[ 35.601470] audit: type=1800 audit(1550970110.821:27): pid=7527 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 35.640464] audit: type=1800 audit(1550970110.901:28): pid=7527 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.370186] audit: type=1800 audit(1550970111.631:29): pid=7527 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 36.394166] audit: type=1800 audit(1550970111.631:30): pid=7527 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.249' (ECDSA) to the list of known hosts. syzkaller login: [ 43.573655] IPVS: ftp: loaded support on port[0] = 21 [ 43.625541] chnl_net:caif_netlink_parms(): no params data found [ 43.653003] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.659746] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.667111] device bridge_slave_0 entered promiscuous mode [ 43.674089] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.680931] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.688494] device bridge_slave_1 entered promiscuous mode [ 43.703154] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 43.712834] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 43.729207] team0: Port device team_slave_0 added [ 43.735380] team0: Port device team_slave_1 added [ 43.807297] device hsr_slave_0 entered promiscuous mode [ 43.845215] device hsr_slave_1 entered promiscuous mode [ 43.891999] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.898471] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.905300] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.911626] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.939420] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.951345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.970665] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.978163] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.985429] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 43.995324] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.005160] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.012720] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.019121] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.026052] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.033547] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.039923] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.054052] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 44.062375] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 44.072185] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 44.086400] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network executing program [ 44.096844] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 44.107970] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.116212] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.123589] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 44.139565] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 44.150204] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 44.545113] WARNING: CPU: 0 PID: 7686 at net/ipv4/tcp_output.c:2535 tcp_send_loss_probe+0x771/0x8a0 [ 44.554428] Kernel panic - not syncing: panic_on_warn set ... [ 44.560312] CPU: 0 PID: 7686 Comm: syz-executor404 Not tainted 5.0.0-rc7+ #85 [ 44.567565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.576899] Call Trace: [ 44.579461] [ 44.581601] dump_stack+0x172/0x1f0 [ 44.585224] ? tcp_send_loss_probe+0x6a0/0x8a0 [ 44.589803] panic+0x2cb/0x65c [ 44.592983] ? __warn_printk+0xf3/0xf3 [ 44.596854] ? tcp_send_loss_probe+0x771/0x8a0 [ 44.601416] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 44.606938] ? __warn.cold+0x5/0x45 [ 44.610548] ? __warn+0xe8/0x1d0 [ 44.613898] ? tcp_send_loss_probe+0x771/0x8a0 [ 44.618463] __warn.cold+0x20/0x45 [ 44.621987] ? tcp_send_loss_probe+0x771/0x8a0 [ 44.626558] report_bug+0x263/0x2b0 [ 44.630193] do_error_trap+0x11b/0x200 [ 44.634068] do_invalid_op+0x37/0x50 [ 44.637793] ? tcp_send_loss_probe+0x771/0x8a0 [ 44.642369] invalid_op+0x14/0x20 [ 44.645808] RIP: 0010:tcp_send_loss_probe+0x771/0x8a0 [ 44.651004] Code: 88 fc ff ff 4c 89 ef e8 1d 76 c9 fb e9 c8 fc ff ff e8 73 76 c9 fb e9 63 fd ff ff e8 09 76 c9 fb e9 94 f9 ff ff e8 af 73 92 fb <0f> 0b e9 7d fa ff ff e8 a3 73 92 fb 0f b6 1d 07 6e 7b 03 31 ff 89 [ 44.669888] RSP: 0018:ffff8880ae807cb8 EFLAGS: 00010206 [ 44.675232] RAX: ffff88808d6061c0 RBX: 0000000000000000 RCX: ffffffff85dd68fb [ 44.682480] RDX: 0000000000000100 RSI: ffffffff85dd6dd1 RDI: 0000000000000005 [ 44.689745] RBP: ffff8880ae807ce8 R08: ffff88808d6061c0 R09: ffffed1013ddf839 [ 44.696996] R10: ffffed1013ddf838 R11: ffff88809eefc1c3 R12: ffff88808ebe2bc0 [ 44.704246] R13: ffff88809eefc000 R14: 0000000000008000 R15: ffff88808ebe33d0 [ 44.711512] ? tcp_send_loss_probe+0x29b/0x8a0 [ 44.716082] ? tcp_send_loss_probe+0x771/0x8a0 [ 44.720666] ? tcp_send_loss_probe+0x771/0x8a0 [ 44.725240] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 44.730252] tcp_write_timer_handler+0x4f8/0x8e0 [ 44.734993] tcp_write_timer+0x10e/0x1d0 [ 44.739042] call_timer_fn+0x190/0x720 [ 44.742910] ? tcp_write_timer_handler+0x8e0/0x8e0 [ 44.747826] ? process_timeout+0x40/0x40 [ 44.751866] ? run_timer_softirq+0x647/0x1700 [ 44.756349] ? trace_hardirqs_on+0x67/0x230 [ 44.760652] ? kasan_check_read+0x11/0x20 [ 44.764795] ? tcp_write_timer_handler+0x8e0/0x8e0 [ 44.769729] run_timer_softirq+0x652/0x1700 [ 44.774036] ? add_timer+0xbe0/0xbe0 [ 44.777732] ? __lock_is_held+0xb6/0x140 [ 44.781775] ? check_preemption_disabled+0x48/0x290 [ 44.786778] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 44.792216] __do_softirq+0x266/0x95a [ 44.796021] ? nf_ct_iterate_cleanup+0x1f1/0x4e0 [ 44.800757] do_softirq_own_stack+0x2a/0x40 [ 44.805062] [ 44.807303] do_softirq.part.0+0x11a/0x170 [ 44.811534] __local_bh_enable_ip+0x211/0x270 [ 44.816013] nf_ct_iterate_cleanup+0x217/0x4e0 [ 44.820577] ? nf_ct_alloc_hashtable+0x150/0x150 [ 44.825332] nf_ct_iterate_cleanup_net+0x133/0x190 [ 44.830255] ? nf_nat_ipv6_in+0x350/0x350 [ 44.834385] ? nf_ct_iterate_cleanup+0x4e0/0x4e0 [ 44.839125] ? nf_nat_ipv6_in+0x350/0x350 [ 44.843258] masq_device_event+0xb5/0xe0 [ 44.847308] notifier_call_chain+0xc7/0x240 [ 44.851631] raw_notifier_call_chain+0x2e/0x40 [ 44.856215] call_netdevice_notifiers_info+0x3f/0x90 [ 44.861301] dev_close_many+0x33f/0x6f0 [ 44.865267] ? mark_held_locks+0xb1/0x100 [ 44.869407] ? netdev_master_upper_dev_link+0x50/0x50 [ 44.874600] rollback_registered_many+0x43b/0xfd0 [ 44.879434] ? skb_dequeue+0x12e/0x180 [ 44.883300] ? generic_xdp_install+0x3d0/0x3d0 [ 44.887867] ? mark_held_locks+0xb1/0x100 [ 44.891996] ? queue_delayed_work_on+0xe6/0x200 [ 44.896647] ? linkwatch_schedule_work+0x13c/0x170 [ 44.901559] ? queue_delayed_work_on+0xe6/0x200 [ 44.906210] ? lockdep_hardirqs_on+0x415/0x5d0 [ 44.910776] rollback_registered+0x109/0x1d0 [ 44.915170] ? rollback_registered_many+0xfd0/0xfd0 [ 44.920179] unregister_netdevice_queue+0x1ee/0x2c0 [ 44.925192] __tun_detach+0xd5b/0x1000 [ 44.929073] ? cpufreq_out_of_sync+0x30/0x100 [ 44.933559] ? __tun_detach+0x1000/0x1000 [ 44.937691] tun_chr_close+0xe0/0x180 [ 44.941476] __fput+0x2df/0x8d0 [ 44.944754] ____fput+0x16/0x20 [ 44.948033] task_work_run+0x14a/0x1c0 [ 44.951906] do_exit+0x92c/0x2fd0 [ 44.955345] ? get_signal+0x331/0x1d50 [ 44.959213] ? mm_update_next_owner+0x660/0x660 [ 44.963866] ? kasan_check_read+0x11/0x20 [ 44.968000] ? _raw_spin_unlock_irq+0x28/0x90 [ 44.972476] ? get_signal+0x331/0x1d50 [ 44.976343] ? _raw_spin_unlock_irq+0x28/0x90 [ 44.980826] do_group_exit+0x135/0x370 [ 44.984713] get_signal+0x399/0x1d50 [ 44.988432] do_signal+0x87/0x1940 [ 44.991954] ? tcp_setsockopt+0x9d/0xf0 [ 44.995912] ? setup_sigcontext+0x7d0/0x7d0 [ 45.000223] ? exit_to_usermode_loop+0x43/0x2c0 [ 45.004885] ? do_syscall_64+0x52d/0x610 [ 45.008936] ? exit_to_usermode_loop+0x43/0x2c0 [ 45.013588] ? lockdep_hardirqs_on+0x415/0x5d0 [ 45.018157] ? trace_hardirqs_on+0x67/0x230 [ 45.022458] exit_to_usermode_loop+0x244/0x2c0 [ 45.027025] do_syscall_64+0x52d/0x610 [ 45.030941] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 45.036112] RIP: 0033:0x447379 [ 45.039296] Code: Bad RIP value. [ 45.042669] RSP: 002b:00007f9f2c852db8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 45.050359] RAX: fffffffffffffe00 RBX: 00000000006dcc38 RCX: 0000000000447379 [ 45.057612] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dcc38 [ 45.064868] RBP: 00000000006dcc30 R08: 0000000000000000 R09: 0000000000000000 [ 45.072129] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc3c [ 45.079378] R13: 00007fff0a8dd3af R14: 00007f9f2c8539c0 R15: 0000000000000004 [ 45.087896] Kernel Offset: disabled [ 45.091574] Rebooting in 86400 seconds..