[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   41.402176] audit: type=1800 audit(1546153094.934:25): pid=7940 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   41.437641] audit: type=1800 audit(1546153094.934:26): pid=7940 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   41.472286] audit: type=1800 audit(1546153094.944:27): pid=7940 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.29' (ECDSA) to the list of known hosts.
syzkaller login: [   63.925837] IPVS: ftp: loaded support on port[0] = 21
[   63.985765] chnl_net:caif_netlink_parms(): no params data found
[   64.019522] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.026179] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.033500] device bridge_slave_0 entered promiscuous mode
[   64.041136] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.047498] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.054664] device bridge_slave_1 entered promiscuous mode
[   64.072052] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   64.080991] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   64.097920] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   64.105637] team0: Port device team_slave_0 added
[   64.111050] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   64.118159] team0: Port device team_slave_1 added
[   64.123621] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   64.130910] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   64.181791] device hsr_slave_0 entered promiscuous mode
[   64.249260] device hsr_slave_1 entered promiscuous mode
[   64.309544] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   64.316491] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   64.331204] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.337612] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.344678] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.351063] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.384716] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   64.391126] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.398889] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   64.407592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   64.427842] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.435538] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.443456] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   64.453926] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   64.460736] 8021q: adding VLAN 0 to HW filter on device team0
[   64.469125] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   64.476755] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.483146] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.493351] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   64.501635] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.507955] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.528458] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   64.538486] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   64.550357] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   64.558166] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   64.566315] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   64.573989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
executing program
[   64.581607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   64.589114] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   64.596012] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   64.609861] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   64.620054] 8021q: adding VLAN 0 to HW filter on device batadv0
[   64.631069] ------------[ cut here ]------------
[   64.635887] HSR: VLAN not yet supported
[   64.636259] WARNING: CPU: 0 PID: 8093 at net/hsr/hsr_forward.c:336 hsr_forward_skb+0x2196/0x28a0
[   64.649116] Kernel panic - not syncing: panic_on_warn set ...
[   64.654984] CPU: 0 PID: 8093 Comm: syz-executor088 Not tainted 4.20.0-rc7-next-20181224 #190
[   64.663538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   64.672879] Call Trace:
[   64.675458]  dump_stack+0x1d3/0x2c6
[   64.679079]  ? dump_stack_print_info.cold.1+0x20/0x20
[   64.684260]  panic+0x2ad/0x632
[   64.687484]  ? add_taint.cold.5+0x16/0x16
[   64.691627]  ? __warn.cold.8+0x5/0x4f
[   64.695407]  ? __warn+0xe8/0x1d0
[   64.698755]  ? hsr_forward_skb+0x2196/0x28a0
[   64.703145]  __warn.cold.8+0x20/0x4f
[   64.706840]  ? rcu_softirq_qs+0x20/0x20
[   64.710799]  ? hsr_forward_skb+0x2196/0x28a0
[   64.715191]  report_bug+0x254/0x2d0
[   64.718805]  do_error_trap+0x11b/0x200
[   64.722676]  do_invalid_op+0x36/0x40
[   64.726374]  ? hsr_forward_skb+0x2196/0x28a0
[   64.730766]  invalid_op+0x14/0x20
[   64.734205] RIP: 0010:hsr_forward_skb+0x2196/0x28a0
[   64.739208] Code: e7 e8 9e 2a ff ff e9 8f f3 ff ff 48 89 85 b0 fe ff ff e8 ed 4a 93 f9 48 c7 c7 60 7c fa 88 c6 05 cc aa 48 02 01 e8 6a 81 5c f9 <0f> 0b 48 8b 85 a8 fe ff ff 48 b9 00 00 00 00 00 fc ff df 48 89 c2
[   64.758354] RSP: 0018:ffff888091386b28 EFLAGS: 00010282
[   64.763711] RAX: 0000000000000000 RBX: ffff8880a9013dc0 RCX: 0000000000000000
[   64.770967] RDX: 0000000000000000 RSI: ffffffff81683f45 RDI: 0000000000000006
[   64.778384] RBP: ffff888091386cb8 R08: ffff8880872d6240 R09: 0000000000000000
[   64.785637] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   64.792886] R13: ffff8880a54c4980 R14: ffff8880a9013e76 R15: ffff888091386c90
[   64.800149]  ? vprintk_func+0x85/0x181
[   64.804022]  ? hsr_forward_skb+0x2196/0x28a0
[   64.808415]  ? rcu_read_unlock_special+0x370/0x370
[   64.813327]  ? find_held_lock+0x36/0x1c0
[   64.817372]  ? hsr_del_port+0x480/0x480
[   64.821326]  ? rcu_read_unlock+0x5e/0xa0
[   64.825368]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   64.830477]  ? hsr_netdev_notify+0x1070/0x1070
[   64.835047]  ? __lock_is_held+0xb5/0x140
[   64.839110]  hsr_dev_xmit+0x71/0xa0
[   64.842723]  dev_hard_start_xmit+0x286/0xc80
[   64.847116]  ? dev_direct_xmit+0x6a0/0x6a0
[   64.851337]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   64.856959]  ? netif_skb_features+0x681/0xb50
[   64.861443]  ? skb_flow_dissect_tunnel_info+0xd80/0xd80
[   64.866790]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   64.872311]  ? validate_xmit_xfrm+0x41c/0xef0
[   64.876791]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   64.882427]  ? validate_xmit_skb+0x849/0xf70
[   64.886822]  ? netif_skb_features+0xb50/0xb50
[   64.891399]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   64.896924]  ? check_preemption_disabled+0x48/0x280
[   64.901925]  ? check_preemption_disabled+0x48/0x280
[   64.907056]  __dev_queue_xmit+0x2efb/0x3940
[   64.911363]  ? kasan_kmalloc+0xcb/0xd0
[   64.915236]  ? netdev_pick_tx+0x300/0x300
[   64.919366]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   64.924885]  ? __alloc_skb+0x4bd/0x760
[   64.928750]  ? print_usage_bug+0xc0/0xc0
[   64.932795]  ? skb_trim+0x170/0x170
[   64.936405]  ? mark_held_locks+0x130/0x130
[   64.940621]  ? find_held_lock+0x36/0x1c0
[   64.944673]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   64.950193]  ? refcount_add_not_zero_checked+0x21e/0x330
[   64.955625]  ? refcount_inc_checked+0x70/0x70
[   64.960104]  ? alloc_skb_with_frags+0x508/0x7c0
[   64.964755]  ? pagevec_lru_move_fn+0x259/0x350
[   64.969322]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   64.974821]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   64.980476]  ? refcount_add_checked+0x2f/0x70
[   64.984953]  ? skb_set_owner_w+0x21d/0x320
[   64.989171]  ? sock_alloc_send_pskb+0x7bb/0xab0
[   64.993825]  ? __lru_cache_add+0x2ff/0x4e0
[   64.998045]  ? sock_wmalloc+0x1f0/0x1f0
[   65.002006]  ? dev_get_by_index+0xf0/0x1c0
[   65.006229]  ? lock_downgrade+0x900/0x900
[   65.010366]  ? check_preemption_disabled+0x48/0x280
[   65.015368]  ? kasan_check_read+0x11/0x20
[   65.019504]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   65.025049]  ? mark_held_locks+0x130/0x130
[   65.029269]  ? rcu_read_unlock_special+0x370/0x370
[   65.034181]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.039701]  ? skb_copy_datagram_from_iter+0x445/0x650
[   65.044989]  ? memcpy+0x45/0x50
[   65.048258]  dev_queue_xmit+0x17/0x20
[   65.052042]  ? dev_queue_xmit+0x17/0x20
[   65.056001]  packet_sendmsg+0x298a/0x6ad0
[   65.060134]  ? __lock_acquire+0x62f/0x4c20
[   65.064355]  ? __this_cpu_preempt_check+0x1c/0x20
[   65.069188]  ? mark_held_locks+0x40/0x130
[   65.073322]  ? packet_getname+0x5f0/0x5f0
[   65.077454]  ? aa_profile_af_perm+0x410/0x410
[   65.081935]  ? gss_verify_header.isra.18+0x1b0/0x810
[   65.087026]  ? ___might_sleep+0x1ed/0x300
[   65.091156]  ? lock_downgrade+0x900/0x900
[   65.095283]  ? cpu_cfs_stat_show+0x30/0x2a0
[   65.099592]  ? lock_release+0xa00/0xa00
[   65.103629]  ? arch_local_save_flags+0x40/0x40
[   65.108211]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   65.113127]  ? aa_sk_perm+0x22b/0x8e0
[   65.116909]  ? import_iovec+0x178/0x2d0
[   65.120871]  ? aa_af_perm+0x5a0/0x5a0
[   65.124654]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   65.130178]  ? aa_sock_msg_perm.isra.14+0xba/0x160
[   65.135091]  ? apparmor_socket_sendmsg+0x29/0x30
[   65.139831]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.145494]  ? security_socket_sendmsg+0x94/0xc0
[   65.150236]  ? packet_getname+0x5f0/0x5f0
[   65.154371]  sock_sendmsg+0xd5/0x120
[   65.158066]  ___sys_sendmsg+0x51d/0x930
[   65.162031]  ? copy_msghdr_from_user+0x580/0x580
[   65.166769]  ? _copy_to_user+0xc8/0x110
[   65.170727]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   65.176244]  ? sock_do_ioctl+0x110/0x420
[   65.180291]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.185809]  ? __fget_light+0x2e9/0x430
[   65.189768]  ? fget_raw+0x20/0x20
[   65.193209]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   65.198381]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   65.203907]  ? sockfd_lookup_light+0xc5/0x160
[   65.208389]  __sys_sendmmsg+0x246/0x6d0
[   65.212350]  ? __ia32_sys_sendmsg+0xb0/0xb0
[   65.216655]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.222177]  ? do_vfs_ioctl+0x201/0x1790
[   65.226220]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   65.231488]  ? ioctl_preallocate+0x300/0x300
[   65.235880]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.241399]  ? __fget_light+0x2e9/0x430
[   65.245366]  ? do_syscall_64+0x9a/0x820
[   65.249325]  ? do_syscall_64+0x9a/0x820
[   65.253280]  ? lockdep_hardirqs_on+0x421/0x5c0
[   65.257847]  ? trace_hardirqs_on+0xbd/0x310
[   65.262149]  ? security_file_ioctl+0x94/0xc0
[   65.266539]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   65.271893]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   65.277325]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.282848]  __x64_sys_sendmmsg+0x9d/0x100
[   65.287068]  do_syscall_64+0x1b9/0x820
[   65.290939]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   65.296288]  ? syscall_return_slowpath+0x5e0/0x5e0
[   65.301206]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   65.306029]  ? trace_hardirqs_on_caller+0x310/0x310
[   65.311028]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   65.316026]  ? prepare_exit_to_usermode+0x291/0x3b0
[   65.321029]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   65.325857]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   65.331027] RIP: 0033:0x4418a9
[   65.334204] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   65.353145] RSP: 002b:00007ffcc5be3128 EFLAGS: 00000213 ORIG_RAX: 0000000000000133
[   65.360837] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00000000004418a9
[   65.368085] RDX: 0000000000000300 RSI: 0000000020008a80 RDI: 0000000000000003
[   65.375333] RBP: 0000000000000003 R08: 0000000001bbbbbb R09: 0000000001bbbbbb
[   65.382698] R10: 0000000000000000 R11: 0000000000000213 R12: 00007ffcc5be3170
[   65.389950] R13: 00007ffcc5be3160 R14: 0000000000000000 R15: 0000000000000000
[   65.398236] Kernel Offset: disabled
[   65.401903] Rebooting in 86400 seconds..