[   20.453750] audit: type=1800 audit(1570304296.373:27): pid=5646 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[   20.476142] audit: type=1800 audit(1570304296.373:28): pid=5646 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   60.319794] IPVS: ftp: loaded support on port[0] = 21
[   86.316241] can: request_module (can-proto-0) failed.
[   86.325801] can: request_module (can-proto-0) failed.
Warning: Permanently added '10.128.0.150' (ECDSA) to the list of known hosts.
2019/10/05 19:39:31 parsed 1 programs
2019/10/05 19:39:31 executed programs: 0
[   95.771978] IPVS: ftp: loaded support on port[0] = 21
[   95.772751] IPVS: ftp: loaded support on port[0] = 21
[   95.789942] IPVS: ftp: loaded support on port[0] = 21
[   95.801654] IPVS: ftp: loaded support on port[0] = 21
[   95.818854] IPVS: ftp: loaded support on port[0] = 21
[   95.829317] IPVS: ftp: loaded support on port[0] = 21
[   96.638872] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.656367] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.664091] device bridge_slave_0 entered promiscuous mode
[   96.685088] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.691447] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.701371] device bridge_slave_0 entered promiscuous mode
[   96.728052] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.741509] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.753813] device bridge_slave_1 entered promiscuous mode
[   96.762052] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.768901] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.776365] device bridge_slave_0 entered promiscuous mode
[   96.784551] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.790913] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.798193] device bridge_slave_0 entered promiscuous mode
[   96.805500] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.811848] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.818934] device bridge_slave_0 entered promiscuous mode
[   96.834375] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.840739] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.858856] device bridge_slave_1 entered promiscuous mode
[   96.866807] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.874325] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.881390] device bridge_slave_1 entered promiscuous mode
[   96.889383] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.895910] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.905372] device bridge_slave_1 entered promiscuous mode
[   96.913943] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.920291] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.927893] device bridge_slave_1 entered promiscuous mode
[   96.938340] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.946413] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.955546] device bridge_slave_0 entered promiscuous mode
[   97.008197] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.024809] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.031689] device bridge_slave_1 entered promiscuous mode
[   97.059617] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.123263] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.150465] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.161999] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.172554] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.205646] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.237346] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.248279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.265852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.303697] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.323625] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.383881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.404929] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   97.469762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   97.486604] team0: Port device team_slave_0 added
[   97.502019] team0: Port device team_slave_0 added
[   97.508151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   97.535199] team0: Port device team_slave_1 added
[   97.555061] team0: Port device team_slave_0 added
[   97.570186] team0: Port device team_slave_1 added
[   97.577678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   97.603378] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   97.611761] team0: Port device team_slave_0 added
[   97.627547] team0: Port device team_slave_1 added
[   97.637481] team0: Port device team_slave_0 added
[   97.645237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   97.658792] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   97.678990] team0: Port device team_slave_1 added
[   97.687460] team0: Port device team_slave_0 added
[   97.700660] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   97.720089] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   97.728342] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   97.738548] team0: Port device team_slave_1 added
[   97.754098] team0: Port device team_slave_1 added
[   97.784061] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   97.792093] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   97.799894] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   97.808101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   97.815948] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   97.823481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   97.837528] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   97.864255] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   97.872014] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   97.879548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   97.887424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   97.895256] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   97.922814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   97.930437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   97.964721] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   97.973092] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   97.980567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   97.991392] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   97.999658] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   98.019816] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   98.034432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   98.056252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   98.064013] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   98.071633] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   98.079485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   98.094473] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   98.106270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   98.140649] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   98.164188] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   98.171837] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   98.179670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   98.436395] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.442930] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.450364] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.456754] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.597615] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.604041] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.610672] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.617057] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.636680] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.643090] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.649665] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.656048] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.690615] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.697041] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.703709] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.710058] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.733720] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.740102] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.746762] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.753162] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.765037] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.771421] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.778094] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.784482] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.442415] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   99.457324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   99.467260] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   99.475054] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   99.481974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   99.489018] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  100.258166] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.474255] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.573724] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.610725] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  100.633239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  100.643699] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.660135] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.703938] 8021q: adding VLAN 0 to HW filter on device bond0
[  100.764143] 8021q: adding VLAN 0 to HW filter on device team0
[  100.812626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  100.819646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  100.969976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  100.978600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  100.993017] 8021q: adding VLAN 0 to HW filter on device team0
[  101.009441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  101.022995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  101.064510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  101.071464] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  101.088221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  101.095677] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  101.189314] 8021q: adding VLAN 0 to HW filter on device team0
[  101.204089] 8021q: adding VLAN 0 to HW filter on device team0
[  101.237962] 8021q: adding VLAN 0 to HW filter on device team0
[  101.248426] 8021q: adding VLAN 0 to HW filter on device team0
2019/10/05 19:39:37 executed programs: 6
[  102.125474] kasan: CONFIG_KASAN_INLINE enabled
[  102.130206] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  102.144097] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  102.150362] CPU: 0 PID: 7451 Comm: syz-executor3 Not tainted 5.4.0-rc1+ #0
[  102.157363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  102.166712] RIP: 0010:rdma_listen+0x24a/0x7f0
[  102.171198] Code: 8b a3 c8 01 00 00 31 f6 48 c7 c7 00 3c bc 88 e8 5c c4 ca 01 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 08 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 11 05 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b
[  102.190094] RSP: 0018:ffff8881c4577c48 EFLAGS: 00010202
[  102.195590] RAX: dffffc0000000000 RBX: ffff8881bbf72d40 RCX: 0000000000000000
[  102.202852] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000008
[  102.210108] RBP: ffff8881c4577c78 R08: fffffbfff1178789 R09: fffffbfff1178789
[  102.217358] R10: ffff8881c4577c38 R11: ffffffff88bc3c43 R12: 0000000000000000
[  102.224607] R13: 0000000000000003 R14: ffff8881c4577d90 R15: ffff8881c8e78280
[  102.231856] FS:  00007f4aa0831700(0000) GS:ffff8881db000000(0000) knlGS:0000000000000000
[  102.240057] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  102.245918] CR2: 00007f0e1cccea8c CR3: 00000001c442c000 CR4: 00000000001406f0
[  102.253168] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  102.260412] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  102.267657] Call Trace:
[  102.270220]  ? _raw_spin_unlock+0x2c/0x50
[  102.274352]  ucma_listen+0xe1/0x150
[  102.277955]  ? ucma_notify+0x140/0x140
[  102.281833]  ? __kasan_check_write+0x14/0x20
[  102.286218]  ? _copy_from_user+0xd6/0x110
[  102.290339]  ucma_write+0x206/0x2e0
[  102.293960]  ? ucma_open+0x250/0x250
[  102.297656]  ? apparmor_file_permission+0x15/0x20
[  102.302475]  ? security_file_permission+0x52/0x2a0
[  102.307380]  __vfs_write+0x61/0x110
[  102.310980]  vfs_write+0x18a/0x520
[  102.314494]  ksys_write+0x197/0x220
[  102.318110]  ? __ia32_sys_read+0xa0/0xa0
[  102.322148]  ? do_syscall_64+0x21/0x5e0
[  102.326119]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  102.331459]  __x64_sys_write+0x6e/0xb0
[  102.335334]  do_syscall_64+0xd0/0x5e0
[  102.339111]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  102.344287] RIP: 0033:0x4576b9
[  102.347454] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  102.366371] RSP: 002b:00007f4aa0830c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  102.374056] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004576b9
[  102.381305] RDX: 0000000000000010 RSI: 00000000200000c0 RDI: 0000000000000005
[  102.388557] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
[  102.395802] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4aa08316d4
[  102.403059] R13: 00000000004c57bf R14: 00000000004d9400 R15: 00000000ffffffff
[  102.410318] Modules linked in:
[  102.415868] ---[ end trace f3388b86c2b53465 ]---
[  102.420625] RIP: 0010:rdma_listen+0x24a/0x7f0
[  102.425255] Code: 8b a3 c8 01 00 00 31 f6 48 c7 c7 00 3c bc 88 e8 5c c4 ca 01 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 08 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 11 05 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b
[  102.428230] kobject: 'loop0' (0000000065ab6ffc): kobject_uevent_env
[  102.445040] RSP: 0018:ffff8881c4577c48 EFLAGS: 00010202
[  102.458833] RAX: dffffc0000000000 RBX: ffff8881bbf72d40 RCX: 0000000000000000
[  102.464062] kobject: 'loop0' (0000000065ab6ffc): fill_kobj_path: path = '/devices/virtual/block/loop0'
[  102.468911] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000008
[  102.505209] RBP: ffff8881c4577c78 R08: fffffbfff1178789 R09: fffffbfff1178789
[  102.509394] kobject: 'loop4' (0000000036b0d45c): kobject_uevent_env
[  102.519510] kobject: 'loop4' (0000000036b0d45c): fill_kobj_path: path = '/devices/virtual/block/loop4'
[  102.525735] R10: ffff8881c4577c38 R11: ffffffff88bc3c43 R12: 0000000000000000
[  102.529857] kobject: 'loop2' (000000002a979646): kobject_uevent_env
[  102.537498] R13: 0000000000000003 R14: ffff8881c4577d90 R15: ffff8881c8e78280
[  102.544552] kobject: 'loop2' (000000002a979646): fill_kobj_path: path = '/devices/virtual/block/loop2'
[  102.551479] FS:  00007f4aa0831700(0000) GS:ffff8881db000000(0000) knlGS:0000000000000000
[  102.560558] kobject: 'loop1' (000000002c7caa22): kobject_uevent_env
[  102.568974] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  102.575149] kobject: 'loop1' (000000002c7caa22): fill_kobj_path: path = '/devices/virtual/block/loop1'
[  102.582907] CR2: 000000000072c061 CR3: 00000001c442c000 CR4: 00000000001406f0
[  102.605550] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  102.613083] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  102.620412] Kernel panic - not syncing: Fatal exception
[  102.627191] Kernel Offset: disabled
[  102.630808] Rebooting in 86400 seconds..