[ 46.763431] audit: type=1800 audit(1585615865.388:29): pid=7814 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 46.800003] audit: type=1800 audit(1585615865.388:30): pid=7814 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.20' (ECDSA) to the list of known hosts. syzkaller login: [ 190.910838] kauditd_printk_skb: 5 callbacks suppressed [ 190.910851] audit: type=1400 audit(1585616009.538:36): avc: denied { map } for pid=7999 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2020/03/31 00:53:29 parsed 1 programs [ 192.694274] audit: type=1400 audit(1585616011.318:37): avc: denied { map } for pid=7999 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=92 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 2020/03/31 00:53:31 executed programs: 0 [ 192.888712] IPVS: ftp: loaded support on port[0] = 21 [ 192.953585] chnl_net:caif_netlink_parms(): no params data found [ 193.005421] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.012411] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.019861] device bridge_slave_0 entered promiscuous mode [ 193.027646] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.034249] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.041626] device bridge_slave_1 entered promiscuous mode [ 193.058466] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 193.067662] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 193.085401] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 193.092938] team0: Port device team_slave_0 added [ 193.098658] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 193.107280] team0: Port device team_slave_1 added [ 193.122155] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 193.128408] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 193.153910] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 193.166041] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 193.172446] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 193.197691] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 193.208644] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 193.216352] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 193.302591] device hsr_slave_0 entered promiscuous mode [ 193.371498] device hsr_slave_1 entered promiscuous mode [ 193.432062] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 193.439403] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 193.493439] audit: type=1400 audit(1585616012.118:38): avc: denied { create } for pid=8016 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 193.515355] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.518254] audit: type=1400 audit(1585616012.118:39): avc: denied { write } for pid=8016 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 193.524442] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.549615] audit: type=1400 audit(1585616012.128:40): avc: denied { read } for pid=8016 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 193.555322] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.584994] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.622222] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 193.628349] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.637615] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 193.648051] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.667734] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.675186] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.683235] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 193.693900] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 193.699984] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.710848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.718839] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.725319] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.736037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.744146] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.750684] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.771862] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.779822] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.788427] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.797911] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.805587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.815671] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 193.821775] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.836077] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 193.843876] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 193.851684] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 193.863651] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.877909] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 193.888136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 193.927292] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 193.935121] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 193.942111] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 193.952790] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 193.960599] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 193.967604] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 193.976681] device veth0_vlan entered promiscuous mode [ 193.986892] device veth1_vlan entered promiscuous mode [ 194.003097] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 194.013656] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 194.021747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 194.029651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 194.039247] device veth0_macvtap entered promiscuous mode [ 194.046053] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 194.054670] device veth1_macvtap entered promiscuous mode [ 194.061414] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 194.070009] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 194.079780] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 194.091078] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 194.098287] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 194.105486] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 194.113070] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 194.120194] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 194.128171] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 194.139578] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 194.146887] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 194.154456] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 194.162784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 194.273438] audit: type=1400 audit(1585616012.898:41): avc: denied { associate } for pid=8016 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 194.337026] ------------[ cut here ]------------ [ 194.341909] kernel BUG at drivers/dma-buf/dma-buf.c:68! [ 194.347615] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 194.353012] CPU: 0 PID: 8051 Comm: syz-executor.0 Not tainted 4.19.113-syzkaller #0 [ 194.360787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.370138] RIP: 0010:dma_buf_release+0x345/0x630 [ 194.374965] Code: e4 e8 af 63 49 fd 48 89 ef e8 f7 7b 88 fd e8 72 da 52 fd 44 89 e0 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 5b da 52 fd <0f> 0b e8 54 da 52 fd e8 ff 91 40 fd 48 8d bd 38 02 00 00 48 b8 00 [ 194.394152] RSP: 0018:ffff88807e84fdf8 EFLAGS: 00010293 [ 194.399504] RAX: ffff8880988de6c0 RBX: 0000000000000004 RCX: ffffffff8414c5ec [ 194.406766] RDX: 0000000000000000 RSI: ffffffff8414c845 RDI: 0000000000000005 [ 194.414075] RBP: ffff8880980e8d80 R08: ffff8880988de6c0 R09: 0000000000000000 [ 194.421329] R10: ffff88807e84fe40 R11: 0000000000000000 R12: ffff888092eb13bc [ 194.428583] R13: ffff888092eb1368 R14: ffffffff8414c500 R15: ffff88821b6b6820 [ 194.435882] FS: 0000000001555940(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 194.444089] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.449954] CR2: 00007ff0b6590db8 CR3: 00000000a0188000 CR4: 00000000001406f0 [ 194.457207] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 194.464497] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 194.471803] Call Trace: [ 194.474389] ? ima_file_free+0xb6/0x460 [ 194.478372] ? dma_buf_debug_show+0x1210/0x1210 [ 194.483040] __fput+0x2cd/0x890 [ 194.486317] task_work_run+0x13f/0x1b0 [ 194.490190] exit_to_usermode_loop+0x25a/0x2b0 [ 194.494766] do_syscall_64+0x538/0x620 [ 194.498649] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.503830] RIP: 0033:0x4163e1 [ 194.507005] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 194.525897] RSP: 002b:00007ffd79643c40 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 194.533645] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 00000000004163e1 [ 194.540900] RDX: 0000000000000000 RSI: 0000000000000081 RDI: 0000000000000007 [ 194.548152] RBP: 0000000000000000 R08: 0000000000000000 R09: 01ffffffffffffff [ 194.555456] R10: 00000000007708c0 R11: 0000000000000293 R12: 000000000076bf00 [ 194.562749] R13: 00000000007708d0 R14: 0000000000000000 R15: 000000000076bf0c [ 194.570006] Modules linked in: [ 194.575221] ---[ end trace 5b687ef3a3f54b29 ]--- [ 194.580002] RIP: 0010:dma_buf_release+0x345/0x630 [ 194.585432] Code: e4 e8 af 63 49 fd 48 89 ef e8 f7 7b 88 fd e8 72 da 52 fd 44 89 e0 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 5b da 52 fd <0f> 0b e8 54 da 52 fd e8 ff 91 40 fd 48 8d bd 38 02 00 00 48 b8 00 [ 194.604780] RSP: 0018:ffff88807e84fdf8 EFLAGS: 00010293 [ 194.610200] RAX: ffff8880988de6c0 RBX: 0000000000000004 RCX: ffffffff8414c5ec [ 194.618096] RDX: 0000000000000000 RSI: ffffffff8414c845 RDI: 0000000000000005 [ 194.625627] RBP: ffff8880980e8d80 R08: ffff8880988de6c0 R09: 0000000000000000 [ 194.633840] R10: ffff88807e84fe40 R11: 0000000000000000 R12: ffff888092eb13bc [ 194.641201] R13: ffff888092eb1368 R14: ffffffff8414c500 R15: ffff88821b6b6820 [ 194.648475] FS: 0000000001555940(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000 [ 194.657036] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 194.663028] CR2: 00007ff0b6590db8 CR3: 00000000a0188000 CR4: 00000000001406f0 [ 194.670306] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 194.677800] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 194.685174] Kernel panic - not syncing: Fatal exception [ 194.691923] Kernel Offset: disabled [ 194.695624] Rebooting in 86400 seconds..