[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 59.268949][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 59.268958][ T27] audit: type=1800 audit(1566273559.879:29): pid=9526 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 59.295116][ T27] audit: type=1800 audit(1566273559.879:30): pid=9526 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.1.50' (ECDSA) to the list of known hosts. 2019/08/20 03:59:31 parsed 1 programs 2019/08/20 03:59:32 executed programs: 0 syzkaller login: [ 72.090626][ T9695] IPVS: ftp: loaded support on port[0] = 21 [ 72.133312][ T9695] chnl_net:caif_netlink_parms(): no params data found [ 72.152904][ T9695] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.160244][ T9695] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.167745][ T9695] device bridge_slave_0 entered promiscuous mode [ 72.174957][ T9695] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.182015][ T9695] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.189522][ T9695] device bridge_slave_1 entered promiscuous mode [ 72.202603][ T9695] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.212884][ T9695] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.228512][ T9695] team0: Port device team_slave_0 added [ 72.235876][ T9695] team0: Port device team_slave_1 added [ 72.295203][ T9695] device hsr_slave_0 entered promiscuous mode [ 72.333879][ T9695] device hsr_slave_1 entered promiscuous mode [ 72.388814][ T9695] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.395925][ T9695] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.403190][ T9695] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.410477][ T9695] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.433859][ T9695] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.443340][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 72.453854][ T3014] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.461152][ T3014] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.468844][ T3014] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 72.478910][ T9695] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.487690][ T3519] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 72.495894][ T3519] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.502912][ T3519] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.519762][ T9695] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 72.530282][ T9695] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 72.542442][ T3519] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 72.550722][ T3519] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.557933][ T3519] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.566414][ T3519] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 72.575086][ T3519] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 72.583200][ T3519] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 72.591377][ T3519] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 72.599804][ T3519] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 72.607386][ T3519] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 72.620155][ T9695] 8021q: adding VLAN 0 to HW filter on device batadv0 2019/08/20 03:59:37 executed programs: 259 2019/08/20 03:59:42 executed programs: 523 [ 84.754797][T12268] ------------[ cut here ]------------ [ 84.760634][T12268] WARNING: CPU: 0 PID: 12268 at include/net/sock.h:666 smc_unhash_sk.cold+0x11/0x18 [ 84.769970][T12268] Kernel panic - not syncing: panic_on_warn set ... [ 84.776529][T12268] CPU: 0 PID: 12268 Comm: syz-executor.0 Not tainted 5.3.0-rc5+ #117 [ 84.784561][T12268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 84.795111][T12268] Call Trace: [ 84.798380][T12268] dump_stack+0x172/0x1f0 [ 84.802683][T12268] ? smc_listen_work+0x1580/0x15a3 [ 84.807764][T12268] panic+0x2dc/0x755 [ 84.811630][T12268] ? add_taint.cold+0x16/0x16 [ 84.816281][T12268] ? __kasan_check_write+0x14/0x20 [ 84.821361][T12268] ? __warn.cold+0x5/0x4c [ 84.825661][T12268] ? __warn+0xe7/0x1e0 [ 84.829702][T12268] ? smc_unhash_sk.cold+0x11/0x18 [ 84.834699][T12268] __warn.cold+0x20/0x4c [ 84.838918][T12268] ? wake_up_klogd+0x99/0xd0 [ 84.843489][T12268] ? smc_unhash_sk.cold+0x11/0x18 [ 84.848491][T12268] report_bug+0x263/0x2b0 [ 84.852796][T12268] do_error_trap+0x11b/0x200 [ 84.857358][T12268] do_invalid_op+0x37/0x50 [ 84.861746][T12268] ? smc_unhash_sk.cold+0x11/0x18 [ 84.866740][T12268] invalid_op+0x23/0x30 [ 84.870868][T12268] RIP: 0010:smc_unhash_sk.cold+0x11/0x18 [ 84.876468][T12268] Code: 89 ff e8 ef 6b a6 fa e9 d7 f8 ff ff 4c 89 ff e8 e2 6b a6 fa e9 57 fa ff ff e8 08 59 6c fa 48 c7 c7 20 38 42 88 e8 d0 f9 55 fa <0f> 0b e9 ad 43 ff ff e8 f0 58 6c fa 48 c7 c7 20 38 42 88 e8 b8 f9 [ 84.896052][T12268] RSP: 0018:ffff8880a1e57d00 EFLAGS: 00010282 [ 84.902097][T12268] RAX: 0000000000000024 RBX: ffff8880a58bf340 RCX: 0000000000000000 [ 84.910046][T12268] RDX: 0000000000000000 RSI: ffffffff815c2456 RDI: ffffed10143caf92 [ 84.917991][T12268] RBP: ffff8880a1e57d30 R08: 0000000000000024 R09: ffffed1015d060d1 [ 84.925933][T12268] R10: ffffed1015d060d0 R11: ffff8880ae830687 R12: ffff8880a58bf3c0 [ 84.933878][T12268] R13: ffffffff8999dec0 R14: ffff8880a58bf368 R15: 0000000000000001 [ 84.941829][T12268] ? vprintk_func+0x86/0x189 [ 84.946391][T12268] __smc_release+0x202/0x450 [ 84.950952][T12268] smc_release+0x10c/0x380 [ 84.955342][T12268] __sock_release+0xce/0x280 [ 84.959905][T12268] sock_close+0x1e/0x30 [ 84.964036][T12268] __fput+0x2ff/0x890 [ 84.967991][T12268] ? __sock_release+0x280/0x280 [ 84.972814][T12268] ____fput+0x16/0x20 [ 84.976767][T12268] task_work_run+0x145/0x1c0 [ 84.981332][T12268] exit_to_usermode_loop+0x316/0x380 [ 84.986589][T12268] do_syscall_64+0x5a9/0x6a0 [ 84.991152][T12268] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 84.997011][T12268] RIP: 0033:0x413511 [ 85.000876][T12268] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 85.020559][T12268] RSP: 002b:00007ffd846659f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 85.028938][T12268] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000413511 [ 85.036880][T12268] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000003 [ 85.044823][T12268] RBP: 0000000000000000 R08: ffffffffffffffff R09: ffffffffffffffff [ 85.052779][T12268] R10: 00007ffd84665ad0 R11: 0000000000000293 R12: 000000000075bfc8 [ 85.060723][T12268] R13: 0000000000014aff R14: 0000000000760290 R15: ffffffffffffffff [ 85.069768][T12268] Kernel Offset: disabled [ 85.074083][T12268] Rebooting in 86400 seconds..