IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready ------------[ cut here ]------------ kernel BUG at net/ipv4/tcp_output.c:2591! invalid opcode: 0000 [#1] PREEMPT SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 4554 Comm: syz-executor0 Not tainted 4.4.128-gbd23e3a #19 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8800b4313000 task.stack: ffff8800ac720000 RIP: 0010:[] [] __tcp_retransmit_skb+0x17e5/0x1860 net/ipv4/tcp_output.c:2591 RSP: 0000:ffff8801db207b60 EFLAGS: 00010206 RAX: ffff8800b4313000 RBX: ffff8800b43f5428 RCX: ffff8800acc91744 RDX: 0000000000000100 RSI: ffffffff83289aa5 RDI: ffff8800b43f542c RBP: ffff8801db207c08 R08: 0000000da7486e93 R09: 0000000000000006 R10: ffffed0043fffa01 R11: 0000000000000001 R12: 000000004a399f41 R13: 0000000049f9a981 R14: ffff8800b43f5400 R15: ffff8800acc91500 FS: 0000000000000000(0000) GS:ffff8801db200000(0063) knlGS:000000000934e900 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 0000000020000000 CR3: 00000000b37d8000 CR4: 0000000000160670 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Stack: 0000000da7486e93 ffffffffffffffff 0000000da775b076 ffff8800acc91500 0000000000000004 0000000049faa958 dffffc0000000000 ffff8800acc91744 ffff8801db207bc8 ffffffff833a7e1e ffff8800acc91500 ffffffff833a7a00 Call Trace: [] tcp_retransmit_skb+0x23/0x2c0 net/ipv4/tcp_output.c:2664 [] tcp_retransmit_timer+0x7bd/0x1ed0 net/ipv4/tcp_timer.c:461 [] tcp_write_timer_handler+0x1f1/0x6f0 net/ipv4/tcp_timer.c:543 [] tcp_write_timer+0xba/0xd0 net/ipv4/tcp_timer.c:561 [] call_timer_fn+0x18c/0x870 kernel/time/timer.c:1185 [] __run_timers kernel/time/timer.c:1261 [inline] [] run_timer_softirq+0x642/0xb90 kernel/time/timer.c:1444 [] __do_softirq+0x22c/0xa1a kernel/softirq.c:273 [] invoke_softirq kernel/softirq.c:350 [inline] [] irq_exit+0x10d/0x140 kernel/softirq.c:391 [] exiting_irq arch/x86/include/asm/apic.h:653 [inline] [] smp_apic_timer_interrupt+0x81/0xa0 arch/x86/kernel/apic/apic.c:926 [] apic_timer_interrupt+0xa0/0xb0 arch/x86/entry/entry_64.S:741 [] kasan_alloc_pages+0x38/0x40 mm/kasan/kasan.c:376 [] prep_new_page mm/page_alloc.c:1448 [inline] [] get_page_from_freelist+0x95b/0x1a60 mm/page_alloc.c:2664 [] __alloc_pages_nodemask+0x2ce/0x1660 mm/page_alloc.c:3305 [] __alloc_pages include/linux/gfp.h:415 [inline] [] __alloc_pages_node include/linux/gfp.h:428 [inline] [] alloc_pages_node include/linux/gfp.h:442 [inline] [] do_huge_pmd_anonymous_page+0x1b4/0x9d0 mm/huge_memory.c:862 [] create_huge_pmd mm/memory.c:3242 [inline] [] __handle_mm_fault mm/memory.c:3361 [inline] [] handle_mm_fault+0x27b2/0x2ff0 mm/memory.c:3455 [] __do_page_fault+0x360/0xa10 arch/x86/mm/fault.c:1245 [] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1308 [] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1037 Code: f4 26 fe e9 aa ed ff ff e8 09 f4 26 fe e9 4f f5 ff ff e8 ff f3 26 fe e9 6b f5 ff ff e8 15 f4 26 fe e9 d3 ef ff ff e8 1b 77 0c fe <0f> 0b 4c 89 f7 e8 01 f4 26 fe e9 d9 ec ff ff e8 77 f4 26 fe e9 RIP [] __tcp_retransmit_skb+0x17e5/0x1860 net/ipv4/tcp_output.c:2591 RSP ---[ end trace 8c5b47ced55a2d08 ]---