[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 28.626023] kauditd_printk_skb: 8 callbacks suppressed [ 28.626035] audit: type=1800 audit(1543769362.607:29): pid=5894 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 28.652114] audit: type=1800 audit(1543769362.607:30): pid=5894 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.831722] sshd (6033) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.10.62' (ECDSA) to the list of known hosts. [ 39.286177] IPVS: ftp: loaded support on port[0] = 21 [ 39.448039] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.454954] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.462518] device bridge_slave_0 entered promiscuous mode [ 39.481126] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.487562] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.494472] device bridge_slave_1 entered promiscuous mode [ 39.512917] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 39.531101] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 39.579929] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 39.600026] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 39.674944] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 39.682476] team0: Port device team_slave_0 added [ 39.699727] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 39.706979] team0: Port device team_slave_1 added [ 39.723874] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 39.742877] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 39.761448] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 39.782223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready RTNETLINK answers: Operation not supported RTNETLINK answers: No buffer space available RTNETLINK answers: Operation not supported [ 39.927106] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.933529] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.940454] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.946840] bridge0: port 1(bridge_slave_0) entered forwarding state RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Operation not supported RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument [ 40.461019] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.514285] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 40.566345] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 40.572519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 40.580388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.628907] 8021q: adding VLAN 0 to HW filter on device team0 executing program [ 41.174047] BUG: unable to handle kernel paging request at ffff888220000000 [ 41.181297] PGD be01067 P4D be01067 PUD be04067 PMD 0 [ 41.186617] Oops: 0000 [#1] PREEMPT SMP KASAN [ 41.191110] CPU: 0 PID: 6050 Comm: syz-executor783 Not tainted 4.20.0-rc3+ #95 [ 41.198461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.207803] RIP: 0010:do_csum+0x192/0x410 [ 41.211935] Code: 85 f6 74 54 4d 89 ef e8 ac 94 a6 f9 41 83 ee 01 31 ff 31 c0 44 89 f6 49 03 1f 49 13 5f 08 49 13 5f 10 49 13 5f 18 49 13 5f 20 <49> 13 5f 28 49 13 5f 30 49 13 5f 38 48 11 c3 e8 8a 95 a6 f9 49 83 [ 41.230817] RSP: 0018:ffff8881c1e76568 EFLAGS: 00010216 [ 41.236161] RAX: 0000000000000000 RBX: 53ef0a0ef766fad7 RCX: ffffffff87d8f676 [ 41.243411] RDX: 0000000000000000 RSI: 000000000262d006 RDI: 0000000000000000 [ 41.250663] RBP: ffff8881c1e765a0 R08: ffff8881c1434100 R09: ffff8881b8b50194 [ 41.257914] R10: 000000000000ffd4 R11: ffffea0006f565f7 R12: 00000000ffff0038 [ 41.265182] R13: ffff8881b8b50198 R14: 000000000262d006 R15: ffff88821fffffd8 [ 41.272450] FS: 000000000269b880(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000 [ 41.280656] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.286519] CR2: ffff888220000000 CR3: 00000001cf70d000 CR4: 00000000001406f0 [ 41.293772] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 41.301056] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 41.308312] Call Trace: [ 41.310909] csum_partial+0x21/0x30 [ 41.314535] tcp_gso_segment+0xa7d/0x17b0 [ 41.318669] ? sk_common_release+0x320/0x320 [ 41.323069] tcp6_gso_segment+0x1c8/0x580 [ 41.327204] ipv6_gso_segment+0x554/0x1130 [ 41.331437] ? tag_mount+0xfe2/0x1ce0 [ 41.335239] ? sit_ip6ip6_gro_receive+0x100/0x100 [ 41.340069] ? __lock_is_held+0xb5/0x140 [ 41.344113] ? sit_ip6ip6_gro_receive+0x100/0x100 [ 41.348937] inet_gso_segment+0x639/0x1350 [ 41.353157] ? inet_sock_destruct+0x9b0/0x9b0 [ 41.357641] ipv6_gso_segment+0x554/0x1130 [ 41.361872] ? skb_mac_gso_segment+0x229/0x740 [ 41.366440] ? sit_ip6ip6_gro_receive+0x100/0x100 [ 41.371274] ? kasan_check_read+0x11/0x20 [ 41.375405] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 41.380700] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 41.385899] ? rcu_softirq_qs+0x20/0x20 [ 41.389855] ? skb_network_protocol+0xfc/0x4c0 [ 41.394427] skb_mac_gso_segment+0x3b3/0x740 [ 41.398836] ? sit_ip6ip6_gro_receive+0x100/0x100 [ 41.403661] ? skb_network_protocol+0x4c0/0x4c0 [ 41.408326] ? print_usage_bug+0xc0/0xc0 [ 41.412371] ? __lock_acquire+0x2aff/0x4c20 [ 41.416676] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 41.421847] ? skb_network_protocol+0xfc/0x4c0 [ 41.426412] __skb_gso_segment+0x3c3/0x880 [ 41.430632] ? skb_mac_gso_segment+0x740/0x740 [ 41.435195] validate_xmit_skb+0x640/0xf30 [ 41.439415] ? netif_skb_features+0xb70/0xb70 [ 41.443909] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.449557] ? check_preemption_disabled+0x48/0x280 [ 41.454570] validate_xmit_skb_list+0xd1/0x140 [ 41.459152] sch_direct_xmit+0x30e/0x1130 [ 41.463317] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.468838] ? check_preemption_disabled+0x48/0x280 [ 41.473837] ? dev_watchdog+0xb10/0xb10 [ 41.477795] ? __lock_is_held+0xb5/0x140 [ 41.481857] __qdisc_run+0x636/0x1990 [ 41.485646] ? sch_direct_xmit+0x1130/0x1130 [ 41.490038] ? lock_acquire+0x1ed/0x520 [ 41.493992] ? dev_queue_xmit+0x17/0x20 [ 41.497990] ? lock_release+0xa00/0xa00 [ 41.501946] ? mini_qdisc_pair_init+0x160/0x160 [ 41.506599] __dev_queue_xmit+0x1915/0x3ad0 [ 41.510917] ? dev_queue_xmit+0x17/0x20 [ 41.514886] ? netdev_pick_tx+0x310/0x310 [ 41.519017] ? __alloc_skb+0x4c6/0x770 [ 41.522894] ? mark_held_locks+0x130/0x130 [ 41.527112] ? kasan_check_read+0x11/0x20 [ 41.531241] ? zap_class+0x640/0x640 [ 41.534941] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.540459] ? refcount_add_not_zero_checked+0x21e/0x330 [ 41.545894] ? find_held_lock+0x36/0x1c0 [ 41.549958] ? perf_trace_sched_process_exec+0x860/0x860 [ 41.555392] ? kasan_check_write+0x14/0x20 [ 41.559607] ? copyin+0xb7/0x100 [ 41.562958] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 41.567957] ? copy_page_from_iter+0x541/0x8f0 [ 41.572536] ? _copy_from_iter+0xf70/0xf70 [ 41.576754] ? _copy_from_iter_full+0x2d8/0xce0 [ 41.581408] ? kasan_check_read+0x11/0x20 [ 41.585537] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 41.590795] ? depot_save_stack+0x292/0x470 [ 41.595111] ? skb_copy_datagram_from_iter+0x451/0x660 [ 41.600383] dev_queue_xmit+0x17/0x20 [ 41.604163] ? dev_queue_xmit+0x17/0x20 [ 41.608119] packet_sendmsg+0x430a/0x6570 [ 41.612251] ? find_held_lock+0x36/0x1c0 [ 41.616329] ? packet_getname+0x5f0/0x5f0 [ 41.620457] ? perf_trace_sched_process_exec+0x860/0x860 [ 41.625890] ? usercopy_warn+0x110/0x110 [ 41.629944] ? perf_trace_sched_wake_idle_without_ipi+0x5f0/0x600 [ 41.636159] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.641679] ? _copy_from_user+0xdf/0x150 [ 41.645813] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.651352] ? debug_lockdep_rcu_enabled+0x77/0x90 [ 41.656264] ? aa_sk_perm+0x22b/0x8e0 [ 41.660046] ? import_iovec+0x2a3/0x4b0 [ 41.664005] ? aa_af_perm+0x5a0/0x5a0 [ 41.667790] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.673310] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 41.678223] ? apparmor_socket_sendmsg+0x29/0x30 [ 41.682961] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.688480] ? security_socket_sendmsg+0x94/0xc0 [ 41.693216] ? packet_getname+0x5f0/0x5f0 [ 41.697350] sock_sendmsg+0xd5/0x120 [ 41.701047] ___sys_sendmsg+0x7fd/0x930 [ 41.705001] ? find_held_lock+0x36/0x1c0 [ 41.709047] ? copy_msghdr_from_user+0x580/0x580 [ 41.713786] ? zap_class+0x640/0x640 [ 41.717500] ? perf_trace_sched_process_exec+0x860/0x860 [ 41.722932] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.728473] ? __fget_light+0x2e9/0x430 [ 41.732447] ? fget_raw+0x20/0x20 [ 41.735884] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.741421] ? aa_af_perm+0x5a0/0x5a0 [ 41.745211] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 41.750761] ? sockfd_lookup_light+0xc5/0x160 [ 41.755249] __sys_sendmsg+0x11d/0x280 [ 41.759149] ? __ia32_sys_shutdown+0x80/0x80 [ 41.763538] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 41.769055] ? __sys_setsockopt+0x254/0x3c0 [ 41.773361] ? do_syscall_64+0x9a/0x820 [ 41.777378] ? do_syscall_64+0x9a/0x820 [ 41.781687] ? trace_hardirqs_off_caller+0x310/0x310 [ 41.786786] __x64_sys_sendmsg+0x78/0xb0 [ 41.790833] do_syscall_64+0x1b9/0x820 [ 41.794731] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 41.800078] ? syscall_return_slowpath+0x5e0/0x5e0 [ 41.804990] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.809817] ? trace_hardirqs_on_caller+0x310/0x310 [ 41.814815] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 41.819815] ? prepare_exit_to_usermode+0x291/0x3b0 [ 41.824836] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 41.829665] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.834837] RIP: 0033:0x441449 [ 41.838012] Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 41.856899] RSP: 002b:00007ffe6e54d558 EFLAGS: 00000286 ORIG_RAX: 000000000000002e [ 41.864602] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000441449 [ 41.871858] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000003 [ 41.879109] RBP: 00000000006cc018 R08: 0000000000000100 R09: 0000000000000100 [ 41.886359] R10: 0000000000000100 R11: 0000000000000286 R12: 00000000004023b0 [ 41.893627] R13: 0000000000402440 R14: 0000000000000000 R15: 0000000000000000 [ 41.900886] Modules linked in: [ 41.904076] CR2: ffff888220000000 [ 41.907525] ---[ end trace deeb867ab11cbe51 ]--- [ 41.912294] RIP: 0010:do_csum+0x192/0x410 [ 41.916440] Code: 85 f6 74 54 4d 89 ef e8 ac 94 a6 f9 41 83 ee 01 31 ff 31 c0 44 89 f6 49 03 1f 49 13 5f 08 49 13 5f 10 49 13 5f 18 49 13 5f 20 <49> 13 5f 28 49 13 5f 30 49 13 5f 38 48 11 c3 e8 8a 95 a6 f9 49 83 [ 41.935346] RSP: 0018:ffff8881c1e76568 EFLAGS: 00010216 [ 41.940712] RAX: 0000000000000000 RBX: 53ef0a0ef766fad7 RCX: ffffffff87d8f676 [ 41.947994] RDX: 0000000000000000 RSI: 000000000262d006 RDI: 0000000000000000 [ 41.955259] RBP: ffff8881c1e765a0 R08: ffff8881c1434100 R09: ffff8881b8b50194 [ 41.962520] R10: 000000000000ffd4 R11: ffffea0006f565f7 R12: 00000000ffff0038 [ 41.969789] R13: ffff8881b8b50198 R14: 000000000262d006 R15: ffff88821fffffd8 [ 41.977050] FS: 000000000269b880(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000 [ 41.985271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 41.991132] CR2: ffff888220000000 CR3: 00000001cf70d000 CR4: 00000000001406f0 [ 41.998403] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.005675] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.012962] Kernel panic - not syncing: Fatal exception in interrupt [ 42.020484] Kernel Offset: disabled [ 42.024108] Rebooting in 86400 seconds..