[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 39.836019] audit: type=1800 audit(1546148622.540:25): pid=7911 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 39.857176] audit: type=1800 audit(1546148622.540:26): pid=7911 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 39.912889] audit: type=1800 audit(1546148622.550:27): pid=7911 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.66' (ECDSA) to the list of known hosts. syzkaller login: [ 52.199806] IPVS: ftp: loaded support on port[0] = 21 [ 52.259881] chnl_net:caif_netlink_parms(): no params data found [ 52.295122] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.301842] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.309133] device bridge_slave_0 entered promiscuous mode [ 52.316627] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.323137] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.330134] device bridge_slave_1 entered promiscuous mode [ 52.347787] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 52.357029] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 52.372887] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 52.380325] team0: Port device team_slave_0 added [ 52.385875] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 52.393160] team0: Port device team_slave_1 added [ 52.398401] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 52.405847] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 52.466033] device hsr_slave_0 entered promiscuous mode [ 52.533268] device hsr_slave_1 entered promiscuous mode [ 52.613494] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 52.620429] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 52.634776] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.641236] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.648229] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.654624] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.687400] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 52.693996] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.701937] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 52.710774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.731126] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.739144] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.747151] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 52.757409] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 52.763631] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.771971] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.780148] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.786570] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.803486] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.811150] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.817620] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.825469] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 52.833640] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.847640] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 52.857544] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.868557] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 52.877619] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready executing program [ 52.885287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.893463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.901025] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.911709] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 52.924789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.935866] ------------[ cut here ]------------ [ 52.940775] HSR: VLAN not yet supported [ 52.941162] WARNING: CPU: 0 PID: 8062 at net/hsr/hsr_forward.c:336 hsr_forward_skb+0x2196/0x28a0 [ 52.954037] Kernel panic - not syncing: panic_on_warn set ... [ 52.959927] CPU: 0 PID: 8062 Comm: syz-executor787 Not tainted 4.20.0+ #396 [ 52.967007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.976351] Call Trace: [ 52.978953] dump_stack+0x1d3/0x2c6 [ 52.982570] ? dump_stack_print_info.cold.1+0x20/0x20 [ 52.987754] panic+0x2ad/0x55f [ 52.990948] ? add_taint.cold.5+0x16/0x16 [ 52.995098] ? __warn.cold.8+0x5/0x52 [ 52.998885] ? __warn+0xe8/0x1d0 [ 53.002239] ? hsr_forward_skb+0x2196/0x28a0 [ 53.006654] __warn.cold.8+0x20/0x52 [ 53.010353] ? rcu_softirq_qs+0x20/0x20 [ 53.014327] ? hsr_forward_skb+0x2196/0x28a0 [ 53.018721] report_bug+0x254/0x2d0 [ 53.022338] do_error_trap+0x11b/0x200 [ 53.026213] do_invalid_op+0x36/0x40 [ 53.029913] ? hsr_forward_skb+0x2196/0x28a0 [ 53.034335] invalid_op+0x14/0x20 [ 53.037775] RIP: 0010:hsr_forward_skb+0x2196/0x28a0 [ 53.042776] Code: e7 e8 9e 2a ff ff e9 8f f3 ff ff 48 89 85 b0 fe ff ff e8 8d d5 95 f9 48 c7 c7 a0 0e fa 88 c6 05 25 bc 4a 02 01 e8 0a 1b 5f f9 <0f> 0b 48 8b 85 a8 fe ff ff 48 b9 00 00 00 00 00 fc ff df 48 89 c2 [ 53.061667] RSP: 0018:ffff8880a40feb28 EFLAGS: 00010282 [ 53.067015] RAX: 0000000000000000 RBX: ffff888092cc6d40 RCX: 0000000000000000 [ 53.074271] RDX: 0000000000000000 RSI: ffffffff81683f55 RDI: 0000000000000006 [ 53.081524] RBP: ffff8880a40fecb8 R08: ffff888097782000 R09: 0000000000000000 [ 53.088778] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 53.096032] R13: ffff888096957c80 R14: ffff888092cc6df6 R15: ffff8880a40fec90 [ 53.103320] ? vprintk_func+0x85/0x181 [ 53.107210] ? hsr_forward_skb+0x2196/0x28a0 [ 53.111600] ? rcu_read_unlock_special+0x370/0x370 [ 53.116515] ? find_held_lock+0x36/0x1c0 [ 53.120567] ? hsr_del_port+0x480/0x480 [ 53.124551] ? rcu_read_unlock+0x5e/0xa0 [ 53.128608] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 53.133640] ? hsr_netdev_notify+0x1070/0x1070 [ 53.138231] ? __lock_is_held+0xb5/0x140 [ 53.142282] hsr_dev_xmit+0x71/0xa0 [ 53.145897] dev_hard_start_xmit+0x286/0xc80 [ 53.150294] ? dev_direct_xmit+0x6a0/0x6a0 [ 53.154519] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 53.160046] ? netif_skb_features+0x681/0xb50 [ 53.164565] ? skb_flow_dissect_tunnel_info+0xd80/0xd80 [ 53.169921] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 53.175444] ? validate_xmit_xfrm+0x41c/0xef0 [ 53.179937] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.185466] ? validate_xmit_skb+0x849/0xf70 [ 53.189860] ? netif_skb_features+0xb50/0xb50 [ 53.194346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.199871] ? check_preemption_disabled+0x48/0x280 [ 53.204872] ? check_preemption_disabled+0x48/0x280 [ 53.209882] __dev_queue_xmit+0x2f62/0x3ac0 [ 53.214192] ? kasan_kmalloc+0xcb/0xd0 [ 53.218081] ? netdev_pick_tx+0x300/0x300 [ 53.222222] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.227745] ? __alloc_skb+0x4bd/0x760 [ 53.231641] ? print_usage_bug+0xc0/0xc0 [ 53.235697] ? skb_scrub_packet+0x440/0x440 [ 53.240005] ? mark_held_locks+0x130/0x130 [ 53.244240] ? find_held_lock+0x36/0x1c0 [ 53.248728] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.254253] ? refcount_add_not_zero_checked+0x21e/0x330 [ 53.259687] ? refcount_dec_if_one+0x180/0x180 [ 53.264270] ? alloc_skb_with_frags+0x508/0x7c0 [ 53.268954] ? pagevec_lru_move_fn+0x259/0x350 [ 53.273554] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 53.279026] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 53.284550] ? refcount_add_checked+0x2f/0x70 [ 53.289032] ? skb_set_owner_w+0x21d/0x320 [ 53.293260] ? sock_alloc_send_pskb+0x7bb/0xab0 [ 53.297928] ? __lru_cache_add+0x2ff/0x4e0 [ 53.302153] ? sock_wmalloc+0x1f0/0x1f0 [ 53.306121] ? dev_get_by_index+0xf0/0x1c0 [ 53.310341] ? lock_downgrade+0x900/0x900 [ 53.314483] ? check_preemption_disabled+0x48/0x280 [ 53.319486] ? kasan_check_read+0x11/0x20 [ 53.323630] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 53.328901] ? mark_held_locks+0x130/0x130 [ 53.333125] ? rcu_read_unlock_special+0x370/0x370 [ 53.338038] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.343578] ? skb_copy_datagram_from_iter+0x445/0x650 [ 53.348854] ? memcpy+0x45/0x50 [ 53.352123] dev_queue_xmit+0x17/0x20 [ 53.355909] ? dev_queue_xmit+0x17/0x20 [ 53.359887] packet_sendmsg+0x298a/0x6ad0 [ 53.364031] ? __lock_acquire+0x62f/0x4c20 [ 53.368274] ? __this_cpu_preempt_check+0x1c/0x20 [ 53.373127] ? mark_held_locks+0xe0/0x130 [ 53.377283] ? packet_getname+0x5f0/0x5f0 [ 53.381435] ? aa_profile_af_perm+0x410/0x410 [ 53.385925] ? ___might_sleep+0x1ed/0x300 [ 53.390056] ? lock_downgrade+0x900/0x900 [ 53.394203] ? finish_task_switch+0x360/0x910 [ 53.398682] ? lock_release+0xa00/0xa00 [ 53.402654] ? arch_local_save_flags+0x40/0x40 [ 53.407233] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 53.412151] ? aa_sk_perm+0x22b/0x8e0 [ 53.415936] ? import_iovec+0x178/0x2d0 [ 53.419899] ? aa_af_perm+0x5a0/0x5a0 [ 53.423699] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 53.429236] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 53.434152] ? apparmor_socket_sendmsg+0x29/0x30 [ 53.438933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.444460] ? security_socket_sendmsg+0x94/0xc0 [ 53.449201] ? packet_getname+0x5f0/0x5f0 [ 53.453348] sock_sendmsg+0xd5/0x120 [ 53.457069] ___sys_sendmsg+0x51d/0x930 [ 53.461039] ? copy_msghdr_from_user+0x580/0x580 [ 53.465789] ? _copy_to_user+0xc8/0x110 [ 53.469749] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 53.475271] ? sock_do_ioctl+0x110/0x420 [ 53.479336] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.484876] ? __fget_light+0x2e9/0x430 [ 53.488833] ? fget_raw+0x20/0x20 [ 53.492277] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 53.497453] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 53.502989] ? sockfd_lookup_light+0xc5/0x160 [ 53.507484] __sys_sendmmsg+0x246/0x6d0 [ 53.511447] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 53.515758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.521279] ? do_vfs_ioctl+0x201/0x1790 [ 53.525325] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 53.530587] ? ioctl_preallocate+0x300/0x300 [ 53.534983] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.540520] ? __fget_light+0x2e9/0x430 [ 53.544516] ? do_syscall_64+0x9a/0x820 [ 53.548491] ? do_syscall_64+0x9a/0x820 [ 53.552466] ? lockdep_hardirqs_on+0x421/0x5c0 [ 53.557034] ? trace_hardirqs_on+0xbd/0x310 [ 53.561341] ? security_file_ioctl+0x94/0xc0 [ 53.565736] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.571101] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 53.576539] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 53.582068] __x64_sys_sendmmsg+0x9d/0x100 [ 53.586299] do_syscall_64+0x1b9/0x820 [ 53.590181] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 53.595529] ? syscall_return_slowpath+0x5e0/0x5e0 [ 53.600445] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.605284] ? trace_hardirqs_on_caller+0x310/0x310 [ 53.610283] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 53.615286] ? prepare_exit_to_usermode+0x291/0x3b0 [ 53.620290] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 53.625130] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 53.630389] RIP: 0033:0x4418a9 [ 53.633566] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 53.652460] RSP: 002b:00007ffea7dc8218 EFLAGS: 00000213 ORIG_RAX: 0000000000000133 [ 53.660153] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00000000004418a9 [ 53.667420] RDX: 0000000000000300 RSI: 0000000020008a80 RDI: 0000000000000003 [ 53.674682] RBP: 0000000000000003 R08: 0000000001bbbbbb R09: 0000000001bbbbbb [ 53.681936] R10: 0000000000000000 R11: 0000000000000213 R12: 00007ffea7dc8260 [ 53.689201] R13: 00007ffea7dc8250 R14: 0000000000000000 R15: 0000000000000000 [ 53.697548] Kernel Offset: disabled [ 53.701219] Rebooting in 86400 seconds..