Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 51.110785] kauditd_printk_skb: 4 callbacks suppressed [ 51.110799] audit: type=1400 audit(1556672514.827:35): avc: denied { map } for pid=8058 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 958.206756] audit: type=1400 audit(1556673421.927:36): avc: denied { map } for pid=8066 comm="sh" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.214' (ECDSA) to the list of known hosts. [ 1258.068695] audit: type=1400 audit(1556673721.787:37): avc: denied { map } for pid=8073 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/05/01 01:22:02 parsed 1 programs [ 1258.872419] audit: type=1400 audit(1556673722.587:38): avc: denied { map } for pid=8073 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=4628 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/05/01 01:22:05 executed programs: 0 [ 1261.513909] IPVS: ftp: loaded support on port[0] = 21 [ 1261.612438] chnl_net:caif_netlink_parms(): no params data found [ 1261.653483] bridge0: port 1(bridge_slave_0) entered blocking state [ 1261.661200] bridge0: port 1(bridge_slave_0) entered disabled state [ 1261.669483] device bridge_slave_0 entered promiscuous mode [ 1261.679115] bridge0: port 2(bridge_slave_1) entered blocking state [ 1261.686703] bridge0: port 2(bridge_slave_1) entered disabled state [ 1261.694068] device bridge_slave_1 entered promiscuous mode [ 1261.712355] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 1261.722083] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 1261.740899] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 1261.749981] team0: Port device team_slave_0 added [ 1261.756515] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 1261.764340] team0: Port device team_slave_1 added [ 1261.771099] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 1261.779442] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 1261.839437] device hsr_slave_0 entered promiscuous mode [ 1261.886754] device hsr_slave_1 entered promiscuous mode [ 1261.926490] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 1261.933926] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 1261.950098] bridge0: port 2(bridge_slave_1) entered blocking state [ 1261.968883] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1261.976543] bridge0: port 1(bridge_slave_0) entered blocking state [ 1261.983194] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1262.018719] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 1262.025598] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1262.034530] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 1262.044147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1262.065476] bridge0: port 1(bridge_slave_0) entered disabled state [ 1262.074937] bridge0: port 2(bridge_slave_1) entered disabled state [ 1262.084318] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1262.096675] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 1262.102831] 8021q: adding VLAN 0 to HW filter on device team0 [ 1262.112849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1262.120649] bridge0: port 1(bridge_slave_0) entered blocking state [ 1262.127056] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1262.137616] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1262.145187] bridge0: port 2(bridge_slave_1) entered blocking state [ 1262.152918] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1262.177494] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1262.188300] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1262.196947] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1262.205353] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1262.214685] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1262.224863] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 1262.231638] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1262.245875] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 1262.256618] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1262.268787] audit: type=1400 audit(1556673725.987:39): avc: denied { associate } for pid=8088 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 1262.455780] hrtimer: interrupt took 44303 ns [ 1262.540523] skbuff: skb_over_panic: text:00000000905c136e len:232 put:72 head:000000003270840e data:000000003270840e tail:0xe8 end:0xc0 dev: [ 1262.602330] ------------[ cut here ]------------ [ 1262.611764] kernel BUG at net/core/skbuff.c:104! [ 1262.631913] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 1262.641342] CPU: 0 PID: 8098 Comm: syz-executor.0 Not tainted 4.19.37 #5 [ 1262.654456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1262.668266] RIP: 0010:skb_panic+0x17c/0x17e [ 1262.674323] Code: 4c 8b 4d b8 8b 8b 80 00 00 00 41 57 45 89 f0 4c 89 ea ff 75 d0 4c 89 e6 48 c7 c7 40 b9 dc 87 ff 75 c8 ff 75 c0 e8 bb 98 f2 fb <0f> 0b e8 10 11 08 fc 4c 8b 6d 08 e8 c7 5a 3e fc 48 c7 c1 80 c2 dc [ 1262.697669] RSP: 0018:ffff88808fa1eae8 EFLAGS: 00010282 [ 1262.703283] RAX: 0000000000000086 RBX: ffff8880a4aa8dc0 RCX: 0000000000000000 [ 1262.710905] RDX: 0000000000000000 RSI: ffffffff8155e196 RDI: ffffed1011f43d4f [ 1262.718356] RBP: ffff88808fa1eb50 R08: 0000000000000086 R09: ffffed1015d04fe9 [ 1262.726489] R10: ffffed1015d04fe8 R11: ffff8880ae827f47 R12: ffffffff87dcc2c0 [ 1262.734291] R13: ffffffff86160aa7 R14: 0000000000000048 R15: ffffffff87dcb900 [ 1262.741972] FS: 00007f10dc851700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 1262.750372] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1262.756422] CR2: 00007fff714f2f98 CR3: 00000000941cf000 CR4: 00000000001406f0 [ 1262.764328] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1262.771925] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1262.779625] Call Trace: [ 1262.782355] ? pfkey_send_acquire+0x1ba7/0x2600 [ 1262.787453] skb_put.cold+0x23/0x23 [ 1262.791331] pfkey_send_acquire+0x1ba7/0x2600 [ 1262.796194] km_query+0xd0/0x220 [ 1262.799740] xfrm_state_find+0x1d4f/0x2dc0 [ 1262.804325] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1262.809101] ? xfrm_state_afinfo_get_rcu+0xf0/0xf0 [ 1262.814277] ? retint_kernel+0x2d/0x2d [ 1262.818872] xfrm_tmpl_resolve+0x32a/0xc90 [ 1262.823220] ? __xfrm_decode_session+0x140/0x140 [ 1262.828302] ? __lock_acquire+0x6eb/0x48f0 [ 1262.832788] ? rt_add_uncached_list+0x147/0x1a0 [ 1262.837944] xfrm_resolve_and_create_bundle+0x137/0x2320 [ 1262.843423] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1262.848203] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1262.853210] ? trace_hardirqs_on_caller+0x6a/0x220 [ 1262.858350] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1262.863610] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1262.868667] ? xfrm_tmpl_resolve+0xc90/0xc90 [ 1262.873095] ? xfrm_sk_policy_lookup+0x3c7/0x510 [ 1262.878163] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1262.884204] ? lock_downgrade+0x810/0x810 [ 1262.888674] ? kasan_check_read+0x11/0x20 [ 1262.893436] ? xfrm_sk_policy_lookup+0x3ee/0x510 [ 1262.898206] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1262.903447] xfrm_lookup_with_ifid+0x278/0x1cd0 [ 1262.908294] ? xfrm_lookup_with_ifid+0x278/0x1cd0 [ 1262.913151] ? xfrm_policy_lookup+0x90/0x90 [ 1262.917993] ? kasan_check_read+0x11/0x20 [ 1262.922158] ? ip_route_output_key_hash+0x269/0x380 [ 1262.927660] ? ip_route_output_key_hash_rcu+0x30e0/0x30e0 [ 1262.933384] ? udp_sendmsg+0x6c8/0x25f0 [ 1262.937394] xfrm_lookup_route+0x3b/0x1f0 [ 1262.941782] ip_route_output_flow+0xad/0xc0 [ 1262.946504] udp_sendmsg+0x1ade/0x25f0 [ 1262.950495] ? check_preemption_disabled+0x48/0x290 [ 1262.955599] ? perf_swevent_start_hrtimer.part.0+0xc0/0x130 [ 1262.961622] ? ip_reply_glue_bits+0xc0/0xc0 [ 1262.966084] ? udp_push_pending_frames+0xf0/0xf0 [ 1262.970948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1262.975828] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1262.980840] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1262.985833] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1262.990441] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1262.995299] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1263.000265] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1263.004863] ? retint_kernel+0x2d/0x2d [ 1263.009159] ? trace_hardirqs_on_caller+0x6a/0x220 [ 1263.014422] ? retint_kernel+0x2d/0x2d [ 1263.018417] ? avc_has_perm+0x379/0x610 [ 1263.022506] ? find_held_lock+0x35/0x130 [ 1263.026728] udpv6_sendmsg+0x13a4/0x28d0 [ 1263.031163] ? udpv6_sendmsg+0x13a4/0x28d0 [ 1263.035990] ? lock_downgrade+0x810/0x810 [ 1263.040186] ? udp6_unicast_rcv_skb.isra.0+0x320/0x320 [ 1263.045586] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1263.051150] ? avc_has_perm_noaudit+0x570/0x570 [ 1263.056000] ? __might_fault+0x12b/0x1e0 [ 1263.060415] ? find_held_lock+0x35/0x130 [ 1263.064870] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1263.070463] ? rw_copy_check_uvector+0x2a6/0x330 [ 1263.075775] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1263.080659] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1263.085749] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1263.090353] ? retint_kernel+0x2d/0x2d [ 1263.094342] ? trace_hardirqs_on_caller+0x6a/0x220 [ 1263.099888] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1263.105082] ? retint_kernel+0x2d/0x2d [ 1263.109010] ? udp6_unicast_rcv_skb.isra.0+0x320/0x320 [ 1263.114585] ? inet_sendmsg+0xb7/0x5d0 [ 1263.118682] inet_sendmsg+0x147/0x5d0 [ 1263.122502] ? udp6_unicast_rcv_skb.isra.0+0x320/0x320 [ 1263.128071] ? inet_sendmsg+0x147/0x5d0 [ 1263.132148] ? ipip_gro_receive+0x100/0x100 [ 1263.136879] sock_sendmsg+0xdd/0x130 [ 1263.140965] ___sys_sendmsg+0x3e2/0x930 [ 1263.145306] ? copy_msghdr_from_user+0x430/0x430 [ 1263.150635] ? mark_held_locks+0x100/0x100 [ 1263.155289] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1263.160193] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1263.165458] ? lockdep_hardirqs_on+0x415/0x5d0 [ 1263.170346] ? retint_kernel+0x2d/0x2d [ 1263.174280] ? trace_hardirqs_on_caller+0x6a/0x220 [ 1263.179829] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1263.185293] ? retint_kernel+0x2d/0x2d [ 1263.189595] ? ___might_sleep+0x163/0x280 [ 1263.194171] __sys_sendmmsg+0x1bf/0x4e0 [ 1263.198434] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1263.202776] ? _copy_to_user+0xc9/0x120 [ 1263.206962] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1263.212521] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1263.218259] ? put_timespec64+0xda/0x140 [ 1263.222337] ? nsecs_to_jiffies+0x30/0x30 [ 1263.226763] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1263.231533] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1263.236791] ? do_syscall_64+0x26/0x610 [ 1263.240867] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1263.246857] ? do_syscall_64+0x26/0x610 [ 1263.250942] __x64_sys_sendmmsg+0x9d/0x100 [ 1263.255452] do_syscall_64+0x103/0x610 [ 1263.259595] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1263.265025] RIP: 0033:0x458da9 [ 1263.268260] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1263.288727] RSP: 002b:00007f10dc850c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1263.296650] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000458da9 [ 1263.304119] RDX: 00000000000005c3 RSI: 0000000020000240 RDI: 0000000000000006 [ 1263.311708] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1263.319160] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f10dc8516d4 [ 1263.326917] R13: 00000000004c5fac R14: 00000000004da760 R15: 00000000ffffffff [ 1263.334590] Modules linked in: [ 1263.345291] ---[ end trace b0f23924ae83c19f ]--- [ 1263.350941] RIP: 0010:skb_panic+0x17c/0x17e [ 1263.355447] Code: 4c 8b 4d b8 8b 8b 80 00 00 00 41 57 45 89 f0 4c 89 ea ff 75 d0 4c 89 e6 48 c7 c7 40 b9 dc 87 ff 75 c8 ff 75 c0 e8 bb 98 f2 fb <0f> 0b e8 10 11 08 fc 4c 8b 6d 08 e8 c7 5a 3e fc 48 c7 c1 80 c2 dc [ 1263.375973] RSP: 0018:ffff88808fa1eae8 EFLAGS: 00010282 [ 1263.381873] RAX: 0000000000000086 RBX: ffff8880a4aa8dc0 RCX: 0000000000000000 [ 1263.390301] RDX: 0000000000000000 RSI: ffffffff8155e196 RDI: ffffed1011f43d4f [ 1263.397911] RBP: ffff88808fa1eb50 R08: 0000000000000086 R09: ffffed1015d04fe9 [ 1263.405335] R10: ffffed1015d04fe8 R11: ffff8880ae827f47 R12: ffffffff87dcc2c0 [ 1263.413025] R13: ffffffff86160aa7 R14: 0000000000000048 R15: ffffffff87dcb900 [ 1263.420601] FS: 00007f10dc851700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 1263.429821] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1263.436059] CR2: 0000000000860b60 CR3: 00000000941cf000 CR4: 00000000001406e0 [ 1263.443685] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1263.451345] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1263.458870] Kernel panic - not syncing: Fatal exception [ 1263.466858] Kernel Offset: disabled [ 1263.471033] Rebooting in 86400 seconds..