[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 43.552047] kauditd_printk_skb: 9 callbacks suppressed [ 43.552062] audit: type=1400 audit(1539049423.846:35): avc: denied { map } for pid=5905 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.79' (ECDSA) to the list of known hosts. net.ipv6.conf.syz_tun.accept_dad = 0 net.ipv6.conf.syz_tun.router_solicitations = 0 [ 50.240470] audit: type=1400 audit(1539049430.536:36): avc: denied { map } for pid=5917 comm="syz-executor189" path="/root/syz-executor189114959" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 50.250869] IPVS: ftp: loaded support on port[0] = 21 [ 50.458966] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.465536] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.472328] device bridge_slave_0 entered promiscuous mode [ 50.488146] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.494634] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.501458] device bridge_slave_1 entered promiscuous mode [ 50.516576] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 50.531797] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 50.571830] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 50.588658] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 50.646053] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 50.653510] team0: Port device team_slave_0 added [ 50.666642] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 50.673810] team0: Port device team_slave_1 added [ 50.687182] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.703483] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.719409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 50.736689] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 50.843345] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.849723] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.856382] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.862724] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 51.242134] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 51.248375] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.288585] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 51.329613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.336768] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 51.372214] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 51.378819] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.413234] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready executing program [ 51.599678] FAULT_INJECTION: forcing a failure. [ 51.599678] name failslab, interval 1, probability 0, space 0, times 1 [ 51.611463] CPU: 1 PID: 5918 Comm: syz-executor189 Not tainted 4.19.0-rc7+ #53 [ 51.618818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.628152] Call Trace: [ 51.630734] dump_stack+0x1c4/0x2b4 [ 51.634349] ? dump_stack_print_info.cold.2+0x52/0x52 [ 51.639522] ? lock_downgrade+0x900/0x900 [ 51.643658] should_fail.cold.4+0xa/0x17 [ 51.647704] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 51.652972] ? lock_downgrade+0x900/0x900 [ 51.657134] ? trace_hardirqs_off+0xb8/0x310 [ 51.661541] ? kasan_check_read+0x11/0x20 [ 51.665673] ? do_raw_spin_unlock+0xa7/0x2f0 [ 51.670061] ? trace_hardirqs_on+0x310/0x310 [ 51.674480] ? kasan_check_write+0x14/0x20 [ 51.678731] ? do_raw_spin_lock+0xc1/0x200 [ 51.682956] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 51.688154] ? fs_reclaim_acquire+0x20/0x20 [ 51.692457] ? lock_downgrade+0x900/0x900 [ 51.696611] ? ___might_sleep+0x1ed/0x300 [ 51.700779] ? mount_fs+0xae/0x31d [ 51.704303] ? arch_local_save_flags+0x40/0x40 [ 51.708873] ? __x64_sys_mount+0xbe/0x150 [ 51.713010] ? do_syscall_64+0x1b9/0x820 [ 51.717065] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.722408] ? kasan_check_read+0x11/0x20 [ 51.726538] __should_failslab+0x124/0x180 [ 51.730756] should_failslab+0x9/0x14 [ 51.734544] kmem_cache_alloc_trace+0x2d7/0x750 [ 51.739195] ? lock_release+0x970/0x970 [ 51.743152] ? arch_local_save_flags+0x40/0x40 [ 51.747725] ovl_encode_real_fh+0xca/0x500 [ 51.751950] ? __mnt_want_write+0x327/0x420 [ 51.756256] ? ovl_set_attr+0x550/0x550 [ 51.760215] ? may_umount_tree+0x210/0x210 [ 51.764438] ovl_verify_set_fh+0x36/0x180 [ 51.768567] ovl_fill_super+0x3026/0x3f7b [ 51.772724] ? ovl_show_options+0x550/0x550 [ 51.777038] ? __free_pages+0x160/0x190 [ 51.780999] ? selinux_sb_copy_data+0x602/0x740 [ 51.785670] ? selinux_capable+0x36/0x40 [ 51.789724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.795252] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.800773] ? get_anon_bdev+0xc0/0xc0 [ 51.804640] ? sget+0x113/0x150 [ 51.807906] ? ovl_show_options+0x550/0x550 [ 51.812209] mount_nodev+0x6b/0x110 [ 51.815827] ovl_mount+0x2c/0x40 [ 51.819189] mount_fs+0xae/0x31d [ 51.822540] vfs_kern_mount.part.35+0xdc/0x4f0 [ 51.827107] ? may_umount+0xb0/0xb0 [ 51.830722] ? _raw_read_unlock+0x2c/0x50 [ 51.834856] ? __get_fs_type+0x97/0xc0 [ 51.838734] do_mount+0x581/0x31f0 [ 51.842258] ? kasan_check_read+0x11/0x20 [ 51.846391] ? do_raw_spin_unlock+0xa7/0x2f0 [ 51.850781] ? copy_mount_string+0x40/0x40 [ 51.855014] ? kasan_check_write+0x14/0x20 [ 51.859235] ? kasan_unpoison_shadow+0x35/0x50 [ 51.863802] ? kasan_kmalloc+0xc7/0xe0 [ 51.867687] ? kmem_cache_alloc_trace+0x31f/0x750 [ 51.872534] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 51.878057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 51.883579] ? copy_mount_options+0x288/0x380 [ 51.888056] ksys_mount+0x12d/0x140 [ 51.891665] __x64_sys_mount+0xbe/0x150 [ 51.895622] do_syscall_64+0x1b9/0x820 [ 51.899492] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 51.904854] ? syscall_return_slowpath+0x5e0/0x5e0 [ 51.909789] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.914617] ? trace_hardirqs_on_caller+0x310/0x310 [ 51.919615] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 51.924615] ? prepare_exit_to_usermode+0x291/0x3b0 [ 51.929620] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.934449] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 51.939621] RIP: 0033:0x4418e9 [ 51.942794] Code: 26 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 51.961685] RSP: 002b:00007ffc88122678 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 51.969400] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004418e9 [ 51.976671] RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 0000000000400000 [ 51.983928] RBP: 00007ffc881226c0 R08: 0000000020000100 R09: 0000000000000100 [ 51.991183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 51.998436] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 [ 52.008245] overlayfs: failed to verify origin (syzkaller.Ry8w8Y/file0, ino=16483, err=-12) [ 52.017379] ------------[ cut here ]------------ [ 52.022160] kernel BUG at arch/x86/mm/physaddr.c:22! [ 52.027268] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 52.032616] CPU: 0 PID: 5918 Comm: syz-executor189 Not tainted 4.19.0-rc7+ #53 [ 52.039954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.049351] RIP: 0010:__phys_addr+0xff/0x120 [ 52.053751] Code: 3c 02 00 75 31 4c 8b 25 ff c3 ee 07 48 89 de bf ff ff ff 1f e8 a2 7a 46 00 49 01 dc 48 81 fb ff ff ff 1f 76 a7 e8 61 79 46 00 <0f> 0b e8 6a e9 89 00 e9 7a ff ff ff e8 c0 e9 89 00 eb c8 0f 1f 40 [ 52.072640] RSP: 0018:ffff8801c3387770 EFLAGS: 00010093 [ 52.077993] RAX: ffff8801c323a080 RBX: 000000007ffffff4 RCX: ffffffff81385c1e [ 52.085250] RDX: 0000000000000000 RSI: ffffffff81385c2f RDI: 0000000000000007 [ 52.092503] RBP: ffff8801c3387788 R08: ffff8801c323a080 R09: ffffed003b5c4fe8 [ 52.099754] R10: ffffed003b5c4fe8 R11: ffff8801dae27f47 R12: 000000007ffffff4 [ 52.107008] R13: 0000000000000001 R14: ffffffff882f8c80 R15: 0000000000004063 [ 52.114262] FS: 000000000148d880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 52.122468] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.128370] CR2: 0000000000619570 CR3: 00000001c4ab0000 CR4: 00000000001406f0 [ 52.135626] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.142879] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.150128] Call Trace: [ 52.152704] ? ovl_verify_set_fh+0xba/0x180 [ 52.157022] kfree+0x7b/0x230 [ 52.160111] ovl_verify_set_fh+0xba/0x180 [ 52.164261] ovl_fill_super+0x3026/0x3f7b [ 52.168397] ? ovl_show_options+0x550/0x550 [ 52.172700] ? __free_pages+0x160/0x190 [ 52.176671] ? selinux_sb_copy_data+0x602/0x740 [ 52.181325] ? selinux_capable+0x36/0x40 [ 52.185372] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.190892] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.196412] ? get_anon_bdev+0xc0/0xc0 [ 52.200280] ? sget+0x113/0x150 [ 52.203543] ? ovl_show_options+0x550/0x550 [ 52.207844] mount_nodev+0x6b/0x110 [ 52.211455] ovl_mount+0x2c/0x40 [ 52.214803] mount_fs+0xae/0x31d [ 52.218154] vfs_kern_mount.part.35+0xdc/0x4f0 [ 52.222727] ? may_umount+0xb0/0xb0 [ 52.226347] ? _raw_read_unlock+0x2c/0x50 [ 52.230476] ? __get_fs_type+0x97/0xc0 [ 52.234350] do_mount+0x581/0x31f0 [ 52.237873] ? kasan_check_read+0x11/0x20 [ 52.242004] ? do_raw_spin_unlock+0xa7/0x2f0 [ 52.246397] ? copy_mount_string+0x40/0x40 [ 52.250610] ? kasan_check_write+0x14/0x20 [ 52.254828] ? kasan_unpoison_shadow+0x35/0x50 [ 52.259389] ? kasan_kmalloc+0xc7/0xe0 [ 52.263269] ? kmem_cache_alloc_trace+0x31f/0x750 [ 52.268095] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 52.273618] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 52.279135] ? copy_mount_options+0x288/0x380 [ 52.283614] ksys_mount+0x12d/0x140 [ 52.287222] __x64_sys_mount+0xbe/0x150 [ 52.291180] do_syscall_64+0x1b9/0x820 [ 52.295067] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 52.300745] ? syscall_return_slowpath+0x5e0/0x5e0 [ 52.305660] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.310485] ? trace_hardirqs_on_caller+0x310/0x310 [ 52.315482] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 52.320482] ? prepare_exit_to_usermode+0x291/0x3b0 [ 52.325488] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 52.330315] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 52.335487] RIP: 0033:0x4418e9 [ 52.338662] Code: 26 02 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 52.357551] RSP: 002b:00007ffc88122678 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 52.365244] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004418e9 [ 52.372495] RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 0000000000400000 [ 52.379752] RBP: 00007ffc881226c0 R08: 0000000020000100 R09: 0000000000000100 [ 52.387005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 52.394256] R13: ffffffffffffffff R14: 0000000000000000 R15: 0000000000000000 [ 52.401513] Modules linked in: [ 52.404757] ---[ end trace 25e838f694c8a24f ]--- [ 52.409505] RIP: 0010:__phys_addr+0xff/0x120 [ 52.413909] Code: 3c 02 00 75 31 4c 8b 25 ff c3 ee 07 48 89 de bf ff ff ff 1f e8 a2 7a 46 00 49 01 dc 48 81 fb ff ff ff 1f 76 a7 e8 61 79 46 00 <0f> 0b e8 6a e9 89 00 e9 7a ff ff ff e8 c0 e9 89 00 eb c8 0f 1f 40 [ 52.432815] RSP: 0018:ffff8801c3387770 EFLAGS: 00010093 [ 52.438172] RAX: ffff8801c323a080 RBX: 000000007ffffff4 RCX: ffffffff81385c1e [ 52.445426] RDX: 0000000000000000 RSI: ffffffff81385c2f RDI: 0000000000000007 [ 52.452691] RBP: ffff8801c3387788 R08: ffff8801c323a080 R09: ffffed003b5c4fe8 [ 52.459950] R10: ffffed003b5c4fe8 R11: ffff8801dae27f47 R12: 000000007ffffff4 [ 52.467206] R13: 0000000000000001 R14: ffffffff882f8c80 R15: 0000000000004063 [ 52.474466] FS: 000000000148d880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 52.482679] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.488543] CR2: 0000000000619570 CR3: 00000001c4ab0000 CR4: 00000000001406f0 [ 52.495802] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.503054] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.510305] Kernel panic - not syncing: Fatal exception [ 52.516588] Kernel Offset: disabled [ 52.520250] Rebooting in 86400 seconds..