[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   39.791005] audit: type=1800 audit(1546148152.017:25): pid=7915 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   39.828088] audit: type=1800 audit(1546148152.017:26): pid=7915 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   39.848841] audit: type=1800 audit(1546148152.017:27): pid=7915 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   44.601060] sshd (8052) used greatest stack depth: 15720 bytes left
Warning: Permanently added '10.128.0.59' (ECDSA) to the list of known hosts.
[   51.235853] IPVS: ftp: loaded support on port[0] = 21
[   51.295610] chnl_net:caif_netlink_parms(): no params data found
[   51.331918] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.338662] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.346081] device bridge_slave_0 entered promiscuous mode
[   51.353655] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.360125] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.367234] device bridge_slave_1 entered promiscuous mode
[   51.388175] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   51.397708] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   51.415361] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   51.423062] team0: Port device team_slave_0 added
[   51.428477] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   51.435781] team0: Port device team_slave_1 added
[   51.441092] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   51.448367] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   51.512125] device hsr_slave_0 entered promiscuous mode
[   51.550028] device hsr_slave_1 entered promiscuous mode
[   51.600357] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   51.607316] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   51.621091] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.627749] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.634813] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.641214] bridge0: port 1(bridge_slave_0) entered forwarding state
[   51.674149] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   51.681687] 8021q: adding VLAN 0 to HW filter on device bond0
[   51.689850] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   51.698188] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   51.708108] bridge0: port 1(bridge_slave_0) entered disabled state
[   51.715607] bridge0: port 2(bridge_slave_1) entered disabled state
[   51.722860] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   51.733728] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   51.740077] 8021q: adding VLAN 0 to HW filter on device team0
[   51.751517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   51.759094] bridge0: port 1(bridge_slave_0) entered blocking state
[   51.765516] bridge0: port 1(bridge_slave_0) entered forwarding state
[   51.772410] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   51.780142] bridge0: port 2(bridge_slave_1) entered blocking state
[   51.786573] bridge0: port 2(bridge_slave_1) entered forwarding state
[   51.802552] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   51.811429] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   51.823037] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   51.835674] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   51.845682] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   51.856099] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   51.863861] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
executing program
[   51.872106] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   51.879739] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   51.891721] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   51.902181] 8021q: adding VLAN 0 to HW filter on device batadv0
[   51.914545] ------------[ cut here ]------------
[   51.919354] HSR: VLAN not yet supported
[   51.919815] WARNING: CPU: 0 PID: 8067 at net/hsr/hsr_forward.c:336 hsr_forward_skb+0x2196/0x28a0
[   51.932669] Kernel panic - not syncing: panic_on_warn set ...
[   51.938571] CPU: 0 PID: 8067 Comm: syz-executor245 Not tainted 4.20.0+ #396
[   51.945653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   51.954988] Call Trace:
[   51.957558]  dump_stack+0x1d3/0x2c6
[   51.961175]  ? dump_stack_print_info.cold.1+0x20/0x20
[   51.966356]  panic+0x2ad/0x55f
[   51.969545]  ? add_taint.cold.5+0x16/0x16
[   51.973685]  ? __warn.cold.8+0x5/0x52
[   51.977469]  ? __warn+0xe8/0x1d0
[   51.980823]  ? hsr_forward_skb+0x2196/0x28a0
[   51.985210]  __warn.cold.8+0x20/0x52
[   51.988903]  ? rcu_softirq_qs+0x20/0x20
[   51.992860]  ? hsr_forward_skb+0x2196/0x28a0
[   51.997259]  report_bug+0x254/0x2d0
[   52.000875]  do_error_trap+0x11b/0x200
[   52.004749]  do_invalid_op+0x36/0x40
[   52.008446]  ? hsr_forward_skb+0x2196/0x28a0
[   52.012841]  invalid_op+0x14/0x20
[   52.016279] RIP: 0010:hsr_forward_skb+0x2196/0x28a0
[   52.021282] Code: e7 e8 9e 2a ff ff e9 8f f3 ff ff 48 89 85 b0 fe ff ff e8 8d d5 95 f9 48 c7 c7 a0 0e fa 88 c6 05 25 bc 4a 02 01 e8 0a 1b 5f f9 <0f> 0b 48 8b 85 a8 fe ff ff 48 b9 00 00 00 00 00 fc ff df 48 89 c2
[   52.040175] RSP: 0018:ffff88809e3aeb28 EFLAGS: 00010282
[   52.045530] RAX: 0000000000000000 RBX: ffff8880a8860900 RCX: 0000000000000000
[   52.052784] RDX: 0000000000000000 RSI: ffffffff81683f55 RDI: 0000000000000006
[   52.060038] RBP: ffff88809e3aecb8 R08: ffff8880a53260c0 R09: 0000000000000000
[   52.067296] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   52.074559] R13: ffff8880907f5a80 R14: ffff8880a88609b6 R15: ffff88809e3aec90
[   52.081834]  ? vprintk_func+0x85/0x181
[   52.085712]  ? hsr_forward_skb+0x2196/0x28a0
[   52.090107]  ? rcu_read_unlock_special+0x370/0x370
[   52.095029]  ? find_held_lock+0x36/0x1c0
[   52.099081]  ? hsr_del_port+0x480/0x480
[   52.103040]  ? rcu_read_unlock+0x5e/0xa0
[   52.107089]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   52.112113]  ? hsr_netdev_notify+0x1070/0x1070
[   52.116693]  ? __lock_is_held+0xb5/0x140
[   52.120743]  hsr_dev_xmit+0x71/0xa0
[   52.124357]  dev_hard_start_xmit+0x286/0xc80
[   52.128773]  ? dev_direct_xmit+0x6a0/0x6a0
[   52.133001]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   52.138526]  ? netif_skb_features+0x681/0xb50
[   52.143009]  ? skb_flow_dissect_tunnel_info+0xd80/0xd80
[   52.148381]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   52.153909]  ? validate_xmit_xfrm+0x41c/0xef0
[   52.158396]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.163925]  ? validate_xmit_skb+0x849/0xf70
[   52.168328]  ? netif_skb_features+0xb50/0xb50
[   52.172836]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.178363]  ? check_preemption_disabled+0x48/0x280
[   52.183389]  ? check_preemption_disabled+0x48/0x280
[   52.188399]  __dev_queue_xmit+0x2f62/0x3ac0
[   52.192711]  ? kasan_kmalloc+0xcb/0xd0
[   52.196596]  ? netdev_pick_tx+0x300/0x300
[   52.200738]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.206279]  ? __alloc_skb+0x4bd/0x760
[   52.210163]  ? print_usage_bug+0xc0/0xc0
[   52.214216]  ? skb_scrub_packet+0x440/0x440
[   52.218544]  ? mark_held_locks+0x130/0x130
[   52.222767]  ? find_held_lock+0x36/0x1c0
[   52.226832]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.232359]  ? refcount_add_not_zero_checked+0x21e/0x330
[   52.237804]  ? refcount_dec_if_one+0x180/0x180
[   52.242383]  ? alloc_skb_with_frags+0x508/0x7c0
[   52.247048]  ? pagevec_lru_move_fn+0x259/0x350
[   52.251625]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   52.257077]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   52.262609]  ? refcount_add_checked+0x2f/0x70
[   52.267100]  ? skb_set_owner_w+0x21d/0x320
[   52.271335]  ? sock_alloc_send_pskb+0x7bb/0xab0
[   52.276001]  ? __lru_cache_add+0x2ff/0x4e0
[   52.280234]  ? sock_wmalloc+0x1f0/0x1f0
[   52.284200]  ? dev_get_by_index+0xf0/0x1c0
[   52.288423]  ? lock_downgrade+0x900/0x900
[   52.292558]  ? check_preemption_disabled+0x48/0x280
[   52.297567]  ? kasan_check_read+0x11/0x20
[   52.301703]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   52.306964]  ? mark_held_locks+0x130/0x130
[   52.311188]  ? rcu_read_unlock_special+0x370/0x370
[   52.316107]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.321641]  ? skb_copy_datagram_from_iter+0x445/0x650
[   52.326909]  ? memcpy+0x45/0x50
[   52.330184]  dev_queue_xmit+0x17/0x20
[   52.333968]  ? dev_queue_xmit+0x17/0x20
[   52.337931]  packet_sendmsg+0x298a/0x6ad0
[   52.342066]  ? __lock_acquire+0x62f/0x4c20
[   52.346299]  ? __this_cpu_preempt_check+0x1c/0x20
[   52.351140]  ? mark_held_locks+0xe0/0x130
[   52.355284]  ? packet_getname+0x5f0/0x5f0
[   52.359421]  ? aa_profile_af_perm+0x410/0x410
[   52.363908]  ? ___might_sleep+0x1ed/0x300
[   52.368043]  ? lock_downgrade+0x900/0x900
[   52.372177]  ? finish_task_switch+0x360/0x910
[   52.376657]  ? lock_release+0xa00/0xa00
[   52.380619]  ? arch_local_save_flags+0x40/0x40
[   52.385192]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   52.390110]  ? aa_sk_perm+0x22b/0x8e0
[   52.393900]  ? import_iovec+0x178/0x2d0
[   52.397863]  ? aa_af_perm+0x5a0/0x5a0
[   52.401681]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   52.407211]  ? aa_sock_msg_perm.isra.14+0xba/0x160
[   52.412138]  ? apparmor_socket_sendmsg+0x29/0x30
[   52.416888]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.422414]  ? security_socket_sendmsg+0x94/0xc0
[   52.427169]  ? packet_getname+0x5f0/0x5f0
[   52.431307]  sock_sendmsg+0xd5/0x120
[   52.435026]  ___sys_sendmsg+0x51d/0x930
[   52.438990]  ? copy_msghdr_from_user+0x580/0x580
[   52.443729]  ? _copy_to_user+0xc8/0x110
[   52.447710]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   52.453240]  ? sock_do_ioctl+0x110/0x420
[   52.457297]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.462823]  ? __fget_light+0x2e9/0x430
[   52.466799]  ? fget_raw+0x20/0x20
[   52.470248]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   52.475428]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   52.480951]  ? sockfd_lookup_light+0xc5/0x160
[   52.485430]  __sys_sendmmsg+0x246/0x6d0
[   52.489395]  ? __ia32_sys_sendmsg+0xb0/0xb0
[   52.493772]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.499296]  ? do_vfs_ioctl+0x201/0x1790
[   52.503342]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   52.508604]  ? ioctl_preallocate+0x300/0x300
[   52.513000]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.518520]  ? __fget_light+0x2e9/0x430
[   52.522488]  ? do_syscall_64+0x9a/0x820
[   52.526443]  ? do_syscall_64+0x9a/0x820
[   52.530400]  ? lockdep_hardirqs_on+0x421/0x5c0
[   52.534982]  ? trace_hardirqs_on+0xbd/0x310
[   52.539289]  ? security_file_ioctl+0x94/0xc0
[   52.543686]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.549032]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   52.554471]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   52.559995]  __x64_sys_sendmmsg+0x9d/0x100
[   52.564217]  do_syscall_64+0x1b9/0x820
[   52.568092]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   52.573444]  ? syscall_return_slowpath+0x5e0/0x5e0
[   52.578355]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   52.583202]  ? trace_hardirqs_on_caller+0x310/0x310
[   52.588206]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   52.593209]  ? prepare_exit_to_usermode+0x291/0x3b0
[   52.598214]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   52.603052]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   52.608228] RIP: 0033:0x4418a9
[   52.611406] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   52.630296] RSP: 002b:00007ffcd36b1858 EFLAGS: 00000213 ORIG_RAX: 0000000000000133
[   52.638007] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00000000004418a9
[   52.645285] RDX: 0000000000000300 RSI: 0000000020008a80 RDI: 0000000000000003
[   52.652560] RBP: 0000000000000003 R08: 0000000001bbbbbb R09: 0000000001bbbbbb
[   52.659819] R10: 0000000000000000 R11: 0000000000000213 R12: 00007ffcd36b18a0
[   52.667099] R13: 00007ffcd36b1890 R14: 0000000000000000 R15: 0000000000000000
[   52.675440] Kernel Offset: disabled
[   52.679125] Rebooting in 86400 seconds..