[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 31.808975] kauditd_printk_skb: 9 callbacks suppressed [ 31.808987] audit: type=1800 audit(1543766124.844:33): pid=5936 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 31.842102] audit: type=1800 audit(1543766124.844:34): pid=5936 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.525573] audit: type=1400 audit(1543766129.564:35): avc: denied { map } for pid=6115 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 36.563322] sshd (6113) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts. [ 43.062236] audit: type=1400 audit(1543766136.094:36): avc: denied { map } for pid=6129 comm="syz-executor132" path="/root/syz-executor132250672" dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 43.082766] IPVS: ftp: loaded support on port[0] = 21 [ 43.254241] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.261100] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.268242] device bridge_slave_0 entered promiscuous mode [ 43.287619] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.293995] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.301185] device bridge_slave_1 entered promiscuous mode [ 43.319565] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 43.337384] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 43.386987] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.407160] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.483074] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 43.490437] team0: Port device team_slave_0 added [ 43.507924] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 43.515197] team0: Port device team_slave_1 added [ 43.531005] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 43.549557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 43.570125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.590002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 43.733213] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.739679] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.746577] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.752921] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 44.282603] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.335282] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 44.388302] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 44.394629] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.401648] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.451030] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 44.727072] audit: type=1400 audit(1543766137.764:37): avc: denied { map_create } for pid=6130 comm="syz-executor132" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 45.015311] BUG: unable to handle kernel paging request at ffff888220000000 [ 45.022426] PGD be01067 P4D be01067 PUD be04067 PMD 0 [ 45.027698] Oops: 0000 [#1] PREEMPT SMP KASAN [ 45.032172] CPU: 1 PID: 6130 Comm: syz-executor132 Not tainted 4.20.0-rc4+ #139 [ 45.039590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.048951] RIP: 0010:do_csum+0x192/0x410 [ 45.053076] Code: 85 f6 74 54 4d 89 ef e8 4c af a6 f9 41 83 ee 01 31 ff 31 c0 44 89 f6 49 03 1f 49 13 5f 08 49 13 5f 10 49 13 5f 18 49 13 5f 20 <49> 13 5f 28 49 13 5f 30 49 13 5f 38 48 11 c3 e8 2a b0 a6 f9 49 83 [ 45.071958] RSP: 0018:ffff8881b1de6568 EFLAGS: 00010282 [ 45.077315] RAX: 0000000000000000 RBX: b7b16460930f731a RCX: ffffffff87d8eca6 [ 45.084589] RDX: 0000000000000000 RSI: 000000000236f006 RDI: 0000000000000000 [ 45.091849] RBP: ffff8881b1de65a0 R08: ffff8881d2728140 R09: ffff8881adbd0194 [ 45.099097] R10: 000000000000ffd4 R11: ffffea0006c456b7 R12: 00000000ffff0038 [ 45.106361] R13: ffff8881adbd0198 R14: 000000000236f006 R15: ffff88821fffffd8 [ 45.113609] FS: 0000000000d87880(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000 [ 45.121811] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 45.127669] CR2: ffff888220000000 CR3: 00000001b3de5000 CR4: 00000000001406e0 [ 45.134916] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 45.142159] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 45.149399] Call Trace: [ 45.151975] csum_partial+0x21/0x30 [ 45.155581] tcp_gso_segment+0xa7d/0x17b0 [ 45.159705] ? sk_common_release+0x320/0x320 [ 45.164092] tcp6_gso_segment+0x1c8/0x580 [ 45.168223] ipv6_gso_segment+0x554/0x1130 [ 45.172460] ? audit_tree_freeing_mark+0xee2/0xfd0 [ 45.177382] ? sit_ip6ip6_gro_receive+0x100/0x100 [ 45.182200] ? __lock_is_held+0xb5/0x140 [ 45.186265] ? sit_ip6ip6_gro_receive+0x100/0x100 [ 45.191102] inet_gso_segment+0x639/0x1350 [ 45.195330] ? inet_sock_destruct+0x9b0/0x9b0 [ 45.199845] ipv6_gso_segment+0x554/0x1130 [ 45.204053] ? skb_mac_gso_segment+0x229/0x740 [ 45.208622] ? sit_ip6ip6_gro_receive+0x100/0x100 [ 45.213438] ? kasan_check_read+0x11/0x20 [ 45.217587] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 45.222853] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 45.228016] ? rcu_softirq_qs+0x20/0x20 [ 45.231965] ? skb_network_protocol+0xfc/0x4c0 [ 45.236537] skb_mac_gso_segment+0x3b3/0x740 [ 45.240949] ? sit_ip6ip6_gro_receive+0x100/0x100 [ 45.245788] ? skb_network_protocol+0x4c0/0x4c0 [ 45.250478] ? print_usage_bug+0xc0/0xc0 [ 45.254522] ? __lock_acquire+0x2aff/0x4c20 [ 45.258822] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 45.263987] ? skb_network_protocol+0xfc/0x4c0 [ 45.268546] __skb_gso_segment+0x3c3/0x880 [ 45.272764] ? skb_mac_gso_segment+0x740/0x740 [ 45.277326] validate_xmit_skb+0x640/0xf30 [ 45.281541] ? netif_skb_features+0xb70/0xb70 [ 45.286018] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.291540] ? check_preemption_disabled+0x48/0x280 [ 45.296539] validate_xmit_skb_list+0xd1/0x140 [ 45.301107] sch_direct_xmit+0x30e/0x1130 [ 45.305251] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.310821] ? check_preemption_disabled+0x48/0x280 [ 45.315821] ? dev_watchdog+0xb10/0xb10 [ 45.319778] ? __lock_is_held+0xb5/0x140 [ 45.323826] __qdisc_run+0x636/0x1990 [ 45.327613] ? sch_direct_xmit+0x1130/0x1130 [ 45.332001] ? lock_acquire+0x1ed/0x520 [ 45.335957] ? dev_queue_xmit+0x17/0x20 [ 45.339922] ? lock_release+0xa00/0xa00 [ 45.343872] ? mini_qdisc_pair_init+0x160/0x160 [ 45.348547] __dev_queue_xmit+0x1915/0x3ad0 [ 45.352850] ? dev_queue_xmit+0x17/0x20 [ 45.356835] ? netdev_pick_tx+0x310/0x310 [ 45.360993] ? __alloc_skb+0x4c6/0x770 [ 45.364886] ? mark_held_locks+0x130/0x130 [ 45.369099] ? zap_class+0x640/0x640 [ 45.372791] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.378314] ? refcount_add_not_zero_checked+0x21e/0x330 [ 45.383748] ? find_held_lock+0x36/0x1c0 [ 45.387792] ? perf_trace_sched_process_exec+0x860/0x860 [ 45.393234] ? kasan_check_write+0x14/0x20 [ 45.397448] ? copyin+0xb7/0x100 [ 45.400851] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 45.405849] ? copy_page_from_iter+0x541/0x8f0 [ 45.410409] ? _copy_from_iter+0xf70/0xf70 [ 45.414621] ? _copy_from_iter_full+0x2d8/0xce0 [ 45.419268] ? kasan_check_read+0x11/0x20 [ 45.423392] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 45.428644] ? depot_save_stack+0x292/0x470 [ 45.432975] ? skb_copy_datagram_from_iter+0x451/0x660 [ 45.438247] dev_queue_xmit+0x17/0x20 [ 45.442023] ? dev_queue_xmit+0x17/0x20 [ 45.445974] packet_sendmsg+0x430a/0x6570 [ 45.450099] ? avc_has_perm+0x469/0x7e0 [ 45.454051] ? lock_downgrade+0x900/0x900 [ 45.458193] ? check_preemption_disabled+0x48/0x280 [ 45.463203] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 45.468137] ? kasan_check_read+0x11/0x20 [ 45.472269] ? packet_getname+0x5f0/0x5f0 [ 45.476413] ? avc_has_perm_noaudit+0x630/0x630 [ 45.481064] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 45.486592] ? _copy_from_user+0xdf/0x150 [ 45.490720] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 45.495725] ? rw_copy_check_uvector+0x310/0x3e0 [ 45.500494] ? sock_has_perm+0x2bc/0x3e0 [ 45.504538] ? selinux_secmark_relabel_packet+0xe0/0xe0 [ 45.509882] ? copy_msghdr_from_user+0x3c1/0x580 [ 45.514619] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.520150] ? security_socket_sendmsg+0x94/0xc0 [ 45.524886] ? packet_getname+0x5f0/0x5f0 [ 45.529026] sock_sendmsg+0xd5/0x120 [ 45.532718] ___sys_sendmsg+0x7fd/0x930 [ 45.536687] ? avc_has_perm_noaudit+0x630/0x630 [ 45.541338] ? copy_msghdr_from_user+0x580/0x580 [ 45.546088] ? rcu_softirq_qs+0x20/0x20 [ 45.550041] ? avc_denied+0x16d/0x1c0 [ 45.553833] ? zap_class+0x640/0x640 [ 45.557528] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.563043] ? __fget_light+0x2e9/0x430 [ 45.566993] ? fget_raw+0x20/0x20 [ 45.570445] ? selinux_netlbl_sock_rcv_skb+0x6f0/0x6f0 [ 45.575720] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 45.581258] ? sockfd_lookup_light+0xc5/0x160 [ 45.585731] __sys_sendmsg+0x11d/0x280 [ 45.589602] ? __ia32_sys_shutdown+0x80/0x80 [ 45.594006] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 45.599528] ? __sys_setsockopt+0x254/0x3c0 [ 45.603846] ? do_syscall_64+0x9a/0x820 [ 45.607801] ? do_syscall_64+0x9a/0x820 [ 45.611773] ? trace_hardirqs_off_caller+0x310/0x310 [ 45.616874] __x64_sys_sendmsg+0x78/0xb0 [ 45.620915] do_syscall_64+0x1b9/0x820 [ 45.624795] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 45.630137] ? syscall_return_slowpath+0x5e0/0x5e0 [ 45.635069] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.639903] ? trace_hardirqs_on_caller+0x310/0x310 [ 45.644899] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 45.649894] ? prepare_exit_to_usermode+0x291/0x3b0 [ 45.655020] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 45.659858] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.665025] RIP: 0033:0x441449 [ 45.668217] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 45.687098] RSP: 002b:00007ffd438db638 EFLAGS: 00000286 ORIG_RAX: 000000000000002e [ 45.694783] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000441449 [ 45.702031] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000003 [ 45.709280] RBP: 00000000006cc018 R08: 0000000000000100 R09: 0000000000000100 [ 45.716532] R10: 0000000000000100 R11: 0000000000000286 R12: 00000000004023b0 [ 45.723784] R13: 0000000000402440 R14: 0000000000000000 R15: 0000000000000000 [ 45.731039] Modules linked in: [ 45.734210] CR2: ffff888220000000 [ 45.737641] ---[ end trace 3b494ec4ba16cf85 ]--- [ 45.742392] RIP: 0010:do_csum+0x192/0x410 [ 45.746527] Code: 85 f6 74 54 4d 89 ef e8 4c af a6 f9 41 83 ee 01 31 ff 31 c0 44 89 f6 49 03 1f 49 13 5f 08 49 13 5f 10 49 13 5f 18 49 13 5f 20 <49> 13 5f 28 49 13 5f 30 49 13 5f 38 48 11 c3 e8 2a b0 a6 f9 49 83 [ 45.765451] RSP: 0018:ffff8881b1de6568 EFLAGS: 00010282 [ 45.770835] RAX: 0000000000000000 RBX: b7b16460930f731a RCX: ffffffff87d8eca6 [ 45.778106] RDX: 0000000000000000 RSI: 000000000236f006 RDI: 0000000000000000 [ 45.785358] RBP: ffff8881b1de65a0 R08: ffff8881d2728140 R09: ffff8881adbd0194 [ 45.792780] R10: 000000000000ffd4 R11: ffffea0006c456b7 R12: 00000000ffff0038 [ 45.800034] R13: ffff8881adbd0198 R14: 000000000236f006 R15: ffff88821fffffd8 [ 45.807284] FS: 0000000000d87880(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000 [ 45.815524] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 45.821384] CR2: ffff888220000000 CR3: 00000001b3de5000 CR4: 00000000001406e0 [ 45.828635] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 45.835898] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 45.843161] Kernel panic - not syncing: Fatal exception in interrupt [ 45.850542] Kernel Offset: disabled [ 45.854164] Rebooting in 86400 seconds..