[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.337697] audit: type=1800 audit(1546181709.242:25): pid=7657 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 36.375518] audit: type=1800 audit(1546181709.242:26): pid=7657 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 36.402232] audit: type=1800 audit(1546181709.242:27): pid=7657 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 41.753260] bash (7796) used greatest stack depth: 15720 bytes left Warning: Permanently added '10.128.0.9' (ECDSA) to the list of known hosts. [ 48.359212] IPVS: ftp: loaded support on port[0] = 21 [ 48.416779] chnl_net:caif_netlink_parms(): no params data found [ 48.448776] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.455789] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.463269] device bridge_slave_0 entered promiscuous mode [ 48.470271] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.476767] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.483755] device bridge_slave_1 entered promiscuous mode [ 48.500194] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 48.509425] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 48.525268] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 48.532615] team0: Port device team_slave_0 added [ 48.537905] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 48.545108] team0: Port device team_slave_1 added [ 48.550268] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 48.557507] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 48.633420] device hsr_slave_0 entered promiscuous mode [ 48.701642] device hsr_slave_1 entered promiscuous mode [ 48.752255] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 48.759325] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 48.774092] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.780504] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.787480] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.793884] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.821990] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 48.828405] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.837382] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 48.846362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 48.855365] bridge0: port 1(bridge_slave_0) entered disabled state [ 48.862898] bridge0: port 2(bridge_slave_1) entered disabled state [ 48.870105] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 48.880239] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 48.886518] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.895033] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.903075] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.909406] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.930750] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 48.941339] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 48.952291] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 48.960034] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.968211] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.974828] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.982397] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 48.990235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 48.997888] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 49.005529] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 49.013121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 49.020068] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready executing program [ 49.031393] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 49.040379] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 49.053933] ------------[ cut here ]------------ [ 49.058794] hsr_addr_subst_dest: Unknown node [ 49.063700] WARNING: CPU: 1 PID: 7814 at net/hsr/hsr_framereg.c:301 hsr_addr_subst_dest+0x6c7/0x850 [ 49.073051] Kernel panic - not syncing: panic_on_warn set ... [ 49.078920] CPU: 1 PID: 7814 Comm: syz-executor962 Not tainted 4.20.0+ #396 [ 49.086145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 49.095614] Call Trace: [ 49.098463] dump_stack+0x1d3/0x2c6 [ 49.102190] ? dump_stack_print_info.cold.1+0x20/0x20 [ 49.107617] panic+0x2ad/0x55f [ 49.110974] ? add_taint.cold.5+0x16/0x16 [ 49.115150] ? __warn.cold.8+0x5/0x52 [ 49.118936] ? __warn+0xe8/0x1d0 [ 49.122312] ? hsr_addr_subst_dest+0x6c7/0x850 [ 49.126892] __warn.cold.8+0x20/0x52 [ 49.130591] ? rcu_softirq_qs+0x20/0x20 [ 49.134578] ? hsr_addr_subst_dest+0x6c7/0x850 [ 49.139409] report_bug+0x254/0x2d0 [ 49.143059] do_error_trap+0x11b/0x200 [ 49.146954] do_invalid_op+0x36/0x40 [ 49.150915] ? hsr_addr_subst_dest+0x6c7/0x850 [ 49.155490] invalid_op+0x14/0x20 [ 49.158945] RIP: 0010:hsr_addr_subst_dest+0x6c7/0x850 [ 49.164125] Code: bf dc 5f f9 0f 0b e9 ad fd ff ff e8 23 97 96 f9 48 c7 c6 20 fc f9 88 48 c7 c7 e0 fb f9 88 c6 05 ac 7d 4b 02 01 e8 99 dc 5f f9 <0f> 0b e9 87 fd ff ff 48 89 cf e8 2a 7b da f9 e9 e7 f9 ff ff 48 89 [ 49.183171] RSP: 0018:ffff8880a0e9ec60 EFLAGS: 00010282 [ 49.188521] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 49.196202] RDX: 0000000000000000 RSI: ffffffff81683f55 RDI: 0000000000000005 [ 49.203463] RBP: ffff8880a0e9ed78 R08: ffff888090ed6580 R09: 0000000000000000 [ 49.210873] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 49.218142] R13: ffff888086d356a0 R14: ffffed10141d3da2 R15: ffff888086d356a0 [ 49.225576] ? vprintk_func+0x85/0x181 [ 49.229646] ? hsr_addr_subst_source+0x110/0x110 [ 49.234416] ? hsr_forward_skb+0x85f/0x28a0 [ 49.238813] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 49.244267] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 49.249908] hsr_forward_skb+0x1e68/0x28a0 [ 49.254338] ? hsr_del_port+0x480/0x480 [ 49.258305] ? __skb_flow_dissect+0xe2b/0x5c30 [ 49.262878] ? hsr_netdev_notify+0x1070/0x1070 [ 49.267466] hsr_dev_xmit+0x71/0xa0 [ 49.271087] dev_hard_start_xmit+0x286/0xc80 [ 49.275490] ? dev_direct_xmit+0x6a0/0x6a0 [ 49.279863] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 49.285393] ? netif_skb_features+0x681/0xb50 [ 49.289872] ? skb_flow_dissect_tunnel_info+0xd80/0xd80 [ 49.295224] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 49.300771] ? validate_xmit_xfrm+0x41c/0xef0 [ 49.305391] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.310925] ? validate_xmit_skb+0x849/0xf70 [ 49.315486] ? netif_skb_features+0xb50/0xb50 [ 49.319970] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.325615] ? check_preemption_disabled+0x48/0x280 [ 49.330637] ? check_preemption_disabled+0x48/0x280 [ 49.335780] __dev_queue_xmit+0x2f62/0x3ac0 [ 49.340092] ? kasan_kmalloc+0xcb/0xd0 [ 49.343967] ? netdev_pick_tx+0x300/0x300 [ 49.348098] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.354219] ? __alloc_skb+0x4bd/0x760 [ 49.358097] ? skb_scrub_packet+0x440/0x440 [ 49.362405] ? __pagevec_lru_add+0x30/0x30 [ 49.366626] ? graph_lock+0x270/0x270 [ 49.370408] ? __mem_cgroup_threshold+0x261/0x7b0 [ 49.375534] ? lock_downgrade+0x900/0x900 [ 49.379812] ? check_preemption_disabled+0x48/0x280 [ 49.384832] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.390363] ? refcount_add_not_zero_checked+0x21e/0x330 [ 49.395858] ? find_held_lock+0x36/0x1c0 [ 49.399932] ? __might_fault+0x12b/0x1e0 [ 49.403979] ? lock_downgrade+0x900/0x900 [ 49.408139] ? lock_release+0xa00/0xa00 [ 49.412103] ? arch_local_save_flags+0x40/0x40 [ 49.416674] ? skb_set_owner_w+0x21d/0x320 [ 49.420900] ? kasan_check_write+0x14/0x20 [ 49.425125] ? copyin+0xb7/0x100 [ 49.428475] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 49.433480] ? _copy_from_iter+0x389/0xf70 [ 49.437903] ? usercopy_warn+0x110/0x110 [ 49.441959] ? _copy_from_iter_nocache+0xf40/0xf40 [ 49.446887] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.452418] ? skb_copy_datagram_from_iter+0x445/0x650 [ 49.457686] dev_queue_xmit+0x17/0x20 [ 49.461711] ? dev_queue_xmit+0x17/0x20 [ 49.465679] packet_sendmsg+0x298a/0x6ad0 [ 49.469816] ? mark_held_locks+0x130/0x130 [ 49.474316] ? graph_lock+0x270/0x270 [ 49.478116] ? packet_getname+0x5f0/0x5f0 [ 49.482251] ? aa_profile_af_perm+0x410/0x410 [ 49.486735] ? ___might_sleep+0x1ed/0x300 [ 49.490881] ? finish_task_switch+0x360/0x910 [ 49.495367] ? __local_bh_enable_ip+0x160/0x260 [ 49.500031] ? __local_bh_enable_ip+0x160/0x260 [ 49.504691] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 49.509843] ? aa_sk_perm+0x22b/0x8e0 [ 49.513627] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.519148] ? __fget_light+0x2e9/0x430 [ 49.523102] ? aa_af_perm+0x5a0/0x5a0 [ 49.526882] ? __local_bh_enable_ip+0x160/0x260 [ 49.531532] ? _raw_spin_unlock_bh+0x30/0x40 [ 49.536092] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 49.541209] ? apparmor_socket_sendmsg+0x29/0x30 [ 49.546102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.551643] ? security_socket_sendmsg+0x94/0xc0 [ 49.556477] ? packet_getname+0x5f0/0x5f0 [ 49.560615] sock_sendmsg+0xd5/0x120 [ 49.564318] __sys_sendto+0x3d7/0x670 [ 49.568196] ? aa_af_perm+0x5a0/0x5a0 [ 49.572189] ? __ia32_sys_getpeername+0xb0/0xb0 [ 49.576901] ? packet_bind+0x164/0x1b0 [ 49.580964] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 49.586511] ? __sys_bind+0x1d1/0x440 [ 49.590417] ? kasan_check_write+0x14/0x20 [ 49.594739] ? up_read+0x225/0x2c0 [ 49.598470] ? do_syscall_64+0x9a/0x820 [ 49.602463] ? do_syscall_64+0x9a/0x820 [ 49.606426] ? lockdep_hardirqs_on+0x421/0x5c0 [ 49.611001] ? trace_hardirqs_on+0xbd/0x310 [ 49.615312] ? security_file_ioctl+0x94/0xc0 [ 49.619709] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.625061] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 49.630536] __x64_sys_sendto+0xe1/0x1a0 [ 49.634590] do_syscall_64+0x1b9/0x820 [ 49.638614] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 49.643989] ? syscall_return_slowpath+0x5e0/0x5e0 [ 49.649156] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 49.654007] ? trace_hardirqs_on_caller+0x310/0x310 [ 49.659011] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 49.664025] ? prepare_exit_to_usermode+0x291/0x3b0 [ 49.669044] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 49.673902] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 49.679078] RIP: 0033:0x442129 [ 49.682261] Code: e8 4c 06 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 49.701517] RSP: 002b:00007fffb6839fa8 EFLAGS: 00000216 ORIG_RAX: 000000000000002c [ 49.709216] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442129 [ 49.716598] RDX: 0000000000000011 RSI: 0000000020000140 RDI: 0000000000000003 [ 49.723869] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 49.731286] R10: 0000000000000004 R11: 0000000000000216 R12: 0000000000000000 [ 49.738564] R13: 00007fffb6839ff0 R14: 0000000000000000 R15: 0000000000000000 [ 49.747411] Kernel Offset: disabled [ 49.751112] Rebooting in 86400 seconds..