[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   38.083111] audit: type=1800 audit(1546145143.755:25): pid=7816 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   38.118935] audit: type=1800 audit(1546145143.755:26): pid=7816 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   38.163006] audit: type=1800 audit(1546145143.755:27): pid=7816 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.121' (ECDSA) to the list of known hosts.
syzkaller login: [   64.485066] IPVS: ftp: loaded support on port[0] = 21
[   64.545779] chnl_net:caif_netlink_parms(): no params data found
[   64.579110] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.585676] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.592822] device bridge_slave_0 entered promiscuous mode
[   64.600143] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.606499] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.613770] device bridge_slave_1 entered promiscuous mode
[   64.631166] bond0: Enslaving bond_slave_0 as an active interface with an up link
[   64.640125] bond0: Enslaving bond_slave_1 as an active interface with an up link
[   64.656421] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[   64.664126] team0: Port device team_slave_0 added
[   64.669500] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[   64.676605] team0: Port device team_slave_1 added
[   64.682057] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[   64.689343] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[   64.769682] device hsr_slave_0 entered promiscuous mode
[   64.838058] device hsr_slave_1 entered promiscuous mode
[   64.908029] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[   64.914914] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[   64.928617] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.935063] bridge0: port 2(bridge_slave_1) entered forwarding state
[   64.941987] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.948398] bridge0: port 1(bridge_slave_0) entered forwarding state
[   64.982349] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[   64.989146] 8021q: adding VLAN 0 to HW filter on device bond0
[   64.997997] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[   65.006428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   65.026468] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.034243] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.042453] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   65.052900] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[   65.059486] 8021q: adding VLAN 0 to HW filter on device team0
[   65.068021] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   65.075659] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.082057] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.091195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   65.098870] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.105203] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.125127] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   65.135484] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   65.146382] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[   65.154129] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   65.161895] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   65.169812] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   65.177383] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
executing program
[   65.184975] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   65.191769] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   65.203005] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[   65.213015] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.223464] ------------[ cut here ]------------
[   65.228306] HSR: VLAN not yet supported
[   65.228675] WARNING: CPU: 0 PID: 7968 at net/hsr/hsr_forward.c:336 hsr_forward_skb+0x2196/0x28a0
[   65.241524] Kernel panic - not syncing: panic_on_warn set ...
[   65.247394] CPU: 0 PID: 7968 Comm: syz-executor572 Not tainted 4.20.0+ #253
[   65.254470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.263802] Call Trace:
[   65.266372]  dump_stack+0x1d3/0x2c6
[   65.269983]  ? dump_stack_print_info.cold.1+0x20/0x20
[   65.275159]  panic+0x2ad/0x55f
[   65.278334]  ? add_taint.cold.5+0x16/0x16
[   65.282464]  ? __warn.cold.8+0x5/0x52
[   65.286247]  ? __warn+0xe8/0x1d0
[   65.289597]  ? hsr_forward_skb+0x2196/0x28a0
[   65.294002]  __warn.cold.8+0x20/0x52
[   65.297710]  ? rcu_softirq_qs+0x20/0x20
[   65.301674]  ? hsr_forward_skb+0x2196/0x28a0
[   65.306075]  report_bug+0x254/0x2d0
[   65.309685]  do_error_trap+0x11b/0x200
[   65.313559]  do_invalid_op+0x36/0x40
[   65.317352]  ? hsr_forward_skb+0x2196/0x28a0
[   65.321811]  invalid_op+0x14/0x20
[   65.325244] RIP: 0010:hsr_forward_skb+0x2196/0x28a0
[   65.330240] Code: e7 e8 9e 2a ff ff e9 8f f3 ff ff 48 89 85 b0 fe ff ff e8 dd 9f 91 f9 48 c7 c7 e0 cd f9 88 c6 05 c6 98 46 02 01 e8 1a 2b 5b f9 <0f> 0b 48 8b 85 a8 fe ff ff 48 b9 00 00 00 00 00 fc ff df 48 89 c2
[   65.349253] RSP: 0018:ffff88808cd6eb28 EFLAGS: 00010282
[   65.354597] RAX: 0000000000000000 RBX: ffff888097257bc0 RCX: 0000000000000000
[   65.361848] RDX: 0000000000000000 RSI: ffffffff81683015 RDI: 0000000000000006
[   65.369096] RBP: ffff88808cd6ecb8 R08: ffff888086a2c5c0 R09: 0000000000000000
[   65.376459] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[   65.383961] R13: ffff8880a786f100 R14: ffff888097257c76 R15: ffff88808cd6ec90
[   65.391248]  ? vprintk_func+0x85/0x181
[   65.395126]  ? hsr_forward_skb+0x2196/0x28a0
[   65.399515]  ? rcu_read_unlock_special+0x370/0x370
[   65.404438]  ? find_held_lock+0x36/0x1c0
[   65.408484]  ? hsr_del_port+0x480/0x480
[   65.412436]  ? rcu_read_unlock+0x5e/0xa0
[   65.416479]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[   65.421476]  ? hsr_netdev_notify+0x1070/0x1070
[   65.426051]  ? __lock_is_held+0xb5/0x140
[   65.430102]  hsr_dev_xmit+0x71/0xa0
[   65.433717]  dev_hard_start_xmit+0x286/0xc80
[   65.438121]  ? dev_direct_xmit+0x6a0/0x6a0
[   65.442340]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   65.447859]  ? netif_skb_features+0x681/0xb50
[   65.452336]  ? skb_flow_dissect_tunnel_info+0xd80/0xd80
[   65.457735]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   65.463263]  ? validate_xmit_xfrm+0x41c/0xef0
[   65.467751]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.473305]  ? validate_xmit_skb+0x849/0xf70
[   65.477698]  ? netif_skb_features+0xb50/0xb50
[   65.482183]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.487702]  ? check_preemption_disabled+0x48/0x280
[   65.492706]  ? check_preemption_disabled+0x48/0x280
[   65.497713]  __dev_queue_xmit+0x2f62/0x3ac0
[   65.502024]  ? kasan_kmalloc+0xc7/0xe0
[   65.505898]  ? netdev_pick_tx+0x300/0x300
[   65.510029]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.515545]  ? __alloc_skb+0x4bd/0x760
[   65.519413]  ? print_usage_bug+0xc0/0xc0
[   65.523455]  ? skb_scrub_packet+0x440/0x440
[   65.527769]  ? mark_held_locks+0x130/0x130
[   65.531988]  ? find_held_lock+0x36/0x1c0
[   65.536039]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.541560]  ? refcount_add_not_zero_checked+0x21e/0x330
[   65.546993]  ? refcount_dec_if_one+0x180/0x180
[   65.551558]  ? alloc_skb_with_frags+0x508/0x7c0
[   65.556211]  ? pagevec_lru_move_fn+0x259/0x350
[   65.560773]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   65.566214]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[   65.571738]  ? refcount_add_checked+0x2f/0x70
[   65.576217]  ? skb_set_owner_w+0x21d/0x320
[   65.580522]  ? sock_alloc_send_pskb+0x7bb/0xab0
[   65.585175]  ? __lru_cache_add+0x2ff/0x4e0
[   65.589395]  ? sock_wmalloc+0x1f0/0x1f0
[   65.593358]  ? dev_get_by_index+0xf0/0x1c0
[   65.597578]  ? lock_downgrade+0x900/0x900
[   65.601709]  ? check_preemption_disabled+0x48/0x280
[   65.606725]  ? kasan_check_read+0x11/0x20
[   65.610856]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   65.616120]  ? mark_held_locks+0x130/0x130
[   65.620340]  ? rcu_read_unlock_special+0x370/0x370
[   65.625253]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.630769]  ? skb_copy_datagram_from_iter+0x445/0x650
[   65.636036]  ? memcpy+0x45/0x50
[   65.639315]  dev_queue_xmit+0x17/0x20
[   65.643099]  ? dev_queue_xmit+0x17/0x20
[   65.647061]  packet_sendmsg+0x298a/0x6ad0
[   65.651191]  ? __lock_acquire+0x62f/0x4c20
[   65.655411]  ? __this_cpu_preempt_check+0x1c/0x20
[   65.660241]  ? mark_held_locks+0x130/0x130
[   65.664461]  ? packet_getname+0x5f0/0x5f0
[   65.668593]  ? aa_profile_af_perm+0x410/0x410
[   65.673072]  ? tcp_add_backlog+0x1540/0x1e00
[   65.677467]  ? ___might_sleep+0x1ed/0x300
[   65.681640]  ? lock_downgrade+0x900/0x900
[   65.685779]  ? cpu_cgroup_can_attach+0x80/0x170
[   65.690429]  ? lock_release+0xa00/0xa00
[   65.694382]  ? arch_local_save_flags+0x40/0x40
[   65.698953]  ? debug_lockdep_rcu_enabled+0x77/0x90
[   65.703865]  ? aa_sk_perm+0x22b/0x8e0
[   65.707661]  ? import_iovec+0x178/0x2d0
[   65.711623]  ? aa_af_perm+0x5a0/0x5a0
[   65.715410]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   65.720932]  ? aa_sock_msg_perm.isra.14+0xba/0x160
[   65.725910]  ? apparmor_socket_sendmsg+0x29/0x30
[   65.730657]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.736176]  ? security_socket_sendmsg+0x94/0xc0
[   65.740913]  ? packet_getname+0x5f0/0x5f0
[   65.745045]  sock_sendmsg+0xd5/0x120
[   65.748744]  ___sys_sendmsg+0x51d/0x930
[   65.752704]  ? copy_msghdr_from_user+0x580/0x580
[   65.757473]  ? _copy_to_user+0xc8/0x110
[   65.761437]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   65.766962]  ? sock_do_ioctl+0x110/0x420
[   65.771017]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.776633]  ? __fget_light+0x2e9/0x430
[   65.780628]  ? fget_raw+0x20/0x20
[   65.784076]  ? __sanitizer_cov_trace_switch+0x53/0x90
[   65.789259]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[   65.794779]  ? sockfd_lookup_light+0xc5/0x160
[   65.799258]  __sys_sendmmsg+0x246/0x6d0
[   65.803218]  ? __ia32_sys_sendmsg+0xb0/0xb0
[   65.807539]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.813063]  ? do_vfs_ioctl+0x201/0x1790
[   65.817119]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[   65.822419]  ? ioctl_preallocate+0x300/0x300
[   65.826811]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.832334]  ? __fget_light+0x2e9/0x430
[   65.836363]  ? do_syscall_64+0x9a/0x820
[   65.840320]  ? do_syscall_64+0x9a/0x820
[   65.844275]  ? lockdep_hardirqs_on+0x421/0x5c0
[   65.848839]  ? trace_hardirqs_on+0xbd/0x310
[   65.853141]  ? security_file_ioctl+0x94/0xc0
[   65.857537]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   65.862883]  ? __bpf_trace_preemptirq_template+0x30/0x30
[   65.868317]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[   65.873838]  __x64_sys_sendmmsg+0x9d/0x100
[   65.878056]  do_syscall_64+0x1b9/0x820
[   65.881925]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[   65.887285]  ? syscall_return_slowpath+0x5e0/0x5e0
[   65.892199]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   65.897027]  ? trace_hardirqs_on_caller+0x310/0x310
[   65.902024]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[   65.907103]  ? prepare_exit_to_usermode+0x291/0x3b0
[   65.912128]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[   65.916956]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   65.922140] RIP: 0033:0x4418a9
[   65.925318] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
[   65.944203] RSP: 002b:00007ffe0677f6d8 EFLAGS: 00000213 ORIG_RAX: 0000000000000133
[   65.951891] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00000000004418a9
[   65.959184] RDX: 0000000000000300 RSI: 0000000020008a80 RDI: 0000000000000003
[   65.966529] RBP: 0000000000000003 R08: 0000000001bbbbbb R09: 0000000001bbbbbb
[   65.973784] R10: 0000000000000000 R11: 0000000000000213 R12: 00007ffe0677f720
[   65.981053] R13: 00007ffe0677f710 R14: 0000000000000000 R15: 0000000000000000
[   65.989296] Kernel Offset: disabled
[   65.992960] Rebooting in 86400 seconds..