[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.960014] audit: type=1800 audit(1538298886.780:25): pid=5871 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 36.992377] audit: type=1800 audit(1538298886.790:26): pid=5871 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 37.025346] audit: type=1800 audit(1538298886.790:27): pid=5871 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.108' (ECDSA) to the list of known hosts. 2018/09/30 09:15:20 parsed 1 programs 2018/09/30 09:15:22 executed programs: 0 syzkaller login: [ 72.926013] IPVS: ftp: loaded support on port[0] = 21 [ 72.932607] IPVS: ftp: loaded support on port[0] = 21 [ 72.939910] IPVS: ftp: loaded support on port[0] = 21 [ 72.942585] IPVS: ftp: loaded support on port[0] = 21 [ 72.968973] IPVS: ftp: loaded support on port[0] = 21 [ 72.969832] IPVS: ftp: loaded support on port[0] = 21 [ 73.817721] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.838538] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.845825] device bridge_slave_0 entered promiscuous mode [ 73.887063] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.896752] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.907787] device bridge_slave_1 entered promiscuous mode [ 73.928249] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.935173] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.942842] device bridge_slave_0 entered promiscuous mode [ 73.965111] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 73.988870] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.007102] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.014318] device bridge_slave_1 entered promiscuous mode [ 74.029669] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 74.040715] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.049395] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.057127] device bridge_slave_0 entered promiscuous mode [ 74.070550] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.081243] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.089000] device bridge_slave_0 entered promiscuous mode [ 74.096243] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 74.116263] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.123434] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.130698] device bridge_slave_0 entered promiscuous mode [ 74.148584] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.158250] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.165956] device bridge_slave_1 entered promiscuous mode [ 74.172216] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.178561] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.186175] device bridge_slave_1 entered promiscuous mode [ 74.200387] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 74.209761] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.219481] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.227293] device bridge_slave_0 entered promiscuous mode [ 74.235511] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.241892] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.250980] device bridge_slave_1 entered promiscuous mode [ 74.258752] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 74.271128] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 74.287150] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 74.300613] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.310524] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.318741] device bridge_slave_1 entered promiscuous mode [ 74.327004] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 74.339520] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 74.351384] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 74.360735] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 74.370942] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 74.383081] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 74.400736] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 74.456451] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 74.487113] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 74.523647] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 74.532709] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 74.547633] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 74.560477] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 74.573162] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 74.583439] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 74.600808] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 74.616379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 74.634708] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 74.645407] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 74.655261] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 74.665684] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 74.685297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 74.693590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 74.701262] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 74.710165] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 74.719581] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 74.728829] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 74.740203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 74.751021] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 74.768235] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 74.775719] team0: Port device team_slave_0 added [ 74.787625] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 74.798875] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 74.814154] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 74.822610] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 74.837430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 74.845100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 74.861321] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 74.869626] team0: Port device team_slave_1 added [ 74.876477] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 74.904259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 74.920985] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 74.953521] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 74.961376] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 74.983061] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 74.990461] team0: Port device team_slave_0 added [ 74.999680] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 75.009939] team0: Port device team_slave_0 added [ 75.017208] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 75.025361] team0: Port device team_slave_0 added [ 75.045320] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.057760] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 75.068292] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 75.078091] team0: Port device team_slave_1 added [ 75.085158] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 75.093211] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.107995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.116318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.124329] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.133771] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 75.140753] team0: Port device team_slave_0 added [ 75.147814] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 75.156015] team0: Port device team_slave_1 added [ 75.165807] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 75.173151] team0: Port device team_slave_1 added [ 75.179897] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 75.192626] team0: Port device team_slave_0 added [ 75.201606] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.214445] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 75.221670] team0: Port device team_slave_1 added [ 75.238161] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 75.247206] team0: Port device team_slave_1 added [ 75.256814] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.268844] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.289449] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.309400] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.318315] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.330920] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.345039] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 75.364452] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.378483] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.387301] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.395615] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.405261] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.416358] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 75.426074] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 75.437256] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 75.448584] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.463540] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.476378] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.484079] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.491659] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.499646] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.509052] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 75.521938] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 75.529795] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.544096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.551849] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.559767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.567957] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 75.576199] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 75.591767] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 75.603246] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.611069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.625658] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.633547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.641125] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.649003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.660021] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 75.673985] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.681831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.894898] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.901288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.907953] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.914321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.927670] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 76.139980] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.146400] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.153033] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.159383] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.167123] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 76.181468] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.187856] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.194500] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.200840] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.209211] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 76.263359] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.269755] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.276407] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.282777] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.290489] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 76.303796] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.310151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.316826] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.323193] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.330481] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 76.366593] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.373002] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.379622] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.386003] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.394299] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 76.669063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 76.679978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 76.687979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 76.695479] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 76.702925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 76.709920] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 78.009443] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.149585] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.189568] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 78.212005] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.267884] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.372462] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 78.381960] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.391607] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 78.406319] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 78.417996] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 78.426829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.447999] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.490507] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 78.565929] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 78.583148] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 78.589698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 78.598295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.613677] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.635043] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 78.641259] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 78.653289] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.668510] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 78.729610] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 78.742944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 78.754963] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.773012] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 78.783261] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 78.790172] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.825059] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.854545] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.901145] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 78.912642] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 78.919572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 78.981135] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.994697] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.089059] 8021q: adding VLAN 0 to HW filter on device team0 2018/09/30 09:15:29 executed programs: 6 [ 79.731592] ================================================================== [ 79.738997] BUG: KASAN: use-after-free in tcf_block_find+0x9d1/0xb90 [ 79.745492] Read of size 4 at addr ffff8801bf7d6d78 by task syz-executor3/7508 [ 79.752845] [ 79.754490] CPU: 1 PID: 7508 Comm: syz-executor3 Not tainted 4.19.0-rc5-next-20180928+ #84 [ 79.762889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.773024] Call Trace: [ 79.775617] dump_stack+0x1d3/0x2c4 [ 79.779246] ? dump_stack_print_info.cold.2+0x52/0x52 [ 79.784437] ? printk+0xa7/0xcf [ 79.787729] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 79.792498] print_address_description.cold.8+0x9/0x1ff [ 79.797873] kasan_report.cold.9+0x242/0x309 [ 79.802286] ? tcf_block_find+0x9d1/0xb90 [ 79.806432] __asan_report_load4_noabort+0x14/0x20 [ 79.811350] tcf_block_find+0x9d1/0xb90 [ 79.815326] tc_new_tfilter+0x497/0x1d10 [ 79.819404] ? mutex_trylock+0x2b0/0x2b0 [ 79.823467] ? tc_del_tfilter+0x1290/0x1290 [ 79.827773] ? refcount_inc_not_zero_checked+0x2f0/0x2f0 [ 79.833213] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 79.838730] ? apparmor_capable+0x355/0x6c0 [ 79.843035] ? __netlink_lookup+0x5b6/0xa90 [ 79.847398] ? apparmor_cred_transfer+0x590/0x590 [ 79.852223] ? rtnetlink_rcv_msg+0x3d3/0xc20 [ 79.856615] ? lock_downgrade+0x900/0x900 [ 79.860745] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 79.862274] kernel tried to execute NX-protected page - exploit attempt? (uid: 0) [ 79.866289] ? rtnl_get_link+0x170/0x370 [ 79.873922] BUG: unable to handle kernel paging request at ffff8801cef8bd40 [ 79.877973] ? tc_del_tfilter+0x1290/0x1290 [ 79.885040] PGD bc01067 [ 79.889356] rtnetlink_rcv_msg+0x46a/0xc20 [ 79.889367] P4D bc01067 [ 79.892063] ? rtnetlink_put_metrics+0x690/0x690 [ 79.896267] PUD 1d9bd7063 [ 79.898930] netlink_rcv_skb+0x172/0x440 [ 79.903656] PMD 80000001cee001e3 [ 79.906512] ? rtnetlink_put_metrics+0x690/0x690 [ 79.913982] ? netlink_ack+0xb80/0xb80 [ 79.918722] Oops: 0011 [#1] PREEMPT SMP KASAN [ 79.922595] rtnetlink_rcv+0x1c/0x20 [ 79.927070] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.0-rc5-next-20180928+ #84 [ 79.930764] netlink_unicast+0x5a5/0x760 [ 79.938534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.942582] ? netlink_attachskb+0x9a0/0x9a0 [ 79.951918] RIP: 0010:0xffff8801cef8bd40 [ 79.956313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 79.960363] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <40> b0 dd cd 01 88 ff ff 1a 00 00 00 00 01 00 00 ea ff ff ff 24 00 [ 79.965885] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 79.984763] RSP: 0018:ffff8801dae06c78 EFLAGS: 00010292 [ 79.989765] netlink_sendmsg+0xa18/0xfc0 [ 79.989784] ? netlink_unicast+0x760/0x760 [ 79.995126] RAX: ffff8801cef8bd40 RBX: ffff8801cd6fd180 RCX: ffffffff860c7d0f [ 79.999175] ? aa_sock_msg_perm.isra.12+0xba/0x160 [ 80.003387] RDX: ffff8801dae06e20 RSI: ffff8801bf7d6d40 RDI: ffff8801cd6fd180 [ 80.010645] ? apparmor_socket_sendmsg+0x29/0x30 [ 80.015549] RBP: ffff8801dae071d0 R08: ffffffff89276e80 R09: 0000000000000000 [ 80.022809] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 80.027536] R10: ffff8801dae071e8 R11: 0000000000000000 R12: 0000000000000000 [ 80.034800] ? security_socket_sendmsg+0x94/0xc0 [ 80.040310] R13: ffff8801bf7d6d40 R14: 0000000000000100 R15: 0000000000000000 [ 80.047571] ? netlink_unicast+0x760/0x760 [ 80.052303] FS: 0000000000000000(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 80.059561] sock_sendmsg+0xd5/0x120 [ 80.063767] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.071985] ___sys_sendmsg+0x7fd/0x930 [ 80.075676] CR2: ffff8801cef8bd40 CR3: 00000001c0a8a000 CR4: 00000000001406f0 [ 80.081550] ? copy_msghdr_from_user+0x580/0x580 [ 80.085500] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 80.092765] ? __fd_install+0x2b5/0x8f0 [ 80.097500] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.104759] ? __fget_light+0x2e9/0x430 [ 80.108707] Call Trace: [ 80.115972] ? fget_raw+0x20/0x20 [ 80.119917] [ 80.122494] ? lock_downgrade+0x900/0x900 [ 80.125927] ? __dev_queue_xmit+0x1837/0x3950 [ 80.128060] ? lock_release+0x970/0x970 [ 80.132188] ? mark_held_locks+0x130/0x130 [ 80.136666] ? check_same_owner+0x330/0x330 [ 80.140619] ? __kmalloc_node_track_caller+0x47/0x70 [ 80.144834] ? posix_ktime_get_ts+0x15/0x20 [ 80.149134] ? __kmalloc_reserve.isra.39+0x41/0xe0 [ 80.154220] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 80.158518] ? netdev_pick_tx+0x2d0/0x2d0 [ 80.163432] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 80.168860] ? mark_held_locks+0xa0/0x130 [ 80.172997] ? sockfd_lookup_light+0xc5/0x160 [ 80.178518] ? lock_downgrade+0x900/0x900 [ 80.182648] __sys_sendmsg+0x11d/0x280 [ 80.187127] ? default_idle_call+0x6d/0x90 [ 80.191255] ? __ia32_sys_shutdown+0x80/0x80 [ 80.195128] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 80.199357] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 80.203758] ? trace_hardirqs_on+0xbd/0x310 [ 80.208670] ? put_timespec64+0x10f/0x1b0 [ 80.214190] ? mark_held_locks+0x130/0x130 [ 80.218500] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 80.222623] ? fib_rules_lookup+0x54c/0xcc0 [ 80.226842] __x64_sys_sendmsg+0x78/0xb0 [ 80.232277] ? fib_rules_net_exit+0x120/0x120 [ 80.236586] do_syscall_64+0x1b9/0x820 [ 80.240627] ? update_stack_state+0x1a5/0x690 [ 80.245103] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 80.248986] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 80.253467] ? syscall_return_slowpath+0x5e0/0x5e0 [ 80.259071] ? ipv6_skip_exthdr+0x416/0x760 [ 80.264592] ? trace_hardirqs_on_caller+0x310/0x310 [ 80.269505] ? trace_hardirqs_on+0xbd/0x310 [ 80.273810] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 80.278811] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 80.283117] ? recalc_sigpending_tsk+0x180/0x180 [ 80.288118] ? ip6mr_fib_lookup.isra.21+0x1f0/0x2b0 [ 80.293633] ? kasan_check_write+0x14/0x20 [ 80.298374] ? ipv6_chk_mcast_addr+0x350/0x940 [ 80.303373] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 80.303395] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 80.307614] ? lock_downgrade+0x900/0x900 [ 80.312189] RIP: 0033:0x457579 [ 80.317017] ? trace_hardirqs_on+0xbd/0x310 [ 80.322189] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 80.326319] ? lock_release+0x970/0x970 [ 80.329493] RSP: 002b:00007f20f5976c78 EFLAGS: 00000246 [ 80.333804] ? _raw_read_unlock_bh+0x30/0x40 [ 80.352677] ORIG_RAX: 000000000000002e [ 80.362724] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 80.368064] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 80.372461] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 80.376425] RDX: 0000000000000000 RSI: 0000000020005000 RDI: 0000000000000003 [ 80.381351] ? ip6_finish_output+0x4de/0xbc0 [ 80.388596] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 80.394121] ? lock_downgrade+0x900/0x900 [ 80.401372] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f20f59776d4 [ 80.406255] ? trace_hardirqs_on+0xbd/0x310 [ 80.413499] R13: 00000000004c3891 R14: 00000000004d56d0 R15: 00000000ffffffff [ 80.413513] [ 80.417651] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 80.424898] Allocated by task 6980: [ 80.429676] dev_queue_xmit+0x17/0x20 [ 80.437194] save_stack+0x43/0xd0 [ 80.438802] ? dev_queue_xmit+0x17/0x20 [ 80.444233] kasan_kmalloc+0xc7/0xe0 [ 80.447845] ip6_finish_output2+0x1342/0x27a0 [ 80.451627] __kmalloc_node+0x47/0x70 [ 80.455067] ? ip6_copy_metadata+0xe30/0xe30 [ 80.459019] qdisc_alloc+0x10f/0xb50 [ 80.462717] ? ip6_mtu+0x39c/0x520 [ 80.467196] qdisc_create_dflt+0x7a/0x1e0 [ 80.470984] ? lock_downgrade+0x900/0x900 [ 80.475433] dev_activate+0x82f/0xcb0 [ 80.479129] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 80.482650] __dev_open+0x2cb/0x410 [ 80.486788] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 80.490914] __dev_change_flags+0x730/0x9b0 [ 80.494697] ? ipv6_confirm+0x46e/0x650 [ 80.499607] dev_change_flags+0x89/0x150 [ 80.503218] ? ipv6_helper+0x3ab/0x540 [ 80.508735] do_setlink+0xb5f/0x3f20 [ 80.513038] ? ipv6_helper+0x540/0x540 [ 80.516993] rtnl_newlink+0x136f/0x1d40 [ 80.521037] ? ip6_mtu+0x160/0x520 [ 80.524907] rtnetlink_rcv_msg+0x46a/0xc20 [ 80.528604] ? dst_hold+0x2f0/0x2f0 [ 80.532476] netlink_rcv_skb+0x172/0x440 [ 80.536437] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 80.539956] rtnetlink_rcv+0x1c/0x20 [ 80.544173] ip6_finish_output+0x4de/0xbc0 [ 80.547779] netlink_unicast+0x5a5/0x760 [ 80.551825] ? ip6_finish_output+0x4de/0xbc0 [ 80.557350] netlink_sendmsg+0xa18/0xfc0 [ 80.561060] ip6_output+0x23e/0x9f0 [ 80.565281] sock_sendmsg+0xd5/0x120 [ 80.569326] ? ip6_finish_output+0xbc0/0xbc0 [ 80.573721] ___sys_sendmsg+0x7fd/0x930 [ 80.577769] ? ip6_fragment+0x38e0/0x38e0 [ 80.581382] __sys_sendmsg+0x11d/0x280 [ 80.585081] ? ip6_mtu_from_fib6+0x770/0x770 [ 80.589470] __x64_sys_sendmsg+0x78/0xb0 [ 80.593428] mld_sendpack+0xae7/0xfb0 [ 80.597558] do_syscall_64+0x1b9/0x820 [ 80.601426] ? nf_hook.constprop.41+0x960/0x960 [ 80.605820] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 80.609860] ? _raw_read_unlock_bh+0x30/0x40 [ 80.613637] [ 80.617524] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 80.622165] Freed by task 16: [ 80.627362] ? __local_bh_enable_ip+0x160/0x260 [ 80.631748] save_stack+0x43/0xd0 [ 80.633373] mld_send_initial_cr.part.29+0x114/0x160 [ 80.638814] __kasan_slab_free+0x102/0x150 [ 80.641899] mld_dad_timer_expire+0x42/0x1b0 [ 80.646551] kasan_slab_free+0xe/0x10 [ 80.649999] call_timer_fn+0x26d/0x920 [ 80.655083] kfree+0xcf/0x230 [ 80.659314] ? mld_send_initial_cr.part.29+0x160/0x160 [ 80.663701] qdisc_free+0x89/0x100 [ 80.667482] ? process_timeout+0x40/0x40 [ 80.671359] qdisc_free_cb+0x19/0x20 [ 80.674464] ? trace_hardirqs_off+0xb8/0x310 [ 80.679719] rcu_process_callbacks+0xff9/0x1ad0 [ 80.683239] ? kasan_check_read+0x11/0x20 [ 80.687284] __do_softirq+0x30b/0xb03 [ 80.690979] ? do_raw_spin_unlock+0xa7/0x2f0 [ 80.695358] [ 80.695374] The buggy address belongs to the object at ffff8801bf7d6d40 [ 80.695374] which belongs to the cache kmalloc-2k of size 2048 [ 80.700028] ? trace_hardirqs_on+0x310/0x310 [ 80.704158] The buggy address is located 56 bytes inside of [ 80.704158] 2048-byte region [ffff8801bf7d6d40, ffff8801bf7d7540) [ 80.707943] ? __run_timers+0x7d5/0xc60 [ 80.712322] The buggy address belongs to the page: [ 80.713962] ? lock_downgrade+0x900/0x900 [ 80.726607] page:ffffea0006fdf580 count:1 mapcount:0 mapping:ffff8801da800c40 index:0x0 [ 80.731011] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 80.742862] compound_mapcount: 0 [ 80.746849] ? trace_hardirqs_on+0xbd/0x310 [ 80.751759] flags: 0x2fffc0000010200(slab|head) [ 80.755899] ? kasan_check_read+0x11/0x20 [ 80.764021] raw: 02fffc0000010200 ffffea0006fbdf88 ffffea0006f93008 ffff8801da800c40 [ 80.769108] ? __run_timers+0x7d5/0xc60 [ 80.772797] raw: 0000000000000000 ffff8801bf7d64c0 0000000100000003 0000000000000000 [ 80.777894] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 80.782530] page dumped because: kasan: bad access detected [ 80.786672] ? kasan_check_write+0x14/0x20 [ 80.794525] [ 80.798493] ? do_raw_spin_lock+0xc1/0x200 [ 80.808321] Memory state around the buggy address: [ 80.813776] ? mld_send_initial_cr.part.29+0x160/0x160 [ 80.819455] ffff8801bf7d6c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.823680] __run_timers+0x7e0/0xc60 [ 80.825286] ffff8801bf7d6c80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 80.829556] ? __bpf_trace_timer_expire_entry+0x30/0x30 [ 80.834459] >ffff8801bf7d6d00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 80.839728] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 80.847070] ^ [ 80.850858] ? timerqueue_add+0x207/0x2b0 [ 80.858210] ffff8801bf7d6d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.863567] ? enqueue_hrtimer+0x1a0/0x560 [ 80.870903] ffff8801bf7d6e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.875914] ? lock_release+0x970/0x970 [ 80.883157] ================================================================== [ 80.887298] ? hrtimer_update_softirq_timer+0xa0/0xa0 [ 80.896096] Kernel panic - not syncing: panic_on_warn set ... [ 80.896096] [ 80.898874] ? kasan_check_write+0x14/0x20 [ 80.934281] ? pvclock_read_flags+0x160/0x160 [ 80.938781] ? lock_downgrade+0x900/0x900 [ 80.942933] ? trace_hardirqs_on+0xbd/0x310 [ 80.947254] ? kvm_sched_clock_read+0x9/0x20 [ 80.951657] ? irq_exit+0x17f/0x1c0 [ 80.955282] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 80.960820] ? check_preemption_disabled+0x48/0x200 [ 80.965837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 80.971378] run_timer_softirq+0x52/0xb0 [ 80.975438] ? __this_cpu_preempt_check+0x1c/0x1f [ 80.980276] __do_softirq+0x30b/0xb03 [ 80.984077] ? __irqentry_text_end+0x1f9698/0x1f9698 [ 80.989178] ? pvclock_read_flags+0x160/0x160 [ 80.993667] ? lapic_next_event+0x5a/0x90 [ 80.997818] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.003367] ? clockevents_program_event+0x140/0x370 [ 81.008472] ? kvm_clock_read+0x18/0x30 [ 81.012443] ? kvm_sched_clock_read+0x9/0x20 [ 81.016853] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.022390] ? check_preemption_disabled+0x48/0x200 [ 81.027413] irq_exit+0x17f/0x1c0 [ 81.030867] smp_apic_timer_interrupt+0x1cb/0x750 [ 81.035704] ? smp_reschedule_interrupt+0x109/0x650 [ 81.040718] ? smp_call_function_single_interrupt+0x640/0x640 [ 81.046600] ? interrupt_entry+0xb5/0xc0 [ 81.050661] ? trace_hardirqs_off_caller+0xbb/0x300 [ 81.055676] ? trace_hardirqs_off_caller+0xbb/0x300 [ 81.060691] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 81.065536] ? trace_hardirqs_on_caller+0x310/0x310 [ 81.070552] ? trace_hardirqs_on_caller+0x310/0x310 [ 81.075565] ? task_prio+0x50/0x50 [ 81.079107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.084641] ? check_preemption_disabled+0x48/0x200 [ 81.089660] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 81.094506] apic_timer_interrupt+0xf/0x20 [ 81.098727] [ 81.100979] RIP: 0010:native_safe_halt+0x6/0x10 [ 81.105645] Code: 45 d8 e8 ed 7b 0d fa 48 8b 45 d8 e9 ca fe ff ff 48 89 df e8 dc 7b 0d fa eb 82 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 fb f4 <5d> c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 f4 5d c3 90 90 90 90 90 [ 81.124542] RSP: 0018:ffffffff89207bb8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 [ 81.132248] RAX: dffffc0000000000 RBX: 1ffffffff1240f7b RCX: ffffffff8183778a [ 81.139512] RDX: 1ffffffff1263e91 RSI: ffffffff818377a4 RDI: ffffffff8931f488 [ 81.146774] RBP: ffffffff89207bb8 R08: ffffffff89276e80 R09: ffffed003b5c5b57 [ 81.154037] R10: ffffed003b5c5b57 R11: ffff8801dae2dabb R12: ffffffff89207c78 [ 81.161312] R13: ffffffff89f28a60 R14: 0000000000000000 R15: 0000000000000000 [ 81.168594] ? trace_hardirqs_on+0x9a/0x310 [ 81.172912] ? trace_hardirqs_on+0xb4/0x310 [ 81.178017] default_idle+0xbf/0x490 [ 81.181734] ? rcu_dynticks_eqs_enter+0x4f/0x80 [ 81.186406] ? __sched_text_end+0x1/0x1 [ 81.190380] ? rcu_idle_enter+0x39a/0x530 [ 81.194524] ? rcu_eqs_special_set+0x1c0/0x1c0 [ 81.199104] ? tsc_verify_tsc_adjust+0x137/0x460 [ 81.204985] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 81.210439] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.215977] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.221514] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.227046] arch_cpu_idle+0x10/0x20 [ 81.230758] default_idle_call+0x6d/0x90 [ 81.234815] do_idle+0x3db/0x5b0 [ 81.238180] ? arch_cpu_idle_exit+0x70/0x70 [ 81.242499] ? check_preemption_disabled+0x48/0x200 [ 81.247509] ? __schedule+0x1ed0/0x1ed0 [ 81.251485] cpu_startup_entry+0x10c/0x120 [ 81.255718] ? cpu_in_idle+0x20/0x20 [ 81.259438] rest_init+0xe2/0xe5 [ 81.262807] start_kernel+0x8bc/0x8f7 [ 81.266609] ? mem_encrypt_init+0xb/0xb [ 81.270578] ? early_idt_handler_common+0x3b/0x60 [ 81.275425] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 81.280960] ? x86_family+0x3e/0x50 [ 81.284583] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 81.290121] x86_64_start_reservations+0x29/0x2b [ 81.294874] x86_64_start_kernel+0x76/0x79 [ 81.299108] secondary_startup_64+0xa4/0xb0 [ 81.303427] Modules linked in: [ 81.306612] CR2: ffff8801cef8bd40 [ 81.310055] ---[ end trace 9574044b39703628 ]--- [ 81.314802] RIP: 0010:0xffff8801cef8bd40 [ 81.318875] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <40> b0 dd cd 01 88 ff ff 1a 00 00 00 00 01 00 00 ea ff ff ff 24 00 [ 81.337775] RSP: 0018:ffff8801dae06c78 EFLAGS: 00010292 [ 81.343130] RAX: ffff8801cef8bd40 RBX: ffff8801cd6fd180 RCX: ffffffff860c7d0f [ 81.350391] RDX: ffff8801dae06e20 RSI: ffff8801bf7d6d40 RDI: ffff8801cd6fd180 [ 81.357655] RBP: ffff8801dae071d0 R08: ffffffff89276e80 R09: 0000000000000000 [ 81.364917] R10: ffff8801dae071e8 R11: 0000000000000000 R12: 0000000000000000 [ 81.372180] R13: ffff8801bf7d6d40 R14: 0000000000000100 R15: 0000000000000000 [ 81.379447] FS: 0000000000000000(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000 [ 81.387663] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.393534] CR2: ffff8801cef8bd40 CR3: 00000001c0a8a000 CR4: 00000000001406f0 [ 81.400802] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.408514] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 82.091165] Shutting down cpus with NMI [ 82.096469] Kernel Offset: disabled [ 82.100090] Rebooting in 86400 seconds..