[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 29.525339] kauditd_printk_skb: 8 callbacks suppressed [ 29.525359] audit: type=1800 audit(1543769344.423:29): pid=5903 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 29.559483] audit: type=1800 audit(1543769344.433:30): pid=5903 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 33.334326] sshd (6041) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.0.121' (ECDSA) to the list of known hosts. [ 39.991372] IPVS: ftp: loaded support on port[0] = 21 [ 40.162294] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.168945] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.176585] device bridge_slave_0 entered promiscuous mode [ 40.196108] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.202672] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.209885] device bridge_slave_1 entered promiscuous mode [ 40.229442] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 40.249006] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 40.302538] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 40.324242] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 40.404481] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 40.412115] team0: Port device team_slave_0 added [ 40.429538] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 40.436753] team0: Port device team_slave_1 added [ 40.454687] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 40.474592] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 40.495317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 40.516651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 40.664389] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.670908] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.678011] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.684384] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 41.230897] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.283176] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 41.335484] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 41.341848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.350090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.399368] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 41.985488] BUG: unable to handle kernel paging request at ffff888220000000 [ 41.992619] PGD be01067 P4D be01067 PUD be04067 PMD 0 [ 41.997887] Oops: 0000 [#1] PREEMPT SMP KASAN [ 42.002364] CPU: 1 PID: 6058 Comm: syz-executor141 Not tainted 4.20.0-rc4+ #163 [ 42.009789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.019142] RIP: 0010:do_csum+0x192/0x410 [ 42.023277] Code: 85 f6 74 54 4d 89 ef e8 bc 70 a4 f9 41 83 ee 01 31 ff 31 c0 44 89 f6 49 03 1f 49 13 5f 08 49 13 5f 10 49 13 5f 18 49 13 5f 20 <49> 13 5f 28 49 13 5f 30 49 13 5f 38 48 11 c3 e8 9a 71 a4 f9 49 83 [ 42.042185] RSP: 0018:ffff8881c15ce560 EFLAGS: 00010296 [ 42.047535] RAX: 0000000000000000 RBX: 9efd170dbc2f0bb1 RCX: ffffffff87db1a66 [ 42.054790] RDX: 0000000000000000 RSI: 00000000025f0005 RDI: 0000000000000000 [ 42.062059] RBP: ffff8881c15ce598 R08: ffff8881c14b82c0 R09: ffff8881b7c10154 [ 42.069326] R10: 000000000000ffd4 R11: ffffea0006e77977 R12: 00000000ffff0038 [ 42.076600] R13: ffff8881b7c10158 R14: 00000000025f0005 R15: ffff88821fffffd8 [ 42.083874] FS: 00000000007ac880(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000 [ 42.092081] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.097944] CR2: ffff888220000000 CR3: 00000001c1698000 CR4: 00000000001406e0 [ 42.105199] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.112452] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.119705] Call Trace: [ 42.122287] csum_partial+0x21/0x30 [ 42.125902] tcp_gso_segment+0xa12/0x1740 [ 42.130036] ? sk_common_release+0x320/0x320 [ 42.134428] tcp6_gso_segment+0x1c8/0x540 [ 42.138562] ipv6_gso_segment+0x554/0x1130 [ 42.142787] ? tag_mount+0xfe2/0x1ce0 [ 42.146571] ? sit_ip6ip6_gro_receive+0x100/0x100 [ 42.151458] ? __lock_is_held+0xb5/0x140 [ 42.155505] ? sit_ip6ip6_gro_receive+0x100/0x100 [ 42.160330] inet_gso_segment+0x639/0x1350 [ 42.164551] ? inet_sock_destruct+0x9b0/0x9b0 [ 42.169038] ipv6_gso_segment+0x554/0x1130 [ 42.173268] ? skb_mac_gso_segment+0x229/0x740 [ 42.177850] ? sit_ip6ip6_gro_receive+0x100/0x100 [ 42.182688] ? kasan_check_read+0x11/0x20 [ 42.186842] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 42.192108] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 42.197294] ? rcu_softirq_qs+0x20/0x20 [ 42.201291] ? skb_network_protocol+0xfc/0x4c0 [ 42.205863] skb_mac_gso_segment+0x3b3/0x740 [ 42.210269] ? sit_ip6ip6_gro_receive+0x100/0x100 [ 42.215092] ? skb_network_protocol+0x4c0/0x4c0 [ 42.219772] ? print_usage_bug+0xc0/0xc0 [ 42.223812] ? __lock_acquire+0x2aff/0x4c20 [ 42.228333] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 42.233507] ? skb_network_protocol+0xfc/0x4c0 [ 42.238086] __skb_gso_segment+0x3c3/0x880 [ 42.242302] ? skb_mac_gso_segment+0x740/0x740 [ 42.246872] validate_xmit_skb+0x689/0xf90 [ 42.251091] ? netif_skb_features+0xb60/0xb60 [ 42.255567] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.261087] ? check_preemption_disabled+0x48/0x280 [ 42.266085] validate_xmit_skb_list+0xd1/0x140 [ 42.270653] sch_direct_xmit+0x30e/0x1130 [ 42.274795] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.280314] ? check_preemption_disabled+0x48/0x280 [ 42.285343] ? dev_watchdog+0xb10/0xb10 [ 42.289302] ? __lock_is_held+0xb5/0x140 [ 42.293360] __qdisc_run+0x636/0x1990 [ 42.297160] ? sch_direct_xmit+0x1130/0x1130 [ 42.301568] ? lock_acquire+0x1ed/0x520 [ 42.305525] ? dev_queue_xmit+0x17/0x20 [ 42.309497] ? lock_release+0xa00/0xa00 [ 42.313457] ? mini_qdisc_pair_init+0x160/0x160 [ 42.318122] __dev_queue_xmit+0x191e/0x3ae0 [ 42.322424] ? dev_queue_xmit+0x17/0x20 [ 42.326381] ? netdev_pick_tx+0x310/0x310 [ 42.330514] ? __alloc_skb+0x4c6/0x770 [ 42.334392] ? mark_held_locks+0x130/0x130 [ 42.338627] ? kasan_check_read+0x11/0x20 [ 42.342757] ? zap_class+0x640/0x640 [ 42.346471] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.351997] ? refcount_add_not_zero_checked+0x21e/0x330 [ 42.357451] ? find_held_lock+0x36/0x1c0 [ 42.361503] ? perf_trace_sched_process_exec+0x860/0x860 [ 42.366940] ? kasan_check_write+0x14/0x20 [ 42.371160] ? copyin+0xb7/0x100 [ 42.374513] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 42.379511] ? copy_page_from_iter+0x541/0x8f0 [ 42.384077] ? _copy_from_iter+0xf70/0xf70 [ 42.388295] ? _copy_from_iter_full+0x2d8/0xce0 [ 42.392968] ? kasan_check_read+0x11/0x20 [ 42.397100] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 42.402376] ? depot_save_stack+0x292/0x470 [ 42.406684] ? skb_copy_datagram_from_iter+0x451/0x660 [ 42.411961] dev_queue_xmit+0x17/0x20 [ 42.415757] ? dev_queue_xmit+0x17/0x20 [ 42.419719] packet_sendmsg+0x430a/0x6540 [ 42.423873] ? find_held_lock+0x36/0x1c0 [ 42.427946] ? packet_getname+0x5f0/0x5f0 [ 42.432075] ? perf_trace_sched_process_exec+0x860/0x860 [ 42.437512] ? usercopy_warn+0x110/0x110 [ 42.441569] ? perf_trace_sched_wake_idle_without_ipi+0x600/0x600 [ 42.447791] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.453327] ? _copy_from_user+0xdf/0x150 [ 42.457477] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.463004] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 42.467922] ? aa_sk_perm+0x22b/0x8e0 [ 42.471704] ? import_iovec+0x2a3/0x4b0 [ 42.475660] ? aa_af_perm+0x5a0/0x5a0 [ 42.479466] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.485016] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 42.489939] ? apparmor_socket_sendmsg+0x29/0x30 [ 42.494683] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.500230] ? security_socket_sendmsg+0x94/0xc0 [ 42.504975] ? packet_getname+0x5f0/0x5f0 [ 42.509109] sock_sendmsg+0xd5/0x120 [ 42.512821] ___sys_sendmsg+0x7fd/0x930 [ 42.516786] ? find_held_lock+0x36/0x1c0 [ 42.520832] ? copy_msghdr_from_user+0x580/0x580 [ 42.525599] ? perf_trace_sched_process_exec+0x860/0x860 [ 42.531043] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.536563] ? __fget_light+0x2e9/0x430 [ 42.540516] ? fget_raw+0x20/0x20 [ 42.543952] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.549479] ? aa_af_perm+0x5a0/0x5a0 [ 42.553261] ? lock_release+0xa00/0xa00 [ 42.557217] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 42.562737] ? sockfd_lookup_light+0xc5/0x160 [ 42.567212] __sys_sendmsg+0x11d/0x280 [ 42.571101] ? __ia32_sys_shutdown+0x80/0x80 [ 42.575510] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 42.581052] ? __sys_setsockopt+0x254/0x3c0 [ 42.585362] ? do_syscall_64+0x9a/0x820 [ 42.589332] ? do_syscall_64+0x9a/0x820 [ 42.593317] ? trace_hardirqs_off_caller+0x310/0x310 [ 42.598402] __x64_sys_sendmsg+0x78/0xb0 [ 42.602459] do_syscall_64+0x1b9/0x820 [ 42.606328] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 42.611679] ? syscall_return_slowpath+0x5e0/0x5e0 [ 42.616588] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.621441] ? trace_hardirqs_on_caller+0x310/0x310 [ 42.626440] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 42.631437] ? prepare_exit_to_usermode+0x291/0x3b0 [ 42.636463] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 42.641287] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.646456] RIP: 0033:0x441449 [ 42.649641] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 42.668523] RSP: 002b:00007ffef16056c8 EFLAGS: 00000286 ORIG_RAX: 000000000000002e [ 42.676208] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000441449 [ 42.683456] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000003 [ 42.690715] RBP: 00000000006cc018 R08: 0000000000000100 R09: 0000000000000100 [ 42.698000] R10: 0000000000000100 R11: 0000000000000286 R12: 00000000004023b0 [ 42.705250] R13: 0000000000402440 R14: 0000000000000000 R15: 0000000000000000 [ 42.712517] Modules linked in: [ 42.715703] CR2: ffff888220000000 [ 42.719140] ---[ end trace 364f5809586df441 ]--- [ 42.723882] RIP: 0010:do_csum+0x192/0x410 [ 42.728014] Code: 85 f6 74 54 4d 89 ef e8 bc 70 a4 f9 41 83 ee 01 31 ff 31 c0 44 89 f6 49 03 1f 49 13 5f 08 49 13 5f 10 49 13 5f 18 49 13 5f 20 <49> 13 5f 28 49 13 5f 30 49 13 5f 38 48 11 c3 e8 9a 71 a4 f9 49 83 [ 42.746898] RSP: 0018:ffff8881c15ce560 EFLAGS: 00010296 [ 42.752241] RAX: 0000000000000000 RBX: 9efd170dbc2f0bb1 RCX: ffffffff87db1a66 [ 42.759491] RDX: 0000000000000000 RSI: 00000000025f0005 RDI: 0000000000000000 [ 42.766741] RBP: ffff8881c15ce598 R08: ffff8881c14b82c0 R09: ffff8881b7c10154 [ 42.774005] R10: 000000000000ffd4 R11: ffffea0006e77977 R12: 00000000ffff0038 [ 42.781267] R13: ffff8881b7c10158 R14: 00000000025f0005 R15: ffff88821fffffd8 [ 42.788536] FS: 00000000007ac880(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000 [ 42.796770] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.802648] CR2: ffff888220000000 CR3: 00000001c1698000 CR4: 00000000001406e0 [ 42.809954] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.817234] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.824483] Kernel panic - not syncing: Fatal exception in interrupt [ 42.831942] Kernel Offset: disabled [ 42.835564] Rebooting in 86400 seconds..