[ 42.733250] audit: type=1800 audit(1546841467.410:30): pid=7973 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 48.028904] kauditd_printk_skb: 4 callbacks suppressed [ 48.028918] audit: type=1400 audit(1546841472.740:35): avc: denied { map } for pid=8147 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.221' (ECDSA) to the list of known hosts. [ 56.311676] audit: type=1400 audit(1546841481.020:36): avc: denied { map } for pid=8159 comm="syz-executor472" path="/root/syz-executor472107590" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 56.332826] IPVS: ftp: loaded support on port[0] = 21 [ 56.391211] chnl_net:caif_netlink_parms(): no params data found [ 56.421819] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.428757] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.435939] device bridge_slave_0 entered promiscuous mode [ 56.443228] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.449788] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.456933] device bridge_slave_1 entered promiscuous mode [ 56.471921] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 56.481251] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 56.498253] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 56.505764] team0: Port device team_slave_0 added [ 56.511125] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 56.518487] team0: Port device team_slave_1 added [ 56.523782] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 56.530987] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 56.585592] device hsr_slave_0 entered promiscuous mode [ 56.623767] device hsr_slave_1 entered promiscuous mode [ 56.663974] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 56.670912] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 56.685648] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.692066] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.698850] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.705214] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.736498] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 56.742587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.754395] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 56.764954] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 56.771042] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.777955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 56.786392] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.794422] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.801549] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 56.814391] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 56.822086] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.828482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 56.835358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 56.843038] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.849431] bridge0: port 2(bridge_slave_1) entered forwarding state [ 56.863713] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 56.871267] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 56.880947] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 56.893266] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 56.903686] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 56.914628] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 56.920633] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready executing program [ 56.933477] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 56.943865] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.956681] ------------[ cut here ]------------ [ 56.961449] kernel BUG at net/core/skbuff.c:1459! [ 56.966730] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 56.972093] CPU: 1 PID: 8166 Comm: syz-executor472 Not tainted 4.20.0+ #13 [ 56.979090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.988445] RIP: 0010:pskb_expand_head+0xbb0/0x1080 [ 56.993511] Code: 8b b5 e0 fe ff ff 48 85 f6 0f 84 4d fe ff ff e8 a6 ca 68 fb 4d 8d 74 24 ff e9 3e fe ff ff e8 97 ca 68 fb 0f 0b e8 90 ca 68 fb <0f> 0b e8 89 ca 68 fb 81 8d 10 ff ff ff 00 20 00 00 e9 0f f6 ff ff [ 57.012413] RSP: 0018:ffff888085caf5e0 EFLAGS: 00010293 [ 57.017825] RAX: ffff88809b960540 RBX: ffff8880a4352000 RCX: ffffffff86192268 [ 57.025098] RDX: 0000000000000000 RSI: ffffffff86192ca0 RDI: 0000000000000005 [ 57.032353] RBP: ffff888085caf720 R08: ffff88809b960540 R09: ffffed101486a41b [ 57.039614] R10: ffffed101486a41a R11: ffff8880a43520d7 R12: ffff8880a43520bc [ 57.046871] R13: 000000000000003f R14: dffffc0000000000 R15: 0000000000000000 [ 57.054136] FS: 00007fd1f5ff1700(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 [ 57.062356] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.068225] CR2: 00007fd1f5ff0e78 CR3: 00000000a09a2000 CR4: 00000000001406e0 [ 57.075485] Call Trace: [ 57.078074] ? lock_acquire+0x1db/0x570 [ 57.082152] ? lock_downgrade+0x910/0x910 [ 57.086412] ? skb_release_data+0x970/0x970 [ 57.090723] ? lockdep_hardirqs_on+0x415/0x5d0 [ 57.095297] __pskb_pull_tail+0x13a/0x1740 [ 57.099522] ? _copy_to_iter+0x3a1/0x1400 [ 57.103663] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 57.108762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.114410] ? __skb_try_recv_datagram+0x448/0x5b0 [ 57.114420] syz-executor472 (8160) used greatest stack depth: 18520 bytes left [ 57.126688] ? pskb_carve+0x1e20/0x1e20 [ 57.130768] ? __check_object_size+0xa3/0x77a [ 57.135318] ? iov_iter_copy_from_user_atomic+0xff0/0xff0 [ 57.140851] ? usercopy_warn+0x110/0x110 [ 57.144987] ? ___might_sleep+0x1e7/0x310 [ 57.149126] ? lock_downgrade+0x910/0x910 [ 57.153265] ? arch_local_save_flags+0x50/0x50 [ 57.157837] ip6_datagram_recv_specific_ctl+0x1751/0x1bd0 [ 57.163368] ? ip6_datagram_recv_common_ctl+0x5e0/0x5e0 [ 57.168719] ? skb_kill_datagram+0x130/0x130 [ 57.173120] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 57.178647] ? ip6_datagram_recv_common_ctl+0x37b/0x5e0 [ 57.184190] ? skb_copy_datagram_iter+0x10d/0x490 [ 57.189041] ? ipv6_recv_rxpmtu+0x920/0x920 [ 57.193355] ? skb_copy_and_hash_datagram_iter+0x50/0x50 [ 57.198801] ip6_datagram_recv_ctl+0x34/0x40 [ 57.203285] rawv6_recvmsg+0xc43/0xe90 [ 57.207169] ? rawv6_rcv_skb+0x470/0x470 [ 57.211226] sock_common_recvmsg+0x13f/0x2b0 [ 57.215627] ? compat_sock_common_getsockopt+0x150/0x150 [ 57.221081] ? selinux_socket_recvmsg+0x36/0x40 [ 57.225736] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 57.231265] ? security_socket_recvmsg+0x9b/0xd0 [ 57.236011] ? compat_sock_common_getsockopt+0x150/0x150 [ 57.241454] sock_recvmsg+0xd0/0x110 [ 57.245158] __sys_recvfrom+0x30b/0x5d0 [ 57.249166] ? __ia32_sys_send+0x100/0x100 [ 57.253408] ? __sys_sendmsg+0x1a3/0x270 [ 57.257465] ? do_syscall_64+0x8c/0x800 [ 57.261429] ? do_syscall_64+0x8c/0x800 [ 57.265392] ? lockdep_hardirqs_on+0x415/0x5d0 [ 57.269964] ? trace_hardirqs_on+0xbd/0x310 [ 57.274280] ? do_futex+0x2910/0x2910 [ 57.278141] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.283581] ? trace_hardirqs_off_caller+0x300/0x300 [ 57.288684] __x64_sys_recvfrom+0xe1/0x1a0 [ 57.292911] do_syscall_64+0x1a3/0x800 [ 57.296790] ? syscall_return_slowpath+0x5f0/0x5f0 [ 57.301716] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 57.306721] ? __switch_to_asm+0x34/0x70 [ 57.310773] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 57.315614] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 57.320792] RIP: 0033:0x446f49 [ 57.323979] Code: e8 0c 13 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 57.342867] RSP: 002b:00007fd1f5ff0da8 EFLAGS: 00000216 ORIG_RAX: 000000000000002d [ 57.350576] RAX: ffffffffffffffda RBX: 00000000006dcc38 RCX: 0000000000446f49 [ 57.357835] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 57.365091] RBP: 00000000006dcc30 R08: 0000000000000000 R09: 0000000000000000 [ 57.372348] R10: 0000000000000002 R11: 0000000000000216 R12: 00000000006dcc3c [ 57.379949] R13: 00007ffebd676d1f R14: 00007fd1f5ff19c0 R15: 0000000000000001 [ 57.387212] Modules linked in: [ 57.391541] ---[ end trace 5a2ad7d6617f720c ]--- [ 57.396511] RIP: 0010:pskb_expand_head+0xbb0/0x1080 [ 57.402477] Code: 8b b5 e0 fe ff ff 48 85 f6 0f 84 4d fe ff ff e8 a6 ca 68 fb 4d 8d 74 24 ff e9 3e fe ff ff e8 97 ca 68 fb 0f 0b e8 90 ca 68 fb <0f> 0b e8 89 ca 68 fb 81 8d 10 ff ff ff 00 20 00 00 e9 0f f6 ff ff [ 57.421922] RSP: 0018:ffff888085caf5e0 EFLAGS: 00010293 [ 57.427539] RAX: ffff88809b960540 RBX: ffff8880a4352000 RCX: ffffffff86192268 [ 57.435820] RDX: 0000000000000000 RSI: ffffffff86192ca0 RDI: 0000000000000005 [ 57.443160] RBP: ffff888085caf720 R08: ffff88809b960540 R09: ffffed101486a41b [ 57.450536] R10: ffffed101486a41a R11: ffff8880a43520d7 R12: ffff8880a43520bc [ 57.458113] R13: 000000000000003f R14: dffffc0000000000 R15: 0000000000000000 [ 57.465623] FS: 00007fd1f5ff1700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 57.474003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.480063] CR2: 0000000020000300 CR3: 00000000a09a2000 CR4: 00000000001406f0 [ 57.487494] Kernel panic - not syncing: Fatal exception [ 57.493860] Kernel Offset: disabled [ 57.497493] Rebooting in 86400 seconds..