[ 40.436237] audit: type=1800 audit(1561785670.947:30): pid=7577 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 46.040980] kauditd_printk_skb: 4 callbacks suppressed [ 46.040995] audit: type=1400 audit(1561785676.597:35): avc: denied { map } for pid=7750 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.10.26' (ECDSA) to the list of known hosts. [ 52.630989] audit: type=1400 audit(1561785683.187:36): avc: denied { map } for pid=7762 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/06/29 05:21:24 parsed 1 programs [ 53.449110] audit: type=1400 audit(1561785684.007:37): avc: denied { map } for pid=7762 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=107 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2019/06/29 05:21:25 executed programs: 0 [ 55.237915] IPVS: ftp: loaded support on port[0] = 21 [ 55.300104] chnl_net:caif_netlink_parms(): no params data found [ 55.331697] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.338320] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.345406] device bridge_slave_0 entered promiscuous mode [ 55.353577] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.359951] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.367063] device bridge_slave_1 entered promiscuous mode [ 55.382112] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 55.391400] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 55.407854] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 55.415447] team0: Port device team_slave_0 added [ 55.420840] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 55.428207] team0: Port device team_slave_1 added [ 55.433352] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 55.440763] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 55.505601] device hsr_slave_0 entered promiscuous mode [ 55.543995] device hsr_slave_1 entered promiscuous mode [ 55.604210] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 55.611088] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 55.624929] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.631331] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.638459] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.644849] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.676883] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 55.683005] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.691286] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 55.699857] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 55.719832] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.727036] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.735783] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 55.745879] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 55.751941] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.761545] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 55.769333] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.775932] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.785904] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 55.793841] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.800166] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.815730] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.823328] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.831716] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 55.841187] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 55.851921] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 55.861164] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 55.868028] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 55.880228] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 55.890406] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.900189] audit: type=1400 audit(1561785686.457:38): avc: denied { associate } for pid=7778 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 55.975043] ------------[ cut here ]------------ [ 55.979894] hsr_addr_subst_dest: Unknown node [ 55.984952] WARNING: CPU: 1 PID: 7786 at net/hsr/hsr_framereg.c:313 hsr_addr_subst_dest+0x382/0x460 [ 55.994136] Kernel panic - not syncing: panic_on_warn set ... [ 55.994136] [ 56.007021] CPU: 1 PID: 7786 Comm: syz-executor.0 Not tainted 4.19.56 #28 [ 56.013934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.023275] Call Trace: [ 56.025852] dump_stack+0x172/0x1f0 [ 56.029493] panic+0x263/0x507 [ 56.032671] ? __warn_printk+0xf3/0xf3 [ 56.036548] ? hsr_addr_subst_dest+0x382/0x460 [ 56.041121] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.046650] ? __warn.cold+0x5/0x4a [ 56.050264] ? __warn+0xe8/0x1d0 [ 56.053633] ? hsr_addr_subst_dest+0x382/0x460 [ 56.058212] __warn.cold+0x20/0x4a [ 56.061738] ? hsr_addr_subst_dest+0x382/0x460 [ 56.066306] report_bug+0x263/0x2b0 [ 56.069926] do_error_trap+0x204/0x360 [ 56.073832] ? math_error+0x340/0x340 [ 56.077632] ? vprintk_emit+0x1ab/0x690 [ 56.081593] ? error_entry+0x76/0xd0 [ 56.085298] ? trace_hardirqs_off_caller+0x65/0x220 [ 56.090335] ? vprintk_default+0x28/0x30 [ 56.094385] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 56.099214] do_invalid_op+0x1b/0x20 [ 56.102915] invalid_op+0x14/0x20 [ 56.106364] RIP: 0010:hsr_addr_subst_dest+0x382/0x460 [ 56.111545] Code: 89 de e8 31 c7 84 fa 84 db 75 d3 e8 e8 c5 84 fa 48 c7 c6 80 bb fa 87 48 c7 c7 40 bb fa 87 c6 05 1f de 4f 02 01 e8 1c 9f 58 fa <0f> 0b eb b0 e8 c5 c5 84 fa 0f b6 1d 0b de 4f 02 31 ff 89 de e8 f5 [ 56.130433] RSP: 0018:ffff8880809274b0 EFLAGS: 00010286 [ 56.135791] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 56.143051] RDX: 0000000000000000 RSI: ffffffff8155b1c6 RDI: ffffed1010124e88 [ 56.150309] RBP: ffff8880809274f0 R08: ffff888095348080 R09: ffffed1015d24fe9 [ 56.157588] R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: ffff88808126d120 [ 56.164847] R13: 0000000000000000 R14: 0000000047eef7b7 R15: 0000000000005e6f [ 56.172117] ? vprintk_func+0x86/0x189 [ 56.176005] hsr_forward_skb+0x1276/0x1c10 [ 56.180247] hsr_dev_xmit+0x72/0xa0 [ 56.183871] dev_hard_start_xmit+0x1a5/0x980 [ 56.188281] ? check_preemption_disabled+0x48/0x290 [ 56.193297] __dev_queue_xmit+0x2705/0x3010 [ 56.197610] ? netdev_pick_tx+0x300/0x300 [ 56.201743] ? __sanitizer_cov_trace_pc+0x50/0x50 [ 56.206573] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 56.212108] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 56.217636] ? __check_object_size+0x3d/0x42f [ 56.222135] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.227658] ? skb_copy_datagram_from_iter+0x441/0x670 [ 56.232925] dev_queue_xmit+0x18/0x20 [ 56.236727] ? dev_queue_xmit+0x18/0x20 [ 56.240692] packet_sendmsg+0x3b43/0x6300 [ 56.244829] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 56.249832] ? rw_copy_check_uvector+0x2a6/0x330 [ 56.254588] ? packet_notifier+0x840/0x840 [ 56.258833] ? selinux_socket_sendmsg+0x36/0x40 [ 56.263497] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 56.269036] ? security_socket_sendmsg+0x8d/0xc0 [ 56.273777] ? packet_notifier+0x840/0x840 [ 56.278007] sock_sendmsg+0xd7/0x130 [ 56.281722] ___sys_sendmsg+0x3e2/0x920 [ 56.285683] ? copy_msghdr_from_user+0x430/0x430 [ 56.290433] ? lock_downgrade+0x810/0x810 [ 56.294588] ? kasan_check_read+0x11/0x20 [ 56.298742] ? __fget+0x367/0x540 [ 56.302183] ? iterate_fd+0x360/0x360 [ 56.305975] ? mark_held_locks+0x100/0x100 [ 56.310198] ? __fget_light+0x1a9/0x230 [ 56.314159] ? __fdget+0x1b/0x20 [ 56.317512] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 56.323031] ? sockfd_lookup_light+0xcb/0x180 [ 56.327526] __sys_sendmmsg+0x1bf/0x4e0 [ 56.331503] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 56.335818] ? _copy_to_user+0xc9/0x120 [ 56.339778] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 56.345322] ? put_timespec64+0xda/0x140 [ 56.349386] ? nsecs_to_jiffies+0x30/0x30 [ 56.353541] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 56.358297] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 56.363049] ? do_syscall_64+0x26/0x620 [ 56.367014] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.372361] ? do_syscall_64+0x26/0x620 [ 56.376330] __x64_sys_sendmmsg+0x9d/0x100 [ 56.380552] do_syscall_64+0xfd/0x620 [ 56.384344] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 56.389515] RIP: 0033:0x459519 [ 56.392696] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 56.411759] RSP: 002b:00007f4edda55c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 56.419458] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459519 [ 56.426724] RDX: 0000000000000001 RSI: 0000000020004e80 RDI: 0000000000000003 [ 56.433976] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 56.441228] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4edda566d4 [ 56.448482] R13: 00000000004c6af9 R14: 00000000004dbd80 R15: 00000000ffffffff [ 56.456900] Kernel Offset: disabled [ 56.460573] Rebooting in 86400 seconds..