[ 81.187792][ T27] audit: type=1800 audit(1582147985.423:26): pid=9919 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 82.118839][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 82.118852][ T27] audit: type=1800 audit(1582147986.373:29): pid=9919 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 82.149988][ T27] audit: type=1800 audit(1582147986.403:30): pid=9919 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.23' (ECDSA) to the list of known hosts. syzkaller login: [ 91.641595][T10077] IPVS: ftp: loaded support on port[0] = 21 [ 91.703726][T10077] chnl_net:caif_netlink_parms(): no params data found [ 91.752113][T10077] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.759520][T10077] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.767713][T10077] device bridge_slave_0 entered promiscuous mode [ 91.777049][T10077] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.784248][T10077] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.792330][T10077] device bridge_slave_1 entered promiscuous mode [ 91.809710][T10077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.820659][T10077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.840263][T10077] team0: Port device team_slave_0 added [ 91.849247][T10077] team0: Port device team_slave_1 added [ 91.864369][T10077] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.871689][T10077] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.897794][T10077] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.910120][T10077] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.917087][T10077] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.943229][T10077] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.000702][T10077] device hsr_slave_0 entered promiscuous mode [ 92.038288][T10077] device hsr_slave_1 entered promiscuous mode [ 92.162108][T10077] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.220896][T10077] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.261362][T10077] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.310570][T10077] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.362994][T10077] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.370318][T10077] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.378213][T10077] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.385295][T10077] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.433692][T10077] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.447091][ T2685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 92.457379][ T2685] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.466264][ T2685] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.475044][ T2685] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 92.489620][T10077] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.500642][ T2866] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 92.509992][ T2866] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.517056][ T2866] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.538411][ T2685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 92.546838][ T2685] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.554289][ T2685] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.562590][ T2685] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 92.571696][ T2863] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 92.581829][ T2866] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 92.598874][ T2866] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 92.607281][ T2866] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 92.620236][T10077] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 92.640370][ T2685] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 92.649178][ T2685] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 92.656402][T10077] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.677129][ T2685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 92.699030][ T2866] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 92.707523][ T2866] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 92.715820][ T2866] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 92.724243][T10077] device veth0_vlan entered promiscuous mode [ 92.737456][T10077] device veth1_vlan entered promiscuous mode [ 92.761253][ T2866] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 92.770829][ T2866] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 92.781899][T10077] device veth0_macvtap entered promiscuous mode [ 92.792488][T10077] device veth1_macvtap entered promiscuous mode [ 92.810077][T10077] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.819093][ T2866] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 92.827284][ T2866] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 92.835948][ T2866] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 92.845624][ T2866] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 92.857963][T10077] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.870732][ T2831] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 92.879467][ T2831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 93.142209][T10083] xt_hashlimit: size too large, truncated to 1048576 [ 93.166454][T10083] xt_CT: You must specify a L4 protocol and not use inversions on it [ 93.306152][T10085] xt_hashlimit: size too large, truncated to 1048576 [ 93.353392][T10085] xt_CT: You must specify a L4 protocol and not use inversions on it executing program [ 94.593677][T10087] xt_hashlimit: size too large, truncated to 1048576 [ 94.617090][T10087] xt_CT: You must specify a L4 protocol and not use inversions on it [ 94.757575][T10089] xt_hashlimit: size too large, truncated to 1048576 [ 94.800798][T10089] xt_CT: You must specify a L4 protocol and not use inversions on it executing program [ 95.938017][T10091] xt_hashlimit: size too large, truncated to 1048576 [ 95.961017][T10091] xt_CT: You must specify a L4 protocol and not use inversions on it [ 96.103443][T10093] xt_hashlimit: size too large, truncated to 1048576 [ 96.144786][T10093] xt_CT: You must specify a L4 protocol and not use inversions on it executing program [ 97.287002][T10095] xt_hashlimit: size too large, truncated to 1048576 [ 97.311838][T10095] xt_CT: You must specify a L4 protocol and not use inversions on it [ 97.450665][T10097] xt_hashlimit: size too large, truncated to 1048576 [ 97.491938][T10097] xt_CT: You must specify a L4 protocol and not use inversions on it executing program [ 98.646723][T10099] xt_hashlimit: size too large, truncated to 1048576 [ 98.671110][T10099] xt_CT: You must specify a L4 protocol and not use inversions on it [ 98.812678][T10101] xt_hashlimit: size too large, truncated to 1048576 [ 98.853641][T10101] xt_CT: You must specify a L4 protocol and not use inversions on it executing program [ 100.014894][T10103] xt_hashlimit: size too large, truncated to 1048576 [ 100.041918][T10103] xt_CT: You must specify a L4 protocol and not use inversions on it [ 100.179427][T10105] xt_hashlimit: size too large, truncated to 1048576 [ 100.220843][T10105] xt_CT: You must specify a L4 protocol and not use inversions on it executing program [ 101.372839][T10107] xt_hashlimit: size too large, truncated to 1048576 [ 101.396792][T10107] xt_CT: You must specify a L4 protocol and not use inversions on it [ 101.536683][T10109] xt_hashlimit: size too large, truncated to 1048576 [ 101.577752][T10109] xt_CT: You must specify a L4 protocol and not use inversions on it executing program [ 102.729374][T10111] xt_hashlimit: size too large, truncated to 1048576 [ 102.752814][T10111] xt_CT: You must specify a L4 protocol and not use inversions on it [ 102.894293][T10113] xt_hashlimit: size too large, truncated to 1048576 [ 102.935402][T10113] xt_CT: You must specify a L4 protocol and not use inversions on it executing program [ 104.083250][T10115] xt_hashlimit: size too large, truncated to 1048576 [ 104.107222][T10115] xt_CT: You must specify a L4 protocol and not use inversions on it [ 104.248501][T10117] xt_hashlimit: size too large, truncated to 1048576 [ 104.290458][T10117] xt_CT: You must specify a L4 protocol and not use inversions on it executing program [ 105.439515][T10119] xt_hashlimit: size too large, truncated to 1048576 [ 105.463875][T10119] xt_CT: You must specify a L4 protocol and not use inversions on it [ 105.605064][T10121] xt_hashlimit: size too large, truncated to 1048576 [ 105.648461][T10121] xt_CT: You must specify a L4 protocol and not use inversions on it executing program [ 106.801970][T10123] xt_hashlimit: size too large, truncated to 1048576 [ 106.825934][T10123] xt_CT: You must specify a L4 protocol and not use inversions on it [ 106.965921][T10125] xt_hashlimit: size too large, truncated to 1048576 [ 107.006856][T10125] xt_CT: You must specify a L4 protocol and not use inversions on it executing program [ 108.983390][T10127] xt_hashlimit: size too large, truncated to 1048576 [ 109.008042][T10127] xt_CT: You must specify a L4 protocol and not use inversions on it [ 109.149999][T10129] xt_hashlimit: size too large, truncated to 1048576 [ 109.192351][T10129] ------------[ cut here ]------------ [ 109.199225][T10129] proc_dir_entry 'ipt_hashlimit/bridge_slave_1' already registered [ 109.207416][T10129] WARNING: CPU: 1 PID: 10129 at fs/proc/generic.c:362 proc_register+0x41e/0x590 [ 109.216533][T10129] Kernel panic - not syncing: panic_on_warn set ... [ 109.223140][T10129] CPU: 1 PID: 10129 Comm: syz-executor651 Not tainted 5.6.0-rc2-next-20200219-syzkaller #0 [ 109.233127][T10129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 109.243634][T10129] Call Trace: [ 109.246942][T10129] dump_stack+0x197/0x210 [ 109.251349][T10129] ? proc_register+0x3e0/0x590 [ 109.256290][T10129] panic+0x2e3/0x75c [ 109.260230][T10129] ? add_taint.cold+0x16/0x16 [ 109.264940][T10129] ? __kasan_check_write+0x14/0x20 [ 109.270072][T10129] ? __warn.cold+0x14/0x3e [ 109.274506][T10129] ? __warn+0xd9/0x1cf [ 109.278599][T10129] ? proc_register+0x41e/0x590 [ 109.283445][T10129] __warn.cold+0x2f/0x3e [ 109.287712][T10129] ? proc_register+0x41e/0x590 [ 109.292503][T10129] report_bug+0x289/0x300 [ 109.296858][T10129] do_error_trap+0x11b/0x200 [ 109.301482][T10129] do_invalid_op+0x37/0x50 [ 109.305914][T10129] ? proc_register+0x41e/0x590 [ 109.310698][T10129] invalid_op+0x23/0x30 [ 109.314872][T10129] RIP: 0010:proc_register+0x41e/0x590 [ 109.320258][T10129] Code: ff df 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 5a 01 00 00 48 8b 45 d0 48 c7 c7 e0 31 59 88 48 8b b0 d0 00 00 00 e8 61 db 5d ff <0f> 0b 48 c7 c7 e0 4e cb 89 e8 24 14 0d 06 48 8b 4d a0 48 b8 00 00 [ 109.340265][T10129] RSP: 0018:ffffc9000523f600 EFLAGS: 00010282 [ 109.346583][T10129] RAX: 0000000000000000 RBX: ffff8880994b95b0 RCX: 0000000000000000 [ 109.354579][T10129] RDX: 0000000000000000 RSI: ffffffff815ee626 RDI: fffff52000a47eb2 [ 109.362568][T10129] RBP: ffffc9000523f668 R08: ffff8880922ac540 R09: ffffed1015d245c9 [ 109.371301][T10129] R10: ffffed1015d245c8 R11: ffff8880ae922e43 R12: ffff88808fb9f980 [ 109.379312][T10129] R13: 0000000000000000 R14: ffff8880a10e0278 R15: dffffc0000000000 [ 109.387460][T10129] ? vprintk_func+0x86/0x189 [ 109.392098][T10129] proc_create_seq_private+0x12b/0x190 [ 109.397680][T10129] ? proc_create+0x40/0x40 [ 109.402154][T10129] ? lockdep_init_map+0x1be/0x6d0 [ 109.407471][T10129] hashlimit_mt_check_common.isra.0+0xb30/0x1680 [ 109.414014][T10129] hashlimit_mt_check+0xa4/0xd0 [ 109.418886][T10129] ? hashlimit_mt_check_common.isra.0+0x1680/0x1680 [ 109.425581][T10129] xt_check_match+0x280/0x690 [ 109.430275][T10129] ? xt_check_target+0x690/0x690 [ 109.435321][T10129] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 109.441765][T10129] ? mutex_unlock+0xd/0x10 [ 109.446190][T10129] ? xt_find_match+0x73/0x280 [ 109.451508][T10129] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 109.458003][T10129] find_check_entry.isra.0+0x32f/0x920 [ 109.463493][T10129] ? ipt_do_table+0x1b80/0x1b80 [ 109.468365][T10129] ? lockdep_hardirqs_on+0x421/0x5e0 [ 109.473683][T10129] ? trace_hardirqs_on+0x67/0x240 [ 109.478767][T10129] ? kvfree+0x4a/0x60 [ 109.482786][T10129] translate_table+0xcb4/0x17d0 [ 109.487794][T10129] ? compat_do_ipt_get_ctl+0x910/0x910 [ 109.493287][T10129] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 109.499644][T10129] ? _copy_from_user+0x12c/0x1a0 [ 109.504606][T10129] do_ipt_set_ctl+0x2fe/0x4c2 [ 109.509412][T10129] ? compat_do_ipt_set_ctl+0x170/0x170 [ 109.514921][T10129] ? mutex_unlock+0xd/0x10 [ 109.519695][T10129] ? nf_sockopt_find.constprop.0+0x226/0x290 [ 109.525868][T10129] nf_setsockopt+0x77/0xd0 [ 109.530308][T10129] ip_setsockopt+0xdf/0x100 [ 109.534994][T10129] tcp_setsockopt+0x8f/0xe0 [ 109.539554][T10129] sock_common_setsockopt+0x94/0xd0 [ 109.544921][T10129] __sys_setsockopt+0x261/0x4c0 [ 109.549792][T10129] ? sock_create_kern+0x50/0x50 [ 109.554677][T10129] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 109.560674][T10129] ? __x64_sys_futex+0x404/0x590 [ 109.565640][T10129] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 109.571178][T10129] ? do_syscall_64+0x26/0x790 [ 109.575922][T10129] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 109.582008][T10129] ? do_syscall_64+0x26/0x790 [ 109.586706][T10129] __x64_sys_setsockopt+0xbe/0x150 [ 109.591841][T10129] do_syscall_64+0xfa/0x790 [ 109.596374][T10129] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 109.602376][T10129] RIP: 0033:0x44f519 [ 109.606312][T10129] Code: e8 cc 15 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 05 fc ff c3 66 2e 0f 1f 84 00 00 00 00 [ 109.627443][T10129] RSP: 002b:00007f21a2d4dce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 109.636401][T10129] RAX: ffffffffffffffda RBX: 00000000006eca28 RCX: 000000000044f519 [ 109.644651][T10129] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 109.653314][T10129] RBP: 00000000006eca20 R08: 00000000000003e8 R09: 0000000000000000 [ 109.661545][T10129] R10: 0000000020000000 R11: 0000000000000246 R12: 00000000006eca2c [ 109.669799][T10129] R13: 00007ffd2d78439f R14: 00007f21a2d4e9c0 R15: 20c49ba5e353f7cf [ 109.683288][T10129] Kernel Offset: disabled [ 109.688356][T10129] Rebooting in 86400 seconds..