193][ T7683] ? ip_rcv_finish_core.isra.0+0x1b80/0x1b80 [ 61.130149][ T7683] ? ip_local_deliver+0x520/0x520 [ 61.135154][ T7683] __netif_receive_skb_one_core+0x115/0x1a0 [ 61.141025][ T7683] ? __netif_receive_skb_core+0x3010/0x3010 [ 61.146898][ T7683] ? lock_acquire+0x16f/0x3f0 [ 61.151644][ T7683] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.157861][ T7683] __netif_receive_skb+0x2c/0x1c0 [ 61.162981][ T7683] netif_receive_skb_internal+0x117/0x660 [ 61.168684][ T7683] ? dev_cpu_dead+0x920/0x920 [ 61.173350][ T7683] ? eth_gro_receive+0x890/0x890 [ 61.178269][ T7683] napi_gro_frags+0xade/0xd10 [ 61.182967][ T7683] tun_get_user+0x28ae/0x3b20 [ 61.187631][ T7683] ? mark_held_locks+0xf0/0xf0 [ 61.192379][ T7683] ? tun_build_skb.isra.0+0x1170/0x1170 [ 61.197918][ T7683] ? tun_get+0x171/0x290 [ 61.202184][ T7683] ? lock_downgrade+0x880/0x880 [ 61.207121][ T7683] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.213343][ T7683] ? kasan_check_read+0x11/0x20 [ 61.218175][ T7683] tun_chr_write_iter+0xbd/0x160 [ 61.223096][ T7683] do_iter_readv_writev+0x5e1/0x8e0 [ 61.228277][ T7683] ? vfs_dedupe_file_range+0x780/0x780 [ 61.233729][ T7683] ? apparmor_file_permission+0x25/0x30 [ 61.239252][ T7683] ? rw_verify_area+0x118/0x360 [ 61.244083][ T7683] do_iter_write+0x184/0x610 [ 61.248658][ T7683] ? dup_iter+0x260/0x260 [ 61.252983][ T7683] vfs_writev+0x1b3/0x2f0 [ 61.257296][ T7683] ? vfs_iter_write+0xb0/0xb0 [ 61.261950][ T7683] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.268167][ T7683] ? __handle_mm_fault+0x7cd/0x3ec0 [ 61.273346][ T7683] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 61.278869][ T7683] ? find_held_lock+0x35/0x130 [ 61.283614][ T7683] ? __do_page_fault+0x623/0xda0 [ 61.288535][ T7683] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.294753][ T7683] ? __fget_light+0x1a9/0x230 [ 61.299418][ T7683] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 61.305641][ T7683] do_writev+0xf6/0x290 [ 61.309782][ T7683] ? vfs_writev+0x2f0/0x2f0 [ 61.314331][ T7683] ? do_syscall_64+0x26/0x610 [ 61.318993][ T7683] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.325037][ T7683] ? do_syscall_64+0x26/0x610 [ 61.329796][ T7683] __x64_sys_writev+0x75/0xb0 [ 61.334457][ T7683] do_syscall_64+0x103/0x610 [ 61.339032][ T7683] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 61.344971][ T7683] RIP: 0033:0x441e50 [ 61.348961][ T7683] Code: 05 48 3d 01 f0 ff ff 0f 83 3d 0f fc ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 83 3d c1 91 29 00 00 75 14 b8 14 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 14 0f fc ff c3 48 83 ec 08 e8 7a 2b 00 00 [ 61.368555][ T7683] RSP: 002b:00007fff989f5108 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 61.377019][ T7683] RAX: ffffffffffffffda RBX: 00007fff989f5150 RCX: 0000000000441e50 [ 61.384972][ T7683] RDX: 0000000000000001 RSI: 00007fff989f5150 RDI: 00000000000000f0 [ 61.392974][ T7683] RBP: 00007fff989f5120 R08: 0000000000000100 R09: 0000000000000000 [ 61.400929][ T7683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 61.408883][ T7683] R13: 0000000000403280 R14: 0000000000000000 R15: 0000000000000000 [ 61.416877][ T7683] Modules linked in: [ 61.420848][ T7683] ---[ end trace 75b9c68f6203bc58 ]--- [ 61.426331][ T7683] RIP: 0010:xfrmi_decode_session+0x15c/0x6c0 [ 61.432288][ T7683] Code: 7c fc 08 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2e 05 00 00 48 b8 00 00 00 00 00 fc ff df 4f 8b 64 fc 08 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 01 05 00 00 4d 8b 3c 24 e8 91 62 55 fb e8 cc b7 [ 61.451919][ T7683] RSP: 0018:ffff88808870f128 EFLAGS: 00010246 [ 61.458063][ T7683] RAX: dffffc0000000000 RBX: ffff888096313e00 RCX: ffffffff860899d3 [ 61.466064][ T7683] RDX: 0000000000000000 RSI: ffffffff86089a10 RDI: ffff8880a0ef4f08 [ 61.474073][ T7683] RBP: ffff88808870f150 R08: ffff88808fc2a300 R09: ffffed1015d05bc8 [ 61.482068][ T7683] R10: ffffed1015d05bc7 R11: ffff8880ae82de3b R12: 0000000000000000 [ 61.490130][ T7683] R13: 0000000000000036 R14: ffff888096313e10 R15: ffffffffffffffff [ 61.498119][ T7683] FS: 0000000001129880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 61.507068][ T7683] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 61.513674][ T7683] CR2: 000000002000a000 CR3: 0000000092970000 CR4: 00000000001406f0 [ 61.521634][ T7683] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 61.529727][ T7683] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 61.537707][ T7683] Kernel panic - not syncing: Fatal exception in interrupt [ 61.545867][ T7683] Kernel Offset: disabled [ 61.550242][ T7683] Rebooting in 86400 seconds..